tfcrypt: fix "-M mac -u" failing to decrypt data due to missing ctr.

The symptom is that, even if encrypted stream is signed with MAC, and
on decryption says "signature is good", decrypted content is unavailable
and only encrypted garbage is written back.

This is due to unitialized counter (IV). This affects only STREAM mode.

If anyone ran into trouble, simply don't use -u option with -M mac.
Verifying MAC alone or skipping it with -M drop shall be safe.

diff --git a/VERSION b/VERSION
index b5489e5e51a9e547d42a398df654a8dfee00b82f..2bbd69c2e548374bb9a87e06a2cfe52136f28465 100644 (file)
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-69
+70

diff --git a/tfcrypt.c b/tfcrypt.c
index 5182a34a8467344dd3b306d17d10340b1f49efb3..9e0e6293804f258d2e00cae1bfee6a578b749da7 100644 (file)
--- a/tfcrypt.c
+++ b/tfcrypt.c
@@ -1205,6 +1205,7 @@ _decrypt_again_vrfy2:
                }
                total_processed_src = rwd;
                memcpy(ctr, svctr, TF_BLOCK_SIZE);
+               if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr);
                memset(svctr, 0, TF_BLOCK_SIZE);
        }