From: Paul Louvel Date: Tue, 20 Jan 2026 15:22:30 +0000 (+0100) Subject: fix: disable of ECDH and ECDSA algorithms X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b60869717dd9d5c873ed74d248faecbd2cf110f3;p=thirdparty%2Fopenssl.git fix: disable of ECDH and ECDSA algorithms Reviewed-by: Matt Caswell Reviewed-by: Paul Dale MergeDate: Fri Mar 13 15:50:40 2026 (Merged from https://github.com/openssl/openssl/pull/30212) --- diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index cbd2d10539e..ab2a8895ad3 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -455,7 +455,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keyexch_functions }, #endif #ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECDH { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, +#endif #ifndef OPENSSL_NO_ECX { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions }, { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions }, @@ -514,6 +516,7 @@ static const OSSL_ALGORITHM fips_signature[] = { { PROV_NAMES_ED448ph, FIPS_DEFAULT_PROPERTIES, ossl_ed448ph_signature_functions }, #endif +#ifndef OPENSSL_NO_ECDSA { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, { PROV_NAMES_ECDSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha1_signature_functions }, { PROV_NAMES_ECDSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha224_signature_functions }, @@ -525,6 +528,7 @@ static const OSSL_ALGORITHM fips_signature[] = { { PROV_NAMES_ECDSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_384_signature_functions }, { PROV_NAMES_ECDSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_512_signature_functions }, #endif +#endif #ifndef OPENSSL_NO_ML_DSA { PROV_NAMES_ML_DSA_44, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_44_signature_functions }, { PROV_NAMES_ML_DSA_65, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_65_signature_functions },