md: Make SHA1 non-FIPS and differentiate in the SLI
* cipher/md.c (_gcry_md_open, md_enable, _gcry_md_enable, md_copy): Differentiate SHA1. * cipher/sha1.c (_gcry_digest_spec_sha1): Make SHA1 not FIPS. * src/fips.c (_gcry_fips_indicator_mac, _gcry_fips_indicator_md, run_digest_selftests, run_mac_selftests): Differentiate SHA1. * src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_MD_SHA1): New. * tests/basic.c: (check_pubkey_sign): Use sha256 for baddata, add FLAG_NOFIPS to non FIPS compliant tests that use SHA1, and improve error messages. * tests/pkcs1v2.c (main): Skip tests in FIPS mode. * tests/t-fips-service-ind.c (check_kdf_derive): Use sha256 as pbkdf2 subalgo. * tests/t-fips-service-ind.c (check_mac_o_w_r_c): Check for rejection of SHA1 test cases if in FIPS mode.
- GnuPG-bug-id: T7338
- Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>