From 99ab3aed15c8a84347e39fbe49bd5748aeefe31a Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 9 Nov 2020 12:03:19 +0100
Subject: [PATCH] Require Libgcrypt 1.8

* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
* tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
for Libgcrypt < 1.8.
* common/compliance.c (gnupg_rng_is_compliant): Ditto.
* agent/pksign.c: Ditto.
* agent/gpg-agent.c (thread_init_once): Ditto.
(agent_libgcrypt_progress_cb): Ditto.
* agent/command.c (cmd_getinfo): Ditto.
--

Libgcrypt 1.7 reached end-of-life more than a year ago.  Thus there is
no reason to keep backward support for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 agent/command.c     |  4 ----
 agent/gpg-agent.c   | 19 -------------------
 agent/pksign.c      |  6 ------
 common/compliance.c |  4 ----
 configure.ac        |  2 +-
 tools/gpgconf.c     |  2 --
 6 files changed, 1 insertion(+), 36 deletions(-)

diff --git a/agent/command.c b/agent/command.c
index 2cac9cc43..8642498d6 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -3172,7 +3172,6 @@ cmd_getinfo (assuan_context_t ctx, char *line)
     }
   else if (!strcmp (line, "jent_active"))
     {
-#if GCRYPT_VERSION_NUMBER >= 0x010800
       char *buf;
       char *fields[5];
 
@@ -3184,9 +3183,6 @@ cmd_getinfo (assuan_context_t ctx, char *line)
       else
         rc = gpg_error (GPG_ERR_FALSE);
       gcry_free (buf);
-#else
-      rc = gpg_error (GPG_ERR_FALSE);
-#endif
     }
   else if (!strcmp (line, "s2k_count_cal"))
     {
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index bb9ddb3cb..22f8b9439 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -984,9 +984,7 @@ thread_init_once (void)
    * has already been initialized but at that point nPth was not
    * initialized and thus Libgcrypt could not set its system call
    * clamp.  */
-#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
   gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
-#endif
 }
 
 
@@ -1864,23 +1862,6 @@ agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
       break;
   if (dispatch && dispatch->cb)
     dispatch->cb (dispatch->ctrl, what, printchar, current, total);
-
-  /* Libgcrypt < 1.8 does not know about nPth and thus when it reads
-   * from /dev/random this will block the process.  To mitigate this
-   * problem we yield the thread when Libgcrypt tells us that it needs
-   * more entropy.  This way other threads have chance to run.  */
-#if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
-  if (what && !strcmp (what, "need_entropy"))
-    {
-#if GPGRT_VERSION_NUMBER < 0x011900 /* 1.25 */
-      /* In older gpg-error versions gpgrt_yield is buggy for use with
-       * nPth and thus we need to resort to a sleep call.  */
-      npth_usleep (1000); /* 1ms */
-#else
-      gpgrt_yield ();
-#endif
-    }
-#endif
 }
 
 
diff --git a/agent/pksign.c b/agent/pksign.c
index f54af0817..ed2f133a0 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -473,12 +473,6 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
       if (err)
         goto leave;
 
-      if (dsaalgo == 0 && GCRYPT_VERSION_NUMBER < 0x010700)
-        {
-          /* It's RSA and Libgcrypt < 1.7 */
-          check_signature = 1;
-        }
-
       if (DBG_CRYPTO)
         {
           gcry_log_debugsxp ("skey", s_skey);
diff --git a/common/compliance.c b/common/compliance.c
index e533dd4ba..e77b1afff 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -499,7 +499,6 @@ gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance)
       /* In DE_VS mode under Windows we require that the JENT RNG
        * is active.  */
 #ifdef HAVE_W32_SYSTEM
-# if GCRYPT_VERSION_NUMBER >= 0x010800
       char *buf;
       char *fields[5];
 
@@ -511,9 +510,6 @@ gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance)
       else
         result = 0;
       gcry_free (buf);
-# else
-      result = 0;  /* No JENT - can't be compliant.  */
-# endif
 #else /*!HAVE_W32_SYSTEM*/
       result = 1;  /* Not Windows - RNG is good.  */
 #endif /*!HAVE_W32_SYSTEM*/
diff --git a/configure.ac b/configure.ac
index 4d371947f..95d57e371 100644
--- a/configure.ac
+++ b/configure.ac
@@ -57,7 +57,7 @@ AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg22", [swdb tag for this branch])
 NEED_GPG_ERROR_VERSION=1.25
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.7.0
+NEED_LIBGCRYPT_VERSION=1.8.0
 
 NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.5.0
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index 5ce0a64a0..7633c5e54 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -1003,11 +1003,9 @@ show_version_libgcrypt (estream_t fp)
   s = get_revision_from_blurb (gcry_check_version ("\x01\x01"), &n);
   es_fprintf (fp, "* Libgcrypt %s (%.*s)\n",
               gcry_check_version (NULL), n, s);
-#if GCRYPT_VERSION_NUMBER >= 0x010800
   s = gcry_get_config (0, NULL);
   if (s)
     es_fputs (s, fp);
-#endif
 }