Overview

File openssl-fips_SHA2_in_RSA_pairwise_test.patch of Package openssl-1_1.17236

Index: openssl-1.1.0i/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_gen.c	2019-11-25 17:02:41.088996100 +0100
+++ openssl-1.1.0i/crypto/rsa/rsa_gen.c	2019-11-25 17:19:50.112298574 +0100
@@ -36,11 +36,9 @@ int fips_check_rsa(RSA *rsa)
 
     /* Perform pairwise consistency signature test */
     if (!fips_pkey_signature_test(pk, tbs, -1,
-                                  NULL, 0, EVP_sha1(),
+                                  NULL, 0, EVP_sha256(),
                                   EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
-        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
-                                     EVP_MD_CTX_FLAG_PAD_X931, NULL)
-        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
+        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha256(),
                                      EVP_MD_CTX_FLAG_PAD_PSS, NULL))
         goto err;
     /* Now perform pairwise consistency encrypt/decrypt test */
openSUSE Build Service is sponsored by
Places