fips: Add explicit indicators for md and mac algorithms.

* src/fips.c (_gcry_fips_indicator_mac): New function indicating
non-approved mac algorithms.
(_gcry_fips_indicator_md): new functions indicating non-approved
message digest algorithms.
* src/g10lib.h (_gcry_fips_indicator_mac): New function.
(_gcry_fips_indicator_md): Ditto.
* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbols,
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC and
GCRYCTL_FIPS_SERVICE_INDICATOR_MD.
* src/global.c (_gcry_vcontrol): Handle new FIPS indicators.

--

GnuPG-bug-id: 6376
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/src/global.c b/src/global.c
index debf6194..d16d3709 100644
--- a/src/global.c
+++ b/src/global.c
@@ -791,6 +791,20 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       rc = _gcry_fips_indicator_cipher (arg_ptr);
       break;
 
+    case GCRYCTL_FIPS_SERVICE_INDICATOR_MAC:
+      /* Get FIPS Service Indicator for a given message authentication code.
+       * Returns GPG_ERR_NO_ERROR if algorithm is allowed or
+       * GPG_ERR_NOT_SUPPORTED otherwise */
+      rc = _gcry_fips_indicator_mac (arg_ptr);
+      break;
+
+    case GCRYCTL_FIPS_SERVICE_INDICATOR_MD:
+      /* Get FIPS Service Indicator for a given message digest. Returns
+       * GPG_ERR_NO_ERROR if algorithm is allowed or GPG_ERR_NOT_SUPPORTED
+       * otherwise */
+      rc = _gcry_fips_indicator_md (arg_ptr);
+      break;
+
     case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
       /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
        * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */