On Fri, Nov 14, 2014 at 11:47:11AM -0600, Quentin Gouchet wrote: > @@ -139,6 +140,22 @@ int MAIN(int argc, char **argv) > f4=3; > else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) > f4=RSA_F4; > + else if (strcmp(*argv,"-choose") == 0) > + { > + if (--argc < 1) goto bad; > + exp = *(++argv); > + /* Not checking whether exp >= 2**16+1 since there is > + * no proof that small > + * public exponent is a threat. > + * Choosing e = 1 or e = 3 is thus possible > + */ > + if(!BN_hex2bn(&bn,exp)) goto err; > + if(!BN_is_odd(bn)) > + { > + BIO_printf(bio_err,"Public exponent e has to be > odd\n"); > + goto err; > + } > + } > #ifndef OPENSSL_NO_ENGINE > else if (strcmp(*argv,"-engine") == 0) > {
* The "-choose" option is too vague. Every option is a choice, Better would be "-public_exponent". * Small public exponets ARE a threat, and in particular "e=3" MUST be avoided. While "e=5" or "e="17" are somewhat less risky, I'd steer clear of these also. Fielded system with "e" set to something other than "3" or "65537" are rare. Are custom public exponents really a good idea? Seems like unnecessary flexibility for the user to mess up. I'd bolt it down at 65537 and remove all other options. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org