From: Filippo Valsorda <filippo@golang.org>
Date: Sat, 30 Nov 2024 16:52:40 +0000 (+0100)
Subject: crypto/rsa: allow keys larger than 16384 bits in FIPS mode
X-Git-Tag: go1.24rc1~47
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=17b00789d355918c826e4e4cd445a3f807be6604;p=gostls13.git

crypto/rsa: allow keys larger than 16384 bits in FIPS mode

Nothing in the standard enforces an upper limit, and we can try
documenting an open range in the Security Policy. Worst case, this is
easy to revert.

For #69536

Change-Id: Id3082e73556fdcd6d2e6c2054c512516e9156c5c
Reviewed-on: https://go-review.googlesource.com/c/go/+/632536
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
---

diff --git a/src/crypto/internal/fips140/rsa/keygen.go b/src/crypto/internal/fips140/rsa/keygen.go
index df96c1e525..62e0063d60 100644
--- a/src/crypto/internal/fips140/rsa/keygen.go
+++ b/src/crypto/internal/fips140/rsa/keygen.go
@@ -22,7 +22,7 @@ func GenerateKey(rand io.Reader, bits int) (*PrivateKey, error) {
 		return nil, errors.New("rsa: key too small")
 	}
 	fips140.RecordApproved()
-	if bits < 2048 || bits > 16384 || bits%2 == 1 {
+	if bits < 2048 || bits%2 == 1 {
 		fips140.RecordNonApproved()
 	}
 
diff --git a/src/crypto/internal/fips140/rsa/rsa.go b/src/crypto/internal/fips140/rsa/rsa.go
index 957c266885..a65a31eb43 100644
--- a/src/crypto/internal/fips140/rsa/rsa.go
+++ b/src/crypto/internal/fips140/rsa/rsa.go
@@ -320,7 +320,7 @@ func checkPublicKey(pub *PublicKey) (fipsApproved bool, err error) {
 	// FIPS 186-5, Section 5.1: "This standard specifies the use of a modulus
 	// whose bit length is an even integer and greater than or equal to 2048
 	// bits."
-	if pub.N.BitLen() < 2048 || pub.N.BitLen() > 16384 {
+	if pub.N.BitLen() < 2048 {
 		fipsApproved = false
 	}
 	if pub.N.BitLen()%2 == 1 {
diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go
index 0960ef90f2..bc23d59709 100644
--- a/src/crypto/rsa/fips.go
+++ b/src/crypto/rsa/fips.go
@@ -381,9 +381,6 @@ func checkFIPS140OnlyPublicKey(pub *PublicKey) error {
 	if pub.N.BitLen() < 2048 {
 		return errors.New("crypto/rsa: use of keys smaller than 2048 bits is not allowed in FIPS 140-only mode")
 	}
-	if pub.N.BitLen() > 16384 {
-		return errors.New("crypto/rsa: use of keys larger than 16384 bits is not allowed in FIPS 140-only mode")
-	}
 	if pub.N.BitLen()%2 == 1 {
 		return errors.New("crypto/rsa: use of keys with odd size is not allowed in FIPS 140-only mode")
 	}
diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
index 89b70adb76..0f58f2226f 100644
--- a/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@@ -319,9 +319,6 @@ func GenerateKey(random io.Reader, bits int) (*PrivateKey, error) {
 	if fips140only.Enabled && bits < 2048 {
 		return nil, errors.New("crypto/rsa: use of keys smaller than 2048 bits is not allowed in FIPS 140-only mode")
 	}
-	if fips140only.Enabled && bits > 16384 {
-		return nil, errors.New("crypto/rsa: use of keys larger than 16384 bits is not allowed in FIPS 140-only mode")
-	}
 	if fips140only.Enabled && bits%2 == 1 {
 		return nil, errors.New("crypto/rsa: use of keys with odd size is not allowed in FIPS 140-only mode")
 	}