sshkdf: introduce conditionals on the FIPS only parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28163)

diff --git a/providers/implementations/kdfs/sshkdf.c.in b/providers/implementations/kdfs/sshkdf.c.in
index 1f0a9108cccc02adcf89d7be9fc6e706790c7e20..00a9b3e5c1e78f265a9fe736503192cddc1f58a1 100644 (file)
--- a/providers/implementations/kdfs/sshkdf.c.in
+++ b/providers/implementations/kdfs/sshkdf.c.in
@@ -217,8 +217,8 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen,
                           ['KDF_PARAM_SSHKDF_XCGHASH',    'xcg',     'octet_string'],
                           ['KDF_PARAM_SSHKDF_SESSION_ID', 'sid',     'octet_string'],
                           ['KDF_PARAM_SSHKDF_TYPE',       'type',    'utf8_string'],
-                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',   'int'],
-                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',   'int'],
+                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',   'int', 'fips'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',   'int', 'fips'],
                          )); -}
 
 static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
@@ -297,7 +297,7 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx,
 
 {- produce_param_decoder('sshkdf_get_ctx_params',
                          (['KDF_PARAM_SIZE',                    'size', 'size_t'],
-                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',  'int'],
+                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',  'int', 'fips'],
                          )); -}
 
 static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])