From: Pauli <ppzgs1@gmail.com>
Date: Wed, 13 Aug 2025 02:54:12 +0000 (+1000)
Subject: rsa: make parameters conditional on FIPS
X-Git-Tag: openssl-3.6.0-alpha1~120
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b411ef0b530b78e68cffb76fd3e77b8f3b178e6a;p=thirdparty%2Fopenssl.git

rsa: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
---

diff --git a/providers/implementations/asymciphers/rsa_enc.c.in b/providers/implementations/asymciphers/rsa_enc.c.in
index 7eb9894b80b..c1c4f3e9595 100644
--- a/providers/implementations/asymciphers/rsa_enc.c.in
+++ b/providers/implementations/asymciphers/rsa_enc.c.in
@@ -372,7 +372,7 @@ static void *rsa_dupctx(void *vprsactx)
                           ['ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION',      'tlsver', 'uint'],
                           ['ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION',  'negver', 'uint'],
                           ['ASYM_CIPHER_PARAM_IMPLICIT_REJECTION',      'imrej',  'uint'],
-                          ['ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int'],
+                          ['ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int', 'fips'],
                          )); -}
 
 static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
@@ -469,8 +469,8 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
                           ['ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION',           'tlsver',  'uint'],
                           ['ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION',       'negver',  'uint'],
                           ['ASYM_CIPHER_PARAM_IMPLICIT_REJECTION',           'imrej',   'uint'],
-                          ['ASYM_CIPHER_PARAM_FIPS_KEY_CHECK',               'ind_k',   'int'],
-                          ['ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED', 'ind_pad', 'int'],
+                          ['ASYM_CIPHER_PARAM_FIPS_KEY_CHECK',               'ind_k',   'int', 'fips'],
+                          ['ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED', 'ind_pad', 'int', 'fips'],
                          )); -}
 
 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])