gpg: Avoid writing a zero length last chunk in AEAD mode.
* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad. (write_final_chunk): Do not increase chunkindex. (do_flush): Call set_nonce_and_ad immediately before the first encryption of a chunk. Bump up the chunkindex after writing the tag. (do_free): Do not insert a zero length last chunk. * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length). We also need to
adjust the decryption part because that assumed this zero length last
Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.
- GnuPG-bug-id: T3774
- Signed-off-by: Werner Koch <firstname.lastname@example.org>