Require libgcrypt 1.5

Without Libgcrypt 1.5 is was not possible to use ECC keys.  ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.

Also fixed a few missing prototypes.

11 files changed, 33 insertions, 74 deletions

diff --git a/ChangeLog b/ChangeLog
index 4acd1213e..a48eedcf0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-03-08  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Require libgcrypt 1.5.0.
+	(HAVE_GCRY_PK_ECDH, HAVE_GCRY_PK_GET_CURVE): Remove.
+	(utmp.h): Check for header.
+
 2011-02-25  Werner Koch  <wk@g10code.com>
 
 	* configure.ac: Require libksba 1.2.
diff --git a/README b/README
index 7d61211ca..03da25ef5 100644
--- a/README
+++ b/README
@@ -30,7 +30,7 @@ OpenPGP-only version.
 BUILD INSTRUCTIONS
 ==================
 
-GnuPG 2.0 depends on the following packages:
+GnuPG 2.1 depends on the following packages:
 
   libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
   libgcrypt    (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
@@ -76,8 +76,8 @@ You may run
 to view the default directories used by GnuPG.
 
 
-MIGRATION FROM 1.4 or 2.0
-=========================
+MIGRATION FROM 1.4 or 2.0 to 2.1
+================================
 
 The major change in 2.1 is that gpg-agent now takes care of the
 OpenPGP secret keys (those managed by GPG).  The former secring.gpg
@@ -100,9 +100,10 @@ will start the gpg-agent as needed.  In general there is no more need
 to set the GPG_AGENT_INFO environment variable.  The SSH_AUTH_SOCK
 environment variable should be set to a fixed value.
 
-GPG's smartcard commands --card-edit and --card-status as well as the
-card related sub-commands of --edit-key are not yet supported.
-However, signing and decryption with a smartcard does work.
+GPG's smartcard commands --card-edit and --card-status as well as some
+of the card related sub-commands of --edit-key are not yet fully
+supported.  However, signing and decryption with a smartcard does
+work.
 
 The Dirmngr is now part of GnuPG proper.  Thus there is no more need
 to install the separate dirmngr package.  The directroy layout of
diff --git a/agent/ChangeLog b/agent/ChangeLog
index f4be533f7..b636c50e3 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,7 @@
+2011-03-08  Werner Koch  <wk@g10code.com>
+
+	* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: Remove.
+
 2011-03-03  Ben Kibbey  <bjk@luxsci.net>
 
 	* command.c (cmd_preset_passphrase): Add option --inquire.
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 690459330..1595a324b 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -28,13 +28,6 @@
 #include "i18n.h"
 #include "cvt-openpgp.h"
 
-/* Macros for compatibility with older libgcrypt versions. */
-#ifndef HAVE_GCRY_PK_ECDSA
-# define GCRY_PK_ECDH  302
-#endif
-
-
-
 
 /* Helper to pass data via the callback to do_unprotect. */
 struct try_do_unprotect_arg_s
diff --git a/configure.ac b/configure.ac
index e372d33ad..f265dc393 100644
--- a/configure.ac
+++ b/configure.ac
@@ -43,7 +43,7 @@ development_version=no
 NEED_GPG_ERROR_VERSION=1.8
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.4.6
+NEED_LIBGCRYPT_VERSION=1.5.0
 
 NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.0.0
@@ -742,40 +742,6 @@ AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
 AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION",
         have_libgcrypt=yes,have_libgcrypt=no)
 
-# fixme:  We can remove the next two checks if we require libgcrypt 1.5.
-AC_CACHE_CHECK([whether Libgcrypt support ECDH], gnupg_cv_gcry_pk_ecdh,
-               [ _gnupg_gcry_save_cflags=$CFLAGS
-                 CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS"
-                 AC_TRY_COMPILE(
-                   [#include <gcrypt.h>],
-                   [ return GCRY_PK_ECDH; ],
-                   gnupg_cv_gcry_pk_ecdh=yes,
-                   gnupg_cv_gcry_pk_ecdh=no)
-                 CFLAGS=$_gnupg_gcry_save_cflags])
-if test "$gnupg_cv_gcry_pk_ecdh" = yes; then
-  AC_DEFINE([HAVE_GCRY_PK_ECDH], 1,
-            [Define if gcrypt.h has the enum value for ECDH.])
-fi
-
-AC_CACHE_CHECK([whether Libgcrypt has gcry_pk_get_curve],
-                gnupg_cv_gcry_pk_get_curve,
-               [ _gnupg_gcry_save_cflags=$CFLAGS
-                 _gnupg_gcry_save_libs=$LIBS
-                 CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS"
-                 LIBS="$LIBS $LIBGCRYPT_LIBS"
-                 AC_TRY_LINK(
-                   [#include <gcrypt.h>],
-                   [ return gcry_pk_get_curve (NULL, 0, NULL); ],
-                   gnupg_cv_gcry_pk_get_curve=yes,
-                   gnupg_cv_gcry_pk_get_curve=no)
-                 LIBS=$_gnupg_gcry_save_libs
-                 CFLAGS=$_gnupg_gcry_save_cflags])
-if test "$gnupg_cv_gcry_pk_get_curve" = yes; then
-  AC_DEFINE([HAVE_GCRY_PK_GET_CURVE], 1,
-            [Define if gcrypt.h has gcry_pk_get_curve.])
-fi
-
-
 #
 # libassuan is used for IPC
 #
@@ -1172,7 +1138,7 @@ fi
 AC_MSG_NOTICE([checking for header files])
 AC_HEADER_STDC
 AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \
-                  pty.h pwd.h inttypes.h signal.h])
+                  pty.h utmp.h pwd.h inttypes.h signal.h])
 AC_HEADER_TIME
 
 
@@ -1636,7 +1602,7 @@ if test "$have_libgcrypt" = "no"; then
 ***
 *** You need libgcrypt to build this program.
 **  This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+***   ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/
 *** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
 ***]])
 fi
diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h
index 43636eab4..933303dbf 100644
--- a/g10/call-dirmngr.h
+++ b/g10/call-dirmngr.h
@@ -25,6 +25,8 @@ gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
                                    gpg_error_t (*cb)(void*, char *),
                                    void *cb_value);
 gpg_error_t gpg_dirmngr_ks_get (ctrl_t ctrl, char *pattern[], estream_t *r_fp);
+gpg_error_t gpg_dirmngr_ks_fetch (ctrl_t ctrl,
+                                  const char *url, estream_t *r_fp);
 gpg_error_t gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen,
                                 kbnode_t keyblock);
 
diff --git a/g10/export.c b/g10/export.c
index 47185e301..191f68b8b 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -581,11 +581,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
                              skey[0], skey[1], skey[2], skey[3], skey[4]);
       if (err)
         goto leave;
-#ifdef HAVE_GCRY_PK_GET_CURVE
       curvename = gcry_pk_get_curve (s_pubkey, 0, NULL);
-#else
-      curvename = "?";
-#endif
       gcry_sexp_release (s_pubkey);
       curveoidstr = gpg_curve_to_oid (curvename, NULL);
       if (!curveoidstr)
@@ -649,17 +645,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   if (err)
     goto leave;
 
-  /* Check that the public key parameters match.  Since Libgcrypt 1.5
-     and the gcry_pk_get_curve function, gcry_mpi_cmp handles opaque
-     MPI correctly and thus we don't need to to do the extra
-     opaqueness checks.  */
+  /* Check that the public key parameters match.  Note that since
+     Libgcrypt 1.5 gcry_mpi_cmp handles opaque MPI correctly.  */
   for (idx=0; idx < npkey; idx++)
-    if (0
-#ifndef HAVE_GCRY_PK_GET_CURVE
-        || gcry_mpi_get_flag (pk->pkey[idx], GCRYMPI_FLAG_OPAQUE)
-        || gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE)
-#endif
-        || gcry_mpi_cmp (pk->pkey[idx], skey[idx]))
+    if (gcry_mpi_cmp (pk->pkey[idx], skey[idx]))
       {
         err = gpg_error (GPG_ERR_BAD_PUBKEY);
         goto leave;
diff --git a/g10/import.c b/g10/import.c
index 99398c762..39968ff6f 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1253,11 +1253,8 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
             err = gpg_error_from_syserror ();
           else
             {
-#ifdef HAVE_GCRY_PK_GET_CURVE /* Also ensures availability of get_param.  */
               gcry_sexp_t cparam = gcry_pk_get_param (GCRY_PK_ECDSA, curve);
-#else
-              gcry_sexp_t cparam = NULL;
-#endif
+
               xfree (curve);
               if (!cparam)
                 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
diff --git a/include/cipher.h b/include/cipher.h
index db2196e74..191e197bc 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -22,12 +22,6 @@
 
 #include <gcrypt.h>
 
-/* Macros for compatibility with older libgcrypt versions. */
-#ifndef HAVE_GCRY_PK_ECDH
-# define GCRY_PK_ECDH  302
-#endif
-
-
 /* Constants for OpenPGP. */
 
 #define CIPHER_ALGO_NONE	 /*  0 */  GCRY_CIPHER_NONE
diff --git a/tools/ChangeLog b/tools/ChangeLog
index ae591dbfd..38888022c 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,3 +1,7 @@
+2011-03-08  Werner Koch  <wk@g10code.com>
+
+	* symcryptrun.c [HAVE_UTMP_H]: Include utmp.h.
+
 2011-02-23  Werner Koch  <wk@g10code.com>
 
 	* gpgconf.c: Add command --kill.
diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
index 1d882a1d5..c75f637e6 100644
--- a/tools/symcryptrun.c
+++ b/tools/symcryptrun.c
@@ -74,6 +74,9 @@
 #ifdef HAVE_PTY_H
 #include <pty.h>
 #endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
 #include <ctype.h>
 #ifdef HAVE_LOCALE_H
 #include <locale.h>