From ea582c70ef8079b1b5b925930cdb2cd517a2e4ec Mon Sep 17 00:00:00 2001
From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Tue, 17 Apr 2018 00:52:14 +0200
Subject: [PATCH] crypto_check does not wipe context

---
 doc/man/man3/crypto_sign_init_first_pass.3monocypher | 1 -
 src/monocypher.c                                     | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man/man3/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/crypto_sign_init_first_pass.3monocypher
index 63f9620..2687bde 100644
--- a/doc/man/man3/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/crypto_sign_init_first_pass.3monocypher
@@ -102,7 +102,6 @@ Update with
 .It
 Signature verification with
 .Fn crypto_check_final .
-This also wipes the context.
 .El
 .Sh RETURN VALUES
 .Fn crypto_sign_init_first_pass ,
diff --git a/src/monocypher.c b/src/monocypher.c
index ea462e5..04656af 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1676,6 +1676,7 @@ int crypto_check_final(crypto_check_ctx *ctx)
     ge_add(&diff, &p, &sB);                    // diff = s - A*h_ram
     ge_tobytes(R_check, &diff);
     return crypto_verify32(ctx->sig, R_check); // R == s - A*h_ram ? OK : fail
+    // No secret, no wipe
 }
 
 int crypto_check(const u8  signature[64],
-- 
2.47.3