Browse Source

Require Libgcrypt 1.9

* configure.ac: Require at least Libgcrypt 1.9.0.  Remove all
GCRYPT_VERSION_NUMBER dependent code.
--

Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
gniibe/pcsc-get-status
Werner Koch 2 years ago
parent
commit
9500432b7a
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
  1. 4
      agent/command.c
  2. 19
      agent/gpg-agent.c
  3. 6
      agent/pksign.c
  4. 4
      common/compliance.c
  5. 2
      common/sexputil.c
  6. 2
      configure.ac
  7. 24
      dirmngr/dns-stuff.c
  8. 3
      dirmngr/ks-engine-hkp.c
  9. 10
      g10/misc.c
  10. 11
      sm/certdump.c
  11. 2
      tools/gpgconf.c

4
agent/command.c

@ -3530,7 +3530,6 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
else if (!strcmp (line, "jent_active"))
{
#if GCRYPT_VERSION_NUMBER >= 0x010800
char *buf;
const char *fields[5];
@ -3542,9 +3541,6 @@ cmd_getinfo (assuan_context_t ctx, char *line)
else
rc = gpg_error (GPG_ERR_FALSE);
gcry_free (buf);
#else
rc = gpg_error (GPG_ERR_FALSE);
#endif
}
else if (!strcmp (line, "s2k_count_cal"))
{

19
agent/gpg-agent.c

@ -1007,9 +1007,7 @@ thread_init_once (void)
* has already been initialized but at that point nPth was not
* initialized and thus Libgcrypt could not set its system call
* clamp. */
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
#endif
}
@ -1817,23 +1815,6 @@ agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
break;
if (dispatch && dispatch->cb)
dispatch->cb (dispatch->ctrl, what, printchar, current, total);
/* Libgcrypt < 1.8 does not know about nPth and thus when it reads
* from /dev/random this will block the process. To mitigate this
* problem we yield the thread when Libgcrypt tells us that it needs
* more entropy. This way other threads have chance to run. */
#if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
if (what && !strcmp (what, "need_entropy"))
{
#if GPGRT_VERSION_NUMBER < 0x011900 /* 1.25 */
/* In older gpg-error versions gpgrt_yield is buggy for use with
* nPth and thus we need to resort to a sleep call. */
npth_usleep (1000); /* 1ms */
#else
gpgrt_yield ();
#endif
}
#endif
}

6
agent/pksign.c

@ -513,12 +513,6 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
if (err)
goto leave;
if (algo == GCRY_PK_RSA && GCRYPT_VERSION_NUMBER < 0x010700)
{
/* It's RSA and Libgcrypt < 1.7 */
check_signature = 1;
}
if (DBG_CRYPTO)
{
gcry_log_debugsxp ("skey", s_skey);

4
common/compliance.c

@ -499,7 +499,6 @@ gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance)
/* In DE_VS mode under Windows we require that the JENT RNG
* is active. */
#ifdef HAVE_W32_SYSTEM
# if GCRYPT_VERSION_NUMBER >= 0x010800
char *buf;
const char *fields[5];
@ -511,9 +510,6 @@ gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance)
else
result = 0;
gcry_free (buf);
# else
result = 0; /* No JENT - can't be compliant. */
# endif
#else /*!HAVE_W32_SYSTEM*/
result = 1; /* Not Windows - RNG is good. */
#endif /*!HAVE_W32_SYSTEM*/

2
common/sexputil.c

@ -871,9 +871,7 @@ hash_algo_to_string (int algo)
{ "md4", GCRY_MD_MD4 },
{ "tiger", GCRY_MD_TIGER },
{ "haval", GCRY_MD_HAVAL },
#if GCRYPT_VERSION_NUMBER >= 0x010900
{ "sm3", GCRY_MD_SM3 },
#endif
{ "md5", GCRY_MD_MD5 }
};
int i;

2
configure.ac

@ -56,7 +56,7 @@ AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch])
NEED_GPG_ERROR_VERSION=1.38
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.8.0
NEED_LIBGCRYPT_VERSION=1.9.0
NEED_LIBASSUAN_API=2
NEED_LIBASSUAN_VERSION=2.5.0

24
dirmngr/dns-stuff.c

@ -2461,15 +2461,27 @@ check_inet_support (int *r_v4, int *r_v6)
log_debug ("%s: addr: %s\n", __func__, buffer);
}
}
}
for (ai = aibuf; ai; ai = ai->ai_next)
{
if (ai->ai_family == AF_INET)
*r_v4 = 1;
}
for (ai = aibuf; ai; ai = ai->ai_next)
{
if (ai->ai_family == AF_INET6)
{
struct sockaddr_in6 *v6addr = (struct sockaddr_in6 *)ai->ai_addr;
if (!IN6_IS_ADDR_LINKLOCAL (&v6addr->sin6_addr))
*r_v6 = 1;
}
else if (ai->ai_family == AF_INET)
{
*r_v4 = 1;
if (!IN6_IS_ADDR_LINKLOCAL (&v6addr->sin6_addr)
&& (!*r_v4 || !IN6_IS_ADDR_LOOPBACK (&v6addr->sin6_addr)))
{
/* We only assume v6 if we do not have a v4 address or
* if the address is not ::1. Linklocal never
* indicates v6 support. */
*r_v6 = 1;
break;
}
}
}

3
dirmngr/ks-engine-hkp.c

@ -232,6 +232,9 @@ select_random_host (hostinfo_t hi)
size_t tblsize;
int pidx, idx;
/* CHECKTHIS(); See */
/* https://sources.debian.org/patches/gnupg2/2.2.20-1/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch/ */
/* We create a new table so that we randomly select only from
currently alive hosts. */
for (idx = 0, tblsize = 0;

10
g10/misc.c

@ -620,20 +620,14 @@ openpgp_aead_test_algo (aead_algo_t algo)
/* FIXME: We currently have no easy way to test whether libgcrypt
* implements a mode. The only way we can do this is to open a
* cipher context with that mode and close it immediately. That is
* a bit costly. So we look at the libgcrypt version and assume
* nothing has been patched out. */
* a bit costly. Thus in case we add another algo we need to look
* at the libgcrypt version and assume nothing has been patched out. */
switch (algo)
{
case AEAD_ALGO_NONE:
break;
case AEAD_ALGO_EAX:
#if GCRYPT_VERSION_NUMBER < 0x010900
break;
#else
return 0;
#endif
case AEAD_ALGO_OCB:
return 0;
}

11
sm/certdump.c

@ -103,11 +103,7 @@ gpgsm_print_serial_decimal (estream_t fp, ksba_const_sexp_t sn)
unsigned long n, i;
char *endp;
gcry_mpi_t a, r, ten;
#if GCRYPT_VERSION_NUMBER >= 0x010900 /* >= 1.9.0 */
unsigned int dd;
#else
unsigned char numbuf[10];
#endif
if (!p)
es_fputs (_("none"), fp);
@ -134,15 +130,8 @@ gpgsm_print_serial_decimal (estream_t fp, ksba_const_sexp_t sn)
do
{
gcry_mpi_div (a, r, a, ten, 0);
#if GCRYPT_VERSION_NUMBER >= 0x010900 /* >= 1.9.0 */
gcry_mpi_get_ui (&dd, r);
put_membuf_printf (&mb, "%u", dd);
#else
*numbuf = 0; /* Need to clear because USB format prints
* an empty string for a value of 0. */
gcry_mpi_print (GCRYMPI_FMT_USG, numbuf, 10, NULL, r);
put_membuf_printf (&mb, "%u", (unsigned int)*numbuf);
#endif
}
while (gcry_mpi_cmp_ui (a, 0));

2
tools/gpgconf.c

@ -1040,11 +1040,9 @@ show_version_libgcrypt (estream_t fp)
s = get_revision_from_blurb (gcry_check_version ("\x01\x01"), &n);
es_fprintf (fp, "* Libgcrypt %s (%.*s)\n",
gcry_check_version (NULL), n, s);
#if GCRYPT_VERSION_NUMBER >= 0x010800
s = gcry_get_config (0, NULL);
if (s)
es_fputs (s, fp);
#endif
}

Loading…
Cancel
Save