Header info is assumed unreliable during rescue so a tag mismatch
must not result in a bad object.
Always creates a fresh decryptor, so validation steps across objects don’t
apply.
+
+ Errors during GCM tag validation are ignored.
"""
ctleft = hdr ["ctsize"]
pos = off
pt = decr.process (cnk)
if ofd != -1:
os.write (ofd, pt)
- pt = decr.done ()
+ try:
+ pt = decr.done ()
+ except InvalidGCMTag:
+ noise ("PDT: GCM tag mismatch for object %d–%d"
+ % (off, off + hdr ["ctsize"]))
if len (pt) > 0 and ofd != -1:
os.write (ofd, pt)