wolfssl
wolfssl copied to clipboard
wolfSSL
[Bug]: Android x86 builds return SSL Errors
Contact Details
No response
Version
5.4.0
Description
Target Environment:
Android NDK 23c with -march=i686 -msse3 -m32 -O3.
The resulting build can no longer establish a TLS / DTLS connection. Using the option --enable-heapmath fixes the issue.
This was tested on the android emulator.
Using a more modern x86_64 image does not exhibit the same issue when built with -march=x86-64 -msse4.2 -mpopcnt -m64 -O3
Reproduction steps
No response
Relevant log output
No response
Hi @res0nance
Could you try using the tfm.c code with --enable-fastmath. Also, instead, define: SP_WORD_SIZE=32
Sean
Setting SP_WORD_SIZE=32 does not seem to change anything.
Enabling fastmath results in the following error
wolfcrypt/src/tfm.c:3257:11: error: inline assembly requires more registers than available
SQRADD(A->dp[ix>>1], A->dp[ix>>1]);
^
./wolfcrypt/src/asm.c:701:6: note: expanded from macro 'SQRADD'
"movl %3,%%eax \n\t" \
^
wolfcrypt/src/tfm.c:3251:11: error: inline assembly requires more registers than available
SQRADD2(*tmpx++, *tmpy--);
^
./wolfcrypt/src/asm.c:712:6: note: expanded from macro 'SQRADD2'
"movl %3,%%eax \n\t" \
^
wolfcrypt/src/tfm.c:3251:11: error: inline assembly requires more registers than available
./wolfcrypt/src/asm.c:712:6: note: expanded from macro 'SQRADD2'
"movl %3,%%eax \n\t" \
^
wolfcrypt/src/tfm.c:3251:11: error: inline assembly requires more registers than available
./wolfcrypt/src/asm.c:712:6: note: expanded from macro 'SQRADD2'
"movl %3,%%eax \n\t" \
^
4 errors generated.
Please try --enable-32bit and --enable-fastmath.
Thanks, Sean
This resulted in the exact same compiler error
Hi @res0nance
I've put up a pull request that may help. https://github.com/wolfSSL/wolfssl/pull/5405 It appears clang isn't handling the inline assembly register/memory assignation.
Please give this a go and let me know if --enable-fastmath works for you.
Thanks, Sean
Hi @res0nance
I've put up a pull request that may help. It appears clang isn't handling the inline assembly register/memory assignation.
Please give this a go and let me know if --enable-fastmath works for you.
Thanks, Sean
I'll test this out tomorrow and report back, do we have any idea as to why the sp-math-all default implementation is causing errors?
No I don't know. It shouldn't be any different but there must be something in there that will be hard to track unless you give me more detail about the error that you see.
It would be good if you could run testwolfcrypt but I don't know if that's possible in your environment.
No I don't know. It shouldn't be any different but there must be something in there that will be hard to track unless you give me more detail about the error that you see.
It would be good if you could run testwolfcrypt but I don't know if that's possible in your environment.
Tried both, it seems that fastmath is working now.
I tried to get testwolfcrypt to run by compiling it and pushing it to emulator via adb push testwolfcrypt /data/local/tmp Then running it, unfortunately all it does is return 255.
I think the 255 might be just -1. I can't get it to run with spmath or with fastmath.
@dgarske Yes that fixes fastmath but the default that wolf uses is sp-math, this option unfortunately does not work. Should platforms use this option instead? I would much rather see that the default option produces a working library so users would not have to deal with all the caveats.
Sorry it closed automatically with the PR merge. I'll keep this open for @SparkiDev to review.
I would too! :-) But I can't diagnose the error from here. Was there any output from the testwolfcrypt? It could either be going to a log, if ANDROID is defined, or stdout.
To future readers, on the android platform for the testwolfcrypt binary the output goes to logcat
Firstly, I'd like to thank you for your patience in this process. Getting this all to work was quite confusing on my end.
Moving on to my findings.
The filesystem seems not to be able to read the cert despite me copying the entire wolfssl folder into the emulator (i think it doesn't work on a real device as well). So I had to workaround with --disable-filesystem and USE_CERT_BUFFERS
Side note: https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html is out of date it lacks the USE_CERT_BUFFERS_256, USE_CERT_BUFFERS_4096 and USE_CERT_BUFFERS_3072 options
With USE_CERT_BUFFERS_1024, 2048, 3072 options the RSA test passes
But with 4096 spmath fails with
07-29 11:55:45.930 3069 3069 D [WOLFCRYPT]: ------------------------------------------------------------------------------
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: wolfSSL version 5.4.0
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: ------------------------------------------------------------------------------
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: error test passed!
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: MEMORY test passed!
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: base64 test passed!
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: asn test passed!
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: RANDOM test passed!
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: MD5 test passed!
07-29 11:55:45.931 3069 3069 D [WOLFCRYPT]: SHA test passed!
07-29 11:55:45.932 3069 3069 D [WOLFCRYPT]: SHA-256 test passed!
07-29 11:55:45.933 3069 3069 D [WOLFCRYPT]: SHA-384 test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: SHA-512 test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: Hash test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: HMAC-MD5 test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: HMAC-SHA test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: HMAC-SHA256 test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: HMAC-SHA384 test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: HMAC-SHA512 test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: HMAC-KDF test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: TLSv1.3 KDF test passed!
07-29 11:55:45.935 3069 3069 D [WOLFCRYPT]: GMAC test passed!
07-29 11:55:45.938 3069 3069 D [WOLFCRYPT]: Chacha test passed!
07-29 11:55:45.938 3069 3069 D [WOLFCRYPT]: POLY1305 test passed!
07-29 11:55:45.938 3069 3069 D [WOLFCRYPT]: ChaCha20-Poly1305 AEAD test passed!
07-29 11:55:45.938 3069 3069 D [WOLFCRYPT]: AES test passed!
07-29 11:55:45.938 3069 3069 D [WOLFCRYPT]: AES192 test passed!
07-29 11:55:45.938 3069 3069 D [WOLFCRYPT]: AES256 test passed!
07-29 11:55:45.951 3069 3069 D [WOLFCRYPT]: AES-GCM test passed!
07-29 11:55:45.951 3069 3069 D [WOLFCRYPT]: RSA test failed!
07-29 11:55:45.951 3069 3069 D [WOLFCRYPT]: error = -7904
07-29 11:55:45.951 3069 3069 D [WOLFCRYPT]: Exiting main with return code: -1
This test will pass with --enable-heapmath
With the sp-math builds one error that kept cropping up is ASN_GETINT_E
With SP math did you enable 4096-bit support using WOLFSSL_SP_4096? If cross compiling this may not get set with --enable-sp unless you do --enable-sp=yes,4096 --enable-sp-math.
We've been getting mp_exptmod error state errors from our software after connecting to a server with a RSA 4096 certificate after updating to 5.4.0.
Enabling fast-math also seems to have fixed this.
Options used at the time are listed here:
https://github.com/RPCS3/rpcs3/blob/c00d47cc99952c45996c0eab5f6a35c39e7a70fe/3rdparty/wolfssl/CMakeLists.txt
We're probably just going to turn fast-math on(tbh I can't remember why it was set to off, some build issues maybe?) but I assume this is not expected behaviour.
Hi @RipleyTom
SP math all is now the default maths implementation for wolfSSL. This may have caused the change. Please set SP_INT_BITS=4096 to allow for 4096 bit RSA keys. There is a pull request out that should fix these types of issues.
Hi @res0nance,
The error appears to be happening in the decoding of the public key, which is odd.
Please try defining WOLFSSL_ASN_TEMPLATE and WOLFSSL_DEBUG_ASN_TEMPLATE. Then run the test again. This will change the ASN.1 parsing code and allow detailed debugging information.
Thanks, Sean
@SparkiDev
Here is the test output
08-01 11:35:06.562 6148 6148 D [WOLFCRYPT]: ------------------------------------------------------------------------------
08-01 11:35:06.562 6148 6148 D [WOLFCRYPT]: wolfSSL version 5.4.0
08-01 11:35:06.562 6148 6148 D [WOLFCRYPT]: ------------------------------------------------------------------------------
08-01 11:35:06.563 6148 6148 D [WOLFCRYPT]: error test passed!
08-01 11:35:06.563 6148 6148 D [WOLFCRYPT]: MEMORY test passed!
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.563 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.564 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.564 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.564 6148 6148 I chatty : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 10 lines
08-01 11:35:06.564 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.564 6148 6148 V [wolfSSL]: Bad end of line in Base64 Decode
08-01 11:35:06.564 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.566 6148 6148 I chatty : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 27 lines
08-01 11:35:06.566 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.567 6148 6148 V [wolfSSL]: Bad Base64 Decode bad character
08-01 11:35:06.568 6148 6148 I chatty : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 14 lines
08-01 11:35:06.568 6148 6148 V [wolfSSL]: Bad Base64 Decode bad character
08-01 11:35:06.569 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.575 6148 6148 I chatty : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 131 lines
08-01 11:35:06.575 6148 6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.575 6148 6148 D [WOLFCRYPT]: base64 test passed!
08-01 11:35:06.575 6148 6148 V [wolfSSL]: TEMPLATE: dateASN
08-01 11:35:06.575 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.575 6148 6148 V [wolfSSL]: 0: 0 13 UTCTime
08-01 11:35:06.575 6148 6148 D [WOLFCRYPT]: asn test passed!
08-01 11:35:06.576 6148 6148 D [WOLFCRYPT]: RANDOM test passed!
08-01 11:35:06.576 6148 6148 D [WOLFCRYPT]: MD5 test passed!
08-01 11:35:06.576 6148 6148 D [WOLFCRYPT]: SHA test passed!
08-01 11:35:06.577 6148 6148 D [WOLFCRYPT]: SHA-256 test passed!
08-01 11:35:06.578 6148 6148 D [WOLFCRYPT]: SHA-384 test passed!
08-01 11:35:06.579 6148 6148 D [WOLFCRYPT]: SHA-512 test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: Hash test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: HMAC-MD5 test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: HMAC-SHA test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: HMAC-SHA256 test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: HMAC-SHA384 test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: HMAC-SHA512 test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: HMAC-KDF test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: TLSv1.3 KDF test passed!
08-01 11:35:06.580 6148 6148 D [WOLFCRYPT]: GMAC test passed!
08-01 11:35:06.584 6148 6148 D [WOLFCRYPT]: Chacha test passed!
08-01 11:35:06.584 6148 6148 D [WOLFCRYPT]: POLY1305 test passed!
08-01 11:35:06.584 6148 6148 D [WOLFCRYPT]: ChaCha20-Poly1305 AEAD test passed!
08-01 11:35:06.584 6148 6148 D [WOLFCRYPT]: AES test passed!
08-01 11:35:06.584 6148 6148 D [WOLFCRYPT]: AES192 test passed!
08-01 11:35:06.584 6148 6148 D [WOLFCRYPT]: AES256 test passed!
08-01 11:35:06.597 6148 6148 D [WOLFCRYPT]: AES-GCM test passed!
08-01 11:35:06.597 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.597 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.597 6148 6148 V [wolfSSL]: 0: 2 0 + SEQUENCE Tag=0x02 (INTEGER)
08-01 11:35:06.597 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.597 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.597 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.597 6148 6148 V [wolfSSL]: 0: 2 0 + SEQUENCE Tag=0x02 (INTEGER)
08-01 11:35:06.598 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.598 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.598 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598 6148 6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.598 6148 6148 V [wolfSSL]: 0: idx=3 len=0 end=24
08-01 11:35:06.598 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.598 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598 6148 6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.598 6148 6148 V [wolfSSL]: 0: idx=3 len=0 end=24
08-01 11:35:06.598 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.598 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598 6148 6148 V [wolfSSL]: 0: 2 22 + SEQUENCE
08-01 11:35:06.598 6148 6148 V [wolfSSL]: 1: 4 0 INTEGER Tag=0x06 (OBJECT ID)
08-01 11:35:06.598 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.598 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.598 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598 6148 6148 V [wolfSSL]: 0: 2 22 + SEQUENCE
08-01 11:35:06.599 6148 6148 V [wolfSSL]: 1: 4 0 + SEQUENCE Tag=0x06 (OBJECT ID)
08-01 11:35:06.599 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.599 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.599 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.599 6148 6148 V [wolfSSL]: 0: 0 27 + SEQUENCE
08-01 11:35:06.599 6148 6148 V [wolfSSL]: 1: 2 0 INTEGER Tag=0x30 (SEQUENCE)
08-01 11:35:06.599 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.599 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.599 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.599 6148 6148 V [wolfSSL]: 0: 0 27 + SEQUENCE
08-01 11:35:06.599 6148 6148 V [wolfSSL]: 1: 2 25 + SEQUENCE
08-01 11:35:06.599 6148 6148 V [wolfSSL]: 2: 4 9 OBJECT ID
08-01 11:35:06.599 6148 6148 V [wolfSSL]: 3: 15 1 NULL
08-01 11:35:06.600 6148 6148 V [wolfSSL]: NULL length too long: 1
08-01 11:35:06.600 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.600 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.600 6148 6148 V [wolfSSL]: 0: 0 24 + SEQUENCE
08-01 11:35:06.600 6148 6148 V [wolfSSL]: 1: 2 0 INTEGER Tag=0x30 (SEQUENCE)
08-01 11:35:06.600 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.600 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.600 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.600 6148 6148 V [wolfSSL]: 0: 0 24 + SEQUENCE
