Mbed forum

RSA - Input data contains invalid padding and is rejected

(Kjeld Flarup) #1

I have been using open62541 which uses Mbed TLS for some time now, but after having used my target for something else the last two days, I suddenly gets this message when connecting.

`[2018-11-27 14:28:51.957 (UTC+0000)] warn/securitypolicy	mbedTLS returned an error: RSA - Input data contains invalid padding and is rejected`

When I compile for my ubuntu it works, but the ARM target fails. It is an internal platform, but the same executable can run on a Raspberry Pi, and get the same error.
Whenever I google for “Input data contains invalid padding and is rejected” I only gets hits on the Mbed TLS source code.

Anybody have seen this error too, and what is this “invalid padding”

I have tried to debug, and ended up in mbedtls_rsa_rsaes_oaep_decrypt where it looks like this fails
bad |= *p++; /* First byte must be 0 */ Thus the data being transferred is totally garbage.

(Ron Eldor) #2

Hi @Flarup
Thank you for your question!
The error you receiving is the Mbed TLS error MBEDTLS_ERR_RSA_INVALID_PADDING.

Note that p points to buf which is the output buffer of the private operation.
This could mean that you either set wrong padding scheme to your function( The data was encrypted with MBEDTLS_RSA_PKCS_V15 , while you are decrypting with MBEDTLS_RSA_PKCS_V21 )
Another possible reason is that the private key that you are using for decryption the data is not the key pair of the public key that was used for encryption.

This could also be some data corruption, that corrupts your input buffer.

Mbed TLS Team member

(Kjeld Flarup) #3

Thanks Ron.

It was indeed the certificate which had gotten mixed up.

Regards Kjeld