Add debug for android crash

padelsbach · padelsbach · commit 8b9532cfbc8a · 2026-01-22T10:18:19.000-08:00
diff --git a/.github/workflows/stable-wolfssl-releases.yml b/.github/workflows/stable-wolfssl-releases.yml
@@ -31,7 +31,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        wolfssl_version: crl-generation
+        # Test against CRL generation PR
+        # TODO: Switch back to wolfssl/wolfssl after merge
+        wolfssl_version: [ 'crl-generation' ]
         jdk_version: [ '21' ]
         wolfssl_configure: [ '--enable-jni', '--enable-jni --enable-all' ]
     name: wolfSSL ${{ matrix.wolfssl_version }} (JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }})
diff --git a/native/com_wolfssl_WolfSSLCRL.c b/native/com_wolfssl_WolfSSLCRL.c
@@ -362,13 +362,19 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1sign
         return WOLFSSL_FAILURE;
     }
 
-    keyBuf = (byte*)(*jenv)->GetByteArrayElements(jenv, keyBytes, NULL);
+    jboolean isCopy = JNI_FALSE;
+    keyBuf = (byte*)(*jenv)->GetByteArrayElements(jenv, keyBytes, &isCopy);
     if ((*jenv)->ExceptionOccurred(jenv)) {
         (*jenv)->ExceptionClear(jenv);
         return WOLFSSL_FAILURE;
     }
     keySz = (*jenv)->GetArrayLength(jenv, keyBytes);
 
+    /* Debug: Log buffer information */
+    fprintf(stderr, "[CRL_sign] DEBUG: keyBuf=%p, keySz=%d, keyBytes=%p, isCopy=%s\n",
+            (void*)keyBuf, keySz, (void*)keyBytes, 
+            (isCopy == JNI_TRUE) ? "TRUE (copy)" : "FALSE (direct pointer)");
+
     if (keyBuf == NULL || keySz == 0) {
         ret = WOLFSSL_FAILURE;
     }
@@ -399,6 +405,8 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1sign
         derBuf = keyBuf;
         derSz = keySz;
         ret = WOLFSSL_SUCCESS;
+        fprintf(stderr, "[CRL_sign] DEBUG: DER format - derBuf=%p (same as keyBuf=%p), derSz=%d\n",
+                (void*)derBuf, (void*)keyBuf, derSz);
     }
     else {
         /* get needed buffer size */
@@ -433,39 +441,74 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1sign
     if (ret == WOLFSSL_SUCCESS) {
         /* Use temp pointer since d2i_PrivateKey() modifies the buffer */
         rsaPrivBuf = derBuf;
+        
+        /* Debug: Save first few bytes to check if buffer is modified */
+        byte debugFirstBytes[4] = {0};
+        if (derSz >= 4) {
+            XMEMCPY(debugFirstBytes, derBuf, 4);
+        }
+        
+        fprintf(stderr, "[CRL_sign] DEBUG: Before d2i_PrivateKey - rsaPrivBuf=%p, derBuf=%p, keyBuf=%p, "
+                "first bytes: %02x %02x %02x %02x\n",
+                (void*)rsaPrivBuf, (void*)derBuf, (void*)keyBuf,
+                debugFirstBytes[0], debugFirstBytes[1], debugFirstBytes[2], debugFirstBytes[3]);
 
         priv = wolfSSL_d2i_PrivateKey((int)keyType, NULL,
                 (const unsigned char**)&rsaPrivBuf, derSz);
+        
+        /* Debug: Check if buffer contents changed */
+        byte debugAfterBytes[4] = {0};
+        if (derSz >= 4 && derBuf != NULL) {
+            XMEMCPY(debugAfterBytes, derBuf, 4);
+        }
+        
+        fprintf(stderr, "[CRL_sign] DEBUG: After d2i_PrivateKey - rsaPrivBuf=%p (modified), derBuf=%p, keyBuf=%p, priv=%p, "
+                "first bytes after: %02x %02x %02x %02x\n",
+                (void*)rsaPrivBuf, (void*)derBuf, (void*)keyBuf, (void*)priv,
+                debugAfterBytes[0], debugAfterBytes[1], debugAfterBytes[2], debugAfterBytes[3]);
+        
         if (priv == NULL) {
+            fprintf(stderr, "[CRL_sign] DEBUG: d2i_PrivateKey returned NULL\n");
             ret = WOLFSSL_FAILURE;
         }
     }
 
     /* sign WOLFSSL_X509_CRL with WOLFSSL_EVP_PKEY, returns size of signature
      * on success or negative on error */
     if (ret == WOLFSSL_SUCCESS) {
+        fprintf(stderr, "[CRL_sign] DEBUG: Calling wolfSSL_X509_CRL_sign - crl=%p, priv=%p, md=%p\n",
+                (void*)crl, (void*)priv, (void*)md);
         ret = wolfSSL_X509_CRL_sign(crl, priv, md);
+        fprintf(stderr, "[CRL_sign] DEBUG: wolfSSL_X509_CRL_sign returned %d\n", ret);
         if (ret >= 0) {
             ret = WOLFSSL_SUCCESS;
         }
     }
 
+    fprintf(stderr, "[CRL_sign] DEBUG: Cleanup - ret=%d, priv=%p, derBuf=%p, keyBuf=%p\n",
+            ret, (void*)priv, (void*)derBuf, (void*)keyBuf);
+    
     if (priv != NULL) {
         wolfSSL_EVP_PKEY_free(priv);
     }
     if (derBuf != NULL && derBuf != keyBuf) {
+        fprintf(stderr, "[CRL_sign] DEBUG: Freeing derBuf (allocated)\n");
         XMEMSET(derBuf, 0, derSz);
         XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         derBuf = NULL;
+    } else {
+        fprintf(stderr, "[CRL_sign] DEBUG: Not freeing derBuf (points to keyBuf)\n");
     }
     if (mdName != NULL) {
         (*jenv)->ReleaseStringUTFChars(jenv, digestAlg, mdName);
     }
     if (keyBuf != NULL) {
+        fprintf(stderr, "[CRL_sign] DEBUG: Releasing keyBuf\n");
         (*jenv)->ReleaseByteArrayElements(jenv, keyBytes, (jbyte*)keyBuf,
             JNI_ABORT);
     }
 
+    fprintf(stderr, "[CRL_sign] DEBUG: Returning %d\n", ret);
     return ret;
 #else
     (void)jenv;
