diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 70253f2f5..677b2b831 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -536,6 +536,15 @@ const char* wc_GetErrorString(int error)
     case RSA_PAT_FIPS_E:
         return "wolfcrypt FIPS RSA Pairwise Agreement Test Failure";
 
+    case KDF_TLS12_KAT_FIPS_E:
+        return "wolfcrypt FIPS TLSv1.2 KDF Known Answer Test Failure";
+
+    case KDF_TLS13_KAT_FIPS_E:
+        return "wolfcrypt FIPS TLSv1.3 KDF Known Answer Test Failure";
+
+    case KDF_SSH_KAT_FIPS_E:
+        return "wolfcrypt FIPS SSH KDF Known Answer Test Failure";
+
     default:
         return "unknown error number";
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 1e009122e..618f5e364 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -240,8 +240,11 @@ enum {
     BAD_LENGTH_E        = -279,  /* Value of length parameter is invalid. */
     ECDSA_KAT_FIPS_E    = -280,  /* ECDSA KAT failure */
     RSA_PAT_FIPS_E      = -281,  /* RSA Pairwise failure */
+    KDF_TLS12_KAT_FIPS_E = -282,  /* TLS12 KDF KAT failure */
+    KDF_TLS13_KAT_FIPS_E = -283,  /* TLS13 KDF KAT failure */
+    KDF_SSH_KAT_FIPS_E  = -284,  /* SSH KDF KAT failure */
 
-    WC_LAST_E           = -281,  /* Update this to indicate last error */
+    WC_LAST_E           = -284,  /* Update this to indicate last error */
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 
     /* add new companion error id strings for any new error codes
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
index 19386c882..42c53bf84 100644
--- a/wolfssl/wolfcrypt/fips_test.h
+++ b/wolfssl/wolfcrypt/fips_test.h
@@ -47,6 +47,9 @@ enum FipsCastId {
     FIPS_CAST_ECDSA,
     FIPS_CAST_ECDSA_PAIRWISE,
     FIPS_CAST_ECDSA_SHA3_PAIRWISE,
+    FIPS_CAST_KDF_TLS12,
+    FIPS_CAST_KDF_TLS13,
+    FIPS_CAST_KDF_SSH,
     FIPS_CAST_COUNT
 };