AES_cbc_encrypt中的Segfault

时间:2016-01-07 23:03:06

标签: c linux openssl segmentation-fault

我正在尝试更详细地了解OpenSSL库。因此,我一直在尝试使用AES_ *函数,而不是使用更高级别的EVP函数。按照this question中的一般调用(虽然我使用的是CBC而不是计数器模式),我已经提出了这个代码:

void ctr(log_t* log)
{
   unsigned char ivec[16];
   /* Out buffer for ciphertext */
   unsigned char outBuf[16];

   blockReader_t* br = blockReaderInit(log, "./input.txt", 128);
   int outFD;

   if ((outFD = open("out.bin", O_WRONLY)) == -1)
   {
      logPrint(br->log, LOG_ARGS, LOG_ERR, "open: %s", strerror(errno));
      logExit(br->log, LOG_ARGS, EXIT_FAILURE);
   }

   memset(ivec, 0, 16);

   unsigned char* ivec2 = ivec + 8;
   unsigned long* ivec3 = (unsigned long*) ivec2;
   *ivec3 = (unsigned long) 0xfd0;

   AES_KEY aesKey;
   char* myKey = "Pampers baby-dry";
   int res;

   if (!(res = AES_set_encrypt_key((unsigned char*) myKey, 16, &aesKey)))
   {
      logPrint(log, LOG_ARGS, LOG_ERR, "AES_set_encrypt_key: returned %d", res);
      logExit(log, LOG_ARGS, EXIT_FAILURE);
   }

   unsigned char* buf;

   while ((buf = blockReaderGet(br)) != NULL)
   {
      logPrint(log, LOG_ARGS, LOG_INFO, "ivec =");
      logHexdump(log, LOG_ARGS, LOG_INFO, (char*) ivec, 16);

      logPrint(log, LOG_ARGS, LOG_INFO, "buf =");
      logHexdump(log, LOG_ARGS, LOG_INFO, (char*) buf, 16);

      AES_cbc_encrypt(buf, outBuf, 16, &aesKey, ivec, 1);

      logPrint(log, LOG_ARGS, LOG_INFO, "outBuf =");
      logHexdump(log, LOG_ARGS, LOG_INFO, (char*) outBuf, 16);

      int res = write(outFD, outBuf, 16);

      if (res == -1)
      {
         logPrint(log, LOG_ARGS, LOG_ERR, "write: %s", strerror(errno));
         logExit(log, LOG_ARGS, EXIT_FAILURE);
      }
      else if (res < 16)
      {
         logPrint(log, LOG_ARGS, LOG_WARN, "Unexpectedly wrote < 16 bytes");
      }
   }

   if ((close(outFD)) == -1)
   {
      logPrint(log, LOG_ARGS, LOG_ERR, "close: %s", strerror(errno));
      logExit(log, LOG_ARGS, EXIT_FAILURE);
   }
}

log_t结构和对log*()的调用是我自己的日志框架,我用它来帮助调试此代码。 blockReader_t是另一个以字节为单位读取文件的框架。 blockReaderGet()只是用预定数量的字节数据填充目标缓冲区(在本例中为128位/ 16字节)。

input.txt的内容:

$ hexdump -C input.txt
00000000  4d 69 64 6e 69 67 68 74  5f 4d 61 72 6c 69 6e 05  |Midnight_Marlin.|
00000010  52 69 63 68 61 72 64 52  69 63 68 61 72 64 06 07  |RichardRichard..|
00000020

输出(在GDB中运行):

(gdb) run
Starting program: /home/adam/crypto/openssl/aes/aes_128
[    0.000020] <aes_128.c:83> "main" INFO: Log library started (v1.9.0)
...
[    0.000054] <aes_128.c:50> "ctr" INFO: ivec =
[    0.000057] <aes_128.c:51> "ctr" INFO: HEX (16 bytes)
---BEGIN_HEX---
00000000  00 00 00 00 00 00 00 00  d0 0f 00 00 00 00 00 00  |................|
00000010
---END_HEX---
[    0.000069] <aes_128.c:53> "ctr" INFO: buf =
[    0.000071] <aes_128.c:54> "ctr" INFO: HEX (16 bytes)
---BEGIN_HEX---
00000000  4d 69 64 6e 69 67 68 74  5f 4d 61 72 6c 69 6e 05  |Midnight_Marlin.|
00000010
---END_HEX---

Program received signal SIGSEGV, Segmentation fault.
_x86_64_AES_encrypt_compact () at aes-x86_64.s:170
170             xorl    0(%r15),%eax

我正在使用GitHub中的OpenSSL,我自己构建并在本地链接;特别是OpenSSL_1_0_2e标签,我收集的是最新的稳定版本。

生成此程序集文件的Perl文件使用$key变量来命名r15代表的内容。但鉴于AES_set_encrypt_key()返回成功,我不确定是什么问题。

有人可以提供任何可能错误的指示吗?

