2026-02-23  Werner Koch  <wk@gnupg.org>

	Release 1.6.8.
	+ commit 39aa8435819df6a97fc751f5e5e45178f033c2ef


2026-02-20  NIIBE Yutaka  <gniibe@fsij.org>

	Fix a memory leak in _ksba_ber_decoder_decode.
	+ commit 86c6e972421a2fdd8d17ad12993891e9d8fb9bc4
	* src/ber-decoder.c (_ksba_ber_decoder_decode): Clear image.buf after
	the release.  Release ->root on error.

2026-02-18  Werner Koch  <wk@gnupg.org>

	Do not let the assert do the work of the previous test.
	+ commit 49a33f98ae4e3fa70e00453e2f6319af7b065d76
	* src/ocsp.c (parse_response): Return on error.

2026-02-13  Werner Koch  <wk@gnupg.org>

	Fix double increment in DN parser while counting hexdigits.
	+ commit b9e8f4b3d8d7826e85dff23cbb62c21ade27b06c
	* src/dn.c (parse_rdn): Turn for-loop into a while-loop.

2026-01-15  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update build-aux and m4 from libgpg-error.
	+ commit 63df5658b41d16c97a5276837915b0653e24e0a5
	* build-aux/compile, build-aux/depcomp: Update.
	* build-aux/ltmain.sh, build-aux/mdate-sh: Likewise.
	* build-aux/missing, build-aux/texinfo.tex: Likewise.
	* m4/autobuild.m4, m4/ax_cc_for_build.m4, m4/gpg-error.m4: Likewise.
	* m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4: Likewise.
	* m4/ltversion.m4, m4/lt~obsolete.m4: Likewise.

2025-11-28  Werner Koch  <wk@gnupg.org>

	ocsp: Add a hack to allow handling SHA256 based CertIDs.
	+ commit 2dd35bef663f5ba89260222299aabffd017c4bbd
	* src/ocsp.h (struct ocsp_reqitem_s): Increase size of hash items.
	(struct ksba_ocsp_s): Add flag sha256_certid.
	* src/ocsp.c (oidstr_sha256): New.
	(ksba_ocsp_set_nonce): Add hack to set/clear this flag.
	(issuer_name_hash): Add arg use_sha256 and change accordingly.
	(issuer_key_hash): Ditto.
	(ksba_ocsp_prepare_request): Make use of the new flag.
	(parse_single_response): Allow the use of SHA256 CertID items.

	* tests/sha1.c (sha256_hash_buffer): New.  Also add a bunch of othe
	functions to implement SHA256.
	* tests/t-ocsp.c (sha256_certid): New flag.
	(one_request): Use it.
	(one_response): Ditto.
	(my_hash_buffer): Support SHA256.
	(main): Add option --sha256.

2025-09-25  NIIBE Yutaka  <gniibe@fsij.org>

	build: Avoid using -a for test(1).
	+ commit 8c552d02bb9039007f0d9e6198d48d0d985d7ad3
	* configure.ac: Use && in shell level, instead of -a of test.
	*src/ksba.m4: Likewise.

2025-04-23  NIIBE Yutaka  <gniibe@fsij.org>

	Mark with __nonstring__ attribute for GCC 15 and later.
	+ commit 58b389a192d3a4ca6164df6fa22c0d6a049668f8
	* src/ksba.h.in (_KSBA_NONSTRING): New.
	* src/cms.c (oid_messageDigest): Mark with _KSBA_NONSTRING.
	(oid_signingTime): Likewise.

2025-01-15  NIIBE Yutaka  <gniibe@fsij.org>

	build,tests: Remove WindowsCE support.
	+ commit b2fccb07a3215085a9f22844e8afe0bc1aebb579
	* configure.ac (GPG_ERR_ENABLE_ERRNO_MACROS): Remove.
	* tests/cert-basic.c [__MINGW32CE__]: Clean up.

2024-06-21  Werner Koch  <wk@gnupg.org>

	Release 1.6.7.
	+ commit b14e68b97df754b2bb7a90bb904d143d8e896afb


	Allow for an empty Subject in certs.
	+ commit f2e2f320c9de969e4e29861788ba590a03a0f4d8
	* src/ber-decoder.c (match_der): Add hack for an empty subject.

2024-06-14  NIIBE Yutaka  <gniibe@fsij.org>

	Update gpg-error.m4.
	+ commit f43a21b2c53ed0a95a5ad6572549eaa4123146f5


2024-06-13  NIIBE Yutaka  <gniibe@fsij.org>

	Apply spell fixes from GnuPG.
	+ commit 364e67effbf47c58550c3e3eda13d783fd25ffc0
	* src/ksba.m4: Fix from GnuPG.

	m4: Update gpg-error.m4 from gpg-error master.
	+ commit f63a9c36505210fb5696849b13170020c0f2752f
	* m4/gpg-error.m4: Update.
	* m4/libgcrypt.m4: Remove, we don't use libgcrypt.

	ksba.m4: Fix setting/using GPG_ERROR_CONFIG.
	+ commit 95dda84002f6e23f2770cdf63921f0bac1459d76
	ksba.m4 (_AM_PATH_GPGRT_CONFIG): Don't set GPG_ERROR_CONFIG and
	gpg_error_config_version.

2024-05-14  NIIBE Yutaka  <gniibe@fsij.org>

	Fix the previous commit.
	+ commit b02b0bea7d62a352a21678a247bcb20b5a9fbf39


	m4: Include _AM_PATH_GPGRT_CONFIG definition.
	+ commit c910b8b136b89b134632ce1f317d856790b93fd3
	* src/ksba.m4: Find gpgrt-config.

2024-05-08  NIIBE Yutaka  <gniibe@fsij.org>

	Use unsigned int for 1-bit flags.
	+ commit a7aab2553d316eaa484e76167151157d7923a60d
	* src/asn1-func.h (struct node_flag_s): Use unsigned int for
	bit fields.

2024-02-23  Werner Koch  <wk@gnupg.org>

	Release 1.6.6.
	+ commit 3a4382259c3c6e7ef38cd33626fe2c1da282f816


2024-02-14  Jakub Jelen  <jjelen@redhat.com>

	der-builder: Fix possible uninitialized variable.
	+ commit 75e94db38ccd9ed166b40fb2d8aaed7c094cff69
	* src/der-builder.c (_ksba_der_builder_get): Initialize ERR.

2023-11-16  Werner Koch  <wk@gnupg.org>

	Release 1.6.5.
	+ commit 7b3e4785e54280d1a13c5bc839bdc6722d898ac7


2023-11-14  Werner Koch  <wk@gnupg.org>

	Add Brainpool curve detection using parameters with compressed BP.
	+ commit eb23f853f178f8d381254e2cb03c0ebff57828d6
	* src/keyinfo.c (ecdomainparm_to_name): Add variants for Brainpool.

2023-11-01  NIIBE Yutaka  <gniibe@fsij.org>

	build: Remove HAVE_W32CE_SYSTEM.
	+ commit bce1c52b260da063c6198fe270cd46baf1368d9e
	* configure.ac (HAVE_W32CE_SYSTEM): Remove.

2023-09-01  NIIBE Yutaka  <gniibe@fsij.org>

	build: Change the default for --with-libtool-modification.
	+ commit 2c4551c0c405a736e1b3953b2a58ec5104c52083
	* configure.ac (--with-libtool-modification): default=never.

2023-08-16  NIIBE Yutaka  <gniibe@fsij.org>

	build: New configure option --with-libtool-modification.
	+ commit e0a46b490926879b5519e2e8dfb97226ec024817
	* Makefile.am (EXTRA_DIST): Add build-aux/libtool-patch.sed.
	* build-aux/libtool-patch.sed: New.
	* configure.ac (--with-libtool-modification): New.
	* build-aux/ltmain.sh: Revert our own local modification.

2023-06-19  Werner Koch  <wk@gnupg.org>

	Release 1.6.4.
	+ commit 557999424ebd13e70d6fc17e648a5dd2a06f440b


	Correctly detect write errors while creating CMS objects.
	+ commit 9ced7706f2738128aa5068727ea348c44f42e16e
	* src/cms.c (write_encrypted_cont): Take care of write errors.

2023-05-16  NIIBE Yutaka  <gniibe@fsij.org>

	build: Sync libtool from libgpg-error for 64-bit Windows.
	+ commit a920c2ff1a723031e8c6b8b61632bad46a740c83
	* build-aux/ltmain.hs: Update from libgpg-error.

2023-05-12  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Use -no-fast-install LDFLAGS for Windows.
	+ commit 74fb95dbaf70d97b67793b29497b1e7b29a5e2f1
	* tests/Makefile.am [HAVE_W32_SYSTEM] (AM_LDFLAGS): Conditionalize.

2023-04-05  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit 53b9fa1d58ba522ca0eea4fe460719722e6e1ef5
	* m4/gpg-error.m4: Update from libgpg-error master.

2022-12-06  Werner Koch  <wk@gnupg.org>

	Release 1.6.3.
	+ commit bffa9b346071725363a483db547e7dced9721cb5


2022-11-23  Werner Koch  <wk@gnupg.org>

	Fix an integer overflow in the CRL signature parser.
	+ commit f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
	* src/crl.c (parse_signature): N+N2 now checked for overflow.

	* src/ocsp.c (parse_response_extensions): Do not accept too large
	values.
	(parse_single_extensions): Ditto.

2022-11-02  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update m4/libgcrypt.m4.
	+ commit 4076b60f7cef4fddc3d30f6e6d4078081dbc7167
	* m4/libgcrypt.m4: Update from libgcrypt master.

2022-11-01  NIIBE Yutaka  <gniibe@fsij.org>

	build: Prefer gpgrt-config when available.
	+ commit 13307b22882a220d206341e1196e74fd37418c2f
	* src/ksba.m4: Overriding the decision by --with-libksba-prefix, use
	gpgrt-config ksba when gpgrt-config is available.

2022-10-24  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit c3c1627f34234e3d54fe1f3411ac499dd7e3b3b0
	* m4/gpg-error.m4: Update from libgpg-error 1.46.

2022-10-07  Werner Koch  <wk@gnupg.org>

	Release 1.6.2.
	+ commit 29814959fe2b65c6d4ac35dea261006a8cad3661


2022-10-05  Werner Koch  <wk@gnupg.org>

	Detect a possible overflow directly in the TLV parser.
	+ commit 4b7d9cd4a018898d7714ce06f3faf2626c14582b
	* src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
	used sum.

2022-09-16  Werner Koch  <wk@gnupg.org>

	Release 1.6.1.
	+ commit d3c1e063d708a46ef39152256f8b1ea466b61be0


2022-07-19  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update config.guess and config.sub.
	+ commit 466837db84fb318eaaee1aba6cc3939c16a3e2ba
	* build-aux/config.guess: Update from upstream.
	* build-aux/config.sub: Ditto.

	build: Support cross compile.
	+ commit ca9a04569020c51719ab45ebd35a3cbb1f35c6aa
	* configure.ac (AX_CC_FOR_BUILD): New.
	* m4/ax_cc_for_build.m4: New.
	* src/Makefile.am: Use EXEEXT_FOR_BUILD.

2022-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit e51d5c7ce81fe3f90039ad970fbb82f751a645fc
	* m4/gpg-error.m4: Update from libgpg-error.

2022-03-31  NIIBE Yutaka  <gniibe@fsij.org>

	build: When no gpg-error-config, not install ksba-config.
	+ commit 41000330cdba87afdf9ea0b481e0260dab262a54
	* configure.ac (USE_GPGRT_CONFIG): New.
	* src/Makefile.am [USE_GPGRT_CONFIG]: Conditionalize the install
	of ksba-config.

2022-03-22  NIIBE Yutaka  <gniibe@fsij.org>

	Fix test of t-cms-parser.
	+ commit e751d1fa01bd3e593eeccbeffb729176a59ca28c
	* tests/t-cms-parser.c (one_file): Open the file with binary flag.

2022-02-26  Werner Koch  <wk@gnupg.org>

	ocsp: Accept a server not responding with a nonce.
	+ commit 24992a4a7a61d93759e1dbd104b845903d4589bf
	* src/ocsp.h (struct ksba_ocsp_s): Remove good_nonce.
	* src/ocsp.c (parse_response_extensions): No not set good_nonce.
	(ksba_ocsp_parse_response): Simplify the check.

	ocsp: Fix detecting the right response item.
	+ commit c9cde18bc84a1b3bb7de22ca80264c418ffd0fee
	* src/ocsp.c (ksba_ocsp_prepare_request): Store the value of the
	integer.

2021-12-22  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update for newer autoconf.
	+ commit 51b565054096926dc97fc2ebb72c7de05a127dff
	* configure.ac (AC_PREREQ): Require >= 2.69.
	(AC_HEADER_STDC): Remove.

2021-11-29  NIIBE Yutaka  <gniibe@fsij.org>

	Silence warning for ksba_isotime_t.
	+ commit 64ef3144abee7afbc93a87e960b9a79c7b43cfca
	* src/time.c (_ksba_current_time): Let it return the result.

	Fix ksba.pc to use HTTPS for the URL.
	+ commit 4898212c705a49da0384ac8f1b44f2d6592a990e
	* src/ksba.pc.in: Use https.

2021-11-10  NIIBE Yutaka  <gniibe@fsij.org>

	libtool: Link without -flat_namespace for macOS.
	+ commit 0d7a62c355ea18031daf00490da9f7c9f33683c3
	* m4/libtool.m4: Not setting 10.0 to MACOSX_DEPLOYMENT_TARGET when not
	defined.  Only specify -flat_namespace to linker for specific
	(older) versions and hosts.

2021-10-13  NIIBE Yutaka  <gniibe@fsij.org>

	ASN.1 parser: Provide token table (no more %token-table).
	+ commit f3b7dd4167779f2694e932ad7c2adba98ff9a21d
	* src/asn1-parse.y (%token-table): Remove.
	(token_table): New.
	(yylex): Use token_table.

2021-09-22  Andreas Metzler  <ametzler@bebt.de>

	build: Use automake primitives to install libksba.def.
	+ commit ce1de8cb2bcd712381f77519de4da87af42879a4
	* src/Makekefile.am: Do not use explicit $INSTALL to install
	libksba.def, fixes windows parallel build error.

2021-08-18  Werner Koch  <wk@gnupg.org>

	Avoid warnings about NULL ptr deref in ASN.1 helpers.
	+ commit c242f31b6d520a7f87bf36782e4b5c8da7dc045d
	* src/asn1-func.c (_ksba_asn_set_value): Add extra asserts.  Fix the
	VALTYPE_BOOL case, which is actually not in Libksba.

2021-08-05  NIIBE Yutaka  <gniibe@fsij.org>

	build: Simplify configure.ac.
	+ commit 379e787a965148fa5613ccd4e2b8c3c00feb45d9
	* configure.ac (AC_CHECK_HEADERS): Remove string.h.
	(AC_CHECK_FUNCS): Remove memmove, strchr, strtol and strtoul.

2021-06-10  Werner Koch  <wk@gnupg.org>

	Release 1.6.0.
	+ commit 6b3573afb03afd4560f78bec73ec192e09fdd9d5


2021-06-02  Werner Koch  <wk@gnupg.org>

	Support Authenticated-Enveloped-Data Content Type.
	+ commit 81fdcd680c127cbc7cfb977aa43aa45ffce0f5fc
	* src/cms.h (struct ksba_cms_s): Remove struct data which was not
	used.  Add struct authdata.
	* src/cms.asn (AuthEnvelopedData): New.
	(id-authEnvelopedData): New.
	* src/ksba.h.in (ksba_content_type_t): Add KSBA_CT_AUTHENVELOPED_DATA.
	* src/cms.c (content_handlers): Ditto.
	(ksba_cms_release): Free the new fields.
	(ksba_cms_get_message_digest): Hack to return authtag.
	(ct_parse_signed_data): Remove useless condition which was always true.
	* src/cms-parser.c (parse_encrypted_content_info): Add arg
	r_algo_parmtype.
	(_ksba_cms_parse_enveloped_data_part_1): Detect GCM with AES and parse
	the parameters.
	(_ksba_cms_parse_enveloped_data_part_2): Parse the MAC part and store
	it for retrieval by ksba_cms_get_message_digest.
	* tests/t-cms-parser.c (one_file): Handle authdata.

2021-05-27  NIIBE Yutaka  <gniibe@fsij.org>

	build: _DARWIN_C_SOURCE should be 1.
	+ commit a375a3d20e831c58c3b87abb41f3a8e8b723d985
	* configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.

2021-05-18  Werner Koch  <wk@gnupg.org>

	Support password based decryption.
	+ commit cb7f2484a09cbe3cddcee6d2a752148df937cf0e
	* src/cms.asn (RecipientInfo): Add pwri element.
	(PasswordRecipientInfo): New.
	* src/keyinfo.c (get_algorithm): Add arg to specify the expected tag.
	Change all callers.
	(_ksba_parse_algorithm_identifier3): New to specify the expected tag.
	* src/cms.c: Include stringbuf.h.
	(ksba_cms_get_issuer_serial): Return an error code for pwri.
	(ksba_cms_get_enc_val): Add special code for pwri.

	* tests/t-cms-parser.c (one_file): Detect pwri recipients.

2021-04-21  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit 72f19cdabfb26bf51c6a4ea2e17154adf7e5a96b
	* m4/gpg-error.m4: Update from libgpg-error.

2021-04-20  Jakub Jelen  <jjelen@redhat.com>

	Fixes for static analysis reports.
	+ commit fbb1f303198b5ff0cc7012eaef210ad2cf22edb5
	* tests/t-oid.c (main): Reset freed pointer for next iteration.
	* src/time.c (_ksba_current_time): Use snprintf to avoid buffer overrun.
	* src/asn1-func.c (_ksba_asn_expand_object_id): Initialize NAME2.
	* src/ber-help.c (_ksba_ber_count_tl): Mark identical branches as
	intentional for coverity.

2021-04-06  Werner Koch  <wk@gnupg.org>

	Release 1.5.1.
	+ commit 1015bea2f8a55b965dee29e17118bc73c2deca39


	build: Add the usual release targets.
	+ commit 1050939435548baa30a8ba8c20b7824ec7b2841e
	* Makefile.am (release, sign-release): New targets.

2021-02-22  Werner Koch  <wk@gnupg.org>

	Support Brainpoolp256r1 and Brainpoolp384r1 with ECDomainParameters.
	+ commit 4243085d7d4361d8900010ed32018985b133f958
	* src/keyinfo.c (ecdomainparm_to_name): Two more entries.

2021-02-01  Werner Koch  <wk@gnupg.org>

	Support Brainpoolp512r1 certs specified with ECDomainParameters.
	+ commit e51873b567d9f9cce708d191b29f09d56ea16f2d
	* src/keyinfo.c (ecdomainparm_to_name): New table.
	(_ksba_keyinfo_to_sexp): Support ECDomainParameter lookup.

2020-12-21  Werner Koch  <wk@gnupg.org>

	Fix a possible segv in case of an unknown CMS object.
	+ commit fe03ab4c14e71cb08210159a943a6edded6cdc4d
	* src/cms.c (ksba_cms_get_enc_val): Fix strcmp.

2020-11-18  Werner Koch  <wk@gnupg.org>

	Release 1.5.0.
	+ commit 9c0a818cd89cf90e87a3fdf5f7b2d82062645229
	* configure.ac: Set LT version to C21/A13/R0.

	Add SPDX identifiers.
	+ commit b426d2216583b8165abe89900578e0dbf9590571
	* src/version.c (cright_blurb): New.
	(ksba_check_version): Detect request for the cright blurb.

	Allow for NDEF list of certs and CRLs in CMS.
	+ commit b6438e768cf969a74b985bf2686d7cf0b4323355
	* src/cms-parser.c (_ksba_cms_parse_signed_data_part_2): Fix endtag
	detection.

	* tests/t-cms-parser.c (main): Allow several files on the command line
	and add more files to the default invocation.

2020-11-18  NIIBE Yutaka  <gniibe@fsij.org>

	m4: Update with newer autoconf constructs.
	+ commit 1ef7f310d8bb0990d2c7a65f34ffa46f77c5d35d
	* src/ksba.m4: Replace AC_HELP_STRING to AS_HELP_STRING.

	build: Update to newer autoconf constructs.
	+ commit 0d46f2c000c45147db9a2c418248108bf444afb9
	* configure.ac (AC_INIT): Use 'https://'.
	Use AC_CONFIG_HEADERS instead of AM_CONFIG_HEADER.
	Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
	Use AS_HELP_STRING instead of AC_HELP_STRING.
	* gl/m4/onceonly_2_57.m4: Remove.
	* m4/gpg-error.m4: Update from libgpg-error.
	* m4/libtool.m4: Update from libgpg-error.
	* m4/libgcrypt.m4: Update from libgcrypt.

	build: Use modern Autoconf check for type.
	+ commit 60b32609ae7f7940c11117cb545c571356743624
	* configure.ac (u32): Use AC_CHECK_TYPES.
	* m4/Makefile.am (EXTRA_DIST): Update.
	* m4/gnupg-typedef.m4: Remove.
	* tests/sha1.c: Use HAVE_TYPE_U32.

2020-06-17  Werner Koch  <wk@gnupg.org>

	Support TR-03111 plain format ECDSA signature verification.
	+ commit 486fb0257d08c9a90571aa8433c1c61b53dda4fe
	* src/keyinfo.c (sig_algo_table): Add ECDSA algos from TR-03111.
	(cryptval_to_sexp): Support plain ecdsa format.

2020-05-28  Werner Koch  <wk@gnupg.org>

	Let ksba_cms_identify detect the new OpenPGP keyblock content.
	+ commit 5cdf0b5b0f1994405c8689ceaee76126755dcd1c
	* src/ksba.h.in (KSBA_CT_OPENPGP_KEYBLOCK): New.
	* src/cms.c: Add to table.
	* tests/t-cms-parser.c (one_file): Ditto.

2020-05-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.0.
	+ commit f30f604700d37f1932d399ab2fb552713007117f


2020-05-18  Werner Koch  <wk@gnupg.org>

	Finish creation of ECDSA and EdDSA certificates.
	+ commit 71a2f1e87790cc4fccd4e5e60ffd368fbfd85bb2
	* src/keyinfo.c (_ksba_keyinfo_from_sexp): Skip writing curve
	parameter in algoinfo mode.
	(PKALGO_NONE): New.
	(curve_names): Add field pkalgo and set for rfc8410 algos.
	(get_ecc_curve_oid): New arg r_pkalgo.
	(_ksba_keyinfo_from_sexp): Take are of a forced algo.  Add code path
	for rfc8410 public key.
	* src/certreq.h (struct ksba_certreq_s): Add flag 'is_ecc'.
	* src/certreq.c (ksba_certreq_add_extension): Set that flag.
	(ksba_certreq_set_sig_val): Use sig_val.is_ecc also for EdDSA.
	(build_cri): Rewrite using the DER builder.

2020-05-15  Werner Koch  <wk@gnupg.org>

	Allow direct construction of encapsulated octet and bit strings.
	+ commit 2605a994a2c7a4c06e7a2efb69e620fd687359ba
	* src/ksba.h.in (KSBA_CLASS_ENCAPSULATE): New pseudo class.
	* src/der-builder.c (struct item_s): Add field 'encapsulate'. Change
	'class' to a 2 bit field.  Decrease size of 'hdrlen' to 10 bits which
	is more than enough.
	(_ksba_der_builder_reset): Clear 'encapsulate'.
	(_ksba_der_add_ptr): Mask CLASS to avoid possible compiler warnings.
	(add_val_core): Ditto.
	(_ksba_der_add_tag): Ditto.  Set ENCAPSULATE.
	(compute_lengths): Account for extra octet.
	(_ksba_der_builder_get): Implement encapsulated data.

	* tests/t-der-builder.c (test_der_builder): Add test cases for
	encapsulated data.

2020-05-14  Werner Koch  <wk@gnupg.org>

	Publish constants for the DER builder.
	+ commit 0e0fad9335ba8afe319fdb36e735533cff71a2b4
	* src/ksba.h.in (KSBA_CLASS_): New constants.
	(KSBA_TYPE_): New constants.
	* src/der-builder.c (struct item_s): Increase size of HDRLEN and TAG.
	(count_tl, write_tl): Support tags > 30.

	* tests/t-der-builder.c: New
	* tests/Makefile.am (TESTS): Add file.

	Simplify the ksba_keyinfo_from_sexp function.
	+ commit 88647cd33059129dca6d17434208d5f68108daf3
	* src/keyinfo.c: Include der-builder.h
	(get_ecc_curve_oid): Change to return a string.
	(oid_from_buffer): Ditto.
	(_ksba_keyinfo_from_sexp): Rewrite.

	Fix DER builder to a allow a single primitive element.
	+ commit 31c42e7568a7532f8fb5d291f5c4a26594d74ad4
	* src/der-builder.c (_ksba_der_builder_get): Allow a single item.

	Fold duplicated code in keyinfo.c into one function.
	+ commit fae738f23b5bfde8fa25b6759fd1aac6809b40ca
	* src/keyinfo.c (_ksba_algoinfo_from_sexp): Remove.
	(_ksba_keyinfo_from_sexp): Add arg algoinfomode
	* src/certreq.c (ksba_certreq_add_subject): Adjust for change.
	(ksba_certreq_set_serial): Use _ksba_keyinfo_from_sexp in
	algoinfomode.

	* tests/cert-basic.c (one_file): Adjust for change.

2020-05-14  Trammell Hudson  <hudson@trmm.net>

	Fix qsort handler to reproducible sort the string table.
	+ commit cdbced98819dd0b1478db1bb82bbc249d52e32ae
	* src/asn1-gentables.c (cmp_string): Comapre the strings if they have
	the same length.

2020-05-12  Werner Koch  <wk@gnupg.org>

	New API to construct arbitrary DER objects in memory.
	+ commit 30d35448cd585156a0461f02934a356894e6867b
	* src/der-builder.h (struct ksba_der_s, ksba_der_t): Move to ...
	* src/ksba.h.in: here.
	(ksba_der_release): New.
	(ksba_der_builder_new): New.
	(ksba_der_builder_reset): New.
	(ksba_der_add_ptr): New.
	(ksba_der_add_val): New.
	(ksba_der_add_int): New.
	(ksba_der_add_oid): New.
	(ksba_der_add_bts): New.
	(ksba_der_add_der): New.
	(ksba_der_add_tag): New.
	(ksba_der_add_end): New.
	(ksba_der_builder_get): New.
	* src/libksba.def: Add new functions.
	* src/libksba.vers: Ditto.
	* src/visibility.c: Add wrapper.
	* src/visibility.h (ksba_der_add_val): Add usual macro magic.

	Allow parsing of EdDSA certificates.
	+ commit 60943d9f18162c7a55a635b122888b9f53690e77
	* src/keyinfo.c (sig_algo_table): Remove unused params for EdDSA
	algos.
	(_ksba_keyinfo_to_sexp): Add curve to EdDSA algos.
	(cryptval_to_sexp): Add special handling for EdDSA algos.

2020-05-11  Werner Koch  <wk@gnupg.org>

	Support creation of ECDSA signed data.
	+ commit cda81bec2e141f67e6ee905eac0e719abb7ef20c
	* src/der-builder.c (_ksba_der_add_int): New.
	* src/cms.h (struct sig_val_s): Add struct ecc.
	* src/cms.c (ksba_cms_release): Release ecc.
	(ksba_cms_set_sig_val): Support ecdsa.
	(build_signed_data_rest): Ditto.

	* tests/samples/ecdsa-sample1.p7s: New.
	* tests/samples/ecdsa-sample1.p7s.asn: New.
	* tests/samples/rsa-sample1.p7s: New.
	* tests/samples/rsa-sample1.p7s.asn: New.

2020-05-04  Werner Koch  <wk@gnupg.org>

	Support creation of ECDH enveloped data object (part 2 of 2)
	+ commit 8ade151b10480cb03998669e928cfd2e159531c0
	* src/cms.c (build_enveloped_data_header): Write out ECDH info.

	Add a dedicated BIT STRING function to the new DER builder.
	+ commit be1b4416afc3d646b43c5541b2d79036b6e7cdaf
	* src/der-builder.c (_ksba_der_add_bts): New.

2020-05-01  Werner Koch  <wk@gnupg.org>

	Support creation of ECDH enveloped data object (part 1)
	+ commit 0ddfbb464e0a86164768bd42e3e02a07f06dca62
	* src/cms.h (struct enc_val_s): Add new fields for ECDH.
	* src/cms.c: Include der-builder.h
	(log_sexp): New but commented debug helper.
	(ksba_cms_release): Free new ECDH values.
	(ksba_cms_set_enc_val): Support ECDH.
	(build_enveloped_data_header): Rewrite to make use of the new DER
	builder.

	Add a new DER builder for internal use.
	+ commit cf49d3e60a67180fcb1b9005d910f015b388cf3c
	* src/der-builder.c: New.
	* src/der-builder.h: New.
	* src/util.c (_ksba_reallocarray): New.

	Add new internal function to get the encoded issuer.
	+ commit 9c52d0787e0d0e78c8f10523a1c12fd83126393b
	* src/cert.c (_ksba_cert_get_issuer_dn_ptr): New.
	(_ksba_cert_get_serial_ptr): Return the full DER encoding and not just
	the value.
	* src/ocsp.c (ksba_ocsp_prepare_request): Adjust for this change.

	Add RSA encrypted sample file.
	+ commit 0aee4bf128097cbce7e26b76a06d41045fd9d26a


	Move ASN.1 constants to a separate header.
	+ commit d1ca2c8b65da20f5c407a1c9aad721ace4de460e
	* src/asn1-func.h: Factor constants out to ...
	* src/asn1-constants.h: new.
	* src/Makefile.am (libksba_la_SOURCES): Add new file.

2020-04-21  Werner Koch  <wk@gnupg.org>

	Support parsing of the CMS KeyAgreeRecipientInfo.
	+ commit 401dc58d3d55ed58a0ac4e1f286a7e19ed9e956c
	* src/cms-parser.c (_ksba_cms_parse_enveloped_data_part_1): Decode at
	the RecipientInfo level.
	* src/cms.c (ksba_cms_get_issuer_serial): Adjust for this change.
	Support KeyAgreeRecipientInfo.
	(ksba_cms_get_enc_val): Ditto.
	(dbg_print_sexp): New commented debug helper.
	* src/keyinfo.c (enc_algo_table): Add and entry of ECDH.
	(_ksba_parse_algorithm_identifier2): Make R_NREAD optional.
	(cryptval_to_sexp): Add args to support ECDH.
	(_ksba_sigval_to_sexp): Adjust for this.
	(_ksba_encval_to_sexp): Ditto.
	(_ksba_encval_kari_to_sexp): New.

	* tests/t-cms-parser.c (one_file): Print the enc-val.

	* tests/samples/ecdh-sample1.p7m: New sample.
	* tests/samples/ecdh-sample1.p7m.asn: And a dump with some comments.

	Extend the parser to better handle CHOICE elements.
	+ commit d07733cf94a255ae804f1964e0fd769f2b337965
	* src/asn1-func.c (find_node): Support '+' operator.
	* src/ber-decoder.c (find_anchor_node): Support CHOICE tag.
	(decoder_next): Set the outer sequence length also for context tags.

2020-04-14  Werner Koch  <wk@gnupg.org>

	Allow for Null hash algo parameters on rsaPSS and add pss flag.
	+ commit 17a09f41fc4b26b7af839be2b9666c94e5a22097
	* src/ber-help.c (_ksba_parse_optional_null): New.
	* src/ber-help.h (parse_optional_null): New macro.
	* src/crl.c (ksba_crl_get_sig_val): Insert a "pss" flag.
	* src/keyinfo.c (cryptval_to_sexp): Ditto.
	(_ksba_keyinfo_get_pss_info): Allow for NULL parameter.

2020-04-09  Werner Koch  <wk@gnupg.org>

	Support rsaPSS also for CRLs.
	+ commit e6e9858970ed37f4d1b82b63868f2f855b4509fe
	* src/crl.c: Include stringbuf.h
	(ksba_crl_get_sig_val): Extend to return PSS parameter.

	* tests/t-crl-parser.c (one_file): Print parameter.

	Refactor PSS parameter parsing.
	+ commit 5c08d7ea8e0f6945082c1c6947aa333b6d36d789
	* src/keyinfo.c (cryptval_to_sexp): Move pssRSA parser to ...
	(_ksba_keyinfo_get_pss_info): new.

	Merge copies of stringbuf functions into one new header.
	+ commit 641fc8b6deac2262978c5212fd0d41b6d0a07277
	* src/stringbuf.h: New.
	* src/Makefile.am (libksba_la_SOURCES): Add it.
	* src/dn.c: Move stringbuf functions to new file.
	* src/keyinfo.c: Ditto.

2020-04-08  Werner Koch  <wk@gnupg.org>

	Add read-only support for rsaPSS.
	+ commit f5695be600abe905476f45808ef7df850d9a4dae
	* src/ber-help.c (_ksba_parse_context_tag): Minor tweak in the
	returned error codes.
	* src/keyinfo.c (SUPPORTED_RSAPSS): New.
	(pk_algo_table): Add rsaPSS.
	(sig_algo_table): Add rsaPSS.
	(put_stringbuf_uint): New.
	(cryptval_to_sexp): Parse out the rsaPSS parameters.

	Remove duplicated code and make parse wrappers internally available.
	+ commit 152d04749cceeaccf309a3b150000da09aa503b5
	* src/ber-help.c (_ksba_parse_sequence): New.  Code taken from ocsp.c
	or crl.c and function name prefixed with _ksba_.
	(_ksba_parse_context_tag): Ditto.
	(_ksba_parse_enumerated): Ditto.
	(_ksba_parse_integer): Ditto.
	(_ksba_parse_octet_string): Ditto.
	(_ksba_parse_optional_boolean): Ditto.
	(_ksba_parse_object_id_into_str): Ditto.
	(_ksba_parse_asntime_into_isotime): Ditto.
	* src/ber-help.h: Add new prototypes and macros fro easier use.
	(parse_skip): Moved from ocsp.c and crl.c as inline to here.
	* src/crl.c: Remove parse fucntions.
	* src/ocsp.c: Remove parse fucntions.

