aes_gcm.rb in lockbox-0.4.9

- old
+ new

@@ -16,22 +16,22 @@
       # From Ruby 2.5.3 OpenSSL::Cipher docs:
       # If no associated data shall be used, this method must still be called with a value of ""
       # In encryption mode, it must be set after calling #encrypt and setting #key= and #iv=
       cipher.auth_data = associated_data || ""
 
-      ciphertext = cipher.update(message) + cipher.final
+      ciphertext = String.new
+      ciphertext << cipher.update(message) unless message.empty?
+      ciphertext << cipher.final
       ciphertext << cipher.auth_tag
-
       ciphertext
     end
 
     def decrypt(nonce, ciphertext, associated_data)
       auth_tag, ciphertext = extract_auth_tag(ciphertext.to_s)
 
       fail_decryption if nonce.to_s.bytesize != nonce_bytes
       fail_decryption if auth_tag.to_s.bytesize != auth_tag_bytes
-      fail_decryption if ciphertext.to_s.bytesize == 0
 
       cipher = OpenSSL::Cipher.new("aes-256-gcm")
       # do not change order of operations
       cipher.decrypt
       cipher.key = @key
@@ -41,10 +41,14 @@
       # If no associated data shall be used, this method must still be called with a value of ""
       # When decrypting, set it only after calling #decrypt, #key=, #iv= and #auth_tag= first.
       cipher.auth_data = associated_data || ""
 
       begin
-        cipher.update(ciphertext) + cipher.final
+        if ciphertext.to_s.empty?
+          cipher.final
+        else
+          cipher.update(ciphertext) + cipher.final
+        end
       rescue OpenSSL::Cipher::CipherError
         fail_decryption
       end
     end
 