-------------------------------------------------------------------
Wed Jan  8 07:23:22 UTC 2020 - Marcus Meissner <meissner@suse.com>

- updated to 1.1.5:
  - Fix invocation of ansi_cprng in FIPS mode during testing
  - Fix testing on kernels >= 5.0
  - Add virtualization test for kernel 5.1
  - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy
  - Fix remove code duplication by Ondrej Mosnáček
  - Fix potential memleak in speed-test
- updated to 1.1.4:
  - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures
- updated to 1.1.3:
  - Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac (was accidentally moved to <orig file>.hmac with 1.1.0)
- updated to 1.1.2:
  - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski
  - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej Mosnáček
  - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej Mosnáček
  - Test fix: Support test execution outside build environment by Ondrej Mosnáček
- updated to 1.1.1:
  - Fix: Bug fixes for kcapi_hasher by Ondrej Mosnáček
- updated to 1.1.0:
  - API Enhancement: Addition of kcapi_handle_reinit
  - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c
  - Test enhancement: add IIV speed testing
  - Fix: add a loop around the read system call to always obtain all generated data
  - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser)
  - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY)
  - Fix: support for zero length files (patched by Ondrej Mosnáček)
  - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej Mosnáček)
  - Fix: Add Travis CI test system provided by Ondrej Mosnáček
  - Fix: Add several fixes to kcapi-hasher by Ondrej Mosnáček
  - Fix: Add additional tests for kcapi-hasher by Ondrej Mosnáček
  - Fix: Apply unpadding only to last block of data by Ondrej Mosnáček
  - Fix: Fix resource leaks in error code paths suggested by Ondrej Mosnáček
  - Enhancement: achieve hmaccalc CLI equivalence by Ondrej Mosnáček
- updated to 1.0.3:
  - Fix: support STDIN and --tag of sha*sum applications
  - Enhancement: Add small enhancements to support integration with distros -- reported by Björn Esser
- updated to 1.0.2:
  - Fix: hasher-test.sh on 32-bit systems
  - Fix: AIO return code handling on large number of requests -- reported by Jonathan Cameron
  - Enhancement: disable coredumps of library
  - Fix: remove unchecked -fstack-protector-strong from Makefile -- reported by Mathieu Malaterre
  - Fix: document that kcapi_cipher_stream_op must be called in a loop to collect all data in a multhreaded environment.
  - Test Fix: Update symmetric multithreaded stream test to invoke kcapi_cipher_stream_op in a loop to collect all data.
  - Fix: Initialize the cipher handle on stack with zeros as the library expects a zero-initialized cipher handle. This fixes a possible segfault where free() is called on a non-initialized memory location.
  - Fix: port algif_kpp and algif_akcipher to 4.15-rc3
- updated to 1.0.1:
  - Fix: constify AEAD cipher input data
  - Fix: use GCC byte swapping acceleration if present
  - Fix: KDF counter handling on little endian systems when generating more than 255 blocks
  - Use LD_PRELOAD for execution of test cases to force using of the freshly compiled binaries
  - Fix: return code handling of _kcapi_common_vmsplice_chunk_fd as reported by Christophe Leroy
  - Fix: return code handling in _kcapi_md_update
  - Fix: kcapi-hasher now supports files larger than 2GB
  - Fix: kcapi-dgst now supports files larger than 2GB
  - Fix: use stack protector
  - Fix: rename header guards to remove leading underscore as pointed out by Markus Elfring
  - Test Fix: Allow compiing the test code without asymmetric and KPP support
- updated to 1.0.0:
  - Fix: Small compile fixes for new checks of GCC 7
  - API Change: Rename all LOG_* enums to KCAPI_LOG_* to prevent namespace poisoning
  - Fix: soname and file name of library now compiles with conventions (thanks to Marcus Meissner)
  - Fix: kcapi-rng.c: unify FD/syscall read code and fix __NR_getrandom resolution
  - Enhancement: add kcapi-enc application to access symmetric encryption on command line
  - Fix: consolidate duplicate code in kcapi-hasher
  - Enhancement: add kcapi-dgst application to access hashes on command line
  - Enhancement: add kcapi-rng man page
  - Enhancement: add kcapi-rng --hex command line option
  - Fix: enable full symmetric AIO support
  - Fix: consolidate all test code into test/ and invoke all tests with test-invocation.sh
  - Fix: fix memleaks in error code paths as reported by clang
  - Fix: reduce memory footprint by rearranging data structures
  - Fix: kcapi-hasher is now fully FIPS 140-2 compliant as it now includes the integrity test for libkcapi.so
  - Enhancement: Add speed tests for MV-CESA accelerated ciphers and hash algorithms (thanks to Bastian Stender)
  - Test Enhancement: add kcapi-enc-test-large.c test testing edge conditions of AF_ALG
  - Test Enhancement: add virttest.sh - use of test system based on eudyptula-boot to test on linux-4.3.6, linux-4.4.86, linux-4.5, linux-4.7, linux-4.10, linux-4.12
  - Test Enhancement: add kcapi-fuzz-test.sh to support fuzzing the AF_ALG interfaces
  - Enhancement: add RPM SPEC file (tested with Fedora 26)
  - API Change: replace --disable-lib-asym with --enable-lib-asym as the algif_akcipher.c kernel interface is not likely to be added to the kernel anytime soon
  - API Enhancement: add KPP API which is not compiled by default, use --enable-lib-kpp (the algif_kpp.c kernel interface is not likely to be added to the Linux kernel any time soon)
  - Test Enhancement: Add KPP tests
  - Enhancement: Re-enable AIO support for symmetric and AEAD ciphers down to Linux kernels 4.1 and 4.7, respectively. This is due to integrating a fix against a kernel crash when using AIO.
  - Fix: simply KDF code base
  - API Enhancement: add message digest convenience functions kcapi_md_*sha*
  - API Enhancement: add cipher convenience functions kcapi_cipher_*_aes_*
  - API Enhancement: add rng convenience function kcapi_rng_get_bytes
  - API Change: remove kcapi_aead_getdata, use kcapi_aead_getdata_input and kcapi_aead_getdata_output instead
  - API Change: remove kcapi_aead_outbuflen, use kcapi_aead_outbuflen_enc and kcapi_aead_outbuflen_dec instead
- updated to 0.14.0:
  - AIO: fix tracking of completed IOCBs
  - speed-test: fix AEAD handling
  - speed-test: fix time calculation
  - compiler now warns a user of deprecated API calls
  - AIO: handle kernel errors for algif_skcipher gracefully
  - AIO: using multiple IOCB if algif_aead interface supports it
  - ASYM: add PKCS1 tests
  - AIO: add ASYM AIO support
  - AIO: fix AEAD AIO fallback
  - AIO: add AIO fallback testing
  - replace enforcement of symmetric cipher limits with a log message only (the underlying kernel implementations should catch any errors)
  - add fuzzing tests
  - use autotools build system as provided by Georges Savoundararadj with additional considerations from Marcin Nowakowski (thanks a lot)
  - ALG_MAX_PAGES restriction is gone with current AF_ALG interface
  - add HKDF (RFC5869)
  - add apps/kcapi-rng
  - add support for multiple accepts where the caller maintains the opfd
  - fix memleak in error case in PBKDF
  - add multithreaded symmetric cipher tests
  - enable full AIO support for kernels 4.13 and higher (fallback AIO implementation using synchronous support for earlier kernels) -- this is due to the broken AIO support for earlier kernels
  - Add tests for the AAD copy operation to be supported for kernel 4.13
- dropped libkcapi-use-external-fipshmac.patch (done differently in upstream)
- dropped reproduciblesort.patch (done differently upstream)
- dropped reproducibledate.patch: merged upstream
- libkcapi.keyring imported

-------------------------------------------------------------------
Thu Dec  5 10:10:41 UTC 2019 - Martin Liška <mliska@suse.cz>

- Use %make_build and respect %optflags.

-------------------------------------------------------------------
Fri Sep 27 16:40:49 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>

- Remove docbook-utils BuildRequires, xmlto is sufficient
- Spec file cleanup, use license macro, drop defattr, drop BuildRoot

-------------------------------------------------------------------
Wed Jul 12 14:51:26 UTC 2017 - meissner@suse.com

- Change the signing to use openssl sha256/sha512 directly, to
  avoid fipscheck / hmaccalc.

-------------------------------------------------------------------
Sat Jul  8 14:04:41 UTC 2017 - bwiedemann@suse.com

- Add reproduciblesort.patch to always link .o files in the same order and
- Add reproducibledate.patch to not add current time to man-pages to fix build-compare

-------------------------------------------------------------------
Thu Jun 29 08:13:54 UTC 2017 - meissner@suse.com

- libkcapi-use-external-fipshmac.patch: use external fipshmac,
  our chroots / vm builds do not necessarily have the right kernel.

-------------------------------------------------------------------
Wed Jun 28 08:03:30 UTC 2017 - jengelh@inai.de

- Compact descriptions a bit
- Remove libkcapi provide/requires
- Use %_libdir throughout and avoid /lib

-------------------------------------------------------------------
Thu Dec 22 14:03:43 UTC 2016 - abergmann@suse.com

- Initial release 0.13.0.

  A library and tools to access the kernel crypto api.

  FATE#323554 bsc#1045948