We can use HW optimizations in FIPS

Resolves: rhbz#1990059
This commit is contained in:
Jakub Jelen 2021-10-12 14:44:18 +02:00
parent f55c126dec
commit ca46048bb3
2 changed files with 17 additions and 0 deletions

View File

@ -0,0 +1,13 @@
diff -up libgcrypt-1.8.5/src/hwfeatures.c.hw-fips libgcrypt-1.8.5/src/hwfeatures.c
--- libgcrypt-1.8.5/src/hwfeatures.c.hw-fips 2021-06-25 11:55:55.843819137 +0200
+++ libgcrypt-1.8.5/src/hwfeatures.c 2021-06-25 11:56:00.925895390 +0200
@@ -205,9 +205,6 @@ _gcry_detect_hw_features (void)
{
hw_features = 0;
- if (fips_mode ())
- return; /* Hardware support is not to be evaluated. */
-
parse_hwf_deny_file ();
#if defined (HAVE_CPU_ARCH_X86)

View File

@ -50,6 +50,9 @@ Patch28: libgcrypt-1.8.5-intel-cet.patch
Patch30: libgcrypt-1.8.5-fips-module.patch Patch30: libgcrypt-1.8.5-fips-module.patch
# Fix for CVE-2021-33560 # Fix for CVE-2021-33560
Patch31: libgcrypt-1.9.3-CVE-2021-33560.patch Patch31: libgcrypt-1.9.3-CVE-2021-33560.patch
# We can use HW optimizations in FIPS (#1990059)
Patch32: libgcrypt-1.9.3-fips-hwfeatures.patch
%global gcrylibdir %{_libdir} %global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20 %global gcrysoname libgcrypt.so.20
@ -100,6 +103,7 @@ applications using libgcrypt.
%patch28 -p1 -b .intel-cet %patch28 -p1 -b .intel-cet
%patch30 -p1 -b .fips-module %patch30 -p1 -b .fips-module
%patch31 -p1 -b .CVE-2021-33560 %patch31 -p1 -b .CVE-2021-33560
%patch32 -p1 -b .hw-fips
cp %{SOURCE4} cipher/ cp %{SOURCE4} cipher/
cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/ cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/