[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated
       via  5030cc69ffd6137d3d3f2b221c3313042940c1fd (commit)
      from  721cbae7e63deb865f7cd8ac01ab5d0e99c2f69e (commit)


- Log -----------------------------------------------------------------
commit 5030cc69ffd6137d3d3f2b221c3313042940c1fd
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jul 29 16:16:02 2015 +0100

    use X9.31 keygen by default in FIPS mode
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_gen.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 2465fbd..7f7dca3 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -69,6 +69,8 @@
 #include <openssl/rsa.h>
 #ifdef OPENSSL_FIPS
 # include <openssl/fips.h>
+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+                                         BN_GENCB *cb);
 #endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
@@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
 #ifdef OPENSSL_FIPS
     if (FIPS_mode())
-        return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+        return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
 #endif
     return rsa_builtin_keygen(rsa, bits, e_value, cb);
 }