Issue with smartcard authentication for openvpn

Antonio Iacono antiac at
Wed Apr 10 15:39:35 UTC 2019

> padding = 3 means "no padding" indicating that the data for signature is already padded. That's why the data size (flen) is 256 (hashed data padded to the rsa key size of 2048 bits, I guess). If you are using OpenSSL 1.1.1, this could be due to PSS padding in which case current implementation passes pre-padded data for raw signature to the callback. AFAIK, pkcs11-helper only handles PKCS1 padding (CKM_RSA_PKCS) though pkcs11 standard does support raw signatures.

if (padding != RSA_PKCS1_PADDING) {
goto cleanup;

More information about the openssl-users mailing list