Preliminary support for X9.31 RSA key generation for FIPS.

Included prime derivation, random prime generation, test program and
new option to genrsa.

apps/genrsa.c

@@ -88,6 +88,9 @@ int MAIN(int argc, char **argv)
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
+#ifdef OPENSSL_FIPS
+	int use_x931 = 0;
+#endif
 	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
@@ -126,6 +129,10 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+#ifdef OPENSSL_FIPS
+		else if (strcmp(*argv,"-x931") == 0)
+			use_x931 = 1;
+#endif
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
@@ -233,11 +240,27 @@ bad:
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
+#ifdef OPENSSL_FIPS
+	if (use_x931)
+		{
+		BIGNUM *pubexp;
+		pubexp = BN_new();
+		BN_set_word(pubexp, f4);
+		rsa = RSA_X931_generate_key(num, pubexp, genrsa_cb, bio_err);
+		BN_free(pubexp);
+		}
+	else
+#endif
+		rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
 		
 	app_RAND_write_file(NULL, bio_err);
 
-	if (rsa == NULL) goto err;
+	if (rsa == NULL)
+		{
+		BIO_printf(bio_err, "Key Generation error\n");
+
+		goto err;
+		}
 	
 	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */