进行sm4加解密操作时sm4_decrypt_ecb函数,指针溢出,应该如何分配指针的内存空间?
```c
#include "e_os2.h"
#include "sm4.h"
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
void sm4_decrypt_ecb(unsigned char* key,
int length,
unsigned char* input,
unsigned char* output)
{
unsigned char* tmp ;
unsigned char* tmp1 ;
int length1 = length;
int bodylength; /*解密后报文体长度 */
int pkcs; /*补位值 */
SM4_KEY ks; /*轮密钥结构体 */
//tmp = (unsigned char*)malloc(sizeof(char) * length+1);
tmp1 = tmp;
ossl_sm4_set_key(key, &ks); /*通过密钥生成32轮密钥*/
while (length > 0)
{
ossl_sm4_decrypt(input, tmp, &ks); /* 进行单组解密,暂存至tmp*/
input += 16;
tmp += 16;
length -= 16;
}
bodylength = strlen(tmp1);
pkcs = (int)tmp[bodylength - 1]; /*取最后一位pkcs补位字符,转换成数字*/
strncpy(output, tmp1, (bodylength - pkcs)); /*去除补位字符,拷贝至输出*/
printf("tmp=[%d]", tmp1);
}
void sm4_encrypt_ecb(unsigned char* key,
int length,
unsigned char* input,
unsigned char* output) {
int bodylength; /*补位后报文体长度 */
SM4_KEY ks; /*轮密钥结构体 */
unsigned char pkcs; /*补位值 */
unsigned char* tmp= output;
pkcs = 16 - (length % 16); /*获取补位值*/
memset(input + strlen(input), pkcs, pkcs); /*报文补位*/
ossl_sm4_set_key(key, &ks); /*通过密钥生成32轮密钥*/
bodylength = strlen(input);
while (bodylength > 0)
{
ossl_sm4_encrypt(input, tmp, &ks); /* 进行单组加密*/
input += 16;
tmp += 16;
bodylength -= 16;
}
}
void main() {
char key[16+1] ;
char input[100];
char input1[100];
char output1[100];
char output[100];
memset(key,0x00, sizeof(key));
memset(input, 0x00, sizeof(input));
memset(input1, 0x00, sizeof(input1));
memset(output1, 0x00, sizeof(output1));
memset(output, 0x00, sizeof(output));
strcpy(key, "1234567890abcdef");
strcpy(input, "1234567890abcde");
sm4_encrypt_ecb(key, strlen(input), input, output);
strcpy(input1, output);
sm4_decrypt_ecb(key, strlen(input1), input1, output1);
}
-----------------------------------------------------------------------------------二次编辑-------------------
代码修改为
```c
void sm4_decrypt_ecb(unsigned char* key,
int length,
unsigned char* input,
unsigned char* output)
{
unsigned char* tmp ;
unsigned char* tmp1 ;
int length1 = length;
int bodylength; /*解密后报文体长度 */
int pkcs = 0; /*补位值 */
SM4_KEY ks; /*轮密钥结构体 */
tmp = (unsigned char*)malloc(sizeof(char) * length+1);
tmp1 = tmp;
ossl_sm4_set_key(key, &ks); /*通过密钥生成32轮密钥*/
while (length1 > 0)
{
ossl_sm4_decrypt(input, tmp, &ks); /* 进行单组解密,暂存至tmp*/
input += 16;
tmp += 16;
length1 -= 16;
}
//bodylength = strlen(tmp1);
pkcs = (int)tmp1[length - 1]; /*取最后一位pkcs补位字符,转换成数字*/
strncpy(output, tmp1, (length - pkcs)); /*去除补位字符,拷贝至输出*/
}
后正常执行,溢出问题并不是出在指针上,而是bodylength = strlen(tmp1)中tmp1长度并不是16的整数倍,以至于tmp1[length - 1]取得数据是错误的,最后strncpy中的第三个参数是很大的一个负数,导致了,错误。也就是ossl_sm4_decrypt中第二个参数tmp结果长度并不是16的整数倍,多了五个字符,这个函数是openssl的开源函数,正常来说应该不会有问题,到底为什么会出现多余的5位呢?