From a6e0291c5118231926959db9a14c2830e45c8e21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 21 Dec 2022 09:59:33 +0100
Subject: Update documentation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 8 +++-----
 include/mbedtls/pk.h   | 4 +++-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 194d96f..fc5317a 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -95,8 +95,6 @@ Other than the above exceptions, all crypto operations are based on PSA when
 
 Current exceptions:
 
-- Verification of RSA-PSS signatures with a salt length that is different from
-  the hash length.
 - Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see
   the documentation of that option).
 
@@ -107,11 +105,11 @@ Other than the above exception, all crypto operations are based on PSA when
 
 Current exceptions:
 
-- Verification of RSA-PSS signatures with a salt length that is different from
-  the hash length, or with an MGF hash that's different from the message hash.
+- Verification of RSA-PSS signatures with an MGF hash that's different from
+  the message hash.
 - Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see
   the documentation of that option).
 
-Other than the above exception, all crypto operations are based on PSA when
+Other than the above exceptions, all crypto operations are based on PSA when
 `MBEDTLS_USE_PSA_CRYPTO` is enabled.
 
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index db0bfac..386ec42 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -496,7 +496,9 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
  *
  * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
  *                  to a mbedtls_pk_rsassa_pss_options structure,
- *                  otherwise it must be NULL.
+ *                  otherwise it must be NULL. Note that if
+ *                  #MBEDTLS_USE_PSA_CRYPTO is defined, the salt length is not
+ *                  verified as PSA_ALG_RSA_PSS_ANY_SALT is used.
  */
 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
                    mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-- 
cgit v1.1