Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 8 11:02:39 2025 +0900

    .gitlab-ci.yml: temporarily disable fedora-nettle-minigmp/test
    
    This target for some reason takes too long to complete. As we don't
    recommend building it with --enable-mini-gmp, only exercise the build
    stage for now.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 8 07:58:34 2025 +0900

    Revert "doc: Fix races in a parallel build."
    
    This reverts commit 8daba130cc0c4100186af0b61bc3e65d54a46727, which
    turned out to cause a rebuild of .info files at "make distcheck" in a
    read-only srcdir.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 26 09:32:40 2025 +0900

    Release 3.8.9
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 7 06:28:03 2025 +0900

    maint: update libtasn1 to 4.20.0
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 18 17:23:46 2024 +0900

    x509: optimize name constraints processing
    
    This switches the representation name constraints from linked lists to
    array lists to optimize the lookup performance from O(n) to O(1), also
    enforces a limit of name constraint checks against subject alternative
    names.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 5 17:19:03 2025 +0900

    certtool: default to PKCS#8 when generating RSA-OAEP key
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 29 11:57:44 2025 +0900

    key_share: send illegal_parameter when parsing EC key share fails
    
    When the received EC key share is malformed,
    _gnutls_ecc_ansi_x962_import returns GNUTLS_E_PARSING_ERROR or
    GNUTLS_E_MEMORY_ERROR, which maps to an internal_error alert. This
    explicitly return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER to send
    illegal_parameter instead, in compliance with the RFC.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 26 09:38:21 2025 +0900

    m4: update ax_code_coverage.m4 from autoconf-archive
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 18:09:25 2025 +0900

    tests: remove unmatched GCC pragma in tests/test-chains-issuer-aia.h
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 18:07:44 2025 +0900

    build: don't redefine AM_CPPFLAGS in libdane/Makefile.am
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 15 11:16:32 2025 +0900

    maint: consolidate licensing information to top-level directory
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 09:58:25 2025 +0900

    NEWS: mention leancrypto support
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 17:58:01 2025 +0900

    tests: add a way to assume enabled groups in pqc-hybrid-kx.sh
    
    With this patch, if TESTS_ENABLED_GROUPS is set, the listed groups
    must be enabled and the pqc-hybrid-kx.sh test would fail.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 22 15:15:49 2025 +0900

    .gitlab-ci.yml: exercise --with-leancrypto
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 20 14:18:10 2025 +0900

    leancrypto: support leancrypto for post-quantum algorithms
    
    This adds support for leancrypto as an additional and the preferred
    backend for now, until Nettle gains the proper support for PQC
    algorithms. There are a few advantages over liboqs, namely:
    
    - It already has required input validations for ML-KEM as in FIPS 203,
      such as Modulus check, which are currently missing in liboqs
    
    - It provides an API to generate ML-KEM/ML-DSA key pairs from a seed,
      which is required to support the seed-only private key format proposed
      in draft-ietf-lamps-dilithium-certificates-05 and later
    
    - No need to avoid undesired OpenSSL dependency; all the symmetric
      algorithms are natively implemented by leancrypto itself
    
    As the supposed use-case of this is to statically link leancrypto with
    GnuTLS, this doesn't support loading leancrypto with dlopen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 22 07:45:46 2025 +0900

    datum, mem, str: add helper functions to steal pointers
    
    This introduces 3 new inline functions, namely _gnutls_steal_datum,
    _gnutls_steal_buffer, and _gnutls_steal_pointer, to return a copy of
    data structure and reset the original pointer. Those would enable to
    return a populated data structure upon success; otherwise free the
    partially filled data structure in a single code path, e.g.,
    
    ```c
      gnutls_datum_t tmp_result = { NULL, 0 };
    
      // Calculate tmp_result
      ...
      if (error)
        goto cleanup;
    
      // Propagate tmp_result to *result
      *result = _gnutls_steal_datum(&tmp_result);
    
    cleanup:
      _gnutls_free_datum(&tmp_result);
      return ret;
    ```
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 24 17:12:52 2025 +0100

    Add check for empty compressed certificate
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 16 11:46:14 2025 +0900

    pkcs8: remove HAVE_LIBOQS ifdefs
    
    The key encoding and decoding operations currently do not use liboqs
    functions. Remove unnecessary HAVE_LIBOQS ifdefs so it will be easier
    to port to other implementations.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Thu Jan 16 16:33:59 2025 +0100

    tls-interop: update
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Jan 8 15:15:12 2025 +0100

    Fix Edwards EC_POINT encoding
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:36:39 2025 +0900

    gnulib: update gnulib submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:24:56 2025 +0900

    doc: update copy of LGPLv2.1 to the latest, without FSF address
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:34:13 2025 +0900

    gnulib: work around misinteractions between close and fchdir modules
    
    This caused a build failure on mingw. The workaround was suggested by
    Bruno Haible in:
    <https://lists.gnu.org/archive/html/bug-gnulib/2024-12/msg00179.html>
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:35:28 2025 +0900

    build: define GNUTLS_BUILDING_LIB while compiling sources in lib/
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 10 17:39:18 2025 +0900

    configure: run autoupdate
    
    This fixes the warnings generated by autoupdate:
    
      configure.ac:55: warning: AC_PROG_CC_C99 is obsolete; use AC_PROG_CC
    
      configure.ac:139: warning: The preprocessor macro `STDC_HEADERS' is obsolete.
        Except in unusual embedded environments, you can safely include all
        ISO C90 headers unconditionally.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sun Dec 22 11:29:59 2024 +0900

    doc: Fix races in a parallel build.
    
    * configure.ac: Use AC_PROG_MKDIR_P macro.
    * doc/Makefile.am (stamp_functions, stamp_enums): Use the MKDIR_P
    variable it defines.
    (error_codes.texi, algorithms.texi, alerts.texi): Add dependency on
    errcodes via a prerequisite, not a make invocation
    (DISTCLEANFILES): Register the newly depended upon binaries.
    
    Fixes: <https://gitlab.com/gnutls/gnutls/-/issues/1635>
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 14 11:25:34 2025 +0900

    algorithms: centrally define KEM algorithm sizes in group entries
    
    This switches to define the public key and ciphertext sizes of ML-KEM
    algorithms in gnutls_group_entry_st, instead of deriving those from
    the algorithm name at the usage in the TLS key shares.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 14 11:15:13 2025 +0900

    algorithms: rename GNUTLS_{PK,SIGN}_ML_DSA_* to GNUTLS_*_MLDSA*
    
    To be consistent with ML-KEM algorithms, omit underscores in ML-DSA
    gnutls_pk_algorithm_t and gnutls_sign_algorithm_t enum definitions,
    while keeping hyphens in the human readable names.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 14 11:12:34 2025 +0900

    algorithms: rename GNUTLS_PK_ML_KEM_* to GNUTLS_PK_MLKEM*
    
    To be consistent with the naming of hybrid groups, omit underscores in
    the enum definition, while keeping hyphens in human readable names.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Loganaden Velvindron <loganaden@gmail.com>
Date:   Mon Jan 13 23:56:52 2025 +0000

    key_share: support SecP384r1MLKEM1024 group
    
    Signed-off-by: Loganaden Velvindron <logan@cyberstorm.mu>
    Signed-off-by: Jaykishan Mutkawoa <jay@cyberstorm.mu>
    Signed-off-by: Kavish Nadan <kn@cyberstorm.mu>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 7 12:36:19 2025 +0900

    x509: stop using version field of MLDSAPrivateKey
    
    Previously we indicated the used ML-DSA algorithm in the version field
    of MLDSAPrivateKey, though this information is also available in
    privateKeyAlgorithm field as OID. With this change, the version field
    is always set to 1 to be compatible with OneAsymmetricKey with a
    non-empty publicKey field. When decoding, if the version is 1, the
    public key is read from publicKey field; otherwise it will be
    extracted from the privateKey field to interoperate with the other
    implementations such as OpenSSL/oqsprovider.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 26 17:34:51 2024 +0900

