+void poly1305_blocks_arch(struct poly1305_block_state *state, const u8 *src, + unsigned int len, u32 padbit) +{ + len = round_down(len, POLY1305_BLOCK_SIZE); + poly1305_blocks(state, src, len, 1); +} +EXPORT_SYMBOL_GPL(poly1305_blocks_arch);This is ignoring the padbit and forcing it to 1, so this will compute the wrong Poly1305 value for messages with length not a multiple of 16 bytes.
Right. There seems to be misunderstanding. It should be sufficient to pass -Dpoly1305_blocks=poly1305_blocks_arch as one compiles the assembly module, linux/lib/crypto takes proper care of the padding and the padbit to meet the assembly module's "expectations." In other words there is no need to implement this glue subroutine in C, not here.
Cheers.
