samuel-lee-msft
commented
1 year ago - Previously was wrong when RSA keys had a modulus size in bits which is 1 modulo 8. In this case using SCOSSL to sign/verify signatures with RSA_PSS_SALTLEN_MAX would fail with invalid argument error in SymCrypt
- Problem is with calculating length of EM as per RFC 3447 section 8.1.1 (step 1) - "Note that the octet length of EM will be one less than k if modBits - 1 is divisible by 8 and equal to k otherwise."
- Amend SslPlay testcases to test this corner case