From fd3a6a49ee9e37fdae69e43ad2b44d84115b773d Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 4 Aug 2025 11:20:21 +1000 Subject: [PATCH] sshkdf: introduce conditionals on the FIPS only parameters Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/28163) --- providers/implementations/kdfs/sshkdf.c.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/implementations/kdfs/sshkdf.c.in b/providers/implementations/kdfs/sshkdf.c.in index 1f0a9108ccc..00a9b3e5c1e 100644 --- a/providers/implementations/kdfs/sshkdf.c.in +++ b/providers/implementations/kdfs/sshkdf.c.in @@ -217,8 +217,8 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, ['KDF_PARAM_SSHKDF_XCGHASH', 'xcg', 'octet_string'], ['KDF_PARAM_SSHKDF_SESSION_ID', 'sid', 'octet_string'], ['KDF_PARAM_SSHKDF_TYPE', 'type', 'utf8_string'], - ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], - ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], )); -} static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -297,7 +297,7 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx, {- produce_param_decoder('sshkdf_get_ctx_params', (['KDF_PARAM_SIZE', 'size', 'size_t'], - ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], )); -} static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) -- 2.47.3