From 6278eb11977a392d3913a21e94b2722ae5d4a7ab Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Fri, 16 Mar 2012 10:30:19 +0000
Subject: [PATCH] Look for dodgy public exponent values.

---
 build/check_authorities.pl | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/build/check_authorities.pl b/build/check_authorities.pl
index e1c74032..83b62a0f 100755
--- a/build/check_authorities.pl
+++ b/build/check_authorities.pl
@@ -133,6 +133,21 @@
 				}
 			}
 			
+			#
+			# Look for reasonable public exponent values.
+			#
+			if (/Exponent: (\d+)/) {
+				$exponent = $1;
+				# print "   exponent: $exponent\n";
+				if (($exponent & 1) == 0) {
+					error("RSA public exponent $exponent is even");
+				} elsif ($exponent <= 3) {
+					error("insecure RSA public exponent $exponent");
+				} elsif ($exponent < 65537) {
+					warning("small RSA public exponent $exponent")
+				}
+			}
+			
 		}
 		close SSL;
 		#print "   text lines: $#lines\n";