    NEWS: add entry for ML-DSA support
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 26 10:56:08 2024 +0900

    tests: add basic tests for ML-DSA usage with certtool
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 26 11:07:15 2024 +0900

    nettle: ensure liboqs is loaded for signing operations with ML-DSA
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 26 10:31:05 2024 +0900

    algorithms: document ML-KEM/ML-DSA in public enums
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 26 10:28:08 2024 +0900

    algorithms: rename GNUTLS_PK_MLKEM768 to GNUTLS_PK_ML_KEM_768
    
    To be consistent with ML-DSA algorithms, this renames
    GNUTLS_PK_MLKEM768 to GNUTLS_PK_ML_KEM_768, while the old name is
    preserved through a compatibility macro.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 24 18:14:39 2024 +0900

    certtool: enable ML-DSA private key generation
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 26 10:38:33 2024 +0900

    algorithms: expose ML-DSA algorithm entries regardless of liboqs
    
    Also this omits mapping between ML-DSA-44 and secparams, as there is
    no way to express an algorithm is at security level category 2, which
    uses a hash collision search instead of a brute-force key search on
    AES. See Appendix B of draft-ietf-lamps-dilithium-certificates for
    further details.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 24 16:57:54 2024 +0900

    fips: perform pair-wise consistency test for ML-DSA
    
    Also mark the signature creation and verification operation as
    non-approved, as the current version of liboqs doesn't implement
    sufficient checks for input.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 7 23:23:22 2025 +0900

    .gitlab-ci.yml: bump cache version
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 7 20:30:15 2025 +0900

    Update year of copyright notices in doc/gnutls.texi
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 24 10:15:45 2024 +0900

    configure: cache results of AC_*_IFELSE checks
    
    This make the configure process a little faster when --cache-file is
    given from the previous build, as it avoids running compilers, etc.,
    as well as makes the features configurable through cached variables.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 23 16:36:26 2024 +0900

    configure: fix output for checking whether dlopen(SONAME) works
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 10 15:54:15 2024 +0900

    tests: fix "fail" function usage
    
    The "fail" shell function takes a PID as the first argument.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 10 13:48:08 2024 +0900

    tests: fix tense in messages
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 9 21:40:07 2024 +0900

    build: error "make distcheck" if bootstrap is called with --skip-po
    
    This prevents mistakes when creating a tarball, as in 3.8.7.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Tue Dec 24 20:44:12 2024 +0900

    tests: Find p11-kit module directory via pkg-config.
    
    * tests/p11-kit-load.sh (P11_MODULE_PATH): New variable; use it to
    locate p11-kit-trust.so.
    * tests/p11-kit-trust.sh (PKG_CONFIG, P11_MODULE_PATH): Likewise.
    
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sun Dec 22 00:00:39 2024 +0900

    build: Skip tls-fuzzer when python-six is not available.
    
    * configure.ac [HAVE_PYTHON_SIX]: New conditional.
    * tests/suite/Makefile.am (scripts_to_test)
    [HAVE_PYTHON_SIX]: Conditionally include tls-fuzzer test scripts.
    
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sat Dec 21 21:47:56 2024 +0900

    tests: Skip multi-ticket-reception test when valgrind is not available.
    
    This test would hang when attempting to run without valgrind
    available.
    
    * tests/suite/multi-ticket-reception.sh: Skip when VALGRIND is not set.
    
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sat Dec 21 22:51:02 2024 +0900

    configure.ac: Ensure Python is available when it's needed.
    
    * configure.ac: Use AM_PATH_PYTHON only when needed, and ensure it
    then succeeds.
    
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sat Dec 21 16:29:39 2024 +0900

    bootstrap.conf: Sort requirements.
    
    * bootstrap.conf (buildreq): Sort.
    
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sat Dec 21 12:47:56 2024 +0900

    bootstrap.conf: Require the 'wget' command.
    
    wget is used to retrieve translation files.
    
    * bootstrap.conf (buildreq): Register wget.
    
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sat Dec 21 11:37:51 2024 +0900

    bootstrap.conf: Require the 'bison' command.
    
    * bootstrap.conf (buildreq): Register bison.
    
    Fixes: <https://gitlab.com/gnutls/gnutls/-/issues/1196>
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Sahil Siddiq <sahilcdq@proton.me>
Date:   Thu Dec 12 18:29:39 2024 +0530

    Set default value of early date size for client to 0
    
    This commit sets the default value of "early_data_size" to 0 for
    the client. "early_data_size" is set to a non-zero value when the
    server sends the relevant extension in a session ticket to the
    client.
    
    This makes it easy for the client to determine if a server
    supports early data.
    
    Link: https://gitlab.com/gnutls/gnutls/-/issues/1619
    Signed-off-by: Sahil Siddiq <sahilcdq@proton.me>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Dec 6 09:53:18 2024 +0900

    groups: represent hybrid groups with an array of IDs
    
    Previously, the supported_groups array contained externally defined
    elements, which is legitimate in C99 but caused error with Clang:
    
      groups.c:93:2: error: initializer element is not a compile-time constant
              group_x25519,
              ^~~~~~~~~~~~
    
    This reworks the array definition of indirection through group
    IDs (gnutls_group_t, i.e., integer).
    
    This also makes pqc-hybrid-kx test more exhaustive.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Mon Dec 9 13:32:14 2024 +0100

    fix tmt provision -h local
    
    TMT started requiring --feeling-safe for local provisioning.
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 3 21:50:05 2024 +0900

    x509: print errors when importing name constraints fails
    
    Like printing SCTS, report any error to stdout when iterating over
    name constraints in a certificate.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Angel Yankov <angel.yankov@suse.com>
Date:   Thu Nov 28 10:54:45 2024 +0200

    As DSA is not-approved in FIPS 140-3, there is no need to run a self test on it.
    
    Signed-off-by: Angel Yankov <angel.yankov@suse.com>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Sun Nov 17 15:12:28 2024 +0200

    Removed support for Falcon algorithms
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: pohsingwu <pohsingwu@synology.com>
Date:   Sun Nov 17 02:01:37 2024 +0800

    fips: mark EdDSA as approved in FIPS mode
    
    FIPS 186-5 approves EdDSA.
    
    Signed-off-by: Po-Hsing Wu <pohsingwu@synology.com>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Wed Nov 6 20:46:59 2024 +0200

    Removed support for Sphincs algorithms
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: David Dudas <david.dudas03@e-uvt.ro>
Date:   Thu Oct 24 18:56:30 2024 +0300

    Added SHA3x4 callbacks for liboqs.
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Sun Sep 22 16:22:13 2024 +0300

    Moved ML-DSA algorithms from the experimtental algorithms to non-exeperimental algorithms.
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Sat Aug 31 19:46:02 2024 +0300

    Changed from Dilithium to ML-DSA
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Mon Jul 29 00:00:40 2024 +0300

    Add experimental support for post-quantum digital signature algorithms in X.509 certificates
    
    - Dilithium
    - Falcon
    - Sphincs family
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 7 22:10:20 2024 +0900

    liboqs: don't call OQS_destroy if the version is 0.11.0
    
    OQS_destroy in liboqs 0.11.0 unconditionally calls OpenSSL functions
    for cleanup; see:
    https://github.com/open-quantum-safe/liboqs/pull/1982
    
    As it doesn't do anything other than that so far, just skip it for
    now.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: David Dudas <david.dudas03@e-uvt.ro>
Date:   Thu Nov 7 09:31:53 2024 +0900

    liboqs: add SHA3x4 callbacks
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>
    Modified-by: Daiki Ueno <ueno@gnu.org>

Author: Angel Yankov <angel.yankov@suse.com>
Date:   Thu Oct 24 15:00:28 2024 +0300

    fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
    
    This is for easier complience with FIPS 186-5,
    otherwise it would be necessary to justify how
    the timestamp is provided to prove that only
    pre-existing signatures can be verified in compliance
    with FIPS 186-5.
    
    Signed-off-by: Angel Yankov <angel.yankov@suse.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 6 14:24:05 2024 +0900

    dlwrap: regenerate files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 6 14:14:50 2024 +0900

    gnutls_privkey_get_spki: avoid NULL dereference in invalid call
    
    Reported and solution suggested by David Meliksetyan in:
    https://gitlab.com/gnutls/gnutls/-/issues/1579
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 5 22:56:36 2024 +0900

    gnutls-cli-debug: skip GOST and X25519 tests in FIPS mode
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 2 12:13:54 2024 +0900

    Release 3.8.8
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 14 15:31:04 2024 +0300

    Fixed the check at src/benchmark-tls.c
    
    Signed-off-by: David Meliksetyan <d.meliksetyan@fobos-nt.ru>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 25 11:27:30 2024 +0900

    dlwrap: clarify the code generation is one time only [ci skip]
    
    This makes it clear that dlwrap is not a build-time dependency but a
    one-time passive code generator.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 25 09:59:42 2024 +0900

    devel/generate-dlwrap.sh: remove --clang-resource-dir option
    
    The option is automatically inferred in dlwrap 0.3.6.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 1 11:10:49 2024 +0900

    priority: give KEM groups precedence over EC(DH) groups in TLS 1.3
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 1 10:50:56 2024 +0900

    key_share: detect overlap of PK types in hybrid groups
    
    The client limits sending the key_share extension to at most one from
    each public key type. To support hybrid groups, the logic needs to be
    extedended to check all siblings.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 30 14:05:10 2024 +0900

    _gnutls_session_supports_group: return boolean instead of error code
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 8 08:51:44 2024 +0900

    groups: register SecP256r1MLKEM768 and X25519MLKEM768
    
    This adds entries for SecP256r1MLKEM768 and X25519MLKEM768
    post-quantum hybrid key agreement schemes as defined in
    draft-kwiatkowski-tls-ecdhe-mlkem.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 9 17:09:04 2024 +0900

    key_share: rework hybrid algorithms handling
    
    Previously we put 2 public key algorithms in a single
    gnutls_group_entry_st, with pk and pk2 fields. That turned to be not
    flexible enough to handle the cases where the number of combinations
    increases or the order of algorithms is swapped. This changes the
    representation with a linked list so one can easily construct and
    traverse any combinations.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 14 17:50:27 2024 +0900

    priority: take into account of KEM groups
    
    When constructing a ciphersuite list, include hybrid PQC groups with
    KEM as the first key share.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 9 18:10:25 2024 +0900

    supported_groups: give KEM groups higher priority than DH
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 9 17:04:44 2024 +0900

    str: add _gnutls_ro_buffer_init
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 8 06:34:16 2024 +0900

    pk: plumb ML-KEM 768 in addition to Kyber 768
    
    This adds GNUTLS_PK_MLKEM768 in the regular algorithm range, while
    keeping GNUTLS_PK_EXP_KYBER768 in the experimental algorithm range.
    This also modifies the privkey-keygen test to skip unsupported
    algorithms at run-time.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 7 17:49:24 2024 +0900

    liboqs: provide SHA2 stubs
    
    As well as SHA3, this implements GnuTLS backed stubs for SHA2
    functions, which will be necessary for SLH-DSA signature support.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 7 16:46:28 2024 +0900

    liboqs: check library version at run-time
    
    This is to safeguard when the library is compiled with a newer liboqs
    but deployed to an enviromnent with an older liboqs, which may break
    ABI compatibility.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 7 13:39:22 2024 +0900

    liboqs: require version 0.11.0
    
    liboqs 0.11.0 shipped with public headers for plugging in alternative
    symmetric algorithms (e.g., sha3_ops.h), which were previously
    missing.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Angel Yankov <angel.yankov@suse.com>
Date:   Thu Oct 24 15:08:04 2024 +0300

    fips: Mark gnutls_hash_fast as approved in FIPS SLI
    
    There is no reason for gnutls_hash_fast to not
    be approved unde the SLI as part of the approved service
    Message Digest (same as gnutls_hash_init, gnutls_hash , gnutls_hash_output ).
    
    Add a transition to state approved when using gnutls_hash_fast.
    
    Signed-off-by: Angel Yankov <angel.yankov@suse.com>

Author: Angel Yankov <angel.yankov@suse.com>
Date:   Thu Oct 24 15:13:22 2024 +0300

    fips: Mark operations using P-192 as not approved
    
    P-192 is not an approved curve as of FIPS 186-5, so mark operations
    using it as NOT approved in the SLI.
    
    Signed-off-by: Angel Yankov <angel.yankov@suse.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Oct 21 19:59:20 2024 +0200

    nettle: mangle sha3_128_ctx
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 16 14:42:47 2024 +0900

    hash: return error if gnutls_hash is called after squeeze
    
    Previously, when gnutls_hash is called after gnutls_hash_squeeze, it
    hits an assertion failure in nettle:
    
      sha3.c:76: _nettle_sha3_update: Assertion `pos < block_size' failed.
    
    This adds an internal function to check whether the hash context has
    already been finalized with squeezing and in that case errors out.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Oct 10 13:26:22 2024 +0200

    compress_certificate: improve error checks
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Oct 8 09:51:00 2024 -0700

    lib/nettle/int/nettle-internal.h: include alloca.h if configure found it
    
    Needed for alloca definition on Solaris, to avoid build error with gcc 14:
    
    lib/nettle/int/nettle-internal.h:59:39: error: implicit declaration of
     function 'alloca' [-Wimplicit-function-declaration]
       59 | #define TMP_ALLOC(name, size) (name = alloca(sizeof(*name) * (size)))
          |                                       ^~~~~~
    
    Closes #782
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 25 13:32:14 2024 +0200

    tests/key-material-set-dtls: retry send/recv on E_AGAIN/E_INTERRUPTED
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Sep 27 12:09:51 2024 +0200

    Ignore unknown compression algs when using CLI
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 25 09:05:35 2024 +0200

    tests/ktls: skip CHACHA20-POLY1305 in FIPS mode
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Jeff Mattson <jmattson@sei.cmu.edu>
Date:   Tue Sep 24 10:53:23 2024 -0400

    fix formatting
    
    Signed-off-by: Jeff Mattson <jmattson@sei.cmu.edu>

Author: Jeff Mattson <jmattson@sei.cmu.edu>
Date:   Tue Sep 24 10:33:50 2024 -0400

    iterate ocsp response records for matching certificate
    
    Signed-off-by: Jeff Mattson <jmattson@sei.cmu.edu>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Sep 7 16:41:33 2024 +0200

    Fix configure syntax error on non-working faketime
    
    Closes #1576
    
    Authored-by: Tim Kosse
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Aug 25 15:02:57 2024 +0200

    Select whether to link/dlopen tpm2 at configure time
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Aug 25 13:01:30 2024 +0200

    Select whether to link/dlopen libocs at configure time
    
    (This defaults to off)
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 24 18:35:07 2024 +0200

    Select whether to link/dlopen brotli at configure time
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 24 13:55:14 2024 +0200

    Select whether to link/dlopen zstd at configure time
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 24 12:58:15 2024 +0200

    Use HAVE_ZLIB for both automake and autoconf
    
