diff -uNr a/eucrypt/smg_keccak/smg_oaep.adb b/eucrypt/smg_keccak/smg_oaep.adb
--- a/eucrypt/smg_keccak/smg_oaep.adb 399c9451d688077b5f5701c05032a4f39b0cf3fae9cb841123f23680c0c2d2dce5ba5e1f7322b9158642380d1f9ef948a44f7a425de699965d8706323883cff7
+++ b/eucrypt/smg_keccak/smg_oaep.adb 6f76c1a956f79131d310ec0ac023f10febd27376c54d01332ee47b623904816f6469e483b575b86a8f0b568ee224e9812a8ff3d665d891512d2c8bfa3124bac4
@@ -83,7 +83,7 @@
   -- 5. Result is X || Y 
   -- NB: the Entropy parameter should be random octets from which this method 
   -- will use as many as required for the OAEP encryption of given Msg
-  -- NB: at MOST OAEP_LENGTH_OCTETS - 11 octets of Msg! (Msg at most 1960 bits)
+  -- NB: at MOST MAX_LEN_MSG octets of Msg! (Msg at most 1960 bits)
   procedure OAEP_Encrypt( Msg     : in String;
                           Entropy : in OAEP_Block;
                           Output  : out OAEP_Block) is
@@ -94,19 +94,16 @@
     HashX  : OAEP_HALF;
     Y      : OAEP_HALF;
     MsgLen : Natural;
-    MaxLen : Natural;
     PadLen : Natural;
-    TMSR   : constant String := "TMSR-RSA";
   begin
     -- calculate maximum length of msg and needed amount of padding
-    -- make sure also that only MaxLen octets at most are used from Msg
-    MaxLen := OAEP_HALF_OCTETS - TMSR'Length - 3;  -- maximum msg that fits
+    -- make sure also that only MAX_LEN_MSG octets at most are used from Msg
     MsgLen := Msg'Length;                          -- real msg length
-    if MsgLen > MaxLen then
-      MsgLen := MaxLen;  --only first MaxLen octets will be considered
-      PadLen := 0;       --no padding needed
+    if MsgLen > MAX_LEN_MSG then
+      MsgLen := MAX_LEN_MSG;  --only first MAX_LEN_MSG octets are considered
+      PadLen := 0;            --no padding needed
     else
-      PadLen := MaxLen - MsgLen; -- msg is potentially too short, add padding
+      PadLen := MAX_LEN_MSG - MsgLen; -- msg may be too short, add padding
     end if;
 
     -- step 1: header and format to obtain M00
@@ -155,7 +152,6 @@
                           Success : out Boolean ) is
     X, Y, M, R   : OAEP_HALF;
     HashX, HashR : OAEP_HALF;
-    MaxLen       : constant Natural := OAEP_LENGTH_OCTETS - 11;
     LenOctets    : Natural;
   begin
     -- step 1: separate X and Y
@@ -175,7 +171,7 @@
            Character'Pos( M( M'First + 2 ) );
     LenOctets := Len / 8; 
 
-    if LenOctets > MaxLen or LenOctets < 0 then
+    if LenOctets > MAX_LEN_MSG or LenOctets < 0 then
       Success := False;  -- error, failed to retrieve message
     else
       Success := True;
diff -uNr a/eucrypt/smg_keccak/smg_oaep.ads b/eucrypt/smg_keccak/smg_oaep.ads
--- a/eucrypt/smg_keccak/smg_oaep.ads ed6fc57f63def71e7c286f1e9115264412611ad19e925cb0ede29c3bda6cd40f6f63cce6cdc9ecc2c7f55e555292d7eba058fbcf4c9a49af24cab43b8345f253
+++ b/eucrypt/smg_keccak/smg_oaep.ads 64e606c3f54ee3585735c6b2050a7c2262af782632635616eb363a9dd6a48e4c43afead5370da655644b4194e2f974d936af97f4425c568ec382e23d747d40f3
@@ -13,6 +13,8 @@
   OAEP_LENGTH_BITS   : constant := 4096;
   OAEP_LENGTH_OCTETS : constant := 512;
   OAEP_HALF_OCTETS   : constant := OAEP_LENGTH_OCTETS / 2;
+  TMSR               : constant String := "TMSR-RSA";
+  MAX_LEN_MSG        : constant := OAEP_HALF_OCTETS - TMSR'Length - 3;
 
   -- subtypes used by the OAEP encrypt/decrypt
   subtype OAEP_Block is String( 1 .. OAEP_LENGTH_OCTETS );
@@ -29,7 +31,7 @@
   -- 5. Result is X || Y 
   -- NB: the Entropy parameter should be random octets from which this method 
   -- will use as many as required for the OAEP encryption of given Msg
-  -- NB: at MOST OAEP_LENGTH_OCTETS - 11 octets of Msg! (Msg at most 1960 bits)
+  -- NB: at MOST MAX_LEN_MSG octets of Msg! (Msg at most 1960 bits)
   procedure OAEP_Encrypt( Msg     : in String;
                           Entropy : in OAEP_Block;
                           Output  : out OAEP_Block);
diff -uNr a/eucrypt/smg_keccak/tests/smg_keccak-test.adb b/eucrypt/smg_keccak/tests/smg_keccak-test.adb
--- a/eucrypt/smg_keccak/tests/smg_keccak-test.adb b9dd611c05352bc2dcd237ee59409cbbabf02068d8639cbde73b6f273ea1480bb9c40cab85f83fd7d56ce6cd59bbbe42f171ce90bd1aaad265109b745fabb808
+++ b/eucrypt/smg_keccak/tests/smg_keccak-test.adb d32b0ad7d28c2641a7172dd10f409670eb9d6a925a755faaaeed545123abf45db6b30bad662c88b1428a656876154c2c5091fccf82b4924f1863b9a6b9ad2537
@@ -354,7 +354,6 @@
   begin
     Put_Line("----Testing hash keccak on string " & S & "----");
     HashKeccak(S, O);
-    Put_Line("OUTPUT: " & O);
     ToBitstream( O, B );
     if B /= Exp then
       Put_Line("FAILED: testing hash keccak on string");
@@ -387,7 +386,6 @@
     XOR_Strings( S1, S2, Result);
     Put_Line("S1 is " & S1);
     Put_Line("S2 is " & S2);
-    Put_Line("S1 xor S2 is " & Result);
     Put_Line("Result is: ");
     for C of Result loop
       Put( Natural'Image( Character'Pos( C ) ) );
@@ -403,11 +401,14 @@
 
   procedure test_oaep is
     Msg     : String := "abcdefghij jihgfedcba123456789";
+    LongMsg : String( 1..1000 ) := ( others => 'T' );
     Encr    : OAEP_Block := ( others => ' ' );
     Decr    : OAEP_HALF  := ( others => ' ' );
     Entropy : OAEP_Block := ( others => 'e' );
     Len     : Natural;
     Flag    : Boolean;
+    C       : Character;
+    MaxLen  : constant := 245;
   begin
     Put_Line("----Testing OAEP Encrypt----");
     OAEP_Encrypt( Msg, Entropy, Encr );
@@ -415,21 +416,54 @@
     Put_Line("----Testing OAEP Decrypt----");
     OAEP_Decrypt( Encr, Len, Decr, Flag );
 
-    Put_Line("Msg is: "  & Msg);
-    Put_Line("Encr is: " & Encr);
-    Put_Line("Decr is: " & Decr);
-    Put_Line("Flag is: " & Boolean'Image( Flag ) );
-    Put_Line("Len is: "  & Natural'Image( Len ) );
-
     if Flag = False or 
        Len /= Msg'Length * 8 or 
        Decr( Decr'First .. Decr'First + Msg'Length - 1 ) /= Msg
        then
       Put_Line("FAILED: oaep test");
+      Put_Line("Msg is: "  & Msg);
+      Put_Line("Decr is: " & Decr);
+      Put_Line("Flag is: " & Boolean'Image( Flag ) );
+      Put_Line("Len is: "  & Natural'Image( Len ) );
     else
       Put_Line("PASSED: oaep test");
     end if;
 
+    -- test decrypt on invalid (non-OAEP) string
+    Flag := True;
+    C := Encr( Encr'First );
+    Encr( Encr'First ) := Character'Val( Character'Pos( C ) / 2 );
+    Decr := ( others => ' ' );
+    OAEP_Decrypt( Encr, Len, Decr, Flag );
+
+    if Flag = True then
+      Put_Line("FAILED: oaep test with invalid package");
+    else
+      Put_Line("PASSED: oaep test with invalid package");
+    end if; 
+
+    -- test encrypt on message longer than maximum payload (1096 bits)
+    Flag := False;
+    Len := 0;
+    LongMsg( 1..Msg'Length ) := Msg;
+    Encr := ( others => '.' );
+    OAEP_Encrypt( LongMsg, Entropy, Encr);
+    OAEP_Decrypt( Encr, Len, Decr, Flag);
+
+    if Flag = False or 
+       Len /= MaxLen * 8 or
+       Decr( Decr'First .. Decr'First + Len / 8 - 1 ) /= 
+             LongMsg( LongMsg'First..LongMsg'First + MaxLen - 1 ) 
+       then
+      Put_Line("FAILED: oaep test with too long message");
+      Put_Line("Msg is: "  & LongMsg);
+      Put_Line("Decr is: " & Decr);
+      Put_Line("Flag is: " & Boolean'Image( Flag ) );
+      Put_Line("Len is: "  & Natural'Image( Len ) );
+    else
+      Put_Line("PASSED: oaep test with too long message");
+    end if;
+
   end test_oaep;
 
   -- end of helper methods