mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
Require Libgcrypt 1.9
* configure.ac: Require at least Libgcrypt 1.9.0. Remove all GCRYPT_VERSION_NUMBER dependent code. -- Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in RFC4880bis. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
93d5d7ea2a
commit
9500432b7a
@ -3530,7 +3530,6 @@ cmd_getinfo (assuan_context_t ctx, char *line)
|
|||||||
}
|
}
|
||||||
else if (!strcmp (line, "jent_active"))
|
else if (!strcmp (line, "jent_active"))
|
||||||
{
|
{
|
||||||
#if GCRYPT_VERSION_NUMBER >= 0x010800
|
|
||||||
char *buf;
|
char *buf;
|
||||||
const char *fields[5];
|
const char *fields[5];
|
||||||
|
|
||||||
@ -3542,9 +3541,6 @@ cmd_getinfo (assuan_context_t ctx, char *line)
|
|||||||
else
|
else
|
||||||
rc = gpg_error (GPG_ERR_FALSE);
|
rc = gpg_error (GPG_ERR_FALSE);
|
||||||
gcry_free (buf);
|
gcry_free (buf);
|
||||||
#else
|
|
||||||
rc = gpg_error (GPG_ERR_FALSE);
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
else if (!strcmp (line, "s2k_count_cal"))
|
else if (!strcmp (line, "s2k_count_cal"))
|
||||||
{
|
{
|
||||||
|
@ -1007,9 +1007,7 @@ thread_init_once (void)
|
|||||||
* has already been initialized but at that point nPth was not
|
* has already been initialized but at that point nPth was not
|
||||||
* initialized and thus Libgcrypt could not set its system call
|
* initialized and thus Libgcrypt could not set its system call
|
||||||
* clamp. */
|
* clamp. */
|
||||||
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
|
|
||||||
gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
|
gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1817,23 +1815,6 @@ agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
|
|||||||
break;
|
break;
|
||||||
if (dispatch && dispatch->cb)
|
if (dispatch && dispatch->cb)
|
||||||
dispatch->cb (dispatch->ctrl, what, printchar, current, total);
|
dispatch->cb (dispatch->ctrl, what, printchar, current, total);
|
||||||
|
|
||||||
/* Libgcrypt < 1.8 does not know about nPth and thus when it reads
|
|
||||||
* from /dev/random this will block the process. To mitigate this
|
|
||||||
* problem we yield the thread when Libgcrypt tells us that it needs
|
|
||||||
* more entropy. This way other threads have chance to run. */
|
|
||||||
#if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
|
|
||||||
if (what && !strcmp (what, "need_entropy"))
|
|
||||||
{
|
|
||||||
#if GPGRT_VERSION_NUMBER < 0x011900 /* 1.25 */
|
|
||||||
/* In older gpg-error versions gpgrt_yield is buggy for use with
|
|
||||||
* nPth and thus we need to resort to a sleep call. */
|
|
||||||
npth_usleep (1000); /* 1ms */
|
|
||||||
#else
|
|
||||||
gpgrt_yield ();
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -513,12 +513,6 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
|
|||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if (algo == GCRY_PK_RSA && GCRYPT_VERSION_NUMBER < 0x010700)
|
|
||||||
{
|
|
||||||
/* It's RSA and Libgcrypt < 1.7 */
|
|
||||||
check_signature = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (DBG_CRYPTO)
|
if (DBG_CRYPTO)
|
||||||
{
|
{
|
||||||
gcry_log_debugsxp ("skey", s_skey);
|
gcry_log_debugsxp ("skey", s_skey);
|
||||||
|
@ -499,7 +499,6 @@ gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance)
|
|||||||
/* In DE_VS mode under Windows we require that the JENT RNG
