Upgrade to use asherah-cobhan v0.5.3

CHANGELOG.md

@@ -1,5 +1,10 @@
 ## [Unreleased]
 
+## [0.8.2] - 2026-03-09
+
+- Upgrade to use asherah-cobhan v0.5.3
+- Add null_data_check configuration option
+
 ## [0.8.1] - 2026-03-05
 
 - Upgrade to use asherah-cobhan v0.5.1

ext/asherah/checksums.yml

@@ -1,5 +1,5 @@
-version:                v0.5.1
-libasherah-arm64.so:    eb1cf59da6e7006ba8044fa9b4ec471f32576f7edb1169e30f059c5f8815c044
-libasherah-x64.so:      16237a58335e86c510a20a0a6e9afa6502026e9f5fd374012db8ee9130f41eed
-libasherah-arm64.dylib: 03260e6552b7eb17b7cbe0cb6c16486bc4d17a110c1dc8ab9293cc4b678a8b80
-libasherah-x64.dylib:   df7d71223bdfc23afc29a5bf72e0294b12d632b63f135e7ac4194ec8d69c3766
+version:                v0.5.3
+libasherah-arm64.so:    9315240c2eb0aafb342ddbd399ada545faf51cbc651c8f69c3d2dd64eb31c63c
+libasherah-x64.so:      a873fafb85b0ee310c78d1cbf8cd5db1684bea7d4db9c6b53dcd8e68e546fcf2
+libasherah-arm64.dylib: 76b4652b02e745992ff1c064722628432fa5e04f49ef2cfed2299215ea71290a
+libasherah-x64.dylib:   0e78b9318a35bbb4bbe12aeed09ee2b850de43ba3660460c5d3b220b010c04f0

lib/asherah/config.rb

@@ -22,6 +22,7 @@ module Asherah
   # @attr [Integer] check_interval, The amount of time in seconds before cached keys are considered stale
   # @attr [Boolean] enable_session_caching, Enable shared session caching
   # @attr [Boolean] disable_zero_copy, Disable zero-copy FFI input buffers to prevent use-after-free from caller runtime
+  # @attr [Boolean] null_data_check, Log an error if input data is all null before or after encryption
   # @attr [Boolean] verbose, Enable verbose logging output
   class Config
     MAPPING = {
@@ -42,6 +43,7 @@ class Config
       session_cache_duration: :SessionCacheDuration,
       enable_session_caching: :EnableSessionCaching,
       disable_zero_copy: :DisableZeroCopy,
+      null_data_check: :NullDataCheck,
       expire_after: :ExpireAfter,
       check_interval: :CheckInterval,
       verbose: :Verbose

lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.8.1'
+  VERSION = '0.8.2'
 end

spec/asherah_spec.rb

@@ -11,6 +11,25 @@
     end
   }
 
+  def capture_stderr
+    require 'tempfile'
+    tmpfile = Tempfile.new('stderr')
+    original_stderr = $stderr.dup
+    $stderr.reopen(tmpfile)
+
+    yield
+
+    $stderr.reopen(original_stderr)
+    tmpfile.rewind
+    tmpfile.read
+  ensure
+    unless original_stderr.closed?
+      $stderr.reopen(original_stderr)
+      original_stderr.close
+    end
+    tmpfile.close! unless tmpfile.closed?
+  end
+
   before :each do
     Asherah.configure do |config|
       base_config.call(config)
@@ -72,4 +91,24 @@
     # ENV set by CGO is visible in Ruby
     expect(ENV.fetch('VAR1')).to eq('VALUE1')
   end
+
+  it 'encrypts null bytes with null_data_check enabled' do
+    Asherah.shutdown
+    Asherah.configure do |config|
+      base_config.call(config)
+      config.null_data_check = true
+    end
+
+    null_data = "\x00" * 100
+    json = nil
+    stderr_output = capture_stderr { json = Asherah.encrypt(partition_id, null_data) }
+
+    expect(json).to include('Data')
+    expect(json).to include('Key')
+    expect(stderr_output).to include(
+      'asherah-cobhan: EncryptToJson: input data buffer is all null before encryption (len=100)'
+    )
+    decrypted = Asherah.decrypt(partition_id, json)
+    expect(decrypted).to eq(null_data)
+  end
 end

spec/config_spec.rb

@@ -206,6 +206,7 @@
       config.session_cache_duration = 3600
       config.enable_session_caching = true
       config.disable_zero_copy = true
+      config.null_data_check = true
       config.expire_after = 7200
       config.check_interval = 1800
       config.verbose = true
@@ -230,6 +231,7 @@
         'SessionCacheDuration' => 3600,
         'EnableSessionCaching' => true,
         'DisableZeroCopy' => true,
+        'NullDataCheck' => true,
         'ExpireAfter' => 7200,
         'CheckInterval' => 1800,
         'Verbose' => true