No OneTemporary
Actions

Size

148 KB

Subscribers

None

View Options

This document is not UTF8. It was detected as ISO-8859-1 (Latin 1) and converted to UTF8 for display.

	diff --git a/ChangeLog b/ChangeLog
	index 839ad6994..f7a5f88a5 100644
	--- a/ChangeLog
	+++ b/ChangeLog
	@@ -1,147 +1,152 @@
	+Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
	+
	+ * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): New.
	+ * configure.in (DYNLOAD_CFLAGS): Use result from CHECK_RDYNAMIC
	+
	Wed Dec 23 13:18:14 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* README: Replaced the command overview with a short intro.

	Sat Dec 12 18:40:32 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* configure.in: Add check for dlopen in libc (Greg Troxel)
	and a new define
	* acconfig.h (DLSYM_NEEDS_UNDERSCORE): New.

	Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* acinclude.m (GNUPG_CHECK_PIC): New
	* configure.in, acinclude.m4: Renamed all WK_ to GNUPG_

	Tue Dec 8 15:09:29 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* VERSION: Set to 0.4.5
	Wed Nov 25 12:38:29 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (USE_RNDLINUX): New.

	Fri Nov 20 19:34:57 1998 Werner Koch (wk@isil.d.shuttle.de)

	* VERSION: Released 0.4.4

	* configure.in (try_asm_modules): For option --disable-asm

	Tue Nov 10 19:32:40 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (MPI_SFLAGS): New.

	Tue Nov 10 13:44:53 1998 Werner Koch (wk@isil.d.shuttle.de)

	* ABOUT-NLS: New
	* configure.in (AC_REVISION): New.

	Sun Nov 8 18:20:35 1998 Werner Koch (wk@isil.d.shuttle.de)

	* VERSION: Set to 0.4.3

	Sun Oct 25 19:49:37 1998 Werner Koch (wk@isil.d.shuttle.de)

	* Makefile.am (g10defs.h): New macro GNUPG_DATADIR.

	Wed Oct 21 17:24:24 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in: Removed gettext kludge
	* acinclude.m4: Add patched AM_WITH_NKS macro

	Tue Oct 20 19:03:36 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in: Kludge to make AM_GNU_GETTEXT work,
	changed some macors to more modern versions. Also
	changeg the all makefiles to remove duplicate ../intl.
	* acinclude.m4: Removed the gettext stuff, as this
	already comes with automake now.

	Wed Oct 14 12:11:34 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (NAME_OF_DEV_RANDOM): New.
	(DYNLINK_MOD_CFLAGS): New.

	Thu Oct 8 10:55:15 1998 Werner Koch (wk@isil.d.shuttle.de)

	* Makefile.am (g10defs.h): creates include file
	* acconfig.h: now includes g10defs.h
	* configure.in: Removed G10_LOCALEDIR and GNUPG_LIB

	Thu Sep 17 18:49:40 1998 Werner Koch (wk@(none))

	* Makefile.am (dist-hook): Now creates RPM file.
	* scripts/gnupg.spec: New template file for RPMs

	Thu Jul 30 19:17:07 1998 Werner Koch (wk@(none))

	* acinclude.h (WK_CHECK_IPC): New
	* configure.in : Add checks for SysV IPC

	Thu Jun 25 11:18:49 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (--disable-dynload): New.

	Wed Jun 10 07:48:59 1998 Werner Koch,mobil,,, (wk@tobold)

	* configure.in (GNUPG_LIBDIR): New.

	Mon May 25 19:10:59 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-unix.c (fast_random_poll): fixed syntax bug.

	Mon May 11 10:21:31 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (PRINTABLE_OS_NAME): Linux is now GNU/Linux

	Tue Apr 14 19:08:05 1998 Werner Koch (wk@isil.d.shuttle.de)

	* [all files]: Applied Matthew Skala's typo and grammar fixes.

	Wed Mar 4 10:32:40 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (getrusage,gettimeofday): New tests.

	Fri Feb 27 13:14:17 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (--disable-m-guard): New.

	Thu Feb 26 17:09:27 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in, acinclude.m4, intl/, po/: New macros taken
	from GNOME, switched to automake 1.2f

	Thu Feb 26 09:05:46 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (doc/Makefile): New

	Thu Feb 26 07:40:47 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in: Changed gettext stuff

	Wed Feb 25 11:44:10 1998 Werner Koch (wk@isil.d.shuttle.de)

	* checks/*test : restructured the directory.

	Tue Feb 24 15:59:12 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in: Changed the name of the package to GNUPG and
	chnaged several other names too.

	Wed Feb 18 17:36:45 1998 Werner Koch (wk@isil.d.shuttle.de)

	* Makefile.am (checks): New.

	Sat Feb 14 15:37:55 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (mpi_config_done): Removed asm links caching.

	Sat Feb 14 14:02:20 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in (PRINTABLE_OS_NAME): New.
	* acconfig.h: Likewise.

	Fri Feb 13 19:43:41 1998 Werner Koch (wk@isil.d.shuttle.de)

	* configure.in : Fixed zlib stuff
	* Makefile.am: Likewise

	diff --git a/THANKS b/THANKS
	index 5df018ea1..fb9835ff3 100644
	--- a/THANKS
	+++ b/THANKS
	@@ -1,93 +1,94 @@
	GnuPG was originally written by Werner Koch. Other people contributed by
	reporting problems, suggesting various improvements or submitting actual
	code. Here is a list of those people. Help me keep it complete and free of
	errors.

	Anand Kumria wildfire@progsoc.uts.edu.au
	Ariel T Glenn ariel@columbia.edu
	Bryan Fullerton bryanf@samurai.com
	Brian Moore bem@cmc.net
	Brian Warner warner@lothar.com
	Caskey L. Dickson caskey@technocage.com
	Cees van de Griend cees-list@griend.xs4all.nl
	Charles Levert charles@comm.polymtl.ca
	Christian von Roques roques@pond.sub.org
	Christopher Oliver oliver@fritz.traverse.net
	Christian Recktenwald chris@citecs.de
	Daniel Eisenbud eisenbud@cs.swarthmore.edu
	David Ellement ellement@sdd.hp.com
	Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
	Dirk Lattermann dlatt@t-online.de
	Ed Boraas ecxjo@esperanto.org
	Ernst Molitor ernst.molitor@uni-bonn.de
	Fabio Coatti cova@felix.unife.it
	Felix von Leitner leitner@amdiv.de
	Frank Heckenbach heckenb@mi.uni-erlangen.de
	Gaël Quéri gqueri@mail.dotcom.fr
	Greg Louis glouis@dynamicro.on.ca
	Greg Troxel gdt@ir.bbn.com
	Gregory Steuck steuck@iname.com
	Geoff Keating geoffk@ozemail.com.au
	Harald Denker harry@hal.westfalen.de
	Hendrik Buschkamp buschkamp@rheumanet.org
	Holger Schurig holger@d.om.org
	Hugh Daniel hugh@toad.com
	Ian McKellar imckellar@harvestroad.com.au
	Janusz A. Urbanowicz alex@bofh.torun.pl
	James Troup james@nocrew.org
	Jean-loup Gailly gzip@prep.ai.mit.edu
	Jens Bachem bachem@rrz.uni-koeln.de
	John A. Martin jam@jamux.com
	Johnny Teveßen j.tevessen@gmx.de
	Jörg Schilling schilling@fokus.gmd.de
	Jun Kuriyama kuriyama@sky.rim.or.jp
	Karl Fogel kfogel@guanabana.onshore.com
	Karsten Thygesen karthy@kom.auc.dk
	Kazu Yamamoto kazu@iijlab.net
	Lars Kellogg-Stedman lars@bu.edu
	Marco d'Itri md@linux.it
	Mark Adler madler@alumni.caltech.edu
	Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
	+Martin Kahlert martin.kahlert@provi.de
	Martin Schulte schulte@thp.uni-koeln.de
	Matthew Skala mskala@ansuz.sooke.bc.ca
	Max Valianskiy maxcom@maxcom.ml.org
	Michael Roth mroth@nessie.de
	Michael Sobolev mss@despair.transas.com
	Nicolas Graner Nicolas.Graner@cri.u-psud.fr
	Niklas Hernaeus [Please don't spam him]
	Nimrod Zimerman zimerman@forfree.at
	N J Doye nic@niss.ac.uk
	Oskari Jääskeläinen f33003a@cc.hut.fi
	Paul D. Smith psmith@baynetworks.com
	Peter Gutmann pgut001@cs.auckland.ac.nz
	QingLong qinglong@bolizm.ihep.su
	Ralph Gillen gillen@theochem.uni-duesseldorf.de
	Reuben Sumner rasumner@wisdom.weizmann.ac.il
	Roddy Strachan roddy@satlink.com.au
	Roland Rosenfeld roland@spinnaker.rhein.de
	Ross Golder rossigee@bigfoot.com
	Serge Munhoven munhoven@mema.ucl.ac.be
	SL Baur steve@xemacs.org
	Stefan Karrmann S.Karrmann@gmx.net
	Steffen Ullrich ccrlphr@xensei.com
	Steffen Zahn zahn@berlin.snafu.de
	Susanne Schultz schultz@hsp.de
	Thiago Jung Bauermann jungmann@usa.net
	Thomas Roessler roessler@guug.de
	Tom Spindler dogcow@home.merit.edu
	Tom Zerucha tzeruch@ceddec.com
	Tomas Fasth tomas.fasth@twinspot.net
	Thomas Mikkelsen tbm@image.dk
	Ulf Möller 3umoelle@informatik.uni-hamburg.de
	Urko Lusa ulusa@lacueva.ddns.org
	Walter Koch walterk@dip.de
	Werner Koch werner.koch@guug.de
	Wim Vandeputte bunbun@reptile.rug.ac.be
	nbecker@hns.com

	Thanks to the German Unix User Group for providing FTP space,
	Martin Hamilton for hosting the mailing list and hsp for
	hosting gnupg.org.

	Many thanks to my wife Gerlinde for having so much patience with
	me while hacking late in the evening.
	diff --git a/TODO b/TODO
	index 0fcc7f667..4bae8a971 100644
	--- a/TODO
	+++ b/TODO
	@@ -1,49 +1,53 @@
	Bugs
	----
	* clearsig: keep lineendings as they are. Remember that trailings
	blanks are not hashed. Funny: pgp263in works fine even with
	a source file with CR,LF but GnuPG and pgp263in has problems
	if the clearsign has been created by pgp263ia.
	Needs more investigation - anyone?

	Important
	----------
	* Check revocation and expire stuff. PLEASE: THIS MUST BE TESTED!

	* Check calculation of key validity. PLEASE: IT IS IMPORTED THAT
	THIS GET TESTED.

	* It has been reported that lockfiles are not removed in all cases.
	cleanup is done with atexit() and all signals trigger exit() -
	anything wrong with this? - ah yes: a signal while still in
	dotlock_make

	* See why we always get this "Hmmm public key lost"

	- * print a warning when a revoked/expired secret is used.
	+ * print a warning when a revoked/expired secret key is used.
	+
	+ * display trhe primary keyID in passphrase.c in addition to the
	+ one for the requested key.
	+

	Needed
	------
	* remove more "Fixmes"

	* Replace Blowfish by Twofish and add the new encrypted packet typ
	which has a MACing option (append SHA1 hash to the plaintext and
	encrypt this all) - We need an identifier for Twofish to put this
	one into the cipher preferences.

	Minor Bugs
	----------

	Nice to have
	------------
	* preferences of hash algorithms are not yet used.
	* new menu to delete signatures and list signature in menu
	* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
	or use POSIX.4 realtime signals.
	* add test cases for invalid data (scrambled armor or other random data)
	* add checking of armor trailers
	* Burn the buffers used by fopen(), or use read(2). Does this
	really make sense?
	* change the fake_data stuff to mpi_set_opaque
	* rewrite the ugly armor code.

	diff --git a/acinclude.m4 b/acinclude.m4
	index 13eff5fa9..ab6fbf33b 100644
	--- a/acinclude.m4
	+++ b/acinclude.m4
	@@ -1,609 +1,634 @@
	dnl macros to configure g10


	dnl GNUPG_MSG_PRINT(STRING)
	dnl print a message
	dnl
	define(GNUPG_MSG_PRINT,
	[ echo $ac_n "$1"" $ac_c" 1>&AC_FD_MSG
	])


	dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME)
	dnl Check whether a typedef exists and create a #define $2 if it exists
	dnl
	AC_DEFUN(GNUPG_CHECK_TYPEDEF,
	[ AC_MSG_CHECKING(for $1 typedef)
	AC_CACHE_VAL(gnupg_cv_typedef_$1,
	[AC_TRY_COMPILE([#include <stdlib.h>
	#include <sys/types.h>], [
	#undef $1
	int a = sizeof($1);
	], gnupg_cv_typedef_$1=yes, gnupg_cv_typedef_$1=no )])
	AC_MSG_RESULT($gnupg_cv_typedef_$1)
	if test "$gnupg_cv_typedef_$1" = yes; then
	AC_DEFINE($2)
	fi
	])



	dnl GNUPG_LINK_FILES( SRC, DEST )
	dnl same as AC_LINK_FILES, but collect the files to link in
	dnl some special variables and do the link
	dnl when GNUPG_DO_LINK_FILES is called
	dnl This is a workaround for AC_LINK_FILES, because it does not work
	dnl correct when using a caching scheme
	dnl
	define(GNUPG_LINK_FILES,
	[ if test "x$wk_link_files_src" = "x"; then
	wk_link_files_src="$1"
	wk_link_files_dst="$2"
	else
	wk_link_files_src="$wk_link_files_src $1"
	wk_link_files_dst="$wk_link_files_dst $2"
	fi
	])
	define(GNUPG_DO_LINK_FILES,
	[ AC_LINK_FILES( $wk_link_files_src, $wk_link_files_dst )
	])


	dnl GNUPG_CHECK_ENDIAN
	dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST
	dnl
	define(GNUPG_CHECK_ENDIAN,
	[ if test "$cross_compiling" = yes; then
	AC_MSG_WARN(cross compiling; assuming little endianess)
	fi
	AC_MSG_CHECKING(endianess)
	AC_CACHE_VAL(gnupg_cv_c_endian,
	[ gnupg_cv_c_endian=unknown
	# See if sys/param.h defines the BYTE_ORDER macro.
	AC_TRY_COMPILE([#include <sys/types.h>
	#include <sys/param.h>], [
	#if !BYTE_ORDER \|\| !BIG_ENDIAN \|\| !LITTLE_ENDIAN
	bogus endian macros
	#endif], [# It does; now see whether it defined to BIG_ENDIAN or not.
	AC_TRY_COMPILE([#include <sys/types.h>
	#include <sys/param.h>], [
	#if BYTE_ORDER != BIG_ENDIAN
	not big endian
	#endif], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)])
	if test "$gnupg_cv_c_endian" = unknown; then
	AC_TRY_RUN([main () {
	/* Are we little or big endian? From Harbison&Steele. */
	union
	{
	long l;
	char c[sizeof (long)];
	} u;
	u.l = 1;
	exit (u.c[sizeof (long) - 1] == 1);
	}],
	gnupg_cv_c_endian=little,
	gnupg_cv_c_endian=big,
	gnupg_cv_c_endian=little
	)
	fi
	])
	AC_MSG_RESULT([$gnupg_cv_c_endian])
	if test "$gnupg_cv_c_endian" = little; then
	AC_DEFINE(LITTLE_ENDIAN_HOST)
	else
	AC_DEFINE(BIG_ENDIAN_HOST)
	fi
	])

	dnl GNUPG_CHECK_CACHE
	dnl
	define(GNUPG_CHECK_CACHE,
	[ AC_MSG_CHECKING(cached information)
	gnupg_hostcheck="$target"
	AC_CACHE_VAL(gnupg_cv_hostcheck, [ gnupg_cv_hostcheck="$gnupg_hostcheck" ])
	if test "$gnupg_cv_hostcheck" != "$gnupg_hostcheck"; then
	AC_MSG_RESULT(changed)
	AC_MSG_WARN(config.cache exists!)
	AC_MSG_ERROR(you must do 'make distclean' first to compile for
	different target or different parameters.)
	else
	AC_MSG_RESULT(ok)
	fi
	])


	######################################################################
	# Check for -fPIC etc (taken from libtool)
	# This sets CFLAGS_PIC to the required flags
	# NO_PIC to yes if it is not possible to
	# generate PIC
	######################################################################
	dnl GNUPG_CHECK_PIC
	dnl
	define(GNUPG_CHECK_PIC,
	[ AC_MSG_CHECKING(for option to create PIC)
	CFLAGS_PIC=
	NO_PIC=no
	if test "$cross_compiling" = yes; then
	AC_MSG_RESULT(assume none)
	else
	if test "$GCC" = yes; then
	CFLAGS_PIC="-fPIC"
	else
	case "$host_os" in
	aix3* \| aix4*)
	# All rs/6000 code is PIC
	# but is there any non-rs/6000 AIX platform?
	;;

	hpux9* \| hpux10*)
	CFLAGS_PIC="+Z"
	;;

	irix5* \| irix6*)
	# PIC (with -KPIC) is the default.
	;;

	osf3* \| osf4*)
	# FIXME - pic_flag is probably required for
	# hppa-osf and i860-osf*
	;;

	sco3.2v5*)
	CFLAGS_PIC='-Kpic'
	;;

	solaris2* \| solaris7* )
	CFLAGS_PIC='-KPIC'
	;;

	sunos4*)
	CFLAGS_PIC='-PIC'
	;;

	*)
	NO_PIC=yes
	;;
	esac
	fi

	case "$host_cpu" in
	rs6000 \| powerpc \| powerpcle)
	# Yippee! All RS/6000 and PowerPC code is position-independent.
	CFLAGS_PIC=""
	;;
	esac

	if test "$NO_PIC" = yes; then
	AC_MSG_RESULT(not possible)
	else
	if test -z "$CFLAGS_PIC"; then
	AC_MSG_RESULT(none)
	else
	AC_MSG_RESULT($CFLAGS_PIC)
	fi
	fi
	fi
	])


	+######################################################################
	+# Check for rdynamic flag
	+# This sets CFLAGS_RDYNAMIC to the required flags
	+######################################################################
	+dnl GNUPG_CHECK_RDYNAMIC
	+dnl
	+define(GNUPG_CHECK_RDYNAMIC,
	+ [ AC_MSG_CHECKING(how to specify -rdynamic)
	+ CFLAGS_RDYNAMIC=
	+ if test "$cross_compiling" = yes; then
	+ AC_MSG_RESULT(assume none)
	+ else
	+ case "$host_os" in
	+ solaris*)
	+ CFLAGS_RDYNAMIC="-Wl,-dy"
	+ ;;
	+ *)
	+ CFLAGS_RDYNAMIC="-Wl,-export-dynamic"
	+ ;;
	+ esac
	+ AC_MSG_RESULT($CFLAGS_RDYNAMIC)
	+ fi
	+ ])
	+
	+
	#####################################################################
	# Check for SysV IPC (from GIMP)
	# And see whether we have a SHM_LOCK (FreeBSD does not have it).
	#####################################################################
	dnl GNUPG_CHECK_IPC
	dnl
	define(GNUPG_CHECK_IPC,
	[ AC_CHECK_HEADERS(sys/ipc.h sys/shm.h)
	if test "$ac_cv_header_sys_shm_h" = "yes"; then
	AC_MSG_CHECKING(whether shmctl IPC_RMID allowes subsequent attaches)
	AC_TRY_RUN([
	#include <sys/types.h>
	#include <sys/ipc.h>
	#include <sys/shm.h>
	int main()
	{
	int id;
	char *shmaddr;
	id = shmget (IPC_PRIVATE, 4, IPC_CREAT \| 0777);
	if (id == -1)
	exit (2);
	shmaddr = shmat (id, 0, 0);
	shmctl (id, IPC_RMID, 0);
	if ((char) shmat (id, 0, 0) == (char) -1)
	{
	shmdt (shmaddr);
	exit (1);
	}
	shmdt (shmaddr);
	shmdt (shmaddr);
	exit (0);
	}
	],
	AC_DEFINE(IPC_RMID_DEFERRED_RELEASE)
	AC_MSG_RESULT(yes),
	AC_MSG_RESULT(no),
	AC_MSG_RESULT(assuming no))
	AC_MSG_CHECKING(whether SHM_LOCK is available)
	AC_TRY_COMPILE([#include <sys/types.h>
	#include <sys/ipc.h>
	#include <sys/shm.h>],[
	int foo( int shm_id ) { shmctl(shm_id, SHM_LOCK, 0); }
	],
	AC_DEFINE(IPC_HAVE_SHM_LOCK)
	AC_MSG_RESULT(yes),
	AC_MSG_RESULT(no))
	fi
	])


	######################################################################
	# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
	# is not called from uid 0 (not tested whether uid 0 works)
	######################################################################
	dnl GNUPG_CHECK_MLOCK
	dnl
	define(GNUPG_CHECK_MLOCK,
	[ AC_CHECK_FUNCS(mlock)
	if test "$ac_cv_func_mlock" = "yes"; then
	AC_MSG_CHECKING(whether mlock is broken)
	AC_TRY_RUN([
	#include <stdlib.h>
	#include <unistd.h>
	#include <errno.h>
	#include <sys/mman.h>
	#include <sys/types.h>
	#include <fcntl.h>

	int main()
	{
	char *pool;
	int err;
	long int pgsize = getpagesize();

	pool = malloc( 4096 + pgsize );
	if( !pool )
	return 2;
	pool += (pgsize - ((long int)pool % pgsize));

	err = mlock( pool, 4096 );
	if( !err \|\| errno == EPERM )
	return 0; /* okay */

	return 1; /* hmmm */
	}

	],
	AC_MSG_RESULT(no),
	AC_DEFINE(HAVE_BROKEN_MLOCK)
	AC_MSG_RESULT(yes),
	AC_MSG_RESULT(assuming no))
	fi
	])








	# Macro to add for using GNU gettext.
	# Ulrich Drepper <drepper@cygnus.com>, 1995.
	#
	# This file can be copied and used freely without restrictions. It can
	# be used in projects which are not available under the GNU Public License
	# but which still want to provide support for the GNU gettext functionality.
	# Please note that the actual code is not freely available.

	# serial 5 + patch (wk 21.10.98)

	AC_DEFUN(AM_WITH_NLS,
	[AC_MSG_CHECKING([whether NLS is requested])
	dnl Default is enabled NLS
	AC_ARG_ENABLE(nls,
	[ --disable-nls do not use Native Language Support],
	USE_NLS=$enableval, USE_NLS=yes)
	AC_MSG_RESULT($USE_NLS)
	AC_SUBST(USE_NLS)

	USE_INCLUDED_LIBINTL=no

	dnl If we use NLS figure out what method
	if test "$USE_NLS" = "yes"; then
	AC_DEFINE(ENABLE_NLS)
	AC_MSG_CHECKING([whether included gettext is requested])
	AC_ARG_WITH(included-gettext,
	[ --with-included-gettext use the GNU gettext library included here],
	nls_cv_force_use_gnu_gettext=$withval,
	nls_cv_force_use_gnu_gettext=no)
	AC_MSG_RESULT($nls_cv_force_use_gnu_gettext)

	nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
	if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
	dnl User does not insist on using GNU NLS library. Figure out what
	dnl to use. If gettext or catgets are available (in this order) we
	dnl use this. Else we have to fall back to GNU NLS library.
	dnl catgets is only used if permitted by option --with-catgets.
	nls_cv_header_intl=
	nls_cv_header_libgt=
	CATOBJEXT=NONE

	AC_CHECK_HEADER(libintl.h,
	[AC_CACHE_CHECK([for gettext in libc], gt_cv_func_gettext_libc,
	[AC_TRY_LINK([#include <libintl.h>], [return (int) gettext ("")],
	gt_cv_func_gettext_libc=yes, gt_cv_func_gettext_libc=no)])

	if test "$gt_cv_func_gettext_libc" != "yes"; then
	AC_CHECK_LIB(intl, bindtextdomain,
	[AC_CHECK_LIB(intl, gettext,
	gt_cv_func_gettext_libintl=yes,
	gt_cv_func_gettext_libintl=no)])
	fi

	if test "$gt_cv_func_gettext_libintl" = "yes" ; then
	LIBS="-lintl $LIBS"
	fi

	if test "$gt_cv_func_gettext_libc" = "yes" \
	\|\| test "$gt_cv_func_gettext_libintl" = "yes"; then
	AC_DEFINE(HAVE_GETTEXT)
	AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
	[test -z "`$ac_dir/$ac_word -h 2>&1 \| grep 'dv '`"], no)dnl
	if test "$MSGFMT" != "no"; then
	AC_CHECK_FUNCS(dcgettext)
	AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
	AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
	[test -z "`$ac_dir/$ac_word -h 2>&1 \| grep '(HELP)'`"], :)
	AC_TRY_LINK(, [extern int _nl_msg_cat_cntr;
	return _nl_msg_cat_cntr],
	[CATOBJEXT=.gmo
	DATADIRNAME=share],
	[CATOBJEXT=.mo
	DATADIRNAME=lib])
	INSTOBJEXT=.mo
	fi
	fi
	])

	if test "$CATOBJEXT" = "NONE"; then
	AC_MSG_CHECKING([whether catgets can be used])
	AC_ARG_WITH(catgets,
	[ --with-catgets use catgets functions if available],
	nls_cv_use_catgets=$withval, nls_cv_use_catgets=no)
	AC_MSG_RESULT($nls_cv_use_catgets)

	if test "$nls_cv_use_catgets" = "yes"; then
	dnl No gettext in C library. Try catgets next.
	AC_CHECK_LIB(i, main)
	AC_CHECK_FUNC(catgets,
	[AC_DEFINE(HAVE_CATGETS)
	INTLOBJS="\$(CATOBJS)"
	AC_PATH_PROG(GENCAT, gencat, no)dnl
	if test "$GENCAT" != "no"; then
	AC_PATH_PROG(GMSGFMT, gmsgfmt, no)
	if test "$GMSGFMT" = "no"; then
	AM_PATH_PROG_WITH_TEST(GMSGFMT, msgfmt,
	[test -z "`$ac_dir/$ac_word -h 2>&1 \| grep 'dv '`"], no)
	fi
	AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
	[test -z "`$ac_dir/$ac_word -h 2>&1 \| grep '(HELP)'`"], :)
	USE_INCLUDED_LIBINTL=yes
	CATOBJEXT=.cat
	INSTOBJEXT=.cat
	DATADIRNAME=lib
	INTLDEPS='$(top_builddir)/intl/libintl.a'
	INTLLIBS=$INTLDEPS
	LIBS=`echo $LIBS \| sed -e 's/-lintl//'`
	nls_cv_header_intl=intl/libintl.h
	nls_cv_header_libgt=intl/libgettext.h
	fi])
	fi
	fi

	if test "$CATOBJEXT" = "NONE"; then
	dnl Neither gettext nor catgets in included in the C library.
	dnl Fall back on GNU gettext library.
	nls_cv_use_gnu_gettext=yes
	fi
	fi

	if test "$nls_cv_use_gnu_gettext" = "yes"; then
	dnl Mark actions used to generate GNU NLS library.
	INTLOBJS="\$(GETTOBJS)"
	AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
	[test -z "`$ac_dir/$ac_word -h 2>&1 \| grep 'dv '`"], msgfmt)
	AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
	AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
	[test -z "`$ac_dir/$ac_word -h 2>&1 \| grep '(HELP)'`"], :)
	AC_SUBST(MSGFMT)
	USE_INCLUDED_LIBINTL=yes
	CATOBJEXT=.gmo
	INSTOBJEXT=.mo
	DATADIRNAME=share
	INTLDEPS='$(top_builddir)/intl/libintl.a'
	INTLLIBS=$INTLDEPS
	LIBS=`echo $LIBS \| sed -e 's/-lintl//'`
	nls_cv_header_intl=intl/libintl.h
	nls_cv_header_libgt=intl/libgettext.h
	fi

	dnl Test whether we really found GNU xgettext.
	if test "$XGETTEXT" != ":"; then
	dnl If it is no GNU xgettext we define it as : so that the
	dnl Makefiles still can work.
	if $XGETTEXT --omit-header /dev/null 2> /dev/null; then
	: ;
	else
	AC_MSG_RESULT(
	[found xgettext program is not GNU xgettext; ignore it])
	XGETTEXT=":"
	fi
	fi

	# We need to process the po/ directory.
	POSUB=po
	else
	DATADIRNAME=share
	nls_cv_header_intl=intl/libintl.h
	nls_cv_header_libgt=intl/libgettext.h
	fi
	AC_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl)
	AC_OUTPUT_COMMANDS(
	[case "$CONFIG_FILES" in po/Makefile.in)
	sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile
	esac])


	# If this is used in GNU gettext we have to set USE_NLS to `yes'
	# because some of the sources are only built for this goal.
	if test "$PACKAGE" = gettext; then
	USE_NLS=yes
	USE_INCLUDED_LIBINTL=yes
	fi

	dnl These rules are solely for the distribution goal. While doing this
	dnl we only have to keep exactly one list of the available catalogs
	dnl in configure.in.
	for lang in $ALL_LINGUAS; do
	GMOFILES="$GMOFILES $lang.gmo"
	POFILES="$POFILES $lang.po"
	done

	dnl Make all variables we use known to autoconf.
	AC_SUBST(USE_INCLUDED_LIBINTL)
	AC_SUBST(CATALOGS)
	AC_SUBST(CATOBJEXT)
	AC_SUBST(DATADIRNAME)
	AC_SUBST(GMOFILES)
	AC_SUBST(INSTOBJEXT)
	AC_SUBST(INTLDEPS)
	AC_SUBST(INTLLIBS)
	AC_SUBST(INTLOBJS)
	AC_SUBST(POFILES)
	AC_SUBST(POSUB)
	])


	AC_DEFUN(AM_GNU_GETTEXT,
	[AC_REQUIRE([AC_PROG_MAKE_SET])dnl
	AC_REQUIRE([AC_PROG_CC])dnl
	AC_REQUIRE([AC_PROG_RANLIB])dnl
	AC_REQUIRE([AC_ISC_POSIX])dnl
	AC_REQUIRE([AC_HEADER_STDC])dnl
	AC_REQUIRE([AC_C_CONST])dnl
	AC_REQUIRE([AC_C_INLINE])dnl
	AC_REQUIRE([AC_TYPE_OFF_T])dnl
	AC_REQUIRE([AC_TYPE_SIZE_T])dnl
	AC_REQUIRE([AC_FUNC_ALLOCA])dnl
	AC_REQUIRE([AC_FUNC_MMAP])dnl

	AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h string.h \
	unistd.h sys/param.h])
	AC_CHECK_FUNCS([getcwd munmap putenv setenv setlocale strchr strcasecmp \
	strdup __argz_count __argz_stringify __argz_next])

	if test "${ac_cv_func_stpcpy+set}" != "set"; then
	AC_CHECK_FUNCS(stpcpy)
	fi
	if test "${ac_cv_func_stpcpy}" = "yes"; then
	AC_DEFINE(HAVE_STPCPY)
	fi

	AM_LC_MESSAGES
	AM_WITH_NLS

	if test "x$CATOBJEXT" != "x"; then
	if test "x$ALL_LINGUAS" = "x"; then
	LINGUAS=
	else
	AC_MSG_CHECKING(for catalogs to be installed)
	NEW_LINGUAS=
	for lang in ${LINGUAS=$ALL_LINGUAS}; do
	case "$ALL_LINGUAS" in
	$lang) NEW_LINGUAS="$NEW_LINGUAS $lang" ;;
	esac
	done
	LINGUAS=$NEW_LINGUAS
	AC_MSG_RESULT($LINGUAS)
	fi

	dnl Construct list of names of catalog files to be constructed.
	if test -n "$LINGUAS"; then
	for lang in $LINGUAS; do CATALOGS="$CATALOGS $lang$CATOBJEXT"; done
	fi
	fi

	dnl The reference to <locale.h> in the installed <libintl.h> file
	dnl must be resolved because we cannot expect the users of this
	dnl to define HAVE_LOCALE_H.
	if test $ac_cv_header_locale_h = yes; then
	INCLUDE_LOCALE_H="#include <locale.h>"
	else
	INCLUDE_LOCALE_H="\
	/* The system does not provide the header <locale.h>. Take care yourself. */"
	fi
	AC_SUBST(INCLUDE_LOCALE_H)

	dnl Determine which catalog format we have (if any is needed)
	dnl For now we know about two different formats:
	dnl Linux libc-5 and the normal X/Open format
	test -d intl \|\| mkdir intl
	if test "$CATOBJEXT" = ".cat"; then
	AC_CHECK_HEADER(linux/version.h, msgformat=linux, msgformat=xopen)

	dnl Transform the SED scripts while copying because some dumb SEDs
	dnl cannot handle comments.
	sed -e '/^#/d' $srcdir/intl/$msgformat-msg.sed > intl/po2msg.sed
	fi
	dnl po2tbl.sed is always needed.
	sed -e '/^#.*[^\\]$/d' -e '/^#$/d' \
	$srcdir/intl/po2tbl.sed.in > intl/po2tbl.sed

	dnl In the intl/Makefile.in we have a special dependency which makes
	dnl only sense for gettext. We comment this out for non-gettext
	dnl packages.
	if test "$PACKAGE" = "gettext"; then
	GT_NO="#NO#"
	GT_YES=
	else
	GT_NO=
	GT_YES="#YES#"
	fi
	AC_SUBST(GT_NO)
	AC_SUBST(GT_YES)

	dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly
	dnl find the mkinstalldirs script in another subdir but ($top_srcdir).
	dnl Try to locate is.
	MKINSTALLDIRS=
	if test -n "$ac_aux_dir"; then
	MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs"
	fi
	if test -z "$MKINSTALLDIRS"; then
	MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs"
	fi
	AC_SUBST(MKINSTALLDIRS)

	dnl *** For now the libtool support in intl/Makefile is not for real.
	l=
	AC_SUBST(l)

	dnl Generate list of files to be processed by xgettext which will
	dnl be included in po/Makefile.
	test -d po \|\| mkdir po
	if test "x$srcdir" != "x."; then
	if test "x`echo $srcdir \| sed 's@/.*@@'`" = "x"; then
	posrcprefix="$srcdir/"
	else
	posrcprefix="../$srcdir/"
	fi
	else
	posrcprefix="../"
	fi
	rm -f po/POTFILES
	sed -e "/^#/d" -e "/^\$/d" -e "s,., $posrcprefix& \\\\," -e "\$s/$.$ \\\\/\1/" \
	< $srcdir/po/POTFILES.in > po/POTFILES
	])

	dnl -wedit:notab- Please keep this as the last line.
	diff --git a/checks/ChangeLog b/checks/ChangeLog
	index 83afdd699..6d1c7d7aa 100644
	--- a/checks/ChangeLog
	+++ b/checks/ChangeLog
	@@ -1,27 +1,32 @@
	+1999-01-01 Geoff Keating <geoffk@ozemail.com.au>
	+
	+ * Makefile.am (CLEANFILES): Also delete trustdb and any leftover
	+ lockfiles.
	+
	Fri Nov 27 15:30:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* clearsig.test: Some more test cases.

	Sun Oct 25 18:19:35 1998 Werner Koch (wk@isil.d.shuttle.de)

	* mds.test: Check whether TIGER is available.
	* sigs.tesr: Ditto.

	Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de)

	* run-gpg.patterns: New (because Solaris fgrep does not like -f -).

	Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none))

	* genkey1024.test: Ariel fixed this.

	Wed Jul 8 10:43:47 1998 Werner Koch (wk@isil.d.shuttle.de)

	* seat.test: New.

	Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)

	* Makefile.am: Now uses mk-tdata to produce random test data.

	* ChangeLog: New.

	diff --git a/checks/Makefile.am b/checks/Makefile.am
	index cf784a5bf..8fb3d7d36 100644
	--- a/checks/Makefile.am
	+++ b/checks/Makefile.am
	@@ -1,69 +1,69 @@
	## Process this file with automake to create Makefile.in

	TESTS = version.test mds.test \
	decrypt.test decrypt-dsa.test \
	sigs.test sigs-dsa.test \
	encrypt.test encrypt-dsa.test \
	seat.test clearsig.test encryptp.test detach.test \
	armsigs.test armencrypt.test armencryptp.test \
	signencrypt.test signencrypt-dsa.test \
	armsignencrypt.test armdetach.test \
	armdetachm.test detachm.test genkey1024.test \
	conventional.test


	TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
	plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
	pubring.pkr.asc secring.skr.asc

	DATA_FILES = data-500 data-9000 data-32000 data-80000

	EXTRA_DIST = defs.inc run-gpg run-gpgm run-gpg.patterns $(TESTS) $(TEST_FILES)
	-CLEANFILES = prepared.stamp x y z out err $(DATA_FILES) \
	- plain-1 plain-2 plain-3
	+CLEANFILES = prepared.stamp x y yy z out err $(DATA_FILES) \
	+ plain-1 plain-2 plain-3 options trustdb.gpg .lock .\#lk
	DISTCLEANFILES = pubring.gpg secring.gpg pubring.pkr secring.skr



	check: prepared.stamp

	testdata: prepared.stamp

	prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
	./pubring.pkr ./secring.skr $(DATA_FILES)
	echo timestamp >./prepared.stamp


	./pubring.gpg: $(srcdir)/pubring.asc
	../g10/gpgm --yes --dearmor -o ./pubring.gpg $(srcdir)/pubring.asc

	./secring.gpg: $(srcdir)/secring.asc
	../g10/gpgm --yes --dearmor -o ./secring.gpg $(srcdir)/secring.asc

	./pubring.pkr: $(srcdir)/pubring.pkr.asc
	../g10/gpgm --yes --dearmor -o ./pubring.pkr $(srcdir)/pubring.pkr.asc

	./secring.skr: $(srcdir)/secring.skr.asc
	../g10/gpgm --yes --dearmor -o ./secring.skr $(srcdir)/secring.skr.asc

	./plain-1: $(srcdir)/plain-1o.asc
	../g10/gpgm --yes --dearmor -o ./plain-1 $(srcdir)/plain-1o.asc

	./plain-2: $(srcdir)/plain-2o.asc
	../g10/gpgm --yes --dearmor -o ./plain-2 $(srcdir)/plain-2o.asc

	./plain-3: $(srcdir)/plain-3o.asc
	../g10/gpgm --yes --dearmor -o ./plain-3 $(srcdir)/plain-3o.asc



	data-500:
	../tools/mk-tdata 500 >data-500
	data-9000:
	../tools/mk-tdata 9000 >data-9000
	data-32000:
	../tools/mk-tdata 32000 >data-32000
	data-80000:
	../tools/mk-tdata 80000 >data-80000


	diff --git a/checks/run-gpg.patterns b/checks/run-gpg.patterns
	index 9fb58dade..3646e3785 100644
	--- a/checks/run-gpg.patterns
	+++ b/checks/run-gpg.patterns
	@@ -1,8 +1,9 @@
	gpg: Good signature from
	gpg: Signature made
	gpg: NOTE: cipher algorithm 3 not found in preferences
	gpg: NOTE: cipher algorithm 4 not found in preferences
	gpg: NOTE: secret key 2E5FA4F4 is NOT protected.
	gpg: NOTE: secret key 439F02CA is NOT protected.
	gpg: WARNING: using insecure random number generator
	+gpg: NOTE: signature key expired
	gpg: NOTE: this is a development version!
	diff --git a/cipher/ChangeLog b/cipher/ChangeLog
	index edce2b07e..328f26492 100644
	--- a/cipher/ChangeLog
	+++ b/cipher/ChangeLog
	@@ -1,312 +1,320 @@
	+Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
	+
	+ * rndunix.c (start_gatherer): Fixed stupid ==/= bug
	+
	+1998-12-31 Geoff Keating <geoffk@ozemail.com.au>
	+
	+ * des.c (is_weak_key): Rewrite loop end condition.
	+
	Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* random.c: add unistd.h for getpid().
	(RAND_MAX): Fallback value for Sun.

