commit 2099c069fd7e8f59fc3b4b4ce8dc484b080b0071
Author: Jan Bilek <jan.bilek@eftlab.com.au>
Date:   Sat Dec 21 01:35:06 2019 +0000

    des: Allowing weak keys for kcv

diff --git a/cipher/cipher.c b/cipher/cipher.c
index ab3e4240..6636eeac 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -504,7 +504,8 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
 		     | GCRY_CIPHER_SECURE
 		     | GCRY_CIPHER_ENABLE_SYNC
 		     | GCRY_CIPHER_CBC_CTS
-		     | GCRY_CIPHER_CBC_MAC))
+		     | GCRY_CIPHER_CBC_MAC
+         | GCRY_CIPHER_KCV))
 	  || ((flags & GCRY_CIPHER_CBC_CTS) && (flags & GCRY_CIPHER_CBC_MAC))))
     err = GPG_ERR_CIPHER_ALGO;
 
@@ -1497,6 +1498,9 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
 	h->flags &= ~GCRY_CIPHER_CBC_MAC;
       break;
 
+    case GCRYCTL_SET_KCV_MODE:
+      h->flags |= GCRY_CIPHER_KCV;
+
     case GCRYCTL_SET_CCM_LENGTHS:
       {
         u64 params[3];
diff --git a/cipher/des.c b/cipher/des.c
index e4d10caa..4cbe1a59 100644
--- a/cipher/des.c
+++ b/cipher/des.c
@@ -1386,14 +1386,12 @@ do_des_setkey (void *context, const byte *key, unsigned keylen,
 {
   struct _des_ctx *ctx = (struct _des_ctx *) context;
 
-  (void)hd;
-
   if (keylen != 8)
     return GPG_ERR_INV_KEYLEN;
 
   des_setkey (ctx, key);
 
-  if (is_weak_key (key)) {
+  if (is_weak_key (key) && !(h->flags | GCRY_CIPHER_KCV)) {
     _gcry_burn_stack (64);
     return GPG_ERR_WEAK_KEY;
   }
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index c008f0a6..da8b8afd 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -302,7 +302,7 @@ enum gcry_ctl_cmds
     GCRYCTL_ANY_INITIALIZATION_P = 40,
     GCRYCTL_SET_CBC_CTS = 41,
     GCRYCTL_SET_CBC_MAC = 42,
-    /* Note: 43 is not anymore used. */
+    GCRYCTL_SET_KCV_MODE = 43,
     GCRYCTL_ENABLE_QUICK_RANDOM = 44,
     GCRYCTL_SET_RANDOM_SEED_FILE = 45,
     GCRYCTL_UPDATE_RANDOM_SEED_FILE = 46,
@@ -981,7 +981,8 @@ enum gcry_cipher_flags
     GCRY_CIPHER_SECURE      = 1,  /* Allocate in secure memory. */
     GCRY_CIPHER_ENABLE_SYNC = 2,  /* Enable CFB sync mode. */
     GCRY_CIPHER_CBC_CTS     = 4,  /* Enable CBC cipher text stealing (CTS). */
-    GCRY_CIPHER_CBC_MAC     = 8   /* Enable CBC message auth. code (MAC). */
+    GCRY_CIPHER_CBC_MAC     = 8,  /* Enable CBC message auth. code (MAC). */
+    GCRY_CIPHER_KCV               /* Enable weak keys for Key Check Value generation. */
   };
 
 /* GCM works only with blocks of 128 bits */