From c98995efefbdebea8f53d54ba2df4217dfd31ad4 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 14 Jul 2016 10:40:15 +0200 Subject: [PATCH] build: Require latest released libraries * agent/protect.c (OCB_MODE_SUPPORTED): Remove macro. (do_encryption): Always support OCB. (do_decryption): Ditto. (agent_unprotect): Ditto. * dirmngr/server.c (is_tor_running): Unconditionally build this. -- Although not technically required, it is easier to require them to avoid bug reports due to too old library versions. Signed-off-by: Werner Koch --- agent/protect.c | 23 +---------------------- common/util.h | 9 ++++----- configure.ac | 11 +++++------ dirmngr/server.c | 9 ++------- 4 files changed, 12 insertions(+), 40 deletions(-) diff --git a/agent/protect.c b/agent/protect.c index ee08e577c..68e408160 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -42,12 +42,6 @@ #include "sexp-parse.h" -#if GCRYPT_VERSION_NUMBER < 0x010700 -# define OCB_MODE_SUPPORTED 0 -#else -# define OCB_MODE_SUPPORTED 1 -#endif - /* To use the openpgp-s2k3-ocb-aes scheme by default set the value of * this macro to 1. Note that the caller of agent_protect may * override this default. */ @@ -353,16 +347,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen, *resultlen = 0; *result = NULL; - if (use_ocb && !OCB_MODE_SUPPORTED) - return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); - modestr = (use_ocb? "openpgp-s2k3-ocb-aes" /* */: "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"); rc = gcry_cipher_open (&hd, PROT_CIPHER, -#if OCB_MODE_SUPPORTED use_ocb? GCRY_CIPHER_MODE_OCB : -#endif GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); if (rc) @@ -500,7 +489,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen, p += blklen; } assert ( p - outbuf == outlen); -#if OCB_MODE_SUPPORTED if (use_ocb) { gcry_cipher_final (hd); @@ -512,7 +500,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen, } } else -#endif /*OCB_MODE_SUPPORTED*/ { rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0); } @@ -755,9 +742,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, unsigned char *outbuf; size_t reallen; - if (is_ocb && !OCB_MODE_SUPPORTED) - return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); - blklen = gcry_cipher_get_algo_blklen (prot_cipher); if (is_ocb) { @@ -774,9 +758,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, } rc = gcry_cipher_open (&hd, prot_cipher, -#if OCB_MODE_SUPPORTED is_ocb? GCRY_CIPHER_MODE_OCB : -#endif GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); if (rc) @@ -813,7 +795,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, /* Decrypt. */ if (!rc) { -#if OCB_MODE_SUPPORTED if (is_ocb) { rc = gcry_cipher_authenticate (hd, aad_begin, @@ -833,7 +814,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16); } else -#endif /*OCB_MODE_SUPPORTED*/ { rc = gcry_cipher_decrypt (hd, outbuf, protectedlen, protected, protectedlen); @@ -1177,8 +1157,7 @@ agent_unprotect (ctrl_t ctrl, is_ocb = algotable[i].is_ocb; break; } - if (i == DIM (algotable) - || (is_ocb && !OCB_MODE_SUPPORTED)) + if (i == DIM (algotable)) return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); if (!prot_cipher) /* This is "openpgp-native". */ diff --git a/common/util.h b/common/util.h index c84847ad7..eb7a3fd31 100644 --- a/common/util.h +++ b/common/util.h @@ -36,11 +36,10 @@ #include /* We need gpg_error_t and estream. */ /* These error codes are used but not defined in the required - libgpg-error version. Define them here. */ -/* Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21) */ -#if GPG_ERROR_VERSION_NUMBER < 0x011600 /* 1.22 */ -# define GPG_ERR_DB_CORRUPTED 218 -#endif /* gpg_error < 1.22 */ + * libgpg-error version. Define them here. + * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21) + */ + /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) diff --git a/configure.ac b/configure.ac index 7f2ca332f..9bc32ee8a 100644 --- a/configure.ac +++ b/configure.ac @@ -49,23 +49,22 @@ m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist)) m4_esyscmd([echo ]mym4_version[>VERSION]) AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org]) -# Note that for Windows we require version 1.22 -NEED_GPG_ERROR_VERSION=1.21 +NEED_GPG_ERROR_VERSION=1.24 NEED_LIBGCRYPT_API=1 -NEED_LIBGCRYPT_VERSION=1.6.0 +NEED_LIBGCRYPT_VERSION=1.7.0 NEED_LIBASSUAN_API=2 -NEED_LIBASSUAN_VERSION=2.4.1 +NEED_LIBASSUAN_VERSION=2.4.3 NEED_KSBA_API=1 -NEED_KSBA_VERSION=1.2.0 +NEED_KSBA_VERSION=1.3.4 NEED_NTBTLS_API=1 NEED_NTBTLS_VERSION=0.1.0 NEED_NPTH_API=1 -NEED_NPTH_VERSION=0.91 +NEED_NPTH_VERSION=1.2 NEED_GNUTLS_VERSION=3.0 diff --git a/dirmngr/server.c b/dirmngr/server.c index d3e57c037..db6f5a8ff 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -274,14 +274,12 @@ strcpy_escaped_plus (char *d, const unsigned char *s) } -/* This fucntion returns true if a Tor server is running. The sattus +/* This function returns true if a Tor server is running. The sattus is cached for the current conenction. */ static int is_tor_running (ctrl_t ctrl) { -#if ASSUAN_VERSION_NUMBER >= 0x020402 - /* Check whether we can connect to the proxy. We use a - special feature introduced with libassuan 2.4.2. */ + /* Check whether we can connect to the proxy. */ if (!ctrl || !ctrl->server_local) return 0; /* Ooops. */ @@ -300,9 +298,6 @@ is_tor_running (ctrl_t ctrl) } } return (ctrl->server_local->tor_state > 0); -#else /* Libassuan < 2.4.2 */ - return 0; /* We don't know. */ -#endif }