Avoid false positive valgrind in TLS CBC decryption

We poisoned the record before decrypting it, which caused failures with Camellia ciphersuites (or AES, on platforms that use T-tables). Instead poison it right after decrypting.
author: Jack Lloyd <[email protected]> 2017-08-29 14:52:53 -0400
committer: Jack Lloyd <[email protected]> 2017-08-29 14:52:53 -0400
commit: d024157179b0e313dc0fd1bf228236e68b673132 (patch)
tree: 807de0057a95422664ab1c07898f4d1df9eb2803 /src/lib/tls/tls_cbc
parent: 6b216d6d16eb0cae4c850afa02f6d25e2f75496e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp
index 9b6f511f5..9e178a457 100644
--- a/src/lib/tls/tls_cbc/tls_cbc.cpp
+++ b/src/lib/tls/tls_cbc/tls_cbc.cpp
@@ -422,10 +422,10 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t
       }
    else
       {
-      CT::poison(record_contents, record_len);
-
       cbc_decrypt_record(record_contents, record_len);
 
+      CT::poison(record_contents, record_len);
+
       // 0 if padding was invalid, otherwise 1 + padding_bytes
       uint16_t pad_size = check_tls_padding(record_contents, record_len);
author	Jack Lloyd <[email protected]>	2017-08-29 14:52:53 -0400
committer	Jack Lloyd <[email protected]>	2017-08-29 14:52:53 -0400
commit	d024157179b0e313dc0fd1bf228236e68b673132 (patch)
tree	807de0057a95422664ab1c07898f4d1df9eb2803 /src/lib/tls/tls_cbc
parent	6b216d6d16eb0cae4c850afa02f6d25e2f75496e (diff)