pk: add flags to force RSA-PSS salt length to match digest length

This adds a couple of flags to RSA-PSS signing and verification, to enforce that the salt length matches the digest length. That is not only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS 1.3 context. Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2021-08-02 18:32:28 +0200
committer: Daiki Ueno <ueno@gnu.org> 2021-08-07 08:51:52 +0200
commit: 3cdbb84fab1dfbe157804eb72e279265eaaa2cb7 (patch)
tree: 8c4bfe6d66f8401bd78e59dcdfc87915925f1bb2 /NEWS
parent: c4f1d5308f3c14f5a82dd1debf5dc0806f361399 (diff)
download: gnutls-3cdbb84fab1dfbe157804eb72e279265eaaa2cb7.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b13c97b35a..0fcd043aa3 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
 Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
 See the end for copying conditions.
 
+* Version 3.7.3 (unreleased)
+
+** API and ABI modifications:
+GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t
+GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags
+
 * Version 3.7.2 (released 2021-05-29)
 
 ** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
author	Daiki Ueno <ueno@gnu.org>	2021-08-02 18:32:28 +0200
committer	Daiki Ueno <ueno@gnu.org>	2021-08-07 08:51:52 +0200
commit	3cdbb84fab1dfbe157804eb72e279265eaaa2cb7 (patch)
tree	8c4bfe6d66f8401bd78e59dcdfc87915925f1bb2 /NEWS
parent	c4f1d5308f3c14f5a82dd1debf5dc0806f361399 (diff)
download	gnutls-3cdbb84fab1dfbe157804eb72e279265eaaa2cb7.tar.gz