Null pointer iv with non-EBC block cipher

I’m not sure if this is an openssl problem with not checking for null
before dereferencing pointers, but with ruby you can do the following
cbc block cipher without specifying an IV:

require ‘openssl’
key = “0599E113A7EE32A9”
data =
“1234567890~5J96LC303C1D22DD~20090930005944~http%3A%2F%2Flocalhost%3A8080%2Flogin%3B0%3B1~http%3A%2F%2Fmix-stage.oracle.com%2F~00”

c1 = OpenSSL::Cipher::Cipher.new(“DES-CBC”)
c1.padding = 0
c1.encrypt
c1.key = key
e = c1.update data
e << c1.final

c2 = OpenSSL::Cipher::Cipher.new(“DES-CBC”)
c2.padding = 0
c2.decrypt
c2.key = key
d = c2.update e
d << c2.final

puts d

This works in MRI, but I don’t believe it should because the user didn’t
specify an IV. IMHO, this is a bug. The responsibility may be openssl
though for not raising the exception. Any thoughts?

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs