Make RSA modulus size restrictions configurable
This series changes how the library allows/approves RSA operations based on key sizes. Namely:
- any operation with key size shorter than 1024 bits is disallowed
- in FIPS140 mode, signature verification is approved for either key sizes longer than 2048 bits, or known key sizes between 1024 bits and 2048 bits (1024, 1280, 1536, and 1792 bits)
- in FIPS140 mode, signature and key generation are only approved for key sizes longer than 2048 bits
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Edited by Daiki Ueno