I’m not sure if this is an openssl problem with not checking for null
before dereferencing pointers, but with ruby you can do the following
cbc block cipher without specifying an IV:
require ‘openssl’
key = “0599E113A7EE32A9”
data =
“1234567890~5J96LC303C1D22DD~20090930005944~http%3A%2F%2Flocalhost%3A8080%2Flogin%3B0%3B1~http%3A%2F%2Fmix-stage.oracle.com%2F~00”
c1 = OpenSSL::Cipher::Cipher.new(“DES-CBC”)
c1.padding = 0
c1.encrypt
c1.key = key
e = c1.update data
e << c1.final
c2 = OpenSSL::Cipher::Cipher.new(“DES-CBC”)
c2.padding = 0
c2.decrypt
c2.key = key
d = c2.update e
d << c2.final
puts d
This works in MRI, but I don’t believe it should because the user didn’t
specify an IV. IMHO, this is a bug. The responsibility may be openssl
though for not raising the exception. Any thoughts?