[PATCH v3] crypto: riscv/poly1305 - import OpenSSL/CRYPTOGAMS implementation

Andy Polyakov appro at cryptogams.org
Tue Jun 10 06:26:40 PDT 2025


>> +void poly1305_blocks_arch(struct poly1305_block_state *state, const u8 *src,
>> +			  unsigned int len, u32 padbit)
>> +{
>> +	len = round_down(len, POLY1305_BLOCK_SIZE);
>> +	poly1305_blocks(state, src, len, 1);
>> +}
>> +EXPORT_SYMBOL_GPL(poly1305_blocks_arch);
> 
> This is ignoring the padbit and forcing it to 1, so this will compute the wrong
> Poly1305 value for messages with length not a multiple of 16 bytes.

Right. There seems to be misunderstanding. It should be sufficient to 
pass -Dpoly1305_blocks=poly1305_blocks_arch as one compiles the assembly 
module, linux/lib/crypto takes proper care of the padding and the padbit 
to meet the assembly module's "expectations." In other words there is no 
need to implement this glue subroutine in C, not here.

Cheers.




More information about the linux-riscv mailing list