• Adam Langley's avatar
    crypto/x509: support PSS signatures. · e41b0e2b
    Adam Langley authored
    Although the term “RSA” is almost synonymous with PKCS#1 v1.5, that
    standard is quite flawed, cryptographically speaking. Bellare and
    Rogaway fixed PKCS#1 v1.5 with OAEP (for encryption) and PSS (for
    signatures) but they only see a fraction of the use of v1.5.
    
    This change adds support for creating and verifying X.509 certificates
    that use PSS signatures. Sadly, every possible dimension of flexibility
    seems to have been reflected in the integration of X.509 and PSS
    resulting in a huge amount of excess complexity. This change only
    supports one “sane” configuration for each of SHA-{256, 384, 512}.
    Hopefully this is sufficient because it saves a lot of complexity in the
    code.
    
    Although X.509 certificates with PSS signatures are rare, I'm inclined
    to look favourably on them because they are sufficiently superior.
    
    Fixes #15958.
    
    Change-Id: I7282e0b68ad0177209f8b2add473b94aa5224c07
    Reviewed-on: https://go-review.googlesource.com/24743
    Run-TryBot: Adam Langley <agl@golang.org>
    Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    e41b0e2b
Name
Last commit
Last update
..
aes Loading commit data...
cipher Loading commit data...
des Loading commit data...
dsa Loading commit data...
ecdsa Loading commit data...
elliptic Loading commit data...
hmac Loading commit data...
md5 Loading commit data...
rand Loading commit data...
rc4 Loading commit data...
rsa Loading commit data...
sha1 Loading commit data...
sha256 Loading commit data...
sha512 Loading commit data...
subtle Loading commit data...
tls Loading commit data...
x509 Loading commit data...
crypto.go Loading commit data...