Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Feb 9 12:47:13 2023 +0100

    Release 3.8.0
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Hubert Kario <hkario@redhat.com>
Date:   Wed Feb 8 14:43:45 2023 +0100

    document the CVE fix
    
    Signed-off-by: Hubert Kario <hkario@redhat.com>

Author: Hubert Kario <hkario@redhat.com>
Date:   Wed Feb 8 14:32:09 2023 +0100

    rsa: remove dead code
    
    since the `ok` variable isn't used any more, we can remove all code
    used to calculate it
    
    Signed-off-by: Hubert Kario <hkario@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Aug 9 16:05:53 2022 +0200

    auth/rsa: side-step potential side-channel
    
    Remove branching that depends on secret data.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
    Signed-off-by: Hubert Kario <hkario@redhat.com>
    Tested-by: Hubert Kario <hkario@redhat.com>

Author: xuraoqing <609179072@qq.com>
Date:   Tue Feb 7 10:34:48 2023 +0800

    remove inoperative variable
    
    Signed-off-by: xuraoqing <609179072@qq.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Feb 1 13:29:34 2023 +0100

    socket: set pull/push functions on windows
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Feb 1 10:00:12 2023 +0100

    Add missing dll to mingw archive
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Jan 30 12:32:56 2023 +0100

    Indent cpp header
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
Date:   Mon Dec 19 07:34:49 2022 +0200

    gnutlsxx: add source file for shared library
    
    The compiler will not produce a shared library from a header, so a
    source file is necessary when producing the gnutlsxx shared library.
    
    Signed-off-by: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>

Author: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
Date:   Mon Dec 19 06:02:17 2022 +0200

    gnutlsxx: remove unnecessary linking from makefiles
    
    Signed-off-by: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>

Author: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
Date:   Mon Dec 19 01:37:08 2022 +0200

    gnutlsxx: become header-only library
    
    This patch removes the old gnutlsxx library and instead moves all the
    definitions of the source file `gnutlsxx.c` to the header file
    `gnutlsxx.h`. However, both the C and the C++ library are built. (as
    before.)
    
    The user of the C++ interface has two options to choose from:
    
    1. include `gnutlsxx.h` in their application and link against the C
       library. (the default.)
    2. include `gnutlsxx.h` in their application, compile with the
       GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link against the C++
       library.
    
    Addresses Ref #1381
    
    Signed-off-by: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 27 15:42:39 2023 +0100

    Silence 'make syntax-check'
    
    Co-authored-by: Simon Josefsson <simon@josefsson.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 27 15:22:01 2023 +0100

    NEWS: mention code indentation
    
    Co-authored-by: Simon Josefsson <simon@josefsson.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 27 15:03:53 2023 +0100

    Indent code
    
    Co-authored-by: Simon Josefsson <simon@josefsson.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 27 11:10:51 2023 +0100

    Check code indentation in 'check_commit'
    
    Co-authored-by: Simon Josefsson <simon@josefsson.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 27 11:08:05 2023 +0100

    Deal with '# define' for indent -ppi1
    
    Co-authored-by: Simon Josefsson <simon@josefsson.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 27 10:27:21 2023 +0100

    Fix indent errors
    
    Co-authored-by: Simon Josefsson <simon@josefsson.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 27 13:38:45 2023 +0100

    Add code indentation scripts
    
    Co-authored-by: Simon Josefsson <simon@josefsson.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 17 19:47:11 2023 +0900

    .gitlab-ci.yml: take advantage of GitLab code coverage visualization
    
    This switches to using gcovr instead of our custom coverage generation
    rule to take advantage of "Test coverage visualization" in GitLab:
    https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Dec 30 11:08:36 2022 +0900

    .gitlab-ci.yml: consolidate duplicate "aggressive" targets
    
    The UB+ASAN-Werror.Fedora.x86_64.gcc-aggressive shared almost same
    tasks with UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc, except the
    former explicitly specified --disable-hardware-acceleration.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 11 15:24:14 2023 +0900

