use X9.31 keygen by default in FIPS mode

Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-07-29 16:16:02 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-07-30 14:34:45 +0100
commit: d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7 (patch)
tree: 5aca23794b7b55d1055dc42f1788f4d4a1546fd2 /crypto/rsa
parent: 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 2465fbdebf..7f7dca39fd 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -69,6 +69,8 @@
 #include <openssl/rsa.h>
 #ifdef OPENSSL_FIPS
 # include <openssl/fips.h>
+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+                                         BN_GENCB *cb);
 #endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
@@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
 #ifdef OPENSSL_FIPS
     if (FIPS_mode())
-        return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+        return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
 #endif
     return rsa_builtin_keygen(rsa, bits, e_value, cb);
 }
author	Dr. Stephen Henson <steve@openssl.org>	2015-07-29 16:16:02 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-07-30 14:34:45 +0100
commit	d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7 (patch)
tree	5aca23794b7b55d1055dc42f1788f4d4a1546fd2 /crypto/rsa
parent	9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f (diff)