Red Hat's patch of libgcrypt-1.7.3-fips-reqs.patch:
https://dev.gnupg.org/rC3c9c4647d147d6b5659c1b06f796187abe5e1913

I agree that we should add the check to new function gcry_kdf_derive.

I'm not sure if adding the check to:

• gcry_mpi_randomize
• gcry_prime_generate

won't introduce any regression in existing use cases.

I checked Debian source code by https://codesearch.debian.net/
It seems that all use cases are for crypto, so, adding the check makes sense (and it will be welcome).

Besides, if we will add the check to those two functions, why not also to gcry_prime_group_generator?