    .gitlab-ci.yml: disable cppcheck for now
    
    The current version of cppcheck hangs at the usage of Gnulib's
    intprops module:
    https://trac.cppcheck.net/ticket/10192
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 20 15:08:59 2022 +0900

    trust: make filesystem path construction flexible
    
    To handle pathnames longer than the fixed length (previously 256),
    this adds a set of internal API functions around the gnutls_pathbuf_st
    struct, which enables to safely and efficiently construct pathnames.
    The new API initially uses the statically allocated buffer and starts
    allocating memory on heap only after the limit has reached.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Jan 2 13:25:14 2023 +0100

    Fix error codes for unsolicited compressed certificate
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Jan 3 09:06:01 2023 +0100

    Update year of copyright notices in doc/gnutls.texi
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Dec 8 12:41:34 2022 +0100

    Forbid unsolicited CompressedCertificate message
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Dec 8 11:49:16 2022 +0100

    Fail when received cert is compressed with disabled method
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Dec 8 12:08:10 2022 +0100

    Slight reformating of compress_certificate code
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Dec 28 12:42:27 2022 +0900

    build: suppress ABI change for GNUTLS_SRTP_AEAD_AES_*_GCM additions
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stefan Kangas <stefankangas@gmail.com>
Date:   Tue Dec 27 19:53:11 2022 +0100

    doc: Fix Debian package name texlive-plain-generic
    
    The package texlive-generic-recommended is a transitional dummy package for
    texlive-plain-generic in Debian buster (currently oldstable).
    See: https://packages.debian.org/texlive-generic-recommended
    
    Signed-off-by: Stefan Kangas <stefankangas@gmail.com>

Author: Stefan Kangas <stefankangas@gmail.com>
Date:   Tue Dec 27 19:13:53 2022 +0100

    doc: Fix several minor issues in INSTALL.md
    
    - Fix reference to moved file.
    - Fix a dead link, and a typo.
    - Use two spaces between sentences, and no trailing whitespace.
    
    Signed-off-by: Stefan Kangas <stefankangas@gmail.com>

Author: Stefan Kangas <stefankangas@gmail.com>
Date:   Tue Dec 27 18:02:13 2022 +0100

    Sync GPL/LGPL license files from Gnulib
    
    Signed-off-by: Stefan Kangas <stefankangas@gmail.com>

Author: Stefan Kangas <stefankangas@gmail.com>
Date:   Tue Dec 27 16:42:58 2022 +0100

    Replace FSF snail mail addresses with URL
    
    This is the latest recommendation, as described here:
    https://www.gnu.org/licenses/gpl-howto.html
    
    Signed-off-by: Stefan Kangas <stefankangas@gmail.com>

Author: Stefan Kangas <stefankangas@gmail.com>
Date:   Tue Dec 27 15:16:05 2022 +0100

    Prefer HTTPS to HTTP in URLs
    
    This mostly updates NEWS and license links.  All links have been
    manually tested and confirmed working.
    
    Signed-off-by: Stefan Kangas <stefankangas@gmail.com>

Author: Stefan Kangas <stefankangas@gmail.com>
Date:   Mon Dec 26 23:48:16 2022 +0100

    Fix typos
    
    Signed-off-by: Stefan Kangas <stefankangas@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Dec 24 17:37:24 2022 +0900

    srtp: support AES-GCM profiles
    
    This adds support for SRTP_AEAD_AES_128_GCM and SRTP_AEAD_AES_256_GCM
    profiles defined in RFC 7714.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Dec 24 17:07:26 2022 +0900

    build: remove MAX_RECORD_SEND_SIZE in favor of max_record_send_size
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 8 11:53:20 2022 +0900

    record: enable check on CCS content also in TLS 1.2
    
    This generilizes the value check of Change Cipher Spec for all TLS
    protocol versions including TLS 1.2 or earlier.  It also fixes the
    logic of the check so the value is decrypted before being examined,
    according to the RFC.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Dec 18 08:00:59 2022 +0900

    tests: conditionalize SRP tests
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Dec 17 15:44:07 2022 +0900

    build: disable SRP authentication by default
    
    SRP authentication in TLS is not up to date with the latest TLS
    standards and its ciphersuites are based on the CBC mode and SHA-1.
    This makes the feature disabled by default at compile time, though the
    users are still be able to enable it with --enable-srp-authentication
    configure option.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 19 18:40:37 2022 +0900

    .gitlab-ci.yml: ensure libtasn1-tools is installed
    
    With recent DNF, removing libtasn1-devel causes libtasn1-tools to be
    removed.  Manually reinstall it in that case.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Dec 17 15:55:33 2022 +0900

    build: disable TLS heartbeat extension by default
    
    The heartbeat extension in TLS (RFC 6520) is not widely used given
    other implementations dropped support for it. This makes it disabled
    by default, though the users are able to enable it back with the
    --enable-heartbeat-support configure option.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: xuraoqing <xuraoqing@huawei.com>
Date:   Thu Dec 15 17:02:59 2022 +0800

    fix memory leak when process client ecdh key exchage
    
    Signed-off-by: xuraoqing <xuraoqing@huawei.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Dec 18 08:21:46 2022 +0900

    cert-auth: alloc_and_load_x509_certs: check requested cert count
    
    ... instead of pointer. Otherwise GCC analyzer treats it as
    -Wanalyzer-null-dereference in the caller side.  While that shouldn't
    happen, it would be nice to make the code handle it robustly.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Dec 18 08:05:05 2022 +0900

    build: avoid using implicit int to adhere to C99
    
    Otherwise -Wstrict-prototypes now emits the following warnings:
    
      mini-dtls-large.c:30:5: error: function declaration isn't a prototype [-Werror=strict-prototypes]
         30 | int main()
            |     ^~~~
      mini-dtls-large.c: In function 'main':
      mini-dtls-large.c:30:5: error: old-style function definition [-Werror=old-style-definition]
      cc1: all warnings being treated as errors
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Peter Leitmann <pleitman@redhat.com>
Date:   Wed Dec 14 18:22:54 2022 +0100

    new interop-tests
    
    Signed-off-by: Peter Leitmann <pleitman@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 15 00:51:42 2022 +0900

    build: remove code guarded with no longer defined ENABLE_RSA_EXPORT
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 15 00:48:16 2022 +0900

    build: remove checks on no longer defined ENABLE_OPENPGP
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 15 00:45:04 2022 +0900

    srp: provide stubs of public functions even if SRP is disabled
    
    This adds stub definitions of public SRP functions even if SRP is
    disabled with --disable-srp-authentication, to preserve the ABI.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: xuraoqing <xuraoqing@huawei.com>
Date:   Mon Dec 12 15:10:59 2022 +0800

    fix log print server write mac key size error
    
    Signed-off-by: xuraoqing <xuraoqing@huawei.com>

Author: xuraoqing <xuraoqing@huawei.com>
Date:   Mon Dec 12 15:06:14 2022 +0800

    fix log print client write mac key size error
    
    Signed-off-by: xuraoqing <xuraoqing@huawei.com>

Author: xuraoqing <xuraoqing@huawei.com>
Date:   Mon Dec 12 15:05:20 2022 +0800

    fix get credential type with key exchange algorithm fail
    
    Signed-off-by: xuraoqing <xuraoqing@huawei.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Dec 2 13:12:30 2022 +0100

    Use soname instead of file name in fipshmac sections
    
    Using fipshmac program with an argument, for example:
    fipshmac /usr/lib64/libgnutls.so.30.28.1
    would create a section [libgnutls.so.30.28.1]
    and the internal comparison with soname would fail.
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Mon Oct 31 12:17:43 2022 +0100

    KTLS: Invalidate session on ktls error
    
    We invalidate the session if an KTLS related error occurs after it was
    initialized i.e. keys were set on the interfaces.
    
    As of now this only affects key_update() which should be fixed via a
    kernel patch. Thus future fallback mechanism implementation is not likely
    as that would require yet another kernel patch.
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri Dec 2 11:07:48 2022 +0100

    KTLS: add ciphersuites (tests)
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Thu Dec 1 15:37:33 2022 +0100

    KTLS: add ciphersuites
    
    * TLS_AES_128_CCM_SHA256
    * TLS_CHACHA20_POLY1305_SHA256
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 29 11:15:34 2022 +0900

    fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac
    
    Using a GnuTLS specific construction of .hmac file name causes a
    problem with dracut, which expects that .hmac files are installed
    alongside the corresponding shared libraries.
    
    To preserve backward compatibility, this renames the file name back to
    .libgnutls.so.*.hmac, while the content remains the same covering all
    the dependent libraries (libgnutls, libhogweed, libnettle, and
    libgmp).
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 28 12:15:26 2022 +0900

    priority: accept "ktls = false" in configuration file
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 28 12:13:31 2022 +0900

    src: print KTLS enablement status in gnutls-serv/gnutls-cli
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 28 12:17:12 2022 +0900

    includes: move KTLS function definition out of <gnutls/socket.h>
    
    <gnutls/socket.h> is meant for the functions that depend on
    <sys/socket.h>, which is not available on Windows platforms.
    
    As the KTLS API doesn't rely on <sys/socket.h>, move the function and
    enum to <gnutls/gnutls.h>.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 28 11:14:53 2022 +0900

    tests: fix memory leak in resume-with-previous-stek
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 28 11:10:58 2022 +0900

    src: fix memory leak in print_rawpk_info
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 23 15:38:25 2022 +0900

    .gitlab-ci.yml: disable full test suite in fedora-nettle jobs
    
    This adds --disable-full-test-suite to fedora-nettle jobs, assuming
    other tests have enough coverage of what Nettle provides.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 22 13:01:58 2022 +0900

    build: pacify sc_unportable_grep_q check
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 22 12:20:58 2022 +0900

    .gitlab-ci.yml: disable GCC analyzer in sanitizer jobs
    
    It turned out that -fanalyzer combined with -fsanitize=undefined takes
    excessive time when compiling certain files, e.g., lib/priority.c.
    Removing -fanalyzer should be safe as it is enabled in other
    Fedora-based jobs.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 6 18:44:48 2022 +0900

    build: suppress GCC analyzer warnings
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 5 17:44:01 2022 +0900

    tests: skip tpm2.sh test for now if OpenSSL version 3 is detected
    
    tpm2-tss-engine does not work well with OpenSSL 3 yet.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Sep 30 15:52:41 2022 +0900

    .gitlab-ci.yml: bump cache version
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 27 13:13:21 2022 +0900

    .gitlab-ci.yml: update fedora image to Fedora 36
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 26 16:48:24 2022 +0900

    tests: move <assert.h> out of extern "C"
    
    This fixes the issue with <assert.h> provided by Gnulib:
    
     ../gl/assert.h:209:1: error: template with C linkage
       209 | template <int w>
           | ^~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 26 16:46:47 2022 +0900

    build: use AM_DISTCHECK_CONFIGURE_FLAGS
    
    Also remove AUTOGEN=false setting, which is no longer necessary.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 25 05:36:49 2022 +0900

