fix: ignore compression of blocks after msg.len in sha256_var

noir-lang · Oct 2, 2024 · 50ae16b · 50ae16b
1 parent 2eb4a2c
commit 50ae16b
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr
@@ -96,6 +96,12 @@ pub fn sha256_var<let N: u32>(msg: [u8; N], message_size: u64) -> [u8; 32] {
         };
         if msg_start < message_size {
             msg_block = new_msg_block;
+
+            // If the block is filled, compress it.
+            // An un-filled block is handled after this loop.
+            if msg_byte_ptr == BLOCK_SIZE {
+                h = sha256_compression(msg_u8_to_u32(msg_block), h);
+            }
         }
 
         if !is_unconstrained() {
@@ -107,12 +113,6 @@ pub fn sha256_var<let N: u32>(msg: [u8; N], message_size: u64) -> [u8; 32] {
         } else if msg_start < message_size {
             msg_byte_ptr = new_msg_byte_ptr;
         }
-
-        // If the block is filled, compress it.
-        // An un-filled block is handled after this loop.
-        if msg_byte_ptr == BLOCK_SIZE {
-            h = sha256_compression(msg_u8_to_u32(msg_block), h);
-        }
     }
 
     let modulo = N % BLOCK_SIZE;