c++ - OPENSSL 错误 : lib(6) func(101) reason(100) evp_enc. c

Question

所以我正在研究 AES 加密，但这个错误一直困扰着我。

错误:

lib(6) func(101) reason(100) evp_enc.c

我正在用一个程序加密我的文件并用另一个程序解密它。使用此代码加密成功。

#include "stdafx.h"
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>
#include <string>
#include <iostream>
#include <fstream>
#include <openssl/applink.c>

using namespace std;

void handleErrors(void)
{
    ERR_print_errors_fp(stderr);
    abort();
}
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
    unsigned char *iv, unsigned char *ciphertext)
{
    EVP_CIPHER_CTX *ctx;

    int len;

    int ciphertext_len;

    /* Create and initialise the context */
    if (!(ctx = EVP_CIPHER_CTX_new())) handleErrors();


    if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv))
        handleErrors();

    if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
        handleErrors();
    ciphertext_len = len;


    if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
    ciphertext_len += len;

    /* Clean up */
    EVP_CIPHER_CTX_free(ctx);
    // cout << ciphertext_len << "\n";
    return ciphertext_len;
}

using namespace std;
int main(void)
{
    /* A 256 bit key */
    unsigned char key[2000];
    memset(key, 0, sizeof(key));
    char s; int initializer = 0;
    /* Key reading */
    string path = "C:/openssl/mykey.pem";
    ifstream myfile(path);
    while (!myfile.eof())
    {
        myfile >> s;
        key[initializer] = s;
        initializer++;
        /* Key is read in such a way that each character is stored into the array */
    }

    cout << key;

    myfile.close();


    /* A 128 bit IV */
    unsigned char *iv = (unsigned char *)"0123456789012345";
    /* Message to be encrypted */
    //unsigned char text[]="weufhskgwesjfho";
    char text[2000];
    memset(text, 0, sizeof(text));
    // Taking input of the text for encryption
    char f; int init = 0;
    /* Key reading */
    string pathToFile = "C:/Users/Zeephremia/Desktop/a.txt";
    ifstream tfs(pathToFile);
    while (!tfs.eof())
    {
        tfs >> f;
        text[init] = f;
        init++;
        /* Key is read in such a way that each character is stored into the array */
    }

    tfs.close();
    //cout << text << endl;

    // Message is type casted
    unsigned char *plaintext = (unsigned char *)text;
    unsigned char ciphertext[128];


    /* Buffer for the decrypted text */
    int ciphertext_len;


    /* Encryption of the plaintext */
    ciphertext_len = encrypt(plaintext, strlen((char *)plaintext), key, iv, ciphertext);
    ciphertext[ciphertext_len] = '\0';
    cout << "\n\nCipher text is \n \n";
    cout << ciphertext;

    ofstream e;
    e.open("c:/users/zeephremia/desktop/b.txt");
    e << ciphertext;
    BIO_dump_fp(stdout, (const char *)ciphertext, ciphertext_len);
    return 0;

}

但是当我尝试用这段代码解密时，

#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>
#include <string>
#include <iostream>
#include <fstream>
#include <openssl/applink.c>

using namespace std;

void handleErrors(void)
{
    ERR_print_errors_fp(stderr);
    abort();
}

int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,
    unsigned char *iv, unsigned char *plaintext)
{
    EVP_CIPHER_CTX *ctx;

    int len;
    int plaintext_len;

    /* Create and initialise the context */
    if (!(ctx = EVP_CIPHER_CTX_new())) handleErrors();


    if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv))
        handleErrors();


    if (1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
        handleErrors();
    plaintext_len = len;

    if (1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors();
    plaintext_len += len;

    /* Clean up */
    EVP_CIPHER_CTX_free(ctx);

    return plaintext_len;
}

using namespace std;
int main(void)
{
    /* A 256 bit key */
    unsigned char key[2000];
    memset(key, 0, sizeof(key));
    char s; int initializer = 0;
    /* Key reading */
    string path = "C:/openssl/mykey.pem";
    ifstream myfile(path);
    while (!myfile.eof())
    {
        myfile >> s;
        key[initializer] = s;
        initializer++;
        /* Key is read in such a way that each character is stored into the array */
    }

    // cout << key;

    myfile.close();


    /* A 128 bit IV */
    unsigned char *iv = (unsigned char *)"0123456789012345";
    /* Message to be encrypted */
    //unsigned char text[]="weufhskgwesjfho";
    char text[2000];
    memset(text, 0, sizeof(text));
    // Taking input of the text for encryption
    char f; int init = 0;
    /* Key reading */
    string pathToFile = "C:/Users/Zeephremia/Desktop/b.txt";
    ifstream tfs(pathToFile);
    while (!tfs.eof())
    {
        tfs >> f;
        text[init] = f;
        init++;
        /* Key is read in such a way that each character is stored into the array */
    }

    tfs.close();
    //cout << text << endl;

    // Message is type casted
    unsigned char *plaintext = (unsigned char *)text;
    unsigned char decryptedtext[2000];

    memset(decryptedtext, 0, sizeof(decryptedtext));
    int len = init-1;


    /* Buffer for the decrypted text */
    int decryptedtext_len;
    cout << "The encryption is: " << plaintext << endl;


    /*decrytption of the plaintext */
     decryptedtext_len = decrypt(plaintext, len, key, iv, decryptedtext);
     cout << decryptedtext; 
    system("pause");
    return 0;


}

它给我这个错误

2332:Erorr:0605506D:lib(6) func(101) reason(100) evp_enc.c

连同这个

Debug Error! Abort() has been cancelled.

根据我的小实验，我发现错误就在这一行。

decryptedtext_len = decrypt(plaintext, len, key, iv, decryptedtext);

任何形式的帮助将不胜感激，非常感谢。 :)

Answer 1

看来密文[plaintext_len]无法解密。

剂量ciphertext和plaintext_len对aes decrypt是否有效？

---

我遇到过类似的问题

1。尝试在不同的主机上解密同一个文件

一个。 ubuntu14, openssl 1.0.1f

chen@u14 $ md5sum hide.enc key.bin 
51da135538878c53d0197485e0343f40  hide.enc
bebbd6cf7cd090b5acd534646d85f487  key.bin
chen@u14 $ openssl enc -d -aes-256-cbc -in hide.enc -out hide.txt -pass file:./key.bin
bad decrypt
139933588633248:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
// failed
chen@u14 $ openssl version
OpenSSL 1.0.1f 6 Jan 2014

B. openwrt18, openssl 1.0.2p

root@openwrt18# md5sum hide.enc key.bin 
51da135538878c53d0197485e0343f40  hide.enc
bebbd6cf7cd090b5acd534646d85f487  key.bin
root@openwrt18# openssl enc -d -aes-256-cbc -in hide.enc -out hide.txt -pass file:./key.bin
WARNING: can't open config file: /etc/ssl/openssl.cnf
bad decrypt
2013216028:error:06065064:lib(6):func(101):reason(100):NA:0:
// failed
root@openwrt18# openssl version
WARNING: can't open config file: /etc/ssl/openssl.cnf
OpenSSL 1.0.2p  14 Aug 2018

C. ubuntu18，openssl 1.1.0

chen@u18 $ md5sum hide.enc key.bin 
51da135538878c53d0197485e0343f40  hide.enc
bebbd6cf7cd090b5acd534646d85f487  key.bin
chen@u18 $ openssl enc -d -aes-256-cbc -in hide.enc -out hide.txt -pass file:./key.bin
// success
chen@u18 $ openssl version
OpenSSL 1.1.0g  2 Nov 2017

---

2。更多研究

一个。 Ubuntu 14

openssl enc -d  -p -aes-256-cbc -in hide.enc -out hide.txt -pass file:./key.bin
salt=6CA0C91549E1177C
key=6E838B9ED5113E254020F895A419355F50F49245789662D5B9D9A89E8F6434DF
iv =1A1CD428E24A8A4B25B1EC4A8ED6F136
bad decrypt
139658322110112:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:

B. openwrt 18

openssl enc -d -p -aes-256-cbc -in hide.enc -out hide.txt -pass file:./key.bin
WARNING: can't open config file: /etc/ssl/openssl.cnf
salt=6CA0C91549E1177C
key=6E838B9ED5113E254020F895A419355F50F49245789662D5B9D9A89E8F6434DF
iv =1A1CD428E24A8A4B25B1EC4A8ED6F136
bad decrypt
2013138204:error:06065064:lib(6):func(101):reason(100):NA:0:

C. Ubuntu 18

openssl enc -d  -p -aes-256-cbc -in hide.enc -out hide.txt -pass file:./key.bin
salt=6CA0C91549E1177C
key=DD38E62703B2AF362362AED7EF64CB4268C053FC40C5F07EF085E014EEA5F27C
iv =B15E1A3C723A0BCEAFF384ABD98AB81B

//他们得到了不同的key，iv，这很奇怪

3。结果

ubuntu 14，openssl 1.0.1f，成功

openssl enc -d  -p -aes-256-cbc -in hide.enc -out hide.txt -pass file:./key.bin -md sha256
salt=6CA0C91549E1177C
key=DD38E62703B2AF362362AED7EF64CB4268C053FC40C5F07EF085E014EEA5F27C
iv =B15E1A3C723A0BCEAFF384ABD98AB81B

最后， 我认识到默认的 -md arg 在 openssl 1.1.0 上是不同的。

这里的默认值:

• ubuntu 14，openssl 1.0.2:md5
• ubuntu 18，openssl 1.1.0:sha256

默认值似乎来自代码源，

/etc/ssl/openssl.cnf 没有找到它们。

---

有些事情可能有帮助。

openssl enc -d  -aes-256-cbc -in hide.enc -out hide.txt -k ' '  -S 6CA0C91549E1177C -K DD38E62703B2AF362362AED7EF64CB4268C053FC40C5F07EF085E014EEA5F27C -iv B15E1A3C723A0BCEAFF384ABD98AB81B -p
salt=6CA0C91549E1177C
key=DD38E62703B2AF362362AED7EF64CB4268C053FC40C5F07EF085E014EEA5F27C
iv =B15E1A3C723A0BCEAFF384ABD98AB81B

//使用openssl cmd 做一个aes-256-cbc 解密，并指定key,iv, salt
//如果不指定 -k，-S 似乎不起作用

完整的帮助

开放式 1.1.0

openssl enc --help
Usage: enc [options]
Valid options are:
 -help          Display this summary
 -ciphers       List ciphers
 -in infile     Input file
 -out outfile   Output file
 -pass val      Passphrase source
 -e             Encrypt
 -d             Decrypt
 -p             Print the iv/key
 -P             Print the iv/key and exit
 -v             Verbose output
 -nopad         Disable standard block padding
 -salt          Use salt in the KDF (default)
 -nosalt        Do not use salt in the KDF
 -debug         Print debug info
 -a             Base64 encode/decode, depending on encryption flag
 -base64        Same as option -a
 -A             Used with -[base64|a] to specify base64 buffer as a single line
 -bufsize val   Buffer size
 -k val         Passphrase
 -kfile infile  Read passphrase from file
 -K val         Raw key, in hex
 -S val         Salt, in hex
 -iv val        IV in hex
 -md val        Use specified digest to create a key from the passphrase
 -none          Don't encrypt
 -*             Any supported cipher
 -engine val    Use engine, possibly a hardware device

开放式 1.0.1f

openssl enc --help
unknown option '--help'
options are
-in <file>     input file
-out <file>    output file
-pass <arg>    pass phrase source
-e             encrypt
-d             decrypt
-a/-base64     base64 encode/decode, depending on encryption flag
-k             passphrase is the next argument
-kfile         passphrase is the first line of the file argument
-md            the next argument is the md to use to create a key
                 from a passphrase.  One of md2, md5, sha or sha1
-S             salt in hex is the next argument
-K/-iv         key/iv in hex is the next argument
-[pP]          print the iv/key (then exit if -P)
-bufsize <n>   buffer size
-nopad         disable standard block padding
-engine e      use engine e, possibly a hardware device.
Cipher Types
-aes-128-cbc               -aes-128-cbc-hmac-sha1     -aes-128-cfb              
-aes-128-cfb1              -aes-128-cfb8              -aes-128-ctr              
-aes-128-ecb               -aes-128-gcm               -aes-128-ofb              
-aes-128-xts               -aes-192-cbc               -aes-192-cfb              
-aes-192-cfb1              -aes-192-cfb8              -aes-192-ctr              
-aes-192-ecb               -aes-192-gcm               -aes-192-ofb              
-aes-256-cbc               -aes-256-cbc-hmac-sha1     -aes-256-cfb              
-aes-256-cfb1              -aes-256-cfb8              -aes-256-ctr              
-aes-256-ecb               -aes-256-gcm               -aes-256-ofb              
-aes-256-xts               -aes128                    -aes192                   
-aes256                    -bf                        -bf-cbc                   
-bf-cfb                    -bf-ecb                    -bf-ofb                   
-blowfish                  -camellia-128-cbc          -camellia-128-cfb         
-camellia-128-cfb1         -camellia-128-cfb8         -camellia-128-ecb         
-camellia-128-ofb          -camellia-192-cbc          -camellia-192-cfb         
-camellia-192-cfb1         -camellia-192-cfb8         -camellia-192-ecb         
-camellia-192-ofb          -camellia-256-cbc          -camellia-256-cfb         
-camellia-256-cfb1         -camellia-256-cfb8         -camellia-256-ecb         
-camellia-256-ofb          -camellia128               -camellia192              
-camellia256               -cast                      -cast-cbc                 
-cast5-cbc                 -cast5-cfb                 -cast5-ecb                
-cast5-ofb                 -des                       -des-cbc                  
-des-cfb                   -des-cfb1                  -des-cfb8                 
-des-ecb                   -des-ede                   -des-ede-cbc              
-des-ede-cfb               -des-ede-ofb               -des-ede3                 
-des-ede3-cbc              -des-ede3-cfb              -des-ede3-cfb1            
-des-ede3-cfb8             -des-ede3-ofb              -des-ofb                  
-des3                      -desx                      -desx-cbc                 
-id-aes128-GCM             -id-aes192-GCM             -id-aes256-GCM            
-rc2                       -rc2-40-cbc                -rc2-64-cbc               
-rc2-cbc                   -rc2-cfb                   -rc2-ecb                  
-rc2-ofb                   -rc4                       -rc4-40                   
-rc4-hmac-md5              -seed                      -seed-cbc                 
-seed-cfb                  -seed-ecb                  -seed-ofb