Index: libgcrypt-1.9.4/cipher/des.c =================================================================== --- libgcrypt-1.9.4.orig/cipher/des.c +++ libgcrypt-1.9.4/cipher/des.c @@ -1498,7 +1498,7 @@ static gcry_cipher_oid_spec_t oids_tripl gcry_cipher_spec_t _gcry_cipher_spec_tripledes = { - GCRY_CIPHER_3DES, {0, 1}, + GCRY_CIPHER_3DES, {0, 0}, "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx), do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt, NULL, NULL, Index: libgcrypt-1.9.4/cipher/mac-cmac.c =================================================================== --- libgcrypt-1.9.4.orig/cipher/mac-cmac.c +++ libgcrypt-1.9.4/cipher/mac-cmac.c @@ -458,7 +458,7 @@ gcry_mac_spec_t _gcry_mac_type_spec_cmac #endif #if USE_DES gcry_mac_spec_t _gcry_mac_type_spec_cmac_tripledes = { - GCRY_MAC_CMAC_3DES, {0, 1}, "CMAC_3DES", + GCRY_MAC_CMAC_3DES, {0, 0}, "CMAC_3DES", &cmac_ops }; #endif Index: libgcrypt-1.9.4/src/fips.c =================================================================== --- libgcrypt-1.9.4.orig/src/fips.c +++ libgcrypt-1.9.4/src/fips.c @@ -493,6 +493,10 @@ run_cipher_selftests (int extended) for (idx=0; algos[idx]; idx++) { + /* Skip non-approved cipher in FIPS mode */ + if (fips_mode() && algos[idx] == GCRY_CIPHER_3DES) + continue; + err = _gcry_cipher_selftest (algos[idx], extended, reporter); reporter ("cipher", algos[idx], NULL, err? gpg_strerror (err):NULL); @@ -558,6 +562,10 @@ run_mac_selftests (int extended) for (idx=0; algos[idx]; idx++) { + /* Skip non-approved MAC algorithm in FIPS mode */ + if (fips_mode() && algos[idx] == GCRY_MAC_CMAC_3DES) + continue; + err = _gcry_mac_selftest (algos[idx], extended, reporter); reporter ("mac", algos[idx], NULL, err? gpg_strerror (err):NULL);