src · e41b0e2bcb2667425b7eb223baa2b9945466651b · go / golang

crypto/x509: support PSS signatures. · e41b0e2b

Adam Langley authored Jul 05, 2016

Although the term “RSA” is almost synonymous with PKCS#1 v1.5, that
standard is quite flawed, cryptographically speaking. Bellare and
Rogaway fixed PKCS#1 v1.5 with OAEP (for encryption) and PSS (for
signatures) but they only see a fraction of the use of v1.5.

This change adds support for creating and verifying X.509 certificates
that use PSS signatures. Sadly, every possible dimension of flexibility
seems to have been reflected in the integration of X.509 and PSS
resulting in a huge amount of excess complexity. This change only
supports one “sane” configuration for each of SHA-{256, 384, 512}.
Hopefully this is sufficient because it saves a lot of complexity in the
code.

Although X.509 certificates with PSS signatures are rare, I'm inclined
to look favourably on them because they are sufficiently superior.

Fixes #15958.

Change-Id: I7282e0b68ad0177209f8b2add473b94aa5224c07
Reviewed-on: https://go-review.googlesource.com/24743
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

e41b0e2b

Name	Last commit	Last update
..
archive		Loading commit data...
bufio		Loading commit data...
builtin		Loading commit data...
bytes		Loading commit data...
cmd		Loading commit data...
compress		Loading commit data...
container		Loading commit data...
context		Loading commit data...
crypto		Loading commit data...
database/sql		Loading commit data...
debug		Loading commit data...
encoding		Loading commit data...
errors		Loading commit data...
expvar		Loading commit data...
flag		Loading commit data...
fmt		Loading commit data...
go		Loading commit data...
hash		Loading commit data...
html		Loading commit data...
image		Loading commit data...
index/suffixarray		Loading commit data...
internal		Loading commit data...
io		Loading commit data...
log		Loading commit data...
math		Loading commit data...
mime		Loading commit data...
net		Loading commit data...
os		Loading commit data...
path		Loading commit data...
reflect		Loading commit data...
regexp		Loading commit data...
runtime		Loading commit data...
sort		Loading commit data...
strconv		Loading commit data...
strings		Loading commit data...
sync		Loading commit data...
syscall		Loading commit data...
testing		Loading commit data...
text		Loading commit data...
time		Loading commit data...
unicode		Loading commit data...
unsafe		Loading commit data...
vendor/golang_org/x/net		Loading commit data...
Make.dist		Loading commit data...
all.bash		Loading commit data...
all.bat		Loading commit data...
all.rc		Loading commit data...
androidtest.bash		Loading commit data...
bootstrap.bash		Loading commit data...
buildall.bash		Loading commit data...
clean.bash		Loading commit data...
clean.bat		Loading commit data...
clean.rc		Loading commit data...
cmp.bash		Loading commit data...
iostest.bash		Loading commit data...
make.bash		Loading commit data...
make.bat		Loading commit data...
make.rc		Loading commit data...
naclmake.bash		Loading commit data...
nacltest.bash		Loading commit data...
race.bash		Loading commit data...
race.bat		Loading commit data...
run.bash		Loading commit data...
run.bat		Loading commit data...
run.rc		Loading commit data...