From 4dd061a7ac3160c322fd035bc4a7bfa7a0bb9d13 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 17 Nov 2022 23:54:21 +0100
Subject: ghash: handle the .hi_lo case when no CLMUL acceleration is present,
 too

---
 lib/std/crypto/ghash.zig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/std')

diff --git a/lib/std/crypto/ghash.zig b/lib/std/crypto/ghash.zig
index 7052b07794..c60710c4ba 100644
--- a/lib/std/crypto/ghash.zig
+++ b/lib/std/crypto/ghash.zig
@@ -146,7 +146,7 @@ pub const Ghash = struct {
 
     // Software carryless multiplication of two 64-bit integers.
     fn clmulSoft(x_: u128, y_: u128, comptime half: Selector) u128 {
-        const x = @truncate(u64, if (half == .hi) x_ >> 64 else x_);
+        const x = @truncate(u64, if (half == .hi or half == .hi_lo) x_ >> 64 else x_);
         const y = @truncate(u64, if (half == .hi) y_ >> 64 else y_);
 
         const x0 = x & 0x1111111111111110;
-- 
cgit v1.2.3