only add tagLength on encrypt

kessplas · kessplas · commit 0729affb84f3 · 2025-05-16T15:05:20.000-07:00
diff --git a/src/main/java/software/amazon/encryption/s3/internal/CipherSubscriber.java b/src/main/java/software/amazon/encryption/s3/internal/CipherSubscriber.java
@@ -21,6 +21,7 @@ public class CipherSubscriber implements Subscriber<ByteBuffer> {
     private final Long contentLength;
     private final boolean isLastPart;
     private final int tagLength;
+    private final boolean isEncrypt;
     private final AtomicBoolean finalBytesCalled = new AtomicBoolean(false);
 
     private byte[] outputBuffer;
@@ -31,6 +32,7 @@ public class CipherSubscriber implements Subscriber<ByteBuffer> {
         this.cipher = materials.getCipher(iv);
         this.isLastPart = isLastPart;
         this.tagLength = materials.algorithmSuite().cipherTagLengthBytes();
+        this.isEncrypt = (CipherMode.DECRYPT != materials.cipherMode());
     }
 
     CipherSubscriber(Subscriber<? super ByteBuffer> wrappedSubscriber, Long contentLength, CryptographicMaterials materials, byte[] iv) {
@@ -73,7 +75,9 @@ public void onNext(ByteBuffer byteBuffer) {
                 // Note that while the JCE Javadoc specifies that the outputBuffer is null in this case,
                 // in practice SunJCE and ACCP return an empty buffer instead, hence checks for
                 // null OR length == 0.
-                if (contentRead.get() + tagLength >= contentLength) {
+
+                // tagLength should only be added on Encrypt
+                if (contentRead.get() + (isEncrypt ? tagLength : 0) >= contentLength) {
                     // All content has been read, so complete to get the final bytes
                     System.out.println("[CipherSubscriber] All content read (" + contentRead.get() + " bytes), proceeding to finalBytes");
                     finalBytes();
@@ -154,7 +158,8 @@ public void onComplete() {
         // In rare cases, e.g. when the last part of a low-level MPU has 0 length,
         // onComplete will be called before onNext is called once.
         System.out.println("[CipherSubscriber] onComplete called");
-        if (contentRead.get() + tagLength <= contentLength) {
+        // tagLength should only be added on Encrypt
+        if (contentRead.get() + (isEncrypt ? tagLength : 0) >= contentLength) {
             System.out.println("[CipherSubscriber] onComplete called prematurely! The content read is " + contentRead.get() + " but the contentLength is " + contentLength);
             finalBytes();
         }
