build: Require latest released libraries

* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro. (do_encryption): Always support OCB. (do_decryption): Ditto. (agent_unprotect): Ditto. * dirmngr/server.c (is_tor_running): Unconditionally build this. -- Although not technically required, it is easier to require them to avoid bug reports due to too old library versions. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-04-13 22:21:09 +02:00 · 2016-07-14 10:40:15 +02:00 · 2016-07-14 10:40:15 +02:00 · c98995efef
commit c98995efef
parent 66b634f27f
4 changed files with 12 additions and 40 deletions
--- a/agent/protect.c
+++ b/agent/protect.c
@ -42,12 +42,6 @@
 #include "sexp-parse.h"
 #if GCRYPT_VERSION_NUMBER < 0x010700
 # define OCB_MODE_SUPPORTED 0
 #else
 # define OCB_MODE_SUPPORTED 1
 #endif
 /* To use the openpgp-s2k3-ocb-aes scheme by default set the value of
 * this macro to 1.  Note that the caller of agent_protect may
 * override this default.  */
@ -353,16 +347,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
  *resultlen = 0;
  *result = NULL;
  if (use_ocb && !OCB_MODE_SUPPORTED)
    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
  modestr = (use_ocb? "openpgp-s2k3-ocb-aes"
             /*   */: "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc");
  rc = gcry_cipher_open (&hd, PROT_CIPHER,
 #if OCB_MODE_SUPPORTED
                         use_ocb? GCRY_CIPHER_MODE_OCB :
 #endif
                         GCRY_CIPHER_MODE_CBC,
                         GCRY_CIPHER_SECURE);
  if (rc)
@ -500,7 +489,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
          p += blklen;
        }
      assert ( p - outbuf == outlen);
 #if OCB_MODE_SUPPORTED
      if (use_ocb)
        {
          gcry_cipher_final (hd);
@ -512,7 +500,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
            }
        }
      else
 #endif /*OCB_MODE_SUPPORTED*/
        {
          rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0);
        }
@ -755,9 +742,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
  unsigned char *outbuf;
  size_t reallen;
  if (is_ocb && !OCB_MODE_SUPPORTED)
    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
  blklen = gcry_cipher_get_algo_blklen (prot_cipher);
  if (is_ocb)
    {
@ -774,9 +758,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
    }
  rc = gcry_cipher_open (&hd, prot_cipher,
 #if OCB_MODE_SUPPORTED
                         is_ocb? GCRY_CIPHER_MODE_OCB :
 #endif
                         GCRY_CIPHER_MODE_CBC,
                         GCRY_CIPHER_SECURE);
  if (rc)
@ -813,7 +795,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
  /* Decrypt.  */
  if (!rc)
    {
 #if OCB_MODE_SUPPORTED
      if (is_ocb)
        {
          rc = gcry_cipher_authenticate (hd, aad_begin,
@ -833,7 +814,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
            rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16);
        }
      else
 #endif /*OCB_MODE_SUPPORTED*/
        {
          rc = gcry_cipher_decrypt (hd, outbuf, protectedlen,
                                    protected, protectedlen);
@ -1177,8 +1157,7 @@ agent_unprotect (ctrl_t ctrl,
        is_ocb = algotable[i].is_ocb;
        break;
      }
-  if (i == DIM (algotable)
+  if (i == DIM (algotable))
      || (is_ocb && !OCB_MODE_SUPPORTED))
    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
  if (!prot_cipher)  /* This is "openpgp-native".  */
--- a/common/util.h
+++ b/common/util.h
@ -36,11 +36,10 @@
 #include <gpg-error.h> /* We need gpg_error_t and estream. */
 /* These error codes are used but not defined in the required
-   libgpg-error version.  Define them here. */
+ * libgpg-error version.  Define them here.
-/* Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21) */
+ * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21)
-#if GPG_ERROR_VERSION_NUMBER < 0x011600  /* 1.22 */
+ */
-# define GPG_ERR_DB_CORRUPTED  218
+
 #endif /* gpg_error < 1.22 */
 /* Hash function used with libksba. */
 #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
--- a/configure.ac
+++ b/configure.ac
@ -49,23 +49,22 @@ m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
 m4_esyscmd([echo ]mym4_version[>VERSION])
 AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
-# Note that for Windows we require version 1.22
+NEED_GPG_ERROR_VERSION=1.24
 NEED_GPG_ERROR_VERSION=1.21
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.6.0
+NEED_LIBGCRYPT_VERSION=1.7.0
 NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.4.1
+NEED_LIBASSUAN_VERSION=2.4.3
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.2.0
+NEED_KSBA_VERSION=1.3.4
 NEED_NTBTLS_API=1
 NEED_NTBTLS_VERSION=0.1.0
 NEED_NPTH_API=1
-NEED_NPTH_VERSION=0.91
+NEED_NPTH_VERSION=1.2
 NEED_GNUTLS_VERSION=3.0
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@ -274,14 +274,12 @@ strcpy_escaped_plus (char *d, const unsigned char *s)
 }
-/* This fucntion returns true if a Tor server is running.  The sattus
+/* This function returns true if a Tor server is running.  The sattus
   is cached for the current conenction.  */
 static int
 is_tor_running (ctrl_t ctrl)
 {
-#if ASSUAN_VERSION_NUMBER >= 0x020402
+  /* Check whether we can connect to the proxy.  */
  /* Check whether we can connect to the proxy.  We use a
     special feature introduced with libassuan 2.4.2.  */
  if (!ctrl || !ctrl->server_local)
    return 0; /* Ooops.  */
@ -300,9 +298,6 @@ is_tor_running (ctrl_t ctrl)
        }
    }
  return (ctrl->server_local->tor_state > 0);
 #else /* Libassuan < 2.4.2 */
  return 0;  /* We don't know.  */
 #endif
 }