From 16d271755f6bcb70d6cf66d47d3306a099df5842 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 30 Aug 2016 16:15:45 +0200 Subject: [PATCH] Allow 1B longer input in PKCS1 padding OpenSSL documentation states that for PKCS1 padding the length of encrypted input must be less than RSA_size(rsa) - 11. In fact the code itself allows less or equal input length. Also this is what PKCS #1 standard says. Change-Id: Iab7c7e4b3c3c3c64854f9c9ec67f18f2d7c0b01c --- api/yaca/yaca_seal.h | 2 +- api/yaca/yaca_types.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h index ac7da5c..910d6aa 100755 --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -53,7 +53,7 @@ extern "C" { * * @remarks The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB * - * @remarks The @a sym_key_bit_len must be at least 96 bits shorter than the @a pub_key bit length + * @remarks The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length * * @remarks The @a sym_key should be released using yaca_key_destroy() * diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index 91e3d84..3afb1ca 100755 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -649,7 +649,7 @@ typedef enum { /** * PKCS #1 v1.5 padding. Suitable for RSA sign/verify and low-level RSA operations. - * For low-level operations the input must be at least 12 bytes shorter than the key length. + * For low-level operations the input must be at least 11 bytes shorter than the key length. */ YACA_PADDING_PKCS1, @@ -672,7 +672,7 @@ typedef enum { * turns out that both parties are using #YACA_PADDING_PKCS1_SSL23 (both are communicating * using SSL2 and both are SSL3 capable) it is treated as a rollback attack and an error is * returned. Suitable for low-level RSA public_encrypt/private_decrypt operations. For - * low-level operations the input must be at least 12 bytes shorter than the key length. + * low-level operations the input must be at least 11 bytes shorter than the key length. */ YACA_PADDING_PKCS1_SSLV23, -- 2.7.4