1 files changed, 25 insertions, 2 deletions

diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index 63be873b7b..7dbd0923b6 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -88,6 +88,9 @@ int MAIN(int argc, char **argv)
         RSA *rsa=NULL;
         int i,num=DEFBITS;
         long l;
+#ifdef OPENSSL_FIPS
+        int use_x931 = 0;
+#endif
         const EVP_CIPHER *enc=NULL;
         unsigned long f4=RSA_F4;
         char *outfile=NULL;
@@ -126,6 +129,10 @@ int MAIN(int argc, char **argv)
                         f4=3;
                 else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
                         f4=RSA_F4;
+#ifdef OPENSSL_FIPS
+                else if (strcmp(*argv,"-x931") == 0)
+                        use_x931 = 1;
+#endif
 #ifndef OPENSSL_NO_ENGINE
                 else if (strcmp(*argv,"-engine") == 0)
                         {
@@ -233,11 +240,27 @@ bad:
 
         BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
                 num);
-        rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
+#ifdef OPENSSL_FIPS
+        if (use_x931)
+                {
+                BIGNUM *pubexp;
+                pubexp = BN_new();
+                BN_set_word(pubexp, f4);
+                rsa = RSA_X931_generate_key(num, pubexp, genrsa_cb, bio_err);
+                BN_free(pubexp);
+                }
+        else
+#endif
+                rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
                 
         app_RAND_write_file(NULL, bio_err);
 
-        if (rsa == NULL) goto err;
+        if (rsa == NULL)
+                {
+                BIO_printf(bio_err, "Key Generation error\n");
+
+                goto err;
+                }
         
         /* We need to do the following for when the base number size is <
          * long, esp windows 3.1 :-(. */