OpenSSL::Cipher partially decrypts string with wrong iv


#1

I have an application where I want to require both the correct key and
iv in order to decrypt a string. I wrote a very simple program to test
the various success and failure cases.

ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-darwin8.10.1]

When the key and iv are correct, it succeeds, as expected.
When the wrong key is provided, it fails, as expected.
However, when I pass the wrong iv, it looks like it actually decrypts
most of the string. Only the first 16 bytes are not decrypted properly.

Here’s the test program:

require ‘openssl’

str = “The quick brown fox jumped over the lazy dog.”

cip1 = OpenSSL::Cipher::Cipher.new(“aes-256-cbc”)
cip1.encrypt
key = cip1.random_key
iv = cip1.random_iv

es = cip1.update(str) + cip1.final

cip2 = OpenSSL::Cipher::Cipher.new(“aes-256-cbc”)
cip2.decrypt
cip2.key = key
cip2.iv = “X” * 32 # pass the wrong iv

rs = cip2.update(es) + cip2.final

puts rs

I would expect the decrypt to fail or just return garbage, but I get the
following:

���t��Y������W�fox jumped over the lazy dog.

Are my assumptions wrong, or is this an issue?

Thanks in advance. rpo