Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp560353pxf; Thu, 8 Apr 2021 08:31:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw0cqVxlCq1yOl8FnabtWRgJEnYlGob4ti5MMaTfMi0R34k8u2lcjDLzuDO2LnCdofu0me4 X-Received: by 2002:a05:600c:224e:: with SMTP id a14mr9165605wmm.57.1617895888289; Thu, 08 Apr 2021 08:31:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617895888; cv=none; d=google.com; s=arc-20160816; b=gs17sQLQk+q3zX8IH9cDu+hDjHQDpAPVAzcVt/n9jd7R70rXpsrQkWbE8Fh2BLToAT 4LagHKoxy4YAyh5D4MwtahpSlwm521XaHOGoi5MEnXGVX3c9b1eq4cqgnhmlAQvRLthI +4Pqy1wQyzZoqB4uj5RcB7oXegO6Djhiv1V0xKVmrKN2BAWwqO3s16rKxyBw/LA9xygb +IRagwJVV8HSJyWi66yx221Rrx57pzRdJPs3rAGbDPOhc+mtS40GsVEY6BnpZH9VZ9UC UrqTiusvT4BiKGYJIWwfGETTbog3/ohwCURuFjc5tXzewPkeIHOPR85JSxyiJodmipeP GxZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=9cddpB3AhQ3ZQG4hwGGfb3yot9SPZ3eu1s8ldQRwlrc=; b=F2ILder1x3lNDipXKx9mpoYmtSeBDjnlvUhkPHM1ifRKeC/AL+2f+wXzy9hdM718SO jSKvvy/ho/SouurhwdjR7DWLgG7Dk2tHsvaUmvahsTArwFIs5jI1M8+5B1jClKkPNuf0 cZn53iXL+bVQ/vrKIcInv37t0YWt60sv12w33BBD2FP31fR761/6IIGBK6w/riL87/2O KxwBm62M8SSwj020UusuhfOsi4npV5Hv0WRUq+x6fGglNyFr94GXr7TZwlUcWsuGIIEB JH2rhrk2/x5+n1umTIYz+78woOYdXy0nvoHyLd/W7ksxeKGjaB0i9jO8JO7AtaXhSHHR YhbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fKoN8GMH; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m5si2510463ejr.712.2021.04.08.08.31.02; Thu, 08 Apr 2021 08:31:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fKoN8GMH; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231765AbhDHPaY (ORCPT + 99 others); Thu, 8 Apr 2021 11:30:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:48150 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231630AbhDHPaY (ORCPT ); Thu, 8 Apr 2021 11:30:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C927961108; Thu, 8 Apr 2021 15:30:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1617895813; bh=ObSC29eEIMMYQErKHg+/HPZxQbS/5NvRx9UKVloQqZs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=fKoN8GMHJU6D5ourC8Tj4kmhM+ANhLHVHkFY26bU6rNFfEQkfHfZ195bG7NveJi5W OqxLiP68H5znnvcagrwb19JWVDBdyI7Na7UJEbRByq+TveIgfayqnZMEXuNt+v+V+z Rf7bDUq2cUpr9RfvpSKR4LMCZCuqkCufhb7xNvtUGxEGP067tQwpT8dPf+f3ncgeiv AuY37KNIERk2uH3SAcGksjiWCi9JWKrBhVXvu9V4+igKSUtVgfOnnK+o/WWWvp7c9W AGNQzJVt7HKYjRRk/N+lPB1/lAJUKm9wBdQULenJp/1ZiB1lCtOc1E6W0FWbX18FG+ 6axkT+V5BGULg== Date: Thu, 8 Apr 2021 08:30:11 -0700 From: Eric Biggers To: Chris von Recklinghausen Cc: ardb@kernel.org, simo@redhat.com, rafael@kernel.org, decui@microsoft.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v5 1/1] use crc32 instead of md5 for hibernation e820 integrity check Message-ID: References: <20210408131506.17941-1-crecklin@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210408131506.17941-1-crecklin@redhat.com> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Apr 08, 2021 at 09:15:06AM -0400, Chris von Recklinghausen wrote: > Suspend fails on a system in fips mode because md5 is used for the e820 > integrity check and is not available. Use crc32 instead. > > This patch changes the integrity check algorithm from md5 to > crc32. This integrity check is used only to verify accidental > corruption of the hybernation data and is not intended as a > cryptographic integrity check. > Md5 is overkill in this case and also disabled in FIPS mode because it > is known to be broken for cryptographic purposes. > > Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map > by md5 digest") > > Tested-by: Dexuan Cui > Reviewed-by: Dexuan Cui > Signed-off-by: Chris von Recklinghausen > --- > v1 -> v2 > bump up RESTORE_MAGIC > v2 -> v3 > move embelishment from cover letter to commit comments (no code change) > v3 -> v4 > add note to comments that md5 isn't used for encryption here. > v4 -> v5 > reword comment per Simo's suggestion > > arch/x86/power/hibernate.c | 35 +++++++++++++++++++---------------- > 1 file changed, 19 insertions(+), 16 deletions(-) > > diff --git a/arch/x86/power/hibernate.c b/arch/x86/power/hibernate.c > index cd3914fc9f3d..b56172553275 100644 > --- a/arch/x86/power/hibernate.c > +++ b/arch/x86/power/hibernate.c > @@ -55,31 +55,31 @@ int pfn_is_nosave(unsigned long pfn) > } > > > -#define MD5_DIGEST_SIZE 16 > +#define CRC32_DIGEST_SIZE 16 > > struct restore_data_record { > unsigned long jump_address; > unsigned long jump_address_phys; > unsigned long cr3; > unsigned long magic; > - u8 e820_digest[MD5_DIGEST_SIZE]; > + u8 e820_digest[CRC32_DIGEST_SIZE]; > }; > > -#if IS_BUILTIN(CONFIG_CRYPTO_MD5) > +#if IS_BUILTIN(CONFIG_CRYPTO_CRC32) Should CONFIG_CRYPTO_CRC32 be getting selected from somewhere? If that is too hard because it would pull in too much of the crypto API, maybe using the library interface to CRC-32 (lib/crc32.c) would be a better fit? - Eric