-
Adam Langley authored
Although the term “RSA” is almost synonymous with PKCS#1 v1.5, that standard is quite flawed, cryptographically speaking. Bellare and Rogaway fixed PKCS#1 v1.5 with OAEP (for encryption) and PSS (for signatures) but they only see a fraction of the use of v1.5. This change adds support for creating and verifying X.509 certificates that use PSS signatures. Sadly, every possible dimension of flexibility seems to have been reflected in the integration of X.509 and PSS resulting in a huge amount of excess complexity. This change only supports one “sane” configuration for each of SHA-{256, 384, 512}. Hopefully this is sufficient because it saves a lot of complexity in the code. Although X.509 certificates with PSS signatures are rare, I'm inclined to look favourably on them because they are sufficiently superior. Fixes #15958. Change-Id: I7282e0b68ad0177209f8b2add473b94aa5224c07 Reviewed-on: https://go-review.googlesource.com/24743 Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by:Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
e41b0e2b