    .gitlab-ci.yml: update mingw image to Fedora 36
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 26 15:40:55 2022 +0900

    gl: add workaround for mingw32 build
    
    This reverts __MINGW_USE_VC2005_COMPAT setting that causes undesired
    effects, as mentioned in:
    https://lists.gnu.org/archive/html/bug-gnulib/2022-09/msg00150.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 8 18:14:16 2022 +0100

    gnulib: update git submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 16 23:02:13 2022 +0900

    nettle: mark non-compliant RSA-PSS salt length to be not-approved
    
    According to FIPS 186-5 5.4, the salt length must be in the range
    between 0 and the hash length inclusive.  While the use of those salt
    lengths is still allowed for compatibility, it is reported as
    non-approved operation through FIPS service indicator.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Wed Nov 16 00:38:54 2022 +0000

    tests: More SIGPIPE treatment as error
    
    81f8d97b3486 ("tests: treat all signals as error") turned some SIGPIPE signals
    to EPIPE, but missed tests/mini-dtls-mtu.c.
    
    During
    
    gnutls_bye(session, GNUTLS_SHUT_WR),
    
    on Linux we get
    
    client|<11>| WRITE: enqueued 39 bytes for 0x3. Total 39 bytes.
    client|<11>| WRITE FLUSH: 39 bytes in buffer.
    client|<2>| WRITE: -1 returned from 0x3, errno: 111
    (ECONNREFUSED)
    
    but on GNU/Hurd a SIGPIPE is sent instead of returning of ECONNREFUSED.
    We thus need to turn it into an error to correctly interpret the test
    result.
    
    Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Nov 15 14:35:24 2022 +0100

    Remove library path checking from FIPS integrity check
    
    The library path check is being dropped as checking the HMAC of
    libraries should be sufficient. Checking the exact path where the
    library resides showed to be failure prone. The sonames of libraries are
    internally indirectly compared.
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Nov 9 16:10:58 2022 +0100

    Fipshmac: always use realpaths
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 31 20:15:48 2022 +0900

    handshake: clear server's session ticket indication at rehandshake
    
    While OpenSSL server doesn't indicate a session ticket in the second
    handshake of TLS 1.2 rehandshake, GnuTLS client previously waited for
    it as it didn't clear the internal flag (session_ticket_renew) thus
    the effect remained.  This patch clears the flag properly at the end
    of each handshake.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Eric Blake <eblake@redhat.com>
Date:   Thu Oct 13 17:21:21 2022 -0500

    priority: fix typos in documentation
    
    Fixes: ac2751d8049bf97cf486469d3c3407b83dd1fb3c
    Signed-off-by: Eric Blake <eblake@redhat.com>

Author: Eric Blake <eblake@redhat.com>
Date:   Fri Oct 14 14:02:14 2022 -0500

    priority: Use gnutls_free consistently
    
    The whole point of gnutls_calloc() is to allow an alternative to
    malloc() where that alternative takes over all aspects of heap
    management; as such, it is never safe to pair bare free() with memory
    managed by gnutls.  Not to mention that it looks bad to mix calls to
    gnutls_free() and free() to the same variable within the same
    function.
    
    Signed-off-by: Eric Blake <eblake@redhat.com>

Author: Eric Blake <eblake@redhat.com>
Date:   Wed Nov 2 08:48:19 2022 -0500

    privkey: Allow deinit after failed export
    
    The documentation for gnutls_privkey_export_* states that the caller
    must use gnutls_*_deinit on key, without mentioning whether this
    requirement is still present when the function fails.  But the
    implementation has a code path where key is left uninitialized.
    Similar to the recent fix for *_init, guarantee that *key is set to a
    sane value on all exit paths.
    
    Signed-off-by: Eric Blake <eblake@redhat.com>

Author: Eric Blake <eblake@redhat.com>
Date:   Fri Oct 14 13:40:50 2022 -0500

    lib: Consistenly return sane results for all *_init()
    
    After looking at gnutls_init(), I went and audited all other
    *_init(gnutls_*_t) functions, to see if Bug #1414 applies in more
    situations.  We had an inconsistent mix: some functions that went out
    of their way to leave the parameter uninitialized on failure (such as
    gnutls_x509_crt_init()); many that always left the parameter
    initialized on failure (such as gnutls_x509_ext_ct_scts_init()), often
    by relying on the gnutls_free() macro that assigns the pointer to NULL
    after using the gnutls_free_function() callback pointer (such as
    gnutls_pkcs11_obj_init()); but a few others that left stale pointers
    on certain failures (such as gnutls_priority_init2()) or even which
    used the wrong deallocation function (such as
    gnutls_pkcs11_privkey_init()).
    
