1976137 – Enable hardware optimizations in FIPS mode

Bug 1976137 - Enable hardware optimizations in FIPS mode

Summary: Enable hardware optimizations in FIPS mode

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	libgcrypt
Sub Component:
Version:	8.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	beta
Target Release:	---
Assignee:	Jakub Jelen
QA Contact:	Marek Havrila
Docs Contact:	Khushbu Borole
URL:
Whiteboard:
Depends On:
Blocks:	1990059
TreeView+	depends on / blocked

Reported:	2021-06-25 09:51 UTC by Jakub Jelen
Modified:	2021-11-10 08:17 UTC (History)
CC List:	6 users (show)
Fixed In Version:	libgcrypt-1.8.5-6.el8
Doc Type:	Bug Fix
Doc Text:	.Hardware optimization enabled in FIPS mode Previously, the Federal Information Processing Standard (FIPS 140-2) did not allow using hardware optimization. Therefore, the operation was disabled in the `libgcrypt` package when in the FIPS mode. This update enables hardware optimization in FIPS mode, and as a result, all cryptographic operations are performed faster.
Clone Of:
Clones:	1990059 (view as bug list)
Environment:
Last Closed:	2021-11-09 19:41:09 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	CRYPTO-5267	0	None	None	None	2021-11-09 19:51:24 UTC
Red Hat Product Errata	RHSA-2021:4409	0	None	None	None	2021-11-09 19:41:15 UTC

Description Jakub Jelen 2021-06-25 09:51:19 UTC

Description of problem:
It was brought up that the hardware optimizations are fine for FIPS for at least 5 years so it would make sense to enable them in RHEL 8.5 as we plan 3SUB anyway.

Version-Release number of selected component (if applicable):
libgcrypt-1.8.5-5.el8

How reproducible:
always

Steps to Reproduce:
1. Measure performance in FIPS mode

Actual results:
poor performace

Expected results:
hw optimizations are used and performace is better.

Additional info:
this was discussed on fips140-external-list for more information.

https://github.com/gpg/libgcrypt/blob/master/src/hwfeatures.c#L216

Comment 11 errata-xmlrpc 2021-11-09 19:41:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: libgcrypt security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4409

Note You need to log in before you can comment on or make changes to this bug.