Legacy unauthenticated modes with range queries can cause AEADBadTagException spam

[tbaeg]

Problem:

I've noticed excessive spamming of the logs that have something similar to below. I haven't been able to get time to replicated this locally, but if legacy unauthenticated mode (with a range query) is executed, should this type of exception ever occur? Seems authentication is still occurring when it shouldn't be.

Of note, we have on: legacy unauthenticated mode, delayed authentication and legacy wrapping algorithms on.

The delayed authentication flag was turned on due to buffers being larger than we'd like.

software.amazon.encryption.s3.S3EncryptionClientSecurityException: Input data too short to contain an expected tag length of 16bytes
	at software.amazon.encryption.s3.internal.CipherSubscriber.onComplete(CipherSubscriber.java:110)
	at software.amazon.awssdk.core.async.listener.SubscriberListener$NotifyingSubscriber.onComplete(SubscriberListener.java:97)
	at software.amazon.awssdk.services.s3.internal.checksums.S3ChecksumValidatingPublisher$ChecksumValidatingSubscriber.onComplete(S3ChecksumValidatingPublisher.java:148)
	at software.amazon.awssdk.core.internal.metrics.BytesReadTrackingPublisher$BytesReadTracker.onComplete(BytesReadTrackingPublisher.java:74)
	at software.amazon.awssdk.http.nio.netty.internal.ResponseHandler$DataCountingPublisher$1.onComplete(ResponseHandler.java:519)
	at software.amazon.awssdk.http.nio.netty.internal.ResponseHandler.runAndLogError(ResponseHandler.java:254)
	at software.amazon.awssdk.http.nio.netty.internal.ResponseHandler.access$600(ResponseHandler.java:77)
	at software.amazon.awssdk.http.nio.netty.internal.ResponseHandler$PublisherAdapter$1.onComplete(ResponseHandler.java:375)
	at software.amazon.awssdk.http.nio.netty.internal.nrs.HandlerPublisher.publishMessage(HandlerPublisher.java:402)
	at software.amazon.awssdk.http.nio.netty.internal.nrs.HandlerPublisher.flushBuffer(HandlerPublisher.java:338)
	at software.amazon.awssdk.http.nio.netty.internal.nrs.HandlerPublisher.receivedDemand(HandlerPublisher.java:291)
	at software.amazon.awssdk.http.nio.netty.internal.nrs.HandlerPublisher.access$200(HandlerPublisher.java:61)
	at software.amazon.awssdk.http.nio.netty.internal.nrs.HandlerPublisher$ChannelSubscription$1.run(HandlerPublisher.java:495)
	at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:173)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:166)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:566)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at java.base/java.lang.Thread.run(Thread.java:1575)
Caused by: javax.crypto.AEADBadTagException: Input data too short to contain an expected tag length of 16bytes
	at java.base/com.sun.crypto.provider.GaloisCounterMode$GCMDecrypt.doFinal(GaloisCounterMode.java:1477)
	at java.base/com.sun.crypto.provider.GaloisCounterMode.engineDoFinal(GaloisCounterMode.java:415)
	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2130)
	at software.amazon.encryption.s3.internal.CipherSubscriber.onComplete(CipherSubscriber.java:104)
	... 19 more
``

[tbaeg]

Incorrect repository.