diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index acc34a586..fa4fb09c3 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -85,8 +85,7 @@ static int fips_check_dsa(DSA *dsa)
     	pk.type = EVP_PKEY_DSA;
     	pk.pkey.dsa = dsa;
 
-	if (!fips_pkey_signature_test(&pk, tbs, -1,
-					NULL, 0, EVP_sha1(), 0, NULL))
+	if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
 		{
 		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
 		fips_set_selftest_fail();
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 90d6b3cd7..7bef5dd6b 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -94,11 +94,11 @@ int fips_check_rsa(RSA *rsa)
 
 	/* Perform pairwise consistency signature test */
 	if (!fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_PKCS1_PADDING, NULL)
+			NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_X931_PADDING, NULL)
+			NULL, 0, NULL, RSA_X931_PADDING, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_PKCS1_PSS_PADDING, NULL))
+			NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
 		goto err;
 	/* Now perform pairwise consistency encrypt/decrypt test */
 	ctbuf = OPENSSL_malloc(RSA_size(rsa));
diff --git a/fips/fips.c b/fips/fips.c
index 51696b5e7..6a90328d7 100644
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -454,6 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	if (tbslen == -1)
 		tbslen = strlen((char *)tbs);
 
+	if (digest == NULL)
+		digest = EVP_sha256();
+
 	if (!FIPS_digestinit(&mctx, digest))
 		goto error;
 	if (!FIPS_digestupdate(&mctx, tbs, tbslen))