Contrary to what the documentation for EVP_DigestSignInit(3) and
EVP_DigestVerifyInit(3) says, the EVP_PKEY_CTX created by these
functions is not automatically released inside of the FIPS provider due
to an #ifndef FIPS_MODULE in evp_md_ctx_reset_ex.
Resolves: rhbz#2102535
Use RSA-OAEP in FIPS self-tests and support a fixed OAEP seed to make
the test deterministic as required for a known-answer test.
Switch the signature FIPS self-test to use the digest_sign and
digest_verify provider functions using the EVP_DigestSign and
EVP_DigestVerify APIs, as the existing signature self-test does not
cover hash computation.
Switch the existing Diffie-Hellman FIPS self-test to use FFDHE2048,
a known safe prime from RFC 7919.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2102535
