release 0.2.3

1998-02-09 17:43:42 +00:00 · 1998-02-09 17:43:42 +00:00 · d6fa02add6
parent b18d1107ec
commit d6fa02add6
41 changed files with 464 additions and 110 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-SUBDIRS =  util mpi cipher tools g10
+SUBDIRS =  intl po util mpi cipher tools g10
 EXTRA_DIST = VERSION


--- a/Makefile.in
+++ b/Makefile.in
@ -86,7 +86,7 @@ POSUB = @POSUB@
 RANLIB = @RANLIB@
 VERSION = @VERSION@

-SUBDIRS =  util mpi cipher tools g10
+SUBDIRS =  intl po util mpi cipher tools g10
 EXTRA_DIST = VERSION
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
@ -214,7 +214,7 @@ distcheck: dist
 	mkdir $(distdir)/=inst
 	dc_install_base=`cd $(distdir)/=inst && pwd`; \
 	cd $(distdir)/=build \
-	  && ../configure --srcdir=.. --prefix=$$dc_install_base \
+	  && ../configure --with-included-gettext --srcdir=.. --prefix=$$dc_install_base \
 	  && $(MAKE) \
 	  && $(MAKE) dvi \
 	  && $(MAKE) check \
--- a/8
+++ b/8
@ -1,4 +1,12 @@

+    * Found a bug in the calculation of ELG fingerprints. This is now
+      fixed, but all existing fingerprints and keyids for ELG keys
+      are not any more valid.
+
+    * armor should now work; including clear signed text.
+
+    * moved some options to the new program g10maint
+
    * It's now 64 bit clean and runs fine on an alpha--linux.

    * Key generation is much faster now.  I fixed this by using not
--- a/3
+++ b/3
@ -10,9 +10,6 @@

    * Some features are not yet implemented

-    PLEASE USE "--no-armor" BECAUSE THERE IS STILL A BUG IN IT!
-    (put it into the option file)
-

    Please subscribe to g10@net.lut.ac.uk by sending a mail with
    the word "subscribe" in the body to "g10-request@net.lut.ac.uk".
--- a/2
+++ b/2
@ -1 +1 @@
-0.2.1w
+0.2.3
--- a/acconfig.h
+++ b/acconfig.h
@ -44,6 +44,11 @@
 /* Define as 1 if you have gettext and don't want to use GNU gettext.  */
 #undef HAVE_GETTEXT

+/* libintl.h is available; this is obsolete because if we don't have
+ * this header we use a symlink to the one in intl/ */
+#undef HAVE_LIBINTL_H
+
+
 #undef HAVE_STPCPY


--- a/acinclude.m4
+++ b/acinclude.m4
@ -61,7 +61,7 @@ AC_DEFUN(ud_WITH_NLS,
 	CATOBJEXT=NONE

 	dnl Debian 1.3.1 does not have libintl.h but libintl.a
-	AC_CHECK_HEADERS(libintl.h)
+	AC_CHECK_HEADER(libintl.h, [ AC_DEFINE(HAVE_LIBINTL_H) ])
 	if    test "$ac_cv_lib_intl_main" = yes \
 	   && test "$ac_cv_header_libintl_h" != "yes" ; then
 	    nls_cv_use_gnu_gettext=yes
@ -98,7 +98,7 @@ AC_DEFUN(ud_WITH_NLS,
 		   INTLDEPS="\${top_srcdir}/intl/libintl.a"
 		   INTLLIBS=$INTLDEPS
 		   LIBS=`echo $LIBS | sed -e 's/-lintl//'`
-		   nls_cv_header_intl=intl/libintl.h
+		   nls_cv_header_intl=libintl.h
 		   nls_cv_header_libgt=intl/libgettext.h
 		 fi])
 	    fi
@ -124,7 +124,7 @@ AC_DEFUN(ud_WITH_NLS,
 	INTLDEPS="\${top_srcdir}/intl/libintl.a"
 	INTLLIBS=$INTLDEPS
 	LIBS=`echo $LIBS | sed -e 's/-lintl//'`
-	nls_cv_header_intl=intl/libintl.h
+	nls_cv_header_intl=libintl.h
 	nls_cv_header_libgt=intl/libgettext.h
      fi

@ -133,7 +133,7 @@ AC_DEFUN(ud_WITH_NLS,
      POSUB=po
    else
      DATADIRNAME=share
-      nls_cv_header_intl=intl/libintl.h
+      nls_cv_header_intl=libintl.h
      nls_cv_header_libgt=intl/libgettext.h
    fi

@ -271,8 +271,8 @@ AC_DEFUN(WK_CHECK_TYPEDEF,


 dnl WK_LINK_FILES( SRC, DEST )
-dnl same as AC_LINK_FILES, but collet the files to link in
-dnl some special variables and do the link macro
+dnl same as AC_LINK_FILES, but collect the files to link in
+dnl some special variables and do the link
 dnl when WK_DO_LINK_FILES is called
 dnl This is a workaround for AC_LINK_FILES, because it does not work
 dnl correct when using a caching scheme
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@ -113,9 +113,11 @@ gen_k( MPI p )
 /****************
 * Generate a key pair with a key of size NBITS
 * Returns: 2 structures filles with all needed values
+ *	    and an array with n-1 factors of (p-1)
 */
 void
-elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits )
+elg_generate( ELG_public_key *pk, ELG_secret_key *sk,
+	      unsigned nbits, MPI **ret_factors )
 {
    MPI p;    /* the prime */
    MPI p_min1;
@ -136,7 +138,7 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits )
    else
 	qbits = 240;
    g = mpi_alloc(1);
-    p = generate_elg_prime( nbits, qbits, g );
+    p = generate_elg_prime( nbits, qbits, g, ret_factors );
    mpi_sub_ui(p_min1, p, 1);


--- a/cipher/elgamal.h
+++ b/cipher/elgamal.h
@ -39,7 +39,8 @@ typedef struct {

 void elg_free_public_key( ELG_public_key *pk );
 void elg_free_secret_key( ELG_secret_key *sk );
-void elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits );
+void elg_generate( ELG_public_key *pk, ELG_secret_key *sk,
+				unsigned nbits, MPI **factors );
 int  elg_check_secret_key( ELG_secret_key *sk );
 void elg_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey );
 void elg_decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey );
--- a/cipher/md.c
+++ b/cipher/md.c
@ -28,6 +28,8 @@
 #include "errors.h"


+static FILE *dumpfp;
+
 /****************
 * Open a message digest handle for use with algorithm ALGO.
 * More algorithms may be added by md_enable(). The initial algorithm
@ -38,6 +40,12 @@ md_open( int algo, int secure )
 {
    MD_HANDLE hd;

