如果您执行以下示例(几乎完全基于官方https://www.openssl.org/docs/man1.0.2/crypto/BIO_s_mem.html#EXAMPLE):
#include <openssl/bio.h>
#include <openssl/buffer.h>
int main() {
BIO *mem = BIO_new(BIO_s_mem());
BIO_puts(mem, "Hello World\n");
BUF_MEM *bptr;
BIO_get_mem_ptr(mem, &bptr);
BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
BIO_free(mem);
printf("%s", bptr->data);
BUF_MEM_free(bptr);
return 0;
}
它可能会按预期工作,这取决于 \n 之后底层内存缓冲区中的未初始化 char 偶然是 \000 的可能性,这可以通过Valgrind报告确认:
==17122== Conditional jump or move depends on uninitialised value(s)
==17122== at 0x52CCCC0: vfprintf (vfprintf.c:1632)
==17122== by 0x52D3898: printf (printf.c:33)
==17122== by 0x4008CC: main (test1.c:13)
==17122== Uninitialised value was created by a heap allocation
==17122== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17122== by 0x4E9CE77: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==17122== by 0x4F4A4B3: BUF_MEM_grow_clean (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==17122== by 0x4F4BBDD: mem_write (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==17122== by 0x4F4AC8E: BIO_puts (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==17122== by 0x40086E: main (test1.c:6)
无论如何,我已经看到这发生了,因为 BIO_puts 没有将空终止的字符串写入内存BIO,即使https://www.openssl.org/docs/man1.0.2/crypto/BIO_puts.html说:
BIO_puts()尝试将空终止字符串buf写入BIO b .
所以我的问题是用OpenSSL内存BIO编写和读取以null结尾的字符串的正确方法是什么 .
此外,以这种方式使用此API无法泄露敏感数据?
注意我正在使用OpenSSL 1.0.2g .
1 回答
BIO_puts将所有数据写入字符串直到NUL终止符 - 但它不包括NUL终结符本身 . 而是使用BIO_write():
或者: