didDecryptLast uses the same type for input & output

Sources/CryptoSwift/BlockDecryptor.swift

@@ -56,7 +56,7 @@ public class BlockDecryptor: Cryptor, Updatable {
                 }
 
                 if var finalizingWorker = worker as? FinalizingDecryptModeWorker, isLast == true {
-                    plaintext = try finalizingWorker.didDecryptLast(block: plaintext.slice)
+                    plaintext = Array(try finalizingWorker.didDecryptLast(block: plaintext.slice))
                 }
 
                 processedBytesCount += chunk.count

Sources/CryptoSwift/BlockMode/CCM.swift

@@ -144,6 +144,14 @@ class CCMModeWorker: StreamModeWorker, SeekableModeWorker, CounterModeWorker, Fi
         return result
     }
 
+    func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
+        // concatenate T at the end
+        guard let S0 = try? S(i: 0) else { return ciphertext }
+
+        let tag = last_y.prefix(tagLength)
+        return ciphertext + (xor(tag, S0) as ArraySlice<UInt8>)
+    }
+
     // TODO
     func decrypt(block ciphertext: ArraySlice<UInt8>) -> Array<UInt8> {
         guard let plaintext = cipherOperation(ciphertext) else {
@@ -154,14 +162,6 @@ class CCMModeWorker: StreamModeWorker, SeekableModeWorker, CounterModeWorker, Fi
         return result
     }
 
-    func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
-        // concatenate T at the end
-        guard let S0 = try? S(i: 0) else { return ciphertext }
-
-        let tag = last_y.prefix(tagLength)
-        return ciphertext + (xor(tag, S0) as ArraySlice<UInt8>)
-    }
-
     func finalize(decrypt ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
         return ciphertext
     }
@@ -170,8 +170,8 @@ class CCMModeWorker: StreamModeWorker, SeekableModeWorker, CounterModeWorker, Fi
         return ciphertext
     }
 
-    func didDecryptLast(block plaintext: ArraySlice<UInt8>) throws -> Array<UInt8> {
-        return Array(plaintext)
+    func didDecryptLast(block plaintext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
+        return plaintext
     }
 }
 

Sources/CryptoSwift/BlockMode/CipherModeWorker.swift

@@ -56,5 +56,5 @@ public protocol FinalizingDecryptModeWorker: CipherModeWorker {
     // ciphertext is either a last block, or a tag (for stream workers)
     mutating func willDecryptLast(bytes ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8>
     // Called after decryption, hence input is ciphertext
-    mutating func didDecryptLast(block plaintext: ArraySlice<UInt8>) throws -> Array<UInt8>
+    mutating func didDecryptLast(block plaintext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8>
 }

Sources/CryptoSwift/BlockMode/GCM.swift

@@ -203,14 +203,14 @@ final class GCMModeWorker: BlockModeWorker, FinalizingEncryptModeWorker, Finaliz
         }
     }
 
-    func didDecryptLast(block plaintext: ArraySlice<UInt8>) throws -> Array<UInt8> {
+    func didDecryptLast(block plaintext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
         // Calculate MAC tag.
         let ghash = gf.ghashFinish()
         let computedTag = Array((ghash ^ eky0).bytes.prefix(GCMModeWorker.tagLength))
 
         // Validate tag
         if let expectedTag = self.expectedTag, computedTag == expectedTag {
-            return Array(plaintext)
+            return plaintext
         }
 
         throw GCM.Error.fail