fips,kdf: Implement new FIPS service indicator for gcry_kdf_derive.
* cipher/kdf.c (_gcry_kdf_derive): Don't reject by GPG_ERR_INV_VALUE but continue the computation, clearing IS_COMPLIANT. After successful computation, call fips_service_indicator_mark_success with IS_COMPLIANT. * src/visibility.c (gcry_kdf_derive): Call fips_service_indicator_init. * tests/t-kdf.c (check_fips_gcry_kdf_derive): New. (main): Call check_fips_gcry_kdf_derive.
- GnuPG-bug-id: T7338
- Co-authored-by: David Sugar <david@atsec.com>
- Suggested-by: Stephan Mueller <smueller@chronox.de>
- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>