tls1_prf: introduce conditionals on the FIPS only parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28163)

diff --git a/providers/implementations/kdfs/tls1_prf.c.in b/providers/implementations/kdfs/tls1_prf.c.in
index 7b407b216996f5d45384b75bf4ab16d6cd8ce471..1705b4b6f1f48dfee77ab5a84420b629e1102941 100644 (file)
--- a/providers/implementations/kdfs/tls1_prf.c.in
+++ b/providers/implementations/kdfs/tls1_prf.c.in
@@ -292,9 +292,9 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
                           ['KDF_PARAM_DIGEST',            'digest', 'utf8_string'],
                           ['KDF_PARAM_SECRET',            'secret', 'octet_string'],
                           ['KDF_PARAM_SEED',              'seed',   'octet_string', TLSPRF_MAX_SEEDS],
-                          ['KDF_PARAM_FIPS_EMS_CHECK',    'ind_e',  'int'],
-                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',  'int'],
-                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',  'int'],
+                          ['KDF_PARAM_FIPS_EMS_CHECK',    'ind_e',  'int', 'fips'],
+                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',  'int', 'fips'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',  'int', 'fips'],
                          )); -}
 
 static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
@@ -428,7 +428,7 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(
 
 {- produce_param_decoder('tls1prf_get_ctx_params',
                          (['KDF_PARAM_SIZE',                    'size', 'size_t'],
-                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',  'int'],
+                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',  'int', 'fips'],
                          )); -}
 
 static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])