On 3/30/21 10:46 AM, Rafael J. Wysocki wrote:
On Tue, Mar 30, 2021 at 12:14 AM Dexuan Cui <[email protected]> wrote:Hi, MD5 was marked incompliant with FIPS in 2009: a3bef3a31a19 ("crypto: testmgr - Skip algs not flagged fips_allowed in fips mode") a1915d51e8e7 ("crypto: testmgr - Mark algs allowed in fips mode")But hibernation_e820_save() is still using MD5, and fails in FIPS mode due to the 2018 patch: 749fa17093ff ("PM / hibernate: Check the success of generating md5 digest before hibernation") As a result, hibernation doesn't work when FIPS is on. Do you think if hibernation_e820_save() should be changed to use a FIPS-compliant algorithm like SHA-1?I would say yes, it should.
If we're not actually encrypting anything, shouldn't something like ghash work as well?
PS, currently it looks like FIPS mode is broken in the mainline: https://www.mail-archive.com/[email protected]/msg49414.html
