lockbox.rb in lockbox-0.2.3

- old
+ new

@@ -1,6 +1,7 @@
 # dependencies
+require "openssl"
 require "securerandom"
 
 # modules
 require "lockbox/box"
 require "lockbox/encryptor"
@@ -95,10 +96,12 @@
 
     @boxes.each_with_index do |box, i|
       begin
         return box.decrypt(ciphertext, **options)
       rescue => e
-        error_classes = [DecryptionError]
+        # returning DecryptionError instead of PaddingError
+        # is for end-user convenience, not for security
+        error_classes = [DecryptionError, PaddingError]
         error_classes << RbNaCl::LengthError if defined?(RbNaCl::LengthError)
         error_classes << RbNaCl::CryptoError if defined?(RbNaCl::CryptoError)
         if error_classes.any? { |ec| e.is_a?(ec) }
           raise DecryptionError, "Decryption failed" if i == @boxes.size - 1
         else