rsa sig: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

diff --git a/providers/implementations/signature/rsa_sig.c.in b/providers/implementations/signature/rsa_sig.c.in
index 5f1485ed1c9d0c40b0074da3f9100040f479a1ff..ca4a9ba5f4d1a6d6aeea71c1b93338f68359a205 100644 (file)
--- a/providers/implementations/signature/rsa_sig.c.in
+++ b/providers/implementations/signature/rsa_sig.c.in
@@ -1393,8 +1393,8 @@ static void *rsa_dupctx(void *vprsactx)
                           ['SIGNATURE_PARAM_MGF1_DIGEST',             'mgf1',   'utf8_string'],
                           ['SIGNATURE_PARAM_PSS_SALTLEN',             'slen',   'utf8_string'],
                           ['SIGNATURE_PARAM_PSS_SALTLEN',             'slen',   'int'],
-                          ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE',     'verify', 'uint'],
-                          ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int'],
+                          ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE',     'verify', 'uint', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int', 'fips'],
                          )); -}
 
 static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
@@ -1532,10 +1532,10 @@ static int rsa_x931_padding_allowed(PROV_RSA_CTX *ctx)
                           ['SIGNATURE_PARAM_MGF1_PROPERTIES',            'mgf1pq',   'utf8_string'],
                           ['SIGNATURE_PARAM_PSS_SALTLEN',                'slen',     'utf8_string'],
                           ['SIGNATURE_PARAM_PSS_SALTLEN',                'slen',     'int'],
-                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',             'ind_k',    'int'],
-                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK',          'ind_d',    'int'],
-                          ['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int'],
-                          ['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK',   'ind_xpad', 'int'],
+                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',             'ind_k',    'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK',          'ind_d',    'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK',   'ind_xpad', 'int', 'fips'],
                          )); -}
 
 #define rsa_set_ctx_params_no_digest_st  rsa_set_ctx_params_st
@@ -1547,10 +1547,10 @@ static int rsa_x931_padding_allowed(PROV_RSA_CTX *ctx)
                           ['SIGNATURE_PARAM_MGF1_PROPERTIES',            'mgf1pq',   'utf8_string'],
                           ['SIGNATURE_PARAM_PSS_SALTLEN',                'slen',     'utf8_string'],
                           ['SIGNATURE_PARAM_PSS_SALTLEN',                'slen',     'int'],
-                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',             'ind_k',    'int'],
-                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK',          'ind_d',    'int'],
-                          ['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int'],
-                          ['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK',   'ind_xpad', 'int'],
+                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',             'ind_k',    'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK',          'ind_d',    'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK',   'ind_xpad', 'int', 'fips'],
                          )); -}
 
 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])