|
/* In DE_VS mode under Windows we require that the JENT RNG
|
||||||
* is active. */
|
* is active. */
|
||||||
#ifdef HAVE_W32_SYSTEM
|
#ifdef HAVE_W32_SYSTEM
|
||||||
# if GCRYPT_VERSION_NUMBER >= 0x010800
|
|
||||||
char *buf;
|
char *buf;
|
||||||
const char *fields[5];
|
const char *fields[5];
|
||||||
|
|
||||||
@ -511,9 +510,6 @@ gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance)
|
|||||||
else
|
else
|
||||||
result = 0;
|
result = 0;
|
||||||
gcry_free (buf);
|
gcry_free (buf);
|
||||||
# else
|
|
||||||
result = 0; /* No JENT - can't be compliant. */
|
|
||||||
# endif
|
|
||||||
#else /*!HAVE_W32_SYSTEM*/
|
#else /*!HAVE_W32_SYSTEM*/
|
||||||
result = 1; /* Not Windows - RNG is good. */
|
result = 1; /* Not Windows - RNG is good. */
|
||||||
#endif /*!HAVE_W32_SYSTEM*/
|
#endif /*!HAVE_W32_SYSTEM*/
|
||||||
|
@ -871,9 +871,7 @@ hash_algo_to_string (int algo)
|
|||||||
{ "md4", GCRY_MD_MD4 },
|
{ "md4", GCRY_MD_MD4 },
|
||||||
{ "tiger", GCRY_MD_TIGER },
|
{ "tiger", GCRY_MD_TIGER },
|
||||||
{ "haval", GCRY_MD_HAVAL },
|
{ "haval", GCRY_MD_HAVAL },
|
||||||
#if GCRYPT_VERSION_NUMBER >= 0x010900
|
|
||||||
{ "sm3", GCRY_MD_SM3 },
|
{ "sm3", GCRY_MD_SM3 },
|
||||||
#endif
|
|
||||||
{ "md5", GCRY_MD_MD5 }
|
{ "md5", GCRY_MD_MD5 }
|
||||||
};
|
};
|
||||||
int i;
|
int i;
|
||||||
|
@ -56,7 +56,7 @@ AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch])
|
|||||||
NEED_GPG_ERROR_VERSION=1.38
|
NEED_GPG_ERROR_VERSION=1.38
|
||||||
|
|
||||||
NEED_LIBGCRYPT_API=1
|
NEED_LIBGCRYPT_API=1
|
||||||
NEED_LIBGCRYPT_VERSION=1.8.0
|
NEED_LIBGCRYPT_VERSION=1.9.0
|
||||||
|
|
||||||
NEED_LIBASSUAN_API=2
|
NEED_LIBASSUAN_API=2
|
||||||
NEED_LIBASSUAN_VERSION=2.5.0
|
NEED_LIBASSUAN_VERSION=2.5.0
|
||||||
|
@ -2461,15 +2461,27 @@ check_inet_support (int *r_v4, int *r_v6)
|
|||||||
log_debug ("%s: addr: %s\n", __func__, buffer);
|
log_debug ("%s: addr: %s\n", __func__, buffer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for (ai = aibuf; ai; ai = ai->ai_next)
|
||||||
|
{
|
||||||
|
if (ai->ai_family == AF_INET)
|
||||||
|
*r_v4 = 1;
|
||||||
|
}
|
||||||
|
for (ai = aibuf; ai; ai = ai->ai_next)
|
||||||
|
{
|
||||||
if (ai->ai_family == AF_INET6)
|
if (ai->ai_family == AF_INET6)
|
||||||
{
|
{
|
||||||
struct sockaddr_in6 *v6addr = (struct sockaddr_in6 *)ai->ai_addr;
|
struct sockaddr_in6 *v6addr = (struct sockaddr_in6 *)ai->ai_addr;
|
||||||
if (!IN6_IS_ADDR_LINKLOCAL (&v6addr->sin6_addr))
|
if (!IN6_IS_ADDR_LINKLOCAL (&v6addr->sin6_addr)
|
||||||
*r_v6 = 1;
|
&& (!*r_v4 || !IN6_IS_ADDR_LOOPBACK (&v6addr->sin6_addr)))
|
||||||
}
|
|
||||||
else if (ai->ai_family == AF_INET)
|
|
||||||
{
|
{
|
||||||
*r_v4 = 1;
|
/* We only assume v6 if we do not have a v4 address or
|
||||||
|
* if the address is not ::1. Linklocal never
|
||||||
|
* indicates v6 support. */
|
||||||
|
*r_v6 = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -232,6 +232,9 @@ select_random_host (hostinfo_t hi)
|
|||||||
size_t tblsize;
|
size_t tblsize;
|
||||||
int pidx, idx;
|
int pidx, idx;
|
||||||
|
|
||||||
|
/* CHECKTHIS(); See */
|
||||||
|
/* https://sources.debian.org/patches/gnupg2/2.2.20-1/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch/ */
|
||||||
|
|
||||||
/* We create a new table so that we randomly select only from
|
/* We create a new table so that we randomly select only from
|
||||||
currently alive hosts. */
|
currently alive hosts. */
|
||||||
for (idx = 0, tblsize = 0;
|
for (idx = 0, tblsize = 0;
|
||||||
|
10
g10/misc.c
10
g10/misc.c
@ -620,20 +620,14 @@ openpgp_aead_test_algo (aead_algo_t algo)
|
|||||||
/* FIXME: We currently have no easy way to test whether libgcrypt
|
/* FIXME: We currently have no easy way to test whether libgcrypt
|
||||||
* implements a mode. The only way we can do this is to open a
|
* implements a mode. The only way we can do this is to open a
|
||||||
* cipher context with that mode and close it immediately. That is
|
* cipher context with that mode and close it immediately. That is
|
||||||
* a bit costly. So we look at the libgcrypt version and assume
|
* a bit costly. Thus in case we add another algo we need to look
|
||||||
* nothing has been patched out. */
|
* at the libgcrypt version and assume nothing has been patched out. */
|
||||||
switch (algo)
|
switch (algo)
|
||||||
{
|
{
|
||||||
case AEAD_ALGO_NONE:
|
case AEAD_ALGO_NONE:
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case AEAD_ALGO_EAX:
|
case AEAD_ALGO_EAX:
|
||||||
#if GCRYPT_VERSION_NUMBER < 0x010900
|
|
||||||
break;
|
|
||||||
#else
|
|
||||||
return 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
case AEAD_ALGO_OCB:
|
case AEAD_ALGO_OCB:
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -103,11 +103,7 @@ gpgsm_print_serial_decimal (estream_t fp, ksba_const_sexp_t sn)
|
|||||||
unsigned long n, i;
|
unsigned long n, i;
|
||||||
char *endp;
|
char *endp;
|
||||||
gcry_mpi_t a, r, ten;
|
gcry_mpi_t a, r, ten;
|
||||||
#if GCRYPT_VERSION_NUMBER >= 0x010900 /* >= 1.9.0 */
|
|
||||||
unsigned int dd;
|
unsigned int dd;
|
||||||
#else
|
|
||||||
unsigned char numbuf[10];
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!p)
|
if (!p)
|
||||||
es_fputs (_("none"), fp);
|
es_fputs (_("none"), fp);
|
||||||
@ -134,15 +130,8 @@ gpgsm_print_serial_decimal (estream_t fp, ksba_const_sexp_t sn)
|
|||||||
do
|
do
|
||||||
{
|
{
|
||||||
gcry_mpi_div (a, r, a, ten, 0);
|
gcry_mpi_div (a, r, a, ten, 0);
|
||||||
#if GCRYPT_VERSION_NUMBER >= 0x010900 /* >= 1.9.0 */
|
|
||||||
gcry_mpi_get_ui (&dd, r);
|
gcry_mpi_get_ui (&dd, r);
|
||||||
put_membuf_printf (&mb, "%u", dd);
|
put_membuf_printf (&mb, "%u", dd);
|
||||||
#else
|
|
||||||
*numbuf = 0; /* Need to clear because USB format prints
|
|
||||||
* an empty string for a value of 0. */
|
|
||||||
gcry_mpi_print (GCRYMPI_FMT_USG, numbuf, 10, NULL, r);
|
|
||||||
put_membuf_printf (&mb, "%u", (unsigned int)*numbuf);
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
while (gcry_mpi_cmp_ui (a, 0));
|
while (gcry_mpi_cmp_ui (a, 0));
|
||||||
|
|
||||||
|
@ -1040,11 +1040,9 @@ show_version_libgcrypt (estream_t fp)
|
|||||||
s = get_revision_from_blurb (gcry_check_version ("\x01\x01"), &n);
|
s = get_revision_from_blurb (gcry_check_version ("\x01\x01"), &n);
|
||||||
es_fprintf (fp, "* Libgcrypt %s (%.*s)\n",
|
es_fprintf (fp, "* Libgcrypt %s (%.*s)\n",
|
||||||
gcry_check_version (NULL), n, s);
|
gcry_check_version (NULL), n, s);
|
||||||
#if GCRYPT_VERSION_NUMBER >= 0x010800
|
|
||||||
s = gcry_get_config (0, NULL);
|
s = gcry_get_config (0, NULL);
|
||||||
if (s)
|
if (s)
|
||||||
es_fputs (s, fp);
|
es_fputs (s, fp);
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user