diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 595bfb54d4c71f2a9545009091df97b9e1bc5f91_Q0hBTkdFTE9HLnJzdA==..3434b61fcb5b3a27faea8827d555ae43099866e0_Q0hBTkdFTE9HLnJzdA== 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -16,6 +16,10 @@
been removed (2.9.1+ is still supported).
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.9, macOS users must
upgrade to 10.10 or newer.
+* **BACKWARDS INCOMPATIBLE:** RSA
+ :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
+ no longer accepts ``public_exponent`` values except 65537 and 3 (the latter
+ for legacy purposes).
* Deprecated support for Python 2. At the time there is no time table for
actually dropping support, however we strongly encourage all users to upgrade
their Python, as Python 2 no longer receives support from the Python core
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 595bfb54d4c71f2a9545009091df97b9e1bc5f91_ZG9jcy9oYXptYXQvcHJpbWl0aXZlcy9hc3ltbWV0cmljL3JzYS5yc3Q=..3434b61fcb5b3a27faea8827d555ae43099866e0_ZG9jcy9oYXptYXQvcHJpbWl0aXZlcy9hc3ltbWV0cmljL3JzYS5yc3Q= 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -18,6 +18,10 @@
.. versionadded:: 0.5
+ .. versionchanged:: 3.0
+
+ Tightened restrictions on ``public_exponent``.
+
Generates a new RSA private key using the provided ``backend``.
``key_size`` describes how many :term:`bits` long the key should be. Larger
keys provide more security; currently ``1024`` and below are considered
@@ -37,8 +41,8 @@
... )
:param int public_exponent: The public exponent of the new key.
- Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in
- doubt you should `use 65537`_.
+ Either 65537 or 3 (for legacy purposes). Almost everyone should
+ `use 65537`_.
:param int key_size: The length of the modulus in :term:`bits`. For keys
generated in 2015 it is strongly recommended to be
diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
index 595bfb54d4c71f2a9545009091df97b9e1bc5f91_c3JjL2NyeXB0b2dyYXBoeS9oYXptYXQvcHJpbWl0aXZlcy9hc3ltbWV0cmljL3JzYS5weQ==..3434b61fcb5b3a27faea8827d555ae43099866e0_c3JjL2NyeXB0b2dyYXBoeS9oYXptYXQvcHJpbWl0aXZlcy9hc3ltbWV0cmljL3JzYS5weQ== 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -120,11 +120,11 @@
def _verify_rsa_parameters(public_exponent, key_size):
- if public_exponent < 3:
- raise ValueError("public_exponent must be >= 3.")
-
- if public_exponent & 1 == 0:
- raise ValueError("public_exponent must be odd.")
+ if public_exponent not in (3, 65537):
+ raise ValueError(
+ "public_exponent must be either 3 (for legacy compatibility) or "
+ "65537. Almost everyone should choose 65537 here!"
+ )
if key_size < 512:
raise ValueError("key_size must be at least 512-bits.")
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 595bfb54d4c71f2a9545009091df97b9e1bc5f91_dGVzdHMvaGF6bWF0L3ByaW1pdGl2ZXMvdGVzdF9yc2EucHk=..3434b61fcb5b3a27faea8827d555ae43099866e0_dGVzdHMvaGF6bWF0L3ByaW1pdGl2ZXMvdGVzdF9yc2EucHk= 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -147,7 +147,7 @@
@pytest.mark.parametrize(
("public_exponent", "key_size"),
itertools.product(
- (3, 5, 65537),
+ (3, 65537),
(1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048)
)
)
@@ -170,6 +170,11 @@
key_size=2048,
backend=backend)
+ with pytest.raises(ValueError):
+ rsa.generate_private_key(public_exponent=65535,
+ key_size=2048,
+ backend=backend)
+
def test_cant_generate_insecure_tiny_key(self, backend):
with pytest.raises(ValueError):
rsa.generate_private_key(public_exponent=65537,