Michael Brown
0c617b9132
Add support for the RSA-PSS signature scheme as defined in RFC 8017 and required for TLS version 1.3. Signature verification is deliberately implemented by first deriving the salt value and then reconstructing the entire expected signature. This is arguably inefficient since it involves two invocations of the mask generation function when only one is required. However, this implementation approach keeps the code size minimal (since there is no need to implement separate verification logic), and makes it provably impossible to accidentally omit a verification step (such as checking the leading zero bits or the fixed 0x01 or 0xbc bytes). Since signature verification is not a fast-path operation, the guaranteed correctness is more valuable than a marginally faster execution. Signed-off-by: Michael Brown <mcb30@ipxe.org>
iPXE network bootloader
iPXE is the leading open source network boot firmware. It provides a full PXE implementation enhanced with additional features such as:
-
boot from a web server via HTTP or HTTPS,
-
boot from an iSCSI, FCoE, or AoE SAN,
-
control the boot process with a script,
You can use iPXE to replace the existing PXE ROM on your network card, or you can chainload into iPXE to obtain the features of iPXE without the hassle of reflashing.
iPXE is free, open-source software licensed under the GNU GPL (with some portions under GPL-compatible licences).
You can download the rolling release binaries (built from the latest commit), or use the most recent stable release.
For full documentation, visit the iPXE website.