For RHEL we want apps to use FIPS-certified crypto libraries, and HMAC apparently counts as "keyed" and hence needs to be validated.
https://bugzilla.redhat.com/show_bug.cgi?id=1630260
This is a build-time option that backs the GHmac API with GnuTLS. Most distributors ship glib-networking built with GnuTLS, and most apps use glib-networking, so this isn't a net-new library in most cases.
However, a fun wrinkle is that the GnuTLS HMAC API doesn't expose
the necessary bits to implement g_hmac_copy(); OpenSSL does.
I chose to just make that abort for now since I didn't find
apps using it.