ecdsa sig: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

diff --git a/providers/implementations/signature/ecdsa_sig.c.in b/providers/implementations/signature/ecdsa_sig.c.in
index 4c18f495d69ecef916453936dc1902bbda5c9c83..6fd3bed09feaffd4ff85f3146722cc1956cd4a84 100644 (file)
--- a/providers/implementations/signature/ecdsa_sig.c.in
+++ b/providers/implementations/signature/ecdsa_sig.c.in
@@ -680,8 +680,8 @@ static void *ecdsa_dupctx(void *vctx)
                           ['SIGNATURE_PARAM_DIGEST_SIZE',             'size',   'size_t'],
                           ['SIGNATURE_PARAM_DIGEST',                  'digest', 'utf8_string'],
                           ['SIGNATURE_PARAM_NONCE_TYPE',              'nonce',  'uint'],
-                          ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE',     'verify', 'uint'],
-                          ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int'],
+                          ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE',     'verify', 'uint', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int', 'fips'],
                          )); -}
 
 static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
@@ -730,9 +730,13 @@ struct ecdsa_all_set_ctx_params_st {
     OSSL_PARAM *digest;     /* ecdsa_set_ctx_params */
     OSSL_PARAM *propq;      /* ecdsa_set_ctx_params */
     OSSL_PARAM *size;       /* ecdsa_set_ctx_params */
+#ifdef FIPS_MODULE
     OSSL_PARAM *ind_d;
     OSSL_PARAM *ind_k;
+#endif
+#if !defined(OPENSSL_NO_ACVP_TESTS)
     OSSL_PARAM *kat;
+#endif
     OSSL_PARAM *nonce;
     OSSL_PARAM *sig;        /* ecdsa_sigalg_set_ctx_params */
 };
@@ -768,10 +772,11 @@ static int ecdsa_common_set_ctx_params(PROV_ECDSA_CTX *ctx,
                          (['SIGNATURE_PARAM_DIGEST',            'digest',   'utf8_string'],
                           ['SIGNATURE_PARAM_PROPERTIES',        'propq',    'utf8_string'],
                           ['SIGNATURE_PARAM_DIGEST_SIZE',       'size',     'size_t'],
-                          ['SIGNATURE_PARAM_KAT',               'kat',      'uint'],
+                          ['SIGNATURE_PARAM_KAT',               'kat',      'uint',
+                           "#if !defined(OPENSSL_NO_ACVP_TESTS)"],
                           ['SIGNATURE_PARAM_NONCE_TYPE',        'nonce',    'uint'],
-                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',    'ind_k',    'int'],
-                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d',    'int'],
+                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',    'ind_k',    'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d',    'int', 'fips'],
                          )); -}
 
 static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
@@ -956,10 +961,11 @@ static const char **ecdsa_sigalg_query_key_types(void)
 
 {- produce_param_decoder('ecdsa_sigalg_set_ctx_params',
                          (['SIGNATURE_PARAM_SIGNATURE',         'sig',   'octet_string'],
-                          ['SIGNATURE_PARAM_KAT',               'kat',   'uint'],
+                          ['SIGNATURE_PARAM_KAT',               'kat',   'uint',
+                           "#if !defined(OPENSSL_NO_ACVP_TESTS)"],
                           ['SIGNATURE_PARAM_NONCE_TYPE',        'nonce', 'uint'],
-                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',    'ind_k', 'int'],
-                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
+                          ['SIGNATURE_PARAM_FIPS_KEY_CHECK',    'ind_k', 'int', 'fips'],
+                          ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'],
                          )); -}
 
 static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx,