Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 2 12:13:54 2024 +0900

    Release 3.8.8
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 14 15:31:04 2024 +0300

    Fixed the check at src/benchmark-tls.c
    
    Signed-off-by: David Meliksetyan <d.meliksetyan@fobos-nt.ru>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 25 11:27:30 2024 +0900

    dlwrap: clarify the code generation is one time only [ci skip]
    
    This makes it clear that dlwrap is not a build-time dependency but a
    one-time passive code generator.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 25 09:59:42 2024 +0900

    devel/generate-dlwrap.sh: remove --clang-resource-dir option
    
    The option is automatically inferred in dlwrap 0.3.6.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 1 11:10:49 2024 +0900

    priority: give KEM groups precedence over EC(DH) groups in TLS 1.3
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 1 10:50:56 2024 +0900

    key_share: detect overlap of PK types in hybrid groups
    
    The client limits sending the key_share extension to at most one from
    each public key type. To support hybrid groups, the logic needs to be
    extedended to check all siblings.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 30 14:05:10 2024 +0900

    _gnutls_session_supports_group: return boolean instead of error code
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 8 08:51:44 2024 +0900

    groups: register SecP256r1MLKEM768 and X25519MLKEM768
    
    This adds entries for SecP256r1MLKEM768 and X25519MLKEM768
    post-quantum hybrid key agreement schemes as defined in
    draft-kwiatkowski-tls-ecdhe-mlkem.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 9 17:09:04 2024 +0900

    key_share: rework hybrid algorithms handling
    
    Previously we put 2 public key algorithms in a single
    gnutls_group_entry_st, with pk and pk2 fields. That turned to be not
    flexible enough to handle the cases where the number of combinations
    increases or the order of algorithms is swapped. This changes the
    representation with a linked list so one can easily construct and
    traverse any combinations.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 14 17:50:27 2024 +0900

    priority: take into account of KEM groups
    
    When constructing a ciphersuite list, include hybrid PQC groups with
    KEM as the first key share.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 9 18:10:25 2024 +0900

    supported_groups: give KEM groups higher priority than DH
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 9 17:04:44 2024 +0900

    str: add _gnutls_ro_buffer_init
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 8 06:34:16 2024 +0900

    pk: plumb ML-KEM 768 in addition to Kyber 768
    
    This adds GNUTLS_PK_MLKEM768 in the regular algorithm range, while
    keeping GNUTLS_PK_EXP_KYBER768 in the experimental algorithm range.
    This also modifies the privkey-keygen test to skip unsupported
    algorithms at run-time.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 7 17:49:24 2024 +0900

    liboqs: provide SHA2 stubs
    
    As well as SHA3, this implements GnuTLS backed stubs for SHA2
    functions, which will be necessary for SLH-DSA signature support.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 7 16:46:28 2024 +0900

    liboqs: check library version at run-time
    
    This is to safeguard when the library is compiled with a newer liboqs
    but deployed to an enviromnent with an older liboqs, which may break
    ABI compatibility.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 7 13:39:22 2024 +0900

    liboqs: require version 0.11.0
    
    liboqs 0.11.0 shipped with public headers for plugging in alternative
    symmetric algorithms (e.g., sha3_ops.h), which were previously
    missing.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Oct 21 19:59:20 2024 +0200

    nettle: mangle sha3_128_ctx
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 16 14:42:47 2024 +0900

    hash: return error if gnutls_hash is called after squeeze
    
    Previously, when gnutls_hash is called after gnutls_hash_squeeze, it
    hits an assertion failure in nettle:
    
      sha3.c:76: _nettle_sha3_update: Assertion `pos < block_size' failed.
    
    This adds an internal function to check whether the hash context has
    already been finalized with squeezing and in that case errors out.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Oct 10 13:26:22 2024 +0200

    compress_certificate: improve error checks
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Oct 8 09:51:00 2024 -0700

    lib/nettle/int/nettle-internal.h: include alloca.h if configure found it
    
    Needed for alloca definition on Solaris, to avoid build error with gcc 14:
    
    lib/nettle/int/nettle-internal.h:59:39: error: implicit declaration of
     function 'alloca' [-Wimplicit-function-declaration]
       59 | #define TMP_ALLOC(name, size) (name = alloca(sizeof(*name) * (size)))
          |                                       ^~~~~~
    
