AES_cbc_encrypt中的Segfault

我正在尝试更详细地了解OpenSSL库.因此,我一直在尝试使用AES_ *函数,而不是使用更高级别的EVP函数.按照
this question中的一般调用(虽然我使用的是CBC而不是计数器模式),我想出了这段代码:

void ctr(log_t* log)
{
   unsigned char ivec[16];
   /* Out buffer for ciphertext */
   unsigned char outBuf[16];

   blockReader_t* br = blockReaderInit(log, "./input.txt", 128);
   int outFD;

   if ((outFD = open("out.bin", O_WRONLY)) == -1)
   {
      logPrint(br->log, LOG_ARGS, LOG_ERR, "open: %s", strerror(errno));
      logExit(br->log, LOG_ARGS, EXIT_FAILURE);
   }

   memset(ivec, 0, 16);

   unsigned char* ivec2 = ivec + 8;
   unsigned long* ivec3 = (unsigned long*) ivec2;
   *ivec3 = (unsigned long) 0xfd0;

   AES_KEY aesKey;
   char* myKey = "Pampers baby-dry";
   int res;

   if (!(res = AES_set_encrypt_key((unsigned char*) myKey, 16, &aesKey)))
   {
      logPrint(log, LOG_ARGS, LOG_ERR, "AES_set_encrypt_key: returned %d", res);
      logExit(log, LOG_ARGS, EXIT_FAILURE);
   }

   unsigned char* buf;

   while ((buf = blockReaderGet(br)) != NULL)
   {
      logPrint(log, LOG_ARGS, LOG_INFO, "ivec =");
      logHexdump(log, LOG_ARGS, LOG_INFO, (char*) ivec, 16);

      logPrint(log, LOG_ARGS, LOG_INFO, "buf =");
      logHexdump(log, LOG_ARGS, LOG_INFO, (char*) buf, 16);

      AES_cbc_encrypt(buf, outBuf, 16, &aesKey, ivec, 1);

      logPrint(log, LOG_ARGS, LOG_INFO, "outBuf =");
      logHexdump(log, LOG_ARGS, LOG_INFO, (char*) outBuf, 16);

      int res = write(outFD, outBuf, 16);

      if (res == -1)
      {
         logPrint(log, LOG_ARGS, LOG_ERR, "write: %s", strerror(errno));
         logExit(log, LOG_ARGS, EXIT_FAILURE);
      }
      else if (res < 16)
      {
         logPrint(log, LOG_ARGS, LOG_WARN, "Unexpectedly wrote < 16 bytes");
      }
   }

   if ((close(outFD)) == -1)
   {
      logPrint(log, LOG_ARGS, LOG_ERR, "close: %s", strerror(errno));
      logExit(log, LOG_ARGS, EXIT_FAILURE);
   }
}

log_t结构和对log *()的调用是我自己的日志框架,我用它来帮助调试这段代码. blockReader_t是另一个用于以字节为单位读取文件的框架. blockReaderGet()简单地用预定数量的字节数据(在这种情况下为128位/ 16字节)填充目标缓冲区.

input.txt的内容:

$hexdump -C input.txt
00000000  4d 69 64 6e 69 67 68 74  5f 4d 61 72 6c 69 6e 05  |Midnight_Marlin.|
00000010  52 69 63 68 61 72 64 52  69 63 68 61 72 64 06 07  |RichardRichard..|
00000020

输出(在GDB中运行):

(gdb) run
Starting program: /home/adam/crypto/openssl/aes/aes_128
[    0.000020] <aes_128.c:83> "main" INFO: Log library started (v1.9.0)
...
[    0.000054] <aes_128.c:50> "ctr" INFO: ivec =
[    0.000057] <aes_128.c:51> "ctr" INFO: HEX (16 bytes)
---BEGIN_HEX---
00000000  00 00 00 00 00 00 00 00  d0 0f 00 00 00 00 00 00  |................|
00000010
---END_HEX---
[    0.000069] <aes_128.c:53> "ctr" INFO: buf =
[    0.000071] <aes_128.c:54> "ctr" INFO: HEX (16 bytes)
---BEGIN_HEX---
00000000  4d 69 64 6e 69 67 68 74  5f 4d 61 72 6c 69 6e 05  |Midnight_Marlin.|
00000010
---END_HEX---

Program received signal SIGSEGV, Segmentation fault.
_x86_64_AES_encrypt_compact () at aes-x86_64.s:170
170             xorl    0(%r15),%eax

我正在使用GitHub中的一个OpenSSL,我自己构建并与本地链接;特别是我收集的OpenSSL_1_0_2e标签是最新的稳定版本.

生成此程序集文件的Perl文件使用$key变量来命名r15表示的内容.但鉴于AES_set_encrypt_key()返回成功,我不确定是什么问题.

任何人都可以提供任何可能错误的指示吗?

编辑:

尽管使用-g3而不是-O3编译OpenSSL,但回溯没有用:

(gdb) bt
#0  _x86_64_AES_encrypt_compact () at aes-x86_64.s:170
#1  0x0000000000402b6b in AES_cbc_encrypt () at aes-x86_64.s:1614
#2  0x00007fffffffe0a0 in ?? ()
#3  0x000080007dfc19a0 in ?? ()
#4  0x00007fffffffe050 in ?? ()
#5  0x0000000000635080 in ?? ()
#6  0x00007fffffffe1a0 in ?? ()
#7  0x0000000000000010 in ?? ()
#8  0x00007ffff7bdf9a0 in ?? ()
#9  0x00007fffffffe1b0 in ?? ()
#10 0x00007fff00000001 in ?? ()
#11 0x00007ffff7bdf4c8 in ?? ()
#12 0x00007fffffffda40 in ?? ()
#13 0x0000000000000000 in ?? ()

编辑2:

CFLAG已被更改:

CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O0 -ggdb -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

注意-O0 -ggdb. Backtrace是一样的:

(gdb) bt
#0  _x86_64_AES_encrypt_compact () at aes-x86_64.s:170
#1  0x0000000000402b6b in AES_cbc_encrypt () at aes-x86_64.s:1614
#2  0x00007fffffffe0a0 in ?? ()
#3  0x000080007dfc19a0 in ?? ()
#4  0x00007fffffffe050 in ?? ()
#5  0x0000000000635080 in ?? ()
#6  0x00007fffffffe1a0 in ?? ()
#7  0x0000000000000010 in ?? ()
#8  0x00007ffff7bdf9a0 in ?? ()
#9  0x00007fffffffe1b0 in ?? ()
#10 0x00007fff00000001 in ?? ()
#11 0x00007ffff7bdf4c8 in ?? ()
#12 0x00007fffffffda40 in ?? ()
#13 0x0000000000000000 in ?? ()

编辑:MCVE示例

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <openssl/aes.h>

unsigned char input[] = {0x4du, 0x69u, 0x64u, 0x6eu, 0x69u, 0x67u, 0x68u, 0x74u,
                         0x5fu, 0x4du, 0x61u, 0x72u, 0x6cu, 0x69u, 0x6eu, 0x05u,
                         0x52u, 0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x52u,
                         0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x06u, 0x07u};

int main()
{
   unsigned char ivec[16];
   /* ivec[0..7] is the IV, ivec[8..15] is the big endian counter. */
   unsigned char outBuf[16];

   int outFD;

   if ((outFD = open("out.bin", O_WRONLY)) == -1)
   {
      perror("open");
      return EXIT_FAILURE;
   }

   memset(ivec, 0, 16);

   unsigned char* ivec2 = ivec + 8;
   unsigned long* ivec3 = (unsigned long*) ivec2;
   *ivec3 = (unsigned long) 0xfd0;

   AES_KEY aesKey;
   char* myKey = "Pampers baby-dry";
   int res;

   if (!(res = AES_set_encrypt_key((unsigned char*) myKey, 16, &aesKey)))
   {
      fprintf(stderr, "AES_set_encrypt_key: returned %d", res);
      return EXIT_FAILURE;
   }

   for (int i = 0; i < 32; i += 16)
   {
      printf("ivec = ");

      for (int j = 0; j < 16; j++)
         printf("%.02hhx ", ivec[j]);

      putchar('\n');

      printf("input = ");

      for (int j = i; j < (i + 16); j++)
         printf("%.02hhx ", input[j]);

      putchar('\n');

      AES_cbc_encrypt(&input[i], outBuf, 16, &aesKey, ivec, 1);

      printf("outBuf = ");

      for (int j = 0; j < 16; j++)
         printf("%.02hhx ", outBuf[j]);

      putchar('\n');

      int res = write(outFD, outBuf, 16);

      if (res == -1)
      {
         perror("write");
         return EXIT_FAILURE;
      }
      else if (res < 16)
      {
         printf("Warning: unexpectedly wrote < 16 bytes");
      }
   }

   if ((close(outFD)) == -1)
   {
      perror("close");
      return EXIT_FAILURE;
   }

   return EXIT_SUCCESS;
}

最佳答案 所以这里有几个主要的错误.我将浏览我抓到的所有内容,但可能会有更多,因为我没有进行彻底的代码审查.

