Hi, I am looking at mbedtls test suite for rsa https://github.com/ARMmbed/mbedtls/blob/development/tests/suites/test_suite_rsa.data

In mbedtls/library/rsa.c, function mbedtls_rsa_gen_key(), it is said that

## This generation method follows the RSA key pair generation procedure of

FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.

However, for the first test of RSA Generate Key, an exponent of 3 (less than 2^16) is given, and the expected result is still 0 ( success)

The expected result is MBEDTLS_ERR_RSA_BAD_INPUT_DATA? Or should the suite test with minimum of 65537 for a success result? Or am I misunderstand something?

Thanks for reading,

P.s. In the code, despite saying the comment before the function that 2^16<exponent<2^256, the function only make sure that exponent >= 3

**UPDATE**: Sorry if my question was unclear. The code comment said that it follow the keypair generation procedure of FIPS 186-4 * IF* 2^16 < public exponent < 2^256. But why not strictly enforcing the FIPS required range (return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if exponent < 65537 ), instead you only check if public exponent is not smaller than 3 ?