equal
deleted
inserted
replaced
1 # |
|
2 # This patch came from the upstream to use x9.31 keygen by default in |
|
3 # the FIPS mode. This will be available in the next release. |
|
4 # |
|
5 --- openssl-1.0.1p/crypto/rsa/rsa_gen.c.orig Tue Aug 11 10:47:51 2015 |
|
6 +++ openssl-1.0.1p/crypto/rsa/rsa_gen.c Tue Aug 11 10:56:07 2015 |
|
7 @@ -69,6 +69,8 @@ |
|
8 #include <openssl/rsa.h> |
|
9 #ifdef OPENSSL_FIPS |
|
10 # include <openssl/fips.h> |
|
11 +extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, |
|
12 + BN_GENCB *cb); |
|
13 #endif |
|
14 |
|
15 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, |
|
16 @@ -93,8 +95,9 @@ |
|
17 if (rsa->meth->rsa_keygen) |
|
18 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); |
|
19 #ifdef OPENSSL_FIPS |
|
20 - if (FIPS_mode()) |
|
21 - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); |
|
22 + if (FIPS_mode()) { |
|
23 + return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); |
|
24 + } |
|
25 #endif |
|
26 return rsa_builtin_keygen(rsa, bits, e_value, cb); |
|
27 } |
|