build: Require latest released libraries

* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--

Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.

Signed-off-by: Werner Koch <[email protected]>

4 files changed, 12 insertions, 40 deletions

diff --git a/agent/protect.c b/agent/protect.c
index ee08e577c..68e408160 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -42,12 +42,6 @@
 #include "sexp-parse.h"
 
 
-#if GCRYPT_VERSION_NUMBER < 0x010700
-# define OCB_MODE_SUPPORTED 0
-#else
-# define OCB_MODE_SUPPORTED 1
-#endif
-
 /* To use the openpgp-s2k3-ocb-aes scheme by default set the value of
  * this macro to 1.  Note that the caller of agent_protect may
  * override this default.  */
@@ -353,16 +347,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
   *resultlen = 0;
   *result = NULL;
 
-  if (use_ocb && !OCB_MODE_SUPPORTED)
-    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
-
   modestr = (use_ocb? "openpgp-s2k3-ocb-aes"
              /*   */: "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc");
 
   rc = gcry_cipher_open (&hd, PROT_CIPHER,
-#if OCB_MODE_SUPPORTED
                          use_ocb? GCRY_CIPHER_MODE_OCB :
-#endif
                          GCRY_CIPHER_MODE_CBC,
                          GCRY_CIPHER_SECURE);
   if (rc)
@@ -500,7 +489,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
           p += blklen;
         }
       assert ( p - outbuf == outlen);
-#if OCB_MODE_SUPPORTED
       if (use_ocb)
         {
           gcry_cipher_final (hd);
@@ -512,7 +500,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
             }
         }
       else
-#endif /*OCB_MODE_SUPPORTED*/
         {
           rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0);
         }
@@ -755,9 +742,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
   unsigned char *outbuf;
   size_t reallen;
 
-  if (is_ocb && !OCB_MODE_SUPPORTED)
-    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
-
   blklen = gcry_cipher_get_algo_blklen (prot_cipher);
   if (is_ocb)
     {
@@ -774,9 +758,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
     }
 
   rc = gcry_cipher_open (&hd, prot_cipher,
-#if OCB_MODE_SUPPORTED
                          is_ocb? GCRY_CIPHER_MODE_OCB :
-#endif
                          GCRY_CIPHER_MODE_CBC,
                          GCRY_CIPHER_SECURE);
   if (rc)
@@ -813,7 +795,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
   /* Decrypt.  */
   if (!rc)
     {
-#if OCB_MODE_SUPPORTED
       if (is_ocb)
         {
           rc = gcry_cipher_authenticate (hd, aad_begin,
@@ -833,7 +814,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
             rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16);
         }
       else
-#endif /*OCB_MODE_SUPPORTED*/
         {
           rc = gcry_cipher_decrypt (hd, outbuf, protectedlen,
                                     protected, protectedlen);
@@ -1177,8 +1157,7 @@ agent_unprotect (ctrl_t ctrl,
         is_ocb = algotable[i].is_ocb;
         break;
       }
-  if (i == DIM (algotable)
-      || (is_ocb && !OCB_MODE_SUPPORTED))
+  if (i == DIM (algotable))
     return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
 
   if (!prot_cipher)  /* This is "openpgp-native".  */
diff --git a/common/util.h b/common/util.h
index c84847ad7..eb7a3fd31 100644
--- a/common/util.h
+++ b/common/util.h
@@ -36,11 +36,10 @@
 #include <gpg-error.h> /* We need gpg_error_t and estream. */
 
 /* These error codes are used but not defined in the required
-   libgpg-error version.  Define them here. */
-/* Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21) */
-#if GPG_ERROR_VERSION_NUMBER < 0x011600  /* 1.22 */
-# define GPG_ERR_DB_CORRUPTED  218
-#endif /* gpg_error < 1.22 */
+ * libgpg-error version.  Define them here.
+ * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21)
+ */
+
 
 /* Hash function used with libksba. */
 #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
diff --git a/configure.ac b/configure.ac
index 7f2ca332f..9bc32ee8a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -49,23 +49,22 @@ m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
 m4_esyscmd([echo ]mym4_version[>VERSION])
 AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
 
-# Note that for Windows we require version 1.22
-NEED_GPG_ERROR_VERSION=1.21
+NEED_GPG_ERROR_VERSION=1.24
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.6.0
+NEED_LIBGCRYPT_VERSION=1.7.0
 
 NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.4.1
+NEED_LIBASSUAN_VERSION=2.4.3
 
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.2.0
+NEED_KSBA_VERSION=1.3.4
 
 NEED_NTBTLS_API=1
 NEED_NTBTLS_VERSION=0.1.0
 
 NEED_NPTH_API=1
-NEED_NPTH_VERSION=0.91
+NEED_NPTH_VERSION=1.2
 
 
 NEED_GNUTLS_VERSION=3.0
diff --git a/dirmngr/server.c b/dirmngr/server.c
index d3e57c037..db6f5a8ff 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -274,14 +274,12 @@ strcpy_escaped_plus (char *d, const unsigned char *s)
 }
 
 
-/* This fucntion returns true if a Tor server is running.  The sattus
+/* This function returns true if a Tor server is running.  The sattus
    is cached for the current conenction.  */
 static int
 is_tor_running (ctrl_t ctrl)
 {
-#if ASSUAN_VERSION_NUMBER >= 0x020402
-  /* Check whether we can connect to the proxy.  We use a
-     special feature introduced with libassuan 2.4.2.  */
+  /* Check whether we can connect to the proxy.  */
 
   if (!ctrl || !ctrl->server_local)
     return 0; /* Ooops.  */
@@ -300,9 +298,6 @@ is_tor_running (ctrl_t ctrl)
         }
     }
   return (ctrl->server_local->tor_state > 0);
-#else /* Libassuan < 2.4.2 */
-  return 0;  /* We don't know.  */
-#endif
 }