>你到处都在使用sentinel值(即:16个整数文字.用预处理器宏交换它们,甚至更好,用const int).
>输出缓冲区必须至少与输入缓冲区一样大,并且应该向上舍入块大小的最接近的倍数,再加上一个块.
>您循环遍历输入数据的每个元素,并尝试一次加密一个字节.除非你在AES之上实现一些模糊的层,否则这是错误的.迭代数据块,而不是单个字节.循环完全没必要.
>您的输入数据缓冲区似乎比输出数据缓冲区大.根据您当前的实现,我认为最后16个字节将被截断/丢失,因为输入缓冲区有32个字节的数据,但输出缓冲区是16个字节.在您的具体示例中,输入应为32个字节,输出应为32 1.
>除了循环是不必要的,通过一些修改它会运行(错误地,破坏数据),并最终访问无效的内存(即:指向输入缓冲区的末尾附近,并告诉加密函数要求16个字节之后的数据).

我提供了一个更新的代码清单和示例输出,可以让您走上正确的轨道. Here’s a working example that should also guide you along.

祝好运!

修改代码清单

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <openssl/aes.h>

#define BLOCK_SIZE  (128)

unsigned char input[BLOCK_SIZE] = {
    0x4du, 0x69u, 0x64u, 0x6eu, 0x69u, 0x67u, 0x68u, 0x74u,
    0x5fu, 0x4du, 0x61u, 0x72u, 0x6cu, 0x69u, 0x6eu, 0x05u,
    0x52u, 0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x52u,
    0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x06u, 0x07u};

int main()
{
    unsigned char ivec[BLOCK_SIZE];
    /* ivec[0..7] is the IV, ivec[8..15] is the big endian counter. */
    unsigned char outBuf[BLOCK_SIZE+1];

    int outFD;

    if ((outFD = open("out.bin", O_CREAT | O_RDWR)) == -1)
    {
        perror("open");
        return EXIT_FAILURE;
    }

    memset(ivec, 0, BLOCK_SIZE);

    unsigned char* ivec2 = ivec + 8;
    unsigned long* ivec3 = (unsigned long*) ivec2;
    *ivec3 = (unsigned long) 0xfd0;

    AES_KEY aesKey;
    char* myKey = "Pampers baby-dry";
    int res;

    if ((res = AES_set_encrypt_key((unsigned char*) myKey, BLOCK_SIZE, &aesKey)) < 0)
    {
        fprintf(stderr, "AES_set_encrypt_key: returned %d", res);
        return EXIT_FAILURE;
    }

    int i = 0;
    //for (int i = 0; i < 32; i += BLOCK_SIZE)
    {
        printf("ivec = ");

        for (int j = 0; j < BLOCK_SIZE; j++)
            printf("%.02hhx ", ivec[j]);

        putchar('\n');

        printf("input = ");

        for (int j = i; j < (i + BLOCK_SIZE); j++)
            printf("%.02hhx ", input[j]);

        putchar('\n');
        putchar('\n');
        putchar('\n');
        putchar('\n');

        AES_cbc_encrypt(input, outBuf, BLOCK_SIZE, &aesKey, ivec, AES_ENCRYPT);

        printf("outBuf = ");

        for (int j = 0; j < BLOCK_SIZE; j++)
            printf("%.02hhx ", outBuf[j]);

        putchar('\n');

        int res = write(outFD, outBuf, BLOCK_SIZE);

        if (res == -1)
        {
            perror("write");
            return EXIT_FAILURE;
        }
        else if (res < BLOCK_SIZE)
        {
            printf("Warning: unexpectedly wrote < %d bytes.\n", BLOCK_SIZE);
        }
    }

    if ((close(outFD)) == -1)
    {
        perror("close");
        return EXIT_FAILURE;
    }

    return EXIT_SUCCESS;
}

构建命令

gcc -O0 -ggdb test.c --std=c99 -lssl -lcrypto && ./a.out 

样本输出

ivec = 00 00 00 00 00 00 00 00 d0 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
input = 4d 69 64 6e 69 67 68 74 5f 4d 61 72 6c 69 6e 05 52 69 63 68 61 72 64 52 69 63 68 61 72 64 06 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 



outBuf = 81 ee 91 c0 9f f6 40 db 3c 6d 32 dd 5e 86 6f f8 4e 7b aa 15 38 36 b8 20 bc 04 bd 4f 6c 53 0e 02 72 c2 b7 e8 79 35 f2 b2 e1 c1 6e 1e 3b 1e 75 81 6a 56 43 d8 9d 9c 4c 1e 04 bd 99 29 3a 55 c9 a4 90 48 20 13 5e 51 4a 0c 4b 35 bc db da 54 f1 2b 66 f6 1b 1a 42 25 33 30 0e 35 87 9d 4b 1f d5 3a 5d 3a 8e 8c c8 48 c0 52 72 c0 4e b3 b8 f5 37 03 1c 87 15 61 3b 64 2b 06 5e 12 8f c7 b5 21 98 06 
点赞