fips: allow more RSA modulus sizes

Review changes
Download
Patches
Plain diff

Daiki Ueno requested to merge dueno/gnutls:wip/dueno/fips-rsa-key-size into master Jul 21, 2021

Overview 3
Commits 1
Pipelines 3
Changes 1

Previously, we restricted RSA modulus size to be either 2048 or 3072 bits in FIPS mode, following FIPS 186-4. On the other hand, FIPS 140-2 IG A.14 and FIPS 140-3 IG C.F updates it to allow arbitrary modulus sizes equal to or larger than 2048 bits under certain conditions.

This change reflects the guidance, though it only allows known sizes due to the complexity of calculating the approximate security strength using the formula in FIPS 140-2 IG 7.5.

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
Code modified for feature
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated / NEWS entry present (for non-trivial changes)
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Aug 05, 2021 by Daiki Ueno

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking