diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-08-02 18:32:28 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-08-07 08:51:52 +0200 |
commit | 3cdbb84fab1dfbe157804eb72e279265eaaa2cb7 (patch) | |
tree | 8c4bfe6d66f8401bd78e59dcdfc87915925f1bb2 /NEWS | |
parent | c4f1d5308f3c14f5a82dd1debf5dc0806f361399 (diff) | |
download | gnutls-3cdbb84fab1dfbe157804eb72e279265eaaa2cb7.tar.gz |
pk: add flags to force RSA-PSS salt length to match digest length
This adds a couple of flags to RSA-PSS signing and verification, to
enforce that the salt length matches the digest length. That is not
only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS
1.3 context.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -5,6 +5,12 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2019 Nikos Mavrogiannopoulos See the end for copying conditions. +* Version 3.7.3 (unreleased) + +** API and ABI modifications: +GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t +GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags + * Version 3.7.2 (released 2021-05-29) ** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added |