Bug 1976137 - Enable hardware optimizations in FIPS mode
Summary: Enable hardware optimizations in FIPS mode
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: libgcrypt
Version: 8.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: ---
Assignee: Jakub Jelen
QA Contact: Marek Havrila
Khushbu Borole
Depends On:
Blocks: 1990059
TreeView+ depends on / blocked
Reported: 2021-06-25 09:51 UTC by Jakub Jelen
Modified: 2021-11-10 08:17 UTC (History)
6 users (show)

Fixed In Version: libgcrypt-1.8.5-6.el8
Doc Type: Bug Fix
Doc Text:
.Hardware optimization enabled in FIPS mode Previously, the Federal Information Processing Standard (FIPS 140-2) did not allow using hardware optimization. Therefore, the operation was disabled in the `libgcrypt` package when in the FIPS mode. This update enables hardware optimization in FIPS mode, and as a result, all cryptographic operations are performed faster.
Clone Of:
: 1990059 (view as bug list)
Last Closed: 2021-11-09 19:41:09 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CRYPTO-5267 0 None None None 2021-11-09 19:51:24 UTC
Red Hat Product Errata RHSA-2021:4409 0 None None None 2021-11-09 19:41:15 UTC

Description Jakub Jelen 2021-06-25 09:51:19 UTC
Description of problem:
It was brought up that the hardware optimizations are fine for FIPS for at least 5 years so it would make sense to enable them in RHEL 8.5 as we plan 3SUB anyway.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Measure performance in FIPS mode

Actual results:
poor performace

Expected results:
hw optimizations are used and performace is better.

Additional info:
this was discussed on fips140-external-list for more information.


Comment 11 errata-xmlrpc 2021-11-09 19:41:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: libgcrypt security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.