[PATCH v3] crypto: riscv/poly1305 - import OpenSSL/CRYPTOGAMS implementation
Eric Biggers
ebiggers at kernel.org
Tue Jun 10 12:21:32 PDT 2025
On Tue, Jun 10, 2025 at 02:57:29PM +0800, Zhihang Shao wrote:
>
> >> +void poly1305_blocks_arch(struct poly1305_block_state *state, const u8 *src,
> >> + unsigned int len, u32 padbit)
> >> +{
> >> + len = round_down(len, POLY1305_BLOCK_SIZE);
> >> + poly1305_blocks(state, src, len, 1);
> >> +}
> >> +EXPORT_SYMBOL_GPL(poly1305_blocks_arch);
> >
> > This is ignoring the padbit and forcing it to 1, so this will compute the wrong
> > Poly1305 value for messages with length not a multiple of 16 bytes.
>
> So Does this mean here the argument of poly1305_blocks should be fixed as poly1305_blocks(state, src, len, padbit)?
> But since the padbit is set to 1 in poly1305_blocks_arch according to the implementation in lib/crypto/poly1305.c,
> it seems to be no difference here.
>
> Looking forward to your reply.
While the common case is padbit=1, poly1305_final() passes padbit=0 in the case
where the message ends with a partial block. So both values have to be
supported.
- Eric
More information about the linux-riscv
mailing list