> On 24 Mar 2015, at 10:07, Leon Brits <le...@parsec.co.za> wrote:
>
> Hi all,
>
> I have a PC which acts like a USB smartcard on which I have OpenSSLv1.0.1e to
> simulate the smartcards crypto operations.
> I use it to sign/verify/encrypt/decrypt etc. and had no problem using Windows
> to login and sign/verify emails for instance. Recently I tried bitlocker and
> got the following error:
>
> Function call 'EVP_PKEY_decrypt()' failed! (error:0407106B:rsa
> routines:RSA_padding_check_PKCS1_type_2:block type is not 02).
>
> The part in brackets was returned by OpenSSL.
>
> Can anybody shed some light on what possibly I can be doing wrong with
> regards to the padding. I do implement PKCS1 and PSS. I’ve written our
> CSP/KSP for this PC and as I said it works fine with other Windows
> applications.
>
Not sure if this helps you - but I’ve seen the same issue with Windows SOAP
requests which where signed with help from the TPM chip; and in that case it
truly turned out that the padding was non standard (type 09).
HOWEVER - the error message has often misled me - as it is *also* triggered by
a the length being wrong (flen != num-1(for the type 02 prefix)). So garbled
length data can also trigger it (the note in the source that the flen is only
used in no-padding mode may be a bit confusing/misleading).
Dw.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
