39 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_init()  local
41 	poly1305_core_init(&dctx->h);  in crypto_poly1305_init()
42 	dctx->buflen = 0;  in crypto_poly1305_init()
43 	dctx->rset = false;  in crypto_poly1305_init()
44 	dctx->sset = false;  in crypto_poly1305_init()
66 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,  in crypto_poly1305_setdesckey()  argument
69 	if (!dctx->sset) {  in crypto_poly1305_setdesckey()
70 		if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {  in crypto_poly1305_setdesckey()
71 			poly1305_core_setkey(&dctx->r, src);  in crypto_poly1305_setdesckey()
74 			dctx->rset = true;  in crypto_poly1305_setdesckey()
77 			dctx->s[0] = get_unaligned_le32(src +  0);  in crypto_poly1305_setdesckey()
78 			dctx->s[1] = get_unaligned_le32(src +  4);  in crypto_poly1305_setdesckey()
79 			dctx->s[2] = get_unaligned_le32(src +  8);  in crypto_poly1305_setdesckey()
80 			dctx->s[3] = get_unaligned_le32(src + 12);  in crypto_poly1305_setdesckey()
83 			dctx->sset = true;  in crypto_poly1305_setdesckey()
166 static void poly1305_blocks(struct poly1305_desc_ctx *dctx,  in poly1305_blocks()  argument
171 	if (unlikely(!dctx->sset)) {  in poly1305_blocks()
172 		datalen = crypto_poly1305_setdesckey(dctx, src, srclen);  in poly1305_blocks()
177 	poly1305_blocks_internal(&dctx->h, &dctx->r,  in poly1305_blocks()
184 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_update()  local
187 	if (unlikely(dctx->buflen)) {  in crypto_poly1305_update()
188 		bytes = min(srclen, POLY1305_BLOCK_SIZE - dctx->buflen);  in crypto_poly1305_update()
189 		memcpy(dctx->buf + dctx->buflen, src, bytes);  in crypto_poly1305_update()
192 		dctx->buflen += bytes;  in crypto_poly1305_update()
194 		if (dctx->buflen == POLY1305_BLOCK_SIZE) {  in crypto_poly1305_update()
195 			poly1305_blocks(dctx, dctx->buf,  in crypto_poly1305_update()
197 			dctx->buflen = 0;  in crypto_poly1305_update()
202 		poly1305_blocks(dctx, src, srclen, 1 << 24);  in crypto_poly1305_update()
208 		dctx->buflen = srclen;  in crypto_poly1305_update()
209 		memcpy(dctx->buf, src, srclen);  in crypto_poly1305_update()
266 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_final()  local
270 	if (unlikely(!dctx->sset))  in crypto_poly1305_final()
273 	if (unlikely(dctx->buflen)) {  in crypto_poly1305_final()
274 		dctx->buf[dctx->buflen++] = 1;  in crypto_poly1305_final()
275 		memset(dctx->buf + dctx->buflen, 0,  in crypto_poly1305_final()
276 		       POLY1305_BLOCK_SIZE - dctx->buflen);  in crypto_poly1305_final()
277 		poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);  in crypto_poly1305_final()
280 	poly1305_core_emit(&dctx->h, digest);  in crypto_poly1305_final()
283 	f = (f >> 32) + le32_to_cpu(digest[0]) + dctx->s[0];  in crypto_poly1305_final()
285 	f = (f >> 32) + le32_to_cpu(digest[1]) + dctx->s[1];  in crypto_poly1305_final()
287 	f = (f >> 32) + le32_to_cpu(digest[2]) + dctx->s[2];  in crypto_poly1305_final()
289 	f = (f >> 32) + le32_to_cpu(digest[3]) + dctx->s[3];  in crypto_poly1305_final()