Add OID for RSASSA-PSS X.509 signature algorithm (RFC 4055) (#4294) In 2005, IETF devised a more secure padding scheme to replace PKCS #1 v1.5. To make sure that nobody can easily support or use it, they mandated lots of complicated parameters in the certificate, unlike any other X.509 signature scheme. https://tools.ietf.org/html/rfc4055 `_SIG_OIDS_TO_HASH` and `Certificate.signature_hash_algorithm` cannot be supported as-is, because the hash algorithm is defined in the signature algorithm parameters, not by the OID itself.

commit: 3367806cd464fac96abd1b8416700ad174e8b64d [log] [tgz]
author: Marti Raudsepp <marti@juffo.org> Sat Jun 30 02:27:28 2018 +0300
committer: Paul Kehrer <paul.l.kehrer@gmail.com> Fri Jun 29 16:27:28 2018 -0700
tree: 914a214ce9072c46db1f911926a8785fc60530ff
parent: 682014558f3521a942cdce3932837659ce24df34 [diff] [blame]
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 7a41e1f..3fc6507 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst

@@ -2569,6 +2569,15 @@
         Corresponds to the dotted string ``"1.2.840.113549.1.1.13"``. This is
         a SHA512 digest signed by an RSA key.
 
+    .. attribute:: RSASSA_PSS
+
+        .. versionadded:: 2.3
+
+        Corresponds to the dotted string ``"1.2.840.113549.1.1.10"``. This is
+        signed by an RSA key using the Probabilistic Signature Scheme (PSS)
+        padding from RFC 4055. The hash function and padding are defined by
+        signature algorithm parameters.
+
     .. attribute:: ECDSA_WITH_SHA1
 
         Corresponds to the dotted string ``"1.2.840.10045.4.1"``. This is a SHA1
commit	3367806cd464fac96abd1b8416700ad174e8b64d	[log] [tgz]
author	Marti Raudsepp <marti@juffo.org>	Sat Jun 30 02:27:28 2018 +0300
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	Fri Jun 29 16:27:28 2018 -0700
tree	914a214ce9072c46db1f911926a8785fc60530ff
parent	682014558f3521a942cdce3932837659ce24df34 [diff] [blame]