use crypto/sha256 only for FIPS 140-2 compliance (#14983)

It would seem like the PR #11623 had chewed more than it wanted to, non-fips build shouldn't really be forced to use slower crypto/sha256 even for presumed "non-performance" codepaths. In MinIO there are really no "non-performance" codepaths. This assumption seems to have had an adverse effect in certain areas of CPU usage. This PR ensures that we stick to sha256-simd on all non-FIPS builds, our most common build to ensure we get the best out of the CPU at any given point in time.
2025-11-07 21:02:58 -05:00 · 2022-05-27 06:00:19 -07:00
parent 464b9d7c80
commit 9d07cde385
16 changed files with 35 additions and 24 deletions
--- a/internal/kms/single-key.go
+++ b/internal/kms/single-key.go
@@ -22,7 +22,6 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/hmac"
-	"crypto/sha256"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -33,6 +32,8 @@ import (
 	"github.com/secure-io/sio-go/sioutil"
 	"golang.org/x/crypto/chacha20"
 	"golang.org/x/crypto/chacha20poly1305"
+
+	"github.com/minio/minio/internal/hash/sha256"
 )

 // Parse parses s as single-key KMS. The given string