From 528fd7ef08166d29eb3853e96a8985a6d5acf296 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 29 Jul 2015 16:16:02 +0100 Subject: use X9.31 keygen by default in FIPS mode Reviewed-by: Matt Caswell --- crypto/rsa/rsa_gen.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 2465fbd..7f7dca3 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -69,6 +69,8 @@ #include #ifdef OPENSSL_FIPS # include +extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, @@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); #ifdef OPENSSL_FIPS if (FIPS_mode()) - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); + return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); #endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } -- 1.7.12.1