diff --git a/src/digest.rs b/src/digest.rs index 208954e06c..39427262ac 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -264,14 +264,15 @@ impl Context { /// `finish` consumes the context so it cannot be (mis-)used after `finish` /// has been called. pub fn finish(self) -> Digest { - self.try_finish().unwrap() + let cpu = cpu::features(); + self.try_finish(cpu) + .map_err(error::Unspecified::from) + .unwrap() } - fn try_finish(mut self) -> Result { - let cpu_features = cpu::features(); + pub(crate) fn try_finish(mut self, cpu_features: cpu::Features) -> Result { self.block .try_finish(&mut self.pending, self.num_pending, cpu_features) - .map_err(error::Unspecified::from) } /// The algorithm that this context is using. diff --git a/src/hmac.rs b/src/hmac.rs index 3bac7db9d1..a62dbd731a 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -312,19 +312,21 @@ impl Context { /// the return value of `sign` to a tag. Use `verify` for verification /// instead. pub fn sign(self) -> Tag { - self.try_sign().unwrap() + self.try_sign().map_err(error::Unspecified::from).unwrap() } - fn try_sign(self) -> Result { + fn try_sign(self) -> Result { let cpu_features = cpu::features(); - let algorithm = self.inner.algorithm(); + let inner = self.inner.try_finish(cpu_features)?; + let inner = inner.as_ref(); + let num_pending = inner.len(); let buffer = &mut [0u8; digest::MAX_BLOCK_LEN]; - let num_pending = algorithm.output_len(); - buffer[..num_pending].copy_from_slice(self.inner.finish().as_ref()); + const _BUFFER_IS_LARGE_ENOUGH_TO_HOLD_INNER: () = + assert!(digest::MAX_OUTPUT_LEN < digest::MAX_BLOCK_LEN); + buffer[..num_pending].copy_from_slice(inner); self.outer .try_finish(buffer, num_pending, cpu_features) .map(Tag) - .map_err(error::Unspecified::from) } }