search

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
https://www.wolfssl.com
GNU General Public License v2.0
2.33k stars 827 forks source link

[Bug]: Android x86 builds return SSL Errors #5396

Closed res0nance closed 2 years ago

res0nance commented 2 years ago

Contact Details

No response

Version

5.4.0

Description

Target Environment:

Android NDK 23c with -march=i686 -msse3 -m32 -O3.

The resulting build can no longer establish a TLS / DTLS connection. Using the option --enable-heapmath fixes the issue.

This was tested on the android emulator.

Using a more modern x86_64 image does not exhibit the same issue when built with -march=x86-64 -msse4.2 -mpopcnt -m64 -O3

Reproduction steps

No response

Relevant log output

No response

SparkiDev commented 2 years ago

Hi @res0nance

Could you try using the tfm.c code with --enable-fastmath. Also, instead, define: SP_WORD_SIZE=32

Sean

res0nance commented 2 years ago

Setting SP_WORD_SIZE=32 does not seem to change anything.

Enabling fastmath results in the following error

wolfcrypt/src/tfm.c:3257:11: error: inline assembly requires more registers than available
          SQRADD(A->dp[ix>>1], A->dp[ix>>1]);
          ^
./wolfcrypt/src/asm.c:701:6: note: expanded from macro 'SQRADD'
     "movl  %3,%%eax     \n\t"                            \
     ^
wolfcrypt/src/tfm.c:3251:11: error: inline assembly requires more registers than available
          SQRADD2(*tmpx++, *tmpy--);
          ^
./wolfcrypt/src/asm.c:712:6: note: expanded from macro 'SQRADD2'
     "movl  %3,%%eax     \n\t"                            \
     ^
wolfcrypt/src/tfm.c:3251:11: error: inline assembly requires more registers than available
./wolfcrypt/src/asm.c:712:6: note: expanded from macro 'SQRADD2'
     "movl  %3,%%eax     \n\t"                            \
     ^
wolfcrypt/src/tfm.c:3251:11: error: inline assembly requires more registers than available
./wolfcrypt/src/asm.c:712:6: note: expanded from macro 'SQRADD2'
     "movl  %3,%%eax     \n\t"                            \
     ^
4 errors generated.
SparkiDev commented 2 years ago

Please try --enable-32bit and --enable-fastmath.

Thanks, Sean

res0nance commented 2 years ago

Please try --enable-32bit and --enable-fastmath.

Thanks, Sean

This resulted in the exact same compiler error

SparkiDev commented 2 years ago

Hi @res0nance

I've put up a pull request that may help. https://github.com/wolfSSL/wolfssl/pull/5405 It appears clang isn't handling the inline assembly register/memory assignation.

Please give this a go and let me know if --enable-fastmath works for you.

Thanks, Sean

res0nance commented 2 years ago

Hi @res0nance

I've put up a pull request that may help. It appears clang isn't handling the inline assembly register/memory assignation.

Please give this a go and let me know if --enable-fastmath works for you.

Thanks, Sean

I'll test this out tomorrow and report back, do we have any idea as to why the sp-math-all default implementation is causing errors?

SparkiDev commented 2 years ago

No I don't know. It shouldn't be any different but there must be something in there that will be hard to track unless you give me more detail about the error that you see.

It would be good if you could run testwolfcrypt but I don't know if that's possible in your environment.

res0nance commented 2 years ago

No I don't know. It shouldn't be any different but there must be something in there that will be hard to track unless you give me more detail about the error that you see.

It would be good if you could run testwolfcrypt but I don't know if that's possible in your environment.

Tried both, it seems that fastmath is working now.

I tried to get testwolfcrypt to run by compiling it and pushing it to emulator via adb push testwolfcrypt /data/local/tmp Then running it, unfortunately all it does is return 255.

I think the 255 might be just -1. I can't get it to run with spmath or with fastmath.

res0nance commented 2 years ago

@dgarske Yes that fixes fastmath but the default that wolf uses is sp-math, this option unfortunately does not work. Should platforms use this option instead? I would much rather see that the default option produces a working library so users would not have to deal with all the caveats.

dgarske commented 2 years ago

Sorry it closed automatically with the PR merge. I'll keep this open for @SparkiDev to review.

