1

I have a server. I want to add to it AES encryption. I've tried using the Crypto++, after a lot of searching it compiled but it always throw exceptions that come from "CryptoPP::selfTestFailure". I've read somewhere that it has something with this define in the file fips140.cpp:

// Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during 
// startup, random number generation, and key generation. These tests may affect performance.
#ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
#define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0
endif

but when i change the define to 1 the project that i took the DLL from don't compile. what did i do wrong? / is there any other way to implantation the AES algorithm?

jww
  • 97,681
  • 90
  • 411
  • 885
etamar211
  • 53
  • 7
  • You can try [Botan](http://botan.randombit.net) if CryptoPP's giving you a ton of problems – ForceBru Apr 24 '16 at 16:40
  • @SamVarshavchik Windows 10, Visual Studio 2013 – etamar211 Apr 24 '16 at 16:44
  • 1
    "I want to add to it AES encryption." sounds like a bad approach to security. Why not use an existing protocol, like TLS or similar? – milleniumbug Apr 24 '16 at 16:49
  • 1
    @ForceBru Good call. Consider taking up botany. You can always visit [Lounge](http://chat.stackoverflow.com/transcript/10?m=25472144#25472144) where the sub community flocks. – sehe Apr 24 '16 at 16:50
  • You can also try the library in this [code project article](http://www.codeproject.com/Articles/57478/A-Fast-and-Easy-to-Use-AES-Library) – Tomer Apr 24 '16 at 17:00
  • There's a `selfTestFailure`, but you don't show the exception, which contains the failure reason. When you change the `#define` and compilation fails, you don't show the compiler error. You need to show details if you want help. – indiv Apr 24 '16 at 19:12

1 Answers1

2

... after a lot of searching it compiled but it always throw exceptions that come from "CryptoPP::selfTestFailure". I've read somewhere that it has something with this define in the file fips140.cpp:

The FIPS DLL is a special purpose Windows DLL with considerable restrictions. One of the restrictions is the Operational Environment or OE. The OE includes OS versions and service pack levels.

For the FIPS DLL, here are the approved OE's:

  • 5.0.4 - Windows 2000 Professional Operating System, Service Pack 1
  • 5.2.3 - Windows 2000 Professional Operating System, Service Pack 1
  • 5.3.0 - Windows XP Professional with SP2 and Windows Server 2003 X64 with SP1

If the OS is wrong, or the Service Pack level is wrong, then that can cause the self test failure. One of the reasons it can cause a failure is because the DLL locates certain specific memory functions from the C++ runtime. If it does not find them, it throws an exception.

There's a not-so-readily apparent dependency, and that's the version of Visual Studio. The last version of the library that was validated is 5.3, and for it you need Visual Studio 2005.

Usually what you have to do now is set up a a build/test machine with the specific OS, ervice Pack level and Visual Studio, and then build and test on it. Then, when you install Crypto++ and your program in production, you use the compatibility tab to provide the runtime OE.

when i change the define to 1 the project that I took the DLL from don't compile. what did i do wrong?

If you want or need more specific answers, then you need to provide more information, like your version of Windows, your version of Visual Studio, and a call stack.

I would also encourage you to avoid the FIPS DLL if possible. Most users don't realize its special purpose and don't know how to use it properly. Its a pain in the butt to work with and its a constant source of problems.

If you want a DLL, then create a wrapper DLL that exports the symbols you want to export. Then, link to the static version of the Crypto++ library.

jww
  • 97,681
  • 90
  • 411
  • 885
  • do you know other way to use AES in C++ without FIPS DLL? – etamar211 Apr 25 '16 at 08:35
  • @etamar211 - [Advanced Encryption Standard](https://cryptopp.com/wiki/Advanced_Encryption_Standard) and [GNUmakefile | Building the Library](https://cryptopp.com/wiki/Gnumakefile#Building_the_Library) or [Visual Studio | Building the Library](http://cryptopp.com/wiki/Visual_studio) on the Crypto++ wiki? – jww Apr 27 '16 at 20:36