algorithms: assign hash strength to ML-DSA signature algorithms

The _gnutls_sign_get_hash_strength function previously returned 0 for
ML-DSA algorithms, preventing the security level check in certificate
signatures. This assigns the collision strength for commitment hashes,
as defined in FIPS 204, section 4, table 1.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index d5cdc5e6b4106c897c3da1dc57d0140586ebdc17..b4d2b5684b303173e8e39e3129c362f2b6e0e64e 100644 (file)
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -407,6 +407,7 @@ static SYSTEM_CONFIG_OR_CONST gnutls_sign_entry_st sign_algorithms[] = {
          .id = GNUTLS_SIGN_MLDSA44,
          .pk = GNUTLS_PK_MLDSA44,
          .hash = GNUTLS_DIG_SHAKE_256,
+         .hash_output_size = 128,
          .aid = { { 9, 4 }, SIG_SEM_TLS13 },
          .flags = GNUTLS_SIGN_FLAG_TLS13_OK },
        { .name = "ML-DSA-65",
@@ -414,6 +415,7 @@ static SYSTEM_CONFIG_OR_CONST gnutls_sign_entry_st sign_algorithms[] = {
          .id = GNUTLS_SIGN_MLDSA65,
          .pk = GNUTLS_PK_MLDSA65,
          .hash = GNUTLS_DIG_SHAKE_256,
+         .hash_output_size = 192,
          .aid = { { 9, 5 }, SIG_SEM_TLS13 },
          .flags = GNUTLS_SIGN_FLAG_TLS13_OK },
        { .name = "ML-DSA-87",
@@ -421,6 +423,7 @@ static SYSTEM_CONFIG_OR_CONST gnutls_sign_entry_st sign_algorithms[] = {
          .id = GNUTLS_SIGN_MLDSA87,
          .pk = GNUTLS_PK_MLDSA87,
          .hash = GNUTLS_DIG_SHAKE_256,
+         .hash_output_size = 256,
          .aid = { { 9, 6 }, SIG_SEM_TLS13 },
          .flags = GNUTLS_SIGN_FLAG_TLS13_OK },
        { .name = 0,