    Closes #782
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 25 13:32:14 2024 +0200

    tests/key-material-set-dtls: retry send/recv on E_AGAIN/E_INTERRUPTED
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Sep 27 12:09:51 2024 +0200

    Ignore unknown compression algs when using CLI
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 25 09:05:35 2024 +0200

    tests/ktls: skip CHACHA20-POLY1305 in FIPS mode
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Jeff Mattson <jmattson@sei.cmu.edu>
Date:   Tue Sep 24 10:53:23 2024 -0400

    fix formatting
    
    Signed-off-by: Jeff Mattson <jmattson@sei.cmu.edu>

Author: Jeff Mattson <jmattson@sei.cmu.edu>
Date:   Tue Sep 24 10:33:50 2024 -0400

    iterate ocsp response records for matching certificate
    
    Signed-off-by: Jeff Mattson <jmattson@sei.cmu.edu>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Sep 7 16:41:33 2024 +0200

    Fix configure syntax error on non-working faketime
    
    Closes #1576
    
    Authored-by: Tim Kosse
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Aug 25 15:02:57 2024 +0200

    Select whether to link/dlopen tpm2 at configure time
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Aug 25 13:01:30 2024 +0200

    Select whether to link/dlopen libocs at configure time
    
    (This defaults to off)
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 24 18:35:07 2024 +0200

    Select whether to link/dlopen brotli at configure time
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 24 13:55:14 2024 +0200

    Select whether to link/dlopen zstd at configure time
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 24 12:58:15 2024 +0200

    Use HAVE_ZLIB for both automake and autoconf
    
    Do not mix HAVE_LIBZ and HAVE_ZLIB
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Sep 20 16:04:44 2024 +0200

    nettle: fail OAEP decryption on unknown hash
    
    _rsa_oaep_decrypt() "returns 1 on success; 0 otherwise",
    but here we've returned non-zero on using an unsupported hash.
    This confused the error reporting into thinking gnutls_privkey_decrypt_data()
    has succeeded, while it hasn't.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Mon Aug 19 14:46:29 2024 +0200

    Select whether to link/dlopen zlib configure time
    
    Now requires pkg-conf for locating zlib.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Aug 18 12:34:09 2024 +0200

    Add status-message on whether dlopen is available.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 29 19:07:11 2024 +0900

    ocsp: gnutls_ocsp_status_request_is_checked: fix note on TLS 1.3 [ci skip]
    
    The previous note on limitation under TLS 1.3 was misleading, as it
    used "server-side" and "client-side" in a confusing manner. This
    rewords the sentence to be more consistent.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ekaterina Zilotina <zilotina.ed@npc-ksb.ru>
Date:   Mon Aug 26 13:22:36 2024 +0300

    tools: fix memleak around getline
    
    Fixes: #1573
    
    Signed-off-by: Ekaterina Zilotina <zilotina.ed@npc-ksb.ru>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Sahil Siddiq <sahilcdq@proton.me>
Date:   Fri Aug 23 00:02:37 2024 +0530

    doc: Fix error and improve doc
    
    The description of "gnutls_psk_allocate_client_credentials" incorrectly
    states that sc is a pointer to a "gnutls_psk_server_credentials_t". sc
    is a pointer to a "gnutls_psk_client_credentials_t".
    
    In the description of "gnutls_credentials_set", mention the type that
    the cred parameter should be when using GNUTLS_CRD_PSK.
    
    Signed-off-by: Sahil Siddiq <sahilcdq@proton.me>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 21 14:50:54 2024 +0900

    fips: skip HMAC checks of nettle libraries when statically linked
    
    Since commit b6e9b10347ed577a9a37b7b28e1a039c5f6ccb16, it is possible
    to link Nettle libraries statically.  In that case, FIPS integrity
    checks against the Nettle shared libraries should be skipped as they
    are not used by GnuTLS.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Brad Smith <brad@comstyle.com>
Date:   Wed Aug 14 07:34:18 2024 -0400

    accelerated: aarch64: add FreeBSD/aarch64 support
    
    Signed-off-by: Brad Smith <brad@comstyle.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 16 13:35:47 2024 +0900

    build: add liboqs in Requires.private in gnutls.pc if needed
    
    When --with-liboqs is specified and liboqs cannot be dlopen'ed, it
    will be linked at build time. In that case gnutls.pc should indicate
    that through Requires.private.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 16 09:48:31 2024 +0900

    build: don't emit Requires.private for dlopened libraries
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 16 09:42:15 2024 +0900

    build: fix setting AM_CONDITIONAL for brotli and zstd
    
    As the with_{libbrotli,libzsttd} variables are unset if configured
    with --without-{brotli,zstd}, check the unequality to "no" doesn't
    work; use explicit matching with "yes" instead.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Aug 15 16:22:02 2024 +0200

    revert back to datefudge for "openssl ocsp".
    
    openssl's -attime only changes the verification logic but not the
    generation.
    