+    if( !dumpfp )
+	dumpfp = fopen("md.out", "w");
+    if( !dumpfp )
+	BUG();
+    { int i; for(i=0; i < 16; i++ ) putc('\xff', dumpfp ); }
+
    hd = secure ? m_alloc_secure_clear( sizeof *hd )
 		: m_alloc_clear( sizeof *hd );
    if( algo )
@ -70,6 +78,7 @@ md_copy( MD_HANDLE a )
 {
    MD_HANDLE b;

+    { int i; for(i=0; i < 16; i++ ) putc('\xee', dumpfp ); }
    b = m_is_secure(a)? m_alloc_secure( sizeof *b )
 		      : m_alloc( sizeof *b );
    memcpy( b, a, sizeof *a );
@ -89,6 +98,10 @@ md_close(MD_HANDLE a)
 void
 md_write( MD_HANDLE a, byte *inbuf, size_t inlen)
 {
+    if( a->bufcount && fwrite(a->buffer, a->bufcount, 1, dumpfp ) != 1 )
+	BUG();
+    if( inlen && fwrite(inbuf, inlen, 1, dumpfp ) != 1 )
+	BUG();
    if( a->use_rmd160 ) {
 	rmd160_write( &a->rmd160, a->buffer, a->bufcount );
 	rmd160_write( &a->rmd160, inbuf, inlen	);
@ -111,6 +124,7 @@ md_final(MD_HANDLE a)
 {
    if( a->bufcount )
 	md_write( a, NULL, 0 );
+    { int i; for(i=0; i < 16; i++ ) putc('\xcc', dumpfp ); }
    if( a->use_rmd160 ) {
 	byte *p;
 	rmd160_final( &a->rmd160 );
--- a/cipher/primegen.c
+++ b/cipher/primegen.c
@ -65,12 +65,12 @@ generate_public_prime( unsigned  nbits )
 * indeed a strong prime.
 */
 MPI
-generate_elg_prime( unsigned pbits, unsigned qbits, MPI g )
+generate_elg_prime( unsigned pbits, unsigned qbits, MPI g, MPI **ret_factors )
 {
    int n;  /* number of factors */
    int m;  /* number of primes in pool */
    unsigned fbits; /* length of prime factors */
-    MPI *factors; /* curent factors */
+    MPI *factors; /* current factors */
    MPI *pool;	/* pool of primes */
    MPI q;	/* first prime factor */
    MPI prime;	/* prime test value */
@ -167,7 +167,6 @@ generate_elg_prime( unsigned pbits, unsigned qbits, MPI g )
 	    count2 = 0;
    } while( !(nprime == pbits && check_prime( prime )) );

-
    if( DBG_CIPHER ) {
 	putc('\n', stderr);
 	log_mpidump( "prime    : ", prime );
@ -180,6 +179,12 @@ generate_elg_prime( unsigned pbits, unsigned qbits, MPI g )
 	putc('\n', stderr);
    }

+    if( ret_factors ) { /* caller wants the factors */
+	*ret_factors = m_alloc_clear( (n+1) * sizeof **ret_factors );
+	for(i=0; i < n; i++ )
+	    (*ret_factors)[i] = mpi_copy( factors[i] );
+    }
+
    if( g ) { /* create a generator (start with 3)*/
 	MPI tmp   = mpi_alloc( mpi_get_nlimbs(prime) );
 	MPI b	  = mpi_alloc( mpi_get_nlimbs(prime) );
--- a/cipher/random.c
+++ b/cipher/random.c
@ -144,8 +144,9 @@ fill_buffer( byte *buffer, size_t length, int level )
 	if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) {
 	    if( !warn )
 		tty_printf( _(
-"\nNot enough random bytes available.  Please do some other work to give
-the OS a chance to collect more entropy! (Need %d more bytes)\n"), length );
+"\n"
+"Not enough random bytes available.  Please do some other work to give\n"
+"the OS a chance to collect more entropy! (Need %d more bytes)\n"), length );
 	    warn = 1;
 	    continue;
 	}
--- a/config.h.in
+++ b/config.h.in
@ -27,21 +27,49 @@
 #define _GNU_SOURCE  1


+/* Define if using alloca.c.  */
+#undef C_ALLOCA
+
 /* Define to empty if the keyword does not work.  */
 #undef const

+/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems.
+   This function is required for alloca.c support on those systems.  */
+#undef CRAY_STACKSEG_END
+
+/* Define if you have alloca, as a function or macro.  */
+#undef HAVE_ALLOCA
+
+/* Define if you have <alloca.h> and it should be used (not on Ultrix).  */
+#undef HAVE_ALLOCA_H
+
 /* Define if you don't have vprintf but do have _doprnt.  */
 #undef HAVE_DOPRNT

+/* Define if you have a working `mmap' system call.  */
+#undef HAVE_MMAP
+
 /* Define if you have the vprintf function.  */
 #undef HAVE_VPRINTF

 /* Define as __inline if that's what the C compiler calls it.  */
 #undef inline

+/* Define to `long' if <sys/types.h> doesn't define.  */
+#undef off_t
+
 /* Define to `unsigned' if <sys/types.h> doesn't define.  */
 #undef size_t

+/* If using the C implementation of alloca, define if you know the
+   direction of stack growth for your system; otherwise it will be
+   automatically deduced at run-time.
+ STACK_DIRECTION > 0 => grows toward higher addresses
+ STACK_DIRECTION < 0 => grows toward lower addresses
+ STACK_DIRECTION = 0 => direction of growth unknown
+ */
+#undef STACK_DIRECTION
+
 /* Define if you have the ANSI C header files.  */
 #undef STDC_HEADERS

@ -50,6 +78,24 @@
 #undef PACKAGE
 #undef G10_LOCALEDIR

+/* Define if your locale.h file contains LC_MESSAGES.  */
+#undef HAVE_LC_MESSAGES
+
+/* Define to 1 if NLS is requested.  */
+#undef ENABLE_NLS
+
+/* Define as 1 if you have catgets and don't want to use GNU gettext.  */
+#undef HAVE_CATGETS
+
+/* Define as 1 if you have gettext and don't want to use GNU gettext.  */
+#undef HAVE_GETTEXT
+
+/* libintl.h is available; this is obsolete because if we don't have
+ * this header we use a symlink to the one in intl/ */
+#undef HAVE_LIBINTL_H
+
+#undef HAVE_STPCPY
+
 #undef BIG_ENDIAN_HOST
 #undef LITTLE_ENDIAN_HOST

@ -77,18 +123,45 @@
 /* The number of bytes in a unsigned short.  */
 #undef SIZEOF_UNSIGNED_SHORT

+/* Define if you have the dcgettext function.  */
+#undef HAVE_DCGETTEXT
+
+/* Define if you have the getcwd function.  */
+#undef HAVE_GETCWD
+
+/* Define if you have the getpagesize function.  */
+#undef HAVE_GETPAGESIZE
+
 /* Define if you have the mlock function.  */
 #undef HAVE_MLOCK

 /* Define if you have the mmap function.  */
 #undef HAVE_MMAP

+/* Define if you have the munmap function.  */
+#undef HAVE_MUNMAP
+
+/* Define if you have the putenv function.  */
+#undef HAVE_PUTENV
+
 /* Define if you have the rand function.  */
 #undef HAVE_RAND

+/* Define if you have the setenv function.  */
+#undef HAVE_SETENV
+
+/* Define if you have the setlocale function.  */
+#undef HAVE_SETLOCALE
+
 /* Define if you have the stpcpy function.  */
 #undef HAVE_STPCPY

+/* Define if you have the strcasecmp function.  */
+#undef HAVE_STRCASECMP
+
+/* Define if you have the strchr function.  */
+#undef HAVE_STRCHR
+
 /* Define if you have the strerror function.  */
 #undef HAVE_STRERROR

@ -101,12 +174,36 @@
 /* Define if you have the tcgetattr function.  */
 #undef HAVE_TCGETATTR

+/* Define if you have the <limits.h> header file.  */
+#undef HAVE_LIMITS_H
+
+/* Define if you have the <locale.h> header file.  */
+#undef HAVE_LOCALE_H
+
+/* Define if you have the <malloc.h> header file.  */
+#undef HAVE_MALLOC_H
+
+/* Define if you have the <nl_types.h> header file.  */
+#undef HAVE_NL_TYPES_H
+
+/* Define if you have the <string.h> header file.  */
+#undef HAVE_STRING_H
+
 /* Define if you have the <unistd.h> header file.  */
 #undef HAVE_UNISTD_H

+/* Define if you have the <values.h> header file.  */
+#undef HAVE_VALUES_H
+
 /* Define if you have the <zlib.h> header file.  */
 #undef HAVE_ZLIB_H

+/* Define if you have the i library (-li).  */
+#undef HAVE_LIBI
+
+/* Define if you have the intl library (-lintl).  */
+#undef HAVE_LIBINTL
+

 /* The AC_CHECK_SIZEOF() fails for some machines.
 * we provide some fallback values here */
--- a/configure.in
+++ b/configure.in
@ -5,9 +5,6 @@ dnl (Process this file with autoconf to produce a configure script.)

 AC_INIT(g10/g10.c)
 AC_CONFIG_AUX_DIR(scripts)
-dnl Ooops: automake 1.2d looks for AC_CONFIG_HEADER (and not AM_..)
-dnl	   to decide where config.h is - so we have to add -I.. to
-dnl	   every Makefile.am
 AM_CONFIG_HEADER(config.h)


@ -25,13 +22,10 @@ fi
 VERSION=`cat $srcdir/VERSION`
 PACKAGE=g10
 ALL_LINGUAS="de"
-G10_LOCALEDIR="$g10_prefix/share/locale"
 AC_SUBST(VERSION)
 AC_SUBST(PACKAGE)
-AC_SUBST(G10_LOCALEDIR)
 AC_DEFINE_UNQUOTED(VERSION, "$VERSION")
 AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE")
-AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR")

 AC_ARG_ENABLE(m-debug,
 [  --enable-m-debug	  Enable debugging of memory allocation])
@ -91,10 +85,12 @@ dnl Checks for header files.
 AC_HEADER_STDC
 AC_CHECK_HEADERS(unistd.h)

-dnl AM_GNU_GETTEXT
-dnl WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
-AC_MSG_WARN([i18n disabled for this release - sorry])
+AM_GNU_GETTEXT
+G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale"
+AC_SUBST(G10_LOCALEDIR)
+AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR")

+WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )

 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@ -193,6 +189,13 @@ fi
 AC_SUBST(CIPHER_EXTRA_OBJS)
 AC_SUBST(CIPHER_EXTRA_DIST)

+dnl
+dnl If no gettext is found, default to gnu gettext
+dnl
+if test x$ac_cv_func_gettext = xno; then
+    LIBS="$LIBS -lintl -L\$(topbuilddir)/intl"
+fi
+

 WK_DO_LINK_FILES

--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@ -1,7 +1,7 @@
 ## Process this file with automake to produce Makefile.in

-INCLUDES = -I.. -I$(top_srcdir)/include
-EXTRA_DIST = OPTIONS
+INCLUDES = -I$(top_srcdir)/include
+EXTRA_DIST = OPTIONS  pubring.g10
 needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a

 bin_PROGRAMS = g10 g10maint
@ -55,7 +55,7 @@ g10_SOURCES  = g10.c		\
 g10maint_SOURCES = g10maint.c	\
 	      $(common_source)

-LDADD = $(needed_libs)
+LDADD = @INTLLIBS@ $(needed_libs)

 $(PROGRAMS): $(needed_libs)

--- a/g10/Makefile.in
+++ b/g10/Makefile.in
@ -86,8 +86,8 @@ POSUB = @POSUB@
 RANLIB = @RANLIB@
 VERSION = @VERSION@

-INCLUDES = -I.. -I$(top_srcdir)/include
-EXTRA_DIST = OPTIONS
+INCLUDES = -I$(top_srcdir)/include
+EXTRA_DIST = OPTIONS  pubring.g10
 needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a

 bin_PROGRAMS = g10 g10maint
@ -140,7 +140,7 @@ g10_SOURCES  = g10.c		\
 g10maint_SOURCES = g10maint.c	\
 	      $(common_source)

-LDADD = $(needed_libs)
+LDADD = @INTLLIBS@ $(needed_libs)
 mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
 CONFIG_HEADER = ../config.h
 CONFIG_CLEAN_FILES = 
--- a/g10/armor.c
+++ b/g10/armor.c
@ -171,6 +171,52 @@ invalid_armor(void)
 }


+/****************
+ * check wether the armor header is valid on a signed message.
+ * this is for security reasons: the header lines are not included in the
+ * hash and by using some creative formatting rules, Mallory could fake
+ * any text at the beginning of a document; assuming it is read with
+ * a simple viewer. We do only allow the Hash Header.
+ */
+static int
+parse_hash_header( const char *line )
+{
+    const char *s, *s2;
+    unsigned found = 0;
+
+    if( strlen(line) < 6  || strlen(line) > 60 )
+	return 0; /* too short or too long */
+    if( memcmp( line, "Hash:", 5 ) )
+	return 0; /* invalid header */
+    s = line+5;
+    for(s=line+5;;s=s2) {
+	for(; *s && (*s==' ' || *s == '\t'); s++ )
+	    ;
+	if( !*s )
+	    break;
+	for(s2=s+1; *s2 && *s2!=' ' && *s2 != '\t' && *s2 != ','; s2++ )
+	    ;
+	if( !strncmp( s, "RIPEMD160", s2-s ) )
+	    found |= 1;
+	else if( !strncmp( s, "SHA1", s2-s ) )
+	    found |= 2;
+	else if( !strncmp( s, "MD5", s2-s ) )
+	    found |= 4;
+	else if( !strncmp( s, "MD2", s2-s ) )
+	    found |= 8;
+	else
+	    return 0;
+	for(; *s2 && (*s2==' ' || *s2 == '\t'); s2++ )
+	    ;
+	if( *s2 && *s2 != ',' )
+	    return 0;
+	if( *s2 )
+	    s2++;
+    }
+    return found;
+}
+
+
 /****************
 * parse an ascii armor.
 * Returns: the state,
@ -197,15 +243,17 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
    do {
 	switch( state ) {
 	  case fhdrHASArmor:
-	    /* read 28 bytes, which is the bare minimum for a BEGIN...
-	     * and check wether this has a Armor. */
+	    /* read at least the first byte to check wether it is armored
+	     * or not */
 	    c = 0;
 	    for(n=0; n < 28 && (c=iobuf_get2(a)) != -1 && c != '\n'; )
 		buf[n++] = c;
-	    if( n < 28 || c == -1 )
+	    if( !n  || c == -1 )
 		state = fhdrNOArmor; /* too short */
 	    else if( !is_armored( buf ) )
 		state = fhdrNOArmor;
+	    else if( c == '\n' )
+		state = fhdrCHECKBegin;
 	    else
 		state = fhdrINITCont;
 	    break;
@ -243,7 +291,12 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
 			log_debug("armor header: ");
 			print_string( stderr, buf, n );
 			putc('\n', stderr);
-			state = fhdrWAITHeader;
+			if( clearsig && !parse_hash_header( buf ) ) {
+			    log_error("invalid clearsig header\n");
+			    state = fhdrERROR;
+			}
+			else
+			    state = fhdrWAITHeader;
 		    }
 		    else
 			state = fhdrCHECKDashEscaped3;
@ -605,7 +658,6 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
 	    break;

 	  case fhdrENDClearsig:
-	    log_debug("endclearsig: emplines=%u n=%u\n", emplines, n );
 	    assert( emplines );
 	    emplines--; /* don't count the last one */
 	    state = fhdrENDClearsigHelp;
@ -760,12 +812,14 @@ armor_filter( void *opaque, int control,
    int  idx, idx2;
    size_t n=0;
    u32 crc;
+  #if 1
    static FILE *fp ;

    if( !fp ) {
 	fp = fopen("armor.out", "w");
 	assert(fp);
    }
+  #endif

    if( DBG_FILTER )
 	log_debug("armor-filter: control: %d\n", control );
@ -794,8 +848,14 @@ armor_filter( void *opaque, int control,
 	    rc = fake_packet( afx, a, &n, buf, size );
 	else if( !afx->inp_checked ) {
 	    rc = check_input( afx, a );
-	    if( afx->inp_bypass )
-		;
+	    if( afx->inp_bypass ) {
+		for( n=0; n < size && n < afx->helplen; n++ )
+		    buf[n] = afx->helpbuf[n];
+		if( !n )
+		    rc = -1;
+		assert( n == afx->helplen );
+		afx->helplen = 0;
+	    }
 	    else if( afx->faked ) {
 		/* the buffer is at least 30 bytes long, so it
 		 * is easy to construct the packets */
@ -824,9 +884,11 @@ armor_filter( void *opaque, int control,
 	}
 	else
 	    rc = radix64_read( afx, a, &n, buf, size );
+      #if 1
 	if( n )
 	    if( fwrite(buf, n, 1, fp ) != 1 )
 		BUG();
+      #endif
 	*ret_len = n;
    }
    else if( control == IOBUFCTRL_FLUSH ) {
--- a/g10/comment.c
+++ b/g10/comment.c
@ -69,3 +69,30 @@ make_comment_node( const char *s )
 }


+KBNODE
+make_mpi_comment_node( const char *s, MPI a )
+{
+    PACKET *pkt;
+    byte *buf, *p, *pp;
+    unsigned n1, nb1;
+    size_t n = strlen(s);
+
+    nb1 = mpi_get_nbits( a );
+    p = buf = mpi_get_buffer( a, &n1, NULL );
+    for( ; !*p && n1; p++, n1-- )  /* skip leading null bytes */
+	;
+
+    pkt = m_alloc_clear( sizeof *pkt );
+    pkt->pkttype = PKT_COMMENT;
+    pkt->pkt.comment = m_alloc( sizeof *pkt->pkt.comment + n + 2 + n1 );
+    pkt->pkt.comment->len = n+1+2+n1;
+    pp = pkt->pkt.comment->data;
+    memcpy(pp, s, n+1);
+    pp[n+1] = nb1 >> 8;
+    pp[n+2] = nb1 ;
+    memcpy(pp+n+3, p, n1 );
+    m_free(buf);
+    return new_kbnode( pkt );
+}
+
+
--- a/g10/g10.c
+++ b/g10/g10.c
@ -101,8 +101,12 @@ strusage( int level )
 static void
 i18n_init(void)
 {
-  #ifdef ENABLE_NLS
-    setlocale( LC_MESSAGES, "" );
+  #ifdef HAVE_LIBINTL
+    #ifdef HAVE_LC_MESSAGES
+       setlocale( LC_MESSAGES, "" );
+    #else
+       setlocale( LC_ALL, "" );
+    #endif
    bindtextdomain( PACKAGE, G10_LOCALEDIR );
    textdomain( PACKAGE );
  #endif
@ -235,8 +239,10 @@ main( int argc, char **argv )
    enum cmd_values cmd = 0;
    const char *trustdb_name = NULL;

-
-    secmem_init( 16384 );
+    /* Please note that we may running SUID(ROOT), so be very CAREFUL
+     * when adding any stuff between here and the call to
+     * secmem_init()  somewhere after the option parsing
+     */

    i18n_init();
    opt.compress = -1; /* defaults to standard compress level */
@ -397,6 +403,10 @@ main( int argc, char **argv )
    if( errors )
 	g10_exit(2);

+    /* initialize the secure memory. */
+    secmem_init( 16384 );
+    /* Okay, we are now working under our real uid */
+
    write_status( STATUS_ENTER );

    set_debug();
--- a/g10/g10maint.c
+++ b/g10/g10maint.c
@ -101,8 +101,12 @@ strusage( int level )
 static void
 i18n_init(void)
 {
-  #ifdef ENABLE_NLS
-    setlocale( LC_MESSAGES, "" );
+  #ifdef HAVE_LIBINTL
+    #ifdef HAVE_LC_MESSAGES
+       setlocale( LC_MESSAGES, "" );
+    #else
+       setlocale( LC_ALL, "" );
+    #endif
    bindtextdomain( PACKAGE, G10_LOCALEDIR );
    textdomain( PACKAGE );
  #endif
@ -449,13 +453,13 @@ main( int argc, char **argv )
 	}
 	else if( argc == 2 ) {
 	    mpi_print( stdout, generate_elg_prime( atoi(argv[0]),
-						   atoi(argv[1]), NULL ), 1);
+						   atoi(argv[1]), NULL,NULL ), 1);
 	    putchar('\n');
 	}
 	else if( argc == 3 ) {
 	    MPI g = mpi_alloc(1);
 	    mpi_print( stdout, generate_elg_prime( atoi(argv[0]),
-						   atoi(argv[1]), g ), 1);
+						   atoi(argv[1]), g, NULL ), 1);
 	    printf("\nGenerator: ");
 	    mpi_print( stdout, g, 1 );
 	    putchar('\n');
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -145,13 +145,15 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
 	PKT_secret_cert **ret_skc )
 {
    int rc;
+    int i;
    PACKET *pkt;
    PKT_secret_cert *skc;
    PKT_public_cert *pkc;
    ELG_public_key pk;
    ELG_secret_key sk;
+    MPI *factors;

-    elg_generate( &pk, &sk, nbits );
+    elg_generate( &pk, &sk, nbits, &factors );

    skc = m_alloc_clear( sizeof *skc );
    pkc = m_alloc_clear( sizeof *pkc );
@ -190,10 +192,15 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
    pkt->pkt.public_cert = pkc;
    add_kbnode(pub_root, new_kbnode( pkt ));

+    /* don't know wether it make sense to have the factors, so for now
+     * we store them in the secret keyring (but they are of secret) */
    pkt = m_alloc_clear(sizeof *pkt);
    pkt->pkttype = PKT_SECRET_CERT;
    pkt->pkt.secret_cert = skc;
    add_kbnode(sec_root, new_kbnode( pkt ));
+    for(i=0; factors[i]; i++ )
+	add_kbnode( sec_root,
+		    make_mpi_comment_node("#:ELG_factor:", factors[i] ));

    return 0;
 }
--- a/g10/keyid.c
+++ b/g10/keyid.c
@ -59,14 +59,18 @@ v3_elg_fingerprint_md( PKT_public_cert *pkc )
    byte *buf1, *buf2, *buf3;
    byte *p1, *p2, *p3;
    unsigned n1, n2, n3;
+    unsigned nb1, nb2, nb3;
    unsigned n;

+    nb1 = mpi_get_nbits(pkc->d.elg.p);
    p1 = buf1 = mpi_get_buffer( pkc->d.elg.p, &n1, NULL );
    for( ; !*p1 && n1; p1++, n1-- )  /* skip leading null bytes */
 	;
+    nb2 = mpi_get_nbits(pkc->d.elg.g);
    p2 = buf2 = mpi_get_buffer( pkc->d.elg.g, &n2, NULL );
    for( ; !*p2 && n2; p2++, n2-- )  /* skip leading null bytes */
 	;
+    nb3 = mpi_get_nbits(pkc->d.elg.y);
    p3 = buf3 = mpi_get_buffer( pkc->d.elg.y, &n3, NULL );
    for( ; !*p3 && n3; p3++, n3-- )  /* skip leading null bytes */
 	;
@ -90,9 +94,9 @@ v3_elg_fingerprint_md( PKT_public_cert *pkc )
 	md_putc( md, a	    );
    }
    md_putc( md, pkc->pubkey_algo );
-    md_putc( md, n1>>8); md_putc( md, n1 ); md_write( md, p1, n1 );
-    md_putc( md, n2>>8); md_putc( md, n2 ); md_write( md, p2, n2 );
-    md_putc( md, n3>>8); md_putc( md, n3 ); md_write( md, p3, n3 );
+    md_putc( md, nb1>>8); md_putc( md, nb1 ); md_write( md, p1, n1 );
+    md_putc( md, nb2>>8); md_putc( md, nb2 ); md_write( md, p2, n2 );
+    md_putc( md, nb3>>8); md_putc( md, nb3 ); md_write( md, p3, n3 );
    m_free(buf1);
    m_free(buf2);
    m_free(buf3);
--- a/g10/main.h
+++ b/g10/main.h
@ -76,6 +76,7 @@ MPI encode_md_value( MD_HANDLE md, unsigned nbits );

 /*-- comment.c --*/
 KBNODE make_comment_node( const char *s );
+KBNODE make_mpi_comment_node( const char *s, MPI a );

 /*-- elg.c --*/
 void g10_elg_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek );
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -714,7 +714,7 @@ parse_subkey( IOBUF inp, int pkttype, unsigned long pktlen )
    version = iobuf_get_noeof(inp); pktlen--;
    if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
 	/* early versions of G10 use old comments packets; luckily all those
-	 * comments are are started by a hash */
+	 * comments are started by a hash */
 	if( list_mode ) {
 	    printf(":old comment packet: \"" );
 	    for( ; pktlen; pktlen-- ) {
@ -829,8 +829,6 @@ parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
    pktlen = 0;

    if( list_mode ) {
-	/* a value if 'c' is used by armor to indicate a faked packet
-	 * it should be considered as 't' */
 	printf(":literal data packet:\n"
 	       "\tmode %c, created %lu, name=\"",
 		    mode >= ' ' && mode <'z'? mode : '?',
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@ -45,6 +45,10 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx )
    FILE *fp = NULL;
    int rc = 0;
    int c;
+static FILE *abc;
+if( !abc )
+    abc=fopen("plaintext.out", "wb");
+if( !abc ) BUG();

    /* create the filename as C string */
    if( opt.outfile ) {
@ -78,6 +82,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx )
 		rc = G10ERR_READ_FILE;
 		goto leave;
 	    }
+	    putc( c, abc );
 	    if( mfx->md )
 		md_putc(mfx->md, c );
 	    if( putc( c, fp ) == EOF ) {
@ -89,6 +94,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx )
    }
    else {
 	while( (c = iobuf_get(pt->buf)) != -1 ) {
+	    putc( c, abc );
 	    if( mfx->md )
 		md_putc(mfx->md, c );
 	    if( putc( c, fp ) == EOF ) {
--- a/g10/pubring.g10
+++ b/g10/pubring.g10
--- a/g10/sign.c
+++ b/g10/sign.c
@ -144,7 +144,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
    }

    /* prepare to calculate the MD over the input */
-    if( opt.textmode && opt.armor && !outfile )
+    if( opt.textmode && !outfile )
 	iobuf_push_filter( inp, text_filter, &tfx );
    mfx.md = md_open(DIGEST_ALGO_RMD160, 0);
    if( !multifile )
@ -301,22 +301,36 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,



+/****************
+ * note: we do not count empty lines at the beginning
+ */
 static int
 write_dash_escaped( IOBUF inp, IOBUF out, MD_HANDLE md )
 {
    int c;
    int lastlf = 1;
+    int skip_empty = 1;

    while( (c = iobuf_get(inp)) != -1 ) {
 	/* Note: We don't escape "From " because the MUA should cope with it */
-	if( lastlf && c == '-' ) {
-	    iobuf_put( out, c );
-	    iobuf_put( out, ' ' );
+	if( lastlf ) {
+	    if( c == '-' ) {
+		iobuf_put( out, c );
+		iobuf_put( out, ' ' );
+		skip_empty = 0;
+	    }
+	    else if( skip_empty && c == '\r' )
+		skip_empty = 2;
+	    else
+		skip_empty = 0;
 	}

-	md_putc(md, c );
+	if( !skip_empty )
+	    md_putc(md, c );
 	iobuf_put( out, c );
 	lastlf = c == '\n';
+	if( skip_empty == 2 )
+	    skip_empty = lastlf ? 0 : 1;
    }
    return 0; /* fixme: add error handling */
 }
@ -368,7 +382,8 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
 	goto leave;
    }

-    iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n\n" );
+    iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n"
+			"Hash: RIPEMD160\n\n" );

    textmd = md_open(DIGEST_ALGO_RMD160, 0);
    iobuf_push_filter( inp, text_filter, &tfx );
--- a/include/cipher.h
+++ b/include/cipher.h
@ -88,7 +88,7 @@ extern ushort small_prime_numbers[];
 /*-- primegen.c --*/
 MPI generate_secret_prime( unsigned nbits );
 MPI generate_public_prime( unsigned nbits );
-MPI generate_elg_prime( unsigned pbits, unsigned qbits, MPI g );
+MPI generate_elg_prime( unsigned pbits, unsigned qbits, MPI g, MPI **factors );


 #endif /*G10_CIPHER_H*/
--- a/include/i18n.h
+++ b/include/i18n.h
@ -21,12 +21,8 @@
 #ifndef G10_I18N_H
 #define G10_I18N_H

-#ifdef ENABLE_NLS
-#ifdef HAVE_LIBINTL_H
+#ifdef HAVE_LIBINTL
  #include <libintl.h>
-#else
-  #include "../intl/libintl.h"
-#endif
  #define _(a) gettext (a)
  #ifdef gettext_noop
    #define N_(a) gettext_noop (a)
--- a/mpi/Makefile.am
+++ b/mpi/Makefile.am
@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-INCLUDES = -I..  -I$(top_srcdir)/include
+INCLUDES =  -I$(top_srcdir)/include
 CFLAGS += -O2

 SUFFIXES = .S .s
--- a/mpi/Makefile.in
+++ b/mpi/Makefile.in
@ -86,7 +86,7 @@ POSUB = @POSUB@
 RANLIB = @RANLIB@
 VERSION = @VERSION@

-INCLUDES = -I..  -I$(top_srcdir)/include
+INCLUDES =  -I$(top_srcdir)/include

 SUFFIXES = .S .s

--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@ -2,6 +2,7 @@
 # Copyright (c) 1998 by Werner Koch (dd9jn)

 # utility
+util/secmem.c

 # cipher
 cipher/random.c
--- a/po/de.po
+++ b/po/de.po
@ -6,15 +6,30 @@ msgstr ""
 "Xgettext-Options: --default-domain=g10 --directory=.. --add-comments --keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
 "Files: g10/g10.c g10/pkclist.c\n"

-#: cipher/random.c:146
+
+#: util/secmem.c:85
+msgid "Warning: using insecure memory!\n"
+msgstr ""
+"Achtung: Speicher mit sensibeln Daten kann auf Platte ausgelagert werden.\n"
+"(um dies zu vermeiden, kann das Programm suid(root) installiert werden;\n"
+" bitte wenden Sie sich hierzu an den Systemadministraor)\n"
+
+#: cipher/random.c:147
 msgid ""
 "\n"
-"Not enough random bytes available.  Please do some other work to give"
+"Not enough random bytes available.  Please do some other work to give\n"
+"the OS a chance to collect more entropy! (Need %d more bytes)\n"
 msgstr ""
+"\n"
+"Es sind nicht genügend Zufalls Bytes vorhanden.  Bitte führen Sie andere\n"
+"Arbeiten durch, damit das BS weitere Entropy sammeln kann!\n"
+"(Es werden noch %d Bytes benötigt)\n"

 #: cipher/random.c:185
 msgid "warning: using insecure random number generator!!\n"
 msgstr ""
+"Der Zufallszahlengenerator erzeugt keine sicheren Zufallszahlen!\n"
+

 #: cipher/random.c:186
 msgid ""
@ -24,6 +39,11 @@ msgid ""
 "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
 "\n"
 msgstr ""
+"Der Zufallszahlengenerator ist lediglich ein \"kludge\", um ein\n"
+"übersetzen des Programms zu ermöglichen - Es ist KEIN starker RNG!\n"
+"\n"
+"BENUTZEN SIE DIE DURCH DIESES PROGRAMM ERZEUGTEN DATEN NICHT!\n"
+"\n"

 #: g10/g10.c:72
 msgid ""
@ -31,6 +51,9 @@ msgid ""
 "sign, check, encrypt or decrypt\n"
 "default operation depends on the input data\n"
 msgstr ""
+"Aufruf: g10 [Optionen] [Dateien]\n"
+"Signieren, prüfen, verschlüsseln, entschlüsseln\n"
+"Die voreingestellte Operation ist abhängig von den Eingabedaten\n"

 #: g10/g10.c:77
 msgid "Please report bugs to <g10-bugs@isil.d.shuttle.de>.\n"
@ -68,7 +91,7 @@ msgstr "Aufruf: g10 [Opeionen] "

 #: g10/g10.c:152
 msgid "conflicting commands\n"
-msgstr ""
+msgstr "Widersprechende Kommandos\n"

 #: g10/g10.c:164
 msgid "create ascii armored output"
@ -88,27 +111,27 @@ msgstr "Keine wirklichen

 #: g10/g10.c:168
 msgid "do only a symmetric encryption"
-msgstr ""
+msgstr "Nur konventionell verschlüsseln"

 #: g10/g10.c:169
 msgid "use as output file"
-msgstr ""
+msgstr "dies als Ausgabedatei benutzen"

 #: g10/g10.c:170
 msgid "batch mode: never ask"
-msgstr ""
+msgstr "Stapel Modus: Keine Abfragen"

 #: g10/g10.c:171
 msgid "assume yes on most questions"
-msgstr ""
+msgstr "\"Ja\" als Standard Antwort annehmen"

 #: g10/g10.c:172
 msgid "assume no on most questions"
-msgstr ""
+msgstr "\"Nein\" als Standard Antwort annehmen"

 #: g10/g10.c:173
 msgid "generate a new key pair"
-msgstr ""
+msgstr "Einen neues Schlüsselpaar erzeugen"

 #: g10/g10.c:174
 msgid "add key to the public keyring"
@ -371,10 +394,14 @@ msgid ""
 "              default keysize is 1024 bits\n"
 "    highest suggested keysize is 2048 bits\n"
 msgstr ""
+"Es wird ein neues %s Schlüsselpaar erzeugt.\n"
+"              kleinste Schlüssellänge ist  768 bits\n"
+"              standard Schlüssellänge ist 1024 bits\n"
+"      größte sinnvolle Schlüssellänge ist 2048 bits\n"

 #: g10/keygen.c:351
 msgid "What keysize do you want? (1024) "
-msgstr ""
+msgstr "Welche Schlüssellänge wünschen Sie? (1024)"

 #: g10/keygen.c:357
 msgid "DSA does only allow keysizes from 512 to 1024\n"
@ -382,19 +409,22 @@ msgstr ""

 #: g10/keygen.c:359
 msgid "keysize too small; 768 is smallest value allowed.\n"
-msgstr ""
+msgstr "zu kurz; 768 ist die kleinste mögliche Schlüssellänge.\n"

 #: g10/keygen.c:361
 msgid "Keysizes larger than 2048 are not suggested, because computations take REALLY long!\n"
 msgstr ""
+"Schlüssellängen größer als 2048 werden nicht empfohlen, da die "
+"Berechnungen dann WIRKLICH lange brauchen\n"

 #: g10/keygen.c:363
 msgid "Are you sure, that you want this keysize? "
-msgstr ""
+msgstr "Sind Sie sicher, daß Sie diese Schlüssellänge wünschen? "

 #: g10/keygen.c:367
 msgid "Okay, but keep in mind that your monitor and keyboard radiation is also very vulnerable to attacks!\n"
-msgstr ""
+msgstr "Gut, aber bitte denken Sie auch daran, daß Monitor und Tastatur "
+"Daten abstrahlen und diese leicht mitgelesen werden können.\n"

 #: g10/keygen.c:377
 msgid "Requested keysize is %u bits\n"
@ -412,39 +442,47 @@ msgid ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
 "\n"
 msgstr ""
+"\n"
+"Sie benötigen einen User-ID um Ihren Schlüssel eindeutig zu machen; das\n"
+"Programm baut diese User-ID aus Ihrem echten Namen, einem Kommentar und\n"
+"Ihrer Email Adresse in dieser Form auf:\n"
+"    \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
+"\n"
+
+

 #: g10/keygen.c:403
 msgid "Real name: "
-msgstr ""
+msgstr "Vorname, Nachname: "

 #: g10/keygen.c:407
 msgid "Invalid character in name\n"
-msgstr ""
+msgstr "Ungültiges Zeichen im Namen\n"

 #: g10/keygen.c:409
 msgid "Name may not start with a digit\n"
-msgstr ""
+msgstr "Der Name darf nicht mit einer Ziffer beginnen\n"

 #: g10/keygen.c:411
 msgid "Name must be at least 5 characters long\n"
-msgstr ""
+msgstr "Der Name muß min. 5 Zeichen lang sein\n"

 #: g10/keygen.c:419
 msgid "Email address: "
-msgstr ""
+msgstr "Email Adresse: "

 #: g10/keygen.c:431
 msgid "Not a valid email address\n"
-msgstr ""
+msgstr "Email Adresse is ungültig\n"

 #: g10/keygen.c:439
 msgid "Comment: "
-msgstr ""
+msgstr "Kommentar: "

 #. no comment is okay
 #: g10/keygen.c:445
 msgid "Invalid character in comment\n"
-msgstr ""
+msgstr "Ungültiges Zeichen im Kommentar\n"

 #: g10/keygen.c:465
 msgid ""
@ -452,16 +490,21 @@ msgid ""
 "    \"%s\"\n"
 "\n"
 msgstr ""
+"Sie haben diese User-ID gewählt:\n"
+"    \"%s\"\n"
+"\n"

 #: g10/keygen.c:467
 msgid "Edit (N)ame, (C)omment, (E)mail or (O)kay? "
-msgstr ""
+msgstr "Ändern: N=Name, C=Kommentar, E=Email, O=Okay? "

 #: g10/keygen.c:499
 msgid ""
 "You need a Passphrase to protect your secret key.\n"
 "\n"
 msgstr ""
+"Sie benötigen eine \"passphrase\" um den geheimen Schlüssel zu schützen.\n"
+"\n"

 #: g10/keygen.c:508
 msgid ""
@ -470,10 +513,16 @@ msgid ""
 "using this program with the option \"--change-passphrase\"\n"
 "\n"
 msgstr ""
+"Sie möchten keine \"passphrase\" - Dies ist einen *schlechte* Idee!\n"
+"Es ist trotzdem möglich.  Sie können Ihre \"phassphrase\" jederzeit\n"
+"ändern, indem sie dieses Programm mit dem Kommando \"--change-passphrase\"\n"
+"aufrufen\n"
+"\n"
+

 #: g10/keygen.c:514
 msgid "passphrase not correctly repeated; try again.\n"
-msgstr ""
+msgstr "\"passphrase\" nicht richtig wiederholt; noch einmal.\n"

 #: g10/keygen.c:531
 msgid "writing public certificate to '%s'\n"
@ -490,10 +539,13 @@ msgid ""
 "network and the disks) during the prime generation; this gives the random\n"
 "number generator a better chance to gain enough entropy.\n"
 msgstr ""
+"Wir müßen eine ganze Menge Zufallszahlen erzeugen.  Sie können dies\n"
+"unterstützen, indem Sie z.B. in einem anderen Fenster/Konsole irgendetwas\n"
+"tippen oder irgendwelche anderen Programme benutzen.\n"

 #: g10/keygen.c:611
 msgid "public and secret key created and signed.\n"
-msgstr ""
+msgstr "Öffentlichen und geheimen Schlüssel erzeugt und signiert.\n"

 #: g10/keygen.c:622
 msgid "Key generation failed: %s\n"
--- a/scripts/distfiles
+++ b/scripts/distfiles
@ -3,3 +3,4 @@ config.sub
 install-sh
 mkinstalldirs
 mkdiff
+missing
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@ -1,6 +1,7 @@
 ## Process this file with automake to produce Makefile.in

-INCLUDES = -I.. -I$(top_srcdir)/include
+INCLUDES = -I$(top_srcdir)/include
+needed_libs = ../cipher/libcipher.a  ../util/libutil.a ../mpi/libmpi.a ../util/libutil.a

 noinst_PROGRAMS = mpicalc bftest

@ -9,8 +10,7 @@ mpicalc_SOURCES = mpicalc.c
 bftest_SOURCES = bftest.c


-LDADD = -L ../cipher -L ../mpi -L ../util -L ../cipher	\
-	-lmpi -lutil -lmpi -lutil -lcipher
+LDADD = @INTLLIBS@  $(needed_libs)

-$(PROGRAMS): ../mpi/libmpi.a ../cipher/libcipher.a
+$(PROGRAMS): $(needed_libs)

--- a/tools/Makefile.in
+++ b/tools/Makefile.in
@ -86,7 +86,8 @@ POSUB = @POSUB@
 RANLIB = @RANLIB@
 VERSION = @VERSION@

-INCLUDES = -I.. -I$(top_srcdir)/include
+INCLUDES = -I$(top_srcdir)/include
+needed_libs = ../cipher/libcipher.a  ../util/libutil.a ../mpi/libmpi.a ../util/libutil.a

 noinst_PROGRAMS = mpicalc bftest

@ -94,8 +95,7 @@ mpicalc_SOURCES = mpicalc.c

 bftest_SOURCES = bftest.c

-LDADD = -L ../cipher -L ../mpi -L ../util -L ../cipher	\
-	-lmpi -lutil -lmpi -lutil -lcipher
+LDADD = @INTLLIBS@  $(needed_libs)
 mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
 CONFIG_HEADER = ../config.h
 CONFIG_CLEAN_FILES = 
@ -108,11 +108,13 @@ LDFLAGS = @LDFLAGS@
 LIBS = @LIBS@
 mpicalc_OBJECTS =  mpicalc.o
 mpicalc_LDADD = $(LDADD)
-mpicalc_DEPENDENCIES =  ../cipher ../mpi ../util ../cipher
+mpicalc_DEPENDENCIES =  ../cipher/libcipher.a ../util/libutil.a \
+../mpi/libmpi.a ../util/libutil.a
 mpicalc_LDFLAGS = 
 bftest_OBJECTS =  bftest.o
 bftest_LDADD = $(LDADD)
-bftest_DEPENDENCIES =  ../cipher ../mpi ../util ../cipher
+bftest_DEPENDENCIES =  ../cipher/libcipher.a ../util/libutil.a \
+../mpi/libmpi.a ../util/libutil.a
 bftest_LDFLAGS = 
 CFLAGS = @CFLAGS@
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS)
@ -304,7 +306,7 @@ installdirs mostlyclean-generic distclean-generic clean-generic \
 maintainer-clean-generic clean mostlyclean distclean maintainer-clean


-$(PROGRAMS): ../mpi/libmpi.a ../cipher/libcipher.a
+$(PROGRAMS): $(needed_libs)

 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/tools/bftest.c
+++ b/tools/bftest.c
@ -29,6 +29,7 @@

 #include "util.h"
 #include "cipher.h"
+#include "i18n.h"

 static void
 my_usage(void)
@ -43,6 +44,20 @@ strusage( int level )
    return default_strusage(level);
 }

+static void
+i18n_init(void)
+{
+  #ifdef HAVE_LIBINTL
+    #ifdef HAVE_LC_MESSAGES
+       setlocale( LC_MESSAGES, "" );
+    #else
+       setlocale( LC_ALL, "" );
+    #endif
+    bindtextdomain( PACKAGE, G10_LOCALEDIR );
+    textdomain( PACKAGE );
+  #endif
+}
+
 int
 main(int argc, char **argv)
 {
@ -57,6 +72,7 @@ main(int argc, char **argv)
    setmode( fileno(stdout), O_BINARY );
  #endif

+    i18n_init();
    if( argc > 1 && !strcmp(argv[1], "-e") ) {
 	encode++;
 	argc--; argv++;
--- a/tools/mpicalc.c
+++ b/tools/mpicalc.c
@ -31,6 +31,7 @@

 #include "util.h"
 #include "mpi.h"
+#include "i18n.h"

 #define STACKSIZE  100
 static MPI stack[STACKSIZE];
@ -61,6 +62,21 @@ strusage( int level )
 }


+static void
+i18n_init(void)
+{
+  #ifdef HAVE_LIBINTL
+    #ifdef HAVE_LC_MESSAGES
+       setlocale( LC_MESSAGES, "" );
+    #else
+       setlocale( LC_ALL, "" );
+    #endif
+    bindtextdomain( PACKAGE, G10_LOCALEDIR );
+    textdomain( PACKAGE );
+  #endif
+}
+
+
 static void
 do_add(void)
 {
@ -201,6 +217,7 @@ main(int argc, char **argv)
    char strbuf[1000];
    int stridx=0;

+    i18n_init();
    while( arg_parse( &pargs, opts) ) {
 	switch( pargs.r_opt ) {
 	  default : pargs.err = 2; break;
--- a/util/Makefile.am
+++ b/util/Makefile.am
@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-INCLUDES = -I.. -I$(top_srcdir)/include
+INCLUDES = -I$(top_srcdir)/include

 noinst_LIBRARIES = libutil.a

--- a/util/Makefile.in
+++ b/util/Makefile.in
@ -86,7 +86,7 @@ POSUB = @POSUB@
 RANLIB = @RANLIB@
 VERSION = @VERSION@

-INCLUDES = -I.. -I$(top_srcdir)/include
+INCLUDES = -I$(top_srcdir)/include

 noinst_LIBRARIES = libutil.a

--- a/util/secmem.c
+++ b/util/secmem.c
@ -33,6 +33,7 @@
 #include "types.h"
 #include "memory.h"
 #include "util.h"
+#include "i18n.h"


 #define DEFAULT_POOLSIZE 8196
@ -79,8 +80,9 @@ lock_pool( void *p, size_t n )
    }

    if( err ) {
-	log_error("can´t lock memory: %s\n", strerror(err));
-	log_info("Warning: using insecure memory!\n");
+	if( errno != EPERM )
+	    log_error("can´t lock memory: %s\n", strerror(err));
+	log_info(_("Warning: using insecure memory!\n"));
    }

  #else
 @ -1 +1 @@
 .2.1w
 .2.3