🐛 Cipher behaviour change from 0.7+ to 1+

[vic614]

What's happening?

I observed a Cipher behaviour change with AES-256-CBC when doing string vs buffer concat.

Reproducible Code

const key= 'KTnGEDonslhj/qGvf6rj4HSnO32T7dvjAs5PntTDB0s=';
const ivv = '2pXx2krk1wU8RI6AQjuPUg==';
const alg = "AES-256-CBC";
const text = "this is a test."

//Buffer concat
const cipher = QuickCrypto.createCipheriv(alg, Buffer.from(key, "base64"), Buffer.from(ivv, "base64"));
const encrypted_text = Buffer.concat([cipher.update(Buffer.from(text, "utf8")), cipher.final()]).toString('base64');

//String concat
const enc_text = cipher.update(text, 'utf8', 'base64') + cipher.final('base64');

console.log(encrypted_text)
console.log(enc_text)

//I believe, in the 0.7+ version they are supposed to be the same. Not sure where the issue could be.

Relevant log output

LOG  YlQjRMA/8ne7O7zAe0nzJQ==
 LOG  tRlNnctKub5l7FDV9dD6Wg==

Device

ios 26.2

QuickCrypto Version

1.0.10

Can you reproduce this issue in the QuickCrypto Example app?

Yes, I can reproduce the same issue in the Example app here

Additional information

• I am using Expo
• I have read the Troubleshooting Guide
• I agree to follow this project's Code of Conduct
• I searched for similar issues in this repository and found none.

[boorad]

The original repro code reuses the same cipher instance for both the Buffer concat and string concat approaches — calling update() and final() twice on the same object. This is actually invalid usage: once final() is called, the cipher is done. In 0.x this was silently allowed but produced wrong results (two different ciphertexts from the same key/IV/plaintext).

The fix in #948 ensures that:

1. Using separate cipher instances (the correct pattern), Buffer concat and string concat produce identical output — matching Node.js behavior.
2. Reusing a cipher after final() now throws "Unsupported state or unable to authenticate data", matching Node.js behavior.

Corrected version of the repro:

const key = 'KTnGEDonslhj/qGvf6rj4HSnO32T7dvjAs5PntTDB0s=';
const ivv = '2pXx2krk1wU8RI6AQjuPUg==';
const alg = 'aes-256-cbc';
const text = 'this is a test.';

// Buffer concat (cipher1)
const cipher1 = createCipheriv(alg, Buffer.from(key, 'base64'), Buffer.from(ivv, 'base64'));
const encrypted_text = Buffer.concat([cipher1.update(Buffer.from(text, 'utf8')), cipher1.final()]).toString('base64');

// String concat (cipher2 — fresh instance)
const cipher2 = createCipheriv(alg, Buffer.from(key, 'base64'), Buffer.from(ivv, 'base64'));
const enc_text = cipher2.update(text, 'utf8', 'base64') + cipher2.final('base64');

console.log(encrypted_text); // Same result
console.log(enc_text);       // Same result

[vic614]

@boorad I see. However, when using a image base64 string as the text to be encrypted.
const text = 'ZmDgfsVUTRrYfBKgdELCXp2ix0BteDw/f1qhA0jBN7O3Ljd/9be6Zl+PoBoIfLPYDmhdCa4JYwXxcMPdDHx+Bb7hQtoGA/HNIWEfDebII/wRQRhYg3vcsWqYN60WADcbWDxMiu0xkSaME5SH/sAcPN+hqII6Z/sIZybMCH/ta4yyiSWEZGrhUv4YZvcCCG9wpCsSHXOFu3KwZG0qnBiCGczxdnU+Y7kr2izhGLSzTao=RE9u8acQuwSPd01vi4vTmw=='

The encryption result will be different.

The final part is not handled correctly.

[boorad]

@vic614 found it! See #949