Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 8 18:51:26 2025 +0900

    .gitlab-ci.yml: use self-hosted runner
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 8 07:00:39 2025 +0900

    Release 3.8.10
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 8 18:46:48 2025 +0900

    doc: fix texinfo menu entries
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 8 16:46:38 2025 +0900

    tests: add missing automake variable prefix to pkcs11-provider tests
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 8 08:47:07 2025 +0900

    cli: print DEFAULT_TRUST_STORE_{DIR,PKCS11} with --list-config
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 7 11:15:45 2025 +0900

    handshake: clear HSK_PSK_SELECTED is when resetting binders
    
    When a TLS 1.3 handshake involves HRR and resumption or PSK, and the
    second Client Hello omits PSK, the server would result in a NULL
    pointer dereference as the PSK binder information is cleared while the
    HSK_PSK_SELECTED flag is still set. This makes sure that
    HSK_PSK_SELECTED flag is always cleared when the PSK binders are
    reset. This also makes it clear the HSK_PSK_SELECTED flag is valid
    only during a handshake; after that, whether PSK is used can be
    checked with gnutls_auth_client_get_type.
    
    Reported by Stefan Bühler.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 7 10:57:10 2025 +0900

    certtool: avoid 1-byte write buffer overrun when parsing template
    
    Previously, when parsing a template file with a number of key value
    pairs, certtool could write a NUL byte after the heap buffer, causing
    a memory corruption. This fixes the issue by allocating the NUL byte.
    Reported by David Aitel.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 7 10:44:12 2025 +0900

    x509: avoid double free when exporting othernames in SAN
    
    Previously, the _gnutls_write_new_othername function, called by
    gnutls_x509_ext_export_subject_alt_names to export "otherName" in a
    certificate's SAN extension, freed the caller allocated ASN.1
    structure upon error, resulting in a potential double-free.
    
    Reported by OpenAI Security Research Team.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andrew Hamilton <adhamilt@gmail.com>
Date:   Mon Jul 7 10:35:54 2025 +0900

    x509: reject zero-length version in certificate request
    
    Ensure zero size asn1 values are considered invalid in
    gnutls_x509_crq_get_version, this ensures crq version is not used
    uninitialized. Spotted by oss-fuzz at:
    https://issues.oss-fuzz.com/issues/42536706
    
    Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andrew Hamilton <adhamilt@gmail.com>
Date:   Mon Jul 7 10:31:55 2025 +0900

    psk: fix read buffer overrun in the "pre_shared_key" extension
    
    While processing the "pre_shared_key" extension in TLS 1.3, if there
    are certain malformed data in the extension headers, then the code may
    read uninitialized memory (2 bytes) beyond the received TLS extension
    buffer. Spotted by oss-fuzz at:
    https://issues.oss-fuzz.com/issues/42513990
    
    Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andrew Hamilton <adhamilt@gmail.com>
Date:   Mon Jul 7 10:23:59 2025 +0900

    x509: fix read buffer overrun in SCT timestamps
    
    Prevent reading beyond heap buffer in call to _gnutls_parse_ct_sct
    when processing x509 Signed Certificate Timestamps with certain
    malformed data. Spotted by oss-fuzz at:
    https://issues.oss-fuzz.com/issues/42530513
    
    Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Jul 7 10:09:00 2025 +0200

    Add NEWS entry for the PKCS#11 provider [skip ci]
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Jul 7 10:02:20 2025 +0200

    Add documentation for the pkcs#11-provider
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 7 16:44:11 2025 +0900

    build: fix build with --with-included-libtasn1
    
    As libminitasn1.la is always built a static library, linking it twice
    makes linking fail because of duplicated symbols. This also stops
    including <nettle/bignum.h> as it is unused and causing compile error
    on macOS homebrew:
    
      In file included from p11_pk.c:32:
      /opt/homebrew/Cellar/nettle/3.10.2/include/nettle/bignum.h:50:11: fatal error: 'gmp.h' file not found
      # include <gmp.h>
                ^~~~~~~
      1 error generated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Sat Jul 5 00:56:36 2025 +0000

    lib/hello_ext.c: Add gnutls_free() to avoid memory leak
    
    Add gnutls_free() to free tmp_mod.name in the error handling to avoid memory leak.
    
    Fixes: 5bba569b4 ("gnutls_session_ext_register: keep track of extension name")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Sat Jul 5 00:55:17 2025 +0000

    lib/x509/x509_ext.c: Add gnutls_free() to avoid memory leak
    
    Add gnutls_free() to free ooc if subject_alt_names_set() fails to avoid memory leak.
    
    Fixes: 2bd323f72 ("Added new API to handle X.509 extensions.")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Sat Jul 5 00:49:56 2025 +0000

    tests/x509-cert-callback-ocsp.c: Free p and certs on error to avoid memory leak
    
    Call gnutls_free() to release p and certs on error, preventing a memory leak.
    
    Fixes: db486d97c ("tests: enhanced OCSP tests")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Sat Jul 5 00:49:09 2025 +0000

    tests/x509-cert-callback.c: Free p and certs on error to avoid memory leak
    
    Call gnutls_free() to release p and certs on error, preventing a memory leak.
    
    Fixes: ed02ed050 ("tests: added check with X.509 certificates and callbacks")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 4 16:56:22 2025 +0900

    tests: allow ML-DSA tests under valgrind
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 4 16:55:21 2025 +0900

    x509: fix memleaks after ML-DSA key consistency check
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 4 14:52:08 2025 +0900

    certtool: don't print bits when inspecting ML-DSA private keys
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 4 12:59:29 2025 +0900

    NEWS: mention ML-DSA improvements
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 4 12:46:13 2025 +0900

    tests: add round-trip test of ML-DSA keys
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 4 12:23:59 2025 +0900

    pk: fix memleak when ML-DSA seed is stored
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 3 16:09:12 2025 +0900

    certtool: add --key-format option to select ML-DSA key format
    
    This adds the --key-format option to certtool to control the ML-DSA
    private key format. The possible values are, "seed", "expanded", or
    "both".
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 3 16:08:20 2025 +0900

    x509: support encoding of ML-DSA private keys in CHOICE format
    
    This enables to encode a generaeted ML-DSA private key in the three
    formats defined in draft-ietf-lamps-dilithium-certificates-12,
    indicated with the gnutls_pkcs_encrypt_flags_t enum as
    GNUTLS_PKCS_MLDSA_SEED and/or GNUTLS_PKCS_MLDSA_EXPANDED values.  The
    default format ML-DSA keys has been changed to the "both" format.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 4 15:37:08 2025 +0900

    algorithms: assign hash strength to ML-DSA signature algorithms
    
    The _gnutls_sign_get_hash_strength function previously returned 0 for
    ML-DSA algorithms, preventing the security level check in certificate
    signatures. This assigns the collision strength for commitment hashes,
    as defined in FIPS 204, section 4, table 1.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 3 12:09:03 2025 +0900

    nettle: always generate ML-DSA seed and keys separately
    
    When generating ML-DSA, store the intermediate seed, so it can be
    exported later.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 3 08:23:36 2025 +0900

    .gitlab-ci.yml: disable ChaCha20Poly1305 in leancrypto compilation
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 1 17:57:03 2025 +0900

    x509: support decoding of ML-DSA private keys in CHOICE format
    
    This extends the acceptable formats of ML-DSA private keys to the
    three formats defined in draft-ietf-lamps-dilithium-certificates-12,
    section 6, namely: "seed", "expandedKey", and "both". The legacy
    format compatible with liboqs/oqsprovider is still accepted and the
    default output format for now.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 1 14:04:25 2025 +0900

    pk: plumb key generation from seed
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Tue Jul 1 14:45:08 2025 +0000

    src/danetool.c: Use gnutls_hex_encode2() instead of gnutls_hex_encode() to avoid memory leak
    
    Fixes: ead5d40a ("danetool: added option to print the raw entries.")
    Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Tue Jul 1 15:34:58 2025 +0100

    doc: fix typo in docs about system profile fallback
    
    Docs for the system profile fallback syntax accidentally repeated
    the "@" marker before each keyword. The "@" marker only indicates
    the start of the profile field, and individual names are merely
    separated by a comma, per the impl in 6b6d9dd44e.
    
    Fixes 6f425b0fd7d860e9d78b7ba0d9c4d3165d824d7c
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 1 12:17:29 2025 +0900

    pubkey: fix byte/bit confusion in public key sizes of ML-DSA
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Richard Hughes <richard@hughsie.com>
Date:   Fri Jun 27 16:33:37 2025 +0100

    algorithms: map GNUTLS_MAC_SHAKE_{128,256} to GNUTLS_DIG_SHAKE_{128,256}
    
    Fixes https://gitlab.com/gnutls/gnutls/-/issues/1719
    
    Signed-off-by: Richard Hughes <richard@hughsie.com>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Mon Jun 16 05:25:22 2025 +0000

    lib/accelerated/aarch64/hmac-sha-aarch64.c: Add gnutls_free() to avoid memory leak
    
    Add gnutls_free() to free ctx if _hmac_ctx_init() fails to avoid memory leak.
    
    Fixes: d92c73de3 ("Added HMAC-SHA* optimizations for aarch64")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Mon Jun 16 05:24:51 2025 +0000

    lib/accelerated/x86/hmac-x86-ssse3.c: Add gnutls_free() to avoid memory leak
    
    Add gnutls_free() to free ctx if _hmac_ctx_init() fails to avoid memory leak.
    
    Fixes: cbb9b17ff ("Added Appro's SSSE3 SHA implementations")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Mon Jun 16 05:24:14 2025 +0000

    lib/accelerated/x86/hmac-padlock.c: Add gnutls_free() to avoid memory leak
    
    Add gnutls_free() to free ctx if _hmac_ctx_init() fails to avoid memory leak.
    
    Fixes: 38a089b67 ("Updates for padlock hashes in C7 nano. Requires a part of nettle to be included.")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Mon Jun 16 05:22:53 2025 +0000

    lib/accelerated/x86/sha-padlock.c: Free ctx on error to avoid memory leak
    
    Call gnutls_free() to release ctx if _ctx_init() fails, preventing a memory leak.
    
    Fixes: 38a089b67 ("Updates for padlock hashes in C7 nano. Requires a part of nettle to be included.")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Mon Jun 16 05:22:12 2025 +0000

    lib/accelerated/x86/sha-x86-ssse3.c: Free ctx on error to avoid memory leak
    
    Call gnutls_free() to release ctx if _ctx_init() fails, preventing a memory leak.
    
    Fixes: cbb9b17ff ("Added Appro's SSSE3 SHA implementations")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Mon Jun 16 05:21:09 2025 +0000

    lib/pk.c: Free tmp_output on error to avoid memory leak
    
    Call gnutls_free() to release tmp_output if asn1_der_coding() fails, preventing memory leak.
    
    Fixes: 6f9bfaac9 ("Use the PKCS #1 1.5 encoding provided by nettle (2.5) for encryption and signatures.")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Jiasheng Jiang <jian1000@purdue.edu>
Date:   Mon Jun 16 05:19:45 2025 +0000

    lib/accelerated/x86/sha-x86-ssse3.c: Free ctx on error to avoid memory leak
    
    Call gnutls_free() to release ctx if _ctx_init() fails, preventing a memory leak.
    
    Fixes: 0be469e51 ("Imported Andy Polyakov's implementations for SHA* in aarch64")
    Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Feb 20 16:01:02 2025 +0100

    PKCS#11 provider: add tests
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jan 16 15:21:35 2025 +0100

    PKCS#11 provider: add support for MAC algorithms
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jan 16 15:09:20 2025 +0100

    PKCS#11 provider: add support for pk algorithms
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jan 16 15:00:44 2025 +0100

    PKCS#11 provider: add support for ciphers
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jan 16 14:41:40 2025 +0100

    Add support for multiple crypto backends
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jan 16 13:32:16 2025 +0100

    Add pkcs11 provider
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue May 6 15:54:00 2025 +0200

    Add configuration option for certificate compression algorithms
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 22 15:39:46 2025 +0900

    gnulib: stop using "hash" module
    
    To minimize the number of dependencies on Gnulib, this migrates the
    uses of the "hash" module to gl_linkedhash_list, which we extensively
    use as a generic hash-table.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Doekin <Leetimemp@gmail.com>
Date:   Fri Apr 11 20:09:00 2025 +0800

    fips: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0
    
    Signed-off-by: Chan Lee <Leetimemp@gmail.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Mar 27 12:52:15 2025 +0100

