PROV: Avoid MDC2 in the RSA signature implementation in the FIPS module

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)

diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index 3f941b10327b18af68849ec90937c4409b54e128..6b0f55a19aa02f240263bae147341206276f9c9e 100644 (file)
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -308,6 +308,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
             return 0;
         }
 
+#ifndef FIPS_MODE
         if (EVP_MD_is_a(prsactx->md, OSSL_DIGEST_NAME_MDC2)) {
             unsigned int sltmp;
 
@@ -326,6 +327,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
             ret = sltmp;
             goto end;
         }
+#endif
 
         switch (prsactx->pad_mode) {
         case RSA_X931_PADDING:
@@ -401,7 +403,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
                                   prsactx->pad_mode);
     }
 
-#ifdef LEGACY_MODE
+#ifndef FIPS_MODE
  end:
 #endif
     if (ret <= 0) {