| Hello Jinze. The issue doesn't come from OpenSSL. It comes from at least two buffer overruns. In aesEncrypt: ret = EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, (const unsigned char*)key.c_str(), NULL); You use key.c_str() to set the key. However, key here is "input": if (!aesEncrypt(content, "input", encrypted_content)) return -1; key.c_str() returns a buffer of size 6: "input" plus the null-terminated byte. However, EVP_aes_128_ecb expects a buffer of at least 16 bytes. Therefore, this is UB: you don't control the 10 bytes after the buffer returned by key.c_str(). Same with aesDecrypt: ret = EVP_DecryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, (const unsigned char*)key.c_str(), NULL); if (!aesDecrypt(encrypted_content, "input", decrypted_content)) { If you set "input" to "AAAAAAAAAAAAAAAA" ("A" x 16), it works. The main issue here is that you use the wrong container for storing your key materials and your buffers. You should use "std::vector<std::byte>" (or "std::vector<uint8_t>") with std::vector::data(). Regards, On 12 Nov 2022, at 11:25, WuJinze via openssl-users <openssl-users@xxxxxxxxxxx> wrote: |
