From 93c386cb6cad867f40fb14d3e0d57215f8ac9128 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Tue, 26 Sep 2017 21:28:08 +0200
Subject: [PATCH] Mention when the state will eventually be cleared

---
 .../crypto_onetimeauth/poly1305/donna/poly1305_donna32.h        | 2 +-
 .../crypto_onetimeauth/poly1305/donna/poly1305_donna64.h        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h
index e562ac4f..bcf447cd 100644
--- a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h
+++ b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h
@@ -28,7 +28,7 @@ typedef struct poly1305_state_internal_t {
 static void
 poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
 {
-    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff - wiped after finalization */
     st->r[0] = (LOAD32_LE(&key[0])) & 0x3ffffff;
     st->r[1] = (LOAD32_LE(&key[3]) >> 2) & 0x3ffff03;
     st->r[2] = (LOAD32_LE(&key[6]) >> 4) & 0x3ffc0ff;
diff --git a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h
index 695ad28f..a082e9ae 100644
--- a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h
+++ b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h
@@ -46,6 +46,7 @@ poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
     t0 = LOAD64_LE(&key[0]);
     t1 = LOAD64_LE(&key[8]);
 
+    /* wiped after finalization */
     st->r[0] = (t0) &0xffc0fffffff;
     st->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
     st->r[2] = ((t1 >> 24)) & 0x00ffffffc0f;