From b9f6d507dd7fafa940b5afbc6f1b85701eda8ba3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 25 Nov 2013 17:55:17 +0100 Subject: [PATCH] crypt_and_hash: check MAC earlier --- ChangeLog | 1 + programs/aes/crypt_and_hash.c | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7f76b7fc2..12bbaf051 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ Changes Bugfix * Fixed X.509 hostname comparison (with non-regular characters) * SSL now gracefully handles missing RNG + * crypt_and_hash app checks MAC before final decryption = Version 1.2.10 released 2013-10-07 Changes diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 37d9d3093..0448440a7 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -453,17 +453,6 @@ int main( int argc, char *argv[] ) } } - /* - * Write the final block of data - */ - cipher_finish( &cipher_ctx, output, &olen ); - - if( fwrite( output, 1, olen, fout ) != olen ) - { - fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen ); - goto exit; - } - /* * Verify the message authentication code. */ @@ -486,6 +475,17 @@ int main( int argc, char *argv[] ) "or file corrupted.\n" ); goto exit; } + + /* + * Write the final block of data + */ + cipher_finish( &cipher_ctx, output, &olen ); + + if( fwrite( output, 1, olen, fout ) != olen ) + { + fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen ); + goto exit; + } } ret = 0;