SparkiDev commented 2 years ago

I would too! :-) But I can't diagnose the error from here. Was there any output from the testwolfcrypt? It could either be going to a log, if ANDROID is defined, or stdout.

res0nance commented 2 years ago

To future readers, on the android platform for the testwolfcrypt binary the output goes to logcat

Firstly, I'd like to thank you for your patience in this process. Getting this all to work was quite confusing on my end.

Moving on to my findings.

The filesystem seems not to be able to read the cert despite me copying the entire wolfssl folder into the emulator (i think it doesn't work on a real device as well). So I had to workaround with --disable-filesystem and USE_CERT_BUFFERS

Side note: https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html is out of date it lacks the USE_CERT_BUFFERS_256, USE_CERT_BUFFERS_4096 and USE_CERT_BUFFERS_3072 options

With USE_CERT_BUFFERS_1024, 2048, 3072 options the RSA test passes

But with 4096 spmath fails with

07-29 11:55:45.930  3069  3069 D [WOLFCRYPT]: ------------------------------------------------------------------------------
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]:  wolfSSL version 5.4.0
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: ------------------------------------------------------------------------------
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: error    test passed!
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: MEMORY   test passed!
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: base64   test passed!
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: asn      test passed!
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: RANDOM   test passed!
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: MD5      test passed!
07-29 11:55:45.931  3069  3069 D [WOLFCRYPT]: SHA      test passed!
07-29 11:55:45.932  3069  3069 D [WOLFCRYPT]: SHA-256  test passed!
07-29 11:55:45.933  3069  3069 D [WOLFCRYPT]: SHA-384  test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: SHA-512  test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: Hash     test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: HMAC-MD5 test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: HMAC-SHA test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: HMAC-SHA256 test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: HMAC-SHA384 test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: HMAC-SHA512 test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: HMAC-KDF    test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: TLSv1.3 KDF test passed!
07-29 11:55:45.935  3069  3069 D [WOLFCRYPT]: GMAC     test passed!
07-29 11:55:45.938  3069  3069 D [WOLFCRYPT]: Chacha   test passed!
07-29 11:55:45.938  3069  3069 D [WOLFCRYPT]: POLY1305 test passed!
07-29 11:55:45.938  3069  3069 D [WOLFCRYPT]: ChaCha20-Poly1305 AEAD test passed!
07-29 11:55:45.938  3069  3069 D [WOLFCRYPT]: AES      test passed!
07-29 11:55:45.938  3069  3069 D [WOLFCRYPT]: AES192   test passed!
07-29 11:55:45.938  3069  3069 D [WOLFCRYPT]: AES256   test passed!
07-29 11:55:45.951  3069  3069 D [WOLFCRYPT]: AES-GCM  test passed!
07-29 11:55:45.951  3069  3069 D [WOLFCRYPT]: RSA      test failed!
07-29 11:55:45.951  3069  3069 D [WOLFCRYPT]:  error = -7904
07-29 11:55:45.951  3069  3069 D [WOLFCRYPT]: Exiting main with return code: -1

This test will pass with --enable-heapmath

With the sp-math builds one error that kept cropping up is ASN_GETINT_E

dgarske commented 2 years ago

With SP math did you enable 4096-bit support using WOLFSSL_SP_4096? If cross compiling this may not get set with --enable-sp unless you do --enable-sp=yes,4096 --enable-sp-math.

RipleyTom commented 2 years ago

We've been getting mp_exptmod error state errors from our software after connecting to a server with a RSA 4096 certificate after updating to 5.4.0. Enabling fast-math also seems to have fixed this. Options used at the time are listed here: https://github.com/RPCS3/rpcs3/blob/c00d47cc99952c45996c0eab5f6a35c39e7a70fe/3rdparty/wolfssl/CMakeLists.txt

We're probably just going to turn fast-math on(tbh I can't remember why it was set to off, some build issues maybe?) but I assume this is not expected behaviour.

SparkiDev commented 2 years ago

Hi @RipleyTom

SP math all is now the default maths implementation for wolfSSL. This may have caused the change. Please set SP_INT_BITS=4096 to allow for 4096 bit RSA keys. There is a pull request out that should fix these types of issues.

SparkiDev commented 2 years ago

Hi @res0nance,

The error appears to be happening in the decoding of the public key, which is odd.

Please try defining WOLFSSL_ASN_TEMPLATE and WOLFSSL_DEBUG_ASN_TEMPLATE. Then run the test again. This will change the ASN.1 parsing code and allow detailed debugging information.

Thanks, Sean

res0nance commented 2 years ago

@SparkiDev

Here is the test output

08-01 11:35:06.562  6148  6148 D [WOLFCRYPT]: ------------------------------------------------------------------------------
08-01 11:35:06.562  6148  6148 D [WOLFCRYPT]:  wolfSSL version 5.4.0
08-01 11:35:06.562  6148  6148 D [WOLFCRYPT]: ------------------------------------------------------------------------------
08-01 11:35:06.563  6148  6148 D [WOLFCRYPT]: error    test passed!
08-01 11:35:06.563  6148  6148 D [WOLFCRYPT]: MEMORY   test passed!
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.563  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.564  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.564  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.564  6148  6148 I chatty  : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 10 lines
08-01 11:35:06.564  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.564  6148  6148 V [wolfSSL]: Bad end of line in Base64 Decode
08-01 11:35:06.564  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.566  6148  6148 I chatty  : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 27 lines
08-01 11:35:06.566  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too small
08-01 11:35:06.567  6148  6148 V [wolfSSL]: Bad Base64 Decode bad character
08-01 11:35:06.568  6148  6148 I chatty  : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 14 lines
08-01 11:35:06.568  6148  6148 V [wolfSSL]: Bad Base64 Decode bad character
08-01 11:35:06.569  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.575  6148  6148 I chatty  : uid=2000(shell) ./wolfcrypt/test/testwolfcrypt identical 131 lines
08-01 11:35:06.575  6148  6148 V [wolfSSL]: Bad Base64 Decode data, too big
08-01 11:35:06.575  6148  6148 D [WOLFCRYPT]: base64   test passed!
08-01 11:35:06.575  6148  6148 V [wolfSSL]: TEMPLATE: dateASN
08-01 11:35:06.575  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.575  6148  6148 V [wolfSSL]:  0:    0   13    UTCTime
08-01 11:35:06.575  6148  6148 D [WOLFCRYPT]: asn      test passed!
08-01 11:35:06.576  6148  6148 D [WOLFCRYPT]: RANDOM   test passed!
08-01 11:35:06.576  6148  6148 D [WOLFCRYPT]: MD5      test passed!
08-01 11:35:06.576  6148  6148 D [WOLFCRYPT]: SHA      test passed!
08-01 11:35:06.577  6148  6148 D [WOLFCRYPT]: SHA-256  test passed!
08-01 11:35:06.578  6148  6148 D [WOLFCRYPT]: SHA-384  test passed!
08-01 11:35:06.579  6148  6148 D [WOLFCRYPT]: SHA-512  test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: Hash     test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: HMAC-MD5 test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: HMAC-SHA test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: HMAC-SHA256 test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: HMAC-SHA384 test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: HMAC-SHA512 test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: HMAC-KDF    test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: TLSv1.3 KDF test passed!
08-01 11:35:06.580  6148  6148 D [WOLFCRYPT]: GMAC     test passed!
08-01 11:35:06.584  6148  6148 D [WOLFCRYPT]: Chacha   test passed!
08-01 11:35:06.584  6148  6148 D [WOLFCRYPT]: POLY1305 test passed!
08-01 11:35:06.584  6148  6148 D [WOLFCRYPT]: ChaCha20-Poly1305 AEAD test passed!
08-01 11:35:06.584  6148  6148 D [WOLFCRYPT]: AES      test passed!
08-01 11:35:06.584  6148  6148 D [WOLFCRYPT]: AES192   test passed!
08-01 11:35:06.584  6148  6148 D [WOLFCRYPT]: AES256   test passed!
08-01 11:35:06.597  6148  6148 D [WOLFCRYPT]: AES-GCM  test passed!
08-01 11:35:06.597  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.597  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.597  6148  6148 V [wolfSSL]:  0:    2    0 +    SEQUENCE              Tag=0x02 (INTEGER)
