--- a/libidav/crypto.c Sun Sep 17 11:21:31 2023 +0200 +++ b/libidav/crypto.c Sun Sep 17 12:08:04 2023 +0200 @@ -1093,10 +1093,11 @@ // ready to decrypt the message ULONG outlen = clen + 32; - unsigned char *out = malloc(outlen); // decrypt if(clen > 0) { + unsigned char* out = malloc(outlen); + ULONG enc_len = 0; ULONG status = BCryptDecrypt(dec->ctx.hKey, cbuf, clen, NULL, dec->ctx.pbIV, 16, out, outlen, &enc_len, 0); if(status > 0) { @@ -1106,13 +1107,14 @@ return 0; } outlen = enc_len; + + // write decrypted data to the output stream and update the hash + dec->write(out, 1, outlen, dec->stream); + BCryptHashData(dec->sha256.hHash, out, outlen, 0); + + free(out); } - // write decrypted data to the output stream and update the hash - dec->write(out, 1, outlen, dec->stream); - BCryptHashData(dec->sha256.hHash, out, outlen, 0); - - free(out); free(cbuf); return (s*n) / s;