From 0e89dafbab55281dcfaa6240d6ae9b87b2c5f103 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Tue, 15 Jun 2021 16:08:29 +0100
Subject: [PATCH] Add ChangeLog entry

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 ChangeLog.d/psa-rsa-verify-alt-fix.txt | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 ChangeLog.d/psa-rsa-verify-alt-fix.txt

diff --git a/ChangeLog.d/psa-rsa-verify-alt-fix.txt b/ChangeLog.d/psa-rsa-verify-alt-fix.txt
new file mode 100644
index 000000000..74804caf7
--- /dev/null
+++ b/ChangeLog.d/psa-rsa-verify-alt-fix.txt
@@ -0,0 +1,7 @@
+Bugfix
+   * psa_verify_hash() was relying on implementation-specific behavior of
+     mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT
+     implementations. This reliance is now removed. Fixes #3990.
+   * Disallow inputs of length different from the corresponding hash when
+     signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
+     that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.)