58     poly1305_state *state) {  in poly1305_aligned_state()  argument
59   return (struct poly1305_state_st *)(((uintptr_t)state + 63) & ~63);  in poly1305_aligned_state()
62 // poly1305_blocks updates |state| given some amount of input data. This
65 static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in,  in poly1305_update()  argument
87   state->h0 += t0 & 0x3ffffff;  in poly1305_update()
88   state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;  in poly1305_update()
89   state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;  in poly1305_update()
90   state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;  in poly1305_update()
91   state->h4 += (t3 >> 8) | (1 << 24);  in poly1305_update()
94   t[0] = mul32x32_64(state->h0, state->r0) + mul32x32_64(state->h1, state->s4) +  in poly1305_update()
95          mul32x32_64(state->h2, state->s3) + mul32x32_64(state->h3, state->s2) +  in poly1305_update()
96          mul32x32_64(state->h4, state->s1);  in poly1305_update()
97   t[1] = mul32x32_64(state->h0, state->r1) + mul32x32_64(state->h1, state->r0) +  in poly1305_update()
98          mul32x32_64(state->h2, state->s4) + mul32x32_64(state->h3, state->s3) +  in poly1305_update()
99          mul32x32_64(state->h4, state->s2);  in poly1305_update()
100   t[2] = mul32x32_64(state->h0, state->r2) + mul32x32_64(state->h1, state->r1) +  in poly1305_update()
101          mul32x32_64(state->h2, state->r0) + mul32x32_64(state->h3, state->s4) +  in poly1305_update()
102          mul32x32_64(state->h4, state->s3);  in poly1305_update()
103   t[3] = mul32x32_64(state->h0, state->r3) + mul32x32_64(state->h1, state->r2) +  in poly1305_update()
104          mul32x32_64(state->h2, state->r1) + mul32x32_64(state->h3, state->r0) +  in poly1305_update()
105          mul32x32_64(state->h4, state->s4);  in poly1305_update()
106   t[4] = mul32x32_64(state->h0, state->r4) + mul32x32_64(state->h1, state->r3) +  in poly1305_update()
107          mul32x32_64(state->h2, state->r2) + mul32x32_64(state->h3, state->r1) +  in poly1305_update()
108          mul32x32_64(state->h4, state->r0);  in poly1305_update()
110   state->h0 = (uint32_t)t[0] & 0x3ffffff;  in poly1305_update()
113   state->h1 = (uint32_t)t[1] & 0x3ffffff;  in poly1305_update()
116   state->h2 = (uint32_t)t[2] & 0x3ffffff;  in poly1305_update()
119   state->h3 = (uint32_t)t[3] & 0x3ffffff;  in poly1305_update()
122   state->h4 = (uint32_t)t[4] & 0x3ffffff;  in poly1305_update()
124   state->h0 += b * 5;  in poly1305_update()
150   state->h0 += t0 & 0x3ffffff;  in poly1305_update()
151   state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;  in poly1305_update()
152   state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;  in poly1305_update()
153   state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;  in poly1305_update()
154   state->h4 += (t3 >> 8);  in poly1305_update()
160   struct poly1305_state_st *state = poly1305_aligned_state(statep);  in CRYPTO_poly1305_init()  local
176   state->r0 = t0 & 0x3ffffff;  in CRYPTO_poly1305_init()
179   state->r1 = t0 & 0x3ffff03;  in CRYPTO_poly1305_init()
182   state->r2 = t1 & 0x3ffc0ff;  in CRYPTO_poly1305_init()
185   state->r3 = t2 & 0x3f03fff;  in CRYPTO_poly1305_init()
187   state->r4 = t3 & 0x00fffff;  in CRYPTO_poly1305_init()
189   state->s1 = state->r1 * 5;  in CRYPTO_poly1305_init()
190   state->s2 = state->r2 * 5;  in CRYPTO_poly1305_init()
191   state->s3 = state->r3 * 5;  in CRYPTO_poly1305_init()
192   state->s4 = state->r4 * 5;  in CRYPTO_poly1305_init()
