Hi Kai Ji, Debugged it using openssl source code used in these distros and the failure found due to below Implicit rejection added in PKCS padding.
https://github.com/openssl/openssl/pull/13817/commits/3b99dcb1a6df6853581d3035c6d9a23a831716bb As part of the above fix, rsa_ossl_private_decrypt() would additionally need private exponent rsa->d, assuming that d is already part of RSA session, to derive kdk used in implicit rejection. We did not have it in CRT test vectors today. I'll send patch to fix these. Thanks, Gowrishankar > > Hi Kai Ji, > > > > Hi Gowrishankar, > > > > Thanks for reach out, I don't have those environments setup on my end, > > but Ubuntu 20.04 and RHEL8 are old but still common LTS packages. > > Are you able to dump the actual msg buffer ? > > > > RSA_private_decrypt fails and return code is -1. Output buffer is untouched. > > I dumped error code of it: > error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for > modulus > > When I used same openssl library that I compiled, no error is seen. Also, > public > decrypt function is called, but it should be private decrypt to be called. > > JFYI end of life for full support already over for the above distros. Not > sure if > the Openssl 1.1.1 in them need some fix for above. > > Thanks, > Gowrishankar >
