Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Oct 20 13:43:46 2023 +0200

    Release 3.8.2
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 23 09:26:57 2023 +0900

    auth/rsa_psk: side-step potential side-channel
    
    This removes branching that depends on secret data, porting changes
    for regular RSA key exchange from
    4804febddc2ed958e5ae774de2a8f85edeeff538 and
    80a6ce8ddb02477cd724cd5b2944791aaddb702a.  This also removes the
    allow_wrong_pms as it was used sorely to control debug output
    depending on the branching.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ajit Singh <ajeetsinghchahar2@gmail.com>
Date:   Mon Nov 6 15:45:10 2023 +0530

    handshake.c: Fixed a missing goto statement
    
    Signed-off-by: Ajit Singh <ajeetsinghchahar2@gmail.com>

Author: Frediano Ziglio <freddy77@gmail.com>
Date:   Sun Nov 5 17:47:44 2023 +0000

    lib: Use correct transport getting error number
    
    For write we need to use transport_send_ptr, not transport_recv_ptr.
    
    Signed-off-by: Frediano Ziglio <freddy77@gmail.com>

Author: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Date:   Thu Oct 26 00:17:33 2023 +0200

    .lgtm.yml: remove LGTM.com configuration file
    
    LGTM.com has been deprecated and replaced by GitHub code analysis:
    https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/
    
    Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 18 08:21:05 2023 +0900

    NEWS: mention KTLS support in FreeBSD [ci skip]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Clemens Lang <cllang@redhat.com>
Date:   Wed Oct 18 10:50:08 2023 +0200

    CONTRIBUTING.md: Fix file name in reviewer checklist
    
    The coding guidelines are in CONTRIBUTING.md, not CONTRIBUTION.md (which
    does not exist).
    
    Signed-off-by: Clemens Lang <cllang@redhat.com>

Author: xuraoqing <xuraoqing@huawei.com>
Date:   Wed Aug 23 11:56:03 2023 +0800

    srptool: rework entry parsing without indexing
    
    This simplifies the loop matching and parsing an SRP entry,
    considering the buffer read with fgets is always NUL-terminated.
    
    Signed-off-by: xuraoqing <xuraoqing@huawei.com>
    Modified-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 18 05:24:33 2023 +0900

    .gitlab-ci.yml: disable p11-kit for MinGW builds
    
    Currently, tests are failing with page fault in MinGW64 builds if
    p11-kit is enabled.  This temporarily disables it.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 13 17:36:57 2023 +0900

    cli: add --starttls-name option
    
    Some deployment of application protocols, such as XMPP, require a
    different hostname than the host being connected.  This adds a new
    option, --starttls-name, to gnutls-cli to specify it separately.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 7 17:25:45 2023 +0900

    .gitlab-ci.yml: hook devel/check-headers.sh in .pre target
    
    This adds devel/check-headers.sh in the .pre target phase so any
    inconsistent header inclusion would be detected early in the CI.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 7 17:24:02 2023 +0900

    devel: make local header inclusion consistent
    
    This is the result of running devel/check-headers.sh --format on all
    .c and .h files under lib.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 7 17:17:39 2023 +0900

    devel: add script to fix header inclusion
    
    This adds check-headers.sh script which scans .c files and checks that
    local header files under lib/ are consistently included with #include
    "foo.h" instead of #include <foo.h>.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Yongye Zhu <zyy1102000@gmail.com>
Date:   Wed Oct 4 09:26:14 2023 +0000

    ktls: add support for FreeBSD
    
    This extend the KTLS support to FreeBSD, with the AES-GCM-128, AES-GCM-256, and ChaCha20-Poly1305 ciphersuites.
    