08-01 11:35:06.597  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.597  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.597  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.597  6148  6148 V [wolfSSL]:  0:    2    0 +  SEQUENCE                Tag=0x02 (INTEGER)
08-01 11:35:06.598  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.598  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.598  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598  6148  6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.598  6148  6148 V [wolfSSL]:  0: idx=3 len=0 end=24
08-01 11:35:06.598  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.598  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598  6148  6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.598  6148  6148 V [wolfSSL]:  0: idx=3 len=0 end=24
08-01 11:35:06.598  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.598  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598  6148  6148 V [wolfSSL]:  0:    2   22 +    SEQUENCE
08-01 11:35:06.598  6148  6148 V [wolfSSL]:  1:    4    0       INTEGER              Tag=0x06 (OBJECT ID)
08-01 11:35:06.598  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.598  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.598  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.598  6148  6148 V [wolfSSL]:  0:    2   22 +  SEQUENCE
08-01 11:35:06.599  6148  6148 V [wolfSSL]:  1:    4    0 +   SEQUENCE               Tag=0x06 (OBJECT ID)
08-01 11:35:06.599  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.599  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.599  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.599  6148  6148 V [wolfSSL]:  0:    0   27 +    SEQUENCE
08-01 11:35:06.599  6148  6148 V [wolfSSL]:  1:    2    0       INTEGER              Tag=0x30 (SEQUENCE)
08-01 11:35:06.599  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.599  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.599  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.599  6148  6148 V [wolfSSL]:  0:    0   27 +  SEQUENCE
08-01 11:35:06.599  6148  6148 V [wolfSSL]:  1:    2   25 +   SEQUENCE
08-01 11:35:06.599  6148  6148 V [wolfSSL]:  2:    4    9      OBJECT ID
08-01 11:35:06.599  6148  6148 V [wolfSSL]:  3:   15    1      NULL
08-01 11:35:06.600  6148  6148 V [wolfSSL]: NULL length too long: 1
08-01 11:35:06.600  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.600  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.600  6148  6148 V [wolfSSL]:  0:    0   24 +    SEQUENCE
08-01 11:35:06.600  6148  6148 V [wolfSSL]:  1:    2    0       INTEGER              Tag=0x30 (SEQUENCE)
08-01 11:35:06.600  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.600  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.600  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.600  6148  6148 V [wolfSSL]:  0:    0   24 +  SEQUENCE
08-01 11:35:06.600  6148  6148 V [wolfSSL]:  1:    2   22 +   SEQUENCE
08-01 11:35:06.600  6148  6148 V [wolfSSL]:  2:    4    9      OBJECT ID
08-01 11:35:06.600  6148  6148 V [wolfSSL]:  4:   15    0     BIT STRING             Tag=0x04 (OCTET STRING)
08-01 11:35:06.600  6148  6148 V [wolfSSL]: Expecting BIT STRING
08-01 11:35:06.600  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.600  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.600  6148  6148 V [wolfSSL]:  0:    0   24 +    SEQUENCE
08-01 11:35:06.601  6148  6148 V [wolfSSL]:  1:    2    0       INTEGER              Tag=0x30 (SEQUENCE)
08-01 11:35:06.601  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.601  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.601  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.601  6148  6148 V [wolfSSL]:  0:    0   24 +  SEQUENCE
08-01 11:35:06.601  6148  6148 V [wolfSSL]:  1:    2   22 +   SEQUENCE
08-01 11:35:06.601  6148  6148 V [wolfSSL]:  2:    4    9      OBJECT ID
08-01 11:35:06.602  6148  6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.602  6148  6148 V [wolfSSL]:  4: idx=16 len=0 end=26
08-01 11:35:06.602  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.602  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.602  6148  6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.602  6148  6148 V [wolfSSL]:  0: idx=1 len=0 end=23
08-01 11:35:06.602  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.602  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.602  6148  6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.602  6148  6148 V [wolfSSL]:  0: idx=1 len=0 end=23
08-01 11:35:06.602  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.602  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.602  6148  6148 V [wolfSSL]:  0:    0   15 +    SEQUENCE
08-01 11:35:06.602  6148  6148 V [wolfSSL]:  1:    2    0       INTEGER              Tag=0x30 (SEQUENCE)
08-01 11:35:06.602  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.602  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.603  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.603  6148  6148 V [wolfSSL]:  0:    0   15 +  SEQUENCE
08-01 11:35:06.603  6148  6148 V [wolfSSL]:  1:    2   13 +   SEQUENCE
08-01 11:35:06.603  6148  6148 V [wolfSSL]:  2:    4    0      OBJECT ID             Tag=0x05 (NULL)
08-01 11:35:06.603  6148  6148 V [wolfSSL]: Expecting OBJECT ID
08-01 11:35:06.603  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.603  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.603  6148  6148 V [wolfSSL]:  0:    0    6 +    SEQUENCE
08-01 11:35:06.603  6148  6148 V [wolfSSL]: GetLength - value exceeds buffer length
08-01 11:35:06.603  6148  6148 V [wolfSSL]:  1: idx=3 len=0 end=8
08-01 11:35:06.603  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.603  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.603  6148  6148 V [wolfSSL]:  0:    0    6 +  SEQUENCE
08-01 11:35:06.603  6148  6148 V [wolfSSL]:  1:    2    0 +   SEQUENCE               Tag=0x02 (INTEGER)
08-01 11:35:06.603  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.604  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.604  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  0:    0    6 +    SEQUENCE
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  1:    2    1       INTEGER
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  2:    5    0       INTEGER              Tag=0x04 (OCTET STRING)
08-01 11:35:06.604  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.604  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.604  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  0:    0    6 +  SEQUENCE
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  1:    2    0 +   SEQUENCE               Tag=0x02 (INTEGER)
08-01 11:35:06.604  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.604  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.604  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  0:    0    4 +    SEQUENCE
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  1:    2    1       INTEGER
08-01 11:35:06.604  6148  6148 V [wolfSSL]: GetLength - bad index on input
08-01 11:35:06.604  6148  6148 V [wolfSSL]:  2: idx=6 len=0 end=6
08-01 11:35:06.605  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.605  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  0:    0    4 +  SEQUENCE
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  1:    2    0 +   SEQUENCE               Tag=0x02 (INTEGER)
08-01 11:35:06.605  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.605  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.605  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  0:    0   23 +    SEQUENCE
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  1:    2    0       INTEGER              Tag=0x30 (SEQUENCE)
08-01 11:35:06.605  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.605  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.605  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  0:    0   23 +  SEQUENCE
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  1:    2   21 +   SEQUENCE
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  2:    4    9      OBJECT ID
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  4:   15    8     BIT STRING
08-01 11:35:06.605  6148  6148 V [wolfSSL]: BIT STRING unused bits too big: 48 > 7
08-01 11:35:06.605  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.605  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  0:    0    6 +    SEQUENCE
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  1:    2    1       INTEGER
08-01 11:35:06.605  6148  6148 V [wolfSSL]:  2:    5    1       INTEGER
08-01 11:35:06.605  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.606  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  0:    0   24 +    SEQUENCE
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  1:    2    0       INTEGER              Tag=0x30 (SEQUENCE)
08-01 11:35:06.606  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.606  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.606  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  0:    0   24 +  SEQUENCE
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  1:    2   22 +   SEQUENCE
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  2:    4    9      OBJECT ID
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  4:   15    9     BIT STRING
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  5:   18    6 +    SEQUENCE
08-01 11:35:06.606  6148  6148 V [wolfSSL]:  6:   20    1       INTEGER
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  7:   23    1       INTEGER
08-01 11:35:06.607  6148  6148 V [wolfSSL]: TEMPLATE: &rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ]
08-01 11:35:06.607  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  0:    0   26 +    SEQUENCE
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  1:    2    0       INTEGER              Tag=0x30 (SEQUENCE)
08-01 11:35:06.607  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.607  6148  6148 V [wolfSSL]: TEMPLATE: rsaPublicKeyASN
08-01 11:35:06.607  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  0:    0   26 +  SEQUENCE
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  1:    2   24 +   SEQUENCE
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  2:    4    9      OBJECT ID
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  3:   15    0      NULL
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  4:   17    9     BIT STRING
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  5:   20    6 +    SEQUENCE
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  6:   22    1       INTEGER
08-01 11:35:06.607  6148  6148 V [wolfSSL]:  7:   25    1       INTEGER
08-01 11:35:06.607  6148  6148 V [wolfSSL]: TEMPLATE: pkcs8KeyASN
08-01 11:35:06.607  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.608  6148  6148 V [wolfSSL]:  0:    0 2344 +  SEQUENCE
08-01 11:35:06.608  6148  6148 V [wolfSSL]:  1:    4    1     INTEGER
08-01 11:35:06.608  6148  6148 V [wolfSSL]:  2:    7    0 +   SEQUENCE               Tag=0x02 (INTEGER)
08-01 11:35:06.608  6148  6148 V [wolfSSL]: Bad tag
08-01 11:35:06.608  6148  6148 V [wolfSSL]: TEMPLATE: rsaKeyASN
08-01 11:35:06.608  6148  6148 V [wolfSSL]: wolfSSL Entering GetASN_Items
08-01 11:35:06.608  6148  6148 V [wolfSSL]:  0:    0 2344 +  SEQUENCE
08-01 11:35:06.608  6148  6148 V [wolfSSL]:  1:    4    1     INTEGER
08-01 11:35:06.608  6148  6148 V [wolfSSL]:  2:    7  513     INTEGER
08-01 11:35:06.608  6148  6148 V [wolfSSL]: Failed to read mp: -3
08-01 11:35:06.608  6148  6148 D [WOLFCRYPT]: RSA      test failed!
08-01 11:35:06.608  6148  6148 D [WOLFCRYPT]:  error = -7904
08-01 11:35:06.608  6148  6148 V [wolfSSL]: wolfSSL Entering wolfCrypt_Cleanup
08-01 11:35:06.608  6148  6148 D [WOLFCRYPT]: Exiting main with return code: -1

I'll try to get the output when this is run with our regular workload instead of the test later

SparkiDev commented 2 years ago

Hi @res0nance

It definitely looks like the conversion from binary of the numbers is failing. There isn't much that can fail in there! Make sure SP_INT_BITS is 4096 and SP_WORD_SIZE is 32.

Also, try with -O2 instead of -03 or even debug.

Thanks, Sean

res0nance commented 2 years ago

I added SP_INT_BITS=4096 and it now seems to be working. Looking around I found that on 64bit platforms this is automatically set which is probably why 64 bit doesn't have this issue.

With SP math did you enable 4096-bit support using WOLFSSL_SP_4096? If cross compiling this may not get set with --enable-sp unless you do --enable-sp=yes,4096 --enable-sp-math.

Probably this is exactly the reason why. Not sure if this should be classified a bug but this did break when updating from 5.3.0 to 5.4.0. I'm going to try ensuring all our builds have these flags set for --enable-sp

SparkiDev commented 2 years ago

Hi @res0nance,

Is there anything more for this issue? If not I'll come it.

Thanks, Sean

res0nance commented 2 years ago

Hi @res0nance,

Is there anything more for this issue? If not I'll come it.

Thanks, Sean

No I think its fine, Thanks for everything.