diff --git a/lib/std/crypto/ghash.zig b/lib/std/crypto/ghash.zig index 6a1bf7c186..04bc6a8275 100644 --- a/lib/std/crypto/ghash.zig +++ b/lib/std/crypto/ghash.zig @@ -250,7 +250,7 @@ pub const Ghash = struct { } mb = mb[want..]; st.leftover += want; - if (st.leftover > block_size) { + if (st.leftover < block_size) { return; } st.blocks(&st.buf); @@ -269,14 +269,21 @@ pub const Ghash = struct { } } - pub fn final(st: *Ghash, out: *[mac_length]u8) void { - if (st.leftover > 0) { - var i = st.leftover; - while (i < block_size) : (i += 1) { - st.buf[i] = 0; - } - st.blocks(&st.buf); + /// Zero-pad to align the next input to the first byte of a block + pub fn pad(st: *Ghash) void { + if (st.leftover == 0) { + return; } + var i = st.leftover; + while (i < block_size) : (i += 1) { + st.buf[i] = 0; + } + st.blocks(&st.buf); + st.leftover = 0; + } + + pub fn final(st: *Ghash, out: *[mac_length]u8) void { + st.pad(); mem.writeIntBig(u64, out[0..8], st.y1); mem.writeIntBig(u64, out[8..16], st.y0); diff --git a/lib/std/crypto/poly1305.zig b/lib/std/crypto/poly1305.zig index 31d1d6ba5a..c6613f64ba 100644 --- a/lib/std/crypto/poly1305.zig +++ b/lib/std/crypto/poly1305.zig @@ -91,7 +91,7 @@ pub const Poly1305 = struct { } mb = mb[want..]; st.leftover += want; - if (st.leftover > block_size) { + if (st.leftover < block_size) { return; } st.blocks(&st.buf, false); @@ -114,6 +114,19 @@ pub const Poly1305 = struct { } } + /// Zero-pad to align the next input to the first byte of a block + pub fn pad(st: *Poly1305) void { + if (st.leftover == 0) { + return; + } + var i = st.leftover; + while (i < block_size) : (i += 1) { + st.buf[i] = 0; + } + st.blocks(&st.buf); + st.leftover = 0; + } + pub fn final(st: *Poly1305, out: *[mac_length]u8) void { if (st.leftover > 0) { var i = st.leftover;