On Tue, Mar 30, 2021 at 12:14 AM Dexuan Cui <decui@xxxxxxxxxxxxx> wrote:
Hi,I would say yes, it should.
MD5 was marked incompliant with FIPS in 2009:
a3bef3a31a19 ("crypto: testmgr - Skip algs not flagged fips_allowed in fips mode")
a1915d51e8e7 ("crypto: testmgr - Mark algs allowed in fips mode")
But hibernation_e820_save() is still using MD5, and fails in FIPS mode
due to the 2018 patch:
749fa17093ff ("PM / hibernate: Check the success of generating md5 digest before hibernation")
As a result, hibernation doesn't work when FIPS is on.
Do you think if hibernation_e820_save() should be changed to use a
FIPS-compliant algorithm like SHA-1?
PS, currently it looks like FIPS mode is broken in the mainline:
https://www.mail-archive.com/linux-crypto@xxxxxxxxxxxxxxx/msg49414.html