+static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes,
+ BIGNUM *e_value, BN_GENCB *cb, int pairwise_test)
+{
+ int ok = 0;
+
+ /*
+ * Only multi-prime keys or insecure keys with a small key length will use
+ * the older rsa_multiprime_keygen().
+ */
+ if (primes == 2 && bits >= 2048)
+ ok = rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
+#ifndef FIPS_MODULE
+ else
+ ok = rsa_multiprime_keygen(rsa, bits, primes, e_value, cb);
+#endif /* FIPS_MODULE */
+
+#ifdef FIPS_MODULE
+ pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */
+#endif