fips: remove P-192 (legacy operations only curve)

prime192v1 (P-192) is allowed for signature verification and key pair verification but not for signature generation. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
openssl · Apr 18, 2024 · 6d0a0c3 · 6d0a0c3
1 parent da8b630
commit 6d0a0c3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
@@ -29,6 +29,7 @@ typedef struct {
     unsigned int cofactor;      /* promoted to BN_ULONG */
 } EC_CURVE_DATA;
 
+#ifdef FIPS_MODULE
 /* the nist prime curves */
 static const struct {
     EC_CURVE_DATA h;
@@ -61,6 +62,7 @@ static const struct {
         0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
     }
 };
+#endif /* FIPS_MODULE */
 
 static const struct {
     EC_CURVE_DATA h;
@@ -2856,8 +2858,6 @@ static const ec_list_element curve_list[] = {
      "NIST/SECG curve over a 521 bit prime field"},
 
     /* X9.62 curves */
-    {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
-     "NIST/X9.62/SECG curve over a 192 bit prime field"},
     {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
 # if defined(ECP_NISTZ256_ASM)
      EC_GFp_nistz256_method,

diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
@@ -168,10 +168,8 @@ static const OSSL_PARAM param_group_list[][10] = {
     TLS_GROUP_ENTRY("secp160r1", "secp160r1", "EC", 15),
     TLS_GROUP_ENTRY("secp160r2", "secp160r2", "EC", 16),
     TLS_GROUP_ENTRY("secp192k1", "secp192k1", "EC", 17),
-#  endif
     TLS_GROUP_ENTRY("secp192r1", "prime192v1", "EC", 18),
     TLS_GROUP_ENTRY("P-192", "prime192v1", "EC", 18), /* Alias of above */
-#  ifndef FIPS_MODULE
     TLS_GROUP_ENTRY("secp224k1", "secp224k1", "EC", 19),
 #  endif
     TLS_GROUP_ENTRY("secp224r1", "secp224r1", "EC", 20),