OpenSSL:加密/解密例程的输入和输出缓冲区可以相同吗?
例如,in:
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
... out
== in
可以吗?
For example, in:
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
… can out
== in
?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
![扫码二维码加入Web技术交流群](/public/img/jiaqun_03.jpg)
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我只是偶然发现这个问题,因为我自己也很好奇。由于没有人回答,我尝试了一下,它确实有效(至少对于 AES CTR 128 解密),所以我大胆猜测它也适用于其他类型。如果您有兴趣,这是我的代码示例。
I just stumbled upon this question because I was curious myself. Since no one answered, I tried it out and it does indeed work (at least with AES CTR 128 decryption) so I would venture to guess that it works for other types as well. Here's my code sample in case you are interested.
Inbuf和outbuf在某些情况下可以写成相同的,但是有很多陷阱。
陷阱一:如果inbuf和outbuf写的是同一个,在padding的情况下,你会发现传出的outlen比inlen少了16个字节,如果分块解析的话,每个块会少16个字节,解析出来的结果完全错误! inbuf 和 outbuf 不同是正确的。
陷阱2:openssl文档明确规定EVP_DecryptUpdate的传出outbuf的长度要求是(inlen + cipher_block_size)。一般AES的cipher_block_size为16,所以意味着必须准备绑定缓冲区的长度+准备的字节数为6。否则会导致内存写溢出,产生不可预测的结果。如果inbuf和outbuf使用同一个,那么缓冲区长度的细节一定要处理好。
总结一下,不要把inbuf和outbuf传到同一个,挖坑害己。
---谷歌翻译。
Inbuf and outbuf can be written the same in some cases, but there are many pitfalls.
Pitfall 1: If inbuf and outbuf write the same one, in the case of padding, you will find that the outgoing outlen is 16 bytes less than inlen, if it is parsed in blocks, each block will be 16 bytes less, and the parsed result is totally wrong! It is correct that inbuf and outbuf are not the same.
Pitfall 2: The openssl documentation clearly specifies that the length requirement of the outgoing outbuf of EVP_DecryptUpdate is (inlen + cipher_block_size). Generally, the cipher_block_size of AES is 16, so it means that the length of the binding buffer area must be prepared + the number of bytes prepared is 6. Otherwise, it will cause memory write overflow and produce unpredictable results. If inbuf and outbuf use the same one, the details of buffer area length must be handled well.
To sum up, don't pass inbuf and outbuf into the same one, digging pits and harming yourself.
---translated by google.