The user can call RSA key generation and specify the public
exponent exp in a hexadecimal format.
Example: openssl genrsa -choose 72bdf -out key.pem 4096
Signed-off-by: Quentin <quentin.gouc...@gmail.com> <quentin.gouc...@gmail.com>
---
apps/genrsa.c | 47 +++++++++++++++++++++++++++++++++++++++--------
crypto/objects/obj_xref.h | 2 +-
2 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 6b835c0..fd4bb63 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -98,6 +98,7 @@ int MAIN(int argc, char **argv)
long l;
const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
+ char *exp = NULL;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE
@@ -139,6 +140,22 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+ else if (strcmp(*argv,"-choose") == 0)
+ {
+ if (--argc < 1) goto bad;
+ exp = *(++argv);
+ /* Not checking whether exp >= 2**16+1 since there is
+ * no proof that small
+ * public exponent is a threat.
+ * Choosing e = 1 or e = 3 is thus possible
+ */
+ if(!BN_hex2bn(&bn,exp)) goto err;
+ if(!BN_is_odd(bn))
+ {
+ BIO_printf(bio_err,"Public exponent e has to be
odd\n");
+ goto err;
+ }
+ }
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@@ -218,6 +235,7 @@ bad:
BIO_printf(bio_err," -passout arg output file pass phrase
source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E
value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
+ BIO_printf(bio_err," -choose exp use exp hexadecimal string
as
public exponent\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a
hardware device.\n");
#endif
@@ -273,29 +291,42 @@ bad:
#else
rsa = RSA_new_method(e);
#endif
+
if (!rsa)
goto err;
if (non_fips_allow)
rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW;
- if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
+ if (exp != NULL)
+ {
+ if (!RSA_generate_key_ex(rsa, num, bn, &cb))
+ goto err;
+ }
+ else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
-
+
app_RAND_write_file(NULL, bio_err);
/* We need to do the following for when the base number size is <
* long, esp windows 3.1 . */
- l=0L;
- for (i=0; i<rsa->e->top; i++)
+ if (exp == NULL || strlen(exp) <= 16)
{
+ l=0L;
+ for (i=0; i<rsa->e->top; i++)
+ {
#ifndef SIXTY_FOUR_BIT
- l<<=BN_BITS4;
- l<<=BN_BITS4;
+ l<<=BN_BITS4;
+ l<<=BN_BITS4;
#endif
- l+=rsa->e->d[i];
+ l+=rsa->e->d[i];
+ }
+ BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
+ }
+ else if (exp != NULL)
+ {
+ BIO_printf(bio_err,"e is 0x%s\n",exp);
}
- BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index cfd628a..2b3dc6d 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -54,8 +54,8 @@ static const nid_triple sigoid_srt[] =
static const nid_triple * const sigoid_srt_xref[] =
{
&sigoid_srt[29],
- &sigoid_srt[17],
&sigoid_srt[18],
+ &sigoid_srt[17],
&sigoid_srt[0],
&sigoid_srt[1],
&sigoid_srt[7],
--
2.1.0
