File openssl-fips_SHA2_in_RSA_pairwise_test.patch of Package openssl-1_1.14217
Index: openssl-1.1.0i/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_gen.c 2019-11-25 17:02:41.088996100 +0100
+++ openssl-1.1.0i/crypto/rsa/rsa_gen.c 2019-11-25 17:19:50.112298574 +0100
@@ -36,11 +36,9 @@ int fips_check_rsa(RSA *rsa)
/* Perform pairwise consistency signature test */
if (!fips_pkey_signature_test(pk, tbs, -1,
- NULL, 0, EVP_sha1(),
+ NULL, 0, EVP_sha256(),
EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
- || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
- EVP_MD_CTX_FLAG_PAD_X931, NULL)
- || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
+ || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha256(),
EVP_MD_CTX_FLAG_PAD_PSS, NULL))
goto err;
/* Now perform pairwise consistency encrypt/decrypt test */