On Fri, Nov 14, 2014 at 11:47:11AM -0600, Quentin Gouchet wrote:
> @@ -139,6 +140,22 @@ int MAIN(int argc, char **argv)
>                       f4=3;
>               else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
>                       f4=RSA_F4;
> +             else if (strcmp(*argv,"-choose") == 0)
> +                     {
> +                     if (--argc < 1) goto bad;
> +                     exp = *(++argv);
> +                     /* Not checking whether exp >= 2**16+1 since there is
> +                      * no proof that small
> +                      *  public exponent is a threat.
> +                      *  Choosing e = 1 or e = 3 is thus possible
> +                      */
> +                     if(!BN_hex2bn(&bn,exp)) goto err;
> +                     if(!BN_is_odd(bn))
> +                             {
> +                             BIO_printf(bio_err,"Public exponent e has to be 
> odd\n");
> +                             goto err;
> +                             }
> +                     }
>  #ifndef OPENSSL_NO_ENGINE
>               else if (strcmp(*argv,"-engine") == 0)
>                       {

  * The "-choose" option is too vague.  Every option is a choice,
    Better would be "-public_exponent".

  * Small public exponets ARE a threat, and in particular "e=3"
    MUST be avoided.  While "e=5" or "e="17" are somewhat less
    risky, I'd steer clear of these also.

Fielded system with "e" set to something other than "3" or "65537"
are rare.  Are custom public exponents really a good idea?  Seems
like unnecessary flexibility for the user to mess up.  I'd bolt it
down at 65537 and remove all other options.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to