194   // init state  in CRYPTO_poly1305_init()
195   state->h0 = 0;  in CRYPTO_poly1305_init()
196   state->h1 = 0;  in CRYPTO_poly1305_init()
197   state->h2 = 0;  in CRYPTO_poly1305_init()
198   state->h3 = 0;  in CRYPTO_poly1305_init()
199   state->h4 = 0;  in CRYPTO_poly1305_init()
201   state->buf_used = 0;  in CRYPTO_poly1305_init()
202   OPENSSL_memcpy(state->key, key + 16, sizeof(state->key));  in CRYPTO_poly1305_init()
207   struct poly1305_state_st *state = poly1305_aligned_state(statep);  in CRYPTO_poly1305_update()  local
216   if (state->buf_used) {  in CRYPTO_poly1305_update()
217     size_t todo = 16 - state->buf_used;  in CRYPTO_poly1305_update()
222       state->buf[state->buf_used + i] = in[i];  in CRYPTO_poly1305_update()
224     state->buf_used += todo;  in CRYPTO_poly1305_update()
228     if (state->buf_used == 16) {  in CRYPTO_poly1305_update()
229       poly1305_update(state, state->buf, 16);  in CRYPTO_poly1305_update()
230       state->buf_used = 0;  in CRYPTO_poly1305_update()
236     poly1305_update(state, in, todo);  in CRYPTO_poly1305_update()
243       state->buf[i] = in[i];  in CRYPTO_poly1305_update()
245     state->buf_used = in_len;  in CRYPTO_poly1305_update()
250   struct poly1305_state_st *state = poly1305_aligned_state(statep);  in CRYPTO_poly1305_finish()  local
262   if (state->buf_used) {  in CRYPTO_poly1305_finish()
263     poly1305_update(state, state->buf, state->buf_used);  in CRYPTO_poly1305_finish()
266   b = state->h0 >> 26;  in CRYPTO_poly1305_finish()
267   state->h0 = state->h0 & 0x3ffffff;  in CRYPTO_poly1305_finish()
268   state->h1 += b;  in CRYPTO_poly1305_finish()
269   b = state->h1 >> 26;  in CRYPTO_poly1305_finish()
270   state->h1 = state->h1 & 0x3ffffff;  in CRYPTO_poly1305_finish()
271   state->h2 += b;  in CRYPTO_poly1305_finish()
272   b = state->h2 >> 26;  in CRYPTO_poly1305_finish()
273   state->h2 = state->h2 & 0x3ffffff;  in CRYPTO_poly1305_finish()
274   state->h3 += b;  in CRYPTO_poly1305_finish()
275   b = state->h3 >> 26;  in CRYPTO_poly1305_finish()
276   state->h3 = state->h3 & 0x3ffffff;  in CRYPTO_poly1305_finish()
277   state->h4 += b;  in CRYPTO_poly1305_finish()
278   b = state->h4 >> 26;  in CRYPTO_poly1305_finish()
279   state->h4 = state->h4 & 0x3ffffff;  in CRYPTO_poly1305_finish()
280   state->h0 += b * 5;  in CRYPTO_poly1305_finish()
282   g0 = state->h0 + 5;  in CRYPTO_poly1305_finish()
285   g1 = state->h1 + b;  in CRYPTO_poly1305_finish()
288   g2 = state->h2 + b;  in CRYPTO_poly1305_finish()
291   g3 = state->h3 + b;  in CRYPTO_poly1305_finish()
294   g4 = state->h4 + b - (1 << 26);  in CRYPTO_poly1305_finish()
298   state->h0 = (state->h0 & nb) | (g0 & b);  in CRYPTO_poly1305_finish()
299   state->h1 = (state->h1 & nb) | (g1 & b);  in CRYPTO_poly1305_finish()
300   state->h2 = (state->h2 & nb) | (g2 & b);  in CRYPTO_poly1305_finish()
301   state->h3 = (state->h3 & nb) | (g3 & b);  in CRYPTO_poly1305_finish()
302   state->h4 = (state->h4 & nb) | (g4 & b);  in CRYPTO_poly1305_finish()
304   f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]);  in CRYPTO_poly1305_finish()
305   f1 = ((state->h1 >> 6) | (state->h2 << 20)) +  in CRYPTO_poly1305_finish()
306        (uint64_t)U8TO32_LE(&state->key[4]);  in CRYPTO_poly1305_finish()
307   f2 = ((state->h2 >> 12) | (state->h3 << 14)) +  in CRYPTO_poly1305_finish()
308        (uint64_t)U8TO32_LE(&state->key[8]);  in CRYPTO_poly1305_finish()
309   f3 = ((state->h3 >> 18) | (state->h4 << 8)) +  in CRYPTO_poly1305_finish()
310        (uint64_t)U8TO32_LE(&state->key[12]);  in CRYPTO_poly1305_finish()