编辑:

尽管使用-g3而不是-O3编译OpenSSL,但回溯无效:

(gdb) bt
#0  _x86_64_AES_encrypt_compact () at aes-x86_64.s:170
#1  0x0000000000402b6b in AES_cbc_encrypt () at aes-x86_64.s:1614
#2  0x00007fffffffe0a0 in ?? ()
#3  0x000080007dfc19a0 in ?? ()
#4  0x00007fffffffe050 in ?? ()
#5  0x0000000000635080 in ?? ()
#6  0x00007fffffffe1a0 in ?? ()
#7  0x0000000000000010 in ?? ()
#8  0x00007ffff7bdf9a0 in ?? ()
#9  0x00007fffffffe1b0 in ?? ()
#10 0x00007fff00000001 in ?? ()
#11 0x00007ffff7bdf4c8 in ?? ()
#12 0x00007fffffffda40 in ?? ()
#13 0x0000000000000000 in ?? ()

编辑2:

CFLAG已被更改:

CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O0 -ggdb -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

请注意-O0 -ggdb。 Backtrace是一样的:

(gdb) bt
#0  _x86_64_AES_encrypt_compact () at aes-x86_64.s:170
#1  0x0000000000402b6b in AES_cbc_encrypt () at aes-x86_64.s:1614
#2  0x00007fffffffe0a0 in ?? ()
#3  0x000080007dfc19a0 in ?? ()
#4  0x00007fffffffe050 in ?? ()
#5  0x0000000000635080 in ?? ()
#6  0x00007fffffffe1a0 in ?? ()
#7  0x0000000000000010 in ?? ()
#8  0x00007ffff7bdf9a0 in ?? ()
#9  0x00007fffffffe1b0 in ?? ()
#10 0x00007fff00000001 in ?? ()
#11 0x00007ffff7bdf4c8 in ?? ()
#12 0x00007fffffffda40 in ?? ()
#13 0x0000000000000000 in ?? ()

编辑:MCVE示例

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <openssl/aes.h>

unsigned char input[] = {0x4du, 0x69u, 0x64u, 0x6eu, 0x69u, 0x67u, 0x68u, 0x74u,
                         0x5fu, 0x4du, 0x61u, 0x72u, 0x6cu, 0x69u, 0x6eu, 0x05u,
                         0x52u, 0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x52u,
                         0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x06u, 0x07u};

int main()
{
   unsigned char ivec[16];
   /* ivec[0..7] is the IV, ivec[8..15] is the big endian counter. */
   unsigned char outBuf[16];

   int outFD;

   if ((outFD = open("out.bin", O_WRONLY)) == -1)
   {
      perror("open");
      return EXIT_FAILURE;
   }

   memset(ivec, 0, 16);

   unsigned char* ivec2 = ivec + 8;
   unsigned long* ivec3 = (unsigned long*) ivec2;
   *ivec3 = (unsigned long) 0xfd0;

   AES_KEY aesKey;
   char* myKey = "Pampers baby-dry";
   int res;

   if (!(res = AES_set_encrypt_key((unsigned char*) myKey, 16, &aesKey)))
   {
      fprintf(stderr, "AES_set_encrypt_key: returned %d", res);
      return EXIT_FAILURE;
   }

   for (int i = 0; i < 32; i += 16)
   {
      printf("ivec = ");

      for (int j = 0; j < 16; j++)
         printf("%.02hhx ", ivec[j]);

      putchar('\n');

      printf("input = ");

      for (int j = i; j < (i + 16); j++)
         printf("%.02hhx ", input[j]);

      putchar('\n');

      AES_cbc_encrypt(&input[i], outBuf, 16, &aesKey, ivec, 1);

      printf("outBuf = ");

      for (int j = 0; j < 16; j++)
         printf("%.02hhx ", outBuf[j]);

      putchar('\n');

      int res = write(outFD, outBuf, 16);

      if (res == -1)
      {
         perror("write");
         return EXIT_FAILURE;
      }
      else if (res < 16)
      {
         printf("Warning: unexpectedly wrote < 16 bytes");
      }
   }

   if ((close(outFD)) == -1)
   {
      perror("close");
      return EXIT_FAILURE;
   }

   return EXIT_SUCCESS;
}

1 个答案:

答案 0 :(得分:2)

所以这里有几个主要的错误。我会查看我抓到的所有内容,但可能会有更多,因为我没有进行彻底的代码审查。

  1. 你到处都在使用哨兵值(即:16整数文字。用预处理器宏交换它们,甚至更好,用const int)。
  2. 输出缓冲区必须至少与输入缓冲区一样大,并且应该向上舍入块大小的最接近的倍数,再加上一个块。
  3. 您正在循环输入数据的每个元素,并尝试一次加密一个字节。除非你在AES之上实现一些模糊的层,否则这是错误的。迭代数据块,而不是单个字节。循环完全没必要。
  4. 您的输入数据缓冲区似乎比输出数据缓冲区大。根据您当前的实现,我认为最后16个字节将被截断/丢失,因为输入缓冲区有32个字节的数据,但输出缓冲区是16个字节。在您的特定示例中,输入应为32个字节,输出应为32+1
  5. 除了循环是不必要的,通过一些修改它会运行(错误地,破坏数据),并最终访问无效的内存(即:指向输入缓冲区的末尾附近,并告诉加密函数要求此点后的16字节数据)。
  6. 我提供了一个更新的代码清单和示例输出,可以让您走上正确的轨道。 Here's a working example that should also guide you along.

    祝你好运!

    修改代码清单

    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include <sys/types.h>
    #include <sys/stat.h>
    #include <fcntl.h>
    #include <unistd.h>
    #include <errno.h>
    #include <openssl/aes.h>
    
    #define BLOCK_SIZE  (128)
    
    unsigned char input[BLOCK_SIZE] = {
        0x4du, 0x69u, 0x64u, 0x6eu, 0x69u, 0x67u, 0x68u, 0x74u,
        0x5fu, 0x4du, 0x61u, 0x72u, 0x6cu, 0x69u, 0x6eu, 0x05u,
        0x52u, 0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x52u,
        0x69u, 0x63u, 0x68u, 0x61u, 0x72u, 0x64u, 0x06u, 0x07u};
    
    int main()
    {
        unsigned char ivec[BLOCK_SIZE];
        /* ivec[0..7] is the IV, ivec[8..15] is the big endian counter. */
        unsigned char outBuf[BLOCK_SIZE+1];
    
        int outFD;
    
        if ((outFD = open("out.bin", O_CREAT | O_RDWR)) == -1)
        {
            perror("open");
            return EXIT_FAILURE;
        }
    
        memset(ivec, 0, BLOCK_SIZE);
    
        unsigned char* ivec2 = ivec + 8;
        unsigned long* ivec3 = (unsigned long*) ivec2;
        *ivec3 = (unsigned long) 0xfd0;
    
        AES_KEY aesKey;
        char* myKey = "Pampers baby-dry";
        int res;
    
        if ((res = AES_set_encrypt_key((unsigned char*) myKey, BLOCK_SIZE, &aesKey)) < 0)
        {
            fprintf(stderr, "AES_set_encrypt_key: returned %d", res);
            return EXIT_FAILURE;
        }
    
        int i = 0;
        //for (int i = 0; i < 32; i += BLOCK_SIZE)
        {
            printf("ivec = ");
    
            for (int j = 0; j < BLOCK_SIZE; j++)
                printf("%.02hhx ", ivec[j]);
    
            putchar('\n');
    
            printf("input = ");
    
            for (int j = i; j < (i + BLOCK_SIZE); j++)
                printf("%.02hhx ", input[j]);
    
            putchar('\n');
            putchar('\n');
            putchar('\n');
            putchar('\n');
    
            AES_cbc_encrypt(input, outBuf, BLOCK_SIZE, &aesKey, ivec, AES_ENCRYPT);
    
            printf("outBuf = ");
    
            for (int j = 0; j < BLOCK_SIZE; j++)
                printf("%.02hhx ", outBuf[j]);
    
            putchar('\n');
    
            int res = write(outFD, outBuf, BLOCK_SIZE);
    
            if (res == -1)
            {
                perror("write");
                return EXIT_FAILURE;
            }
            else if (res < BLOCK_SIZE)
            {
                printf("Warning: unexpectedly wrote < %d bytes.\n", BLOCK_SIZE);
            }
        }
    
        if ((close(outFD)) == -1)
        {
            perror("close");
            return EXIT_FAILURE;
        }
    
        return EXIT_SUCCESS;
    }
    

    构建命令

    gcc -O0 -ggdb test.c --std=c99 -lssl -lcrypto && ./a.out 
    

    样本输出

    ivec = 00 00 00 00 00 00 00 00 d0 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    input = 4d 69 64 6e 69 67 68 74 5f 4d 61 72 6c 69 6e 05 52 69 63 68 61 72 64 52 69 63 68 61 72 64 06 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    
    
    
    outBuf = 81 ee 91 c0 9f f6 40 db 3c 6d 32 dd 5e 86 6f f8 4e 7b aa 15 38 36 b8 20 bc 04 bd 4f 6c 53 0e 02 72 c2 b7 e8 79 35 f2 b2 e1 c1 6e 1e 3b 1e 75 81 6a 56 43 d8 9d 9c 4c 1e 04 bd 99 29 3a 55 c9 a4 90 48 20 13 5e 51 4a 0c 4b 35 bc db da 54 f1 2b 66 f6 1b 1a 42 25 33 30 0e 35 87 9d 4b 1f d5 3a 5d 3a 8e 8c c8 48 c0 52 72 c0 4e b3 b8 f5 37 03 1c 87 15 61 3b 64 2b 06 5e 12 8f c7 b5 21 98 06