Re: [PATCH 1/2] crypto: qce: Fix xts-aes-qce for weak keys

Next message: Hao Li: "Re: [PATCH v2 01/16] mm/slab: do not limit zeroing to orig_size when only red zoning is enabled"
Previous message: Bui Duc Phuc: "Re: [PATCH 00/20] ASoC: Intel: Use guard() for mutex &amp; spin locks"
In reply to: Dmitry Baryshkov: "Re: [PATCH 1/2] crypto: qce: Fix xts-aes-qce for weak keys"
Next in thread: Dmitry Baryshkov: "Re: [PATCH 1/2] crypto: qce: Fix xts-aes-qce for weak keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Herbert Xu

Date: Thu Jun 11 2026 - 23:46:41 EST

On Fri, Jun 12, 2026 at 03:40:49AM +0300, Dmitry Baryshkov wrote:
>
> > Fix xts-aes-qce behavior by using generic helper xts_verify_key() to
> > reject keys early with -EINVAL for FIPS mode active(or FORBID_WEAK_KEYS
> > set). For non-FIPS mode, since QCE hardware cannot accept the keys, use
> > software fallback mechanism to encrypt the data.
>
> No, if it is a hardware driver, there should be no software fallback.

The driver must support everything that the software implementation
supports. So if the hardware can't do something, it has to use a
fallback.

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt