commit b9f6d507dd7fafa940b5afbc6f1b85701eda8ba3
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 25 17:55:17 2013 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Jul 07 14:35:02 2014 +0200
tree e208afddc1ad047bdb15a28517d8db97ad6587b3
parent 7ab2d5daf5311d7e6e148fa6a465b2d09f3d1dd8

crypt_and_hash: check MAC earlier

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 7f76b7f..12bbaf0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@
 Bugfix
    * Fixed X.509 hostname comparison (with non-regular characters)
    * SSL now gracefully handles missing RNG
+   * crypt_and_hash app checks MAC before final decryption
 
 = Version 1.2.10 released 2013-10-07
 Changes

programs/aes/crypt_and_hash.c

diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 37d9d30..0448440 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -454,17 +454,6 @@
         }
 
         /*
-         * Write the final block of data
-         */
-        cipher_finish( &cipher_ctx, output, &olen );
-
-        if( fwrite( output, 1, olen, fout ) != olen )
-        {
-            fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
-            goto exit;
-        }
-
-        /*
          * Verify the message authentication code.
          */
         md_hmac_finish( &md_ctx, digest );
@@ -486,6 +475,17 @@
                              "or file corrupted.\n" );
             goto exit;
         }
+
+        /*
+         * Write the final block of data
+         */
+        cipher_finish( &cipher_ctx, output, &olen );
+
+        if( fwrite( output, 1, olen, fout ) != olen )
+        {
+            fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+            goto exit;
+        }
     }
 
     ret = 0;