<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:DengXian;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="ZH-CN" link="blue" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi guys,</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have download openssl 1.0.2s and fips 2.0.16 and build successfully on windows and then I try to write a simple app encrypted with public key and decrypt with private key. But It failed decrypted with private key when
fips mode is turned on, decrypt will be success if fips is turned off.</span></p>
<p class="MsoNormal"><span lang="EN-US">I got below error </span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><img width="558" height="51" style="width:5.8125in;height:.5312in" id="图片_x0020_4" src="cid:image001.png@01D52176.09181B50"></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The first error occurs if I pass RSA_sizeof(rsa) as RSA_private_decrypt ‘s first parameter, the second error if I pass the encrypted buffer’s length as RSA_private_decrypt’s first parameter.</span></p>
<p class="MsoNormal"><span lang="EN-US">I also noticed return value of RSA_size is different when fips mode is turned on.</span></p>
<p class="MsoNormal"><span lang="EN-US">Its size is 256 if fips is turned off, but become 128 if fips turned on.</span></p>
<p class="MsoNormal"><span lang="EN-US">RSA_public_encrypt return value is equal to RSA_size when fips is turned off, but its return value will great than RSA_size when truned on, maybe this cause decrypt or something its my code problem?</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Below is my source code, </span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">#include "openssl\crypto.h"</span></p>
<p class="MsoNormal"><span lang="EN-US">#include "openssl\rsa.h"</span></p>
<p class="MsoNormal"><span lang="EN-US">#include "openssl\err.h"</span></p>
<p class="MsoNormal"><span lang="EN-US">#include "openssl/pem.h"</span></p>
<p class="MsoNormal"><span lang="EN-US">#include <stdio.h></span></p>
<p class="MsoNormal"><span lang="EN-US">#include <stdlib.h></span></p>
<p class="MsoNormal"><span lang="EN-US">#include <string.h></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">char* privatekey;</span></p>
<p class="MsoNormal"><span lang="EN-US">int privlen;</span></p>
<p class="MsoNormal"><span lang="EN-US">char* publickey;</span></p>
<p class="MsoNormal"><span lang="EN-US">int publen;</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">void generate()</span></p>
<p class="MsoNormal"><span lang="EN-US">{</span></p>
<p class="MsoNormal"><span lang="EN-US"> int mode = FIPS_mode();</span></p>
<p class="MsoNormal"><span lang="EN-US"> if (mode == 0)</span></p>
<p class="MsoNormal"><span lang="EN-US"> {</span></p>
<p class="MsoNormal"><span lang="EN-US"> int ret = FIPS_mode_set(1);</span></p>
<p class="MsoNormal"><span lang="EN-US"> if (ret != 1)</span></p>
<p class="MsoNormal"><span lang="EN-US"> {</span></p>
<p class="MsoNormal"><span lang="EN-US"> printf("error %s", ERR_get_error());</span></p>
<p class="MsoNormal"><span lang="EN-US"> }</span></p>
<p class="MsoNormal"><span lang="EN-US"> }</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> RSA *rsa = RSA_generate_key(2048, 3, NULL, NULL);</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> BIO *bio = BIO_new(BIO_s_mem());</span></p>
<p class="MsoNormal"><span lang="EN-US"> PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL);</span></p>
<p class="MsoNormal"><span lang="EN-US"> int rszsize = RSA_size(rsa);</span></p>
<p class="MsoNormal"><span lang="EN-US"> privlen = BIO_pending(bio);</span></p>
<p class="MsoNormal"><span lang="EN-US"> privatekey = (char*)malloc(privlen + 1);</span></p>
<p class="MsoNormal"><span lang="EN-US"> BIO_read(bio, privatekey, privlen);</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> PEM_write_bio_RSAPublicKey(bio, rsa);</span></p>
<p class="MsoNormal"><span lang="EN-US"> publen = BIO_pending(bio);</span></p>
<p class="MsoNormal"><span lang="EN-US"> publickey = (char*)malloc(publen + 1);</span></p>
<p class="MsoNormal"><span lang="EN-US"> BIO_read(bio, publickey, publen);</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> BIO_free_all(bio);</span></p>
<p class="MsoNormal"><span lang="EN-US"> RSA_free(rsa);</span></p>
<p class="MsoNormal"><span lang="EN-US">}</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">void Encrypt(const char* password)</span></p>
<p class="MsoNormal"><span lang="EN-US">{</span></p>
<p class="MsoNormal"><span lang="EN-US"> BIO *bio = BIO_new(BIO_s_mem());</span></p>
<p class="MsoNormal"><span lang="EN-US"> RSA *rsa = NULL;</span></p>
<p class="MsoNormal"><span lang="EN-US"> BIO_write(bio, publickey, publen);</span></p>
<p class="MsoNormal"><span lang="EN-US"> RSA* temp = PEM_read_bio_RSAPublicKey(bio, &rsa, NULL, NULL);</span></p>
<p class="MsoNormal"><span lang="EN-US"> char encrypted[500];</span></p>
<p class="MsoNormal"><span lang="EN-US"> int len = 0;</span></p>
<p class="MsoNormal"><span lang="EN-US"> if (temp != NULL)</span></p>
<p class="MsoNormal"><span lang="EN-US"> {</span></p>
<p class="MsoNormal"><span lang="EN-US"> int rsasize = RSA_size(rsa);</span></p>
<p class="MsoNormal"><span lang="EN-US"> len = RSA_public_encrypt((int)strlen(password), (unsigned char*)password, (unsigned char*)encrypted, rsa, RSA_PKCS1_OAEP_PADDING);</span></p>
<p class="MsoNormal"><span lang="EN-US"> if (len == -1)</span></p>
<p class="MsoNormal"><span lang="EN-US"> {</span></p>
<p class="MsoNormal"><span lang="EN-US"> int e = ERR_get_error();</span></p>
<p class="MsoNormal"><span lang="EN-US"> char * err = ERR_error_string(ERR_get_error(), encrypted);</span></p>
<p class="MsoNormal"><span lang="EN-US"> printf("RSA_public_encrypt failed.\n");</span></p>
<p class="MsoNormal"><span lang="EN-US"> }</span></p>
<p class="MsoNormal"><span lang="EN-US"> else</span></p>
<p class="MsoNormal"><span lang="EN-US"> {</span></p>
<p class="MsoNormal"><span lang="EN-US"> printf("%s", encrypted);</span></p>
<p class="MsoNormal"><span lang="EN-US"> }</span></p>
<p class="MsoNormal"><span lang="EN-US"> }</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> BIO *newbio = BIO_new_mem_buf(privatekey, privlen);</span></p>
<p class="MsoNormal"><span lang="EN-US"> RSA *privRsa = NULL;</span></p>
<p class="MsoNormal"><span lang="EN-US"> PEM_read_bio_RSAPrivateKey(newbio, &privRsa, NULL, NULL);</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> char p[4096] = { 0 };</span></p>
<p class="MsoNormal"><span lang="EN-US"> int rsasize = RSA_size(privRsa);</span></p>
<p class="MsoNormal"><span lang="EN-US"> if (privRsa != NULL)</span></p>
<p class="MsoNormal"><span lang="EN-US"> {</span></p>
<p class="MsoNormal"><span lang="EN-US"> int ret = RSA_private_decrypt(rsasize, (unsigned char*)encrypted, (unsigned char*)p, privRsa, RSA_PKCS1_OAEP_PADDING);</span></p>
<p class="MsoNormal"><span lang="EN-US"> if (ret == -1)</span></p>
<p class="MsoNormal"><span lang="EN-US"> {</span></p>
<p class="MsoNormal"><span lang="EN-US"> int e = ERR_get_error();</span></p>
<p class="MsoNormal"><span lang="EN-US"> char * err = ERR_error_string(ERR_get_error(), p);</span></p>
<p class="MsoNormal"><span lang="EN-US"> printf("error");</span></p>
<p class="MsoNormal"><span lang="EN-US"> }</span></p>
<p class="MsoNormal"><span lang="EN-US"> }</span></p>
<p class="MsoNormal"><span lang="EN-US">}</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
<p class="MsoNormal"><span lang="EN-US">Tiger</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt;font-family:SimSun"><o:p> </o:p></span></p>
</div>
</body>
</html>