Allow 1B longer input in PKCS1 padding

OpenSSL documentation states that for PKCS1 padding the length of encrypted
input must be less than RSA_size(rsa) - 11. In fact the code itself allows less
or equal input length. Also this is what PKCS #1 standard says.

Change-Id: Iab7c7e4b3c3c3c64854f9c9ec67f18f2d7c0b01c

diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h
index ac7da5c..910d6aa 100755 (executable)
--- a/api/yaca/yaca_seal.h
+++ b/api/yaca/yaca_seal.h
@@ -53,7 +53,7 @@ extern "C" {
  *
  * @remarks  The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB
  *
- * @remarks  The @a sym_key_bit_len must be at least 96 bits shorter than the @a pub_key bit length
+ * @remarks  The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length
  *
  * @remarks  The @a sym_key should be released using yaca_key_destroy()
  *

diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h
index 91e3d84..3afb1ca 100755 (executable)
--- a/api/yaca/yaca_types.h
+++ b/api/yaca/yaca_types.h
@@ -649,7 +649,7 @@ typedef enum {
 
        /**
         * PKCS #1 v1.5 padding. Suitable for RSA sign/verify and low-level RSA operations.
-        * For low-level operations the input must be at least 12 bytes shorter than the key length.
+        * For low-level operations the input must be at least 11 bytes shorter than the key length.
         */
        YACA_PADDING_PKCS1,
 
@@ -672,7 +672,7 @@ typedef enum {
         * turns out that both parties are using #YACA_PADDING_PKCS1_SSL23 (both are communicating
         * using SSL2 and both are SSL3 capable) it is treated as a rollback attack and an error is
         * returned. Suitable for low-level RSA public_encrypt/private_decrypt operations. For
-        * low-level operations the input must be at least 12 bytes shorter than the key length.
+        * low-level operations the input must be at least 11 bytes shorter than the key length.
         */
        YACA_PADDING_PKCS1_SSLV23,