使用 AES 的 OpenSSL 数据传输
OpenSSL data transmission using AES
我想使用OpenSSL在服务器和客户端之间进行数据传输。我想在 CBC 模式下使用 EVP 和 AES 来完成。但是当我尝试在客户端解码第二条消息时,EVP_EncryptFinal_ex returns 0。
我的方案如图所示
我认为,这种行为是因为我为一个 EVP 上下文调用了两次 EVP_EncryptFinal_ex(和 EVP_DecryptFinal_ex)。如何正确操作?
根据EVP docs调用EVP_EncryptFinal_ex()后不能调用EVP_EncryptUpdate()。
If padding is enabled (the default) then EVP_EncryptFinal_ex()
encrypts the "final" data, that is any data that remains in a partial
block. It uses standard block padding (aka PKCS padding) as described
in the NOTES section, below. The encrypted final data is written to
out which should have sufficient space for one cipher block. The
number of bytes written is placed in outl. After this function is
called the encryption operation is finished and no further calls to
EVP_EncryptUpdate() should be made.
相反,您应该通过调用 EVP_EncryptInit_ex() 再次设置用于加密的密码 ctx。请注意,与 EVP_EncryptInit() 不同,使用 EVP_EncryptInit_ex(),您可以继续重用现有上下文,而无需在每次调用时分配和释放它。
我想使用OpenSSL在服务器和客户端之间进行数据传输。我想在 CBC 模式下使用 EVP 和 AES 来完成。但是当我尝试在客户端解码第二条消息时,EVP_EncryptFinal_ex returns 0。 我的方案如图所示
我认为,这种行为是因为我为一个 EVP 上下文调用了两次 EVP_EncryptFinal_ex(和 EVP_DecryptFinal_ex)。如何正确操作?
根据EVP docs调用EVP_EncryptFinal_ex()后不能调用EVP_EncryptUpdate()。
If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the "final" data, that is any data that remains in a partial block. It uses standard block padding (aka PKCS padding) as described in the NOTES section, below. The encrypted final data is written to out which should have sufficient space for one cipher block. The number of bytes written is placed in outl. After this function is called the encryption operation is finished and no further calls to EVP_EncryptUpdate() should be made.
相反,您应该通过调用 EVP_EncryptInit_ex() 再次设置用于加密的密码 ctx。请注意,与 EVP_EncryptInit() 不同,使用 EVP_EncryptInit_ex(),您可以继续重用现有上下文,而无需在每次调用时分配和释放它。