Mbed TLS is now part of TrustedFirmware.org.

Handshake error whencompiled with big endian mips compiler


Jan 8, 2016 10:12
biaohu.ge

There is an error return (error num: MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100)when call mbedtls_rsa_rsassa_pkcs1_v15_verify

but the little endian compiler work OK.

1, following is the error log: ssl_cli.c:2382: dumping 'signature' (128 bytes) ssl_cli.c:2382: 0000: 28 e4 8f c6 15 4d 76 a2 c3 ab fb ad ea f4 c4 e1 (....Mv......... ssl_cli.c:2382: 0010: ef 5d b8 0b 80 ef fc d4 66 e0 d3 88 00 b0 30 a6 .]......f.....0. ssl_cli.c:2382: 0020: 4a ca 73 b6 4a 62 49 32 c1 09 29 84 31 26 60 9c J.s.JbI2..).1&. ssl_cli.c:2382: 0030: ed b1 ce 4a f2 0c d8 a9 1c 5b 88 e1 51 ef 6b 92 ...J.....[..Q.k. ssl_cli.c:2382: 0040: 81 e2 f6 16 3d 40 1c 20 36 dd f3 30 fd ae 9f 79 ....=@. 6..0...y ssl_cli.c:2382: 0050: 09 2f 7a 97 b0 0c 36 68 9e b9 01 d9 23 56 9c 2a ./z...6h....#V.* ssl_cli.c:2382: 0060: a5 98 94 14 f4 de a2 5f 4b f2 e4 e0 ab 77 fd 28 ......._K....w.( ssl_cli.c:2382: 0070: 18 34 8b e6 2a 8d 29 20 a3 f5 ab dd dd e1 ec 60 .4..*.) ....... ssl_cli.c:2468: dumping 'parameters hash' (36 bytes) ssl_cli.c:2468: 0000: a1 c9 1d f4 08 e6 e5 a4 3f f6 b2 5e ce 99 c4 64 ........?..^...d ssl_cli.c:2468: 0010: 7f 1b aa ad c8 77 26 23 3c e5 d8 bd 85 be c6 29 .....w&#<......) ssl_cli.c:2468: 0020: 4c 78 9b f8 Lx.. ssl_cli.c:2488: mbedtls_pk_verify() returned -16640 (-0x4100)

2,I find that the error is caused by mbedtls_rsa_public( ctx, sig, buf ) and return error by following statement if( *p++ != 0 || *p++ != MBEDTLS_RSA_SIGN ) return( MBEDTLS_ERR_RSA_INVALID_PADDING );

3, and I printf the "buf",It do not have the right info. 20 39 fb f9 26 1a cd ac 37 ff 4d 46 d2 cc ec 74 76 6f 3c c7 c8 aa 99 19 1a c2 4e 09 ac 2c c8 e8 44 44 4f ff d9 19 ad ff 5d ef 17 da 4d 45 d0 4c 84 e3 5b 2e f6 fa 13 66 67 3c f6 4f 7a 4f c1 96 d1 aa 41 04 5a 04 3a 7a 72 e3 bc a3 4e fe ee e0 80 60 9e a7 f9 5c f9 32 3b fa e7 74 20 d6 d9 7d f8 bb 4d 40 2d b1 c5 cc 66 bc b0 dc 3e 41 07 e8 28 ba 2d bb 54 d4 a2 60 32 b2 fe 03 51 29 81 ee

4, when I comment the following assambly code and it can work fine.

if 0 && defined(mips) && !defined(__mips64)

define MULADDC_INIT \

asm(                                \
    "lw     $10, %3         \n\t"   \
    "lw     $11, %4         \n\t"   \
    "lw     $12, %5         \n\t"   \
    "lw     $13, %6         \n\t"

define MULADDC_CORE \

    "lw     $14, 0($10)     \n\t"   \
    "multu  $13, $14        \n\t"   \
    "addi   $10, $10, 4     \n\t"   \
    "mflo   $14             \n\t"   \
    "mfhi   $9              \n\t"   \
    "addu   $14, $12, $14   \n\t"   \
    "lw     $15, 0($11)     \n\t"   \
    "sltu   $12, $14, $12   \n\t"   \
    "addu   $15, $14, $15   \n\t"   \
    "sltu   $14, $15, $14   \n\t"   \
    "addu   $12, $12, $9    \n\t"   \
    "sw     $15, 0($11)     \n\t"   \
    "addu   $12, $12, $14   \n\t"   \
    "addi   $11, $11, 4     \n\t"

define MULADDC_STOP \

    "sw     $12, %0         \n\t"   \
    "sw     $11, %1         \n\t"   \
    "sw     $10, %2         \n\t"   \
    : "=m" (c), "=m" (d), "=m" (s)                      \
    : "m" (s), "m" (d), "m" (c), "m" (b)                \
    : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
);

endif /* MIPS */

 
Sep 15, 2017 07:55
Hanno Becker

Hi biaohu.ge,

sorry for the very late response. This issue has been reported several times but unfortunately remains elusive. See the corresponding Github issue.

Could you check whether disabling compiler optimization solves the issue for you?

Could you provide more information about the system and the toolchain and compilation flags you are using?

Kind regards,

Mbed TLS team member,

Hanno