From b008274afdbe375b32a7e66dbd073e200f6f0587 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 4 Feb 2011 12:57:53 +0100 Subject: [PATCH] Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again. --- AUTHORS | 8 +- Makefile.am | 17 +- README.GIT | 4 +- README.maint | 10 +- THANKS | 8 +- agent/Makefile.am | 12 +- agent/agent.h | 22 +-- agent/cache.c | 11 +- agent/call-pinentry.c | 64 ++++---- agent/call-scd.c | 46 +++--- agent/command-ssh.c | 124 +++++++-------- agent/command.c | 167 ++++++++++--------- agent/cvt-openpgp.h | 4 +- agent/divert-scd.c | 35 ++-- agent/findkey.c | 66 ++++---- agent/genkey.c | 42 ++--- agent/gpg-agent.c | 180 ++++++++++----------- agent/keyformat.txt | 22 +-- agent/learncard.c | 38 +++-- agent/pkdecrypt.c | 6 +- agent/pksign.c | 36 ++--- agent/preset-passphrase.c | 18 +-- agent/protect-tool.c | 65 ++++---- agent/t-protect.c | 12 +- agent/trustlist.c | 44 ++--- agent/w32main.c | 28 ++-- am/cmacros.am | 13 +- common/Makefile.am | 16 +- common/README.jnlib | 6 +- common/argparse.h | 8 +- common/asshelp.c | 69 ++++---- common/audit.c | 77 +++++---- common/audit.h | 14 +- common/b64dec.c | 21 ++- common/b64enc.c | 29 ++-- common/dns-cert.c | 10 +- common/dotlock.c | 61 ++++--- common/dynload.h | 2 +- common/estream-printf.c | 190 +++++++++++----------- common/estream-printf.h | 10 +- common/estream.c | 190 +++++++++++----------- common/estream.h | 2 +- common/exaudit.awk | 2 +- common/exechelp-posix.c | 32 ++-- common/exechelp-w32.c | 56 +++---- common/exechelp-w32ce.c | 56 +++---- common/exechelp.h | 12 +- common/exstatus.awk | 3 +- common/gc-opt-flags.h | 2 +- common/get-passphrase.c | 22 +-- common/gettime.c | 48 +++--- common/gpgrlhelp.c | 4 - common/helpfile.c | 18 +-- common/homedir.c | 46 +++--- common/http.c | 80 +++++----- common/http.h | 14 +- common/i18n.c | 2 +- common/i18n.h | 4 +- common/init.c | 12 +- common/iobuf.c | 56 +++---- common/iobuf.h | 2 +- common/localename.c | 7 +- common/logging.c | 55 ++++--- common/logging.h | 5 - common/membuf.c | 5 +- common/membuf.h | 10 +- common/miscellaneous.c | 15 +- common/mischelp.c | 11 +- common/mkerrors | 6 +- common/mkerrtok | 8 +- common/mkstrtable.awk | 4 +- common/openpgpdefs.h | 12 +- common/percent.c | 13 +- common/pka.c | 16 +- common/session-env.c | 20 ++- common/session-env.h | 6 +- common/sexp-parse.h | 6 +- common/sexputil.c | 20 +-- common/signal.c | 14 +- common/simple-pwquery.c | 70 ++++---- common/simple-pwquery.h | 8 +- common/srv.c | 54 +++---- common/status.c | 4 +- common/stringhelp.c | 73 +++++---- common/stringhelp.h | 2 +- common/strlist.c | 9 +- common/strlist.h | 2 +- common/sysutils.c | 29 ++-- common/t-b64.c | 3 +- common/t-convert.c | 33 ++-- common/t-exechelp.c | 5 +- common/t-gettime.c | 3 +- common/t-helpfile.c | 3 +- common/t-percent.c | 25 ++- common/t-session-env.c | 17 +- common/t-sexputil.c | 11 +- common/t-stringhelp.c | 21 ++- common/t-support.c | 3 - common/t-sysutils.c | 1 - common/t-timestuff.c | 13 +- common/t-w32-reg.c | 1 - common/tlv.c | 13 +- common/tlv.h | 2 +- common/ttyio.c | 14 +- common/types.h | 4 +- common/userids.c | 70 ++++---- common/utf8conv.c | 76 ++++----- common/w32-afunix.c | 10 +- common/w32-reg.c | 46 +++--- common/xmalloc.c | 1 - common/xreadline.c | 8 +- common/yesno.c | 5 +- dirmngr/Makefile.am | 8 +- dirmngr/OAUTHORS | 2 - dirmngr/ONEWS | 2 +- dirmngr/cdblib.c | 20 +-- dirmngr/certcache.c | 89 +++++------ dirmngr/certcache.h | 2 +- dirmngr/crlcache.c | 245 ++++++++++++++-------------- dirmngr/crlcache.h | 8 +- dirmngr/crlfetch.c | 22 +-- dirmngr/dirmngr-client.c | 48 +++--- dirmngr/dirmngr.h | 14 +- dirmngr/dirmngr_ldap.c | 37 +++-- dirmngr/get-path.c | 50 +++--- dirmngr/ks-action.c | 3 +- dirmngr/ks-engine-hkp.c | 24 +-- dirmngr/ldap-url.c | 9 +- dirmngr/ldap-wrapper-ce.c | 14 +- dirmngr/ldap-wrapper.c | 34 ++-- dirmngr/ldap.c | 48 +++--- dirmngr/ldapserver.c | 26 ++- dirmngr/ldapserver.h | 8 +- dirmngr/misc.c | 20 +-- dirmngr/ocsp.c | 50 +++--- dirmngr/server.c | 146 ++++++++--------- dirmngr/validate.c | 73 +++++---- dirmngr/w32-ldap-help.h | 6 +- g10/Makefile.am | 12 +- g10/armor.c | 28 ++-- g10/call-agent.c | 118 +++++++------- g10/call-agent.h | 6 +- g10/call-dirmngr.c | 32 ++-- g10/call-dirmngr.h | 2 +- g10/card-util.c | 107 ++++++------- g10/cipher.c | 4 +- g10/comment.c | 2 - g10/compress-bz2.c | 2 +- g10/compress.c | 6 +- g10/cpr.c | 66 ++++---- g10/dearmor.c | 2 - g10/decrypt.c | 14 +- g10/delkey.c | 4 +- g10/exec.c | 16 +- g10/filter.h | 2 +- g10/free-packet.c | 16 +- g10/getkey.c | 22 +-- g10/gpg.c | 194 +++++++++++----------- g10/gpg.h | 84 +++++----- g10/gpgv.c | 63 ++++---- g10/helptext.c | 4 +- g10/kbnode.c | 10 +- g10/keydb.c | 88 +++++----- g10/keydb.h | 8 +- g10/keyedit.c | 52 +++--- g10/keylist.c | 18 +-- g10/keyring.c | 202 +++++++++++------------ g10/main.h | 8 +- g10/mainproc.c | 68 ++++---- g10/mdfilter.c | 1 - g10/openfile.c | 30 ++-- g10/options.h | 10 +- g10/options.skel | 5 +- g10/packet.h | 16 +- g10/parse-packet.c | 27 ++-- g10/photoid.c | 4 +- g10/pkclist.c | 132 +++++++-------- g10/plaintext.c | 12 +- g10/progress.c | 4 +- g10/revoke.c | 18 +-- g10/rmd160.c | 16 +- g10/seckey-cert.c | 9 +- g10/server.c | 43 +++-- g10/sig-check.c | 20 +-- g10/signal.c | 2 +- g10/skclist.c | 6 +- g10/t-rmd160.c | 7 +- g10/tdbdump.c | 14 +- g10/tdbio.c | 7 +- g10/tdbio.h | 4 +- g10/trustdb.c | 176 ++++++++++---------- g10/verify.c | 9 +- g13/ChangeLog | 1 - g13/Makefile.am | 7 +- g13/backend.c | 18 +-- g13/backend.h | 7 +- g13/be-encfs.c | 20 +-- g13/be-encfs.h | 5 +- g13/be-truecrypt.c | 2 - g13/be-truecrypt.h | 1 - g13/call-gpg.c | 32 ++-- g13/create.c | 14 +- g13/g13.c | 89 +++++------ g13/g13.h | 10 +- g13/keyblob.h | 6 +- g13/mount.c | 26 ++- g13/mount.h | 3 +- g13/mountinfo.c | 7 +- g13/mountinfo.h | 1 - g13/runner.c | 40 ++--- g13/runner.h | 9 +- g13/server.c | 42 +++-- g13/server.h | 1 - g13/utils.c | 5 +- g13/utils.h | 7 +- include/ChangeLog | 8 +- include/Makefile.am | 2 +- include/cipher.h | 10 +- include/types.h | 2 +- kbx/ChangeLog | 20 +-- kbx/Makefile.am | 12 +- kbx/kbxutil.c | 64 ++++---- kbx/keybox-blob.c | 86 +++++----- kbx/keybox-defs.h | 10 +- kbx/keybox-dump.c | 50 +++--- kbx/keybox-errors.c | 7 +- kbx/keybox-file.c | 12 +- kbx/keybox-init.c | 16 +- kbx/keybox-openpgp.c | 42 ++--- kbx/keybox-search-desc.h | 8 +- kbx/keybox-search.c | 73 +++++---- kbx/keybox-update.c | 89 +++++------ kbx/keybox-util.c | 3 +- kbx/keybox.h | 8 +- kbx/mkerrors | 6 +- scd/ChangeLog | 108 ++++++------- scd/Makefile.am | 8 +- scd/apdu.c | 50 +++--- scd/apdu.h | 9 +- scd/app-common.h | 11 +- scd/app-dinsig.c | 70 ++++---- scd/app-geldkarte.c | 42 ++--- scd/app-help.c | 4 +- scd/app-nks.c | 128 ++++++++------- scd/app-openpgp.c | 327 +++++++++++++++++++------------------- scd/app-p15.c | 276 ++++++++++++++++---------------- scd/app.c | 55 ++++--- scd/atr.c | 19 ++- scd/card-common.h | 2 +- scd/card-dinsig.c | 26 +-- scd/card-p15.c | 48 +++--- scd/card.c | 27 ++-- scd/ccid-driver.c | 274 ++++++++++++++++---------------- scd/ccid-driver.h | 11 +- scd/command.c | 172 ++++++++++---------- scd/iso7816.c | 35 ++-- scd/iso7816.h | 2 +- scd/pcsc-wrapper.c | 124 +++++++-------- scd/sc-copykeys.c | 40 +++-- scd/scdaemon.c | 122 +++++++------- scd/scdaemon.h | 14 +- scripts/ChangeLog | 1 - scripts/potomo | 10 +- sm/Makefile.am | 13 +- sm/base64.c | 102 ++++++------ sm/call-agent.c | 56 ++++--- sm/call-dirmngr.c | 34 ++-- sm/certchain.c | 164 +++++++++---------- sm/certcheck.c | 21 ++- sm/certdump.c | 47 +++--- sm/certlist.c | 43 +++-- sm/certreqgen-ui.c | 8 +- sm/certreqgen.c | 57 ++++--- sm/decrypt.c | 48 +++--- sm/delete.c | 16 +- sm/encrypt.c | 44 ++--- sm/export.c | 73 +++++---- sm/fingerprint.c | 20 +-- sm/gpgsm.c | 260 +++++++++++++++--------------- sm/gpgsm.h | 14 +- sm/import.c | 54 +++---- sm/keydb.c | 248 ++++++++++++++--------------- sm/keydb.h | 4 - sm/keylist.c | 132 +++++++-------- sm/minip12.c | 176 ++++++++++---------- sm/misc.c | 1 - sm/qualified.c | 16 +- sm/server.c | 101 ++++++------ sm/sign.c | 56 +++---- sm/verify.c | 55 ++++--- tests/ChangeLog | 8 +- tests/Makefile.am | 13 +- tests/asschk.c | 39 +++-- tests/runtest | 1 - tools/Makefile.am | 15 +- tools/addgnupghome | 4 +- tools/applygnupgdefaults | 5 +- tools/ccidmon.c | 36 ++--- tools/clean-sat.c | 1 - tools/mk-tdata.c | 4 +- tools/no-libgcrypt.c | 12 +- tools/rfc822parse.c | 42 ++--- tools/rfc822parse.h | 8 +- tools/sockprox.c | 8 +- tools/symcryptrun.c | 32 ++-- 305 files changed, 5385 insertions(+), 5592 deletions(-) diff --git a/AUTHORS b/AUTHORS index 64aebf86c..de27957d2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -28,7 +28,7 @@ Daiki Ueno Assigns Past and Future Changes. David Shaw Assigns past and future changes. (all in keyserver/, a lot of changes in g10/ see the ChangeLog, - bug fixes here and there) + bug fixes here and there) Dokianakis Theofanis Translations [el] @@ -76,7 +76,7 @@ Marcus Brinkmann Matthew Skala Disclaimer (wrote cipher/twofish.c) -Moritz Schulte +Moritz Schulte (ssh support gpg-agent) Niklas Hernaeus Disclaimer @@ -84,11 +84,11 @@ Niklas Hernaeus Disclaimer Nilgun Belma Buguner Translations [tr] -Nils Ellmenreich +Nils Ellmenreich Assigns past and future changes (configure.in, cipher/rndlinux.c, FAQ) -Paul Eggert +Paul Eggert (configuration macros for LFS) Pavel I. Shajdo Translations [ru] diff --git a/Makefile.am b/Makefile.am index e2ad6d100..23edae4e3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,18 +1,18 @@ # Makefile.am - main makefile for GnuPG # Copyright (C) 2001, 2004, 2010 Free Software Foundation, Inc. -# +# # This file is part of GnuPG. -# +# # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -23,7 +23,7 @@ AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto EXTRA_DIST = scripts/config.rpath scripts/potomo autogen.sh README.GIT -DISTCLEANFILES = g10defs.h +DISTCLEANFILES = g10defs.h if BUILD_GPGSM kbx = kbx @@ -35,11 +35,11 @@ endif if BUILD_GPG gpg = g10 if !HAVE_W32CE_SYSTEM -keyserver = +keyserver = endif else gpg = -keyserver = +keyserver = endif if BUILD_GPGSM sm = sm @@ -106,6 +106,5 @@ install-data-hook: done endif -stowinstall: +stowinstall: $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg - diff --git a/README.GIT b/README.GIT index 27180f211..ee2c6383f 100644 --- a/README.GIT +++ b/README.GIT @@ -16,7 +16,7 @@ tools, or the tools are not installed, you may use environment variables to override the default tool names: AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake - package. For example + package. For example AUTOMAKE_SUFFIX="-1.7" ./autogen.sh uses "automake-1.7" and "aclocal-1.7. AUTOMAKE_PREFIX is used as a prefix for all tools from the automake @@ -47,5 +47,3 @@ if the maintainer decides that newer versions are required. The maintainer should also make sure that the required version of automake et al. are properly indicated at the top of configure.ac and take care to copy the files and not merely use symlinks. - - diff --git a/README.maint b/README.maint index c54510b0f..f390afc97 100644 --- a/README.maint +++ b/README.maint @@ -19,7 +19,7 @@ Release process: ================ * Make sure that all new PO files are checked in. - * Decide whether you want to update the automake standard files + * Decide whether you want to update the automake standard files (Mainly config.guess and config.sub). * [1.4 only] Update gpg.texi and gpgv.texi from the trunk: make -C doc update-source-from-gnupg-2 @@ -38,14 +38,14 @@ Release process: * Build and test the W32 version. * [2.x only] Using the final test build run a "make -C doc online". * Sign the tarball - * Get the previous tarball and run "mkdiff gnupg". + * Get the previous tarball and run "mkdiff gnupg". You might need to set a different signature key than mine. mkdiff has an option for this. * If you are satisfied with the result commit a tag for the release. * Copy the files to the FTP server * Update the webpages - at least the file swdb.wml needs an update. * Add a new headline to NEWS. - * Bump "my_version" up and set "my_issvn" back to "yes" in configure.ac + * Bump "my_version" up and set "my_issvn" back to "yes" in configure.ac * Write an announcement. Update https://savannah.gnu.org/projects/gnupg . @@ -61,7 +61,3 @@ Gotchas from running make) you end up with different comments in the po files. Check out /usr/lib/gettext/project-id for that silliness. As a hack we added this string into configure.ac. - - - - diff --git a/THANKS b/THANKS index b6dfc40f8..b5281f5ea 100644 --- a/THANKS +++ b/THANKS @@ -109,7 +109,7 @@ Ian McKellar imckellar at harvestroad.com.au Ingo Klöcker kloecker at kde.org Ivo Timmermans itimmermans at bigfoot.com Jan Krueger max at physics.otago.ac.nz -Jan Niehusmann jan at gondor.com +Jan Niehusmann jan at gondor.com Jan-0liver Wagner jan @ intevation.de Janusz A. Urbanowicz alex at bofh.torun.pl James Troup james at nocrew.org @@ -141,7 +141,7 @@ Karl Fogel kfogel at guanabana.onshore.com Karsten Thygesen karthy at kom.auc.dk Katsuhiro Kondou kondou at nec.co.jp Kazu Yamamoto kazu at iij.ad.jp -Kazuyoshi Kakihara +Kazuyoshi Kakihara Keith Clayton keith at claytons.org Ken Takusagawa ken.takusagawa.2 at gmail.com Kevin Ryde user42 at zip.com.au @@ -151,11 +151,11 @@ Klaus Singvogel ks at caldera.de Kurt Garloff garloff at suse.de Lars Kellogg-Stedman lars at bu.edu L. Sassaman rabbi at quickie.net -M Taylor mctaylor at privacy.nb.ca +M Taylor mctaylor at privacy.nb.ca Marcel Waldvogel mwa at arl.wustl.edu Marco d'Itri md at linux.it Marco Parrone marc0 at autistici.org -Marcus Brinkmann Marcus.Brinkmann at ruhr-uni-bochum.de +Marcus Brinkmann Marcus.Brinkmann at ruhr-uni-bochum.de Mark Adler madler at alumni.caltech.edu Mark Elbrecht snowball3 at bigfoot.com Mark Pettit pettit at yahoo-inc.com diff --git a/agent/Makefile.am b/agent/Makefile.am index b20fdeafc..f3fb4eaa9 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -6,12 +6,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -53,7 +53,7 @@ gpg_agent_SOURCES = \ common_libs = $(libcommon) ../gl/libgnu.a commonpth_libs = $(libcommonpth) ../gl/libgnu.a if HAVE_W32CE_SYSTEM -pwquery_libs = +pwquery_libs = else pwquery_libs = ../common/libsimple-pwquery.a endif @@ -109,9 +109,5 @@ TESTS = t-protect t_common_ldadd = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(LIBICONV) $(NETLIBS) -t_protect_SOURCES = t-protect.c protect.c +t_protect_SOURCES = t-protect.c protect.c t_protect_LDADD = $(t_common_ldadd) - - - - diff --git a/agent/agent.h b/agent/agent.h index e31b6a78e..1ec736c55 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -118,7 +118,7 @@ struct #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_ASSUAN_VALUE 1024 +#define DBG_ASSUAN_VALUE 1024 #define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) @@ -131,14 +131,14 @@ struct server_local_s; struct scd_local_s; /* Collection of data per session (aka connection). */ -struct server_control_s +struct server_control_s { /* Private data used to fire up the connection thread. We use this structure do avoid an extra allocation for just a few bytes. */ struct { gnupg_fd_t fd; } thread_startup; - + /* Private data of the server (command.c). */ struct server_local_s *server_local; @@ -165,7 +165,7 @@ struct server_control_s }; -struct pin_entry_info_s +struct pin_entry_info_s { int min_digits; /* min. number of digits required or 0 for freeform entry */ int max_digits; /* max. number of allowed digits allowed*/ @@ -180,7 +180,7 @@ struct pin_entry_info_s }; -enum +enum { PRIVATE_KEY_UNKNOWN = 0, PRIVATE_KEY_CLEAR = 1, @@ -191,7 +191,7 @@ enum /* Values for the cache_mode arguments. */ -typedef enum +typedef enum { CACHE_MODE_IGNORE = 0, /* Special mode to bypass the cache. */ CACHE_MODE_ANY, /* Any mode except ignore matches. */ @@ -231,7 +231,7 @@ void start_command_handler_ssh (ctrl_t, gnupg_fd_t); /*-- findkey.c --*/ int agent_write_private_key (const unsigned char *grip, const void *buffer, size_t length, int force); -gpg_error_t agent_key_from_file (ctrl_t ctrl, +gpg_error_t agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, const unsigned char *grip, @@ -240,7 +240,7 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl, lookup_ttl_t lookup_ttl, gcry_sexp_t *result, char **r_passphrase); -gpg_error_t agent_public_key_from_file (ctrl_t ctrl, +gpg_error_t agent_public_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result); int agent_is_dsa_key (gcry_sexp_t s_key); @@ -307,7 +307,7 @@ unsigned long get_standard_s2k_count (void); int agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char **result, size_t *resultlen); int agent_unprotect (const unsigned char *protectedkey, const char *passphrase, - gnupg_isotime_t protected_at, + gnupg_isotime_t protected_at, unsigned char **result, size_t *resultlen); int agent_private_key_type (const unsigned char *privatekey); unsigned char *make_shadow_info (const char *serialno, const char *idstring); @@ -316,7 +316,7 @@ int agent_shadow_key (const unsigned char *pubkey, unsigned char **result); int agent_get_shadow_info (const unsigned char *shadowkey, unsigned char const **shadow_info); -gpg_error_t parse_shadow_info (const unsigned char *shadow_info, +gpg_error_t parse_shadow_info (const unsigned char *shadow_info, char **r_hexsn, char **r_idstr); gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo, int s2kmode, @@ -335,7 +335,7 @@ void agent_reload_trustlist (void); /*-- divert-scd.c --*/ -int divert_pksign (ctrl_t ctrl, +int divert_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen, int algo, const unsigned char *shadow_info, unsigned char **r_sig); int divert_pkdecrypt (ctrl_t ctrl, diff --git a/agent/cache.c b/agent/cache.c index 67c834b18..9c20469d2 100644 --- a/agent/cache.c +++ b/agent/cache.c @@ -126,7 +126,7 @@ init_encryption (void) if (err) log_error ("error initializing cache encryption context: %s\n", gpg_strerror (err)); - + if (!pth_mutex_release (&encryption_lock)) log_fatal ("failed to release cache encryption mutex\n"); @@ -148,7 +148,7 @@ new_data (const char *string, struct secret_data_s **r_data) struct secret_data_s *d, *d_enc; size_t length; int total; - + *r_data = NULL; err = init_encryption (); @@ -222,7 +222,7 @@ housekeeping (void) for (r=thecache; r; r = r->next) { unsigned long maxttl; - + switch (r->cache_mode) { case CACHE_MODE_SSH: maxttl = opt.max_cache_ttl_ssh; break; @@ -334,7 +334,7 @@ agent_put_cache (const char *key, cache_mode_t cache_mode, } if (data) { - r->created = r->accessed = gnupg_get_time (); + r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; r->cache_mode = cache_mode; err = new_data (data, &r->pw); @@ -350,7 +350,7 @@ agent_put_cache (const char *key, cache_mode_t cache_mode, else { strcpy (r->key, key); - r->created = r->accessed = gnupg_get_time (); + r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; r->cache_mode = cache_mode; err = new_data (data, &r->pw); @@ -428,4 +428,3 @@ agent_get_cache (const char *key, cache_mode_t cache_mode) return NULL; } - diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 89450cd98..c570e3819 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -147,7 +147,7 @@ agent_reset_query (ctrl_t ctrl) disconnect that pinentry - we do this after the unlock so that a stalled pinentry does not block other threads. Fixme: We should have a timeout in Assuan for the disconnect operation. */ -static int +static int unlock_pinentry (int rc) { assuan_context_t ctx = entry_ctx; @@ -175,7 +175,7 @@ atfork_cb (void *opaque, int where) { int iterator = 0; const char *name, *assname, *value; - + gcry_control (GCRYCTL_TERM_SECMEM); while ((name = session_env_list_stdenvnames (&iterator, &assname))) @@ -184,7 +184,7 @@ atfork_cb (void *opaque, int where) ones which do have an assuan name but are conveyed using environment variables, update the environment of the forked process. */ - if (!assname + if (!assname || !strcmp (name, "XAUTHORITY") || !strcmp (name, "PINENTRY_USER_DATA")) { @@ -250,12 +250,12 @@ start_pinentry (ctrl_t ctrl) entry_owner = ctrl; if (entry_ctx) - return 0; + return 0; if (opt.verbose) log_info ("starting a new PIN Entry\n"); -#ifdef HAVE_W32_SYSTEM +#ifdef HAVE_W32_SYSTEM fflush (stdout); fflush (stderr); #endif @@ -300,7 +300,7 @@ start_pinentry (ctrl_t ctrl) } else argv[1] = NULL; - + i=0; if (!opt.running_detached) { @@ -342,7 +342,7 @@ start_pinentry (ctrl_t ctrl) if (DBG_ASSUAN) log_debug ("connection to PIN entry established\n"); - rc = assuan_transact (entry_ctx, + rc = assuan_transact (entry_ctx, opt.no_grab? "OPTION no-grab":"OPTION grab", NULL, NULL, NULL, NULL, NULL, NULL); if (rc) @@ -426,7 +426,7 @@ start_pinentry (ctrl_t ctrl) } } - + /* Tell the pinentry the name of a file it shall touch after having messed with the tty. This is optional and only supported by newer pinentries and thus we do no error checking. */ @@ -438,7 +438,7 @@ start_pinentry (ctrl_t ctrl) if (tmpstr) { char *optstr; - + if (asprintf (&optstr, "OPTION touch-file=%s", tmpstr ) < 0 ) ; else @@ -454,7 +454,7 @@ start_pinentry (ctrl_t ctrl) it will send the pid back and we will use an inquire to notify our client. The client may answer the inquiry either with END or with CAN to cancel the pinentry. */ - rc = assuan_transact (entry_ctx, "GETINFO pid", + rc = assuan_transact (entry_ctx, "GETINFO pid", getinfo_pid_cb, &pinentry_pid, NULL, NULL, NULL, NULL); if (rc) @@ -542,7 +542,7 @@ all_digitsp( const char *s) for (; *s && *s >= '0' && *s <= '9'; s++) ; return !*s; -} +} /* Return a new malloced string by unescaping the string S. Escaping @@ -561,7 +561,7 @@ unescape_passphrase_string (const unsigned char *s) while (*s && !spacep (s)) { if (*s == '%' && s[1] && s[2]) - { + { s++; *d = xtoi_2 (s); if (!*d) @@ -577,7 +577,7 @@ unescape_passphrase_string (const unsigned char *s) else *d++ = *s++; } - *d = 0; + *d = 0; return buffer; } @@ -619,7 +619,7 @@ inq_quality (void *opaque, const char *line) line += 7; while (*line == ' ') line++; - + pin = unescape_passphrase_string (line); if (!pin) rc = gpg_error_from_syserror (); @@ -651,7 +651,7 @@ setup_qualitybar (void) char line[ASSUAN_LINELENGTH]; char *tmpstr, *tmpstr2; const char *tooltip; - + /* TRANSLATORS: This string is displayed by Pinentry as the label for the quality bar. */ tmpstr = try_percent_escape (_("Quality:"), "\t\r\n\f\v"); @@ -664,7 +664,7 @@ setup_qualitybar (void) ; /* Ignore Unknown Command from old Pinentry versions. */ else if (rc) return rc; - + tmpstr2 = gnupg_get_help_string ("pinentry.qualitybar.tooltip", 0); if (tmpstr2) tooltip = tmpstr2; @@ -715,7 +715,7 @@ close_button_status_cb (void *opaque, const char *line) if ( !strcmp (line, "close") ) *flag = 1; } - + return 0; } @@ -738,7 +738,7 @@ agent_askpin (ctrl_t ctrl, int is_pin = 0; int saveflag; int close_button; - + if (opt.batch) return 0; /* fixme: we should return BAD PIN */ @@ -784,7 +784,7 @@ agent_askpin (ctrl_t ctrl, } if (initial_errtext) - { + { snprintf (line, DIM(line)-1, "SETERROR %s", initial_errtext); line[DIM(line)-1] = 0; rc = assuan_transact (entry_ctx, line, @@ -801,7 +801,7 @@ agent_askpin (ctrl_t ctrl, parm.buffer = (unsigned char*)pininfo->pin; if (errtext) - { + { /* TRANLATORS: The string is appended to an error message in the pinentry. The %s is the actual error message, the two %d give the current and maximum number of tries. */ @@ -814,7 +814,7 @@ agent_askpin (ctrl_t ctrl, return unlock_pinentry (rc); errtext = NULL; } - + saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); close_button = 0; @@ -879,7 +879,7 @@ agent_askpin (ctrl_t ctrl, /* Ask for the passphrase using the supplied arguments. The returned passphrase needs to be freed by the caller. */ -int +int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, const char *errtext, int with_qualitybar) @@ -893,7 +893,7 @@ agent_get_passphrase (ctrl_t ctrl, *retpass = NULL; if (opt.batch) - return gpg_error (GPG_ERR_BAD_PASSPHRASE); + return gpg_error (GPG_ERR_BAD_PASSPHRASE); rc = start_pinentry (ctrl); if (rc) @@ -973,9 +973,9 @@ agent_get_passphrase (ctrl_t ctrl, displayed to allow the user to easily return a GPG_ERR_CANCELED. if the Pinentry does not support this, the user can still cancel by closing the Pinentry window. */ -int +int agent_get_confirmation (ctrl_t ctrl, - const char *desc, const char *ok, + const char *desc, const char *ok, const char *notok, int with_cancel) { int rc; @@ -1049,7 +1049,7 @@ agent_get_confirmation (ctrl_t ctrl, text OK_BTN (which may be NULL to use the default of "OK") and waut for the user to hit this button. The return value is not relevant. */ -int +int agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) { int rc; @@ -1083,7 +1083,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) if (rc) return unlock_pinentry (rc); } - + rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) @@ -1103,7 +1103,7 @@ popup_message_thread (void *arg) allow the use of old Pinentries. Those old Pinentries will then show an additional Cancel button but that is mostly a visual annoyance. */ - assuan_transact (entry_ctx, "CONFIRM --one-button", + assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL, NULL, NULL, NULL); popup_finished = 1; return NULL; @@ -1116,7 +1116,7 @@ popup_message_thread (void *arg) as the message is not anymore required because the message is system modal and all other attempts to use the pinentry will fail (after a timeout). */ -int +int agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn) { int rc; @@ -1177,7 +1177,7 @@ agent_popup_message_stop (ctrl_t ctrl) if (!popup_tid || !entry_ctx) { log_debug ("agent_popup_message_stop called with no active popup\n"); - return; + return; } pid = assuan_get_pid (entry_ctx); @@ -1192,7 +1192,7 @@ agent_popup_message_stop (ctrl_t ctrl) && pid != 0) { HANDLE process = (HANDLE) pid; - + /* Arbitrary error code. */ TerminateProcess (process, 1); } @@ -1221,5 +1221,3 @@ agent_popup_message_stop (ctrl_t ctrl) /* Now we can close the connection. */ unlock_pinentry (0); } - - diff --git a/agent/call-scd.c b/agent/call-scd.c index 34d5254bd..40770abae 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -85,7 +85,7 @@ struct learn_parm_s void *sinfo_cb_arg; }; -struct inq_needpin_s +struct inq_needpin_s { assuan_context_t ctx; int (*getpin_cb)(void *, const char *, char*, size_t); @@ -169,7 +169,7 @@ agent_scd_dump_state (void) dump_mutex_state (&start_scd_lock); log_printf ("\n"); log_info ("agent_scd_dump_state: primary_scd_ctx=%p pid=%ld reusable=%d\n", - primary_scd_ctx, + primary_scd_ctx, (long)assuan_get_pid (primary_scd_ctx), primary_scd_ctx_reusable); if (socket_name) @@ -184,7 +184,7 @@ agent_scd_dump_state (void) called and error checked before any SCD operation. CTRL is the usual connection context and RC the error code to be passed trhough the function. */ -static int +static int unlock_scd (ctrl_t ctrl, int rc) { if (ctrl->scd_local->locked != 1) @@ -313,7 +313,7 @@ start_scd (ctrl_t ctrl) /* Nope, it has not been started. Fire it up now. */ if (opt.verbose) log_info ("no running SCdaemon - starting it\n"); - + if (fflush (NULL)) { #ifndef HAVE_W32_SYSTEM @@ -402,9 +402,9 @@ start_scd (ctrl_t ctrl) if (opt.sigusr2_enabled) { char buf[100]; - + #ifdef HAVE_W32_SYSTEM - snprintf (buf, sizeof buf, "OPTION event-signal=%lx", + snprintf (buf, sizeof buf, "OPTION event-signal=%lx", (unsigned long)get_agent_scd_notify_event ()); #else snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2); @@ -422,7 +422,7 @@ start_scd (ctrl_t ctrl) unlock_scd (ctrl, err); if (ctx) assuan_release (ctx); - } + } else { ctrl->scd_local->ctx = ctx; @@ -511,7 +511,7 @@ agent_scd_check_aliveness (void) sl->ctx = NULL; } } - + primary_scd_ctx = NULL; primary_scd_ctx_reusable = 0; @@ -560,7 +560,7 @@ agent_reset_scd (ctrl_t ctrl) assuan_release (ctrl->scd_local->ctx); ctrl->scd_local->ctx = NULL; } - + /* Remove the local context from our list and release it. */ if (!scd_local_list) BUG (); @@ -569,7 +569,7 @@ agent_reset_scd (ctrl_t ctrl) else { struct scd_local_s *sl; - + for (sl=scd_local_list; sl->next_local; sl = sl->next_local) if (sl->next_local == ctrl->scd_local) break; @@ -609,7 +609,7 @@ learn_status_cb (void *opaque, const char *line) { parm->sinfo_cb (parm->sinfo_cb_arg, keyword, keywordlen, line); } - + return 0; } @@ -676,7 +676,7 @@ get_serialno_cb (void *opaque, const char *line) memcpy (*serialno, line, n); (*serialno)[n] = 0; } - + return 0; } @@ -716,7 +716,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length) put_membuf (data, buffer, length); return 0; } - + /* Handle the NEEDPIN inquiry. */ static gpg_error_t inq_needpin (void *opaque, const char *line) @@ -731,7 +731,7 @@ inq_needpin (void *opaque, const char *line) line += 7; while (*line == ' ') line++; - + pinlen = 90; pin = gcry_malloc_secure (pinlen); if (!pin) @@ -748,7 +748,7 @@ inq_needpin (void *opaque, const char *line) line += 17; while (*line == ' ') line++; - + rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1); } else if (!strncmp (line, "DISMISSKEYPADPROMPT", 19) @@ -774,7 +774,7 @@ inq_needpin (void *opaque, const char *line) assuan_end_confidential (parm->passthru); if (!rc) { - if ((rest = (needrest + if ((rest = (needrest && !assuan_get_flag (parm->ctx, ASSUAN_CONFIDENTIAL)))) assuan_begin_confidential (parm->ctx); rc = assuan_send_data (parm->ctx, value, valuelen); @@ -783,7 +783,7 @@ inq_needpin (void *opaque, const char *line) xfree (value); } else - log_error ("error forwarding inquiry `%s': %s\n", + log_error ("error forwarding inquiry `%s': %s\n", line, gpg_strerror (rc)); } else @@ -837,7 +837,7 @@ agent_card_pksign (ctrl_t ctrl, inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = 0; - snprintf (line, DIM(line)-1, + snprintf (line, DIM(line)-1, ctrl->use_auth_call? "PKAUTH %s":"PKSIGN %s", keyid); line[DIM(line)-1] = 0; rc = assuan_transact (ctrl->scd_local->ctx, line, @@ -1042,7 +1042,7 @@ card_getattr_cb (void *opaque, const char *line) if (!parm->data) parm->error = errno; } - + return 0; } @@ -1070,7 +1070,7 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result) /* We assume that NAME does not need escaping. */ if (8 + strlen (name) > DIM(line)-1) return gpg_error (GPG_ERR_TOO_LARGE); - stpcpy (stpcpy (line, "GETATTR "), name); + stpcpy (stpcpy (line, "GETATTR "), name); err = start_scd (ctrl); if (err) @@ -1081,10 +1081,10 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result) card_getattr_cb, &parm); if (!err && parm.error) err = gpg_error_from_errno (parm.error); - + if (!err && !parm.data) err = gpg_error (GPG_ERR_NO_DATA); - + if (!err) *result = parm.data; else @@ -1161,5 +1161,3 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, return unlock_scd (ctrl, 0); } - - diff --git a/agent/command-ssh.c b/agent/command-ssh.c index ec1c73e6a..8603a539b 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -68,7 +68,7 @@ static const char sshcontrolblurb[] = "# in the SSH protocol. The ssh-add tool may add new entries to this\n" "# file to enable them; you may also add them manually. Comment\n" "# lines, like this one, as well as empty lines are ignored. Lines do\n" -"# have a certain length limit but this is not serious limitation as\n" +"# have a certain length limit but this is not serious limitation as\n" "# the format of the entries is fixed and checked by gpg-agent. A\n" "# non-comment line starts with optional white spaces, followed by the\n" "# keygrip of the key given as 40 hex digits, optionally followed by a\n" @@ -192,7 +192,7 @@ static gpg_error_t ssh_signature_encoder_dsa (estream_t signature_blob, /* Global variables. */ - + /* Associating request types with the corresponding request handlers. */ @@ -234,7 +234,7 @@ static ssh_key_type_spec_t ssh_key_types[] = /* - General utility functions. + General utility functions. */ /* A secure realloc, i.e. it makes sure to allocate secure memory if A @@ -245,7 +245,7 @@ static void * realloc_secure (void *a, size_t n) { void *p; - + if (a) p = gcry_realloc (a, n); else @@ -275,8 +275,8 @@ make_cstring (const char *data, size_t data_n) -/* - Primitive I/O functions. +/* + Primitive I/O functions. */ @@ -466,7 +466,7 @@ stream_read_cstring (estream_t stream, char **string) err = stream_read_string (stream, 0, &buffer, NULL); if (err) goto out; - + *string = (char *) buffer; out: @@ -503,7 +503,7 @@ stream_write_cstring (estream_t stream, const char *string) (const unsigned char *) string, strlen (string)); return err; -} +} /* Read an MPI from STREAM, store it in MPINT. Depending on SECURE use secure memory. */ @@ -614,7 +614,7 @@ file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n) buffer_new = NULL; err = 0; - + stream = es_fopen (filename, "r"); if (! stream) { @@ -678,7 +678,7 @@ open_control_file (FILE **r_fp, int append) fp = fopen (fname, append? "a+":"r"); if (!fp && errno == ENOENT) { - estream_t stream = es_fopen (fname, "wx,mode=-rw-r"); + estream_t stream = es_fopen (fname, "wx,mode=-rw-r"); if (!stream) { err = gpg_error_from_syserror (); @@ -698,8 +698,8 @@ open_control_file (FILE **r_fp, int append) xfree (fname); return err; } - - *r_fp = fp; + + *r_fp = fp; return 0; } @@ -710,7 +710,7 @@ open_control_file (FILE **r_fp, int append) DISABLED if the found key has been disabled. If R_TTL is not NULL a specified TTL for that key is stored there. */ static gpg_error_t -search_control_file (FILE *fp, const char *hexgrip, +search_control_file (FILE *fp, const char *hexgrip, int *r_disabled, int *r_ttl) { int c, i; @@ -731,7 +731,7 @@ search_control_file (FILE *fp, const char *hexgrip, return gpg_error (GPG_ERR_EOF); return gpg_error (gpg_err_code_from_errno (errno)); } - + if (!*line || line[strlen(line)-1] != '\n') { /* Eat until end of line */ @@ -740,13 +740,13 @@ search_control_file (FILE *fp, const char *hexgrip, return gpg_error (*line? GPG_ERR_LINE_TOO_LONG : GPG_ERR_INCOMPLETE_LINE); } - + /* Allow for empty lines and spaces */ for (p=line; spacep (p); p++) ; } while (!*p || *p == '\n' || *p == '#'); - + *r_disabled = 0; if (*p == '!') { @@ -774,7 +774,7 @@ search_control_file (FILE *fp, const char *hexgrip, if (r_ttl) *r_ttl = ttl; - /* Here is the place to parse flags if we need them. */ + /* Here is the place to parse flags if we need them. */ return 0; /* Okay: found it. */ } @@ -812,7 +812,7 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, int ttl) 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec, hexgrip, ttl); - + } fclose (fp); return 0; @@ -836,7 +836,7 @@ ttl_from_sshcontrol (const char *hexgrip) || disabled) ttl = 0; /* Use the global default if not found or disabled. */ - fclose (fp); + fclose (fp); return ttl; } @@ -847,7 +847,7 @@ ttl_from_sshcontrol (const char *hexgrip) /* - MPI lists. + MPI lists. */ @@ -884,7 +884,7 @@ ssh_receive_mpint_list (estream_t stream, int secret, mpis = NULL; err = 0; - + if (secret) elems = key_spec.elems_key_secret; else @@ -1006,7 +1006,7 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis) err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ break; } - + memset (buffer + (i * SSH_DSA_SIGNATURE_PADDING), 0, SSH_DSA_SIGNATURE_PADDING - data_n); memcpy (buffer + (i * SSH_DSA_SIGNATURE_PADDING) @@ -1027,8 +1027,8 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis) return err; } -/* - S-Expressions. +/* + S-Expressions. */ @@ -1250,7 +1250,7 @@ sexp_key_extract (gcry_sexp_t sexp, gcry_sexp_release (value_list); gcry_sexp_release (value_pair); gcry_sexp_release (comment_list); - + if (err) { xfree (comment_new); @@ -1260,7 +1260,7 @@ sexp_key_extract (gcry_sexp_t sexp, return err; } -/* Extract the car from SEXP, and create a newly created C-string +/* Extract the car from SEXP, and create a newly created C-string which is to be stored in IDENTIFIER. */ static gpg_error_t sexp_extract_identifier (gcry_sexp_t sexp, char **identifier) @@ -1273,7 +1273,7 @@ sexp_extract_identifier (gcry_sexp_t sexp, char **identifier) identifier_new = NULL; err = 0; - + sublist = gcry_sexp_nth (sexp, 1); if (! sublist) { @@ -1327,7 +1327,7 @@ ssh_key_type_lookup (const char *ssh_name, const char *name, if ((ssh_name && (! strcmp (ssh_name, ssh_key_types[i].ssh_identifier))) || (name && (! strcmp (name, ssh_key_types[i].identifier)))) break; - + if (i == DIM (ssh_key_types)) err = gpg_error (GPG_ERR_NOT_FOUND); else @@ -1360,7 +1360,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, key_type = NULL; comment = ""; key = NULL; - + err = stream_read_cstring (stream, &key_type); if (err) goto out; @@ -1399,7 +1399,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, if (key_spec) *key_spec = spec; *key_new = key; - + out: mpint_list_free (mpi_list); @@ -1452,7 +1452,7 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size, err = gpg_error_from_syserror (); goto out; } - + err = es_fseek (stream, 0, SEEK_SET); if (err) goto out; @@ -1480,7 +1480,7 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size, return err; } - + /* Write the public key KEY_PUBLIC to STREAM in SSH key format. If OVERRIDE_COMMENT is not NULL, it will be used instead of the @@ -1518,14 +1518,14 @@ ssh_send_key_public (estream_t stream, gcry_sexp_t key_public, spec.ssh_identifier, mpi_list); if (err) goto out; - + err = stream_write_string (stream, blob, blob_n); if (err) goto out; err = stream_write_cstring (stream, override_comment? override_comment : comment); - + out: mpint_list_free (mpi_list); @@ -1548,7 +1548,7 @@ ssh_read_key_public_from_blob (unsigned char *blob, size_t blob_size, gpg_error_t err; err = 0; - + blob_stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+"); if (! blob_stream) { @@ -1712,7 +1712,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn) /* (Shadow)-key is not available in our key storage. */ unsigned char *shadow_info; unsigned char *tmp; - + shadow_info = make_shadow_info (serialno, authkeyid); if (!shadow_info) { @@ -1847,7 +1847,7 @@ ssh_handler_request_identities (ctrl_t ctrl, goto out; } key_directory_n = strlen (key_directory); - + key_path = xtrymalloc (key_directory_n + 46); if (! key_path) { @@ -1879,7 +1879,7 @@ ssh_handler_request_identities (ctrl_t ctrl, xfree (cardsn); if (err) goto out; - + key_counter++; } @@ -1919,7 +1919,7 @@ ssh_handler_request_identities (ctrl_t ctrl, err = file_to_buffer (key_path, &buffer, &buffer_n); if (err) goto out; - + err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n); if (err) goto out; @@ -1944,7 +1944,7 @@ ssh_handler_request_identities (ctrl_t ctrl, gcry_sexp_release (key_secret); key_secret = NULL; - + err = ssh_send_key_public (key_blobs, key_public, NULL); if (err) goto out; @@ -1955,7 +1955,7 @@ ssh_handler_request_identities (ctrl_t ctrl, key_counter++; } } - + ret = es_fseek (key_blobs, 0, SEEK_SET); if (ret) { @@ -2149,15 +2149,15 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder, { err = gpg_error_from_syserror (); goto out; - } + } err = stream_read_data (stream, sig_blob, sig_blob_n); if (err) goto out; - + *sig = sig_blob; *sig_n = sig_blob_n; - + out: if (err) @@ -2199,7 +2199,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) key = NULL; /* Receive key. */ - + err = stream_read_string (request, 0, &key_blob, &key_blob_size); if (err) goto out; @@ -2244,7 +2244,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) memcpy (ctrl->keygrip, key_grip, 20); err = data_sign (ctrl, spec.signature_encoder, &sig, &sig_n); - + out: /* Done. */ @@ -2264,7 +2264,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) if (ret_err) goto leave; } - + leave: gcry_sexp_release (key); @@ -2293,7 +2293,7 @@ ssh_key_extract_comment (gcry_sexp_t key, char **comment) err = gpg_error (GPG_ERR_INV_SEXP); goto out; } - + data = gcry_sexp_nth_data (comment_list, 1, &data_n); if (! data) { @@ -2337,7 +2337,7 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase, err = gpg_error_from_syserror (); goto out; } - + gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n); /* FIXME: guarantee? */ @@ -2393,7 +2393,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) if ( !agent_key_available (key_grip_raw) ) goto out; /* Yes, key is available. */ - + err = ssh_key_extract_comment (key, &comment); if (err) goto out; @@ -2469,7 +2469,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) xfree (pi); xfree (buffer); xfree (comment); - xfree (description); + xfree (description); return err; } @@ -2508,7 +2508,7 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response) unsigned char b; int confirm; int ttl; - + confirm = 0; key = NULL; ttl = 0; @@ -2586,7 +2586,7 @@ ssh_handler_remove_identity (ctrl_t ctrl, key_blob = NULL; key = NULL; - + err = stream_read_string (request, 0, &key_blob, &key_blob_size); if (err) goto out; @@ -2594,7 +2594,7 @@ ssh_handler_remove_identity (ctrl_t ctrl, err = ssh_read_key_public_from_blob (key_blob, key_blob_size, &key, NULL); if (err) goto out; - + err = ssh_identity_drop (key); out: @@ -2620,7 +2620,7 @@ ssh_identities_remove_all (void) /* FIXME: shall we remove _all_ cache entries or only those registered through the ssh emulation? */ - + return err; } @@ -2634,7 +2634,7 @@ ssh_handler_remove_all_identities (ctrl_t ctrl, (void)ctrl; (void)request; - + err = ssh_identities_remove_all (); if (! err) @@ -2679,7 +2679,7 @@ ssh_handler_lock (ctrl_t ctrl, estream_t request, estream_t response) (void)ctrl; (void)request; - + err = ssh_lock (); if (! err) @@ -2696,7 +2696,7 @@ ssh_handler_unlock (ctrl_t ctrl, estream_t request, estream_t response) { gpg_error_t ret_err; gpg_error_t err; - + (void)ctrl; (void)request; @@ -2761,7 +2761,7 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) /* Create memory streams for request/response data. The entire request will be stored in secure memory, since it might contain secret key material. The response does not have to be stored in - secure memory, since we never give out secret keys. + secure memory, since we never give out secret keys. Note: we only have little secure memory, but there is NO possibility of DoS here; only trusted clients are allowed to @@ -2912,7 +2912,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) the current TTY setting, we resort here to use those from startup or those explictly set. */ { - static const char *names[] = + static const char *names[] = {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; int idx; const char *value; @@ -2921,7 +2921,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) if (!session_env_getenv (ctrl->session_env, names[idx]) && (value = session_env_getenv (opt.startup_env, names[idx]))) err = session_env_setenv (ctrl->session_env, names[idx], value); - + if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) err = gpg_error_from_syserror (); @@ -2932,7 +2932,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) if (err) { - log_error ("error setting default session environment: %s\n", + log_error ("error setting default session environment: %s\n", gpg_strerror (err)); goto out; } diff --git a/agent/command.c b/agent/command.c index 8ae313e7a..330c85182 100644 --- a/agent/command.c +++ b/agent/command.c @@ -83,7 +83,7 @@ struct putval_item_s struct putval_item_s *next; size_t off; /* Offset to the value into DATA. */ size_t len; /* Length of the value. */ - char d[1]; /* Key | Nul | value. */ + char d[1]; /* Key | Nul | value. */ }; @@ -97,14 +97,14 @@ static struct putval_item_s *putval_list; integers and there should be no problem if they are overflowing as callers need to check only whether a counter changed. The actual values are not meaningful. */ -struct +struct { /* Incremented if any of the other counters below changed. */ unsigned int any; /* Incremented if a key is added or removed from the internal privat key database. */ - unsigned int key; + unsigned int key; /* Incremented if a change of the card readers stati has been detected. */ @@ -195,7 +195,7 @@ reset_notify (assuan_context_t ctx, char *line) } -/* Skip over options. +/* Skip over options. Blanks after the options are also removed. */ static char * skip_options (const char *line) @@ -331,7 +331,7 @@ agent_write_status (ctrl_t ctrl, const char *keyword, ...) va_start (arg_ptr, keyword); - p = buf; + p = buf; n = 0; while ( (text = va_arg (arg_ptr, const char *)) ) { @@ -372,7 +372,7 @@ agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid) { char line[100]; - if (!ctrl || !ctrl->server_local + if (!ctrl || !ctrl->server_local || !ctrl->server_local->allow_pinentry_notify) return 0; snprintf (line, DIM(line)-1, "PINENTRY_LAUNCHED %lu", pid); @@ -417,7 +417,7 @@ leave_cmd (assuan_context_t ctx, gpg_error_t err) -static const char hlp_geteventcounter[] = +static const char hlp_geteventcounter[] = "GETEVENTCOUNTER\n" "\n" "Return a a status line named EVENTCOUNTER with the current values\n" @@ -475,7 +475,7 @@ bump_card_eventcounter (void) -static const char hlp_istrusted[] = +static const char hlp_istrusted[] = "ISTRUSTED \n" "\n" "Return OK when we have an entry with this fingerprint in our\n" @@ -512,7 +512,7 @@ cmd_istrusted (assuan_context_t ctx, char *line) } -static const char hlp_listtrusted[] = +static const char hlp_listtrusted[] = "LISTTRUSTED\n" "\n" "List all entries from the trustlist."; @@ -520,7 +520,7 @@ static gpg_error_t cmd_listtrusted (assuan_context_t ctx, char *line) { int rc; - + (void)line; rc = agent_listtrusted (ctx); @@ -528,7 +528,7 @@ cmd_listtrusted (assuan_context_t ctx, char *line) } -static const char hlp_martrusted[] = +static const char hlp_martrusted[] = "MARKTRUSTED \n" "\n" "Store a new key in into the trustlist."; @@ -555,7 +555,7 @@ cmd_marktrusted (assuan_context_t ctx, char *line) for (p=line; i < 40; p++, i++) fpr[i] = *p >= 'a'? (*p & 0xdf): *p; fpr[i] = 0; - + while (spacep (p)) p++; flag = *p++; @@ -582,12 +582,12 @@ cmd_havekey (assuan_context_t ctx, char *line) gpg_error_t err; unsigned char buf[20]; - do + do { err = parse_keygrip (ctx, line, buf); if (err) return err; - + if (!agent_key_available (buf)) return 0; /* Found. */ @@ -597,7 +597,7 @@ cmd_havekey (assuan_context_t ctx, char *line) line++; } while (*line); - + /* No leave_cmd() here because errors are expected and would clutter the log. */ return gpg_error (GPG_ERR_NO_SECKEY); @@ -623,7 +623,7 @@ cmd_sigkey (assuan_context_t ctx, char *line) } -static const char hlp_setkeydesc[] = +static const char hlp_setkeydesc[] = "SETKEYDESC plus_percent_escaped_string\n" "\n" "Set a description to be used for the next PKSIGN, PKDECRYPT, IMPORT_KEY\n" @@ -710,7 +710,7 @@ cmd_sethash (assuan_context_t ctx, char *line) algo = 0; line = skip_options (line); - + if (!algo) { /* No hash option has been given: require an algo number instead */ @@ -731,7 +731,7 @@ cmd_sethash (assuan_context_t ctx, char *line) n /= 2; if (algo == MD_USER_TLS_MD5SHA1 && n == 36) ; - else if (n != 16 && n != 20 && n != 24 + else if (n != 16 && n != 20 && n != 24 && n != 28 && n != 32 && n != 48 && n != 64) return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash"); @@ -748,7 +748,7 @@ cmd_sethash (assuan_context_t ctx, char *line) } -static const char hlp_pksign[] = +static const char hlp_pksign[] = "PKSIGN [] []\n" "\n" "Perform the actual sign operation. Neither input nor output are\n" @@ -762,9 +762,9 @@ cmd_pksign (assuan_context_t ctx, char *line) membuf_t outbuf; char *cache_nonce = NULL; char *p; - + line = skip_options (line); - + p = line; for (p=line; *p && *p != ' ' && *p != '\t'; p++) ; @@ -793,7 +793,7 @@ cmd_pksign (assuan_context_t ctx, char *line) } -static const char hlp_pkdecrypt[] = +static const char hlp_pkdecrypt[] = "PKDECRYPT []\n" "\n" "Perform the actual decrypt operation. Input is not\n" @@ -830,7 +830,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) } -static const char hlp_genkey[] = +static const char hlp_genkey[] = "GENKEY [--no-protection] []\n" "\n" "Generate a new key, store the secret part and return the public\n" @@ -855,7 +855,7 @@ cmd_genkey (assuan_context_t ctx, char *line) membuf_t outbuf; char *cache_nonce = NULL; char *p; - + no_protection = has_option (line, "--no-protection"); line = skip_options (line); @@ -887,7 +887,7 @@ cmd_genkey (assuan_context_t ctx, char *line) -static const char hlp_readkey[] = +static const char hlp_readkey[] = "READKEY \n" "\n" "Return the public key for the given keygrip."; @@ -929,7 +929,7 @@ cmd_readkey (assuan_context_t ctx, char *line) -static const char hlp_keyinfo[] = +static const char hlp_keyinfo[] = "KEYINFO [--list] \n" "\n" "Return information about the key specified by the KEYGRIP. If the\n" @@ -972,22 +972,22 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip) /* Reformat the grip so that we use uppercase as good style. */ bin2hex (grip, 20, hexgrip); - - if (keytype == PRIVATE_KEY_CLEAR + + if (keytype == PRIVATE_KEY_CLEAR || keytype == PRIVATE_KEY_PROTECTED) keytypestr = "D"; else if (keytype == PRIVATE_KEY_SHADOWED) keytypestr = "T"; - else + else keytypestr = "-"; - + if (shadow_info) { err = parse_shadow_info (shadow_info, &serialno, &idstr); if (err) goto leave; } - + err = agent_write_status (ctrl, "KEYINFO", hexgrip, keytypestr, @@ -1019,7 +1019,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line) char *dirname; struct dirent *dir_entry; char hexgrip[41]; - + dirname = make_filename_try (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL); if (!dirname) { @@ -1059,7 +1059,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line) goto leave; err = do_one_keyinfo (ctrl, grip); } - + leave: if (dir) closedir (dir); @@ -1096,7 +1096,7 @@ send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw) } -static const char hlp_get_passphrase[] = +static const char hlp_get_passphrase[] = "GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]\n" " [--qualitybar] \n" " [ ]\n" @@ -1215,8 +1215,8 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) plus_to_blank (desc); next_try: - rc = agent_get_passphrase (ctrl, &response, desc, prompt, - repeat_errtext? repeat_errtext:errtext, + rc = agent_get_passphrase (ctrl, &response, desc, prompt, + repeat_errtext? repeat_errtext:errtext, opt_qualbar); xfree (repeat_errtext); repeat_errtext = NULL; @@ -1241,7 +1241,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) { xfree (response2); xfree (response); - repeat_errtext = try_percent_escape + repeat_errtext = try_percent_escape (_("does not match - try again"), NULL); if (!repeat_errtext) { @@ -1266,7 +1266,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) } -static const char hlp_clear_passphrase[] = +static const char hlp_clear_passphrase[] = "CLEAR_PASSPHRASE \n" "\n" "may be used to invalidate the cache entry for a passphrase. The\n" @@ -1292,7 +1292,7 @@ cmd_clear_passphrase (assuan_context_t ctx, char *line) } -static const char hlp_get_confirmation[] = +static const char hlp_get_confirmation[] = "GET_CONFIRMATION \n" "\n" "This command may be used to ask for a simple confirmation.\n" @@ -1355,7 +1355,7 @@ cmd_learn (assuan_context_t ctx, char *line) -static const char hlp_passwd[] = +static const char hlp_passwd[] = "PASSWD [--cache-nonce=] [--passwd-nonce=] \n" "\n" "Change the passphrase/PIN for the key identified by keygrip in LINE."; @@ -1413,7 +1413,7 @@ cmd_passwd (assuan_context_t ctx, char *line) ctrl->in_passwd++; err = agent_key_from_file (ctrl, cache_nonce, ctrl->server_local->keydesc, - grip, &shadow_info, CACHE_MODE_IGNORE, NULL, + grip, &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey, &passphrase); if (err) ; @@ -1441,7 +1441,7 @@ cmd_passwd (assuan_context_t ctx, char *line) gcry_create_nonce (buf, 12); cache_nonce = bin2hex (buf, 12, NULL); } - if (cache_nonce + if (cache_nonce && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 120 /*seconds*/)) { @@ -1461,7 +1461,7 @@ cmd_passwd (assuan_context_t ctx, char *line) gcry_create_nonce (buf, 12); passwd_nonce = bin2hex (buf, 12, NULL); } - if (passwd_nonce + if (passwd_nonce && !agent_put_cache (passwd_nonce, CACHE_MODE_NONCE, newpass, 120 /*seconds*/)) { @@ -1488,7 +1488,7 @@ cmd_passwd (assuan_context_t ctx, char *line) } -static const char hlp_preset_passphrase[] = +static const char hlp_preset_passphrase[] = "PRESET_PASSPHRASE \n" "\n" "Set the cached passphrase/PIN for the key identified by the keygrip\n" @@ -1517,7 +1517,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line) line++; while (*line && (*line == ' ' || *line == '\t')) line++; - + /* Currently, only infinite timeouts are allowed. */ ttl = -1; if (line[0] != '-' || line[1] != '1') @@ -1554,7 +1554,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line) -static const char hlp_scd[] = +static const char hlp_scd[] = "SCD \n" " \n" "This is a general quote command to redirect everything to the\n" @@ -1601,7 +1601,7 @@ cmd_keywrap_key (assuan_context_t ctx, char *line) xfree (ctrl->server_local->import_key); if (clearopt) ctrl->server_local->import_key = NULL; - else if (!(ctrl->server_local->import_key = + else if (!(ctrl->server_local->import_key = gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM))) err = gpg_error_from_syserror (); else @@ -1613,7 +1613,7 @@ cmd_keywrap_key (assuan_context_t ctx, char *line) xfree (ctrl->server_local->export_key); if (clearopt) ctrl->server_local->export_key = NULL; - else if (!(ctrl->server_local->export_key = + else if (!(ctrl->server_local->export_key = gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM))) err = gpg_error_from_syserror (); else @@ -1623,7 +1623,7 @@ cmd_keywrap_key (assuan_context_t ctx, char *line) else err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for MODE"); assuan_end_confidential (ctx); - + return leave_cmd (ctx, err); } @@ -1654,7 +1654,7 @@ cmd_import_key (assuan_context_t ctx, char *line) gcry_sexp_t openpgp_sexp = NULL; char *cache_nonce = NULL; char *p; - + if (!ctrl->server_local->import_key) { err = gpg_error (GPG_ERR_MISSING_KEY); @@ -1706,7 +1706,7 @@ cmd_import_key (assuan_context_t ctx, char *line) realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err); if (!realkeylen) goto leave; /* Invalid canonical encoded S-expression. */ - + err = keygrip_from_canon_sexp (key, realkeylen, grip); if (err) { @@ -1717,7 +1717,7 @@ cmd_import_key (assuan_context_t ctx, char *line) { const char *tag; size_t taglen; - + tag = gcry_sexp_nth_data (openpgp_sexp, 0, &taglen); if (tag && taglen == 19 && !memcmp (tag, "openpgp-private-key", 19)) ; @@ -1739,7 +1739,7 @@ cmd_import_key (assuan_context_t ctx, char *line) ask for a passphrase. That passphrase will be returned and used to protect the key using the same code as for regular key import. */ - + err = convert_from_openpgp (ctrl, openpgp_sexp, grip, ctrl->server_local->keydesc, cache_nonce, &key, &passphrase); @@ -1756,7 +1756,7 @@ cmd_import_key (assuan_context_t ctx, char *line) gcry_create_nonce (buf, 12); cache_nonce = bin2hex (buf, 12, NULL); } - if (cache_nonce + if (cache_nonce && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 120 /*seconds*/)) assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); @@ -1767,7 +1767,7 @@ cmd_import_key (assuan_context_t ctx, char *line) if (!agent_key_available (grip)) err = gpg_error (GPG_ERR_EEXIST); else - err = agent_ask_new_passphrase + err = agent_ask_new_passphrase (ctrl, _("Please enter the passphrase to protect the " "imported object within the GnuPG system."), &passphrase); @@ -1821,7 +1821,7 @@ cmd_export_key (assuan_context_t ctx, char *line) int openpgp; char *cache_nonce; char *passphrase = NULL; - + openpgp = has_option (line, "--openpgp"); cache_nonce = option_value (line, "--cache-nonce"); if (cache_nonce) @@ -1870,7 +1870,7 @@ cmd_export_key (assuan_context_t ctx, char *line) err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); goto leave; } - + if (openpgp) { /* The openpgp option changes the key format into the OpenPGP @@ -1878,7 +1878,7 @@ cmd_export_key (assuan_context_t ctx, char *line) canonical S-expression. */ if (!passphrase) { - err = agent_ask_new_passphrase + err = agent_ask_new_passphrase (ctrl, _("This key (or subkey) is not protected with a passphrase." " Please enter a new passphrase to export it."), &passphrase); @@ -1925,7 +1925,7 @@ cmd_export_key (assuan_context_t ctx, char *line) assuan_begin_confidential (ctx); err = assuan_send_data (ctx, wrappedkey, wrappedkeylen); assuan_end_confidential (ctx); - + leave: xfree (cache_nonce); @@ -1943,7 +1943,7 @@ cmd_export_key (assuan_context_t ctx, char *line) -static const char hlp_getval[] = +static const char hlp_getval[] = "GETVAL \n" "\n" "Return the value for KEY from the special environment as created by\n" @@ -1962,7 +1962,7 @@ cmd_getval (assuan_context_t ctx, char *line) p = strchr (key, ' '); if (p) { - *p++ = 0; + *p++ = 0; for (; *p == ' '; p++) ; if (*p) @@ -1985,7 +1985,7 @@ cmd_getval (assuan_context_t ctx, char *line) } -static const char hlp_putval[] = +static const char hlp_putval[] = "PUTVAL []\n" "\n" "The gpg-agent maintains a kind of environment which may be used to\n" @@ -2019,7 +2019,7 @@ cmd_putval (assuan_context_t ctx, char *line) p = strchr (key, ' '); if (p) { - *p++ = 0; + *p++ = 0; for (; *p == ' '; p++) ; if (*p) @@ -2048,7 +2048,7 @@ cmd_putval (assuan_context_t ctx, char *line) xfree (vl); } - if (valuelen) /* Add entry. */ + if (valuelen) /* Add entry. */ { vl = xtrymalloc (sizeof *vl + strlen (key) + valuelen); if (!vl) @@ -2070,7 +2070,7 @@ cmd_putval (assuan_context_t ctx, char *line) -static const char hlp_updatestartuptty[] = +static const char hlp_updatestartuptty[] = "UPDATESTARTUPTTY\n" "\n" "Set startup TTY and X11 DISPLAY variables to the values of this\n" @@ -2080,7 +2080,7 @@ static const char hlp_updatestartuptty[] = static gpg_error_t cmd_updatestartuptty (assuan_context_t ctx, char *line) { - static const char *names[] = + static const char *names[] = { "GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL }; ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; @@ -2088,7 +2088,7 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line) int idx; char *lc_ctype = NULL; char *lc_messages = NULL; - + (void)line; se = session_env_new (); @@ -2102,14 +2102,14 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line) err = session_env_setenv (se, names[idx], value); } - if (!err && ctrl->lc_ctype) + if (!err && ctrl->lc_ctype) if (!(lc_ctype = xtrystrdup (ctrl->lc_ctype))) err = gpg_error_from_syserror (); if (!err && ctrl->lc_messages) if (!(lc_messages = xtrystrdup (ctrl->lc_messages))) err = gpg_error_from_syserror (); - + if (err) { session_env_release (se); @@ -2142,7 +2142,7 @@ cmd_killagent (assuan_context_t ctx, char *line) ctrl_t ctrl = assuan_get_pointer (ctx); (void)line; - + if (!opt.use_standard_socket) return set_error (GPG_ERR_NOT_SUPPORTED, "no --use-standard-socket"); @@ -2168,7 +2168,7 @@ cmd_reloadagent (assuan_context_t ctx, char *line) -static const char hlp_getinfo[] = +static const char hlp_getinfo[] = "GETINFO \n" "\n" "Multipurpose function to return a variety of information.\n" @@ -2237,15 +2237,15 @@ cmd_getinfo (assuan_context_t ctx, char *line) int iterator; const char *name, *value; char *string; - - iterator = 0; + + iterator = 0; while ((name = session_env_list_stdenvnames (&iterator, NULL))) { value = session_env_getenv_or_default (line[5] == 't'? opt.startup_env:ctrl->session_env, name, NULL); if (value) { - string = xtryasprintf ("%s=%s", name, value); + string = xtryasprintf ("%s=%s", name, value); if (!string) rc = gpg_error_from_syserror (); else @@ -2308,7 +2308,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) { /* The value is a version string telling us of which agent version the caller is aware of. */ - ctrl->server_local->allow_fully_canceled = + ctrl->server_local->allow_fully_canceled = gnupg_compare_version (value, "2.1.0"); } else if (!strcmp (key, "putenv")) @@ -2378,7 +2378,7 @@ static void post_cmd_notify (assuan_context_t ctx, gpg_error_t err) { ctrl_t ctrl = assuan_get_pointer (ctx); - + (void)err; /* Switch off any I/O monitor controlled logging pausing. */ @@ -2395,7 +2395,7 @@ io_monitor (assuan_context_t ctx, void *hook, int direction, const char *line, size_t linelen) { ctrl_t ctrl = assuan_get_pointer (ctx); - + (void) hook; /* Note that we only check for the uppercase name. This allows to @@ -2422,7 +2422,7 @@ command_has_option (const char *cmd, const char *cmdopt) if (!strcmp (cmdopt, "repeat")) return 1; } - + return 0; } @@ -2456,8 +2456,8 @@ register_commands (assuan_context_t ctx) { "MARKTRUSTED", cmd_marktrusted, hlp_martrusted }, { "LEARN", cmd_learn, hlp_learn }, { "PASSWD", cmd_passwd, hlp_passwd }, - { "INPUT", NULL }, - { "OUTPUT", NULL }, + { "INPUT", NULL }, + { "OUTPUT", NULL }, { "SCD", cmd_scd, hlp_scd }, { "KEYWRAP_KEY", cmd_keywrap_key, hlp_keywrap_key }, { "IMPORT_KEY", cmd_import_key, hlp_import_key }, @@ -2478,7 +2478,7 @@ register_commands (assuan_context_t ctx) table[i].help); if (rc) return rc; - } + } assuan_register_post_cmd_notify (ctx, post_cmd_notify); assuan_register_reset_notify (ctx, reset_notify); assuan_register_option_handler (ctx, option_handler); @@ -2517,7 +2517,7 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) /* FIXME: Need to call assuan_sock_set_nonce for Windows. But this branch is currently not used. */ } - else + else { rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED); } @@ -2556,7 +2556,7 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) log_info ("Assuan accept problem: %s\n", gpg_strerror (rc)); break; } - + rc = assuan_process (ctx); if (rc) { @@ -2584,4 +2584,3 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) xfree (ctrl->server_local); ctrl->server_local = NULL; } - diff --git a/agent/cvt-openpgp.h b/agent/cvt-openpgp.h index db06a3f6a..3c48d0319 100644 --- a/agent/cvt-openpgp.h +++ b/agent/cvt-openpgp.h @@ -19,12 +19,12 @@ #ifndef GNUPG_AGENT_CVT_OPENPGP_H #define GNUPG_AGENT_CVT_OPENPGP_H -gpg_error_t convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, +gpg_error_t convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, unsigned char *grip, const char *prompt, const char *cache_nonce, unsigned char **r_key, char **r_passphrase); -gpg_error_t convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, +gpg_error_t convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, unsigned char **r_transferkey, size_t *r_transferkeylen); diff --git a/agent/divert-scd.c b/agent/divert-scd.c index bf07d0785..f4787b537 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -1,4 +1,4 @@ -/* divert-scd.c - divert operations to the scdaemon +/* divert-scd.c - divert operations to the scdaemon * Copyright (C) 2002, 2003, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -140,7 +140,7 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo, memcpy (frame+asnlen, digest, digestlen); if (DBG_CRYPTO) log_printhex ("encoded hash:", frame, asnlen+digestlen); - + *r_val = frame; *r_len = asnlen+digestlen; return 0; @@ -170,11 +170,11 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo, Example: "|AN|Please enter the new security officer's PIN" - + The text "Please ..." will get displayed and the flags 'A' and 'N' are considered. */ -static int +static int getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) { struct pin_entry_info_s *pi; @@ -291,7 +291,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) prompt, NULL, pi2); if (!rc && strcmp (pi->pin, pi2->pin)) { - again_text = (resetcode? + again_text = (resetcode? N_("Reset Code not correctly repeated; try again"): is_puk? N_("PUK not correctly repeated; try again"): @@ -307,7 +307,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) { char *desc; if ( asprintf (&desc, - _("Please enter the PIN%s%s%s to unlock the card"), + _("Please enter the PIN%s%s%s to unlock the card"), info? " (`":"", info? info:"", info? "')":"") < 0) @@ -329,7 +329,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) int -divert_pksign (ctrl_t ctrl, +divert_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen, int algo, const unsigned char *shadow_info, unsigned char **r_sig) { @@ -376,7 +376,7 @@ divert_pksign (ctrl_t ctrl, /* Decrypt the the value given asn an S-expression in CIPHER using the key identified by SHADOW_INFO and return the plaintext in an allocated buffer in R_BUF. */ -int +int divert_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher, const unsigned char *shadow_info, @@ -397,28 +397,28 @@ divert_pkdecrypt (ctrl_t ctrl, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "enc-val")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "rsa")) - return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "a")) return gpg_error (GPG_ERR_UNKNOWN_SEXP); n = snext (&s); if (!n) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); ciphertext = s; ciphertextlen = n; @@ -439,13 +439,8 @@ divert_pkdecrypt (ctrl_t ctrl, } -int +int divert_generic_cmd (ctrl_t ctrl, const char *cmdline, void *assuan_context) { return agent_card_scd (ctrl, cmdline, getpin_cb, ctrl, assuan_context); } - - - - - diff --git a/agent/findkey.c b/agent/findkey.c index 108146693..7e1cefcb8 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -39,7 +39,7 @@ #endif /* Helper to pass data to the check callback of the unprotect function. */ -struct try_unprotect_arg_s +struct try_unprotect_arg_s { ctrl_t ctrl; const unsigned char *protected_key; @@ -59,7 +59,7 @@ agent_write_private_key (const unsigned char *grip, char *fname; estream_t fp; char hexgrip[40+4+1]; - + bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); @@ -73,8 +73,8 @@ agent_write_private_key (const unsigned char *grip, } fp = es_fopen (fname, force? "wb,mode=-rw" : "wbx,mode=-rw"); - if (!fp) - { + if (!fp) + { gpg_error_t tmperr = gpg_error_from_syserror (); log_error ("can't create `%s': %s\n", fname, gpg_strerror (tmperr)); xfree (fname); @@ -143,7 +143,7 @@ try_unprotect_cb (struct pin_entry_info_s *pi) if (strcmp (now, tmptime) > 0 ) { /* Passphrase "expired". */ - desc = xtryasprintf + desc = xtryasprintf (_("This passphrase has not been changed%%0A" "since %.4s-%.2s-%.2s. Please change it now."), protected_at, protected_at+4, protected_at+6); @@ -254,7 +254,7 @@ modify_description (const char *in, const char *comment, char **result) out_len++; } } - + if (!pass) { *result = out = xtrymalloc (out_len + 1); @@ -268,7 +268,7 @@ modify_description (const char *in, const char *comment, char **result) return 0; } - + /* Unprotect the canconical encoded S-expression key in KEYBUF. GRIP should be the hex encoded keygrip of that key to be used with the @@ -281,7 +281,7 @@ modify_description (const char *in, const char *comment, char **result) passphrase. */ static int unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, - unsigned char **keybuf, const unsigned char *grip, + unsigned char **keybuf, const unsigned char *grip, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, char **r_passphrase) { @@ -294,14 +294,14 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, if (r_passphrase) *r_passphrase = NULL; - + bin2hex (grip, 20, hexgrip); /* Initially try to get it using a cache nonce. */ if (cache_nonce) { char *pw; - + pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); if (pw) { @@ -325,7 +325,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, if (cache_mode != CACHE_MODE_IGNORE) { char *pw; - + retry: pw = agent_get_cache (hexgrip, cache_mode); if (pw) @@ -362,7 +362,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, { /* We need to give the other thread a chance to actually put it into the cache. */ - pth_sleep (1); + pth_sleep (1); goto retry; } /* Timeout - better call pinentry now the plain way. */ @@ -391,7 +391,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, { size_t canlen, erroff; gcry_sexp_t s_skey; - + assert (arg.unprotected_key); canlen = gcry_sexp_canon_len (arg.unprotected_key, 0, NULL, NULL); rc = gcry_sexp_sscan (&s_skey, &erroff, @@ -409,7 +409,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, gcry_sexp_release (s_skey); if (rc) { - log_error ("changing the passphrase failed: %s\n", + log_error ("changing the passphrase failed: %s\n", gpg_strerror (rc)); wipememory (arg.unprotected_key, canlen); xfree (arg.unprotected_key); @@ -419,7 +419,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, } else { - agent_put_cache (hexgrip, cache_mode, pi->pin, + agent_put_cache (hexgrip, cache_mode, pi->pin, lookup_ttl? lookup_ttl (hexgrip) : 0); if (r_passphrase && *pi->pin) *r_passphrase = xtrystrdup (pi->pin); @@ -446,7 +446,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) size_t buflen, erroff; gcry_sexp_t s_skey; char hexgrip[40+4+1]; - + *result = NULL; bin2hex (grip, 20, hexgrip); @@ -462,7 +462,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) xfree (fname); return rc; } - + if (fstat (es_fileno (fp), &st)) { rc = gpg_error_from_syserror (); @@ -489,7 +489,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) if (es_fread (buf, buflen, 1, fp) != 1) { rc = gpg_error_from_syserror (); - log_error ("error reading %zu bytes from `%s': %s\n", + log_error ("error reading %zu bytes from `%s': %s\n", buflen, fname, strerror (errno)); xfree (fname); es_fclose (fp); @@ -540,7 +540,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, size_t len, buflen, erroff; gcry_sexp_t s_skey; int got_shadow_info = 0; - + *result = NULL; if (shadow_info) *shadow_info = NULL; @@ -612,7 +612,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, log_error ("failed to unprotect the secret key: %s\n", gpg_strerror (rc)); } - + gcry_sexp_release (comment_sexp); xfree (desc_text_final); } @@ -753,7 +753,7 @@ key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list, if (strlen (algoname) >= algonamesize) return gpg_error (GPG_ERR_BUFFER_TOO_SHORT); strcpy (r_algoname, algoname); - } + } if (r_elems) { if (strlen (elems) >= elemssize) @@ -765,14 +765,14 @@ key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list, *r_list = list; else gcry_sexp_release (list); - + return 0; } /* Return the public key algorithm number if S_KEY is a DSA style key. If it is not a DSA style key, return 0. */ -int +int agent_is_dsa_key (gcry_sexp_t s_key) { char algoname[6]; @@ -798,7 +798,7 @@ agent_is_dsa_key (gcry_sexp_t s_key) key database. On failure an error code is returned and NULL stored at RESULT. */ gpg_error_t -agent_public_key_from_file (ctrl_t ctrl, +agent_public_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result) { @@ -826,7 +826,7 @@ agent_public_key_from_file (ctrl_t ctrl, if (err) return err; - err = key_parms_from_sexp (s_skey, &list, + err = key_parms_from_sexp (s_skey, &list, algoname, sizeof algoname, elems, sizeof elems); if (err) @@ -846,7 +846,7 @@ agent_public_key_from_file (ctrl_t ctrl, return err; } - for (idx=0, s=elems; *s; s++, idx++ ) + for (idx=0, s=elems; *s; s++, idx++ ) { l2 = gcry_sexp_find_token (list, s, 1); if (!l2) @@ -913,7 +913,7 @@ agent_public_key_from_file (ctrl_t ctrl, argidx = 0; p = stpcpy (stpcpy (format, "(public-key("), algoname); - for (idx=0, s=elems; *s; s++, idx++ ) + for (idx=0, s=elems; *s; s++, idx++ ) { *p++ = '('; *p++ = *s; @@ -940,7 +940,7 @@ agent_public_key_from_file (ctrl_t ctrl, *p = 0; assert (argidx < DIM (args)); args[argidx] = NULL; - + err = gcry_sexp_build_array (&list, NULL, format, args); xfree (format); for (i=0; array[i]; i++) @@ -964,7 +964,7 @@ agent_key_available (const unsigned char *grip) int result; char *fname; char hexgrip[40+4+1]; - + bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); @@ -990,7 +990,7 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, int keytype; (void)ctrl; - + if (r_keytype) *r_keytype = PRIVATE_KEY_UNKNOWN; if (r_shadow_info) @@ -998,7 +998,7 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, { gcry_sexp_t sexp; - + err = read_key_file (grip, &sexp); if (err) { @@ -1012,12 +1012,12 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, if (err) return err; } - + keytype = agent_private_key_type (buf); switch (keytype) { case PRIVATE_KEY_CLEAR: - break; + break; case PRIVATE_KEY_PROTECTED: /* If we ever require it we could retrieve the comment fields from such a key. */ diff --git a/agent/genkey.c b/agent/genkey.c index 2842448f2..f70526ddd 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -37,7 +37,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force) unsigned char *buf; size_t len; unsigned char grip[20]; - + if ( !gcry_pk_get_keygrip (private, grip) ) { log_error ("can't calculate keygrip\n"); @@ -146,7 +146,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw) } -static int +static int take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn) { gpg_error_t err; @@ -164,7 +164,7 @@ take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn) } -static int +static int take_this_one_anyway (ctrl_t ctrl, const char *desc) { return take_this_one_anyway2 (ctrl, desc, _("Take this one anyway")); @@ -185,18 +185,18 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent) if (!pw) pw = ""; - if (utf8_charcount (pw) < minlen ) + if (utf8_charcount (pw) < minlen ) { char *desc; - + if (silent) return gpg_error (GPG_ERR_INV_PASSPHRASE); - desc = xtryasprintf + desc = xtryasprintf ( ngettext ("Warning: You have entered an insecure passphrase.%%0A" - "A passphrase should be at least %u character long.", + "A passphrase should be at least %u character long.", "Warning: You have entered an insecure passphrase.%%0A" - "A passphrase should be at least %u characters long.", + "A passphrase should be at least %u characters long.", minlen), minlen ); if (!desc) return gpg_error_from_syserror (); @@ -206,17 +206,17 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent) return err; } - if (nonalpha_count (pw) < minnonalpha ) + if (nonalpha_count (pw) < minnonalpha ) { char *desc; if (silent) return gpg_error (GPG_ERR_INV_PASSPHRASE); - desc = xtryasprintf + desc = xtryasprintf ( ngettext ("Warning: You have entered an insecure passphrase.%%0A" "A passphrase should contain at least %u digit or%%0A" - "special character.", + "special character.", "Warning: You have entered an insecure passphrase.%%0A" "A passphrase should contain at least %u digits or%%0A" "special characters.", @@ -259,7 +259,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent) "this is in general a bad idea!%0A" "Please confirm that you do not want to " "have any protection on your key.")); - + if (silent) return gpg_error (GPG_ERR_INV_PASSPHRASE); @@ -300,7 +300,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, const char *text2 = _("Please re-enter this passphrase"); const char *initial_errtext = NULL; struct pin_entry_info_s *pi, *pi2; - + *r_passphrase = NULL; pi = gcry_calloc_secure (2, sizeof (*pi) + 100); @@ -336,7 +336,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, } } } - + if (!err && *pi->pin) { /* User wants a passphrase. */ @@ -357,7 +357,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, int agent_genkey (ctrl_t ctrl, const char *cache_nonce, const char *keyparam, size_t keyparamlen, int no_protection, - membuf_t *outbuf) + membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; char *passphrase; @@ -375,13 +375,13 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, /* Get the passphrase now, cause key generation may take a while. */ if (no_protection || !cache_nonce) passphrase = NULL; - else + else passphrase = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); if (passphrase || no_protection) rc = 0; else - rc = agent_ask_new_passphrase (ctrl, + rc = agent_ask_new_passphrase (ctrl, _("Please enter the passphrase to%0A" "to protect your new key"), &passphrase); @@ -416,7 +416,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, return gpg_error (GPG_ERR_INV_DATA); } gcry_sexp_release (s_key); s_key = NULL; - + /* store the secret key */ if (DBG_CRYPTO) log_debug ("storing private key\n"); @@ -474,7 +474,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, passphrase at that address. */ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, - char **passphrase_addr) + char **passphrase_addr) { gpg_error_t err; @@ -492,7 +492,7 @@ agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, xfree (*passphrase_addr); *passphrase_addr = NULL; } - err = agent_ask_new_passphrase (ctrl, + err = agent_ask_new_passphrase (ctrl, _("Please enter the new passphrase"), &pass); if (!err) @@ -502,6 +502,6 @@ agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, else xfree (pass); } - + return err; } diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index db9039278..e5af91ed9 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -53,7 +53,7 @@ #include "asshelp.h" #include "../include/cipher.h" /* for PUBKEY_ALGO_ECDSA, PUBKEY_ALGO_ECDH */ -enum cmd_and_opt_values +enum cmd_and_opt_values { aNull = 0, oCsh = 'c', oQuiet = 'q', @@ -118,8 +118,8 @@ static ARGPARSE_OPTS opts[] = { { aGPGConfList, "gpgconf-list", 256, "@" }, { aGPGConfTest, "gpgconf-test", 256, "@" }, - { aUseStandardSocketP, "use-standard-socket-p", 256, "@" }, - + { aUseStandardSocketP, "use-standard-socket-p", 256, "@" }, + { 301, NULL, 0, N_("@Options:\n ") }, { oServer, "server", 0, N_("run in server mode (foreground)") }, @@ -148,7 +148,7 @@ static ARGPARSE_OPTS opts[] = { { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */ { oBatch, "batch", 0, "@" }, - { oHomedir, "homedir", 2, "@"}, + { oHomedir, "homedir", 2, "@"}, { oDisplay, "display", 2, "@" }, { oTTYname, "ttyname", 2, "@" }, @@ -190,8 +190,8 @@ static ARGPARSE_OPTS opts[] = { #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */ #define MAX_CACHE_TTL (120*60) /* 2 hours */ #define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */ -#define MIN_PASSPHRASE_LEN (8) -#define MIN_PASSPHRASE_NONALPHA (1) +#define MIN_PASSPHRASE_LEN (8) +#define MIN_PASSPHRASE_NONALPHA (1) #define MAX_PASSPHRASE_DAYS (0) /* The timer tick used for housekeeping stuff. For Windows we use a @@ -204,7 +204,7 @@ static ARGPARSE_OPTS opts[] = { # define CHECK_OWN_SOCKET_INTERVAL (0) /* Never */ #elif defined(HAVE_W32_SYSTEM) # define TIMERTICK_INTERVAL (4) -# define CHECK_OWN_SOCKET_INTERVAL (60) +# define CHECK_OWN_SOCKET_INTERVAL (60) #else # define TIMERTICK_INTERVAL (2) # define CHECK_OWN_SOCKET_INTERVAL (60) @@ -267,11 +267,11 @@ static pid_t parent_pid = (pid_t)(-1); /* - Local prototypes. + Local prototypes. */ static char *create_socket_name (char *standard_name, char *template); -static gnupg_fd_t create_server_socket (char *name, int is_ssh, +static gnupg_fd_t create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce); static void create_directories (void); @@ -303,7 +303,7 @@ static unsigned long pth_thread_id (void) /* - Functions. + Functions. */ static char * @@ -311,7 +311,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*)) { const char *s; char *result; - + if (maybe_setuid) { gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ @@ -353,7 +353,7 @@ my_strusage (int level) case 41: p = _("Syntax: gpg-agent [options] [command [args]]\n" "Secret key management for GnuPG\n"); break; - + default: p = NULL; } return p; @@ -390,7 +390,7 @@ set_debug (void) /* Unless the "guru" string has been used we don't want to allow hashing debugging. The rationale is that people tend to select the highest debug value and would then clutter their - disk with debug files which may reveal confidential data. */ + disk with debug files which may reveal confidential data. */ if (numok) opt.debug &= ~(DBG_HASHING_VALUE); } @@ -414,16 +414,16 @@ set_debug (void) if (opt.debug) log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", - (opt.debug & DBG_COMMAND_VALUE)? " command":"", - (opt.debug & DBG_MPI_VALUE )? " mpi":"", - (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", - (opt.debug & DBG_MEMORY_VALUE )? " memory":"", - (opt.debug & DBG_CACHE_VALUE )? " cache":"", - (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", - (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_COMMAND_VALUE)? " command":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } - + /* Helper for cleanup to remove one socket with NAME. */ static void @@ -443,7 +443,7 @@ remove_socket (char *name) } *name = 0; } -} +} static void cleanup (void) @@ -452,7 +452,7 @@ cleanup (void) if (done) return; - done = 1; + done = 1; deinitialize_module_cache (); remove_socket (socket_name); remove_socket (socket_name_ssh); @@ -515,7 +515,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) break; case oNoGrab: opt.no_grab = 1; break; - + case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break; case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break; case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break; @@ -525,19 +525,19 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break; case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break; case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break; - - case oEnforcePassphraseConstraints: + + case oEnforcePassphraseConstraints: opt.enforce_passphrase_constraints=1; break; case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break; - case oMinPassphraseNonalpha: + case oMinPassphraseNonalpha: opt.min_passphrase_nonalpha = pargs->r.ret_ulong; break; case oCheckPassphrasePattern: opt.check_passphrase_pattern = pargs->r.ret_str; break; case oMaxPassphraseDays: - opt.max_passphrase_days = pargs->r.ret_ulong; + opt.max_passphrase_days = pargs->r.ret_ulong; break; case oEnablePassphraseHistory: opt.enable_passhrase_history = 1; @@ -599,7 +599,7 @@ main (int argc, char **argv ) /* Please note that we may running SUID(ROOT), so be very CAREFUL when adding any stuff between here and the call to INIT_SECMEM() somewhere after the option parsing */ - log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID); + log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID); /* Make sure that our subsystems are ready. */ i18n_init (); @@ -644,7 +644,7 @@ main (int argc, char **argv ) #ifdef USE_STANDARD_SOCKET opt.use_standard_socket = 1; #endif - + shell = getenv ("SHELL"); if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) csh_style = 1; @@ -655,7 +655,7 @@ main (int argc, char **argv ) { const char *s; int idx; - static const char *names[] = + static const char *names[] = { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL }; err = 0; @@ -677,10 +677,10 @@ main (int argc, char **argv ) if (err) log_fatal ("error recording startup environment: %s\n", gpg_strerror (err)); - + /* Fixme: Better use the locale function here. */ opt.startup_lc_ctype = getenv ("LC_CTYPE"); - if (opt.startup_lc_ctype) + if (opt.startup_lc_ctype) opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype); opt.startup_lc_messages = getenv ("LC_MESSAGES"); if (opt.startup_lc_messages) @@ -713,13 +713,13 @@ main (int argc, char **argv ) gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0); maybe_setuid = 0; - /* - Now we are now working under our real uid + /* + Now we are now working under our real uid */ if (default_config) configname = make_filename (opt.homedir, "gpg-agent.conf", NULL ); - + argc = orig_argc; argv = orig_argv; pargs.argc = &argc; @@ -750,7 +750,7 @@ main (int argc, char **argv ) configname, strerror(errno) ); exit(2); } - xfree (configname); + xfree (configname); configname = NULL; } if (parse_debug && configname ) @@ -804,7 +804,7 @@ main (int argc, char **argv ) case oFakedSystemTime: { - time_t faked_time = isotime2epoch (pargs.r.ret_str); + time_t faked_time = isotime2epoch (pargs.r.ret_str); if (faked_time == (time_t)(-1)) faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10); gnupg_set_time (faked_time, 0); @@ -838,7 +838,7 @@ main (int argc, char **argv ) configname = NULL; goto next_pass; } - + xfree (configname); configname = NULL; if (log_get_errorcount(0)) @@ -894,7 +894,7 @@ main (int argc, char **argv ) initialize_module_call_pinentry (); initialize_module_call_scd (); initialize_module_trustlist (); - + /* Try to create missing directories. */ create_directories (); @@ -905,7 +905,7 @@ main (int argc, char **argv ) gnupg_sleep (debug_wait); log_debug ("... okay\n"); } - + if (gpgconf_list == 3) { if (opt.use_standard_socket && !opt.quiet) @@ -944,21 +944,21 @@ main (int argc, char **argv ) GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL ); es_printf ("max-cache-ttl-ssh:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH ); - es_printf ("enforce-passphrase-constraints:%lu:\n", + es_printf ("enforce-passphrase-constraints:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("min-passphrase-len:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN ); es_printf ("min-passphrase-nonalpha:%lu:%d:\n", - GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_NONALPHA); es_printf ("check-passphrase-pattern:%lu:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); es_printf ("max-passphrase-days:%lu:%d:\n", - GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_PASSPHRASE_DAYS); - es_printf ("enable-passphrase-history:%lu:\n", + es_printf ("enable-passphrase-history:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("no-grab:%lu:\n", + es_printf ("no-grab:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("ignore-cache-for-signing:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); @@ -988,7 +988,7 @@ main (int argc, char **argv ) if (pipe_server) - { + { /* This is the simple pipe based server */ ctrl_t ctrl; @@ -1033,10 +1033,10 @@ main (int argc, char **argv ) /* Create the sockets. */ - socket_name = create_socket_name + socket_name = create_socket_name ("S.gpg-agent", "gpg-XXXXXX/S.gpg-agent"); if (opt.ssh_support) - socket_name_ssh = create_socket_name + socket_name_ssh = create_socket_name ("S.gpg-agent.ssh", "gpg-XXXXXX/S.gpg-agent.ssh"); fd = create_server_socket (socket_name, 0, &socket_nonce); @@ -1057,12 +1057,12 @@ main (int argc, char **argv ) es_printf ("set GPG_AGENT_INFO=%s;%lu;1\n", socket_name, (ulong)pid); #else /*!HAVE_W32_SYSTEM*/ pid = fork (); - if (pid == (pid_t)-1) + if (pid == (pid_t)-1) { log_fatal ("fork failed: %s\n", strerror (errno) ); exit (1); } - else if (pid) + else if (pid) { /* We are the parent */ char *infostr, *infostr_ssh_sock; @@ -1081,7 +1081,7 @@ main (int argc, char **argv ) signal mask. */ if ( !pth_kill () ) log_error ("pth_kill failed in forked process\n"); - + #ifdef HAVE_SIGPROCMASK if (startup_signal_mask_valid) { @@ -1091,7 +1091,7 @@ main (int argc, char **argv ) } else log_info ("no saved signal mask\n"); -#endif /*HAVE_SIGPROCMASK*/ +#endif /*HAVE_SIGPROCMASK*/ /* Create the info string: :: */ if (asprintf (&infostr, "GPG_AGENT_INFO=%s:%lu:1", @@ -1120,7 +1120,7 @@ main (int argc, char **argv ) if (env_file_name) { estream_t fp; - + fp = es_fopen (env_file_name, "w,mode=-rw"); if (!fp) log_error (_("error creating `%s': %s\n"), @@ -1139,7 +1139,7 @@ main (int argc, char **argv ) } - if (argc) + if (argc) { /* Run the program given on the commandline. */ if (putenv (infostr)) { @@ -1191,28 +1191,28 @@ main (int argc, char **argv ) infostr_ssh_sock); } } - xfree (infostr); + xfree (infostr); if (opt.ssh_support) { xfree (infostr_ssh_sock); } - exit (0); + exit (0); } /*NOTREACHED*/ } /* End parent */ - /* + /* This is the child */ /* Detach from tty and put process into a new session */ if (!nodetach ) - { + { int i; unsigned int oldflags; /* Close stdin, stdout and stderr unless it is the log stream */ - for (i=0; i <= 2; i++) + for (i=0; i <= 2; i++) { if (!log_test_fd (i) && i != fd ) { @@ -1246,7 +1246,7 @@ main (int argc, char **argv ) { struct sigaction sa; - + sa.sa_handler = SIG_IGN; sigemptyset (&sa.sa_mask); sa.sa_flags = 0; @@ -1258,7 +1258,7 @@ main (int argc, char **argv ) handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD); assuan_sock_close (fd); } - + return 0; } @@ -1300,11 +1300,11 @@ agent_init_default_ctrl (ctrl_t ctrl) session_env_setenv (ctrl->session_env, "TERM", default_ttytype); session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority); session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL); - + if (ctrl->lc_ctype) xfree (ctrl->lc_ctype); ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL; - + if (ctrl->lc_messages) xfree (ctrl->lc_messages); ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages) @@ -1327,7 +1327,7 @@ agent_deinit_default_ctrl (ctrl_t ctrl) /* Reread parts of the configuration. Note, that this function is obviously not thread-safe and should only be called from the PTH - signal handler. + signal handler. Fixme: Due to the way the argument parsing works, we create a memory leak here for all string type arguments. There is currently @@ -1417,7 +1417,7 @@ get_agent_scd_notify_event (void) log_error ("can't create scd notify event: %s\n", w32_strerror (-1) ); else if (!DuplicateHandle (GetCurrentProcess(), h, GetCurrentProcess(), &h2, - EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) + EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) { log_error ("setting syncronize for scd notify event failed: %s\n", w32_strerror (-1) ); @@ -1509,7 +1509,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) agent_exit (2); } - serv_addr = xmalloc (sizeof (*serv_addr)); + serv_addr = xmalloc (sizeof (*serv_addr)); memset (serv_addr, 0, sizeof *serv_addr); serv_addr->sun_family = AF_UNIX; if (strlen (name) + 1 >= sizeof (serv_addr->sun_path)) @@ -1523,7 +1523,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) /* Our error code mapping on W32CE returns EEXIST thus we also test for this. */ - if (opt.use_standard_socket && rc == -1 + if (opt.use_standard_socket && rc == -1 && (errno == EADDRINUSE #ifdef HAVE_W32_SYSTEM || errno == EEXIST @@ -1540,7 +1540,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) a hang. */ if (!is_ssh && !check_for_running_agent (1, 1)) { - log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); + log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); log_set_file (NULL); log_error (_("a gpg-agent is already running - " "not starting a new one\n")); @@ -1551,7 +1551,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) gnupg_remove (name); rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); } - if (rc != -1 + if (rc != -1 && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce))) log_error (_("error getting nonce for the socket\n")); if (rc == -1) @@ -1559,9 +1559,9 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) /* We use gpg_strerror here because it allows us to get strings for some W32 socket error codes. */ log_error (_("error binding socket to `%s': %s\n"), - serv_addr->sun_path, + serv_addr->sun_path, gpg_strerror (gpg_error_from_errno (errno))); - + assuan_sock_close (fd); if (opt.use_standard_socket) *name = 0; /* Inhibit removal of the socket by cleanup(). */ @@ -1574,7 +1574,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) assuan_sock_close (fd); agent_exit (2); } - + if (opt.verbose) log_info (_("listening on socket `%s'\n"), serv_addr->sun_path); @@ -1636,7 +1636,7 @@ create_directories (void) if (gnupg_mkdir (home, "-rwx")) log_error (_("can't create directory `%s': %s\n"), home, strerror (errno) ); - else + else { if (!opt.quiet) log_info (_("directory `%s' created\n"), home); @@ -1688,7 +1688,7 @@ handle_tick (void) } } #endif /*HAVE_W32_SYSTEM*/ - + /* Code to be run from time to time. */ #if CHECK_OWN_SOCKET_INTERVAL > 0 if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL)) @@ -1733,7 +1733,7 @@ handle_signal (int signo) case SIGHUP: agent_sighup_action (); break; - + case SIGUSR1: log_info ("SIGUSR1 received - printing internal information:\n"); /* Fixme: We need to see how to integrate pth dumping into our @@ -1742,7 +1742,7 @@ handle_signal (int signo) agent_query_dump_state (); agent_scd_dump_state (); break; - + case SIGUSR2: agent_sigusr2_action (); break; @@ -1762,7 +1762,7 @@ handle_signal (int signo) agent_exit (0); } break; - + case SIGINT: log_info ("SIGINT received - immediate shutdown\n"); log_info( "%s %s stopped\n", strusage(11), strusage(13)); @@ -1778,12 +1778,12 @@ handle_signal (int signo) /* Check the nonce on a new connection. This is a NOP unless we we are using our Unix domain socket emulation under Windows. */ -static int +static int check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce) { if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce)) { - log_info (_("error reading nonce on fd %d: %s\n"), + log_info (_("error reading nonce on fd %d: %s\n"), FD2INT(ctrl->thread_startup.fd), strerror (errno)); assuan_sock_close (ctrl->thread_startup.fd); xfree (ctrl); @@ -1808,14 +1808,14 @@ start_connection_thread (void *arg) agent_init_default_ctrl (ctrl); if (opt.verbose) - log_info (_("handler 0x%lx for fd %d started\n"), + log_info (_("handler 0x%lx for fd %d started\n"), pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd); if (opt.verbose) - log_info (_("handler 0x%lx for fd %d terminated\n"), + log_info (_("handler 0x%lx for fd %d terminated\n"), pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); - + agent_deinit_default_ctrl (ctrl); xfree (ctrl); return NULL; @@ -1840,7 +1840,7 @@ start_connection_thread_ssh (void *arg) if (opt.verbose) log_info (_("ssh handler 0x%lx for fd %d terminated\n"), pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); - + agent_deinit_default_ctrl (ctrl); xfree (ctrl); return NULL; @@ -1886,7 +1886,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) sa.sa_handler = SIG_IGN; sa.sa_flags = 0; sigaction (mysigs[i], &sa, NULL); - + sigaddset (&sigs, mysigs[i]); } } @@ -2035,7 +2035,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) xfree (ctrl); assuan_sock_close (fd); } - else + else { char threadname[50]; @@ -2055,7 +2055,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) fd = GNUPG_INVALID_FD; } - if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD + if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD && FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset)) { ctrl_t ctrl; @@ -2148,7 +2148,7 @@ check_own_socket_thread (void *arg) log_error ("can't connect my own socket: %s\n", gpg_strerror (rc)); goto leave; } - + init_membuf (&mb, 100); rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb, NULL, NULL, NULL, NULL); @@ -2156,7 +2156,7 @@ check_own_socket_thread (void *arg) buffer = get_membuf (&mb, NULL); if (rc || !buffer) { - log_error ("sending command \"%s\" to my own socket failed: %s\n", + log_error ("sending command \"%s\" to my own socket failed: %s\n", "GETINFO pid", gpg_strerror (rc)); rc = 1; } @@ -2167,7 +2167,7 @@ check_own_socket_thread (void *arg) } else if (opt.verbose > 1) log_error ("socket is still served by this server\n"); - + xfree (buffer); leave: diff --git a/agent/keyformat.txt b/agent/keyformat.txt index da93f0c50..3ebba6e50 100644 --- a/agent/keyformat.txt +++ b/agent/keyformat.txt @@ -58,7 +58,7 @@ keys is in canonical representation[3]: (u #304559a..[some bytes not shown]..9b#) ) (uri http://foo.bar x-foo:whatever_you_want) -) +) Protected Private Key Format @@ -74,7 +74,7 @@ A protected key is like this: ) (uri http://foo.bar x-foo:whatever_you_want) (comment whatever) -) +) In this scheme the encrypted_octet_string is encrypted according to @@ -107,13 +107,13 @@ representation) after decryption: (d #046129F..[some bytes not shown]..81#) (p #00e861b..[some bytes not shown]..f1#) (q #00f7a7c..[some bytes not shown]..61#) - (u #304559a..[some bytes not shown]..9b#) - ) + (u #304559a..[some bytes not shown]..9b#) + ) (hash sha1 #...[hashvalue]...#) ) For padding reasons, random bytes are appended to this list - they can -easily be stripped by looking for the end of the list. +easily be stripped by looking for the end of the list. The hash is calculated on the concatenation of the public key and secret key parameter lists: i.e it is required to hash the @@ -150,7 +150,7 @@ to keys stored on a token: ) (uri http://foo.bar x-foo:whatever_you_want) (comment whatever) -) +) The currently used protocol is "ti-v1" (token info version 1). The second list with the information has this layout: @@ -174,7 +174,7 @@ This format is used to transfer keys between gpg and gpg-agent. * V is the packet version number (3 or 4). -* PUBKEYALGO is a Libgcrypt algo name +* PUBKEYALGO is a Libgcrypt algo name * P1 .. PN are the parameters; the public parameters are never encrypted the secrect key parameters are encrypted if the "protection" list is given. To make this more explicit each parameter is preceded by a @@ -215,7 +215,7 @@ for the passphrase storage the name "pw-default.dat" is suggested. (protected mode (parms) encrypted_octet_string) (protected-at ) ) -) +) After decryption the encrypted_octet_string yields this S-expression: @@ -224,7 +224,7 @@ After decryption the encrypted_octet_string yields this S-expression: (value key_1 value_1) (value key_2 value_2) (value key_n value_n) - ) + ) (hash sha1 #...[hashvalue]...#) ) @@ -260,7 +260,7 @@ Example: (protected mode (parms) encrypted_octet_string) (protected-at "20100915T111722") ) -) +) with "encrypted_octet_string" decoding to: @@ -269,7 +269,7 @@ with "encrypted_octet_string" decoding to: (value 4:1002 "signal flags at the lock") (value 4:1001 "taocp") (value 1:0 "premature optimization is the root of all evil") - ) + ) (hash sha1 #0102030405060708091011121314151617181920#) ) diff --git a/agent/learncard.c b/agent/learncard.c index 77f2bb09d..05476f617 100644 --- a/agent/learncard.c +++ b/agent/learncard.c @@ -32,7 +32,7 @@ /* Structures used by the callback mechanism to convey information pertaining to key pairs. */ -struct keypair_info_s +struct keypair_info_s { struct keypair_info_s *next; int no_cert; @@ -44,7 +44,7 @@ struct keypair_info_s }; typedef struct keypair_info_s *KEYPAIR_INFO; -struct kpinfo_cb_parm_s +struct kpinfo_cb_parm_s { ctrl_t ctrl; int error; @@ -56,13 +56,13 @@ struct kpinfo_cb_parm_s pertaining to certificates. */ struct certinfo_s { struct certinfo_s *next; - int type; + int type; int done; char id[1]; }; typedef struct certinfo_s *CERTINFO; -struct certinfo_cb_parm_s +struct certinfo_cb_parm_s { ctrl_t ctrl; int error; @@ -75,9 +75,9 @@ struct certinfo_cb_parm_s struct sinfo_s { struct sinfo_s *next; char *data; /* Points into keyword. */ - char keyword[1]; + char keyword[1]; }; -typedef struct sinfo_s *SINFO; +typedef struct sinfo_s *SINFO; struct sinfo_cb_parm_s { int error; @@ -172,7 +172,7 @@ kpinfo_cb (void *opaque, const char *line) return; } *p = 0; /* ignore trailing stuff */ - + /* store it */ item->next = parm->info; parm->info = item; @@ -202,7 +202,7 @@ certinfo_cb (void *opaque, const char *line) for (pend = p; *pend && !spacep (pend); pend++) ; if (p == pend || !*p) - { + { parm->error = gpg_error (GPG_ERR_INV_RESPONSE); return; } @@ -258,7 +258,7 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context) int rc; char *derbuf; size_t derbuflen; - + rc = agent_card_readcert (ctrl, id, &derbuf, &derbuflen); if (rc) { @@ -312,7 +312,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) unsigned char grip[20]; char *p; int i; - static int certtype_list[] = { + static int certtype_list[] = { 111, /* Root CA */ 101, /* trusted */ 102, /* useful */ @@ -344,7 +344,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) log_debug ("agent_card_learn failed: %s\n", gpg_strerror (rc)); goto leave; } - + log_info ("card has S/N: %s\n", serialno); /* Pass on all the collected status information. */ @@ -368,7 +368,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) if (opt.verbose) log_info (" id: %s (type=%d)\n", citem->id, citem->type); - + if (assuan_context) { rc = send_cert_back (ctrl, citem->id, assuan_context); @@ -378,7 +378,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) } } } - + for (item = parm.info; item; item = item->next) { unsigned char *pubkey, *shdkey; @@ -398,10 +398,10 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) for (p=item->hexgrip, i=0; i < 20; p += 2, i++) grip[i] = xtoi_2 (p); - + if (!agent_key_available (grip)) continue; /* The key is already available. */ - + /* Unknown key - store it. */ rc = agent_card_readkey (ctrl, item->id, &pubkey); if (rc) @@ -440,11 +440,11 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) if (opt.verbose) log_info ("stored\n"); - + if (assuan_context) { CERTINFO citem; - + /* only send the certificate if we have not done so before */ for (citem = cparm.info; citem; citem = citem->next) { @@ -460,7 +460,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) } } - + leave: xfree (serialno); release_keypair_info (parm.info); @@ -468,5 +468,3 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) release_sinfo (sparm.info); return rc; } - - diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index b9835f351..7df7f1d38 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -36,7 +36,7 @@ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, const unsigned char *ciphertext, size_t ciphertextlen, - membuf_t *outbuf) + membuf_t *outbuf) { gcry_sexp_t s_skey = NULL, s_cipher = NULL, s_plain = NULL; unsigned char *shadow_info = NULL; @@ -136,7 +136,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, put_membuf (outbuf, buf, len); put_membuf (outbuf, ")", 2); } - } + } leave: @@ -147,5 +147,3 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, xfree (shadow_info); return rc; } - - diff --git a/agent/pksign.c b/agent/pksign.c index 0414bc347..988e3d3f0 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -43,13 +43,13 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash, const char *s; char tmp[16+1]; int i; - + s = gcry_md_algo_name (algo); if (s && strlen (s) < 16) { for (i=0; i < strlen (s); i++) tmp[i] = tolower (s[i]); - tmp[i] = '\0'; + tmp[i] = '\0'; } rc = gcry_sexp_build (&hash, NULL, @@ -59,7 +59,7 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash, else { gcry_mpi_t mpi; - + rc = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, md, mdlen, NULL); if (! rc) { @@ -68,11 +68,11 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash, mpi); gcry_mpi_release (mpi); } - + } - + *r_hash = hash; - return rc; + return rc; } @@ -131,7 +131,7 @@ do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, qbits = get_dsa_qbits (pkey); else return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); - + if ((qbits%8)) { log_error (_("DSA requires the hash length to be a" @@ -164,7 +164,7 @@ do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, { log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"), mdlen*8, - gcry_pk_get_nbits (pkey), + gcry_pk_get_nbits (pkey), gcry_pk_algo_name (pkalgo)); /* FIXME: we need to check the requirements for ECDSA. */ if (mdlen < 20 || pkalgo == GCRY_PK_DSA) @@ -174,7 +174,7 @@ do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, /* Truncate. */ if (mdlen > qbits/8) mdlen = qbits/8; - + /* Create the S-expression. We need to convert to an MPI first because we want an unsigned integer. Using %b directly is not possible because libgcrypt assumes an mpi and uses @@ -182,7 +182,7 @@ do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, value. */ { gcry_mpi_t mpi; - + err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, md, mdlen, NULL); if (!err) { @@ -193,7 +193,7 @@ do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, } if (!err) *r_hash = hash; - return err; + return err; } @@ -209,7 +209,7 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits, gcry_sexp_t hash; unsigned char *frame; size_t i, n, nframe; - + nframe = (nbits+7) / 8; if ( !mdlen || mdlen + 8 + 4 > nframe ) { @@ -220,7 +220,7 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits, frame = xtrymalloc (nframe); if (!frame) return gpg_error_from_syserror (); - + /* Assemble the pkcs#1 block type 1. */ n = 0; frame[n++] = 0; @@ -233,7 +233,7 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits, memcpy (frame+n, md, mdlen ); n += mdlen; assert (n == nframe); - + /* Create the S-expression. */ rc = gcry_sexp_build (&hash, NULL, "(data (flags raw) (value %b))", @@ -241,7 +241,7 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits, xfree (frame); *r_hash = hash; - return rc; + return rc; } @@ -280,8 +280,8 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, unsigned char *buf = NULL; size_t len = 0; - rc = divert_pksign (ctrl, - ctrl->digest.value, + rc = divert_pksign (ctrl, + ctrl->digest.value, ctrl->digest.valuelen, ctrl->digest.algo, shadow_info, &buf); @@ -367,7 +367,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, tried to get a passphrase. */ int agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, - membuf_t *outbuf, cache_mode_t cache_mode) + membuf_t *outbuf, cache_mode_t cache_mode) { gcry_sexp_t s_sig = NULL; char *buf = NULL; diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c index 2037d9571..f303d5b7f 100644 --- a/agent/preset-passphrase.c +++ b/agent/preset-passphrase.c @@ -48,14 +48,14 @@ #include "sysutils.h" -enum cmd_and_opt_values +enum cmd_and_opt_values { aNull = 0, oVerbose = 'v', oPassphrase = 'P', oPreset = 'c', oForget = 'f', - + oNoVerbose = 500, oHomedir, @@ -67,7 +67,7 @@ static const char *opt_homedir; static const char *opt_passphrase; static ARGPARSE_OPTS opts[] = { - + { 301, NULL, 0, N_("@Options:\n ") }, { oVerbose, "verbose", 0, "verbose" }, @@ -75,7 +75,7 @@ static ARGPARSE_OPTS opts[] = { { oPreset, "preset", 256, "preset passphrase"}, { oForget, "forget", 256, "forget passphrase"}, - { oHomedir, "homedir", 2, "@" }, + { oHomedir, "homedir", 2, "@" }, {0} }; @@ -93,14 +93,14 @@ my_strusage (int level) case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break; case 1: - case 40: + case 40: p = _("Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"); break; case 41: p = _("Syntax: gpg-preset-passphrase [options] KEYGRIP\n" "Password cache maintenance\n"); break; - + default: p = NULL; } return p; @@ -111,7 +111,7 @@ my_strusage (int level) /* Include the implementation of map_spwq_error. */ MAP_SPWQ_ERROR_IMPL - + static void preset_passphrase (const char *keygrip) @@ -209,7 +209,7 @@ main (int argc, char **argv) const char *keygrip = NULL; set_strusage (my_strusage); - log_set_prefix ("gpg-preset-passphrase", 1); + log_set_prefix ("gpg-preset-passphrase", 1); /* Make sure that our subsystems are ready. */ i18n_init (); @@ -230,7 +230,7 @@ main (int argc, char **argv) case oPreset: cmd = oPreset; break; case oForget: cmd = oForget; break; case oPassphrase: opt_passphrase = pargs.r.ret_str; break; - + default : pargs.err = 2; break; } } diff --git a/agent/protect-tool.c b/agent/protect-tool.c index c5e43a38b..512019b80 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -45,8 +45,8 @@ #include "sysutils.h" -enum cmd_and_opt_values -{ +enum cmd_and_opt_values +{ aNull = 0, oVerbose = 'v', oArmor = 'a', @@ -54,7 +54,7 @@ enum cmd_and_opt_values oProtect = 'p', oUnprotect = 'u', - + oNoVerbose = 500, oShadow, oShowShadowInfo, @@ -68,13 +68,13 @@ enum cmd_and_opt_values oNoFailOnExist, oHomedir, oPrompt, - oStatusMsg, + oStatusMsg, oAgentProgram }; -struct rsa_secret_key_s +struct rsa_secret_key_s { gcry_mpi_t n; /* public modulus */ gcry_mpi_t e; /* public exponent */ @@ -95,7 +95,7 @@ static int opt_have_cert; static const char *opt_passphrase; static char *opt_prompt; static int opt_status_msg; -static const char *opt_agent_program; +static const char *opt_agent_program; static char *get_passphrase (int promptno); static void release_passphrase (char *pw); @@ -110,7 +110,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (oShowShadowInfo, "show-shadow-info", "return the shadow info"), ARGPARSE_c (oShowKeygrip, "show-keygrip", "show the \"keygrip\""), ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"), - + ARGPARSE_group (301, N_("@\nOptions:\n ")), ARGPARSE_s_n (oVerbose, "verbose", "verbose"), @@ -120,14 +120,14 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPassphrase, "passphrase", "|STRING|use passphrase STRING"), ARGPARSE_s_n (oHaveCert, "have-cert", "certificate to export provided on STDIN"), - ARGPARSE_s_n (oStore, "store", + ARGPARSE_s_n (oStore, "store", "store the created key in the appropriate place"), - ARGPARSE_s_n (oForce, "force", + ARGPARSE_s_n (oForce, "force", "force overwriting"), ARGPARSE_s_n (oNoFailOnExist, "no-fail-on-exist", "@"), - ARGPARSE_s_s (oHomedir, "homedir", "@"), - ARGPARSE_s_s (oPrompt, "prompt", - "|ESCSTRING|use ESCSTRING as prompt in pinentry"), + ARGPARSE_s_s (oHomedir, "homedir", "@"), + ARGPARSE_s_s (oPrompt, "prompt", + "|ESCSTRING|use ESCSTRING as prompt in pinentry"), ARGPARSE_s_n (oStatusMsg, "enable-status-msg", "@"), ARGPARSE_s_s (oAgentProgram, "agent-program", "@"), @@ -153,7 +153,7 @@ my_strusage (int level) case 41: p = _("Syntax: gpg-protect-tool [options] [args]\n" "Secret key maintenance tool\n"); break; - + default: p = NULL; } return p; @@ -234,7 +234,7 @@ read_file (const char *fname, size_t *r_length) FILE *fp; char *buf; size_t buflen; - + if (!strcmp (fname, "-")) { size_t nread, bufsize = 0; @@ -246,7 +246,7 @@ read_file (const char *fname, size_t *r_length) buf = NULL; buflen = 0; #define NCHUNK 8192 - do + do { bufsize += NCHUNK; if (!buf) @@ -277,14 +277,14 @@ read_file (const char *fname, size_t *r_length) log_error ("can't open `%s': %s\n", fname, strerror (errno)); return NULL; } - + if (fstat (fileno(fp), &st)) { log_error ("can't stat `%s': %s\n", fname, strerror (errno)); fclose (fp); return NULL; } - + buflen = st.st_size; buf = xmalloc (buflen+1); if (fread (buf, buflen, 1, fp) != 1) @@ -308,7 +308,7 @@ read_key (const char *fname) char *buf; size_t buflen; unsigned char *key; - + buf = read_file (fname, &buflen); if (!buf) return NULL; @@ -327,7 +327,7 @@ read_and_protect (const char *fname) unsigned char *result; size_t resultlen; char *pw; - + key = read_key (fname); if (!key) return; @@ -341,7 +341,7 @@ read_and_protect (const char *fname) log_error ("protecting the key failed: %s\n", gpg_strerror (rc)); return; } - + if (opt_armor) { char *p = make_advanced (result, resultlen); @@ -371,7 +371,7 @@ read_and_unprotect (const char *fname) if (!key) return; - rc = agent_unprotect (key, (pw=get_passphrase (1)), + rc = agent_unprotect (key, (pw=get_passphrase (1)), protected_at, &result, &resultlen); release_passphrase (pw); xfree (key); @@ -412,7 +412,7 @@ read_and_shadow (const char *fname) unsigned char *result; size_t resultlen; unsigned char dummy_info[] = "(8:313233342:43)"; - + key = read_key (fname); if (!key) return; @@ -426,7 +426,7 @@ read_and_shadow (const char *fname) } resultlen = gcry_sexp_canon_len (result, 0, NULL,NULL); assert (resultlen); - + if (opt_armor) { char *p = make_advanced (result, resultlen); @@ -448,7 +448,7 @@ show_shadow_info (const char *fname) unsigned char *key; const unsigned char *info; size_t infolen; - + key = read_key (fname); if (!key) return; @@ -462,7 +462,7 @@ show_shadow_info (const char *fname) } infolen = gcry_sexp_canon_len (info, 0, NULL,NULL); assert (infolen); - + if (opt_armor) { char *p = make_advanced (info, infolen); @@ -482,14 +482,14 @@ show_file (const char *fname) unsigned char *key; size_t keylen; char *p; - + key = read_key (fname); if (!key) return; keylen = gcry_sexp_canon_len (key, 0, NULL,NULL); assert (keylen); - + if (opt_canonical) { fwrite (key, keylen, 1, stdout); @@ -513,7 +513,7 @@ show_keygrip (const char *fname) gcry_sexp_t private; unsigned char grip[20]; int i; - + key = read_key (fname); if (!key) return; @@ -522,7 +522,7 @@ show_keygrip (const char *fname) { log_error ("gcry_sexp_new failed\n"); return; - } + } xfree (key); if (!gcry_pk_get_keygrip (private, grip)) @@ -550,7 +550,7 @@ main (int argc, char **argv ) set_strusage (my_strusage); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); - log_set_prefix ("gpg-protect-tool", 1); + log_set_prefix ("gpg-protect-tool", 1); /* Make sure that our subsystems are ready. */ i18n_init (); @@ -597,7 +597,7 @@ main (int argc, char **argv ) case oHaveCert: opt_have_cert = 1; break; case oPrompt: opt_prompt = pargs.r.ret_str; break; case oStatusMsg: opt_status_msg = 1; break; - + default: pargs.err = ARGPARSE_PRINT_ERROR; break; } } @@ -667,7 +667,7 @@ get_passphrase (int promptno) const char *desc; char *orig_codeset; int repeat = 0; - + if (opt_passphrase) return xstrdup (opt_passphrase); @@ -727,4 +727,3 @@ release_passphrase (char *pw) xfree (pw); } } - diff --git a/agent/t-protect.c b/agent/t-protect.c index 7b80bcbbb..a14e5e1cc 100644 --- a/agent/t-protect.c +++ b/agent/t-protect.c @@ -137,7 +137,7 @@ test_agent_protect (void) "\x9B\x7B\xE8\xDD\x1F\x87\x4E\x79\x7B\x50\x12\xA7\xB4\x8B\x52\x38\xEC\x7C\xBB\xB9" "\x55\x87\x11\x1C\x74\xE7\x7F\xA0\xBA\xE3\x34\x5D\x61\xBF\x29\x29\x29\x00" }; - + struct { const char *key; @@ -182,7 +182,7 @@ test_agent_protect (void) specs[i].ret_expected, gpg_strerror (specs[i].ret_expected)); abort (); } - + if (specs[i].no_result_expected) { assert (! specs[i].result); @@ -234,14 +234,14 @@ static void test_make_shadow_info (void) { #if 0 - static struct + static struct { - const char *snstr; + const char *snstr; const char *idstr; const char *expected; } data[] = { { "", "", NULL }, - + }; int i; unsigned char *result; @@ -305,7 +305,7 @@ main (int argc, char **argv) (void)argv; gcry_control (GCRYCTL_DISABLE_SECMEM); - + test_agent_protect (); test_agent_unprotect (); test_agent_private_key_type (); diff --git a/agent/trustlist.c b/agent/trustlist.c index d56598245..68dd83364 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -50,8 +50,8 @@ struct trustitem_s typedef struct trustitem_s trustitem_t; /* Malloced table and its allocated size with all trust items. */ -static trustitem_t *trusttable; -static size_t trusttablesize; +static trustitem_t *trusttable; +static size_t trusttablesize; /* A mutex used to protect the table. */ static pth_mutex_t trusttable_lock; @@ -111,7 +111,7 @@ unlock_trusttable (void) static gpg_error_t read_one_trustfile (const char *fname, int allow_include, - trustitem_t **addr_of_table, + trustitem_t **addr_of_table, size_t *addr_of_tablesize, int *addr_of_tableidx) { @@ -123,7 +123,7 @@ read_one_trustfile (const char *fname, int allow_include, int tableidx; size_t tablesize; int lnr = 0; - + table = *addr_of_table; tablesize = *addr_of_tablesize; tableidx = *addr_of_tableidx; @@ -155,13 +155,13 @@ read_one_trustfile (const char *fname, int allow_include, line[--n] = 0; /* Chop the LF. */ if (n && line[n-1] == '\r') line[--n] = 0; /* Chop an optional CR. */ - + /* Allow for empty lines and spaces */ for (p=line; spacep (p); p++) ; if (!*p || *p == '#') continue; - + if (!strncmp (p, "include-default", 15) && (!p[15] || spacep (p+15))) { @@ -194,7 +194,7 @@ read_one_trustfile (const char *fname, int allow_include, err = err2; } xfree (etcname); - + continue; } @@ -202,7 +202,7 @@ read_one_trustfile (const char *fname, int allow_include, { trustitem_t *tmp; size_t tmplen; - + tmplen = tablesize + 20; tmp = xtryrealloc (table, tmplen * sizeof *table); if (!tmp) @@ -229,13 +229,13 @@ read_one_trustfile (const char *fname, int allow_include, if (n < 0) { log_error (_("bad fingerprint in `%s', line %d\n"), fname, lnr); - err = gpg_error (GPG_ERR_BAD_DATA); + err = gpg_error (GPG_ERR_BAD_DATA); continue; } p += n; for (; spacep (p); p++) ; - + /* Process the first flag which needs to be the first for backward compatibility. */ if (!*p || *p == '*' ) @@ -379,7 +379,7 @@ read_trustfiles (void) /* Check whether the given fpr is in our trustdb. We expect FPR to be an all uppercase hexstring of 40 characters. */ -gpg_error_t +gpg_error_t agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled) { gpg_error_t err; @@ -414,7 +414,7 @@ agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled) if (ti->flags.relax) { err = agent_write_status (ctrl, - "TRUSTLISTFLAG", "relax", + "TRUSTLISTFLAG", "relax", NULL); if (err) return err; @@ -422,7 +422,7 @@ agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled) else if (ti->flags.cm) { err = agent_write_status (ctrl, - "TRUSTLISTFLAG", "cm", + "TRUSTLISTFLAG", "cm", NULL); if (err) return err; @@ -435,7 +435,7 @@ agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled) /* Write all trust entries to FP. */ -gpg_error_t +gpg_error_t agent_listtrusted (void *assuan_context) { trustitem_t *ti; @@ -532,7 +532,7 @@ reformat_name (const char *name, const char *replstring) count++; newname = xtrymalloc (strlen (name) + count*replstringlen + 1); if (!newname) - return NULL; + return NULL; for (s=name+1, d=newname; *s; s++) if (*s == '/') d = stpcpy (d, replstring); @@ -571,7 +571,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) { xfree (fname); return gpg_error (GPG_ERR_EPERM); - } + } xfree (fname); if (!agent_istrusted (ctrl, fpr, &is_disabled)) @@ -579,7 +579,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) return 0; /* We already got this fingerprint. Silently return success. */ } - + /* This feature must explicitly been enabled. */ if (!opt.allow_mark_trusted) return gpg_error (GPG_ERR_NOT_SUPPORTED); @@ -629,7 +629,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) xfree (nameformatted); return err; } - + fprformatted = insert_colons (fpr); if (!fprformatted) @@ -642,7 +642,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) fingerprint of course. */ if (yes_i_trust) { - desc = xtryasprintf + desc = xtryasprintf ( /* TRANSLATORS: This prompt is shown by the Pinentry and has one special property: A "%%0A" is used by Pinentry to @@ -662,7 +662,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) xfree (nameformatted); return out_of_core (); } - + /* TRANSLATORS: "Correct" is the label of a button and intended to be hit if the fingerprint matches the one of the CA. The other button is "the default "Cancel" of the Pinentry. */ @@ -688,7 +688,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) unlock_trusttable (); xfree (fprformatted); xfree (nameformatted); - return is_disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0; + return is_disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0; } fname = make_filename (opt.homedir, "trustlist.txt", NULL); @@ -735,7 +735,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) es_fprintf (fp, "\n%s%s %c\n", yes_i_trust?"":"!", fprformatted, flag); if (es_ferror (fp)) err = gpg_error_from_syserror (); - + if (es_fclose (fp)) err = gpg_error_from_syserror (); diff --git a/agent/w32main.c b/agent/w32main.c index 9fc3abbef..06ad72610 100644 --- a/agent/w32main.c +++ b/agent/w32main.c @@ -67,12 +67,12 @@ build_argv (char *cmdline_arg, int reserved) { argc++; /* Skip the remaining spaces. */ - while (*s==' ' || *s=='\t') + while (*s==' ' || *s=='\t') s++; if (!*s) break; bs_count = 0; - } + } else if (*s=='\\') { bs_count++; @@ -84,7 +84,7 @@ build_argv (char *cmdline_arg, int reserved) in_quotes = !in_quotes; bs_count=0; s++; - } + } else /* A regular character. */ { bs_count = 0; @@ -113,20 +113,20 @@ build_argv (char *cmdline_arg, int reserved) argv[argc++] = arg; /* Skip the remaining spaces. */ - do + do s++; while (*s==' ' || *s=='\t'); /* Start with a new argument */ arg = d = s; bs_count = 0; - } - else if (*s=='\\') + } + else if (*s=='\\') { *d++ = *s++; bs_count++; - } - else if (*s=='\"') + } + else if (*s=='\"') { if ( !(bs_count & 1) ) { @@ -137,7 +137,7 @@ build_argv (char *cmdline_arg, int reserved) s++; in_quotes = !in_quotes; } - else + else { /* Preceded by an odd number of backslashes, this is half that number of backslashes followed by a '\"'. */ @@ -146,7 +146,7 @@ build_argv (char *cmdline_arg, int reserved) s++; } bs_count=0; - } + } else /* A regular character. */ { *d++ = *s++; @@ -167,9 +167,9 @@ build_argv (char *cmdline_arg, int reserved) /* Our window message processing function. */ -static LRESULT CALLBACK +static LRESULT CALLBACK wndw_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam) -{ +{ switch (msg) { @@ -239,8 +239,8 @@ handle_taskbar (void *ctx) DestroyIcon (nid.hIcon); fprintf (stderr, "%s: enter\n", __func__); - while ( (rc=GetMessage (&msg, hwnd, 0, 0)) ) - { + while ( (rc=GetMessage (&msg, hwnd, 0, 0)) ) + { if (rc == -1) { log_error ("getMessage failed: %s\n", w32_strerror (-1)); diff --git a/am/cmacros.am b/am/cmacros.am index da34eb7ed..51f47c373 100644 --- a/am/cmacros.am +++ b/am/cmacros.am @@ -7,18 +7,18 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . localedir = $(datadir)/locale -AM_CPPFLAGS += -DLOCALEDIR=\"$(localedir)\" +AM_CPPFLAGS += -DLOCALEDIR=\"$(localedir)\" if ! HAVE_DOSISH_SYSTEM AM_CPPFLAGS += -DGNUPG_BINDIR="\"$(bindir)\"" \ @@ -59,14 +59,13 @@ endif # we use with pth. if HAVE_W32CE_SYSTEM extra_sys_libs = -lcoredll6 -extra_bin_ldflags = -Wl,--stack=0x40000 +extra_bin_ldflags = -Wl,--stack=0x40000 else -extra_sys_libs = -extra_bin_ldflags = +extra_sys_libs = +extra_bin_ldflags = endif # Convenience macros libcommon = ../common/libcommon.a libcommonpth = ../common/libcommonpth.a - diff --git a/common/Makefile.am b/common/Makefile.am index 2539859d5..5d7f22496 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -7,12 +7,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -97,12 +97,12 @@ common_sources = \ # separate source files. if HAVE_W32_SYSTEM if HAVE_W32CE_SYSTEM -common_sources += exechelp-w32ce.c +common_sources += exechelp-w32ce.c else -common_sources += exechelp-w32.c +common_sources += exechelp-w32.c endif else -common_sources += exechelp-posix.c +common_sources += exechelp-posix.c endif # Sources only useful without PTH. @@ -155,7 +155,7 @@ endif # # Module tests # -t_jnlib_src = t-support.c t-support.h +t_jnlib_src = t-support.c t-support.h jnlib_tests = t-stringhelp t-timestuff if HAVE_W32_SYSTEM jnlib_tests += t-w32-reg @@ -194,7 +194,3 @@ t_b64_LDADD = $(t_common_ldadd) t_exechelp_LDADD = $(t_common_ldadd) t_session_env_LDADD = $(t_common_ldadd) t_openpgp_oid_LDADD = $(t_common_ldadd) - - - - diff --git a/common/README.jnlib b/common/README.jnlib index e8df795cb..50a29257e 100644 --- a/common/README.jnlib +++ b/common/README.jnlib @@ -60,7 +60,7 @@ libjnlib_a_SOURCES = \ logging.c logging.h \ dotlock.c dotlock.h \ types.h mischelp.c mischelp.h dynload.h w32help.h \ - xmalloc.c xmalloc.h + xmalloc.c xmalloc.h if HAVE_W32_SYSTEM libjnlib_a_SOURCES += w32-reg.c w32-afunix.c w32-afunix.h @@ -79,7 +79,7 @@ if HAVE_W32_SYSTEM module_tests += t-w32-reg endif -t_jnlib_src = t-support.c t-support.h +t_jnlib_src = t-support.c t-support.h t_jnlib_ldadd = libjnlib.a $(LIBINTL) $(LIBICONV) # For W32 we need libgpg-error because it provides gettext. if HAVE_W32_SYSTEM @@ -97,5 +97,3 @@ t_w32_reg_SOURCES = t-w32-reg.c $(t_jnlib_src) t_w32_reg_LDADD = $(t_jnlib_ldadd) endif ==>8=================================================== - - diff --git a/common/argparse.h b/common/argparse.h index 5bd18d28c..b2ed9eed8 100644 --- a/common/argparse.h +++ b/common/argparse.h @@ -24,12 +24,12 @@ #include "types.h" typedef struct -{ +{ int *argc; /* Pointer to ARGC (value subject to change). */ char ***argv; /* Pointer to ARGV (value subject to change). */ unsigned int flags; /* Global flags. May be set prior to calling the parser. The parser may change the value. */ - int err; /* Print error description for last option. + int err; /* Print error description for last option. Either 0, ARGPARSE_PRINT_WARNING or ARGPARSE_PRINT_ERROR. */ @@ -78,7 +78,7 @@ typedef struct #define ARGPARSE_TYPE_STRING 2 /* Takes a string argument. */ #define ARGPARSE_TYPE_LONG 3 /* Takes a long argument. */ #define ARGPARSE_TYPE_ULONG 4 /* Takes an unsigned long argument. */ -#define ARGPARSE_OPT_OPTIONAL (1<<3) /* Argument is optional. */ +#define ARGPARSE_OPT_OPTIONAL (1<<3) /* Argument is optional. */ #define ARGPARSE_OPT_PREFIX (1<<4) /* Allow 0x etc. prefixed values. */ #define ARGPARSE_OPT_COMMAND (1<<8) /* The argument is a command. */ @@ -149,7 +149,7 @@ typedef struct #define ARGPARSE_group(s,d) \ - { (s), NULL, 0, (d) } + { (s), NULL, 0, (d) } #define ARGPARSE_end() { 0, NULL, 0, NULL } diff --git a/common/asshelp.c b/common/asshelp.c index b8be103fc..c5d5a3359 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -32,7 +32,7 @@ #include "util.h" #include "exechelp.h" #include "sysutils.h" -#include "status.h" +#include "status.h" #include "asshelp.h" /* The type we use for lock_agent_spawning. */ @@ -43,7 +43,7 @@ #endif /* The time we wait until the agent or the dirmngr are ready for - operation after we started them before giving up. */ + operation after we started them before giving up. */ #ifdef HAVE_W32CE_SYSTEM # define SECS_TO_WAIT_FOR_AGENT 30 # define SECS_TO_WAIT_FOR_DIRMNGR 30 @@ -110,7 +110,7 @@ send_one_option (assuan_context_t ctx, gpg_err_source_t errsource, if (!value || !*value) err = 0; /* Avoid sending empty strings. */ - else if (asprintf (&optstr, "OPTION %s%s=%s", + else if (asprintf (&optstr, "OPTION %s%s=%s", use_putenv? "putenv=":"", name, value) < 0) err = gpg_error_from_syserror (); else @@ -136,7 +136,7 @@ send_pinentry_environment (assuan_context_t ctx, { gpg_error_t err = 0; #if defined(HAVE_SETLOCALE) - char *old_lc = NULL; + char *old_lc = NULL; #endif char *dft_lc = NULL; const char *dft_ttyname; @@ -144,7 +144,7 @@ send_pinentry_environment (assuan_context_t ctx, const char *name, *assname, *value; int is_default; - iterator = 0; + iterator = 0; while ((name = session_env_list_stdenvnames (&iterator, &assname))) { value = session_env_getenv_or_default (session_env, name, NULL); @@ -164,7 +164,7 @@ send_pinentry_environment (assuan_context_t ctx, } - dft_ttyname = session_env_getenv_or_default (session_env, "GPG_TTY", + dft_ttyname = session_env_getenv_or_default (session_env, "GPG_TTY", &is_default); if (dft_ttyname && !is_default) dft_ttyname = NULL; /* We need the default value. */ @@ -182,7 +182,7 @@ send_pinentry_environment (assuan_context_t ctx, #endif if (opt_lc_ctype || (dft_ttyname && dft_lc)) { - err = send_one_option (ctx, errsource, "lc-ctype", + err = send_one_option (ctx, errsource, "lc-ctype", opt_lc_ctype ? opt_lc_ctype : dft_lc, 0); } #if defined(HAVE_SETLOCALE) && defined(LC_CTYPE) @@ -208,7 +208,7 @@ send_pinentry_environment (assuan_context_t ctx, #endif if (opt_lc_messages || (dft_ttyname && dft_lc)) { - err = send_one_option (ctx, errsource, "lc-messages", + err = send_one_option (ctx, errsource, "lc-messages", opt_lc_messages ? opt_lc_messages : dft_lc, 0); } #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) @@ -240,7 +240,7 @@ lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name, (void)homedir; /* Not required. */ - *lock = CreateMutexW + *lock = CreateMutexW (NULL, FALSE, !strcmp (name, "agent")? L"GnuPG_spawn_agent_sentinel": !strcmp (name, "dirmngr")? L"GnuPG_spawn_dirmngr_sentinel": @@ -256,7 +256,7 @@ lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name, waitrc = WaitForSingleObject (*lock, 1000); if (waitrc == WAIT_OBJECT_0) return 0; - + if (waitrc == WAIT_TIMEOUT && timeout) { timeout--; @@ -268,7 +268,7 @@ lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name, if (waitrc == WAIT_TIMEOUT) log_info ("error waiting for the spawn_%s mutex: timeout\n", name); else - log_info ("error waiting for the spawn_%s mutex: (code=%d) %s\n", + log_info ("error waiting for the spawn_%s mutex: (code=%d) %s\n", name, waitrc, w32_strerror (-1)); return gpg_error (GPG_ERR_GENERAL); #else /*!HAVE_W32_SYSTEM*/ @@ -377,11 +377,11 @@ start_new_gpg_agent (assuan_context_t *r_ctx, if (verbose) log_info (_("no running gpg-agent - starting `%s'\n"), agent_program); - + if (status_cb) - status_cb (status_cb_arg, STATUS_PROGRESS, + status_cb (status_cb_arg, STATUS_PROGRESS, "starting_agent ? 0 0", NULL); - + if (fflush (NULL)) { gpg_error_t tmperr = gpg_err_make (errsource, @@ -392,9 +392,9 @@ start_new_gpg_agent (assuan_context_t *r_ctx, assuan_release (ctx); return tmperr; } - - argv[0] = "--use-standard-socket-p"; - argv[1] = NULL; + + argv[0] = "--use-standard-socket-p"; + argv[1] = NULL; err = gnupg_spawn_process_fd (agent_program, argv, -1, -1, -1, &pid); if (err) log_debug ("starting `%s' for testing failed: %s\n", @@ -404,7 +404,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx, if (excode == -1) log_debug ("running `%s' for testing failed (wait): %s\n", agent_program, gpg_strerror (err)); - } + } gnupg_release_process (pid); if (!err && !excode) @@ -416,8 +416,8 @@ start_new_gpg_agent (assuan_context_t *r_ctx, lock_spawn_t lock; argv[0] = "--daemon"; - argv[1] = "--use-standard-socket"; - argv[2] = NULL; + argv[1] = "--use-standard-socket"; + argv[2] = NULL; if (!(err = lock_spawning (&lock, homedir, "agent", verbose)) && assuan_socket_connect (ctx, sockname, 0, 0)) @@ -463,22 +463,22 @@ start_new_gpg_agent (assuan_context_t *r_ctx, const char *pgmname; int no_close_list[3]; int i; - + if ( !(pgmname = strrchr (agent_program, '/'))) pgmname = agent_program; else pgmname++; - + argv[0] = pgmname; argv[1] = "--server"; argv[2] = NULL; - + i=0; if (log_get_fd () != -1) no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); no_close_list[i] = -1; - + /* Connect to the agent and perform initial handshaking. */ err = assuan_pipe_connect (ctx, agent_program, argv, no_close_list, NULL, NULL, 0); @@ -566,7 +566,7 @@ start_new_dirmngr (assuan_context_t *r_ctx, assuan_context_t ctx; const char *sockname; int did_success_msg = 0; - + *r_ctx = NULL; err = assuan_new (&ctx); @@ -595,11 +595,11 @@ start_new_dirmngr (assuan_context_t *r_ctx, if (verbose) log_info (_("no running Dirmngr - starting `%s'\n"), dirmngr_program); - + if (status_cb) - status_cb (status_cb_arg, STATUS_PROGRESS, + status_cb (status_cb_arg, STATUS_PROGRESS, "starting_dirmngr ? 0 0", NULL); - + if (fflush (NULL)) { gpg_error_t tmperr = gpg_err_make (errsource, @@ -609,10 +609,10 @@ start_new_dirmngr (assuan_context_t *r_ctx, assuan_release (ctx); return tmperr; } - + argv[0] = "--daemon"; - argv[1] = NULL; - + argv[1] = NULL; + if (!(err = lock_spawning (&lock, homedir, "dirmngr", verbose)) && assuan_socket_connect (ctx, sockname, 0, 0)) { @@ -623,7 +623,7 @@ start_new_dirmngr (assuan_context_t *r_ctx, else { int i; - + for (i=0; i < SECS_TO_WAIT_FOR_DIRMNGR; i++) { if (verbose) @@ -645,7 +645,7 @@ start_new_dirmngr (assuan_context_t *r_ctx, } } } - + unlock_spawning (&lock, "dirmngr"); } #else @@ -655,7 +655,7 @@ start_new_dirmngr (assuan_context_t *r_ctx, (void)status_cb; (void)status_cb_arg; #endif /*USE_DIRMNGR_AUTO_START*/ - + if (err) { log_error ("connecting dirmngr at `%s' failed: %s\n", @@ -670,4 +670,3 @@ start_new_dirmngr (assuan_context_t *r_ctx, *r_ctx = ctx; return 0; } - diff --git a/common/audit.c b/common/audit.c index 38d0c0c3d..ead28ceb1 100644 --- a/common/audit.c +++ b/common/audit.c @@ -57,7 +57,7 @@ struct audit_ctx_s { const char *failure; /* If set a description of the internal failure. */ audit_type_t type; - + log_item_t log; /* The table with the log entries. */ size_t logsize; /* The allocated size for LOG. */ size_t logused; /* The used size of LOG. */ @@ -71,17 +71,17 @@ struct audit_ctx_s -static void writeout_para (audit_ctx_t ctx, +static void writeout_para (audit_ctx_t ctx, const char *format, ...) JNLIB_GCC_A_PRINTF(2,3); static void writeout_li (audit_ctx_t ctx, const char *oktext, const char *format, ...) JNLIB_GCC_A_PRINTF(3,4); -static void writeout_rem (audit_ctx_t ctx, +static void writeout_rem (audit_ctx_t ctx, const char *format, ...) JNLIB_GCC_A_PRINTF(2,3); /* Add NAME to the list of help tags. NAME needs to be a const string an this function merly stores this pointer. */ -static void +static void add_helptag (audit_ctx_t ctx, const char *name) { helptag_t item; @@ -127,7 +127,7 @@ event2str (audit_event_t event) /* Create a new audit context. In case of an error NULL is returned - and errno set appropriately. */ + and errno set appropriately. */ audit_ctx_t audit_new (void) { @@ -228,7 +228,7 @@ create_log_item (audit_ctx_t ctx) item->cert = NULL; return item; - + } /* Add a new event to the audit log. If CTX is NULL, this function @@ -329,7 +329,7 @@ audit_log_s (audit_ctx_t ctx, audit_event_t event, const char *value) does nothing. This version also adds the certificate CERT and the result of an operation to the log. */ void -audit_log_cert (audit_ctx_t ctx, audit_event_t event, +audit_log_cert (audit_ctx_t ctx, audit_event_t event, ksba_cert_t cert, gpg_error_t err) { log_item_t item; @@ -348,14 +348,14 @@ audit_log_cert (audit_ctx_t ctx, audit_event_t event, item->have_err = 1; if (cert) { - ksba_cert_ref (cert); + ksba_cert_ref (cert); item->cert = cert; } } /* Write TEXT to the outstream. */ -static void +static void writeout (audit_ctx_t ctx, const char *text) { if (ctx->use_html) @@ -376,7 +376,7 @@ writeout (audit_ctx_t ctx, const char *text) /* Write TEXT to the outstream using a variable argument list. */ -static void +static void writeout_v (audit_ctx_t ctx, const char *format, va_list arg_ptr) { char *buf; @@ -440,7 +440,7 @@ leave_li (audit_ctx_t ctx) } } - + /* Write TEXT as a list element. If OKTEXT is not NULL, append it to the last line. */ static void @@ -451,7 +451,7 @@ writeout_li (audit_ctx_t ctx, const char *oktext, const char *format, ...) if (ctx->use_html && format && oktext) { - if (!strcmp (oktext, "Yes") + if (!strcmp (oktext, "Yes") || !strcmp (oktext, "good") ) color = "green"; else if (!strcmp (oktext, "No") @@ -530,13 +530,13 @@ writeout_li (audit_ctx_t ctx, const char *oktext, const char *format, ...) if (color) es_fprintf (ctx->outstream, "", color); } - else + else writeout (ctx, ": "); writeout (ctx, oktext); if (color) es_fputs ("", ctx->outstream); } - + if (ctx->use_html) es_fputs ("\n", ctx->outstream); else @@ -579,7 +579,7 @@ writeout_rem (audit_ctx_t ctx, const char *format, ...) look behind that event in the log. If STARTITEM is not NULL start search _after_that item. */ static log_item_t -find_next_log_item (audit_ctx_t ctx, log_item_t startitem, +find_next_log_item (audit_ctx_t ctx, log_item_t startitem, audit_event_t event, audit_event_t stopevent) { int idx; @@ -725,9 +725,9 @@ list_certchain (audit_ctx_t ctx, log_item_t startitem, audit_event_t stopevent) startitem = find_next_log_item (ctx, startitem, AUDIT_CHAIN_BEGIN,stopevent); writeout_li (ctx, startitem? "Yes":"No", _("Certificate chain available")); if (!startitem) - return; + return; - item = find_next_log_item (ctx, startitem, + item = find_next_log_item (ctx, startitem, AUDIT_CHAIN_ROOTCERT, AUDIT_CHAIN_END); if (!item) writeout_rem (ctx, "%s", _("root certificate missing")); @@ -736,7 +736,7 @@ list_certchain (audit_ctx_t ctx, log_item_t startitem, audit_event_t stopevent) list_cert (ctx, item->cert, 0); } item = startitem; - while ( ((item = find_next_log_item (ctx, item, + while ( ((item = find_next_log_item (ctx, item, AUDIT_CHAIN_CERT, AUDIT_CHAIN_END)))) { list_cert (ctx, item->cert, 1); @@ -779,7 +779,7 @@ proc_type_encrypt (audit_ctx_t ctx) } item = find_log_item (ctx, AUDIT_GOT_RECIPIENTS, 0); - snprintf (numbuf, sizeof numbuf, "%d", + snprintf (numbuf, sizeof numbuf, "%d", item && item->have_intvalue? item->intvalue : 0); writeout_li (ctx, numbuf, "%s", _("Number of recipients")); @@ -830,7 +830,7 @@ proc_type_sign (audit_ctx_t ctx) writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); /* Write remarks with the data hash algorithms. We use a very simple scheme to avoid some duplicates. */ - loopitem = NULL; + loopitem = NULL; lastalgo = 0; while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG))) @@ -1033,7 +1033,7 @@ proc_type_verify (audit_ctx_t ctx) writeout_rem (ctx, _("data hash algorithm: %s"), gcry_md_algo_name (item->intvalue)); else if (item->event == AUDIT_BAD_DATA_HASH_ALGO) - writeout_rem (ctx, _("bad data hash algorithm: %s"), + writeout_rem (ctx, _("bad data hash algorithm: %s"), item->string? item->string:"?"); } } @@ -1066,7 +1066,7 @@ proc_type_verify (audit_ctx_t ctx) gcry_md_algo_name (item->intvalue)); enter_li (ctx); - + /* List the certificate chain. */ list_certchain (ctx, loopitem, AUDIT_NEW_SIG); @@ -1075,12 +1075,12 @@ proc_type_verify (audit_ctx_t ctx) AUDIT_CHAIN_STATUS, AUDIT_NEW_SIG); if (item && item->have_err) { - writeout_li (ctx, item->err? "No":"Yes", + writeout_li (ctx, item->err? "No":"Yes", _("Certificate chain valid")); if (item->err) writeout_rem (ctx, "%s", gpg_strerror (item->err)); } - + /* Show whether the root certificate is fine. */ item = find_next_log_item (ctx, loopitem, AUDIT_ROOT_TRUSTED, AUDIT_CHAIN_STATUS); @@ -1115,9 +1115,9 @@ proc_type_verify (audit_ctx_t ctx) break; default: ok = gpg_strerror (item->err); break; } - + writeout_li (ctx, ok, "%s", _("CRL/OCSP check of certificates")); - if (item->err + if (item->err && gpg_err_code (item->err) != GPG_ERR_CERT_REVOKED && gpg_err_code (item->err) != GPG_ERR_NOT_ENABLED) add_helptag (ctx, "gpgsm.crl-problem"); @@ -1132,13 +1132,13 @@ proc_type_verify (audit_ctx_t ctx) /* Always list the certificates stored in the signature. */ item = NULL; count = 0; - while ( ((item = find_next_log_item (ctx, item, + while ( ((item = find_next_log_item (ctx, item, AUDIT_SAVE_CERT, AUDIT_NEW_SIG)))) count++; snprintf (numbuf, sizeof numbuf, "%d", count); writeout_li (ctx, numbuf, _("Included certificates")); item = NULL; - while ( ((item = find_next_log_item (ctx, item, + while ( ((item = find_next_log_item (ctx, item, AUDIT_SAVE_CERT, AUDIT_NEW_SIG)))) { char *name = get_cert_name (item->cert); @@ -1169,7 +1169,7 @@ audit_print_result (audit_ctx_t ctx, estream_t out, int use_html) const char *s; int show_raw = 0; char *orig_codeset; - + if (!ctx) return; @@ -1201,31 +1201,31 @@ audit_print_result (audit_ctx_t ctx, estream_t out, int use_html) for (idx=0,maxlen=0; idx < DIM (eventstr_msgidx); idx++) { - n = strlen (eventstr_msgstr + eventstr_msgidx[idx]); + n = strlen (eventstr_msgstr + eventstr_msgidx[idx]); if (n > maxlen) maxlen = n; } - + if (use_html) es_fputs ("
\n", out);
       for (idx=0; idx < ctx->logused; idx++)
         {
-          es_fprintf (out, "log: %-*s", 
+          es_fprintf (out, "log: %-*s",
                       maxlen, event2str (ctx->log[idx].event));
           if (ctx->log[idx].have_intvalue)
-            es_fprintf (out, " i=%d", ctx->log[idx].intvalue); 
+            es_fprintf (out, " i=%d", ctx->log[idx].intvalue);
           if (ctx->log[idx].string)
             {
-              es_fputs (" s=`", out); 
-              writeout (ctx, ctx->log[idx].string); 
-              es_fputs ("'", out); 
+              es_fputs (" s=`", out);
+              writeout (ctx, ctx->log[idx].string);
+              es_fputs ("'", out);
             }
           if (ctx->log[idx].cert)
-            es_fprintf (out, " has_cert"); 
+            es_fprintf (out, " has_cert");
           if (ctx->log[idx].have_err)
             {
               es_fputs (" err=`", out);
-              writeout (ctx, gpg_strerror (ctx->log[idx].err)); 
+              writeout (ctx, gpg_strerror (ctx->log[idx].err));
               es_fputs ("'", out);
             }
           es_fputs ("\n", out);
@@ -1321,4 +1321,3 @@ audit_print_result (audit_ctx_t ctx, estream_t out, int use_html)
   clear_helptags (ctx);
   i18n_switchback (orig_codeset);
 }
-
diff --git a/common/audit.h b/common/audit.h
index 8f413aa30..77d8f0632 100644
--- a/common/audit.h
+++ b/common/audit.h
@@ -56,7 +56,7 @@ typedef enum
     /* Indicates whether the gpg-agent is available.  For some
        operations the agent is not required and thus no such event
        will be logged.  */
-    
+
     AUDIT_DIRMNGR_READY,   /* err */
     /* Indicates whether the Dirmngr is available.  For some
        operations the Dirmngr is not required and thus no such event
@@ -115,7 +115,7 @@ typedef enum
     /* The program was used in an inappropriate way; For example by
        passing a data object while the signature does not expect one
        or vice versa.  */
-    
+
     AUDIT_SAVE_CERT,       /* cert, ok_err */
     /* Save the certificate received in a message. */
 
@@ -123,7 +123,7 @@ typedef enum
     /* Start the verification of a new signature for the last data
        object.  The argument is the signature number as used
        internally by the program.  */
-    
+
     AUDIT_SIG_NAME,        /* string */
     /* The name of a signer.  This is the name or other identification
        data as known from the signature and not the name from the
@@ -135,7 +135,7 @@ typedef enum
        audit information for one signature.  STRING gives the status:
 
          "error"       - there was a problem checking this or any signature.
-         "unsupported" - the signature type is not supported. 
+         "unsupported" - the signature type is not supported.
          "no-cert"     - The certificate of the signer was not found (the
                          S/N+issuer of the signer is already in the log).
          "bad"         - bad signature
@@ -145,7 +145,7 @@ typedef enum
     AUDIT_NEW_RECP,        /* int */
     /* A new recipient has been seen during decryption.  The argument
        is the recipient number as used internally by the program.  */
-    
+
     AUDIT_RECP_NAME,       /* string */
     /* The name of a recipient.  This is the name or other identification
        data as known from the decryption and not the name from the
@@ -169,7 +169,7 @@ typedef enum
     AUDIT_CHAIN_END,
     /* These 4 events are used to log the certificates making up a
        certificate chain.  ROOTCERT is used for the trustanchor and
-       CERT for all other certificates.  */ 
+       CERT for all other certificates.  */
 
     AUDIT_CHAIN_STATUS,  /* err */
     /* Tells the final status of the chain validation.  */
@@ -217,7 +217,7 @@ void audit_log (audit_ctx_t ctx, audit_event_t event);
 void audit_log_ok (audit_ctx_t ctx, audit_event_t event, gpg_error_t err);
 void audit_log_i (audit_ctx_t ctx, audit_event_t event, int value);
 void audit_log_s (audit_ctx_t ctx, audit_event_t event, const char *value);
-void audit_log_cert (audit_ctx_t ctx, audit_event_t event, 
+void audit_log_cert (audit_ctx_t ctx, audit_event_t event,
                      ksba_cert_t cert, gpg_error_t err);
 
 void audit_print_result (audit_ctx_t ctx, estream_t stream, int use_html);
diff --git a/common/b64dec.c b/common/b64dec.c
index 137dd7216..edd72c6a9 100644
--- a/common/b64dec.c
+++ b/common/b64dec.c
@@ -29,7 +29,7 @@
 
 
 /* The reverse base-64 list used for base-64 decoding. */
-static unsigned char const asctobin[128] = 
+static unsigned char const asctobin[128] =
   {
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -49,7 +49,7 @@ static unsigned char const asctobin[128] =
     0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
   };
 
-enum decoder_states 
+enum decoder_states
   {
     s_init, s_idle, s_lfseen, s_begin,
     s_b64_0, s_b64_1, s_b64_2, s_b64_3,
@@ -62,7 +62,7 @@ enum decoder_states
    plain base64 decoding is done.  If it is the empty string the
    decoder will skip everything until a "-----BEGIN " line has been
    seen, decoding ends at a "----END " line.
-   
+
    Not yet implemented: If TITLE is either "PGP" or begins with "PGP "
    the PGP armor lines are skipped as well.  */
 gpg_error_t
@@ -96,7 +96,7 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length,
 {
   enum decoder_states ds = state->idx;
   unsigned char val = state->radbuf[0];
-  int pos = state->quad_count; 
+  int pos = state->quad_count;
   char *d, *s;
 
   if (state->lasterr)
@@ -110,7 +110,7 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length,
       state->title = NULL;
       return state->lasterr;
     }
-  
+
   for (s=d=buffer; length && !state->stop_seen; length--, s++)
     {
       switch (ds)
@@ -143,7 +143,7 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length,
           {
             int c;
 
-            if (*s == '-' && state->title) 
+            if (*s == '-' && state->title)
               {
                 /* Not a valid Base64 character: assume end
                    header.  */
@@ -158,7 +158,7 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length,
               }
             else if (*s == '\n' || *s == ' ' || *s == '\r' || *s == '\t')
               ; /* Skip white spaces. */
-            else if ( (*s & 0x80) 
+            else if ( (*s & 0x80)
                       || (c = asctobin[*(unsigned char *)s]) == 255)
               {
                 /* Skip invalid encodings.  */
@@ -198,8 +198,8 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length,
         case s_waitend:
           if ( *s == '\n')
             state->stop_seen = 1;
-          break; 
-        default: 
+          break;
+        default:
           BUG();
         }
     }
@@ -207,7 +207,7 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length,
 
   state->idx = ds;
   state->radbuf[0] = val;
-  state->quad_count = pos; 
+  state->quad_count = pos;
   *r_nbytes = (d -(char*) buffer);
   return 0;
 }
@@ -226,4 +226,3 @@ b64dec_finish (struct b64state *state)
   state->title = NULL;
   return state->invalid_encoding? gpg_error(GPG_ERR_BAD_DATA): 0;
 }
-
diff --git a/common/b64enc.c b/common/b64enc.c
index 5d616198e..eae796c6e 100644
--- a/common/b64enc.c
+++ b/common/b64enc.c
@@ -34,25 +34,25 @@
 #define B64ENC_USE_PGPCRC   32
 
 /* The base-64 character list */
-static unsigned char bintoasc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 
-                                    "abcdefghijklmnopqrstuvwxyz" 
-                                    "0123456789+/"; 
+static unsigned char bintoasc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                                    "abcdefghijklmnopqrstuvwxyz"
+                                    "0123456789+/";
 
 /* Stuff required to create the OpenPGP CRC.  This crc_table has been
    created using this code:
 
    #include 
    #include 
-   
+
    #define CRCPOLY 0x864CFB
-   
+
    int
    main (void)
    {
      int i, j;
      uint32_t t;
      uint32_t crc_table[256];
-   
+
      crc_table[0] = 0;
      for (i=j=0; j < 128; j++ )
        {
@@ -70,7 +70,7 @@ static unsigned char bintoasc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
              crc_table[i++] = t ^ CRCPOLY;
    	}
        }
-   
+
      puts ("static const u32 crc_table[256] = {");
      for (i=j=0; i < 256; i++)
        {
@@ -224,11 +224,11 @@ b64enc_write (struct b64state *state, const void *buffer, size_t nbytes)
                || my_fputs (state->title, state) == EOF
                || my_fputs ("-----\n", state) == EOF)
             goto write_error;
-          if ( (state->flags & B64ENC_USE_PGPCRC) 
+          if ( (state->flags & B64ENC_USE_PGPCRC)
                && my_fputs ("\n", state) == EOF)
             goto write_error;
         }
-        
+
       state->flags |= B64ENC_DID_HEADER;
     }
 
@@ -274,7 +274,7 @@ b64enc_write (struct b64state *state, const void *buffer, size_t nbytes)
               if (ferror (state->fp))
                 goto write_error;
             }
-          if (++quad_count >= (64/4)) 
+          if (++quad_count >= (64/4))
             {
               quad_count = 0;
               if (!(state->flags & B64ENC_NO_LINEFEEDS)
@@ -328,8 +328,8 @@ b64enc_finish (struct b64state *state)
           tmp[2] = '=';
           tmp[3] = '=';
         }
-      else 
-        { 
+      else
+        {
           tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
           tmp[2] = bintoasc[((radbuf[1] << 2) & 074) & 077];
           tmp[3] = '=';
@@ -351,7 +351,7 @@ b64enc_finish (struct b64state *state)
             goto write_error;
         }
 
-      if (++quad_count >= (64/4)) 
+      if (++quad_count >= (64/4))
         {
           quad_count = 0;
           if (!(state->flags & B64ENC_NO_LINEFEEDS)
@@ -365,7 +365,7 @@ b64enc_finish (struct b64state *state)
       && !(state->flags & B64ENC_NO_LINEFEEDS)
       && my_fputs ("\n", state) == EOF)
     goto write_error;
-  
+
   if ( (state->flags & B64ENC_USE_PGPCRC) )
     {
       /* Write the CRC.  */
@@ -420,4 +420,3 @@ b64enc_finish (struct b64state *state)
   state->lasterr = err;
   return err;
 }
-
diff --git a/common/dns-cert.c b/common/dns-cert.c
index 80ba7d06d..888ffb7b1 100644
--- a/common/dns-cert.c
+++ b/common/dns-cert.c
@@ -82,7 +82,7 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
       adns_finish (state);
       return -1;
     }
-  if (answer->status != adns_s_ok) 
+  if (answer->status != adns_s_ok)
     {
       /* log_error ("DNS query returned an error: %s (%s)\n", */
       /*            adns_strerror (answer->status), */
@@ -112,7 +112,7 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
           *iobuf = iobuf_temp_with_content ((char*)data, datalen);
           rc = 1;
         }
-      else if (ctype == 6 && datalen && datalen < 1023 
+      else if (ctype == 6 && datalen && datalen < 1023
                && datalen >= data[0]+1 && fpr && fpr_len && url)
         {
           /* CERT type is IPGP.  We made sure tha the data is
@@ -126,7 +126,7 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
             }
           else
             *fpr = NULL;
-              
+
           if (datalen > *fpr_len + 1)
             {
               *url = xmalloc (datalen - (*fpr_len+1) + 1);
@@ -135,11 +135,11 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
             }
           else
             *url = NULL;
-          
+
           rc = 2;
         }
     }
-  
+
   adns_free (answer);
   adns_finish (state);
   return rc;
diff --git a/common/dotlock.c b/common/dotlock.c
index c41f69481..507546562 100644
--- a/common/dotlock.c
+++ b/common/dotlock.c
@@ -1,5 +1,5 @@
 /* dotlock.c - dotfile locking
- * Copyright (C) 1998, 2000, 2001, 2003, 2004, 
+ * Copyright (C) 1998, 2000, 2001, 2003, 2004,
  *               2005, 2006, 2008, 2010 Free Software Foundation, Inc.
  *
  * This file is part of JNLIB.
@@ -61,7 +61,7 @@
 
 
 /* The object describing a lock.  */
-struct dotlock_handle 
+struct dotlock_handle
 {
   struct dotlock_handle *next;
   char *lockname;      /* Name of the actual lockfile.          */
@@ -112,7 +112,7 @@ disable_dotlock(void)
    Calling this function with NULL does only install the atexit
    handler and may thus be used to assure that the cleanup is called
    after all other atexit handlers.
-  
+
    This function creates a lock file in the same directory as
    FILE_TO_LOCK using that name and a suffix of ".lock".  Note that on
    POSIX systems a temporary file ".#lk..pid[.threadid] is
@@ -174,7 +174,7 @@ create_dotlock (const char *file_to_lock)
     nodename = "unknown";
   else
     nodename = utsbuf.nodename;
-  
+
 #ifdef __riscos__
   {
     char *iter = (char *) nodename;
@@ -223,15 +223,15 @@ create_dotlock (const char *file_to_lock)
             "%s/%d", nodename, (int)getpid () );
 #endif /* __riscos__ */
 
-  do 
+  do
     {
       jnlib_set_errno (0);
       fd = open (h->tname, O_WRONLY|O_CREAT|O_EXCL,
                  S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
-    } 
+    }
   while (fd == -1 && errno == EINTR);
 
-  if ( fd == -1 ) 
+  if ( fd == -1 )
     {
       all_lockfiles = h->next;
       log_error (_("failed to create temporary file `%s': %s\n"),
@@ -303,11 +303,11 @@ create_dotlock (const char *file_to_lock)
      reasons why a lock file can't be created and thus the process
      would not stop as expected but spin til until Windows crashes.
      Our solution is to keep the lock file open; that does not
-     harm. */ 
+     harm. */
   {
 #ifdef HAVE_W32CE_SYSTEM
     wchar_t *wname = utf8_to_wchar (h->lockname);
-    
+
     h->lockhd = INVALID_HANDLE_VALUE;
     if (wname)
       h->lockhd = CreateFile (wname,
@@ -318,7 +318,7 @@ create_dotlock (const char *file_to_lock)
                             FILE_SHARE_READ|FILE_SHARE_WRITE,
                             NULL, OPEN_ALWAYS, 0, NULL);
 #ifdef HAVE_W32CE_SYSTEM
-    jnlib_free (wname);                           
+    jnlib_free (wname);
 #endif
   }
   if (h->lockhd == INVALID_HANDLE_VALUE)
@@ -355,7 +355,7 @@ destroy_dotlock (dotlock_t h)
         h->next = NULL;
         break;
       }
-  
+
   /* Then destroy the lock. */
   if (!h->disable)
     {
@@ -364,7 +364,7 @@ destroy_dotlock (dotlock_t h)
         {
           OVERLAPPED ovl;
 
-          memset (&ovl, 0, sizeof ovl); 
+          memset (&ovl, 0, sizeof ovl);
           UnlockFileEx (h->lockhd, 0, 1, 0, &ovl);
         }
       CloseHandle (h->lockhd);
@@ -414,7 +414,7 @@ make_dotlock (dotlock_t h, long timeout)
   if ( h->disable )
     return 0; /* Locks are completely disabled.  Return success. */
 
-  if ( h->locked ) 
+  if ( h->locked )
     {
 #ifndef __riscos__
       log_debug ("Oops, `%s' is already locked\n", h->lockname);
@@ -438,19 +438,19 @@ make_dotlock (dotlock_t h, long timeout)
           return -1;
 	}
 # else /* __riscos__ */
-      if ( !renamefile(h->tname, h->lockname) ) 
+      if ( !renamefile(h->tname, h->lockname) )
         {
           h->locked = 1;
           return 0; /* okay */
         }
-      if ( errno != EEXIST ) 
+      if ( errno != EEXIST )
         {
           log_error( "lock not made: rename() failed: %s\n", strerror(errno) );
           return -1;
         }
 # endif /* __riscos__ */
 
-      if ( (pid = read_lockfile (h, &same_node)) == -1 ) 
+      if ( (pid = read_lockfile (h, &same_node)) == -1 )
         {
           if ( errno != ENOENT )
             {
@@ -480,11 +480,11 @@ make_dotlock (dotlock_t h, long timeout)
 # endif /* __riscos__ */
 	}
 
-      if ( timeout == -1 ) 
+      if ( timeout == -1 )
         {
           /* Wait until lock has been released. */
           struct timeval tv;
-          
+
           log_info (_("waiting for lock (held by %d%s) %s...\n"),
                     pid, maybe_dead, maybe_deadlock(h)? _("(deadlock?) "):"");
 
@@ -503,7 +503,7 @@ make_dotlock (dotlock_t h, long timeout)
       OVERLAPPED ovl;
 
       /* Lock one byte at offset 0.  The offset is given by OVL.  */
-      memset (&ovl, 0, sizeof ovl); 
+      memset (&ovl, 0, sizeof ovl);
       if (LockFileEx (h->lockhd, (LOCKFILE_EXCLUSIVE_LOCK
                                   | LOCKFILE_FAIL_IMMEDIATELY), 0, 1, 0, &ovl))
         {
@@ -518,7 +518,7 @@ make_dotlock (dotlock_t h, long timeout)
           return -1;
         }
 
-      if ( timeout == -1 ) 
+      if ( timeout == -1 )
         {
           /* Wait until lock has been released. */
           log_info (_("waiting for lock %s...\n"), h->lockname);
@@ -561,8 +561,8 @@ release_dotlock (dotlock_t h)
 #ifdef HAVE_DOSISH_SYSTEM
   {
     OVERLAPPED ovl;
-    
-    memset (&ovl, 0, sizeof ovl); 
+
+    memset (&ovl, 0, sizeof ovl);
     if (!UnlockFileEx (h->lockhd, 0, 1, 0, &ovl))
       {
         log_error ("release_dotlock: error removing lockfile `%s': %s\n",
@@ -573,7 +573,7 @@ release_dotlock (dotlock_t h)
 #else
 
   pid = read_lockfile (h, &same_node);
-  if ( pid == -1 ) 
+  if ( pid == -1 )
     {
       log_error( "release_dotlock: lockfile error\n");
       return -1;
@@ -594,7 +594,7 @@ release_dotlock (dotlock_t h)
   /* Fixme: As an extra check we could check whether the link count is
      now really at 1. */
 #else /* __riscos__ */
-  if ( renamefile (h->lockname, h->tname) ) 
+  if ( renamefile (h->lockname, h->tname) )
     {
       log_error ("release_dotlock: error renaming lockfile `%s' to `%s'\n",
                  h->lockname, h->tname);
@@ -622,7 +622,7 @@ read_lockfile (dotlock_t h, int *same_node )
   char *buffer, *p;
   size_t expected_len;
   int res, nread;
-  
+
   *same_node = 0;
   expected_len = 10 + 1 + h->nodename_len + 1;
   if ( expected_len >= sizeof buffer_space)
@@ -655,7 +655,7 @@ read_lockfile (dotlock_t h, int *same_node )
       if (res < 0)
         {
           log_info ("error reading lockfile `%s'", h->lockname );
-          close (fd); 
+          close (fd);
           if (buffer != buffer_space)
             jnlib_free (buffer);
           jnlib_set_errno (0); /* Do not return an inappropriate ERRNO. */
@@ -679,7 +679,7 @@ read_lockfile (dotlock_t h, int *same_node )
   if (buffer[10] != '\n'
       || (buffer[10] = 0, pid = atoi (buffer)) == -1
 #ifndef __riscos__
-      || !pid 
+      || !pid
 #else /* __riscos__ */
       || (!pid && riscos_getpid())
 #endif /* __riscos__ */
@@ -693,7 +693,7 @@ read_lockfile (dotlock_t h, int *same_node )
     }
 
   if (nread == expected_len
-      && !memcmp (h->tname+h->nodename_off, buffer+11, h->nodename_len) 
+      && !memcmp (h->tname+h->nodename_off, buffer+11, h->nodename_len)
       && buffer[11+h->nodename_len] == '\n')
     *same_node = 1;
 
@@ -711,10 +711,10 @@ void
 dotlock_remove_lockfiles (void)
 {
   dotlock_t h, h2;
-  
+
   h = all_lockfiles;
   all_lockfiles = NULL;
-    
+
   while ( h )
     {
       h2 = h->next;
@@ -722,4 +722,3 @@ dotlock_remove_lockfiles (void)
       h = h2;
     }
 }
-
diff --git a/common/dynload.h b/common/dynload.h
index 0c8a3bbaa..84407c2d5 100644
--- a/common/dynload.h
+++ b/common/dynload.h
@@ -81,6 +81,6 @@ dlclose (void * hd)
       return 0;
     }
   return -1;
-}  
+}
 # endif /*__MINGW32__*/
 #endif /*LIBJNLIB_DYNLOAD_H*/
diff --git a/common/estream-printf.c b/common/estream-printf.c
index 3955a01cb..797f9aa30 100644
--- a/common/estream-printf.c
+++ b/common/estream-printf.c
@@ -93,7 +93,7 @@
 #if defined(HAVE_INTMAX_T) || defined(HAVE_UINTMAX_T)
 # ifdef HAVE_STDINT_H
 #  include 
-# endif 
+# endif
 #endif
 #ifdef HAVE_LANGINFO_THOUSANDS_SEP
 #include 
@@ -111,12 +111,12 @@
 
 /* Allow redefinition of asprintf used malloc functions.  */
 #if defined(_ESTREAM_PRINTF_MALLOC)
-#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a))  
+#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a))
 #else
 #define my_printf_malloc(a) malloc((a))
 #endif
 #if defined(_ESTREAM_PRINTF_FREE)
-#define my_printf_free(a)   _ESTREAM_PRINTF_FREE((a))  
+#define my_printf_free(a)   _ESTREAM_PRINTF_FREE((a))
 #else
 #define my_printf_free(a)   free((a))
 #endif
@@ -233,7 +233,7 @@ typedef enum
 
 
 /* A union used to store the actual values. */
-typedef union 
+typedef union
 {
   char a_char;
   signed char a_schar;
@@ -317,7 +317,7 @@ dump_argspecs (argspec_t arg, size_t argcount)
   int idx;
 
   for (idx=0; argcount; argcount--, arg++, idx++)
-    fprintf (stderr, 
+    fprintf (stderr,
              "%2d: len=%u flags=%u width=%d prec=%d mod=%d "
              "con=%d vt=%d pos=%d-%d-%d\n",
              idx,
@@ -341,8 +341,8 @@ compute_type (argspec_t arg)
 {
   switch (arg->conspec)
     {
-    case CONSPEC_UNKNOWN: 
-      arg->vt = VALTYPE_UNSUPPORTED; 
+    case CONSPEC_UNKNOWN:
+      arg->vt = VALTYPE_UNSUPPORTED;
       break;
 
     case CONSPEC_DECIMAL:
@@ -353,7 +353,7 @@ compute_type (argspec_t arg)
         case LENMOD_LONG: arg->vt = VALTYPE_LONG; break;
         case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG; break;
         case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX; break;
-        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;   
+        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
         case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
         default: arg->vt = VALTYPE_INT; break;
         }
@@ -370,12 +370,12 @@ compute_type (argspec_t arg)
         case LENMOD_LONG: arg->vt = VALTYPE_ULONG; break;
         case LENMOD_LONGLONG: arg->vt = VALTYPE_ULONGLONG; break;
         case LENMOD_INTMAX: arg->vt = VALTYPE_UINTMAX; break;
-        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;   
+        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
         case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
         default: arg->vt = VALTYPE_UINT; break;
         }
       break;
-      
+
     case CONSPEC_FLOAT:
     case CONSPEC_FLOAT_UP:
     case CONSPEC_EXP:
@@ -391,9 +391,9 @@ compute_type (argspec_t arg)
         default: arg->vt = VALTYPE_DOUBLE; break;
         }
       break;
-      
+
     case CONSPEC_CHAR:
-      arg->vt = VALTYPE_INT; 
+      arg->vt = VALTYPE_INT;
       break;
 
     case CONSPEC_STRING:
@@ -416,12 +416,12 @@ compute_type (argspec_t arg)
         case LENMOD_LONG: arg->vt = VALTYPE_LONG_PTR; break;
         case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG_PTR; break;
         case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX_PTR; break;
-        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break;   
+        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break;
         case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF_PTR; break;
         default: arg->vt = VALTYPE_INT_PTR; break;
         }
       break;
-      
+
     }
 }
 
@@ -446,7 +446,7 @@ parse_format (const char *format,
 
   if (!format)
     goto leave_einval;
-      
+
   for (; *format; format++)
     {
       unsigned int flags;
@@ -454,7 +454,7 @@ parse_format (const char *format,
       lenmod_t lenmod;
       conspec_t conspec;
       int arg_pos, width_pos, precision_pos;
-      
+
       if (*format != '%')
         continue;
       s = ++format;
@@ -468,7 +468,7 @@ parse_format (const char *format,
       if (*s >= '1' && *s <= '9')
         {
           const char *save_s = s;
-          
+
           arg_pos = (*s++ - '0');
           for (; *s >= '0' && *s <= '9'; s++)
             arg_pos = 10*arg_pos + (*s - '0');
@@ -482,7 +482,7 @@ parse_format (const char *format,
               s = save_s;
             }
         }
-         
+
       /* Parse the flags.  */
       flags = 0;
       for ( ; *s; s++)
@@ -500,7 +500,7 @@ parse_format (const char *format,
             }
         }
     flags_parsed:
-      
+
       /* Parse the field width.  */
       width_pos = 0;
       if (*s == '*')
@@ -583,11 +583,11 @@ parse_format (const char *format,
           if (ignore_value)
             precision = NO_FIELD_VALUE;
         }
-      
+
       /* Parse the length modifiers.  */
       switch (*s)
         {
-        case 'h': 
+        case 'h':
           if (s[1] == 'h')
             {
               lenmod = LENMOD_CHAR;
@@ -613,7 +613,7 @@ parse_format (const char *format,
         case 'L': lenmod = LENMOD_LONGDBL; s++; break;
         default:  lenmod = LENMOD_NONE; break;
         }
-      
+
       /* Parse the conversion specifier.  */
       switch (*s)
         {
@@ -683,7 +683,7 @@ parse_format (const char *format,
   *argspecs_addr = argspecs;
   *r_argspecs_count = argcount;
   return 0; /* Success.  */
-  
+
  leave_einval:
   _set_errno (EINVAL);
  leave:
@@ -714,14 +714,14 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
           value->a_char_ptr = va_arg (vaargs, char *);
           break;
         case VALTYPE_SCHAR: value->a_schar = va_arg (vaargs, int); break;
-        case VALTYPE_SCHAR_PTR: 
-          value->a_schar_ptr = va_arg (vaargs, signed char *); 
+        case VALTYPE_SCHAR_PTR:
+          value->a_schar_ptr = va_arg (vaargs, signed char *);
           break;
         case VALTYPE_UCHAR: value->a_uchar = va_arg (vaargs, int); break;
         case VALTYPE_SHORT: value->a_short = va_arg (vaargs, int); break;
         case VALTYPE_USHORT: value->a_ushort = va_arg (vaargs, int); break;
-        case VALTYPE_SHORT_PTR: 
-          value->a_short_ptr = va_arg (vaargs, short *); 
+        case VALTYPE_SHORT_PTR:
+          value->a_short_ptr = va_arg (vaargs, short *);
           break;
         case VALTYPE_INT:
           value->a_int = va_arg (vaargs, int);
@@ -735,20 +735,20 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
         case VALTYPE_LONG:
           value->a_long = va_arg (vaargs, long);
           break;
-        case VALTYPE_ULONG: 
+        case VALTYPE_ULONG:
           value->a_ulong = va_arg (vaargs, unsigned long);
           break;
-        case VALTYPE_LONG_PTR: 
-          value->a_long_ptr = va_arg (vaargs, long *); 
+        case VALTYPE_LONG_PTR:
+          value->a_long_ptr = va_arg (vaargs, long *);
           break;
 #ifdef HAVE_LONG_LONG_INT
         case VALTYPE_LONGLONG:
           value->a_longlong = va_arg (vaargs, long long int);
           break;
-        case VALTYPE_ULONGLONG: 
-          value->a_ulonglong = va_arg (vaargs, unsigned long long int); 
+        case VALTYPE_ULONGLONG:
+          value->a_ulonglong = va_arg (vaargs, unsigned long long int);
           break;
-        case VALTYPE_LONGLONG_PTR: 
+        case VALTYPE_LONGLONG_PTR:
           value->a_longlong_ptr = va_arg (vaargs, long long *);
           break;
 #endif
@@ -763,31 +763,31 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
         case VALTYPE_STRING:
           value->a_string = va_arg (vaargs, const char *);
           break;
-        case VALTYPE_POINTER: 
+        case VALTYPE_POINTER:
           value->a_void_ptr = va_arg (vaargs, void *);
           break;
 #ifdef HAVE_INTMAX_T
         case VALTYPE_INTMAX:
           value->a_intmax = va_arg (vaargs, intmax_t);
           break;
-        case VALTYPE_INTMAX_PTR: 
-          value->a_intmax_ptr = va_arg (vaargs, intmax_t *); 
+        case VALTYPE_INTMAX_PTR:
+          value->a_intmax_ptr = va_arg (vaargs, intmax_t *);
           break;
 #endif
 #ifdef HAVE_UINTMAX_T
-        case VALTYPE_UINTMAX: 
-          value->a_uintmax = va_arg (vaargs, uintmax_t); 
+        case VALTYPE_UINTMAX:
+          value->a_uintmax = va_arg (vaargs, uintmax_t);
           break;
 #endif
         case VALTYPE_SIZE:
           value->a_size = va_arg (vaargs, size_t);
           break;
-        case VALTYPE_SIZE_PTR: 
-          value->a_size_ptr = va_arg (vaargs, size_t *); 
+        case VALTYPE_SIZE_PTR:
+          value->a_size_ptr = va_arg (vaargs, size_t *);
           break;
 #ifdef HAVE_PTRDIFF_T
         case VALTYPE_PTRDIFF:
-          value->a_ptrdiff = va_arg (vaargs, ptrdiff_t); 
+          value->a_ptrdiff = va_arg (vaargs, ptrdiff_t);
           break;
         case VALTYPE_PTRDIFF_PTR:
           value->a_ptrdiff_ptr = va_arg (vaargs, ptrdiff_t *);
@@ -822,7 +822,7 @@ pad_out (estream_printf_out_t outfnc, void *outfncarg,
       *nbytes += n;
       count -= n;
     }
-  
+
   return 0;
 }
 
@@ -859,18 +859,18 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
         {
         case VALTYPE_SHORT: along = value.a_short; break;
         case VALTYPE_INT: along = value.a_int; break;
-        case VALTYPE_LONG: along = value.a_long; break;  
+        case VALTYPE_LONG: along = value.a_long; break;
 #ifdef HAVE_LONG_LONG_INT
-        case VALTYPE_LONGLONG: along = value.a_longlong; break;  
-        case VALTYPE_SIZE: along = value.a_size; break;  
+        case VALTYPE_LONGLONG: along = value.a_longlong; break;
+        case VALTYPE_SIZE: along = value.a_size; break;
 # ifdef HAVE_INTMAX_T
-        case VALTYPE_INTMAX: along = value.a_intmax; break;  
+        case VALTYPE_INTMAX: along = value.a_intmax; break;
 # endif
 # ifdef HAVE_PTRDIFF_T
-        case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break;  
+        case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break;
 # endif
 #endif /*HAVE_LONG_LONG_INT*/
-        default: 
+        default:
           return -1;
         }
       if (along < 0)
@@ -887,18 +887,18 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
         {
         case VALTYPE_USHORT: aulong = value.a_ushort; break;
         case VALTYPE_UINT: aulong = value.a_uint; break;
-        case VALTYPE_ULONG: aulong = value.a_ulong; break;  
+        case VALTYPE_ULONG: aulong = value.a_ulong; break;
 #ifdef HAVE_LONG_LONG_INT
-        case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break;  
-        case VALTYPE_SIZE: aulong = value.a_size; break;  
+        case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break;
+        case VALTYPE_SIZE: aulong = value.a_size; break;
 # ifdef HAVE_UINTMAX_T
-        case VALTYPE_UINTMAX: aulong = value.a_uintmax; break;  
+        case VALTYPE_UINTMAX: aulong = value.a_uintmax; break;
 # endif
 # ifdef HAVE_PTRDIFF_T
-        case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break;  
+        case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break;
 # endif
 #endif /*HAVE_LONG_LONG_INT*/
-        default: 
+        default:
           return -1;
         }
     }
@@ -929,7 +929,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
 
       do
         {
-          if ((arg->flags & FLAG_GROUPING) 
+          if ((arg->flags & FLAG_GROUPING)
               && (++grouping == 3) && *grouping_string)
             {
               *--p = *grouping_string;
@@ -964,7 +964,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
       if ((arg->flags & FLAG_ALT_CONV))
         n_extra += 2;
     }
-  
+
   n = pend - p;
 
   if ((arg->flags & FLAG_ZERO_PAD)
@@ -1009,7 +1009,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
       if (rc)
         return rc;
     }
-      
+
   rc = outfnc (outfncarg, p, pend - p);
   if (rc)
     return rc;
@@ -1062,7 +1062,7 @@ pr_float (estream_printf_out_t outfnc, void *outfncarg,
       adblfloat = value.a_longdouble;
       use_dbl=1; break;
 #endif
-    default: 
+    default:
       return -1;
     }
 
@@ -1173,7 +1173,7 @@ pr_char (estream_printf_out_t outfnc, void *outfncarg,
   if(rc)
     return rc;
   *nbytes += 1;
-  
+
   return 0;
 }
 
@@ -1194,7 +1194,7 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
     string = "(null)";
   if (arg->precision >= 0)
     {
-      for (n=0,s=string; *s && n < arg->precision; s++) 
+      for (n=0,s=string; *s && n < arg->precision; s++)
         n++;
     }
   else
@@ -1220,7 +1220,7 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
       if (rc)
         return rc;
     }
-  
+
   return 0;
 }
 
@@ -1261,7 +1261,7 @@ pr_pointer (estream_printf_out_t outfnc, void *outfncarg,
     *--p = '0';
   *--p = 'x';
   *--p = '0';
-  
+
   rc = outfnc (outfncarg, p, pend - p);
   if (rc)
     return rc;
@@ -1280,14 +1280,14 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
 
   switch (arg->vt)
     {
-    case VALTYPE_SCHAR_PTR: 
-      *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes); 
+    case VALTYPE_SCHAR_PTR:
+      *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes);
       break;
-    case VALTYPE_SHORT_PTR:  
+    case VALTYPE_SHORT_PTR:
       *value.a_short_ptr = (short)(unsigned int)(*nbytes);
       break;
-    case VALTYPE_LONG_PTR:     
-      *value.a_long_ptr = (long)(*nbytes); 
+    case VALTYPE_LONG_PTR:
+      *value.a_long_ptr = (long)(*nbytes);
       break;
 #ifdef HAVE_LONG_LONG_INT
     case VALTYPE_LONGLONG_PTR:
@@ -1295,12 +1295,12 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
       break;
 #endif
 #ifdef HAVE_INTMAX_T
-    case VALTYPE_INTMAX_PTR:   
+    case VALTYPE_INTMAX_PTR:
       *value.a_intmax_ptr = (intmax_t)(*nbytes);
       break;
 #endif
     case VALTYPE_SIZE_PTR:
-      *value.a_size_ptr = (*nbytes); 
+      *value.a_size_ptr = (*nbytes);
       break;
 #ifdef HAVE_PTRDIFF_T
     case VALTYPE_PTRDIFF_PTR:
@@ -1325,8 +1325,8 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
    holds the values and may be directly addressed using the position
    arguments given by ARGSPECS.  MYERRNO is used for the "%m"
    conversion. NBYTES well be updated to reflect the number of bytes
-   send to the output function. */ 
-static int 
+   send to the output function. */
+static int
 do_format (estream_printf_out_t outfnc, void *outfncarg,
            const char *format, argspec_t argspecs, size_t argspecs_len,
            valueitem_t valuetable, int myerrno, size_t *nbytes)
@@ -1370,7 +1370,7 @@ do_format (estream_printf_out_t outfnc, void *outfncarg,
       /* Save the next start.  */
       s += arg->length;
       format = s;
- 
+
       assert (argidx < argspecs_len);
       argidx++;
 
@@ -1438,9 +1438,9 @@ do_format (estream_printf_out_t outfnc, void *outfncarg,
         }
       if (rc)
         return rc;
-      arg++;    
+      arg++;
     }
-  
+
   /* Print out any trailing stuff. */
   n = s - format;
   rc = n? outfnc (outfncarg, format, n) : 0;
@@ -1458,7 +1458,7 @@ do_format (estream_printf_out_t outfnc, void *outfncarg,
    output of the formatted stuff.  FORMAT is the format specification
    and VAARGS a variable argumemt list matching the arguments of
    FORMAT.  */
-int 
+int
 estream_format (estream_printf_out_t outfnc,
                 void *outfncarg,
                 const char *format, va_list vaargs)
@@ -1493,7 +1493,7 @@ estream_format (estream_printf_out_t outfnc,
   /* Check that all ARG_POS fields are set.  */
   for (argidx=0,max_pos=0; argidx < argspecs_len; argidx++)
     {
-      if (argspecs[argidx].arg_pos != -1 
+      if (argspecs[argidx].arg_pos != -1
           && argspecs[argidx].arg_pos > max_pos)
         max_pos = argspecs[argidx].arg_pos;
       if (argspecs[argidx].width_pos > max_pos)
@@ -1574,13 +1574,13 @@ estream_format (estream_printf_out_t outfnc,
           valuetable[validx].vt = VALTYPE_INT;
         }
     }
-  
+
   /* Read all the arguments.  This will error out for unsupported
      types and for not given positional arguments. */
   rc = read_values (valuetable, max_pos, vaargs);
   if (rc)
-    goto leave_einval;  
-  
+    goto leave_einval;
+
 /*   for (validx=0; validx < max_pos; validx++) */
 /*     fprintf (stderr, "%2d: vt=%d\n", validx, valuetable[validx].vt); */
 
@@ -1589,7 +1589,7 @@ estream_format (estream_printf_out_t outfnc,
                   argspecs, argspecs_len, valuetable, myerrno, &nbytes);
 
   goto leave;
-  
+
  leave_einval:
   _set_errno (EINVAL);
  leave_error:
@@ -1623,11 +1623,11 @@ estream_printf (const char *format, ...)
 {
   int rc;
   va_list arg_ptr;
-  
+
   va_start (arg_ptr, format);
   rc = estream_format (plain_stdio_out, stderr, format, arg_ptr);
   va_end (arg_ptr);
-  
+
   return rc;
 }
 
@@ -1637,16 +1637,16 @@ estream_fprintf (FILE *fp, const char *format, ...)
 {
   int rc;
   va_list arg_ptr;
-  
+
   va_start (arg_ptr, format);
   rc = estream_format (plain_stdio_out, fp, format, arg_ptr);
   va_end (arg_ptr);
-  
+
   return rc;
 }
 
 /* A replacement for vfprintf.  */
-int 
+int
 estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr)
 {
   return estream_format (plain_stdio_out, fp, format, arg_ptr);
@@ -1693,7 +1693,7 @@ fixed_buffer_out (void *outfncarg, const char *buf, size_t buflen)
 
 
 /* A replacement for vsnprintf. */
-int 
+int
 estream_vsnprintf (char *buf, size_t bufsize,
                    const char *format, va_list arg_ptr)
 {
@@ -1718,7 +1718,7 @@ estream_vsnprintf (char *buf, size_t bufsize,
 }
 
 /* A replacement for snprintf.  */
-int 
+int
 estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
 {
   int rc;
@@ -1727,7 +1727,7 @@ estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
   va_start (arg_ptr, format);
   rc = estream_vsnprintf (buf, bufsize, format, arg_ptr);
   va_end (arg_ptr);
-    
+
   return rc;
 }
 
@@ -1737,7 +1737,7 @@ estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
    dynamic_buffer_out.  */
 struct dynamic_buffer_parm_s
 {
-  int error_flag; /* Internal helper.  */ 
+  int error_flag; /* Internal helper.  */
   size_t alloced; /* Allocated size of the buffer.  */
   size_t used;    /* Used size of the buffer.  */
   char *buffer;   /* Malloced buffer.  */
@@ -1760,7 +1760,7 @@ dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen)
   if (parm->used + buflen >= parm->alloced)
     {
       char *p;
-      
+
       parm->alloced += buflen + 512;
       p = realloc (parm->buffer, parm->alloced);
       if (!p)
@@ -1783,7 +1783,7 @@ dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen)
 /* A replacement for vasprintf.  As with the BSD of vasprintf version -1
    will be returned on error and NULL stored at BUFP.  On success the
    number of bytes printed will be returned. */
-int 
+int
 estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
 {
   struct dynamic_buffer_parm_s parm;
@@ -1798,7 +1798,7 @@ estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
       *bufp = NULL;
       return -1;
     }
-  
+
   rc = estream_format (dynamic_buffer_out, &parm, format, arg_ptr);
   if (!rc)
     rc = dynamic_buffer_out (&parm, "", 1); /* Print terminating Nul.  */
@@ -1823,7 +1823,7 @@ estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
 /* A replacement for asprintf.  As with the BSD of asprintf version -1
    will be returned on error and NULL stored at BUFP.  On success the
    number of bytes printed will be returned. */
-int 
+int
 estream_asprintf (char **bufp, const char *format, ...)
 {
   int rc;
@@ -1832,8 +1832,6 @@ estream_asprintf (char **bufp, const char *format, ...)
   va_start (arg_ptr, format);
   rc = estream_vasprintf (bufp, format, arg_ptr);
   va_end (arg_ptr);
-    
+
   return rc;
 }
-
-
diff --git a/common/estream-printf.h b/common/estream-printf.h
index 16e42490c..9b6b83810 100644
--- a/common/estream-printf.h
+++ b/common/estream-printf.h
@@ -60,7 +60,7 @@
 /* To use this file with libraries the following macro is useful:
 
      #define _ESTREAM_EXT_SYM_PREFIX _foo_
-   
+
        This prefixes all external symbols with "_foo_".
 