    .gitlab-ci.yml: enable building/testing with leancrypto in FIPS mode
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Apr 3 12:39:39 2025 +0200

    nettle/pk: mark ML-DSA as FIPS-unapproved
    
    * public key validation should ideally be performed within gnutls,
      not inside the back-end
    * ML-DSA needs a self-test (FIPS 140-3 IG 10.3.A)
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Wed Apr 2 15:01:13 2025 +0300

    TLS1.3 sig filter out signature algorithms in CR
    
    Patch from @dueno
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Thu Mar 13 22:02:35 2025 +0000

    Added TLS1.3 MLDSA tests.
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: d-Dudas <david.dudas03@e-uvt.ro>
Date:   Tue Mar 4 20:57:40 2025 +0200

    List MLDSA algorithms first in the priority array.
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: David Dudas <david.dudas03@e-uvt.ro>
Date:   Fri Feb 28 15:37:27 2025 +0000

    [Experimental] Enable MLDSA at TLS 1.3 level
    
    Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Mon Mar 17 12:41:24 2025 +0100

    tests: add  enviromental variable
    
    Signed-off-by: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Tue Mar 11 11:38:47 2025 +0100

    kTLS: fix gnutls-cli-debug - test
    
    Signed-off-by: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Tue Mar 11 11:37:33 2025 +0100

    kTLS: improve alert messages
    
    Signed-off-by: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Mon Feb 17 23:08:57 2025 +0100

    kTLS: add rekey kernel version check (Linux)
    
    Signed-off-by: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Mon Feb 17 23:05:28 2025 +0100

    kTLS: Document rekey support
    
    Signed-off-by: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Tue Feb 11 13:35:43 2025 +0100

    kTLS: add new keyupdate error return on recv
    
    kTLS now returns -EKEYEXPIRED when the socket's keys aren't updated after
    receiving a keyupdate (this is very unlikely). Currently when this
    happens the ktls recv funtion returns GNUTLS_E_AGAIN and the receive
    function is called again and again.
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Tue Feb 11 12:45:44 2025 +0100

    kTLS: keyupdate_test improvements
    
    - ktls_utils.h has helper funtion to create standard sockets required
      for ktls support testing.
    - key_update test for kTLS is now a flavourt of the tls13/key_update
      test instead of being standalone(broadens the testing cases).
    - gnutls_ktls.c now uses the aformentioned ktls_utils.h
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 16 11:39:31 2025 +0900

    build: remove support for liboqs
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Angel Yankov <angel.yankov@suse.com>
Date:   Thu Nov 28 11:02:07 2024 +0200

    SHA-1 cannot be CAVP tested anymore. Thus, Mark it as not approved for signature verification.
    
    Signed-off-by: Angel Yankov <angel.yankov@suse.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 16 09:04:50 2025 +0900

    tests: add basic tests for 0-RTT with gnutls-serv and gnutls-cli
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 17 09:00:44 2025 +0900

    cli: send early data only after session data is set
    
    Now that max_early_data_size is recorded as part of the stored
    resumption data, this needs to be read before attempting to send early
    data.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 16 09:02:46 2025 +0900

    serv: fix detection of early data reception
    
    Upon success, gnutls_record_recv_early_data returns the amount of data
    received, so the application should treat positive numbers as an
    indication of early data reception.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 19 18:29:55 2025 +0900

    global: call lc_init at startup
    
    When leancrypto is statically linked, their constructor will not be
    called and which prevents some low-level algorithms being
    functional. This adds a manual initialization with lc_init() at the
    startup of the GnuTLS library.
    
    Suggested-by: Stephan Mueller <smueller@chronox.de>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 24 16:06:11 2025 +0900

    liboqs: fix shared secret assignment after decaps
    
    Although we are removing liboqs support, this fixes the
    _gnutls_pk_decaps implementation, where the returned shared_secret is
    overridden with an empty shared secret.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 21 09:30:00 2025 +0900

    .gitlab-ci.yml: use Nettle from release-3.10-fixes branch
    
    The current Nettle master branch (for 4.0 release) contains
    incompatible changes which GnuTLS hasn't yet accommodated. This sticks
    to the latest 3.10 branch to work that around.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 13 16:23:07 2025 +0900

    tests: make pqc-hybrid-kx.sh work when system time set beyond 2038
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 13 15:53:25 2025 +0900

    build: fix SONAME detection when linking failed
    
    When linking to a shared library fails, the previous check defined the
    <LIB>_LIBRARY_SONAME macro to "none", instead of leaving it undefined.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 9 10:31:20 2025 +0900

    handshake: only shuffle extensions in the first Client Hello
    
    RFC 8446 section 4.1.2 states that the second Client Hello after HRR
    should preserve the same content as the first Client Hello with
    limited exceptions.  Since GnuTLS 3.8.5, however, the library started
    shuffling the order of extensions for privacy reasons and that didn't
    comply with the RFC, leading to a connectivity issue against the
    server configuration with a stricter check on that.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 8 11:02:39 2025 +0900

    .gitlab-ci.yml: temporarily disable fedora-nettle-minigmp/test
    
    This target for some reason takes too long to complete. As we don't
    recommend building it with --enable-mini-gmp, only exercise the build
    stage for now.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 8 07:58:34 2025 +0900

    Revert "doc: Fix races in a parallel build."
    
    This reverts commit 8daba130cc0c4100186af0b61bc3e65d54a46727, which
    turned out to cause a rebuild of .info files at "make distcheck" in a
    read-only srcdir.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 26 09:32:40 2025 +0900

    Release 3.8.9
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 7 06:28:03 2025 +0900

    maint: update libtasn1 to 4.20.0
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 18 17:23:46 2024 +0900

    x509: optimize name constraints processing
    
    This switches the representation name constraints from linked lists to
    array lists to optimize the lookup performance from O(n) to O(1), also
    enforces a limit of name constraint checks against subject alternative
    names.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 5 17:19:03 2025 +0900

    certtool: default to PKCS#8 when generating RSA-OAEP key
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 29 11:57:44 2025 +0900

    key_share: send illegal_parameter when parsing EC key share fails
    
    When the received EC key share is malformed,
    _gnutls_ecc_ansi_x962_import returns GNUTLS_E_PARSING_ERROR or
    GNUTLS_E_MEMORY_ERROR, which maps to an internal_error alert. This
    explicitly return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER to send
    illegal_parameter instead, in compliance with the RFC.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 26 09:38:21 2025 +0900

    m4: update ax_code_coverage.m4 from autoconf-archive
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 18:09:25 2025 +0900

    tests: remove unmatched GCC pragma in tests/test-chains-issuer-aia.h
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 18:07:44 2025 +0900

    build: don't redefine AM_CPPFLAGS in libdane/Makefile.am
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 15 11:16:32 2025 +0900

    maint: consolidate licensing information to top-level directory
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 09:58:25 2025 +0900

    NEWS: mention leancrypto support
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 25 17:58:01 2025 +0900

    tests: add a way to assume enabled groups in pqc-hybrid-kx.sh
    
    With this patch, if TESTS_ENABLED_GROUPS is set, the listed groups
    must be enabled and the pqc-hybrid-kx.sh test would fail.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 22 15:15:49 2025 +0900

    .gitlab-ci.yml: exercise --with-leancrypto
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 20 14:18:10 2025 +0900

    leancrypto: support leancrypto for post-quantum algorithms
    
    This adds support for leancrypto as an additional and the preferred
    backend for now, until Nettle gains the proper support for PQC
    algorithms. There are a few advantages over liboqs, namely:
    
    - It already has required input validations for ML-KEM as in FIPS 203,
      such as Modulus check, which are currently missing in liboqs
    
    - It provides an API to generate ML-KEM/ML-DSA key pairs from a seed,
      which is required to support the seed-only private key format proposed
      in draft-ietf-lamps-dilithium-certificates-05 and later
    
    - No need to avoid undesired OpenSSL dependency; all the symmetric
      algorithms are natively implemented by leancrypto itself
    
    As the supposed use-case of this is to statically link leancrypto with
    GnuTLS, this doesn't support loading leancrypto with dlopen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 22 07:45:46 2025 +0900

    datum, mem, str: add helper functions to steal pointers
    
    This introduces 3 new inline functions, namely _gnutls_steal_datum,
    _gnutls_steal_buffer, and _gnutls_steal_pointer, to return a copy of
    data structure and reset the original pointer. Those would enable to
    return a populated data structure upon success; otherwise free the
    partially filled data structure in a single code path, e.g.,
    
    ```c
      gnutls_datum_t tmp_result = { NULL, 0 };
    
      // Calculate tmp_result
      ...
      if (error)
        goto cleanup;
    
      // Propagate tmp_result to *result
      *result = _gnutls_steal_datum(&tmp_result);
    
    cleanup:
      _gnutls_free_datum(&tmp_result);
      return ret;
    ```
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jan 24 17:12:52 2025 +0100

    Add check for empty compressed certificate
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 16 11:46:14 2025 +0900

    pkcs8: remove HAVE_LIBOQS ifdefs
    
    The key encoding and decoding operations currently do not use liboqs
    functions. Remove unnecessary HAVE_LIBOQS ifdefs so it will be easier
    to port to other implementations.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Thu Jan 16 16:33:59 2025 +0100

    tls-interop: update
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Jan 8 15:15:12 2025 +0100

    Fix Edwards EC_POINT encoding
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:36:39 2025 +0900

    gnulib: update gnulib submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:24:56 2025 +0900

    doc: update copy of LGPLv2.1 to the latest, without FSF address
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:34:13 2025 +0900

    gnulib: work around misinteractions between close and fchdir modules
    
    This caused a build failure on mingw. The workaround was suggested by
    Bruno Haible in:
    <https://lists.gnu.org/archive/html/bug-gnulib/2024-12/msg00179.html>
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 12 11:35:28 2025 +0900

    build: define GNUTLS_BUILDING_LIB while compiling sources in lib/
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 10 17:39:18 2025 +0900

    configure: run autoupdate
    
    This fixes the warnings generated by autoupdate:
    
      configure.ac:55: warning: AC_PROG_CC_C99 is obsolete; use AC_PROG_CC
    
      configure.ac:139: warning: The preprocessor macro `STDC_HEADERS' is obsolete.
        Except in unusual embedded environments, you can safely include all
        ISO C90 headers unconditionally.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date:   Sun Dec 22 11:29:59 2024 +0900

    doc: Fix races in a parallel build.
    
    * configure.ac: Use AC_PROG_MKDIR_P macro.
    * doc/Makefile.am (stamp_functions, stamp_enums): Use the MKDIR_P
    variable it defines.
    (error_codes.texi, algorithms.texi, alerts.texi): Add dependency on
    errcodes via a prerequisite, not a make invocation
    (DISTCLEANFILES): Register the newly depended upon binaries.
    
    Fixes: <https://gitlab.com/gnutls/gnutls/-/issues/1635>
    Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 14 11:25:34 2025 +0900

    algorithms: centrally define KEM algorithm sizes in group entries
    
    This switches to define the public key and ciphertext sizes of ML-KEM
    algorithms in gnutls_group_entry_st, instead of deriving those from
    the algorithm name at the usage in the TLS key shares.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 14 11:15:13 2025 +0900

    algorithms: rename GNUTLS_{PK,SIGN}_ML_DSA_* to GNUTLS_*_MLDSA*
    
    To be consistent with ML-KEM algorithms, omit underscores in ML-DSA
    gnutls_pk_algorithm_t and gnutls_sign_algorithm_t enum definitions,
    while keeping hyphens in the human readable names.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 14 11:12:34 2025 +0900

    algorithms: rename GNUTLS_PK_ML_KEM_* to GNUTLS_PK_MLKEM*
    
    To be consistent with the naming of hybrid groups, omit underscores in
    the enum definition, while keeping hyphens in human readable names.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Loganaden Velvindron <loganaden@gmail.com>
Date:   Mon Jan 13 23:56:52 2025 +0000

    key_share: support SecP384r1MLKEM1024 group
