diff --git a/libica-02-fips-update-Change-service-indicator-implementation.patch b/libica-02-fips-update-Change-service-indicator-implementation.patch index 3a690c5..905d09c 100644 --- a/libica-02-fips-update-Change-service-indicator-implementation.patch +++ b/libica-02-fips-update-Change-service-indicator-implementation.patch @@ -1,154 +1,21 @@ -From 86c400a516a23ce807c1b7a5a3dec3c0ef441733 Mon Sep 17 00:00:00 2001 +From 238d85eec7050be5573190c519c1c8eaacae5359 Mon Sep 17 00:00:00 2001 From: Joerg Schmidbauer Date: Mon, 28 Oct 2024 13:44:11 +0100 Subject: [PATCH] fips update: Change service indicator implementation Perform checks for non-approved algorithms / parameters directly into the -APIs that perform the services. Especially, indicate that using an external -GCM iv in fips mode is non-compliant, but on the exception list. +APIs that perform the services. Signed-off-by: Joerg Schmidbauer --- - src/ica_api.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++ - src/icainfo.c | 1 + - src/include/fips.h | 7 ++++-- - 3 files changed, 59 insertions(+), 2 deletions(-) + src/ica_api.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) diff --git a/src/ica_api.c b/src/ica_api.c -index 0826af8..e0f6c43 100644 +index 0826af8..d071f61 100644 --- a/src/ica_api.c +++ b/src/ica_api.c -@@ -94,7 +94,12 @@ int ica_external_gcm_iv_in_fips_mode_allowed = 0; - - void ica_allow_external_gcm_iv_in_fips_mode(int allow) - { -+#ifdef ICA_FIPS -+ if (!fips_approved(AES_GCM_EXT_IV) && !fips_override(AES_GCM_EXT_IV)) -+ return; -+ - ica_external_gcm_iv_in_fips_mode_allowed = allow ? 1 : 0; -+#endif - } - - -@@ -399,6 +404,8 @@ unsigned int ica_sha1(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA1) && !fips_override(SHA1)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -454,6 +461,8 @@ unsigned int ica_sha224(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA224) && !fips_override(SHA224)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -501,6 +510,8 @@ unsigned int ica_sha256(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA256) && !fips_override(SHA256)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -548,6 +559,8 @@ unsigned int ica_sha384(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA384) && !fips_override(SHA384)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -596,6 +609,8 @@ unsigned int ica_sha512(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA512) && !fips_override(SHA512)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -644,6 +659,8 @@ unsigned int ica_sha512_224(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA512_224) && !fips_override(SHA512_224)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -692,6 +709,8 @@ unsigned int ica_sha512_256(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA512_256) && !fips_override(SHA512_256)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -740,6 +759,8 @@ unsigned int ica_sha3_224(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA3_224) && !fips_override(SHA3_224)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -787,6 +808,8 @@ unsigned int ica_sha3_256(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA3_256) && !fips_override(SHA3_256)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -834,6 +857,8 @@ unsigned int ica_sha3_384(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA3_384) && !fips_override(SHA3_384)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -882,6 +907,8 @@ unsigned int ica_sha3_512(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHA3_512) && !fips_override(SHA3_512)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -931,6 +958,8 @@ unsigned int ica_shake_128(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHAKE128) && !fips_override(SHAKE128)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -986,6 +1015,8 @@ unsigned int ica_shake_256(unsigned int message_part, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(SHAKE256) && !fips_override(SHAKE256)) -+ return EPERM; - #endif /* ICA_FIPS */ - - /* check for obvious errors in parms */ -@@ -1052,6 +1083,8 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle, +@@ -1052,6 +1052,8 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle, #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -157,7 +24,7 @@ index 0826af8..e0f6c43 100644 #endif /* ICA_FIPS */ if (public_key->key_length != private_key->key_length) -@@ -1094,6 +1127,8 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle, +@@ -1094,6 +1096,8 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle, #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -166,7 +33,7 @@ index 0826af8..e0f6c43 100644 #endif /* ICA_FIPS */ if (public_key->key_length != private_key->key_length) -@@ -1130,6 +1165,8 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle, +@@ -1130,6 +1134,8 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle, #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -175,7 +42,7 @@ index 0826af8..e0f6c43 100644 #endif /* ICA_FIPS */ /* check for obvious errors in parms */ -@@ -1193,6 +1230,8 @@ unsigned int ica_rsa_crt_key_check(ica_rsa_key_crt_t *rsa_key) +@@ -1193,6 +1199,8 @@ unsigned int ica_rsa_crt_key_check(ica_rsa_key_crt_t *rsa_key) #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -184,7 +51,7 @@ index 0826af8..e0f6c43 100644 #endif /* ICA_FIPS */ /* check if p > q */ -@@ -1266,6 +1305,8 @@ unsigned int ica_rsa_crt(ica_adapter_handle_t adapter_handle, +@@ -1266,6 +1274,8 @@ unsigned int ica_rsa_crt(ica_adapter_handle_t adapter_handle, #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -193,16 +60,16 @@ index 0826af8..e0f6c43 100644 #endif /* ICA_FIPS */ /* check for obvious errors in parms */ -@@ -1337,6 +1378,8 @@ ICA_EC_KEY* ica_ec_key_new(unsigned int nid, unsigned int *privlen) +@@ -1337,6 +1347,8 @@ ICA_EC_KEY* ica_ec_key_new(unsigned int nid, unsigned int *privlen) #ifdef ICA_FIPS if (fips >> 1) return NULL; + if (!fips_approved(EC_KGEN) && !fips_override(EC_KGEN)) -+ return EPERM; ++ return NULL; #endif /* ICA_FIPS */ if ((key = malloc(sizeof(ICA_EC_KEY))) == NULL) -@@ -1375,6 +1418,8 @@ int ica_ec_key_init(const unsigned char *X, const unsigned char *Y, +@@ -1375,6 +1387,8 @@ int ica_ec_key_init(const unsigned char *X, const unsigned char *Y, #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -211,7 +78,7 @@ index 0826af8..e0f6c43 100644 if (fips & ICA_FIPS_MODE) { if (!curve_supported_via_openssl(key->nid) || !curve_supported_via_cpacf(key->nid)) { -@@ -1421,6 +1466,8 @@ int ica_ec_key_generate(ica_adapter_handle_t adapter_handle, ICA_EC_KEY *key) +@@ -1421,6 +1435,8 @@ int ica_ec_key_generate(ica_adapter_handle_t adapter_handle, ICA_EC_KEY *key) #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -220,7 +87,7 @@ index 0826af8..e0f6c43 100644 if (fips & ICA_FIPS_MODE) { if (!curve_supported_via_openssl(key->nid) || !curve_supported_via_cpacf(key->nid)) -@@ -1494,6 +1541,8 @@ int ica_ecdh_derive_secret(ica_adapter_handle_t adapter_handle, +@@ -1494,6 +1510,8 @@ int ica_ecdh_derive_secret(ica_adapter_handle_t adapter_handle, #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -229,16 +96,16 @@ index 0826af8..e0f6c43 100644 if (fips & ICA_FIPS_MODE) { if (!curve_supported_via_openssl(privkey_A->nid) || !curve_supported_via_cpacf(privkey_A->nid)) -@@ -1563,6 +1612,8 @@ int ica_ecdsa_sign_ex_internal(ica_adapter_handle_t adapter_handle, - #ifdef ICA_FIPS - if (fips >> 1) - return EACCES; -+ if (!fips_approved(EC_DSA_SIGN) && !fips_override(EC_DSA_SIGN)) -+ return EPERM; - if (fips & ICA_FIPS_MODE) { +@@ -1567,6 +1585,8 @@ int ica_ecdsa_sign_ex_internal(ica_adapter_handle_t adapter_handle, if (!curve_supported_via_openssl(privkey->nid) || !curve_supported_via_cpacf(privkey->nid)) -@@ -1654,6 +1705,8 @@ int ica_ecdsa_verify(ica_adapter_handle_t adapter_handle, + return EPERM; ++ if (!fips_approved(EC_DSA_SIGN) && !fips_override(EC_DSA_SIGN)) ++ return EPERM; + } + #endif /* ICA_FIPS */ + +@@ -1654,6 +1674,8 @@ int ica_ecdsa_verify(ica_adapter_handle_t adapter_handle, #ifdef ICA_FIPS if (fips >> 1) return EACCES; @@ -247,46 +114,3 @@ index 0826af8..e0f6c43 100644 if (fips & ICA_FIPS_MODE) { if (!curve_supported_via_openssl(pubkey->nid) || !curve_supported_via_cpacf(pubkey->nid)) -diff --git a/src/icainfo.c b/src/icainfo.c -index 608994f..b18cbfa 100644 ---- a/src/icainfo.c -+++ b/src/icainfo.c -@@ -556,6 +556,7 @@ void print_fips_indicator(void) - } - } - -+ printf(" GCM ext iv | - | - | - \n"); - printf("------------------------------------------------------\n"); - - done: -diff --git a/src/include/fips.h b/src/include/fips.h -index c0af6b6..ec7f2c9 100644 ---- a/src/include/fips.h -+++ b/src/include/fips.h -@@ -65,6 +65,8 @@ unsigned int ica_aes_gcm_initialize_internal(const unsigned char *iv, - unsigned char *ucb, unsigned char *subkey, - unsigned int direction); - -+#define AES_GCM_EXT_IV 73 -+ - /* - * List of non-fips-approved algorithms - */ -@@ -73,14 +75,15 @@ static const int FIPS_BLACKLIST[] = {DES_ECB, DES_CBC, DES_CBC_CS, DES_OFB, - DES3_CBC, DES3_CBC_CS, DES3_OFB, DES3_CFB, DES3_CTR, DES3_CTRLST, - DES3_CBC_MAC, DES3_CMAC, ED25519_KEYGEN, ED25519_SIGN, ED25519_VERIFY, - ED448_KEYGEN, ED448_SIGN, ED448_VERIFY, X25519_KEYGEN, X25519_DERIVE, -- X448_KEYGEN, X448_DERIVE, RSA_ME, RSA_CRT, SHA512_DRNG }; -+ X448_KEYGEN, X448_DERIVE, RSA_ME, RSA_CRT, SHA512_DRNG, AES_GCM_EXT_IV }; - static const size_t FIPS_BLACKLIST_LEN - = sizeof(FIPS_BLACKLIST) / sizeof(FIPS_BLACKLIST[0]); - - /* - * FIPS service indicator: List of tolerated but non-approved algorithms. - */ --static const int FIPS_OVERRIDE_LIST[] = { RSA_ME, RSA_CRT, SHA512_DRNG }; -+static const int FIPS_OVERRIDE_LIST[] = { RSA_ME, RSA_CRT, SHA512_DRNG, -+ AES_GCM_EXT_IV }; - static const size_t FIPS_OVERRIDE_LIST_LEN - = sizeof(FIPS_OVERRIDE_LIST) / sizeof(FIPS_OVERRIDE_LIST[0]); - diff --git a/libica-03-fips-update-Dynamically-update-service-indicator-based-on-IV-usage.patch b/libica-03-fips-update-Dynamically-update-service-indicator-based-on-IV-usage.patch index 4bf9c97..4a27a7f 100644 --- a/libica-03-fips-update-Dynamically-update-service-indicator-based-on-IV-usage.patch +++ b/libica-03-fips-update-Dynamically-update-service-indicator-based-on-IV-usage.patch @@ -1,4 +1,4 @@ -From 6823004d49fad72ccc5a8933cbf8443f08371584 Mon Sep 17 00:00:00 2001 +From b7d11c21d7f15dc11ae7354a7ec97299eacd7045 Mon Sep 17 00:00:00 2001 From: Joerg Schmidbauer Date: Wed, 6 Nov 2024 13:12:11 +0100 Subject: [PATCH] fips update: Dynamically update service indicator based on IV @@ -6,39 +6,159 @@ Subject: [PATCH] fips update: Dynamically update service indicator based on IV Fix handling to differentiate if the call to AES-GCM encryption API was approved or not. If the IV was set externally, it's non-approved, otherwise with internal -IV it's approved. +IV it's approved. Bind the service indicator to the service by checking the +behavior of the GCM IV in the gcm API. Signed-off-by: Joerg Schmidbauer --- - src/s390_crypto.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) + src/ica_api.c | 6 ++++++ + src/include/fips.h | 54 +++++++++++++++++++++++++++++++++++++++++++--- + src/s390_crypto.c | 16 ++++++++++++++ + 3 files changed, 73 insertions(+), 3 deletions(-) +diff --git a/src/ica_api.c b/src/ica_api.c +index d071f61..c1bb4e1 100644 +--- a/src/ica_api.c ++++ b/src/ica_api.c +@@ -3727,6 +3727,8 @@ unsigned int ica_aes_gcm(unsigned char *plaintext, + #ifdef ICA_FIPS + if (fips & ICA_FIPS_MODE) + return EPERM; ++ if (!fips_approved(AES_GCM) && !fips_override(AES_GCM)) ++ return EPERM; + #endif /* ICA_FIPS */ + + return ica_aes_gcm_internal(plaintext, plaintext_length, ciphertext, +@@ -3776,6 +3778,8 @@ unsigned int ica_aes_gcm_initialize(const unsigned char *iv, + if (!ica_external_gcm_iv_in_fips_mode_allowed && + direction == ENCRYPT && (fips & ICA_FIPS_MODE)) + return EPERM; ++ if (!fips_approved(AES_GCM) && !fips_override(AES_GCM)) ++ return EPERM; + #endif /* ICA_FIPS */ + + return ica_aes_gcm_initialize_internal(iv, iv_length, key, key_length, +@@ -4025,6 +4029,8 @@ int ica_aes_gcm_kma_init(unsigned int direction, + if (!ica_external_gcm_iv_in_fips_mode_allowed && + direction == ICA_ENCRYPT && (fips & ICA_FIPS_MODE)) + return EPERM; ++ if (!fips_approved(AES_GCM_KMA) && !fips_override(AES_GCM_KMA)) ++ return EPERM; + #endif /* ICA_FIPS */ + + return ica_aes_gcm_kma_init_internal(direction, iv, iv_length, +diff --git a/src/include/fips.h b/src/include/fips.h +index c0af6b6..0a6e0bd 100644 +--- a/src/include/fips.h ++++ b/src/include/fips.h +@@ -68,19 +68,19 @@ unsigned int ica_aes_gcm_initialize_internal(const unsigned char *iv, + /* + * List of non-fips-approved algorithms + */ +-static const int FIPS_BLACKLIST[] = {DES_ECB, DES_CBC, DES_CBC_CS, DES_OFB, ++static int FIPS_BLACKLIST[] = {DES_ECB, DES_CBC, DES_CBC_CS, DES_OFB, + DES_CFB, DES_CTR, DES_CTRLST, DES_CBC_MAC, DES_CMAC, P_RNG, DES3_ECB, + DES3_CBC, DES3_CBC_CS, DES3_OFB, DES3_CFB, DES3_CTR, DES3_CTRLST, + DES3_CBC_MAC, DES3_CMAC, ED25519_KEYGEN, ED25519_SIGN, ED25519_VERIFY, + ED448_KEYGEN, ED448_SIGN, ED448_VERIFY, X25519_KEYGEN, X25519_DERIVE, +- X448_KEYGEN, X448_DERIVE, RSA_ME, RSA_CRT, SHA512_DRNG }; ++ X448_KEYGEN, X448_DERIVE, RSA_ME, RSA_CRT, SHA512_DRNG, -1, -1 }; + static const size_t FIPS_BLACKLIST_LEN + = sizeof(FIPS_BLACKLIST) / sizeof(FIPS_BLACKLIST[0]); + + /* + * FIPS service indicator: List of tolerated but non-approved algorithms. + */ +-static const int FIPS_OVERRIDE_LIST[] = { RSA_ME, RSA_CRT, SHA512_DRNG }; ++static int FIPS_OVERRIDE_LIST[] = { RSA_ME, RSA_CRT, SHA512_DRNG, -1, -1 }; + static const size_t FIPS_OVERRIDE_LIST_LEN + = sizeof(FIPS_OVERRIDE_LIST) / sizeof(FIPS_OVERRIDE_LIST[0]); + +@@ -117,5 +117,53 @@ static inline int fips_override(int id) + + return 0; + } ++ ++static inline void add_to_fips_black_list(int id) ++{ ++ size_t i; ++ ++ for (i = 0; i < FIPS_BLACKLIST_LEN; i++) { ++ if (FIPS_BLACKLIST[i] == -1) { ++ FIPS_BLACKLIST[i] = id; ++ return; ++ } ++ } ++} ++ ++static inline void add_to_fips_override_list(int id) ++{ ++ size_t i; ++ ++ for (i = 0; i < FIPS_OVERRIDE_LIST_LEN; i++) { ++ if (FIPS_OVERRIDE_LIST[i] == -1) { ++ FIPS_OVERRIDE_LIST[i] = id; ++ return; ++ } ++ } ++} ++ ++static inline void remove_from_fips_black_list(int id) ++{ ++ size_t i; ++ ++ for (i = 0; i < FIPS_BLACKLIST_LEN; i++) { ++ if (FIPS_BLACKLIST[i] == id) { ++ FIPS_BLACKLIST[i] = -1; ++ return; ++ } ++ } ++} ++ ++static inline void remove_from_fips_override_list(int id) ++{ ++ size_t i; ++ ++ for (i = 0; i < FIPS_OVERRIDE_LIST_LEN; i++) { ++ if (FIPS_OVERRIDE_LIST[i] == id) { ++ FIPS_OVERRIDE_LIST[i] = -1; ++ return; ++ } ++ } ++} + #endif /* FIPS_H */ + #endif /* ICA_FIPS */ diff --git a/src/s390_crypto.c b/src/s390_crypto.c -index 623864b..29f2b29 100644 +index 623864b..03655e7 100644 --- a/src/s390_crypto.c +++ b/src/s390_crypto.c -@@ -30,6 +30,8 @@ +@@ -30,6 +30,10 @@ #include "init.h" #include "s390_crypto.h" ++#ifdef ICA_FIPS +extern int ica_external_gcm_iv_in_fips_mode_allowed; ++#endif + unsigned long long facility_bits[3]; unsigned int sha1_switch, sha256_switch, sha512_switch, sha3_switch, des_switch, tdes_switch, aes128_switch, aes192_switch, aes256_switch, -@@ -814,6 +816,15 @@ int s390_get_fips_indicator(libica_fips_indicator_element *indicator_list, +@@ -810,6 +814,18 @@ int s390_get_fips_indicator(libica_fips_indicator_element *indicator_list, + if (*indicator_list_len < (sizeof(icaList) / sizeof(libica_func_list_element_int))) + return EINVAL; + ++ if (ica_external_gcm_iv_in_fips_mode_allowed) { ++ add_to_fips_black_list(AES_GCM); ++ add_to_fips_override_list(AES_GCM); ++ add_to_fips_black_list(AES_GCM_KMA); ++ add_to_fips_override_list(AES_GCM_KMA); ++ } else { ++ remove_from_fips_black_list(AES_GCM); ++ remove_from_fips_override_list(AES_GCM); ++ remove_from_fips_black_list(AES_GCM_KMA); ++ remove_from_fips_override_list(AES_GCM_KMA); ++ } ++ + for (i = 0; i < *indicator_list_len; i++) { indicator_list[i].mech_mode_id = icaList[i].mech_mode_id; indicator_list[i].fips_approved = fips_approved(icaList[i].mech_mode_id); - indicator_list[i].fips_override = fips_override(icaList[i].mech_mode_id); -+ if (icaList[i].mech_mode_id == AES_GCM || icaList[i].mech_mode_id == AES_GCM_KMA) { -+ if (ica_external_gcm_iv_in_fips_mode_allowed) { -+ indicator_list[i].fips_approved = 0; -+ indicator_list[i].fips_override = 1; -+ } else { -+ indicator_list[i].fips_approved = 1; -+ indicator_list[i].fips_override = 0; -+ } -+ } - } - - return 0; diff --git a/libica-04-fips-update-provide-test-for-dynamic-service-indicator.patch b/libica-04-fips-update-provide-test-for-dynamic-service-indicator.patch index 3d86174..246e018 100644 --- a/libica-04-fips-update-provide-test-for-dynamic-service-indicator.patch +++ b/libica-04-fips-update-provide-test-for-dynamic-service-indicator.patch @@ -1,4 +1,4 @@ -From 9e1582dd059d69c86b6f323fadd87956b6034aab Mon Sep 17 00:00:00 2001 +From b4b25bff66035883a47ea9227abc1ffe207a31a8 Mon Sep 17 00:00:00 2001 From: Joerg Schmidbauer Date: Wed, 6 Nov 2024 13:17:54 +0100 Subject: [PATCH] fips update: provide test for dynamic service indicator diff --git a/libica.changes b/libica.changes index 7a0880f..f5329d6 100644 --- a/libica.changes +++ b/libica.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Nov 15 13:08:21 UTC 2024 - Nikolay Gueorguiev + +- Applied updated patches (bsc#1231302, bsc#1231303, bsc#1231304, bsc#1231305) + * libica-02-fips-update-Change-service-indicator-implementation.patch + * libica-03-fips-update-Dynamically-update-service-indicator-based-on-IV-usage.patch + * libica-04-fips-update-provide-test-for-dynamic-service-indicator.patch + ------------------------------------------------------------------- Wed Nov 6 13:40:24 UTC 2024 - Nikolay Gueorguiev