Go version

go1.21.5

Output of go env in your module/workspace:

N/A

What did you do?

When GOEXPERIMENT=boringcrypto is set and fips is enforced using:

import _ "crypto/tls/fipsonly"

The standard library relies on boringAllowCert when verifying the validity of certificates:
https://github.com/golang/go/blob/master/src/crypto/x509/boring.go#L19-L39

As a result, certificates with RSA keys starting from 5K up to 16K (this range is specific to my use case) fail.

Given the fact that Go was recently updated to use the 20220614 BoringCrypto module based on a pending FIPS 140-3 validation:

• https://go-review.googlesource.com/c/go/+/549695
• https://go-review.googlesource.com/c/go/+/549975

FIPS 140-3 IG section C.F [1] allows FIPS validations to make use of sizes other than 2048, 3072, and 4096, and the current restriction in the above-linked boringAllowCert function dates from earlier FIPS certificates that predate this new guidance and required only specific sizes.

Does the pending FIPS validation allow other (larger) RSA key sizes, and if so, will Go be adjusting the restriction to permit those larger sizes?

[1] https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

What did you see happen?

tls: failed to verify certificate: x509: certificate specifies an incompatible key usage

What did you expect to see?

A somewhat naive expectation is to see relaxation in size checks given the current FIPS 140-3 guidance and pending validation.