[PATCH v3] crypto: riscv/poly1305 - import OpenSSL/CRYPTOGAMS implementation
Andy Polyakov
appro at cryptogams.org
Tue Jun 10 06:26:40 PDT 2025
>> +void poly1305_blocks_arch(struct poly1305_block_state *state, const u8 *src,
>> + unsigned int len, u32 padbit)
>> +{
>> + len = round_down(len, POLY1305_BLOCK_SIZE);
>> + poly1305_blocks(state, src, len, 1);
>> +}
>> +EXPORT_SYMBOL_GPL(poly1305_blocks_arch);
>
> This is ignoring the padbit and forcing it to 1, so this will compute the wrong
> Poly1305 value for messages with length not a multiple of 16 bytes.
Right. There seems to be misunderstanding. It should be sufficient to
pass -Dpoly1305_blocks=poly1305_blocks_arch as one compiles the assembly
module, linux/lib/crypto takes proper care of the padding and the padbit
to meet the assembly module's "expectations." In other words there is no
need to implement this glue subroutine in C, not here.
Cheers.
More information about the linux-riscv
mailing list