crypto/rsa: allow keys larger than 16384 bits in FIPS mode

Nothing in the standard enforces an upper limit, and we can try
documenting an open range in the Security Policy. Worst case, this is
easy to revert.

For #69536

Change-Id: Id3082e73556fdcd6d2e6c2054c512516e9156c5c
Reviewed-on: https://go-review.googlesource.com/c/go/+/632536
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>

diff --git a/src/crypto/internal/fips140/rsa/keygen.go b/src/crypto/internal/fips140/rsa/keygen.go
index df96c1e525ab03fda247d593805d0654d4a7d26f..62e0063d60c7441d71aef24f42c82b2e91ce9457 100644 (file)
--- a/src/crypto/internal/fips140/rsa/keygen.go
+++ b/src/crypto/internal/fips140/rsa/keygen.go
@@ -22,7 +22,7 @@ func GenerateKey(rand io.Reader, bits int) (*PrivateKey, error) {
                return nil, errors.New("rsa: key too small")
        }
        fips140.RecordApproved()
-       if bits < 2048 || bits > 16384 || bits%2 == 1 {
+       if bits < 2048 || bits%2 == 1 {
                fips140.RecordNonApproved()
        }
 

diff --git a/src/crypto/internal/fips140/rsa/rsa.go b/src/crypto/internal/fips140/rsa/rsa.go
index 957c26688561e01106a922def805524aaa4d812f..a65a31eb43eacd3b160b2e6bd44e396c7d8b0faf 100644 (file)
--- a/src/crypto/internal/fips140/rsa/rsa.go
+++ b/src/crypto/internal/fips140/rsa/rsa.go
@@ -320,7 +320,7 @@ func checkPublicKey(pub *PublicKey) (fipsApproved bool, err error) {
        // FIPS 186-5, Section 5.1: "This standard specifies the use of a modulus
        // whose bit length is an even integer and greater than or equal to 2048
        // bits."
-       if pub.N.BitLen() < 2048 || pub.N.BitLen() > 16384 {
+       if pub.N.BitLen() < 2048 {
                fipsApproved = false
        }
        if pub.N.BitLen()%2 == 1 {

diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go
index 0960ef90f2f54dd85fda39226965ee020a7d763c..bc23d597098f0c3f08ae54ffd1d1ea0a95b71052 100644 (file)
--- a/src/crypto/rsa/fips.go
+++ b/src/crypto/rsa/fips.go
@@ -381,9 +381,6 @@ func checkFIPS140OnlyPublicKey(pub *PublicKey) error {
        if pub.N.BitLen() < 2048 {
                return errors.New("crypto/rsa: use of keys smaller than 2048 bits is not allowed in FIPS 140-only mode")
        }
-       if pub.N.BitLen() > 16384 {
-               return errors.New("crypto/rsa: use of keys larger than 16384 bits is not allowed in FIPS 140-only mode")
-       }
        if pub.N.BitLen()%2 == 1 {
                return errors.New("crypto/rsa: use of keys with odd size is not allowed in FIPS 140-only mode")
        }

diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
index 89b70adb761e0fc62e31b8b8f8b2853253d9040e..0f58f2226f848e53c42b33d20086fea2f48e361f 100644 (file)
--- a/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@@ -319,9 +319,6 @@ func GenerateKey(random io.Reader, bits int) (*PrivateKey, error) {
        if fips140only.Enabled && bits < 2048 {
                return nil, errors.New("crypto/rsa: use of keys smaller than 2048 bits is not allowed in FIPS 140-only mode")
        }
-       if fips140only.Enabled && bits > 16384 {
-               return nil, errors.New("crypto/rsa: use of keys larger than 16384 bits is not allowed in FIPS 140-only mode")
-       }
        if fips140only.Enabled && bits%2 == 1 {
                return nil, errors.New("crypto/rsa: use of keys with odd size is not allowed in FIPS 140-only mode")
        }