On Fri, Nov 14, 2014 at 11:47:11AM -0600, Quentin Gouchet wrote:
> @@ -139,6 +140,22 @@ int MAIN(int argc, char **argv)
> f4=3;
> else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
> f4=RSA_F4;
> + else if (strcmp(*argv,"-choose") == 0)
> + {
> + if (--argc < 1) goto bad;
> + exp = *(++argv);
> + /* Not checking whether exp >= 2**16+1 since there is
> + * no proof that small
> + * public exponent is a threat.
> + * Choosing e = 1 or e = 3 is thus possible
> + */
> + if(!BN_hex2bn(&bn,exp)) goto err;
> + if(!BN_is_odd(bn))
> + {
> + BIO_printf(bio_err,"Public exponent e has to be
> odd\n");
> + goto err;
> + }
> + }
> #ifndef OPENSSL_NO_ENGINE
> else if (strcmp(*argv,"-engine") == 0)
> {
* The "-choose" option is too vague. Every option is a choice,
Better would be "-public_exponent".
* Small public exponets ARE a threat, and in particular "e=3"
MUST be avoided. While "e=5" or "e="17" are somewhat less
risky, I'd steer clear of these also.
Fielded system with "e" set to something other than "3" or "65537"
are rare. Are custom public exponents really a good idea? Seems
like unnecessary flexibility for the user to mess up. I'd bolt it
down at 65537 and remove all other options.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
