X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/8276a9c565bc29afbc6cc120dfde0801c06c2bbd..c90ce6bb395bac18afa5b189e4664151d4d8ea2c:/symm/poly1305.c

diff --git a/symm/poly1305.c b/symm/poly1305.c
index 3a838a83..d237d4e7 100644
--- a/symm/poly1305.c
+++ b/symm/poly1305.c
@@ -183,7 +183,7 @@ static void mul_r(const poly1305_ctx *ctx, felt z, const felt x)
 
 #endif
 
-/*----- Low-level implementation for 32/64-bit targets --------------------*/
+/*----- Low-level implementation for 16/32-bit targets --------------------*/
 
 #ifndef POLY1305_IMPL
 #  define POLY1305_IMPL 11
@@ -875,6 +875,7 @@ void poly1305_done(poly1305_ctx *ctx, void *h)
 
 #include <mLib/testrig.h>
 
+#include "ct.h"
 #include "rijndael-ecb.h"
 
 static int vrf_hash(dstr v[])
@@ -889,6 +890,7 @@ static int vrf_hash(dstr v[])
   if (v[3].len != 16) { fprintf(stderr, "bad tag length\n"); exit(2); }
   dstr_ensure(&t, 16); t.len = 16;
 
+  ct_poison(v[0].buf, v[0].len);
   poly1305_keyinit(&k, v[0].buf, v[0].len);
   for (i = 0; i < v[2].len; i++) {
     for (j = i; j < v[2].len; j++) {
@@ -897,6 +899,7 @@ static int vrf_hash(dstr v[])
       poly1305_hash(&ctx, v[2].buf + i, j - i);
       poly1305_hash(&ctx, v[2].buf + j, v[2].len - j);
       poly1305_done(&ctx, t.buf);
+      ct_remedy(t.buf, t.len);
       if (memcmp(t.buf, v[3].buf, 16) != 0) {
 	fprintf(stderr, "failed...");
 	fprintf(stderr, "\n\tkey    = "); type_hex.dump(&v[0], stderr);