--- g10/encrypt.c | 5 ++++- g10/mainproc.c | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) Index: gnupg-2.2.8/g10/encrypt.c =================================================================== --- gnupg-2.2.8.orig/g10/encrypt.c +++ gnupg-2.2.8/g10/encrypt.c @@ -825,7 +825,10 @@ encrypt_filter (void *opaque, int contro /* Because 3DES is implicitly in the prefs, this can only happen if we do not have any public keys in the list. */ - efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; + /* Libgcrypt manual says that gcry_version_check must be called + before calling gcry_fips_mode_active. */ + gcry_check_version (NULL); + efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO; } /* In case 3DES has been selected, print a warning if Index: gnupg-2.2.8/g10/mainproc.c =================================================================== --- gnupg-2.2.8.orig/g10/mainproc.c +++ gnupg-2.2.8/g10/mainproc.c @@ -821,7 +821,12 @@ proc_plaintext( CTX c, PACKET *pkt ) according to 2440, so hopefully it won't come up that often. There is no good way to specify what algorithms to use in that case, so these there are the historical answer. */ - gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); + + /* Libgcrypt manual says that gcry_version_check must be called + before calling gcry_fips_mode_active. */ + gcry_check_version (NULL); + if( !gcry_fips_mode_active() ) + gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); } if (DBG_HASHING)