[crypto] Last 16 bytes not being consumed?

[Dan Quaroni]

I've posted this at SO as well where it has nicer formatting, but I'll
include the question here as well.  See
http://stackoverflow.com/questions/42147559/java-cryptocipher-doesnt-consume-all-input-bytes

I'm trying to convert from using Chilkat's proprietary decryption library
to Apache's commons codec.

I have 2 example encrypted inputs I'm working with. The first is 16 bytes
and the second is 96 bytes. The first one works great, but on the second
one the CryptoCipher doesn't appear to be consuming the last 16 bytes.

Here's some example code of the setup and decryption and the output:

   Properties properties = new Properties();
    CryptoCipher crypt =
CryptoCipherFactory.getCryptoCipher("AES/CBC/PKCS5Padding", properties);
    MessageDigest digest = MessageDigest.getInstance("SHA-256");

    byte[] hashedKeyBytes = digest.digest("SHARED_SECRET".getBytes(
            StandardCharsets.UTF_8));
    MessageDigest ivDigest = MessageDigest.getInstance("MD5");

    byte[] ivBytes =
ivDigest.digest("SHARED_SECRET".getBytes(StandardCharsets.UTF_8));
    final SecretKeySpec key = new SecretKeySpec(hashedKeyBytes, "AES");
    IvParameterSpec iv = new IvParameterSpec(ivBytes);

    crypt.init(Cipher.DECRYPT_MODE, key, iv);

    ByteBuffer encBuffer = ByteBuffer.allocateDirect(enc.length);
    System.out.println("--" + enc.length);
    encBuffer.put(enc);
    encBuffer.flip();
    System.out.println("encln " + encBuffer.limit());

    ByteBuffer decoded = ByteBuffer.allocateDirect(bufferSize);
    CryptoCipher crypt = init();

    System.out.println("consume " + crypt.update(encBuffer, decoded));
    System.out.println("finish " + crypt.doFinal(encBuffer, decoded));
    decoded.flip();
    return asString(decoded);

This produces these 2 outputs for the 2 inputs:

Short input:

--16
encln 16
consume 0
finish 13
Long input:

--96
encln 96
consume 80
finish 3

As you can see it's only consuming 80 bytes out of the input... Since the
shorter input produces the correct output as compared to what Chilkat
produced, I'm not sure where to approach this to get it to work with the
longer input.

When I print out the string representation of the decrypted contents, there
are 33 characters missing from the end that should be there.