    Broken by: d1bc7f644422c4d87edfcd9fafe7f292a1a3a6de
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 15 19:47:09 2024 +0900

    release-steps: mention how to propose package update in Fedora [ci skip]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Aug 15 12:42:56 2024 +0200

    Also set ENABLE_DSA for tests in cert-tests subdirectory.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 15 09:45:04 2024 +0900

    Release 3.8.7
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 15 10:01:10 2024 +0900

    doc: fix menu entry for RSAES-PKCS1-v1_5 system wide configuration
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 15 09:43:41 2024 +0900

    liboqs: avoid uninitialized value in pk_ops.verify_priv_params
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 14 09:12:58 2024 +0900

    build: change Nettle library link order to support static linking
    
    As libhogweed uses libnettle functions such as nettle_cnd_memcpy,
    libhogweed should come before libnettle in $(LIBADD), when linked
    statically.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 14 01:17:29 2024 +0900

    compress-cert: don't send bad_certificate alert manually
    
    The library API is not designed to proactively send alert by itself,
    but it is rather a responsibility of the application to decide to
    which alert to be sent when.  This removes the manual call to
    gnutls_alert_send in the code handling TLS 1.3 Certificate message
    when a decompression error happens.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Aug 11 15:43:45 2024 +0200

    Use openssl's -attime option instead of faketime/datefudge
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 12 05:54:07 2024 +0900

    tests: testdane.sh: ignore torproject.org for now
    
    danetool --check returns an error when tested against the host.  This
    temporarily disables it.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 9 07:07:05 2024 +0900

    .gitlab-ci.yml: add fedora-no-liboqs/test
    
    The new fedora-no-liboqs/test exercises fedora/test without liboqs. In
    that case the hybrid-pqc-kx.sh test should be safely skipped.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 9 07:04:25 2024 +0900

    dlwrap: don't assume dlopen/dlsym sets errno
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 1 20:17:15 2024 +0900

    pkcs12: enable PBMAC1 by default in FIPS mode
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 1 20:15:31 2024 +0900

    pkcs12: use gnutls_hmac API for MAC calculation
    
    Instead of the internal _gnutls_mac API, this switches to using
    gnutls_hmac API, which has checks on whether the algorithm is FIPS
    approved.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 1 20:11:00 2024 +0900

    pkcs12: don't switch FIPS indicator upon export
    
    Now that we have a FIPS compliant MAC calculation using PBMAC1.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 31 09:40:44 2024 +0900

    gnutls_group_list: take into account of public key algorithms
    
    Previously the function only checked if the ECC curves are
    supported. Now that hybrid key exchange with KEM is supported, it
    should also check public key systems.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 23 09:01:01 2024 +0900

    tpm2: switch to using dlwrap for loading TSS2 libraries
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 26 11:25:22 2024 +0900

    NEWS: mention 3.8.7 changes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 30 07:53:18 2024 +0900

    .github/workflows: use macos-latest runner
    
    This also does:
    - update checkout action to v4
    - manually supply CFLAGS and LDFLAGS of GMP
    - point to the homebrew version of bison executable
    - supply CFLAGS and LDFLAGS of libunistring
    - install coreutils for "timeout"
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 30 15:15:30 2024 +0900

    tests: gnutls-cli-debug.sh: make timeout program configurable
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 30 13:51:55 2024 +0900

    tests: pkgconfig.sh: respect LDFLAGS
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 30 09:19:28 2024 +0900

    build: set CFLAGS as necessary
    
    When header files of optional libraries are installed on a non-default
    locations, e.g., with homebrew, CFLAGS must be set so the compiler can
    find them at build time for the definition of data types and macros.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 14:13:36 2024 +0900

    .gitlab-ci.yml: bump cache version
    
    To update the Debian CI image from bullseye to bookworm.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 26 21:48:23 2024 +0900

    .gitlab-ci.yml: use Python implementation of gnulib-tool
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 09:01:21 2024 +0900

    dlwrap: regenerate zlib wrapper
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 08:40:34 2024 +0900

    liboqs: check whether Kyber768 is compiled in
    
    In the default build configuration of liboqs 0.10.1, Kyber768 is
    disabled. This adds a guard against it and skip tests if not
    available.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 26 11:30:03 2024 +0900

    gnulib: update gnulib submodule
    
    Also make sure to include "config.h"; otherwise overriding headers
    from Gnulib will complain:
     In file included from inih/ini.c:14:
     ./../gl/stdio.h:71:3: error: #error "Please include config.h first."
        71 |  #error "Please include config.h first."
           |   ^~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jul 27 09:15:10 2024 +0900

    build: ignore -Wmissing-variable-declarations for now
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 26 23:08:06 2024 +0900

    randomart: avoid using u_int
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 26 22:35:35 2024 +0900

    tests: sanity-cpp: don't use <minmax.h> from Gnulib
    
    Adding Gnulib include directory causes some conflict through indirect
    include of <pthread.h>. As sanity-cpp.cpp only uses MIN macro, we can
    simply define it by ourselves instead of including <minmax.h>.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 26 09:33:03 2024 +0900

    build: do not print liboqs enablement status
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 24 12:55:58 2024 +0900

    build: update cligen submodule
    
    This is to respect SOURCE_DATE_EPOCH and to stop using the "error"
    function from <error.h>.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 23 20:48:26 2024 +0900

    liboqs: defer loading of liboqs at run-time
    
    Instead of loading liboqs at startup, this defers it until the liboqs
    functions are actually used.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 24 14:42:02 2024 +0900

    nettle: run pairwise consistency test only in FIPS mode
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 23 16:08:16 2024 +0900

    build: avoid multiple definition if mpn_cnd_add_n
    
    When Nettle is built with mini-gmp, mpn_cnd_add_n is always defined in
    libhogweed and thus causes a symbol clash when linking with both
    libgnutls and the latest libgmp.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 23 16:04:56 2024 +0900

    build: link against libhogweed when checking nettle_rsa_oaep_*
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 22 14:07:28 2024 +0900

    tests: pkcs12-pbmac1: exercise extended/truncated MAC values
    
    This adds a couple of new test vectors embedding
    PFX.macData.mac.digest with extended/truncated MAC values, both of
    which should fail MAC verification.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 23 09:50:04 2024 +0900

    tests: pqc-hybrid-kx: use key and certificate in distribution
    
    The Ed25519 key and certificate in doc/credentials/x509/ are currently
    not included in the distribution.  Use the ECDSA ones in the test to
    make the test work.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 23 15:12:11 2024 +0900

    liboqs: manually load liboqs.so at startup
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 23 11:25:18 2024 +0900

    dlwrap: use different macro for library soname in generated code
    
    As GnuTLS opt in for manual initialization of dlopen'ed libraries,
    config.h shouldn't define the SONAME macro used in the generated code.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 22 10:30:11 2024 +0900

    tests: hash-large: exercise gnutls_hash_output(..., NULL)
    
    This adds a call to gnutls_hash_output with DIGEST argument as NULL to
    exercise the context reset behavior added in commit
    eced4c0c2b3d3ee6a35dab99616a25910b623f79.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 22 10:16:31 2024 +0900

    crypto-selftests-pk: only define dsa_2048_privkey if DSA is enabled
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 22 10:33:11 2024 +0900

    tests: assign unique names to temporary directories
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 17 12:15:06 2024 +0900

    tests: iov: fix printing of error
    
    This fixes an incorrect usage of a printf format specifier and adds
    extra length check before calling memcmp.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 17 12:14:24 2024 +0900

    privkey_openssl: avoid deinitializing cipher context on error path
    
    When gnutls_cipher_init returns error, the cipher handle is not
    initialized and thus shouldn't be deinitialized.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 8 15:46:13 2024 +0900

    .gitlab-ci.yml: use --with-liboqs in fedora/build
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 2 07:19:14 2024 +0900

    key_share: support X25519Kyber768Draft00
    
    This implements X25519Kyber768Draft00 hybrid post-quantum key exchange
    in TLS 1.3, based on the draft:
    https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 31 09:18:27 2024 +0900

    build: plumb liboqs as an optional dependency
    
    This exposes OQS functions necessary to implement Kyber768 through
    dlopen with stub implementation for lower-level cryptographic
    primitives, such as SHA3 and DRBG.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Jul 8 16:13:40 2024 +0200

    Add configuration option to disable/enable DSA signing and verification
    
    DSA signing and verification is enabled by default
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 2 07:53:02 2024 +0900

    .gitlab-ci.yml: don't disable compression support in fedora/build
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jun 29 13:36:58 2024 +0900

    build: switch to using dlwrap for loading compression libraries
    
    This switches the logic to load compression libraries from the
    hand-written code to the automatically generated code by the dlwrap
    tool[1], which enables to select whether to use dlopen or link to the
    library at build time.
    
