hmac drbg: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

diff --git a/providers/implementations/rands/drbg_hmac.c.in b/providers/implementations/rands/drbg_hmac.c.in
index 6b7a15c894e4263e9b0ab4674f9c23ffa2aae8cb..4a52b5ed08b11e201cb54fa5c04cd4fe81158e6d 100644 (file)
--- a/providers/implementations/rands/drbg_hmac.c.in
+++ b/providers/implementations/rands/drbg_hmac.c.in
@@ -384,7 +384,7 @@ static void drbg_hmac_free(void *vdrbg)
                           ['DRBG_PARAM_RESEED_TIME',            'reseed_time', 'time_t'],
                           ['DRBG_PARAM_RESEED_REQUESTS',        'reseed_req',  'uint'],
                           ['DRBG_PARAM_RESEED_TIME_INTERVAL',   'reseed_int',  'uint64'],
-                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',         'int'],
+                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',         'int', 'fips'],
                          )); -}
 
 static int drbg_hmac_get_ctx_params(void *vdrbg, OSSL_PARAM params[])
@@ -557,7 +557,7 @@ static int drbg_hmac_set_ctx_params_locked
                           ['PROV_PARAM_CORE_PROV_NAME',       'prov',        'utf8_string'],
                           ['DRBG_PARAM_RESEED_REQUESTS',      'reseed_req',  'uint'],
                           ['DRBG_PARAM_RESEED_TIME_INTERVAL', 'reseed_time', 'uint64'],
-                          ['KDF_PARAM_FIPS_DIGEST_CHECK',     'ind_d',       'int'],
+                          ['KDF_PARAM_FIPS_DIGEST_CHECK',     'ind_d',       'int', 'fips'],
                          )); -}
 
 static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[])