	Wed Dec 23 17:12:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* md.c (md_copy): Reset debug.

	Mon Dec 14 21:18:49 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* random.c (read_random_source): Changed the interface to the
	random gathering function.
	(gather_faked): Use new interface.
	* dynload.c (dynload_getfnc_fast_random_poll): Ditto.
	(dynload_getfnc_gather_random): Ditto.
	* rndlinux.c (gather_random): Ditto.
	* rndunix.c (gather_random): Ditto.

	Sat Dec 12 18:40:32 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* dynload.c (SYMBOL_VERSION): New to cope with system which needs
	underscores.

	* rndunix.c: Rewrote large parts

	Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* dynload.c (load_extension): increased needed verbosity level.

	* random.c (fast_random_poll): Fallback to a default fast random
	poll function.
	(read_random_source): Always use the faked entroy gatherer if no
	gather module is available.
	* rndlinux.c (fast_poll): Removed.
	* rndunix.c (fast_poll): Removed.


	Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-*.c: Removed.
	* rndlinux.c : New.
	* rndunix.c : New.
	* random.c : Restructured the interface to the gather modules.
	(intialize): Call constructor functions
	(read_radnom_source): Moved to here.
	* dynload.c (dynload_getfnc_gather_random): New.
	(dynload_getfnc_fast_random_poll): New.
	(register_internal_cipher_extension): New.
	(register_cipher_extension): Support of internal modules.

	Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-unix.c (read_random_source): Removed the assert.

	Mon Oct 19 18:34:30 1998 me,,, (wk@tobold)

	* pubkey.c: Hack to allow us to give some info about RSA keys back.

	Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dynload.c: Support for DLD

	Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-unix.c: Now uses names from configure for /dev/random.

	1998-10-10 SL Baur <steve@altair.xemacs.org>

	* Makefile.am: fix sed -O substitutions to catch -O6, etc.

	Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)
	* rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.

	Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_digest): New.
	(md_reset): New.

	Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.

	Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none))

	* des.c: Some patches from Michael.

	Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))

	* des.c : New file from Michael Roth <mroth@nessie.de>

	Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none))

	* blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.

	Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none))

	* dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.

	Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none))

	* Makefile.am: Fixes to allow a different build directory

	Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold)

	* random.c (get_random_byte): Removed and changed all callers
	to use get_random_bits()

	Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none))

	* cipher.c : Support for other blocksizes
	(cipher_get_blocksize): New.
	* twofish.c: New.
	* Makefile.am: Add twofish module.

	Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (read_pool): Simple alloc if secure_alloc is not set.
	(get_random_bits): Ditto.

	Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dynload.c (load_extension): Function now nbails out if
	the program is run setuid.

	Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (rmd160_hash_buffer): New.

	Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c (cipher_open): algos >=100 use standard CFB

	Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de)

	* Makefile.am: Support for extensions

	Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (mix_pool): simpler handling for level 0

	Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c: Removed from dist, will reappear as dynload module

	Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de)

	* pubkey.c: Major changes to allow extensions. Changed the inteface
	of all public key ciphers and added the ability to load extensions
	on demand.

	* misc.c: Removed.

	Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold)

	* dynload.c: New.
	* cipher.c: Major changes to allow extensions.

	Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c: Major internal chnages to support extensions.
	* blowfish.c (blowfish_get_info): New and made all internal
	functions static, changed heder.
	* cast5.c (cast5_get_info): Likewise.

	Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c (transform): Fix for big endian

	* cipher.c (do_cfb_decrypt): Big endian fix.

	Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_get_oid): Add a new one for TIGER.

	Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c: Add support for a dummy cipher

	Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (transform): fixed sigbus - I should better
	add Christian von Roques's new implemenation of rmd160_write.

	Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New
	* random.c: Moved system specific functions to rand-****.c

	Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (fast_random_poll): add call to gethrtime.

	Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de)

	* elgamal.c (elg_generate): choosing x was not correct, could
	yield 6 bytes which are not from the random pool, tsss, tsss..

	Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de)

	* primegen.c (generate_elg_prime): Add arg mode, changed all
	callers and implemented mode 1.

	Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c (cipher_get_keylen): New.

	Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c, tiger.h: New.

	Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de)

	* misc.c (check_pubkey_algo2): New.

	Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c: New
	* misc.c (check_cipher_algo): Moved to cipher.c
	* cast5.c: Moved many functions to cipher.c
	* blowfish.c: Likewise.

	Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cast5.c: Implemented and tested.

	Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de)

	* elgamal.c (elg_generate): Faster generation of x in some cases.

	Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de)

	* blowfish.c (blowfish_decode_cfb): changed XOR operation
	(blowfish_encode_cfb): Ditto.

	Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de)

	* sha1.c (transform): Rewrote

	* blowfish.c (encrypt): Unrolled for rounds == 16
	(decrypt): Ditto.

	Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (transform): Unrolled the loop.

	Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (read_pool): Add pool_balance stuff.
	(get_random_bits): New.

	* elgamal.c (elg_generate): Now uses get_random_bits to generate x.


	Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_digest_length): New.

	Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dsa.c (dsa_verify): Works.

	Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dsa.c, dsa.h: Removed some unused code.

	Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_open): Add call to fast_random_poll.
	blowfish.c (blowfish_setkey): Ditto.

	Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (rmd160_mixblock): New.
	* random.c: Restructured to start with a new RNG implementation.
	* random.h: New.

	Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de)

	* gost.c, gost.h: Removed because they did only conatin trash.

	Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (fill_buffer): removed error message if n == -1.

	Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_enable): No init if called twice.

	Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de)

	* primegen.c (generate_elg_prime): Changed the progress printing.
	(gen_prime): Ditto.

	Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md5.c, md.5 : Replaced by a modified version of md5.c from
	GNU textutils 1.22.

	Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c, md.h : New debugging support

	Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)

	* misc.c (cipher_algo_to_string): New
	(pubkey_algo_to_string): New.
	(digest_algo_to_string): New.


	diff --git a/cipher/des.c b/cipher/des.c
	index f7187c0a1..41c768894 100644
	--- a/cipher/des.c
	+++ b/cipher/des.c
	@@ -1,902 +1,899 @@
	/* des.c - DES and Triple-DES encryption/decryption Algorithm
	* Copyright (C) 1998 Free Software Foundation, Inc.
	*
	* Please see below for more legal information!
	*
	* According to the definition of DES in FIPS PUB 46-2 from December 1993.
	* For a description of triple encryption, see:
	* Bruce Schneier: Applied Cryptography. Second Edition.
	* John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
	*
	* This file is part of GnuPG.
	*
	* GnuPG is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License as published by
	* the Free Software Foundation; either version 2 of the License, or
	* (at your option) any later version.
	*
	* GnuPG is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program; if not, write to the Free Software
	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	*/


	/*
	* Written by Michael Roth <mroth@nessie.de>, September 1998
	*/


	/*
	* U S A G E
	* ===========
	*
	* For DES or Triple-DES encryption/decryption you must initialize a proper
	* encryption context with a key.
	*
	* A DES key is 64bit wide but only 56bits of the key are used. The remaining
	* bits are parity bits and they will _not_ checked in this implementation, but
	* simply ignored.
	*
	* For Tripple-DES you could use either two 64bit keys or three 64bit keys.
	* The parity bits will _not_ checked, too.
	*
	* After initializing a context with a key you could use this context to
	* encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
	*
	* (In the examples below the slashes at the beginning and ending of comments
	* are omited.)
	*
	* DES Example
	* -----------
	* unsigned char key[8];
	* unsigned char plaintext[8];
	* unsigned char ciphertext[8];
	* unsigned char recoverd[8];
	* des_ctx context;
	*
	* * Fill 'key' and 'plaintext' with some data *
	* ....
	*
	* * Set up the DES encryption context *
	* des_setkey(context, key);
	*
	* * Encrypt the plaintext *
	* des_ecb_encrypt(context, plaintext, ciphertext);
	*
	* * To recover the orginal plaintext from ciphertext use: *
	* des_ecb_decrypt(context, ciphertext, recoverd);
	*
	*
	* Triple-DES Example
	* ------------------
	* unsigned char key1[8];
	* unsigned char key2[8];
	* unsigned char key3[8];
	* unsigned char plaintext[8];
	* unsigned char ciphertext[8];
	* unsigned char recoverd[8];
	* tripledes_ctx context;
	*
	* * If you would like to use two 64bit keys, fill 'key1' and'key2'
	* then setup the encryption context: *
	* tripledes_set2keys(context, key1, key2);
	*
	* * To use three 64bit keys with Triple-DES use: *
	* tripledes_set3keys(context, key1, key2, key3);
	*
	* * Encrypting plaintext with Triple-DES *
	* tripledes_ecb_encrypt(context, plaintext, ciphertext);
	*
	* * Decrypting ciphertext to recover the plaintext with Triple-DES *
	* tripledes_ecb_decrypt(context, ciphertext, recoverd);
	*
	*
	* Selftest
	* --------
	* char *error_msg;
	*
	* * To perform a selftest of this DES/Triple-DES implementation use the
	* function selftest(). It will return an error string if their are
	* some problems with this library. *
	*
	* if ( (error_msg = selftest()) )
	* {
	* fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
	* abort();
	* }
	*/


	#include <config.h>
	#include <string.h> /* memcpy, memcmp */
	#include <assert.h>
	#include "types.h" /* for byte and u32 typedefs */
	#include "util.h" /* for log_fatal() */
	#include "des.h"


	/* Some defines/checks to support standalone modules */

	#ifndef CIPHER_ALGO_3DES
	#define CIPHER_ALGO_3DES 2
	#elif CIPHER_ALGO_3DES != 2
	#error CIPHER_ALGO_3DES is defined to a wrong value.
	#endif

	#ifndef G10ERR_WEAK_KEY
	#define G10ERR_WEAK_KEY 43
	#elif G10ERR_WEAK_KEY != 43
	#error G10ERR_WEAK_KEY is defined to a wrong value.
	#endif

	#ifndef G10ERR_WRONG_KEYLEN
	#define G10ERR_WRONG_KEYLEN 44
	#elif G10ERR_WRONG_KEYLEN != 44
	#error G10ERR_WRONG_KEYLEN is defined to a wrong value.
	#endif



	/* Macros used by the info function. */
	#define FNCCAST_SETKEY(f) ((int()(void, byte*, unsigned))(f))
	#define FNCCAST_CRYPT(f) ((void()(void, byte, byte))(f))


	/*
	* Encryption/Decryption context of DES
	*/
	typedef struct _des_ctx
	{
	u32 encrypt_subkeys[32];
	u32 decrypt_subkeys[32];
	}
	des_ctx[1];

	/*
	* Encryption/Decryption context of Triple-DES
	*/
	typedef struct _tripledes_ctx
	{
	u32 encrypt_subkeys[96];
	u32 decrypt_subkeys[96];
	}
	tripledes_ctx[1];


	static void des_key_schedule (const byte , u32 );
	static int des_setkey (struct _des_ctx , const byte );
	static int des_ecb_crypt (struct _des_ctx , const byte , byte *, int);
	static int tripledes_set2keys (struct _tripledes_ctx , const byte , const byte *);
	static int tripledes_set3keys (struct _tripledes_ctx , const byte , const byte , const byte );
	static int tripledes_ecb_crypt (struct _tripledes_ctx , const byte , byte *, int);
	static int is_weak_key ( const byte *key );
	static const char *selftest (void);






	/*
	* The s-box values are permuted according to the 'primitive function P'
	*/
	static u32 sbox1[64] =
	{
	0x00808200, 0x00000000, 0x00008000, 0x00808202, 0x00808002, 0x00008202, 0x00000002, 0x00008000,
	0x00000200, 0x00808200, 0x00808202, 0x00000200, 0x00800202, 0x00808002, 0x00800000, 0x00000002,
	0x00000202, 0x00800200, 0x00800200, 0x00008200, 0x00008200, 0x00808000, 0x00808000, 0x00800202,
	0x00008002, 0x00800002, 0x00800002, 0x00008002, 0x00000000, 0x00000202, 0x00008202, 0x00800000,
	0x00008000, 0x00808202, 0x00000002, 0x00808000, 0x00808200, 0x00800000, 0x00800000, 0x00000200,
	0x00808002, 0x00008000, 0x00008200, 0x00800002, 0x00000200, 0x00000002, 0x00800202, 0x00008202,
	0x00808202, 0x00008002, 0x00808000, 0x00800202, 0x00800002, 0x00000202, 0x00008202, 0x00808200,
	0x00000202, 0x00800200, 0x00800200, 0x00000000, 0x00008002, 0x00008200, 0x00000000, 0x00808002
	};

	static u32 sbox2[64] =
	{
	0x40084010, 0x40004000, 0x00004000, 0x00084010, 0x00080000, 0x00000010, 0x40080010, 0x40004010,
	0x40000010, 0x40084010, 0x40084000, 0x40000000, 0x40004000, 0x00080000, 0x00000010, 0x40080010,
	0x00084000, 0x00080010, 0x40004010, 0x00000000, 0x40000000, 0x00004000, 0x00084010, 0x40080000,
	0x00080010, 0x40000010, 0x00000000, 0x00084000, 0x00004010, 0x40084000, 0x40080000, 0x00004010,
	0x00000000, 0x00084010, 0x40080010, 0x00080000, 0x40004010, 0x40080000, 0x40084000, 0x00004000,
	0x40080000, 0x40004000, 0x00000010, 0x40084010, 0x00084010, 0x00000010, 0x00004000, 0x40000000,
	0x00004010, 0x40084000, 0x00080000, 0x40000010, 0x00080010, 0x40004010, 0x40000010, 0x00080010,
	0x00084000, 0x00000000, 0x40004000, 0x00004010, 0x40000000, 0x40080010, 0x40084010, 0x00084000
	};

	static u32 sbox3[64] =
	{
	0x00000104, 0x04010100, 0x00000000, 0x04010004, 0x04000100, 0x00000000, 0x00010104, 0x04000100,
	0x00010004, 0x04000004, 0x04000004, 0x00010000, 0x04010104, 0x00010004, 0x04010000, 0x00000104,
	0x04000000, 0x00000004, 0x04010100, 0x00000100, 0x00010100, 0x04010000, 0x04010004, 0x00010104,
	0x04000104, 0x00010100, 0x00010000, 0x04000104, 0x00000004, 0x04010104, 0x00000100, 0x04000000,
	0x04010100, 0x04000000, 0x00010004, 0x00000104, 0x00010000, 0x04010100, 0x04000100, 0x00000000,
	0x00000100, 0x00010004, 0x04010104, 0x04000100, 0x04000004, 0x00000100, 0x00000000, 0x04010004,
	0x04000104, 0x00010000, 0x04000000, 0x04010104, 0x00000004, 0x00010104, 0x00010100, 0x04000004,
	0x04010000, 0x04000104, 0x00000104, 0x04010000, 0x00010104, 0x00000004, 0x04010004, 0x00010100
	};

	static u32 sbox4[64] =
	{
	0x80401000, 0x80001040, 0x80001040, 0x00000040, 0x00401040, 0x80400040, 0x80400000, 0x80001000,
	0x00000000, 0x00401000, 0x00401000, 0x80401040, 0x80000040, 0x00000000, 0x00400040, 0x80400000,
	0x80000000, 0x00001000, 0x00400000, 0x80401000, 0x00000040, 0x00400000, 0x80001000, 0x00001040,
	0x80400040, 0x80000000, 0x00001040, 0x00400040, 0x00001000, 0x00401040, 0x80401040, 0x80000040,
	0x00400040, 0x80400000, 0x00401000, 0x80401040, 0x80000040, 0x00000000, 0x00000000, 0x00401000,
	0x00001040, 0x00400040, 0x80400040, 0x80000000, 0x80401000, 0x80001040, 0x80001040, 0x00000040,
	0x80401040, 0x80000040, 0x80000000, 0x00001000, 0x80400000, 0x80001000, 0x00401040, 0x80400040,
	0x80001000, 0x00001040, 0x00400000, 0x80401000, 0x00000040, 0x00400000, 0x00001000, 0x00401040
	};

	static u32 sbox5[64] =
	{
	0x00000080, 0x01040080, 0x01040000, 0x21000080, 0x00040000, 0x00000080, 0x20000000, 0x01040000,
	0x20040080, 0x00040000, 0x01000080, 0x20040080, 0x21000080, 0x21040000, 0x00040080, 0x20000000,
	0x01000000, 0x20040000, 0x20040000, 0x00000000, 0x20000080, 0x21040080, 0x21040080, 0x01000080,
	0x21040000, 0x20000080, 0x00000000, 0x21000000, 0x01040080, 0x01000000, 0x21000000, 0x00040080,
	0x00040000, 0x21000080, 0x00000080, 0x01000000, 0x20000000, 0x01040000, 0x21000080, 0x20040080,
	0x01000080, 0x20000000, 0x21040000, 0x01040080, 0x20040080, 0x00000080, 0x01000000, 0x21040000,
	0x21040080, 0x00040080, 0x21000000, 0x21040080, 0x01040000, 0x00000000, 0x20040000, 0x21000000,
	0x00040080, 0x01000080, 0x20000080, 0x00040000, 0x00000000, 0x20040000, 0x01040080, 0x20000080
	};

