fips: Add support for KDF FIPS indicators

* src/fips.c (_gcry_fips_indicator): rename to
  _gcry_fips_indicator_cipher().
  (_gcry_fips_indicator_kdf): New function.
* src/g10lib.h: Rename _gcry_fips_indicator to
  _gcry_fips_indicator_cipher() and add _gcry_fips_indicator_kdf()
* src/gcrypt.h.in (enum gcry_ctl_cmds): Add
  GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER and
  GCRYCTL_FIPS_SERVICE_INDICATOR_KDF.
* src/global.c (_gcry_vcontrol): Implement support for KDF FIPS
  Indicator separate from the cipher one.
--

GnuPG-bug-id: 5512
Signed-off-by: Jakub Jelen <jjelen@redhat.com>

1 files changed, 10 insertions, 4 deletions

diff --git a/src/global.c b/src/global.c
index 054998f2..7cf40e4a 100644
--- a/src/global.c
+++ b/src/global.c
@@ -784,11 +784,17 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       rc = _gcry_fips_run_selftests (1);
       break;
 
-    case GCRYCTL_FIPS_SERVICE_INDICATOR:
-      /* Get FIPS Service Indicator for a given algorithm and optional mode.
-       * Returns GPG_ERR_NO_ERROR if algorithm is allowed or
+    case GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER:
+      /* Get FIPS Service Indicator for a given symmetric algorithm and
+       * optional mode. Returns GPG_ERR_NO_ERROR if algorithm is allowed or
        * GPG_ERR_NOT_SUPPORTED otherwise */
-      rc = _gcry_fips_indicator (arg_ptr);
+      rc = _gcry_fips_indicator_cipher (arg_ptr);
+      break;
+
+    case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
+      /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
+       * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
+      rc = _gcry_fips_indicator_kdf (arg_ptr);
       break;
 
     case PRIV_CTL_INIT_EXTRNG_TEST:  /* Init external random test.  */