	* src/Makefile.am (ber_dump_SOURCES): Add time.c

2020-04-03  Werner Koch  <wk@gnupg.org>

	Very minor patch cleanup.
	+ commit 1119068b2e9f3bc1555dcc78fa54716733470b01
	* src/keyinfo.c (pkalgo_t): Remove trailing comma

2020-03-31  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Add Ed25519 and Ed448 public key support.
	+ commit 2625e13bc9d5ed1292eacba38683e5f3b1371237
	* src/keyinfo.c (PKALGO_ED25519, PKALGO_ED448): New.
	(PKALGO_X25519, PKALGO_X448): New for future.
	(pk_algo_table): Add
	(sig_algo_table): New entries for Ed25519 and Ed448 for future.
	(_ksba_keyinfo_from_sexp): Add handling for Ed25519 and Ed448.

2020-03-30  Werner Koch  <wk@gnupg.org>

	Allow optional elements in keyinfo objects.
	+ commit 1e903fe558bd6583c5447fbebe2ef019229dbfdc
	* src/keyinfo.c (_ksba_keyinfo_from_sexp): Allow for optiona elements.
	(_ksba_algoinfo_from_sexp): Ditto.

2020-01-21  Werner Koch  <wk@gnupg.org>

	tests: Implement option --to-str for t-dn-parser.
	+ commit bf52cfb8f2b624fb4e24b4bc1089f74429b70b5a
	* tests/t-dnparser.c (main): Implement option.

2019-08-20  NIIBE Yutaka  <gniibe@fsij.org>

	pkgconfig: Fix ksba.pc.
	+ commit 3df0cd32e3b21b7da96a93d1f84d6cb6a77b89be
	* src/ksba.pc.in (Cflags, Libs): Have flags.

2019-07-22  NIIBE Yutaka  <gniibe@fsij.org>

	build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper program.
	+ commit b92ec7f502d9a1107ac69dacce9ff684f5ae1c07
	* src/Makefile.am: Add {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for
	asn1-gentables.

2019-04-26  Werner Koch  <wk@gnupg.org>

	Add support for authenticode signing.
	+ commit 1f0afa452e1276c98c2932e7247e36e0d74cc306
	* src/cms.c (content_handlers): Add KSBA_CT_SPC_IND_DATA_CTX.

	Add constants KSBA_VERSION and KSBA_VERSION_NUMBER.
	+ commit 158539fd0c82522665fc4be86ba32f7f8553bc9b
	* src/ksba.h: Rename to ...
	* src/ksba.h.in: this.
	(KSBA_VERSION, KSBA_VERSION_NUMBER): New.
	* configure.ac (VERSION_NUMBER): Set it.
	(AC_CONFIG_FILES): Add ksba.h

2019-03-06  NIIBE Yutaka  <gniibe@fsij.org>

	Update libgcrypt.m4.
	+ commit 09a4cfae14397605bb32ddd4449b47d32e5090ab
	* m4/libgcrypt.m4: Update from libgcrypt master.

2019-02-27  NIIBE Yutaka  <gniibe@fsij.org>

	Revert wrong fix for ECDSA.
	+ commit f37361f86d2228aa5c5b09db188b8c6ba33cc435
	* src/certreq.c (ksba_certreq_set_sig_val): Add back MSB handling of
	0x80 for ECDSA.

	Don't remove leading zero byte.
	+ commit 9fea74575085352daec89b64bd36db5df9a05fb8
	* src/cms.c (ksba_cms_set_sig_val): Don't remove leading zero byte.
	(ksba_cms_set_enc_val): Likewise.
	* src/certreq.c (ksba_certreq_set_sig_val): Likewise for RSA.

2019-02-26  NIIBE Yutaka  <gniibe@fsij.org>

	Fixing ECDSA, support EdDSA signatures in CSRs.
	+ commit 5d9278f3d13050eddd68d8a1c490274a4f631f5f
	* src/certreq.c (ksba_certreq_set_sig_val): Remove MSB handling of
	0x80 for ECDSA, because it is done by GnuPG.

	Distinguishing EdDSA signature in libgcrypt format, make a signature
	simply concatinate r and s.

2019-02-14  Damien Goutte-Gattat via Gnupg-devel  <gnupg-devel@gnupg.org>

	Support multi-valued signatures in CSRs.
	+ commit 98882064f45778927d38c6fdbe008f5858b36813
	* src/certreq.c (ksba_certreq_set_sig_val): Support signatures
	made of several values.

2019-01-16  NIIBE Yutaka  <gniibe@fsij.org>

	build: With LD_LIBRARY_PATH defined, use --disable-new-dtags.
	+ commit 3f99f332ada603468eb30d77649c4fdf84b383e6
	* configure.ac (LDADD_FOR_TESTS_KLUDGE): New for --disable-new-dtags.
	* tests/Makefile.am (LDADD): Use LDADD_FOR_TESTS_KLUDGE.

2018-11-13  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update autogen.rc.
	+ commit c37cdbd0f1b4a682799e0661178e392227cca938
	* autogen.rc: Remove obsolete --with-gpg-error-prefix option.

2018-11-08  NIIBE Yutaka  <gniibe@fsij.org>

	Add annotation for fall through path.
	+ commit 3f5dcb5ff6721b0c70c8b0e320e4fd58f1c2cada
	* src/ber-decoder.c (decoder_next): Add FALLTHROUGH.

