hkdf: introduce conditionals on the FIPS only parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28163)

diff --git a/providers/implementations/kdfs/hkdf.c.in b/providers/implementations/kdfs/hkdf.c.in
index 3750da86e5c5b81c6c4e8249a3b7c55698476d99..634577c4cf39d1d9c8f6a516dbbf8b5f38911506 100644 (file)
--- a/providers/implementations/kdfs/hkdf.c.in
+++ b/providers/implementations/kdfs/hkdf.c.in
@@ -271,8 +271,10 @@ struct hkdf_all_set_ctx_params_st {
     OSSL_PARAM *digest;
     OSSL_PARAM *key;
     OSSL_PARAM *salt;
+#ifdef FIPS_MODULE
     OSSL_PARAM *ind_k;
     OSSL_PARAM *ind_d;
+#endif
     OSSL_PARAM *prefix;
     OSSL_PARAM *label;
     OSSL_PARAM *data;
@@ -360,7 +362,7 @@ static int hkdf_common_set_ctx_params
                           ['KDF_PARAM_DIGEST',         'digest', 'utf8_string'],
                           ['KDF_PARAM_KEY',            'key',    'octet_string'],
                           ['KDF_PARAM_SALT',           'salt',   'octet_string'],
-                          ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k',  'int'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k',  'int', 'fips'],
                           ['KDF_PARAM_INFO',           'info',   'octet_string', HKDF_MAX_INFOS],
                          )); -}
 
@@ -400,7 +402,7 @@ static const OSSL_PARAM *kdf_hkdf_settable_ctx_params(ossl_unused void *ctx,
                           ['KDF_PARAM_MODE',                    'mode',   'int'],
                           ['KDF_PARAM_SALT',                    'salt',   'octet_string'],
                           ['KDF_PARAM_INFO',                    'info',   'octet_string'],
-                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int'],
+                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int', 'fips'],
                          )); -}
 
 static const OSSL_PARAM *hkdf_gettable_ctx_params(ossl_unused void *ctx,
@@ -527,7 +529,7 @@ static void *kdf_hkdf_fixed_digest_new(void *provctx, const char *digest)
                           ['KDF_PARAM_DIGEST',         'digest', 'utf8_string',  'hidden'],
                           ['KDF_PARAM_KEY',            'key',    'octet_string'],
                           ['KDF_PARAM_SALT',           'salt',   'octet_string'],
-                          ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k',  'int'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k',  'int', 'fips'],
                           ['KDF_PARAM_INFO',           'info',   'octet_string', HKDF_MAX_INFOS],
                          )); -}
 
@@ -1014,8 +1016,8 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
                           ['KDF_PARAM_DIGEST',            'digest', 'utf8_string'],
                           ['KDF_PARAM_KEY',               'key',    'octet_string'],
                           ['KDF_PARAM_SALT',              'salt',   'octet_string'],
-                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',  'int'],
-                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',  'int'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',  'int', 'fips'],
+                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',  'int', 'fips'],
                           ['KDF_PARAM_PREFIX',            'prefix', 'octet_string'],
                           ['KDF_PARAM_LABEL',             'label',  'octet_string'],
                           ['KDF_PARAM_DATA',              'data',   'octet_string'],