From 472ead8be38f0101e7ccdc6764868f1fc0e4b55b Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Mon, 4 Aug 2025 11:20:21 +1000
Subject: [PATCH] sskdf: introduce conditionals on the FIPS only parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28163)
---
 providers/implementations/kdfs/sskdf.c.in | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/providers/implementations/kdfs/sskdf.c.in b/providers/implementations/kdfs/sskdf.c.in
index 4b3ce3bd251..51ec1b23237 100644
--- a/providers/implementations/kdfs/sskdf.c.in
+++ b/providers/implementations/kdfs/sskdf.c.in
@@ -545,8 +545,10 @@ struct sskdf_all_set_ctx_params_st {
     OSSL_PARAM *mac;
     OSSL_PARAM *salt;
     OSSL_PARAM *size;
+#ifdef FIPS_MODULE
     OSSL_PARAM *ind_k;
     OSSL_PARAM *ind_d;
+#endif
     OSSL_PARAM *info[SSKDF_MAX_INFOS];
     int num_info;
 };
@@ -618,7 +620,7 @@ static int sskdf_common_set_ctx_params
                           ['KDF_PARAM_MAC',            'mac',    'utf8_string'],
                           ['KDF_PARAM_SALT',           'salt',   'octet_string'],
                           ['KDF_PARAM_MAC_SIZE',       'size',   'size_t'],
-                          ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k',  'int'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k',  'int', 'fips'],
                          )); -}
 
 static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
@@ -652,7 +654,7 @@ static const OSSL_PARAM *sskdf_settable_ctx_params(ossl_unused void *ctx,
 
 {- produce_param_decoder('sskdf_get_ctx_params',
                          (['KDF_PARAM_SIZE',                    'size',   'size_t'],
-                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int'],
+                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int', 'fips'],
                          )); -}
 
 static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[])
@@ -692,8 +694,8 @@ static const OSSL_PARAM *sskdf_common_gettable_ctx_params
                           ['KDF_PARAM_MAC',               'mac',    'utf8_string'],
                           ['KDF_PARAM_SALT',              'salt',   'octet_string'],
                           ['KDF_PARAM_MAC_SIZE',          'size',   'size_t'],
-                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',  'int'],
-                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',  'int'],
+                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',  'int', 'fips'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',  'int', 'fips'],
                          )); -}
 
 static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
-- 
2.47.3