Bug 1976137

Summary: Enable hardware optimizations in FIPS mode
Product: Red Hat Enterprise Linux 8 Reporter: Jakub Jelen <jjelen>
Component: libgcryptAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Marek Havrila <mhavrila>
Severity: unspecified Docs Contact: Khushbu Borole <kborole>
Priority: high    
Version: 8.5CC: dgilbert, jafiala, mhavrila, mjahoda, omoris, sct
Target Milestone: betaKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libgcrypt-1.8.5-6.el8 Doc Type: Bug Fix
Doc Text:
.Hardware optimization enabled in FIPS mode Previously, the Federal Information Processing Standard (FIPS 140-2) did not allow using hardware optimization. Therefore, the operation was disabled in the `libgcrypt` package when in the FIPS mode. This update enables hardware optimization in FIPS mode, and as a result, all cryptographic operations are performed faster.
 Story Points: ---
Clone Of:
: 1990059 (view as bug list) Environment:
Last Closed: 2021-11-09 19:41:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1990059    

Description Jakub Jelen 2021-06-25 09:51:19 UTC 
Description of problem:
It was brought up that the hardware optimizations are fine for FIPS for at least 5 years so it would make sense to enable them in RHEL 8.5 as we plan 3SUB anyway.

Version-Release number of selected component (if applicable):
libgcrypt-1.8.5-5.el8

How reproducible:
always

Steps to Reproduce:
1. Measure performance in FIPS mode

Actual results:
poor performace

Expected results:
hw optimizations are used and performace is better.

Additional info:
this was discussed on fips140-external-list for more information.

https://github.com/gpg/libgcrypt/blob/master/src/hwfeatures.c#L216
Comment 11 errata-xmlrpc 2021-11-09 19:41:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: libgcrypt security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4409