From 88d544c83066783527b59878682c006e6d464ed8 Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 4 Aug 2025 11:20:21 +1000 Subject: [PATCH] tls1_prf: introduce conditionals on the FIPS only parameters Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/28163) --- providers/implementations/kdfs/tls1_prf.c.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/providers/implementations/kdfs/tls1_prf.c.in b/providers/implementations/kdfs/tls1_prf.c.in index 7b407b21699..1705b4b6f1f 100644 --- a/providers/implementations/kdfs/tls1_prf.c.in +++ b/providers/implementations/kdfs/tls1_prf.c.in @@ -292,9 +292,9 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, ['KDF_PARAM_DIGEST', 'digest', 'utf8_string'], ['KDF_PARAM_SECRET', 'secret', 'octet_string'], ['KDF_PARAM_SEED', 'seed', 'octet_string', TLSPRF_MAX_SEEDS], - ['KDF_PARAM_FIPS_EMS_CHECK', 'ind_e', 'int'], - ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], - ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['KDF_PARAM_FIPS_EMS_CHECK', 'ind_e', 'int', 'fips'], + ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], )); -} static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -428,7 +428,7 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params( {- produce_param_decoder('tls1prf_get_ctx_params', (['KDF_PARAM_SIZE', 'size', 'size_t'], - ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], )); -} static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[]) -- 2.47.2