remove From<[u64; 2]> for Block

src/aead/aes_gcm.rs

@@ -17,7 +17,10 @@ use super::{
     block::{Block, BLOCK_LEN},
     gcm, shift, Aad, Nonce, Tag,
 };
-use crate::{aead, cpu, error, polyfill};
+use crate::{
+    aead, cpu, error,
+    polyfill::{self, array_flatten},
+};
 use core::ops::RangeFrom;
 
 /// AES-128 in GCM mode with 128-bit tags and 96 bit nonces.
@@ -242,7 +245,9 @@ fn finish(
     // Authenticate the final block containing the input lengths.
     let aad_bits = polyfill::u64_from_usize(aad_len) << 3;
     let ciphertext_bits = polyfill::u64_from_usize(in_out_len) << 3;
-    gcm_ctx.update_block(Block::from([aad_bits, ciphertext_bits]));
+    gcm_ctx.update_block(Block::from(&array_flatten(
+        [aad_bits, ciphertext_bits].map(u64::to_be_bytes),
+    )));
 
     // Finalize the tag and return it.
     gcm_ctx.pre_finish(|pre_tag| {

src/aead/block.rs

@@ -42,13 +42,6 @@ impl Block {
     }
 }
 
-impl From<[u64; 2]> for Block {
-    #[inline]
-    fn from(other: [u64; 2]) -> Self {
-        Self([other[0].into(), other[1].into()])
-    }
-}
-
 impl BitXorAssign for Block {
     #[inline]
     fn bitxor_assign(&mut self, a: Self) {

src/aead/gcm/gcm_nohw.rs

@@ -23,7 +23,7 @@
 // Unlike the BearSSL notes, we use u128 in the 64-bit implementation.
 
 use super::{Block, Xi, BLOCK_LEN};
-use crate::polyfill::ChunksFixed;
+use crate::polyfill::{array_flatten, ChunksFixed};
 
 #[cfg(target_pointer_width = "64")]
 fn gcm_mul64_nohw(a: u64, b: u64) -> (u64, u64) {
@@ -241,5 +241,6 @@ fn with_swapped_xi(Xi(xi): &mut Xi, f: impl FnOnce(&mut [u64; 2])) {
     };
     let mut swapped: [u64; 2] = [unswapped[1], unswapped[0]];
     f(&mut swapped);
-    *xi = Block::from([swapped[1], swapped[0]])
+    let reswapped = [swapped[1], swapped[0]];
+    *xi = Block::from(&array_flatten(reswapped.map(u64::to_be_bytes)))
 }