Re: [PATCH 1/2] crypto: qce: Fix xts-aes-qce for weak keys

Next message: Dmitry Baryshkov: "Re: [PATCH 2/2] phy: qcom: qmp-pcie: Add IPQ9650 PCIe PHY support"
Previous message: Junxiao Chang: "[PATCH] apparmor: fix use-after-free in policy replacement path"
In reply to: Herbert Xu: "Re: [PATCH 1/2] crypto: qce: Fix xts-aes-qce for weak keys"
Next in thread: Kuldeep Singh: "[PATCH 2/2] crypto: qce: Fix CTR-AES for partial block requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dmitry Baryshkov

Date: Fri Jun 12 2026 - 02:11:28 EST

On Fri, Jun 12, 2026 at 11:45:52AM +0800, Herbert Xu wrote:
> On Fri, Jun 12, 2026 at 03:40:49AM +0300, Dmitry Baryshkov wrote:
> >
> > > Fix xts-aes-qce behavior by using generic helper xts_verify_key() to
> > > reject keys early with -EINVAL for FIPS mode active(or FORBID_WEAK_KEYS
> > > set). For non-FIPS mode, since QCE hardware cannot accept the keys, use
> > > software fallback mechanism to encrypt the data.
> >
> > No, if it is a hardware driver, there should be no software fallback.
>
> The driver must support everything that the software implementation
> supports. So if the hardware can't do something, it has to use a
> fallback.

It's unexpected. But you know it better than I do.

--
With best wishes
Dmitry