    Signed-off-by: Yongye Zhu <zyy1102000@gmail.com>
    Reviewed-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 28 11:38:36 2023 +0900

    pkcs11: support Ed448 keys
    
    This adds support for Ed448 keys backed by PKCS#11.  To differentiate
    Ed448 keys from Ed25519 keys, this requires an extra logic to check
    CKA_EC_PARAMS when reading public keys.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 28 11:37:15 2023 +0900

    tests: refactor pkcs11-privkey-generate
    
    This factors out key generation logic into a separate function so we
    can easily extend the test to cover more key types.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 23 15:37:03 2023 +0900

    pkcs11: fix key pair generation for EdDSA
    
    Previouly we used the CKM_EDDSA mechanism to generate key pair, though
    the mechanism can only be used for signing and verification as
    specified in PKCS#11 3.1 section 6.3.  For key generation, the
    CKM_EC_EDWARDS_KEY_PAIR_GEN mechanism (or
    CKM_EC_MONTGOMERY_KEY_PAIR_GEN, if the point is represented in the
    Montgomery form) needs to be used.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Date:   Sun Sep 17 16:29:38 2023 +0200

    doc: fix typos found by codespell
    
    Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 11 13:59:45 2023 +0900

    gnutls_privkey_generate2: allow missing Q for DH
    
    As the Q parameter is optional in the gnutls_dh_params_t, this allows
    generating Diffie-Hellman private key without that parameter.
    
    While it is mandatory in FIPS mode, it is ensured when generating the
    DH parameters or importing through gnutls_dh_params_import_raw3.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 10 20:19:13 2023 +0900

    abstract: add gnutls_pubkey_export_dh_raw
    
    This adds gnutls_pubkey_export_dh_raw, a public key counterpart of
    gnutls_privkey_export_dh_raw.  This also replaces the P, Q, G
    parameters with gnutls_dh_params_t in the function signatures to avoid
    unnecessary serialization of bignums.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Miroslav Lichvar <mlichvar@redhat.com>
Date:   Mon Sep 11 10:45:39 2023 +0200

    cipher: fix AES-SIV-GCM key lengths
    
    Fix provided key lengths of AES-SIV-GCM ciphers, which have halved keys
    when compared to AES-SIV-CMAC.
    
    Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 11 07:23:51 2023 +0900

    gnutls_pubkey_import_privkey: support GNUTLS_PK_DH
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 6 14:55:10 2023 +0900

    NEWS: mention AES-GCM-SIV support
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 6 14:02:43 2023 +0900

    nettle: expose SIV-GCM through the AEAD interface
    
    This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV_GCM
    and GNUTLS_CIPHER_AES_256_SIV_GCM, exposing nettle_siv_gcm_aes{128,256}*
    functions.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 6 13:34:27 2023 +0900

    nettle: vendor-in SIV-GCM implementation
    
    This imports SIV-GCM implementation from Nettle 3.9.1, while still
    assuming Nettle 3.6 as the baseline.  As such, only non-optimized
    implementation is imported.  Performance critical applications are
    advised to build GnuTLS with Nettle 3.9.1 or later.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 5 09:39:28 2023 +0900

    devel: update nettle submodule
    
    This updates nettle submodule to the 3.9.1 release.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 12 08:17:44 2022 +0200

    gnutls_privkey_derive_secret: new function
    
    This adds a new function gnutls_privkey_derive_secret, which can be
    used in conjunction with the other key import or key generation API to
    calculate shared secret.
    
    Key import can be done with gnutls_{pubkey,privkey}_import_ecc_raw for
    ECDH and gnutls_{pubkey,privkey}_import_dh_raw for FFDH, while key
    generation could be done with gnutls_privkey_generate2 with respective
    algorithms (e.g., GNUTLS_PK_ECDH_X25519) and key generation parameters
    in gnutls_keygen_data_st format.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 31 13:55:58 2023 +0900

    abstract, x509: add functions to import and export DH keys
    
    This adds a couple of functions to import and export Diffie-Hellman
    private keys.  While it shares the structure as DSA, it differs in q
    parameter which is optional in Diffie-Hellman and the algorithm
    ID: GNUTLS_PK_DH vs GNUTLS_PK_DSA.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 3 10:20:37 2023 +0900

    abstract, x509: refactor raw DSA key import logic
    
    This switches to using DSA_{P,Q,G,X,Y} instead of magic number, and
    adds check for required parameters.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 3 10:36:13 2023 +0900

    mpi: remove unnecessary integer size conversion
    
    The following pattern:
    
    ```c
    size_t siz = prime->size;
    if (_gnutls_mpi_init_scan_nz(&tmp_prime, prime->data, siz)) {
      ...
    }
    ```
    
    was previously written as:
    
    ```c
    size_t siz = prime->size;
    if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, &siz))
      ...
    }
    ```
    
    Now that _gnutls_mpi_init_scan_nz takes an immediate integer instead
    of a pointer, we don't need to account for the integere size and thus
    no conversion should be necessary.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 31 09:21:23 2023 +0900

    gnutls_privkey_generate2: accept DH parameters
    
    This adds a new GNUTLS_KEYGEN_DH type for gnutls_keygen_data_st, so
    gnutls_privkey_generate2 can use pre-generated DH parameters instead
    of newly generated ones.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 12 08:28:22 2022 +0200

    gnutls_privkey_import_ecc_raw: allow X25519/X448 curves
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 12 08:21:12 2022 +0200

    gnutls_pubkey_import_ecc_raw: allow X25519/X448 curves
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 28 15:47:04 2023 +0900

    tests: ignore SIGPIPE in forking tests if the parent is TLS client
    
    If the tests are forking and the parent process is a client, care must
    be taken to handle SIGPIPE reported by the child process (server) when
    the client closes the connection.
    
    This hadn't been exposed until commit
    dd79ac9bcf90012e090726adf7c1940bcce8333f, thanks to the fact that the
    parent process kept the other pipe end which effectively prevented a
    "broken pipe".
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 23 10:43:54 2023 +0900

    benchmark: use fallback gettime provided by Gnulib's timespec module
    
    If CLOCK_PROCESS_CPUTIME_ID is not defined, a fallback gettime
    function was defined as an inline function.  Given that "timespec.h"
    from Gnulib already defines such a fallback function with the same
    name, it's not necessary to redefine it.  This should fix the build
    issue with Clang:
    
      In file included from ../../gnutls-3.8.1/src/cli.c:65:
      ../../gnutls-3.8.1/src/benchmark.h:38:20: error: static declaration of 'gettime' follows non-static declaration
      inline static void gettime(struct timespec *ts)
                         ^
      ../../gnutls-3.8.1/src/gl/timespec.h:93:6: note: previous declaration is here
      void gettime (struct timespec *) _GL_ARG_NONNULL ((1));
           ^
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 22 10:43:38 2023 +0900

    .gitlab-ci.yml: bundle libssp-0.dll in the Windows archive
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Sam James <sam@gentoo.org>
Date:   Mon Aug 7 08:23:50 2023 +0100

    configure.ac: Avoid noise when faketime is not available
    
    We already checked for whether faketime is installed, so don't try to call it
    if we couldn't find a path to it.
    
    This avoids noise like:
    ```
    checking for faketime... no
    checking for datefudge... no
    checking whether faketime program works... 1691391464
    /var/tmp/portage/net-libs/gnutls-3.8.1/work/gnutls-3.8.1/configure: line 11540: 2006-09-23 00:00:00: command not found
    /var/tmp/portage/net-libs/gnutls-3.8.1/work/gnutls-3.8.1/configure: line 11540: test: =: unary operator expected
    no
    ```
    
    Bug: https://bugs.gentoo.org/911833
    Signed-off-by: Sam James <sam@gentoo.org>

Author: Adrian Bunk <bunk@debian.org>
Date:   Sun Aug 6 22:46:22 2023 +0300

    Move the GNUTLS_NO_EXTENSIONS compatibility #define to gnutls.h
    
    Signed-off-by: Adrian Bunk <bunk@debian.org>

Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sun Aug 6 20:37:31 2023 +0200

    Fix build on GNU/Hurd
    
    GNU/Hurd does not define an arbitrary PATH_MAX limitation, so pathbuf
    can define its own abitrary limitation.
    
    Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Aug 3 11:52:04 2023 +0200

    Release 3.8.1
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Aug 3 14:09:33 2023 +0200

    Safeguard against overflow inside pkcs11_find_objects
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Jul 25 16:23:49 2023 +0200

    Refactor pkcs11_find_objects to use p11-kit iterator
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 31 23:46:19 2023 +0900

    tests: propagate $CFLAGS in pkgconfig.sh
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 31 11:54:27 2023 +0900

    .gitlab-ci.yml: re-enable i686 cross build
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 31 17:38:02 2023 +0900

    doc: fix C++ example compilation on MinGW
    
    The examples under doc/examples/ are compiled with Gnulib, which
    overrides write if it's not available, as a macro.  This conflicts
    with the usage of std::iostream::write in ex-cxx.cpp.  To avoid the
    build issue, use a custom namespace to hide it, as suggested in:
    https://www.gnu.org/software/gnulib/manual/html_node/A-C_002b_002b-namespace-for-gnulib.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jul 27 10:36:48 2023 +0200

    Reduce the number of objects received per iteration in pkcs11_find_objects
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 24 09:14:20 2023 +0200

    .gitlab-ci.yml: drop use of Debian cross images
    
    Due to licensing concern, we had to remove the Debian-based CI images
    for cross compilation.  Some of them are already covered by the
    Fedora-based CI images, though it would be nice if the following are
    added back:
    
    - x86 (32-bit): maybe we could just use -m32 on Fedora image,
      similarly to mingw targets
    - Arm (32-bit)
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jul 23 08:17:32 2023 +0200

    .gitlab-ci.yml: enable use of Fedora cross toolchain
    
    This adds new tests for cross-compiling to AArch64, PowerPC 64 (LE),
    and s390x through the CI image based on Fedora 38.  The main advantage
    of doing this is that the toolchain version is in sync with the
    current Fedora native builds.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 20 08:54:36 2023 +0200

    accelerated: check nonce length in aead_{encrypt,decrypt}
    
    This propagates any IV length mismatch detected as an error, in the
    accelerated code for x86.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 20 08:49:30 2023 +0200

    nettle: check nonce length in aead_{encrypt,decrypt}
    
    This adds a missing check on the maximum IV length in aead_encrypt and
    aead_decrypt, to the Nettle crypto backend.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Elias Gustafsson <elias.skondal@gmail.com>
Date:   Tue Apr 4 02:16:04 2023 +0200

    tests: add negative serial number test
    
    Signed-off-by: Elias Gustafsson <elias.skondal@gmail.com>

Author: Elias Gustafsson <elias.skondal@gmail.com>
Date:   Tue Apr 4 02:07:21 2023 +0200

    certtool: reject negative serial numbers
    
    Signed-off-by: Elias Gustafsson <elias.skondal@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 10 14:53:35 2023 +0200

    tests: use template file for generating long DNS certificate request
    
    Instead of an interaction file, which causes problems on Windows when
    reading a password from tty.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jul 8 14:47:19 2023 +0200

    tests: fix error code in ocsp-tests/ocsp-must-staple-connection.sh
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jul 8 14:42:33 2023 +0200

    tests: print diff when cert-tests/crq.sh produces unexpected output
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jul 8 06:36:39 2023 +0200

    build: remove unused backward compatibility macro
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 7 15:48:19 2023 +0200

    tests: remove unnecessary calls to skip_if_no_datefudge
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 5 17:00:40 2023 +0200

    NEWS: mention --attime option
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 5 17:45:54 2023 +0200

    tests: use SH_LOG_COMPILER in cert-tests
    
    This omits the need of setting executable bits on shell script tests,
    as well as makes the log file naming consistent.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jul 8 06:29:17 2023 +0200

    gnutls-serv, gnutls-cli, gnutls-cli-debug: add --attime option
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Wilbur Wetterquarz <freaxmate@protonmail.com>
Date:   Wed Mar 22 01:00:09 2023 +0100

    certtool: add --attime option
    
    This adds a --attime option to certtool, so the tests don't need
    faketime or datefudge to adjust system time.
    
    Signed-off-by: Wilbur Wetterquarz <freaxmate@protonmail.com>
    Modified-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 6 14:30:52 2023 +0200

    ocsptool: fix memleak spotted by ASan
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Pravek Sharma <sharmapravek@gmail.com>
Date:   Sun Mar 12 22:31:33 2023 -0400

    ocsptool: add --attime option
    
    This adds a --attime option to ocsptool, so the tests don't need
    faketime or datefudge to adjust system time.
    
    Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
    Modified-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 5 17:28:47 2023 +0200

    system: override gettime if time is overridden
    
    If the gnutls_time is manually set by user, it would be more intuitive
    to also update gnutls_gettime to use it internally.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 5 15:55:16 2023 +0200

    tests: detect faketime at configure time
    
    Previously, the test suite checked the existence of faketime or
    datefudge at "make check", multiple times when it is needed.  This
    moves the check to configure and check it only once.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 4 09:47:52 2023 +0200

    priority: add config keyword "tls-session-hash"
    
    This adds a new keyword in the configuration file, "tls-session-hash",
    which shall appear in the [overrides] section and takes either
    "request" or "require" as the argument.  This is particularly useful
    when reverting the EMS requirement in FIPS mode for interoperability
    reasons.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 29 10:04:51 2023 +0200

    tls1-prf: mark use of non-EMS PRF non-approved in FIPS
    
    This adds service indicator transitions around the use of TLS 1.2 PRF.
    As of May 16, 2023, the use of extended master secret is mandatory
    according to FIPS 140-3 IG.  This patch detects the usage of non-EMS
    KDF by checking the label: if it is "master secret", the service
    indicator transitions to a non-approved state.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jun 4 14:15:45 2023 +0200

    Fix update-copyright-year target for switch from GNU autogen
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jun 4 13:53:43 2023 +0200

    Automate and fix manpage copyright year update
    
    Handle manpage copyright year update in update-copyright-year
    target, and fix the library manpage copyright year statement, $(YEAR)
    expanded to an empty string
    
    Broken by: 5a58370864e04f5dbb05b0ae453e6fa592a93175
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Jun 3 13:27:53 2023 +0200

    Bump manpage copyright year
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 5 16:47:36 2023 +0200

    tests: re-add test-ciphersuite-names.sh to TESTS
    
    The test was removed from TESTS in commit
    5e52b0d0fec0d9eaac30ca8f35fd7b8368064222.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 1 16:08:24 2023 +0200

    tests: update tests/suite/ciphersuite after a96b04ff
    
    The commit a96b04ffcf8fd7375dc3c0f90602bf679f5a9791 introduced a new
    field in gnutls_cipher_suite_entry_st for gnutls_ciphersuite_get. The
    scan-gnutls.sh script needs to be updated to correctly parse the
    ciphersuites list.  This also fixes the include path so the test
    doesn't require gnutls to be installed on the system.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 7 13:18:20 2023 +0200

    tests: make testcompat-openssl-tls13-serv.sh less flaky
    
    Bash has a special variable GROUPS[1] which clashes with our use in
    testcompat-openssl-tls13-serv.sh as a list of key exchange groups.
    This avoids using it as well as expands the logging message to
    indicate what is tested.
    
    1. https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html#index-GROUPS
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 7 10:07:26 2023 +0200

    lib: suppress -Wmaybe-uninitialized warning
    
    Spotted by GCC 13:
    
      pkcs11.c: In function 'gnutls_pkcs11_token_get_info':
      pkcs11.c:2535:25: error: 'str' may be used uninitialized [-Werror=maybe-uninitialized]
       2535 |                         memcpy(output, str, len);
            |                         ^~~~~~~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 7 16:44:00 2023 +0200

    lib: suppress false-positive -Wanalyzer-out-of-bounds
    
    GCC analyzer from GCC 13 reports this:
    
      verify-high.c:1471:21: error: stack-based buffer over-read [CWE-126] [-Werror=analyzer-out-of-bounds]
       1471 |                 if (gnutls_x509_trust_list_get_issuer(
            |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       1472 |                             list, cert_list[i - 1], &issuer,
    
    This is false-positive, as i is always in a range 0 < i < cert_list_size.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 7 11:54:54 2023 +0200

    lib: suppress false-positive -Wanalyzer-deref-before-check
    
    GCC analyzer from GCC 13 reports an error when a pointer dereference
    followed by a memcpy:
    
      x509_dn.c:54:17: error: check of '*name.data' for NULL after already dereferencing it [-Werror=analyzer-deref-before-check]
         54 |                 memcpy(_oid, name->data, name->size);
            |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    This is a false-positive, because we check name->size is > 0 on a
    previous line.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 7 11:43:32 2023 +0200

    src: suppress clang-analyzer warning
    
    clang-analyzer from Clang 16 reports the following:
    
      serv.c:2069:2: warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]
              memcpy(cache_db[i].session_data.data, data.data, data.size);
              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 6 09:30:50 2023 +0200

    .gitlab-ci.yml: switch to Fedora 38 images
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stephen Paul Weber <singpolyma@singpolyma.net>
Date:   Tue Jul 4 22:28:48 2023 -0500

    Fix DTLS handshake when first fragment is 1 byte
    
    Asterisk sometimes generates this, and it seems like a valid case.  If
    the first fragment is 1 byte then subsequent fragments will still try to
    merge into it so it needs to have a big enough buffer for this to happen.
    