    1. https://crates.io/crates/dlwrap
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jun 29 13:34:36 2024 +0900

    build: detect SONAME for compression libraries at configure
    
    Instead of hard-coding the SONAMEs for zlib, libzstd, libbrotlienc,
    and libbrotlidec, this checks the actual SONAMEs at configure time, so
    the first argument of dlopen is more acurate when a SONAME is bumped.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jul 6 11:59:08 2024 +0900

    build: check if dlopen(SONAME) works in configure
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jun 29 09:52:55 2024 +0900

    m4: factor out soname check into a separate macro
    
    This moves the SONAME detection from configure.ac to m4/hooks.m4 as
    the LIBGNUTLS_CHECK_SONAME macro. The new macro doesn't implicitly
    set *_LIBRARY_SONAME to "none", so the callers need to adjust
    themselves depending on whether the macro is defined.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Jul 2 16:00:40 2024 +0200

    Release 3.8.6
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Jul 2 17:13:21 2024 +0200

    Make asm-sources
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Bill Roberts <bill.roberts@arm.com>
Date:   Thu Jun 20 09:00:49 2024 -0500

    aarch64: no lint asm block
    
    For clang-format, have it ignore the asm block in the header.
    
    Fixes:
    clang-format --dry-run lib/accelerated/aarch64/aarch64-common.h
    lib/accelerated/aarch64/aarch64-common.h:109:13: warning: code should be clang-formatted [-Wclang-format-violations]
    .pushsection .note.gnu.property, "a";
    
    Signed-off-by: Bill Roberts <bill.roberts@arm.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Jun 19 14:40:23 2024 +0200

    test/cert-tests: use --attime in more tests
    
    With this change, building should be fine until 2049
    on platforms with 64-bit time_t.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Jun 19 14:39:53 2024 +0200

    tests: use --attime in more tests
    
    With this change, building should build fine until 2039
    on platforms with 64-bit time_t.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Jun 20 14:37:01 2024 +0200

    tests/Makefile: expose ac_cv_sizeof_time_t
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Tue Jun 11 17:23:11 2024 +0200

    tls-interoperability: workaround for openssl CCM8
    
    CCM8 moved to SECLEVEL=0 in openssl
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Fri May 31 10:50:42 2024 +0200

    remove obsolete testcompat-openssl-* tests
    
    These tests are superseded by tls-interoperability/ test suite
    with the exception of 0-RTT (--earlydata) tests.
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Bill Roberts <bill.roberts@arm.com>
Date:   Mon Jun 10 12:16:53 2024 -0500

    lib/accelerated: add CFLAGS to aarch64/elf
    
    When building with certain cflags, like -mbranch-protection=standard,
    the assembly generation needs to get the CFLAGS to enable assembler
    level features. Without this, closing PAC/BTI feature support will not
    be completed.
    
    Example:
    export CFLAGS='-mbranch-protection=standard'
    export CPPFLAGS='-mbranch-protection=standard'
    \# not needed, just for error reporting
    export LDFLAGS='-Wl,-zforce-bti,--fatal-warnings'
    ./bootstrap
    ./configure --with-included-libtasn1 --with-included-unistring
    make asm-sources
    make -j4
    readelf -n ./lib/.libs/libgnutls.so
    
    Displaying notes found in: .note.gnu.property
      Owner                Data size        Description
      GNU                  0x00000010       NT_GNU_PROPERTY_TYPE_0
          Properties: AArch64 feature: BTI, PAC
    <snip>
    
    readelf -n ./lib/.libs/libgnutlsxx.so
    
    Displaying notes found in: .note.gnu.property
      Owner                Data size        Description
      GNU                  0x00000010       NT_GNU_PROPERTY_TYPE_0
          Properties: AArch64 feature: BTI, PAC
    <snip>
    
    Related to: #1517
    
    Signed-off-by: Bill Roberts <bill.roberts@arm.com>

