build: Require latest released libraries

* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro. (do_encryption): Always support OCB. (do_decryption): Ditto. (agent_unprotect): Ditto. * dirmngr/server.c (is_tor_running): Unconditionally build this. -- Although not technically required, it is easier to require them to avoid bug reports due to too old library versions. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-03 12:11:33 +01:00 · 2016-07-14 10:40:15 +02:00 · 2016-07-14 10:40:15 +02:00 · c98995efef
commit c98995efef
parent 66b634f27f
4 changed files with 12 additions and 40 deletions
--- a/agent/protect.c
+++ b/agent/protect.c
@ -42,12 +42,6 @@
 #include "sexp-parse.h"


-#if GCRYPT_VERSION_NUMBER < 0x010700
-# define OCB_MODE_SUPPORTED 0
-#else
-# define OCB_MODE_SUPPORTED 1
-#endif
-
 /* To use the openpgp-s2k3-ocb-aes scheme by default set the value of
 * this macro to 1.  Note that the caller of agent_protect may
 * override this default.  */
@ -353,16 +347,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
  *resultlen = 0;
  *result = NULL;

-  if (use_ocb && !OCB_MODE_SUPPORTED)
-    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
-
  modestr = (use_ocb? "openpgp-s2k3-ocb-aes"
             /*   */: "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc");

  rc = gcry_cipher_open (&hd, PROT_CIPHER,
-#if OCB_MODE_SUPPORTED
                         use_ocb? GCRY_CIPHER_MODE_OCB :
-#endif
                         GCRY_CIPHER_MODE_CBC,
                         GCRY_CIPHER_SECURE);
  if (rc)
@ -500,7 +489,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
          p += blklen;
        }
      assert ( p - outbuf == outlen);
-#if OCB_MODE_SUPPORTED
      if (use_ocb)
        {
          gcry_cipher_final (hd);
@ -512,7 +500,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
            }
        }
      else
-#endif /*OCB_MODE_SUPPORTED*/
        {
          rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0);
        }
@ -755,9 +742,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
  unsigned char *outbuf;
  size_t reallen;

-  if (is_ocb && !OCB_MODE_SUPPORTED)
-    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
-
  blklen = gcry_cipher_get_algo_blklen (prot_cipher);
  if (is_ocb)
    {
@ -774,9 +758,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
    }

  rc = gcry_cipher_open (&hd, prot_cipher,
-#if OCB_MODE_SUPPORTED
                         is_ocb? GCRY_CIPHER_MODE_OCB :
-#endif
                         GCRY_CIPHER_MODE_CBC,
                         GCRY_CIPHER_SECURE);
  if (rc)
@ -813,7 +795,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
  /* Decrypt.  */
  if (!rc)
    {
-#if OCB_MODE_SUPPORTED
      if (is_ocb)
        {
          rc = gcry_cipher_authenticate (hd, aad_begin,
@ -833,7 +814,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
            rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16);
        }
      else
-#endif /*OCB_MODE_SUPPORTED*/
        {
          rc = gcry_cipher_decrypt (hd, outbuf, protectedlen,
                                    protected, protectedlen);
@ -1177,8 +1157,7 @@ agent_unprotect (ctrl_t ctrl,
        is_ocb = algotable[i].is_ocb;
        break;
      }
-  if (i == DIM (algotable)
-      || (is_ocb && !OCB_MODE_SUPPORTED))
+  if (i == DIM (algotable))
    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);

  if (!prot_cipher)  /* This is "openpgp-native".  */
--- a/common/util.h
+++ b/common/util.h
@ -36,11 +36,10 @@
 #include <gpg-error.h> /* We need gpg_error_t and estream. */

 /* These error codes are used but not defined in the required
-   libgpg-error version.  Define them here. */
-/* Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21) */
-#if GPG_ERROR_VERSION_NUMBER < 0x011600  /* 1.22 */
-# define GPG_ERR_DB_CORRUPTED  218
-#endif /* gpg_error < 1.22 */
+ * libgpg-error version.  Define them here.
+ * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21)
+ */
+

 /* Hash function used with libksba. */
 #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
--- a/configure.ac
+++ b/configure.ac
@ -49,23 +49,22 @@ m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
 m4_esyscmd([echo ]mym4_version[>VERSION])
 AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])

-# Note that for Windows we require version 1.22
-NEED_GPG_ERROR_VERSION=1.21
+NEED_GPG_ERROR_VERSION=1.24

 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.6.0
+NEED_LIBGCRYPT_VERSION=1.7.0

 NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.4.1
+NEED_LIBASSUAN_VERSION=2.4.3

 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.2.0
+NEED_KSBA_VERSION=1.3.4

 NEED_NTBTLS_API=1
 NEED_NTBTLS_VERSION=0.1.0

 NEED_NPTH_API=1
-NEED_NPTH_VERSION=0.91
+NEED_NPTH_VERSION=1.2


 NEED_GNUTLS_VERSION=3.0
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@ -274,14 +274,12 @@ strcpy_escaped_plus (char *d, const unsigned char *s)
 }


-/* This fucntion returns true if a Tor server is running.  The sattus
+/* This function returns true if a Tor server is running.  The sattus
   is cached for the current conenction.  */
 static int
 is_tor_running (ctrl_t ctrl)
 {
-#if ASSUAN_VERSION_NUMBER >= 0x020402
-  /* Check whether we can connect to the proxy.  We use a
-     special feature introduced with libassuan 2.4.2.  */
+  /* Check whether we can connect to the proxy.  */

  if (!ctrl || !ctrl->server_local)
    return 0; /* Ooops.  */
@ -300,9 +298,6 @@ is_tor_running (ctrl_t ctrl)
        }
    }
  return (ctrl->server_local->tor_state > 0);
-#else /* Libassuan < 2.4.2 */
-  return 0;  /* We don't know.  */
-#endif
 }