I noted that when generating a RSA public key pair using a non-standard
public exponent (particularly, 65538, or 0x01, 0x00,0x02), the
RSA_generate_key never returns, and the program keeps using 100% CPU
until I kill it.
My question is: Is this behavior expected? If some non-standard publ.
exponent is problematic, shouldn't we abort with error before attempting
to use it?
Or, to put it in another way, should the caller validate the public
exponent before issuing RSA_generate_key(), to avoid a potential DoS?
Thanks,
-Klaus
--
Klaus Heinrich Kiwi | kla...@br.ibm.com | http://blog.klauskiwi.com
Open Source Security blog : http://www.ratliff.net/blog
IBM Linux Technology Center : http://www.ibm.com/linux/ltc
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
