53 lines
1.9 KiB
Diff
53 lines
1.9 KiB
Diff
|
Index: libgcrypt-1.9.4/cipher/des.c
|
||
|
===================================================================
|
||
|
--- libgcrypt-1.9.4.orig/cipher/des.c
|
||
|
+++ libgcrypt-1.9.4/cipher/des.c
|
||
|
@@ -1498,7 +1498,7 @@ static gcry_cipher_oid_spec_t oids_tripl
|
||
|
|
||
|
gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
|
||
|
{
|
||
|
- GCRY_CIPHER_3DES, {0, 1},
|
||
|
+ GCRY_CIPHER_3DES, {0, 0},
|
||
|
"3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
|
||
|
do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt,
|
||
|
NULL, NULL,
|
||
|
Index: libgcrypt-1.9.4/cipher/mac-cmac.c
|
||
|
===================================================================
|
||
|
--- libgcrypt-1.9.4.orig/cipher/mac-cmac.c
|
||
|
+++ libgcrypt-1.9.4/cipher/mac-cmac.c
|
||
|
@@ -458,7 +458,7 @@ gcry_mac_spec_t _gcry_mac_type_spec_cmac
|
||
|
#endif
|
||
|
#if USE_DES
|
||
|
gcry_mac_spec_t _gcry_mac_type_spec_cmac_tripledes = {
|
||
|
- GCRY_MAC_CMAC_3DES, {0, 1}, "CMAC_3DES",
|
||
|
+ GCRY_MAC_CMAC_3DES, {0, 0}, "CMAC_3DES",
|
||
|
&cmac_ops
|
||
|
};
|
||
|
#endif
|
||
|
Index: libgcrypt-1.9.4/src/fips.c
|
||
|
===================================================================
|
||
|
--- libgcrypt-1.9.4.orig/src/fips.c
|
||
|
+++ libgcrypt-1.9.4/src/fips.c
|
||
|
@@ -493,6 +493,10 @@ run_cipher_selftests (int extended)
|
||
|
|
||
|
for (idx=0; algos[idx]; idx++)
|
||
|
{
|
||
|
+ /* Skip non-approved cipher in FIPS mode */
|
||
|
+ if (fips_mode() && algos[idx] == GCRY_CIPHER_3DES)
|
||
|
+ continue;
|
||
|
+
|
||
|
err = _gcry_cipher_selftest (algos[idx], extended, reporter);
|
||
|
reporter ("cipher", algos[idx], NULL,
|
||
|
err? gpg_strerror (err):NULL);
|
||
|
@@ -558,6 +562,10 @@ run_mac_selftests (int extended)
|
||
|
|
||
|
for (idx=0; algos[idx]; idx++)
|
||
|
{
|
||
|
+ /* Skip non-approved MAC algorithm in FIPS mode */
|
||
|
+ if (fips_mode() && algos[idx] == GCRY_MAC_CMAC_3DES)
|
||
|
+ continue;
|
||
|
+
|
||
|
err = _gcry_mac_selftest (algos[idx], extended, reporter);
|
||
|
reporter ("mac", algos[idx], NULL,
|
||
|
err? gpg_strerror (err):NULL);
|