08-01 11:35:06.600 6148 6148 V [wolfSSL]: 1: 2 22 + SEQUENCE
08-01 11:35:06.600 6148 6148 V [wolfSSL]: 2: 4 9 OBJECT ID
08-01 11:35:06.600 6148 6148 V [wolfSSL]: 4: 15 0 BIT STRING Tag=0x04 (OCTET STRING)
08-01 11:35:06.600 6148 6148 V [wolfSSL]: Expecting BIT STRING
08-01 11:35:06.600 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.600 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.600 6148 6148 V [wolfSSL]: 0: 0 24 + SEQUENCE
08-01 11:35:06.601 6148 6148 V [wolfSSL]: 1: 2 0 INTEGER Tag=0x30 (SEQUENCE)
08-01 11:35:06.601 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.601 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.601 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.601 6148 6148 V [wolfSSL]: 0: 0 24 + SEQUENCE
08-01 11:35:06.601 6148 6148 V [wolfSSL]: 1: 2 22 + SEQUENCE
08-01 11:35:06.601 6148 6148 V [wolfSSL]: 2: 4 9 OBJECT ID
08-01 11:35:06.602 6148 6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.602 6148 6148 V [wolfSSL]: 4: idx=16 len=0 end=26
08-01 11:35:06.602 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.602 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.602 6148 6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.602 6148 6148 V [wolfSSL]: 0: idx=1 len=0 end=23
08-01 11:35:06.602 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.602 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.602 6148 6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.602 6148 6148 V [wolfSSL]: 0: idx=1 len=0 end=23
08-01 11:35:06.602 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.602 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.602 6148 6148 V [wolfSSL]: 0: 0 15 + SEQUENCE
08-01 11:35:06.602 6148 6148 V [wolfSSL]: 1: 2 0 INTEGER Tag=0x30 (SEQUENCE)
08-01 11:35:06.602 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.602 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.603 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.603 6148 6148 V [wolfSSL]: 0: 0 15 + SEQUENCE
08-01 11:35:06.603 6148 6148 V [wolfSSL]: 1: 2 13 + SEQUENCE
08-01 11:35:06.603 6148 6148 V [wolfSSL]: 2: 4 0 OBJECT ID Tag=0x05 (NULL)
08-01 11:35:06.603 6148 6148 V [wolfSSL]: Expecting OBJECT ID
08-01 11:35:06.603 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.603 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.603 6148 6148 V [wolfSSL]: 0: 0 6 + SEQUENCE
08-01 11:35:06.603 6148 6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.603 6148 6148 V [wolfSSL]: 1: idx=3 len=0 end=8
08-01 11:35:06.603 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.603 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.603 6148 6148 V [wolfSSL]: 0: 0 6 + SEQUENCE
08-01 11:35:06.603 6148 6148 V [wolfSSL]: 1: 2 0 + SEQUENCE Tag=0x02 (INTEGER)
08-01 11:35:06.603 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.604 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.604 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 0: 0 6 + SEQUENCE
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 1: 2 1 INTEGER
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 2: 5 0 INTEGER Tag=0x04 (OCTET STRING)
08-01 11:35:06.604 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.604 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.604 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 0: 0 6 + SEQUENCE
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 1: 2 0 + SEQUENCE Tag=0x02 (INTEGER)
08-01 11:35:06.604 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.604 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.604 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 0: 0 4 + SEQUENCE
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 1: 2 1 INTEGER
08-01 11:35:06.604 6148 6148 V [wolfSSL]: GetLength - bad index on input
08-01 11:35:06.604 6148 6148 V [wolfSSL]: 2: idx=6 len=0 end=6
08-01 11:35:06.605 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.605 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 0: 0 4 + SEQUENCE
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 1: 2 0 + SEQUENCE Tag=0x02 (INTEGER)
08-01 11:35:06.605 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.605 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.605 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 0: 0 23 + SEQUENCE
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 1: 2 0 INTEGER Tag=0x30 (SEQUENCE)
08-01 11:35:06.605 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.605 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.605 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 0: 0 23 + SEQUENCE
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 1: 2 21 + SEQUENCE
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 2: 4 9 OBJECT ID
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 4: 15 8 BIT STRING
08-01 11:35:06.605 6148 6148 V [wolfSSL]: BIT STRING unused bits too big: 48 > 7
08-01 11:35:06.605 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.605 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 0: 0 6 + SEQUENCE
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 1: 2 1 INTEGER
08-01 11:35:06.605 6148 6148 V [wolfSSL]: 2: 5 1 INTEGER
08-01 11:35:06.605 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.606 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 0: 0 24 + SEQUENCE
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 1: 2 0 INTEGER Tag=0x30 (SEQUENCE)
08-01 11:35:06.606 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.606 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.606 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 0: 0 24 + SEQUENCE
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 1: 2 22 + SEQUENCE
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 2: 4 9 OBJECT ID
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 4: 15 9 BIT STRING
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 5: 18 6 + SEQUENCE
08-01 11:35:06.606 6148 6148 V [wolfSSL]: 6: 20 1 INTEGER
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 7: 23 1 INTEGER
08-01 11:35:06.607 6148 6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.607 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 0: 0 26 + SEQUENCE
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 1: 2 0 INTEGER Tag=0x30 (SEQUENCE)
08-01 11:35:06.607 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.607 6148 6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.607 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 0: 0 26 + SEQUENCE
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 1: 2 24 + SEQUENCE
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 2: 4 9 OBJECT ID
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 3: 15 0 NULL
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 4: 17 9 BIT STRING
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 5: 20 6 + SEQUENCE
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 6: 22 1 INTEGER
08-01 11:35:06.607 6148 6148 V [wolfSSL]: 7: 25 1 INTEGER
08-01 11:35:06.607 6148 6148 V [wolfSSL]: TEMPLATE: pkcs8KeyASN
08-01 11:35:06.607 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.608 6148 6148 V [wolfSSL]: 0: 0 2344 + SEQUENCE
08-01 11:35:06.608 6148 6148 V [wolfSSL]: 1: 4 1 INTEGER
08-01 11:35:06.608 6148 6148 V [wolfSSL]: 2: 7 0 + SEQUENCE Tag=0x02 (INTEGER)
08-01 11:35:06.608 6148 6148 V [wolfSSL]: Bad tag
08-01 11:35:06.608 6148 6148 V [wolfSSL]: TEMPLATE: rsaKeyASN
08-01 11:35:06.608 6148 6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.608 6148 6148 V [wolfSSL]: 0: 0 2344 + SEQUENCE
08-01 11:35:06.608 6148 6148 V [wolfSSL]: 1: 4 1 INTEGER
08-01 11:35:06.608 6148 6148 V [wolfSSL]: 2: 7 513 INTEGER
08-01 11:35:06.608 6148 6148 V [wolfSSL]: Failed to read mp: -3
08-01 11:35:06.608 6148 6148 D [WOLFCRYPT]: RSA test failed!
08-01 11:35:06.608 6148 6148 D [WOLFCRYPT]: error = -7904
08-01 11:35:06.608 6148 6148 V [wolfSSL]: wolfSSL Entering wolfCrypt_Cleanup
08-01 11:35:06.608 6148 6148 D [WOLFCRYPT]: Exiting main with return code: -1
I'll try to get the output when this is run with our regular workload instead of the test later
Hi @res0nance
It definitely looks like the conversion from binary of the numbers is failing. There isn't much that can fail in there! Make sure SP_INT_BITS is 4096 and SP_WORD_SIZE is 32.
Also, try with -O2 instead of -03 or even debug.
Thanks, Sean
I added SP_INT_BITS=4096 and it now seems to be working. Looking around I found that on 64bit platforms this is automatically set which is probably why 64 bit doesn't have this issue.
With SP math did you enable 4096-bit support using
WOLFSSL_SP_4096? If cross compiling this may not get set with--enable-spunless you do--enable-sp=yes,4096 --enable-sp-math.
Probably this is exactly the reason why. Not sure if this should be classified a bug but this did break when updating from 5.3.0 to 5.4.0. I'm going to try ensuring all our builds have these flags set for --enable-sp
Hi @res0nance,
Is there anything more for this issue? If not I'll come it.
Thanks, Sean
Hi @res0nance,
Is there anything more for this issue? If not I'll come it.
Thanks, Sean
No I think its fine, Thanks for everything.