Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4435677pxf;
        Tue, 30 Mar 2021 07:48:11 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxlEe0zQrxsVED/Xyg4sRodvZu93wbuUAPeINplxAMlHvGT7NYMb8FGp5gHwMlyISLOfP1O
X-Received: by 2002:a17:906:a1c8:: with SMTP id bx8mr32995794ejb.381.1617115690981;
        Tue, 30 Mar 2021 07:48:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617115690; cv=none;
        d=google.com; s=arc-20160816;
        b=gIF41731KiiNv3yJzcKC6/kQWilieswpUQZZe4nYkjpuiBOgJDUFYD4lY8c0f1O/DW
         SWFmSS09ZNri5cWqduepyIDe2lWeufOlaoqlJthzEEE/sFFxxS5RlGYT0RjvDdF0TN3o
         a+/OksASRPqDJLC/UvxmrCfZaG+wR/d5LIgpjWpz5WwTBrvfw9m8lubzRqkgvSdEfQeS
         f/Sl1I/lCIFv347V+Epd70lpJhrb1slyMYy36nEo8OUl/A1MktruifVeAXQ5BPDtmYXc
         OB/hlxpCvGdeNk1NpWDwA269LaRt/oWpzBHvr0qHigyB7+0n8+WFPNoai2tudgU+0XMb
         f/zg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version;
        bh=7Fb2lr7X+C2CJhdbObn3AZ8NAudIfCxV3pT8ToWUbIM=;
        b=W/TqsYxMOid3A4VvYf15uUD5yLD0u/KSg6sXrS5xeR0aVutITain4DCGQ2BhEXHMnv
         FA8j5RQo2UqRtRn2bdFvnM75AFR+0DGQAvHithG10XXWMARIVdk1v9AzbX4FcN9WIX2g
         hj33WJhjAsCG0Q/CO7oIEvbSh94l/R36jKZpqb7jJztSg4H5MaD/8l0HtE57vqXfp5Hk
         nH21Xk5m7+cwsvegBDmVGfg1mGbPQIPCLa0IwlhG9KIGldOCVwAreRhk1wwJE1rrwko1
         3f1p4gfLM1MRebH1zIb3qgy/uHZDUN51oKOp8mKyOiqS/EStvsM12hOvtT6OODyIpPhV
         mKDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r21si15232536edw.605.2021.03.30.07.47.42;
        Tue, 30 Mar 2021 07:48:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231719AbhC3Oqt (ORCPT <rfc822;dave.gstir+lkml@gmail.com>
        + 99 others); Tue, 30 Mar 2021 10:46:49 -0400
Received: from mail-oo1-f41.google.com ([209.85.161.41]:44996 "EHLO
        mail-oo1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231636AbhC3OqY (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 30 Mar 2021 10:46:24 -0400
Received: by mail-oo1-f41.google.com with SMTP id p2-20020a4aa8420000b02901bc7a7148c4so3825343oom.11;
        Tue, 30 Mar 2021 07:46:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=7Fb2lr7X+C2CJhdbObn3AZ8NAudIfCxV3pT8ToWUbIM=;
        b=dOqQDhk3hpE/XK3T10z0WrQ/uM0DnbTlKHdhxs6CIqpJV5XudaTyz/EJXMHykbtiFY
         guMKvmMWBHWicSjQtHThLM877t8m8Wj8F5QF05mQJ9WPWS/puYorqfoa1YrAAEYB68Qe
         1vTVg65GPonlLK5gyANDHJalh1xYtn1+64UPDnEQHmg4ASS0CzyA86OJF045fwx5rD5o
         8/vF6uzSuHXZj6qOhVXlTjPtn1ppHLbxuXNAPldVbhGCXPKP6tRtBha6dpVgsrvilhDH
         m7Ia8hJ1dsAmPcovsgUqc49v6KGqfXDnuGbHqiTHywMMoK25zAlmBciO8KF/sIkwsbyX
         y4DA==
X-Gm-Message-State: AOAM532Fw8uoo8geCSK95DFj4tuMXZdDvDfr6vFjyPtn92wyAjhEibQY
        ewnUJZreIreOdWUZpO96ZQwtAKcxaY9oJkAO9piuBlmC
X-Received: by 2002:a4a:d781:: with SMTP id c1mr25999905oou.44.1617115583446;
 Tue, 30 Mar 2021 07:46:23 -0700 (PDT)
MIME-Version: 1.0
References: <MW2PR2101MB08924CD74C6EB773C4D5FAFDBF7E9@MW2PR2101MB0892.namprd21.prod.outlook.com>
In-Reply-To: <MW2PR2101MB08924CD74C6EB773C4D5FAFDBF7E9@MW2PR2101MB0892.namprd21.prod.outlook.com>
From:   "Rafael J. Wysocki" <rafael@kernel.org>
Date:   Tue, 30 Mar 2021 16:46:12 +0200
Message-ID: <CAJZ5v0g+=AnRAmAAn8NpHm8bmZ1WkwDpjb5rr_zPOVABW1PYug@mail.gmail.com>
Subject: Re: Fix hibernation in FIPS mode?
To:     Dexuan Cui <decui@microsoft.com>
Cc:     "linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
        "crecklin@redhat.com" <crecklin@redhat.com>,
        "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, Mar 30, 2021 at 12:14 AM Dexuan Cui <decui@microsoft.com> wrote:
>
> Hi,
> MD5 was marked incompliant with FIPS in 2009:
> a3bef3a31a19 ("crypto: testmgr - Skip algs not flagged fips_allowed in fips mode")
> a1915d51e8e7 ("crypto: testmgr - Mark algs allowed in fips mode")
>
> But hibernation_e820_save() is still using MD5, and fails in FIPS mode
> due to the 2018 patch:
> 749fa17093ff ("PM / hibernate: Check the success of generating md5 digest before hibernation")
>
> As a result, hibernation doesn't work when FIPS is on.
>
> Do you think if hibernation_e820_save() should be changed to use a
> FIPS-compliant algorithm like SHA-1?

I would say yes, it should.

> PS, currently it looks like FIPS mode is broken in the mainline:
> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg49414.html