commit 467d3220f86c2fd26107783f1e3762ba5ecad9da
author Steven Valdez <svaldez@google.com> Tue May 16 14:35:22 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed May 17 16:30:48 2017 +0000
tree a4638dd21dfa8ca213d8e9619baf3805e641d58a
parent 1ac4f16fe99b6ded2415faf773bdd970561c4809

Add FIPS-compliant key generation that calls check_fips for RSA and EC.

Change-Id: Ie466b7b55bdd679c5baf2127bd8de4a5058fc3b7
Reviewed-on: https://boringssl-review.googlesource.com/16346
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

include/openssl/rsa.h

diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 6ce75f6..c4d7f53 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -122,6 +122,11 @@
 OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
                                        BN_GENCB *cb);
 
+/* RSA_generate_key_fips behaves like |RSA_generate_key_ex| but performs
+ * additional checks for FIPS compliance. The public exponent is always 65537
+ * and |bits| must be either 2048 or 3072. */
+OPENSSL_EXPORT int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb);
+
 
 /* Encryption / Decryption */