Skip to content

Fallback to Go crypto when RSA key size is not supported #2041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
qmuntal merged 2 commits into from
Jan 13, 2026
Merged

Fallback to Go crypto when RSA key size is not supported #2041

qmuntal merged 2 commits into from
Jan 13, 2026

Conversation

@qmuntal
Copy link
Member

@qmuntal qmuntal commented Jan 13, 2026
edited
Loading

Go RSA implementation only restricts the minimum RSA key size to 1024 bits (and that can be bypassed by setting (GODEBUG=rsa1024min=0). It doesn't limit its maximum value and allow sizes not divisible by 8.

All out backends have a much stricter RSA key size policy. Take them into account when checking if we have to fallback to Go.

This fixes several compatibility issues with a new FIPS provider being developed in AZL3 and allows to unskip some additional tests.

@qmuntal qmuntal requested a review from gdams January 13, 2026 09:21
@qmuntal qmuntal requested a review from a team as a code owner January 13, 2026 09:21
@qmuntal qmuntal enabled auto-merge January 13, 2026 10:27
@qmuntal qmuntal merged commit 134aa30 into microsoft/main Jan 13, 2026
38 checks passed
@qmuntal qmuntal deleted the dev/qmuntal/rsaminlength branch January 13, 2026 11:27
dagood
dagood reviewed Jan 15, 2026
View reviewed changes
eng/doc/CrossPlatformCryptography.md

- [crypto/rsa](https://pkg.go.dev/crypto/rsa)

[rsa.GenerateKey](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096.
Copy link
Member

@dagood dagood Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this just a mistake in the doc? Or is this something that was fixed, and is still true for some supported versions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dagood dagood dagood left review comments

@gdams gdams gdams approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@qmuntal @dagood @gdams