    As with gnutls_init(), portable programs should either pre-initialize
    memory to zero before calling _init() if they plan to unconditionally
    call _deinit() (safe for all but gnutls_pkcs11_privkey_init()), or
    they should avoid calling _deinit() if _init() failed.  But since we
    can't force all existing clients to change, it is safest if we
    unconditionally and consistently initialize the client's memory before
    ALL failure paths.
    
    Rather than try to adjust documentation of each *_init() function
    (including those not needing a change), I instead generalized
    documentation into the manual.
    
    Signed-off-by: Eric Blake <eblake@redhat.com>

Author: Eric Blake <eblake@redhat.com>
Date:   Thu Oct 13 14:07:29 2022 -0500

    gnutls_init: Always initialize *session
    
    We provide gnutls_session_t as an opaque type, therefore, unless we
    document otherwise, client code should not assume that there is a safe
    initialization value to assign to such storage, leaving the only way
    to properly initialize the type as a call to gnutls_init().  Likewise,
    the documentation was clear that gnutls_deinit(session) must be used
    after success, but ambiguous as to whether that was necessary after
    failure.
    
    Our implementation has always been such that the opaque types are
    pointers under the hood, where gnutls_deinit(NULL) is a no-op, and
    that (for gnutls_init at least) it is safe to omit a call to
    gnutls_deinit(session) on failure.  But without documentation, clients
    cannot rely on either of those facts; and our code base was
    inconsistent on whether all other *_init/*_deinit function pairs
    behave in the same manner (see the next commit).
    
    A search of existing code in the wild shows that some clients
    pre-initialize the memory to 0 (which happens to be safe although
    currently undocumented), often by passing in a pointer to a
    gnutls_session_t residing in a larger struct that was reserved with
    calloc(), cleared with memset(), or similar; but this is not
    universal, and there are other clients in the wild that pass in
    uninitialized memory.  It's too late to change the documentation to
    mandate that users should pre-initialize their memory to 0 prior to
    gnutls_init(), although it doesn't hurt to recommend it for
    portability when building for older versions of gnutls.
    
    In most cases, using gnutls_deinit(session) after failure was a no-op
    - most of our error exit paths use the gnutls_free() macro which has
    the side effect of forcing the caller's pointer to NULL on failure
    (since gnutls is built with GNUTLS_INTERNAL_BUILD defined).  We also
    happen to be lucky for a user that pre-initializes their memory to 0
    before calling gnutls_init() - any error exit path where we did not
    touch the user's pointer leaves the client with gnutls_deinit(session)
    being a no-op.  But if the client passes in an uninitialized pointer,
    and FAIL_IF_LIB_ERROR triggers, then we fail the function while
    leaving the pointer uninitialized, at which point the caller using
    gnutls_deinit(session) attempts to free uninitialized memory, which
    has potential security implications - yet we did not warn the client
    to avoid gnutls_deinit() in that scenario.
    
    The most robust fix is thus along two fronts: improving the
    documentation to inform the user what they can expect, but also
    tweaking our code to avoid undefined behavior with existing client
    code bases by guaranteeing that whether or not the client
    pre-initializes memory to 0 and/or calls gnutls_deinit() on failure,
    they can't mess up.
    
    Fixes: bug #1414.
    Signed-off-by: Eric Blake <eblake@redhat.com>

Author: Eric Blake <eblake@redhat.com>
Date:   Wed Nov 2 08:40:08 2022 -0500

    build: Silence cppcheck false positive
    
    An upcoming patch will touch gnutls_pkcs11_privkey_init(), which is
    sufficient to make the cppcheck portion of CI choke on a false
    positive in the unrelated gnutls_pkcs11_privkey_import_url() because
    the file becomes interesting again.  cppcheck is not smart enough to
    realize that an out-of-scope memory reference stored in a[1] is not
    going to be utilized by the later pkcs11_get_attribute_value(..., a,
    1) outside the if block; but the solution is as simple as expanding
    the scope of tval.
    
    Signed-off-by: Eric Blake <eblake@redhat.com>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Fri Oct 14 15:51:28 2022 +0200

    Handle private keys with lowercase hex digits in DEK-Info
    
    Some tools, for example win-acme, create encrypted private keys in OpenSSL's
    traditional format containing lowercase hex digits in the IV part of the
    DEK-Info PEM header. These key files are accepted by OpenSSL. Prior to this
    patch, GnuTLS did reject these keys with GNUTLS_E_INVALID_REQUEST.
    
    Signed-off-by: Tim Kosse <tim.kosse@filezilla-project.org>
    Co-authored-by: Daiki Ueno <ueno@gnu.org>

Author: Simon Josefsson <jas@josefsson.org>
Date:   Mon Oct 31 21:24:01 2022 +0100

    Drop stale doc/announce.txt.
    
    Signed-off-by: Simon Josefsson <simon@josefsson.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Oct 17 15:27:37 2022 +0200

    Fix removal of duplicate certs during verification
    
    Co-authored-by: Daiki Ueno <ueno@gnu.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Simon Josefsson <jas@josefsson.org>
Date:   Wed Oct 12 15:02:35 2022 +0200

    Drop guile bindings.  See <https://gitlab.com/gnutls/guile/>.
    
    Signed-off-by: Simon Josefsson <simon@josefsson.org>

Author: Simon Josefsson <jas@josefsson.org>
Date:   Tue Oct 25 14:46:30 2022 +0200

    doc: Add NEWS entry.
    
    Signed-off-by: Simon Josefsson <simon@josefsson.org>

Author: Simon Josefsson <jas@josefsson.org>
Date:   Tue Oct 25 14:45:29 2022 +0200

    Update libtasn1 to 4.19.0.
    
    Signed-off-by: Simon Josefsson <simon@josefsson.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 21 15:48:39 2022 +0900

    cipher: add restriction on CCM tag length under FIPS mode
    
    This change prohibits any use of tag length other than 4, 6, 8, 10,
    12, 14, and 16 bytes in CCM used under FIPS mode, in accordance with
    SP800-38C A.1.  While use of tag lengths smaller than 8 bytes is not
    recommended, we simply allow 4 and 6 bytes tags for now.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Oct 24 11:01:44 2022 +0200

    compress_certificate: fix err code on invalid length
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Oct 21 11:19:56 2022 +0200

    Ignore unknown algorithms received in compress_certificate extension
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 21 18:12:33 2022 +0900

    build: fix AUTHORS generation
    
    Without revision supplied, git shortlog expects to read commits from
    stdin and produces the following error:
    
        GEN      AUTHORS
      fatal: using multiple --group options with stdin is not supported
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Oct 20 12:38:39 2022 +0200

    Fix handshake segfault if no privkey is supplied
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Sep 23 12:59:52 2022 +0200

    gnutls_rnd manage memory per-thread
    
    Co-authored-by: Pedro Marzo <marzo.pedro@gmail.com>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Oct 4 16:37:29 2022 +0200

    Add GNUTLS_NO_STATUS_REQUEST flag and NO_STATUS_REQUEST priority string modifier
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 29 21:19:26 2022 +0900

    fips: only mark HMAC as approved in PBKDF2
    
    As ACVP only allows HMAC used with PBKDF2[1], this change marks other
    hash algorithms not-approved.
    
    1. https://pages.nist.gov/ACVP/draft-celi-acvp-pbkdf.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 20 01:25:51 2022 +0900

    fips: mark gnutls_key_generate with short key sizes non-approved