2018-11-02  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4 and ksba.m4.
	+ commit 5a7c0d8667ceddf7820131865dad0ab850e5c3a4
	* m4/gpg-error.m4: Update to 2018-11-02.
	* src/ksba.m4: Add AC_MSG_NOTICE.

2018-10-29  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4 and ksba.m4.
	+ commit 9917a23a6c8177f79bdd8da031d3b7135b597c91
	* m4/gpg-error.m4: Update to 2018-10-29.
	* src/ksba.m4: Follow the change of gpgrt-config.

2018-10-26  NIIBE Yutaka  <gniibe@fsij.org>

	ksba.m4: Fix calling by gpgrt-config.
	+ commit 825a4a9e93655b136dd2eee685e0e67aca912a01
	* src/ksba.m4: Fix condition and use "ksba" for *.pc.

	ksba.m4: Better backward compatibility.
	+ commit d3fdae7a299a0514b90dbb7f45a0d08ee5d93078
	* m4/gpg-error.m4: Update.
	* src/ksba.m4: Don't assume ksba-config is newer.
	Fix KSBA_CONFIG which used LIBKSBA_CONFIG wrongly.

	build: Fix ksba.m4.
	+ commit 910c148825d50798689998ed760b658f2aeeee64
	* src/ksba.m4: Use AC_PATH_PROG to detect ksba-config.

	build: Improve ksba.m4.
	+ commit f0116c07d0d89fc7114dedeb3fc638ab9dae2254
	* src/ksba.m4: Don't try gpgrt-config when LIBKSBA_CONFIG set.  Fall
	back to detecting ksba-config, when gpgrt-config doesn't work well.

	build: Relax build requirements.
	+ commit a32a50c7726ee7c6ac320d99b9ab42f073960cc9
	* m4/gpg-error.m4: Update from libgpg-error 1.33.
	* src/ksba.m4: Don't require AM_PATH_GPG_ERROR.  Use GPGRT_CONFIG when
	it is confirmed that it is available and working well.
	* configure.ac (AM_PATH_GPG_ERROR): No requirement for newer version
	(It was because of new gpgrt-config which supports *.pc files).

2018-10-25  NIIBE Yutaka  <gniibe@fsij.org>

	build: Require libgpg-error >= 1.33.
	+ commit 07cf4a9ab6f1a7b68aeda39ba03691e713254418
	* configure.ac (NEED_GPG_ERROR_VERSION): Require >= 1.33.
	* m4/gpg-error.m4: Update from libgpg-error 1.33.
	* src/ksba.m4: Fix to support --with-libksba-prefix.

2018-10-24  NIIBE Yutaka  <gniibe@fsij.org>

	build: Fix ksba.pc.
	+ commit 4754816d10a38ebe97acd2f3bfaa835055566696
	* src/ksba.pc.in: Fix typo.

	build: Fix previous commit.
	+ commit 5a21f7465ca2aadfb3877a53f6536859b6973463


	build: Compatibility to pkg-config.
	+ commit dfc3ad5c6e97cc11de4faa19de59203ae8d5eb1a
	* src/ksba-config.in: Support --variable and --modversion.

	build: Make ksba.m4 use gpg-error-config.
	+ commit ce5247c0f3fcbe8a1e70c33ab4c83d807aecce63
	* src/ksba.m4: Use gpg-error-config.

	build: Provide libassuan.pc, generated by configure.
	+ commit d0016a76942eb58748182ad282c03d5cd7a0dc86
	* configure.ac (PACKAGE, VERSION): Remove.
	Generate src/ksba.pc.
	* src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
	* src/ksba-config.in: Use @PACKAGE_VERSION@.
	* src/ksba.pc.in: New.

	build: Update gpg-error.m4 from libgpg-error.
	+ commit ec4e838ca91849b493f7ea77074e4415ed6a2d4a
	* m4/gpg-error.m4: Update from libgpg-error 1.33.

2018-10-23  Werner Koch  <wk@gnupg.org>

	Fix error detection in the CMS parser which may led to a NULL-deref.
	+ commit a1ce3c17ee0d44ba8c7c9553824ba55b7950e930
	* src/cms.c (build_signed_data_rest): Fix c+p bug.

	Use only one .PHONY target in a Makefile.
	+ commit d56bddc68db86878e1b3497362407c994c2841ca
	* Makefile.am (.PHONY): Move to the end.

	Fix test for existence of the signing_time.
	+ commit a0bbba1c49286f09c5f2eb3cd788938fac2ed252
	* src/cms.c (build_signed_data_attributes): Fix test.

2017-08-22  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	Fix make distcheck.
	+ commit af99234b21c98ad1a4eaf2b72fb52de67beba9d3
	* configure.ac: Revert last change and define HAVE_GCOV if not
	in maintainer mode.
	* tests/detached-sig.csm: New file.
	* tests/Makefile.am (EXTRA_DIST): Add detached-sig.csm.
	* tests/t-cms-parser.c (main): Use detached-sig.csm as test file.

2017-08-18  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	Fix non-maintainer build.
	+ commit 457d2f0c6a1fea394de6d48afb1c1c0189c52878
	* configure.ac: Always check for gcov program to make sure
	the automake variable is defined.

	Fix all compiler warnings.
	+ commit 982faa2c354a2d23ffd4a0bad584e145faf809bc
	* src/asn1-parse.y (import_defs, identifier_list): Comment out unused part
	of the grammar that causes a shift-reduce conflict.
	* src/cms-parser.c (_ksba_cms_parse_enveloped_data_part_1): Initialize
	some variables to help suppress uninitialized use warning.
	* src/crl.c (oidstr_issuingDistributionPoint): Comment out unused OID.
	* src/gen-help.h (ksba_asn_parse_file, ksba_asn_tree_dump): Add declarations.

2017-08-15  Kai Michaelis  <kai@gnupg.org>

	Fix memory leaks in ksba_cms_identify and tests.
