3.1.1 version encrypt text by SM2. The length of the ciphertext is too long. 1.1.1U: Perl Configure Reminder Error.

[DanielD00]

Q1: 3.1.1 version encrypt text by SM2.The length of the ciphertext it too long.

I have successfully compiled 3.1.1 .According to various information on the Internet, the function of SM2 encryption is implemented.But the length of the ciphertext is wrong.

Generate the EVP_Pkey through HEX:

*ctx = EVP_PKEY_CTX_new_from_name(nullptr, "SM2", nullptr);
int i = EVP_PKEY_fromdata_init(*ctx); if (i != 1) break;

params_build = OSSL_PARAM_BLD_new();
OSSL_PARAM_BLD_push_utf8_string(params_build, OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
if (pubKeyLen > 0) {
    OSSL_PARAM_BLD_push_octet_string(params_build, OSSL_PKEY_PARAM_PUB_KEY, publicKeyXY.data(), publicKeyXY.size());
}
if (priKeyLen > 0) {
    OSSL_PARAM_BLD_push_BN(params_build, OSSL_PKEY_PARAM_PRIV_KEY, BNPriKey);
}
params = OSSL_PARAM_BLD_to_param(params_build);
int status = EVP_PKEY_fromdata(*ctx, evpPkey, EVP_PKEY_KEYPAIR, params);

encrypt code:

evpPkeyCTX = EVP_PKEY_CTX_new_from_pkey(nullptr, evpPkey, nullptr); if (evpPkeyCTX == nullptr) break;
size_t dataLen;
if (cryptType == 0) {
    i = EVP_PKEY_encrypt_init(evpPkeyCTX); if (1 <= 0) break;
    i = EVP_PKEY_encrypt(evpPkeyCTX, nullptr, &dataLen, (unsigned char*)strData.data(), strData.length()); if (i <= 0) break;
    dataBuf = (unsigned char*)OPENSSL_zalloc(dataLen); if (dataBuf == nullptr) break;
    i = EVP_PKEY_encrypt(evpPkeyCTX, dataBuf, &dataLen, (unsigned char*)strData.data(), strData.length()); if (i <= 0) break;
}
else {
    i = EVP_PKEY_decrypt_init(evpPkeyCTX); if (1 <= 0) break;
    i = EVP_PKEY_decrypt(evpPkeyCTX, nullptr, &dataLen, (unsigned char*)strData.data(), strData.length()); if (i <= 0) break;
    dataBuf = (unsigned char*)OPENSSL_zalloc(dataLen); if (dataBuf == nullptr) break;
    i = EVP_PKEY_decrypt(evpPkeyCTX, dataBuf, &dataLen, (unsigned char*)strData.data(), strData.length()); if (i <= 0) break;
}
retStr.assign((char*)dataBuf, dataLen);

priKey hex:
D07E969F55F8D8D1F813A0EF0237CF93E53679A3CB65FD42FD9EB3239DBE5BF5
pubKey hex:
A40C45E02417662AF9DA9EEC5953E8604FB2D59BC3EAE5AABE1D7540B588941E6484EEC9DDCF46B84D198E6659770484A38CCC0646A7546FE5AB2E3D5CD2CF03
original text:123
0x495051
ciphertext,the length is 111
306D022100D6745DA3D9DFFA524C28F604044BF72F001DFCA7201B5F25F5A65E8A37E7E403022100B18DD514D804A523E1DC43BCF3E1EAB8F464B7DC3466144A86AEACCF0EEE420B04209CD81FF4E9AD4BEBB5C69FB62ECE71272E3E375706488C6886CE0434C82DF87B040329106B

I use the online SM2 tool,use the same pubkey,the length of ciphertext is 99:
6F2FC4248432255EDD9641D45D6753C7F27A914BB91303D6A08D34C5F9CDD6934205A86FFDE49B1C9D7AF58C57A96CC0963C3E671F37A4A49CD7894875B9987F942FE2EF8F25686329C92047D3CB674E37760B03BB647F0D67972D0B05AC0DCFA7167A

Why is the length different?where is the trouble?

Q2：Perl Configure Reminder Error.
There is too little information about the 3.0 version on the Internet,So I want to use the 1.1.1u version.
environment:

1. perl 5, version 26, subversion 1 (v5.26.1) built for MSWin32-x64-multi-thread
2. NASM version 2.15.05 compiled on Aug 28 2020
3. Windows10
4. VisualStudio2022

CMD:

E:\openssl-1.1.1u>Perl Configure VC-WIN32 --prefix=E:\openssl-1.1.1u\msbuild
Configuring OpenSSL version 1.1.1u (0x1010115fL) for VC-WIN32
Using os-specific seed configuration
Creating configdata.pm
Creating makefile
Perl Configure VC-WIN32 --prefix=E:\openssl-1.1.1u\msbuildCan't rename E:\openssl-1.1.1u\makefile.new, No such file or directory at Configure line 3240.

I'm sure I have administrator rights and can execute the mkdir command and I have successfully compiled 3.1.1.

what's wrong!

[paulidale]

You shouldn't be using a public key algorithm to encrypt bulk data.
Use a symmetric algorithm to encrypt the data (e.g. SM4) and then use SM2 to encrypt the key used to encrypt the data.

[DanielD00]

There you go

Asymmetric encryption is relatively inefficient, so in the production environment, asymmetric encryption keys are indeed used, and then the data is encrypted with a symmetric encryption algorithm.

But, asymmetric encryption ,like RSA SM2(ECC) ,should be effective.

[paulidale]

But, asymmetric encryption ,like RSA SM2(ECC) ,should be effective.

Apart from being very slow, there are no cipher modes defined for asymmetric algorithms, so you're essentially using ECB mode which has some known issues.

Just don't.

[DanielD00]

It's too hard for me to understand.Do you know what's wrong with Q2?