gpg: Improve/relax the checking of preference options.

* g10/keygen.c (keygen_set_std_prefs): Add S2 only if available. Do not return an error if one algorithm could be added. -- Suggested-by: William Ahern This is to fix problems when running Libgcrypt in FIPS mode. See https://lists.gnupg.org/pipermail/gnupg-devel/2025-March/035821.html
author: Werner Koch <[email protected]> 2025-10-24 14:21:10 +0000
committer: Werner Koch <[email protected]> 2025-10-24 14:22:04 +0000
commit: 6570700fddcb92ce08024a651dd6989025fe9e20 (patch)
tree: c081d4b0066426de79a176fea65359946120b7c8 /g10/misc.c
parent: gpg: Fix possible memory corruption in the armor parser. (diff)
download: gnupg-6570700fddcb92ce08024a651dd6989025fe9e20.tar.gz
gnupg-6570700fddcb92ce08024a651dd6989025fe9e20.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/g10/misc.c b/g10/misc.c
index 43be620e6..58932ed7b 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1231,7 +1231,10 @@ obsolete_scdaemon_option (const char *configname, unsigned int configlineno,
 
 /*
  * Wrapper around gcry_cipher_map_name to provide a fallback using the
- * "Sn" syntax as used by the preference strings.
+ * "Sn" syntax as used by the preference strings.  Note that only the
+ * second syntax does a check on the actual availibily of the
+ * algorithm.  That might make a difference in case Libgcrypt is
+ * running in FIPS mode.
  */
 int
 string_to_cipher_algo (const char *string)
author	Werner Koch <[email protected]>	2025-10-24 14:21:10 +0000
committer	Werner Koch <[email protected]>	2025-10-24 14:22:04 +0000
commit	6570700fddcb92ce08024a651dd6989025fe9e20 (patch)
tree	c081d4b0066426de79a176fea65359946120b7c8 /g10/misc.c
parent	gpg: Fix possible memory corruption in the armor parser. (diff)
download	gnupg-6570700fddcb92ce08024a651dd6989025fe9e20.tar.gz gnupg-6570700fddcb92ce08024a651dd6989025fe9e20.zip