    For the implementation of the code (estream-printf.c) the following
@@ -119,9 +119,9 @@ typedef int (*estream_printf_out_t)
      (void *outfncarg,  const char *buf, size_t buflen);
 
 int estream_format (estream_printf_out_t outfnc, void *outfncarg,
-                    const char *format, va_list vaargs) 
+                    const char *format, va_list vaargs)
      _ESTREAM_GCC_A_PRINTF(3,0);
-int estream_printf (const char *format, ...) 
+int estream_printf (const char *format, ...)
      _ESTREAM_GCC_A_PRINTF(1,2);
 int estream_fprintf (FILE *fp, const char *format, ... )
      _ESTREAM_GCC_A_PRINTF(2,3);
@@ -129,8 +129,8 @@ int estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr)
      _ESTREAM_GCC_A_PRINTF(2,0);
 int estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
      _ESTREAM_GCC_A_PRINTF(3,4);
-int estream_vsnprintf (char *buf,size_t bufsize, 
-                       const char *format, va_list arg_ptr) 
+int estream_vsnprintf (char *buf,size_t bufsize,
+                       const char *format, va_list arg_ptr)
      _ESTREAM_GCC_A_PRINTF(3,0);
 int estream_asprintf (char **bufp, const char *format, ...)
      _ESTREAM_GCC_A_PRINTF(2,3);
diff --git a/common/estream.c b/common/estream.c
index 416aa8376..bc820513e 100644
--- a/common/estream.c
+++ b/common/estream.c
@@ -357,7 +357,7 @@ map_w32_to_errno (DWORD w32_err)
 
     case ERROR_NOT_ENOUGH_MEMORY:
       return ENOMEM;
-      
+
     case ERROR_NO_DATA:
       return EPIPE;
 
@@ -406,7 +406,7 @@ static void
 do_list_remove (estream_t stream, int with_locked_list)
 {
   estream_list_t list_obj;
-  
+
   if (!with_locked_list)
     ESTREAM_LIST_LOCK;
   for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr)
@@ -509,7 +509,7 @@ do_init (void)
 #else
       initialized = 1;
 #endif
-      atexit (do_deinit);  
+      atexit (do_deinit);
     }
   return 0;
 }
@@ -602,7 +602,7 @@ es_func_mem_read (void *cookie, void *buffer, size_t size)
       memcpy (buffer, mem_cookie->memory + mem_cookie->offset, size);
       mem_cookie->offset += size;
     }
-  
+
   ret = size;
   return ret;
 }
@@ -627,7 +627,7 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size)
 
   assert (mem_cookie->memory_size >= mem_cookie->offset);
   nleft = mem_cookie->memory_size - mem_cookie->offset;
-  
+
   /* If we are not allowed to grow limit the size to the left space.  */
   if (!mem_cookie->flags.grow && size > nleft)
     size = nleft;
@@ -668,20 +668,20 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size)
           _set_errno (ENOSPC);
           return -1;
         }
-      
+
       newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
       if (!newbuf)
         return -1;
-      
+
       mem_cookie->memory = newbuf;
       mem_cookie->memory_size = newsize;
 
       assert (mem_cookie->memory_size >= mem_cookie->offset);
       nleft = mem_cookie->memory_size - mem_cookie->offset;
-      
+
       assert (size <= nleft);
     }
-      
+
   memcpy (mem_cookie->memory + mem_cookie->offset, buffer, size);
   if (mem_cookie->offset + size > mem_cookie->data_len)
     mem_cookie->data_len = mem_cookie->offset + size;
@@ -743,7 +743,7 @@ es_func_mem_seek (void *cookie, off_t *offset, int whence)
           _set_errno (ENOSPC);
           return -1;
         }
-      
+
       newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
       if (!newbuf)
         return -1;
@@ -825,7 +825,7 @@ func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close)
       *cookie = fd_cookie;
       err = 0;
     }
-  
+
   return err;
 }
 
@@ -836,7 +836,7 @@ es_func_fd_read (void *cookie, void *buffer, size_t size)
 {
   estream_cookie_fd_t file_cookie = cookie;
   ssize_t bytes_read;
-  
+
   if (IS_INVALID_FD (file_cookie->fd))
     {
       ESTREAM_SYS_YIELD ();
@@ -844,7 +844,7 @@ es_func_fd_read (void *cookie, void *buffer, size_t size)
     }
   else
     {
-      do 
+      do
         bytes_read = ESTREAM_SYS_READ (file_cookie->fd, buffer, size);
       while (bytes_read == -1 && errno == EINTR);
     }
@@ -969,7 +969,7 @@ es_func_w32_create (void **cookie, HANDLE hd,
       *cookie = w32_cookie;
       err = 0;
     }
-  
+
   return err;
 }
 
@@ -979,7 +979,7 @@ es_func_w32_read (void *cookie, void *buffer, size_t size)
 {
   estream_cookie_w32_t w32_cookie = cookie;
   ssize_t bytes_read;
-  
+
   if (w32_cookie->hd == INVALID_HANDLE_VALUE)
     {
       ESTREAM_SYS_YIELD ();
@@ -994,7 +994,7 @@ es_func_w32_read (void *cookie, void *buffer, size_t size)
           bytes_read = pth_read ((int)w32_cookie->hd, buffer, size);
 #else
           DWORD nread, ec;
-          
+
           if (!ReadFile (w32_cookie->hd, buffer, size, &nread, NULL))
             {
               ec = GetLastError ();
@@ -1116,7 +1116,7 @@ es_func_w32_destroy (void *cookie)
       else if (w32_cookie->no_close)
         err = 0;
       else
-        { 
+        {
           if (!CloseHandle (w32_cookie->hd))
             {
 	      _set_errno (map_w32_to_errno (GetLastError ()));
@@ -1158,7 +1158,7 @@ typedef struct estream_cookie_fp
 
 /* Create function for FILE objects.  */
 static int
-func_fp_create (void **cookie, FILE *fp, 
+func_fp_create (void **cookie, FILE *fp,
                 unsigned int modeflags, int no_close)
 {
   estream_cookie_fp_t fp_cookie;
@@ -1249,7 +1249,7 @@ es_func_fp_seek (void *cookie, off_t *offset, int whence)
   if (!file_cookie->fp)
     {
       _set_errno (ESPIPE);
-      return -1; 
+      return -1;
     }
 
   if ( fseek (file_cookie->fp, (long int)*offset, whence) )
@@ -1415,7 +1415,7 @@ parse_mode (const char *modestr,
         case ',':
           goto keyvalue;
         default: /* Ignore unknown flags.  */
-          break; 
+          break;
         }
     }
 
@@ -1536,10 +1536,10 @@ es_flush (estream_t stream)
 	 they were asked to write, we have to check for
 	 "(stream->data_offset - data_flushed) > 0" instead of
 	 "stream->data_offset - data_flushed".  */
-      
+
       data_flushed = 0;
       err = 0;
-      
+
       while ((((ssize_t) (stream->data_offset - data_flushed)) > 0) && (! err))
 	{
 	  ret = (*func_write) (stream->intern->cookie,
@@ -1573,7 +1573,7 @@ es_flush (estream_t stream)
     err = 0;
 
  out:
-    
+
   if (err)
     stream->intern->indicators.err = 1;
 
@@ -1896,7 +1896,7 @@ es_readn (estream_t ES__RESTRICT stream,
       if (err)
 	goto out;
       stream->flags.writing = 0;
-    }  
+    }
 
   /* Read unread data first.  */
   while ((bytes_to_read - data_read_unread) && stream->unread_data_len)
@@ -1993,7 +1993,7 @@ es_seek (estream_t ES__RESTRICT stream, off_t offset, int whence,
       off = off - stream->data_len + stream->data_offset;
       off -= stream->unread_data_len;
     }
-  
+
   ret = (*func_seek) (stream->intern->cookie, &off, whence);
   if (ret == -1)
     {
@@ -2011,7 +2011,7 @@ es_seek (estream_t ES__RESTRICT stream, off_t offset, int whence,
   stream->intern->offset = off;
 
  out:
-  
+
   if (err)
     stream->intern->indicators.err = 1;
 
@@ -2035,11 +2035,11 @@ es_write_nbf (estream_t ES__RESTRICT stream,
     {
       err = EOPNOTSUPP;
       goto out;
-    }  
+    }
 
   data_written = 0;
   err = 0;
-  
+
   while (bytes_to_write - data_written)
     {
       ret = (*func_write) (stream->intern->cookie,
@@ -2087,12 +2087,12 @@ es_write_fbf (estream_t ES__RESTRICT stream,
       if (! err)
 	{
 	  /* Flushing resulted in empty container.  */
-	  
+
 	  data_to_write = bytes_to_write - data_written;
 	  space_available = stream->buffer_size - stream->data_offset;
 	  if (data_to_write > space_available)
 	    data_to_write = space_available;
-	      
+
 	  memcpy (stream->buffer + stream->data_offset,
 		  buffer + data_written, data_to_write);
 	  stream->data_offset += data_to_write;
@@ -2153,7 +2153,7 @@ es_writen (estream_t ES__RESTRICT stream,
 
   data_written = 0;
   err = 0;
-  
+
   if (!stream->flags.writing)
     {
       /* Switching to writing mode -> discard input data and seek to
@@ -2188,7 +2188,7 @@ es_writen (estream_t ES__RESTRICT stream,
     }
 
  out:
-    
+
   if (bytes_written)
     *bytes_written = data_written;
   if (data_written)
@@ -2212,7 +2212,7 @@ es_peek (estream_t ES__RESTRICT stream, unsigned char **ES__RESTRICT data,
       if (err)
 	goto out;
       stream->flags.writing = 0;
-    }  
+    }
 
   if (stream->data_offset == stream->data_len)
     {
@@ -2221,7 +2221,7 @@ es_peek (estream_t ES__RESTRICT stream, unsigned char **ES__RESTRICT data,
       if (err)
 	goto out;
     }
-  
+
   if (data)
     *data = stream->buffer + stream->data_offset;
   if (data_len)
@@ -2277,7 +2277,7 @@ doreadline (estream_t ES__RESTRICT stream, size_t max_length,
 
   err = func_mem_create (&line_stream_cookie, NULL, 0, 0,
                          BUFFER_BLOCK_SIZE, 1,
-                         mem_realloc, mem_free, 
+                         mem_realloc, mem_free,
                          O_RDWR,
                          0);
   if (err)
@@ -2333,7 +2333,7 @@ doreadline (estream_t ES__RESTRICT stream, size_t max_length,
     goto out;
 
   /* Complete line has been written to line_stream.  */
-  
+
   if ((max_length > 1) && (! line_size))
     {
       stream->intern->indicators.eof = 1;
@@ -2429,7 +2429,7 @@ static int
 es_get_indicator (estream_t stream, int ind_err, int ind_eof)
 {
   int ret = 0;
-  
+
   if (ind_err)
     ret = stream->intern->indicators.err;
   else if (ind_eof)
@@ -2456,7 +2456,7 @@ es_set_buffering (estream_t ES__RESTRICT stream,
     es_empty (stream);
 
   es_set_indicators (stream, -1, 0);
-  
+
   /* Free old buffer in case that was allocated by this function.  */
   if (stream->intern->deallocate_buffer)
     {
@@ -2470,7 +2470,7 @@ es_set_buffering (estream_t ES__RESTRICT stream,
   else
     {
       void *buffer_new;
-      
+
       if (buffer)
 	buffer_new = buffer;
       else
@@ -2560,11 +2560,11 @@ es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode)
   err = parse_mode (mode, &modeflags, &cmode);
   if (err)
     goto out;
-  
+
   err = func_file_create (&cookie, &fd, path, modeflags, cmode);
   if (err)
     goto out;
-  
+
   syshd.type = ES_SYSHD_FD;
   syshd.u.fd = fd;
 
@@ -2577,7 +2577,7 @@ es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode)
     fname_set_internal (stream, path, 1);
 
  out:
-  
+
   if (err && create_called)
     (*estream_functions_fd.func_close) (cookie);
 
@@ -2602,17 +2602,17 @@ es_mopen (unsigned char *ES__RESTRICT data, size_t data_n, size_t data_len,
   cookie = 0;
   stream = NULL;
   create_called = 0;
-  
+
   err = parse_mode (mode, &modeflags, NULL);
   if (err)
     goto out;
 
   err = func_mem_create (&cookie, data, data_n, data_len,
-                         BUFFER_BLOCK_SIZE, grow, 
+                         BUFFER_BLOCK_SIZE, grow,
                          func_realloc, func_free, modeflags, 0);
   if (err)
     goto out;
-  
+
   memset (&syshd, 0, sizeof syshd);
   create_called = 1;
   err = es_create (&stream, cookie, &syshd,
@@ -2642,13 +2642,13 @@ es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode)
     return NULL;
   modeflags |= O_RDWR;
 
-  
+
   if (func_mem_create (&cookie, NULL, 0, 0,
                        BUFFER_BLOCK_SIZE, 1,
                        mem_realloc, mem_free, modeflags,
                        memlimit))
     return NULL;
-  
+
   memset (&syshd, 0, sizeof syshd);
   if (es_create (&stream, cookie, &syshd, estream_functions_mem, modeflags, 0))
     (*estream_functions_mem.func_close) (cookie);
@@ -2670,7 +2670,7 @@ es_fopencookie (void *ES__RESTRICT cookie,
 
   stream = NULL;
   modeflags = 0;
-  
+
   err = parse_mode (mode, &modeflags, NULL);
   if (err)
     goto out;
@@ -2774,7 +2774,7 @@ do_fpopen (FILE *fp, const char *mode, int no_close, int with_locked_list)
   return stream;
 }
 
-  
+
 /* Create an estream from the stdio stream FP.  This mechanism is
    useful in case the stdio streams have special properties and may
    not be mixed with fd based functions.  This is for example the case
@@ -2844,7 +2844,7 @@ do_sysopen (es_syshd_t *syshd, const char *mode, int no_close)
     case ES_SYSHD_SOCK:
       stream = do_fdopen (syshd->u.fd, mode, no_close, 0);
       break;
-      
+
 #ifdef HAVE_W32_SYSTEM
     case ES_SYSHD_HANDLE:
       stream = do_w32open (syshd->u.handle, mode, no_close, 0);
@@ -2922,7 +2922,7 @@ _es_get_std_stream (int fd)
         stream = do_fdopen (custom_std_fds[1], "a", 1, 1);
       else if (custom_std_fds_valid[2])
         stream = do_fdopen (custom_std_fds[2], "a", 1, 1);
-      
+
       if (!stream)
         {
           /* Second try is to use the standard C streams.  */
@@ -2933,8 +2933,8 @@ _es_get_std_stream (int fd)
           else
             stream = do_fpopen (stderr, "a", 1, 1);
         }
-      
-      if (!stream) 
+
+      if (!stream)
         {
           /* Last try: Create a bit bucket.  */
           stream = do_fpopen (NULL, fd? "a":"r", 0, 1);
@@ -2950,7 +2950,7 @@ _es_get_std_stream (int fd)
       stream->intern->stdstream_fd = fd;
       if (fd == 2)
         es_set_buffering (stream, NULL, _IOLBF, 0);
-      fname_set_internal (stream, 
+      fname_set_internal (stream,
                           fd == 0? "[stdin]" :
                           fd == 1? "[stdout]" : "[stderr]", 0);
     }
@@ -2975,7 +2975,7 @@ es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode,
 
       cookie = NULL;
       create_called = 0;
-      
+
       ESTREAM_LOCK (stream);
 
       es_deinitialize (stream);
@@ -2983,7 +2983,7 @@ es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode,
       err = parse_mode (mode, &modeflags, &cmode);
       if (err)
 	goto leave;
-      
+
       err = func_file_create (&cookie, &fd, path, modeflags, cmode);
       if (err)
 	goto leave;
@@ -2999,7 +2999,7 @@ es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode,
 	{
 	  if (create_called)
 	    es_func_fd_destroy (cookie);
-      
+
 	  do_close (stream, 0);
 	  stream = NULL;
 	}
@@ -3057,7 +3057,7 @@ es_onclose (estream_t stream, int mode,
   ESTREAM_LOCK (stream);
   err = do_onclose (stream, mode, fnc, fnc_value);
   ESTREAM_UNLOCK (stream);
-  
+
   return err;
 }
 
@@ -3073,7 +3073,7 @@ es_fileno_unlocked (estream_t stream)
     {
     case ES_SYSHD_FD:   return syshd.u.fd;
     case ES_SYSHD_SOCK: return syshd.u.sock;
-    default: 
+    default:
       _set_errno (EINVAL);
       return -1;
     }
@@ -3094,7 +3094,7 @@ es_syshd_unlocked (estream_t stream, es_syshd_t *syshd)
       _set_errno (EINVAL);
       return -1;
     }
-  
+
   *syshd = stream->intern->syshd;
   return 0;
 }
@@ -3211,7 +3211,7 @@ static int
 do_fflush (estream_t stream)
 {
   int err;
-  
+
   if (stream->flags.writing)
     err = es_flush (stream);
   else
@@ -3228,7 +3228,7 @@ int
 es_fflush (estream_t stream)
 {
   int err;
-  
+
   if (stream)
     {
       ESTREAM_LOCK (stream);
@@ -3259,7 +3259,7 @@ int
 es_fseeko (estream_t stream, off_t offset, int whence)
 {
   int err;
-  
+
   ESTREAM_LOCK (stream);
   err = es_seek (stream, offset, whence, NULL);
   ESTREAM_UNLOCK (stream);
@@ -3272,7 +3272,7 @@ long int
 es_ftell (estream_t stream)
 {
   long int ret;
-  
+
   ESTREAM_LOCK (stream);
   ret = es_offset_calculate (stream);
   ESTREAM_UNLOCK (stream);
@@ -3333,7 +3333,7 @@ int
 es_fgetc (estream_t stream)
 {
   int ret;
-  
+
   ESTREAM_LOCK (stream);
   ret = es_getc_unlocked (stream);
   ESTREAM_UNLOCK (stream);
@@ -3346,7 +3346,7 @@ int
 es_fputc (int c, estream_t stream)
 {
   int ret;
-  
+
   ESTREAM_LOCK (stream);
   ret = es_putc_unlocked (c, stream);
   ESTREAM_UNLOCK (stream);
@@ -3458,10 +3458,10 @@ es_fgets (char *ES__RESTRICT buffer, int length, estream_t ES__RESTRICT stream)
 {
   unsigned char *s = (unsigned char*)buffer;
   int c;
-   
+
   if (!length)
     return NULL;
-     
+
   c = EOF;
   ESTREAM_LOCK (stream);
   while (length > 1 && (c = es_getc_unlocked (stream)) != EOF && c != '\n')
@@ -3525,7 +3525,7 @@ es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n,
   if (*n)
     {
       /* Caller wants us to use his buffer.  */
-      
+
       if (*n < (line_n + 1))
 	{
 	  /* Provided buffer is too small -> resize.  */
@@ -3569,7 +3569,7 @@ es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n,
    considered a byte stream ending in a LF.
 
    If MAX_LENGTH is not NULL, it shall point to a value with the
-   maximum allowed allocation.  
+   maximum allowed allocation.
 
    Returns the length of the line. EOF is indicated by a line of
    length zero. A truncated line is indicated my setting the value at
@@ -3593,7 +3593,7 @@ es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n,
    released using es_free.
  */
 ssize_t
-es_read_line (estream_t stream, 
+es_read_line (estream_t stream,
               char **addr_of_buffer, size_t *length_of_buffer,
               size_t *max_length)
 {
@@ -3605,7 +3605,7 @@ es_read_line (estream_t stream,
   char *p;
 
   if (!buffer)
-    { 
+    {
       /* No buffer given - allocate a new one. */
       length = 256;
       buffer = mem_alloc (length);
@@ -3634,9 +3634,9 @@ es_read_line (estream_t stream,
   while  ((c = es_getc_unlocked (stream)) != EOF)
     {
       if (nbytes == length)
-        { 
+        {
           /* Enlarge the buffer. */
-          if (maxlen && length > maxlen) 
+          if (maxlen && length > maxlen)
             {
               /* We are beyond our limit: Skip the rest of the line. */
               while (c != '\n' && (c=es_getc_unlocked (stream)) != EOF)
@@ -3653,7 +3653,7 @@ es_read_line (estream_t stream,
           if (!*addr_of_buffer)
             {
               int save_errno = errno;
-              mem_free (buffer); 
+              mem_free (buffer);
               *length_of_buffer = 0;
               if (max_length)
                 *max_length = 0;
@@ -3663,7 +3663,7 @@ es_read_line (estream_t stream,
             }
           buffer = *addr_of_buffer;
           *length_of_buffer = length;
-          length -= 3; 
+          length -= 3;
           p = buffer + nbytes;
 	}
       *p++ = c;
@@ -3701,7 +3701,7 @@ es_vfprintf (estream_t ES__RESTRICT stream, const char *ES__RESTRICT format,
 	     va_list ap)
 {
   int ret;
-  
+
   ESTREAM_LOCK (stream);
   ret = es_print (stream, format, ap);
   ESTREAM_UNLOCK (stream);
@@ -3715,7 +3715,7 @@ es_fprintf_unlocked (estream_t ES__RESTRICT stream,
                      const char *ES__RESTRICT format, ...)
 {
   int ret;
-  
+
   va_list ap;
   va_start (ap, format);
   ret = es_print (stream, format, ap);
@@ -3730,7 +3730,7 @@ es_fprintf (estream_t ES__RESTRICT stream,
 	    const char *ES__RESTRICT format, ...)
 {
   int ret;
-  
+
   va_list ap;
   va_start (ap, format);
   ESTREAM_LOCK (stream);
@@ -3746,7 +3746,7 @@ int
 es_printf_unlocked (const char *ES__RESTRICT format, ...)
 {
   int ret;
-  
+
   va_list ap;
   va_start (ap, format);
   ret = es_print (es_stdout, format, ap);
@@ -3761,7 +3761,7 @@ es_printf (const char *ES__RESTRICT format, ...)
 {
   int ret;
   estream_t stream = es_stdout;
-  
+
   va_list ap;
   va_start (ap, format);
   ESTREAM_LOCK (stream);
@@ -3799,7 +3799,7 @@ es_asprintf (const char *ES__RESTRICT format, ...)
    should use es_free to release the buffer.  This function actually
    belongs into estream-printf but we put it here as a convenience
    and because es_free is required anyway.  */
-char * 
+char *
 es_vasprintf (const char *ES__RESTRICT format, va_list ap)
 {
   int rc;
@@ -3830,7 +3830,7 @@ tmpfd (void)
   int pid = GetCurrentProcessId ();
   unsigned int value;
   int i;
-  
+
   n = GetTempPath (MAX_PATH+1, buffer);
   if (!n || n > MAX_PATH || mystrlen (buffer) > MAX_PATH)
     {
@@ -3896,7 +3896,7 @@ tmpfd (void)
 
   fp = NULL;
   fd = -1;
-  
+
   fp = tmpfile ();
   if (! fp)
     goto out;
@@ -3928,7 +3928,7 @@ es_tmpfile (void)
   stream = NULL;
   modeflags = O_RDWR | O_TRUNC | O_CREAT;
   cookie = NULL;
-  
+
   fd = tmpfd ();
   if (fd == -1)
     {
@@ -3954,7 +3954,7 @@ es_tmpfile (void)
 	close (fd);
       stream = NULL;
     }
-  
+
   return stream;
 }
 
@@ -3964,7 +3964,7 @@ es_setvbuf (estream_t ES__RESTRICT stream,
 	    char *ES__RESTRICT buf, int type, size_t size)
 {
   int err;
-  
+
   if ((type == _IOFBF || type == _IOLBF || type == _IONBF)
       && (!buf || size || type == _IONBF))
     {
@@ -4036,7 +4036,7 @@ void *
 es_opaque_get (estream_t stream)
 {
   void *opaque;
-  
+
   ESTREAM_LOCK (stream);
   es_opaque_ctrl (stream, NULL, &opaque);
   ESTREAM_UNLOCK (stream);
@@ -4111,10 +4111,10 @@ es_fname_get (estream_t stream)
    Returns 0 on success or -1 on error.  If BYTES_WRITTEN is not NULL
    the number of bytes actually written are stored at this
    address.  */
-int 
+int
 es_write_sanitized (estream_t ES__RESTRICT stream,
                     const void * ES__RESTRICT buffer, size_t length,
-                    const char * delimiters, 
+                    const char * delimiters,
                     size_t * ES__RESTRICT bytes_written)
 {
   const unsigned char *p = buffer;
@@ -4124,9 +4124,9 @@ es_write_sanitized (estream_t ES__RESTRICT stream,
   ESTREAM_LOCK (stream);
   for (; length; length--, p++, count++)
     {
-      if (*p < 0x20 
+      if (*p < 0x20
           || *p == 0x7f
-          || (delimiters 
+          || (delimiters
               && (strchr (delimiters, *p) || *p == '\\')))
         {
           es_putc_unlocked ('\\', stream);
@@ -4228,19 +4228,19 @@ es_write_hexstring (estream_t ES__RESTRICT stream,
 #ifdef GNUPG_MAJOR_VERSION
 /* Special estream function to print an UTF8 string in the native
    encoding.  The interface is the same as es_write_sanitized, however
-   only one delimiter may be supported. 
+   only one delimiter may be supported.
 
    THIS IS NOT A STANDARD ESTREAM FUNCTION AND ONLY USED BY GNUPG!. */
 int
 es_write_sanitized_utf8_buffer (estream_t stream,
-                                const void *buffer, size_t length, 
+                                const void *buffer, size_t length,
                                 const char *delimiters, size_t *bytes_written)
 {
   const char *p = buffer;
   size_t i;
 
   /* We can handle plain ascii simpler, so check for it first. */
-  for (i=0; i < length; i++ ) 
+  for (i=0; i < length; i++ )
     {
       if ( (p[i] & 0x80) )
         break;
diff --git a/common/estream.h b/common/estream.h
index 5c5e216e0..432143fd3 100644
--- a/common/estream.h
+++ b/common/estream.h
@@ -215,7 +215,7 @@ typedef struct es_cookie_io_functions
 } es_cookie_io_functions_t;
 
 
-enum es_syshd_types 
+enum es_syshd_types
   {
     ES_SYSHD_NONE,  /* No system handle available.  */
     ES_SYSHD_FD,    /* A file descriptor as returned by open().  */
diff --git a/common/exaudit.awk b/common/exaudit.awk
index 270e148b1..0d2f95ef4 100644
--- a/common/exaudit.awk
+++ b/common/exaudit.awk
@@ -30,7 +30,7 @@ topheader == 1 && /\*\//   { topheader = 2; print "" }
 /AUDIT_NULL_EVENT/   { okay = 1 }
 !okay                { next }
 /AUDIT_LAST_EVENT/   { exit }
-/AUDIT_[A-Za-z_]+/  { 
+/AUDIT_[A-Za-z_]+/  {
   sub (/[,\/\*]+/, "", $1);
   desc = tolower (substr($1,7));
   gsub (/_/," ",desc);
diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
index 6ffc562ca..5479fe3fc 100644
--- a/common/exechelp-posix.c
+++ b/common/exechelp-posix.c
@@ -32,7 +32,7 @@
 #ifdef HAVE_SIGNAL_H
 # include 
 #endif
-#include  
+#include 
 #include 
 
 #ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth.  */
@@ -40,7 +40,7 @@
 #undef USE_GNU_PTH
 #endif
 
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
 #include 
 #endif
 #include 
@@ -64,7 +64,7 @@
    and some are not.  However we want to use pth_fork and pth_waitpid
    here. Using a weak symbol works but is not portable - we should
    provide a an explicit dummy pth module instead of using the
-   pragma.  */ 
+   pragma.  */
 #pragma weak pth_fork
 #pragma weak pth_waitpid
 
@@ -181,7 +181,7 @@ get_all_open_fds (void)
   array = calloc (narray, sizeof *array);
   if (!array)
     return NULL;
-  
+
   /* Note:  The list we return is ordered.  */
   for (idx=0, fd=0; fd < max_fd; fd++)
     if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
@@ -258,7 +258,7 @@ do_exec (const char *pgmname, const char *argv[],
 
   /* Close all other files. */
   close_all_fds (3, NULL);
-  
+
   if (preexec)
     preexec ();
   execv (pgmname, arg_list);
@@ -328,7 +328,7 @@ create_pipe_and_estream (int filedes[2], estream_t *r_fp,
     }
   return 0;
 }
-  
+
 
 
 /* Fork and exec the PGMNAME, see exechelp.h for details.  */
@@ -388,7 +388,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
     }
 
 
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
   *pid = pth_fork? pth_fork () : fork ();
 #else
   *pid = fork ();
@@ -415,7 +415,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
     }
 
   if (!*pid)
-    { 
+    {
       /* This is the child. */
       gcry_control (GCRYCTL_TERM_SECMEM);
       es_fclose (outfp);
@@ -454,7 +454,7 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
 {
   gpg_error_t err;
 
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
   *pid = pth_fork? pth_fork () : fork ();
 #else
   *pid = fork ();
@@ -467,7 +467,7 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
     }
 
   if (!*pid)
-    { 
+    {
       gcry_control (GCRYCTL_TERM_SECMEM);
       /* Run child. */
       do_exec (pgmname, argv, infd, outfd, errfd, NULL);
@@ -501,7 +501,7 @@ gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
              && errno == EINTR)
         ;
     }
-  
+
   if (i == (pid_t)(-1))
     {
       ec = gpg_err_code_from_errno (errno);
@@ -531,7 +531,7 @@ gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
       log_error (_("error running `%s': terminated\n"), pgmname);
       ec = GPG_ERR_GENERAL;
     }
-  else 
+  else
     {
       if (r_exitcode)
         *r_exitcode = 0;
@@ -569,7 +569,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
   if (access (pgmname, X_OK))
     return gpg_error_from_syserror ();
 
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
   pid = pth_fork? pth_fork () : fork ();
 #else
   pid = fork ();
@@ -596,12 +596,12 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
       if (envp)
         for (i=0; envp[i]; i++)
           putenv (xstrdup (envp[i]));
-      
+
       do_exec (pgmname, argv, -1, -1, -1, NULL);
 
       /*NOTREACHED*/
     }
-  
+
   if (waitpid (pid, NULL, 0) == -1)
     log_error ("waitpid failed in gnupg_spawn_process_detached: %s",
                strerror (errno));
@@ -618,6 +618,6 @@ gnupg_kill_process (pid_t pid)
 {
   if (pid != (pid_t)(-1))
     {
-      kill (pid, SIGTERM); 
+      kill (pid, SIGTERM);
     }
 }
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index e76c7d726..a8fbd1587 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -32,7 +32,7 @@
 #ifdef HAVE_SIGNAL_H
 # include 
 #endif
-#include  
+#include 
 #include 
 
 #ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth.  */
@@ -40,7 +40,7 @@
 #undef USE_GNU_PTH
 #endif
 
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
 #include 
 #endif
 
@@ -127,7 +127,7 @@ get_all_open_fds (void)
   array = calloc (narray, sizeof *array);
   if (!array)
     return NULL;
-  
+
   /* Note:  The list we return is ordered.  */
   for (idx=0, fd=0; fd < max_fd; fd++)
     if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
@@ -184,7 +184,7 @@ build_w32_commandline_copy (char *buffer, const char *string)
 /* Build a command line for use with W32's CreateProcess.  On success
    CMDLINE gets the address of a newly allocated string.  */
 static gpg_error_t
-build_w32_commandline (const char *pgmname, const char * const *argv, 
+build_w32_commandline (const char *pgmname, const char * const *argv,
                        char **cmdline)
 {
   int i, n;
@@ -212,7 +212,7 @@ build_w32_commandline (const char *pgmname, const char * const *argv,
     return gpg_error_from_syserror ();
 
   p = build_w32_commandline_copy (p, pgmname);
-  for (i=0; argv[i]; i++) 
+  for (i=0; argv[i]; i++)
     {
       *p++ = ' ';
       p = build_w32_commandline_copy (p, argv[i]);
@@ -234,7 +234,7 @@ create_inheritable_pipe (HANDLE filedes[2], int inherit_idx)
   memset (&sec_attr, 0, sizeof sec_attr );
   sec_attr.nLength = sizeof sec_attr;
   sec_attr.bInheritHandle = FALSE;
-    
+
   if (!CreatePipe (&r, &w, &sec_attr, 0))
     return -1;
 
@@ -296,7 +296,7 @@ do_create_pipe (int filedes[2], int inherit_idx)
           log_error ("failed to translate osfhandle %p\n", fds[0]);
           CloseHandle (fds[1]);
         }
-      else 
+      else
         {
           filedes[1] = _open_osfhandle (handle_to_fd (fds[1]), 1);
           if (filedes[1] == -1)
@@ -343,7 +343,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
 {
   gpg_error_t err;
   SECURITY_ATTRIBUTES sec_attr;
-  PROCESS_INFORMATION pi = 
+  PROCESS_INFORMATION pi =
     {
       NULL,      /* Returns process handle.  */
       0,         /* Returns primary thread handle.  */
@@ -369,7 +369,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
   if (r_errfp)
     *r_errfp = NULL;
   *pid = (pid_t)(-1); /* Always required.  */
-  
+
   if (infp)
     {
       es_fflush (infp);
@@ -389,7 +389,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
         default:
           inhandle = INVALID_HANDLE_VALUE;
           break;
-        }      
+        }
       if (inhandle == INVALID_HANDLE_VALUE)
         return gpg_err_make (errsource, GPG_ERR_INV_VALUE);
       /* FIXME: In case we can't get a system handle (e.g. due to
@@ -455,11 +455,11 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
   memset (&sec_attr, 0, sizeof sec_attr );
   sec_attr.nLength = sizeof sec_attr;
   sec_attr.bInheritHandle = FALSE;
-  
+
   /* Build the command line.  */
   err = build_w32_commandline (pgmname, argv, &cmdline);
   if (err)
-    return err; 
+    return err;
 
   if (inhandle != INVALID_HANDLE_VALUE)
     nullhd[0] = w32_open_null (0);
@@ -483,7 +483,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
   cr_flags = (CREATE_DEFAULT_ERROR_MODE
               | ((flags & 128)? DETACHED_PROCESS : 0)
               | GetPriorityClass (GetCurrentProcess ())
-              | CREATE_SUSPENDED); 
+              | CREATE_SUSPENDED);
 /*   log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline); */
   if (!CreateProcess (pgmname,       /* Program to start.  */
                       cmdline,       /* Command line arguments.  */
@@ -526,7 +526,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
     CloseHandle (outpipe[1]);
   if (errpipe[1] != INVALID_HANDLE_VALUE)
     CloseHandle (errpipe[1]);
-  
+
   /* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
   /*            " dwProcessID=%d dwThreadId=%d\n", */
   /*            pi.hProcess, pi.hThread, */
@@ -541,7 +541,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
 
   /* Process has been created suspended; resume it now. */
   ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread); 
+  CloseHandle (pi.hThread);
 
   if (r_outfp)
     *r_outfp = outfp;
@@ -582,11 +582,11 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
   memset (&sec_attr, 0, sizeof sec_attr );
   sec_attr.nLength = sizeof sec_attr;
   sec_attr.bInheritHandle = FALSE;
-  
+
   /* Build the command line.  */
   err = build_w32_commandline (pgmname, argv, &cmdline);
   if (err)
-    return err; 
+    return err;
 
   memset (&si, 0, sizeof si);
   si.cb = sizeof (si);
@@ -633,7 +633,7 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
 
   /* Process has been created suspended; resume it now. */
   ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread); 
+  CloseHandle (pi.hThread);
 
   *pid = handle_to_pid (pi.hProcess);
   return 0;
@@ -660,7 +660,7 @@ gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
      been implemented.  A special W32 pth system call would even be
      better.  */
   code = WaitForSingleObject (proc, hang? INFINITE : 0);
-  switch (code) 
+  switch (code)
     {
     case WAIT_TIMEOUT:
       ec = GPG_ERR_TIMEOUT;
@@ -694,14 +694,14 @@ gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
           ec = 0;
         }
       break;
-      
+
     default:
       log_error ("WaitForSingleObject returned unexpected "
                  "code %d for pid %d\n", code, (int)pid );
       ec = GPG_ERR_GENERAL;
       break;
     }
-  
+
   return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
 }
 
@@ -713,7 +713,7 @@ gnupg_release_process (pid_t pid)
   if (pid != (pid_t)INVALID_HANDLE_VALUE)
     {
       HANDLE process = (HANDLE)pid;
-      
+
       CloseHandle (process);
     }
 }
@@ -732,7 +732,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
 {
   gpg_error_t err;
   SECURITY_ATTRIBUTES sec_attr;
-  PROCESS_INFORMATION pi = 
+  PROCESS_INFORMATION pi =
     {
       NULL,      /* Returns process handle.  */
       0,         /* Returns primary thread handle.  */
@@ -757,11 +757,11 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
   memset (&sec_attr, 0, sizeof sec_attr );
   sec_attr.nLength = sizeof sec_attr;
   sec_attr.bInheritHandle = FALSE;
-  
+
   /* Build the command line.  */
   err = build_w32_commandline (pgmname, argv, &cmdline);
   if (err)
-    return err; 
+    return err;
 
   /* Start the process.  */
   memset (&si, 0, sizeof si);
@@ -772,7 +772,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
   cr_flags = (CREATE_DEFAULT_ERROR_MODE
               | GetPriorityClass (GetCurrentProcess ())
               | CREATE_NEW_PROCESS_GROUP
-              | DETACHED_PROCESS); 
+              | DETACHED_PROCESS);
 /*   log_debug ("CreateProcess(detached), path=`%s' cmdline=`%s'\n", */
 /*              pgmname, cmdline); */
   if (!CreateProcess (pgmname,       /* Program to start.  */
@@ -799,7 +799,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
 /*              pi.hProcess, pi.hThread, */
 /*              (int) pi.dwProcessId, (int) pi.dwThreadId); */
 
-  CloseHandle (pi.hThread); 
+  CloseHandle (pi.hThread);
 
   return 0;
 }
@@ -814,7 +814,7 @@ gnupg_kill_process (pid_t pid)
   if (pid != (pid_t) INVALID_HANDLE_VALUE)
     {
       HANDLE process = (HANDLE) pid;
-      
+
       /* Arbitrary error code.  */
       TerminateProcess (process, 1);
     }
diff --git a/common/exechelp-w32ce.c b/common/exechelp-w32ce.c
index 774214259..1bc2d6c3a 100644
--- a/common/exechelp-w32ce.c
+++ b/common/exechelp-w32ce.c
@@ -32,7 +32,7 @@
 #ifdef HAVE_SIGNAL_H
 # include 
 #endif
-#include  
+#include 
 #include 
 
 #ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth.  */
@@ -40,7 +40,7 @@
 #undef USE_GNU_PTH
 #endif
 
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
 #include 
 #endif
 
@@ -73,8 +73,8 @@
 #define handle_to_pid(a) ((int)(a))
 
 
-#ifdef USE_GNU_PTH      
-/* The data passed to the feeder_thread.  */ 
+#ifdef USE_GNU_PTH
+/* The data passed to the feeder_thread.  */
 struct feeder_thread_parms
 {
   estream_t stream;
@@ -173,7 +173,7 @@ leave:
 }
 #endif /*USE_GNU_PTH*/
 
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
 static void
 feeder_onclose_notification (estream_t stream, void *opaque)
 {
@@ -191,11 +191,11 @@ feeder_onclose_notification (estream_t stream, void *opaque)
 static gpg_error_t
 start_feeder (estream_t stream, HANDLE hd, int direction)
 {
-#ifdef USE_GNU_PTH      
+#ifdef USE_GNU_PTH
   gpg_error_t err;
   struct feeder_thread_parms *parm;
   pth_attr_t tattr;
-  
+
   parm = xtrymalloc (sizeof *parm);
   if (!parm)
     return gpg_error_from_syserror ();
@@ -210,12 +210,12 @@ start_feeder (estream_t stream, HANDLE hd, int direction)
       xfree (parm);
       return err;
     }
-  
+
   tattr = pth_attr_new ();
   pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
   pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 64*1024);
   pth_attr_set (tattr, PTH_ATTR_NAME, "exec-feeder");
-  
+
   log_debug ("spawning new feeder(%p, %p, %d)\n", stream, hd, direction);
   if(!pth_spawn (tattr, feeder_thread, parm))
     {
@@ -291,7 +291,7 @@ get_all_open_fds (void)
   array = calloc (narray, sizeof *array);
   if (!array)
     return NULL;
-  
+
   /* Note:  The list we return is ordered.  */
   for (idx=0, fd=0; fd < max_fd; fd++)
     if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
@@ -376,7 +376,7 @@ build_w32_commandline (const char * const *argv,
   else
     strcpy (p, "-&S2=null ");
   p += strlen (p);
-  
+
   *cmdline = NULL;
   n = strlen (fdbuf);
   for (i=0; (s = argv[i]); i++)
@@ -393,7 +393,7 @@ build_w32_commandline (const char * const *argv,
     return -1;
 
   p = stpcpy (p, fdbuf);
-  for (i = 0; argv[i]; i++) 
+  for (i = 0; argv[i]; i++)
     {
       *p++ = ' ';
       p = copy_quoted (p, argv[i]);
@@ -518,7 +518,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
 
   (void)preexec;
   (void)flags;
-  
+
   /* Setup return values.  */
   if (r_outfp)
     *r_outfp = NULL;
@@ -623,7 +623,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
     {
       /* Fixme release other stuff/kill feeder.  */
       CloseHandle (errpipe.hd);
-      return err; 
+      return err;
     }
 
   log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline);
@@ -645,11 +645,11 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
              " dwProcessID=%d dwThreadId=%d\n",
              pi.hProcess, pi.hThread,
              (int) pi.dwProcessId, (int) pi.dwThreadId);
-  
+
 
   /* Process has been created suspended; resume it now. */
   ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread); 
+  CloseHandle (pi.hThread);
 
   if (r_outfp)
     *r_outfp = outfp;
@@ -686,7 +686,7 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
   /* Build the command line.  */
   err = build_w32_commandline (argv, 0, 0, 0, &cmdline);
   if (err)
-    return err; 
+    return err;
 
   log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline);
   if (!create_process (pgmname, cmdline, &pi))
@@ -702,10 +702,10 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
              " dwProcessID=%d dwThreadId=%d\n",
              pi.hProcess, pi.hThread,
              (int) pi.dwProcessId, (int) pi.dwThreadId);
-  
+
   /* Process has been created suspended; resume it now. */
   ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread); 
+  CloseHandle (pi.hThread);
 
   *pid = handle_to_pid (pi.hProcess);
   return 0;
@@ -731,12 +731,12 @@ gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *exitcode)
      been implemented.  A special W32 pth system call would even be
      better.  */
   code = WaitForSingleObject (proc, hang? INFINITE : 0);
-  switch (code) 
+  switch (code)
     {
     case WAIT_TIMEOUT:
       ec = GPG_ERR_TIMEOUT;
       break;
-      
+
     case WAIT_FAILED:
       log_error (_("waiting for process %d to terminate failed: %s\n"),
                  (int)pid, w32_strerror (-1));
@@ -765,7 +765,7 @@ gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *exitcode)
           ec = 0;
         }
       break;
-      
+
     default:
       log_error ("WaitForSingleObject returned unexpected "
                  "code %d for pid %d\n", code, (int)pid );
@@ -783,7 +783,7 @@ gnupg_release_process (pid_t pid)
   if (pid != (pid_t)INVALID_HANDLE_VALUE)
     {
       HANDLE process = (HANDLE)pid;
-      
+
       CloseHandle (process);
     }
 }
@@ -805,11 +805,11 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
   PROCESS_INFORMATION pi = {NULL };
 
   (void)envp;
-  
+
   /* Build the command line.  */
   err = build_w32_commandline (argv, 0, 0, 0, &cmdline);
   if (err)
-    return err; 
+    return err;
 
   /* Note: There is no detached flag under CE.  */
   log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline);
@@ -826,10 +826,10 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
              " dwProcessID=%d dwThreadId=%d\n",
              pi.hProcess, pi.hThread,
              (int) pi.dwProcessId, (int) pi.dwThreadId);
-  
+
   /* Process has been created suspended; resume it now. */
   ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread); 
+  CloseHandle (pi.hThread);
 
   return 0;
 }
@@ -844,7 +844,7 @@ gnupg_kill_process (pid_t pid)
   if (pid != (pid_t) INVALID_HANDLE_VALUE)
     {
       HANDLE process = (HANDLE) pid;
-      
+
       /* Arbitrary error code.  */
       TerminateProcess (process, 1);
     }
diff --git a/common/exechelp.h b/common/exechelp.h
index e6a0ee5e1..b97516657 100644
--- a/common/exechelp.h
+++ b/common/exechelp.h
@@ -66,7 +66,7 @@ gpg_error_t gnupg_create_outbound_pipe (int filedes[2]);
    The arguments for the process are expected in the NULL terminated
    array ARGV.  The program name itself should not be included there.
    If PREEXEC is not NULL, the given function will be called right
-   before the exec. 
+   before the exec.
 
    Returns 0 on success or an error code.  Calling gnupg_wait_process
    and gnupg_release_process is required if the function succeeded.
@@ -77,7 +77,7 @@ gpg_error_t gnupg_create_outbound_pipe (int filedes[2]);
           This flag is only useful under W32 (but not W32CE) systems,
           so that no new console is created and pops up a console
           window when starting the server.  Does not work on W32CE.
- 
+
    Bit 6: On W32 (but not on W32CE) run AllowSetForegroundWindow for
           the child.  Note that due to unknown problems this actually
           allows SetForegroundWindow for all childs of this process.
@@ -101,7 +101,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
    included there.  Calling gnupg_wait_process and
    gnupg_release_process is required.  Returns 0 on success or an
    error code. */
-gpg_error_t gnupg_spawn_process_fd (const char *pgmname, 
+gpg_error_t gnupg_spawn_process_fd (const char *pgmname,
                                     const char *argv[],
                                     int infd, int outfd, int errfd,
                                     pid_t *pid);
@@ -120,11 +120,11 @@ gpg_error_t gnupg_spawn_process_fd (const char *pgmname,
        is then stored at R_EXITCODE.  An exit code of -1 indicates
        that the process terminated abnormally (e.g. due to a signal).
 
-   GPG_ERR_TIMEOUT 
+   GPG_ERR_TIMEOUT
        The process is still running (returned only if HANG is false).
 
-   GPG_ERR_INV_VALUE 
-       An invalid PID has been specified.  
+   GPG_ERR_INV_VALUE
+       An invalid PID has been specified.
 
    Other error codes may be returned as well.  Unless otherwise noted,
    -1 will be stored at R_EXITCODE.  R_EXITCODE may be passed as NULL
diff --git a/common/exstatus.awk b/common/exstatus.awk
index ea48e8156..fb1381947 100644
--- a/common/exstatus.awk
+++ b/common/exstatus.awk
@@ -26,7 +26,7 @@ topheader == 0 && /^\/\*/  { topheader = 1 }
 topheader == 1             { print $0 }
 topheader == 1 && /\*\//   { topheader = 2; print "" }
 
-/^[ \t]+STATUS_[A-Za-z_]+/  { 
+/^[ \t]+STATUS_[A-Za-z_]+/  {
   sub (/[,\/\*]+/, "", $1);
   desc = substr($1,8);
   printf "%d\t%s\t%s\n", code, $1, desc;
@@ -37,4 +37,3 @@ topheader == 1 && /\*\//   { topheader = 2; print "" }
 END {
   print "# end of status codes."
 }
-
diff --git a/common/gc-opt-flags.h b/common/gc-opt-flags.h
index 261fe8796..b777c06d6 100644
--- a/common/gc-opt-flags.h
+++ b/common/gc-opt-flags.h
@@ -4,7 +4,7 @@
  * This file is free software; as a special exception the author gives
  * unlimited permission to copy and/or distribute it, with or without
  * modifications, as long as this notice is preserved.
- * 
+ *
  * This file is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
  * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
diff --git a/common/get-passphrase.c b/common/get-passphrase.c
index 090079405..1aaeeac6c 100644
--- a/common/get-passphrase.c
+++ b/common/get-passphrase.c
@@ -79,7 +79,7 @@ start_agent (void)
      pth.  We will need a context for each thread or serialize the
      access to the agent.  */
   if (agent_ctx)
-    return 0; 
+    return 0;
 
   err = start_new_gpg_agent (&agent_ctx,
                              agentargs.errsource,
@@ -129,7 +129,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
     put_membuf (data, buffer, length);
   return 0;
 }
-  
+
 
 /* Ask for a passphrase via gpg-agent.  On success the caller needs to
    free the string stored at R_PASSPHRASE.  On error NULL will be
@@ -158,8 +158,8 @@ gnupg_get_passphrase (const char *cache_id,
   gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
   const char *arg1 = NULL;
-  char *arg2 = NULL;  
-  char *arg3 = NULL; 
+  char *arg2 = NULL;
+  char *arg3 = NULL;
   char *arg4 = NULL;
   membuf_t data;
 
@@ -170,7 +170,7 @@ gnupg_get_passphrase (const char *cache_id,
     return err;
 
   /* Check that the gpg-agent understands the repeat option.  */
-  if (assuan_transact (agent_ctx, 
+  if (assuan_transact (agent_ctx,
                        "GETINFO cmd_has_option GET_PASSPHRASE repeat",
                        NULL, NULL, NULL, NULL, NULL, NULL))
     return gpg_error (GPG_ERR_NOT_SUPPORTED);
@@ -186,10 +186,10 @@ gnupg_get_passphrase (const char *cache_id,
     if (!(arg4 = percent_plus_escape (desc_msg)))
       goto no_mem;
 
-  snprintf (line, DIM(line)-1, 
-            "GET_PASSPHRASE --data %s--repeat=%d -- %s %s %s %s", 
+  snprintf (line, DIM(line)-1,
+            "GET_PASSPHRASE --data %s--repeat=%d -- %s %s %s %s",
             check_quality? "--check ":"",
-            repeat, 
+            repeat,
             arg1? arg1:"X",
             arg2? arg2:"X",
             arg3? arg3:"X",
@@ -203,10 +203,10 @@ gnupg_get_passphrase (const char *cache_id,
     init_membuf_secure (&data, 64);
   else
     init_membuf (&data, 64);
-  err = assuan_transact (agent_ctx, line, 
+  err = assuan_transact (agent_ctx, line,
                          membuf_data_cb, &data,
                          default_inq_cb, NULL, NULL, NULL);
-  
+
   /* Older Pinentries return the old assuan error code for canceled
      which gets translated bt libassuan to GPG_ERR_ASS_CANCELED and
      not to the code for a user cancel.  Fix this here. */
@@ -224,7 +224,7 @@ gnupg_get_passphrase (const char *cache_id,
         wipememory (p, n);
       xfree (p);
     }
-  else 
+  else
     {
       put_membuf (&data, "", 1);
       *r_passphrase = get_membuf (&data, NULL);
diff --git a/common/gettime.c b/common/gettime.c
index 1ccbbc654..27dc8456e 100644
--- a/common/gettime.c
+++ b/common/gettime.c
@@ -31,7 +31,7 @@
 
 #ifdef HAVE_UNSIGNED_TIME_T
 # define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1))
-#else 
+#else
   /* Error or 32 bit time_t and value after 2038-01-19.  */
 # define IS_INVALID_TIME_T(a) ((a) < 0)
 #endif
@@ -46,8 +46,8 @@ static enum { NORMAL = 0, FROZEN, FUTURE, PAST } timemode;
 
 /* Wrapper for the time(3).  We use this here so we can fake the time
    for tests */
-time_t 
-gnupg_get_time () 
+time_t
+gnupg_get_time ()
 {
   time_t current = time (NULL);
   if (timemode == NORMAL)
@@ -66,15 +66,15 @@ void
 gnupg_get_isotime (gnupg_isotime_t timebuf)
 {
   time_t atime = gnupg_get_time ();
-    
+
   if (atime == (time_t)(-1))
     *timebuf = 0;
-  else 
+  else
     {
       struct tm *tp;
 #ifdef HAVE_GMTIME_R
       struct tm tmbuf;
-      
+
       tp = gmtime_r (&atime, &tmbuf);
 #else
       tp = gmtime (&atime);
@@ -128,7 +128,7 @@ gnupg_faked_time_p (void)
 
 /* This function is used by gpg because OpenPGP defines the timestamp
    as an unsigned 32 bit value. */
-u32 
+u32
 make_timestamp (void)
 {
   time_t t = gnupg_get_time ();
@@ -233,12 +233,12 @@ epoch2isotime (gnupg_isotime_t timebuf, time_t atime)
 {
   if (atime == (time_t)(-1))
     *timebuf = 0;
-  else 
+  else
     {
       struct tm *tp;
 #ifdef HAVE_GMTIME_R
       struct tm tmbuf;
-      
+
       tp = gmtime_r (&atime, &tmbuf);
 #else
       tp = gmtime (&atime);
@@ -296,7 +296,7 @@ strtimestamp (u32 stamp)
   static char buffer[11+5];
   struct tm *tp;
   time_t atime = stamp;
-    
+
   if (IS_INVALID_TIME_T (atime))
     {
       strcpy (buffer, "????" "-??" "-??");
@@ -320,7 +320,7 @@ isotimestamp (u32 stamp)
   static char buffer[25+5];
   struct tm *tp;
   time_t atime = stamp;
-  
+
   if (IS_INVALID_TIME_T (atime))
     {
       strcpy (buffer, "????" "-??" "-??" " " "??" ":" "??" ":" "??");
@@ -364,7 +364,7 @@ asctimestamp (u32 stamp)
   /* NOTE: gcc -Wformat-noliteral will complain here.  I have found no
      way to suppress this warning.  */
   strftime (buffer, DIM(buffer)-1, fmt, tp);
-# elif defined(HAVE_W32CE_SYSTEM) 
+# elif defined(HAVE_W32CE_SYSTEM)
   /* tzset is not available but %Z nevertheless prints a default
      nonsense timezone ("WILDABBR").  Thus we don't print the time
      zone at all.  */
@@ -400,7 +400,7 @@ static int
 days_per_month (int y, int m)
 {
   int s;
-    
+
   switch(m)
     {
     case 1: case 3: case 5: case 7: case 8: case 10: case 12:
@@ -460,19 +460,19 @@ jd2date (unsigned long jd, int *year, int *month, int *day)
   m = (delta / 31) + 1;
   while( (delta = jd - date2jd (y, m, d)) > days_per_month (y,m))
     if (++m > 12)
-      { 
+      {
         m = 1;
         y++;
       }
 
   d = delta + 1 ;
   if (d > days_per_month (y, m))
-    { 
+    {
       d = 1;
       m++;
     }
   if (m > 12)
-    { 
+    {
       m = 1;
       y++;
     }
@@ -499,7 +499,7 @@ check_isotime (const gnupg_isotime_t atime)
 
   if (!*atime)
     return gpg_error (GPG_ERR_NO_VALUE);
-  
+
   for (s=atime, i=0; i < 8; i++, s++)
     if (!digitp (s))
       return gpg_error (GPG_ERR_INV_TIME);
@@ -566,7 +566,7 @@ add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds)
   sec   = atoi_2 (atime+13);
 
   if (year <= 1582) /* The julian date functions don't support this. */
-    return gpg_error (GPG_ERR_INV_VALUE); 
+    return gpg_error (GPG_ERR_INV_VALUE);
 
   sec    += nseconds;
   minute += sec/60;
@@ -575,14 +575,14 @@ add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds)
   minute %= 60;
   ndays  = hour/24;
   hour   %= 24;
-  
+
   jd = date2jd (year, month, day) + ndays;
   jd2date (jd, &year, &month, &day);
 
   if (year > 9999 || month > 12 || day > 31
       || year < 0 || month < 1 || day < 1)
-    return gpg_error (GPG_ERR_INV_VALUE); 
-    
+    return gpg_error (GPG_ERR_INV_VALUE);
+
   snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d",
             year, month, day, hour, minute, sec);
   return 0;
@@ -611,15 +611,15 @@ add_days_to_isotime (gnupg_isotime_t atime, int ndays)
   sec   = atoi_2 (atime+13);
 
   if (year <= 1582) /* The julian date functions don't support this. */
-    return gpg_error (GPG_ERR_INV_VALUE); 
+    return gpg_error (GPG_ERR_INV_VALUE);
 
   jd = date2jd (year, month, day) + ndays;
   jd2date (jd, &year, &month, &day);
 
   if (year > 9999 || month > 12 || day > 31
       || year < 0 || month < 1 || day < 1)
-    return gpg_error (GPG_ERR_INV_VALUE); 
-    
+    return gpg_error (GPG_ERR_INV_VALUE);
+
   snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d",
             year, month, day, hour, minute, sec);
   return 0;
diff --git a/common/gpgrlhelp.c b/common/gpgrlhelp.c
index 28459aac2..b6fca82f3 100644
--- a/common/gpgrlhelp.c
+++ b/common/gpgrlhelp.c
@@ -85,7 +85,3 @@ gnupg_rl_initialize (void)
   rl_readline_name = "GnuPG";
 #endif
 }
-
-
-
-
diff --git a/common/helpfile.c b/common/helpfile.c
index 34b6bdc4e..6666a800e 100644
--- a/common/helpfile.c
+++ b/common/helpfile.c
@@ -52,7 +52,7 @@ findkey_fname (const char *key, const char *fname)
   while (fgets (line, DIM(line)-1, fp))
     {
       lnr++;
-      
+
       if (!*line || line[strlen(line)-1] != '\n')
         {
           /* Eat until end of line. */
@@ -65,7 +65,7 @@ findkey_fname (const char *key, const char *fname)
         }
       else
         line[strlen(line)-1] = 0; /* Chop the LF. */
-      
+
     again:
       if (!in_item)
         {
@@ -96,7 +96,7 @@ findkey_fname (const char *key, const char *fname)
       if (*line == '#')
         continue;
       if (*line == '.')
-        { 
+        {
           if (spacep(line+1))
             p = line + 2;
           else
@@ -126,7 +126,7 @@ findkey_fname (const char *key, const char *fname)
       log_error (_("error reading `%s', line %d: %s\n"),
                  fname, lnr, gpg_strerror (err));
     }
-  
+
   fclose (fp);
   if (is_membuf_ready (&mb))
     {
@@ -182,7 +182,7 @@ findkey_locale (const char *key, const char *locname,
       else
         result = NULL;
     }
-  
+
   if (!result && (!only_current_locale || !*locname) )
     {
       /* Last try: Search in file without any locale info.  ("help.txt") */
@@ -204,18 +204,18 @@ findkey_locale (const char *key, const char *locname,
      /etc/gnupg/help.txt
      /usr/share/gnupg/help.LL.txt
      /usr/share/gnupg/help.txt
-     
+
    Here LL denotes the two digit language code of the current locale.
    If ONLY_CURRENT_LOCALE is set, the fucntion won;t fallback to the
    english valiant ("help.txt") unless that locale has been requested.
-   
+
    The help file needs to be encoded in UTF-8, lines with a '#' in the
    first column are comment lines and entirely ignored.  Help keys are
    identified by a key consisting of a single word with a single dot
    as the first character.  All key lines listed without any
    intervening lines (except for comment lines) lead to the same help
    text.  Lines following the key lines make up the actual hep texts.
-   
+
 */
 
 char *
@@ -249,7 +249,7 @@ gnupg_get_help_string (const char *key, int only_current_locale)
   if (!key || !*key)
     return NULL;
 
-  result = findkey_locale (key, locname, only_current_locale, 
+  result = findkey_locale (key, locname, only_current_locale,
                            gnupg_sysconfdir ());
   if (!result)
     result = findkey_locale (key, locname, only_current_locale,
diff --git a/common/homedir.c b/common/homedir.c
index 3d31bd376..56cacaff8 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -55,7 +55,7 @@ w32_try_mkdir (const char *dir)
       CreateDirectory (wdir, NULL);
       xfree (wdir);
     }
-#else              
+#else
   CreateDirectory (dir, NULL);
 #endif
 }
@@ -115,7 +115,7 @@ standard_homedir (void)
   if (!dir)
     {
       char path[MAX_PATH];
-      
+
       /* It might be better to use LOCAL_APPDATA because this is
          defined as "non roaming" and thus more likely to be kept
          locally.  For private keys this is desired.  However, given
@@ -123,13 +123,13 @@ standard_homedir (void)
          using a system roaming services might be better than to let
          them do it manually.  A security conscious user will anyway
          use the registry entry to have better control.  */
-      if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, 
-                               NULL, 0, path) >= 0) 
+      if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
+                               NULL, 0, path) >= 0)
         {
           char *tmp = xmalloc (strlen (path) + 6 +1);
           strcpy (stpcpy (tmp, path), "\\gnupg");
           dir = tmp;
-          
+
           /* Try to create the directory if it does not yet exists.  */
           if (access (dir, F_OK))
             w32_try_mkdir (dir);
@@ -155,7 +155,7 @@ default_homedir (void)
   if (!dir || !*dir)
     {
       static const char *saved_dir;
-      
+
       if (!saved_dir)
         {
           if (!dir || !*dir)
@@ -172,7 +172,7 @@ default_homedir (void)
               if (tmp)
                 saved_dir = tmp;
             }
-          
+
           if (!saved_dir)
             saved_dir = standard_homedir ();
         }
@@ -228,7 +228,7 @@ w32_rootdir (void)
       if (!p)
         {
           log_debug ("bad filename `%s' returned for this process\n", dir);
-          *dir = 0; 
+          *dir = 0;
         }
     }
 
@@ -247,8 +247,8 @@ w32_commondir (void)
     {
       char path[MAX_PATH];
 
-      if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, 
-                               NULL, 0, path) >= 0) 
+      if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA,
+                               NULL, 0, path) >= 0)
         {
           char *tmp = xmalloc (strlen (path) + 4 +1);
           strcpy (stpcpy (tmp, path), "\\GNU");
@@ -263,7 +263,7 @@ w32_commondir (void)
           dir = xstrdup (w32_rootdir ());
         }
     }
-  
+
   return dir;
 }
 #endif /*HAVE_W32_SYSTEM*/
@@ -389,8 +389,8 @@ gnupg_cachedir (void)
       for (comp = s1; *comp; comp++)
         s1_len += 1 + strlen (*comp);
 
-      if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE, 
-                               NULL, 0, path) >= 0) 
+      if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
+                               NULL, 0, path) >= 0)
         {
           char *tmp = xmalloc (strlen (path) + s1_len + 1);
 	  char *p;
@@ -475,49 +475,49 @@ gnupg_module_name (int which)
     if (!name)                                                          \
       name = xstrconcat (gnupg_ ## a (), DIRSEP_S b EXEEXT_S, NULL);    \
     return name;                                                        \
-  } while (0)                                                     
-  
+  } while (0)
+
   switch (which)
     {
     case GNUPG_MODULE_NAME_AGENT:
 #ifdef GNUPG_DEFAULT_AGENT
       return GNUPG_DEFAULT_AGENT;
-#else 
+#else
       X(bindir, "gpg-agent");
 #endif
-      
+
     case GNUPG_MODULE_NAME_PINENTRY:
 #ifdef GNUPG_DEFAULT_PINENTRY
       return GNUPG_DEFAULT_PINENTRY;
-#else 
+#else
       X(bindir, "pinentry");
 #endif
 
     case GNUPG_MODULE_NAME_SCDAEMON:
 #ifdef GNUPG_DEFAULT_SCDAEMON
       return GNUPG_DEFAULT_SCDAEMON;
-#else 
+#else
       X(bindir, "scdaemon");
 #endif
 
     case GNUPG_MODULE_NAME_DIRMNGR:
 #ifdef GNUPG_DEFAULT_DIRMNGR
       return GNUPG_DEFAULT_DIRMNGR;
-#else 
+#else
       X(bindir, "dirmngr");
 #endif
 
     case GNUPG_MODULE_NAME_PROTECT_TOOL:
 #ifdef GNUPG_DEFAULT_PROTECT_TOOL
       return GNUPG_DEFAULT_PROTECT_TOOL;
-#else 
+#else
       X(libexecdir, "gpg-protect-tool");
 #endif
 
     case GNUPG_MODULE_NAME_DIRMNGR_LDAP:
 #ifdef GNUPG_DEFAULT_DIRMNGR_LDAP
       return GNUPG_DEFAULT_DIRMNGR_LDAP;
-#else 
+#else
       X(libexecdir, "dirmngr_ldap");
 #endif
 
@@ -536,7 +536,7 @@ gnupg_module_name (int which)
     case GNUPG_MODULE_NAME_GPGCONF:
       X(bindir, "gpgconf");
 
-    default: 
+    default:
       BUG ();
     }
 #undef X
diff --git a/common/http.c b/common/http.c
index b50b6b8ad..f8628e622 100644
--- a/common/http.c
+++ b/common/http.c
@@ -176,21 +176,21 @@ static es_cookie_io_functions_t cookie_functions =
     cookie_close
   };
 
-struct cookie_s 
+struct cookie_s
 {
   /* File descriptor or -1 if already closed. */
   int fd;
 
   /* TLS session context or NULL if not used. */
-  gnutls_session_t tls_session; 
+  gnutls_session_t tls_session;
 
   /* The remaining content length and a flag telling whether to use
      the content length.  */
-  longcounter_t content_length;  
+  longcounter_t content_length;
   unsigned int content_length_valid:1;
 
   /* Flag to communicate with the close handler. */
-  unsigned int keep_socket:1; 
+  unsigned int keep_socket:1;
 };
 typedef struct cookie_s *cookie_t;
 
@@ -210,7 +210,7 @@ typedef struct header_s *header_t;
 
 
 /* Our handle context. */
-struct http_context_s 
+struct http_context_s
 {
   unsigned int status_code;
   int sock;
@@ -258,14 +258,14 @@ init_sockets (void)
   if (initialized)
     return;
 
-  if ( WSAStartup( MAKEWORD (REQ_WINSOCK_MINOR, REQ_WINSOCK_MAJOR), &wsdata ) ) 
+  if ( WSAStartup( MAKEWORD (REQ_WINSOCK_MINOR, REQ_WINSOCK_MAJOR), &wsdata ) )
     {
-      log_error ("error initializing socket library: ec=%d\n", 
+      log_error ("error initializing socket library: ec=%d\n",
                  (int)WSAGetLastError () );
       return;
     }
-  if ( LOBYTE(wsdata.wVersion) != REQ_WINSOCK_MAJOR  
-       || HIBYTE(wsdata.wVersion) != REQ_WINSOCK_MINOR ) 
+  if ( LOBYTE(wsdata.wVersion) != REQ_WINSOCK_MAJOR
+       || HIBYTE(wsdata.wVersion) != REQ_WINSOCK_MINOR )
     {
       log_error ("socket library version is %x.%x - but %d.%d needed\n",
                  LOBYTE(wsdata.wVersion), HIBYTE(wsdata.wVersion),
@@ -290,7 +290,7 @@ static char *
 make_header_line (const char *prefix, const char *suffix,
                    const void *data, size_t len )
 {
-  static unsigned char bintoasc[] = 
+  static unsigned char bintoasc[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
     "abcdefghijklmnopqrstuvwxyz"
     "0123456789+/";
@@ -308,7 +308,7 @@ make_header_line (const char *prefix, const char *suffix,
       *p++ = bintoasc[(((s[1]<<2)&074)|((s[2]>>6)&03))&077];
       *p++ = bintoasc[s[2]&077];
     }
-  if ( len == 2 ) 
+  if ( len == 2 )
     {
       *p++ = bintoasc[(s[0] >> 2) & 077];
       *p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
@@ -336,7 +336,7 @@ http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) )
   tls_callback = (gpg_error_t (*) (http_t, gnutls_session_t, int))cb;
 #else
   (void)cb;
-#endif  
+#endif
 }
 
 
@@ -345,14 +345,14 @@ http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) )
    pointer for completing the the request and to wait for the
    response. */
 gpg_error_t
-_http_open (http_t *r_hd, http_req_t reqtype, const char *url, 
+_http_open (http_t *r_hd, http_req_t reqtype, const char *url,
             const char *auth, unsigned int flags, const char *proxy,
             void *tls_context, const char *srvtag, strlist_t headers,
             gpg_err_source_t errsource)
 {
   gpg_error_t err;
   http_t hd;
-  
+
   *r_hd = NULL;
 
   if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
@@ -370,7 +370,7 @@ _http_open (http_t *r_hd, http_req_t reqtype, const char *url,
   err = _http_parse_uri (&hd->uri, url, 0, errsource);
   if (!err)
     err = send_request (hd, auth, proxy, srvtag, headers, errsource);
-  
+
   if (err)
     {
       if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
@@ -408,7 +408,7 @@ _http_wait_response (http_t hd, gpg_err_source_t errsource)
   cookie_t cookie;
 
   /* Make sure that we are in the data. */
-  http_start_data (hd);	
+  http_start_data (hd);
 
   /* Close the write stream but keep the socket open.  */
   cookie = hd->write_cookie;
@@ -455,7 +455,7 @@ _http_wait_response (http_t hd, gpg_err_source_t errsource)
    be used as an HTTP proxy and any enabled $http_proxy gets
    ignored. */
 gpg_error_t
-_http_open_document (http_t *r_hd, const char *document, 
+_http_open_document (http_t *r_hd, const char *document,
                      const char *auth, unsigned int flags, const char *proxy,
                      void *tls_context, const char *srvtag, strlist_t headers,
                      gpg_err_source_t errsource)
@@ -620,7 +620,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, int no_scheme_check)
 
       p++;
       if (*p == '/') /* There seems to be a hostname. */
-	{ 
+	{
 	  p++;
 	  if ((p2 = strchr (p, '/')))
 	    *p2++ = 0;
@@ -678,7 +678,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, int no_scheme_check)
     return GPG_ERR_BAD_URI;	/* Path includes a Nul. */
   p = p2 ? p2 : NULL;
 
-  if (!p || !*p)	
+  if (!p || !*p)
     return 0; /* We don't have a query string.  Okay. */
 
   /* Now parse the query string. */
@@ -902,7 +902,7 @@ send_request (http_t hd, const char *auth,
 
   if ( (proxy && *proxy)
        || ( (hd->flags & HTTP_FLAG_TRY_PROXY)
-            && (http_proxy = getenv (HTTP_PROXY_ENV)) 
+            && (http_proxy = getenv (HTTP_PROXY_ENV))
             && *http_proxy ))
     {
       parsed_uri_t uri;
@@ -947,7 +947,7 @@ send_request (http_t hd, const char *auth,
   if (hd->sock == -1)
     {
       xfree (proxy_authstr);
-      return gpg_err_make (errsource, (save_errno 
+      return gpg_err_make (errsource, (save_errno
                                        ? gpg_err_code_from_errno (save_errno)
                                        : GPG_ERR_NOT_FOUND));
     }
@@ -987,7 +987,7 @@ send_request (http_t hd, const char *auth,
   if (auth || hd->uri->auth)
     {
       char *myauth;
-      
+
       if (auth)
         {
           myauth = xtrystrdup (auth);
@@ -1015,14 +1015,14 @@ send_request (http_t hd, const char *auth,
           return gpg_err_make (errsource, gpg_err_code_from_syserror ());
         }
     }
-  
+
   p = build_rel_path (hd->uri);
   if (!p)
     return gpg_err_make (errsource, gpg_err_code_from_syserror ());
 
   if (http_proxy && *http_proxy)
     {
-      request = es_asprintf 
+      request = es_asprintf
         ("%s http://%s:%hu%s%s HTTP/1.0\r\n%s%s",
          hd->req_type == HTTP_REQ_GET ? "GET" :
          hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
@@ -1034,13 +1034,13 @@ send_request (http_t hd, const char *auth,
   else
     {
       char portstr[35];
-        
+
       if (port == 80)
         *portstr = 0;
       else
         snprintf (portstr, sizeof portstr, ":%u", port);
 
-      request = es_asprintf 
+      request = es_asprintf
         ("%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
          hd->req_type == HTTP_REQ_GET ? "GET" :
          hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
@@ -1099,7 +1099,7 @@ send_request (http_t hd, const char *auth,
         }
     }
   }
-  
+
  leave:
   es_free (request);
   xfree (authstr);
@@ -1228,7 +1228,7 @@ store_header (http_t hd, char *line)
   while (*p == ' ' || *p == '\t')
     p++;
   value = p;
-  
+
   for (h=hd->headers; h; h = h->next)
     if ( !strcmp (h->name, line) )
       break;
@@ -1494,9 +1494,9 @@ connect_server (const char *server, unsigned short port,
   if ( inaddr != INADDR_NONE )
     {
       struct sockaddr_in addr;
-      
+
       memset(&addr,0,sizeof(addr));
-      
+
       sock = socket(AF_INET,SOCK_STREAM,0);
       if ( sock==INVALID_SOCKET )
 	{
@@ -1504,9 +1504,9 @@ connect_server (const char *server, unsigned short port,
 	  return -1;
 	}
 
-      addr.sin_family = AF_INET; 
+      addr.sin_family = AF_INET;
       addr.sin_port = htons(port);
-      memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));      
+      memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
 
       if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
 	return sock;
@@ -1575,7 +1575,7 @@ connect_server (const char *server, unsigned short port,
               errno = save_errno;
               return -1;
             }
-          
+
           if (my_connect (sock, ai->ai_addr, ai->ai_addrlen))
             last_errno = errno;
           else
@@ -1608,7 +1608,7 @@ connect_server (const char *server, unsigned short port,
           xfree (serverlist);
           return -1;
         }
-      
+
       addr.sin_family = host->h_addrtype;
       if (addr.sin_family != AF_INET)
 	{
@@ -1675,7 +1675,7 @@ write_server (int sock, const char *data, size_t length)
     {
 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_PTH)
       nwritten = send (sock, data, nleft, 0);
-      if ( nwritten == SOCKET_ERROR ) 
+      if ( nwritten == SOCKET_ERROR )
         {
           log_info ("network write failed: ec=%d\n", (int)WSAGetLastError ());
           return gpg_error (GPG_ERR_NETWORK);
@@ -1739,7 +1739,7 @@ cookie_read (void *cookie, void *buffer, size_t size)
           if (nread == GNUTLS_E_AGAIN)
             {
               struct timeval tv;
-              
+
               tv.tv_sec = 0;
               tv.tv_usec = 50000;
               my_select (0, NULL, NULL, NULL, &tv);
@@ -1762,7 +1762,7 @@ cookie_read (void *cookie, void *buffer, size_t size)
 #elif defined(HAVE_W32_SYSTEM)
           /* Under Windows we need to use recv for a socket.  */
           nread = recv (c->fd, buffer, size, 0);
-#else          
+#else
           nread = read (c->fd, buffer, size);
 #endif
         }
@@ -1774,7 +1774,7 @@ cookie_read (void *cookie, void *buffer, size_t size)
       if (nread < c->content_length)
         c->content_length -= nread;
       else
-        c->content_length = 0;          
+        c->content_length = 0;
     }
 
   return nread;
@@ -1793,7 +1793,7 @@ cookie_write (void *cookie, const void *buffer, size_t size)
       int nleft = size;
       while (nleft > 0)
         {
-          nwritten = gnutls_record_send (c->tls_session, buffer, nleft); 
+          nwritten = gnutls_record_send (c->tls_session, buffer, nleft);
           if (nwritten <= 0)
             {
               if (nwritten == GNUTLS_E_INTERRUPTED)
@@ -1801,7 +1801,7 @@ cookie_write (void *cookie, const void *buffer, size_t size)
               if (nwritten == GNUTLS_E_AGAIN)
                 {
                   struct timeval tv;
-                  
+
                   tv.tv_sec = 0;
                   tv.tv_usec = 50000;
                   my_select (0, NULL, NULL, NULL, &tv);
diff --git a/common/http.h b/common/http.h
index 7eecbc004..50c478c84 100644
--- a/common/http.h
+++ b/common/http.h
@@ -1,7 +1,7 @@
 /* http.h  -  HTTP protocol handler
  * Copyright (C) 1999, 2000, 2001, 2003, 2006,
  *               2010 Free Software Foundation, Inc.
- *     
+ *
  * This file is part of GnuPG.
  *
  * GnuPG is free software; you can redistribute it and/or modify
@@ -18,12 +18,12 @@
  * along with this program; if not, see .
  */
 #ifndef GNUPG_COMMON_HTTP_H
-#define GNUPG_COMMON_HTTP_H 
+#define GNUPG_COMMON_HTTP_H
 
 #include 
 #include "../common/estream.h"
 
-struct uri_tuple_s 
+struct uri_tuple_s
 {
   struct uri_tuple_s *next;
   const char *name;	/* A pointer into name. */
@@ -34,7 +34,7 @@ struct uri_tuple_s
 };
 typedef struct uri_tuple_s *uri_tuple_t;
 
-struct parsed_uri_s 
+struct parsed_uri_s
 {
   /* All these pointers point into BUFFER; most stuff is not escaped. */
   char *scheme;	        /* Pointer to the scheme string (always lowercase). */
@@ -50,17 +50,17 @@ struct parsed_uri_s
 };
 typedef struct parsed_uri_s *parsed_uri_t;
 
-typedef enum 
+typedef enum
   {
     HTTP_REQ_GET  = 1,
     HTTP_REQ_HEAD = 2,
     HTTP_REQ_POST = 3
-  } 
+  }
 http_req_t;
 
 /* We put the flag values into an enum, so that gdb can display them. */
 enum
-  { 
+  {
     HTTP_FLAG_TRY_PROXY = 1,
     HTTP_FLAG_SHUTDOWN = 2,
     HTTP_FLAG_LOG_RESP = 8,
diff --git a/common/i18n.c b/common/i18n.c
index d0d804a32..d8189974d 100644
--- a/common/i18n.c
+++ b/common/i18n.c
@@ -69,7 +69,7 @@ i18n_switchto_utf8 (void)
       if (!bind_textdomain_codeset (PACKAGE_GT, "utf-8"))
         {
 	  xfree (orig_codeset);
-	  orig_codeset = NULL; 
+	  orig_codeset = NULL;
 	}
     }
   return orig_codeset;
diff --git a/common/i18n.h b/common/i18n.h
index abb8bd83e..3b02a6bbd 100644
--- a/common/i18n.h
+++ b/common/i18n.h
@@ -4,7 +4,7 @@
  * This file is free software; as a special exception the author gives
  * unlimited permission to copy and/or distribute it, with or without
  * modifications, as long as this notice is preserved.
- * 
+ *
  * This file is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
  * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
@@ -21,7 +21,7 @@
 # define N_(a) (a)
 #else
 # ifdef HAVE_LOCALE_H
-#  include 	
+#  include 
 # endif
 # ifdef ENABLE_NLS
 #  include 
diff --git a/common/init.c b/common/init.c
index de79a14c4..bcb0cd4ea 100644
--- a/common/init.c
+++ b/common/init.c
@@ -27,7 +27,7 @@
 #ifdef HAVE_W32_SYSTEM
 #include 
 #endif
-#ifdef HAVE_PTH      
+#ifdef HAVE_PTH
 #include 
 #endif
 #ifdef HAVE_W32CE_SYSTEM
@@ -79,7 +79,7 @@ void
 init_common_subsystems (int *argcp, char ***argvp)
 {
   /* Try to auto set the character set.  */
-  set_native_charset (NULL); 
+  set_native_charset (NULL);
 
 #ifdef HAVE_W32_SYSTEM
   /* For W32 we need to initialize the socket layer.  This is because
@@ -92,12 +92,12 @@ init_common_subsystems (int *argcp, char ***argvp)
 # else
   {
     WSADATA wsadat;
-    
+
     WSAStartup (0x202, &wsadat);
   }
 # endif /*!HAVE_PTH*/
 #endif
-  
+
 #ifdef HAVE_W32CE_SYSTEM
   /* Register the sleep exit function before the estream init so that
      the sleep will be called after the estream registered atexit
@@ -173,7 +173,7 @@ parse_std_file_handles (int *argcp, char ***argvp)
       s = *argv;
       if (*s == '-' && s[1] == '&' && s[2] == 'S'
           && (s[3] == '0' || s[3] == '1' || s[3] == '2')
-          && s[4] == '=' 
+          && s[4] == '='
           && (strchr ("-01234567890", s[5]) || !strcmp (s+5, "null")))
         {
           if (s[5] == 'n')
@@ -200,6 +200,6 @@ parse_std_file_handles (int *argcp, char ***argvp)
         argv[i] = NULL;
     }
 
-  
+
 }
 #endif /*HAVE_W32CE_SYSTEM*/
diff --git a/common/iobuf.c b/common/iobuf.c
index 9813d3da6..5f20d6e63 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -45,7 +45,7 @@
 
 /*-- Begin configurable part.  --*/
 
-/* The size of the internal buffers. 
+/* The size of the internal buffers.
    NOTE: If you change this value you MUST also adjust the regression
    test "armored_key_8192" in armor.test! */
 #define IOBUF_BUFFER_SIZE  8192
@@ -71,7 +71,7 @@
 typedef struct
 {
   gnupg_fd_t fp;       /* Open file pointer or handle.  */
-  int keep_open; 
+  int keep_open;
   int no_cache;
   int eof_seen;
   int print_only_name; /* Flags indicating that fname is not a real file.  */
@@ -156,7 +156,7 @@ fd_cache_strcmp (const char *a, const char *b)
 #ifdef HAVE_DOSISH_SYSTEM
   for (; *a && *b; a++, b++)
     {
-      if (*a != *b && !((*a == '/' && *b == '\\') 
+      if (*a != *b && !((*a == '/' && *b == '\\')
                         || (*a == '\\' && *b == '/')) )
         break;
     }
@@ -327,7 +327,7 @@ direct_open (const char *fname, const char *mode)
 
 
 /*
- * Instead of closing an FD we keep it open and cache it for later reuse 
+ * Instead of closing an FD we keep it open and cache it for later reuse
  * Note that this caching strategy only works if the process does not chdir.
  */
 static void
@@ -878,7 +878,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
 		  /*  log_debug("partial: ctx=%p c=%02x size=%u\n", a, c, a->size); */
 		}
 	      else
-		BUG ();	
+		BUG ();
 	    }
 
 	  while (!rc && size && a->size)
@@ -1483,13 +1483,13 @@ int
 iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval)
 {
   if (cmd == IOBUF_IOCTL_KEEP_OPEN)
-    {				
+    {
       /* Keep system filepointer/descriptor open.  This was used in
          the past by http.c; this ioctl is not directly used
          anymore.  */
       if (DBG_IOBUF)
 	log_debug ("iobuf-%d.%d: ioctl `%s' keep_open=%d\n",
-		   a ? a->no : -1, a ? a->subno : -1, 
+		   a ? a->no : -1, a ? a->subno : -1,
                    a && a->desc ? a->desc : "?",
 		   intval);
       for (; a; a = a->chain)
@@ -1524,7 +1524,7 @@ iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval)
     {
       if (DBG_IOBUF)
 	log_debug ("iobuf-%d.%d: ioctl `%s' no_cache=%d\n",
-		   a ? a->no : -1, a ? a->subno : -1, 
+		   a ? a->no : -1, a ? a->subno : -1,
                    a && a->desc? a->desc : "?",
 		   intval);
       for (; a; a = a->chain)
@@ -1640,7 +1640,7 @@ iobuf_push_filter2 (iobuf_t a,
 
   if (DBG_IOBUF)
     {
-      log_debug ("iobuf-%d.%d: push `%s'\n", a->no, a->subno, 
+      log_debug ("iobuf-%d.%d: push `%s'\n", a->no, a->subno,
                  a->desc?a->desc:"?");
       print_chain (a);
     }
@@ -2147,24 +2147,24 @@ iobuf_get_filelength (iobuf_t a, int *overflow)
 
   if (overflow)
     *overflow = 0;
-  
-  if ( a->directfp )  
+
+  if ( a->directfp )
     {
       FILE *fp = a->directfp;
-      
+
       if ( !fstat(fileno(fp), &st) )
         return st.st_size;
       log_error("fstat() failed: %s\n", strerror(errno) );
       return 0;
     }
-  
+
   /* Hmmm: file_filter may have already been removed */
   for ( ; a; a = a->chain )
     if ( !a->chain && a->filter == file_filter )
       {
         file_filter_ctx_t *b = a->filter_ov;
         gnupg_fd_t fp = b->fp;
-        
+
 #if defined(HAVE_W32_SYSTEM)
         ulong size;
         static int (* __stdcall get_file_size_ex) (void *handle,
@@ -2174,7 +2174,7 @@ iobuf_get_filelength (iobuf_t a, int *overflow)
         if (!get_file_size_ex_initialized)
           {
             void *handle;
-            
+
             handle = dlopen ("kernel32.dll", RTLD_LAZY);
             if (handle)
               {
@@ -2184,21 +2184,21 @@ iobuf_get_filelength (iobuf_t a, int *overflow)
               }
             get_file_size_ex_initialized = 1;
           }
-        
+
         if (get_file_size_ex)
           {
             /* This is a newer system with GetFileSizeEx; we use this
                then because it seem that GetFileSize won't return a
                proper error in case a file is larger than 4GB. */
             LARGE_INTEGER exsize;
-            
+
             if (get_file_size_ex (fp, &exsize))
               {
                 if (!exsize.u.HighPart)
                   return exsize.u.LowPart;
                 if (overflow)
                   *overflow = 1;
-                return 0; 
+                return 0;
               }
           }
         else
@@ -2215,14 +2215,14 @@ iobuf_get_filelength (iobuf_t a, int *overflow)
 #endif
         break/*the for loop*/;
       }
-  
+
     return 0;
 }
 
 
 /* Return the file descriptor of the underlying file or -1 if it is
    not available.  */
-int 
+int
 iobuf_get_fd (iobuf_t a)
 {
   if (a->directfp)
@@ -2501,7 +2501,7 @@ translate_file_handle (int fd, int for_write)
 #elif defined(HAVE_W32_SYSTEM)
   {
     int x;
-    
+
     (void)for_write;
 
     if (fd == 0)
@@ -2533,13 +2533,13 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
     {
       for (;;)
         {
-          if (a->nofast || a->d.start >= a->d.len) 
+          if (a->nofast || a->d.start >= a->d.len)
             {
               if (iobuf_readbyte (a) == -1)
                 {
                   break;
                 }
-	    } 
+	    }
           else
             {
               unsigned long count = a->d.len - a->d.start;
@@ -2547,11 +2547,11 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
               a->d.start = a->d.len;
 	    }
 	}
-    } 
+    }
   else
     {
       unsigned long remaining = n;
-      while (remaining > 0) 
+      while (remaining > 0)
         {
           if (a->nofast || a->d.start >= a->d.len)
             {
@@ -2560,11 +2560,11 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
                   break;
 		}
               --remaining;
-	    } 
-          else 
+	    }
+          else
             {
               unsigned long count = a->d.len - a->d.start;
-              if (count > remaining) 
+              if (count > remaining)
                 {
                   count = remaining;
 		}
diff --git a/common/iobuf.h b/common/iobuf.h
index 3ac4fa061..3a189c47d 100644
--- a/common/iobuf.h
+++ b/common/iobuf.h
@@ -38,7 +38,7 @@
 
 
 /* Command codes for iobuf_ioctl.  */
-typedef enum 
+typedef enum
   {
     IOBUF_IOCTL_KEEP_OPEN        = 1, /* Uses intval.  */
     IOBUF_IOCTL_INVALIDATE_CACHE = 2, /* Uses ptrval.  */
diff --git a/common/localename.c b/common/localename.c
index 8f7774880..82fe51754 100644
--- a/common/localename.c
+++ b/common/localename.c
@@ -1,5 +1,5 @@
 /* localename.c - Determine the current selected locale.
-   Copyright (C) 1995-1999, 2000-2003, 2007, 
+   Copyright (C) 1995-1999, 2000-2003, 2007,
                  2008 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or
@@ -17,7 +17,7 @@
 */
 /* Written by Ulrich Drepper , 1995.  */
 /* Win32 code written by Tor Lillqvist .  */
-/* Modified for GpgOL use by Werner Koch , 2005.  */ 
+/* Modified for GpgOL use by Werner Koch , 2005.  */
 /* Modified for GnuPG use by Werner Koch , 2007 */
 
 #ifdef HAVE_CONFIG_H
@@ -68,7 +68,7 @@ do_nl_locale_name (int category, const char *categoryname)
 # if defined HAVE_SETLOCALE && defined HAVE_LC_MESSAGES && defined HAVE_LOCALE_NULL
   (void)categoryname;
   retval = setlocale (category, NULL);
-# else 
+# else
   /* Setting of LC_ALL overwrites all other.  */
   retval = getenv ("LC_ALL");
   if (retval == NULL || retval[0] == '\0')
@@ -114,4 +114,3 @@ gnupg_messages_locale_name (void)
 
   return s;
 }
-
diff --git a/common/logging.c b/common/logging.c
index a32514502..94e7fbae1 100644
--- a/common/logging.c
+++ b/common/logging.c
@@ -1,5 +1,5 @@
 /* logging.c - Useful logging functions
- * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
  *               2009, 2010 Free Software Foundation, Inc.
  *
  * This file is part of JNLIB.
@@ -134,7 +134,7 @@ writen (int fd, const void *buffer, size_t nbytes, int is_socket)
 #ifndef HAVE_W32_SYSTEM
   (void)is_socket; /* Not required.  */
 #endif
-  
+
   while (nleft > 0)
     {
 #ifdef HAVE_W32_SYSTEM
@@ -151,14 +151,14 @@ writen (int fd, const void *buffer, size_t nbytes, int is_socket)
       nleft -= nwritten;
       buf = buf + nwritten;
     }
-  
+
   return 0;
 }
 
 
 /* Returns true if STR represents a valid port number in decimal
    notation and no garbage is following.  */
-static int 
+static int
 parse_portno (const char *str, unsigned short *r_port)
 {
   unsigned int value;
@@ -177,7 +177,7 @@ parse_portno (const char *str, unsigned short *r_port)
 }
 
 
-static ssize_t 
+static ssize_t
 fun_writer (void *cookie_arg, const void *buffer, size_t size)
 {
   struct fun_cookie_s *cookie = cookie_arg;
@@ -222,7 +222,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
       else if (!strncmp (name, "socket://", 9) && name[9])
         name += 9;
 #endif
-      
+
       if (af == AF_LOCAL)
         {
 #ifdef HAVE_W32_SYSTEM
@@ -255,7 +255,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
                   jnlib_set_errno (EINVAL);
                   addrlen = 0;
                 }
-              else 
+              else
                 {
                   *p = 0;
 #ifdef WITH_IPV6
@@ -310,7 +310,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
                 addrlen = 0;
 #endif /*!HAVE_INET_PTON*/
             }
-      
+
           jnlib_free (addrstr);
         }
 
@@ -334,7 +334,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
               cookie->fd = -1;
             }
         }
-      
+
       if (cookie->fd == -1)
         {
           if (!running_detached)
@@ -357,21 +357,21 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
           cookie->is_socket = 1;
         }
     }
-  
+
   log_socket = cookie->fd;
   if (cookie->fd != -1)
-    { 
+    {
 #ifdef HAVE_W32CE_SYSTEM
       if (cookie->use_writefile)
         {
           DWORD nwritten;
-          
+
           WriteFile ((HANDLE)cookie->fd, buffer, size, &nwritten, NULL);
           return (ssize_t)size; /* Okay.  */
         }
 #endif
       if (!writen (cookie->fd, buffer, size, cookie->is_socket))
-        return (ssize_t)size; /* Okay. */ 
+        return (ssize_t)size; /* Okay. */
     }
 
   if (!running_detached && cookie->fd != -1
@@ -390,7 +390,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
       cookie->fd = -1;
       log_socket = -1;
     }
-  
+
   return (ssize_t)size;
 }
 
@@ -411,7 +411,7 @@ fun_closer (void *cookie_arg)
 /* Common function to either set the logging to a file or a file
    descriptor. */
 static void
-set_file_fd (const char *name, int fd) 
+set_file_fd (const char *name, int fd)
 {
   estream_t fp;
   int want_socket;
@@ -489,7 +489,7 @@ set_file_fd (const char *name, int fd)
     es_cookie_io_functions_t io = { NULL };
     io.func_write = fun_writer;
     io.func_close = fun_closer;
-    
+
     fp = es_fopencookie (cookie, "w", io);
   }
 
@@ -498,7 +498,7 @@ set_file_fd (const char *name, int fd)
     fp = es_stderr;
 
   es_setvbuf (fp, NULL, _IOLBF, 0);
-  
+
   logstream = fp;
 
   /* We always need to print the prefix and the pid for socket mode,
@@ -518,7 +518,7 @@ set_file_fd (const char *name, int fd)
    tries the next time again to connect the socket.
   */
 void
-log_set_file (const char *name) 
+log_set_file (const char *name)
 {
   set_file_fd (name? name: "-", -1);
 }
@@ -545,7 +545,7 @@ log_set_prefix (const char *text, unsigned int flags)
       strncpy (prefix_buffer, text, sizeof (prefix_buffer)-1);
       prefix_buffer[sizeof (prefix_buffer)-1] = 0;
     }
-  
+
   with_prefix = (flags & JNLIB_LOG_WITH_PREFIX);
   with_time = (flags & JNLIB_LOG_WITH_TIME);
   with_pid  = (flags & JNLIB_LOG_WITH_PID);
@@ -635,7 +635,7 @@ do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
         {
           struct tm *tp;
           time_t atime = time (NULL);
-          
+
           tp = localtime (&atime);
           es_fprintf_unlocked (logstream, "%04d-%02d-%02d %02d:%02d:%02d ",
                                1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
@@ -674,7 +674,7 @@ do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
     case JNLIB_LOG_FATAL: es_fputs_unlocked ("Fatal: ",logstream ); break;
     case JNLIB_LOG_BUG:   es_fputs_unlocked ("Ohhhh jeeee: ", logstream); break;
     case JNLIB_LOG_DEBUG: es_fputs_unlocked ("DBG: ", logstream ); break;
-    default: 
+    default:
       es_fprintf_unlocked (logstream,"[Unknown log level %d]: ", level);
       break;
     }
@@ -712,7 +712,7 @@ void
 log_log (int level, const char *fmt, ...)
 {
   va_list arg_ptr ;
-  
+
   va_start (arg_ptr, fmt) ;
   do_logv (level, 0, fmt, arg_ptr);
   va_end (arg_ptr);
@@ -750,7 +750,7 @@ void
 log_info (const char *fmt, ...)
 {
   va_list arg_ptr ;
-  
+
   va_start (arg_ptr, fmt);
   do_logv (JNLIB_LOG_INFO, 0, fmt, arg_ptr);
   va_end (arg_ptr);
@@ -761,7 +761,7 @@ void
 log_error (const char *fmt, ...)
 {
   va_list arg_ptr ;
-  
+
   va_start (arg_ptr, fmt);
   do_logv (JNLIB_LOG_ERROR, 0, fmt, arg_ptr);
   va_end (arg_ptr);
@@ -775,7 +775,7 @@ void
 log_fatal (const char *fmt, ...)
 {
   va_list arg_ptr ;
-  
+
   va_start (arg_ptr, fmt);
   do_logv (JNLIB_LOG_FATAL, 0, fmt, arg_ptr);
   va_end (arg_ptr);
@@ -799,7 +799,7 @@ void
 log_debug (const char *fmt, ...)
 {
   va_list arg_ptr ;
-  
+
   va_start (arg_ptr, fmt);
   do_logv (JNLIB_LOG_DEBUG, 0, fmt, arg_ptr);
   va_end (arg_ptr);
@@ -810,7 +810,7 @@ void
 log_printf (const char *fmt, ...)
 {
   va_list arg_ptr;
-  
+
   va_start (arg_ptr, fmt);
   do_logv (fmt ? JNLIB_LOG_CONT : JNLIB_LOG_BEGIN, 0, fmt, arg_ptr);
   va_end (arg_ptr);
@@ -861,4 +861,3 @@ bug_at( const char *file, int line )
   abort (); /* Never called; just to make the compiler happy.  */
 }
 #endif
-
diff --git a/common/logging.h b/common/logging.h
index 9493841ae..fa5d4cfd7 100644
--- a/common/logging.h
+++ b/common/logging.h
@@ -87,8 +87,3 @@ void log_printhex (const char *text, const void *buffer, size_t length);
 
 
 #endif /*LIBJNLIB_LOGGING_H*/
-
-
-
-
-
diff --git a/common/membuf.c b/common/membuf.c
index 8648044a7..d1ddbb9e6 100644
--- a/common/membuf.c
+++ b/common/membuf.c
@@ -85,7 +85,7 @@ put_membuf (membuf_t *mb, const void *buf, size_t len)
   if (mb->len + len >= mb->size)
     {
       char *p;
-      
+
       mb->size += len + 1024;
       p = xtryrealloc (mb->buf, mb->size);
       if (!p)
@@ -94,7 +94,7 @@ put_membuf (membuf_t *mb, const void *buf, size_t len)
           /* Wipe out what we already accumulated.  This is required
              in case we are storing sensitive data here.  The membuf
              API does not provide another way to cleanup after an
-             error. */ 
+             error. */
           wipememory (mb->buf, mb->len);
           return;
         }
@@ -158,4 +158,3 @@ peek_membuf (membuf_t *mb, size_t *len)
     *len = mb->len;
   return p;
 }
-
diff --git a/common/membuf.h b/common/membuf.h
index 9f1a7a33b..f99b4dcfb 100644
--- a/common/membuf.h
+++ b/common/membuf.h
@@ -22,12 +22,12 @@
 
 /* The definition of the structure is private, we only need it here,
    so it can be allocated on the stack. */
-struct private_membuf_s 
+struct private_membuf_s
 {
-  size_t len;      
-  size_t size;     
-  char *buf;       
-  int out_of_core; 
+  size_t len;
+  size_t size;
+  char *buf;
+  int out_of_core;
 };
 
 typedef struct private_membuf_s membuf_t;
diff --git a/common/miscellaneous.c b/common/miscellaneous.c
index 0ff7d98d7..1bab1515e 100644
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@@ -31,7 +31,7 @@ static void
 my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
 {
   (void)dummy;
-  
+
   /* Map the log levels.  */
   switch (level)
     {
@@ -42,7 +42,7 @@ my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
     case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
     case GCRY_LOG_BUG:  level = JNLIB_LOG_BUG; break;
     case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
-    default:            level = JNLIB_LOG_ERROR; break;  
+    default:            level = JNLIB_LOG_ERROR; break;
     }
   log_logv (level, fmt, arg_ptr);
 }
@@ -102,7 +102,7 @@ setup_libgcrypt_logging (void)
    and "AES256".  We can't fix that in libgcrypt but it is pretty
    safe to do it in an application. */
 const char *
-gnupg_cipher_algo_name (int algo) 
+gnupg_cipher_algo_name (int algo)
 {
   const char *s;
 
@@ -139,7 +139,7 @@ void
 print_utf8_buffer2 (estream_t stream, const void *p, size_t n, int delim)
 {
   char tmp[2];
-  
+
   tmp[0] = delim;
   tmp[1] = 0;
   es_write_sanitized_utf8_buffer (stream, p, n, tmp, NULL);
@@ -197,7 +197,7 @@ is_file_compressed (const char *s, int *ret_rc)
         { 3, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
         { 4, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
     };
-    
+
     if ( iobuf_is_pipe_filename (s) || !ret_rc )
         return 0; /* We can't check stdin or no file was given */
 
@@ -225,7 +225,7 @@ is_file_compressed (const char *s, int *ret_rc)
         }
     }
 
-leave:    
+leave:
     iobuf_close( a );
     return rc;
 }
@@ -262,7 +262,7 @@ static const char*
 parse_version_number (const char *s, int *number)
 {
   int val = 0;
-  
+
   if (*s == '0' && digitp (s+1))
     return NULL; /* Leading zeros are not allowed.  */
   for (; digitp (s); s++ )
@@ -330,4 +330,3 @@ gnupg_compare_version (const char *a, const char *b)
               && a_micro == b_micro
               && strcmp (a_plvl, b_plvl) >= 0));
 }
-
diff --git a/common/mischelp.c b/common/mischelp.c
index 5c8f1cfab..57688d767 100644
--- a/common/mischelp.c
+++ b/common/mischelp.c
@@ -53,13 +53,13 @@ int
 same_file_p (const char *name1, const char *name2)
 {
   int yes;
-      
+
   /* First try a shortcut.  */
   if (!compare_filenames (name1, name2))
     yes = 1;
   else
     {
-#ifdef HAVE_W32_SYSTEM  
+#ifdef HAVE_W32_SYSTEM
       HANDLE file1, file2;
       BY_HANDLE_FILE_INFORMATION info1, info2;
 
@@ -72,7 +72,7 @@ same_file_p (const char *name1, const char *name2)
           file1 = INVALID_HANDLE_VALUE;
         jnlib_free (wname);
       }
-#else      
+#else
       file1 = CreateFile (name1, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
 #endif
       if (file1 == INVALID_HANDLE_VALUE)
@@ -106,7 +106,7 @@ same_file_p (const char *name1, const char *name2)
         }
 #else /*!HAVE_W32_SYSTEM*/
       struct stat info1, info2;
-      
+
       yes = (!stat (name1, &info1) && !stat (name2, &info2)
              && info1.st_dev == info2.st_dev && info1.st_ino == info2.st_ino);
 #endif /*!HAVE_W32_SYSTEM*/
@@ -180,7 +180,7 @@ timegm (struct tm *tm)
             }
 	}
       if (old_zone)
-        putenv (old_zone);	
+        putenv (old_zone);
     }
   else
     gnupg_unsetenv("TZ");
@@ -190,4 +190,3 @@ timegm (struct tm *tm)
 #endif
 }
 #endif /*!HAVE_TIMEGM*/
-
diff --git a/common/mkerrors b/common/mkerrors
index 48c6b896a..138d3c1d1 100755
--- a/common/mkerrors
+++ b/common/mkerrors
@@ -28,12 +28,12 @@ cat < PACKETSZ)
     return NULL; /* DNS resolver returned a too long answer */
-  
+
   qdcount = ntohs (header.qdcount);
   ancount = ntohs (header.ancount);
   nscount = ntohs (header.nscount);
@@ -226,7 +226,7 @@ get_pka_info (const char *address, unsigned char *fpr)
       rc = dn_skipname (p, pend);
       if (rc == -1)
         return NULL;
-      p += rc + QFIXEDSZ; 
+      p += rc + QFIXEDSZ;
     }
 
   if (ancount > 1)
diff --git a/common/session-env.c b/common/session-env.c
index d719a7b87..7f4ca5eea 100644
--- a/common/session-env.c
+++ b/common/session-env.c
@@ -49,8 +49,8 @@ struct session_environment_s
 /* A list of environment vribales we pass from the acual user
   (e.g. gpgme) down to the pinentry.  We do not handle the locale
   settings because they do not only depend on envvars.  */
-static struct 
-{ 
+static struct
+{
   const char *name;
   const char *assname;  /* Name used by Assuan or NULL.  */
 } stdenvnames[] = {
@@ -64,7 +64,7 @@ static struct
                                     modules (eg "scim-bridge").  */
   { "QT_IM_MODULE" },            /* Used by Qt to select qt input
                                       modules (eg "xim").  */
-  { "PINENTRY_USER_DATA", "pinentry-user-data"} 
+  { "PINENTRY_USER_DATA", "pinentry-user-data"}
                                  /* Used for communication with
                                     non-standard Pinentries.  */
 };
@@ -109,7 +109,7 @@ session_env_new (void)
   se = xtrycalloc (1, sizeof *se);
   if (se)
     {
-      se->arraysize = (lastallocatedarraysize? 
+      se->arraysize = (lastallocatedarraysize?
                        lastallocatedarraysize : INITIAL_ARRAYSIZE);
       se->array = xtrycalloc (se->arraysize, sizeof *se->array);
       if (!se->array)
@@ -132,7 +132,7 @@ session_env_release (session_env_t se)
   if (!se)
     return;
 
-  if (se->arraysize > INITIAL_ARRAYSIZE 
+  if (se->arraysize > INITIAL_ARRAYSIZE
       && se->arraysize <= MAXDEFAULT_ARRAYSIZE
       && se->arraysize > lastallocatedarraysize)
     lastallocatedarraysize = se->arraysize;
@@ -249,7 +249,7 @@ gpg_error_t
 session_env_putenv (session_env_t se, const char *string)
 {
   const char *s;
-  
+
   if (!string || !*string)
     return gpg_error (GPG_ERR_INV_VALUE);
   s = strchr (string, '=');
@@ -325,7 +325,7 @@ session_env_getenv_or_default (session_env_t se, const char *name,
           *r_default = 1;
         return se->array[idx]->value;
       }
-  
+
   /* Get the default value with an additional fallback for GPG_TTY.  */
   defvalue = getenv (name);
   if ((!defvalue || !*defvalue) && !strcmp (name, "GPG_TTY") && ttyname (0))
@@ -339,7 +339,7 @@ session_env_getenv_or_default (session_env_t se, const char *name,
          explicit error anyway and the following scan would then fail
          anyway. */
       update_var (se, name, strlen (name), defvalue, 1);
-      
+
       for (idx=0; idx < se->arrayused; idx++)
         if (se->array[idx] && !strcmp (se->array[idx]->name, name))
           {
@@ -359,7 +359,7 @@ session_env_getenv_or_default (session_env_t se, const char *name,
    R_DEFAULT is not NULL, the default flag is stored on return.  The
    default flag indicates that the value has been taken from the
    process' environment.  The caller must not change the returned
-   name or value.  */ 
+   name or value.  */
 char *
 session_env_listenv (session_env_t se, int *iterator,
                      const char **r_value, int *r_default)
@@ -381,5 +381,3 @@ session_env_listenv (session_env_t se, int *iterator,
       }
   return NULL;
 }
-
-
diff --git a/common/session-env.h b/common/session-env.h
index 031fe1d7c..79245ba4e 100644
--- a/common/session-env.h
+++ b/common/session-env.h
@@ -23,20 +23,20 @@
 struct session_environment_s;
 typedef struct session_environment_s *session_env_t;
 
-const char *session_env_list_stdenvnames (int *iterator, 
+const char *session_env_list_stdenvnames (int *iterator,
                                           const char **r_assname);
 
 session_env_t session_env_new (void);
 void session_env_release (session_env_t se);
 
 gpg_error_t session_env_putenv (session_env_t se, const char *string);
-gpg_error_t session_env_setenv (session_env_t se, 
+gpg_error_t session_env_setenv (session_env_t se,
                                 const char *name, const char *value);
 
 char *session_env_getenv (session_env_t se, const char *name);
 char *session_env_getenv_or_default (session_env_t se, const char *name,
                                      int *r_default);
-char *session_env_listenv (session_env_t se, int *iterator, 
+char *session_env_listenv (session_env_t se, int *iterator,
                            const char **r_value, int *r_default);
 
 
diff --git a/common/sexp-parse.h b/common/sexp-parse.h
index 5ec7c7f71..008c2d221 100644
--- a/common/sexp-parse.h
+++ b/common/sexp-parse.h
@@ -51,7 +51,7 @@ sskip (unsigned char const **buf, int *depth)
   const unsigned char *s = *buf;
   size_t n;
   int d = *depth;
-  
+
   while (d > 0)
     {
       if (*s == '(')
@@ -70,7 +70,7 @@ sskip (unsigned char const **buf, int *depth)
             return gpg_error (GPG_ERR_INV_SEXP);
           n = snext (&s);
           if (!n)
-            return gpg_error (GPG_ERR_INV_SEXP); 
+            return gpg_error (GPG_ERR_INV_SEXP);
           s += n;
         }
     }
@@ -123,6 +123,6 @@ smklen (char *help_buffer, size_t help_buflen, size_t value, size_t *length)
     *length = (help_buffer + help_buflen) - p;
   return p;
 }
-    
+
 
 #endif /*SEXP_PARSE_H*/
diff --git a/common/sexputil.c b/common/sexputil.c
index 1e9c766e9..87f984ff4 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -52,7 +52,7 @@ make_canon_sexp (gcry_sexp_t sexp, unsigned char **r_buffer, size_t *r_buflen)
   *r_buffer = NULL;
   if (r_buflen)
     *r_buflen = 0;;
-  
+
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
   if (!len)
     return gpg_error (GPG_ERR_BUG);
@@ -83,7 +83,7 @@ make_canon_sexp_pad (gcry_sexp_t sexp, int secure,
   *r_buffer = NULL;
   if (r_buflen)
     *r_buflen = 0;;
-  
+
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
   if (!len)
     return gpg_error (GPG_ERR_BUG);
@@ -189,7 +189,7 @@ make_simple_sexp_from_hexstr (const char *line, size_t *nscanned)
     *nscanned = n;
   if (!n)
     return NULL;
-  len = ((n+1) & ~0x01)/2; 
+  len = ((n+1) & ~0x01)/2;
   numbufp = smklen (numbuf, sizeof numbuf, len, &numbuflen);
   buf = xtrymalloc (1 + numbuflen + len + 1 + 1);
   if (!buf)
@@ -252,7 +252,7 @@ hash_algo_from_sigval (const unsigned char *sigval)
     return 0; /* Algorithm string is missing or too long.  */
   memcpy (buffer, s, n);
   buffer[n] = 0;
-  
+
   return gcry_md_map_name (buffer);
 }
 
@@ -283,7 +283,7 @@ make_canon_sexp_from_rsa_pk (const void *m_arg, size_t mlen,
     ;
   for (; elen && !*e; elen--, e++)
     ;
-      
+
   /* Insert a leading zero if the number would be zero or interpreted
      as negative.  */
   if (!mlen || (m[0] & 0x80))
@@ -300,7 +300,7 @@ make_canon_sexp_from_rsa_pk (const void *m_arg, size_t mlen,
                        + strlen (part3) + 1);
   if (!keybuf)
     return NULL;
-  
+
   p = stpcpy (keybuf, part1);
   p = stpcpy (p, mlen_str);
   if (m_extra)
@@ -314,7 +314,7 @@ make_canon_sexp_from_rsa_pk (const void *m_arg, size_t mlen,
   memcpy (p, e, elen);
   p += elen;
   p = stpcpy (p, part3);
- 
+
   if (r_len)
     *r_len = p - keybuf;
 
@@ -373,8 +373,8 @@ get_rsa_pk_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
 
           switch (*tok)
             {
-            case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break; 
-            case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break; 
+            case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
+            case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
             default:  mpi = NULL;   mpi_len = NULL; break;
             }
           if (mpi && *mpi)
@@ -425,7 +425,7 @@ get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
   const unsigned char *buf, *tok;
   size_t buflen, toklen;
   int depth;
-    
+
   *r_algo = 0;
 
   buf = keydata;
diff --git a/common/signal.c b/common/signal.c
index ee55f1917..9f11b9922 100644
--- a/common/signal.c
+++ b/common/signal.c
@@ -45,7 +45,7 @@ init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
 {
 # ifdef HAVE_SIGACTION
   struct sigaction oact, nact;
-  
+
   if (check_ign)
     {
       /* we don't want to change an IGN handler */
@@ -58,11 +58,11 @@ init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
   sigemptyset (&nact.sa_mask);
   nact.sa_flags = 0;
   sigaction ( sig, &nact, NULL);
-# else 
+# else
   RETSIGTYPE (*ohandler)(int);
-  
+
   ohandler = signal (sig, handler);
-  if (check_ign && ohandler == SIG_IGN) 
+  if (check_ign && ohandler == SIG_IGN)
     {
       /* Change it back if it was already set to IGN */
       signal (sig, SIG_IGN);
@@ -96,7 +96,7 @@ got_fatal_signal (int sig)
   if (caught_fatal_sig)
     raise (sig);
   caught_fatal_sig = 1;
-  
+
   if (cleanup_fnc)
     cleanup_fnc ();
   /* Better don't translate these messages. */
@@ -118,7 +118,7 @@ got_fatal_signal (int sig)
          this is a bug in that system, we will protect against it.  */
       if (sig < 0 || sig >= 100000)
         res = write (2, "?", 1);
-      else 
+      else
         {
           int i, value, any=0;
 
@@ -135,7 +135,7 @@ got_fatal_signal (int sig)
         }
     }
   res = write (2, " caught ... exiting\n", 20);
-  
+
   /* Reset action to default action and raise signal again */
   init_one_signal (sig, SIG_DFL, 0);
   /* Fixme: remove_lockfiles ();*/
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index fd48b6f5a..2d2bfa21f 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -99,7 +99,7 @@ writen (int fd, const void *buf, size_t nbytes)
 {
   size_t nleft = nbytes;
   int nwritten;
-  
+
   while (nleft > 0)
     {
 #ifdef HAVE_W32_SYSTEM
@@ -121,7 +121,7 @@ writen (int fd, const void *buf, size_t nbytes)
       nleft -= nwritten;
       buf = (const char*)buf + nwritten;
     }
-    
+
   return 0;
 }
 
@@ -155,7 +155,7 @@ readline (int fd, char *buf, size_t buflen)
       nleft -= n;
       buf += n;
       nread += n;
-      
+
       for (; n && *p != '\n'; n--, p++)
         ;
       if (n)
@@ -166,7 +166,7 @@ readline (int fd, char *buf, size_t buflen)
         }
     }
 
-  return nread; 
+  return nread;
 }
 
 
@@ -177,8 +177,8 @@ agent_send_option (int fd, const char *name, const char *value)
   char buf[200];
   int nread;
   char *line;
-  int i; 
-  
+  int i;
+
   line = spwq_malloc (7 + strlen (name) + 1 + strlen (value) + 2);
   if (!line)
     return SPWQ_OUT_OF_CORE;
@@ -188,15 +188,15 @@ agent_send_option (int fd, const char *name, const char *value)
   spwq_free (line);
   if (i)
     return i;
-  
+
   /* get response */
   nread = readline (fd, buf, DIM(buf)-1);
   if (nread < 0)
     return -nread;
   if (nread < 3)
     return SPWQ_PROTOCOL_ERROR;
-  
-  if (buf[0] == 'O' && buf[1] == 'K' && (buf[2] == ' ' || buf[2] == '\n')) 
+
+  if (buf[0] == 'O' && buf[1] == 'K' && (buf[2] == ' ' || buf[2] == '\n'))
     return 0; /* okay */
 
   return SPWQ_ERR_RESPONSE;
@@ -204,7 +204,7 @@ agent_send_option (int fd, const char *name, const char *value)
 
 
 /* Send all available options to the agent. */
-static int 
+static int
 agent_send_all_options (int fd)
 {
   char *dft_display = NULL;
@@ -239,7 +239,7 @@ agent_send_all_options (int fd)
         return rc;
     }
 
-#if defined(HAVE_SETLOCALE) 
+#if defined(HAVE_SETLOCALE)
   {
     char *old_lc = NULL;
     char *dft_lc = NULL;
@@ -330,9 +330,9 @@ agent_open (int *rfd)
 
   *rfd = -1;
   infostr = getenv ( "GPG_AGENT_INFO" );
-  if ( !infostr || !*infostr ) 
+  if ( !infostr || !*infostr )
     infostr = default_gpg_agent_info;
-  if ( !infostr || !*infostr ) 
+  if ( !infostr || !*infostr )
     {
 #ifdef SPWQ_USE_LOGGING
       log_error (_("gpg-agent is not available in this session\n"));
@@ -346,7 +346,7 @@ agent_open (int *rfd)
   infostr = p;
 
   if ( !(p = strchr ( infostr, PATHSEP_C)) || p == infostr
-       || (p-infostr)+1 >= sizeof client_addr.sun_path ) 
+       || (p-infostr)+1 >= sizeof client_addr.sun_path )
     {
 #ifdef SPWQ_USE_LOGGING
       log_error ( _("malformed GPG_AGENT_INFO environment variable\n"));
@@ -366,25 +366,25 @@ agent_open (int *rfd)
       return SPWQ_PROTOCOL_ERROR;
     }
 
-#ifdef HAVE_W32_SYSTEM       
+#ifdef HAVE_W32_SYSTEM
   fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
 #else
   fd = socket (AF_UNIX, SOCK_STREAM, 0);
 #endif
-  if (fd == -1) 
+  if (fd == -1)
     {
 #ifdef SPWQ_USE_LOGGING
       log_error ("can't create socket: %s\n", strerror(errno) );
 #endif
       return SPWQ_SYS_ERROR;
     }
-    
+
   memset (&client_addr, 0, sizeof client_addr);
   client_addr.sun_family = AF_UNIX;
   strcpy (client_addr.sun_path, infostr);
   len = SUN_LEN (&client_addr);
-    
-#ifdef HAVE_W32_SYSTEM       
+
+#ifdef HAVE_W32_SYSTEM
   rc = _w32_sock_connect (fd, (struct sockaddr*)&client_addr, len );
 #else
   rc = connect (fd, (struct sockaddr*)&client_addr, len );
@@ -400,7 +400,7 @@ agent_open (int *rfd)
 
   nread = readline (fd, line, DIM(line));
   if (nread < 3 || !(line[0] == 'O' && line[1] == 'K'
-                     && (line[2] == '\n' || line[2] == ' ')) ) 
+                     && (line[2] == '\n' || line[2] == ' ')) )
     {
 #ifdef SPWQ_USE_LOGGING
       log_error ( _("communication problem with gpg-agent\n"));
@@ -434,7 +434,7 @@ copy_and_escape (char *buffer, const char *text)
   int i;
   const unsigned char *s = (unsigned char *)text;
   char *p = buffer;
-  
+
 
   for (i=0; s[i]; i++)
     {
@@ -453,7 +453,7 @@ copy_and_escape (char *buffer, const char *text)
 
 
 /* Set the name of the default socket to NAME.  */
-int 
+int
 simple_pw_set_socket (const char *name)
 {
   spwq_free (default_gpg_agent_info);
@@ -482,7 +482,7 @@ simple_pw_set_socket (const char *name)
    errorcode; this error code might be 0 if the user canceled the
    operation.  The function returns NULL to indicate an error.  */
 char *
-simple_pwquery (const char *cacheid, 
+simple_pwquery (const char *cacheid,
                 const char *tryagain,
                 const char *prompt,
                 const char *description,
@@ -494,7 +494,7 @@ simple_pwquery (const char *cacheid,
   char *result = NULL;
   char *pw = NULL;
   char *p;
-  int rc, i; 
+  int rc, i;
 
   rc = agent_open (&fd);
   if (rc)
@@ -555,11 +555,11 @@ simple_pwquery (const char *cacheid,
       rc = SPWQ_PROTOCOL_ERROR;
       goto leave;
     }
-      
-  if (pw[0] == 'O' && pw[1] == 'K' && pw[2] == ' ') 
+
+  if (pw[0] == 'O' && pw[1] == 'K' && pw[2] == ' ')
     { /* we got a passphrase - convert it back from hex */
       size_t pwlen = 0;
-      
+
       for (i=3; i < nread && hexdigitp (pw+i); i+=2)
         pw[pwlen++] = xtoi_2 (pw+i);
       pw[pwlen] = 0; /* make a C String */
@@ -569,7 +569,7 @@ simple_pwquery (const char *cacheid,
   else if ((nread > 7 && !memcmp (pw, "ERR 111", 7)
             && (pw[7] == ' ' || pw[7] == '\n') )
            || ((nread > 4 && !memcmp (pw, "ERR ", 4)
-                && (strtoul (pw+4, NULL, 0) & 0xffff) == 99)) ) 
+                && (strtoul (pw+4, NULL, 0) & 0xffff) == 99)) )
     {
       /* 111 is the old Assuan code for canceled which might still
          be in use by old installations. 99 is GPG_ERR_CANCELED as
@@ -588,14 +588,14 @@ simple_pwquery (const char *cacheid,
         default: rc = SPWQ_GENERAL_ERROR; break;
         }
     }
-  else 
+  else
     {
 #ifdef SPWQ_USE_LOGGING
       log_error (_("problem with the agent\n"));
 #endif
       rc = SPWQ_ERR_RESPONSE;
     }
-        
+
  leave:
   if (errorcode)
     *errorcode = rc;
@@ -659,13 +659,13 @@ simple_query (const char *query)
       rc = SPWQ_PROTOCOL_ERROR;
       goto leave;
     }
-  
-  if (response[0] == 'O' && response[1] == 'K') 
+
+  if (response[0] == 'O' && response[1] == 'K')
     /* OK, do nothing.  */;
   else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
             && (response[7] == ' ' || response[7] == '\n') )
            || ((nread > 4 && !memcmp (response, "ERR ", 4)
-                && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) ) 
+                && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
     {
       /* 111 is the old Assuan code for canceled which might still
          be in use by old installations. 99 is GPG_ERR_CANCELED as
@@ -675,14 +675,14 @@ simple_query (const char *query)
       log_info (_("canceled by user\n") );
 #endif
     }
-  else 
+  else
     {
 #ifdef SPWQ_USE_LOGGING
       log_error (_("problem with the agent\n"));
 #endif
       rc = SPWQ_ERR_RESPONSE;
     }
-        
+
  leave:
   if (fd != -1)
     close (fd);
diff --git a/common/simple-pwquery.h b/common/simple-pwquery.h
index edd834ef4..04ae1f04e 100644
--- a/common/simple-pwquery.h
+++ b/common/simple-pwquery.h
@@ -50,7 +50,7 @@
    If ERRORCODE is not NULL it should point a variable receiving an
    errorcode; this errocode might be 0 if the user canceled the
    operation.  The function returns NULL to indicate an error. */
-char *simple_pwquery (const char *cacheid, 
+char *simple_pwquery (const char *cacheid,
                       const char *tryagain,
                       const char *prompt,
                       const char *description,
@@ -71,7 +71,7 @@ int simple_pw_set_socket (const char *name);
 
 #define SPWQ_OUT_OF_CORE 1
 #define SPWQ_IO_ERROR 2
-#define SPWQ_PROTOCOL_ERROR 3 
+#define SPWQ_PROTOCOL_ERROR 3
 #define SPWQ_ERR_RESPONSE 4
 #define SPWQ_NO_AGENT 5
 #define SPWQ_SYS_ERROR 6
@@ -108,8 +108,8 @@ int simple_pw_set_socket (const char *name);
            default:                                         \
              return gpg_error (GPG_ERR_GENERAL);            \
            }                                                \
-       }                                                      
-/* End of MAP_SPWQ_ERROR_IMPL.  */       
+       }
+/* End of MAP_SPWQ_ERROR_IMPL.  */
 
 
 #endif /*SIMPLE_PWQUERY_H*/
diff --git a/common/srv.c b/common/srv.c
index 79ffc7862..1b8248bf3 100644
--- a/common/srv.c
+++ b/common/srv.c
@@ -72,7 +72,7 @@ getsrv (const char *name,struct srventry **list)
   {
     adns_state state;
     adns_answer *answer = NULL;
-    
+
     rc = adns_init (&state, adns_if_noerrprint, NULL);
     if (rc)
       {
@@ -88,7 +88,7 @@ getsrv (const char *name,struct srventry **list)
         adns_finish (state);
         return -1;
       }
-    if (answer->status != adns_s_ok 
+    if (answer->status != adns_s_ok
         || answer->type != adns_r_srv || !answer->nrrs)
       {
         log_error ("DNS query returned an error or no records: %s (%s)\n",
@@ -109,7 +109,7 @@ getsrv (const char *name,struct srventry **list)
             log_info ("hostname in SRV record too long - skipped\n");
             continue;
           }
-      
+
         newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
         if (!newlist)
           goto fail;
@@ -117,7 +117,7 @@ getsrv (const char *name,struct srventry **list)
         memset (&(*list)[srvcount], 0, sizeof(struct srventry));
         srv = &(*list)[srvcount];
         srvcount++;
-      
+
         srv->priority = answer->rrs.srvha[count].priority;
         srv->weight   = answer->rrs.srvha[count].weight;
         srv->port     = answer->rrs.srvha[count].port;
@@ -134,29 +134,29 @@ getsrv (const char *name,struct srventry **list)
     unsigned char *pt, *emsg;
     int r;
     u16 dlen;
-    
+
     r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
     if (r < sizeof (HEADER) || r > sizeof answer)
       return -1;
     if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
       return 0; /* Error or no record found.  */
-    
+
     emsg = &answer[r];
     pt = &answer[sizeof(HEADER)];
-  
+
     /* Skip over the query */
     rc = dn_skipname (pt, emsg);
     if (rc == -1)
       goto fail;
-  
+
     pt += rc + QFIXEDSZ;
-  
+
     while (count-- > 0 && pt < emsg)
       {
         struct srventry *srv=NULL;
         u16 type,class;
         struct srventry *newlist;
-      
+
         newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
         if (!newlist)
           goto fail;
@@ -164,28 +164,28 @@ getsrv (const char *name,struct srventry **list)
         memset(&(*list)[srvcount],0,sizeof(struct srventry));
         srv=&(*list)[srvcount];
         srvcount++;
-      
+
         rc = dn_skipname(pt,emsg); /* the name we just queried for */
         if (rc == -1)
           goto fail;
         pt+=rc;
-      
+
         /* Truncated message? */
         if((emsg-pt)<16)
           goto fail;
-      
+
         type=*pt++ << 8;
         type|=*pt++;
         /* We asked for SRV and got something else !? */
         if(type!=T_SRV)
           goto fail;
-      
+
         class=*pt++ << 8;
         class|=*pt++;
         /* We asked for IN and got something else !? */
         if(class!=C_IN)
           goto fail;
-      
+
         pt+=4; /* ttl */
         dlen=*pt++ << 8;
         dlen|=*pt++;
@@ -195,7 +195,7 @@ getsrv (const char *name,struct srventry **list)
         srv->weight|=*pt++;
         srv->port=*pt++ << 8;
         srv->port|=*pt++;
-      
+
         /* Get the name.  2782 doesn't allow name compression, but
            dn_expand still works to pull the name out of the
            packet. */
@@ -215,17 +215,17 @@ getsrv (const char *name,struct srventry **list)
       }
   }
 #endif /*!USE_ADNS*/
-  
+
   /* Now we have an array of all the srv records. */
-  
+
   /* Order by priority */
   qsort(*list,srvcount,sizeof(struct srventry),priosort);
-  
+
   /* For each priority, move the zero-weighted items first. */
   for (i=0; i < srvcount; i++)
     {
       int j;
-      
+
       for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
         {
           if((*list)[j].weight==0)
@@ -234,12 +234,12 @@ getsrv (const char *name,struct srventry **list)
               if(j!=i)
                 {
                   struct srventry temp;
-                  
+
                   memcpy (&temp,&(*list)[j],sizeof(struct srventry));
                   memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
                   memcpy (&(*list)[i],&temp,sizeof(struct srventry));
                 }
-              
+
               break;
             }
         }
@@ -255,15 +255,15 @@ getsrv (const char *name,struct srventry **list)
     {
       int j;
       float prio_count=0,chose;
-      
+
       for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
         {
           prio_count+=(*list)[j].weight;
           (*list)[j].run_count=prio_count;
         }
-      
+
       chose=prio_count*rand()/RAND_MAX;
-      
+
       for (j=i;j= DIM (argv)-1)
         {
           if (xmode)
@@ -380,11 +380,11 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
           jnlib_set_errno (EINVAL);
           return NULL;
         }
-      argc++; 
+      argc++;
     }
   n++;
-  
-  home = NULL;                                     
+
+  home = NULL;
   if (*first_part == '~')
     {
       if (first_part[1] == '/' || !first_part[1])
@@ -394,13 +394,13 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
           if (!home)
             home = home_buffer = get_pwdir (xmode, NULL);
           if (home && *home)
-            n += strlen (home);                            
+            n += strlen (home);
         }
       else
         {
           /* This is the "~username/" or "~username" case.  */
           char *user;
-    
+
           if (xmode)
             user = jnlib_xstrdup (first_part+1);
           else
@@ -413,7 +413,7 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
           if (p)
             *p = 0;
           skip = 1 + strlen (user);
-          
+
           home = home_buffer = get_pwdir (xmode, user);
           jnlib_free (user);
           if (home)
@@ -434,7 +434,7 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
           return NULL;
         }
     }
-  
+
   if (home)
     p = stpcpy (stpcpy (name, home), first_part + skip);
   else
@@ -489,9 +489,9 @@ int
 compare_filenames (const char *a, const char *b)
 {
 #ifdef HAVE_DOSISH_SYSTEM
-  for ( ; *a && *b; a++, b++ ) 
+  for ( ; *a && *b; a++, b++ )
     {
-      if (*a != *b 
+      if (*a != *b
           && (toupper (*(const unsigned char*)a)
               != toupper (*(const unsigned char*)b) )
           && !((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/')))
@@ -500,7 +500,7 @@ compare_filenames (const char *a, const char *b)
   if ((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/'))
     return 0;
   else
-    return (toupper (*(const unsigned char*)a) 
+    return (toupper (*(const unsigned char*)a)
             - toupper (*(const unsigned char*)b));
 #else
     return strcmp(a,b);
@@ -539,7 +539,7 @@ hextobyte (const char *s)
 /* Print a BUFFER to stream FP while replacing all control characters
    and the characters DELIM and DELIM2 with standard C escape
    sequences.  Returns the number of characters printed. */
-size_t 
+size_t
 print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length,
                          int delim, int delim2)
 {
@@ -548,9 +548,9 @@ print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length,
 
   for (; length; length--, p++, count++)
     {
-      if (*p < 0x20 
+      if (*p < 0x20
           || *p == 0x7f
-          || *p == delim 
+          || *p == delim
           || *p == delim2
           || ((delim || delim2) && *p=='\\'))
         {
@@ -603,7 +603,7 @@ print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length,
 }
 
 /* Same as print_sanitized_buffer2 but with just one delimiter. */
-size_t 
+size_t
 print_sanitized_buffer (FILE *fp, const void *buffer, size_t length,
                         int delim)
 {
@@ -611,7 +611,7 @@ print_sanitized_buffer (FILE *fp, const void *buffer, size_t length,
 }
 
 
-size_t 
+size_t
 print_sanitized_utf8_buffer (FILE *fp, const void *buffer,
                              size_t length, int delim)
 {
@@ -619,7 +619,7 @@ print_sanitized_utf8_buffer (FILE *fp, const void *buffer,
   size_t i;
 
   /* We can handle plain ascii simpler, so check for it first. */
-  for (i=0; i < length; i++ ) 
+  for (i=0; i < length; i++ )
     {
       if ( (p[i] & 0x80) )
         break;
@@ -638,20 +638,20 @@ print_sanitized_utf8_buffer (FILE *fp, const void *buffer,
 }
 
 
-size_t 
+size_t
 print_sanitized_string2 (FILE *fp, const char *string, int delim, int delim2)
 {
   return string? print_sanitized_buffer2 (fp, string, strlen (string),
                                           delim, delim2):0;
 }
 
-size_t 
+size_t
 print_sanitized_string (FILE *fp, const char *string, int delim)
 {
   return string? print_sanitized_buffer (fp, string, strlen (string), delim):0;
 }
 
-size_t 
+size_t
 print_sanitized_utf8_string (FILE *fp, const char *string, int delim)
 {
   return string? print_sanitized_utf8_buffer (fp,
@@ -671,7 +671,7 @@ sanitize_buffer (const void *p_arg, size_t n, int delim)
   char *buffer, *d;
 
   /* First count length. */
-  for (save_n = n, save_p = p, buflen=1 ; n; n--, p++ ) 
+  for (save_n = n, save_p = p, buflen=1 ; n; n--, p++ )
     {
       if ( *p < 0x20 || *p == 0x7f || *p == delim  || (delim && *p=='\\'))
         {
@@ -743,7 +743,7 @@ const char *
 w32_strerror (int ec)
 {
   static char strerr[256];
-  
+
   if (ec == -1)
     ec = (int)GetLastError ();
 #ifdef HAVE_W32CE_SYSTEM
@@ -755,7 +755,7 @@ w32_strerror (int ec)
                  MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT),
                  strerr, DIM (strerr)-1, NULL);
 #endif
-  return strerr;    
+  return strerr;
 }
 #endif /*HAVE_W32_SYSTEM*/
 
@@ -776,7 +776,7 @@ ascii_islower (int c)
     return c >= 'a' && c <= 'z';
 }
 
-int 
+int
 ascii_toupper (int c)
 {
     if (c >= 'a' && c <= 'z')
@@ -784,7 +784,7 @@ ascii_toupper (int c)
     return c;
 }
 
-int 
+int
 ascii_tolower (int c)
 {
     if (c >= 'A' && c <= 'Z')
@@ -806,7 +806,7 @@ ascii_strcasecmp( const char *a, const char *b )
     return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
 }
 
-int 
+int
 ascii_strncasecmp (const char *a, const char *b, size_t n)
 {
   const unsigned char *p1 = (const unsigned char *)a;
@@ -828,7 +828,7 @@ ascii_strncasecmp (const char *a, const char *b, size_t n)
       ++p2;
     }
   while (c1 == c2);
-  
+
   return c1 - c2;
 }
 
@@ -874,7 +874,7 @@ ascii_memcasemem (const void *haystack, size_t nhaystack,
     {
       const char *a = haystack;
       const char *b = a + nhaystack - nneedle;
-      
+
       for (; a <= b; a++)
         {
           if ( !ascii_memcasecmp (a, needle, nneedle) )
@@ -1152,4 +1152,3 @@ xstrconcat (const char *s1, ...)
     }
   return result;
 }
-
diff --git a/common/stringhelp.h b/common/stringhelp.h
index a560b163e..28cbdab72 100644
--- a/common/stringhelp.h
+++ b/common/stringhelp.h
@@ -103,7 +103,7 @@ void *memrchr (const void *buffer, int c, size_t n);
 
 
 #ifndef HAVE_ISASCII
-static inline int 
+static inline int
 isascii (int c)
 {
   return (((c) & ~0x7f) == 0);
diff --git a/common/strlist.c b/common/strlist.c
index b31e6213a..93a58d5a0 100644
--- a/common/strlist.c
+++ b/common/strlist.c
@@ -63,7 +63,7 @@ strlist_t
 add_to_strlist_try (strlist_t *list, const char *string)
 {
   strlist_t sl;
-  
+
   sl = jnlib_malloc (sizeof *sl + strlen (string));
   if (sl)
     {
@@ -84,10 +84,10 @@ strlist_t
 add_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
 {
   strlist_t sl;
-  
+
   if (is_utf8)
     sl = add_to_strlist( list, string );
-  else 
+  else
     {
       char *p = native_to_utf8( string );
       sl = add_to_strlist( list, p );
@@ -125,7 +125,7 @@ strlist_t
 append_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
 {
   strlist_t sl;
-    
+
   if( is_utf8 )
     sl = append_to_strlist( list, string );
   else
@@ -201,4 +201,3 @@ strlist_pop (strlist_t *list)
 
   return str;
 }
-
diff --git a/common/strlist.h b/common/strlist.h
index 1e2ffa8da..3640da63d 100644
--- a/common/strlist.h
+++ b/common/strlist.h
@@ -20,7 +20,7 @@
 #ifndef LIBJNLIB_STRLIST_H
 #define LIBJNLIB_STRLIST_H
 
-struct string_list 
+struct string_list
 {
   struct string_list *next;
   unsigned int flags;
diff --git a/common/sysutils.c b/common/sysutils.c
index b75c5e1e5..a94d1fca5 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -46,7 +46,7 @@
 # define WINVER 0x0500  /* Required for AllowSetForegroundWindow.  */
 # include 
 #endif
-#ifdef HAVE_PTH      
+#ifdef HAVE_PTH
 # include 
 #endif
 #include 
@@ -140,7 +140,7 @@ get_session_marker (size_t *rlen)
 {
   static byte marker[SIZEOF_UNSIGNED_LONG*2];
   static int initialized;
-  
+
   if (!initialized)
     {
       gcry_create_nonce (marker, sizeof marker);
@@ -253,7 +253,7 @@ gnupg_sleep (unsigned int seconds)
      the process will give up its timeslot.  */
   if (!seconds)
     {
-# ifdef HAVE_W32_SYSTEM    
+# ifdef HAVE_W32_SYSTEM
       Sleep (0);
 # else
       sleep (0);
@@ -262,7 +262,7 @@ gnupg_sleep (unsigned int seconds)
   pth_sleep (seconds);
 #else
   /* Fixme:  make sure that a sleep won't wake up to early.  */
-# ifdef HAVE_W32_SYSTEM    
+# ifdef HAVE_W32_SYSTEM
   Sleep (seconds*1000);
 # else
   sleep (seconds);
@@ -287,7 +287,7 @@ translate_sys2libc_fd (gnupg_fd_t fd, int for_write)
 
   if (fd == GNUPG_INVALID_FD)
     return -1;
-  
+
   /* Note that _open_osfhandle is currently defined to take and return
      a long.  */
   x = _open_osfhandle ((long)fd, for_write ? 1 : 0);
@@ -437,7 +437,7 @@ gnupg_tmpfile (void)
    Must be called before we open any files! */
 void
 gnupg_reopen_std (const char *pgmname)
-{  
+{
 #if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM)
   struct stat statbuf;
   int did_stdin = 0;
@@ -452,7 +452,7 @@ gnupg_reopen_std (const char *pgmname)
       else
 	did_stdin = 2;
     }
-  
+
   if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF)
     {
       if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO)
@@ -501,7 +501,7 @@ gnupg_reopen_std (const char *pgmname)
 
 
 /* Hack required for Windows.  */
-void 
+void
 gnupg_allow_set_foregound_window (pid_t pid)
 {
   if (!pid)
@@ -543,7 +543,7 @@ gnupg_remove (const char *fname)
    defined on all systems.  The format of the modestring is
 
       "-rwxrwxrwx"
-      
+
    '-' is a don't care or not set.  'r', 'w', 'x' are read allowed,
    write allowed, execution allowed with the first group for the user,
    the second for the group and the third for all others.  If the
@@ -555,7 +555,7 @@ gnupg_mkdir (const char *name, const char *modestr)
 #ifdef HAVE_W32CE_SYSTEM
   wchar_t *wname;
   (void)modestr;
-  
+
   wname = utf8_to_wchar (name);
   if (!wname)
     return -1;
@@ -615,7 +615,7 @@ gnupg_setenv (const char *name, const char *value, int overwrite)
 #endif
 }
 
-int 
+int
 gnupg_unsetenv (const char *name)
 {
 #ifdef HAVE_W32CE_SYSTEM
@@ -633,7 +633,7 @@ gnupg_unsetenv (const char *name)
 #ifdef HAVE_W32CE_SYSTEM
 /* There is a isatty function declaration in cegcc but it does not
    make sense, thus we redefine it.  */
-int 
+int
 _gnupg_isatty (int fd)
 {
   (void)fd;
@@ -651,10 +651,10 @@ _gnupg_getenv (const char *name)
 {
   static int initialized;
   static char *assuan_debug;
-  
+
   if (!initialized)
     {
-      assuan_debug = read_w32_registry_string (NULL, 
+      assuan_debug = read_w32_registry_string (NULL,
                                                "\\Software\\GNU\\libassuan",
                                                "debug");
       initialized = 1;
@@ -667,4 +667,3 @@ _gnupg_getenv (const char *name)
 }
 
 #endif /*HAVE_W32CE_SYSTEM*/
-
diff --git a/common/t-b64.c b/common/t-b64.c
index a230dc033..b5659cafd 100644
--- a/common/t-b64.c
+++ b/common/t-b64.c
@@ -17,7 +17,7 @@
  * along with this program; if not, see .
  */
 
-/* 
+/*
 
    As of now this is only a test program for manual tests.
 
@@ -179,4 +179,3 @@ main (int argc, char **argv)
 
   return !!errcount;
 }
-
diff --git a/common/t-convert.c b/common/t-convert.c
index 4b04f3a32..d6056b9a6 100644
--- a/common/t-convert.c
+++ b/common/t-convert.c
@@ -72,8 +72,8 @@ test_hex2bin (void)
   unsigned char buffer[20];
   int len;
   int i;
-  
-  
+
+
   for (i=0; valid[i]; i++)
     {
       len = hex2bin (valid[i], buffer, sizeof buffer);
@@ -87,7 +87,7 @@ test_hex2bin (void)
     fail (0);
   if (hex2bin (valid[2], buffer, sizeof buffer) != 41)
     fail (0);
-  
+
   for (i=0; invalid[i]; i++)
     {
       len = hex2bin (invalid[i], buffer, sizeof buffer);
@@ -107,7 +107,7 @@ test_hex2bin (void)
     fail (0);
   if (hex2bin (valid2[1], buffer, 1) != 3)
     fail (0);
-  
+
   for (i=0; invalid2[i]; i++)
     {
       len = hex2bin (invalid2[i], buffer, 1);
@@ -164,8 +164,8 @@ test_hexcolon2bin (void)
   unsigned char buffer[20];
   int len;
   int i;
-  
-  
+
+
   for (i=0; valid[i]; i++)
     {
       len = hexcolon2bin (valid[i], buffer, sizeof buffer);
@@ -179,7 +179,7 @@ test_hexcolon2bin (void)
     fail (0);
   if (hexcolon2bin (valid[3], buffer, sizeof buffer) != 41)
     fail (0);
-  
+
   for (i=0; invalid[i]; i++)
     {
       len = hexcolon2bin (invalid[i], buffer, sizeof buffer);
@@ -199,7 +199,7 @@ test_hexcolon2bin (void)
     fail (0);
   if (hexcolon2bin (valid2[1], buffer, 1) != 3)
     fail (0);
-  
+
   for (i=0; invalid2[i]; i++)
     {
       len = hexcolon2bin (invalid2[i], buffer, 1);
@@ -234,10 +234,10 @@ test_bin2hex (void)
     fail (0);
   if (strcmp (p, hexstuff))
     fail (0);
-  
+
   p = bin2hex (stuff, (size_t)(-1), NULL);
   if (p)
-    fail (0); 
+    fail (0);
   if (errno != ENOMEM)
     fail (1);
 }
@@ -263,13 +263,13 @@ test_bin2hexcolon (void)
 
   p = bin2hexcolon (stuff, 20, NULL);
   if (!p)
-    fail (0); 
+    fail (0);
   if (strcmp (p, hexstuff))
     fail (0);
-  
+
   p = bin2hexcolon (stuff, (size_t)(-1), NULL);
   if (p)
-    fail (0); 
+    fail (0);
   if (errno != ENOMEM)
     fail (1);
 }
@@ -384,10 +384,10 @@ test_hex2str (void)
   for (idx=0; tests[idx].hex; idx++)
     {
       char tmpbuf[100];
-      
+
       assert (strlen (tests[idx].hex)+1 < sizeof tmpbuf);
       strcpy (tmpbuf, tests[idx].hex);
-      
+
       /* Note: we still need to use 20 as buffer length because our
          tests assume that. */
       tail = hex2str (tmpbuf, tmpbuf, 20, &count);
@@ -449,7 +449,7 @@ main (int argc, char **argv)
 {
   (void)argc;
   (void)argv;
-  
+
   test_hex2bin ();
   test_hexcolon2bin ();
   test_bin2hex ();
@@ -458,4 +458,3 @@ main (int argc, char **argv)
 
   return 0;
 }
-
diff --git a/common/t-exechelp.c b/common/t-exechelp.c
index 5c5c5d311..e4c88d126 100644
--- a/common/t-exechelp.c
+++ b/common/t-exechelp.c
@@ -150,7 +150,7 @@ test_close_all_fds (void)
             print_open_fds (array);
           free (array);
         }
-      
+
       /* Check whether the except list works.  */
       close_all_fds (3, except);
       array = xget_all_open_fds ();
@@ -181,9 +181,8 @@ main (int argc, char **argv)
       verbose = 1;
       argc--; argv++;
     }
-  
+
   test_close_all_fds ();
 
   return 0;
 }
-
diff --git a/common/t-gettime.c b/common/t-gettime.c
index a4401d8ae..1cfde69c7 100644
--- a/common/t-gettime.c
+++ b/common/t-gettime.c
@@ -68,7 +68,7 @@ test_isotime2epoch (void)
           fail (idx);
           if (verbose)
             fprintf (stderr, "string `%s' exp: %ld got: %ld\n",
-                     array[idx].string, (long)array[idx].expected, 
+                     array[idx].string, (long)array[idx].expected,
                      (long)val);
         }
       if (array[idx].expected != INVALID)
@@ -100,4 +100,3 @@ main (int argc, char **argv)
 
   return !!errcount;
 }
-
diff --git a/common/t-helpfile.c b/common/t-helpfile.c
index fa5d27a1c..960252bbd 100644
--- a/common/t-helpfile.c
+++ b/common/t-helpfile.c
@@ -52,7 +52,7 @@ main (int argc, char **argv)
   result = gnupg_get_help_string (argc? argv[0]:NULL, 0);
   if (!result)
     {
-      fprintf (stderr, 
+      fprintf (stderr,
                "Error: nothing found for `%s'\n", argc?argv[0]:"(null)");
       errcount++;
     }
@@ -64,4 +64,3 @@ main (int argc, char **argv)
 
   return !!errcount;
 }
-
diff --git a/common/t-percent.c b/common/t-percent.c
index b8641b90b..c148c228f 100644
--- a/common/t-percent.c
+++ b/common/t-percent.c
@@ -37,31 +37,31 @@ test_percent_plus_escape (void)
     const char *string;
     const char *expect;
   } tbl[] = {
-    { 
+    {
       "",
-      "" 
-    }, { 
+      ""
+    }, {
       "a",
       "a",
-    }, { 
+    }, {
       " ",
       "+",
-    }, { 
+    }, {
       "  ",
       "++"
-    }, { 
+    }, {
       "+ +",
       "%2B+%2B"
-    }, { 
+    }, {
       "\" \"",
       "%22+%22"
-    }, { 
+    }, {
       "%22",
       "%2522"
-    }, { 
+    }, {
       "%% ",
       "%25%25+"
-    }, { 
+    }, {
       "\n ABC\t",
       "%0A+ABC%09"
     }, { NULL, NULL }
@@ -69,7 +69,7 @@ test_percent_plus_escape (void)
   char *buf, *buf2;
   int i;
   size_t len;
-  
+
   for (i=0; tbl[i].string; i++)
     {
       buf = percent_plus_escape (tbl[i].string);
@@ -105,11 +105,10 @@ main (int argc, char **argv)
 {
   (void)argc;
   (void)argv;
-  
+
   /* FIXME: We escape_unescape is not tested - only
      percent_plus_unescape.  */
   test_percent_plus_escape ();
 
   return 0;
 }
-
diff --git a/common/t-session-env.c b/common/t-session-env.c
index 94b668328..46c655229 100644
--- a/common/t-session-env.c
+++ b/common/t-session-env.c
@@ -46,7 +46,7 @@ listall (session_env_t se)
   while ( (name = session_env_listenv (se, &iterator, &value, &def)) )
     if (verbose)
       printf ("  %s%s=%s\n",  def? "[def] ":"      ", name, value);
-          
+
 }
 
 
@@ -150,7 +150,7 @@ test_all (void)
       fprintf (stderr, "failed to get default of HOME\n");
       exit (1);
     }
-      
+
   s = session_env_getenv (se, "HOME");
   if (s)
     fail(0);  /* This is a default value, thus we should not see it.  */
@@ -194,7 +194,7 @@ test_all (void)
   /* Check that the other object is clean.  */
   {
     int iterator = 0;
-    
+
     if (session_env_listenv (se_0, &iterator, NULL, NULL))
       fail (0);
   }
@@ -211,7 +211,7 @@ test_all (void)
   for (idx=0; idx < 500; idx++)
     {
       char buf[100];
-      
+
       snprintf (buf, sizeof buf, "FOO_%d=Value for %x", idx, idx);
       err = session_env_putenv (se, buf);
       if (err)
@@ -230,7 +230,7 @@ test_all (void)
   for (idx=0; idx < 500; idx++)
     {
       char buf[100];
-      
+
       snprintf (buf, sizeof buf, "FOO_%d", idx);
       err = session_env_putenv (se, buf);
       if (err)
@@ -243,7 +243,7 @@ test_all (void)
   /* Check that all are deleted.  */
   {
     int iterator = 0;
-    
+
     if (session_env_listenv (se, &iterator, NULL, NULL))
       fail (0);
   }
@@ -252,7 +252,7 @@ test_all (void)
   for (idx=0; idx < 500; idx++)
     {
       char buf[100];
-      
+
       if (!(idx % 10))
         {
           if ( !(idx % 3))
@@ -266,7 +266,7 @@ test_all (void)
     }
 
   listall (se);
-  
+
   session_env_release (se);
 
   session_env_release (se_0);
@@ -291,4 +291,3 @@ main (int argc, char **argv)
 
   return 0;
 }
-
diff --git a/common/t-sexputil.c b/common/t-sexputil.c
index 05da162bf..987b06255 100644
--- a/common/t-sexputil.c
+++ b/common/t-sexputil.c
@@ -35,7 +35,7 @@ test_hash_algo_from_sigval (void)
 {
   int algo;
   /* A real world example.  */
-  unsigned char example1_rsa_sha1[] = 
+  unsigned char example1_rsa_sha1[] =
     ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61"
      "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E"
      "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89"
@@ -48,7 +48,7 @@ test_hash_algo_from_sigval (void)
      "\x27\xAC\x43\x45\xFA\x04\xD1\x22\x29\x29\x28\x34\x3A\x68\x61\x73"
      "\x68\x34\x3A\x73\x68\x61\x31\x29\x29");
   /* The same but without the hash algo. */
-  unsigned char example1_rsa[] = 
+  unsigned char example1_rsa[] =
     ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61"
      "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E"
      "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89"
@@ -105,7 +105,7 @@ test_make_canon_sexp_from_rsa_pk (void)
       "\x3d\x14\xbb\xea\x63\x65\xa7\xf1\xf2\xf8\x97\x74\xa7\x29\x28\x31"
       "\x3a\x65\x34\x3a\x40\x00\x00\x81\x29\x29\x29",
       171
-    }, 
+    },
     {
       "\x63\xB4\x12\x48\x08\x48\xC0\x76\xAA\x8E\xF1\xF8\x7F\x5E\x9B\x89",
       16,
@@ -116,7 +116,7 @@ test_make_canon_sexp_from_rsa_pk (void)
       "\x48\xc0\x76\xaa\x8e\xf1\xf8\x7f\x5e\x9b\x89\x29\x28\x31\x3a\x65"
       "\x31\x3a\x03\x29\x29\x29",
       54,
-    }, 
+    },
     {
       "",
       0,
@@ -149,7 +149,7 @@ test_make_canon_sexp_from_rsa_pk (void)
           fprintf (stderr, "%s:%d: out of core\n", __FILE__, __LINE__);
           exit (1);
         }
-      
+
       if (length != tests[idx].resultlen)
         fail (idx);
       if (memcmp (sexp, tests[idx].result, tests[idx].resultlen))
@@ -189,4 +189,3 @@ main (int argc, char **argv)
 
   return 0;
 }
-
diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
index 0c921b03d..d7b25e9b0 100644
--- a/common/t-stringhelp.c
+++ b/common/t-stringhelp.c
@@ -42,14 +42,14 @@ gethome (void)
   if (!home_buffer)
     {
       char *home = getenv("HOME");
-      
+
       if(home)
         home_buffer = xstrdup (home);
 #if defined(HAVE_GETPWUID) && defined(HAVE_PWD_H)
       else
         {
           struct passwd *pwd;
-          
+
           pwd = getpwuid (getuid());
           if (pwd)
             home_buffer = xstrdup (pwd->pw_dir);
@@ -65,10 +65,10 @@ test_percent_escape (void)
 {
   char *result;
   static struct {
-    const char *extra; 
-    const char *value; 
+    const char *extra;
+    const char *value;
     const char *expected;
-  } tests[] = 
+  } tests[] =
     {
       { NULL, "", "" },
       { NULL, "%", "%25" },
@@ -183,7 +183,7 @@ test_strconcat (void)
     fail (0);
   else if (errno != EINVAL)
     fail (0);
-  
+
 #if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute.  */
   out = strconcat (NULL);
   if (!out || *out)
@@ -322,10 +322,10 @@ test_make_filename_try (void)
                            "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
                            "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
                            "1", "2", NULL);
-  if (!out || strcmp (out, 
-                      "1/2/3/4/5/6/7/8/9/10/" 
-                      "1/2/3/4/5/6/7/8/9/10/" 
-                      "1/2/3/4/5/6/7/8/9/10/" 
+  if (!out || strcmp (out,
+                      "1/2/3/4/5/6/7/8/9/10/"
+                      "1/2/3/4/5/6/7/8/9/10/"
+                      "1/2/3/4/5/6/7/8/9/10/"
                       "1/2"))
     fail (0);
   xfree (out);
@@ -411,4 +411,3 @@ main (int argc, char **argv)
   xfree (home_buffer);
   return 0;
 }
-
diff --git a/common/t-support.c b/common/t-support.c
index bf05c4c06..755e15611 100644
--- a/common/t-support.c
+++ b/common/t-support.c
@@ -142,6 +142,3 @@ gpg_err_code_from_syserror (void)
   return -1;
 }
 #endif /*GPG_ERROR_H*/
-
-
-
diff --git a/common/t-sysutils.c b/common/t-sysutils.c
index 9b19d88ce..d13bdfe41 100644
--- a/common/t-sysutils.c
+++ b/common/t-sysutils.c
@@ -86,4 +86,3 @@ main (int argc, char **argv)
 
   return !!errcount;
 }
-
diff --git a/common/t-timestuff.c b/common/t-timestuff.c
index 46816765d..c9c8fe5b8 100644
--- a/common/t-timestuff.c
+++ b/common/t-timestuff.c
@@ -36,8 +36,8 @@ cmp_time_s (struct tm *a, struct tm *b)
       || a->tm_mon  != b->tm_mon
       || a->tm_mday != b->tm_mday
       || a->tm_hour != b->tm_hour
-      || a->tm_min  != b->tm_min 
-      || a->tm_sec  != b->tm_sec 
+      || a->tm_min  != b->tm_min
+      || a->tm_sec  != b->tm_sec
       || a->tm_wday != b->tm_wday
       || a->tm_yday != b->tm_yday
       || !a->tm_isdst != !b->tm_isdst)
@@ -51,7 +51,7 @@ static void
 test_timegm (void)
 {
   static struct {
-    int year, mon, mday, hour, min, sec; 
+    int year, mon, mday, hour, min, sec;
   } tvalues[] = {
     { -1 },
     { -2,  1 },
@@ -103,12 +103,12 @@ test_timegm (void)
           tbuf.tm_mday = tvalues[tidx].mday;
           tbuf.tm_hour = tvalues[tidx].hour;
           tbuf.tm_min  = tvalues[tidx].min;
-          tbuf.tm_sec  = tvalues[tidx].sec; 
+          tbuf.tm_sec  = tvalues[tidx].sec;
           now = mktime (&tbuf);
         }
       if (now == (time_t)(-1))
         fail (tidx);
-      
+
       tp = gmtime (&now);
       if (!tp)
         fail (tidx);
@@ -119,7 +119,7 @@ test_timegm (void)
         fail (tidx);
       if (atime != now)
         fail (tidx);
-      
+
       tp = gmtime (&atime);
       if (!tp)
         fail (tidx);
@@ -142,4 +142,3 @@ main (int argc, char **argv)
 
   return 0;
 }
-
diff --git a/common/t-w32-reg.c b/common/t-w32-reg.c
index f4848cbaa..9a6a61d39 100644
--- a/common/t-w32-reg.c
+++ b/common/t-w32-reg.c
@@ -67,4 +67,3 @@ main (int argc, char **argv)
 
   return 0;
 }
-
diff --git a/common/tlv.c b/common/tlv.c
index 3453b29f6..54ef6fca6 100644
--- a/common/tlv.c
+++ b/common/tlv.c
@@ -45,7 +45,7 @@ do_find_tlv (const unsigned char *buffer, size_t length,
   size_t len;
   int this_tag;
   int composite;
-    
+
   for (;;)
     {
       buffer = s;
@@ -97,7 +97,7 @@ do_find_tlv (const unsigned char *buffer, size_t length,
              nesting. */
           const unsigned char *tmp_s;
           size_t tmp_len;
-          
+
           tmp_s = do_find_tlv (s, len, tag, &tmp_len, nestlevel+1);
           if (tmp_s)
             {
@@ -152,7 +152,7 @@ find_tlv_unchecked (const unsigned char *buffer, size_t length,
    on success. */
 gpg_error_t
 _parse_ber_header (unsigned char const **buffer, size_t *size,
-                   int *r_class, int *r_tag, 
+                   int *r_class, int *r_tag,
                    int *r_constructed, int *r_ndef,
                    size_t *r_length, size_t *r_nhdr,
                    gpg_err_source_t errsource)
@@ -220,11 +220,11 @@ _parse_ber_header (unsigned char const **buffer, size_t *size,
         }
       *r_length = len;
     }
-  
+
   /* Without this kludge some example certs can't be parsed. */
   if (*r_class == CLASS_UNIVERSAL && !*r_tag)
     *r_length = 0;
-  
+
   *buffer = buf;
   *size = length;
   return 0;
@@ -251,7 +251,7 @@ _parse_ber_header (unsigned char const **buffer, size_t *size,
    while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
           && depth)
      process_token (tok, toklen);
-   if (err)  
+   if (err)
      handle_error ();
  */
 gpg_error_t
@@ -302,4 +302,3 @@ _parse_sexp (unsigned char const **buf, size_t *buflen,
   *buflen = n;
   return 0;
 }
-
diff --git a/common/tlv.h b/common/tlv.h
index a04af93ad..c7fafd547 100644
--- a/common/tlv.h
+++ b/common/tlv.h
@@ -81,7 +81,7 @@ const unsigned char *find_tlv_unchecked (const unsigned char *buffer,
    and the length part from the TLV triplet.  Update BUFFER and SIZE
    on success. */
 gpg_error_t _parse_ber_header (unsigned char const **buffer, size_t *size,
-                               int *r_class, int *r_tag, 
+                               int *r_class, int *r_tag,
                                int *r_constructed,
                                int *r_ndef, size_t *r_length, size_t *r_nhdr,
                                gpg_err_source_t errsource);
diff --git a/common/ttyio.c b/common/ttyio.c
index 92671f112..fb0fd5e56 100644
--- a/common/ttyio.c
+++ b/common/ttyio.c
@@ -186,7 +186,7 @@ init_ttyfp(void)
     if (my_rl_init_stream)
       my_rl_init_stream (ttyfp);
 #endif
-    
+
 
 #ifdef HAVE_TCGETATTR
     atexit( cleanup );
@@ -225,7 +225,7 @@ tty_printf( const char *fmt, ... )
 
     va_start( arg_ptr, fmt ) ;
 #ifdef USE_W32_CONSOLE
-    {   
+    {
         char *buf = NULL;
         int n;
 	DWORD nwritten;
@@ -233,7 +233,7 @@ tty_printf( const char *fmt, ... )
 	n = vasprintf(&buf, fmt, arg_ptr);
 	if( !buf )
 	    log_bug("vasprintf() failed\n");
-        
+
 	if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) )
 	    log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
 	if( n != nwritten )
@@ -272,15 +272,15 @@ tty_fprintf (estream_t fp, const char *fmt, ... )
 
   va_start (arg_ptr, fmt);
 #ifdef USE_W32_CONSOLE
-  {   
+  {
     char *buf = NULL;
     int n;
     DWORD nwritten;
-    
+
     n = vasprintf(&buf, fmt, arg_ptr);
     if (!buf)
       log_bug("vasprintf() failed\n");
-    
+
     if (!WriteConsoleA( con.out, buf, n, &nwritten, NULL ))
       log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
     if (n != nwritten)
@@ -545,7 +545,7 @@ tty_get( const char *prompt )
     {
       char *line;
       char *buf;
-      
+
       if (!initialized)
 	init_ttyfp();
 
diff --git a/common/types.h b/common/types.h
index 62fa0470d..fcba737c2 100644
--- a/common/types.h
+++ b/common/types.h
@@ -103,10 +103,10 @@
 /* Some GCC attributes.  Note that we use also define some in
    mischelp.h, but this header and types.h are not always included.
    Should eventually be put into one file (e.g. nlib-common.h).  */
-#if __GNUC__ >= 4 
+#if __GNUC__ >= 4
 # define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a)))
 #else
-# define GNUPG_GCC_A_SENTINEL(a) 
+# define GNUPG_GCC_A_SENTINEL(a)
 #endif
 
 
diff --git a/common/userids.c b/common/userids.c
index 9a072dd80..9cc29f3b4 100644
--- a/common/userids.c
+++ b/common/userids.c
@@ -43,8 +43,8 @@
  *   must be in the range 0..9), this is considered a fingerprint.
  * - If the username starts with a left angle, we assume it is a complete
  *   email address and look only at this part.
- * - If the username starts with a colon we assume it is a unified 
- *   key specfification. 
+ * - If the username starts with a colon we assume it is a unified
+ *   key specfification.
  * - If the username starts with a '.', we assume it is the ending
  *   part of an email address
  * - If the username starts with an '@', we assume it is a part of an
@@ -66,12 +66,12 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
   const char *s;
   int hexprefix = 0;
   int hexlength;
-  int mode = 0;   
+  int mode = 0;
   KEYDB_SEARCH_DESC dummy_desc;
 
   if (!desc)
     desc = &dummy_desc;
-    
+
   /* Clear the structure so that the mode field is set to zero unless
      we set it to the correct value right at the end of this
      function. */
@@ -81,7 +81,7 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
   for(s = name; *s && spacep (s); s++ )
     ;
 
-  switch (*s) 
+  switch (*s)
     {
     case 0:  /* Empty string is an error.  */
       return gpg_error (GPG_ERR_INV_USER_ID);
@@ -133,19 +133,19 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
       break;
 
     case '#': /* S/N with optional issuer id or just issuer id.  */
-      { 
+      {
         const char *si;
-        
+
         s++;
         if ( *s == '/')
           { /* "#/" indicates an issuer's DN.  */
             s++;
             if (!*s || spacep (s)) /* No DN or prefixed with a space.  */
-              return gpg_error (GPG_ERR_INV_USER_ID); 
+              return gpg_error (GPG_ERR_INV_USER_ID);
             desc->u.name = s;
             mode = KEYDB_SEARCH_MODE_ISSUER;
           }
-        else 
+        else
           { /* Serialnumber + optional issuer ID.  */
             for (si=s; *si && *si != '/'; si++)
               {
@@ -170,10 +170,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
       break;
 
     case ':': /* Unified fingerprint. */
-      {  
+      {
         const char *se, *si;
         int i;
-        
+
         se = strchr (++s,':');
         if (!se)
           return gpg_error (GPG_ERR_INV_USER_ID);
@@ -184,21 +184,21 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
           }
         if (i != 32 && i != 40)
           return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid length of fpr.  */
-        for (i=0,si=s; si < se; i++, si +=2) 
+        for (i=0,si=s; si < se; i++, si +=2)
           desc->u.fpr[i] = hextobyte(si);
         for (; i < 20; i++)
           desc->u.fpr[i]= 0;
         s = se + 1;
         mode = KEYDB_SEARCH_MODE_FPR;
-      } 
+      }
       break;
 
     case '&': /* Keygrip*/
-      {  
+      {
         if (hex2bin (s+1, desc->u.grip, 20) < 0)
           return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid. */
         mode = KEYDB_SEARCH_MODE_KEYGRIP;
-      } 
+      }
       break;
 
     default:
@@ -214,33 +214,33 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
           desc->exact = 1;
           hexlength++; /* Just for the following check.  */
         }
-      
+
       /* Check if a hexadecimal number is terminated by EOS or blank.  */
-      if (hexlength && s[hexlength] && !spacep (s+hexlength)) 
+      if (hexlength && s[hexlength] && !spacep (s+hexlength))
         {
           if (hexprefix) /* A "0x" prefix without a correct
                             termination is an error.  */
-            return gpg_error (GPG_ERR_INV_USER_ID); 
+            return gpg_error (GPG_ERR_INV_USER_ID);
           /* The first characters looked like a hex number, but the
              entire string is not.  */
-          hexlength = 0;  
+          hexlength = 0;
         }
-      
+
       if (desc->exact)
         hexlength--; /* Remove the bang.  */
 
       if (hexlength == 8
           || (!hexprefix && hexlength == 9 && *s == '0'))
-        { 
+        {
           /* Short keyid.  */
           if (hexlength == 9)
-            s++; 
+            s++;
           desc->u.kid[1] = strtoul( s, NULL, 16 );
           mode = KEYDB_SEARCH_MODE_SHORT_KID;
         }
       else if (hexlength == 16
                || (!hexprefix && hexlength == 17 && *s == '0'))
-        { 
+        {
           /* Long keyid.  */
           char buf[9];
           if (hexlength == 17)
@@ -252,13 +252,13 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
         }
       else if (hexlength == 32
                || (!hexprefix && hexlength == 33 && *s == '0'))
-        { 
+        {
           /* MD5 fingerprint.  */
           int i;
           if (hexlength == 33)
             s++;
-          memset (desc->u.fpr+16, 0, 4); 
-          for (i=0; i < 16; i++, s+=2) 
+          memset (desc->u.fpr+16, 0, 4);
+          for (i=0; i < 16; i++, s+=2)
             {
               int c = hextobyte(s);
               if (c == -1)
@@ -269,12 +269,12 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
         }
       else if (hexlength == 40
                || (!hexprefix && hexlength == 41 && *s == '0'))
-        { 
+        {
           /* SHA1/RMD160 fingerprint.  */
           int i;
           if (hexlength == 41)
             s++;
-          for (i=0; i < 20; i++, s+=2) 
+          for (i=0; i < 20; i++, s+=2)
             {
               int c = hextobyte(s);
               if (c == -1)
@@ -284,16 +284,16 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
           mode = KEYDB_SEARCH_MODE_FPR20;
         }
       else if (!hexprefix)
-        { 
+        {
           /* The fingerprint in an X.509 listing is often delimited by
              colons, so we try to single this case out. */
           mode = 0;
           hexlength = strspn (s, ":0123456789abcdefABCDEF");
-          if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) 
+          if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
             {
               int i;
 
-              for (i=0; i < 20; i++, s += 3) 
+              for (i=0; i < 20; i++, s += 3)
                 {
                   int c = hextobyte(s);
                   if (c == -1 || (i < 19 && s[2] != ':'))
@@ -304,19 +304,19 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
                 mode = KEYDB_SEARCH_MODE_FPR20;
             }
           if (!mode) /* Default to substring search.  */
-            { 
+            {
               desc->exact = 0;
               desc->u.name = s;
-              mode = KEYDB_SEARCH_MODE_SUBSTR; 
+              mode = KEYDB_SEARCH_MODE_SUBSTR;
             }
         }
       else
-	{ 
+	{
           /* Hex number with a prefix but with a wrong length.  */
           return gpg_error (GPG_ERR_INV_USER_ID);
         }
     }
-  
+
   desc->mode = mode;
   return 0;
 }
diff --git a/common/utf8conv.c b/common/utf8conv.c
index 16baa0d4d..a5765f6a6 100644
--- a/common/utf8conv.c
+++ b/common/utf8conv.c
@@ -59,7 +59,7 @@ static size_t  (* __stdcall iconv) (iconv_t cd,
                                     char **outbuf, size_t *outbytesleft);
 static int     (* __stdcall iconv_close) (iconv_t cd);
 
-static int 
+static int
 load_libiconv (void)
 {
 #ifdef HAVE_W32CE_SYSTEM
@@ -67,21 +67,21 @@ load_libiconv (void)
                 is at all required.  */
 #else
   static int done;
-  
+
   if (!done)
     {
       void *handle;
 
       done = 1; /* Do it right now because we might get called recursivly
                    through gettext.  */
-    
+
       handle = dlopen ("iconv.dll", RTLD_LAZY);
       if (handle)
         {
           iconv_open  = dlsym (handle, "libiconv_open");
           if (iconv_open)
             iconv = dlsym (handle, "libiconv");
-          if (iconv)    
+          if (iconv)
             iconv_close = dlsym (handle, "libiconv_close");
         }
       if (!handle || !iconv_close)
@@ -99,7 +99,7 @@ load_libiconv (void)
     }
   return iconv_open? 0: -1;
 #endif
-}    
+}
 #endif /*HAVE_W32_SYSTEM*/
 
 
@@ -157,13 +157,13 @@ set_native_charset (const char *newset)
 {
   const char *full_newset;
 
-  if (!newset) 
+  if (!newset)
     {
 #ifdef HAVE_W32_SYSTEM
       static char codepage[30];
       unsigned int cpno;
       const char *aliases;
-      
+
       /* We are a console program thus we need to use the
          GetConsoleOutputCP function and not the the GetACP which
          would give the codepage for a GUI program.  Note this is not
@@ -208,7 +208,7 @@ set_native_charset (const char *newset)
         }
 
 #else /*!HAVE_W32_SYSTEM*/
-      
+
 #ifdef HAVE_LANGINFO_CODESET
       newset = nl_langinfo (CODESET);
 #else /*!HAVE_LANGINFO_CODESET*/
@@ -232,7 +232,7 @@ set_native_charset (const char *newset)
               mod = strchr (++dot, '@');
               if (!mod)
                 mod = dot + strlen (dot);
-              if (mod - dot < sizeof codepage && dot != mod) 
+              if (mod - dot < sizeof codepage && dot != mod)
                 {
                   memcpy (codepage, dot, mod - dot);
                   codepage [mod - dot] = 0;
@@ -279,21 +279,21 @@ set_native_charset (const char *newset)
   else
     {
       iconv_t cd;
-      
+
 #ifdef HAVE_W32_SYSTEM
       if (load_libiconv ())
         return -1;
-#endif /*HAVE_W32_SYSTEM*/      
+#endif /*HAVE_W32_SYSTEM*/
 
       cd = iconv_open (full_newset, "utf-8");
-      if (cd == (iconv_t)-1) 
+      if (cd == (iconv_t)-1)
         {
           handle_iconv_error (full_newset, "utf-8", 0);
           return -1;
         }
       iconv_close (cd);
       cd = iconv_open ("utf-8", full_newset);
-      if (cd == (iconv_t)-1) 
+      if (cd == (iconv_t)-1)
         {
           handle_iconv_error ("utf-8", full_newset, 0);
           return -1;
@@ -313,7 +313,7 @@ get_native_charset ()
 }
 
 /* Return true if the native charset is utf-8.  */
-int 
+int
 is_native_utf8 (void)
 {
   return no_translation;
@@ -360,13 +360,13 @@ native_to_utf8 (const char *orig_string)
       *p = 0;
     }
   else
-    { 
+    {
       /* Need to use iconv.  */
       iconv_t cd;
       const char *inptr;
       char *outptr;
       size_t inbytes, outbytes;
-     
+
       cd = iconv_open ("utf-8", active_charset_name);
       if (cd == (iconv_t)-1)
         {
@@ -374,14 +374,14 @@ native_to_utf8 (const char *orig_string)
           return native_to_utf8 (string);
         }
 
-      for (s=string; *s; s++ ) 
+      for (s=string; *s; s++ )
         {
           length++;
           if ((*s & 0x80))
             length += 5; /* We may need up to 6 bytes for the utf8 output. */
         }
       buffer = jnlib_xmalloc (length + 1);
-      
+
       inptr = string;
       inbytes = strlen (string);
       outptr = buffer;
@@ -455,10 +455,10 @@ do_utf8_to_native (const char *string, size_t length, int delim,
 	  if (!nleft)
 	    {
 	      if (!(*s & 0x80))
-		{	
+		{
                   /* Plain ascii. */
 		  if ( delim != -1
-                       && (*s < 0x20 || *s == 0x7f || *s == delim 
+                       && (*s < 0x20 || *s == 0x7f || *s == delim
                            || (delim && *s == '\\')))
 		    {
 		      n++;
@@ -497,35 +497,35 @@ do_utf8_to_native (const char *string, size_t length, int delim,
 		  encbuf[encidx++] = *s;
 		}
 	      else if ((*s & 0xf0) == 0xe0) /* 1110 xxxx */
-		{	
+		{
 		  val = *s & 0x0f;
 		  nleft = 2;
 		  encidx = 0;
 		  encbuf[encidx++] = *s;
 		}
 	      else if ((*s & 0xf8) == 0xf0) /* 1111 0xxx */
-		{	
+		{
 		  val = *s & 0x07;
 		  nleft = 3;
 		  encidx = 0;
 		  encbuf[encidx++] = *s;
 		}
 	      else if ((*s & 0xfc) == 0xf8) /* 1111 10xx */
-		{	
+		{
 		  val = *s & 0x03;
 		  nleft = 4;
 		  encidx = 0;
 		  encbuf[encidx++] = *s;
 		}
 	      else if ((*s & 0xfe) == 0xfc) /* 1111 110x */
-		{		
+		{
 		  val = *s & 0x01;
 		  nleft = 5;
 		  encidx = 0;
 		  encbuf[encidx++] = *s;
 		}
 	      else /* Invalid encoding: print as \xNN. */
-		{		
+		{
 		  if (p)
 		    {
 		      sprintf (p, "\\x%02x", *s);
@@ -558,7 +558,7 @@ do_utf8_to_native (const char *string, size_t length, int delim,
 	      val <<= 6;
 	      val |= *s & 0x3f;
 	      if (!--nleft)  /* Ready. */
-		{ 
+		{
 		  if (no_translation)
 		    {
 		      if (p)
@@ -597,12 +597,12 @@ do_utf8_to_native (const char *string, size_t length, int delim,
 		      if (val >= 0x80 && val < 256)
 			{
                           /* We can simply print this character */
-			  n++;	
+			  n++;
 			  if (p)
 			    *p++ = val;
 			}
 		      else
-			{	
+			{
                           /* We do not have a translation: print utf8. */
 			  if (p)
 			    {
@@ -632,7 +632,7 @@ do_utf8_to_native (const char *string, size_t length, int delim,
           const char *inptr;
           char *outbuf, *outptr;
           size_t inbytes, outbytes;
-          
+
           *p = 0;  /* Terminate the buffer. */
 
           cd = iconv_open (active_charset_name, "utf-8");
@@ -649,14 +649,14 @@ do_utf8_to_native (const char *string, size_t length, int delim,
           inbytes = n - 1;;
           inptr = buffer;
           outbytes = n * MB_LEN_MAX;
-          if (outbytes / MB_LEN_MAX != n) 
+          if (outbytes / MB_LEN_MAX != n)
             BUG (); /* Actually an overflow. */
           outbuf = outptr = jnlib_xmalloc (outbytes);
           if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
-                      &outptr, &outbytes) == (size_t)-1) 
+                      &outptr, &outbytes) == (size_t)-1)
             {
               static int shown;
-              
+
               if (!shown)
                 log_info (_("conversion from `%s' to `%s' failed: %s\n"),
                           "utf-8", active_charset_name, strerror (errno));
@@ -668,7 +668,7 @@ do_utf8_to_native (const char *string, size_t length, int delim,
               outbuf = do_utf8_to_native (string, length, delim, 0);
             }
             else /* Success.  */
-              { 
+              {
                 *outptr = 0; /* Make sure it is a string. */
                 /* We could realloc the buffer now but I doubt that it
                    makes much sense given that it will get freed
@@ -703,13 +703,13 @@ utf8_to_native (const char *string, size_t length, int delim)
 
 /* Wrapper function for iconv_open, required for W32 as we dlopen that
    library on that system.  */
-jnlib_iconv_t 
+jnlib_iconv_t
 jnlib_iconv_open (const char *tocode, const char *fromcode)
 {
 #ifdef HAVE_W32_SYSTEM
   if (load_libiconv ())
     return (jnlib_iconv_t)(-1);
-#endif /*HAVE_W32_SYSTEM*/      
+#endif /*HAVE_W32_SYSTEM*/
 
   return (jnlib_iconv_t)iconv_open (tocode, fromcode);
 }
@@ -726,7 +726,7 @@ jnlib_iconv (jnlib_iconv_t cd,
 #ifdef HAVE_W32_SYSTEM
   if (load_libiconv ())
     return 0;
-#endif /*HAVE_W32_SYSTEM*/      
+#endif /*HAVE_W32_SYSTEM*/
 
   return iconv ((iconv_t)cd, (char**)inbuf, inbytesleft, outbuf, outbytesleft);
 }
@@ -739,7 +739,7 @@ jnlib_iconv_close (jnlib_iconv_t cd)
 #ifdef HAVE_W32_SYSTEM
   if (load_libiconv ())
     return 0;
-#endif /*HAVE_W32_SYSTEM*/      
+#endif /*HAVE_W32_SYSTEM*/
 
   return iconv_close ((iconv_t)cd);
 }
@@ -797,7 +797,7 @@ utf8_to_wchar (const char *string)
     }
 
   nbytes = (size_t)(n+1) * sizeof(*result);
-  if (nbytes / sizeof(*result) != (n+1)) 
+  if (nbytes / sizeof(*result) != (n+1))
     {
       jnlib_set_errno (ENOMEM);
       return NULL;
diff --git a/common/w32-afunix.c b/common/w32-afunix.c
index 920561b92..690e95176 100644
--- a/common/w32-afunix.c
+++ b/common/w32-afunix.c
@@ -105,20 +105,20 @@ _w32_sock_connect (int sockfd, struct sockaddr *addr, int addrlen)
   int ret;
 
   (void)addrlen;
-      
+
   unaddr = (struct sockaddr_un *)addr;
   if (read_port_and_nonce (unaddr->sun_path, &port, nonce))
     return -1;
-      
+
   myaddr.sin_family = AF_INET;
-  myaddr.sin_port = htons (port); 
+  myaddr.sin_port = htons (port);
   myaddr.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
-  
+
   /* Set return values.  */
   unaddr->sun_family = myaddr.sin_family;
   unaddr->sun_port = myaddr.sin_port;
   unaddr->sun_addr.s_addr = myaddr.sin_addr.s_addr;
-  
+
   ret = connect (sockfd, (struct sockaddr *)&myaddr, sizeof myaddr);
   if (!ret)
     {
diff --git a/common/w32-reg.c b/common/w32-reg.c
index 5809c32bb..5dc2be584 100644
--- a/common/w32-reg.c
+++ b/common/w32-reg.c
@@ -36,7 +36,7 @@ static HKEY
 get_root_key(const char *root)
 {
   HKEY root_key;
-  
+
   if (!root)
     root_key = HKEY_CURRENT_USER;
   else if (!strcmp( root, "HKEY_CLASSES_ROOT" ) )
@@ -53,7 +53,7 @@ get_root_key(const char *root)
     root_key = HKEY_CURRENT_CONFIG;
   else
     return NULL;
-  
+
   return root_key;
 }
 
@@ -69,10 +69,10 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
   DWORD n1, nbytes, type;
   char *result = NULL;
   wchar_t *wdir, *wname;
-  
+
   if ( !(root_key = get_root_key(root) ) )
     return NULL;
-  
+
   wdir = utf8_to_wchar (dir);
   if (!wdir)
     return NULL;
@@ -115,7 +115,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
       goto leave;
     }
   result[nbytes] = 0;   /* Make sure it is a string.  */
-  result[nbytes+1] = 0; 
+  result[nbytes+1] = 0;
   if (type == REG_SZ || type == REG_EXPAND_SZ)
     {
       wchar_t *tmp = (void*)result;
@@ -131,10 +131,10 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
   HKEY root_key, key_handle;
   DWORD n1, nbytes, type;
   char *result = NULL;
-  
+
   if ( !(root_key = get_root_key(root) ) )
     return NULL;
-  
+
   if (RegOpenKeyEx (root_key, dir, 0, KEY_READ, &key_handle) )
     {
       if (root)
@@ -160,7 +160,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
   if (type == REG_EXPAND_SZ && strchr (result, '%'))
     {
       char *tmp;
-      
+
       n1 += 1000;
       tmp = jnlib_malloc (n1+1);
       if (!tmp)
@@ -177,7 +177,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
           if (nbytes && nbytes > n1)
             {
               /* Oops - truncated, better don't expand at all.  */
-              jnlib_free (tmp); 
+              jnlib_free (tmp);
               goto leave;
             }
           tmp[nbytes] = 0;
@@ -192,14 +192,14 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
           result = jnlib_malloc (strlen (tmp)+1);
           if (!result)
             result = tmp;
-            else 
+            else
               {
                 strcpy (result, tmp);
                 jnlib_free (tmp);
               }
         }
-      else 
-        {  
+      else
+        {
           /* Error - don't expand.  */
           jnlib_free (tmp);
         }
@@ -215,7 +215,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
 /* Note: This code is not well tested.  However, it is not used in
    GnuPG.  */
 int
-write_w32_registry_string (const char *root, const char *dir, 
+write_w32_registry_string (const char *root, const char *dir,
                            const char *name, const char *value)
 {
   HKEY root_key, reg_key;
@@ -236,7 +236,7 @@ write_w32_registry_string (const char *root, const char *dir,
       return -1;
     }
   jnlib_free (wdir);
-  
+
   if (name)
     {
       wname = utf8_to_wchar (name);
@@ -253,12 +253,12 @@ write_w32_registry_string (const char *root, const char *dir,
       return -1;
     }
 
-  if (RegSetValueEx (reg_key, wname, 0, REG_SZ, 
+  if (RegSetValueEx (reg_key, wname, 0, REG_SZ,
                      (BYTE *)wvalue, wcslen (wvalue)) != ERROR_SUCCESS )
     {
 
       if (RegCreateKeyEx (root_key, wname, 0, NULL, 0, 0, NULL,
-                          ®_key, &disp) != ERROR_SUCCESS) 
+                          ®_key, &disp) != ERROR_SUCCESS)
         {
           RegCloseKey(reg_key);
           jnlib_free (wname);
@@ -274,7 +274,7 @@ write_w32_registry_string (const char *root, const char *dir,
           return -1;
         }
     }
-  
+
   jnlib_free (wname);
   jnlib_free (wvalue);
   RegCloseKey (reg_key);
@@ -283,15 +283,15 @@ write_w32_registry_string (const char *root, const char *dir,
 
   if ( !(root_key = get_root_key(root) ) )
     return -1;
-  
-  if ( RegOpenKeyEx( root_key, dir, 0, KEY_WRITE, ®_key ) 
+
+  if ( RegOpenKeyEx( root_key, dir, 0, KEY_WRITE, ®_key )
        != ERROR_SUCCESS )
     return -1;
-  
-  if ( RegSetValueEx (reg_key, name, 0, REG_SZ, (BYTE *)value, 
+
+  if ( RegSetValueEx (reg_key, name, 0, REG_SZ, (BYTE *)value,
                       strlen( value ) ) != ERROR_SUCCESS )
     {
-      if ( RegCreateKey( root_key, name, ®_key ) != ERROR_SUCCESS ) 
+      if ( RegCreateKey( root_key, name, ®_key ) != ERROR_SUCCESS )
         {
           RegCloseKey(reg_key);
           return -1;
@@ -303,7 +303,7 @@ write_w32_registry_string (const char *root, const char *dir,
           return -1;
         }
     }
-  
+
   RegCloseKey (reg_key);
   return 0;
 #endif /*!HAVE_W32CE_SYSTEM*/
diff --git a/common/xmalloc.c b/common/xmalloc.c
index eb6d5ab11..c0d5d1d6d 100644
--- a/common/xmalloc.c
+++ b/common/xmalloc.c
@@ -84,4 +84,3 @@ xstrcat2( const char *a, const char *b )
     strcpy(p+n1, b );
     return p;
 }
-
diff --git a/common/xreadline.c b/common/xreadline.c
index 4ea10d75b..5a9a5270f 100644
--- a/common/xreadline.c
+++ b/common/xreadline.c
@@ -30,7 +30,7 @@
    considered a byte stream ending in a LF.
 
    If MAX_LENGTH is not NULL, it shall point to a value with the
-   maximum allowed allocation.  
+   maximum allowed allocation.
 
    Returns the length of the line. EOF is indicated by a line of
    length zero. A truncated line is indicated by setting the value at
@@ -45,7 +45,7 @@
    append a CR,LF,Nul
  */
 ssize_t
-read_line (FILE *fp, 
+read_line (FILE *fp,
            char **addr_of_buffer, size_t *length_of_buffer,
            size_t *max_length)
 {
@@ -94,7 +94,7 @@ read_line (FILE *fp,
           if (!*addr_of_buffer)
             {
               int save_errno = errno;
-              xfree (buffer); 
+              xfree (buffer);
               *length_of_buffer = 0;
               if (max_length)
                 *max_length = 0;
@@ -103,7 +103,7 @@ read_line (FILE *fp,
             }
           buffer = *addr_of_buffer;
           *length_of_buffer = length;
-          length -= 3; 
+          length -= 3;
           p = buffer + nbytes;
 	}
       *p++ = c;
diff --git a/common/yesno.c b/common/yesno.c
index a7131b7d5..821df4b9f 100644
--- a/common/yesno.c
+++ b/common/yesno.c
@@ -104,7 +104,7 @@ answer_is_yes_no_quit ( const char *s )
 }
 
 /*
-   Return 1 for okay, 0 for for cancel or DEF_ANSWER for default. 
+   Return 1 for okay, 0 for for cancel or DEF_ANSWER for default.
  */
 int
 answer_is_okay_cancel (const char *s, int def_answer)
@@ -115,7 +115,7 @@ answer_is_okay_cancel (const char *s, int def_answer)
   const char *long_cancel = _("cancel|cancel");
   const char *short_okay = _("oO");
   const char *short_cancel = _("cC");
-  
+
   /* Note: We have to use the locale dependent compare. */
   if ( match_multistr(long_okay,s) )
     return 1;
@@ -138,4 +138,3 @@ answer_is_okay_cancel (const char *s, int def_answer)
     return 0;
   return def_answer;
 }
-
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 8c41c53b2..d5aecc7ab 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -8,12 +8,12 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
@@ -53,7 +53,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c	\
 	ks-action.c ks-action.h ks-engine.h ks-engine-hkp.c
 
 if USE_LDAPWRAPPER
-dirmngr_SOURCES += ldap-wrapper.c 
+dirmngr_SOURCES += ldap-wrapper.c
 else
 dirmngr_SOURCES += ldap-wrapper-ce.c  dirmngr_ldap.c
 endif
@@ -67,7 +67,7 @@ endif
 dirmngr_LDFLAGS = $(extra_bin_ldflags)
 
 if USE_LDAPWRAPPER
-dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) 
+dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
 dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS)
 dirmngr_ldap_LDFLAGS =
 dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o ../gl/libgnu.a $(DNSLIBS) \
diff --git a/dirmngr/OAUTHORS b/dirmngr/OAUTHORS
index f9adc324c..78324493d 100644
--- a/dirmngr/OAUTHORS
+++ b/dirmngr/OAUTHORS
@@ -36,5 +36,3 @@ src/cdblib.h which are in the public domain.
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-
diff --git a/dirmngr/ONEWS b/dirmngr/ONEWS
index a9ec4d77c..cb2050748 100644
--- a/dirmngr/ONEWS
+++ b/dirmngr/ONEWS
@@ -156,7 +156,7 @@ Noteworthy changes in version 0.5.6 (2004-09-28)
 ------------------------------------------------
 
  * LDAP fix.
- 
+
  * Logging fixes.
 
  * Updated some configuration files.
diff --git a/dirmngr/cdblib.c b/dirmngr/cdblib.c
index 3bfeffc11..26a01b30f 100644
--- a/dirmngr/cdblib.c
+++ b/dirmngr/cdblib.c
@@ -59,7 +59,7 @@
 #ifdef HAVE_CONFIG_H
 #include 
 #endif
-#include  
+#include 
 #include 
 #include 
 #include 
@@ -89,7 +89,7 @@ struct cdb_rec {
   cdbi_t hval;
   cdbi_t rpos;
 };
-  
+
 struct cdb_rl {
   struct cdb_rl *next;
   cdbi_t cnt;
@@ -306,7 +306,7 @@ cdb_find(struct cdb *cdbp, const void *key, cdbi_t klen)
    result), use cdb_datapos() and cdb_datalen() macros with cdbp
    pointer.  It is error to use cdb_findnext() after it returned 0 or
    error condition.  These routines is a bit slower than
-   cdb_find(). 
+   cdb_find().
 
    Setting KEY to NULL will start a sequential search through the
    entire DB.
@@ -344,7 +344,7 @@ cdb_findinit(struct cdb_find *cdbfp, struct cdb *cdbp,
     }
   else /* Walk over all entries. */
     {
-      cdbfp->cdb_hval = 0; 
+      cdbfp->cdb_hval = 0;
       /* Force stepping in findnext. */
       cdbfp->cdb_htp = cdbfp->cdb_htend = cdbp->cdb_mem;
     }
@@ -353,7 +353,7 @@ cdb_findinit(struct cdb_find *cdbfp, struct cdb *cdbp,
 
 
 /* See cdb_findinit. */
-int 
+int
 cdb_findnext(struct cdb_find *cdbfp)
 {
   cdbi_t pos, n;
@@ -403,7 +403,7 @@ cdb_findnext(struct cdb_find *cdbfp)
             {
               if (cdbfp->cdb_hval > 255)
                 return 0; /* No more items. */
-              
+
               cdbfp->cdb_htp = cdbp->cdb_mem + cdbfp->cdb_hval * 8;
               cdbfp->cdb_hval++; /* Advance for next round. */
               pos = cdb_unpack (cdbfp->cdb_htp);     /* Offset of table. */
@@ -416,22 +416,22 @@ cdb_findnext(struct cdb_find *cdbfp)
                   gpg_err_set_errno (EPROTO);
                   return -1;
                 }
-              
+
               cdbfp->cdb_htab  = cdbp->cdb_mem + pos;
               cdbfp->cdb_htend = cdbfp->cdb_htab + cdbfp->cdb_httodo;
               cdbfp->cdb_htp   = cdbfp->cdb_htab;
             }
-          
+
           pos = cdb_unpack (cdbfp->cdb_htp + 4); /* Offset of record. */
           cdbfp->cdb_htp += 8;
-        } 
+        }
       while (!pos);
       if (pos > cdbp->cdb_fsize - 8)
         {
           gpg_err_set_errno (EPROTO);
           return -1;
         }
-      
+
       cdbp->cdb_kpos = pos + 8;
       cdbp->cdb_klen = cdb_unpack(cdbp->cdb_mem + pos);
       cdbp->cdb_vpos = pos + 8 + cdbp->cdb_klen;
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index d8528118e..1fb585ae2 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -36,7 +36,7 @@
 #define MAX_EXTRA_CACHED_CERTS 1000
 
 /* Constants used to classify search patterns.  */
-enum pattern_class 
+enum pattern_class
   {
     PATTERN_UNKNOWN = 0,
     PATTERN_EMAIL,
@@ -66,7 +66,7 @@ struct cert_item_s
   char *issuer_dn;          /* The malloced issuer DN.  */
   ksba_sexp_t sn;           /* The malloced serial number  */
   char *subject_dn;         /* The malloced subject DN - maybe NULL.  */
-  struct 
+  struct
   {
     unsigned int loaded:1;  /* It has been explicitly loaded.  */
     unsigned int trusted:1; /* This is a trusted root certificate.  */
@@ -144,7 +144,7 @@ compare_serialno (ksba_sexp_t serial1, ksba_sexp_t serial2 )
 /* Return a malloced canonical S-Expression with the serialnumber
    converted from the hex string HEXSN.  Return NULL on memory
    error. */
-ksba_sexp_t 
+ksba_sexp_t
 hexsn_to_sexp (const char *hexsn)
 {
   char *buffer, *p;
@@ -159,8 +159,8 @@ hexsn_to_sexp (const char *hexsn)
   p = stpcpy (buffer, numbuf);
   len = unhexify (p, hexsn);
   p[len] = ')';
-  p[len+1] = 0; 
-  
+  p[len+1] = 0;
+
   return buffer;
 }
 
@@ -251,7 +251,7 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
       drop_count = MAX_EXTRA_CACHED_CERTS / 20;
       if (drop_count < 2)
         drop_count = 2;
-      
+
       log_info (_("dropping %u certificates from the cache\n"), drop_count);
       assert (idx < 256);
       for (i=idx; drop_count; i = ((i+1)%256))
@@ -277,7 +277,7 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
   cert_compute_fpr (cert, fpr);
   for (ci=cert_cache[*fpr]; ci; ci = ci->next)
     if (ci->cert && !memcmp (ci->fpr, fpr, 20))
-      return gpg_error (GPG_ERR_DUP_VALUE);          
+      return gpg_error (GPG_ERR_DUP_VALUE);
   /* Try to reuse an existing entry.  */
   for (ci=cert_cache[*fpr]; ci; ci = ci->next)
     if (!ci->cert)
@@ -350,7 +350,7 @@ load_certs_from_dir (const char *dirname, int are_trusted)
       n = strlen (p);
       if ( n < 5 || (strcmp (p+n-4,".crt") && strcmp (p+n-4,".der")))
         continue; /* Not the desired "*.crt" or "*.der" pattern.  */
-      
+
       xfree (fname);
       fname = make_filename (dirname, p, NULL);
       fp = es_fopen (fname, "rb");
@@ -417,7 +417,7 @@ void
 cert_cache_init (void)
 {
   char *dname;
-  
+
   if (initialization_done)
     return;
   init_cache_lock ();
@@ -433,7 +433,7 @@ cert_cache_init (void)
 
   initialization_done = 1;
   release_cache_lock ();
-            
+
   cert_cache_print_stats ();
 }
 
@@ -682,15 +682,15 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
   const char *s;
   int hexprefix = 0;
   int hexlength;
-  int mode = 0;   
-    
+  int mode = 0;
+
   *r_offset = *r_sn_offset = 0;
 
   /* Skip leading spaces. */
   for(s = pattern; *s && spacep (s); s++ )
     ;
 
-  switch (*s) 
+  switch (*s)
     {
     case 0:  /* Empty string is an error. */
       result = PATTERN_UNKNOWN;
@@ -732,12 +732,12 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
       break;
 
     case '#': /* Serial number or issuer DN. */
-      { 
+      {
         const char *si;
-        
+
         s++;
         if ( *s == '/')
-          { 
+          {
             /* An issuer's DN is indicated by "#/" */
             s++;
             if (!*s || spacep (s))
@@ -745,7 +745,7 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
             else
               result = PATTERN_ISSUER;
           }
-        else 
+        else
           { /* Serialnumber + optional issuer ID. */
             for (si=s; *si && *si != '/'; si++)
               if (!strchr("01234567890abcdefABCDEF", *si))
@@ -772,10 +772,10 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
       break;
 
     case ':': /* Unified fingerprint. */
-      {  
+      {
         const char *se, *si;
         int i;
-        
+
         se = strchr (++s, ':');
         if (!se)
           result = PATTERN_UNKNOWN;
@@ -793,7 +793,7 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
             else
               result = PATTERN_UNKNOWN; /* Invalid length for a fingerprint. */
           }
-      } 
+      }
       break;
 
     case '&': /* Keygrip. */
@@ -810,52 +810,52 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
       hexlength = strspn(s, "0123456789abcdefABCDEF");
 
       /* Check if a hexadecimal number is terminated by EOS or blank. */
-      if (hexlength && s[hexlength] && !spacep (s+hexlength)) 
+      if (hexlength && s[hexlength] && !spacep (s+hexlength))
         {
           /* If the "0x" prefix is used a correct termination is required. */
-          if (hexprefix) 
+          if (hexprefix)
             {
-              result = PATTERN_UNKNOWN;   
+              result = PATTERN_UNKNOWN;
               break; /* switch */
             }
           hexlength = 0;  /* Not a hex number.  */
         }
-      
+
       if (hexlength == 8 || (!hexprefix && hexlength == 9 && *s == '0'))
-        { 
+        {
           if (hexlength == 9)
             s++;
           result = PATTERN_SHORT_KEYID;
         }
       else if (hexlength == 16 || (!hexprefix && hexlength == 17 && *s == '0'))
-        { 
+        {
           if (hexlength == 17)
             s++;
           result = PATTERN_LONG_KEYID;
         }
       else if (hexlength == 32 || (!hexprefix && hexlength == 33 && *s == '0'))
-        { 
+        {
           if (hexlength == 33)
             s++;
           result = PATTERN_FINGERPRINT16;
         }
       else if (hexlength == 40 || (!hexprefix && hexlength == 41 && *s == '0'))
-        { 
+        {
           if (hexlength == 41)
             s++;
           result = PATTERN_FINGERPRINT20;
         }
       else if (!hexprefix)
-        { 
+        {
           /* The fingerprints used with X.509 are often delimited by
              colons, so we try to single this case out. */
           result = PATTERN_UNKNOWN;
           hexlength = strspn (s, ":0123456789abcdefABCDEF");
-          if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) 
+          if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
             {
               int i, c;
 
-              for (i=0; i < 20; i++, s += 3) 
+              for (i=0; i < 20; i++, s += 3)
                 {
                   c = hextobyte(s);
                   if (c == -1 || (i < 19 && s[2] != ':'))
@@ -865,14 +865,14 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
                 result = PATTERN_FINGERPRINT20;
             }
           if (result == PATTERN_UNKNOWN) /* Default to substring match. */
-            { 
+            {
               result = PATTERN_SUBSTR;
             }
         }
       else /* A hex number with a prefix but with a wrong length.  */
         result = PATTERN_UNKNOWN;
     }
-  
+
   if (result != PATTERN_UNKNOWN)
     *r_offset = s - pattern;
   return result;
@@ -884,7 +884,7 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
    certificate, return all matching certificates by calling the
    supplied function RETFNC.  */
 gpg_error_t
-get_certs_bypattern (const char *pattern, 
+get_certs_bypattern (const char *pattern,
                      gpg_error_t (*retfnc)(void*,ksba_cert_t),
                      void *retfnc_data)
 {
@@ -904,7 +904,7 @@ get_certs_bypattern (const char *pattern,
   pattern += offset;
   switch (class)
     {
-    case PATTERN_UNKNOWN: 
+    case PATTERN_UNKNOWN:
       err = gpg_error (GPG_ERR_INV_NAME);
       break;
 
@@ -945,7 +945,7 @@ get_certs_bypattern (const char *pattern,
       if (!err && !seq)
         err = gpg_error (GPG_ERR_NOT_FOUND);
       break;
-      
+
     case PATTERN_EMAIL:
     case PATTERN_EMAIL_SUBSTR:
     case PATTERN_FINGERPRINT16:
@@ -1030,7 +1030,7 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
               break;
             }
         }
-      
+
       err = fetch_next_ksba_cert (context, &cert);
       if (err)
         {
@@ -1038,7 +1038,7 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
                      gpg_strerror (err) );
           break;
         }
-      
+
       issdn = ksba_cert_get_issuer (cert, 0);
       if (strcmp (issuer_dn, issdn))
         {
@@ -1046,7 +1046,7 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
           ksba_cert_release (cert);
           cert = NULL;
           ksba_free (issdn);
-          break; 
+          break;
         }
 
       sn = ksba_cert_get_serial (cert);
@@ -1193,7 +1193,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
               break;
             }
         }
-      
+
       err = fetch_next_ksba_cert (context, &cert);
       if (err)
         {
@@ -1201,7 +1201,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
                      gpg_strerror (err) );
           break;
         }
-      
+
       subjdn = ksba_cert_get_subject (cert, 0);
       if (strcmp (subject_dn, subjdn))
         {
@@ -1209,7 +1209,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
           ksba_cert_release (cert);
           cert = NULL;
           ksba_free (subjdn);
-          continue; 
+          continue;
         }
 
 
@@ -1257,7 +1257,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
 /* Return 0 if the certificate is a trusted certificate. Returns
    GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
    case of systems errors. */
-gpg_error_t 
+gpg_error_t
 is_trusted_cert (ksba_cert_t cert)
 {
   unsigned char fpr[20];
@@ -1365,7 +1365,7 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
         err = 0;
     }
 
- leave:  
+ leave:
   if (!err && !issuer_cert)
     err = gpg_error (GPG_ERR_NOT_FOUND);
 
@@ -1378,4 +1378,3 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
 
   return err;
 }
-
diff --git a/dirmngr/certcache.h b/dirmngr/certcache.h
index 2b7aeaf74..9986f15c0 100644
--- a/dirmngr/certcache.h
+++ b/dirmngr/certcache.h
@@ -73,7 +73,7 @@ ksba_cert_t get_cert_bysubject (const char *subject_dn, unsigned int seq);
 /* Given PATTERN, which is a string as used by GnuPG to specify a
    certificate, return all matching certificates by calling the
    supplied function RETFNC.  */
-gpg_error_t get_certs_bypattern (const char *pattern, 
+gpg_error_t get_certs_bypattern (const char *pattern,
                                  gpg_error_t (*retfnc)(void*,ksba_cert_t),
                                  void *retfnc_data);
 
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index 12d451060..edf3837af 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -18,16 +18,16 @@
  * along with this program; if not, see .
  */
 
-/* 
+/*
 
    1. To keep track of the CRLs actually cached and to store the meta
       information of the CRLs a simple record oriented text file is
       used.  Fields in the file are colon (':') separated and values
       containing colons or linefeeds are percent escaped (e.g. a colon
-      itself is represented as "%3A"). 
+      itself is represented as "%3A").
 
       The first field is a record type identifier, so that the file is
-      useful to keep track of other meta data too.  
+      useful to keep track of other meta data too.
 
       The name of the file is "DIR.txt".
 
@@ -55,7 +55,7 @@
                  to be done.
                  An "i" indicates an invalid cache entry which should
                  not be used but still exists so that it can be
-                 updated at NEXT_UPDATE. 
+                 updated at NEXT_UPDATE.
         Field 2: Hexadecimal encoded SHA-1 hash of the issuer DN using
                  uppercase letters.
         Field 3: Issuer DN in RFC-2253 notation.
@@ -75,7 +75,7 @@
 
       n  bytes  Serialnumber (binary) used as key
                 thus there is no need to store the length explicitly with DB2.
-      1  byte   Reason for revocation 
+      1  byte   Reason for revocation
                 (currently the KSBA reason flags are used)
       15 bytes  ISO date of revocation (e.g. 19980815T142000)
                 Note that there is no terminating 0 stored.
@@ -83,7 +83,7 @@
       The filename used is the hexadecimal (using uppercase letters)
       SHA-1 hash value of the issuer DN prefixed with a "crl-" and
       suffixed with a ".db".  Thus the length of the filename is 47.
-      
+
 
 */
 
@@ -133,7 +133,7 @@ static const char oidstr_authorityKeyIdentifier[] = "2.5.29.35";
 
 
 /* Definition of one cached item. */
-struct crl_cache_entry_s 
+struct crl_cache_entry_s
 {
   struct crl_cache_entry_s *next;
   int deleted;        /* True if marked for deletion. */
@@ -164,7 +164,7 @@ struct crl_cache_entry_s
 
 
 /* Definition of the entire cache object. */
-struct crl_cache_s 
+struct crl_cache_s
 {
   crl_cache_entry_t entries;
 };
@@ -197,7 +197,7 @@ get_current_cache (void)
 }
 
 
-/* 
+/*
    Create ae directory if it does not yet exists.  Returns on
    success, or -1 on error.
  */
@@ -221,7 +221,7 @@ create_directory_if_needed (const char *name)
           gpg_err_set_errno (save_errno);
           return -1;
         }
-    } 
+    }
   else
     closedir (dir);
   xfree (fname);
@@ -265,7 +265,7 @@ cleanup_cache_dir (int force)
           char *cdbname = make_filename (dname, de->d_name, NULL);
           int okay;
           struct stat sbuf;
-     
+
           if (force)
             okay = 1;
           else
@@ -285,7 +285,7 @@ cleanup_cache_dir (int force)
             log_info (_("not removing file `%s'\n"), cdbname);
           xfree (cdbname);
         }
-    }	  
+    }
   xfree (dname);
   closedir (dir);
   return problem;
@@ -345,7 +345,7 @@ next_line_from_file (estream_t fp, gpg_error_t *r_err)
   if (c == EOF && !len)
     return NULL;
   p[len] = 0;
-      
+
   if (largebuf)
     tmpbuf = xtryrealloc (largebuf, len+1);
   else
@@ -413,8 +413,8 @@ open_dir_file (const char *fname)
                  fname, strerror (errno));
 
       /* Make sure that the directory exists, try to create if otherwise. */
-      if (create_directory_if_needed (NULL) 
-          || create_directory_if_needed (DBDIR_D)) 
+      if (create_directory_if_needed (NULL)
+          || create_directory_if_needed (DBDIR_D))
         return NULL;
       fp = es_fopen (fname, "w");
       if (!fp)
@@ -518,7 +518,7 @@ static gpg_error_t
 open_dir (crl_cache_t *r_cache)
 {
   crl_cache_t cache;
-  char *fname; 
+  char *fname;
   char *line = NULL;
   gpg_error_t lineerr = 0;
   estream_t fp;
@@ -527,7 +527,7 @@ open_dir (crl_cache_t *r_cache)
   gpg_error_t err = 0;
   int anyerr = 0;
 
-  cache = xtrycalloc (1, sizeof *cache); 
+  cache = xtrycalloc (1, sizeof *cache);
   if (!cache)
     return gpg_error_from_syserror ();
 
@@ -591,15 +591,15 @@ open_dir (crl_cache_t *r_cache)
                 case 6: strncpy (entry->next_update, p, 15); break;
                 case 7: entry->dbfile_hash = p; break;
                 case 8: if (*p) entry->crl_number = p; break;
-                case 9: 
+                case 9:
                   if (*p)
                     entry->authority_issuer = unpercent_string (p);
                   break;
-                case 10: 
+                case 10:
                   if (*p)
                     entry->authority_serialno = unpercent_string (p);
                   break;
-                case 11: 
+                case 11:
                   if (*p)
                     entry->check_trust_anchor = xtrystrdup (p);
                   break;
@@ -629,7 +629,7 @@ open_dir (crl_cache_t *r_cache)
             }
           else
             {
-              line = NULL; 
+              line = NULL;
               *entrytail = entry;
               entrytail = &entry->next;
             }
@@ -683,9 +683,9 @@ open_dir (crl_cache_t *r_cache)
       /* Checks not leading to an immediate fail. */
       if (strlen (entry->dbfile_hash) != 32)
         log_info (_("WARNING: invalid cache file hash in `%s' line %u\n"),
-                  fname, entry->lineno); 
+                  fname, entry->lineno);
     }
-     
+
   if (anyerr)
     {
       log_error (_("detected errors in cache dir file\n"));
@@ -738,9 +738,9 @@ write_dir_line_crl (estream_t fp, crl_cache_entry_t e)
   es_putc (':', fp);
   write_percented_string (e->url, fp);
   es_putc (':', fp);
-  es_fwrite (e->this_update, 15, 1, fp); 
+  es_fwrite (e->this_update, 15, 1, fp);
   es_putc (':', fp);
-  es_fwrite (e->next_update, 15, 1, fp); 
+  es_fwrite (e->next_update, 15, 1, fp);
   es_putc (':', fp);
   es_fputs (e->dbfile_hash, fp);
   es_putc (':', fp);
@@ -802,7 +802,7 @@ update_dir (crl_cache_t cache)
 #ifndef HAVE_W32_SYSTEM
     struct utsname utsbuf;
 #endif
-    
+
 #ifdef HAVE_W32_SYSTEM
     nodename = "unknown";
 #else
@@ -853,10 +853,10 @@ update_dir (crl_cache_t cache)
               *endp = 0;
               e = find_entry ( cache->entries, fieldp);
               *endp = ':'; /* Restore orginal line. */
-              if (e && e->deleted) 
+              if (e && e->deleted)
                 {
                   /* Marked for deletion, so don't write it. */
-                  e->mark = 0; 
+                  e->mark = 0;
                 }
               else if (e)
                 {
@@ -869,7 +869,7 @@ update_dir (crl_cache_t cache)
                      because they may have been added in the meantime
                      by other instances of dirmngr. */
                   es_fprintf (fpout, "# Next line added by "
-                              "another process; our pid is %lu\n", 
+                              "another process; our pid is %lu\n",
                               (unsigned long)getpid ());
                   es_fputs (line, fpout);
                   es_putc ('\n', fpout);
@@ -882,7 +882,7 @@ update_dir (crl_cache_t cache)
               es_putc ('\n', fpout);
             }
         }
-      else 
+      else
         {
           /* Write out all non CRL lines as they are. */
           es_fputs (line, fpout);
@@ -1011,7 +1011,7 @@ hash_dbfile (const char *fname, unsigned char *md5buffer)
   /* We better hash some information about the cache file layout in. */
   sprintf (buffer, "%.100s/%.100s:%d", DBDIR_D, DBDIRFILE, DBDIRVERSION);
   gcry_md_write (md5, buffer, strlen (buffer));
-    
+
   for (;;)
     {
       n = es_fread (buffer, 1, 65536, fp);
@@ -1059,7 +1059,7 @@ check_dbfile (const char *fname, const char *md5hexvalue)
 
 /* Open the cache file for ENTRY.  This function implements a caching
    strategy and might close unused cache files. It is required to use
-   unlock_db_file after using the file. */ 
+   unlock_db_file after using the file. */
 static struct cdb *
 lock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
 {
@@ -1168,7 +1168,7 @@ unlock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
     log_error (_("calling unlock_db_file on a closed file\n"));
   else if (!entry->cdb_use_count)
     log_error (_("calling unlock_db_file on an unlocked file\n"));
-  else 
+  else
     {
       entry->cdb_use_count--;
       entry->cdb_lru_count++;
@@ -1196,12 +1196,12 @@ unlock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
 
 /* Find ISSUER_HASH in our cache FIRST. This may be used to enumerate
    the linked list we use to keep the CRLs of an issuer. */
-static crl_cache_entry_t 
+static crl_cache_entry_t
 find_entry (crl_cache_entry_t first, const char *issuer_hash)
 {
   while (first && (first->deleted || strcmp (issuer_hash, first->issuer_hash)))
     first = first->next;
-  return first;    
+  return first;
 }
 
 
@@ -1220,7 +1220,7 @@ crl_cache_init(void)
     }
 
   err = open_dir (&cache);
-  if (err) 
+  if (err)
     log_fatal (_("failed to create a new cache object: %s\n"),
                gpg_strerror (err));
   current_cache = cache;
@@ -1229,7 +1229,7 @@ crl_cache_init(void)
 
 /* Remove the cache information and all its resources.  Note that we
    still keep the cache on disk. */
-void 
+void
 crl_cache_deinit (void)
 {
   if (current_cache)
@@ -1241,7 +1241,7 @@ crl_cache_deinit (void)
 
 
 /* Delete the cache from disk. Return 0 on success.*/
-int 
+int
 crl_cache_flush (void)
 {
   int rc;
@@ -1258,7 +1258,7 @@ crl_cache_flush (void)
    cache has not yet expired.  We use a 30 minutes threshold here so
    that invoking this function several times won't load the CRL over
    and over.  */
-static crl_cache_result_t 
+static crl_cache_result_t
 cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
                const unsigned char *sn, size_t snlen,
                int force_refresh)
@@ -1290,7 +1290,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
   if (force_refresh)
     {
       gnupg_isotime_t tmptime;
-      
+
       if (*entry->last_refresh)
         {
           gnupg_copy_time (tmptime, entry->last_refresh);
@@ -1298,7 +1298,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
           if (strcmp (tmptime, current_time) < 0 )
             {
               log_info (_("force-crl-refresh active and %d minutes passed for"
-                          " issuer id %s; update required\n"), 
+                          " issuer id %s; update required\n"),
                         30, issuer_hash);
               return CRL_CACHE_DONTKNOW;
             }
@@ -1306,7 +1306,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
       else
         {
           log_info (_("force-crl-refresh active for"
-                      " issuer id %s; update required\n"), 
+                      " issuer id %s; update required\n"),
                     issuer_hash);
           return CRL_CACHE_DONTKNOW;
         }
@@ -1322,7 +1322,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
   cdb = lock_db_file (cache, entry);
   if (!cdb)
     return CRL_CACHE_DONTKNOW; /* Hmmm, not the best error code. */
-  
+
   if (!entry->dbfile_checked)
     {
       log_error (_("cached CRL for issuer id %s tampered; we need to update\n")
@@ -1332,7 +1332,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
     }
 
   rc = cdb_find (cdb, sn, snlen);
-  if (rc == 1) 
+  if (rc == 1)
     {
       n = cdb_datalen (cdb);
       if (n != 16)
@@ -1366,7 +1366,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
         }
       retval = CRL_CACHE_VALID;
     }
-  else 
+  else
     {
       log_error (_("error getting data from cache file: %s\n"),
                  strerror (errno));
@@ -1407,7 +1407,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
    cache has not yet expired.  We use a 30 minutes threshold here so
    that invoking this function several times won't load the CRL over
    and over.  */
-crl_cache_result_t 
+crl_cache_result_t
 crl_cache_isvalid (ctrl_t ctrl, const char *issuer_hash, const char *serialno,
                    int force_refresh)
 {
@@ -1434,7 +1434,7 @@ crl_cache_isvalid (ctrl_t ctrl, const char *issuer_hash, const char *serialno,
     xfree (snbuf);
 
   return result;
-}  
+}
 
 
 /* Check whether the certificate CERT is valid; i.e. not listed in our
@@ -1467,7 +1467,7 @@ crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert,
   xfree (tmp);
   for (i=0,tmp=issuerhash_hex; i < 20; i++, tmp += 2)
     sprintf (tmp, "%02X", issuerhash[i]);
-  
+
   /* Get the serial number.  */
   serial = ksba_cert_get_serial (cert);
   if (!serial)
@@ -1503,9 +1503,9 @@ crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert,
     case CRL_CACHE_INVALID:
       err = gpg_error (GPG_ERR_CERT_REVOKED);
       break;
-    case CRL_CACHE_DONTKNOW: 
+    case CRL_CACHE_DONTKNOW:
       err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-    case CRL_CACHE_CANTUSE: 
+    case CRL_CACHE_CANTUSE:
       err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
       break;
     default:
@@ -1514,21 +1514,21 @@ crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert,
 
   xfree (serial);
   return err;
-}  
+}
 
 
 /* Prepare a hash context for the signature verification.  Input is
    the CRL and the output is the hash context MD as well as the uses
    algorithm identifier ALGO. */
 static gpg_error_t
-start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo) 
+start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
 {
   gpg_error_t err;
   const char *algoid;
 
   algoid = ksba_crl_get_digest_algo (crl);
   *algo = gcry_md_map_name (algoid);
-  if (!*algo) 
+  if (!*algo)
     {
       log_error (_("unknown hash algorithm `%s'\n"), algoid? algoid:"?");
       return gpg_error (GPG_ERR_DIGEST_ALGO);
@@ -1544,7 +1544,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
   if (DBG_HASHING)
     gcry_md_debug (*md, "hash.cert");
 
-  ksba_crl_set_hash_function (crl, HASH_FNC, *md);  
+  ksba_crl_set_hash_function (crl, HASH_FNC, *md);
   return 0;
 }
 
@@ -1572,33 +1572,33 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
   /* Get and convert the signature value. */
   sigval = ksba_crl_get_sig_val (crl);
   n = gcry_sexp_canon_len (sigval, 0, NULL, NULL);
-  if (!n) 
+  if (!n)
     {
       log_error (_("got an invalid S-expression from libksba\n"));
       err = gpg_error (GPG_ERR_INV_SEXP);
       goto leave;
     }
   err = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
-  if (err) 
+  if (err)
     {
       log_error (_("converting S-expression failed: %s\n"),
                  gcry_strerror (err));
       goto leave;
     }
-	
+
   /* Get and convert the public key for the issuer certificate. */
   if (DBG_X509)
     dump_cert ("crl_issuer_cert", issuer_cert);
   pubkey = ksba_cert_get_public_key (issuer_cert);
   n = gcry_sexp_canon_len (pubkey, 0, NULL, NULL);
-  if (!n) 
+  if (!n)
     {
       log_error (_("got an invalid S-expression from libksba\n"));
       err = gpg_error (GPG_ERR_INV_SEXP);
       goto leave;
     }
   err = gcry_sexp_sscan (&s_pkey, NULL, pubkey, n);
-  if (err) 
+  if (err)
     {
       log_error (_("converting S-expression failed: %s\n"),
                  gcry_strerror (err));
@@ -1610,10 +1610,10 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
   for (i = 0; *s && i < sizeof(algoname) - 1; s++, i++)
     algoname[i] = ascii_tolower (*s);
   algoname[i] = 0;
-  err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))", 
+  err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
                          algoname,
                          gcry_md_get_algo_dlen (algo), gcry_md_read (md, algo));
-  if (err) 
+  if (err)
     {
       log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err));
       goto leave;
@@ -1660,21 +1660,21 @@ abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
    error.  R_TRUST_ANCHOR is set on exit to NULL or a string with the
    hexified fingerprint of the root certificate, if checking this
    certificate for trustiness is required.
-*/ 
-static int 
+*/
+static int
 crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
                   struct cdb_make *cdb, const char *fname,
                   char **r_crlissuer,
                   ksba_isotime_t thisupdate, ksba_isotime_t nextupdate,
                   char **r_trust_anchor)
-{  
+{
   gpg_error_t err;
   ksba_stop_reason_t stopreason;
   ksba_cert_t crlissuer_cert = NULL;
   gcry_md_hd_t md = NULL;
   int algo = 0;
   size_t n;
-  
+
   (void)fname;
 
   *r_crlissuer = NULL;
@@ -1697,19 +1697,19 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
           {
             if (start_sig_check (crl, &md, &algo ))
               goto failure;
-          
+
             err = ksba_crl_get_update_times (crl, thisupdate, nextupdate);
             if (err)
               {
                 log_error (_("error getting update times of CRL: %s\n"),
-                           gpg_strerror (err));	  
+                           gpg_strerror (err));
                 err = gpg_error (GPG_ERR_INV_CRL);
                 goto failure;
               }
 
             if (opt.verbose || !*nextupdate)
-              log_info (_("update times of this CRL: this=%s next=%s\n"), 
-                        thisupdate, nextupdate);   
+              log_info (_("update times of this CRL: this=%s next=%s\n"),
+                        thisupdate, nextupdate);
             if (!*nextupdate)
               {
                 log_info (_("nextUpdate not given; "
@@ -1719,7 +1719,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
               }
           }
           break;
-      
+
         case KSBA_SR_GOT_ITEM:
           {
             ksba_sexp_t serial;
@@ -1742,7 +1742,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
             if (!p)
               BUG ();
             record[0] = (reason & 0xff);
-            memcpy (record+1, rdate, 15); 
+            memcpy (record+1, rdate, 15);
             rc = cdb_make_add (cdb, p, n, record, 1+15);
             if (rc)
               {
@@ -1756,10 +1756,10 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
             ksba_free (serial);
           }
           break;
-      
+
         case KSBA_SR_END_ITEMS:
           break;
-      
+
         case KSBA_SR_READY:
           {
             char *crlissuer;
@@ -1791,7 +1791,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
                 if (opt.verbose)
                   log_info (_("locating CRL issuer certificate by "
                               "authorityKeyIdentifier\n"));
-                
+
                 s = ksba_name_enum (authid, 0);
                 if (s && *authidsn)
                   crlissuer_cert = find_cert_bysn (ctrl, s, authidsn);
@@ -1830,11 +1830,11 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
                 err = gpg_error (GPG_ERR_MISSING_CERT);
                 goto failure;
               }
-        
+
             err = finish_sig_check (crl, md, algo, crlissuer_cert);
             if (err)
               {
-                log_error (_("CRL signature verification failed: %s\n"), 
+                log_error (_("CRL signature verification failed: %s\n"),
                            gpg_strerror (err));
                 goto failure;
               }
@@ -1846,20 +1846,20 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
             if (err)
               {
                 log_error (_("error checking validity of CRL "
-                             "issuer certificate: %s\n"), 
+                             "issuer certificate: %s\n"),
                            gpg_strerror (err));
                 goto failure;
               }
 
           }
           break;
-      
+
         default:
           log_debug ("crl_parse_insert: unknown stop reason\n");
           err = gpg_error (GPG_ERR_BUG);
           goto failure;
         }
-    } 
+    }
   while (stopreason != KSBA_SR_READY);
   assert (!err);
 
@@ -1914,7 +1914,7 @@ get_auth_key_id (ksba_crl_t crl, char **serialno)
 
   if (!name)
     return xstrdup ("");
-  
+
   length = 0;
   for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
     {
@@ -1954,7 +1954,7 @@ get_auth_key_id (ksba_crl_t crl, char **serialno)
          cmd_checkcrl
       cmd_loadcrl
       --fetch-crl
-      
+
  */
 gpg_error_t
 crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
@@ -1982,7 +1982,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
   /* FIXME: We should acquire a mutex for the URL, so that we don't
      simultaneously enter the same CRL twice.  However this needs to be
      interweaved with the checking function.*/
- 
+
   err2 = 0;
 
   err = ksba_crl_new (&crl);
@@ -1991,7 +1991,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
       log_error (_("ksba_crl_new failed: %s\n"), gpg_strerror (err));
       goto leave;
     }
-  
+
   err = ksba_crl_set_reader (crl, reader);
   if ( err )
     {
@@ -2030,7 +2030,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
     xfree (tmpfname);
     if (!gnupg_remove (fname))
       log_info (_("removed stale temporary cache file `%s'\n"), fname);
-    else if (errno != ENOENT) 
+    else if (errno != ENOENT)
       {
         err = gpg_error_from_syserror ();
         log_error (_("problem removing stale temporary cache file `%s': %s\n"),
@@ -2120,7 +2120,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
         err2 = gpg_error (GPG_ERR_INV_CRL);
       invalidate_crl |= 2;
     }
-  if (gpg_err_code (err) == GPG_ERR_EOF 
+  if (gpg_err_code (err) == GPG_ERR_EOF
       || gpg_err_code (err) == GPG_ERR_NO_DATA )
     err = 0;
   if (err)
@@ -2141,9 +2141,9 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
       err = gpg_error_from_syserror ();
       goto leave;
     }
-  entry->release_ptr = xtrymalloc (strlen (issuer_hash) + 1 
+  entry->release_ptr = xtrymalloc (strlen (issuer_hash) + 1
                                    + strlen (issuer) + 1
-                                   + strlen (url) + 1 
+                                   + strlen (url) + 1
                                    + strlen (checksum) + 1);
   if (!entry->release_ptr)
     {
@@ -2157,8 +2157,8 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
   entry->url = stpcpy (entry->issuer, issuer) + 1;
   entry->dbfile_hash = stpcpy (entry->url, url) + 1;
   strcpy (entry->dbfile_hash, checksum);
-  gnupg_copy_time (entry->this_update, thisupdate); 
-  gnupg_copy_time (entry->next_update, nextupdate); 
+  gnupg_copy_time (entry->this_update, thisupdate);
+  gnupg_copy_time (entry->next_update, nextupdate);
   gnupg_copy_time (entry->last_refresh, current_time);
   entry->crl_number = get_crl_number (crl);
   entry->authority_issuer = get_auth_key_id (crl, &entry->authority_serialno);
@@ -2172,7 +2172,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
      somehow into the list. */
   for (e = cache->entries; (e=find_entry (e, entry->issuer_hash)); e = e->next)
     e->deleted = 1;
-  
+
   /* Rename the temporary DB to the real name. */
   newfname = make_db_file_name (entry->issuer_hash);
   if (opt.verbose)
@@ -2182,7 +2182,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
      only under Windows but saving file descriptors is never bad.  */
   {
     int any;
-    do 
+    do
       {
         any = 0;
         for (e = cache->entries; e; e = e->next)
@@ -2262,8 +2262,8 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp)
   es_fprintf (fp, _("Begin CRL dump (retrieved via %s)\n"), e->url );
   es_fprintf (fp, " Issuer:\t%s\n", e->issuer );
   es_fprintf (fp, " Issuer Hash:\t%s\n", e->issuer_hash );
-  es_fprintf (fp, " This Update:\t%s\n", e->this_update ); 
-  es_fprintf (fp, " Next Update:\t%s\n", e->next_update ); 
+  es_fprintf (fp, " This Update:\t%s\n", e->this_update );
+  es_fprintf (fp, " Next Update:\t%s\n", e->next_update );
   es_fprintf (fp, " CRL Number :\t%s\n", e->crl_number? e->crl_number: "none");
   es_fprintf (fp, " AuthKeyId  :\t%s\n",
               e->authority_serialno? e->authority_serialno:"none");
@@ -2277,7 +2277,7 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp)
           es_putc (*s, fp);
       es_putc ('\n', fp);
     }
-  es_fprintf (fp, " Trust Check:\t%s\n", 
+  es_fprintf (fp, " Trust Check:\t%s\n",
               !e->user_trust_req? "[system]" :
               e->check_trust_anchor? e->check_trust_anchor:"[missing]");
 
@@ -2325,7 +2325,7 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp)
           warn = 1;
           continue;
         }
-    
+
       n = cdb_keylen (cdb);
       if (n > sizeof keyrecord)
         n = sizeof keyrecord;
@@ -2341,26 +2341,26 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp)
       for (i = 0; i < n; i++)
         es_fprintf (fp, "%02X", keyrecord[i]);
       es_fputs (":\t reasons( ", fp);
-    
+
       if (reason & KSBA_CRLREASON_UNSPECIFIED)
         es_fputs( "unspecified ", fp ), any = 1;
       if (reason & KSBA_CRLREASON_KEY_COMPROMISE )
-        es_fputs( "key_compromise ", fp ), any = 1; 
+        es_fputs( "key_compromise ", fp ), any = 1;
       if (reason & KSBA_CRLREASON_CA_COMPROMISE )
-        es_fputs( "ca_compromise ", fp ), any = 1; 
+        es_fputs( "ca_compromise ", fp ), any = 1;
       if (reason & KSBA_CRLREASON_AFFILIATION_CHANGED )
-        es_fputs( "affiliation_changed ", fp ), any = 1; 
+        es_fputs( "affiliation_changed ", fp ), any = 1;
       if (reason & KSBA_CRLREASON_SUPERSEDED )
-        es_fputs( "superseeded", fp ), any = 1; 
+        es_fputs( "superseeded", fp ), any = 1;
       if (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION )
-        es_fputs( "cessation_of_operation", fp ), any = 1; 
+        es_fputs( "cessation_of_operation", fp ), any = 1;
       if (reason & KSBA_CRLREASON_CERTIFICATE_HOLD )
-        es_fputs( "certificate_hold", fp ), any = 1; 
+        es_fputs( "certificate_hold", fp ), any = 1;
       if (reason && !any)
-        es_fputs( "other", fp ); 
-      
+        es_fputs( "other", fp );
+
       es_fprintf (fp, ") rdate: %.15s\n", record+1);
-    } 
+    }
   if (rc)
     log_error (_("error reading cache entry from db: %s\n"), strerror (rc));
 
@@ -2374,8 +2374,8 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp)
 
 /* Print the contents of the CRL CACHE in a human readable format to
    stream FP. */
-gpg_error_t 
-crl_cache_list (estream_t fp) 
+gpg_error_t
+crl_cache_list (estream_t fp)
 {
   crl_cache_t cache = get_current_cache ();
   crl_cache_entry_t entry;
@@ -2383,7 +2383,7 @@ crl_cache_list (estream_t fp)
 
   for (entry = cache->entries;
        entry && !entry->deleted && !err;
-       entry = entry->next ) 
+       entry = entry->next )
     err = list_one_crl_entry (cache, entry, fp);
 
   return err;
@@ -2420,7 +2420,7 @@ crl_cache_load (ctrl_t ctrl, const char *filename)
 /* Locate the corresponding CRL for the certificate CERT, read and
    verify the CRL and store it in the cache.  */
 gpg_error_t
-crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) 
+crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
 {
   gpg_error_t err;
   ksba_reader_t reader = NULL;
@@ -2441,7 +2441,7 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
                                                 &distpoint,
                                                 &issuername, NULL )))
     {
-      int name_seq; 
+      int name_seq;
       gpg_error_t last_err = 0;
 
       if (!distpoint && !issuername)
@@ -2463,7 +2463,7 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
           distpoint_uri = ksba_name_get_uri (distpoint, name_seq);
           if (!distpoint_uri)
             continue;
-          
+
           if (!strncmp (distpoint_uri, "ldap:", 5)
               || !strncmp (distpoint_uri, "ldaps:", 6))
             {
@@ -2478,9 +2478,9 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
             }
           else
             continue; /* Skip unknown schemes. */
-          
+
           any_dist_point = 1;
-          
+
           if (opt.verbose)
             log_info ("fetching CRL from `%s'\n", distpoint_uri);
           err = crl_fetch (ctrl, distpoint_uri, &reader);
@@ -2491,10 +2491,10 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
               last_err = err;
               continue; /* with the next name. */
             }
-          
+
           if (opt.verbose)
             log_info ("inserting CRL (reader %p)\n", reader);
-          err = crl_cache_insert (ctrl, distpoint_uri, reader); 
+          err = crl_cache_insert (ctrl, distpoint_uri, reader);
           if (err)
             {
               log_error (_("crl_cache_insert via DP failed: %s\n"),
@@ -2510,12 +2510,12 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
           err = last_err;
           goto leave;
         }
-      
+
       ksba_name_release (distpoint); distpoint = NULL;
 
       /* We don't do anything with issuername_uri yet but we keep the
          code for documentation. */
-      issuername_uri =  ksba_name_get_uri (issuername, 0); 
+      issuername_uri =  ksba_name_get_uri (issuername, 0);
       ksba_name_release (issuername); issuername = NULL;
 
     }
@@ -2527,7 +2527,7 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
     {
       if (opt.verbose)
         log_info ("no distribution point - trying issuer name\n");
-      
+
       if (reader)
         {
           crl_close_reader (reader);
@@ -2535,10 +2535,10 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
         }
 
       issuer = ksba_cert_get_issuer (cert, 0);
-      if (!issuer) 
+      if (!issuer)
         {
           log_error ("oops: issuer missing in certificate\n");
-          err = gpg_error (GPG_ERR_INV_CERT_OBJ); 
+          err = gpg_error (GPG_ERR_INV_CERT_OBJ);
           goto leave;
         }
 
@@ -2568,9 +2568,8 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
     crl_close_reader (reader);
   xfree (distpoint_uri);
   xfree (issuername_uri);
-  ksba_name_release (distpoint); 
-  ksba_name_release (issuername); 
+  ksba_name_release (distpoint);
+  ksba_name_release (issuername);
   ksba_free (issuer);
   return err;
 }
-
diff --git a/dirmngr/crlcache.h b/dirmngr/crlcache.h
index c2995129c..6e9dc28ff 100644
--- a/dirmngr/crlcache.h
+++ b/dirmngr/crlcache.h
@@ -22,9 +22,9 @@
 #define CRLCACHE_H
 
 
-typedef enum 
+typedef enum
   {
-    CRL_CACHE_VALID = 0, 
+    CRL_CACHE_VALID = 0,
     CRL_CACHE_INVALID,
     CRL_CACHE_DONTKNOW,
     CRL_CACHE_CANTUSE
@@ -32,11 +32,11 @@ typedef enum
 crl_cache_result_t;
 
 typedef enum foo
-  { 
+  {
     CRL_SIG_OK = 0,
     CRL_SIG_NOT_OK,
     CRL_TOO_OLD,
-    CRL_SIG_ERROR, 
+    CRL_SIG_ERROR,
     CRL_GENERAL_ERROR
   }
 crl_sig_result_t;
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 057742389..822584b49 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -13,7 +13,7 @@
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see .
  */
@@ -61,7 +61,7 @@ static void
 register_file_reader (ksba_reader_t reader, struct reader_cb_context_s *cb_ctx)
 {
   int i;
-  
+
   for (;;)
     {
       for (i=0; i < MAX_FILE_READER; i++)
@@ -72,7 +72,7 @@ register_file_reader (ksba_reader_t reader, struct reader_cb_context_s *cb_ctx)
             return;
           }
       log_info (_("reader to file mapping table full - waiting\n"));
-      pth_sleep (2); 
+      pth_sleep (2);
     }
 }
 
@@ -97,7 +97,7 @@ get_file_reader (ksba_reader_t reader)
 
 
 
-static int 
+static int
 my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread)
 {
   struct reader_cb_context_s *cb_ctx = opaque;
@@ -144,7 +144,7 @@ my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread)
 
   return result;
 }
-           
+
 
 /* Fetch CRL from URL and return the entire CRL using new ksba reader
    object in READER.  Note that this reader object should be closed
@@ -194,7 +194,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
       else
         err = http_open_document (&hd, url, NULL,
                                   (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-                                  |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0), 
+                                  |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
                                   opt.http_proxy, NULL, NULL, NULL);
 
       switch ( err? 99999 : http_get_status_code (hd) )
@@ -236,7 +236,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
               }
           }
           break;
-        
+
         case 301: /* Redirection (perm.). */
         case 302: /* Redirection (temp.). */
           {
@@ -265,7 +265,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
             http_close (hd, 0);
           }
           break;
-  
+
         case 99999: /* Made up status code for error reporting.  */
           log_error (_("error retrieving `%s': %s\n"),
                      url, gpg_strerror (err));
@@ -359,7 +359,7 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
   unsigned char *value;
   size_t valuelen;
   ksba_cert_t cert;
-  
+
   *r_cert = NULL;
 
   err = fetch_next_cert_ldap (context, &value, &valuelen);
@@ -445,7 +445,7 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
   ksba_cert_release (cert);
   ldap_wrapper_release_context (reader);
 
-  return err;  
+  return err;
 }
 
 /* This function is to be used to close the reader object.  In
@@ -464,7 +464,7 @@ crl_close_reader (ksba_reader_t reader)
   if (cb_ctx)
     {
       /* This is an HTTP context. */
-      if (cb_ctx->fp) 
+      if (cb_ctx->fp)
         es_fclose (cb_ctx->fp);
       /* Release the base64 decoder state.  */
       if (cb_ctx->is_pem)
diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c
index 5aba0c80a..e20e6c08f 100644
--- a/dirmngr/dirmngr-client.c
+++ b/dirmngr/dirmngr-client.c
@@ -29,7 +29,7 @@
 #include 
 
 #include 
-#include  
+#include 
 
 #define JNLIB_NEED_LOG_LOGV
 #include "../common/logging.h"
@@ -43,7 +43,7 @@
 
 
 /* Constants for the options.  */
-enum 
+enum
   {
     oQuiet	  = 'q',
     oVerbose	  = 'v',
@@ -81,7 +81,7 @@ static ARGPARSE_OPTS opts[] = {
     N_("force the use of the default OCSP responder")},
   { 0, NULL, 0, NULL }
 };
- 
+
 
 /* The usual structure for the program flags.  */
 static struct
@@ -137,7 +137,7 @@ static const char *
 my_strusage (int level)
 {
   const char *p;
-    
+
   switch(level)
     {
     case 11: p = "dirmngr-client (GnuPG)";
@@ -182,18 +182,18 @@ main (int argc, char **argv )
 
   set_strusage (my_strusage);
   log_set_prefix ("dirmngr-client",
-                  JNLIB_LOG_WITH_PREFIX); 
+                  JNLIB_LOG_WITH_PREFIX);
 
   /* For W32 we need to initialize the socket subsystem.  Becuase we
      don't use Pth we need to do this explicit. */
-#ifdef HAVE_W32_SYSTEM  
+#ifdef HAVE_W32_SYSTEM
  {
    WSADATA wsadat;
 
    WSAStartup (0x202, &wsadat);
  }
 #endif /*HAVE_W32_SYSTEM*/
-  
+
   /* Init Assuan.  */
   assuan_set_assuan_log_prefix (log_get_prefix (NULL));
   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
@@ -211,7 +211,7 @@ main (int argc, char **argv )
         {
         case oVerbose: opt.verbose++; break;
         case oQuiet: opt.quiet++; break;
-          
+
         case oOCSP: opt.use_ocsp++; break;
         case oPing: cmd_ping = 1; break;
         case oCacheCert: cmd_cache_cert = 1; break;
@@ -221,7 +221,7 @@ main (int argc, char **argv )
         case oLocal: opt.local = 1; break;
         case oLoadCRL: cmd_loadcrl = 1; break;
         case oPEM: opt.pem = 1; break;
-        case oSquidMode: 
+        case oSquidMode:
           opt.pem = 1;
           opt.escaped_pem = 1;
           cmd_squid_mode = 1;
@@ -235,11 +235,11 @@ main (int argc, char **argv )
     exit (2);
 
   /* Build the helptable for radix64 to bin conversion. */
-  if (opt.pem) 
+  if (opt.pem)
     {
       int i;
       unsigned char *s;
-      
+
       for (i=0; i < 256; i++ )
         asctobin[i] = 255; /* Used to detect invalid characters. */
       for (s=bintoasc, i=0; *s; s++, i++)
@@ -428,7 +428,7 @@ data_cb (void *opaque, const void *buffer, size_t length)
     }
   return 0;
 }
-  
+
 
 /* Try to connect to the dirmngr via socket or fork it off and work by
    pipes.  Handle the server's initial greeting */
@@ -470,7 +470,7 @@ start_dirmngr (int only_daemon)
 
       if (opt.verbose)
         log_info (_("no running dirmngr - starting one\n"));
-      
+
       if (!opt.dirmngr_program || !*opt.dirmngr_program)
         opt.dirmngr_program = "./dirmngr";
       if ( !(pgmname = strrchr (opt.dirmngr_program, '/')))
@@ -681,8 +681,8 @@ read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
              real LF and not a trailing percent escaped one. */
           if (c== '\n' && !escaped_c)
             goto ready;
-          break; 
-        default: 
+          break;
+        default:
           BUG();
         }
     }
@@ -729,7 +729,7 @@ read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
   buf = NULL;
   bufsize = buflen = 0;
 #define NCHUNK 8192
-  do 
+  do
     {
       bufsize += NCHUNK;
       if (!buf)
@@ -816,10 +816,10 @@ do_check (assuan_context_t ctx, const unsigned char *cert, size_t certlen)
   parm.cert = cert;
   parm.certlen = certlen;
 
-  err = assuan_transact (ctx, 
+  err = assuan_transact (ctx,
                          (opt.use_ocsp && opt.force_default_responder
-                          ? "CHECKOCSP --force-default-responder" 
-                          : opt.use_ocsp? "CHECKOCSP" : "CHECKCRL"), 
+                          ? "CHECKOCSP --force-default-responder"
+                          : opt.use_ocsp? "CHECKOCSP" : "CHECKCRL"),
                          NULL, NULL, inq_cert, &parm, status_cb, NULL);
   if (opt.verbose > 1)
     log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay");
@@ -887,7 +887,7 @@ do_loadcrl (assuan_context_t ctx, const char *filename)
           log_error ("error canonicalizing `%s': %s\n",
                      filename, strerror (errno));
           return gpg_error (GPG_ERR_GENERAL);
-        }      
+        }
 #else
       fname = xstrdup (filename);
 #endif
@@ -897,7 +897,7 @@ do_loadcrl (assuan_context_t ctx, const char *filename)
           return gpg_error (GPG_ERR_GENERAL);
         }
     }
-  
+
   line = xmalloc (8 + 6 + strlen (fname) * 3 + 1);
   p = stpcpy (line, "LOADCRL ");
   if (opt.url)
@@ -988,7 +988,7 @@ squid_loop_body (assuan_context_t ctx)
   gpg_error_t err;
   unsigned char *certbuf;
   size_t certbuflen = 0;
-  
+
   err = read_pem_certificate (NULL, &certbuf, &certbuflen);
   if (gpg_err_code (err) == GPG_ERR_EOF)
     return err;
@@ -1008,7 +1008,7 @@ squid_loop_body (assuan_context_t ctx)
         log_info (_("certificate is valid\n"));
       puts ("OK");
     }
-  else 
+  else
     {
       if (!opt.quiet)
         {
@@ -1020,7 +1020,7 @@ squid_loop_body (assuan_context_t ctx)
         }
       puts ("ERROR");
     }
-  
+
   fflush (stdout);
 
   return 0;
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 1ba90b8ed..de243ee25 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -36,10 +36,10 @@
 
 /* This objects keeps information about a particular LDAP server and
    is used as item of a single linked list of servers. */
-struct ldap_server_s 
+struct ldap_server_s
 {
   struct ldap_server_s* next;
-  
+
   char *host;
   int   port;
   char *user;
@@ -71,7 +71,7 @@ struct fingerprint_list_s
 
 
 /* A large struct named "opt" to keep global flags.  */
-struct 
+struct
 {
   unsigned int debug; /* debug flags (DBG_foo_VALUE) */
   int verbose;        /* verbosity level */
@@ -116,18 +116,18 @@ struct
 
   int max_replies;
   unsigned int ldaptimeout;
-  
+
   ldap_server_t ldapservers;
   int add_new_ldapservers;
 
   const char *ocsp_responder;     /* Standard OCSP responder's URL. */
   fingerprint_list_t ocsp_signer; /* The list of fingerprints with allowed
                                      standard OCSP signer certificates.  */
-  
+
   unsigned int ocsp_max_clock_skew; /* Allowed seconds of clocks skew. */
   unsigned int ocsp_max_period;     /* Seconds a response is at maximum
                                        considered valid after thisUpdate. */
-  unsigned int ocsp_current_period; /* Seconds a response is considered 
+  unsigned int ocsp_current_period; /* Seconds a response is considered
                                        current after nextUpdate. */
 } opt;
 
@@ -168,7 +168,7 @@ struct server_control_s
   int status_fd;     /* Only for non-server mode. */
   struct server_local_s *server_local;
   int force_crl_refresh; /* Always load a fresh CRL. */
-  
+
   int check_revocations_nest_level; /* Internal to check_revovations.  */
   cert_ref_t ocsp_certs; /* Certificates from the current OCSP
                             response. */
diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c
index a0df499d4..8433bbf81 100644
--- a/dirmngr/dirmngr_ldap.c
+++ b/dirmngr/dirmngr_ldap.c
@@ -100,7 +100,7 @@ static void pth_leave (void) { }
 
 
 /* Constants for the options.  */
-enum 
+enum
   {
     oQuiet	  = 'q',
     oVerbose	  = 'v',
@@ -187,7 +187,7 @@ static const char *
 my_strusage (int level)
 {
   const char *p;
-    
+
   switch(level)
     {
     case 11: p = "dirmngr_ldap (GnuPG)";
@@ -230,13 +230,13 @@ ldap_wrapper_main (char **argv, estream_t outstream)
   struct my_opt_s my_opt_buffer;
   my_opt_t myopt = &my_opt_buffer;
   char *malloced_buffer1 = NULL;
-  
+
   memset (&my_opt_buffer, 0, sizeof my_opt_buffer);
 
 #ifdef USE_LDAPWRAPPER
   set_strusage (my_strusage);
-  log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX); 
-  
+  log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX);
+
   /* Setup I18N and common subsystems. */
   i18n_init();
 
@@ -265,8 +265,8 @@ ldap_wrapper_main (char **argv, estream_t outstream)
         {
         case oVerbose: myopt->verbose++; break;
         case oQuiet: myopt->quiet++; break;
-	case oTimeout: 
-	  myopt->timeout.tv_sec = pargs.r.ret_int; 
+	case oTimeout:
+	  myopt->timeout.tv_sec = pargs.r.ret_int;
 	  myopt->timeout.tv_usec = 0;
           myopt->alarm_timeout = pargs.r.ret_int;
 	  break;
@@ -322,7 +322,7 @@ ldap_wrapper_main (char **argv, estream_t outstream)
       if (!myopt->port)
         myopt->port = 389;  /* make sure ports gets overridden.  */
     }
-        
+
   if (myopt->port < 0 || myopt->port > 65535)
     log_error (_("invalid port number %d\n"), myopt->port);
 
@@ -342,12 +342,12 @@ ldap_wrapper_main (char **argv, estream_t outstream)
 #ifndef HAVE_W32_SYSTEM
 # if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
       struct sigaction act;
-      
+
       act.sa_handler = catch_alarm;
       sigemptyset (&act.sa_mask);
       act.sa_flags = 0;
       if (sigaction (SIGALRM,&act,NULL))
-# else 
+# else
       if (signal (SIGALRM, catch_alarm) == SIG_ERR)
 # endif
           log_fatal ("unable to register timeout handler\n");
@@ -413,7 +413,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
             }
         }
 
-          
+
       for (pth_enter (), attr = my_ldap_first_attribute (ld, item, &berctx),
              pth_leave ();
            attr;
@@ -425,7 +425,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
 
           if (myopt->verbose > 1)
             log_info (_("          available attribute `%s'\n"), attr);
-          
+
           set_timeout (myopt);
 
           /* I case we want only one attribute we do a case
@@ -474,7 +474,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
                 for (idx=0; values[idx]; idx++)
                   log_info ("         length[%d]=%d\n",
                             idx, (int)values[0]->bv_len);
-              
+
             }
 
           if (myopt->multi)
@@ -487,7 +487,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
               tmp[2] = (n >> 16);
               tmp[3] = (n >> 8);
               tmp[4] = (n);
-              if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1 
+              if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1
                   || es_fwrite (attr, n, 1, myopt->outstream) != 1)
                 {
                   log_error (_("error writing to stdout: %s\n"),
@@ -544,7 +544,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
             break; /* We only want to return the first attribute.  */
         }
       ber_free (berctx, 0);
-    } 
+    }
 
   if (myopt->verbose > 1 && any)
     log_info ("result has been printed\n");
@@ -623,7 +623,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
   pth_leave ();
   if (!ld)
     {
-      log_error (_("LDAP init to `%s:%d' failed: %s\n"), 
+      log_error (_("LDAP init to `%s:%d' failed: %s\n"),
                  host, port, strerror (errno));
       return -1;
     }
@@ -633,7 +633,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
   pth_leave ();
   if (ret)
     {
-      log_error (_("binding to `%s:%d' failed: %s\n"), 
+      log_error (_("binding to `%s:%d' failed: %s\n"),
                  host, port, strerror (errno));
       ldap_unbind (ld);
       return -1;
@@ -660,7 +660,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
 #ifdef HAVE_W32CE_SYSTEM
       log_error ("searching `%s' failed: %d\n", url, rc);
 #else
-      log_error (_("searching `%s' failed: %s\n"), 
+      log_error (_("searching `%s' failed: %s\n"),
                  url, ldap_err2string (rc));
 #endif
       if (rc != LDAP_NO_SUCH_OBJECT)
@@ -707,4 +707,3 @@ process_url (my_opt_t myopt, const char *url)
   ldap_free_urldesc (ludp);
   return rc;
 }
-
diff --git a/dirmngr/get-path.c b/dirmngr/get-path.c
index c944ec1dd..c773e7074 100644
--- a/dirmngr/get-path.c
+++ b/dirmngr/get-path.c
@@ -4,17 +4,17 @@
    Copyright (C) 2001, 2002, 2003, 2004, 2007 g10 Code GmbH
 
    This file is part of DirMngr.
-  
+
    DirMngr is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
-  
+
    DirMngr is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-  
+
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
@@ -45,10 +45,10 @@
 #ifdef HAVE_W32_SYSTEM
 #define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
 #elif defined(__VMS)
-#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" 
+#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
 #else
 #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
-#endif 
+#endif
 
 #ifdef HAVE_DOSISH_SYSTEM
 #define DIRSEP_C '\\'
@@ -91,7 +91,7 @@ dlclose (void * hd)
       return 0;
     }
   return -1;
-}  
+}
 
 
 /* Return a string from the W32 Registry or NULL in case of error.
@@ -103,7 +103,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
   HKEY root_key, key_handle;
   DWORD n1, nbytes, type;
   char *result = NULL;
-	
+
   if ( !root )
     root_key = HKEY_CURRENT_USER;
   else if ( !strcmp( root, "HKEY_CLASSES_ROOT" ) )
@@ -120,7 +120,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
     root_key = HKEY_CURRENT_CONFIG;
   else
     return NULL;
-	
+
   if ( RegOpenKeyEx ( root_key, dir, 0, KEY_READ, &key_handle ) )
     {
       if (root)
@@ -151,10 +151,10 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
       goto leave;
     }
   result[nbytes] = 0; /* Make sure it is really a string.  */
-  if (type == REG_EXPAND_SZ && strchr (result, '%')) 
+  if (type == REG_EXPAND_SZ && strchr (result, '%'))
     {
       char *tmp;
-        
+
       n1 += 1000;
       tmp = malloc (n1+1);
       if (!tmp)
@@ -183,7 +183,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
           result = malloc (strlen (tmp)+1);
           if (!result)
             result = tmp;
-          else 
+          else
             {
               strcpy (result, tmp);
               free (tmp);
@@ -276,8 +276,8 @@ find_program_at_standard_place (const char *name)
 {
   char path[MAX_PATH];
   char *result = NULL;
-      
-  if (w32_shgetfolderpath (NULL, CSIDL_PROGRAM_FILES, NULL, 0, path) >= 0) 
+
+  if (w32_shgetfolderpath (NULL, CSIDL_PROGRAM_FILES, NULL, 0, path) >= 0)
     {
       result = malloc (strlen (path) + 1 + strlen (name) + 1);
       if (result)
@@ -348,7 +348,7 @@ standard_homedir (void)
   if (!dir)
     {
       char path[MAX_PATH];
-      
+
       /* It might be better to use LOCAL_APPDATA because this is
          defined as "non roaming" and thus more likely to be kept
          locally.  For private keys this is desired.  However, given
@@ -356,13 +356,13 @@ standard_homedir (void)
          using a system roaming services might be better than to let
          them do it manually.  A security conscious user will anyway
          use the registry entry to have better control.  */
-      if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, 
-                               NULL, 0, path) >= 0) 
+      if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
+                               NULL, 0, path) >= 0)
         {
           char *tmp = xmalloc (strlen (path) + 6 +1);
           strcpy (stpcpy (tmp, path), "\\gnupg");
           dir = tmp;
-          
+
           /* Try to create the directory if it does not yet exists.  */
           if (access (dir, F_OK))
             CreateDirectory (dir, NULL);
@@ -388,7 +388,7 @@ default_homedir (void)
   if (!dir || !*dir)
     {
       static const char *saved_dir;
-      
+
       if (!saved_dir)
         {
           if (!dir || !*dir)
@@ -405,7 +405,7 @@ default_homedir (void)
                if (tmp)
                 saved_dir = tmp;
             }
-          
+
           if (!saved_dir)
             saved_dir = standard_homedir ();
         }
@@ -442,7 +442,7 @@ w32_rootdir (void)
       else
         {
           log_debug ("bad filename `%s' returned for this process\n", dir);
-          *dir = 0; 
+          *dir = 0;
         }
     }
 
@@ -461,8 +461,8 @@ w32_commondir (void)
     {
       char path[MAX_PATH];
 
-      if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, 
-                               NULL, 0, path) >= 0) 
+      if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA,
+                               NULL, 0, path) >= 0)
         {
           char *tmp = xmalloc (strlen (path) + 4 +1);
           strcpy (stpcpy (tmp, path), "\\GNU");
@@ -477,7 +477,7 @@ w32_commondir (void)
           dir = xstrdup (w32_rootdir ());
         }
     }
-  
+
   return dir;
 }
 #endif /*HAVE_W32_SYSTEM*/
@@ -563,8 +563,8 @@ dirmngr_cachedir (void)
 	  s1_len += 1 + strlen (*comp);
 	}
 
-      if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE, 
-                               NULL, 0, path) >= 0) 
+      if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
+                               NULL, 0, path) >= 0)
         {
           char *tmp = xmalloc (strlen (path) + s1_len + 1);
 	  char *p;
diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
index fd2a2b568..50f0d5063 100644
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@@ -173,11 +173,10 @@ ks_action_put (ctrl_t ctrl, const void *data, size_t datalen)
             }
         }
     }
-  
+
   if (!any)
     err = gpg_error (GPG_ERR_NO_KEYSERVER);
   else if (!err && first_err)
     err = first_err; /* fixme: Do we really want to do that?  */
   return err;
 }
-
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index e25900ae1..3467a6df3 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -107,7 +107,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
     case 302:
       {
         const char *s = http_get_header (http, "Location");
-        
+
         log_info (_("URL `%s' redirected to `%s' (%u)\n"),
                   request, s?s:"[none]", http_get_status_code (http));
         if (s && *s && redirects_left-- )
@@ -197,7 +197,7 @@ armor_data (char **r_string, const void *data, size_t datalen)
       es_fclose (fp);
       return err;
     }
-  
+
   es_rewind (fp);
   if (es_read (fp, buffer, length, &nread))
     {
@@ -207,7 +207,7 @@ armor_data (char **r_string, const void *data, size_t datalen)
     }
   buffer[nread] = 0;
   es_fclose (fp);
-  
+
   *r_string = buffer;
   return 0;
 }
@@ -252,7 +252,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
       pattern = fprbuf;
       break;
     case KEYDB_SEARCH_MODE_LONG_KID:
-      snprintf (fprbuf, sizeof fprbuf, "0x%08lX%08lX", 
+      snprintf (fprbuf, sizeof fprbuf, "0x%08lX%08lX",
                 (ulong)desc.u.kid[0], (ulong)desc.u.kid[1]);
       pattern = fprbuf;
       break;
@@ -268,7 +268,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
     default:
       return gpg_error (GPG_ERR_INV_USER_ID);
     }
-  
+
   /* Map scheme and port.  */
   if (!strcmp (uri->scheme,"hkps") || !strcmp (uri->scheme,"https"))
     {
@@ -289,7 +289,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
   {
     char *searchkey;
 
-    hostport = strconcat (scheme, "://", 
+    hostport = strconcat (scheme, "://",
                           *uri->host? uri->host: "localhost",
                           ":", portstr, NULL);
     if (!hostport)
@@ -316,7 +316,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
         goto leave;
       }
   }
-  
+
   /* Send the request.  */
   err = send_request (ctrl, request, hostport, NULL, NULL, &fp);
   if (err)
@@ -395,7 +395,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
     default:
       return gpg_error (GPG_ERR_INV_USER_ID);
     }
-  
+
   /* Map scheme and port.  */
   if (!strcmp (uri->scheme,"hkps") || !strcmp (uri->scheme,"https"))
     {
@@ -414,7 +414,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
 
   /* Build the request string.  */
   {
-    hostport = strconcat (scheme, "://", 
+    hostport = strconcat (scheme, "://",
                           *uri->host? uri->host: "localhost",
                           ":", portstr, NULL);
     if (!hostport)
@@ -433,7 +433,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
         goto leave;
       }
   }
-  
+
   /* Send the request.  */
   err = send_request (ctrl, request, hostport, NULL, NULL, &fp);
   if (err)
@@ -527,7 +527,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
   armored = NULL;
 
   /* Build the request string.  */
-  hostport = strconcat (scheme, "://", 
+  hostport = strconcat (scheme, "://",
                         *uri->host? uri->host: "localhost",
                         ":", portstr, NULL);
   if (!hostport)
@@ -542,7 +542,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
       err = gpg_error_from_syserror ();
       goto leave;
     }
-  
+
   /* Send the request.  */
   err = send_request (ctrl, request, hostport, put_post_cb, &parm, &fp);
   if (err)
diff --git a/dirmngr/ldap-url.c b/dirmngr/ldap-url.c
index eedcc6fd2..7b27a3096 100644
--- a/dirmngr/ldap-url.c
+++ b/dirmngr/ldap-url.c
@@ -92,7 +92,7 @@ software is provided ``as is'' without express or implied warranty.  */
 #define LDAP_REALLOC		realloc
 #define ldap_utf8_strchr	strchr
 #define ldap_utf8_strtok(n,d,s) strtok (n,d)
-#define Debug(a,b,c,d,e)	
+#define Debug(a,b,c,d,e)
 void ldap_pvt_hex_unescape( char *s );
 
 
@@ -336,7 +336,7 @@ char * ldap_charray2str( char **a, const char *sep )
 	s = LDAP_MALLOC ( len + 1 );
 
 	if ( s == NULL ) {
-		return NULL;	
+		return NULL;
 	}
 
 	p = s;
@@ -636,7 +636,7 @@ ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
 	 * anything real.
 	 */
 	if( (p == NULL) && (q != NULL) && ((q = strchr( q, '?')) != NULL)) {
-		q++;		
+		q++;
 		/* ? immediately followed by question */
 		if( *q == '?') {
 			q++;
@@ -866,7 +866,7 @@ ldap_free_urldesc( LDAPURLDesc *ludp )
 	if ( ludp == NULL ) {
 		return;
 	}
-	
+
 	if ( ludp->lud_scheme != NULL ) {
 		LDAP_FREE( ludp->lud_scheme );
 	}
@@ -929,4 +929,3 @@ ldap_pvt_hex_unescape( char *s )
 
 	*p = '\0';
 }
-
diff --git a/dirmngr/ldap-wrapper-ce.c b/dirmngr/ldap-wrapper-ce.c
index 9e6f785de..d50beb153 100644
--- a/dirmngr/ldap-wrapper-ce.c
+++ b/dirmngr/ldap-wrapper-ce.c
@@ -17,7 +17,7 @@
  * along with this program; if not, see .
  */
 
-/* 
+/*
    Alternative wrapper for use with WindowsCE.  Under WindowsCE the
    number of processes is strongly limited (32 processes including the
    kernel processes) and thus we don't use the process approach but
@@ -54,7 +54,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
 {
   gpg_error_t err;
   size_t nread;
-  
+
   while (count)
     {
       err = ksba_reader_read (reader, buffer, count, &nread);
@@ -132,7 +132,7 @@ outstream_cookie_writer (void *cookie_arg, const void *buffer, size_t size)
           /* Buffer is full:  Wait for space.  */
           pth_yield (NULL);
         }
-      
+
       /* Copy data.  */
       dst = cookie->buffer + cookie->buffer_len;
       while (size && cookie->buffer_len < DIM (cookie->buffer))
@@ -213,7 +213,7 @@ outstream_reader_cb (void *cb_value, char *buffer, size_t count,
       /* Wait for data to become available.  */
       pth_yield (NULL);
     }
-  
+
   src = cookie->buffer + cookie->buffer_pos;
   while (count && cookie->buffer_pos < cookie->buffer_len)
     {
@@ -225,7 +225,7 @@ outstream_reader_cb (void *cb_value, char *buffer, size_t count,
 
   if (cookie->buffer_pos == cookie->buffer_len)
     cookie->buffer_pos = cookie->buffer_len = 0;
-  
+
   /* Now there should be some space available.  We do this even if
      COUNT was zero so to give the writer end a chance to continue.  */
   pth_yield (NULL);
@@ -330,7 +330,7 @@ static void *
 ldap_wrapper_thread (void *opaque)
 {
   struct ldap_wrapper_thread_parms *parms = opaque;
-  
+
   /*err =*/ ldap_wrapper_main (parms->arg_list, parms->outstream);
 
   /* FIXME: Do we need to return ERR?  */
@@ -418,7 +418,7 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *r_reader, const char *argv[])
   pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
   pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 128*1024);
   pth_attr_set (tattr, PTH_ATTR_NAME, "ldap-wrapper");
-  
+
   if (pth_spawn (tattr, ldap_wrapper_thread, parms))
     parms = NULL; /* Now owned by the thread.  */
   else
diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c
index fa5bf3c6b..dd378d1ae 100644
--- a/dirmngr/ldap-wrapper.c
+++ b/dirmngr/ldap-wrapper.c
@@ -23,7 +23,7 @@
 
    1. On some systems the LDAP library uses (indirectly) pthreads and
       that is not compatible with PTh.
-  
+
    2. It is huge library in particular if TLS comes into play.  So
       problems with unfreed memory might turn up and we don't want
       this in a long running daemon.
@@ -35,7 +35,7 @@
       process to commit suicide or have our own housekepping function
       kill it after some time.  The latter also allows proper
       cancellation of a query at any point of time.
-      
+
    4. Given that we are going out to the network and usually get back
       a long response, the fork/exec overhead is acceptable.
 
@@ -129,7 +129,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
 {
   gpg_error_t err;
   size_t nread;
-  
+
   while (count)
     {
       err = ksba_reader_read (reader, buffer, count, &nread);
@@ -144,7 +144,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
 
 /* Release the wrapper context and kill a running wrapper process. */
 static void
-destroy_wrapper (struct wrapper_context_s *ctx) 
+destroy_wrapper (struct wrapper_context_s *ctx)
 {
   if (ctx->pid != (pid_t)(-1))
     {
@@ -175,18 +175,18 @@ print_log_line (struct wrapper_context_s *ctx, char *line)
       if (ctx->line && ctx->linelen)
         {
 
-          log_info ("%s\n", ctx->line); 
+          log_info ("%s\n", ctx->line);
           ctx->linelen = 0;
         }
       return;
     }
-  
+
   while ((s = strchr (line, '\n')))
     {
       *s = 0;
       if (ctx->line && ctx->linelen)
         {
-          log_info ("%s", ctx->line); 
+          log_info ("%s", ctx->line);
           ctx->linelen = 0;
           log_printf ("%s\n", line);
         }
@@ -229,7 +229,7 @@ read_log_data (struct wrapper_context_s *ctx)
   char line[256];
 
   /* We must use the pth_read function for pipes, always.  */
-  do 
+  do
     n = pth_read (ctx->log_fd, line, sizeof line - 1);
   while (n < 0 && errno == EINTR);
 
@@ -334,7 +334,7 @@ ldap_wrapper_thread (void *dummy)
             {
               gpg_error_t err;
 	      int status;
-              
+
 	      err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
                                         &status);
               if (!err)
@@ -384,15 +384,15 @@ ldap_wrapper_thread (void *dummy)
       /* If something has been printed to the log file or we got an
          EOF from a wrapper, we now print the list of active
          wrappers.  */
-      if (any_action && DBG_LOOKUP) 
+      if (any_action && DBG_LOOKUP)
         {
           log_info ("ldap worker stati:\n");
           for (ctx = wrapper_list; ctx; ctx = ctx->next)
             log_info ("  c=%p pid=%d/%d rdr=%p ctrl=%p/%d la=%lu rdy=%d\n",
-                      ctx, 
+                      ctx,
                       (int)ctx->pid, (int)ctx->printable_pid,
                       ctx->reader,
-                      ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0, 
+                      ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
                       (unsigned long)ctx->stamp, ctx->ready);
         }
 
@@ -402,7 +402,7 @@ ldap_wrapper_thread (void *dummy)
          is not anymore in use or we are in shutdown state.  */
      again:
       for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
-        if (ctx->ready 
+        if (ctx->ready
             && ((ctx->log_fd == -1 && !ctx->reader) || shutting_down))
           {
             if (ctx_prev)
@@ -470,13 +470,13 @@ ldap_wrapper_release_context (ksba_reader_t reader)
 
   if (!reader )
     return;
-    
+
   for (ctx=wrapper_list; ctx; ctx=ctx->next)
     if (ctx->reader == reader)
       {
         if (DBG_LOOKUP)
           log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n",
-                    ctx, 
+                    ctx,
                     (int)ctx->pid, (int)ctx->printable_pid,
                     ctx->reader,
                     ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
@@ -518,7 +518,7 @@ ldap_wrapper_connection_cleanup (ctrl_t ctrl)
 /* This is the callback used by the ldap wrapper to feed the ksba
    reader with the wrappers stdout.  See the description of
    ksba_reader_set_cb for details.  */
-static int 
+static int
 reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
 {
   struct wrapper_context_s *ctx = cb_value;
@@ -580,7 +580,7 @@ reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
                 pth_event_free (evt, PTH_FREE_THIS);
               return -1; /* EOF. */
             }
-          break; 
+          break;
         }
       nleft -= n;
       buffer += n;
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index b71a0d3c9..87121fd83 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -112,11 +112,11 @@ add_server_to_servers (const char *host, int port)
 /* Perform an LDAP query.  Returns an gpg error code or 0 on success.
    The function returns a new reader object at READER. */
 static gpg_error_t
-run_ldap_wrapper (ctrl_t ctrl, 
+run_ldap_wrapper (ctrl_t ctrl,
                   int ignore_timeout,
                   int multi_mode,
                   const char *proxy,
-                  const char *host, int port, 
+                  const char *host, int port,
                   const char *user, const char *pass,
                   const char *dn, const char *filter, const char *attr,
                   const char *url,
@@ -125,7 +125,7 @@ run_ldap_wrapper (ctrl_t ctrl,
   const char *argv[40];
   int argc;
   char portbuf[30], timeoutbuf[30];
-  
+
 
   *reader = NULL;
 
@@ -186,7 +186,7 @@ run_ldap_wrapper (ctrl_t ctrl,
     }
   argv[argc++] = url? url : "ldap://";
   argv[argc] = NULL;
-    
+
   return ldap_wrapper (ctrl, reader, argv);
 }
 
@@ -216,7 +216,7 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, const char *host, int port,
      will enlarge the list of servers to consult without a limit and
      all LDAP queries w/o a host are will then try each host in
      turn. */
-  if (!err && opt.add_new_ldapservers && !opt.ldap_proxy) 
+  if (!err && opt.add_new_ldapservers && !opt.ldap_proxy)
     {
       if (host)
         add_server_to_servers (host, port);
@@ -236,11 +236,11 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, const char *host, int port,
   if (err && !(opt.ldap_proxy && opt.only_ldap_proxy))
     {
       struct ldapserver_iter iter;
-      
+
       if (DBG_LOOKUP)
         log_debug ("no hostname in URL or query failed; "
                    "trying all default hostnames\n");
-      
+
       for (ldapserver_iter_begin (&iter, ctrl);
 	   err && ! ldapserver_iter_end_p (&iter);
 	   ldapserver_iter_next (&iter))
@@ -365,19 +365,19 @@ parse_one_pattern (const char *pattern)
     default:			/* Take as substring match. */
       {
 	const char format[] = "(|(sn=*%s*)(|(cn=*%s*)(mail=*%s*)))";
-        
+
         if (*pattern)
           {
             result = xmalloc (sizeof *result
                               + strlen (format) + 3 * strlen (pattern));
             result->next = NULL;
-            result->flags = 0; 
+            result->flags = 0;
             sprintf (result->d, format, pattern, pattern, pattern);
           }
       }
       break;
     }
-  
+
   return result;
 }
 
@@ -396,9 +396,9 @@ escape4url (const char *string)
   for (s=string,n=0; *s; s++)
     if (strchr (UNENCODED_URL_CHARS, *s))
       n++;
-    else 
+    else
       n += 3;
-  
+
   buf = malloc (n+1);
   if (!buf)
     return NULL;
@@ -406,7 +406,7 @@ escape4url (const char *string)
   for (s=string,p=buf; *s; s++)
     if (strchr (UNENCODED_URL_CHARS, *s))
       *p++ = *s;
-    else 
+    else
       {
         sprintf (p, "%%%02X", *(const unsigned char *)s);
         p += 3;
@@ -454,7 +454,7 @@ make_url (char **url, const char *dn, const char *filter)
       xfree (u_filter);
       return err;
     }
- 
+
   stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (*url, "ldap:///"),
                                           u_dn),
                                   "?"),
@@ -528,7 +528,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
   int argc;
   char portbuf[30], timeoutbuf[30];
 
-  
+
   *context = NULL;
   if (server)
     {
@@ -640,7 +640,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
 {
   gpg_error_t err;
   size_t nread;
-  
+
   while (count)
     {
       err = ksba_reader_read (reader, buffer, count, &nread);
@@ -681,14 +681,14 @@ fetch_next_cert_ldap (cert_fetch_context_t context,
       if (*hdr == 'V' && okay)
         {
 #if 0  /* That code is not yet ready.  */
-       
+
           if (is_cms)
             {
               /* The certificate needs to be parsed from CMS data. */
               ksba_cms_t cms;
               ksba_stop_reason_t stopreason;
               int i;
-          
+
               err = ksba_cms_new (&cms);
               if (err)
                 goto leave;
@@ -700,7 +700,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context,
                   goto leave;
                 }
 
-              do 
+              do
                 {
                   err = ksba_cms_parse (cms, &stopreason);
                   if (err)
@@ -714,12 +714,12 @@ fetch_next_cert_ldap (cert_fetch_context_t context,
                     log_error ("userSMIMECertificate is not "
                                "a certs-only message\n");
                 }
-              while (stopreason != KSBA_SR_READY);   
-      
+              while (stopreason != KSBA_SR_READY);
+
               for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
                 {
                   check_and_store (ctrl, stats, cert, 0);
-                  ksba_cert_release (cert); 
+                  ksba_cert_release (cert);
                   cert = NULL;
                 }
               if (!i)
@@ -733,7 +733,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context,
               *value = xtrymalloc (n);
               if (!*value)
                 return gpg_error_from_errno (errno);
-              *valuelen = n; 
+              *valuelen = n;
               err = read_buffer (context->reader, *value, n);
               break; /* Ready or error.  */
             }
@@ -750,7 +750,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context,
               if (!context->tmpbuf)
                 return gpg_error_from_errno (errno);
               context->tmpbufsize = n;
-            }  
+            }
           err = read_buffer (context->reader, context->tmpbuf, n);
           if (err)
             break;
diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index da702ec52..20a574cb6 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -1,18 +1,18 @@
 /* dirmngr.c - LDAP access
    Copyright (C) 2008 g10 Code GmbH
-  
+
    This file is part of DirMngr.
-  
+
    DirMngr is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
-  
+
    DirMngr is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-  
+
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
@@ -52,7 +52,7 @@ ldapserver_list_free (ldap_server_t servers)
 
    1. field: Hostname
    2. field: Portnumber
-   3. field: Username 
+   3. field: Username
    4. field: Password
    5. field: Base DN
 
@@ -88,39 +88,39 @@ ldapserver_parse_one (char *line,
 	      fail = 1;
 	    }
 	  break;
-          
+
 	case 2:
 	  if (*p)
 	    server->port = atoi (p);
 	  break;
-	  
+
 	case 3:
 	  if (*p)
 	    server->user = xstrdup (p);
 	  break;
-	  
+
 	case 4:
 	  if (*p && !server->user)
 	    {
-	      log_error (_("%s:%u: password given without user\n"), 
+	      log_error (_("%s:%u: password given without user\n"),
 			 filename, lineno);
 	      fail = 1;
 	    }
 	  else if (*p)
 	    server->pass = xstrdup (p);
 	  break;
-	  
+
 	case 5:
 	  if (*p)
 	    server->base = xstrdup (p);
 	  break;
-	  
+
 	default:
 	  /* (We silently ignore extra fields.) */
 	  break;
 	}
     }
-  
+
   if (fail)
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
@@ -129,5 +129,3 @@ ldapserver_parse_one (char *line,
 
   return server;
 }
-
-
diff --git a/dirmngr/ldapserver.h b/dirmngr/ldapserver.h
index 6e5f163f4..8056e6789 100644
--- a/dirmngr/ldapserver.h
+++ b/dirmngr/ldapserver.h
@@ -2,17 +2,17 @@
    Copyright (C) 2008 g10 Code GmbH
 
    This file is part of DirMngr.
-  
+
    DirMngr is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
-  
+
    DirMngr is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-  
+
    You should have received a copy of the GNU General Public License
    along with this program; if not, see .  */
 
@@ -32,7 +32,7 @@ void ldapserver_list_free (ldap_server_t servers);
 
    1. field: Hostname
    2. field: Portnumber
-   3. field: Username 
+   3. field: Username
    4. field: Password
    5. field: Base DN
 
diff --git a/dirmngr/misc.c b/dirmngr/misc.c
index 3d33bee58..82b694998 100644
--- a/dirmngr/misc.c
+++ b/dirmngr/misc.c
@@ -54,7 +54,7 @@ unhexify (unsigned char *result, const char *string)
 }
 
 
-char* 
+char*
 hashify_data( const char* data, size_t len )
 {
   unsigned char buf[20];
@@ -62,7 +62,7 @@ hashify_data( const char* data, size_t len )
   return hexify_data( buf, 20 );
 }
 
-char* 
+char*
 hexify_data( const unsigned char* data, size_t len )
 {
   int i;
@@ -136,7 +136,7 @@ unpercent_string (char *string)
   while (*s)
     {
       if (*s == '%' && s[1] && s[2])
-        { 
+        {
           s++;
           *d++ = xtoi_2 ( s);
           s += 2;
@@ -144,7 +144,7 @@ unpercent_string (char *string)
       else
         *d++ = *s++;
     }
-  *d = 0; 
+  *d = 0;
   return string;
 }
 
@@ -159,7 +159,7 @@ canon_sexp_to_gcry (const unsigned char *canon, gcry_sexp_t *r_sexp)
 
   *r_sexp = NULL;
   n = gcry_sexp_canon_len (canon, 0, NULL, NULL);
-  if (!n) 
+  if (!n)
     {
       log_error (_("invalid canonical S-expression found\n"));
       err = gpg_error (GPG_ERR_INV_SEXP);
@@ -284,7 +284,7 @@ dump_string (const char *string)
 
 /* Dump an KSBA cert object to the log stream. Prefix the output with
    TEXT.  This is used for debugging. */
-void 
+void
 dump_cert (const char *text, ksba_cert_t cert)
 {
   ksba_sexp_t sexp;
@@ -314,7 +314,7 @@ dump_cert (const char *text, ksba_cert_t cert)
       dump_string (p);
       ksba_free (p);
       log_printf ("\n");
-    
+
       p = ksba_cert_get_subject (cert, 0);
       log_debug ("    subject: ");
       dump_string (p);
@@ -334,7 +334,7 @@ dump_cert (const char *text, ksba_cert_t cert)
 
 /* Log the certificate's name in "#SN/ISSUERDN" format along with
    TEXT. */
-void 
+void
 cert_log_name (const char *text, ksba_cert_t cert)
 {
   log_info ("%s", text? text:"certificate" );
@@ -362,7 +362,7 @@ cert_log_name (const char *text, ksba_cert_t cert)
 
 
 /* Log the certificate's subject DN along with TEXT. */
-void 
+void
 cert_log_subject (const char *text, ksba_cert_t cert)
 {
   log_info ("%s", text? text:"subject" );
@@ -491,7 +491,7 @@ my_estream_ksba_reader_cb (void *cb_value, char *buffer, size_t count,
                            size_t *r_nread)
 {
   estream_t fp = cb_value;
-  
+
   if (!fp)
     return gpg_error (GPG_ERR_INV_VALUE);
 
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index ec727f014..e7a1f747f 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -39,7 +39,7 @@
 static const char oidstr_ocsp[] = "1.3.6.1.5.5.7.48.1";
 
 
-/* Telesec attribute used to implement a positive confirmation. 
+/* Telesec attribute used to implement a positive confirmation.
 
    CertHash ::= SEQUENCE {
       HashAlgorithm    AlgorithmIdentifier,
@@ -177,7 +177,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
 
   es_fprintf (http_get_write_ptr (http),
 	      "Content-Type: application/ocsp-request\r\n"
-	      "Content-Length: %lu\r\n", 
+	      "Content-Length: %lu\r\n",
 	      (unsigned long)requestlen );
   http_start_data (http);
   if (es_fwrite (request, requestlen, 1, http_get_write_ptr (http)) != 1)
@@ -206,7 +206,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
             case 302:
               {
                 const char *s = http_get_header (http, "Location");
-                
+
                 log_info (_("URL `%s' redirected to `%s' (%u)\n"),
                           url, s?s:"[none]", http_get_status_code (http));
                 if (s && *s && redirects_left-- )
@@ -264,13 +264,13 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
   switch (response_status)
     {
     case KSBA_OCSP_RSPSTATUS_SUCCESS:      t = "success"; break;
-    case KSBA_OCSP_RSPSTATUS_MALFORMED:    t = "malformed"; break;  
-    case KSBA_OCSP_RSPSTATUS_INTERNAL:     t = "internal error"; break;  
-    case KSBA_OCSP_RSPSTATUS_TRYLATER:     t = "try later"; break;      
-    case KSBA_OCSP_RSPSTATUS_SIGREQUIRED:  t = "must sign request"; break;  
-    case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unauthorized"; break;  
-    case KSBA_OCSP_RSPSTATUS_REPLAYED:     t = "replay detected"; break;  
-    case KSBA_OCSP_RSPSTATUS_OTHER:        t = "other (unknown)"; break;  
+    case KSBA_OCSP_RSPSTATUS_MALFORMED:    t = "malformed"; break;
+    case KSBA_OCSP_RSPSTATUS_INTERNAL:     t = "internal error"; break;
+    case KSBA_OCSP_RSPSTATUS_TRYLATER:     t = "try later"; break;
+    case KSBA_OCSP_RSPSTATUS_SIGREQUIRED:  t = "must sign request"; break;
+    case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unauthorized"; break;
+    case KSBA_OCSP_RSPSTATUS_REPLAYED:     t = "replay detected"; break;
+    case KSBA_OCSP_RSPSTATUS_OTHER:        t = "other (unknown)"; break;
     case KSBA_OCSP_RSPSTATUS_NONE:         t = "no status"; break;
     default:                               t = "[unknown status]"; break;
     }
@@ -280,7 +280,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
         log_info (_("OCSP responder at `%s' status: %s\n"), url, t);
 
       err = ksba_ocsp_hash_response (ocsp, response, responselen,
-                                     HASH_FNC, md);  
+                                     HASH_FNC, md);
       if (err)
         log_error (_("hashing the OCSP response for `%s' failed: %s\n"),
                    url, gpg_strerror (err));
@@ -301,7 +301,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
    SIGNER_FPR_LIST is not NULL we simply check that CERT matches one
    of the fingerprints in this list. */
 static gpg_error_t
-validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert, 
+validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert,
                          fingerprint_list_t signer_fpr_list)
 {
   gpg_error_t err;
@@ -310,7 +310,7 @@ validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert,
   if (signer_fpr_list)
     {
       fpr = get_fingerprint_hexstring (cert);
-      for (; signer_fpr_list && strcmp (signer_fpr_list->hexfpr, fpr); 
+      for (; signer_fpr_list && strcmp (signer_fpr_list->hexfpr, fpr);
            signer_fpr_list = signer_fpr_list->next)
         ;
       if (signer_fpr_list)
@@ -409,10 +409,10 @@ check_signature (ctrl_t ctrl,
       log_error (_("only SHA-1 is supported for OCSP responses\n"));
       return gpg_error (GPG_ERR_DIGEST_ALGO);
     }
-  err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash sha1 %b))", 
+  err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
                          gcry_md_get_algo_dlen (algo),
                          gcry_md_read (md, algo));
-  if (err) 
+  if (err)
     {
       log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err));
       return err;
@@ -546,7 +546,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
       err = find_issuing_cert (ctrl, cert, &issuer_cert);
       if (err)
         {
-          log_error (_("issuer certificate not found: %s\n"), 
+          log_error (_("issuer certificate not found: %s\n"),
                      gpg_strerror (err));
           goto leave;
         }
@@ -580,7 +580,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
 
 
 
-  /* Figure out the OCSP responder to use. 
+  /* Figure out the OCSP responder to use.
      1. Try to get the reponder from the certificate.
         We do only take http and https style URIs into account.
      2. If this fails use the default responder, if any.
@@ -606,10 +606,10 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
       ksba_free (oid);
     }
   if (err && gpg_err_code (err) != GPG_ERR_EOF)
-    { 
+    {
       log_error (_("can't get authorityInfoAccess: %s\n"), gpg_strerror (err));
       goto leave;
-    } 
+    }
   if (!url)
     {
       if (!opt.ocsp_responder || !*opt.ocsp_responder)
@@ -684,14 +684,14 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
       if (err)
         {
           log_error ("set_user_data(validated_at) failed: %s\n",
-                     gpg_strerror (err)); 
+                     gpg_strerror (err));
           err = 0; /* The certificate is anyway revoked, and that is a
                       more important message than the failure of our
                       cache. */
         }
     }
 
-  
+
   if (opt.verbose)
     {
       log_info (_("certificate status is: %s  (this=%s  next=%s)\n"),
@@ -710,9 +710,9 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
                                                       "affiliation changed":
                   reason == KSBA_CRLREASON_SUPERSEDED?   "superseeded":
                   reason == KSBA_CRLREASON_CESSATION_OF_OPERATION?
-                                                  "cessation of operation": 
+                                                  "cessation of operation":
                   reason == KSBA_CRLREASON_CERTIFICATE_HOLD?
-                                                  "certificate on hold":   
+                                                  "certificate on hold":
                   reason == KSBA_CRLREASON_REMOVE_FROM_CRL?
                                                   "removed from CRL":
                   reason == KSBA_CRLREASON_PRIVILEGE_WITHDRAWN?
@@ -749,7 +749,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
   if (!*tmp_time || strcmp (tmp_time, current_time) < 0 )
     {
       log_error (_("OCSP responder returned a non-current status\n"));
-      log_info ("used now: %s  this_update: %s\n", 
+      log_info ("used now: %s  this_update: %s\n",
                 current_time, this_update);
       if (!err)
         err = gpg_error (GPG_ERR_TIME_CONFLICT);
@@ -764,7 +764,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
       if (!*tmp_time && strcmp (tmp_time, current_time) < 0 )
         {
           log_error (_("OCSP responder returned an too old status\n"));
-          log_info ("used now: %s  next_update: %s\n", 
+          log_info ("used now: %s  next_update: %s\n",
                     current_time, next_update);
           if (!err)
             err = gpg_error (GPG_ERR_TIME_CONFLICT);
diff --git a/dirmngr/server.c b/dirmngr/server.c
index fc7b22989..86b21b67b 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -60,7 +60,7 @@
 
 
 /* Control structure per connection. */
-struct server_local_s 
+struct server_local_s
 {
   /* Data used to associate an Assuan context with local server data */
   assuan_context_t assuan_ctx;
@@ -266,11 +266,11 @@ skip_options (char *line)
 
 
 /* Common code for get_cert_local and get_issuer_cert_local. */
-static ksba_cert_t 
+static ksba_cert_t
 do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
 {
   unsigned char *value;
-  size_t valuelen; 
+  size_t valuelen;
   int rc;
   char *buf;
   ksba_cert_t cert;
@@ -292,7 +292,7 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
                  command, gpg_strerror (rc));
       return NULL;
     }
-  
+
   if (!valuelen)
     {
       xfree (value);
@@ -321,7 +321,7 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
    return the current target certificate. Either return the certificate
    in a KSBA object or NULL if it is not available.
 */
-ksba_cert_t 
+ksba_cert_t
 get_cert_local (ctrl_t ctrl, const char *name)
 {
   if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
@@ -333,15 +333,15 @@ get_cert_local (ctrl_t ctrl, const char *name)
   return do_get_cert_local (ctrl, name, "SENDCERT");
 
 }
-       
+
 /* Ask back to return the issuing certificate for name, given as a
    regular gpgsm certificate indentificates (e.g. fingerprint or one
    of the other methods).  Alternatively, NULL may be used for NAME to
    return thecurrent target certificate. Either return the certificate
    in a KSBA object or NULL if it is not available.
-   
+
 */
-ksba_cert_t 
+ksba_cert_t
 get_issuing_cert_local (ctrl_t ctrl, const char *name)
 {
   if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
@@ -355,11 +355,11 @@ get_issuing_cert_local (ctrl_t ctrl, const char *name)
 
 /* Ask back to return a certificate with subject NAME and a
    subjectKeyIdentifier of KEYID. */
-ksba_cert_t 
+ksba_cert_t
 get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
 {
   unsigned char *value;
-  size_t valuelen; 
+  size_t valuelen;
   int rc;
   char *buf;
   ksba_cert_t cert;
@@ -404,7 +404,7 @@ get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
                  gpg_strerror (rc));
       return NULL;
     }
-  
+
   if (!valuelen)
     {
       xfree (value);
@@ -433,14 +433,14 @@ gpg_error_t
 get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr)
 {
   unsigned char *value;
-  size_t valuelen; 
+  size_t valuelen;
   int rc;
   char request[100];
 
   if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx
       || !hexfpr)
     return gpg_error (GPG_ERR_INV_ARG);
-  
+
   snprintf (request, sizeof request, "ISTRUSTED %s", hexfpr);
   rc = assuan_inquire (ctrl->server_local->assuan_ctx, request,
                        &value, &valuelen, 100);
@@ -472,7 +472,7 @@ inquire_cert_and_load_crl (assuan_context_t ctx)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   gpg_error_t err;
   unsigned char *value = NULL;
-  size_t valuelen; 
+  size_t valuelen;
   ksba_cert_t cert = NULL;
 
   err = assuan_inquire( ctx, "SENDCERT", &value, &valuelen, 0);
@@ -528,7 +528,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
   return 0;
 }
 
-static const char hlp_ldapserver[] = 
+static const char hlp_ldapserver[] =
   "LDAPSERVER \n"
   "\n"
   "Add a new LDAP server to the list of configured LDAP servers.\n"
@@ -557,7 +557,7 @@ cmd_ldapserver (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_isvalid[] = 
+static const char hlp_isvalid[] =
   "ISVALID [--only-ocsp] [--force-default-responder]"
   " |\n"
   "\n"
@@ -590,7 +590,7 @@ cmd_isvalid (assuan_context_t ctx, char *line)
   int ocsp_mode = 0;
   int only_ocsp;
   int force_default_responder;
-  
+
   only_ocsp = has_option (line, "--only-ocsp");
   force_default_responder = has_option (line, "--force-default-responder");
   line = skip_options (line);
@@ -636,7 +636,7 @@ cmd_isvalid (assuan_context_t ctx, char *line)
     }
   else if (only_ocsp)
     err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-  else 
+  else
     {
       switch (crl_cache_isvalid (ctrl,
                                  issuerhash, serialno,
@@ -648,7 +648,7 @@ cmd_isvalid (assuan_context_t ctx, char *line)
         case CRL_CACHE_INVALID:
           err = gpg_error (GPG_ERR_CERT_REVOKED);
           break;
-        case CRL_CACHE_DONTKNOW: 
+        case CRL_CACHE_DONTKNOW:
           if (did_inquire)
             err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
           else if (!(err = inquire_cert_and_load_crl (ctx)))
@@ -657,7 +657,7 @@ cmd_isvalid (assuan_context_t ctx, char *line)
               goto again;
             }
           break;
-        case CRL_CACHE_CANTUSE: 
+        case CRL_CACHE_CANTUSE:
           err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
           break;
         default:
@@ -675,7 +675,7 @@ cmd_isvalid (assuan_context_t ctx, char *line)
    fingerprint consists of valid characters and prints and error
    message if it does not and returns NULL.  Fingerprints are
    considered optional and thus no explicit error is returned. NULL is
-   also returned if there is no fingerprint at all available. 
+   also returned if there is no fingerprint at all available.
    FPR must be a caller provided buffer of at least 20 bytes.
 
    Note that colons within the fingerprint are allowed to separate 2
@@ -707,7 +707,7 @@ get_fingerprint_from_line (const char *line, unsigned char *fpr)
 
 
 
-static const char hlp_checkcrl[] = 
+static const char hlp_checkcrl[] =
   "CHECKCRL []\n"
   "\n"
   "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
@@ -737,14 +737,14 @@ cmd_checkcrl (assuan_context_t ctx, char *line)
 
   fpr = get_fingerprint_from_line (line, fprbuffer);
   cert = fpr? get_cert_byfpr (fpr) : NULL;
-  
+
   if (!cert)
     {
       /* We do not have this certificate yet or the fingerprint has
          not been given.  Inquire it from the client.  */
       unsigned char *value = NULL;
-      size_t valuelen; 
-      
+      size_t valuelen;
+
       err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
                            &value, &valuelen, MAX_CERT_LENGTH);
       if (err)
@@ -752,7 +752,7 @@ cmd_checkcrl (assuan_context_t ctx, char *line)
           log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
           goto leave;
         }
-  
+
       if (!valuelen) /* No data returned; return a comprehensible error. */
         err = gpg_error (GPG_ERR_MISSING_CERT);
       else
@@ -782,7 +782,7 @@ cmd_checkcrl (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_checkocsp[] = 
+static const char hlp_checkocsp[] =
   "CHECKOCSP [--force-default-responder] []\n"
   "\n"
   "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
@@ -817,20 +817,20 @@ cmd_checkocsp (assuan_context_t ctx, char *line)
   unsigned char fprbuffer[20], *fpr;
   ksba_cert_t cert;
   int force_default_responder;
-  
+
   force_default_responder = has_option (line, "--force-default-responder");
   line = skip_options (line);
 
   fpr = get_fingerprint_from_line (line, fprbuffer);
   cert = fpr? get_cert_byfpr (fpr) : NULL;
-  
+
   if (!cert)
     {
       /* We do not have this certificate yet or the fingerprint has
          not been given.  Inquire it from the client.  */
       unsigned char *value = NULL;
-      size_t valuelen; 
-      
+      size_t valuelen;
+
       err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
                            &value, &valuelen, MAX_CERT_LENGTH);
       if (err)
@@ -838,7 +838,7 @@ cmd_checkocsp (assuan_context_t ctx, char *line)
           log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
           goto leave;
         }
-  
+
       if (!valuelen) /* No data returned; return a comprehensible error. */
         err = gpg_error (GPG_ERR_MISSING_CERT);
       else
@@ -872,7 +872,7 @@ lookup_cert_by_url (assuan_context_t ctx, const char *url)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   gpg_error_t err = 0;
   unsigned char *value = NULL;
-  size_t valuelen; 
+  size_t valuelen;
 
   /* Fetch single certificate given it's URL.  */
   err = fetch_cert_by_url (ctrl, url, &value, &valuelen);
@@ -883,12 +883,12 @@ lookup_cert_by_url (assuan_context_t ctx, const char *url)
     }
 
   /* Send the data, flush the buffer and then send an END. */
-  err = assuan_send_data (ctx, value, valuelen);      
+  err = assuan_send_data (ctx, value, valuelen);
   if (!err)
     err = assuan_send_data (ctx, NULL, 0);
   if (!err)
     err = assuan_write_line (ctx, "END");
-  if (err) 
+  if (err)
     {
       log_error (_("error sending data: %s\n"), gpg_strerror (err));
       goto leave;
@@ -914,13 +914,13 @@ return_one_cert (void *opaque, ksba_cert_t cert)
     err = gpg_error (GPG_ERR_INV_CERT_OBJ);
   else
     {
-      err = assuan_send_data (ctx, der, derlen);      
+      err = assuan_send_data (ctx, der, derlen);
       if (!err)
         err = assuan_send_data (ctx, NULL, 0);
       if (!err)
         err = assuan_write_line (ctx, "END");
     }
-  if (err) 
+  if (err)
     log_error (_("error sending data: %s\n"), gpg_strerror (err));
   return err;
 }
@@ -929,7 +929,7 @@ return_one_cert (void *opaque, ksba_cert_t cert)
 /* Lookup certificates from the internal cache or using the ldap
    servers. */
 static int
-lookup_cert_by_pattern (assuan_context_t ctx, char *line, 
+lookup_cert_by_pattern (assuan_context_t ctx, char *line,
                         int single, int cache_only)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
@@ -940,7 +940,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
   int count = 0;
   int local_count = 0;
   unsigned char *value = NULL;
-  size_t valuelen; 
+  size_t valuelen;
   struct ldapserver_iter ldapserver_iter;
   cert_fetch_context_t fetch_context;
   int any_no_data = 0;
@@ -950,7 +950,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
     {
       while (*p && *p != ' ')
         p++;
-      if (*p) 
+      if (*p)
         *p++ = 0;
 
       if (*line)
@@ -980,7 +980,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
           if (!err)
             local_count++;
           if (!err && single)
-            goto ready; 
+            goto ready;
 
           if (gpg_err_code (err) == GPG_ERR_NO_DATA)
             {
@@ -1007,9 +1007,9 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
        ldapserver_iter_next (&ldapserver_iter))
     {
       ldap_server_t ldapserver = ldapserver_iter.server;
-      
+
       if (DBG_LOOKUP)
-        log_debug ("cmd_lookup: trying %s:%d base=%s\n", 
+        log_debug ("cmd_lookup: trying %s:%d base=%s\n",
                    ldapserver->host, ldapserver->port,
                    ldapserver->base?ldapserver->base : "[default]");
 
@@ -1063,25 +1063,25 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
               end_cert_fetch (fetch_context);
               goto leave;
             }
-          
+
           if (DBG_LOOKUP)
             log_debug ("cmd_lookup: returning one cert%s\n",
                        truncated? " (truncated)":"");
-          
+
           /* Send the data, flush the buffer and then send an END line
              as a certificate delimiter. */
-          err = assuan_send_data (ctx, value, valuelen);      
+          err = assuan_send_data (ctx, value, valuelen);
           if (!err)
             err = assuan_send_data (ctx, NULL, 0);
           if (!err)
             err = assuan_write_line (ctx, "END");
-          if (err) 
+          if (err)
             {
               log_error (_("error sending data: %s\n"), gpg_strerror (err));
               end_cert_fetch (fetch_context);
               goto leave;
             }
-          
+
           if (++count >= opt.max_replies )
             {
               truncation_forced = 1;
@@ -1100,7 +1100,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
       char str[50];
 
       sprintf (str, "%d", count);
-      assuan_write_status (ctx, "TRUNCATED", str);    
+      assuan_write_status (ctx, "TRUNCATED", str);
     }
 
   if (!err && !count && !local_count && any_no_data)
@@ -1112,7 +1112,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
 }
 
 
-static const char hlp_lookup[] = 
+static const char hlp_lookup[] =
   "LOOKUP [--url] [--single] [--cache-only] \n"
   "\n"
   "Lookup certificates matching PATTERN. With --url the pattern is\n"
@@ -1186,7 +1186,7 @@ cmd_loadcrl (assuan_context_t ctx, char *line)
                    line, gpg_strerror (err));
       else
         {
-          err = crl_cache_insert (ctrl, line, reader); 
+          err = crl_cache_insert (ctrl, line, reader);
           if (err)
             log_error (_("processing CRL from `%s' failed: %s\n"),
                        line, gpg_strerror (err));
@@ -1239,7 +1239,7 @@ cmd_listcrls (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_cachecert[] = 
+static const char hlp_cachecert[] =
   "CACHECERT\n"
   "\n"
   "Put a certificate into the internal cache.  This command might be\n"
@@ -1259,10 +1259,10 @@ cmd_cachecert (assuan_context_t ctx, char *line)
   gpg_error_t err;
   ksba_cert_t cert = NULL;
   unsigned char *value = NULL;
-  size_t valuelen; 
+  size_t valuelen;
 
   (void)line;
-      
+
   err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
                        &value, &valuelen, MAX_CERT_LENGTH);
   if (err)
@@ -1270,7 +1270,7 @@ cmd_cachecert (assuan_context_t ctx, char *line)
       log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
       goto leave;
     }
-  
+
   if (!valuelen) /* No data returned; return a comprehensible error. */
     err = gpg_error (GPG_ERR_MISSING_CERT);
   else
@@ -1310,10 +1310,10 @@ cmd_validate (assuan_context_t ctx, char *line)
   gpg_error_t err;
   ksba_cert_t cert = NULL;
   unsigned char *value = NULL;
-  size_t valuelen; 
+  size_t valuelen;
 
   (void)line;
-    
+
   err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
                        &value, &valuelen, MAX_CERT_LENGTH);
   if (err)
@@ -1321,7 +1321,7 @@ cmd_validate (assuan_context_t ctx, char *line)
       log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
       goto leave;
     }
-  
+
   if (!valuelen) /* No data returned; return a comprehensible error. */
     err = gpg_error (GPG_ERR_MISSING_CERT);
   else
@@ -1337,7 +1337,7 @@ cmd_validate (assuan_context_t ctx, char *line)
   /* If we have this certificate already in our cache, use the cached
      version for validation because this will take care of any cached
      results. */
-  { 
+  {
     unsigned char fpr[20];
     ksba_cert_t tmpcert;
 
@@ -1377,7 +1377,7 @@ cmd_keyserver (assuan_context_t ctx, char *line)
   int clear_flag, add_flag;
   uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it
                              is always initialized.  */
-      
+
   clear_flag = has_option (line, "--clear");
   line = skip_options (line);
   add_flag = !!*line;
@@ -1408,11 +1408,11 @@ cmd_keyserver (assuan_context_t ctx, char *line)
       item->next = ctrl->keyservers;
       ctrl->keyservers = item;
     }
-  
+
   if (!add_flag && !clear_flag) /* List  configured keyservers.  */
     {
       uri_item_t u;
-      
+
       for (u=ctrl->keyservers; u; u = u->next)
         dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL);
     }
@@ -1563,7 +1563,7 @@ cmd_ks_put (assuan_context_t ctx, char *line)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   gpg_error_t err;
   unsigned char *value = NULL;
-  size_t valuelen; 
+  size_t valuelen;
   unsigned char *info = NULL;
   size_t infolen;
 
@@ -1578,7 +1578,7 @@ cmd_ks_put (assuan_context_t ctx, char *line)
       log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
       goto leave;
     }
-  
+
   if (!valuelen) /* No data returned; return a comprehensible error. */
     {
       err = gpg_error (GPG_ERR_MISSING_CERT);
@@ -1597,7 +1597,7 @@ cmd_ks_put (assuan_context_t ctx, char *line)
 
   /* Send the key.  */
   err = ks_action_put (ctrl, value, valuelen);
-  
+
  leave:
   xfree (info);
   xfree (value);
@@ -1607,7 +1607,7 @@ cmd_ks_put (assuan_context_t ctx, char *line)
 
 
 
-static const char hlp_getinfo[] = 
+static const char hlp_getinfo[] =
   "GETINFO \n"
   "\n"
   "Multi purpose command to return certain information.  \n"
@@ -1662,7 +1662,7 @@ cmd_killdirmngr (assuan_context_t ctx, char *line)
   ctrl_t ctrl = assuan_get_pointer (ctx);
 
   (void)line;
-  
+
   if (opt.system_daemon)
     {
       if (opt.system_service)
@@ -1795,7 +1795,7 @@ start_command_handler (assuan_fd_t fd)
       xfree (ctrl);
       return;
     }
-    
+
   dirmngr_init_default_ctrl (ctrl);
 
   rc = assuan_new (&ctx);
@@ -1809,7 +1809,7 @@ start_command_handler (assuan_fd_t fd)
   if (fd == ASSUAN_INVALID_FD)
     {
       assuan_fd_t filedes[2];
-      
+
       filedes[0] = assuan_fdopen (0);
       filedes[1] = assuan_fdopen (1);
       rc = assuan_init_pipe_server (ctx, filedes);
@@ -1863,7 +1863,7 @@ start_command_handler (assuan_fd_t fd)
   assuan_register_option_handler (ctx, option_handler);
   assuan_register_reset_notify (ctx, reset_notify);
 
-  for (;;) 
+  for (;;)
     {
       rc = assuan_accept (ctx);
       if (rc == -1)
@@ -1893,7 +1893,7 @@ start_command_handler (assuan_fd_t fd)
           continue;
         }
     }
-  
+
   ldap_wrapper_connection_cleanup (ctrl);
 
   ldapserver_list_free (ctrl->server_local->ldapservers);
@@ -1934,8 +1934,8 @@ dirmngr_status (ctrl_t ctrl, const char *keyword, ...)
       assuan_context_t ctx = ctrl->server_local->assuan_ctx;
       char buf[950], *p;
       size_t n;
-      
-      p = buf; 
+
+      p = buf;
       n = 0;
       while ( (text = va_arg (arg_ptr, const char *)) )
         {
diff --git a/dirmngr/validate.c b/dirmngr/validate.c
index de7443e11..8197d0d82 100644
--- a/dirmngr/validate.c
+++ b/dirmngr/validate.c
@@ -113,7 +113,7 @@ unknown_criticals (ksba_cert_t cert)
     rc = err; /* Such an error takes precendence.  */
 
   return rc;
-} 
+}
 
 
 /* Basic check for supported policies.  */
@@ -147,7 +147,7 @@ check_cert_policy (ksba_cert_t cert)
   any_critical = !!strstr (policies, ":C");
 
   /* See whether we find ALLOWED (which is an OID) in POLICIES */
-  for (idx=0; allowed[idx]; idx++) 
+  for (idx=0; allowed[idx]; idx++)
     {
       for (haystack=policies; (p=strstr (haystack, allowed[idx]));
            haystack = p+1)
@@ -161,7 +161,7 @@ check_cert_policy (ksba_cert_t cert)
           return 0;
         }
     }
-  
+
   if (!any_critical)
     {
       log_info (_("note: non-critical certificate policy not allowed"));
@@ -243,9 +243,9 @@ check_revocations (ctrl_t ctrl, chain_item_t chain)
              certificates in case they have been revoked. */
           if (opt.verbose)
             cert_log_name (_("not checking CRL for"), ci->cert);
-          continue; 
+          continue;
         }
-      
+
       if (opt.verbose)
         cert_log_name (_("checking CRL for"), ci->cert);
       err = crl_cache_cert_isvalid (ctrl, ci->cert, 0);
@@ -324,20 +324,20 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
      that is the case this is a root certificate.  */
   ak_name_str = ksba_name_enum (ak_name, 0);
   if (ak_name_str
-      && !strcmp (ak_name_str, issuerdn) 
+      && !strcmp (ak_name_str, issuerdn)
       && !cmp_simple_canon_sexp (ak_sn, serialno))
     {
       result = 1;  /* Right, CERT is self-signed.  */
       goto leave;
-    } 
-   
+    }
+
   /* Similar for the ak_keyid. */
   if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
       && !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
     {
       result = 1;  /* Right, CERT is self-signed.  */
       goto leave;
-    } 
+    }
 
 
  leave:
@@ -346,13 +346,13 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
   ksba_name_release (ak_name);
   ksba_free (ak_sn);
   ksba_free (serialno);
-  return result; 
+  return result;
 }
 
 
 /* Validate the certificate CHAIN up to the trust anchor. Optionally
    return the closest expiration time in R_EXPTIME (this is useful for
-   caching issues).  MODE is one of the VALIDATE_MODE_* constants. 
+   caching issues).  MODE is one of the VALIDATE_MODE_* constants.
 
    If R_TRUST_ANCHOR is not NULL and the validation would fail only
    because the root certificate is not trusted, the hexified
@@ -392,7 +392,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
 
   if (DBG_X509)
     dump_cert ("subject", cert);
-  
+
   /* May the target certificate be used for this purpose?  */
   switch (mode)
     {
@@ -417,8 +417,8 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
     {
       size_t buflen;
       time_t validated_at;
-      
-      err = ksba_cert_get_user_data (cert, "validated_at", 
+
+      err = ksba_cert_get_user_data (cert, "validated_at",
                                      &validated_at, sizeof (validated_at),
                                      &buflen);
       if (err || buflen != sizeof (validated_at) || !validated_at)
@@ -462,7 +462,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
         }
 
       /* Handle the notBefore and notAfter timestamps.  */
-      { 
+      {
         ksba_isotime_t not_before, not_after;
 
         err = ksba_cert_get_validity (subject_cert, 0, not_before);
@@ -494,7 +494,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
             log_printf (")\n");
             err = gpg_error (GPG_ERR_CERT_TOO_YOUNG);
             goto leave;
-          }    
+          }
 
         /* Now check whether the certificate has expired.  */
         if (*not_after && strcmp (current_time, not_after) > 0 )
@@ -504,7 +504,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
             dump_isotime (not_after);
             log_printf (")\n");
             any_expired = 1;
-          }            
+          }
       }
 
       /* Do we have any critical extensions in the certificate we
@@ -518,14 +518,14 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
       if (gpg_err_code (err) == GPG_ERR_NO_POLICY_MATCH)
         {
           any_no_policy_match = 1;
-          err = 0; 
+          err = 0;
         }
       else if (err)
         goto leave;
 
       /* Is this a self-signed certificate? */
       if (is_root_cert ( subject_cert, issuer, subject))
-        {  
+        {
           /* Yes, this is our trust anchor.  */
           if (check_cert_sig (subject_cert, subject_cert) )
             {
@@ -539,7 +539,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
           err = allowed_ca (subject_cert, NULL);
           if (err)
             goto leave;  /* No. */
-          
+
           err = is_trusted_cert (subject_cert);
           if (!err)
             ; /* Yes we trust this cert.  */
@@ -560,7 +560,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
               else
                 xfree (fpr);
             }
-          else 
+          else
             {
               log_error (_("checking trustworthiness of "
                            "root certificate failed: %s\n"),
@@ -572,7 +572,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
           /* Prepend the certificate to our list.  */
           {
             chain_item_t ci;
-            
+
             ci = xtrycalloc (1, sizeof *ci);
             if (!ci)
               {
@@ -666,7 +666,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
                     {
                       do_list (0, lm, fp, _("found another possible matching "
                                             "CA certificate - trying again"));
-                      ksba_cert_release (issuer_cert); 
+                      ksba_cert_release (issuer_cert);
                       issuer_cert = tmp_cert;
                       goto try_another_cert;
                     }
@@ -700,7 +700,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
       err = cert_use_cert_p (issuer_cert);
       if (err)
         goto leave;  /* No.  */
-      
+
       /* Prepend the certificate to our list.  */
       {
         chain_item_t ci;
@@ -743,10 +743,10 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
       for (citem = chain; citem; citem = citem->next)
         cert_log_name ("  certificate", citem->cert);
     }
-  
+
   if (!err && mode != VALIDATE_MODE_CRL)
     { /* Now that everything is fine, walk the chain and check each
-         certificate for revocations. 
+         certificate for revocations.
 
          1. item in the chain  - The root certificate.
          2. item               - the CA below the root
@@ -772,7 +772,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
   else if (err && opt.verbose)
     log_info ("target certificate is NOT valid\n");
 
-  
+
  leave:
   if (!err && !(r_trust_anchor && *r_trust_anchor))
     {
@@ -792,7 +792,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
           if (err)
             {
               log_error ("set_user_data(validated_at) failed: %s\n",
-                         gpg_strerror (err)); 
+                         gpg_strerror (err));
               err = 0;
             }
         }
@@ -885,7 +885,7 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
   s = gcry_md_algo_name (algo);
   for (i=0; *s && i < sizeof algo_name - 1; s++, i++)
     algo_name[i] = tolower (*s);
-  algo_name[i] = 0;   
+  algo_name[i] = 0;
 
   err = gcry_md_open (&md, algo, 0);
   if (err)
@@ -984,9 +984,9 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
       if ( gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
                             algo_name, (int)digestlen, digest) )
         BUG ();
-      
+
     }
-      
+
   err = gcry_pk_verify (s_sig, s_hash, s_pkey);
   if (DBG_X509)
     log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
@@ -1052,7 +1052,7 @@ cert_usage_p (ksba_cert_t cert, int mode)
                     extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
                                    | KSBA_KEYUSAGE_NON_REPUDIATION);
                 }
-              
+
               /* This is a hack to cope with OCSP.  Note that we do
                  not yet fully comply with the requirements and that
                  the entire CRL/OCSP checking thing should undergo a
@@ -1065,7 +1065,7 @@ cert_usage_p (ksba_cert_t cert, int mode)
             }
           ksba_free (extkeyusages);
           extkeyusages = NULL;
-          
+
           if (!any_critical)
             extusemask = ~0; /* Reset to the don't care mask. */
         }
@@ -1085,12 +1085,12 @@ cert_usage_p (ksba_cert_t cert, int mode)
 
     }
   if (err)
-    { 
+    {
       log_error (_("error getting key usage information: %s\n"),
                  gpg_strerror (err));
       ksba_free (extkeyusages);
       return err;
-    } 
+    }
 
   if (mode == 4)
     {
@@ -1103,7 +1103,7 @@ cert_usage_p (ksba_cert_t cert, int mode)
 
   if (mode == 5)
     {
-      if (use != ~0 
+      if (use != ~0
           && (have_ocsp_signing
               || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
                          |KSBA_KEYUSAGE_CRL_SIGN))))
@@ -1157,4 +1157,3 @@ cert_use_crl_p (ksba_cert_t cert)
 {
   return cert_usage_p (cert, 6);
 }
-
diff --git a/dirmngr/w32-ldap-help.h b/dirmngr/w32-ldap-help.h
index 7efa299bc..80668d935 100644
--- a/dirmngr/w32-ldap-help.h
+++ b/dirmngr/w32-ldap-help.h
@@ -1,5 +1,5 @@
 /* w32-ldap-help.h - Map utf8 based API into a wchar_t API.
- o* Copyright (C) 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -72,7 +72,7 @@ _dirmngr_ldap_search_st (LDAP *ld, const char *base, ULONG scope,
   wchar_t **wattrs = NULL;
   int i;
 
-  if (base) 
+  if (base)
     {
       wbase = utf8_to_wchar (base);
       if (!wbase)
@@ -149,7 +149,7 @@ _dirmngr_ldap_get_values_len (LDAP *ld, LDAPMessage *msg, const char *attr)
 {
   BerValue **ret;
   wchar_t *wattr;
-  
+
   if (attr)
     {
       wattr = utf8_to_wchar (attr);
diff --git a/g10/Makefile.am b/g10/Makefile.am
index a28b2ab50..56d5d10a4 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -7,12 +7,12 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
@@ -21,13 +21,13 @@
 EXTRA_DIST = options.skel
 
 AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
-              -I$(top_srcdir)/include -I$(top_srcdir)/intl 
+              -I$(top_srcdir)/include -I$(top_srcdir)/intl
 
 include $(top_srcdir)/am/cmacros.am
 
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 
-needed_libs = $(libcommon) ../gl/libgnu.a 
+needed_libs = $(libcommon) ../gl/libgnu.a
 
 bin_PROGRAMS = gpg2
 if !HAVE_W32CE_SYSTEM
@@ -130,7 +130,7 @@ gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(extra_sys_libs)
 gpgv2_LDFLAGS = $(extra_bin_ldflags)
 
-t_common_ldadd = 
+t_common_ldadd =
 module_tests = t-rmd160
 t_rmd160_SOURCES = t-rmd160.c rmd160.c
 t_rmd160_LDADD = $(t_common_ldadd)
@@ -144,7 +144,7 @@ install-data-local:
 				$(DESTDIR)$(pkgdatadir)/gpg-conf.skel
 
 uninstall-local:
-	-@rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel        
+	-@rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
 
 
 # There has never been a gpg for WindowsCE, thus we don't need a gpg2 here
diff --git a/g10/armor.c b/g10/armor.c
index a6195fc3d..3948916fb 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -147,7 +147,7 @@ release_armor_context (armor_filter_context_t *afx)
 int
 push_armor_filter (armor_filter_context_t *afx, iobuf_t iobuf)
 {
-  int rc; 
+  int rc;
 
   afx->refcount++;
   rc = iobuf_push_filter (iobuf, armor_filter, afx);
@@ -982,7 +982,7 @@ armor_filter( void *opaque, int control,
         /* We need some space for the faked packet.  The minmum
          * required size is the PARTIAL_CHUNK size plus a byte for the
          * length itself */
-	if( size < PARTIAL_CHUNK+1 ) 
+	if( size < PARTIAL_CHUNK+1 )
 	    BUG(); /* supplied buffer too short */
 
 	if( afx->faked )
@@ -1001,7 +1001,7 @@ armor_filter( void *opaque, int control,
 	        unsigned int hashes = afx->hashes;
                 const byte *sesmark;
                 size_t sesmarklen;
-                
+
                 sesmark = get_session_marker( &sesmarklen );
                 if ( sesmarklen > 20 )
                     BUG();
@@ -1023,7 +1023,7 @@ armor_filter( void *opaque, int control,
                 buf[n++] = 0xff; /* new format, type 63, 1 length byte */
                 n++;   /* see below */
                 memcpy(buf+n, sesmark, sesmarklen ); n+= sesmarklen;
-                buf[n++] = CTRLPKT_CLEARSIGN_START; 
+                buf[n++] = CTRLPKT_CLEARSIGN_START;
                 buf[n++] = afx->not_dash_escaped? 0:1; /* sigclass */
                 if( hashes & 1 )
                     buf[n++] = DIGEST_ALGO_RMD160;
@@ -1284,7 +1284,7 @@ make_radix64_string( const byte *data, size_t len )
 
 /***********************************************
  *  For the pipemode command we can't use the armor filter for various
- *  reasons, so we use this new unarmor_pump stuff to remove the armor 
+ *  reasons, so we use this new unarmor_pump stuff to remove the armor
  */
 
 enum unarmor_state_e {
@@ -1292,7 +1292,7 @@ enum unarmor_state_e {
     STA_bypass,
     STA_wait_newline,
     STA_wait_dash,
-    STA_first_dash, 
+    STA_first_dash,
     STA_compare_header,
     STA_found_header_wait_newline,
     STA_skip_header_lines,
@@ -1331,12 +1331,12 @@ unarmor_pump_release (UnarmorPump x)
     xfree (x);
 }
 
-/* 
+/*
  * Get the next character from the ascii armor taken from the IOBUF
  * created earlier by unarmor_pump_new().
  * Return:  c = Character
  *        256 = ignore this value
- *         -1 = End of current armor 
+ *         -1 = End of current armor
  *         -2 = Premature EOF (not used)
  *         -3 = Invalid armor
  */
@@ -1347,9 +1347,9 @@ unarmor_pump (UnarmorPump x, int c)
 
     switch (x->state) {
       case STA_init:
-        { 
+        {
             byte tmp[1];
-            tmp[0] = c; 
+            tmp[0] = c;
             if ( is_armored (tmp) )
                 x->state = c == '-'? STA_first_dash : STA_wait_newline;
             else {
@@ -1372,10 +1372,10 @@ unarmor_pump (UnarmorPump x, int c)
         x->state = STA_compare_header;
       case STA_compare_header:
         if ( "-----BEGIN PGP SIGNATURE-----"[++x->pos] == c ) {
-            if ( x->pos == 28 ) 
+            if ( x->pos == 28 )
                 x->state = STA_found_header_wait_newline;
         }
-        else 
+        else
             x->state = c == '\n'? STA_wait_dash : STA_wait_newline;
         break;
       case STA_found_header_wait_newline:
@@ -1422,7 +1422,7 @@ unarmor_pump (UnarmorPump x, int c)
                 break;
             }
         }
-        
+
         switch(x->pos) {
           case 0:
             x->val = c << 2;
@@ -1463,7 +1463,7 @@ unarmor_pump (UnarmorPump x, int c)
             x->state = STA_ready; /* not sure whether this is correct */
             break;
         }
-        
+
         switch(x->pos) {
           case 0:
             x->val = c << 2;
diff --git a/g10/call-agent.c b/g10/call-agent.c
index dc2ace0e5..6333586fb 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 #ifdef HAVE_LOCALE_H
@@ -48,7 +48,7 @@
 static assuan_context_t agent_ctx = NULL;
 static int did_early_card_test;
 
-struct cipher_parm_s 
+struct cipher_parm_s
 {
   ctrl_t ctrl;
   assuan_context_t ctx;
@@ -116,7 +116,7 @@ status_sc_op_failure (int rc)
       write_status (STATUS_SC_OP_FAILURE);
       break;
     }
-}  
+}
 
 
 
@@ -154,7 +154,7 @@ start_agent (ctrl_t ctrl, int for_card)
              here used to indirectly enable GPG_ERR_FULLY_CANCELED.  */
           assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
                            NULL, NULL, NULL, NULL, NULL, NULL);
-          
+
         }
     }
 
@@ -185,7 +185,7 @@ start_agent (ctrl_t ctrl, int for_card)
       if (!rc && is_status_enabled () && info.serialno)
         {
           char *buf;
-          
+
           buf = xasprintf ("3 %s", info.serialno);
           write_status_text (STATUS_CARDCTRL, buf);
           xfree (buf);
@@ -197,7 +197,7 @@ start_agent (ctrl_t ctrl, int for_card)
         did_early_card_test = 1;
     }
 
-  
+
   return rc;
 }
 
@@ -290,7 +290,7 @@ get_serialno_cb (void *opaque, const char *line)
       memcpy (*serialno, line, n);
       (*serialno)[n] = 0;
     }
-  
+
   return 0;
 }
 
@@ -352,7 +352,7 @@ learn_status_cb (void *opaque, const char *line)
     {
       xfree (parm->serialno);
       parm->serialno = store_serialno (line);
-      parm->is_v2 = (strlen (parm->serialno) >= 16 
+      parm->is_v2 = (strlen (parm->serialno) >= 16
                      && xtoi_2 (parm->serialno+12) >= 2 );
     }
   else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
@@ -533,7 +533,7 @@ agent_learn (struct agent_card_info_s *info)
   /* Also try to get the key attributes.  */
   if (!rc)
     agent_scd_getattr ("KEY-ATTR", info);
-  
+
   return rc;
 }
 
@@ -552,7 +552,7 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info)
   /* We assume that NAME does not need escaping. */
   if (12 + strlen (name) > DIM(line)-1)
     return gpg_error (GPG_ERR_TOO_LARGE);
-  stpcpy (stpcpy (line, "SCD GETATTR "), name); 
+  stpcpy (stpcpy (line, "SCD GETATTR "), name);
 
   rc = start_agent (NULL, 1);
   if (rc)
@@ -560,7 +560,7 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info)
 
   rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, NULL,
                         learn_status_cb, info);
-  
+
   return rc;
 }
 
@@ -585,8 +585,8 @@ agent_scd_setattr (const char *name,
   /* We assume that NAME does not need escaping. */
   if (12 + strlen (name) > DIM(line)-1)
     return gpg_error (GPG_ERR_TOO_LARGE);
-      
-  p = stpcpy (stpcpy (line, "SCD SETATTR "), name); 
+
+  p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
   *p++ = ' ';
   for (; valuelen; value++, valuelen--)
     {
@@ -607,7 +607,7 @@ agent_scd_setattr (const char *name,
   rc = start_agent (NULL, 1);
   if (!rc)
     {
-      rc = assuan_transact (agent_ctx, line, NULL, NULL, 
+      rc = assuan_transact (agent_ctx, line, NULL, NULL,
                             default_inq_cb, NULL, NULL, NULL);
     }
 
@@ -624,7 +624,7 @@ static gpg_error_t
 inq_writecert_parms (void *opaque, const char *line)
 {
   int rc;
-  struct writecert_parm_s *parm = opaque; 
+  struct writecert_parm_s *parm = opaque;
 
   if (!strncmp (line, "CERTDATA", 8) && (line[8]==' '||!line[8]))
     {
@@ -638,7 +638,7 @@ inq_writecert_parms (void *opaque, const char *line)
 
 
 /* Send a WRITECERT command to the SCdaemon. */
-int 
+int
 agent_scd_writecert (const char *certidstr,
                      const unsigned char *certdata, size_t certdatalen)
 {
@@ -657,7 +657,7 @@ agent_scd_writecert (const char *certidstr,
   parms.ctx = agent_ctx;
   parms.certdata = certdata;
   parms.certdatalen = certdatalen;
-  
+
   rc = assuan_transact (agent_ctx, line, NULL, NULL,
                         inq_writecert_parms, &parms, NULL, NULL);
 
@@ -672,7 +672,7 @@ static gpg_error_t
 inq_writekey_parms (void *opaque, const char *line)
 {
   int rc;
-  struct writekey_parm_s *parm = opaque; 
+  struct writekey_parm_s *parm = opaque;
 
   if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7]))
     {
@@ -686,7 +686,7 @@ inq_writekey_parms (void *opaque, const char *line)
 
 
 /* Send a WRITEKEY command to the SCdaemon. */
-int 
+int
 agent_scd_writekey (int keyno, const char *serialno,
                     const unsigned char *keydata, size_t keydatalen)
 {
@@ -707,7 +707,7 @@ agent_scd_writekey (int keyno, const char *serialno,
   parms.ctx = agent_ctx;
   parms.keydata = keydata;
   parms.keydatalen = keydatalen;
-  
+
   rc = assuan_transact (agent_ctx, line, NULL, NULL,
                         inq_writekey_parms, &parms, NULL, NULL);
 
@@ -795,7 +795,7 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
 
   snprintf (line, DIM(line)-1, "SCD GENKEY %s%s %s %d",
             *tbuf? "--timestamp=":"", tbuf,
-            force? "--force":"", 
+            force? "--force":"",
             keyno);
   line[DIM(line)-1] = 0;
 
@@ -803,7 +803,7 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
   rc = assuan_transact (agent_ctx, line,
                         NULL, NULL, default_inq_cb, NULL,
                         scd_genkey_cb, info);
-  
+
   status_sc_op_failure (rc);
   return rc;
 }
@@ -821,7 +821,7 @@ select_openpgp (const char *serialno)
   /* Send the serialno command to initialize the connection.  Without
      a given S/N we don't care about the data returned.  If the card
      has already been initialized, this is a very fast command.  We
-     request the openpgp card because that is what we expect. 
+     request the openpgp card because that is what we expect.
 
      Note that an opt.limit_card_insert_tries of 1 means: No tries at
      all whereas 0 means do not limit the number of tries.  Due to the
@@ -837,7 +837,7 @@ select_openpgp (const char *serialno)
       int ask;
       char *want_sn;
       char *p;
-      
+
       want_sn = xtrystrdup (serialno);
       if (!want_sn)
         return gpg_error_from_syserror ();
@@ -845,14 +845,14 @@ select_openpgp (const char *serialno)
       if (p)
         *p = 0;
 
-      do 
+      do
         {
           ask = 0;
           err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
-                                 NULL, NULL, NULL, NULL, 
+                                 NULL, NULL, NULL, NULL,
                                  get_serialno_cb, &this_sn);
           if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
-            ask = 1; 
+            ask = 1;
           else if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
             ask = 2;
           else if (err)
@@ -865,19 +865,19 @@ select_openpgp (const char *serialno)
 
           xfree (this_sn);
           this_sn = NULL;
-                  
+
           if (ask)
             {
               char *formatted = NULL;
               char *ocodeset = i18n_switchto_utf8 ();
 
-              if (!strncmp (want_sn, "D27600012401", 12) 
+              if (!strncmp (want_sn, "D27600012401", 12)
                   && strlen (want_sn) == 32 )
                 formatted = xtryasprintf ("(%.4s) %.8s",
                                           want_sn + 16, want_sn + 20);
-              
+
               err = 0;
-              desc = xtryasprintf 
+              desc = xtryasprintf
                 ("%s:\n\n"
                  "  \"%s\"",
                  ask == 1
@@ -912,7 +912,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
     put_membuf (data, buffer, length);
   return 0;
 }
- 
+
 
 /* Helper returning a command option to describe the used hash
    algorithm.  See scd/command.c:cmd_pksign.  */
@@ -1023,7 +1023,7 @@ agent_scd_pkdecrypt (const char *serialno,
   rc = select_openpgp (serialno);
   if (rc)
     return rc;
-  
+
   strcpy (line, "SCD SETDATA ");
   bin2hex (indata, indatalen, line + strlen (line));
 
@@ -1055,7 +1055,7 @@ agent_scd_pkdecrypt (const char *serialno,
 
 
 /* Send a READCERT command to the SCdaemon. */
-int 
+int
 agent_scd_readcert (const char *certidstr,
                     void **r_buf, size_t *r_buflen)
 {
@@ -1175,8 +1175,8 @@ agent_get_passphrase (const char *cache_id,
   int rc;
   char line[ASSUAN_LINELENGTH];
   char *arg1 = NULL;
-  char *arg2 = NULL;  
-  char *arg3 = NULL; 
+  char *arg2 = NULL;
+  char *arg3 = NULL;
   char *arg4 = NULL;
   membuf_t data;
 
@@ -1187,7 +1187,7 @@ agent_get_passphrase (const char *cache_id,
     return rc;
 
   /* Check that the gpg-agent understands the repeat option.  */
-  if (assuan_transact (agent_ctx, 
+  if (assuan_transact (agent_ctx,
                        "GETINFO cmd_has_option GET_PASSPHRASE repeat",
                        NULL, NULL, NULL, NULL, NULL, NULL))
     return gpg_error (GPG_ERR_NOT_SUPPORTED);
@@ -1205,9 +1205,9 @@ agent_get_passphrase (const char *cache_id,
     if (!(arg4 = percent_plus_escape (desc_msg)))
       goto no_mem;
 
-  snprintf (line, DIM(line)-1, 
-            "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s", 
-            repeat, 
+  snprintf (line, DIM(line)-1,
+            "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
+            repeat,
             check? " --check --qualitybar":"",
             arg1? arg1:"X",
             arg2? arg2:"X",
@@ -1220,13 +1220,13 @@ agent_get_passphrase (const char *cache_id,
   xfree (arg4);
 
   init_membuf_secure (&data, 64);
-  rc = assuan_transact (agent_ctx, line, 
+  rc = assuan_transact (agent_ctx, line,
                         membuf_data_cb, &data,
                         default_inq_cb, NULL, NULL, NULL);
 
   if (rc)
     xfree (get_membuf (&data, NULL));
-  else 
+  else
     {
       put_membuf (&data, "", 1);
       *r_passphrase = get_membuf (&data, NULL);
@@ -1305,12 +1305,12 @@ agent_get_s2k_count (unsigned long *r_count)
     return err;
 
   init_membuf (&data, 32);
-  err = assuan_transact (agent_ctx, "GETINFO s2k_count", 
+  err = assuan_transact (agent_ctx, "GETINFO s2k_count",
                         membuf_data_cb, &data,
                         NULL, NULL, NULL, NULL);
   if (err)
     xfree (get_membuf (&data, NULL));
-  else 
+  else
     {
       put_membuf (&data, "", 1);
       buf = get_membuf (&data, NULL);
@@ -1511,7 +1511,7 @@ cache_nonce_status_cb (void *opaque, const char *line)
 static gpg_error_t
 inq_genkey_parms (void *opaque, const char *line)
 {
-  struct genkey_parm_s *parm = opaque; 
+  struct genkey_parm_s *parm = opaque;
   gpg_error_t err;
 
   if (!strncmp (line, "KEYPARAM", 8) && (line[8]==' '||!line[8]))
@@ -1522,7 +1522,7 @@ inq_genkey_parms (void *opaque, const char *line)
   else
     err = default_inq_cb (parm->ctrl, line);
 
-  return err; 
+  return err;
 }
 
 
@@ -1547,7 +1547,7 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
   if (err)
     return err;
 
-  err = assuan_transact (agent_ctx, "RESET", 
+  err = assuan_transact (agent_ctx, "RESET",
                          NULL, NULL, NULL, NULL, NULL, NULL);
   if (err)
     return err;
@@ -1563,15 +1563,15 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
   cn_parm.cache_nonce_addr = cache_nonce_addr;
   cn_parm.passwd_nonce_addr = NULL;
   err = assuan_transact (agent_ctx, line,
-                         membuf_data_cb, &data, 
-                         inq_genkey_parms, &gk_parm, 
+                         membuf_data_cb, &data,
+                         inq_genkey_parms, &gk_parm,
                          cache_nonce_status_cb, &cn_parm);
   if (err)
     {
       xfree (get_membuf (&data, &len));
       return err;
     }
-  
+
   buf = get_membuf (&data, &len);
   if (!buf)
     err = gpg_error_from_syserror ();
@@ -1721,7 +1721,7 @@ agent_pksign (ctrl_t ctrl, const char *cache_nonce,
 static gpg_error_t
 inq_ciphertext_cb (void *opaque, const char *line)
 {
-  struct cipher_parm_s *parm = opaque; 
+  struct cipher_parm_s *parm = opaque;
   int rc;
 
   if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10]))
@@ -1733,7 +1733,7 @@ inq_ciphertext_cb (void *opaque, const char *line)
   else
     rc = default_inq_cb (parm->ctrl, line);
 
-  return rc; 
+  return rc;
 }
 
 
@@ -1783,7 +1783,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
   init_membuf_secure (&data, 1024);
   {
     struct cipher_parm_s parm;
-    
+
     parm.ctrl = ctrl;
     parm.ctx = agent_ctx;
     err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
@@ -1832,7 +1832,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
       xfree (buf);
       return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
     }
-  
+
   memmove (buf, endp, n);
 
   *r_buflen = n;
@@ -1864,7 +1864,7 @@ agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
 
   init_membuf_secure (&data, 64);
   err = assuan_transact (agent_ctx, line,
-                         membuf_data_cb, &data, 
+                         membuf_data_cb, &data,
                          default_inq_cb, ctrl, NULL, NULL);
   if (err)
     {
@@ -1885,7 +1885,7 @@ agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
 static gpg_error_t
 inq_import_key_parms (void *opaque, const char *line)
 {
-  struct import_key_parm_s *parm = opaque; 
+  struct import_key_parm_s *parm = opaque;
   gpg_error_t err;
 
   if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7]))
@@ -1895,7 +1895,7 @@ inq_import_key_parms (void *opaque, const char *line)
   else
     err = default_inq_cb (parm->ctrl, line);
 
-  return err; 
+  return err;
 }
 
 
@@ -1972,7 +1972,7 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
         return err;
     }
 
-  snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s", 
+  snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s",
             cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
             cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
             hexkeygrip);
@@ -1981,7 +1981,7 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
   cn_parm.cache_nonce_addr = cache_nonce_addr;
   cn_parm.passwd_nonce_addr = NULL;
   err = assuan_transact (agent_ctx, line,
-                         membuf_data_cb, &data, 
+                         membuf_data_cb, &data,
                          default_inq_cb, ctrl,
                          cache_nonce_status_cb, &cn_parm);
   if (err)
diff --git a/g10/call-agent.h b/g10/call-agent.h
index e09c30990..337847dab 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -17,10 +17,10 @@
  * along with this program; if not, see .
  */
 #ifndef GNUPG_G10_CALL_AGENT_H
-#define GNUPG_G10_CALL_AGENT_H 
+#define GNUPG_G10_CALL_AGENT_H
 
 
-struct agent_card_info_s 
+struct agent_card_info_s
 {
   int error;         /* private. */
   char *apptype;     /* Malloced application type string.  */
@@ -56,7 +56,7 @@ struct agent_card_info_s
   struct {           /* Array with key attributes.  */
     int algo;              /* Algorithm identifier.  */
     unsigned int nbits;    /* Supported keysize.  */
-  } key_attr[3];      
+  } key_attr[3];
   struct {
     unsigned int ki:1;     /* Key import available.  */
     unsigned int aac:1;    /* Algorithm attributes are changeable.  */
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index f34b94b60..10c0e568c 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 #ifdef HAVE_LOCALE_H
@@ -77,7 +77,7 @@ struct ks_put_parm_s
    function dirmngr_deinit_session_data is called bu gpg.c to cleanup
    these resources.  Note that gpg.h defines a typedef dirmngr_local_t
    for this structure. */
-struct dirmngr_local_s 
+struct dirmngr_local_s
 {
   /* Link to other contexts which are used simultaneously.  */
   struct dirmngr_local_s *next;
@@ -132,14 +132,14 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
       /* Tell the dirmngr that we want to collect audit event. */
       /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */
       /*                        NULL, NULL, NULL, NULL, NULL, NULL); */
-      
+
       /* Set all configured keyservers.  We clear existing keyservers
          so that any keyserver configured in GPG overrides keyservers
          possibly configured in Dirmngr. */
       for (ksi = opt.keyserver; !err && ksi; ksi = ksi->next)
         {
           char *line;
-          
+
           line = xtryasprintf ("KEYSERVER%s %s",
                                ksi == opt.keyserver? " --clear":"", ksi->uri);
           if (!line)
@@ -160,7 +160,7 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
       /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */
       *r_ctx = ctx;
     }
-  
+
   return err;
 }
 
@@ -189,7 +189,7 @@ open_context (ctrl_t ctrl, assuan_context_t *r_ctx)
           *r_ctx = dml->ctx;
           return 0;
         }
-      
+
       dml = xtrycalloc (1, sizeof *dml);
       if (!dml)
         return gpg_error_from_syserror ();
@@ -271,7 +271,7 @@ ks_search_data_cb (void *opaque, const void *data, size_t datalen)
             fixedbuf[linelen-1] = 0;
           err = parm->data_cb (parm->data_cb_value, fixedbuf);
         }
-      else 
+      else
         {
           if (linelen + 1 >= parm->helpbufsize)
             {
@@ -313,7 +313,7 @@ ks_search_data_cb (void *opaque, const void *data, size_t datalen)
 gpg_error_t
 gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
                        gpg_error_t (*cb)(void*, char *), void *cb_value)
-{ 
+{
   gpg_error_t err;
   assuan_context_t ctx;
   struct ks_search_parm_s parm;
@@ -387,7 +387,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
    are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once.  */
 gpg_error_t
 gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, estream_t *r_fp)
-{ 
+{
   gpg_error_t err;
   assuan_context_t ctx;
   struct ks_get_parm_s parm;
@@ -479,9 +479,9 @@ ks_put_inq_cb (void *opaque, const char *line)
             case PKT_PUBLIC_SUBKEY:
               {
                 PKT_public_key *pk = node->pkt->pkt.public_key;
-                
+
                 keyid_from_pk (pk, NULL);
-                
+
                 es_fprintf (fp, "%s:%08lX%08lX:%u:%u:%u:%u:%s%s:\n",
                             node->pkt->pkttype==PKT_PUBLIC_KEY? "pub" : "sub",
                             (ulong)pk->keyid[0], (ulong)pk->keyid[1],
@@ -502,18 +502,18 @@ ks_put_inq_cb (void *opaque, const char *line)
                 if (!uid->attrib_data)
                   {
                     es_fprintf (fp, "uid:");
-                    
+
                     /* Quote ':', '%', and any 8-bit characters.  */
                     for (r=0; r < uid->len; r++)
                       {
-                        if (uid->name[r] == ':' 
+                        if (uid->name[r] == ':'
                             || uid->name[r]== '%'
                             || (uid->name[r]&0x80))
                           es_fprintf (fp, "%%%02X", (byte)uid->name[r]);
                         else
                           es_putc (uid->name[r], fp);
                       }
-                    
+
                     es_fprintf (fp, ":%u:%u:%s%s:\n",
                                 uid->created,uid->expiredate,
                                 uid->is_revoked? "r":"",
@@ -572,7 +572,7 @@ ks_put_inq_cb (void *opaque, const char *line)
   else
     return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
 
-  return err; 
+  return err;
 }
 
 
@@ -582,7 +582,7 @@ ks_put_inq_cb (void *opaque, const char *line)
    used to convey meta data to LDAP keyservers.  */
 gpg_error_t
 gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
-{ 
+{
   gpg_error_t err;
   assuan_context_t ctx;
   struct ks_put_parm_s parm;
diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h
index 9523bf568..43636eab4 100644
--- a/g10/call-dirmngr.h
+++ b/g10/call-dirmngr.h
@@ -17,7 +17,7 @@
  * along with this program; if not, see .
  */
 #ifndef GNUPG_G10_CALL_DIRMNGR_H
-#define GNUPG_G10_CALL_DIRMNGR_H 
+#define GNUPG_G10_CALL_DIRMNGR_H
 
 void gpg_dirmngr_deinit_session_data (ctrl_t ctrl);
 
diff --git a/g10/card-util.c b/g10/card-util.c
index 966a3202b..2b7ac7469 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -87,7 +87,7 @@ change_pin (int unblock_v2, int allow_admin)
                   gpg_strerror (rc));
       return;
     }
-  
+
   log_info (_("OpenPGP card no. %s detected\n"),
               info.serialno? info.serialno : "[none]");
 
@@ -181,7 +181,7 @@ change_pin (int unblock_v2, int allow_admin)
 	    rc = agent_scd_change_pin (102, info.serialno);
             write_sc_op_status (rc);
 	    if (rc)
-	      tty_printf ("Error setting the Reset Code: %s\n", 
+	      tty_printf ("Error setting the Reset Code: %s\n",
                           gpg_strerror (rc));
 	    else
               tty_printf ("Reset Code set.\n");
@@ -383,7 +383,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
   else
     tty_fprintf (fp, "Application ID ...: %s\n",
                  info.serialno? info.serialno : "[none]");
-  if (!info.serialno || strncmp (info.serialno, "D27600012401", 12) 
+  if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
       || strlen (info.serialno) != 32 )
     {
       if (info.apptype && !strcmp (info.apptype, "NKS"))
@@ -425,7 +425,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
     ;
   else if (strlen (serialno)+1 > serialnobuflen)
     log_error ("serial number longer than expected\n");
-  else 
+  else
     strcpy (serialno, info.serialno);
 
   if (opt.with_colons)
@@ -438,7 +438,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
       uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
       es_fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
       es_fprintf (fp, "serial:%.8s:\n", info.serialno+20);
-      
+
       print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
 
       es_fputs ("lang:", fp);
@@ -498,18 +498,18 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
                (unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
                (unsigned long)info.fpr3time);
     }
-  else 
+  else
     {
       tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
                    info.serialno[12] == '0'?"":info.serialno+12,
                    info.serialno[13],
                    info.serialno[14] == '0'?"":info.serialno+14,
                    info.serialno[15]);
-      tty_fprintf (fp, "Manufacturer .....: %s\n", 
+      tty_fprintf (fp, "Manufacturer .....: %s\n",
                    get_manufacturer (xtoi_2(info.serialno+16)*256
                                      + xtoi_2 (info.serialno+18)));
       tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
-      
+
       print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
       print_name (fp, "Language prefs ...: ", info.disp_lang);
       tty_fprintf (fp,    "Sex ..............: %s\n",
@@ -572,13 +572,13 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
       if (info.fpr3valid && info.fpr3time)
         tty_fprintf (fp, "      created ....: %s\n",
                      isotimestamp (info.fpr3time));
-      tty_fprintf (fp, "General key info..: "); 
+      tty_fprintf (fp, "General key info..: ");
 
-      thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 : 
+      thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
                 info.fpr3valid? info.fpr3 : NULL);
       /* If the fingerprint is all 0xff, the key has no asssociated
          OpenPGP certificate.  */
-      if ( thefpr && !fpr_is_ff (thefpr) 
+      if ( thefpr && !fpr_is_ff (thefpr)
            && !get_pubkey_byfprint (pk, thefpr, 20))
         {
           print_pubkey_info (fp, pk);
@@ -586,14 +586,14 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
 #if GNUPG_MAJOR_VERSION == 1
           {
             kbnode_t keyblock = NULL;
-            
+
             if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
               print_card_key_info (fp, keyblock);
             else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) )
               {
                 release_kbnode (keyblock);
                 keyblock = NULL;
-                
+
                 if (!auto_create_card_key_stub (info.serialno,
                                                 info.fpr1valid? info.fpr1:NULL,
                                                 info.fpr2valid? info.fpr2:NULL,
@@ -603,7 +603,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
                       print_card_key_info (fp, keyblock);
                   }
               }
-            
+
             release_kbnode (keyblock);
           }
 #endif /* GNUPG_MAJOR_VERSION == 1 */
@@ -611,7 +611,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
       else
         tty_fprintf (fp, "[none]\n");
     }
-      
+
   free_public_key (pk);
   agent_release_card_info (&info);
 }
@@ -640,7 +640,7 @@ get_one_name (const char *prompt1, const char *prompt2)
       else if (strchr (name, '<'))
         tty_printf (_("Error: The \"<\" character may not be used.\n"));
       else if (strstr (name, "  "))
-        tty_printf (_("Error: Double spaces are not allowed.\n"));    
+        tty_printf (_("Error: Double spaces are not allowed.\n"));
       else
         return name;
       xfree (name);
@@ -678,7 +678,7 @@ change_name (void)
   if (strlen (isoname) > 39 )
     {
       tty_printf (_("Error: Combined name too long "
-                    "(limit is %d characters).\n"), 39);    
+                    "(limit is %d characters).\n"), 39);
       xfree (isoname);
       return -1;
     }
@@ -707,7 +707,7 @@ change_url (void)
   if (strlen (url) > 254 )
     {
       tty_printf (_("Error: URL too long "
-                    "(limit is %d characters).\n"), 254);    
+                    "(limit is %d characters).\n"), 254);
       xfree (url);
       return -1;
     }
@@ -778,7 +778,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
   estream_t fp;
   char *data;
   int n;
-  
+
   *r_buffer = NULL;
 
   fp = es_fopen (fname, "rb");
@@ -795,7 +795,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
       tty_printf (_("can't open `%s': %s\n"), fname, strerror (errno));
       return -1;
     }
-          
+
   data = xtrymalloc (maxlen? maxlen:1);
   if (!data)
     {
@@ -826,7 +826,7 @@ static int
 put_data_to_file (const char *fname, const void *buffer, size_t length)
 {
   estream_t fp;
-  
+
   fp = es_fopen (fname, "wb");
 #if GNUPG_MAJOR_VERSION == 1
   if (fp && is_secured_file (fileno (fp)))
@@ -841,7 +841,7 @@ put_data_to_file (const char *fname, const void *buffer, size_t length)
       tty_printf (_("can't create `%s': %s\n"), fname, strerror (errno));
       return -1;
     }
-          
+
   if (length && es_fwrite (buffer, length, 1, fp) != 1)
     {
       tty_printf (_("error writing `%s': %s\n"), fname, strerror (errno));
@@ -882,7 +882,7 @@ change_login (const char *args)
   if (n > 254 )
     {
       tty_printf (_("Error: Login data too long "
-                    "(limit is %d characters).\n"), 254);    
+                    "(limit is %d characters).\n"), 254);
       xfree (data);
       return -1;
     }
@@ -901,7 +901,7 @@ change_private_do (const char *args, int nr)
   char do_name[] = "PRIVATE-DO-X";
   char *data;
   int n;
-  int rc; 
+  int rc;
 
   assert (nr >= 1 && nr <= 4);
   do_name[11] = '0' + nr;
@@ -928,7 +928,7 @@ change_private_do (const char *args, int nr)
   if (n > 254 )
     {
       tty_printf (_("Error: Private DO too long "
-                    "(limit is %d characters).\n"), 254);    
+                    "(limit is %d characters).\n"), 254);
       xfree (data);
       return -1;
     }
@@ -1061,13 +1061,13 @@ change_sex (void)
     str = "1";
   else if ((*data == 'F' || *data == 'f') && !data[1])
     str = "2";
-  else 
+  else
     {
       tty_printf (_("Error: invalid response.\n"));
       xfree (data);
       return -1;
     }
-     
+
   rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
   if (rc)
     log_error ("error setting sex: %s\n", gpg_strerror (rc));
@@ -1155,7 +1155,7 @@ get_info_for_key_operation (struct agent_card_info_s *info)
 
   memset (info, 0, sizeof *info);
   rc = agent_scd_getattr ("SERIALNO", info);
-  if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12) 
+  if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
       || strlen (info->serialno) != 32 )
     {
       log_error (_("key operation not possible: %s\n"),
@@ -1180,7 +1180,7 @@ get_info_for_key_operation (struct agent_card_info_s *info)
 /* Helper for the key generation/edit functions.  */
 static int
 check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
-{     
+{
   int rc = 0;
 
   agent_clear_pin_cache (info->serialno);
@@ -1214,7 +1214,7 @@ check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
 }
 
 /* Helper for the key generation/edit functions.  */
-static void 
+static void
 restore_forced_chv1 (int *forced_chv1)
 {
   int rc;
@@ -1298,7 +1298,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
 
   for (;;)
     {
-      prompt = xasprintf 
+      prompt = xasprintf
         (keyno == 0?
          _("What keysize do you want for the Signature key? (%u) "):
          keyno == 1?
@@ -1310,16 +1310,16 @@ ask_card_keysize (int keyno, unsigned int nbits)
       req_nbits = *answer? atoi (answer): nbits;
       xfree (prompt);
       xfree (answer);
-      
+
       if (req_nbits != nbits && (req_nbits % 32) )
         {
           req_nbits = ((req_nbits + 31) / 32) * 32;
           tty_printf (_("rounded up to %u bits\n"), req_nbits);
         }
-  
+
       if (req_nbits == nbits)
         return 0;  /* Use default.  */
-      
+
       if (req_nbits < min_nbits || req_nbits > max_nbits)
         {
           tty_printf (_("%s keysizes must be in the range %u-%u\n"),
@@ -1339,19 +1339,19 @@ ask_card_keysize (int keyno, unsigned int nbits)
 /* Change the size of key KEYNO (0..2) to NBITS and show an error
    message if that fails.  */
 static gpg_error_t
-do_change_keysize (int keyno, unsigned int nbits) 
+do_change_keysize (int keyno, unsigned int nbits)
 {
   gpg_error_t err;
   char args[100];
-  
+
   snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
   err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
   if (err)
-    log_error (_("error changing size of key %d to %u bits: %s\n"), 
+    log_error (_("error changing size of key %d to %u bits: %s\n"),
                keyno+1, nbits, gpg_strerror (err));
   return err;
 }
- 
+
 
 static void
 generate_card_keys (void)
@@ -1432,7 +1432,7 @@ generate_card_keys (void)
       /* Note that INFO has not be synced.  However we will only use
          the serialnumber and thus it won't harm.  */
     }
-     
+
   generate_keypair (NULL, info.serialno, want_backup);
 
  leave:
@@ -1450,11 +1450,11 @@ card_generate_subkey (KBNODE pub_keyblock)
   struct agent_card_info_s info;
   int forced_chv1 = 0;
   int keyno;
-  
+
   err = get_info_for_key_operation (&info);
   if (err)
     return err;
-  
+
   show_card_key_info (&info);
 
   tty_printf (_("Please select the type of key to generate:\n"));
@@ -1463,7 +1463,7 @@ card_generate_subkey (KBNODE pub_keyblock)
   tty_printf (_("   (2) Encryption key\n"));
   tty_printf (_("   (3) Authentication key\n"));
 
-  for (;;) 
+  for (;;)
     {
       char *answer = cpr_get ("cardedit.genkeys.subkeytype",
                               _("Your selection? "));
@@ -1480,23 +1480,23 @@ card_generate_subkey (KBNODE pub_keyblock)
         break; /* Okay. */
       tty_printf(_("Invalid selection.\n"));
     }
-  
+
   if (replace_existing_key_p (&info, keyno))
     {
       err = gpg_error (GPG_ERR_CANCELED);
       goto leave;
     }
-  
+
   err = check_pin_for_key_operation (&info, &forced_chv1);
   if (err)
     goto leave;
-  
+
   /* If the cards features changeable key attributes, we ask for the
      key size.  */
   if (info.is_v2 && info.extcap.aac)
     {
       unsigned int nbits;
-      
+
     ask_again:
       nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
       if (nbits && do_change_keysize (keyno-1, nbits))
@@ -1511,9 +1511,9 @@ card_generate_subkey (KBNODE pub_keyblock)
       /* Note that INFO has not be synced.  However we will only use
          the serialnumber and thus it won't harm.  */
     }
-  
+
   err = generate_card_subkeypair (pub_keyblock, keyno, info.serialno);
-  
+
  leave:
   agent_release_card_info (&info);
   restore_forced_chv1 (&forced_chv1);
@@ -1525,7 +1525,7 @@ card_generate_subkey (KBNODE pub_keyblock)
    carry the serialno stuff instead of the actual secret key
    parameters.  USE is the usage for that key; 0 means any
    usage. */
-int 
+int
 card_store_subkey (KBNODE node, int use)
 {
   log_info ("FIXME: card_store_subkey has not yet been implemented\n");
@@ -1722,7 +1722,7 @@ static struct
     { "privatedo", cmdPRIVATEDO, 0, NULL },
     { "readcert", cmdREADCERT, 0, NULL },
     { "writecert", cmdWRITECERT, 1, NULL },
-    { NULL, cmdINVCMD, 0, NULL } 
+    { NULL, cmdINVCMD, 0, NULL }
   };
 
 
@@ -1801,7 +1801,7 @@ card_edit (ctrl_t ctrl, strlist_t commands)
       char *p;
       int i;
       int cmd_admin_only;
-      
+
       tty_printf("\n");
       if (redisplay )
         {
@@ -1853,7 +1853,7 @@ card_edit (ctrl_t ctrl, strlist_t commands)
         cmd = cmdLIST; /* Default to the list command */
       else if (*answer == CONTROL_D)
         cmd = cmdQUIT;
-      else 
+      else
         {
           if ((p=strchr (answer,' ')))
             {
@@ -1868,7 +1868,7 @@ card_edit (ctrl_t ctrl, strlist_t commands)
               while (spacep (arg_rest))
                 arg_rest++;
             }
-          
+
           for (i=0; cmds[i].name; i++ )
             if (!ascii_strcasecmp (answer, cmds[i].name ))
               break;
@@ -2012,4 +2012,3 @@ card_edit (ctrl_t ctrl, strlist_t commands)
  leave:
   xfree (answer);
 }
-
diff --git a/g10/cipher.c b/g10/cipher.c
index f0dc57719..07df792c9 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -66,7 +66,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
 
     {
         char buf[20];
-        
+
         sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo);
         write_status_text (STATUS_BEGIN_ENCRYPTION, buf);
     }
@@ -81,7 +81,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
     temp[nprefix] = temp[nprefix-2];
     temp[nprefix+1] = temp[nprefix-1];
     print_cipher_algo_note( cfx->dek->algo );
-    err = openpgp_cipher_open (&cfx->cipher_hd, 
+    err = openpgp_cipher_open (&cfx->cipher_hd,
 			       cfx->dek->algo,
 			       GCRY_CIPHER_MODE_CFB,
 			       (GCRY_CIPHER_SECURE
diff --git a/g10/comment.c b/g10/comment.c
index 7f9295ea5..085dbad3b 100644
--- a/g10/comment.c
+++ b/g10/comment.c
@@ -106,5 +106,3 @@ make_mpi_comment_node( const char *s, gcry_mpi_t a )
     xfree (buf);
     return new_kbnode( pkt );
 }
-
-
diff --git a/g10/compress-bz2.c b/g10/compress-bz2.c
index 1dabca14e..ea80956c3 100644
--- a/g10/compress-bz2.c
+++ b/g10/compress-bz2.c
@@ -156,7 +156,7 @@ do_uncompress( compress_filter_context_t *zfx, bz_stream *bzs,
 	rc = -1; /* eof */
       else if( zrc != BZ_OK && zrc != BZ_PARAM_ERROR )
 	log_fatal("bz2lib inflate problem: rc=%d\n", zrc );
-      else if (zrc == BZ_OK && eofseen 
+      else if (zrc == BZ_OK && eofseen
                && !bzs->avail_in && bzs->avail_out > 0)
         {
           log_error ("unexpected EOF in bz2lib\n");
diff --git a/g10/compress.c b/g10/compress.c
index 5dd3591df..6e412e9ac 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -35,7 +35,7 @@
 # include 
 # if defined(__riscos__) && defined(USE_ZLIBRISCOS)
 #  include "zlib-riscos.h"
-# endif 
+# endif
 #endif
 
 #include "gpg.h"
@@ -48,7 +48,7 @@
 
 #ifdef __riscos__
 #define BYTEF_CAST(a) ((Bytef *)(a))
-#else 
+#else
 #define BYTEF_CAST(a) (a)
 #endif
 
@@ -140,7 +140,7 @@ init_uncompress( compress_filter_context_t *zfx, z_stream *zs )
      * PGP uses a windowsize of 13 bits. Using a negative value for
      * it forces zlib not to expect a zlib header.  This is a
      * undocumented feature Peter Gutmann told me about.
-     *    
+     *
      * We must use 15 bits for the inflator because CryptoEx uses 15
      * bits thus the output would get scrambled w/o error indication
      * if we would use 13 bits.  For the uncompressing this does not
diff --git a/g10/cpr.c b/g10/cpr.c
index 72d23b987..b84710d03 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -1,4 +1,4 @@
-/* status.c - Status message and command-fd interface 
+/* status.c - Status message and command-fd interface
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
  *               2004, 2005, 2006, 2010 Free Software Foundation, Inc.
  *
@@ -78,13 +78,13 @@ status_currently_allowed (int no)
      prompt the user. */
   switch (no)
     {
-    case STATUS_GET_BOOL:	 
-    case STATUS_GET_LINE:	 
-    case STATUS_GET_HIDDEN:	 
-    case STATUS_GOT_IT:	 
+    case STATUS_GET_BOOL:
+    case STATUS_GET_LINE:
+    case STATUS_GET_HIDDEN:
+    case STATUS_GOT_IT:
     case STATUS_IMPORTED:
-    case STATUS_IMPORT_OK:	
-    case STATUS_IMPORT_CHECK:  
+    case STATUS_IMPORT_OK:
+    case STATUS_IMPORT_CHECK:
     case STATUS_IMPORT_RES:
       return 1; /* Yes. */
     default:
@@ -98,16 +98,16 @@ void
 set_status_fd (int fd)
 {
   static int last_fd = -1;
-  
+
   if (fd != -1 && last_fd == fd)
     return;
 
   if (statusfp && statusfp != es_stdout && statusfp != es_stderr )
     es_fclose (statusfp);
   statusfp = NULL;
-  if (fd == -1) 
+  if (fd == -1)
     return;
-  
+
   if (fd == 1)
     statusfp = es_stdout;
   else if (fd == 2)
@@ -147,7 +147,7 @@ write_status_text (int no, const char *text)
 
   es_fputs ("[GNUPG:] ", statusfp);
   es_fputs (get_status_string (no), statusfp);
-  if ( text ) 
+  if ( text )
     {
       es_putc ( ' ', statusfp);
       for (; *text; text++)
@@ -156,7 +156,7 @@ write_status_text (int no, const char *text)
             es_fputs ("\\n", statusfp);
           else if (*text == '\r')
             es_fputs ("\\r", statusfp);
-          else 
+          else
             es_fputc ( *(const byte *)text, statusfp);
         }
     }
@@ -173,7 +173,7 @@ write_status_error (const char *where, gpg_error_t err)
   if (!statusfp || !status_currently_allowed (STATUS_ERROR))
     return;  /* Not enabled or allowed. */
 
-  es_fprintf (statusfp, "[GNUPG:] %s %s %u\n", 
+  es_fprintf (statusfp, "[GNUPG:] %s %s %u\n",
               get_status_string (STATUS_ERROR), where, err);
   if (es_fflush (statusfp) && opt.exit_on_status_write_error)
     g10_exit (0);
@@ -187,7 +187,7 @@ write_status_errcode (const char *where, int errcode)
   if (!statusfp || !status_currently_allowed (STATUS_ERROR))
     return;  /* Not enabled or allowed. */
 
-  es_fprintf (statusfp, "[GNUPG:] %s %s %u\n", 
+  es_fprintf (statusfp, "[GNUPG:] %s %s %u\n",
               get_status_string (STATUS_ERROR), where, gpg_err_code (errcode));
   if (es_fflush (statusfp) && opt.exit_on_status_write_error)
     g10_exit (0);
@@ -211,7 +211,7 @@ write_status_text_and_buffer (int no, const char *string,
 
   if (!statusfp || !status_currently_allowed (no))
     return;  /* Not enabled or allowed. */
-    
+
   if (wrap == -1)
     {
       lower_limit--;
@@ -220,7 +220,7 @@ write_status_text_and_buffer (int no, const char *string,
 
   text = get_status_string (no);
   count = dowrap = first = 1;
-  do 
+  do
     {
       if (dowrap)
         {
@@ -241,8 +241,8 @@ write_status_text_and_buffer (int no, const char *string,
         }
       for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
         {
-          if (*s == '%' || *(const byte*)s <= lower_limit 
-              || *(const byte*)s == 127 ) 
+          if (*s == '%' || *(const byte*)s <= lower_limit
+              || *(const byte*)s == 127 )
             esc = 1;
           if (wrap && ++count > wrap)
             {
@@ -250,13 +250,13 @@ write_status_text_and_buffer (int no, const char *string,
               break;
             }
         }
-      if (esc) 
+      if (esc)
         {
           s--; n++;
         }
-      if (s != buffer) 
+      if (s != buffer)
         es_fwrite (buffer, s-buffer, 1, statusfp);
-      if ( esc ) 
+      if ( esc )
         {
           es_fprintf (statusfp, "%%%02X", *(const byte*)s );
           s++; n--;
@@ -265,7 +265,7 @@ write_status_text_and_buffer (int no, const char *string,
       len = n;
       if (dowrap && len)
         es_putc ('\n', statusfp);
-    } 
+    }
   while (len);
 
   es_putc ('\n',statusfp);
@@ -291,7 +291,7 @@ write_status_begin_signing (gcry_md_hd_t md)
       char buf[100];
       size_t buflen;
       int i;
-      
+
       /* We use a hard coded list of possible algorithms.  Using other
          algorithms than specified by OpenPGP does not make sense
          anyway.  We do this out of performance reasons: Walking all
@@ -304,7 +304,7 @@ write_status_begin_signing (gcry_md_hd_t md)
         if (i < 4 || i > 7)
           if (gcry_md_is_enabled (md, i) && buflen < DIM(buf))
             {
-              snprintf (buf+buflen, DIM(buf) - buflen - 1, 
+              snprintf (buf+buflen, DIM(buf) - buflen - 1,
                         "%sH%d", buflen? " ":"",i);
               buflen += strlen (buf+buflen);
             }
@@ -319,10 +319,10 @@ static int
 myread(int fd, void *buf, size_t count)
 {
   int rc;
-  do 
+  do
     {
       rc = read( fd, buf, count );
-    } 
+    }
   while (rc == -1 && errno == EINTR);
 
   if (!rc && count)
@@ -335,7 +335,7 @@ myread(int fd, void *buf, size_t count)
           eof_emmited++;
         }
       else /* Ctrl-D not caught - do something reasonable */
-        { 
+        {
 #ifdef HAVE_DOSISH_SYSTEM
 #ifndef HAVE_W32CE_SYSTEM
           raise (SIGINT); /* Nothing to hangup under DOS.  */
@@ -344,7 +344,7 @@ myread(int fd, void *buf, size_t count)
           raise (SIGHUP); /* No more input data.  */
 #endif
         }
-    }    
+    }
   return rc;
 }
 
@@ -358,16 +358,16 @@ do_get_from_fd ( const char *keyword, int hidden, int getbool )
 {
   int i, len;
   char *string;
-  
+
   if (statusfp != es_stdout)
     es_fflush (es_stdout);
-  
+
   write_status_text (getbool? STATUS_GET_BOOL :
                      hidden? STATUS_GET_HIDDEN : STATUS_GET_LINE, keyword);
 
-  for (string = NULL, i = len = 200; ; i++ ) 
+  for (string = NULL, i = len = 200; ; i++ )
     {
-      if (i >= len-1 ) 
+      if (i >= len-1 )
         {
           char *save = string;
           len += 100;
@@ -380,7 +380,7 @@ do_get_from_fd ( const char *keyword, int hidden, int getbool )
       /* Fixme: why not use our read_line function here? */
       if ( myread( opt.command_fd, string+i, 1) != 1 || string[i] == '\n'  )
         break;
-      else if ( string[i] == CONTROL_D ) 
+      else if ( string[i] == CONTROL_D )
         {
           /* Found ETX - Cancel the line and return a sole ETX.  */
           string[0] = CONTROL_D;
diff --git a/g10/dearmor.c b/g10/dearmor.c
index 04b9e61bf..e83447103 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -130,5 +130,3 @@ enarmor_file( const char *fname )
     release_armor_context (afx);
     return rc;
 }
-
-
diff --git a/g10/decrypt.c b/g10/decrypt.c
index 48d5e84f7..e8c4563a6 100644
--- a/g10/decrypt.c
+++ b/g10/decrypt.c
@@ -52,7 +52,7 @@ decrypt_message (ctrl_t ctrl, const char *filename)
   int no_out = 0;
 
   pfx = new_progress_context ();
-  
+
   /* Open the message file.  */
   fp = iobuf_open (filename);
   if (fp && is_secured_file (iobuf_get_fd (fp)))
@@ -111,7 +111,7 @@ decrypt_message_fd (ctrl_t ctrl, int input_fd, int output_fd)
     return gpg_error (GPG_ERR_BUG);
 
   pfx = new_progress_context ();
-  
+
   /* Open the message file.  */
   fp = iobuf_open_fd_or_name (input_fd, NULL, "rb");
   if (fp && is_secured_file (iobuf_get_fd (fp)))
@@ -123,7 +123,7 @@ decrypt_message_fd (ctrl_t ctrl, int input_fd, int output_fd)
   if (!fp)
     {
       char xname[64];
-      
+
       err = gpg_error_from_syserror ();
       snprintf (xname, sizeof xname, "[fd %d]", input_fd);
       log_error (_("can't open `%s': %s\n"), xname, gpg_strerror (err));
@@ -173,12 +173,12 @@ void
 decrypt_messages (ctrl_t ctrl, int nfiles, char *files[])
 {
   IOBUF fp;
-  armor_filter_context_t *afx = NULL;  
+  armor_filter_context_t *afx = NULL;
   progress_filter_context_t *pfx;
   char *p, *output = NULL;
   int rc=0,use_stdin=0;
   unsigned int lno=0;
-  
+
   if (opt.outfile)
     {
       log_error(_("--output doesn't work for this command\n"));
@@ -222,7 +222,7 @@ decrypt_messages (ctrl_t ctrl, int nfiles, char *files[])
       if(filename==NULL)
 	break;
 
-      print_file_status(STATUS_FILE_START, filename, 3);      
+      print_file_status(STATUS_FILE_START, filename, 3);
       output = make_outfile_name(filename);
       if (!output)
         goto next_file;
@@ -267,7 +267,7 @@ decrypt_messages (ctrl_t ctrl, int nfiles, char *files[])
       reset_literals_seen();
     }
 
-  set_next_passphrase(NULL);  
+  set_next_passphrase(NULL);
   release_armor_context (afx);
   release_progress_context (pfx);
 }
diff --git a/g10/delkey.c b/g10/delkey.c
index 62c75632b..978549826 100644
--- a/g10/delkey.c
+++ b/g10/delkey.c
@@ -92,7 +92,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
 
     pk = node->pkt->pkt.public_key;
     keyid_from_pk( pk, keyid );
-    
+
     if (!force)
       {
         if (have_secret_key_with_kid (keyid))
@@ -181,7 +181,7 @@ delete_keys( strlist_t names, int secret, int allow_both )
 
     for(;names;names=names->next) {
        rc = do_delete_key (names->d, secret, force, &avail );
-       if ( rc && avail ) { 
+       if ( rc && avail ) {
 	 if ( allow_both ) {
 	   rc = do_delete_key (names->d, 1, 0, &avail );
 	   if ( !rc )
diff --git a/g10/exec.c b/g10/exec.c
index 2803812dc..56e49ec34 100644
--- a/g10/exec.c
+++ b/g10/exec.c
@@ -17,7 +17,7 @@
  * along with this program; if not, see .
  */
 
-/* 
+/*
    FIXME: We should replace most code in this module by our
    spawn implementation from common/exechelp.c.
  */
@@ -50,7 +50,7 @@
 #include "exec.h"
 
 #ifdef NO_EXEC
-int 
+int
 exec_write(struct exec_info **info,const char *program,
 	       const char *args_in,const char *name,int writeonly,int binary)
 {
@@ -71,7 +71,7 @@ set_exec_path(const char *path) { return G10ERR_GENERAL; }
 /* This is a nicer system() for windows that waits for programs to
    return before returning control to the caller.  I hate helpful
    computers. */
-static int 
+static int
 w32_system(const char *command)
 {
 #ifdef HAVE_W32CE_SYSTEM
@@ -107,7 +107,7 @@ w32_system(const char *command)
 #endif
 
 /* Replaces current $PATH */
-int 
+int
 set_exec_path(const char *path)
 {
 #ifdef HAVE_W32CE_SYSTEM
@@ -134,7 +134,7 @@ set_exec_path(const char *path)
 }
 
 /* Makes a temp directory and filenames */
-static int 
+static int
 make_tempdir(struct exec_info *info)
 {
   char *tmp=opt.temp_dir,*namein=info->name,*nameout;
@@ -216,7 +216,7 @@ make_tempdir(struct exec_info *info)
 
 /* Expands %i and %o in the args to the full temp files within the
    temp directory. */
-static int 
+static int
 expand_args(struct exec_info *info,const char *args_in)
 {
   const char *ch = args_in;
@@ -305,7 +305,7 @@ expand_args(struct exec_info *info,const char *args_in)
    If there are args, but no tempfiles, then it's a fork/exec/pipe via
    shell -c.  If there are tempfiles, then it's a system. */
 
-int 
+int
 exec_write(struct exec_info **info,const char *program,
            const char *args_in,const char *name,int writeonly,int binary)
 {
@@ -607,7 +607,7 @@ exec_finish(struct exec_info *info)
 	    log_info(_("WARNING: unable to remove tempfile (%s) `%s': %s\n"),
 		     "in",info->tempfile_in,strerror(errno));
 	}
-  
+
       if(info->tempfile_out)
 	{
 	  if(unlink(info->tempfile_out)==-1)
diff --git a/g10/filter.h b/g10/filter.h
index 923cfdadf..18a9170f8 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -121,7 +121,7 @@ typedef struct {
     unsigned long last;		/* last amount reported */
     unsigned long offset;	/* current amount */
     unsigned long total;	/* total amount */
-    int  refcount;              
+    int  refcount;
 } progress_filter_context_t;
 
 /* encrypt_filter_context_t defined in main.h */
diff --git a/g10/free-packet.c b/g10/free-packet.c
index 3b186561e..267568478 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -29,7 +29,7 @@
 #include "packet.h"
 #include "../common/iobuf.h"
 #include "cipher.h"
-#include "options.h" 
+#include "options.h"
 
 
 void
@@ -79,7 +79,7 @@ void
 release_public_key_parts (PKT_public_key *pk)
 {
   int n, i;
-  
+
   if (pk->seckey_info)
     n = pubkey_get_nskey (pk->pubkey_algo);
   else
@@ -143,7 +143,7 @@ cp_subpktarea (subpktarea_t *s )
 }
 
 /*
- * Return a copy of the preferences 
+ * Return a copy of the preferences
  */
 prefitem_t *
 copy_prefs (const prefitem_t *prefs)
@@ -153,7 +153,7 @@ copy_prefs (const prefitem_t *prefs)
 
     if (!prefs)
         return NULL;
-    
+
     for (n=0; prefs[n].type; n++)
         ;
     new = xmalloc ( sizeof (*new) * (n+1));
@@ -175,11 +175,11 @@ PKT_public_key *
 copy_public_key (PKT_public_key *d, PKT_public_key *s)
 {
   int n, i;
-  
+
   if (!d)
     d = xmalloc (sizeof *d);
   memcpy (d, s, sizeof *d);
-  d->seckey_info = NULL; 
+  d->seckey_info = NULL;
   d->user_id = scopy_user_id (s->user_id);
   d->prefs = copy_prefs (s->prefs);
 
@@ -187,7 +187,7 @@ copy_public_key (PKT_public_key *d, PKT_public_key *s)
   i = 0;
   if (!n)
     d->pkey[i++] = mpi_copy (s->pkey[0]);
-  else 
+  else
     {
       for (; i < n; i++ )
         d->pkey[i] = mpi_copy( s->pkey[i] );
@@ -213,7 +213,7 @@ static pka_info_t *
 cp_pka_info (const pka_info_t *s)
 {
   pka_info_t *d = xmalloc (sizeof *s + strlen (s->email));
-  
+
   d->valid = s->valid;
   d->checked = s->checked;
   d->uri = s->uri? xstrdup (s->uri):NULL;
diff --git a/g10/getkey.c b/g10/getkey.c
index 65f5829dc..6464f9e0f 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1139,7 +1139,7 @@ get_seckeyblock_byfprint (kbnode_t *ret_keyblock,
 
 
 
-/* The new function to return a key.  
+/* The new function to return a key.
    FIXME: Document it.  */
 gpg_error_t
 getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
@@ -1157,11 +1157,11 @@ getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
  * NULL the found keyblock is stored at this address.  WANT_SECRET
  * passed as true requires that a secret key is available for the
  * selected key.
- * 
+ *
  * If WANT_SECRET is true and NAME is NULL and a default key has been
  * defined that defined key is used.  In all other cases the first
- * available key is used. 
- * 
+ * available key is used.
+ *
  * FIXME: Explain what is up with unusable keys.
  *
  * FIXME: We also have the get_pubkey_byname function which has a
@@ -1184,7 +1184,7 @@ getkey_byname (getkey_ctx_t *retctx, PKT_public_key *pk,
 
   err = key_byname (retctx, namelist, pk, want_secret, with_unusable,
                     ret_keyblock, NULL);
-  
+
   /* FIXME: Check that we really return GPG_ERR_NO_SECKEY if
      WANT_SECRET has been used.  */
 
@@ -2486,7 +2486,7 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret)
       release_kbnode (ctx->keyblock);
       ctx->keyblock = NULL;
     }
-  
+
 found:
   if (rc && rc != -1)
     log_error ("keydb_search failed: %s\n", g10_errstr (rc));
@@ -2562,7 +2562,7 @@ enum_secret_keys (void **context, PKT_public_key *sk)
       while (!c->keyblock)
         {
           /* Loop over the list of secret keys.  */
-          do 
+          do
             {
               name = NULL;
               switch (c->state)
@@ -2572,12 +2572,12 @@ enum_secret_keys (void **context, PKT_public_key *sk)
                     name = opt.def_secret_key;
                   c->state = 1;
                   break;
-                  
+
                 case 1: /* Init list of keys to try.  */
                   c->sl = opt.secret_keys_to_try;
                   c->state++;
                   break;
-                  
+
                 case 2: /* Get next item from list.  */
                   if (c->sl)
                     {
@@ -2588,7 +2588,7 @@ enum_secret_keys (void **context, PKT_public_key *sk)
                     c->state++;
                   break;
 
-                default: /* No more names to check - stop.  */  
+                default: /* No more names to check - stop.  */
                   c->eof = 1;
                   return gpg_error (GPG_ERR_EOF);
                 }
@@ -2607,7 +2607,7 @@ enum_secret_keys (void **context, PKT_public_key *sk)
           else
             c->node = c->keyblock;
         }
-      
+
       /* Get the next key from the current keyblock.  */
       for (; c->node; c->node = c->node->next)
 	{
diff --git a/g10/gpg.c b/g10/gpg.c
index 6daa144be..8326ee7e3 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -304,7 +304,7 @@ enum cmd_and_opt_values
     oNoAllowNonSelfsignedUID,
     oAllowFreeformUID,
     oNoAllowFreeformUID,
-    oAllowSecretKeyImport,                      
+    oAllowSecretKeyImport,
     oEnableSpecialFilenames,
     oNoLiteral,
     oSetFilesize,
@@ -395,7 +395,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
   ARGPARSE_c (aKeygen,	   "gen-key",  N_("generate a new key pair")),
   ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
-  ARGPARSE_c (aDeleteKeys,"delete-keys", 
+  ARGPARSE_c (aDeleteKeys,"delete-keys",
               N_("remove keys from the public keyring")),
   ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
               N_("remove keys from the secret keyring")),
@@ -408,9 +408,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aExport, "export"           , N_("export keys") ),
   ARGPARSE_c (aSendKeys, "send-keys"     , N_("export keys to a key server") ),
   ARGPARSE_c (aRecvKeys, "recv-keys"     , N_("import keys from a key server") ),
-  ARGPARSE_c (aSearchKeys, "search-keys" , 
+  ARGPARSE_c (aSearchKeys, "search-keys" ,
               N_("search for keys on a key server") ),
-  ARGPARSE_c (aRefreshKeys, "refresh-keys", 
+  ARGPARSE_c (aRefreshKeys, "refresh-keys",
               N_("update all keys from a keyserver")),
   ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
   ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
@@ -600,7 +600,7 @@ static ARGPARSE_OPTS opts[] = {
   /* More hidden commands and options. */
   ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
   ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
-  /* Not yet used: 
+  /* Not yet used:
      ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
   ARGPARSE_c (aDeleteSecretAndPublicKeys,
               "delete-secret-and-public-keys", "@"),
@@ -624,8 +624,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
   ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
   ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
-  ARGPARSE_s_n (oNoOptions, "no-options", "@"), 
-  ARGPARSE_s_s (oHomedir, "homedir", "@"), 
+  ARGPARSE_s_n (oNoOptions, "no-options", "@"),
+  ARGPARSE_s_s (oHomedir, "homedir", "@"),
   ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
   ARGPARSE_s_n (oWithColons, "with-colons", "@"),
   ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
@@ -738,8 +738,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
   ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
   ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
-  
-  ARGPARSE_s_n (oAllowMultisigVerification, 
+
+  ARGPARSE_s_n (oAllowMultisigVerification,
                 "allow-multisig-verification", "@"),
   ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
   ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
@@ -794,7 +794,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
 {
   const char *s;
   char *result;
-  
+
   if (maybe_setuid)
     {
       gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
@@ -864,14 +864,14 @@ my_strusage( int level )
 	break;
       case 35:
 	if( !ciphers )
-	    ciphers = build_list(_("Cipher: "), 'S', 
+	    ciphers = build_list(_("Cipher: "), 'S',
                                  openpgp_cipher_algo_name,
                                  openpgp_cipher_test_algo );
 	p = ciphers;
 	break;
       case 36:
 	if( !digests )
-	    digests = build_list(_("Hash: "), 'H', 
+	    digests = build_list(_("Hash: "), 'H',
                                  gcry_md_algo_name,
                                  openpgp_md_test_algo );
 	p = digests;
@@ -971,7 +971,7 @@ static void
 set_opt_session_env (const char *name, const char *value)
 {
   gpg_error_t err;
-  
+
   err = session_env_setenv (opt.session_env, name, value);
   if (err)
     log_fatal ("error setting session environment: %s\n",
@@ -1005,7 +1005,7 @@ set_debug (const char *level)
       /* Unless the "guru" string has been used we don't want to allow
          hashing debugging.  The rationale is that people tend to
          select the highest debug value and would then clutter their
-         disk with debug files which may reveal confidential data.  */ 
+         disk with debug files which may reveal confidential data.  */
       if (numok)
         opt.debug &= ~(DBG_HASHING_VALUE);
     }
@@ -1029,17 +1029,17 @@ set_debug (const char *level)
 
   if (opt.debug)
     log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
-              (opt.debug & DBG_PACKET_VALUE )? " packet":"",    
-              (opt.debug & DBG_MPI_VALUE    )? " mpi":"",    
-              (opt.debug & DBG_CIPHER_VALUE )? " cipher":"",    
-              (opt.debug & DBG_FILTER_VALUE )? " filter":"", 
-              (opt.debug & DBG_IOBUF_VALUE  )? " iobuf":"", 
-              (opt.debug & DBG_MEMORY_VALUE )? " memory":"", 
-              (opt.debug & DBG_CACHE_VALUE  )? " cache":"", 
-              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", 
-              (opt.debug & DBG_TRUST_VALUE  )? " trust":"", 
-              (opt.debug & DBG_HASHING_VALUE)? " hashing":"", 
-              (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"", 
+              (opt.debug & DBG_PACKET_VALUE )? " packet":"",
+              (opt.debug & DBG_MPI_VALUE    )? " mpi":"",
+              (opt.debug & DBG_CIPHER_VALUE )? " cipher":"",
+              (opt.debug & DBG_FILTER_VALUE )? " filter":"",
+              (opt.debug & DBG_IOBUF_VALUE  )? " iobuf":"",
+              (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+              (opt.debug & DBG_CACHE_VALUE  )? " cache":"",
+              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
+              (opt.debug & DBG_TRUST_VALUE  )? " trust":"",
+              (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
+              (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"",
               (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"",
               (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"");
 }
@@ -1102,7 +1102,7 @@ open_info_file (const char *fname, int for_write, int binary)
   (void)for_write;
   (void)binary;
   return -1;
-#else 
+#else
   int fd;
 
   if (binary)
@@ -1128,7 +1128,7 @@ open_info_file (const char *fname, int for_write, int binary)
   if ( fd == -1)
     log_error ( for_write? _("can't create `%s': %s\n")
                          : _("can't open `%s': %s\n"), fname, strerror(errno));
-  
+
   return fd;
 #endif
 }
@@ -1572,7 +1572,7 @@ list_config(char *items)
 	  es_printf ("\n");
 	  any=1;
 	}
-      
+
       if(show_all || ascii_strcasecmp(name,"compress")==0)
 	{
 	  es_printf ("cfg:compress:");
@@ -1839,7 +1839,7 @@ get_default_configname (void)
       if (configname)
 	{
 	  char *tok;
-	  
+
 	  xfree (configname);
 	  configname = NULL;
 
@@ -1850,13 +1850,13 @@ get_default_configname (void)
 	  else
 	    break;
 	}
-      
+
       configname = make_filename (opt.homedir, name, NULL);
     }
   while (access (configname, R_OK));
 
   xfree(name);
-  
+
   if (! configname)
     configname = make_filename (opt.homedir, "gpg" EXTSEP_S "conf", NULL);
   if (! access (configname, R_OK))
@@ -2065,7 +2065,7 @@ main (int argc, char **argv)
 
     /* Initialize the secure memory. */
     if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
-      got_secmem = 1; 
+      got_secmem = 1;
 #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
     /* There should be no way to get to this spot while still carrying
        setuid privs.  Just in case, bomb out if we are. */
@@ -2083,7 +2083,7 @@ main (int argc, char **argv)
     assuan_set_malloc_hooks (&malloc_hooks);
     assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
     setup_libassuan_logging (&opt.debug);
- 
+
     /* Try for a version specific config file first */
     default_configname = get_default_configname ();
     if (default_config)
@@ -2142,55 +2142,55 @@ main (int argc, char **argv)
       {
 	switch( pargs.r_opt )
 	  {
-	  case aCheckKeys: 
+	  case aCheckKeys:
 	  case aListConfig:
           case aGPGConfList:
           case aGPGConfTest:
 	  case aListPackets:
-	  case aImport: 
-	  case aFastImport: 
-	  case aSendKeys: 
-	  case aRecvKeys: 
+	  case aImport:
+	  case aFastImport:
+	  case aSendKeys:
+	  case aRecvKeys:
 	  case aSearchKeys:
 	  case aRefreshKeys:
 	  case aFetchKeys:
-	  case aExport: 
+	  case aExport:
 #ifdef ENABLE_CARD_SUPPORT
           case aCardStatus:
-          case aCardEdit: 
+          case aCardEdit:
           case aChangePIN:
 #endif /* ENABLE_CARD_SUPPORT*/
-	  case aListKeys: 
+	  case aListKeys:
 	  case aLocateKeys:
-	  case aListSigs: 
-	  case aExportSecret: 
-	  case aExportSecretSub: 
+	  case aListSigs:
+	  case aExportSecret:
+	  case aExportSecretSub:
 	  case aSym:
-	  case aClearsign: 
-	  case aGenRevoke: 
-	  case aDesigRevoke: 
-	  case aPrimegen: 
+	  case aClearsign:
+	  case aGenRevoke:
+	  case aDesigRevoke:
+	  case aPrimegen:
 	  case aGenRandom:
 	  case aPrintMD:
-	  case aPrintMDs: 
-	  case aListTrustDB: 
+	  case aPrintMDs:
+	  case aListTrustDB:
 	  case aCheckTrustDB:
-	  case aUpdateTrustDB: 
-	  case aFixTrustDB: 
-	  case aListTrustPath: 
-	  case aDeArmor: 
-	  case aEnArmor: 
-	  case aSign: 
-	  case aSignKey: 
+	  case aUpdateTrustDB:
+	  case aFixTrustDB:
+	  case aListTrustPath:
+	  case aDeArmor:
+	  case aEnArmor:
+	  case aSign:
+	  case aSignKey:
 	  case aLSignKey:
-	  case aStore: 
-	  case aExportOwnerTrust: 
-	  case aImportOwnerTrust: 
+	  case aStore:
+	  case aExportOwnerTrust:
+	  case aImportOwnerTrust:
           case aRebuildKeydbCaches:
             set_cmd (&cmd, pargs.r_opt);
             break;
 
-	  case aKeygen: 
+	  case aKeygen:
 	  case aEditKey:
 	  case aDeleteSecretKeys:
 	  case aDeleteSecretAndPublicKeys:
@@ -2240,7 +2240,7 @@ main (int argc, char **argv)
           case oNoUseAgent:
 	    obsolete_option (configname, configlineno, "--no-use-agent");
             break;
-	  case oGpgAgentInfo: 
+	  case oGpgAgentInfo:
 	    obsolete_option (configname, configlineno, "--gpg-agent-info");
             break;
 
@@ -2308,12 +2308,12 @@ main (int argc, char **argv)
 	  case oNoArmor: opt.no_armor=1; opt.armor=0; break;
 	  case oNoDefKeyring: default_keyring = 0; break;
 	  case oNoGreeting: nogreeting = 1; break;
-	  case oNoVerbose: 
+	  case oNoVerbose:
             opt.verbose = 0;
             gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
             opt.list_sigs=0;
             break;
-          case oQuickRandom: 
+          case oQuickRandom:
             gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
             break;
 	  case oEmitVersion: opt.no_version=0; break;
@@ -2343,7 +2343,7 @@ main (int argc, char **argv)
 	  case oWithColons: opt.with_colons=':'; break;
 
           case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
-          case oWithSigList: opt.list_sigs = 1; break;  
+          case oWithSigList: opt.list_sigs = 1; break;
 
 	  case oSkipVerify: opt.skip_verify=1; break;
 
@@ -2535,7 +2535,7 @@ main (int argc, char **argv)
             any_explicit_recipient = 1;
 	    break;
 
-	  case oTrySecretKey: 
+	  case oTrySecretKey:
 	    add_to_strlist2 (&opt.secret_keys_to_try,
                              pargs.r.ret_str, utf8_strings);
 	    break;
@@ -2599,7 +2599,7 @@ main (int argc, char **argv)
 	  case oCommandFile:
             opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
             break;
-	  case oCipherAlgo: 
+	  case oCipherAlgo:
             def_cipher_string = xstrdup(pargs.r.ret_str);
             break;
 	  case oDigestAlgo:
@@ -2629,12 +2629,12 @@ main (int argc, char **argv)
 		compress_algo_string = xstrdup(pargs.r.ret_str);
 	    }
 	    break;
-	  case oCertDigestAlgo: 
+	  case oCertDigestAlgo:
             cert_digest_string = xstrdup(pargs.r.ret_str);
             break;
 
-	  case oNoSecmemWarn: 
-            gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); 
+	  case oNoSecmemWarn:
+            gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
             break;
 
 	  case oRequireSecmem: require_secmem=1; break;
@@ -2864,7 +2864,7 @@ main (int argc, char **argv)
 		log_error (_("could not parse keyserver URL\n"));
 	      else
 		free_keyserver_spec (keyserver);
-              
+
 	      opt.def_keyserver_url = pargs.r.ret_str;
 	    }
 	    break;
@@ -2907,8 +2907,8 @@ main (int argc, char **argv)
 	      }
 	    break;
 
-	  case oStrict: 
-	  case oNoStrict: 
+	  case oStrict:
+	  case oNoStrict:
 	    /* Not used */
             break;
 
@@ -2933,8 +2933,8 @@ main (int argc, char **argv)
             opt.exit_on_status_write_error = 1;
             break;
 
-	  case oLimitCardInsertTries: 
-            opt.limit_card_insert_tries = pargs.r.ret_int; 
+	  case oLimitCardInsertTries:
+            opt.limit_card_insert_tries = pargs.r.ret_int;
             break;
 
 	  case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
@@ -2968,7 +2968,7 @@ main (int argc, char **argv)
 
           case oFakedSystemTime:
             {
-              time_t faked_time = isotime2epoch (pargs.r.ret_str); 
+              time_t faked_time = isotime2epoch (pargs.r.ret_str);
               if (faked_time == (time_t)(-1))
                 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
               gnupg_set_time (faked_time, 0);
@@ -2977,7 +2977,7 @@ main (int argc, char **argv)
 
 	  case oNoop: break;
 
-	  default: 
+	  default:
             pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
             break;
 	  }
@@ -3085,13 +3085,13 @@ main (int argc, char **argv)
     if (gnupg_faked_time_p ())
       {
         gnupg_isotime_t tbuf;
-        
+
         log_info (_("WARNING: running with faked system time: "));
         gnupg_get_isotime (tbuf);
         dump_isotime (tbuf);
         log_printf ("\n");
       }
-    
+
 
     gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
 
@@ -3396,12 +3396,12 @@ main (int argc, char **argv)
        avoid adding the secret keyring for a couple of commands to
        avoid unneeded access in case the secrings are stored on a
        floppy.
-       
+
        We always need to add the keyrings if we are running under
        SELinux, this is so that the rings are added to the list of
        secured files. */
-    if( ALWAYS_ADD_KEYRINGS 
-        || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) ) 
+    if( ALWAYS_ADD_KEYRINGS
+        || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
       {
 	if (!nrings || default_keyring)  /* Add default ring. */
 	    keydb_add_resource ("pubring" EXTSEP_S "gpg", 4);
@@ -3444,11 +3444,11 @@ main (int argc, char **argv)
 
     switch (cmd)
       {
-      case aStore: 
-      case aSym:  
-      case aSign: 
-      case aSignSym: 
-      case aClearsign: 
+      case aStore:
+      case aSym:
+      case aSign:
+      case aSignSym:
+      case aClearsign:
         if (!opt.quiet && any_explicit_recipient)
           log_info (_("WARNING: recipients (-r) given "
                       "without using public key encryption\n"));
@@ -3613,7 +3613,7 @@ main (int argc, char **argv)
 	      log_error("decrypt_message failed: %s\n", g10_errstr(rc) );
 	  }
 	break;
-            
+
       case aSignKey:
 	if( argc != 1 )
 	  wrong_args(_("--sign-key user-id"));
@@ -3986,7 +3986,7 @@ main (int argc, char **argv)
 	    wrong_args("--import-ownertrust [file]");
 	import_ownertrust( argc? *argv:NULL );
 	break;
-      
+
       case aRebuildKeydbCaches:
         if (argc)
             wrong_args ("--rebuild-keydb-caches");
@@ -4103,7 +4103,7 @@ g10_exit( int rc )
     gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
 
   emergency_cleanup ();
-  
+
   rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
   exit (rc);
 }
@@ -4197,14 +4197,14 @@ print_hashline( gcry_md_hd_t md, int algo, const char *fname )
 {
   int i, n;
   const byte *p;
-    
+
   if ( fname )
     {
-      for (p = fname; *p; p++ ) 
+      for (p = fname; *p; p++ )
         {
           if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
             es_printf ("%%%02X", *p );
-          else 
+          else
             es_putc (*p, es_stdout);
         }
     }
@@ -4212,7 +4212,7 @@ print_hashline( gcry_md_hd_t md, int algo, const char *fname )
   es_printf ("%d:", algo);
   p = gcry_md_read (md, algo);
   n = gcry_md_get_algo_dlen (algo);
-  for(i=0; i < n ; i++, p++ ) 
+  for(i=0; i < n ; i++, p++ )
     es_printf ("%02X", *p);
   es_fputs (":\n", es_stdout);
 }
@@ -4269,7 +4269,7 @@ print_mds( const char *fname, int algo )
     else {
 	gcry_md_final (md);
         if ( opt.with_colons ) {
-            if ( algo ) 
+            if ( algo )
                 print_hashline( md, algo, fname );
             else {
                 print_hashline( md, GCRY_MD_MD5, fname );
@@ -4368,7 +4368,7 @@ add_policy_url( const char *string, int which )
     sl=add_to_strlist( &opt.sig_policy_url, string );
 
   if(critical)
-    sl->flags |= 1;    
+    sl->flags |= 1;
 }
 
 static void
@@ -4401,5 +4401,5 @@ add_keyserver_url( const char *string, int which )
     sl=add_to_strlist( &opt.sig_keyserver_url, string );
 
   if(critical)
-    sl->flags |= 1;    
+    sl->flags |= 1;
 }
diff --git a/g10/gpg.h b/g10/gpg.h
index 29db15a45..693f2ccda 100644
--- a/g10/gpg.h
+++ b/g10/gpg.h
@@ -17,7 +17,7 @@
  * along with this program; if not, see .
  */
 #ifndef GNUPG_G10_GPG_H
-#define GNUPG_G10_GPG_H 
+#define GNUPG_G10_GPG_H
 
 /* Note, that this file should be the first one after the system
    header files.  This is required to set the error source to the
@@ -41,8 +41,8 @@
 #define MAX_FINGERPRINT_LEN 20
 
 
-/* 
-   Forward declarations. 
+/*
+   Forward declarations.
  */
 
 /* Object used to keep state locally to server.c . */
@@ -73,7 +73,7 @@ struct server_control_s
 
 
 
-/* 
+/*
      Compatibility stuff to be faded out over time.
  */
 
@@ -84,46 +84,46 @@ struct server_control_s
 /* Mapping of the old error codes to the gpg-error ones.  Fixme: This
    is just a temporary solution: We need to do all these gpg_error()
    calls in the code.  */
-#define G10ERR_BAD_KEY         GPG_ERR_BAD_KEY          
-#define G10ERR_BAD_PASS        GPG_ERR_BAD_PASS         
-#define G10ERR_BAD_PUBKEY      GPG_ERR_BAD_PUBKEY       
+#define G10ERR_BAD_KEY         GPG_ERR_BAD_KEY
+#define G10ERR_BAD_PASS        GPG_ERR_BAD_PASS
+#define G10ERR_BAD_PUBKEY      GPG_ERR_BAD_PUBKEY
 #define G10ERR_BAD_SIGN        GPG_ERR_BAD_SIGNATURE
-#define G10ERR_BAD_URI         GPG_ERR_BAD_URI          
-#define G10ERR_CHECKSUM        GPG_ERR_CHECKSUM         
-#define G10ERR_CIPHER_ALGO     GPG_ERR_CIPHER_ALGO      
-#define G10ERR_CLOSE_FILE      GPG_ERR_CLOSE_FILE       
-#define G10ERR_COMPR_ALGO      GPG_ERR_COMPR_ALGO       
-#define G10ERR_CREATE_FILE     GPG_ERR_CREATE_FILE      
-#define G10ERR_DIGEST_ALGO     GPG_ERR_DIGEST_ALGO      
+#define G10ERR_BAD_URI         GPG_ERR_BAD_URI
+#define G10ERR_CHECKSUM        GPG_ERR_CHECKSUM
+#define G10ERR_CIPHER_ALGO     GPG_ERR_CIPHER_ALGO
+#define G10ERR_CLOSE_FILE      GPG_ERR_CLOSE_FILE
+#define G10ERR_COMPR_ALGO      GPG_ERR_COMPR_ALGO
+#define G10ERR_CREATE_FILE     GPG_ERR_CREATE_FILE
+#define G10ERR_DIGEST_ALGO     GPG_ERR_DIGEST_ALGO
 #define G10ERR_FILE_EXISTS     GPG_ERR_EEXIST
-#define G10ERR_GENERAL         GPG_ERR_GENERAL          
-#define G10ERR_INV_ARG         GPG_ERR_INV_ARG          
-#define G10ERR_INV_KEYRING     GPG_ERR_INV_KEYRING      
-#define G10ERR_INV_USER_ID     GPG_ERR_INV_USER_ID      
-#define G10ERR_INVALID_ARMOR   GPG_ERR_INV_ARMOR    
-#define G10ERR_INVALID_PACKET  GPG_ERR_INV_PACKET   
-#define G10ERR_KEYRING_OPEN    GPG_ERR_KEYRING_OPEN     
-#define G10ERR_KEYSERVER       GPG_ERR_KEYSERVER        
-#define G10ERR_NO_DATA         GPG_ERR_NO_DATA          
-#define G10ERR_NO_PUBKEY       GPG_ERR_NO_PUBKEY        
-#define G10ERR_NO_SECKEY       GPG_ERR_NO_SECKEY        
-#define G10ERR_NO_USER_ID      GPG_ERR_NO_USER_ID       
-#define G10ERR_NOT_PROCESSED   GPG_ERR_NOT_PROCESSED    
-#define G10ERR_OPEN_FILE       GPG_ERR_OPEN_FILE        
-#define G10ERR_PASSPHRASE      GPG_ERR_PASSPHRASE       
-#define G10ERR_PUBKEY_ALGO     GPG_ERR_PUBKEY_ALGO      
-#define G10ERR_READ_FILE       GPG_ERR_READ_FILE        
-#define G10ERR_RENAME_FILE     GPG_ERR_RENAME_FILE      
-#define G10ERR_RESOURCE_LIMIT  GPG_ERR_RESOURCE_LIMIT   
-#define G10ERR_SIG_CLASS       GPG_ERR_SIG_CLASS        
-#define G10ERR_TIME_CONFLICT   GPG_ERR_TIME_CONFLICT 
-#define G10ERR_TRUSTDB         GPG_ERR_TRUSTDB          
-#define G10ERR_UNEXPECTED      GPG_ERR_UNEXPECTED       
-#define G10ERR_UNKNOWN_PACKET  GPG_ERR_UNKNOWN_PACKET   
-#define G10ERR_UNSUPPORTED     GPG_ERR_UNSUPPORTED      
-#define G10ERR_UNU_PUBKEY      GPG_ERR_UNUSABLE_PUBKEY       
-#define G10ERR_UNU_SECKEY      GPG_ERR_UNUSABLE_SECKEY       
-#define G10ERR_WRONG_SECKEY    GPG_ERR_WRONG_SECKEY        
+#define G10ERR_GENERAL         GPG_ERR_GENERAL
+#define G10ERR_INV_ARG         GPG_ERR_INV_ARG
+#define G10ERR_INV_KEYRING     GPG_ERR_INV_KEYRING
+#define G10ERR_INV_USER_ID     GPG_ERR_INV_USER_ID
+#define G10ERR_INVALID_ARMOR   GPG_ERR_INV_ARMOR
+#define G10ERR_INVALID_PACKET  GPG_ERR_INV_PACKET
+#define G10ERR_KEYRING_OPEN    GPG_ERR_KEYRING_OPEN
+#define G10ERR_KEYSERVER       GPG_ERR_KEYSERVER
+#define G10ERR_NO_DATA         GPG_ERR_NO_DATA
+#define G10ERR_NO_PUBKEY       GPG_ERR_NO_PUBKEY
+#define G10ERR_NO_SECKEY       GPG_ERR_NO_SECKEY
+#define G10ERR_NO_USER_ID      GPG_ERR_NO_USER_ID
+#define G10ERR_NOT_PROCESSED   GPG_ERR_NOT_PROCESSED
+#define G10ERR_OPEN_FILE       GPG_ERR_OPEN_FILE
+#define G10ERR_PASSPHRASE      GPG_ERR_PASSPHRASE
+#define G10ERR_PUBKEY_ALGO     GPG_ERR_PUBKEY_ALGO
+#define G10ERR_READ_FILE       GPG_ERR_READ_FILE
+#define G10ERR_RENAME_FILE     GPG_ERR_RENAME_FILE
+#define G10ERR_RESOURCE_LIMIT  GPG_ERR_RESOURCE_LIMIT
+#define G10ERR_SIG_CLASS       GPG_ERR_SIG_CLASS
+#define G10ERR_TIME_CONFLICT   GPG_ERR_TIME_CONFLICT
+#define G10ERR_TRUSTDB         GPG_ERR_TRUSTDB
+#define G10ERR_UNEXPECTED      GPG_ERR_UNEXPECTED
+#define G10ERR_UNKNOWN_PACKET  GPG_ERR_UNKNOWN_PACKET
+#define G10ERR_UNSUPPORTED     GPG_ERR_UNSUPPORTED
+#define G10ERR_UNU_PUBKEY      GPG_ERR_UNUSABLE_PUBKEY
+#define G10ERR_UNU_SECKEY      GPG_ERR_UNUSABLE_SECKEY
+#define G10ERR_WRONG_SECKEY    GPG_ERR_WRONG_SECKEY
 
 
 #endif /*GNUPG_G10_GPG_H*/
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 569601e89..9f46ab39c 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -57,7 +57,7 @@ enum cmd_and_opt_values {
   oVerbose	  = 'v',
   oBatch	  = 500,
   oKeyring,
-  oIgnoreTimeConflict,                      
+  oIgnoreTimeConflict,
   oStatusFD,
   oLoggerFD,
   oHomedir,
@@ -67,10 +67,10 @@ enum cmd_and_opt_values {
 
 static ARGPARSE_OPTS opts[] = {
   ARGPARSE_group (300, N_("@\nOptions:\n ")),
-  
+
   ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
   ARGPARSE_s_n (oQuiet,   "quiet",   N_("be somewhat more quiet")),
-  ARGPARSE_s_s (oKeyring, "keyring", 
+  ARGPARSE_s_s (oKeyring, "keyring",
                 N_("|FILE|take the keys from the keyring FILE")),
   ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict",
                 N_("make timestamp conflicts only a warning")),
@@ -92,7 +92,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
 {
   const char *s;
   char *result;
-  
+
   s = getfnc (NULL);
   result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
   strcpy (stpcpy (stpcpy (result, libname), " "), s);
@@ -143,14 +143,14 @@ main( int argc, char **argv )
   strlist_t nrings = NULL;
   unsigned configlineno;
   ctrl_t ctrl;
-  
+
   set_strusage (my_strusage);
   log_set_prefix ("gpgv", 1);
-  
+
   /* Make sure that our subsystems are ready.  */
   i18n_init();
   init_common_subsystems (&argc, &argv);
-  
+
   gnupg_init_signals (0, NULL);
 
   opt.command_fd = -1; /* no command fd */
@@ -164,7 +164,7 @@ main( int argc, char **argv )
   tty_no_terminal(1);
   tty_batchmode(1);
   disable_dotlock();
-  
+
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags=  1;  /* do not remove the args */
@@ -173,14 +173,14 @@ main( int argc, char **argv )
       switch (pargs.r_opt)
         {
         case oQuiet: opt.quiet = 1; break;
-        case oVerbose: 
-          opt.verbose++; 
+        case oVerbose:
+          opt.verbose++;
           opt.list_sigs=1;
           gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
           break;
         case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
         case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
-        case oLoggerFD: 
+        case oLoggerFD:
           log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
           break;
         case oHomedir: opt.homedir = pargs.r.ret_str; break;
@@ -188,7 +188,7 @@ main( int argc, char **argv )
         default : pargs.err = ARGPARSE_PRINT_ERROR; break;
 	}
     }
-  
+
   if (log_get_errorcount (0))
     g10_exit(2);
 
@@ -200,14 +200,14 @@ main( int argc, char **argv )
     keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8);
   for (sl = nrings; sl; sl = sl->next)
     keydb_add_resource (sl->d, 8);
-   
+
   FREE_STRLIST (nrings);
 
   ctrl = xcalloc (1, sizeof *ctrl);
-    
+
   if ((rc = verify_signatures (ctrl, argc, argv)))
     log_error("verify signatures failed: %s\n", g10_errstr(rc) );
-  
+
   xfree (ctrl);
 
   /* cleanup */
@@ -225,7 +225,7 @@ g10_exit( int rc )
 
 
 /* Stub:
- * We have to override the trustcheck from pkclist.c becuase 
+ * We have to override the trustcheck from pkclist.c becuase
  * this utility assumes that all keys in the keyring are trustworthy
  */
 int
@@ -237,7 +237,7 @@ check_signatures_trust( PKT_signature *sig )
 
 void
 read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
-		   byte *marginals, byte *completes, byte *cert_depth) 
+		   byte *marginals, byte *completes, byte *cert_depth)
 {
   (void)trust_model;
   (void)created;
@@ -247,7 +247,7 @@ read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
   (void)cert_depth;
 }
 
-/* Stub: 
+/* Stub:
  * We don't have the trustdb , so we have to provide some stub functions
  * instead
  */
@@ -260,7 +260,7 @@ cache_disabled_value(PKT_public_key *pk)
 }
 
 void
-check_trustdb_stale(void) 
+check_trustdb_stale(void)
 {
 }
 
@@ -319,7 +319,7 @@ struct keyserver_spec *
 keyserver_match (struct keyserver_spec *spec)
 {
   (void)spec;
-  return NULL; 
+  return NULL;
 }
 
 int
@@ -334,7 +334,7 @@ int
 keyserver_import_cert (const char *name)
 {
   (void)name;
-  return -1; 
+  return -1;
 }
 
 int
@@ -413,7 +413,7 @@ check_secret_key (PKT_public_key *pk, int n)
 }
 
 /* Stub:
- * No secret key, so no passphrase needed 
+ * No secret key, so no passphrase needed
  */
 DEK *
 passphrase_to_dek (u32 *keyid, int pubkey_algo,
@@ -441,7 +441,7 @@ passphrase_clear_cache (u32 *keyid, const char *cacheid, int algo)
 }
 
 struct keyserver_spec *
-parse_preferred_keyserver(PKT_signature *sig) 
+parse_preferred_keyserver(PKT_signature *sig)
 {
   (void)sig;
   return NULL;
@@ -458,14 +458,14 @@ parse_keyserver_uri (const char *uri, int require_scheme,
   return NULL;
 }
 
-void 
+void
 free_keyserver_spec (struct keyserver_spec *keyserver)
 {
   (void)keyserver;
 }
 
 /* Stubs to avoid linking to photoid.c */
-void 
+void
 show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk)
 {
   (void)attrs;
@@ -473,7 +473,7 @@ show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk)
   (void)pk;
 }
 
-int 
+int
 parse_image_header (const struct user_attribute *attr, byte *type, u32 *len)
 {
   (void)attr;
@@ -491,7 +491,7 @@ image_type_to_string (byte type, int string)
 }
 
 #ifdef ENABLE_CARD_SUPPORT
-int 
+int
 agent_scd_getattr (const char *name, struct agent_card_info_s *info)
 {
   (void)name;
@@ -501,19 +501,19 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info)
 #endif /* ENABLE_CARD_SUPPORT */
 
 /* We do not do any locking, so use these stubs here */
-void 
+void
 disable_dotlock (void)
 {
 }
 
-dotlock_t 
+dotlock_t
 create_dotlock (const char *file_to_lock)
 {
   (void)file_to_lock;
   return NULL;
 }
 
-void 
+void
 destroy_dotlock (dotlock_t h)
 {
   (void)h;
@@ -534,7 +534,7 @@ release_dotlock (dotlock_t h)
   return 0;
 }
 
-void 
+void
 remove_lockfiles (void)
 {
 }
@@ -563,4 +563,3 @@ agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
   *r_serialno = NULL;
   return gpg_error (GPG_ERR_NO_SECKEY);
 }
-  
diff --git a/g10/helptext.c b/g10/helptext.c
index bf818fa43..f1e01ca93 100644
--- a/g10/helptext.c
+++ b/g10/helptext.c
@@ -77,12 +77,10 @@ display_online_help( const char *keyword )
         need_final_lf = 0;
       xfree (result);
     }
-  else 
+  else
     {
       tty_printf (_("No help available for `%s'"), keyword );
     }
   if (need_final_lf)
     tty_printf("\n");
 }
-
-
diff --git a/g10/kbnode.c b/g10/kbnode.c
index 7309af12a..1a8b91e43 100644
--- a/g10/kbnode.c
+++ b/g10/kbnode.c
@@ -184,7 +184,7 @@ find_next_kbnode( KBNODE node, int pkttype )
     for( node=node->next ; node; node = node->next ) {
 	if( !pkttype )
 	    return node;
-	else if( pkttype == PKT_USER_ID 
+	else if( pkttype == PKT_USER_ID
 		 && (	node->pkt->pkttype == PKT_PUBLIC_KEY
 		     || node->pkt->pkttype == PKT_SECRET_KEY ) )
 	    return NULL;
@@ -338,7 +338,7 @@ move_kbnode( KBNODE *root, KBNODE node, KBNODE where )
 void
 dump_kbnode (KBNODE node)
 {
-  for (; node; node = node->next ) 
+  for (; node; node = node->next )
     {
       const char *s;
       switch (node->pkt->pkttype)
@@ -395,12 +395,12 @@ dump_kbnode (KBNODE node)
           log_printf ("  keyid=%08lX a=%d u=%d %c%c%c%c\n",
                       (ulong)keyid_from_pk( pk, NULL ),
                       pk->pubkey_algo, pk->pubkey_usage,
-                      pk->has_expired? 'e':'.',  
-                      pk->flags.revoked? 'r':'.',  
+                      pk->has_expired? 'e':'.',
+                      pk->flags.revoked? 'r':'.',
                       pk->flags.valid?    'v':'.',
                       pk->flags.mdc?   'm':'.');
         }
-      
+
       log_flush ();
     }
 }
diff --git a/g10/keydb.c b/g10/keydb.c
index 2e90604a0..d9e01dced 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1,5 +1,5 @@
 /* keydb.c - key database dispatcher
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005,
  *               2008, 2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -34,7 +34,7 @@
 #include "main.h" /*try_make_homedir ()*/
 #include "packet.h"
 #include "keyring.h"
-#include "keydb.h" 
+#include "keydb.h"
 #include "i18n.h"
 
 static int active_handles;
@@ -45,7 +45,7 @@ typedef enum {
 } KeydbResourceType;
 #define MAX_KEYDB_RESOURCES 40
 
-struct resource_item 
+struct resource_item
 {
   KeydbResourceType type;
   union {
@@ -91,7 +91,7 @@ maybe_create_keyring (char *filename, int force)
 
   /* If we don't want to create a new file at all, there is no need to
      go any further - bail out right here.  */
-  if (!force) 
+  if (!force)
     return gpg_error (GPG_ERR_ENOENT);
 
   /* First of all we try to create the home directory.  Note, that we
@@ -114,9 +114,9 @@ maybe_create_keyring (char *filename, int force)
   save_slash = *last_slash_in_filename;
   *last_slash_in_filename = 0;
   if (access(filename, F_OK))
-    { 
+    {
       static int tried;
-      
+
       if (!tried)
         {
           tried = 1;
@@ -144,8 +144,8 @@ maybe_create_keyring (char *filename, int force)
       if (opt.verbose)
         log_info ("can't allocate lock for `%s'\n", filename );
 
-      if (!force) 
-        return gpg_error (GPG_ERR_ENOENT); 
+      if (!force)
+        return gpg_error (GPG_ERR_ENOENT);
       else
         return gpg_error (GPG_ERR_GENERAL);
     }
@@ -175,7 +175,7 @@ maybe_create_keyring (char *filename, int force)
   else
     iobuf = iobuf_create (filename);
   umask (oldmask);
-  if (!iobuf) 
+  if (!iobuf)
     {
       rc = gpg_error_from_syserror ();
       log_error ( _("error creating keyring `%s': %s\n"),
@@ -293,7 +293,7 @@ keydb_add_resource (const char *url, int flags)
 	  {
 	    if (used_resources >= MAX_KEYDB_RESOURCES)
 	      rc = G10ERR_RESOURCE_LIMIT;
-	    else 
+	    else
 	      {
 		if(flags&2)
 		  primary_keyring=token;
@@ -338,10 +338,10 @@ keydb_new (void)
 {
   KEYDB_HANDLE hd;
   int i, j;
-  
+
   hd = xmalloc_clear (sizeof *hd);
   hd->found = -1;
-  
+
   assert (used_resources <= MAX_KEYDB_RESOURCES);
   for (i=j=0; i < used_resources; i++)
     {
@@ -362,12 +362,12 @@ keydb_new (void)
         }
     }
   hd->used = j;
-  
+
   active_handles++;
   return hd;
 }
 
-void 
+void
 keydb_release (KEYDB_HANDLE hd)
 {
     int i;
@@ -406,19 +406,19 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
     int idx;
     const char *s = NULL;
 
-    if (!hd) 
+    if (!hd)
         return NULL;
 
-    if ( hd->found >= 0 && hd->found < hd->used) 
+    if ( hd->found >= 0 && hd->found < hd->used)
         idx = hd->found;
-    else if ( hd->current >= 0 && hd->current < hd->used) 
+    else if ( hd->current >= 0 && hd->current < hd->used)
         idx = hd->current;
     else
         idx = 0;
 
     switch (hd->active[idx].type) {
       case KEYDB_RESOURCE_TYPE_NONE:
-        s = NULL; 
+        s = NULL;
         break;
       case KEYDB_RESOURCE_TYPE_KEYRING:
         s = keyring_get_resource_name (hd->active[idx].u.kr);
@@ -430,7 +430,7 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
 
 
 
-static int 
+static int
 lock_all (KEYDB_HANDLE hd)
 {
     int i, rc = 0;
@@ -487,7 +487,7 @@ unlock_all (KEYDB_HANDLE hd)
 /*
  * Return the last found keyring.  Caller must free it.
  * The returned keyblock has the kbode flag bit 0 set for the node with
- * the public key used to locate the keyblock or flag bit 1 set for 
+ * the public key used to locate the keyblock or flag bit 1 set for
  * the user ID node.
  */
 int
@@ -498,7 +498,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
     if (!hd)
         return G10ERR_INV_ARG;
 
-    if ( hd->found < 0 || hd->found >= hd->used) 
+    if ( hd->found < 0 || hd->found >= hd->used)
         return -1; /* nothing found */
 
     switch (hd->active[hd->found].type) {
@@ -513,7 +513,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
     return rc;
 }
 
-/* 
+/*
  * update the current keyblock with KB
  */
 int
@@ -524,7 +524,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
     if (!hd)
         return G10ERR_INV_ARG;
 
-    if ( hd->found < 0 || hd->found >= hd->used) 
+    if ( hd->found < 0 || hd->found >= hd->used)
         return -1; /* nothing found */
 
     if( opt.dry_run )
@@ -548,8 +548,8 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
 }
 
 
-/* 
- * Insert a new KB into one of the resources. 
+/*
+ * Insert a new KB into one of the resources.
  */
 int
 keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
@@ -557,15 +557,15 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
     int rc = -1;
     int idx;
 
-    if (!hd) 
+    if (!hd)
         return G10ERR_INV_ARG;
 
     if( opt.dry_run )
 	return 0;
 
-    if ( hd->found >= 0 && hd->found < hd->used) 
+    if ( hd->found >= 0 && hd->found < hd->used)
         idx = hd->found;
-    else if ( hd->current >= 0 && hd->current < hd->used) 
+    else if ( hd->current >= 0 && hd->current < hd->used)
         idx = hd->current;
     else
         return G10ERR_GENERAL;
@@ -588,7 +588,7 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
 }
 
 
-/* 
+/*
  * The current keyblock will be deleted.
  */
 int
@@ -599,7 +599,7 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
     if (!hd)
         return G10ERR_INV_ARG;
 
-    if ( hd->found < 0 || hd->found >= hd->used) 
+    if ( hd->found < 0 || hd->found >= hd->used)
         return -1; /* nothing found */
 
     if( opt.dry_run )
@@ -626,7 +626,7 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
 /*
  * Locate the default writable key resource, so that the next
  * operation (which is only relevant for inserts) will be done on this
- * resource.  
+ * resource.
  */
 int
 keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
@@ -637,7 +637,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
 
   if (!hd)
     return G10ERR_INV_ARG;
-  
+
   rc = keydb_search_reset (hd); /* this does reset hd->current */
   if (rc)
     return rc;
@@ -661,9 +661,9 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
 	return rc;
     }
 
-  for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++) 
+  for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
     {
-      switch (hd->active[hd->current].type) 
+      switch (hd->active[hd->current].type)
         {
         case KEYDB_RESOURCE_TYPE_NONE:
           BUG();
@@ -674,7 +674,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
           break;
         }
     }
-  
+
   return -1;
 }
 
@@ -685,7 +685,7 @@ void
 keydb_rebuild_caches (int noisy)
 {
   int i, rc;
-  
+
   for (i=0; i < used_resources; i++)
     {
       if (!keyring_is_writable (all_resources[i].token))
@@ -706,10 +706,10 @@ keydb_rebuild_caches (int noisy)
 
 
 
-/* 
+/*
  * Start the next search on this handle right at the beginning
  */
-int 
+int
 keydb_search_reset (KEYDB_HANDLE hd)
 {
     int i, rc = 0;
@@ -717,7 +717,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
     if (!hd)
         return G10ERR_INV_ARG;
 
-    hd->current = 0; 
+    hd->current = 0;
     hd->found = -1;
     /* and reset all resources */
     for (i=0; !rc && i < hd->used; i++) {
@@ -729,15 +729,15 @@ keydb_search_reset (KEYDB_HANDLE hd)
             break;
         }
     }
-    return rc; 
+    return rc;
 }
 
 
-/* 
+/*
  * Search through all keydb resources, starting at the current position,
  * for a keyblock which contains one of the keys described in the DESC array.
  */
-int 
+int
 keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
 	       size_t ndesc, size_t *descindex)
 {
@@ -757,12 +757,12 @@ keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
             break;
         }
         if (rc == -1) /* EOF -> switch to next resource */
-            hd->current++; 
+            hd->current++;
         else if (!rc)
             hd->found = hd->current;
     }
 
-    return rc; 
+    return rc;
 }
 
 int
diff --git a/g10/keydb.h b/g10/keydb.h
index 9ec2496c5..f3a95297a 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -88,7 +88,7 @@ typedef struct keyblock_pos_struct KBPOS;
 /* Structure to hold a couple of public key certificates. */
 typedef struct pk_list *PK_LIST;  /* Deprecated. */
 typedef struct pk_list *pk_list_t;
-struct pk_list 
+struct pk_list
 {
   PK_LIST next;
   PKT_public_key *pk;
@@ -97,7 +97,7 @@ struct pk_list
 
 /* Structure to hold a list of secret key certificates.  */
 typedef struct sk_list *SK_LIST;
-struct sk_list 
+struct sk_list
 {
   SK_LIST next;
   PKT_public_key *pk;
@@ -160,7 +160,7 @@ void release_pk_list (PK_LIST pk_list);
 int  build_pk_list (ctrl_t ctrl,
                     strlist_t rcpts, PK_LIST *ret_pk_list, unsigned use);
 gpg_error_t find_and_check_key (ctrl_t ctrl,
-                                const char *name, unsigned int use, 
+                                const char *name, unsigned int use,
                                 int mark_hidden, pk_list_t *pk_list_addr);
 
 int  algo_available( preftype_t preftype, int algo,
@@ -228,7 +228,7 @@ gpg_error_t get_seckey_byname (PKT_public_key *pk, const char *name);
 
 gpg_error_t get_seckey_byfprint (PKT_public_key *pk,
                                  const byte *fprint, size_t fprint_len);
-gpg_error_t get_seckeyblock_byfprint (kbnode_t *ret_keyblock, 
+gpg_error_t get_seckeyblock_byfprint (kbnode_t *ret_keyblock,
                                       const byte *fprint, size_t fprint_len);
 
 gpg_error_t getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 1bd1aa6ee..973fa8d3f 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -523,7 +523,7 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
 	}
 
   /* Build a list of all signators.
-   *    
+   *
    * We use the CERT flag to request the primary which must always
    * be one which is capable of signing keys.  I can't see a reason
    * why to sign keys using a subkey.  Implementation of USAGE_CERT
@@ -542,7 +542,7 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
       u32 duration = 0, timestamp = 0;
       byte trust_depth = 0, trust_value = 0;
 
-      if (local || nonrevocable || trust 
+      if (local || nonrevocable || trust
           || opt.cert_policy_url || opt.cert_notations)
 	force_v4 = 1;
 
@@ -983,14 +983,14 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
 	  if (local)
 	    {
 	      tty_printf ("\n");
-	      tty_printf 
+	      tty_printf
                 (_("The signature will be marked as non-exportable.\n"));
 	    }
 
 	  if (nonrevocable)
 	    {
 	      tty_printf ("\n");
-	      tty_printf 
+	      tty_printf
                 (_("The signature will be marked as non-revocable.\n"));
 	    }
 
@@ -1134,7 +1134,7 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
 
           pk = node->pkt->pkt.public_key;
           keyid_from_pk (pk, subid);
-          
+
           xfree (hexgrip);
           err = hexkeygrip_from_pk (pk, &hexgrip);
           if (err)
@@ -1165,7 +1165,7 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
     {
       if (node->pkt->pkttype == PKT_PUBLIC_KEY
 	  || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
-        { 
+        {
           char *desc;
 
           pk = node->pkt->pkt.public_key;
@@ -1175,11 +1175,11 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
           err = hexkeygrip_from_pk (pk, &hexgrip);
           if (err)
             goto leave;
-          
+
           desc = gpg_format_keydesc (pk, 0, 1);
           err = agent_passwd (ctrl, hexgrip, desc, &cache_nonce, &passwd_nonce);
           xfree (desc);
-        
+
           if (err)
             log_log ((gpg_err_code (err) == GPG_ERR_CANCELED
                       || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
@@ -1509,7 +1509,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 
   /* See whether we have a matching secret key.  */
   if (seckey_check)
-    { 
+    {
       have_seckey = !agent_probe_any_secret_key (ctrl, keyblock);
       if (have_seckey && !quiet)
 	tty_printf (_("Secret key is available.\n"));
@@ -1818,7 +1818,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	    switch (count_selected_keys (keyblock))
 	      {
 	      case 0:
-		if (cpr_get_answer_is_yes 
+		if (cpr_get_answer_is_yes
                     ("keyedit.keytocard.use_primary",
                      /* TRANSLATORS: Please take care: This is about
                         moving the key and not about removing it.  */
@@ -1981,7 +1981,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 
 	    if (!(n1 = count_selected_uids (keyblock)))
 	      tty_printf (_("You must select at least one user ID.\n"));
-	    else if (cpr_get_answer_is_yes 
+	    else if (cpr_get_answer_is_yes
                      ("keyedit.revoke.uid.okay",
                       n1 > 1 ? _("Really revoke all selected user IDs? (y/N) ")
 		      :        _("Really revoke this user ID? (y/N) ")))
@@ -2793,7 +2793,7 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
 	      if (pk->seckey_info->ivlen == 16
 		  && !memcmp (pk->seckey_info->iv,
                               "\xD2\x76\x00\x01\x24\x01", 6))
-		{	
+		{
                   /* This is an OpenPGP card. */
 		  for (i = 8; i < 14; i++)
 		    {
@@ -2803,7 +2803,7 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
 		    }
 		}
 	      else
-		{ 
+		{
                   /* Unknown card: Print all. */
 		  for (i = 0; i < pk->seckey_info->ivlen; i++)
 		    tty_printf ("%02X", pk->seckey_info->iv[i]);
@@ -3142,21 +3142,21 @@ menu_delsig (KBNODE pub_keyblock)
 
 	  if (valid)
 	    {
-	      okay = cpr_get_answer_yes_no_quit 
+	      okay = cpr_get_answer_yes_no_quit
                 ("keyedit.delsig.valid",
                  _("Delete this good signature? (y/N/q)"));
-              
+
 	      /* Only update trust if we delete a good signature.
 	         The other two cases do not affect trust. */
 	      if (okay)
 		update_trust = 1;
 	    }
 	  else if (inv_sig || other_err)
-	    okay = cpr_get_answer_yes_no_quit 
+	    okay = cpr_get_answer_yes_no_quit
               ("keyedit.delsig.invalid",
                _("Delete this invalid signature? (y/N/q)"));
 	  else if (no_key)
-	    okay = cpr_get_answer_yes_no_quit 
+	    okay = cpr_get_answer_yes_no_quit
               ("keyedit.delsig.unknown",
                _("Delete this unknown signature? (y/N/q)"));
 
@@ -3336,7 +3336,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
 
       tty_printf ("\n");
 
-      answer = cpr_get_utf8 
+      answer = cpr_get_utf8
         ("keyedit.add_revoker",
          _("Enter the user ID of the designated revoker: "));
       if (answer[0] == '\0' || answer[0] == CONTROL_D)
@@ -3529,7 +3529,7 @@ menu_expire (KBNODE pub_keyblock)
 	      if ((mainkey && main_pk->version < 4)
 		  || (!mainkey && sub_pk->version < 4))
 		{
-		  log_info 
+		  log_info
                     (_("You can't change the expiration date of a v3 key\n"));
 		  return 0;
 		}
@@ -3824,7 +3824,7 @@ menu_set_primary_uid (KBNODE pub_keyblock)
 }
 
 
-/* 
+/*
  * Set preferences to new values for the selected user IDs
  */
 static int
@@ -3879,7 +3879,7 @@ menu_set_preferences (KBNODE pub_keyblock)
 		}
 	      else
 		{
-		  /* This is a selfsignature which is to be replaced 
+		  /* This is a selfsignature which is to be replaced
 		   * We have to ignore v3 signatures because they are
 		   * not able to carry the preferences.  */
 		  PKT_signature *newsig;
@@ -4006,7 +4006,7 @@ menu_set_keyserver_url (const char *url, KBNODE pub_keyblock)
 				  " ID \"%s\": ", user);
 		      tty_print_utf8_string (p, plen);
 		      tty_printf ("\n");
-		      if (!cpr_get_answer_is_yes 
+		      if (!cpr_get_answer_is_yes
                           ("keyedit.confirm_keyserver",
                            uri
                            ? _("Are you sure you want to replace it? (y/N) ")
@@ -4537,12 +4537,12 @@ ask_revoke_sig (KBNODE keyblock, KBNODE node)
       tty_printf (_("This signature expired on %s.\n"),
 		  expirestr_from_sig (sig));
       /* Use a different question so we can have different help text */
-      doit = cpr_get_answer_is_yes 
+      doit = cpr_get_answer_is_yes
         ("ask_revoke_sig.expired",
          _("Are you sure you still want to revoke it? (y/N) "));
     }
   else
-    doit = cpr_get_answer_is_yes 
+    doit = cpr_get_answer_is_yes
       ("ask_revoke_sig.one",
        _("Create a revocation certificate for this signature? (y/N) "));
 
@@ -4686,7 +4686,7 @@ menu_revsig (KBNODE keyblock)
   if (!any)
     return 0;			/* none selected */
 
-  if (!cpr_get_answer_is_yes 
+  if (!cpr_get_answer_is_yes
       ("ask_revoke_sig.okay",
        _("Really create the revocation certificates? (y/N) ")))
     return 0;			/* forget it */
@@ -4951,7 +4951,7 @@ menu_revsubkey (KBNODE pub_keyblock)
 	      return changed;
 	    }
 	  changed = 1;		/* we changed the keyblock */
-          
+
 	  pkt = xmalloc_clear (sizeof *pkt);
 	  pkt->pkttype = PKT_SIGNATURE;
 	  pkt->pkt.signature = sig;
diff --git a/g10/keylist.c b/g10/keylist.c
index 1dbd09c39..ba2a954c6 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -239,7 +239,7 @@ status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
   if (len > 256)
     return;
 
-  snprintf (status, sizeof status, 
+  snprintf (status, sizeof status,
             "%d %u %u ", type, flags, (unsigned int) len);
 
   write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
@@ -455,7 +455,7 @@ list_all (int secret)
               if (lastresname != resname)
                 {
                   int i;
-                  
+
                   es_fprintf (es_stdout, "%s\n", resname);
                   for (i = strlen (resname); i; i--)
                     es_putc ('-', es_stdout);
@@ -529,7 +529,7 @@ list_one (strlist_t names, int secret)
     }
   while (!getkey_next (ctx, NULL, &keyblock));
   getkey_end (ctx);
-  
+
   if (opt.check_sigs && !opt.with_colons)
     print_signature_stats (&stats);
 }
@@ -596,7 +596,7 @@ print_capabilities (PKT_public_key *pk, KBNODE keyblock)
 
   if (use & PUBKEY_USAGE_ENC)
     es_putc ('e', es_stdout);
-  
+
   if (use & PUBKEY_USAGE_SIG)
     {
       es_putc ('s', es_stdout);
@@ -661,7 +661,7 @@ print_capabilities (PKT_public_key *pk, KBNODE keyblock)
       if (disabled)
 	es_putc ('D', es_stdout);
     }
-  
+
   es_putc (':', es_stdout);
 }
 
@@ -795,10 +795,10 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
     }
   else
     s2k_char = ' ';
-  
+
   check_trustdb_stale ();
 
-  es_fprintf (es_stdout, "%s%c  %4u%c/%s %s", 
+  es_fprintf (es_stdout, "%s%c  %4u%c/%s %s",
           secret? "sec":"pub",
           s2k_char,
           nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
@@ -921,7 +921,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
             }
           else
             s2k_char = ' ';
-          
+
 	  es_fprintf (es_stdout, "%s%c  %4u%c/%s %s",
                   secret? "ssb":"sub",
                   s2k_char,
@@ -1192,7 +1192,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
 	  if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
 	    dump_attribs (node->pkt->pkt.user_id, pk);
 	  /*
-	   * Fixme: We need a valid flag here too 
+	   * Fixme: We need a valid flag here too
 	   */
 	  str = uid->attrib_data ? "uat" : "uid";
 	  if (uid->is_revoked)
diff --git a/g10/keyring.c b/g10/keyring.c
index d069b1397..12356e23c 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -31,7 +31,7 @@
 #include "util.h"
 #include "keyring.h"
 #include "packet.h"
-#include "keydb.h" 
+#include "keydb.h"
 #include "options.h"
 #include "main.h" /*for check_key_signature()*/
 #include "i18n.h"
@@ -46,11 +46,11 @@ struct off_item {
   /*off_t off;*/
 };
 
-typedef struct off_item **OffsetHashTable; 
+typedef struct off_item **OffsetHashTable;
 
 
 typedef struct keyring_name *KR_NAME;
-struct keyring_name 
+struct keyring_name
 {
   struct keyring_name *next;
   int read_only;
@@ -78,7 +78,7 @@ struct keyring_handle
     int error;
   } current;
   struct {
-    CONST_KR_NAME kr; 
+    CONST_KR_NAME kr;
     off_t offset;
     size_t pk_no;
     size_t uid_no;
@@ -101,7 +101,7 @@ static struct off_item *
 new_offset_item (void)
 {
   struct off_item *k;
-  
+
   k = xmalloc_clear (sizeof *k);
   return k;
 }
@@ -120,7 +120,7 @@ release_offset_items (struct off_item *k)
 }
 #endif
 
-static OffsetHashTable 
+static OffsetHashTable
 new_offset_hash_table (void)
 {
   struct off_item **tbl;
@@ -163,7 +163,7 @@ update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off)
 
   for (k = tbl[(kid[1] & 0x07ff)]; k; k = k->next)
     {
-      if (k->kid[0] == kid[0] && k->kid[1] == kid[1]) 
+      if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
         {
           /*k->off = off;*/
           return;
@@ -193,7 +193,7 @@ update_offset_hash_table_from_kb (OffsetHashTable tbl, KBNODE node, off_t off)
     }
 }
 
-/* 
+/*
  * Register a filename for plain keyring files.  ptr is set to a
  * pointer to be used to create a handles etc, or the already-issued
  * pointer if it has already been registered.  The function returns 1
@@ -215,7 +215,7 @@ keyring_register_filename (const char *fname, int read_only, void **ptr)
             if (read_only)
               kr->read_only = 1;
             *ptr=kr;
-	    return 0; 
+	    return 0;
 	  }
       }
 
@@ -245,11 +245,11 @@ keyring_is_writable (void *token)
 
   return r? (r->read_only || !access (r->fname, W_OK)) : 0;
 }
-    
+
 
 
 /* Create a new handle for the resource associated with TOKEN.
-   
+
    The returned handle must be released using keyring_release (). */
 KEYRING_HANDLE
 keyring_new (void *token)
@@ -258,14 +258,14 @@ keyring_new (void *token)
   KR_NAME resource = token;
 
   assert (resource);
-  
+
   hd = xmalloc_clear (sizeof *hd);
   hd->resource = resource;
   active_handles++;
   return hd;
 }
 
-void 
+void
 keyring_release (KEYRING_HANDLE hd)
 {
     if (!hd)
@@ -292,7 +292,7 @@ keyring_get_resource_name (KEYRING_HANDLE hd)
  * Lock the keyring with the given handle, or unlock if YES is false.
  * We ignore the handle and lock all registered files.
  */
-int 
+int
 keyring_lock (KEYRING_HANDLE hd, int yes)
 {
     KR_NAME kr;
@@ -315,7 +315,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
         }
         if (rc)
             return rc;
-        
+
         /* and now set the locks */
         for (kr=kr_names; kr; kr = kr->next) {
             if (!keyring_is_writable(kr))
@@ -326,7 +326,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
                 log_info ("can't lock `%s'\n", kr->fname );
                 rc = G10ERR_GENERAL;
             }
-            else 
+            else
                 kr->is_locked = 1;
         }
     }
@@ -339,10 +339,10 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
                 ;
             else if (release_dotlock (kr->lockhd))
                 log_info ("can't unlock `%s'\n", kr->fname );
-            else 
+            else
                 kr->is_locked = 0;
         }
-    } 
+    }
 
     return rc;
 }
@@ -352,7 +352,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
 /*
  * Return the last found keyring.  Caller must free it.
  * The returned keyblock has the kbode flag bit 0 set for the node with
- * the public key used to locate the keyblock or flag bit 1 set for 
+ * the public key used to locate the keyblock or flag bit 1 set for
  * the user ID node.
  */
 int
@@ -398,7 +398,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
 	    init_packet (pkt);
 	    continue;
 	}
-	if (rc) {  
+	if (rc) {
             log_error ("keyring_get_keyblock: read error: %s\n",
                        g10_errstr(rc) );
             rc = G10ERR_INV_KEYRING;
@@ -418,17 +418,17 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
         }
 
         in_cert = 1;
-        if (pkt->pkttype == PKT_RING_TRUST) 
+        if (pkt->pkttype == PKT_RING_TRUST)
           {
             /*(this code is duplicated after the loop)*/
-            if ( lastnode 
+            if ( lastnode
                  && lastnode->pkt->pkttype == PKT_SIGNATURE
                  && (pkt->pkt.ring_trust->sigcache & 1) ) {
-                /* This is a ring trust packet with a checked signature 
+                /* This is a ring trust packet with a checked signature
                  * status cache following directly a signature paket.
                  * Set the cache status into that signature packet.  */
                 PKT_signature *sig = lastnode->pkt->pkt.signature;
-                
+
                 sig->flags.checked = 1;
                 sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
             }
@@ -460,7 +460,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
             if (++uid_no == hd->found.uid_no)
               node->flag |= 2;
             break;
-            
+
           default:
             break;
           }
@@ -470,7 +470,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
     }
     set_packet_list_mode(save_mode);
 
-    if (rc == -1 && keyblock) 
+    if (rc == -1 && keyblock)
 	rc = 0; /* got the entire keyblock */
 
     if (rc || !ret_kb)
@@ -478,7 +478,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
     else {
         /*(duplicated form the loop body)*/
         if ( pkt && pkt->pkttype == PKT_RING_TRUST
-             && lastnode 
+             && lastnode
              && lastnode->pkt->pkttype == PKT_SIGNATURE
              && (pkt->pkt.ring_trust->sigcache & 1) ) {
             PKT_signature *sig = lastnode->pkt->pkt.signature;
@@ -492,7 +492,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
     iobuf_close(a);
 
     /* Make sure that future search operations fail immediately when
-     * we know that we are working on a invalid keyring 
+     * we know that we are working on a invalid keyring
      */
     if (rc == G10ERR_INV_KEYRING)
         hd->current.error = rc;
@@ -563,11 +563,11 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
         if (hd->current.kr->read_only)
           return gpg_error (GPG_ERR_EACCES);
       }
-    else 
+    else
         fname = hd->resource? hd->resource->fname:NULL;
 
     if (!fname)
-        return G10ERR_GENERAL; 
+        return G10ERR_GENERAL;
 
     /* Close this one otherwise we will lose the position for
      * a next search.  Fixme: it would be better to adjust the position
@@ -582,7 +582,7 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
       {
         update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
       }
-      
+
     return rc;
 }
 
@@ -631,10 +631,10 @@ keyring_delete_keyblock (KEYRING_HANDLE hd)
 
 
 
-/* 
+/*
  * Start the next search on this handle right at the beginning
  */
-int 
+int
 keyring_search_reset (KEYRING_HANDLE hd)
 {
     assert (hd);
@@ -644,17 +644,17 @@ keyring_search_reset (KEYRING_HANDLE hd)
     hd->current.iobuf = NULL;
     hd->current.eof = 0;
     hd->current.error = 0;
-    
+
     hd->found.kr = NULL;
     hd->found.offset = 0;
-    return 0; 
+    return 0;
 }
 
 
 static int
 prepare_search (KEYRING_HANDLE hd)
 {
-    if (hd->current.error)  
+    if (hd->current.error)
         return hd->current.error; /* still in error state */
 
     if (hd->current.kr && !hd->current.eof) {
@@ -663,7 +663,7 @@ prepare_search (KEYRING_HANDLE hd)
         return 0; /* okay */
     }
 
-    if (!hd->current.kr && hd->current.eof)  
+    if (!hd->current.kr && hd->current.eof)
         return -1; /* still EOF */
 
     if (!hd->current.kr) { /* start search with first keyring */
@@ -675,7 +675,7 @@ prepare_search (KEYRING_HANDLE hd)
         assert (!hd->current.iobuf);
     }
     else { /* EOF */
-        iobuf_close (hd->current.iobuf); 
+        iobuf_close (hd->current.iobuf);
         hd->current.iobuf = NULL;
         hd->current.kr = NULL;
         hd->current.eof = 1;
@@ -833,7 +833,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
     int i;
     const char *s, *se;
 
-    if (mode == KEYDB_SEARCH_MODE_EXACT) { 
+    if (mode == KEYDB_SEARCH_MODE_EXACT) {
 	for (i=0; name[i] && uidlen; i++, uidlen--)
 	    if (uid[i] != name[i])
 		break;
@@ -844,7 +844,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
 	if (ascii_memistr( uid, uidlen, name ))
 	    return 0;
     }
-    else if (   mode == KEYDB_SEARCH_MODE_MAIL 
+    else if (   mode == KEYDB_SEARCH_MODE_MAIL
              || mode == KEYDB_SEARCH_MODE_MAILSUB
              || mode == KEYDB_SEARCH_MODE_MAILEND) {
 	for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
@@ -856,7 +856,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
 		;
 	    if (i < uidlen) {
 		i = se - s;
-		if (mode == KEYDB_SEARCH_MODE_MAIL) { 
+		if (mode == KEYDB_SEARCH_MODE_MAIL) {
 		    if( strlen(name)-2 == i
                         && !ascii_memcasecmp( s, name+1, i) )
 			return 0;
@@ -880,11 +880,11 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
 }
 
 
-/* 
+/*
  * Search through the keyring(s), starting at the current position,
  * for a keyblock which contains one of the keys described in the DESC array.
  */
-int 
+int
 keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
 		size_t ndesc, size_t *descindex)
 {
@@ -903,28 +903,28 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
 
   /* figure out what information we need */
   need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
-  for (n=0; n < ndesc; n++) 
+  for (n=0; n < ndesc; n++)
     {
-      switch (desc[n].mode) 
+      switch (desc[n].mode)
         {
-        case KEYDB_SEARCH_MODE_EXACT: 
+        case KEYDB_SEARCH_MODE_EXACT:
         case KEYDB_SEARCH_MODE_SUBSTR:
         case KEYDB_SEARCH_MODE_MAIL:
         case KEYDB_SEARCH_MODE_MAILSUB:
         case KEYDB_SEARCH_MODE_MAILEND:
           need_uid = 1;
           break;
-        case KEYDB_SEARCH_MODE_WORDS: 
+        case KEYDB_SEARCH_MODE_WORDS:
           need_uid = 1;
           need_words = 1;
           break;
-        case KEYDB_SEARCH_MODE_SHORT_KID: 
+        case KEYDB_SEARCH_MODE_SHORT_KID:
         case KEYDB_SEARCH_MODE_LONG_KID:
           need_keyid = 1;
           break;
-        case KEYDB_SEARCH_MODE_FPR16: 
+        case KEYDB_SEARCH_MODE_FPR16:
         case KEYDB_SEARCH_MODE_FPR20:
-        case KEYDB_SEARCH_MODE_FPR: 
+        case KEYDB_SEARCH_MODE_FPR:
           need_fpr = 1;
           break;
         case KEYDB_SEARCH_MODE_FIRST:
@@ -933,7 +933,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
           break;
         default: break;
 	}
-      if (desc[n].skipfnc) 
+      if (desc[n].skipfnc)
         {
           any_skip = 1;
           need_keyid = 1;
@@ -952,7 +952,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
   else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
     {
       struct off_item *oi;
-            
+
       oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid);
       if (!oi)
         { /* We know that we don't have this key */
@@ -961,9 +961,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
           return -1;
         }
       /* We could now create a positive search status and return.
-       * However the problem is that another instance of gpg may 
+       * However the problem is that another instance of gpg may
        * have changed the keyring so that the offsets are not valid
-       * anymore - therefore we don't do it 
+       * anymore - therefore we don't do it
        */
     }
 
@@ -974,13 +974,13 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
       log_debug ("word search mode does not yet work\n");
       /* FIXME: here is a long standing bug in our function and in addition we
          just use the first search description */
-      for (n=0; n < ndesc && !name; n++) 
+      for (n=0; n < ndesc && !name; n++)
         {
-          if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS) 
+          if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
             name = desc[n].u.name;
         }
       assert (name);
-      if ( !hd->word_match.name || strcmp (hd->word_match.name, name) ) 
+      if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
         {
           /* name changed */
           xfree (hd->word_match.name);
@@ -998,29 +998,29 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
   main_offset = 0;
   pk_no = uid_no = 0;
   initial_skip = 1; /* skip until we see the start of a keyblock */
-  while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid))) 
+  while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid)))
     {
       byte afp[MAX_FINGERPRINT_LEN];
       size_t an;
 
-      if (pkt.pkttype == PKT_PUBLIC_KEY  || pkt.pkttype == PKT_SECRET_KEY) 
+      if (pkt.pkttype == PKT_PUBLIC_KEY  || pkt.pkttype == PKT_SECRET_KEY)
         {
           main_offset = offset;
           pk_no = uid_no = 0;
           initial_skip = 0;
         }
-      if (initial_skip) 
+      if (initial_skip)
         {
           free_packet (&pkt);
           continue;
         }
-	
+
       pk = NULL;
       uid = NULL;
       if (   pkt.pkttype == PKT_PUBLIC_KEY
              || pkt.pkttype == PKT_PUBLIC_SUBKEY
              || pkt.pkttype == PKT_SECRET_KEY
-             || pkt.pkttype == PKT_SECRET_SUBKEY) 
+             || pkt.pkttype == PKT_SECRET_SUBKEY)
         {
           pk = pkt.pkt.public_key;
           ++pk_no;
@@ -1036,31 +1036,31 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
           if (use_offtbl && !kr_offtbl_ready)
             update_offset_hash_table (kr_offtbl, aki, main_offset);
         }
-      else if (pkt.pkttype == PKT_USER_ID) 
+      else if (pkt.pkttype == PKT_USER_ID)
         {
           uid = pkt.pkt.user_id;
           ++uid_no;
         }
 
-      for (n=0; n < ndesc; n++) 
+      for (n=0; n < ndesc; n++)
         {
           switch (desc[n].mode) {
-          case KEYDB_SEARCH_MODE_NONE: 
+          case KEYDB_SEARCH_MODE_NONE:
             BUG ();
             break;
-          case KEYDB_SEARCH_MODE_EXACT: 
+          case KEYDB_SEARCH_MODE_EXACT:
           case KEYDB_SEARCH_MODE_SUBSTR:
           case KEYDB_SEARCH_MODE_MAIL:
           case KEYDB_SEARCH_MODE_MAILSUB:
           case KEYDB_SEARCH_MODE_MAILEND:
-          case KEYDB_SEARCH_MODE_WORDS: 
+          case KEYDB_SEARCH_MODE_WORDS:
             if ( uid && !compare_name (desc[n].mode,
                                        desc[n].u.name,
-                                       uid->name, uid->len)) 
+                                       uid->name, uid->len))
               goto found;
             break;
-                
-          case KEYDB_SEARCH_MODE_SHORT_KID: 
+
+          case KEYDB_SEARCH_MODE_SHORT_KID:
             if (pk && desc[n].u.kid[1] == aki[1])
               goto found;
             break;
@@ -1074,19 +1074,19 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
               goto found;
             break;
           case KEYDB_SEARCH_MODE_FPR20:
-          case KEYDB_SEARCH_MODE_FPR: 
+          case KEYDB_SEARCH_MODE_FPR:
             if (pk && !memcmp (desc[n].u.fpr, afp, 20))
               goto found;
             break;
-          case KEYDB_SEARCH_MODE_FIRST: 
+          case KEYDB_SEARCH_MODE_FIRST:
             if (pk)
               goto found;
             break;
-          case KEYDB_SEARCH_MODE_NEXT: 
+          case KEYDB_SEARCH_MODE_NEXT:
             if (pk)
               goto found;
             break;
-          default: 
+          default:
             rc = G10ERR_INV_ARG;
             goto found;
           }
@@ -1098,7 +1098,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
 	 meaningful if this function returns with no errors. */
       if(descindex)
 	*descindex=n;
-      for (n=any_skip?0:ndesc; n < ndesc; n++) 
+      for (n=any_skip?0:ndesc; n < ndesc; n++)
         {
           if (desc[n].skipfnc
               && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid))
@@ -1124,11 +1124,11 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
       if (use_offtbl && !kr_offtbl_ready)
         {
           KR_NAME kr;
-          
+
           /* First set the did_full_scan flag for this keyring.  */
           for (kr=kr_names; kr; kr = kr->next)
             {
-              if (hd->resource == kr) 
+              if (hd->resource == kr)
                 {
                   kr->did_full_scan = 1;
                   break;
@@ -1138,14 +1138,14 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
              offtbl ready */
           for (kr=kr_names; kr; kr = kr->next)
             {
-              if (!kr->did_full_scan) 
+              if (!kr->did_full_scan)
                 break;
             }
           if (!kr)
             kr_offtbl_ready = 1;
         }
     }
-  else 
+  else
     hd->current.error = rc;
 
   free_packet(&pkt);
@@ -1157,7 +1157,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
 static int
 create_tmp_file (const char *template,
                  char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
-{  
+{
   char *bakfname, *tmpfname;
   mode_t oldmask;
 
@@ -1181,7 +1181,7 @@ create_tmp_file (const char *template,
       strcpy (tmpfname,template);
       strcpy (tmpfname+strlen(template)-4, EXTSEP_S "tmp");
     }
-    else 
+    else
       { /* file does not end with gpg; hmmm */
 	bakfname = xmalloc (strlen( template ) + 5);
 	strcpy (stpcpy(bakfname, template), EXTSEP_S "bak");
@@ -1215,7 +1215,7 @@ create_tmp_file (const char *template,
         xfree (bakfname);
 	return rc;
       }
-    
+
     *r_bakfname = bakfname;
     *r_tmpfname = tmpfname;
     return 0;
@@ -1247,7 +1247,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname)
                  fname, bakfname, strerror(errno) );
       return rc;
     }
-  
+
   /* then rename the file */
 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
   gnupg_remove( fname );
@@ -1289,10 +1289,10 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
 {
   KBNODE kbctx = NULL, node;
   int rc;
-  
-  while ( (node = walk_kbnode (keyblock, &kbctx, 0)) ) 
+
+  while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
     {
-      if (node->pkt->pkttype == PKT_RING_TRUST) 
+      if (node->pkt->pkttype == PKT_RING_TRUST)
         continue; /* we write it later on our own */
 
       if ( (rc = build_packet (fp, node->pkt) ))
@@ -1301,12 +1301,12 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
                      node->pkt->pkttype, g10_errstr(rc) );
           return rc;
         }
-      if (node->pkt->pkttype == PKT_SIGNATURE) 
+      if (node->pkt->pkttype == PKT_SIGNATURE)
         { /* always write a signature cache packet */
           PKT_signature *sig = node->pkt->pkt.signature;
           unsigned int cacheval = 0;
-          
-          if (sig->flags.checked) 
+
+          if (sig->flags.checked)
             {
               cacheval |= 1;
               if (sig->flags.valid)
@@ -1315,7 +1315,7 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
           iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/
           iobuf_put (fp, 2);    /* 2 bytes */
           iobuf_put (fp, 0);    /* unused */
-          if (iobuf_put (fp, cacheval)) 
+          if (iobuf_put (fp, cacheval))
             {
               rc = gpg_error_from_syserror ();
               log_error ("writing sigcache packet failed\n");
@@ -1326,7 +1326,7 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
   return 0;
 }
 
-/* 
+/*
  * Walk over all public keyrings, check the signatures and replace the
  * keyring with a new one where the signature cache is then updated.
  * This is only done for the public keyrings.
@@ -1371,7 +1371,7 @@ keyring_rebuild_cache (void *token,int noisy)
                * the original file is closed */
               tmpfp = NULL;
             }
-          rc = lastresname? rename_tmp_file (bakfilename, tmpfilename, 
+          rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
                                              lastresname) : 0;
           xfree (tmpfilename);  tmpfilename = NULL;
           xfree (bakfilename);  bakfilename = NULL;
@@ -1384,10 +1384,10 @@ keyring_rebuild_cache (void *token,int noisy)
           if (rc)
             goto leave;
         }
-      
+
       release_kbnode (keyblock);
       rc = keyring_get_keyblock (hd, &keyblock);
-      if (rc) 
+      if (rc)
         {
           log_error ("keyring_get_keyblock failed: %s\n", g10_errstr(rc));
           goto leave;
@@ -1431,7 +1431,7 @@ keyring_rebuild_cache (void *token,int noisy)
               sigcount++;
             }
         }
-      
+
       /* write the keyblock to the temporary file */
       rc = write_keyblock (tmpfp, keyblock);
       if (rc)
@@ -1441,10 +1441,10 @@ keyring_rebuild_cache (void *token,int noisy)
         log_info(_("%lu keys cached so far (%lu signatures)\n"),
                  count, sigcount );
 
-    } /* end main loop */ 
+    } /* end main loop */
   if (rc == -1)
     rc = 0;
-  if (rc) 
+  if (rc)
     {
       log_error ("keyring_search failed: %s\n", g10_errstr(rc));
       goto leave;
@@ -1472,8 +1472,8 @@ keyring_rebuild_cache (void *token,int noisy)
  leave:
   if (tmpfp)
     iobuf_cancel (tmpfp);
-  xfree (tmpfilename);  
-  xfree (bakfilename);  
+  xfree (tmpfilename);
+  xfree (bakfilename);
   release_kbnode (keyblock);
   keyring_lock (hd, 0);
   keyring_release (hd);
@@ -1496,13 +1496,13 @@ do_copy (int mode, const char *fname, KBNODE root,
     char *bakfname = NULL;
     char *tmpfname = NULL;
 
-    /* Open the source file. Because we do a rename, we have to check the 
+    /* Open the source file. Because we do a rename, we have to check the
        permissions of the file */
     if (access (fname, W_OK))
       return gpg_error_from_syserror ();
 
     fp = iobuf_open (fname);
-    if (mode == 1 && !fp && errno == ENOENT) { 
+    if (mode == 1 && !fp && errno == ENOENT) {
 	/* insert mode but file does not exist: create a new file */
 	KBNODE kbctx, node;
 	mode_t oldmask;
diff --git a/g10/main.h b/g10/main.h
index 920d82c97..9548731fc 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -124,7 +124,7 @@ char *pct_expando(const char *string,struct expando_args *args);
 void deprecated_warning(const char *configname,unsigned int configlineno,
 			const char *option,const char *repl1,const char *repl2);
 void deprecated_command (const char *name);
-void obsolete_option (const char *configname, unsigned int configlineno, 
+void obsolete_option (const char *configname, unsigned int configlineno,
                       const char *name);
 
 int string_to_cipher_algo (const char *string);
@@ -272,14 +272,14 @@ void try_make_homedir( const char *fname );
 /*-- seskey.c --*/
 void make_session_key( DEK *dek );
 gcry_mpi_t encode_session_key( int openpgp_pk_algo, DEK *dek, unsigned nbits );
-gcry_mpi_t encode_md_value (PKT_public_key *pk, 
+gcry_mpi_t encode_md_value (PKT_public_key *pk,
                             gcry_md_hd_t md, int hash_algo );
 
 /*-- import.c --*/
 int parse_import_options(char *str,unsigned int *options,int noisy);
 void import_keys (ctrl_t ctrl, char **fnames, int nnames,
 		  void *stats_hd, unsigned int options);
-int import_keys_stream (ctrl_t ctrl, iobuf_t inp, void *stats_hd, 
+int import_keys_stream (ctrl_t ctrl, iobuf_t inp, void *stats_hd,
                         unsigned char **fpr,
 			size_t *fpr_len, unsigned int options);
 int import_keys_es_stream (ctrl_t ctrl, estream_t fp, void *stats_handle,
@@ -298,7 +298,7 @@ int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options );
 int export_pubkeys_stream (ctrl_t ctrl, iobuf_t out, strlist_t users,
 			   kbnode_t *keyblock_out, unsigned int options );
 gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec,
-                                  unsigned int options, 
+                                  unsigned int options,
                                   kbnode_t *r_keyblock,
                                   void **r_data, size_t *r_datalen);
 int export_seckeys (ctrl_t ctrl, strlist_t users);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index dcbc4b45a..2ad941603 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -63,15 +63,15 @@ struct mainproc_context
   md_filter_context_t mfx;
   int sigs_only;    /* Process only signatures and reject all other stuff. */
   int encrypt_only; /* Process only encryption messages. */
-    
+
   /* Name of the file with the complete signature or the file with the
      detached signature.  This is currently only used to deduce the
      file name of the data file if that has not been given. */
   const char *sigfilename;
-  
+
   /* A structure to describe the signed data in case of a detached
      signature. */
-  struct 
+  struct
   {
     /* A file descriptor of the the signed data.  Only used if not -1. */
     int data_fd;
@@ -82,7 +82,7 @@ struct mainproc_context
        is used.  This is only needed for better readability. */
     int used;
   } signed_data;
-  
+
   DEK *dek;
   int last_was_session_key;
   KBNODE list;      /* The current list of packets. */
@@ -147,7 +147,7 @@ add_gpg_control( CTX c, PACKET *pkt )
         /* New clear text signature.
          * Process the last one and reset everything */
         release_list(c);
-    }   
+    }
 
     if( c->list )  /* add another packet */
         add_kbnode( c->list, new_kbnode( pkt ));
@@ -261,7 +261,7 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
   /*log_hexdump( "thekey", dek->key, dek->keylen );*/
 
   return 0;
-}   
+}
 
 static void
 proc_symkey_enc( CTX c, PACKET *pkt )
@@ -446,7 +446,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
     for( ; list; list = list->next ) {
 	PKT_public_key *pk;
 	const char *algstr;
-        
+
         if ( failed && !list->reason )
             continue;
         if ( !failed && list->reason )
@@ -670,7 +670,7 @@ proc_plaintext( CTX c, PACKET *pkt )
 
             /* check that we have at least the sigclass and one hash */
             if ( datalen < 2 )
-	      log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n"); 
+	      log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
             /* Note that we don't set the clearsig flag for not-dash-escaped
              * documents */
             clearsig = (*data == 0x01);
@@ -724,14 +724,14 @@ proc_plaintext( CTX c, PACKET *pkt )
 	  {
             write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
 	    log_inc_errorcount ();
-	    rc = gpg_error (GPG_ERR_UNEXPECTED); 
+	    rc = gpg_error (GPG_ERR_UNEXPECTED);
 	  }
       }
-    
+
     if(!rc)
       {
         rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
-        if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) 
+        if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
           {
             /* Can't write output but we hash it anyway to check the
                signature. */
@@ -750,7 +750,7 @@ proc_plaintext( CTX c, PACKET *pkt )
     n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
     if (c->list)
         add_kbnode (c->list, n);
-    else 
+    else
         c->list = n;
 }
 
@@ -854,7 +854,7 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig,
              || sig->sig_class == 0x1f
 	     || sig->sig_class == 0x20
 	     || sig->sig_class == 0x28
-	     || sig->sig_class == 0x30	) { 
+	     || sig->sig_class == 0x30	) {
 	if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
 	    || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
 	    return check_key_signature( c->list, node, is_selfsig );
@@ -1112,7 +1112,7 @@ list_node( CTX c, KBNODE node )
 	    switch (gpg_err_code (rc2)) {
 	      case 0:		             sigrc = '!'; break;
 	      case GPG_ERR_BAD_SIGNATURE:    sigrc = '-'; break;
-	      case GPG_ERR_NO_PUBKEY: 
+	      case GPG_ERR_NO_PUBKEY:
 	      case GPG_ERR_UNUSABLE_PUBKEY:  sigrc = '?'; break;
 	      default:		             sigrc = '%'; break;
 	    }
@@ -1124,7 +1124,7 @@ list_node( CTX c, KBNODE node )
 		|| c->list->pkt->pkttype == PKT_SECRET_KEY )
               {
                 keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
-                
+
                 if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
                   is_selfsig = 1;
               }
@@ -1214,7 +1214,7 @@ proc_signature_packets (ctrl_t ctrl, void *anchor, IOBUF a,
        messages, send a NODATA status back and return an error code.
        Using log_error is required because verify_files does not check
        error codes for each file but we want to terminate the process
-       with an error. */ 
+       with an error. */
     if (!rc && !c->any_sig_seen)
       {
 	write_status_text (STATUS_NODATA, "4");
@@ -1258,19 +1258,19 @@ proc_signature_packets_by_fd (ctrl_t ctrl,
      messages, send a NODATA status back and return an error code.
      Using log_error is required because verify_files does not check
      error codes for each file but we want to terminate the process
-     with an error. */ 
+     with an error. */
   if (!rc && !c->any_sig_seen)
     {
       write_status_text (STATUS_NODATA, "4");
       log_error (_("no signature found\n"));
       rc = gpg_error (GPG_ERR_NO_DATA);
     }
-  
+
   /* Propagate the signature seen flag upward. Do this only on success
      so that we won't issue the nodata status several times. */
   if (!rc && c->anchor && c->any_sig_seen)
     c->anchor->any_sig_seen = 1;
-  
+
   xfree ( c );
   return rc;
 }
@@ -1395,7 +1395,7 @@ do_proc_packets( CTX c, IOBUF a )
          * packet and not to reuse the current one ...  It works right
          * when there is a compression packet inbetween which adds just
          * an extra layer.
-         * Hmmm: Rewrite this whole module here?? 
+         * Hmmm: Rewrite this whole module here??
          */
 	if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
 	    c->have_data = pkt->pkttype == PKT_PLAINTEXT;
@@ -1514,7 +1514,7 @@ check_sig_and_print( CTX c, KBNODE node )
      O{1,n} P S{1,n}  -- standard OpenPGP signature.
      C P S{1,n}       -- cleartext signature.
 
-        
+
           O = One-Pass Signature packet.
           S = Signature packet.
           P = OpenPGP Message packet (Encrypted | Compressed | Literal)
@@ -1526,7 +1526,7 @@ check_sig_and_print( CTX c, KBNODE node )
           C = Marker packet for cleartext signatures.
 
      We reject all other messages.
-     
+
      Actually we are calling this too often, i.e. for verification of
      each message but better have some duplicate work than to silently
      introduce a bug here.
@@ -1540,7 +1540,7 @@ check_sig_and_print( CTX c, KBNODE node )
 
     n = c->list;
     assert (n);
-    if ( n->pkt->pkttype == PKT_SIGNATURE ) 
+    if ( n->pkt->pkttype == PKT_SIGNATURE )
       {
         /* This is either "S{1,n}" case (detached signature) or
            "S{1,n} P" (old style PGP2 signature). */
@@ -1559,7 +1559,7 @@ check_sig_and_print( CTX c, KBNODE node )
         else
           goto ambiguous;
       }
-    else if (n->pkt->pkttype == PKT_ONEPASS_SIG) 
+    else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
       {
         /* This is the "O{1,n} P S{1,n}" case (standard signature). */
         for (n_onepass=1, n = n->next;
@@ -1607,7 +1607,7 @@ check_sig_and_print( CTX c, KBNODE node )
         if (n || !n_sig)
           goto ambiguous;
       }
-    else 
+    else
       {
       ambiguous:
         log_error(_("can't handle this ambiguous signature data\n"));
@@ -1676,19 +1676,19 @@ check_sig_and_print( CTX c, KBNODE node )
 
     /* If the preferred keyserver thing above didn't work, our second
        try is to use the URI from a DNS PKA record. */
-    if ( rc == G10ERR_NO_PUBKEY 
+    if ( rc == G10ERR_NO_PUBKEY
 	 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
          && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
       {
         const char *uri = pka_uri_from_sig (sig);
-        
+
         if (uri)
           {
             /* FIXME: We might want to locate the key using the
                fingerprint instead of the keyid. */
             int res;
             struct keyserver_spec *spec;
-            
+
             spec = parse_keyserver_uri (uri, 1, NULL, 0);
             if (spec)
               {
@@ -1772,7 +1772,7 @@ check_sig_and_print( CTX c, KBNODE node )
             keyid_str[17] = 0; /* cut off the "[uncertain]" part */
             write_status_text_and_buffer (statno, keyid_str,
                                           un->pkt->pkt.user_id->name,
-                                          un->pkt->pkt.user_id->len, 
+                                          un->pkt->pkt.user_id->len,
                                           -1 );
 
 	    p=utf8_to_native(un->pkt->pkt.user_id->name,
@@ -1817,7 +1817,7 @@ check_sig_and_print( CTX c, KBNODE node )
 
             write_status_text_and_buffer (statno, keyid_str,
                                           un? un->pkt->pkt.user_id->name:"[?]",
-                                          un? un->pkt->pkt.user_id->len:3, 
+                                          un? un->pkt->pkt.user_id->len:3,
                                           -1 );
 
 	    if(un)
@@ -1837,7 +1837,7 @@ check_sig_and_print( CTX c, KBNODE node )
 	    log_printf ("\n");
 	}
 
-        /* If we have a good signature and already printed 
+        /* If we have a good signature and already printed
          * the primary user ID, print all the other user IDs */
         if ( count && !rc
              && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
@@ -1934,7 +1934,7 @@ check_sig_and_print( CTX c, KBNODE node )
                 bufp = bufp + strlen (bufp);
                 if (!vpk->flags.primary) {
                    u32 akid[2];
- 
+
                    akid[0] = vpk->main_keyid[0];
                    akid[1] = vpk->main_keyid[1];
                    free_public_key (vpk);
@@ -2097,7 +2097,7 @@ proc_tree( CTX c, KBNODE node )
             log_error (_("not a detached signature\n") );
             return;
         }
-	
+
 	for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
 	    check_sig_and_print( c, n1 );
     }
@@ -2171,7 +2171,7 @@ proc_tree( CTX c, KBNODE node )
 	    if( c->sigs_only ) {
                 if (c->signed_data.used && c->signed_data.data_fd != -1)
                     rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
-                                              c->signed_data.data_fd, 
+                                              c->signed_data.data_fd,
                                               (sig->sig_class == 0x01));
                 else
                     rc = hash_datafiles (c->mfx.md, c->mfx.md2,
diff --git a/g10/mdfilter.c b/g10/mdfilter.c
index a00516456..708bdcdfc 100644
--- a/g10/mdfilter.c
+++ b/g10/mdfilter.c
@@ -72,4 +72,3 @@ free_md_filter_context( md_filter_context_t *mfx )
     mfx->md2 = NULL;
     mfx->maxbuf_size = 0;
 }
-
diff --git a/g10/openfile.c b/g10/openfile.c
index 101a0f1e4..114e0add9 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -70,10 +70,10 @@ overwrite_filep( const char *fname )
 {
   if ( iobuf_is_pipe_filename (fname) )
     return 1; /* Writing to stdout is always okay.  */
-  
+
   if ( access( fname, F_OK ) )
     return 1; /* Does not exist.  */
-  
+
   if ( !compare_filenames (fname, NAME_OF_DEV_NULL) )
     return 1; /* Does not do any harm.  */
 
@@ -140,7 +140,7 @@ ask_outfile_name( const char *name, size_t namelen )
 
   if ( opt.batch )
     return NULL;
-  
+
   defname = name && namelen? make_printable_string (name, namelen, 0) : NULL;
 
   s = _("Enter new filename");
@@ -155,9 +155,9 @@ ask_outfile_name( const char *name, size_t namelen )
   cpr_kill_prompt ();
   tty_disable_completion ();
   xfree (prompt);
-  if ( !*fname ) 
+  if ( !*fname )
     {
-      xfree (fname); 
+      xfree (fname);
       fname = defname;
       defname = NULL;
     }
@@ -188,7 +188,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
   if (inp_fd != -1)
     {
       char xname[64];
-      
+
       *a = iobuf_fdopen_nc (inp_fd, "wb");
       if (!*a)
         {
@@ -202,7 +202,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
           log_info (_("writing to `%s'\n"), xname);
         }
     }
-  else if (iobuf_is_pipe_filename (iname) && !opt.outfile) 
+  else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
     {
       *a = iobuf_create(NULL);
       if ( !*a )
@@ -217,12 +217,12 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
     {
       char *buf = NULL;
       const char *name;
-    
+
       if (opt.dry_run)
         name = NAME_OF_DEV_NULL;
       else if (opt.outfile)
         name = opt.outfile;
-      else 
+      else
         {
 #ifdef USE_ONLY_8DOT3
           if (opt.mangle_dos_filenames)
@@ -238,7 +238,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
 
               newsfx = (mode==1 ? ".asc" :
                         mode==2 ? ".sig" : ".gpg");
-          
+
               buf = xmalloc (strlen(iname)+4+1);
               strcpy (buf, iname);
               dot = strchr (buf, '.' );
@@ -253,14 +253,14 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
           if (!buf)
 #endif /* USE_ONLY_8DOT3 */
             {
-              buf = xstrconcat (iname, 
+              buf = xstrconcat (iname,
                                 (mode==1 ? EXTSEP_S "asc" :
                                  mode==2 ? EXTSEP_S "sig" : EXTSEP_S "gpg"),
                                 NULL);
             }
           name = buf;
         }
-      
+
       rc = 0;
       while ( !overwrite_filep (name) )
         {
@@ -274,7 +274,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
           xfree (buf);
           name = buf = tmp;
         }
-    
+
       if ( !rc )
         {
           if (is_secured_filename (name) )
@@ -294,7 +294,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
         }
       xfree(buf);
     }
-  
+
   if (*a)
     iobuf_ioctl (*a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
 
@@ -400,7 +400,7 @@ copy_options_file( const char *destdir )
                     ;
                 else if (c == '#')
                     esc = 2;
-                else 
+                else
                     any_option = 1;
             }
         }
diff --git a/g10/options.h b/g10/options.h
index cd0140651..e67d0ce04 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -31,7 +31,7 @@
 #if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
 #define EXTERN_UNLESS_MAIN_MODULE extern
 #else
-#define EXTERN_UNLESS_MAIN_MODULE 
+#define EXTERN_UNLESS_MAIN_MODULE
 #endif
 #endif
 
@@ -96,7 +96,7 @@ struct
   int completes_needed;
   int max_cert_depth;
   const char *homedir;
-  const char *agent_program; 
+  const char *agent_program;
 
   /* Options to be passed to the gpg-agent */
   session_env_t session_env;
@@ -202,7 +202,7 @@ struct
 
   /* If > 0, limit the number of card insertion prompts to this
      value. */
-  int limit_card_insert_tries; 
+  int limit_card_insert_tries;
 
 #ifdef ENABLE_CARD_SUPPORT
   /* FIXME: We don't needs this here as it is done in scdaemon. */
@@ -231,8 +231,8 @@ struct
     enum {
       AKL_NODEFAULT,
       AKL_LOCAL,
-      AKL_CERT, 
-      AKL_PKA, 
+      AKL_CERT,
+      AKL_PKA,
       AKL_LDAP,
       AKL_KEYSERVER,
       AKL_SPEC
diff --git a/g10/options.skel b/g10/options.skel
index 534affcd2..87bbd4e3b 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -4,11 +4,11 @@
 # Options for GnuPG
 # Copyright 1998, 1999, 2000, 2001, 2002, 2003,
 #           2010 Free Software Foundation, Inc.
-# 
+#
 # This file is free software; as a special exception the author gives
 # unlimited permission to copy and/or distribute it, with or without
 # modifications, as long as this notice is preserved.
-# 
+#
 # This file is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -203,4 +203,3 @@ keyserver hkp://keys.gnupg.net
 #
 # Use your MIME handler to view photos:
 # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
-
diff --git a/g10/packet.h b/g10/packet.h
index 5411e524a..fa32ab194 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -49,11 +49,11 @@ typedef enum {
 } preftype_t;
 
 typedef struct {
-    byte type; 
+    byte type;
     byte value;
 } prefitem_t;
 
-typedef struct 
+typedef struct
 {
   int  mode;      /* Must be an integer due to the GNU modes 1001 et al.  */
   byte hash_algo;
@@ -114,9 +114,9 @@ typedef struct
 
 
 /* Object to keep information pertaining to a signature. */
-typedef struct 
+typedef struct
 {
-  struct 
+  struct
   {
     unsigned checked:1;         /* Signature has been checked. */
     unsigned valid:1;           /* Signature is good (if checked is set). */
@@ -213,7 +213,7 @@ struct seckey_info
 			/* be decrypted before use, the protected */
 			/* MPIs are simply (void*) pointers to memory */
 			/* and should never be passed to a mpi_xxx() */
-  int sha1chk:1;        /* SHA1 is used instead of a 16 bit checksum */ 
+  int sha1chk:1;        /* SHA1 is used instead of a 16 bit checksum */
   u16 csum;		/* Checksum for old protection modes.  */
   byte algo;            /* Cipher used to protect the secret information. */
   STRING2KEY s2k;       /* S2K parameter.  */
@@ -248,7 +248,7 @@ typedef struct
   byte    pubkey_usage;   /* for now only used to pass it to getkey() */
   byte    req_usage;      /* hack to pass a request to getkey() */
   byte    req_algo;       /* Ditto */
-  u32     has_expired;    /* set to the expiration date if expired */ 
+  u32     has_expired;    /* set to the expiration date if expired */
   u32     main_keyid[2];  /* keyid of the primary key */
   u32     keyid[2];	    /* calculated by keyid_from_pk() */
   prefitem_t *prefs;      /* list of preferences (may be NULL) */
@@ -257,7 +257,7 @@ typedef struct
     unsigned int mdc:1;           /* MDC feature set.  */
     unsigned int disabled_valid:1;/* The next flag is valid.  */
     unsigned int disabled:1;      /* The key has been disabled.  */
-    unsigned int primary:1;       /* This is a primary key.  */ 
+    unsigned int primary:1;       /* This is a primary key.  */
     unsigned int revoked:2;       /* Key has been revoked.
                                      1 = revoked by the owner
                                      2 = revoked by designated revoker.  */
@@ -278,7 +278,7 @@ typedef struct
   const byte *trust_regexp;
   char    *serialno;      /* Malloced hex string or NULL if it is
                              likely not on a card.  See also
-                             flags.serialno_valid.  */  
+                             flags.serialno_valid.  */
   struct seckey_info *seckey_info;  /* If not NULL this malloced
                                        structure describes a secret
                                        key.  */
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 83be15d8c..fc11e9dbe 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -15,7 +15,7 @@
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .  
+ * along with this program; if not, see .
  */
 
 #include 
@@ -1383,7 +1383,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
       n = *buffer++;
       buflen--;
       if (n == 255) /* 4 byte length header.  */
-	{			
+	{
 	  if (buflen < 4)
 	    goto too_short;
 	  n = (buffer[0] << 24) | (buffer[1] << 16)
@@ -1392,7 +1392,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
 	  buflen -= 4;
 	}
       else if (n >= 192) /* 4 byte special encoded length header.  */
-	{			
+	{
 	  if (buflen < 2)
 	    goto too_short;
 	  n = ((n - 192) << 8) + *buffer + 192;
@@ -1511,7 +1511,7 @@ parse_revkeys (PKT_signature * sig)
 						     SIGSUBPKT_REV_KEY,
 						     &len, &seq, NULL)))
     {
-      if (len == sizeof (struct revocation_key) 
+      if (len == sizeof (struct revocation_key)
           && (revkey->class & 0x80))  /* 0x80 bit must be set.  */
 	{
 	  sig->revkey = xrealloc (sig->revkey,
@@ -1574,7 +1574,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
   sig->flags.exportable = 1;
   sig->flags.revocable = 1;
   if (is_v4) /* Read subpackets.  */
-    { 
+    {
       n = read_16 (inp);
       pktlen -= 2;  /* Length of hashed data. */
       if (n > 10000)
@@ -1622,7 +1622,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
     }
 
   if (pktlen < 5)  /* Sanity check.  */
-    {				
+    {
       log_error ("packet(%d) too short\n", pkttype);
       rc = G10ERR_INVALID_PACKET;
       goto leave;
@@ -1634,7 +1634,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
   pktlen--;
 
   if (is_v4 && sig->pubkey_algo)  /* Extract required information.  */
-    {			
+    {
       const byte *p;
       size_t len;
 
@@ -2164,7 +2164,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 		}
 	    }
 	  else /* Old version; no S2K, so we set mode to 0, hash MD5.  */
-	    { 
+	    {
               /* Note that a ski->algo > 110 is illegal, but I'm not
                  erroring on it here as otherwise there would be no
                  way to delete such a key.  */
@@ -2174,7 +2174,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 		es_fprintf (listfp, "\tprotect algo: %d  (hash algo: %d)\n",
                             ski->algo, ski->s2k.hash_algo);
 	    }
-          
+
 	  /* It is really ugly that we don't know the size
 	   * of the IV here in cases we are not aware of the algorithm.
 	   * so a
@@ -2233,8 +2233,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	  if (list_mode)
             es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
 	}
-      else 
-	{	
+      else
+	{
           /* The v3 method: The mpi length is not encrypted.  */
 	  for (i = npkey; i < nskey; i++)
 	    {
@@ -2300,7 +2300,7 @@ parse_attribute_subpkts (PKT_user_id * uid)
       n = *buffer++;
       buflen--;
       if (n == 255)  /* 4 byte length header.  */
-	{			
+	{
 	  if (buflen < 4)
 	    goto too_short;
 	  n = (buffer[0] << 24) | (buffer[1] << 16)
@@ -2309,7 +2309,7 @@ parse_attribute_subpkts (PKT_user_id * uid)
 	  buflen -= 4;
 	}
       else if (n >= 192)  /* 2 byte special encoded length header.  */
-	{			
+	{
 	  if (buflen < 2)
 	    goto too_short;
 	  n = ((n - 192) << 8) + *buffer + 192;
@@ -2835,4 +2835,3 @@ create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
 
   return packet;
 }
-
diff --git a/g10/photoid.c b/g10/photoid.c
index 2d56d80b6..9045f0c16 100644
--- a/g10/photoid.c
+++ b/g10/photoid.c
@@ -21,7 +21,7 @@
 #include 
 #include 
 #include 
-#ifdef _WIN32 
+#ifdef _WIN32
 # include 
 # ifndef VER_PLATFORM_WIN32_WINDOWS
 #  define VER_PLATFORM_WIN32_WINDOWS 1
@@ -121,7 +121,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name)
 	  continue;
 	}
 
-      
+
       len=iobuf_get_filelength(file, &overflow);
       if(len>6144 || overflow)
 	{
diff --git a/g10/pkclist.c b/g10/pkclist.c
index ba36a0ca1..626250ff6 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -47,7 +47,7 @@ send_status_inv_recp (int reason, const char *name)
 
   snprintf (buf, sizeof buf, "%d ", reason);
   write_status_text_and_buffer (STATUS_INV_RECP, buf,
-                                name, strlen (name), 
+                                name, strlen (name),
                                 -1);
 }
 
@@ -170,7 +170,7 @@ show_revocation_reason( PKT_public_key *pk, int mode )
  * mode: 0 = standard
  *       1 = Without key info and additional menu option 'm'
  *           this does also add an option to set the key to ultimately trusted.
- * Returns: 
+ * Returns:
  *      -2 = nothing changed - caller should show some additional info
  *      -1 = quit operation
  *       0 = nothing changed
@@ -206,7 +206,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
        uppercase.  Below you will find the matching strings which
        should be translated accordingly and the letter changed to
        match the one in the answer string.
-    
+
          i = please show me more information
          m = back to the main menu
          s = skip this key
@@ -214,9 +214,9 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
     */
     const char *ans = _("iImMqQsS");
 
-    if( !did_help ) 
+    if( !did_help )
       {
-        if( !mode ) 
+        if( !mode )
           {
             KBNODE keyblock, un;
 
@@ -243,7 +243,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
                 if (un->pkt->pkt.user_id->is_primary
 		    && !un->pkt->pkt.user_id->attrib_data )
 		  continue;
-                
+
 		if((opt.verify_options&VERIFY_SHOW_PHOTOS)
 		   && un->pkt->pkt.user_id->attrib_data)
 		  show_photos (un->pkt->pkt.user_id->attribs,
@@ -255,7 +255,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
 
 		tty_printf(_("  aka \"%s\"\n"),p);
 	      }
-        
+
             print_fingerprint (pk, 2);
             tty_printf("\n");
 	    release_kbnode (keyblock);
@@ -313,7 +313,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
       did_help = 0;
     else if( *p && p[1] )
       ;
-    else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) ) 
+    else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
       {
         unsigned int trust;
         switch( *p )
@@ -339,14 +339,14 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
       }
 #if 0
     /* not yet implemented */
-    else if( *p == ans[0] || *p == ans[1] ) 
+    else if( *p == ans[0] || *p == ans[1] )
       {
         tty_printf(_("Certificates leading to an ultimately trusted key:\n"));
         show = 1;
         break;
       }
 #endif
-    else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) ) 
+    else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) )
       {
         break ; /* back to the menu */
       }
@@ -365,9 +365,9 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
   return show? -2: quit? -1 : changed;
 }
 
-/* 
+/*
  * Display a menu to change the ownertrust of the key PK (which should
- * be a primary key).  
+ * be a primary key).
  * For mode values see do_edit_ownertrust ()
  */
 int
@@ -424,7 +424,7 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
       log_error ("invalid trustlevel %u returned from validation layer\n",
 		 trustlevel);
       /* fall thru */
-    case TRUST_UNKNOWN: 
+    case TRUST_UNKNOWN:
     case TRUST_UNDEFINED:
       log_info(_("%s: There is no assurance this key belongs"
 		 " to the named user\n"),keystr_from_pk(pk));
@@ -474,12 +474,12 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
 
       tty_printf("\n");
 
-      
+
       if (is_status_enabled ())
         {
           u32 kid[2];
           char *hint_str;
-          
+
           keyid_from_pk (pk, kid);
           hint_str = get_long_user_id_string ( kid );
           write_status_text ( STATUS_USERID_HINT, hint_str );
@@ -511,7 +511,7 @@ check_signatures_trust( PKT_signature *sig )
   int rc=0;
 
   rc = get_pubkey( pk, sig->keyid );
-  if (rc) 
+  if (rc)
     { /* this should not happen */
       log_error("Ooops; the key vanished  - can't check the trust\n");
       rc = G10ERR_NO_PUBKEY;
@@ -533,7 +533,7 @@ check_signatures_trust( PKT_signature *sig )
 
   trustlevel = get_validity (pk, NULL);
 
-  if ( (trustlevel & TRUST_FLAG_REVOKED) ) 
+  if ( (trustlevel & TRUST_FLAG_REVOKED) )
     {
       write_status( STATUS_KEYREVOKED );
       if(pk->flags.revoked == 2)
@@ -544,13 +544,13 @@ check_signatures_trust( PKT_signature *sig )
       log_info(_("         This could mean that the signature is forged.\n"));
       show_revocation_reason( pk, 0 );
     }
-  else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) ) 
+  else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
     {
       write_status( STATUS_KEYREVOKED );
       log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
       show_revocation_reason( pk, 0 );
     }
-  
+
   if ((trustlevel & TRUST_FLAG_DISABLED))
     log_info (_("Note: This key has been disabled.\n"));
 
@@ -583,9 +583,9 @@ check_signatures_trust( PKT_signature *sig )
                       "does not match DNS entry\n"), sig->pka_info->email);
         }
 
-      switch ( (trustlevel & TRUST_MASK) ) 
+      switch ( (trustlevel & TRUST_MASK) )
         {
-        case TRUST_UNKNOWN: 
+        case TRUST_UNKNOWN:
         case TRUST_UNDEFINED:
         case TRUST_MARGINAL:
           if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
@@ -607,18 +607,18 @@ check_signatures_trust( PKT_signature *sig )
     }
 
   /* Now let the user know what up with the trustlevel. */
-  switch ( (trustlevel & TRUST_MASK) ) 
+  switch ( (trustlevel & TRUST_MASK) )
     {
     case TRUST_EXPIRED:
       log_info(_("Note: This key has expired!\n"));
       print_fingerprint (pk, 1);
       break;
-        
+
     default:
       log_error ("invalid trustlevel %u returned from validation layer\n",
                  trustlevel);
       /* fall thru */
-    case TRUST_UNKNOWN: 
+    case TRUST_UNKNOWN:
     case TRUST_UNDEFINED:
       write_status( STATUS_TRUST_UNDEFINED );
       log_info(_("WARNING: This key is not certified with"
@@ -670,7 +670,7 @@ void
 release_pk_list (pk_list_t pk_list)
 {
   PK_LIST pk_rover;
-  
+
   for ( ; pk_list; pk_list = pk_rover)
     {
       pk_rover = pk_list->next;
@@ -778,7 +778,7 @@ expand_group(strlist_t input)
    of the key. USE the requested usage and a set MARK_HIDDEN will mark
    the key in the updated list as a hidden recipient. */
 gpg_error_t
-find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, 
+find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
                     int mark_hidden, pk_list_t *pk_list_addr)
 {
   int rc;
@@ -815,7 +815,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
 
   /* Key found and usable.  Check validity. */
   trustlevel = get_validity (pk, pk->user_id);
-  if ( (trustlevel & TRUST_FLAG_DISABLED) ) 
+  if ( (trustlevel & TRUST_FLAG_DISABLED) )
     {
       /* Key has been disabled. */
       send_status_inv_recp (0, name);
@@ -824,7 +824,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
       return G10ERR_UNU_PUBKEY;
     }
 
-  if ( !do_we_trust_pre (pk, trustlevel) ) 
+  if ( !do_we_trust_pre (pk, trustlevel) )
     {
       /* We don't trust this key.  */
       send_status_inv_recp (10, name);
@@ -832,10 +832,10 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
       return G10ERR_UNU_PUBKEY;
     }
   /* Note: do_we_trust may have changed the trustlevel. */
-  
+
   /* Skip the actual key if the key is already present in the
      list.  */
-  if (!key_present_in_pk_list (*pk_list_addr, pk)) 
+  if (!key_present_in_pk_list (*pk_list_addr, pk))
     {
       log_info (_("%s: skipped: public key already present\n"), name);
       free_public_key (pk);
@@ -843,7 +843,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
   else
     {
       pk_list_t r;
-      
+
       r = xtrymalloc (sizeof *r);
       if (!r)
         {
@@ -856,7 +856,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
       r->flags = mark_hidden? 1:0;
       *pk_list_addr = r;
     }
-  
+
   return 0;
 }
 
@@ -901,7 +901,7 @@ build_pk_list (ctrl_t ctrl,
 
   /* Check whether there are any recipients in the list and build the
    * list of the encrypt-to ones (we always trust them). */
-  for ( rov = remusr; rov; rov = rov->next ) 
+  for ( rov = remusr; rov; rov = rov->next )
     {
       if ( !(rov->flags & 1) )
         {
@@ -920,7 +920,7 @@ build_pk_list (ctrl_t ctrl,
               compliance_failure();
             }
         }
-      else if ( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) 
+      else if ( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to )
         {
           /* Encryption has been requested and --encrypt-to has not
              been disabled.  Check this encrypt-to key. */
@@ -931,14 +931,14 @@ build_pk_list (ctrl_t ctrl,
              we pass 1for the second last argument and 1 as the last
              argument to disable AKL. */
           if ( (rc = get_pubkey_byname (ctrl,
-                                        NULL, pk, rov->d, NULL, NULL, 1, 1)) ) 
+                                        NULL, pk, rov->d, NULL, NULL, 1, 1)) )
             {
               free_public_key ( pk ); pk = NULL;
               log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
               send_status_inv_recp (0, rov->d);
               goto fail;
             }
-          else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) ) 
+          else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
             {
               /* Skip the actual key if the key is already present
                * in the list.  Add it to our list if not. */
@@ -970,7 +970,7 @@ build_pk_list (ctrl_t ctrl,
                     }
                 }
             }
-          else 
+          else
             {
               /* The public key is not usable for encryption or not
                  available. */
@@ -984,8 +984,8 @@ build_pk_list (ctrl_t ctrl,
 
   /* If we don't have any recipients yet and we are not in batch mode
      drop into interactive selection mode. */
-  if ( !any_recipients && !opt.batch ) 
-    { 
+  if ( !any_recipients && !opt.batch )
+    {
       int have_def_rec;
       char *answer = NULL;
       strlist_t backlog = NULL;
@@ -997,7 +997,7 @@ build_pk_list (ctrl_t ctrl,
       if ( !have_def_rec )
         tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n"));
 
-      for (;;) 
+      for (;;)
         {
           rc = 0;
           xfree(answer);
@@ -1007,7 +1007,7 @@ build_pk_list (ctrl_t ctrl,
               answer = def_rec;
               def_rec = NULL;
             }
-          else if (backlog) 
+          else if (backlog)
             {
               /* This is part of our trick to expand and display groups. */
               answer = strlist_pop (&backlog);
@@ -1050,8 +1050,8 @@ build_pk_list (ctrl_t ctrl,
               trim_spaces(answer);
               cpr_kill_prompt();
             }
-          
-          if ( !answer || !*answer ) 
+
+          if ( !answer || !*answer )
             {
               xfree(answer);
               break;  /* No more recipients entered - get out of loop. */
@@ -1071,12 +1071,12 @@ build_pk_list (ctrl_t ctrl,
           rc = get_pubkey_byname (ctrl, NULL, pk, answer, NULL, NULL, 0, 0 );
           if (rc)
             tty_printf(_("No such user ID.\n"));
-          else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) ) 
+          else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
             {
               if ( have_def_rec )
                 {
                   /* No validation for a default recipient. */
-                  if (!key_present_in_pk_list(pk_list, pk)) 
+                  if (!key_present_in_pk_list(pk_list, pk))
                     {
                       free_public_key (pk); pk = NULL;
                       log_info (_("skipped: public key "
@@ -1096,13 +1096,13 @@ build_pk_list (ctrl_t ctrl,
               else
                 { /* Check validity of this key. */
                   int trustlevel;
-		    
+
                   trustlevel = get_validity (pk, pk->user_id);
-                  if ( (trustlevel & TRUST_FLAG_DISABLED) ) 
+                  if ( (trustlevel & TRUST_FLAG_DISABLED) )
                     {
                       tty_printf (_("Public key is disabled.\n") );
                     }
-                  else if ( do_we_trust_pre (pk, trustlevel) ) 
+                  else if ( do_we_trust_pre (pk, trustlevel) )
                     {
                       /* Skip the actual key if the key is already
                        * present in the list */
@@ -1134,7 +1134,7 @@ build_pk_list (ctrl_t ctrl,
           pk = NULL;
         }
     }
-  else if ( !any_recipients && (def_rec = default_recipient()) ) 
+  else if ( !any_recipients && (def_rec = default_recipient()) )
     {
       /* We are in batch mode and have only a default recipient. */
       pk = xmalloc_clear( sizeof *pk );
@@ -1145,7 +1145,7 @@ build_pk_list (ctrl_t ctrl,
       rc = get_pubkey_byname (ctrl, NULL, pk, def_rec, NULL, NULL, 1, 1);
       if (rc)
         log_error(_("unknown default recipient \"%s\"\n"), def_rec );
-      else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use)) ) 
+      else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use)) )
         {
           /* Mark any_recipients here since the default recipient
              would have been used if it wasn't already there.  It
@@ -1155,7 +1155,7 @@ build_pk_list (ctrl_t ctrl,
           if (!key_present_in_pk_list(pk_list, pk))
             log_info (_("skipped: public key already set "
                         "as default recipient\n"));
-          else 
+          else
             {
               PK_LIST r = xmalloc( sizeof *r );
               r->pk = pk; pk = NULL;
@@ -1171,11 +1171,11 @@ build_pk_list (ctrl_t ctrl,
         }
       xfree(def_rec); def_rec = NULL;
     }
-  else 
+  else
     {
       /* General case: Check all keys. */
       any_recipients = 0;
-      for (; remusr; remusr = remusr->next ) 
+      for (; remusr; remusr = remusr->next )
         {
           if ( (remusr->flags & 1) )
             continue; /* encrypt-to keys are already handled. */
@@ -1187,14 +1187,14 @@ build_pk_list (ctrl_t ctrl,
           any_recipients = 1;
         }
     }
-  
-  if ( !rc && !any_recipients ) 
+
+  if ( !rc && !any_recipients )
     {
       log_error(_("no valid addressees\n"));
       write_status_text (STATUS_NO_RECP, "0");
       rc = G10ERR_NO_USER_ID;
     }
-  
+
  fail:
 
   if ( rc )
@@ -1233,7 +1233,7 @@ algo_available( preftype_t preftype, int algo, const union pref_hint *hint)
 		  && algo != CIPHER_ALGO_3DES
 		  && algo != CIPHER_ALGO_CAST5))
 	return 0;
-      
+
       if(PGP7 && (algo != CIPHER_ALGO_IDEA
 		  && algo != CIPHER_ALGO_3DES
 		  && algo != CIPHER_ALGO_CAST5
@@ -1439,7 +1439,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 
   if(result==-1)
     {
-      unsigned int best=-1;    
+      unsigned int best=-1;
 
       /* At this point, we have not selected an algorithm due to a
 	 special request or via personal prefs.  Pick the highest
@@ -1497,11 +1497,11 @@ select_mdc_from_pklist (PK_LIST pk_list)
 
   if ( !pk_list )
     return 0;
-  
-  for (pkr = pk_list; pkr; pkr = pkr->next) 
+
+  for (pkr = pk_list; pkr; pkr = pkr->next)
     {
       int mdc;
-      
+
       if (pkr->pk->user_id) /* selected by user ID */
         mdc = pkr->pk->user_id->flags.mdc;
       else
@@ -1518,8 +1518,8 @@ void
 warn_missing_mdc_from_pklist (PK_LIST pk_list)
 {
   PK_LIST pkr;
-  
-  for (pkr = pk_list; pkr; pkr = pkr->next) 
+
+  for (pkr = pk_list; pkr; pkr = pkr->next)
     {
       int mdc;
 
@@ -1537,8 +1537,8 @@ void
 warn_missing_aes_from_pklist (PK_LIST pk_list)
 {
   PK_LIST pkr;
- 
-  for (pkr = pk_list; pkr; pkr = pkr->next) 
+
+  for (pkr = pk_list; pkr; pkr = pkr->next)
     {
       const prefitem_t *prefs;
       int i;
@@ -1548,7 +1548,7 @@ warn_missing_aes_from_pklist (PK_LIST pk_list)
       if (prefs)
         {
           for (i=0; !gotit && prefs[i].type; i++ )
-            if (prefs[i].type == PREFTYPE_SYM 
+            if (prefs[i].type == PREFTYPE_SYM
                 && prefs[i].value == CIPHER_ALGO_AES)
               gotit++;
 	}
diff --git a/g10/plaintext.c b/g10/plaintext.c
index 17f8ea58b..e4e0ea10d 100644
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@@ -71,18 +71,18 @@ handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx,
          status message.  */
       es_fflush (es_stdout);
 
-      snprintf (status, sizeof status, 
+      snprintf (status, sizeof status,
                 "%X %lu ", (byte) pt->mode, (ulong) pt->timestamp);
       write_status_text_and_buffer (STATUS_PLAINTEXT,
 				    status, pt->name, pt->namelen, 0);
-      
+
       if (!pt->is_partial)
 	{
 	  snprintf (status, sizeof status, "%lu", (ulong) pt->len);
 	  write_status_text (STATUS_PLAINTEXT_LENGTH, status);
 	}
     }
-  
+
   /* Create the filename as C string.  */
   if (nooutput)
     ;
@@ -145,14 +145,14 @@ handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx,
 	    {
 	      xfree (tmp);
               /* FIXME: Below used to be G10ERR_CREATE_FILE */
-	      err = gpg_error (GPG_ERR_GENERAL);	
+	      err = gpg_error (GPG_ERR_GENERAL);
 	      goto leave;
 	    }
 	  xfree (fname);
 	  fname = tmp;
 	}
     }
-  
+
 #ifndef __riscos__
   if (opt.outfp && is_secured_file (es_fileno (opt.outfp)))
     {
@@ -390,7 +390,7 @@ handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx,
       pt->buf = NULL;
     }
   else /* Clear text signature - don't hash the last CR,LF.   */
-    { 
+    {
       int state = 0;
 
       while ((c = iobuf_get (pt->buf)) != -1)
diff --git a/g10/progress.c b/g10/progress.c
index d0aa926ed..ca2022352 100644
--- a/g10/progress.c
+++ b/g10/progress.c
@@ -115,9 +115,9 @@ progress_filter (void *opaque, int control,
 	  || timestamp - pfx->last_time > 0)
 	{
 	  char buffer[50];
-	  
+
 	  sprintf (buffer, "%.20s ? %lu %lu",
-                   pfx->what? pfx->what : "?", 
+                   pfx->what? pfx->what : "?",
                    pfx->offset,
 		   pfx->total);
 	  write_status_text (STATUS_PROGRESS, buffer);
diff --git a/g10/revoke.c b/g10/revoke.c
index f7af5c34f..3beeacfe1 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -239,7 +239,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
 
     /* get the key from the keyblock */
     node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
-    if( !node ) 
+    if( !node )
       BUG ();
 
     pk=node->pkt->pkt.public_key;
@@ -482,7 +482,7 @@ gen_revoke (const char *uname)
 
   /* Get the keyid from the keyblock.  */
   node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
-  if (!node) 
+  if (!node)
     BUG ();
 
   psk = node->pkt->pkt.public_key;
@@ -504,19 +504,19 @@ gen_revoke (const char *uname)
       rc = 0;
       goto leave;
     }
-  
+
   if (psk->version >= 4 || opt.force_v4_certs)
     {
       /* Get the reason for the revocation.  */
       reason = ask_revocation_reason (1, 0, 1);
       if (!reason)
-        { 
+        {
           /* user decided to cancel */
           rc = 0;
           goto leave;
         }
     }
-  
+
   if (!opt.armor)
     tty_printf (_("ASCII armored output forced.\n"));
 
@@ -536,7 +536,7 @@ gen_revoke (const char *uname)
       log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc));
       goto leave;
     }
-    
+
   if (PGP2 || PGP6 || PGP7 || PGP8)
     {
       /* Use a minimal pk for PGPx mode, since PGP can't import bare
@@ -550,15 +550,15 @@ gen_revoke (const char *uname)
       init_packet( &pkt );
       pkt.pkttype = PKT_SIGNATURE;
       pkt.pkt.signature = sig;
-        
+
       rc = build_packet (out, &pkt);
-      if (rc) 
+      if (rc)
         {
           log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
           goto leave;
         }
     }
-    
+
   /* and issue a usage notice */
   tty_printf (_(
 "Revocation certificate created.\n\n"
diff --git a/g10/rmd160.c b/g10/rmd160.c
index febfa618a..8eb005f54 100644
--- a/g10/rmd160.c
+++ b/g10/rmd160.c
@@ -55,7 +55,7 @@ rol (u32 x, int n)
 #endif
 
 /* Structure holding the context for the RIPE-MD160 computation.  */
-typedef struct 
+typedef struct
 {
   u32 h0, h1, h2, h3, h4;
   u32 nblocks;
@@ -88,10 +88,10 @@ transform (rmd160_context_t *hd, const unsigned char *data)
   u32 a,b,c,d,e,aa,bb,cc,dd,ee,t;
 #ifdef BIG_ENDIAN_HOST
   u32 x[16];
-  { 
+  {
     int i;
     unsigned char *p2, *p1;
-    for (i=0, p1=data, p2=(unsigned char*)x; i < 16; i++, p2 += 4 ) 
+    for (i=0, p1=data, p2=(unsigned char*)x; i < 16; i++, p2 += 4 )
       {
         p2[3] = *p1++;
         p2[2] = *p1++;
@@ -315,8 +315,8 @@ transform (rmd160_context_t *hd, const unsigned char *data)
 static void
 rmd160_write (rmd160_context_t *hd, const unsigned char *inbuf, size_t inlen)
 {
-  if( hd->count == 64 ) 
-    { 
+  if( hd->count == 64 )
+    {
       /* Flush the buffer.  */
       transform (hd, hd->buf);
       hd->count = 0;
@@ -371,7 +371,7 @@ rmd160_final( rmd160_context_t *hd )
   msb |= t >> 29;
 
   if (hd->count < 56)
-    { 
+    {
       /* Enough room.  */
       hd->buf[hd->count++] = 0x80; /* Pad character. */
       while (hd->count < 56)
@@ -396,7 +396,7 @@ rmd160_final( rmd160_context_t *hd )
   hd->buf[62] = msb >> 16;
   hd->buf[63] = msb >> 24;
   transform (hd, hd->buf);
-  
+
   p = hd->buf;
 #define X(a) do { *p++ = hd->h##a;       *p++ = hd->h##a >> 8;	\
                   *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
@@ -417,7 +417,7 @@ void
 rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length)
 {
   rmd160_context_t hd;
-  
+
   rmd160_init (&hd);
   rmd160_write (&hd, buffer, length);
   rmd160_final (&hd);
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 4bf0dd2d2..ec866b309 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -132,7 +132,7 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
                    attack */
                 sk->csum = 0;
                 csum = 1;
-                if( ndata < 20 ) 
+                if( ndata < 20 )
                     log_error("not enough bytes for SHA-1 checksum\n");
                 else {
                     gcry_md_hd_t h;
@@ -142,7 +142,7 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
                     gcry_md_write (h, data, ndata - 20);
                     gcry_md_final (h);
                     if (!memcmp (gcry_md_read (h, DIGEST_ALGO_SHA1),
-                                 data + ndata - 20, 20) ) 
+                                 data + ndata - 20, 20) )
                       {
                         /* Digest does match.  We have to keep the old
                            style checksum in sk->csum, so that the
@@ -150,7 +150,7 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
                            This test gets used when we are adding new
                            keys. */
                         sk->csum = csum = checksum (data, ndata-20);
-                      } 
+                      }
                     gcry_md_close (h);
                 }
             }
@@ -259,6 +259,3 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
 
     return 0;
 }
-
-
-
diff --git a/g10/server.c b/g10/server.c
index 1c534f1e5..d8871d059 100644
--- a/g10/server.c
+++ b/g10/server.c
@@ -40,12 +40,12 @@
 
 
 /* Data used to associate an Assuan context with local server data.  */
-struct server_local_s 
+struct server_local_s
 {
   /* Our current Assuan context. */
-  assuan_context_t assuan_ctx;  
+  assuan_context_t assuan_ctx;
   /* File descriptor as set by the MESSAGE command. */
-  gnupg_fd_t message_fd;               
+  gnupg_fd_t message_fd;
 
   /* List of prepared recipients.  */
   pk_list_t recplist;
@@ -55,14 +55,14 @@ struct server_local_s
 
 
 /* Helper to close the message fd if it is open. */
-static void 
+static void
 close_message_fd (ctrl_t ctrl)
 {
   if (ctrl->server_local->message_fd != GNUPG_INVALID_FD)
     {
       assuan_sock_close (ctrl->server_local->message_fd);
       ctrl->server_local->message_fd = GNUPG_INVALID_FD;
-    } 
+    }
 }
 
 
@@ -89,7 +89,7 @@ has_option (const char *line, const char *name)
 {
   const char *s;
   int n = strlen (name);
-  
+
   s = strstr (line, name);
   if (s && s >= skip_options (line))
     return 0;
@@ -188,7 +188,7 @@ static gpg_error_t
 output_notify (assuan_context_t ctx, char *line)
 {
 /*   ctrl_t ctrl = assuan_get_pointer (ctx); */
-  
+
   (void)ctx;
 
   if (strstr (line, "--armor"))
@@ -231,9 +231,9 @@ cmd_recipient (assuan_context_t ctx, char *line)
     remusr = rcpts;
   */
 
-  err = find_and_check_key (ctrl, line, PUBKEY_USAGE_ENC, hidden, 
+  err = find_and_check_key (ctrl, line, PUBKEY_USAGE_ENC, hidden,
                             &ctrl->server_local->recplist);
-  
+
   if (err)
     log_error ("command '%s' failed: %s\n", "RECIPIENT", gpg_strerror (err));
   return err;
@@ -266,7 +266,7 @@ cmd_signer (assuan_context_t ctx, char *line)
 
 
 
-/*  ENCRYPT 
+/*  ENCRYPT
 
    Do the actual encryption process.  Takes the plaintext from the
    INPUT command, writes the ciphertext to the file descriptor set
@@ -294,7 +294,7 @@ cmd_encrypt (assuan_context_t ctx, char *line)
 
   (void)line; /* LINE is not used.  */
 
-  if ( !ctrl->server_local->recplist ) 
+  if ( !ctrl->server_local->recplist )
     {
       write_status_text (STATUS_NO_RECP, "0");
       err = gpg_error (GPG_ERR_NO_USER_ID);
@@ -318,12 +318,12 @@ cmd_encrypt (assuan_context_t ctx, char *line)
      PGP-2 mode.  Do all the other checks we do in gpg.c for aEncr.
      Maybe we should drop the PGP2 compatibility. */
 
-  
+
   /* FIXME: GPGSM does this here: Add all encrypt-to marked recipients
      from the default list. */
 
   /* fixme: err = ctrl->audit? 0 : start_audit_session (ctrl);*/
-    
+
   err = encrypt_crypt (ctrl, inp_fd, NULL, NULL, 0,
                        ctrl->server_local->recplist,
                        out_fd);
@@ -389,7 +389,7 @@ cmd_decrypt (assuan_context_t ctx, char *line)
    This does a verify operation on the message send to the input-FD.
    The result is written out using status lines.  If an output FD was
    given, the signed text will be written to that.
-  
+
    If the signature is a detached one, the server will inquire about
    the signed material and the client must provide it.
  */
@@ -404,7 +404,7 @@ cmd_verify (assuan_context_t ctx, char *line)
 
   /* FIXME: Revamp this code it is nearly to 3 years old and was only
      intended as a quick test.  */
-  
+
   (void)line;
 
   if (fd == GNUPG_INVALID_FD)
@@ -620,7 +620,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
 static int
 register_commands (assuan_context_t ctx)
 {
-  static struct 
+  static struct
   {
     const char *name;
     assuan_handler_t handler;
@@ -634,8 +634,8 @@ register_commands (assuan_context_t ctx)
     { "SIGN",          cmd_sign      },
     { "IMPORT",        cmd_import    },
     { "EXPORT",        cmd_export    },
-    { "INPUT",         NULL          }, 
-    { "OUTPUT",        NULL          }, 
+    { "INPUT",         NULL          },
+    { "OUTPUT",        NULL          },
     { "MESSAGE",       cmd_message   },
     { "LISTKEYS",      cmd_listkeys  },
     { "LISTSECRETKEYS",cmd_listsecretkeys },
@@ -653,7 +653,7 @@ register_commands (assuan_context_t ctx)
                                     table[i].handler, table[i].help);
       if (rc)
         return rc;
-    } 
+    }
   return 0;
 }
 
@@ -683,7 +683,7 @@ gpg_server (ctrl_t ctrl)
 		 gpg_strerror (rc));
       goto leave;
     }
-  
+
   rc = assuan_init_pipe_server (ctx, filedes);
   if (rc)
     {
@@ -748,7 +748,7 @@ gpg_server (ctrl_t ctrl)
           log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
           break;
         }
-      
+
       rc = assuan_process (ctx);
       if (rc)
         {
@@ -768,4 +768,3 @@ gpg_server (ctrl_t ctrl)
   assuan_release (ctx);
   return rc;
 }
-
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 4bd7aef88..531497e81 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -60,7 +60,7 @@ signature_check (PKT_signature *sig, gcry_md_hd_t digest)
 }
 
 int
-signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, 
+signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
 		  int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
 {
     PKT_public_key *pk = xmalloc_clear( sizeof *pk );
@@ -130,8 +130,8 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
 	 * and the timestamp, but the drawback of this is, that it is
 	 * not possible to sign more than one identical document within
 	 * one second.	Some remote batch processing applications might
-	 * like this feature here.  
-         * 
+	 * like this feature here.
+         *
          * Note that before 2.0.10, we used RIPE-MD160 for the hash
          * and accidently didn't include the timestamp and algorithm
          * information in the hash.  Given that this feature is not
@@ -431,13 +431,13 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
       for(i=0;inumrevkeys;i++)
 	{
           u32 keyid[2];
-    
+
           keyid_from_fingerprint(pk->revkey[i].fpr,MAX_FINGERPRINT_LEN,keyid);
-    
+
           if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
 	    {
               gcry_md_hd_t md;
-    
+
               if (gcry_md_open (&md, sig->digest_algo, 0))
                 BUG ();
               hash_public_key(md,pk);
@@ -451,7 +451,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
   busy=0;
 
   return rc;
-} 
+}
 
 /* Backsigs (0x19) have the same format as binding sigs (0x18), but
    this function is simpler than check_key_signature in a few ways.
@@ -536,8 +536,8 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
        cache refresh detects and clears these cases. */
     if ( !opt.no_sig_cache ) {
         if (sig->flags.checked) { /*cached status available*/
-	    if( is_selfsig ) {	
-		u32 keyid[2];	
+	    if( is_selfsig ) {
+		u32 keyid[2];
 
 		keyid_from_pk( pk, keyid );
 		if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
@@ -557,7 +557,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	return rc;
 
     if( sig->sig_class == 0x20 ) { /* key revocation */
-        u32 keyid[2];	
+        u32 keyid[2];
 	keyid_from_pk( pk, keyid );
 
 	/* is it a designated revoker? */
diff --git a/g10/signal.c b/g10/signal.c
index 11ebc5208..6c8a40b58 100644
--- a/g10/signal.c
+++ b/g10/signal.c
@@ -57,7 +57,7 @@ init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
     sigemptyset (&nact.sa_mask);
     nact.sa_flags = 0;
     sigaction ( sig, &nact, NULL);
-#else 
+#else
     RETSIGTYPE (*ohandler)(int);
 
     ohandler = signal (sig, handler);
diff --git a/g10/skclist.c b/g10/skclist.c
index 4ec5df055..912104ef5 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -144,7 +144,7 @@ build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use)
       else
 	{
 	  SK_LIST r;
-          
+
 	  if (random_is_faked () && !is_insecure (pk))
 	    {
 	      log_info (_("key is not flagged as insecure - "
@@ -212,7 +212,7 @@ build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use)
 	  else
 	    {
 	      SK_LIST r;
-              
+
 	      if (pk->version == 4 && (use & PUBKEY_USAGE_SIG)
 		  && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E)
 		{
@@ -256,7 +256,7 @@ build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use)
       write_status_text (STATUS_NO_SGNR, "0");
       err = gpg_error (GPG_ERR_NO_USER_ID);
     }
-  
+
   if (err)
     release_sk_list (sk_list);
   else
diff --git a/g10/t-rmd160.c b/g10/t-rmd160.c
index d48e3f2ed..ea2933f07 100644
--- a/g10/t-rmd160.c
+++ b/g10/t-rmd160.c
@@ -33,7 +33,7 @@
 static void
 run_test (void)
 {
-  static struct 
+  static struct
   {
     const char *data;
     const char *expect;
@@ -71,7 +71,7 @@ run_test (void)
 
   for (idx=0; testtbl[idx].data; idx++)
     {
-      rmd160_hash_buffer (digest, 
+      rmd160_hash_buffer (digest,
                           testtbl[idx].data, strlen(testtbl[idx].data));
       if (memcmp (digest, testtbl[idx].expect, 20))
         fail (idx);
@@ -84,9 +84,8 @@ main (int argc, char **argv)
 {
   (void)argc;
   (void)argv;
-  
+
   run_test ();
 
   return 0;
 }
-
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index b68cde2f6..25a916e5b 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -68,16 +68,16 @@ void
 list_trustdb( const char *username )
 {
   TRUSTREC rec;
-  
+
   (void)username;
-  
+
   init_trustdb();
   /* For now we ignore the user ID. */
   if (1)
     {
       ulong recnum;
       int i;
-      
+
       printf("TrustDB: %s\n", tdbio_get_dbname() );
       for(i=9+strlen(tdbio_get_dbname()); i > 0; i-- )
         putchar('-');
@@ -187,7 +187,7 @@ import_ownertrust( const char *fname )
 	    fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
 	while (fprlen < 20)
 	    fpr[fprlen++] = 0;
-        
+
 	rc = tdbio_search_trust_byfpr (fpr, &rec);
 	if( !rc ) { /* found: update */
 	    if (rec.r.trust.ownertrust != otrust)
@@ -220,7 +220,7 @@ import_ownertrust( const char *fname )
 	log_error ( _("read error in `%s': %s\n"), fname, strerror(errno) );
     if( !is_stdin )
 	fclose(fp);
-    
+
     if (any)
       {
         revalidation_mark ();
@@ -228,7 +228,5 @@ import_ownertrust( const char *fname )
         if (rc)
           log_error (_("trustdb: sync failed: %s\n"), g10_errstr(rc) );
       }
-    
+
 }
-
-
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 1c775d22d..45ec73bae 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -456,7 +456,7 @@ create_version_record (void)
 {
   TRUSTREC rec;
   int rc;
-  
+
   memset( &rec, 0, sizeof rec );
   rec.r.ver.version     = 3;
   rec.r.ver.created     = make_timestamp();
@@ -724,7 +724,7 @@ tdbio_read_model(void)
 {
   TRUSTREC vr;
   int rc;
- 
+
   rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
   if( rc )
     log_fatal( _("%s: error reading version record: %s\n"),
@@ -1042,7 +1042,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum )
  */
 static int
 lookup_hashtable( ulong table, const byte *key, size_t keylen,
-		  int (*cmpfnc)(const void*, const TRUSTREC *), 
+		  int (*cmpfnc)(const void*, const TRUSTREC *),
                   const void *cmpdata, TRUSTREC *rec )
 {
     int rc;
@@ -1539,4 +1539,3 @@ tdbio_invalid(void)
   how_to_fix_the_trustdb ();
   g10_exit (2);
 }
-
diff --git a/g10/tdbio.h b/g10/tdbio.h
index ddc5afccf..c2434faa4 100644
--- a/g10/tdbio.h
+++ b/g10/tdbio.h
@@ -56,7 +56,7 @@ struct trust_record {
 	    byte  trust_model;
 	    ulong created;   /* timestamp of trustdb creation  */
 	    ulong nextcheck; /* timestamp of next scheduled check */
-	    ulong reserved;  
+	    ulong reserved;
 	    ulong reserved2;
 	    ulong firstfree;
 	    ulong reserved3;
@@ -81,7 +81,7 @@ struct trust_record {
       } trust;
       struct {
         byte namehash[20];
-        ulong next;  
+        ulong next;
         byte validity;
 	byte full_count;
 	byte marginal_count;
diff --git a/g10/trustdb.c b/g10/trustdb.c
index dbd593a53..c8964323e 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -44,7 +44,7 @@
 
 /*
  * A structure to store key identification as well as some stuff needed
- * for validation 
+ * for validation
  */
 struct key_item {
   struct key_item *next;
@@ -60,7 +60,7 @@ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
 
 /*
  * Structure to keep track of keys, this is used as an array wherre
- * the item right after the last one has a keyblock set to NULL. 
+ * the item right after the last one has a keyblock set to NULL.
  * Maybe we can drop this thing and replace it by key_item
  */
 struct key_array {
@@ -92,7 +92,7 @@ static struct key_item *
 new_key_item (void)
 {
   struct key_item *k;
-  
+
   k = xmalloc_clear (sizeof *k);
   return k;
 }
@@ -114,11 +114,11 @@ release_key_items (struct key_item *k)
  * For fast keylook up we need a hash table.  Each byte of a KeyIDs
  * should be distributed equally over the 256 possible values (except
  * for v3 keyIDs but we consider them as not important here). So we
- * can just use 10 bits to index a table of 1024 key items. 
+ * can just use 10 bits to index a table of 1024 key items.
  * Possible optimization: Don not use key_items but other hash_table when the
- * duplicates lists gets too large. 
+ * duplicates lists gets too large.
  */
-static KeyHashTable 
+static KeyHashTable
 new_key_hash_table (void)
 {
   struct key_item **tbl;
@@ -139,7 +139,7 @@ release_key_hash_table (KeyHashTable tbl)
   xfree (tbl);
 }
 
-/* 
+/*
  * Returns: True if the keyID is in the given hash table
  */
 static int
@@ -164,7 +164,7 @@ add_key_hash_table (KeyHashTable tbl, u32 *kid)
   for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
     if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
       return; /* already in table */
-  
+
   kk = new_key_item ();
   kk->kid[0] = kid[0];
   kk->kid[1] = kid[1];
@@ -236,7 +236,7 @@ add_utk (u32 *kid)
 {
   struct key_item *k;
 
-  for (k = utk_list; k; k = k->next) 
+  for (k = utk_list; k; k = k->next)
     {
       if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
         {
@@ -271,15 +271,15 @@ verify_own_keys(void)
     return;
 
   /* scan the trustdb to find all ultimately trusted keys */
-  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ ) 
+  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
     {
-      if ( rec.rectype == RECTYPE_TRUST 
+      if ( rec.rectype == RECTYPE_TRUST
            && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
         {
             byte *fpr = rec.r.trust.fingerprint;
             int fprlen;
             u32 kid[2];
-            
+
             /* Problem: We do only use fingerprints in the trustdb but
              * we need the keyID here to indetify the key; we can only
              * use that ugly hack to distinguish between 16 and 20
@@ -295,9 +295,9 @@ verify_own_keys(void)
     }
 
   /* Put any --trusted-key keys into the trustdb */
-  for (k = user_utk_list; k; k = k->next) 
+  for (k = user_utk_list; k; k = k->next)
     {
-      if ( add_utk (k->kid) ) 
+      if ( add_utk (k->kid) )
         { /* not yet in trustDB as ultimately trusted */
           PKT_public_key pk;
 
@@ -494,7 +494,7 @@ init_trustdb()
 static int
 trust_letter (unsigned int value)
 {
-  switch( (value & TRUST_MASK) ) 
+  switch( (value & TRUST_MASK) )
     {
     case TRUST_UNKNOWN:   return '-';
     case TRUST_EXPIRED:   return 'e';
@@ -543,7 +543,7 @@ uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
 const char *
 trust_value_to_string (unsigned int value)
 {
-  switch( (value & TRUST_MASK) ) 
+  switch( (value & TRUST_MASK) )
     {
     case TRUST_UNKNOWN:   return _("unknown");
     case TRUST_EXPIRED:   return _("expired");
@@ -612,7 +612,7 @@ check_trustdb ()
 
 
 /*
- * Recreate the WoT. 
+ * Recreate the WoT.
  */
 void
 update_trustdb()
@@ -684,29 +684,29 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
  ***********  Ownertrust et al. ****************
  ***********************************************/
 
-static int 
+static int
 read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
 {
   int rc;
-  
+
   init_trustdb();
   rc = tdbio_search_trust_bypk (pk, rec);
   if (rc == -1)
     return -1; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       log_error ("trustdb: searching trust record failed: %s\n",
                  g10_errstr (rc));
-      return rc; 
+      return rc;
     }
-      
+
   if (rec->rectype != RECTYPE_TRUST)
     {
       log_error ("trustdb: record %lu is not a trust record\n",
                  rec->recnum);
-      return G10ERR_TRUSTDB; 
-    }      
-  
+      return G10ERR_TRUSTDB;
+    }
+
   return 0;
 }
 
@@ -714,16 +714,16 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
  * Return the assigned ownertrust value for the given public key.
  * The key should be the primary key.
  */
-unsigned int 
+unsigned int
 get_ownertrust ( PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
   rc = read_trust_record (pk, &rec);
   if (rc == -1)
     return TRUST_UNKNOWN; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       tdbio_invalid ();
       return rc; /* actually never reached */
@@ -732,16 +732,16 @@ get_ownertrust ( PKT_public_key *pk)
   return rec.r.trust.ownertrust;
 }
 
-unsigned int 
+unsigned int
 get_min_ownertrust (PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
   rc = read_trust_record (pk, &rec);
   if (rc == -1)
     return TRUST_UNKNOWN; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       tdbio_invalid ();
       return rc; /* actually never reached */
@@ -804,7 +804,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
 {
   TRUSTREC rec;
   int rc;
-  
+
   rc = read_trust_record (pk, &rec);
   if (!rc)
     {
@@ -836,7 +836,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
       do_sync ();
       rc = 0;
     }
-  else 
+  else
     {
       tdbio_invalid ();
     }
@@ -890,7 +890,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
       do_sync ();
       rc = 0;
     }
-  else 
+  else
     {
       tdbio_invalid ();
     }
@@ -903,7 +903,7 @@ clear_ownertrusts (PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
   rc = read_trust_record (pk, &rec);
   if (!rc)
     {
@@ -931,8 +931,8 @@ clear_ownertrusts (PKT_public_key *pk)
   return 0;
 }
 
-/* 
- * Note: Caller has to do a sync 
+/*
+ * Note: Caller has to do a sync
  */
 static void
 update_validity (PKT_public_key *pk, PKT_user_id *uid,
@@ -951,7 +951,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
       return;
     }
   if (rc == -1) /* no record yet - create a new one */
-    { 
+    {
       size_t dummy;
 
       rc = 0;
@@ -1016,10 +1016,10 @@ cache_disabled_value (PKT_public_key *pk)
     }
   if (rc == -1) /* no record found, so assume not disabled */
     goto leave;
- 
+
   if (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
     disabled = 1;
- 
+
   /* Cache it for later so we don't need to look at the trustdb every
      time */
   pk->flags.disabled = disabled;
@@ -1044,7 +1044,7 @@ check_trustdb_stale(void)
       scheduled = tdbio_read_nextcheck ();
       if (scheduled && scheduled <= make_timestamp ())
         {
-          if (opt.no_auto_check_trustdb) 
+          if (opt.no_auto_check_trustdb)
             {
               pending_check_trustdb = 1;
               log_info (_("please do a --check-trustdb\n"));
@@ -1061,7 +1061,7 @@ check_trustdb_stale(void)
 /*
  * Return the validity information for PK.  If the namehash is not
  * NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned. 
+ * otherwise, a reasonable value for the entire key is returned.
  */
 unsigned int
 get_validity (PKT_public_key *pk, PKT_user_id *uid)
@@ -1090,7 +1090,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
           log_error ("error getting main key %s of subkey %s: %s\n",
                      tempkeystr, keystr(kid), g10_errstr(rc));
 	  xfree(tempkeystr);
-          validity = TRUST_UNKNOWN; 
+          validity = TRUST_UNKNOWN;
           goto leave;
 	}
     }
@@ -1113,7 +1113,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
     }
   if (rc == -1) /* no record found */
     {
-      validity = TRUST_UNKNOWN; 
+      validity = TRUST_UNKNOWN;
       goto leave;
     }
 
@@ -1146,7 +1146,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
 
       recno = vrec.r.valid.next;
     }
-  
+
   if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
     {
       validity |= TRUST_FLAG_DISABLED;
@@ -1166,7 +1166,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
    * I initially designed it that way */
   if (main_pk->has_expired || pk->has_expired)
     validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
-  
+
   if (pending_check_trustdb)
     validity |= TRUST_FLAG_PENDING_CHECK;
 
@@ -1179,10 +1179,10 @@ int
 get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
 {
   int trustlevel;
-  
+
   if (!pk)
     return '?';  /* Just in case a NULL PK is passed.  */
-  
+
   trustlevel = get_validity (pk, uid);
   if ( (trustlevel & TRUST_FLAG_REVOKED) )
     return 'r';
@@ -1309,7 +1309,7 @@ ask_ownertrust (u32 *kid,int minimum)
                  keystr(kid), g10_errstr(rc) );
       return TRUST_UNKNOWN;
     }
- 
+
   if(opt.force_ownertrust)
     {
       log_info("force trust for key %s to %s\n",
@@ -1383,7 +1383,7 @@ dump_key_array (int depth, struct key_array *keys)
             }
         }
     }
-}  
+}
 
 
 static void
@@ -1406,7 +1406,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
             status = TRUST_UNDEFINED;
           else
             status = 0;
-          
+
           if (status)
             {
               update_validity (keyblock->pkt->pkt.public_key,
@@ -1421,7 +1421,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
 
   if (any)
     do_sync ();
-}  
+}
 
 /*
  * check whether the signature sig is in the klist k
@@ -1453,7 +1453,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 {
   KBNODE node;
   PKT_signature *sig;
-  
+
   /* first check all signatures */
   for (node=uidnode->next; node; node = node->next)
     {
@@ -1486,7 +1486,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 	  continue;
 	}
       node->flag |= 1<<9;
-    }      
+    }
   /* reset the remaining flags */
   for (; node; node = node->next)
       node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
@@ -1534,7 +1534,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
              older: if signode was older then we don't want to take n
              as signode is nonrevocable.  If n was older then we're
              automatically fine. */
-	  
+
 	  if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
 	       !signode->pkt->pkt.signature->flags.revocable &&
 	       (signode->pkt->pkt.signature->expiredate==0 ||
@@ -1550,7 +1550,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
              n was older then we don't want to take signode as n is
              nonrevocable.  If signode was older then we're
              automatically fine. */
-	  
+
 	  if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
 		!signode->pkt->pkt.signature->flags.revocable &&
 		(signode->pkt->pkt.signature->expiredate==0 ||
@@ -1581,7 +1581,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 
       sig = signode->pkt->pkt.signature;
       if (IS_UID_SIG (sig))
-        { /* this seems to be a usable one which is not revoked. 
+        { /* this seems to be a usable one which is not revoked.
            * Just need to check whether there is an expiration time,
            * We do the expired certification after finding a suitable
            * certification, the assumption is that a signator does not
@@ -1590,7 +1590,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
            * different expiration time */
           const byte *p;
           u32 expire;
-                    
+
           p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
           expire = p? sig->timestamp + buffer_to_u32(p) : 0;
 
@@ -1677,7 +1677,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
       delete_kbnode(node);
       deleted++;
     }
-    
+
   return deleted;
 }
 
@@ -1936,7 +1936,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
             {
               if (uid->help_full_count >= opt.completes_needed
                   || uid->help_marginal_count >= opt.marginals_needed )
-                uidnode->flag |= 4; 
+                uidnode->flag |= 4;
               else if (uid->help_full_count || uid->help_marginal_count)
                 uidnode->flag |= 2;
               uidnode->flag |= 1;
@@ -1951,7 +1951,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
 
           issigned = 0;
 	  get_validity_counts(pk,uid);
-          mark_usable_uid_certs (kb, uidnode, main_kid, klist, 
+          mark_usable_uid_certs (kb, uidnode, main_kid, klist,
                                  curtime, next_expire);
         }
       else if (node->pkt->pkttype == PKT_SIGNATURE
@@ -1959,15 +1959,15 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
         {
 	  /* Note that we are only seeing unrevoked sigs here */
           PKT_signature *sig = node->pkt->pkt.signature;
-          
+
           kr = is_in_klist (klist, sig);
 	  /* If the trust_regexp does not match, it's as if the sig
              did not exist.  This is safe for non-trust sigs as well
              since we don't accept a regexp on the sig unless it's a
              trust sig. */
-          if (kr && (!kr->trust_regexp 
-                     || opt.trust_model != TM_PGP 
-                     || (uidnode 
+          if (kr && (!kr->trust_regexp
+                     || opt.trust_model != TM_PGP
+                     || (uidnode
                          && check_regexp(kr->trust_regexp,
                                          uidnode->pkt->pkt.user_id->name))))
             {
@@ -2031,7 +2031,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
 
 		      pk->trust_value = sig->trust_value;
 		      pk->trust_depth = depth-1;
-                      
+
 		      /* If the trust sig contains a regexp, record it
 			 on the pk for the next round. */
 		      if (sig->trust_regexp)
@@ -2054,7 +2054,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
     {
       if (uid->help_full_count >= opt.completes_needed
 	  || uid->help_marginal_count >= opt.marginals_needed )
-        uidnode->flag |= 4; 
+        uidnode->flag |= 4;
       else if (uid->help_full_count || uid->help_marginal_count)
         uidnode->flag |= 2;
       uidnode->flag |= 1;
@@ -2078,7 +2078,7 @@ search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
  * kllist.  The caller has to pass keydb handle so that we don't use
  * to create our own.  Returns either a key_array or NULL in case of
  * an error.  No results found are indicated by an empty array.
- * Caller hast to release the returned array.  
+ * Caller hast to release the returned array.
  */
 static struct key_array *
 validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
@@ -2089,11 +2089,11 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
   size_t nkeys, maxkeys;
   int rc;
   KEYDB_SEARCH_DESC desc;
-  
+
   maxkeys = 1000;
   keys = xmalloc ((maxkeys+1) * sizeof *keys);
   nkeys = 0;
-  
+
   rc = keydb_search_reset (hd);
   if (rc)
     {
@@ -2118,21 +2118,21 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
       xfree (keys);
       return NULL;
     }
-  
+
   desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
   do
     {
       PKT_public_key *pk;
-        
+
       rc = keydb_get_keyblock (hd, &keyblock);
-      if (rc) 
+      if (rc)
         {
           log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
           xfree (keys);
           return NULL;
         }
-      
-      if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY) 
+
+      if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
         {
           log_debug ("ooops: invalid pkttype %d encountered\n",
                      keyblock->pkt->pkttype);
@@ -2142,7 +2142,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
         }
 
       /* prepare the keyblock for further processing */
-      merge_keys_and_selfsig (keyblock); 
+      merge_keys_and_selfsig (keyblock);
       clear_kbnode_flags (keyblock);
       pk = keyblock->pkt->pkt.public_key;
       if (pk->has_expired || pk->flags.revoked)
@@ -2179,9 +2179,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
 
       release_kbnode (keyblock);
       keyblock = NULL;
-    } 
+    }
   while ( !(rc = keydb_search (hd, &desc, 1)) );
-  if (rc && rc != -1) 
+  if (rc && rc != -1)
     {
       log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
       xfree (keys);
@@ -2190,7 +2190,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
 
   keys[nkeys].keyblock = NULL;
   return keys;
-} 
+}
 
 /* Caller must sync */
 static void
@@ -2200,7 +2200,7 @@ reset_trust_records(void)
   ulong recnum;
   int count = 0, nreset = 0;
 
-  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ ) 
+  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
     {
       if(rec.rectype==RECTYPE_TRUST)
 	{
@@ -2239,7 +2239,7 @@ reset_trust_records(void)
  * Step 2: loop max_cert_times
  * Step 3:   if OWNERTRUST of any key in klist is undefined
  *             ask user to assign ownertrust
- * Step 4:   Loop over all keys in the keyDB which are not marked seen 
+ * Step 4:   Loop over all keys in the keyDB which are not marked seen
  * Step 5:     if key is revoked or expired
  *                mark key as seen
  *                continue loop at Step 4
@@ -2251,7 +2251,7 @@ reset_trust_records(void)
  *             End Loop
  * Step 8:   Build a new klist from all fully trusted keys from step 6
  *           End Loop
- *         Ready  
+ *         Ready
  *
  */
 static int
@@ -2321,7 +2321,7 @@ validate_keys (int interactive)
       if ( pk->expiredate && pk->expiredate >= start_time
            && pk->expiredate < next_expire)
         next_expire = pk->expiredate;
-      
+
       release_kbnode (keyblock);
       do_sync ();
     }
@@ -2397,7 +2397,7 @@ validate_keys (int interactive)
       /* Find all keys which are signed by a key in kdlist */
       keys = validate_key_list (kdb, full_trust, klist,
 				start_time, &next_expire);
-      if (!keys) 
+      if (!keys)
         {
           log_error ("validate_key_list failed\n");
           rc = G10ERR_GENERAL;
@@ -2415,9 +2415,9 @@ validate_keys (int interactive)
           store_validation_status (depth, kar->keyblock, stored);
 
       log_info (_("depth: %d  valid: %3d  signed: %3d"
-                  "  trust: %d-, %dq, %dn, %dm, %df, %du\n"), 
+                  "  trust: %d-, %dq, %dn, %dm, %df, %du\n"),
                 depth, valids, key_count, ot_unknown, ot_undefined,
-                ot_never, ot_marginal, ot_full, ot_ultimate ); 
+                ot_never, ot_marginal, ot_full, ot_ultimate );
 
       /* Build a new kdlist from all fully valid keys in KEYS */
       if (klist != utk_list)
@@ -2479,10 +2479,10 @@ validate_keys (int interactive)
   if (!rc && !quit) /* mark trustDB as checked */
     {
       if (next_expire == 0xffffffff || next_expire < start_time )
-        tdbio_write_nextcheck (0); 
+        tdbio_write_nextcheck (0);
       else
         {
-          tdbio_write_nextcheck (next_expire); 
+          tdbio_write_nextcheck (next_expire);
           log_info (_("next trustdb check due at %s\n"),
                     strtimestamp (next_expire));
         }
diff --git a/g10/verify.c b/g10/verify.c
index 925618c67..ed6ab4a43 100644
--- a/g10/verify.c
+++ b/g10/verify.c
@@ -80,9 +80,9 @@ verify_signatures (ctrl_t ctrl, int nfiles, char **files )
      * case 4 with a file2 of "-".
      *
      * Actually we don't have to change anything here but can handle
-     * that all quite easily in mainproc.c 
+     * that all quite easily in mainproc.c
      */
-     
+
     sigfile = nfiles? *files : NULL;
 
     /* open the signature file */
@@ -225,7 +225,7 @@ verify_files (ctrl_t ctrl, int nfiles, char **files )
 /* Perform a verify operation.  To verify detached signatures, DATA_FD
    shall be the descriptor of the signed data; for regular signatures
    it needs to be -1.  If OUT_FP is not NULL and DATA_FD is not -1 the
-   the signed material gets written that stream. 
+   the signed material gets written that stream.
 
    FIXME: OUTFP is not yet implemented.
 */
@@ -268,10 +268,9 @@ gpg_verify (ctrl_t ctrl, int sig_fd, int data_fd, estream_t out_fp)
        && (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) )
     rc = gpg_error (GPG_ERR_NO_DATA);
 
- leave:  
+ leave:
   iobuf_close (fp);
   release_progress_context (pfx);
   release_armor_context (afx);
   return rc;
 }
-
diff --git a/g13/ChangeLog b/g13/ChangeLog
index cc51472cc..ecd72226b 100644
--- a/g13/ChangeLog
+++ b/g13/ChangeLog
@@ -1,4 +1,3 @@
 2009-11-04  Werner Koch  
 
 	Under initial development - no need for a ChangeLog.
-
diff --git a/g13/Makefile.am b/g13/Makefile.am
index 362f060de..56fd13b88 100644
--- a/g13/Makefile.am
+++ b/g13/Makefile.am
@@ -7,18 +7,18 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
 ## Process this file with automake to produce Makefile.in
 
-bin_PROGRAMS = g13 
+bin_PROGRAMS = g13
 
 AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
 
@@ -43,4 +43,3 @@ g13_SOURCES = \
 g13_LDADD = $(libcommonpth) ../gl/libgnu.a \
 	$(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
 	$(GPG_ERROR_LIBS) $(LIBINTL)
-
diff --git a/g13/backend.c b/g13/backend.c
index 531e745ed..7b08cd52a 100644
--- a/g13/backend.c
+++ b/g13/backend.c
@@ -42,7 +42,7 @@ no_such_backend (int conttype)
 
 
 /* Return true if CONTTYPE is supported by us.  */
-int 
+int
 be_is_supported_conttype (int conttype)
 {
   switch (conttype)
@@ -50,7 +50,7 @@ be_is_supported_conttype (int conttype)
     case CONTTYPE_ENCFS:
       return 1;
 
-    default: 
+    default:
       return 0;
     }
 }
@@ -72,7 +72,7 @@ be_get_detached_name (int conttype, const char *fname,
   *r_isdir = 0;
   switch (conttype)
     {
-    case CONTTYPE_ENCFS: 
+    case CONTTYPE_ENCFS:
       return be_encfs_get_detached_name (fname, r_name, r_isdir);
 
     default:
@@ -86,10 +86,10 @@ be_create_new_keys (int conttype, membuf_t *mb)
 {
   switch (conttype)
     {
-    case CONTTYPE_ENCFS: 
+    case CONTTYPE_ENCFS:
       return be_encfs_create_new_keys (mb);
 
-    case CONTTYPE_TRUECRYPT: 
+    case CONTTYPE_TRUECRYPT:
       return be_truecrypt_create_new_keys (mb);
 
     default:
@@ -100,7 +100,7 @@ be_create_new_keys (int conttype, membuf_t *mb)
 
 /*  Dispatcher to the backend's create function.  */
 gpg_error_t
-be_create_container (ctrl_t ctrl, int conttype, 
+be_create_container (ctrl_t ctrl, int conttype,
                      const char *fname, int fd, tupledesc_t tuples,
                      unsigned int *r_id)
 {
@@ -108,7 +108,7 @@ be_create_container (ctrl_t ctrl, int conttype,
 
   switch (conttype)
     {
-    case CONTTYPE_ENCFS: 
+    case CONTTYPE_ENCFS:
       return be_encfs_create_container (ctrl, fname, tuples, r_id);
 
     default:
@@ -119,13 +119,13 @@ be_create_container (ctrl_t ctrl, int conttype,
 
 /*  Dispatcher to the backend's mount function.  */
 gpg_error_t
-be_mount_container (ctrl_t ctrl, int conttype, 
+be_mount_container (ctrl_t ctrl, int conttype,
                     const char *fname,  const char *mountpoint,
                     tupledesc_t tuples, unsigned int *r_id)
 {
   switch (conttype)
     {
-    case CONTTYPE_ENCFS: 
+    case CONTTYPE_ENCFS:
       return be_encfs_mount_container (ctrl, fname, mountpoint, tuples, r_id);
 
     default:
diff --git a/g13/backend.h b/g13/backend.h
index 2048697dc..20d296606 100644
--- a/g13/backend.h
+++ b/g13/backend.h
@@ -24,19 +24,18 @@
 #include "utils.h"  /* For tupledesc_t */
 
 int         be_is_supported_conttype (int conttype);
-gpg_error_t be_get_detached_name (int conttype, const char *fname, 
+gpg_error_t be_get_detached_name (int conttype, const char *fname,
                                   char **r_name, int *r_isdir);
 gpg_error_t be_create_new_keys (int conttype, membuf_t *mb);
 
-gpg_error_t be_create_container (ctrl_t ctrl, int conttype, 
+gpg_error_t be_create_container (ctrl_t ctrl, int conttype,
                                  const char *fname, int fd,
                                  tupledesc_t tuples,
                                  unsigned int *r_id);
-gpg_error_t be_mount_container (ctrl_t ctrl, int conttype, 
+gpg_error_t be_mount_container (ctrl_t ctrl, int conttype,
                                 const char *fname, const char *mountpoint,
                                 tupledesc_t tuples,
                                 unsigned int *r_id);
 
 
 #endif /*G13_BACKEND_H*/
-
diff --git a/g13/be-encfs.c b/g13/be-encfs.c
index dd8e53657..ae0ec1cf9 100644
--- a/g13/be-encfs.c
+++ b/g13/be-encfs.c
@@ -53,14 +53,14 @@ struct encfs_parm_s
 typedef struct encfs_parm_s *encfs_parm_t;
 
 
-static gpg_error_t 
+static gpg_error_t
 send_cmd_bin (runner_t runner, const void *data, size_t datalen)
 {
   return runner_send_line (runner, data, datalen);
 }
 
 
-static gpg_error_t 
+static gpg_error_t
 send_cmd (runner_t runner, const char *string)
 {
   log_debug ("sending command  -->%s<--\n", string);
@@ -75,7 +75,7 @@ run_umount_helper (const char *mountpoint)
   gpg_error_t err;
   const char pgmname[] = FUSERMOUNT;
   const char *args[3];
-  
+
   args[0] = "-u";
   args[1] = mountpoint;
   args[2] = NULL;
@@ -126,13 +126,13 @@ handle_status_line (runner_t runner, const char *line,
             {
               size_t n;
               const void *value;
-          
+
               value = find_tuple (tuples, KEYBLOB_TAG_ENCKEY, &n);
               if (!value)
                 err = gpg_error (GPG_ERR_INV_SESSION_KEY);
               else if ((err = send_cmd_bin (runner, value, n)))
                 {
-                  if (gpg_err_code (err) == GPG_ERR_BUG 
+                  if (gpg_err_code (err) == GPG_ERR_BUG
                       && gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
                     err = gpg_error (GPG_ERR_INV_SESSION_KEY);
                 }
@@ -337,7 +337,7 @@ be_encfs_get_detached_name (const char *fname, char **r_name, int *r_isdir)
 
 
 /* Create a new session key and append it as a tuple to the memory
-   buffer MB.  
+   buffer MB.
 
    The EncFS daemon takes a passphrase from stdin and internally
    mangles it by means of some KDF from OpenSSL.  We want to store a
@@ -365,7 +365,7 @@ be_encfs_create_new_keys (membuf_t *mb)
      good compromise between security and performance.  The
      anticipated usage of this tool is the quite often creation of new
      containers and thus this should not deplete the system's entropy
-     tool too much.  */ 
+     tool too much.  */
   gcry_randomize (buffer, 32+8, GCRY_STRONG_RANDOM);
   for (i=j=0; i < 32; i++)
     {
@@ -425,7 +425,7 @@ be_encfs_create_container (ctrl_t ctrl, const char *fname, tupledesc_t tuples,
 
   err = run_encfs_tool (ctrl, ENCFS_CMD_CREATE, containername, mountpoint,
                         tuples, r_id);
-  
+
   /* In any case remove the temporary mount point.  */
   if (rmdir (mountpoint))
     log_error ("error removing temporary mount point `%s': %s\n",
@@ -442,7 +442,7 @@ be_encfs_create_container (ctrl_t ctrl, const char *fname, tupledesc_t tuples,
 /* Mount the container described by the filename FNAME and the keyblob
    information in TUPLES.  On success the runner id is stored at R_ID. */
 gpg_error_t
-be_encfs_mount_container (ctrl_t ctrl, 
+be_encfs_mount_container (ctrl_t ctrl,
                           const char *fname, const char *mountpoint,
                           tupledesc_t tuples, unsigned int *r_id)
 {
@@ -463,7 +463,7 @@ be_encfs_mount_container (ctrl_t ctrl,
 
   err = run_encfs_tool (ctrl, ENCFS_CMD_MOUNT, containername, mountpoint,
                         tuples, r_id);
-  
+
  leave:
   xfree (containername);
   return err;
diff --git a/g13/be-encfs.h b/g13/be-encfs.h
index 8ac35f947..744c16aee 100644
--- a/g13/be-encfs.h
+++ b/g13/be-encfs.h
@@ -26,17 +26,16 @@ gpg_error_t be_encfs_get_detached_name (const char *fname,
                                         char **r_name, int *r_isdir);
 gpg_error_t be_encfs_create_new_keys (membuf_t *mb);
 
-gpg_error_t be_encfs_create_container (ctrl_t ctrl, 
+gpg_error_t be_encfs_create_container (ctrl_t ctrl,
                                        const char *fname,
                                        tupledesc_t tuples,
                                        unsigned int *r_id);
 
 gpg_error_t be_encfs_mount_container (ctrl_t ctrl,
-                                      const char *fname, 
+                                      const char *fname,
                                       const char *mountpoint,
                                       tupledesc_t tuples,
                                       unsigned int *r_id);
 
 
 #endif /*G13_BE_ENCFS_H*/
-
diff --git a/g13/be-truecrypt.c b/g13/be-truecrypt.c
index 6f51321f4..9d75bdfda 100644
--- a/g13/be-truecrypt.c
+++ b/g13/be-truecrypt.c
@@ -35,5 +35,3 @@ be_truecrypt_create_new_keys (membuf_t *mb)
   (void)mb;
   return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 }
-
-
diff --git a/g13/be-truecrypt.h b/g13/be-truecrypt.h
index ef2c5675b..e98c989e9 100644
--- a/g13/be-truecrypt.h
+++ b/g13/be-truecrypt.h
@@ -26,4 +26,3 @@ gpg_error_t be_truecrypt_create_new_keys (membuf_t *mb);
 
 
 #endif /*G13_BE_TRUECRYPT_H*/
-
diff --git a/g13/call-gpg.c b/g13/call-gpg.c
index 5db284f03..c2b1e0c41 100644
--- a/g13/call-gpg.c
+++ b/g13/call-gpg.c
@@ -65,7 +65,7 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx)
 
   if (opt.verbose)
     log_info (_("no running gpg - starting `%s'\n"), opt.gpg_program);
-      
+
   /* Compute argv[0].  */
   if ( !(pgmname = strrchr (opt.gpg_program, '/')))
     pgmname = opt.gpg_program;
@@ -89,7 +89,7 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx)
   argv[i++] = "--trust-model";
   argv[i++] = "always";
   argv[i++] = NULL;
-  
+
   i = 0;
   if (log_get_fd () != -1)
     no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
@@ -135,7 +135,7 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx)
     }
 
   *r_ctx = ctx;
-  
+
   if (DBG_ASSUAN)
     log_debug ("connection to GPG established\n");
   return 0;
@@ -151,7 +151,7 @@ release_gpg (assuan_context_t ctx)
 
 
 
-/* The data passed to the writer_thread.  */ 
+/* The data passed to the writer_thread.  */
 struct writer_thread_parms
 {
   int fd;
@@ -198,7 +198,7 @@ writer_thread (void *arg)
    variable to receive a possible write error after the thread has
    finished.  */
 static gpg_error_t
-start_writer (int fd, const void *data, size_t datalen, 
+start_writer (int fd, const void *data, size_t datalen,
               pth_t *r_tid, gpg_error_t *err_addr)
 {
   gpg_error_t err;
@@ -240,7 +240,7 @@ start_writer (int fd, const void *data, size_t datalen,
 
 
 
-/* The data passed to the reader_thread.  */ 
+/* The data passed to the reader_thread.  */
 struct reader_thread_parms
 {
   int fd;
@@ -266,7 +266,7 @@ reader_thread (void *arg)
           *parm->err_addr = gpg_error_from_syserror ();
           break;  /* Read error.  */
         }
-      
+
       put_membuf (parm->mb, buffer, nread);
     }
 
@@ -323,7 +323,7 @@ start_reader (int fd, membuf_t *mb, pth_t *r_tid, gpg_error_t *err_addr)
 
 
 
-/* Call GPG to encrypt a block of data. 
+/* Call GPG to encrypt a block of data.
 
 
  */
@@ -364,9 +364,9 @@ gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen,
     goto leave;
   close (outbound_fds[0]); outbound_fds[0] = -1;
   close (inbound_fds[1]); inbound_fds[1] = -1;
-  
+
   /* Start a writer thread to feed the INPUT command of the server.  */
-  err = start_writer (outbound_fds[1], plain, plainlen, 
+  err = start_writer (outbound_fds[1], plain, plainlen,
                       &writer_tid, &writer_err);
   if (err)
     return err;
@@ -374,7 +374,7 @@ gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen,
 
   /* Start a reader thread to eat from the OUTPUT command of the
      server.  */
-  err = start_reader (inbound_fds[0], &reader_mb, 
+  err = start_reader (inbound_fds[0], &reader_mb,
                       &reader_tid, &reader_err);
   if (err)
     return err;
@@ -467,7 +467,7 @@ gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen,
 
 
 
-/* Call GPG to decrypt a block of data. 
+/* Call GPG to decrypt a block of data.
 
 
  */
@@ -506,9 +506,9 @@ gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen,
     goto leave;
   close (outbound_fds[0]); outbound_fds[0] = -1;
   close (inbound_fds[1]); inbound_fds[1] = -1;
-  
+
   /* Start a writer thread to feed the INPUT command of the server.  */
-  err = start_writer (outbound_fds[1], ciph, ciphlen, 
+  err = start_writer (outbound_fds[1], ciph, ciphlen,
                       &writer_tid, &writer_err);
   if (err)
     return err;
@@ -516,7 +516,7 @@ gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen,
 
   /* Start a reader thread to eat from the OUTPUT command of the
      server.  */
-  err = start_reader (inbound_fds[0], &reader_mb, 
+  err = start_reader (inbound_fds[0], &reader_mb,
                       &reader_tid, &reader_err);
   if (err)
     return err;
@@ -594,5 +594,3 @@ gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen,
   xfree (get_membuf (&reader_mb, NULL));
   return err;
 }
-
-
diff --git a/g13/create.c b/g13/create.c
index bde67579e..2b998e2b2 100644
--- a/g13/create.c
+++ b/g13/create.c
@@ -40,7 +40,7 @@
    information which are to be stored encrypted in the crypto
    container header.  On success the malloced blob is stored at R_BLOB
    and its length at R_BLOBLEN.  On error an error code is returned
-   and (R_BLOB,R_BLOBLEN) are set to (NULL,0). 
+   and (R_BLOB,R_BLOBLEN) are set to (NULL,0).
 
    The format of this blob is a sequence of tag-length-value tuples.
    All tuples have this format:
@@ -123,7 +123,7 @@ encrypt_keyblob (ctrl_t ctrl, void *keyblob, size_t keybloblen,
    appropriate header.  This fucntion is called with a lock file in
    place and after checking that the filename does not exists.  */
 static gpg_error_t
-write_keyblob (const char *filename, 
+write_keyblob (const char *filename,
                const void *keyblob, size_t keybloblen)
 {
   gpg_error_t err;
@@ -135,7 +135,7 @@ write_keyblob (const char *filename,
   if (!fp)
     {
       err = gpg_error_from_syserror ();
-      log_error ("error creating new container `%s': %s\n", 
+      log_error ("error creating new container `%s': %s\n",
                  filename, gpg_strerror (err));
       return err;
     }
@@ -197,18 +197,18 @@ write_keyblob (const char *filename,
   if (es_fclose (fp))
     {
       err = gpg_error_from_syserror ();
-      log_error ("error closing `%s': %s\n", 
+      log_error ("error closing `%s': %s\n",
                  filename, gpg_strerror (err));
       remove (filename);
       return err;
     }
 
   return 0;
-  
+
 
  writeerr:
   err = gpg_error_from_syserror ();
-  log_error ("error writing header to `%s': %s\n", 
+  log_error ("error writing header to `%s': %s\n",
              filename, gpg_strerror (err));
   es_fclose (fp);
   remove (filename);
@@ -301,7 +301,7 @@ g13_create_container (ctrl_t ctrl, const char *filename, strlist_t keys)
   keyblob = NULL;
   /* if (opt.verbose) */
   /*   dump_keyblob (tuples); */
-  
+
   /* Write out the header, the encrypted keyblob and some padding. */
   err = write_keyblob (filename, enckeyblob, enckeybloblen);
   if (err)
diff --git a/g13/g13.c b/g13/g13.c
index bafb65f53..180b0d96a 100644
--- a/g13/g13.c
+++ b/g13/g13.c
@@ -148,10 +148,10 @@ static ARGPARSE_OPTS opts[] = {
 
   /* Hidden options. */
   ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
-  ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"), 
+  ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
   ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
   ARGPARSE_s_n (oNoOptions, "no-options", "@"),
-  ARGPARSE_s_s (oHomedir, "homedir", "@"),   
+  ARGPARSE_s_s (oHomedir, "homedir", "@"),
   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
   ARGPARSE_s_s (oGpgProgram, "gpg-program", "@"),
   ARGPARSE_s_s (oDisplay,    "display", "@"),
@@ -235,7 +235,7 @@ my_strusage( int level )
 
     case 31: p = "\nHome: "; break;
     case 32: p = opt.homedir; break;
-     
+
     default: p = NULL; break;
     }
   return p;
@@ -297,13 +297,13 @@ set_debug (void)
 
   if (opt.debug)
     log_info ("enabled debug flags:%s%s%s%s%s\n",
-              (opt.debug & DBG_MOUNT_VALUE  )? " mount":"",    
-              (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",    
-              (opt.debug & DBG_MEMORY_VALUE )? " memory":"", 
-              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", 
+              (opt.debug & DBG_MOUNT_VALUE  )? " mount":"",
+              (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
+              (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
               (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"");
 }
- 
+
 
 
 static void
@@ -313,7 +313,7 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
 
   if (!cmd || cmd == new_cmd)
     cmd = new_cmd;
-  else 
+  else
     {
       log_error (_("conflicting commands\n"));
       g13_exit (2);
@@ -373,16 +373,16 @@ main ( int argc, char **argv)
 
   /* Check that the Libgcrypt is suitable.  */
   if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
-    log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", 
+    log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
                NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
 
   /* Take extra care of the random pool.  */
   gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
 
   may_coredump = disable_core_dumps ();
-  
+
   gnupg_init_signals (0, emergency_cleanup);
-  
+
   create_dotlock (NULL); /* Register locking cleanup.  */
 
   opt.session_env = session_env_new ();
@@ -418,8 +418,8 @@ main ( int argc, char **argv)
   gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
   maybe_setuid = 0;
 
-  /* 
-     Now we are now working under our real uid 
+  /*
+     Now we are now working under our real uid
   */
 
   /* Setup malloc hooks. */
@@ -431,7 +431,7 @@ main ( int argc, char **argv)
     malloc_hooks.free = gcry_free;
     assuan_set_malloc_hooks (&malloc_hooks);
   }
-  
+
   /* Prepare libassuan.  */
   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
   assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
@@ -446,7 +446,7 @@ main ( int argc, char **argv)
   /* Set the default option file */
   if (default_config )
     configname = make_filename (opt.homedir, "g13.conf", NULL);
-  
+
   argc        = orig_argc;
   argv        = orig_argv;
   pargs.argc  = &argc;
@@ -465,9 +465,9 @@ main ( int argc, char **argv)
               if (parse_debug)
                 log_info (_("NOTE: no default option file `%s'\n"), configname);
             }
-          else 
+          else
             {
-              log_error (_("option file `%s': %s\n"), 
+              log_error (_("option file `%s': %s\n"),
                          configname, strerror(errno));
               g13_exit(2);
             }
@@ -478,14 +478,14 @@ main ( int argc, char **argv)
         log_info (_("reading options from `%s'\n"), configname);
       default_config = 0;
     }
-  
-  while (!no_more_options 
+
+  while (!no_more_options
          && optfile_parse (configfp, configname, &configlineno, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
-	case aGPGConfList: 
-	case aGPGConfTest: 
+	case aGPGConfList:
+	case aGPGConfTest:
           set_cmd (&cmd, pargs.r_opt);
           nogreeting = 1;
           nokeysetup = 1;
@@ -517,7 +517,7 @@ main ( int argc, char **argv)
           break;
 
         case oLogFile: logfile = pargs.r.ret_str; break;
-        case oNoLogFile: logfile = NULL; break;          
+        case oNoLogFile: logfile = NULL; break;
 
         case oNoDetach: nodetach = 1; break;
 
@@ -554,10 +554,10 @@ main ( int argc, char **argv)
         case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
         case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
         case oXauthority: opt.xauthority = xstrdup (pargs.r.ret_str); break;
-          
+
         case oFakedSystemTime:
           {
-            time_t faked_time = isotime2epoch (pargs.r.ret_str); 
+            time_t faked_time = isotime2epoch (pargs.r.ret_str);
             if (faked_time == (time_t)(-1))
               faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
             gnupg_set_time (faked_time, 0);
@@ -573,8 +573,8 @@ main ( int argc, char **argv)
           break;
 
 
-        default: 
-          pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; 
+        default:
+          pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
           break;
 	}
     }
@@ -603,7 +603,7 @@ main ( int argc, char **argv)
 
   if (nogreeting)
     greeting = 0;
-  
+
   if (greeting)
     {
       fprintf (stderr, "%s %s; %s\n",
@@ -647,38 +647,38 @@ main ( int argc, char **argv)
   /* Terminate if we found any error until now.  */
   if (log_get_errorcount(0))
     g13_exit (2);
-  
+
   /* Set the standard GnuPG random seed file.  */
-  if (use_random_seed) 
+  if (use_random_seed)
     {
       char *p = make_filename (opt.homedir, "random_seed", NULL);
       gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
       xfree(p);
     }
-  
+
   /* Store given filename into FNAME. */
   fname = argc? *argv : NULL;
 
   /* Parse all given encryption keys.  This does a lookup of the keys
      and stops if any of the given keys was not found. */
-#if 0 /* Currently not implemented.  */  
+#if 0 /* