From a7dc821d6447f9bdfb54e2fad2ab76f6d40873ca Mon Sep 17 00:00:00 2001
From: Nigel Tao <nigeltao@golang.org>
Date: Thu, 22 Sep 2016 10:58:43 +1000
Subject: [PATCH] crypto/rsa: clarify comment on maximum message length.

See https://groups.google.com/d/topic/golang-nuts/stbum5gZbAc/discussion

Change-Id: I2e78e8d0dadd78c8b0389514cad3c45d061b663b
Reviewed-on: https://go-review.googlesource.com/29496
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 src/crypto/rsa/rsa.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
index 94862597dc..f809a9b9bc 100644
--- a/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@@ -362,8 +362,8 @@ func encrypt(c *big.Int, pub *PublicKey, m *big.Int) *big.Int {
 // values could be used to ensure that a ciphertext for one purpose cannot be
 // used for another by an attacker. If not required it can be empty.
 //
-// The message must be no longer than the length of the public modulus less
-// twice the hash length plus 2.
+// The message must be no longer than the length of the public modulus minus
+// twice the hash length, minus a further 2.
 func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) {
 	if err := checkPub(pub); err != nil {
 		return nil, err
-- 
2.48.1