I'm wondering why the FIPS_selftest_dsa() function in fips_dsa_selftest.c uses EVP_sha384 with a 2048-bit DSA key during the fips_pkey_signature_test()?
If I'm reading the NIST standards (FIPS 186-3 and SP 800-57 Part 1) correctly, it looks like it is more usual for 2048-bit DSA keys to be paired with SHA 224 or SHA 256 during digital signature operations. As far as I can tell there is no prohibition against using SHA 384 (or SHA 512) with 2048-bit DSA keys, but FIPS 186-3 states that differing relative strengths of keys and hashes should only be used if "an agreement has been made between participating entities to use a stronger hash function." Thanks.