	static u32 sbox6[64] =
	{
	0x10000008, 0x10200000, 0x00002000, 0x10202008, 0x10200000, 0x00000008, 0x10202008, 0x00200000,
	0x10002000, 0x00202008, 0x00200000, 0x10000008, 0x00200008, 0x10002000, 0x10000000, 0x00002008,
	0x00000000, 0x00200008, 0x10002008, 0x00002000, 0x00202000, 0x10002008, 0x00000008, 0x10200008,
	0x10200008, 0x00000000, 0x00202008, 0x10202000, 0x00002008, 0x00202000, 0x10202000, 0x10000000,
	0x10002000, 0x00000008, 0x10200008, 0x00202000, 0x10202008, 0x00200000, 0x00002008, 0x10000008,
	0x00200000, 0x10002000, 0x10000000, 0x00002008, 0x10000008, 0x10202008, 0x00202000, 0x10200000,
	0x00202008, 0x10202000, 0x00000000, 0x10200008, 0x00000008, 0x00002000, 0x10200000, 0x00202008,
	0x00002000, 0x00200008, 0x10002008, 0x00000000, 0x10202000, 0x10000000, 0x00200008, 0x10002008
	};

	static u32 sbox7[64] =
	{
	0x00100000, 0x02100001, 0x02000401, 0x00000000, 0x00000400, 0x02000401, 0x00100401, 0x02100400,
	0x02100401, 0x00100000, 0x00000000, 0x02000001, 0x00000001, 0x02000000, 0x02100001, 0x00000401,
	0x02000400, 0x00100401, 0x00100001, 0x02000400, 0x02000001, 0x02100000, 0x02100400, 0x00100001,
	0x02100000, 0x00000400, 0x00000401, 0x02100401, 0x00100400, 0x00000001, 0x02000000, 0x00100400,
	0x02000000, 0x00100400, 0x00100000, 0x02000401, 0x02000401, 0x02100001, 0x02100001, 0x00000001,
	0x00100001, 0x02000000, 0x02000400, 0x00100000, 0x02100400, 0x00000401, 0x00100401, 0x02100400,
	0x00000401, 0x02000001, 0x02100401, 0x02100000, 0x00100400, 0x00000000, 0x00000001, 0x02100401,
	0x00000000, 0x00100401, 0x02100000, 0x00000400, 0x02000001, 0x02000400, 0x00000400, 0x00100001
	};

	static u32 sbox8[64] =
	{
	0x08000820, 0x00000800, 0x00020000, 0x08020820, 0x08000000, 0x08000820, 0x00000020, 0x08000000,
	0x00020020, 0x08020000, 0x08020820, 0x00020800, 0x08020800, 0x00020820, 0x00000800, 0x00000020,
	0x08020000, 0x08000020, 0x08000800, 0x00000820, 0x00020800, 0x00020020, 0x08020020, 0x08020800,
	0x00000820, 0x00000000, 0x00000000, 0x08020020, 0x08000020, 0x08000800, 0x00020820, 0x00020000,
	0x00020820, 0x00020000, 0x08020800, 0x00000800, 0x00000020, 0x08020020, 0x00000800, 0x00020820,
	0x08000800, 0x00000020, 0x08000020, 0x08020000, 0x08020020, 0x08000000, 0x00020000, 0x08000820,
	0x00000000, 0x08020820, 0x00020020, 0x08000020, 0x08020000, 0x08000800, 0x08000820, 0x00000000,
	0x08020820, 0x00020800, 0x00020800, 0x00000820, 0x00000820, 0x00020020, 0x08000000, 0x08020800
	};



	/*
	* These two tables are part of the 'permuted choice 1' function.
	* In this implementation several speed improvements are done.
	*/
	u32 leftkey_swap[16] =
	{
	0x00000000, 0x00000001, 0x00000100, 0x00000101,
	0x00010000, 0x00010001, 0x00010100, 0x00010101,
	0x01000000, 0x01000001, 0x01000100, 0x01000101,
	0x01010000, 0x01010001, 0x01010100, 0x01010101
	};

	u32 rightkey_swap[16] =
	{
	0x00000000, 0x01000000, 0x00010000, 0x01010000,
	0x00000100, 0x01000100, 0x00010100, 0x01010100,
	0x00000001, 0x01000001, 0x00010001, 0x01010001,
	0x00000101, 0x01000101, 0x00010101, 0x01010101,
	};



	/*
	* Numbers of left shifts per round for encryption subkey schedule
	* To calculate the decryption key scheduling we just reverse the
	* ordering of the subkeys so we can omit the table for decryption
	* subkey schedule.
	*/
	static byte encrypt_rotate_tab[16] =
	{
	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
	};



	/*
	* Table with weak DES keys sorted in ascending order.
	* In DES their are 64 known keys wich are weak. They are weak
	* because they produce only one, two or four different
	* subkeys in the subkey scheduling process.
	* The keys in this table have all their parity bits cleared.
	*/
	static byte weak_keys[64][8] =
	{
	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
	{ 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 }, { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
	{ 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
	{ 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe }, { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
	{ 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
	{ 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 }, { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
	{ 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
	{ 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e }, { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
	{ 0x0e, 0x0e, 0x0e, 0x0e, 0xf0, 0xf0, 0xf0, 0xf0 }, { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
	{ 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
	{ 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 }, { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
	{ 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
	{ 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe }, { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
	{ 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
	{ 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 }, { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
	{ 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
	{ 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e }, { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
	{ 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe }, { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 },
	{ 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e }, { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
	{ 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 }, { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e },
	{ 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 }, { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
	{ 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e }, { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
	{ 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e }, { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
	{ 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
	{ 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe }, { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
	{ 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e }, { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 },
	{ 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 }, { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
	{ 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 }, { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e },
	{ 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e }, { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
	{ 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe }, { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 },
	{ 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 }, { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
	{ 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 }, { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }
	};






	/*
	* Macro to swap bits across two words
	*/
	#define DO_PERMUTATION(a, temp, b, offset, mask) \
	temp = ((a>>offset) ^ b) & mask; \
	b ^= temp; \
	a ^= temp<<offset;


	/*
	* This performs the 'initial permutation' for the data to be encrypted or decrypted
	*/
	#define INITIAL_PERMUTATION(left, temp, right) \
	DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
	DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
	DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
	DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
	DO_PERMUTATION(left, temp, right, 1, 0x55555555)


	/*
	* The 'inverse initial permutation'
	*/
	#define FINAL_PERMUTATION(left, temp, right) \
	DO_PERMUTATION(left, temp, right, 1, 0x55555555) \
	DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
	DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
	DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
	DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)


	/*
	* A full DES round including 'expansion function', 'sbox substitution'
	* and 'primitive function P' but without swapping the left and right word.
	*/
	#define DES_ROUND(from, to, work, subkey) \
	work = ((from<<1) \| (from>>31)) ^ *subkey++; \
	to ^= sbox8[ work & 0x3f ]; \
	to ^= sbox6[ (work>>8) & 0x3f ]; \
	to ^= sbox4[ (work>>16) & 0x3f ]; \
	to ^= sbox2[ (work>>24) & 0x3f ]; \
	work = ((from>>3) \| (from<<29)) ^ *subkey++; \
	to ^= sbox7[ work & 0x3f ]; \
	to ^= sbox5[ (work>>8) & 0x3f ]; \
	to ^= sbox3[ (work>>16) & 0x3f ]; \
	to ^= sbox1[ (work>>24) & 0x3f ];


	/*
	* Macros to convert 8 bytes from/to 32bit words
	*/
	#define READ_64BIT_DATA(data, left, right) \
	left = (data[0] << 24) \| (data[1] << 16) \| (data[2] << 8) \| data[3]; \
	right = (data[4] << 24) \| (data[5] << 16) \| (data[6] << 8) \| data[7];

	#define WRITE_64BIT_DATA(data, left, right) \
	data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
	data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
	data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
	data[6] = (right >> 8) &0xff; data[7] = right &0xff;


	/*
	* Handy macros for encryption and decryption of data
	*/
	#define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
	#define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
	#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx, from, to, 0)
	#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx, from, to, 1)






	/*
	* des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
	* 16 encryption rounds.
	* To calculate subkeys for decryption the caller
	* have to reorder the generated subkeys.
	*
	* rawkey: 8 Bytes of key data
	* subkey: Array of at least 32 u32s. Will be filled
	* with calculated subkeys.
	*
	*/
	static void
	des_key_schedule (const byte * rawkey, u32 * subkey)
	{
	u32 left, right, work;
	int round;

	READ_64BIT_DATA (rawkey, left, right)

	DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
	DO_PERMUTATION (right, work, left, 0, 0x10101010)

	left = (leftkey_swap[(left >> 0) & 0xf] << 3) \| (leftkey_swap[(left >> 8) & 0xf] << 2)
	\| (leftkey_swap[(left >> 16) & 0xf] << 1) \| (leftkey_swap[(left >> 24) & 0xf])
	\| (leftkey_swap[(left >> 5) & 0xf] << 7) \| (leftkey_swap[(left >> 13) & 0xf] << 6)
	\| (leftkey_swap[(left >> 21) & 0xf] << 5) \| (leftkey_swap[(left >> 29) & 0xf] << 4);

	left &= 0x0fffffff;

	right = (rightkey_swap[(right >> 1) & 0xf] << 3) \| (rightkey_swap[(right >> 9) & 0xf] << 2)
	\| (rightkey_swap[(right >> 17) & 0xf] << 1) \| (rightkey_swap[(right >> 25) & 0xf])
	\| (rightkey_swap[(right >> 4) & 0xf] << 7) \| (rightkey_swap[(right >> 12) & 0xf] << 6)
	\| (rightkey_swap[(right >> 20) & 0xf] << 5) \| (rightkey_swap[(right >> 28) & 0xf] << 4);

	right &= 0x0fffffff;

	for (round = 0; round < 16; ++round)
	{
	left = ((left << encrypt_rotate_tab[round]) \| (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
	right = ((right << encrypt_rotate_tab[round]) \| (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;

	*subkey++ = ((left << 4) & 0x24000000)
	\| ((left << 28) & 0x10000000)
	\| ((left << 14) & 0x08000000)
	\| ((left << 18) & 0x02080000)
	\| ((left << 6) & 0x01000000)
	\| ((left << 9) & 0x00200000)
	\| ((left >> 1) & 0x00100000)
	\| ((left << 10) & 0x00040000)
	\| ((left << 2) & 0x00020000)
	\| ((left >> 10) & 0x00010000)
	\| ((right >> 13) & 0x00002000)
	\| ((right >> 4) & 0x00001000)
	\| ((right << 6) & 0x00000800)
	\| ((right >> 1) & 0x00000400)
	\| ((right >> 14) & 0x00000200)
	\| (right & 0x00000100)
	\| ((right >> 5) & 0x00000020)
	\| ((right >> 10) & 0x00000010)
	\| ((right >> 3) & 0x00000008)
	\| ((right >> 18) & 0x00000004)
	\| ((right >> 26) & 0x00000002)
	\| ((right >> 24) & 0x00000001);

	*subkey++ = ((left << 15) & 0x20000000)
	\| ((left << 17) & 0x10000000)
	\| ((left << 10) & 0x08000000)
	\| ((left << 22) & 0x04000000)
	\| ((left >> 2) & 0x02000000)
	\| ((left << 1) & 0x01000000)
	\| ((left << 16) & 0x00200000)
	\| ((left << 11) & 0x00100000)
	\| ((left << 3) & 0x00080000)
	\| ((left >> 6) & 0x00040000)
	\| ((left << 15) & 0x00020000)
	\| ((left >> 4) & 0x00010000)
	\| ((right >> 2) & 0x00002000)
	\| ((right << 8) & 0x00001000)
	\| ((right >> 14) & 0x00000808)
	\| ((right >> 9) & 0x00000400)
	\| ((right) & 0x00000200)
	\| ((right << 7) & 0x00000100)
	\| ((right >> 7) & 0x00000020)
	\| ((right >> 3) & 0x00000011)
	\| ((right << 2) & 0x00000004)
	\| ((right >> 21) & 0x00000002);
	}
	}



	/*
	* Fill a DES context with subkeys calculated from a 64bit key.
	* Does not check parity bits, but simply ignore them.
	* Does not check for weak keys.
	*/
	static int
	des_setkey (struct _des_ctx ctx, const byte key)
	{
	int i;

	des_key_schedule (key, ctx->encrypt_subkeys);

	for(i=0; i<32; i+=2)
	{
	ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
	ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
	}

	return 0;
	}



	/*
	* Electronic Codebook Mode DES encryption/decryption of data according
	* to 'mode'.
	*/
	static int
	des_ecb_crypt (struct _des_ctx ctx, const byte from, byte * to, int mode)
	{
	u32 left, right, work;
	u32 *keys;

	keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;

	READ_64BIT_DATA (from, left, right)
	INITIAL_PERMUTATION (left, work, right)

	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

	FINAL_PERMUTATION (right, work, left)
	WRITE_64BIT_DATA (to, right, left)

	return 0;
	}



	/*
	* Fill a Triple-DES context with subkeys calculated from two 64bit keys.
	* Does not check the parity bits of the keys, but simply ignore them.
	* Does not check for weak keys.
	*/
	static int
	tripledes_set2keys (struct _tripledes_ctx *ctx,
	const byte * key1,
	const byte * key2)
	{
	int i;

	des_key_schedule (key1, ctx->encrypt_subkeys);
	des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));

	for(i=0; i<32; i+=2)
	{
	ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
	ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];

	ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
	ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];

	ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
	ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];

	ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
	ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
	}

	return 0;
	}



	/*
	* Fill a Triple-DES context with subkeys calculated from three 64bit keys.
	* Does not check the parity bits of the keys, but simply ignore them.
	* Does not check for weak keys.
	*/
	static int
	tripledes_set3keys (struct _tripledes_ctx *ctx,
	const byte * key1,
	const byte * key2,
	const byte * key3)
	{
	int i;

	des_key_schedule (key1, ctx->encrypt_subkeys);
	des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
	des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));

	for(i=0; i<32; i+=2)
	{
	ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
	ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];

	ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
	ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];

	ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
	ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
	}

	return 0;
	}



	/*
	* Electronic Codebook Mode Triple-DES encryption/decryption of data according to 'mode'.
	* Sometimes this mode is named 'EDE' mode (Encryption-Decryption-Encryption).
	*/
	static int
	tripledes_ecb_crypt (struct _tripledes_ctx ctx, const byte from, byte * to, int mode)
	{
	u32 left, right, work;
	u32 *keys;

	keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;

	READ_64BIT_DATA (from, left, right)
	INITIAL_PERMUTATION (left, work, right)

	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
	DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
	DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

	FINAL_PERMUTATION (right, work, left)
	WRITE_64BIT_DATA (to, right, left)

	return 0;
	}



	/*
	* Check whether the 8 byte key is weak.
	* Dose not check the parity bits of the key but simple ignore them.
	*/
	static int
	is_weak_key ( const byte *key )
	{
	byte work[8];
	int i, left, right, middle, cmp_result;

	/* clear parity bits */
	for(i=0; i<8; ++i)
	work[i] = key[i] & 0xfe;

	/* binary search in the weak key table */
	left = 0;
	right = 63;
	- while(1)
	+ while(left <= right)
	{
	middle = (left + right) / 2;

	if ( !(cmp_result=memcmp(work, weak_keys[middle], 8)) )
	return -1;

	- if ( left == right )
	- break;
	-
	if ( cmp_result > 0 )
	left = middle + 1;
	else
	right = middle - 1;
	}

	return 0;
	}



	/*
	* Performs a selftest of this DES/Triple-DES implementation.
	* Returns an string with the error text on failure.
	* Returns NULL if all is ok.
	*/
	static const char *
	selftest (void)
	{
	/*
	* Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
	* need this.
	*/
	if (sizeof (u32) != 4)
	return "Wrong word size for DES configured.";

	/*
	* DES Maintenance Test
	*/
	{
	int i;
	byte key[8] =
	{0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
	byte input[8] =
	{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
	byte result[8] =
	{0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
	byte temp1[8], temp2[8], temp3[8];
	des_ctx des;

	for (i = 0; i < 64; ++i)
	{
	des_setkey (des, key);
	des_ecb_encrypt (des, input, temp1);
	des_ecb_encrypt (des, temp1, temp2);
	des_setkey (des, temp2);
	des_ecb_decrypt (des, temp1, temp3);
	memcpy (key, temp3, 8);
	memcpy (input, temp1, 8);
	}
	if (memcmp (temp3, result, 8))
	return "DES maintenance test failed.";
	}


	/*
	* Triple-DES test (Do somebody known on official test?)
	*
	* FIXME: This test doesn't use tripledes_set3keys() !
	*/
	{
	int i;
	byte input[8] =
	{0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
	byte key1[8] =
	{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
	byte key2[8] =
	{0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
	byte result[8] =
	{0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};

	tripledes_ctx des3;

	for (i = 0; i < 16; ++i)
	{
	tripledes_set2keys (des3, key1, key2);
	tripledes_ecb_encrypt (des3, input, key1);
	tripledes_ecb_decrypt (des3, input, key2);
	tripledes_set3keys (des3, key1, input, key2);
	tripledes_ecb_encrypt (des3, input, input);
	}
	if (memcmp (input, result, 8))
	return "TRIPLE-DES test failed.";
	}


	/*
	* Check the weak key detection. We simply assume the table with
	* weak keys is ok and check every key in the table if it is
	* detected... (This test is a little bit stupid)
	*/
	{
	int i;

	for (i = 0; i < 64; ++i)
	if (!is_weak_key(weak_keys[i]))
	return "DES weak key detection failed";
	}

	return 0;
	}


	static int
	do_tripledes_setkey ( struct _tripledes_ctx ctx, byte key, unsigned keylen )
	{
	if( keylen != 24 )
	return G10ERR_WRONG_KEYLEN;

	tripledes_set3keys ( ctx, key, key+8, key+16);

	if( is_weak_key( key ) \|\| is_weak_key( key+8 ) \|\| is_weak_key( key+16 ) )
	return G10ERR_WEAK_KEY;

	return 0;
	}


	static void
	do_tripledes_encrypt( struct _tripledes_ctx ctx, byte outbuf, byte *inbuf )
	{
	tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
	}

	static void
	do_tripledes_decrypt( struct _tripledes_ctx ctx, byte outbuf, byte *inbuf )
	{
	tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
	}


	/****************
	* Return some information about the algorithm. We need algo here to
	* distinguish different flavors of the algorithm.
	* Returns: A pointer to string describing the algorithm or NULL if
	* the ALGO is invalid.
	*/
	const char *
	des_get_info( int algo, size_t *keylen,
	size_t blocksize, size_t contextsize,
	int (*r_setkey)( void c, byte *key, unsigned keylen ),
	void (*r_encrypt)( void c, byte outbuf, byte inbuf ),
	void (*r_decrypt)( void c, byte outbuf, byte inbuf )
	)
	{
	static int did_selftest = 0;

	if( !did_selftest ) {
	const char *s = selftest();
	if( s )
	log_fatal("selftest failed: %s\n", s );
	did_selftest = 1;
	}


	if( algo == CIPHER_ALGO_3DES ) {
	*keylen = 192;
	*blocksize = 8;
	*contextsize = sizeof(struct _tripledes_ctx);
	*r_setkey = FNCCAST_SETKEY(do_tripledes_setkey);
	*r_encrypt= FNCCAST_CRYPT(do_tripledes_encrypt);
	*r_decrypt= FNCCAST_CRYPT(do_tripledes_decrypt);
	return "3DES";
	}
	return NULL;
	}

	diff --git a/cipher/rndunix.c b/cipher/rndunix.c
	index a44d0950b..c005afba4 100644
	--- a/cipher/rndunix.c
	+++ b/cipher/rndunix.c
	@@ -1,806 +1,806 @@
	/****************************************************************************
	* *
	* BeOS Randomness-Gathering Code *
	* Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1998 *
	* *
	****************************************************************************/