    Signed-off-by: Stephen Paul Weber <singpolyma@singpolyma.net>

Author: Ajit Singh <ajeetsinghchahar2@gmail.com>
Date:   Wed Jun 7 22:06:57 2023 +0530

    m4/hooks.m4: Fixed typo
    
    Signed-off-by: Ajit Singh <ajeetsinghchahar2@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 24 09:02:26 2023 +0200

    .gitlab-ci.yml: pull in clang16-extra-tools instead of clang15-*
    
    Also re-indent the existing code with the newer version of clang.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 11 09:57:09 2023 +0900

    tests: use GNUTLS_SELF_TEST_FLAG_ALL macro instead of magic number
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 11 09:52:20 2023 +0900

    crypto-selftests: mark CFB8 block sizes tests optional
    
    It was not obvious that the second function supplied to CASE2 macro
    was only called when GNUTLS_SELF_TEST_FLAG_ALL is set.  This splits
    the macro into two: the one to be required and the other to be
    optional.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 11 22:13:25 2023 +0900

    nettle: remove files no longer used
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 2 08:41:08 2023 +0900

    psk: Add basic support for RFC 9258 external PSK importer interface
    
    This adds a minimal, callback-based API to import external PSK,
    following RFC 9258.  The client and the server importing external PSK
    are supposed to set a callback to retrieve PSK, which returns flags
    that may indicate the PSK is imported, along with the key:
    
      typedef int gnutls_psk_client_credentials_function3(
              gnutls_session_t session,
              gnutls_datum_t *username, gnutls_datum_t *key,
              gnutls_psk_key_flags *flags);
    
      typedef int gnutls_psk_server_credentials_function3(
              gnutls_session_t session,
              const gnutls_datum_t *username, gnutls_datum_t *key,
              gnutls_psk_key_flags *flags);
    
    Those callbacks are responsible to call
    gnutls_psk_format_imported_identity() for external PSKs to build a
    serialized PSK identity, and set GNUTLS_PSK_KEY_EXT in flags if the
    identity is an imported one.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 24 12:39:42 2023 +0900

    build: re-indent code
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 17 18:17:30 2023 +0900

    doc: add missing documentation for enums
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Mar 16 11:31:42 2023 +0900

    .gitlab-ci.yml: install clang15-extra-tools for clang-format
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 17 13:05:41 2023 +0900

    gnutls.h.in: stop indenting doc-comments for typedefs
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Mar 16 16:21:37 2023 +0900

    build: use /* clang-format {on|off} */ annotation
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 24 12:38:56 2023 +0900

    doc: mention how to indent source code
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Mar 16 10:33:14 2023 +0900

    build: switch to using clang-format instead of GNU indent
    
    GNU indent yields weird output when using the Linux kernel coding
    style as in the below examples, which affects code readability.
    
    - Too long lines cause unexpected indentation:
                            if (!
                                (priv->flags &
                                 GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED)
      && (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT)
      && data.size > 0) {
    
    - Unary operators (`-` and `+`) after a type cast are not recognized
      properly: `(time_t)-1` becomes `(time-t) - 1`
    
    - Long conditionals are wrapped before binary operators, such as `&&`
      or `||`.  This is not mandatory in the style, but all the occurrences
      are replaced with that style
    
    This switches to using clang-format instead, with the configuration
    used in the Linux kernel as of commit
    596ff4a09b8981790e15572e8e7bc904df5835e7:
    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/.clang-format
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Apr 15 08:04:01 2023 +0900

    doc: fix typo in %DISABLE_SAFE_RENEGOTIATION documentation
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 2 08:21:41 2023 +0900

    doc: mention ClientHello extensions shuffling
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 2 08:16:33 2023 +0900

    hello_ext: minor cleanup of extension shuffling code
    
    This reduces the number of calls to gnutls_rnd(GNUTLS_RND_RANDOM)
    based on the assumption that extension indices fit in uint8_t.
    
    This also renames the priority string modifier from %NO_EXTS_SHUFFLE
    to %NO_SHUFFLE_EXTENSIONS.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: xuraoqing <609179072@qq.com>
