21615321 FIPS validated RSA keygen should be called by default when FIPS mode is enabled
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/042-default_fips_keygen.patch Thu Aug 13 09:08:19 2015 -0700
@@ -0,0 +1,27 @@
+#
+# This patch came from the upstream to use x9.31 keygen by default in
+# the FIPS mode. This will be available in the next release.
+#
+--- openssl-1.0.1p/crypto/rsa/rsa_gen.c.orig Tue Aug 11 10:47:51 2015
++++ openssl-1.0.1p/crypto/rsa/rsa_gen.c Tue Aug 11 10:56:07 2015
+@@ -69,6 +69,8 @@
+ #include <openssl/rsa.h>
+ #ifdef OPENSSL_FIPS
+ # include <openssl/fips.h>
++extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
++ BN_GENCB *cb);
+ #endif
+
+ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+@@ -93,8 +95,9 @@
+ if (rsa->meth->rsa_keygen)
+ return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+ #ifdef OPENSSL_FIPS
+- if (FIPS_mode())
+- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
++ if (FIPS_mode()) {
++ return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
++ }
+ #endif
+ return rsa_builtin_keygen(rsa, bits, e_value, cb);
+ }