	/* General includes */

	#include <config.h>
	#include <stdlib.h>
	#include <stdio.h>
	#include <string.h>
	#include <assert.h>

	/* OS-specific includes */

	#ifdef __osf__
	/* Somewhere in the morass of system-specific cruft which OSF/1 pulls in
	* via the following includes are various endianness defines, so we
	* undefine the cryptlib ones, which aren't really needed for this module
	* anyway */
	#undef BIG_ENDIAN
	#undef LITTLE_ENDIAN
	#endif /* __osf__ */

	#include <unistd.h>
	#include <fcntl.h>
	#include <pwd.h>
	#ifndef __QNX__
	#include <sys/errno.h>
	#include <sys/ipc.h>
	#endif /* __QNX__ */
	#include <sys/time.h> /* SCO and SunOS need this before resource.h */
	#ifndef __QNX__
	#include <sys/resource.h>
	#endif /* __QNX__ */
	#ifdef _AIX
	#include <sys/select.h>
	#endif /* _AIX */
	#ifndef __QNX__
	#include <sys/shm.h>
	#include <sys/signal.h>
	#endif /* __QNX__ */
	#include <sys/stat.h>
	#include <sys/types.h> /* Verschiedene komische Typen */
	#if defined( __hpux ) && ( OS_VERSION == 9 )
	#include <vfork.h>
	#endif /* __hpux 9.x, after that it's in unistd.h */
	#include <sys/wait.h>
	/* #include <kitchensink.h> */
	#include <errno.h>

	#include "types.h" /* for byte and u32 typedefs */
	#include "g10lib.h"
	#ifndef IS_MODULE
	#include "dynload.h"
	#endif


	#define GATHER_BUFSIZE 49152 /* Usually about 25K are filled */

	/* The structure containing information on random-data sources. Each
	* record contains the source and a relative estimate of its usefulness
	* (weighting) which is used to scale the number of kB of output from the
	* source (total = data_bytes / usefulness). Usually the weighting is in the
	* range 1-3 (or 0 for especially useless sources), resulting in a usefulness
	* rating of 1...3 for each kB of source output (or 0 for the useless
	* sources).
	*
	* If the source is constantly changing (certain types of network statistics
	* have this characteristic) but the amount of output is small, the weighting
	* is given as a negative value to indicate that the output should be treated
	* as if a minimum of 1K of output had been obtained. If the source produces
	* a lot of output then the scale factor is fractional, resulting in a
	* usefulness rating of < 1 for each kB of source output.
	*
	* In order to provide enough randomness to satisfy the requirements for a
	* slow poll, we need to accumulate at least 20 points of usefulness (a
	* typical system should get about 30 points).
	*
	* Some potential options are missed out because of special considerations.
	* pstat -i and pstat -f can produce amazing amounts of output (the record
	* is 600K on an Oracle server) which floods the buffer and doesn't yield
	* anything useful (apart from perhaps increasing the entropy of the vmstat
	* output a bit), so we don't bother with this. pstat in general produces
	* quite a bit of output, but it doesn't change much over time, so it gets
	* very low weightings. netstat -s produces constantly-changing output but
	* also produces quite a bit of it, so it only gets a weighting of 2 rather
	* than 3. The same holds for netstat -in, which gets 1 rather than 2.
	*
	* Some binaries are stored in different locations on different systems so
	* alternative paths are given for them. The code sorts out which one to
	* run by itself, once it finds an exectable somewhere it moves on to the
	* next source. The sources are arranged roughly in their order of
	* usefulness, occasionally sources which provide a tiny amount of
	* relatively useless data are placed ahead of ones which provide a large
	* amount of possibly useful data because another 100 bytes can't hurt, and
	* it means the buffer won't be swamped by one or two high-output sources.
	* All the high-output sources are clustered towards the end of the list
	* for this reason. Some binaries are checked for in a certain order, for
	* example under Slowaris /usr/ucb/ps understands aux as an arg, but the
	* others don't. Some systems have conditional defines enabling alternatives
	* to commands which don't understand the usual options but will provide
	* enough output (in the form of error messages) to look like they're the
	* real thing, causing alternative options to be skipped (we can't check the
	* return either because some commands return peculiar, non-zero status even
	* when they're working correctly).
	*
	* In order to maximise use of the buffer, the code performs a form of run-
	* length compression on its input where a repeated sequence of bytes is
	* replaced by the occurrence count mod 256. Some commands output an awful
	* lot of whitespace, this measure greatly increases the amount of data we
	* can fit in the buffer.
	*
	* When we scale the weighting using the SC() macro, some preprocessors may
	* give a division by zero warning for the most obvious expression
	* 'weight ? 1024 / weight : 0' (and gcc 2.7.2.2 dies with a division by zero
	* trap), so we define a value SC_0 which evaluates to zero when fed to
	* '1024 / SC_0' */

	#define SC( weight ) ( 1024 / weight ) /* Scale factor */
	#define SC_0 16384 /* SC( SC_0 ) evalutes to 0 */

	static struct RI {
	const char path; / Path to check for existence of source */
	const char arg; / Args for source */
	const int usefulness; /* Usefulness of source */
	FILE pipe; / Pipe to source as FILE * */
	int pipeFD; /* Pipe to source as FD */
	pid_t pid; /* pid of child for waitpid() */
	int length; /* Quantity of output produced */
	const int hasAlternative; /* Whether source has alt.location */
	} dataSources[] = {

	{ "/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 0},
	{ "/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 0},
	{ "/usr/bin/pfstat", NULL, SC(-2), NULL, 0, 0, 0, 0},
	{ "/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 0},
	{ "/usr/ucb/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
	{ "/usr/sbin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1},
	{ "/usr/etc/netstat", "-s", SC(2), NULL, 0, 0, 0, 0},
	{ "/usr/bin/nfsstat", NULL, SC(2), NULL, 0, 0, 0, 0},
	{ "/usr/ucb/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
	{ "/usr/sbin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
	{ "/usr/etc/netstat", "-m", SC(-1), NULL, 0, 0, 0, 0 },
	{ "/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
	{ "/usr/ucb/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
	{ "/usr/sbin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1},
	{ "/usr/etc/netstat", "-in", SC(-1), NULL, 0, 0, 0, 0},
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.1.0",
	SC(-1), NULL, 0, 0, 0, 0 }, /* UDP in */
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.4.0",
	SC(-1), NULL, 0, 0, 0, 0 }, /* UDP out */
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.4.3.0",
	SC(-1), NULL, 0, 0, 0, 0 }, /* IP ? */
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.10.0",
	SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.11.0",
	SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.13.0",
	SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
	{ "/usr/bin/mpstat", NULL, SC(1), NULL, 0, 0, 0, 0 },
	{ "/usr/bin/w", NULL, SC(1), NULL, 0, 0, 0, 1 },
	{ "/usr/bsd/w", NULL, SC(1), NULL, 0, 0, 0, 0 },
	{ "/usr/bin/df", NULL, SC(1), NULL, 0, 0, 0, 1 },
	{ "/bin/df", NULL, SC(1), NULL, 0, 0, 0, 0 },
	{ "/usr/sbin/portstat", NULL, SC(1), NULL, 0, 0, 0, 0 },
	{ "/usr/bin/iostat", NULL, SC(SC_0), NULL, 0, 0, 0, 0 },
	{ "/usr/bin/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 1 },
	{ "/usr/bsd/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 0 },
	{ "/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 0 },
	{ "/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 0 },
	{ "/usr/ucb/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 },
	{ "/usr/sbin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 },
	{ "/usr/etc/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 0 },
	#if defined( __sgi ) \|\| defined( __hpux )
	{ "/bin/ps", "-el", SC(0.3), NULL, 0, 0, 0, 1 },
	#endif /* __sgi \|\| __hpux */
	{ "/usr/ucb/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 },
	{ "/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 0 },
	{ "/usr/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 1 },
	{ "/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 0 },
	/* Unreliable source, depends on system usage */
	{ "/etc/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 1 },
	{ "/bin/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 0 },
	{ "/etc/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 1 },
	{ "/bin/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 0 },
	{ "/etc/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 1 },
	{ "/bin/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 0 },
	{ "/etc/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 1 },
	{ "/bin/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 0 },
	{ "/etc/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
	{ "/bin/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 },
	/* pstat is your friend */
	{ "/usr/bin/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 1 },
	#ifdef __sgi
	{ "/usr/bsd/last", "-50", SC(0.3), NULL, 0, 0, 0, 0 },
	#endif /* __sgi */
	#ifdef __hpux
	{ "/etc/last", "-50", SC(0.3), NULL, 0, 0, 0, 0 },
	#endif /* __hpux */
	{ "/usr/bsd/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 0 },
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.1.0",
	SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
	{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.3.0",
	SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
	{ "/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 },
	{ "/usr/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 },
	{ "/usr/sbin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 0 },
	{ "/usr/sbin/ripquery", "-nw 1 127.0.0.1",
	SC(0.1), NULL, 0, 0, 0, 0 },
	{ "/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
	{ "/usr/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
	{ "/usr/ucb/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 },
	{ "/usr/bin/tcpdump", "-c 5 -efvvx", SC(1), NULL, 0, 0, 0, 0 },
	/* This is very environment-dependant. If network traffic is low, it'll
	* probably time out before delivering 5 packets, which is OK because
	* it'll probably be fixed stuff like ARP anyway */
	{ "/usr/sbin/advfsstat", "-b usr_domain",
	SC(SC_0), NULL, 0, 0, 0, 0},
	{ "/usr/sbin/advfsstat", "-l 2 usr_domain",
	SC(0.5), NULL, 0, 0, 0, 0},
	{ "/usr/sbin/advfsstat", "-p usr_domain",
	SC(SC_0), NULL, 0, 0, 0, 0},
	/* This is a complex and screwball program. Some systems have things
	* like rX_dmn, x = integer, for RAID systems, but the statistics are
	* pretty dodgy */
	#if 0
	/* The following aren't enabled since they're somewhat slow and not very
	* unpredictable, however they give an indication of the sort of sources
	* you can use (for example the finger might be more useful on a
	* firewalled internal network) */
	{ "/usr/bin/finger", "@ml.media.mit.edu", SC(0.9), NULL, 0, 0, 0, 0 },
	{ "/usr/local/bin/wget", "-O - http://lavarand.sgi.com/block.html",
	SC(0.9), NULL, 0, 0, 0, 0 },
	{ "/bin/cat", "/usr/spool/mqueue/syslog", SC(0.9), NULL, 0, 0, 0, 0 },
	#endif /* 0 */
	{ NULL, NULL, 0, NULL, 0, 0, 0, 0 }
	};

	static byte gather_buffer; / buffer for gathering random noise */
	static int gather_buffer_size; /* size of the memory buffer */
	static uid_t gatherer_uid;

	/* The message structure used to communicate with the parent */
	typedef struct {
	int usefulness; /* usefulness of data */
	int ndata; /* valid bytes in data */
	char data[500]; /* gathered data */
	} GATHER_MSG;

	/* Under SunOS popen() doesn't record the pid of the child process. When
	* pclose() is called, instead of calling waitpid() for the correct child, it
	* calls wait() repeatedly until the right child is reaped. The problem is
	* that this reaps any other children that happen to have died at that
	* moment, and when their pclose() comes along, the process hangs forever.
	* The fix is to use a wrapper for popen()/pclose() which saves the pid in
	* the dataSources structure (code adapted from GNU-libc's popen() call).
	*
	* Aut viam inveniam aut faciam */

	static FILE *
	my_popen(struct RI *entry)
	{

	int pipedes[2];
	FILE *stream;

	/* Create the pipe */
	if (pipe(pipedes) < 0)
	return (NULL);

	/* Fork off the child ("vfork() is like an OS orgasm. All OS's want to
	* do it, but most just end up faking it" - Chris Wedgwood). If your OS
	* supports it, you should try to use vfork() here because it's somewhat
	* more efficient */
	#if defined( sun ) \|\| defined( __ultrix__ ) \|\| defined( __osf__ ) \|\| \
	defined(__hpux)
	entry->pid = vfork();
	#else /* */
	entry->pid = fork();
	#endif /* Unixen which have vfork() */
	if (entry->pid == (pid_t) - 1) {
	/* The fork failed */
	close(pipedes[0]);
	close(pipedes[1]);
	return (NULL);
	}

	if (entry->pid == (pid_t) 0) {
	struct passwd *passwd;

	/* We are the child. Make the read side of the pipe be stdout */
	if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0)
	exit(127);

	/* Now that everything is set up, give up our permissions to make
	* sure we don't read anything sensitive. If the getpwnam() fails,
	* we default to -1, which is usually nobody */
	if (gatherer_uid == (uid_t)-1 && \
	(passwd = getpwnam("nobody")) != NULL)
	gatherer_uid = passwd->pw_uid;

	setuid(gatherer_uid);

	/* Close the pipe descriptors */
	close(pipedes[STDIN_FILENO]);
	close(pipedes[STDOUT_FILENO]);

	/* Try and exec the program */
	execl(entry->path, entry->path, entry->arg, NULL);

	/* Die if the exec failed */
	exit(127);
	}

	/* We are the parent. Close the irrelevant side of the pipe and open
	* the relevant side as a new stream. Mark our side of the pipe to
	* close on exec, so new children won't see it */
	close(pipedes[STDOUT_FILENO]);

	fcntl(pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC);

	stream = fdopen(pipedes[STDIN_FILENO], "r");

	if (stream == NULL) {
	int savedErrno = errno;

	/* The stream couldn't be opened or the child structure couldn't be
	* allocated. Kill the child and close the other side of the pipe */
	kill(entry->pid, SIGKILL);
	if (stream == NULL)
	close(pipedes[STDOUT_FILENO]);
	else
	fclose(stream);

	waitpid(entry->pid, NULL, 0);

	entry->pid = 0;
	errno = savedErrno;
	return (NULL);
	}

	return (stream);
	}

	static int
	my_pclose(struct RI *entry)
	{
	int status = 0;

	if (fclose(entry->pipe))
	return (-1);

	/* We ignore the return value from the process because some programs
	* return funny values which would result in the input being discarded
	* even if they executed successfully. This isn't a problem because the
	* result data size threshold will filter out any programs which exit
	* with a usage message without producing useful output */
	if (waitpid(entry->pid, NULL, 0) != entry->pid)
	status = -1;

	entry->pipe = NULL;
	entry->pid = 0;
	return (status);
	}


	/* Unix slow poll (without special support for Linux)
	*
	* If a few of the randomness sources create a large amount of output then
	* the slowPoll() stops once the buffer has been filled (but before all the
	* randomness sources have been sucked dry) so that the 'usefulness' factor
	* remains below the threshold. For this reason the gatherer buffer has to
	* be fairly sizeable on moderately loaded systems. This is something of a
	* bug since the usefulness should be influenced by the amount of output as
	* well as the source type */


	static int
	slow_poll(FILE dbgfp, int dbgall, size_t nbytes )
	{
	int moreSources;
	struct timeval tv;
	fd_set fds;
	#if defined( __hpux )
	size_t maxFD = 0;
	int pageSize = 4096; /* PHUX doesn't have getpagesize() */
	#elif defined( _M_XENIX ) \|\| defined( __aux )
	int maxFD = 0, pageSize = 4096;/* Nor do others, but they get fd right */
	#else
	int maxFD = 0, pageSize = getpagesize();
	#endif /* OS-specific brokenness */
	int bufPos, i, usefulness = 0;


	/* Fire up each randomness source */
	FD_ZERO(&fds);
	for (i = 0; dataSources[i].path != NULL; i++) {
	/* Since popen() is a fairly heavy function, we check to see whether
	* the executable exists before we try to run it */
	if (access(dataSources[i].path, X_OK)) {
	if( dbgfp && dbgall )
	fprintf(dbgfp, "%s not present%s\n", dataSources[i].path,
	dataSources[i].hasAlternative ?
	", has alternatives" : "");
	dataSources[i].pipe = NULL;
	}
	else
	dataSources[i].pipe = my_popen(&dataSources[i]);

	if (dataSources[i].pipe != NULL) {
	dataSources[i].pipeFD = fileno(dataSources[i].pipe);
	if (dataSources[i].pipeFD > maxFD)
	maxFD = dataSources[i].pipeFD;
	fcntl(dataSources[i].pipeFD, F_SETFL, O_NONBLOCK);
	FD_SET(dataSources[i].pipeFD, &fds);
	dataSources[i].length = 0;

	/* If there are alternatives for this command, don't try and
	* execute them */
	while (dataSources[i].hasAlternative) {
	if( dbgfp && dbgall )
	fprintf(dbgfp, "Skipping %s\n", dataSources[i + 1].path);
	i++;
	}
	}
	}


	/* Suck all the data we can get from each of the sources */
	bufPos = 0;
	moreSources = 1;
	while (moreSources && bufPos <= gather_buffer_size) {
	/* Wait for data to become available from any of the sources, with a
	* timeout of 10 seconds. This adds even more randomness since data
	* becomes available in a nondeterministic fashion. Kudos to HP's QA
	* department for managing to ship a select() which breaks its own
	* prototype */
	tv.tv_sec = 10;
	tv.tv_usec = 0;

	#if defined( __hpux ) && ( OS_VERSION == 9 )
	if (select(maxFD + 1, (int *)&fds, NULL, NULL, &tv) == -1)
	#else /* */
	if (select(maxFD + 1, &fds, NULL, NULL, &tv) == -1)
	#endif /* __hpux */
	break;

	/* One of the sources has data available, read it into the buffer */
	for (i = 0; dataSources[i].path != NULL; i++) {
	if( dataSources[i].pipe && FD_ISSET(dataSources[i].pipeFD, &fds)) {
	size_t noBytes;

	if ((noBytes = fread(gather_buffer + bufPos, 1,
	gather_buffer_size - bufPos,
	dataSources[i].pipe)) == 0) {
	if (my_pclose(&dataSources[i]) == 0) {
	int total = 0;

	/* Try and estimate how much entropy we're getting
	* from a data source */
	if (dataSources[i].usefulness)
	if (dataSources[i].usefulness < 0)
	total = (dataSources[i].length + 999)
	/ -dataSources[i].usefulness;
	else
	total = dataSources[i].length
	/ dataSources[i].usefulness;
	if( dbgfp )
	fprintf(dbgfp,
	"%s %s contributed %d bytes, "
	"usefulness = %d\n", dataSources[i].path,
	(dataSources[i].arg != NULL) ?
	dataSources[i].arg : "",
	dataSources[i].length, total);
	if( dataSources[i].length )
	usefulness += total;
	}
	dataSources[i].pipe = NULL;
	}
	else {
	int currPos = bufPos;
	int endPos = bufPos + noBytes;

	/* Run-length compress the input byte sequence */
	while (currPos < endPos) {
	int ch = gather_buffer[currPos];

	/* If it's a single byte, just copy it over */
	if (ch != gather_buffer[currPos + 1]) {
	gather_buffer[bufPos++] = ch;
	currPos++;
	}
	else {
	int count = 0;

	/* It's a run of repeated bytes, replace them
	* with the byte count mod 256 */
	while ((ch == gather_buffer[currPos])
	&& currPos < endPos) {
	count++;
	currPos++;
	}
	gather_buffer[bufPos++] = count;
	noBytes -= count - 1;
	}
	}

	/* Remember the number of (compressed) bytes of input we
	* obtained */
	dataSources[i].length += noBytes;
	}
	}
	}

	/* Check if there is more input available on any of the sources */
	moreSources = 0;
	FD_ZERO(&fds);
	for (i = 0; dataSources[i].path != NULL; i++) {
	if (dataSources[i].pipe != NULL) {
	FD_SET(dataSources[i].pipeFD, &fds);
	moreSources = 1;
	}
	}
	}

	if( dbgfp ) {
	fprintf(dbgfp, "Got %d bytes, usefulness = %d\n", bufPos, usefulness);
	fflush(dbgfp);
	}
	*nbytes = bufPos;
	return usefulness;
	}

	/****************
	* Start the gatherer process which writes messages of
	* type GATHERER_MSG to pipedes
	*/
	static void
	start_gatherer( int pipefd )
	{
	FILE *dbgfp = NULL;
	int dbgall;

	{
	const char *s = getenv("GNUPG_RNDUNIX_DBG");
	if( s ) {
	dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a");
	if( !dbgfp )
	g10_log_info("can't open debug file `%s': %s\n",
	s, strerror(errno) );
	else
	fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid());
	}
	dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
	}
	/* close all files but the ones we need */
	{ int nmax, n1, n2, i;
	if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) {
	#ifdef _POSIX_OPEN_MAX
	nmax = _POSIX_OPEN_MAX;
	#else
	nmax = 20; /* assume a reasonable value */
	#endif
	}
	n1 = fileno( stderr );
	n2 = dbgfp? fileno( dbgfp ) : -1;
	for(i=0; i < nmax; i++ ) {
	if( i != n1 && i != n2 && i != pipefd )
	close(i);
	}
	errno = 0;
	}



	/* Set up the buffer */
	gather_buffer_size = GATHER_BUFSIZE;
	gather_buffer = malloc( gather_buffer_size );
	if( !gather_buffer ) {
	g10_log_error("out of core while allocating the gatherer buffer\n");
	exit(2);
	}

	/* Reset the SIGC(H)LD handler to the system default. This is necessary
	* because if the program which cryptlib is a part of installs its own
	* SIGC(H)LD handler, it will end up reaping the cryptlib children before
	* cryptlib can. As a result, my_pclose() will call waitpid() on a
	* process which has already been reaped by the installed handler and
	* return an error, so the read data won't be added to the randomness
	* pool. There are two types of SIGC(H)LD naming, the SysV SIGCLD and
	* the BSD/Posix SIGCHLD, so we need to handle either possibility */
	#ifdef SIGCLD
	signal(SIGCLD, SIG_DFL);
	#else
	signal(SIGCHLD, SIG_DFL);
	#endif

	fclose(stderr); /* Arrghh!! It's Stuart code!! */

	for(;;) {
	GATHER_MSG msg;
	size_t nbytes;
	const char *p;

	msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes );
	p = gather_buffer;
	while( nbytes ) {
	msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes;
	memcpy( msg.data, p, msg.ndata );
	nbytes -= msg.ndata;
	p += msg.ndata;

	while( write( pipefd, &msg, sizeof(msg) ) != sizeof(msg) ) {
	if( errno == EINTR )
	continue;
	- if( errno = EAGAIN ) {
	+ if( errno == EAGAIN ) {
	struct timeval tv;
	tv.tv_sec = 0;
	tv.tv_usec = 50000;
	select(0, NULL, NULL, NULL, &tv);
	continue;
	}
	/* we can't do very much here because stderr is closed */
	if( dbgfp )
	fprintf(dbgfp, "gatherer can't write to pipe: %s\n",
	strerror(errno) );
	/* we start a new poll to give the system some time */
	nbytes = 0;
	break;
	}
	}
	}
	/* we are killed when the parent dies */
	}


	static int
	read_a_msg( int fd, GATHER_MSG *msg )
	{
	char buffer = (char)msg;
	size_t length = sizeof( *msg );
	int n;

	do {
	do {
	n = read(fd, buffer, length );
	} while( n == -1 && errno == EINTR );
	if( n == -1 )
	return -1;
	buffer += n;
	length -= n;
	} while( length );
	return 0;
	}


	static int
	gather_random( void (add)(const void, size_t, int), int requester,
	size_t length, int level )
	{
	static pid_t gatherer_pid = 0;
	static int pipedes[2];
	GATHER_MSG msg;
	size_t n;

	if( !gatherer_pid ) {
	/* time to start the gatherer process */
	if( pipe( pipedes ) ) {
	g10_log_error("pipe() failed: %s\n", strerror(errno));
	return -1;
	}
	gatherer_pid = fork();
	if( gatherer_pid == -1 ) {
	g10_log_error("can't for gatherer process: %s\n", strerror(errno));
	return -1;
	}
	if( !gatherer_pid ) {
	start_gatherer( pipedes[1] );
	/* oops, can't happen */
	return -1;
	}
	}

	/* now read from the gatherer */
	while( length ) {
	int goodness;

	if( read_a_msg( pipedes[0], &msg ) ) {
	g10_log_error("reading from gatherer pipe failed: %s\n",
	strerror(errno));
	return -1;
	}


	if( level > 1 ) {
	if( msg.usefulness > 30 )
	goodness = 100;
	else if ( msg.usefulness )
	goodness = msg.usefulness * 100 / 30;
	else
	goodness = 0;
	}
	else if( level ) {
	if( msg.usefulness > 15 )
	goodness = 100;
	else if ( msg.usefulness )
	goodness = msg.usefulness * 100 / 15;
	else
	goodness = 0;
	}
	else
	goodness = 100; /* goodness of level 0 is always 100 % */

	n = msg.ndata;
	if( n > length )
	n = length;
	(*add)( msg.data, n, requester );

	/* this is the trick how e cope with the goodness */
	length -= (ulong)n * goodness / 100;
	}

	return 0;
	}



	#ifndef IS_MODULE
	static
	#endif
	const char * const gnupgext_version = "RNDUNIX ($Revision$)";


	static struct {
	int class;
	int version;
	void *func;
	} func_table[] = {
	{ 40, 1, gather_random },
	};

	/****************
	* Enumerate the names of the functions together with informations about
	* this function. Set sequence to an integer with a initial value of 0 and
	* do not change it.
	* If what is 0 all kind of functions are returned.
	* Return values: class := class of function:
	* 10 = message digest algorithm info function
	* 11 = integer with available md algorithms
	* 20 = cipher algorithm info function
	* 21 = integer with available cipher algorithms
	* 30 = public key algorithm info function
	* 31 = integer with available pubkey algorithms
	* 40 = get read_random_source() function
	* 41 = get fast_random_poll function
	* version = interface version of the function/pointer
	* (currently this is 1 for all functions)
	*/

	#ifndef IS_MODULE
	static
	#endif
	void *
	gnupgext_enum_func( int what, int sequence, int class, int *vers )
	{
	void *ret;
	int i = *sequence;

	do {
	if ( i >= DIM(func_table) \|\| i < 0 ) {
	return NULL;
	}
	*class = func_table[i].class;
	*vers = func_table[i].version;
	ret = func_table[i].func;
	i++;
	} while ( what && what != *class );

	*sequence = i;
	return ret;
	}

	#ifndef IS_MODULE
	void
	rndunix_constructor(void)
	{
	register_internal_cipher_extension( gnupgext_version,
	gnupgext_enum_func );
	}
	#endif


	diff --git a/configure.in b/configure.in
	index 69f8db675..045081713 100644
	--- a/configure.in
	+++ b/configure.in
	@@ -1,324 +1,325 @@
	dnl
	dnl Configure template for GNUPG
	dnl
	dnl (Process this file with autoconf to produce a configure script.)
	AC_REVISION($Revision$)dnl

	dnl Must reset CDPATH so that bash's cd does not print to stdout
	CDPATH=

	AC_INIT(g10/g10.c)
	AC_CONFIG_AUX_DIR(scripts)
	AM_CONFIG_HEADER(config.h)


	VERSION=`cat $srcdir/VERSION`
	PACKAGE=gnupg
	ALL_LINGUAS="de es_ES fr it pl pt_BR ru"
	AC_SUBST(VERSION)
	AC_SUBST(PACKAGE)
	AC_DEFINE_UNQUOTED(VERSION, "$VERSION")
	AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE")

	AC_MSG_CHECKING([whether use of /dev/random is requested])
	AC_ARG_ENABLE(dev-random,
	[ --disable-dev-random disable the use of dev random],
	try_dev_random=$enableval, try_dev_random=yes)
	AC_MSG_RESULT($try_dev_random)

	AC_MSG_CHECKING([whether use of extensions is requested])
	AC_ARG_ENABLE(dynload,
	[ --disable-dynload disable use of extensions],
	try_dynload=$enableval, try_dynload=yes)
	AC_MSG_RESULT($try_dynload)

	AC_MSG_CHECKING([whether assembler modules are requested])
	AC_ARG_ENABLE(asm,
	[ --disable-asm do not use assembler modules],
	try_asm_modules=$enableval, try_asm_modules=yes)
	AC_MSG_RESULT($try_asm_modules)

	AC_MSG_CHECKING([whether memory debugging is requested])
	AC_ARG_ENABLE(m-debug,
	[ --enable-m-debug enable debugging of memory allocation],
	use_m_debug=$enableval, use_m_debug=no)
	AC_MSG_RESULT($use_m_debug)
	if test "$use_m_debug" = yes; then
	AC_DEFINE(M_DEBUG)
	use_m_guard=yes
	else
	AC_MSG_CHECKING([whether memory guard is requested])
	AC_ARG_ENABLE(m-guard,
	[ --disable-m-guard disable memory guard facility],
	use_m_guard=$enableval, use_m_guard=yes)
	AC_MSG_RESULT($use_m_guard)
	fi
	if test "$use_m_guard" = yes ; then
	AC_DEFINE(M_GUARD)
	CFLAGS="$CFLAGS -g"
	else
	CFLAGS="$CFLAGS -O2"
	fi

	if test "$GCC" = yes; then
	CFLAGS="$CFLAGS -Wall"
	fi


	AC_MSG_CHECKING([whether included zlib is requested])
	AC_ARG_WITH(included-zlib,
	[ --with-included-zlib use the zlib code included here],
	[g10_force_zlib=yes], [g10_force_zlib=no] )
	AC_MSG_RESULT($g10_force_zlib)

	dnl Checks for programs.

	AC_CANONICAL_SYSTEM
	AC_ARG_PROGRAM
	AC_PROG_MAKE_SET
	AM_SANITY_CHECK
	missing_dir=`cd $ac_aux_dir && pwd`
	AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
	AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
	AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
	AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
	dnl AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
	AC_PROG_CC
	AC_PROG_CPP
	AC_ISC_POSIX
	AC_PROG_RANLIB
	AC_PROG_INSTALL
	AM_CYGWIN32


	case "${target}" in
	i386--mingw32)
	# special stuff for Windoze NT
	cross_compiling=yes
	CC="i386--mingw32-gcc"
	CPP="i386--mingw32-gcc -E"
	RANLIB="i386--mingw32-ranlib"
	ac_cv_have_dev_random=no
	AC_DEFINE(USE_RNDW32)
	;;
	--hpux*)
	if test -z "$GCC" ; then
	CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
	fi
	;;
	*)
	;;
	esac


	GNUPG_CHECK_PIC
	+GNUPG_CHECK_RDYNAMIC
	if test "$NO_PIC" = yes; then
	try_dynload=no
	fi


	case "${target}" in
	i386--mingw32)
	PRINTABLE_OS_NAME="MingW32"
	;;
	-linux)
	PRINTABLE_OS_NAME="GNU/Linux"
	;;
	*)
	PRINTABLE_OS_NAME=`uname -s \|\| echo "Unknown"`
	;;
	esac
	AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME")

	dnl Fixme: Are these the best flags for OpenBSD????
	case "${target}" in
	-openbsd)
	NAME_OF_DEV_RANDOM="/dev/srandom"
	NAME_OF_DEV_URANDOM="/dev/urandom"
	DYNLINK_MOD_CFLAGS="-shared -rdynamic -fpic -Wl,-Bshareable -Wl,-x"
	;;
	*)
	NAME_OF_DEV_RANDOM="/dev/random"
	NAME_OF_DEV_URANDOM="/dev/urandom"
	DYNLINK_MOD_CFLAGS="-shared $CFLAGS_PIC -lc"
	;;
	esac
	AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, "$NAME_OF_DEV_RANDOM")
	AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, "$NAME_OF_DEV_URANDOM")


	dnl Checks for libraries.

	AM_GNU_GETTEXT

	AC_CHECK_LIB(gdbm,gdbm_firstkey)


	if test "$try_dynload" = yes ; then
	AC_CHECK_LIB(dl,dlopen)
	if test "$ac_cv_lib_dl_dlopen" = "yes"; then
	AC_DEFINE(USE_DYNAMIC_LINKING)
	AC_DEFINE(HAVE_DL_DLOPEN)
	- DYNLINK_LDFLAGS="-Wl,-export-dynamic"
	+ DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
	use_gnupg_extensions=yes
	else
	AC_CHECK_LIB(c,dlopen)
	if test "$ac_cv_lib_c_dlopen" = "yes"; then
	AC_DEFINE(USE_DYNAMIC_LINKING)
	AC_DEFINE(HAVE_DL_DLOPEN)
	- DYNLINK_LDFLAGS="-Wl,-export-dynamic"
	+ DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
	dnl fixme: this is probably false but it should
	dnl work for freebsd
	AC_DEFINE(DLSYM_NEEDS_UNDERSCORE)
	use_gnupg_extensions=yes
	else
	AC_CHECK_LIB(dld,dld_link)
	if test "$ac_cv_lib_dld_dld_link" = "yes"; then
	AC_DEFINE(USE_DYNAMIC_LINKING)
	AC_DEFINE(HAVE_DLD_DLD_LINK)
	- DYNLINK_LDFLAGS="-Wl,-export-dynamic"
	+ DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
	use_gnupg_extensions=yes
	fi
	fi
	fi
	else
	AC_MSG_CHECKING(for dynamic loading)
	DYNLINK_LDFLAGS=
	DYNLINK_MOD_CFLAGS=
	use_gnupg_extensions=no
	AC_MSG_RESULT(has been disabled)
	fi

	AM_CONDITIONAL(ENABLE_GNUPG_EXTENSIONS, test "$use_gnupg_extensions" = yes )
	AC_SUBST(DYNLINK_LDFLAGS)
	AC_SUBST(DYNLINK_MOD_CFLAGS)


	dnl Checks for header files.
	AC_HEADER_STDC
	AC_CHECK_HEADERS(unistd.h)


	dnl Checks for typedefs, structures, and compiler characteristics.
	AC_C_CONST
	AC_C_INLINE
	AC_TYPE_SIZE_T
	AC_TYPE_SIGNAL
	AC_DECL_SYS_SIGLIST

	GNUPG_CHECK_ENDIAN


	GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
	GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
	GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
	GNUPG_CHECK_TYPEDEF(u16, HAVE_U16_TYPEDEF)
	GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF)

	AC_CHECK_SIZEOF(unsigned short, 2)
	AC_CHECK_SIZEOF(unsigned int, 4)
	AC_CHECK_SIZEOF(unsigned long, 4)

	if test "$ac_cv_sizeof_unsigned_short" = "0" \
	\|\| test "$ac_cv_sizeof_unsigned_int" = "0" \
	\|\| test "$ac_cv_sizeof_unsigned_long" = "0"; then
	AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
	fi



	dnl Checks for library functions.
	AC_FUNC_VPRINTF
	AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mmap)
	AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit)
	AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime)

	GNUPG_CHECK_MLOCK

	GNUPG_CHECK_IPC
	if test "$ac_cv_header_sys_shm_h" = "yes"; then
	AC_DEFINE(USE_SHM_COPROCESSING)
	fi

	dnl check whether we have a random device
	if test "$try_dev_random" = yes ; then
	AC_CACHE_CHECK(for random device, ac_cv_have_dev_random,
	[if test -c "$NAME_OF_DEV_RANDOM" && test -c "$NAME_OF_DEV_URANDOM" ; then
	ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi])
	if test "$ac_cv_have_dev_random" = yes; then
	AC_DEFINE(HAVE_DEV_RANDOM)
	AC_DEFINE(USE_RNDLINUX)
	fi
	else
	AC_MSG_CHECKING(for random device)
	ac_cv_have_dev_random=no
	AC_MSG_RESULT(has been disabled)
	fi


	dnl setup assembler stuff
	AC_MSG_CHECKING(for mpi assembler functions)
	if test -f $srcdir/mpi/config.links ; then
	. $srcdir/mpi/config.links
	GNUPG_LINK_FILES($mpi_ln_src, $mpi_ln_dst)
	ac_cv_mpi_extra_asm_modules="$mpi_extra_modules"
	ac_cv_mpi_sflags="$mpi_sflags"
	ac_cv_mpi_config_done="yes"
	AC_MSG_RESULT(done)
	else
	AC_MSG_RESULT(failed)
	AC_MSG_ERROR([mpi/config.links missing!])
	fi
	MPI_EXTRA_ASM_OBJS=""
	if test "$ac_cv_mpi_extra_asm_modules" != ""; then
	GNUPG_MSG_PRINT([mpi extra asm functions:])
	for i in $ac_cv_mpi_extra_asm_modules; do
	GNUPG_MSG_PRINT([$i])
	MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.o"
	done
	AC_MSG_RESULT()
	fi
	AC_SUBST(MPI_EXTRA_ASM_OBJS)
	MPI_SFLAGS="$ac_cv_mpi_sflags"
	AC_SUBST(MPI_SFLAGS)

	dnl Do we have zlib? Must do it here because Solaris failed
	dnl when compiling a conftest (due to the "-lz" from LIBS).
	if test "$g10_force_zlib" = "yes"; then
	ZLIBS="../zlib/libzlib.a"
	AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, true)
	GNUPG_LINK_FILES(zlib/zlib.h, zlib.h )
	GNUPG_LINK_FILES(zlib/zconf.h, zconf.h )
	else
	AC_CHECK_HEADERS(zlib.h)
	if test "$ac_cv_header_zlib_h" = yes ; then
	LIBS="$LIBS -lz"
	ZLIBS=
	AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, false)
	else
	ZLIBS="../zlib/libzlib.a"
	AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, true)
	GNUPG_LINK_FILES(zlib/zlib.h, zlib.h )
	GNUPG_LINK_FILES(zlib/zconf.h, zconf.h )
	fi
	fi
	AC_SUBST(ZLIBS)

	GNUPG_DO_LINK_FILES


	AC_OUTPUT([
	Makefile
	intl/Makefile
	po/Makefile.in
	util/Makefile
	mpi/Makefile
	cipher/Makefile
	g10/Makefile
	doc/Makefile
	tools/Makefile
	zlib/Makefile
	checks/Makefile
	])

	dnl -wedit:notab- Please keep this as the last line.
	diff --git a/doc/gpg.1pod b/doc/gpg.1pod
	index 533156cd8..31226651d 100644
	--- a/doc/gpg.1pod
	+++ b/doc/gpg.1pod
	@@ -1,546 +1,546 @@
	=head1 NAME

	gpg, gpgm - GNU Privacy Guard

	=head1 SYNOPSIS

	B<gpg> [--homedir name] [--options file] [options] command [args]

	B<gpgm> [--homedir name] [--options file] [options] command [args]

	=head1 DESCRIPTION

	B<gpg> is the main program for the GnuPG system. B<gpgm> is a maintenance
	tool which has some commands B<gpg> does not have; it is there because
	it does not handle sensitive data and therefore has no need to allocate
	secure memory.

	=head1 COMMANDS

	B<gpg> recognizes these commands:

	B<-s>, B<--sign>
	Make a signature. This option may be combined
	with B<--encrypt>.

	B<--clearsign>
	Make a clear text signature.

	B<-b>, B<--detach-sign>
	Make a detached signature.

	B<-e>, B<--encrypt>
	Encrypt data. This option may be combined with B<--sign>.

	B<-c>, B<--symmetric>
	Encrypt with symmetric cipher only
	This command asks for a passphrase.

	B<--store>
	store only (make a simple RFC1991 packet).

	B<--decrypt> [I<file>]
	Decrypt file (or stdin if no file is specified) and
	write it to stdout (or the file specified with
	B<--output>). If the decrypted file is signed, the
	signature is also verified. This command differs
	from the default operation, as it never writes to the
	filename which is included in the file and it
	rejects files which don't begin with an encrypted
	message.

	B<--verify> [[I<sigfile>] {I<signed-files>}]
	Assume that I<filename> is a signature and verify it
	without generating any output. With no arguments,
	the signature packet is read from stdin (it may be a
	detached signature when not used in batch mode). If
	only a sigfile is given, it may be a complete
	signature or a detached signature, in which case
	the signed stuff is expected in a file without the
	I<.sig> or I<.asc> extension (if such a file does
	not exist it is expected at stdin - use B<-> as
	filename to force a read from stdin). With more than
	1 argument, the first should be a detached signature
	and the remaining files are the signed stuff.

	B<-k> [I<username>] [I<keyring>]
	Kludge to be somewhat compatible with PGP.
	Without arguments, all public keyrings are listed.
	With one argument, only I<keyring> is listed.
	Special combinations are also allowed, but it may
	give strange results when combined with more options.
	B<-kv> Same as B<-k>
	B<-kvv> List the signatures with every key.
	B<-kvvv> Additionally check all signatures.
	B<-kvc> List fingerprints
	B<-kvvc> List fingerprints and signatures

	B<--list-keys> [I<names>]
	List all keys from the public keyrings, or just the
	ones given on the command line.

	B<--list-secret-keys> [I<names>]
	List all keys from the secret keyrings, or just the
	ones given on the command line.

	B<--list-sigs> [I<names>]
	Same as B<--list-keys>, but the signatures are listed
	too.

	B<--check-sigs> [I<names>]
	Same as B<--list-sigs>, but the signatures are verified.

	B<--fingerprint> [I<names>]
	List all keys with their fingerprints. This is the
	same output as B<list-keys> but with the additional output
	of a line with the fingerprint. May also be combined
	with B<--list-sigs> or B<--check-sigs>.

	B<--list-packets>
	List only the sequence of packets. This is mainly
	useful for debugging.

	B<--gen-key>
	Generate a new key pair. This command can only be
	used interactive.


	B<--edit-key> I<name>
	Present a menu which enables you to do all key
	related tasks:
	B<sign>
	Make a signature on key of user I<name>.
	If the key is not yet signed by the default
	user (or the users given with B<-u>), the
	program displays the information of the key
	again, together with its fingerprint and
	asks whether it should be signed. This
	question is repeated for all users specified
	with B<-u>.
	B<trust>
	Change the owner trust value. This updates the
	trust-db immediately and no save is required.
	B<adduid>
	Create an alternate user id.
	B<deluid>
	Delete an user id.
	B<addkey>
	Add a subkey to this key.
	B<delkey>
	Remove a subkey.
	B<expire>
	Change the key expiration time. If a key is
	select, the time of this key will be changed.
	With no selection the key expiration of the
	primary key is changed.
	B<passwd>
	Change the passphrase of the secret key.
	B<uid> I<n>
	Toggle selection of user id with index I<n>.
	Use 0 to deselect all.
	B<key> I<n>
	Toggle selection of subkey with index I<n>.
	Use 0 to deselect all.
	B<check>
	Check all selected user ids.
	B<pref>
	List preferences.
	B<toggle>
	Toggle between public and secret key listing.
	B<save>
	Save all changes to the key rings and quit.
	B<quit>
	Quit the program without updating the
	key rings.
	The listing shows you the key with its secondary
	keys and all user ids. Selected keys or user ids
	indicated by an asterisk. The trust value is
	displayed with the primary key: The first one is the
	assigned owner trust and the second the calculated
	trust value; letters are used for the values:
	B<-> No ownertrust assigned / not yet calculated.
	B<e> Trust calculation has failed.
	B<q> Not enough information for calculation.
	B<n> Never trust this key.
	B<m> Marginally trusted.
	B<f> Fully trusted.
	B<u> Ultimately trusted


	B<--delete-key>
	Remove key from the public keyring

	B<--delete-secret-key>
	Remove key from the secret and public keyring

	B<--gen-revoke>
	Generate a revocation certificate.

	B<--export> [I<names>]
	Either export all keys from all keyrings (default
	keyrings and those registered via option B<--keyring>),
	or if at least one name is given, those of the given
	name. The new keyring is written to F<stdout> or to
	the file given with option "output". Use together
	with B<-a> to mail those keys.

	B<--export-all> [I<names>]
	Same as B<--export> but does also export keys which
	are not compatible to OpenPGP.

	-B<--export-secret-keys> [I<names>
	+B<--export-secret-keys> [I<names>]
	Same as B<--export>, but does export the secret keys.
	This is normally not very useful.

	B<--import>, B<--fast-import>
	Import/merge keys. The fast version does not build
	the trustdb; this can be deon at anytime with the
	command B<--update-trustdb>.

	B<--export-ownertrust>
	List the assigned ownertrust values in ascii format
	for backup purposes [B<gpgm> only].

	B<--import-ownertrust> [I<filename>]
	Update the trustdb with the ownertrust values stored
	in I<filename> (or stdin if not given); existing
	values will be overwritten. [B<gpgm> only].

	=head1 OPTIONS

	Long options can be put in an options file (default F<~/.gnupg/options>);
	do not write the 2 dashes, but simply the name of the option and any
	arguments if required. Lines with a hash as the first non-white-space
	character are ignored. Commands may be put in this file too, but that
	does not make sense.

	B<gpg> recognizes these options:


	B<-a>, B<--armor>
	Create ASCII armored output.

	B<-o> I<file>, B<--output> I<file>
	Write output to I<file>.

	B<-u> I<name>, B<--local-user> I<name>
	Use I<name> as the user-id to sign.
	This option is silently ignored for the list commands,
	so that it can be used in an options file.

	B<--default-key> I<name>
	Use I<name> as default user-id for signatures. If this
	is not used the default user-id is the first user-id
	from the secret keyring.

	B<--trusted-key> I<keyid>
	Assume that the key with the I<keyid> (which must be
	a full (8 byte) keyid) is as trustworthy as one of
	your own secret keys. This may be used to make keys
	valid which are not directly ceritified by you but
	by a CA you trust. The advantage of this option is
	that it shortens the path of certification.

	You may also use this option to skip the verification
	of your own secret keys which is normally done every
	time GnuPG starts up: Use for I<keyid> the one of
	your key.

	B<-r> I<name>, B<--remote-user> I<name>
	Use I<name> as the user-id for encryption.
	This option is silently ignored for the list commands,
	so that it can be used in an options file.

	B<-v>, B<--verbose>
	Give more information during processing. If used
	twice, the input data is listed in detail.

	B<-q>, B<--quiet>
	Be somewhat more quiet in some cases.

	B<-z> I<n>
	Set compress level to I<n>. A value of 0 for I<n>
	disables compression. Default is to use the default
	compression level of zlib (which is 6).

	B<-t>, B<--textmode>
	Use canonical text mode. If B<-t> (but not
	B<--textmode>) is used together with armoring
	and signing, this enables clearsigned messages.
	This kludge is needed for PGP compatibility;
	normally you would use B<--sign> or B<--clearsign>
	to selected the type os signatures.

	B<-n>, B<--dry-run>
	Don't make any changes (not yet implemented).

	B<--batch>
	Batch mode; never ask, do not allow interactive
	commands.

	B<--no-batch>
	Disable batch mode; this may be used if B<batch>
	is used in the options file.

	B<--yes>
	Assume "yes" on most questions.

	B<--no>
	Assume "no" on most questions.

	B<--keyring> I<file>
	Add I<file> to the list of keyrings.
	If I<file> begins with a tilde and a slash, these
	are replaced by the HOME directory. If the filename
	does not contain a slash, it is assumed to be in the
	home-directory (F<~/.gnupg> if B<--homedir>) is not used.
	The filename may be prefixed with a scheme:
	"gnupg-ring:" is the default one.
	"gnupg-gdbm:" may be used for a GDBM ring.

	B<--secret-keyring> I<file>
	Same as B<--keyring> but for secret keyrings.


	B<--homedir> I<dir>
	Set the name of the home directory to I<dir>. If this
	option is not used it defaults to F<~/.gnupg>. It does
	not make sense to use this in a options file. This
	also overrides the environment variable C<GNUPGHOME>.

	B<--charset> I<name>
	Set the name of the native character set. This is used
	to convert some strings to proper UTF-8 encoding.
	Valid values for I<name> are:
	B<iso-8859-1> This is the default.
	B<koi8-r> The usual Russian set (rfc1489).

	B<--options> I<file>
	Read options from I<file> and do not try to read
	them from the default options file in the homedir
	(see B<--homedir>). This option is ignored when used
	in an options file.

	B<--no-options>
	Shortcut for B<--options> I</dev/null>. This option is
	detected before an attempt to open an option file.

	B<--load-extension> I<modulename>
	Load an extension module. If I<modulename> does not
	contain a slash it is searched in B</usr/local/lib/gnupg>
	See the manual for more information about extensions.

	B<--debug> I<flags>
	Set debugging flags. All flags are or-ed and I<flags> may
	be given in C syntax (e.g. 0x0042).

	B<--debug-all>
	Set all useful debugging flags.

	B<--status-fd> I<n>
	Write special status strings to the file descriptor I<n>.

	B<--no-comment>
	Do not write comment packets. This option affects only
	the generation of secret keys. Output of option packets
	is disabled since version 0.4.2.

	B<--comment> I<string>
	Use I<string> as comment string in clear text signatures.

	B<--set-filename> I<string>
	Use I<string> as the name of file which is stored in
	messages.

	B<--completes-needed> I<n>
	Number of completely trusted users to introduce a new
	key signator (defaults to 1).

	B<--marginals-needed> I<n>
	Number of marginally trusted users to introduce a new
	key signator (defaults to 3)

	B<--max-cert-depth> I<n>
	Maximum depth of a certification chain (default is 5).

	B<--cipher-algo> I<name>
	Use I<name> as cipher algorithm. Running the program
	with the command B<--version> yields a list of supported
	algorithms. If this is not used the cipher algorithm is
	selected from the preferences stored with the key.

	B<--digest-algo> I<name>
	Use I<name> as message digest algorithm. Running the
	program with the command B<--version> yields a list of
	supported algorithms. Please note that using this
	option may violate the OpenPGP requirement, that a
	160 bit hash is to be used for DSA.

	B<--s2k-cipher-algo> I<name>
	Use I<name> as the cipher algorithm used to protect secret
	keys. The default cipher is BLOWFISH. This cipher is
	also used for conventional encryption if B<--cipher-algo>
	is not given.

	B<--s2k-digest-algo> I<name>
	Use I<name> as the digest algorithm used to mangle the
	passphrases. The default algorithm is RIPE-MD-160.
	This digest algorithm is also used for conventional
	encryption if B<--digest-algo> is not given.

	B<--s2k-mode> I<number>
	Selects how passphrases are mangled: A number of I<0>
	uses the plain passphrase (which is not recommended),
	a I<1> (default) adds a salt to the passphrase and
	I<3> interates the whole process a couple of times.
	Unless -B<--rfc1991> is used, this mode is also used
	for conventional encryption.

	B<--compress-algo> I<number>
	Use compress algorithm I<number>. Default is I<2> which is
	RFC1950 compression; you may use I<1> to use the old zlib
	version which is used by PGP. This is only used for
	new messages. The default algorithm may give better
	results because the window size is not limited to 8K.
	If this is not used the OpenPGP behaviour is used; i.e.
	the compression algorith is selected from the preferences.

	B<--digest-algo> I<name>
	Use I<name> as message digest algorithm. Running the
	program with the command B<--version> yields a list of
	supported algorithms.


	B<--throw-keyid>
	Do not put the keyid into encrypted packets. This option
	hides the receiver of the message and is a countermeasure
	against traffic analysis. It may slow down the decryption
	process because all available secret keys are tried.

	B<--not-dash-escaped>
	This option changes the behaviour of cleartext signature
	so that they can be used for patch files. You should not
	send such an armored file via email because all spaces
	and line endings are hashed too. You can not use this
	option for data which has 5 dashes somewhere at the
	beginning of a line - patch files don't have this.
	A special armor header line tells GnuPG about this
	cleartext signature framework.

	B<--escape-from-lines>
	Because some mailers change lines starting with "From "
	to ">From " it is good to handle such lines in a special
	way when creating cleartext signatures; all other PGP
	versions do it this way too. Because this would violate
	rfc2440, this option is not enabled per default.

	B<--passphrase-fd> I<n>
	Read the passphrase from file descriptor I<n>. If you use
	0 for I<n>, the passphrase will be read from stdin. This
	can only be used if only one passphrase is supplied.
	B<Don't use this option if you can avoid it>

	B<--rfc1991>
	Try to be more RFC1991 (PGP 2.x) compliant.

	B<--force-v3-sigs>
	OpenPGP states that a implemenation should generate
	v4 signatures but PGP 5.x does only recognize such
	signatures on key material. This options forces
	v3 signatures for signatures on data.

	B<--lock-once>
	Lock the file the first time a lock is requested
	and do not release the lock until the process
	terminates.

	B<--no-verbose>
	Reset verbose level to 0.

	B<--no-greeting>
	Suppress the initial copyright message but do not
	enter batch mode.

	B<--no-armor>
	Assume the input data is not in ASCII armored format.

	B<--no-default-keyring>
	Do not add the default keyrings to the list of
	keyrings.

	B<--skip-verify>
	Skip the signature verification step. This may be
	used to make the encryption faster if the signature
	verification is not needed.

	B<--version>
	Print version information along with a list
	of supported algorithms.

	B<--with-colons>
	Print key listings delimited by colons.

	B<--warranty>
	Print warranty information.

	B<-h>, B<--help>
	Print usage information.


	=head1 RETURN VALUE

	The Program returns 0 if everything was fine, 1 if at least
	a signature was bad and other errorcode for fatal errors.

	=head1 EXAMPLES

	-se -r Bob [file] sign and encrypt for user Bob
	-sat [file] make a clear text signature
	-sb [file] make a detached signature
	-k [userid] show keys
	-kc [userid] show fingerprint

	=head1 ENVIRONMENT

	C<HOME> Used to locate the default home directory.
	C<GNUPGHOME> If set directory used instead of F<~/.gnupg>.

	=head1 FILES

	F<~/.gnupg/secring.gpg> The secret keyring
	F<~/.gnupg/secring.gpg.lock> and the lock file

	F<~/.gnupg/pubring.gpg> The public keyring
	F<~/.gnupg/pubring.gpg.lock> and the lock file

	F<~/.gnupg/trustdb.gpg> The trust database
	F<~/.gnupg/trustdb.gpg.lock> and the lock file

	F<~/.gnupg/options> May contain options
	F</usr[/local]/share/gnupg/options.skel> Skeleton file

	F</usr[/local]/lib/gnupg/> Default location for extensions

	=head1 SEE ALSO

	gpg(1) gpgm(1)


	=head1 WARNINGS

	Use a B<good> password for your user account and a B<good> passphrase
	to protect your secret key. This passphrase is the weakest part of the
	whole system. Programs to do dictionary attacks on your secret keyring
	are very easy to write and so you should protect your B<~/.gnupg/>
	directory very good.

	Keep in mind that, if this program is used over a network (telnet), it
	is B<very> easy to spy out your passphrase!

	=head1 BUGS

	On many systems this program should be installed as setuid(root); this
	is necessary to lock some pages of memory. If you get no warning message
	about insecure memory your OS kernel supports locking without being root;
	setuid is dropped as soon as this memory is allocated.

	diff --git a/scripts/gnupg.spec b/scripts/gnupg.spec
	index 34a8c2005..008abd168 100644
	--- a/scripts/gnupg.spec
	+++ b/scripts/gnupg.spec
	@@ -1,84 +1,91 @@
	#
	# gnupg -- gnu privacy guard
	# This is a template. The dist target uses it to create the real file.
	#
	%define version @pkg_version@
	%define name gnupg
	Summary: GPL public key crypto
	Name: %{name}
	Version: %{version}
	Release: 1
	Copyright: GPL
	Group: Applications/Cryptography
	Source: ftp://ftp.gnupg.org/pub/gcrypt/%{name}-%{version}.tar.gz
	URL: http://www.gnupg.org
	Provides: gpg openpgp
	BuildRoot: /tmp/rpmbuild_%{name}

	%changelog
	+* Sat Jan 02 1999 Fabio Coatti <cova@felix.unife.it>
	+- Added pl language file.
	+- Included g10/pubring.asc in documentation files.
	+
	* Sat Dec 19 1998 Fabio Coatti <cova@felix.unife.it>
	- Modified the spec file provided by Caskey L. Dickson <caskey-at-technocage.com>
	- Now it can be built also by non-root. Installation has to be done as
	root, gpg is suid.
	- Added some changes by Ross Golder <rossigee@bigfoot.com>
	- Updates for version 0.4.5 of GnuPG (.mo files)

	%description
	GnuPG is a complete and free replacement for PGP. Because it does not
	use IDEA or RSA it can be used without any restrictions. GnuPG is in
	compliance with the OpenPGP specification (RFC2440).

	%description -l it
	GnuPG è un sostituto completo e gratuito per il PGP. Non utilizzando
	IDEA o RSA può essere utilizzato senza restrizioni. GnuPG è conforme
	alle specifiche OpenPGP (RFC2440).

	%prep
	rm -rf $RPM_BUILD_ROOT
	rm -rf $RPM_BUILD_DIR/%{name}-%{version}

	%setup

	%build
	CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr
	make

	%install
	make install-strip prefix=$RPM_BUILD_ROOT/usr
	rm $RPM_BUILD_ROOT/usr/man/man1/gpgm.1
	cd $RPM_BUILD_ROOT/usr/man/man1/
	ln -s gpg.1 gpgm.1

	%files

	%doc %attr (-,root,root) INSTALL
	%doc %attr (-,root,root) AUTHORS
	%doc %attr (-,root,root) COPYING
	%doc %attr (-,root,root) ChangeLog
	%doc %attr (-,root,root) NEWS
	%doc %attr (-,root,root) README
	%doc %attr (-,root,root) THANKS
	%doc %attr (-,root,root) TODO
	%doc %attr (-,root,root) doc/DETAILS
	%doc %attr (-,root,root) doc/FAQ
	%doc %attr (-,root,root) doc/HACKING
	%doc %attr (-,root,root) doc/OpenPGP
	+%doc %attr (-,root,root) g10/pubring.asc

	%attr (-,root,root) /usr/man/man1/gpg.1
	%attr (-,root,root) /usr/man/man1/gpgm.1
	%attr (4755,root,root) /usr/bin/gpg
	%attr (755,root,root) /usr/bin/gpgm
	-#%attr (-,root,root) /usr/share/locale/en/LC_MESSAGES/%{name}.mo
	+
	%attr (-,root,root) /usr/share/locale/de/LC_MESSAGES/%{name}.mo
	%attr (-,root,root) /usr/share/locale/it/LC_MESSAGES/%{name}.mo
	%attr (-,root,root) /usr/share/locale/fr/LC_MESSAGES/%{name}.mo
	%attr (-,root,root) /usr/share/locale/ru/LC_MESSAGES/%{name}.mo
	%attr (-,root,root) /usr/share/locale/es_ES/LC_MESSAGES/%{name}.mo
	%attr (-,root,root) /usr/share/locale/pt_BR/LC_MESSAGES/%{name}.mo
	+%attr (-,root,root) /usr/share/locale/pl/LC_MESSAGES/%{name}.mo
	+

	%attr (-,root,root) /usr/lib/%{name}
	%attr (-,root,root) /usr/share/%{name}

	%clean
	rm -rf $RPM_BUILD_ROOT
	rm -rf $RPM_BUILD_DIR/%{name}-%{version}
	diff --git a/util/ChangeLog b/util/ChangeLog
	index f789bde53..217d92ee1 100644
	--- a/util/ChangeLog
	+++ b/util/ChangeLog
	@@ -1,226 +1,233 @@
	+Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
	+
	+ * dotlock.c (make_dotlock): print another informal message.
	+
	+ (make_dotlock): Removed the cpp checks.
	+
	+
	Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* secmem.c: Moved unistd.h out of the #ifdef

	* dotlock.c (make_dotlock): Sun has no SYS_NMLN

	* iobuf.c (iobuf_unget_and_close_temp): Reset .start

	Sat Dec 12 18:40:32 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* argparse.c (arg_pars): fixed opts[i] with negative index.

	Fri Nov 27 21:37:41 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* dotlock.c: Implemented

	Wed Nov 25 11:30:07 1998 Werner Koch (wk@isil.d.shuttle.de)

	* iobuf.c (iobuf_pop_filter): Fixed sigsegv after error.

	Thu Nov 19 07:09:55 1998 Werner Koch <werner.koch@guug.de>

	* miscutil.c (strtimevalue): New.

	Tue Nov 10 10:01:53 1998 Werner Koch (wk@isil.d.shuttle.de)

	* strgutil.c (set_native_charset): New.
	(native_to_utf8): Now handles koi8-r.

	Tue Nov 3 16:17:56 1998 Werner Koch (wk@isil.d.shuttle.de)

	* strgutil.c (native_to_utf8): New.
	(utf8_to_native): New, but only as a stub.

	* argparse.c (optfile_parse): Trimmed spaces from args.


	Wed Oct 28 08:01:49 1998 me,,, (wk@tobold)

	* argparse.c (find_long_option): New.
	(arg_parse): option=value is now allowed. Add a new internal
	option "--dump-options".

	Thu Oct 22 16:25:49 1998 Michael Roth (mroth@nessie.de)

	* fileutil.c (make_basename): New.
	(make_dirname): New.

	Wed Oct 21 12:20:29 1998 Werner Koch (wk@isil.d.shuttle.de)

	* util.c (iobuf_flush): autoincreasing of a temp. iobuf
	(iobuf_temp_with_content): New.

	Tue Oct 13 12:40:13 1998 Werner Koch (wk@isil.d.shuttle.de)

	* util.c (.nofast): set this variable

	Wed Oct 7 19:27:50 1998 Werner Koch (wk@isil.d.shuttle.de)

	* memory.c (m_print_stats): New.

	Tue Oct 6 09:53:56 1998 Werner Koch (wk@isil.d.shuttle.de)

	* strgutil.c (memicmp): Add HAVE_MEMICMP.

	Mon Sep 21 19:45:01 1998 Werner Koch (wk@(none))

	* secmem.c: New flags to allow suspend/resume of warnings.

	Fri Sep 18 16:25:47 1998 Werner Koch (wk@(none))

	* secmem.c (lock_pool): Kludge for broken mlock on HPUX 10.20

	Tue Sep 15 17:52:21 1998 Werner Koch (wk@(none))

	* miscutil.c (asctimestamp): New.

	Mon Sep 14 09:38:18 1998 Werner Koch (wk@(none))

	* secmem.c (init_pool): Now mmaps /dev/zero if we do not have MAP_ANON.

	Wed Sep 9 13:52:28 1998 Werner Koch (wk@(none))

	* ttyio.c (do_get): Ctrl-D is now a valid but special character

	Mon Sep 7 13:52:41 1998 Werner Koch (wk@(none))

	* iobuf.c (get_real_fname): New and changed file_filter datastructures
	and their initialization.

	Tue Aug 11 15:12:35 1998 Werner Koch (wk@(none))

	* miscutil.c (answer_is_yes): i18ned

	Sat Aug 8 18:35:00 1998 Werner Koch (wk@(none))

	* ttyio.c (cleanup): New.

	Mon Aug 3 17:06:00 1998 Werner Koch (wk@(none))

	* secmem.c (MAP_ANON): Add a macro test

	Wed Jul 29 14:53:34 1998 Werner Koch (wk@(none))

	* ttyio.c (tty_get_answer_is_yes): New.

	Tue Jul 21 10:35:48 1998 Werner Koch (wk@(none))

	* argparse.c: New option flag to distinguish options and commands.

	Sat Jul 18 19:49:30 1998 Werner Koch (wk@(none))

	* argparse.c (arg_parse): Added -? as alias for -h

	Thu Jul 9 14:47:20 1998 Werner Koch (wk@isil.d.shuttle.de)

	* secmem.c (secmem_init): Drops setuid if called with 0.

	Tue Jul 7 11:49:25 1998 Werner Koch (wk@isil.d.shuttle.de)

	* logger.c (log_set_filename): New.

	Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de)

	* strgutil.c (append_to_strlist): New.

	Thu Jul 2 15:55:44 1998 Werner Koch (wk@isil.d.shuttle.de)

	* iobuf.c (block_filter): Add writing of OP partial length headers.

	Fri Jun 26 10:38:35 1998 Werner Koch (wk@isil.d.shuttle.de)

	* ttyio.c (do_get): all iso8859-1 characters are now allowed.

	Thu Jun 25 15:57:21 1998 Werner Koch (wk@isil.d.shuttle.de)

	* secmem.c (lock_pool): Removed left over test code.

	Wed Jun 10 07:39:41 1998 Werner Koch,mobil,,, (wk@tobold)

	* fileutil.c (compare_filenames): New.

	* argparse.c (arg_parse): New flag bit 6 to ignore --version

	Thu May 14 16:45:13 1998 Werner Koch (wk@isil.d.shuttle.de)

	* argparse.c (show_help): Add some formatting stuff

	Fri May 8 17:06:49 1998 Werner Koch (wk@isil.d.shuttle.de)

	* errors.c (strerror): New if !HAVE_STRERROR

	Mon May 4 19:48:03 1998 Werner Koch (wk@isil.d.shuttle.de)

	* iobuf.c (iobuf_read): Code is now faster.
	* (iobuf_write): ditto.

	Mon Apr 27 11:01:32 1998 Werner Koch (wk@isil.d.shuttle.de)

	* strgutil.c (memicmp): New.

	Thu Mar 19 11:29:03 1998 Werner Koch (wk@isil.d.shuttle.de)

	* strgutil.c (memistr): Add const to return and first arg.

	Sat Mar 7 11:54:35 1998 Werner Koch (wk@isil.d.shuttle.de)

	* miscutil.c (print_string): New arg delim; changed all callers.

	Thu Mar 5 12:19:30 1998 Werner Koch (wk@isil.d.shuttle.de)

	* errors.c: New strings.

	Thu Mar 5 12:06:31 1998 Werner Koch (wk@isil.d.shuttle.de)

	* iobuf.c (iobuf_open): A name of "-" now opens stdin.
	* fileutil.c (print_fname_stdout, print_fname_stdin): New.

	Fri Feb 27 10:20:03 1998 Werner Koch (wk@isil.d.shuttle.de)

	* memory.c (m_is_secure): Removed.
	* secmem.c (m_is_secure): Moved to here.

	* secmem.c (secmem_realloc): New.
	* memory.c (M_GUARD,EXTRA_ALIGN): New (all functions).

	Thu Feb 26 14:36:51 1998 Werner Koch (wk@isil.d.shuttle.de)

	* secmem.c (lock_pool): No error if EAGAIN is returned instead
	of EPERM.

	Fri Feb 20 17:43:05 1998 Werner Koch (wk@isil.d.shuttle.de)

	* ttyio.c [MINGW32]: Add support for mingw32.

	Tue Feb 17 19:43:44 1998 Werner Koch (wk@isil.d.shuttle.de)

	* memory.c (dump_table_at_exit): New.

	Mon Feb 16 10:07:28 1998 Werner Koch (wk@isil.d.shuttle.de)

	* argparse.c (show_version, show_help, default_strusage): Changed
	according to GNU standards.

	Mon Feb 16 08:58:25 1998 Werner Koch (wk@isil.d.shuttle.de)

	* iobuf.c (iobuf_peek): New

	Fri Feb 13 19:34:59 1998 Werner Koch (wk@isil.d.shuttle.de)

	* iobuf.c (iobuf_seek): Set counters to new offset.

	Fri Feb 13 17:13:04 1998 Werner Koch (wk@isil.d.shuttle.de)

	* logger.c (log_set_name, log_get_name): New.
	(print_prefix, pgm_name): New, changed all function to make use it.
	(log_mpidump): Removed the "DBG" prefix.
	(log_hexdump): Ditto.

	* logger.c (printstr): Removed.

	Fri Feb 13 15:14:13 1998 Werner Koch (wk@isil.d.shuttle.de)

	* argparse.c (show_help): New '\v' kludge.


	diff --git a/util/dotlock.c b/util/dotlock.c
	index 69a38d696..620d8cdeb 100644
	--- a/util/dotlock.c
	+++ b/util/dotlock.c
	@@ -1,242 +1,244 @@
	/* dotlock.c - dotfile locking
	* Copyright (C) 1998 Free Software Foundation, Inc.
	*
	* This file is part of GnuPG.
	*
	* GnuPG is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License as published by
	* the Free Software Foundation; either version 2 of the License, or
	* (at your option) any later version.
	*
	* GnuPG is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program; if not, write to the Free Software
	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	*/

	#include <config.h>
	#include <stdlib.h>
	#include <string.h>
	#include <errno.h>
	#include <ctype.h>
	#include <errno.h>
	#include <unistd.h>
	#include <sys/utsname.h>
	#include <sys/types.h>
	#include <sys/time.h>
	#include <sys/stat.h>
	#include <fcntl.h>
	#include "types.h"
	#include "util.h"
	#include "memory.h"


	static int read_lockfile( const char *name );

	/****************
	* Create a lockfile with the given name. A TIMEOUT of 0
	* returns immediately, -1 waits forever (hopefully not), other
	* values are timeouts in milliseconds.
	* Returns: a char pointer used as handle for release lock
	* or NULL in case of an error.
	*
	* Notes: This function creates a lock file in the same directory
	* as file_to_lock with the name "file_to_lock.lock"
	* A temporary file ".#lk.<hostname>.pid[.threadid] is used.
	* This function does nothing for Windoze.
	*/
	const char *
	make_dotlock( const char *file_to_lock, long timeout )
	{
	int fd=-1, pid;
	char pidstr[16];
	const char *handle = NULL;
	char *lockname = NULL;
	char *tname = NULL;
	int have_tfile = 0;
	struct utsname uts;
	+ const char *nodename;
	const char *dirpart;
	int dirpartlen;
	+ const char *maybe_dead="";
	+ int backoff=0;

	sprintf( pidstr, "%10d\n", getpid() );
	/* fixme: add the hostname to the second line (FQDN or IP addr?) */

	/* create a temporary file */
	- #if defined(SYS_NMLN) && SYS_NMLN < 8
	- #error Aiiih
	- #elif !defined(SYS_NMLN) && MAXHOSTNAMELEN < 8
	- /* (SunOS uses a structure of size MAXHOSTNAMELEN) */
	- #error Aiiih
	- #endif
	if( uname( &uts ) )
	- strcpy( uts.nodename, "unknown" );
	+ nodename = "unknown";
	+ else
	+ nodename = uts.nodename;

	if( !(dirpart = strrchr( file_to_lock, '/' )) ) {
	dirpart = ".";
	dirpartlen = 1;
	}
	else {
	dirpartlen = dirpart - file_to_lock;
	dirpart = file_to_lock;
	}

	#ifdef _THREAD_SAFE
	- tname = m_alloc( dirpartlen + 6 + strlen(uts.nodename) + 11+ 20 );
	+ tname = m_alloc( dirpartlen + 6 + strlen(nodename) + 11+ 20 );
	sprintf( tname, "%.*s/.#lk.%s.%d.%p",
	- dirpartlen, dirpart, uts.nodename, getpid(), &pid );
	+ dirpartlen, dirpart, nodename, getpid(), &pid );
	#else
	- tname = m_alloc( dirpartlen + 6 + strlen(uts.nodename) + 11 );
	+ tname = m_alloc( dirpartlen + 6 + strlen(nodename) + 11 );
	sprintf( tname, "%.*s/.#lk.%s.%d",
	- dirpartlen, dirpart, uts.nodename, getpid() );
	+ dirpartlen, dirpart, nodename, getpid() );
	#endif
	do {
	errno = 0;
	fd = open( tname, O_WRONLY\|O_CREAT\|O_EXCL,
	S_IRUSR\|S_IRGRP\|S_IROTH\|S_IWUSR );
	} while( fd == -1 && errno == EINTR );
	if( fd == -1 ) {
	log_error( "failed to create temporary file `%s': %s\n",
	tname, strerror(errno));
	goto leave;
	}
	have_tfile = 1;
	if( write(fd, pidstr, 11 ) != 11 ) {
	log_fatal( "error writing to `%s': %s\n", tname, strerror(errno) );
	goto leave;
	}
	if( close(fd) ) {
	log_error( "error closing `%s': %s\n", tname, strerror(errno));
	goto leave;
	}
	fd = -1;

	lockname = m_alloc( strlen(file_to_lock) + 6 );
	strcpy(stpcpy(lockname, file_to_lock), ".lock");

	retry:
	if( !link(tname, lockname) ) {/* fixme: better use stat to check the link count */
	handle = lockname;
	lockname = NULL;
	}
	else if( errno == EEXIST ) {
	if( (pid = read_lockfile(lockname)) == -1 ) {
	if( errno == ENOENT ) {
	log_info( "lockfile disappeared\n");
	goto retry;
	}
	log_info("cannot read lockfile\n");
	}
	else if( pid == getpid() ) {
	log_info( "Oops: lock already hold by us\n");
	handle = lockname;
	lockname = NULL;
	}
	- #if 0 /* we should not do this without checking the permissions */
	- /* and the hostname */
	else if( kill(pid, 0) && errno == ESRCH ) {
	+ maybe_dead = " - probably dead";
	+ #if 0 /* we should not do this without checking the permissions */
	+ /* and the hostname */
	log_info( "removing stale lockfile (created by %d)", pid );
	remove( lockname );
	goto retry;
	+ #endif
	}
	- #endif
	if( timeout == -1 ) {
	struct timeval tv;
	- log_info( "waiting for lock (hold by %d) ...\n", pid );
	+ log_info( "waiting for lock (hold by %d%s) ...\n", pid, maybe_dead );
	/* can't use sleep, cause signals may be blocked */
	- tv.tv_sec = 1;
	+ tv.tv_sec = 1 + backoff;
	tv.tv_usec = 0;
	select(0, NULL, NULL, NULL, &tv);
	+ if( backoff < 10 )
	+ backoff++ ;
	goto retry;
	}
	/* fixme: implement timeouts */
	}
	else
	log_error( "lock not made: link() failed: %s\n", strerror(errno) );

	leave:
	if( fd != -1 )
	close(fd);
	if( have_tfile )
	remove(tname);
	m_free(tname);
	m_free(lockname);
	return handle;
	}

	/****************
	* Create a lockfile for a existing file
	* Returns: a char pointer used as handle for release lock
	* or NULL in case of an error.
	*
	* Notes: This function creates a lock file in the same directory
	* as file_to_lock with the name "lock.<inode-no>"
	*
	* int
	* make_inodelock( const char *file_to_lock )
	*
	*/




	/****************
	* release a lock
	* Returns: 0 := success
	*/
	int
	release_dotlock( const char *lockfile )
	{
	int pid = read_lockfile( lockfile );
	if( pid == -1 ) {
	log_error( "release_dotlock: lockfile error");
	return -1;
	}
	if( pid != getpid() ) {
	log_error( "release_dotlock: not our lock (pid=%d)", pid);
	return -1;
	}
	if( remove( lockfile ) ) {
	log_error( "release_dotlock: error removing lockfile `%s'",
	lockfile);
	return -1;
	}
	m_free( (char*)lockfile );
	return 0;
	}


	/****************
	* Read the lock file and return the pid, returns -1 on error.
	*/
	static int
	read_lockfile( const char *name )
	{
	int fd, pid;
	char pidstr[16];

	if( (fd = open(name, O_RDONLY)) == -1 ) {
	int e = errno;
	log_debug("error opening lockfile `%s': %s\n", name, strerror(errno) );
	errno = e;
	return -1;
	}
	if( read(fd, pidstr, 10 ) != 10 ) {
	log_debug("error reading lockfile `%s'", name );
	close(fd);
	errno = 0;
	return -1;
	}
	close(fd);
	pid = atoi(pidstr);
	if( !pid \|\| pid == -1 ) {
	log_error("invalid pid %d in lockfile `%s'", pid, name );
	errno = 0;
	return -1;
	}
	return pid;
	}

File Metadata

Mime Type: text/x-diff
Expires: Tue, Apr 22, 3:55 AM (22 h, 46 m)
Storage Engine: local-disk
Storage Format: Raw Data
Storage Handle: c2/66/a85d91f77b64072ed50228531a18

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions