Merge "Use minimum 20 bytes salt for RSA PSS." into mnc-dev
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 96fc8b2..13ff796 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp
@@ -1374,7 +1374,7 @@
                     key_bits = digest_bits + 8 * (11 + 19);
                     break;
                 case KM_PAD_RSA_PSS:
-                    key_bits = digest_bits + 8 * 10;
+                    key_bits = digest_bits + 22 * 8;
                     break;
                 default:
                     FAIL() << "Missing padding";
diff --git a/rsa_operation.cpp b/rsa_operation.cpp
index d9217fd..20ef45f 100644
--- a/rsa_operation.cpp
+++ b/rsa_operation.cpp
@@ -31,7 +31,7 @@
 namespace keymaster {
 
 const size_t kPssOverhead = 2;
-const size_t kMinPssSaltSize = 8;
+const size_t kMinPssSaltSize = 20;
 
 // Overhead for PKCS#1 v1.5 signature padding of undigested messages.  Digested messages have
 // additional overhead, for the digest algorithmIdentifier required by PKCS#1.