15fad7109b
key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on
37 lines
1.0 KiB
Diff
37 lines
1.0 KiB
Diff
diff -up openssl-1.0.0c/apps/genrsa.c.x931 openssl-1.0.0c/apps/genrsa.c
|
|
--- openssl-1.0.0c/apps/genrsa.c.x931 2010-03-01 15:22:02.000000000 +0100
|
|
+++ openssl-1.0.0c/apps/genrsa.c 2011-02-01 18:32:05.000000000 +0100
|
|
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
|
|
int ret=1;
|
|
int i,num=DEFBITS;
|
|
long l;
|
|
+ int use_x931 = 0;
|
|
const EVP_CIPHER *enc=NULL;
|
|
unsigned long f4=RSA_F4;
|
|
char *outfile=NULL;
|
|
@@ -138,6 +139,8 @@ int MAIN(int argc, char **argv)
|
|
f4=3;
|
|
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
|
|
f4=RSA_F4;
|
|
+ else if (strcmp(*argv,"-x931") == 0)
|
|
+ use_x931 = 1;
|
|
#ifndef OPENSSL_NO_ENGINE
|
|
else if (strcmp(*argv,"-engine") == 0)
|
|
{
|
|
@@ -273,7 +276,14 @@ bad:
|
|
if (!rsa)
|
|
goto err;
|
|
|
|
- if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
|
|
+ if (use_x931)
|
|
+ {
|
|
+ if (!BN_set_word(bn, f4))
|
|
+ goto err;
|
|
+ if (!RSA_X931_generate_key_ex(rsa, num, bn, &cb))
|
|
+ goto err;
|
|
+ }
|
|
+ else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
|
|
goto err;
|
|
|
|
app_RAND_write_file(NULL, bio_err);
|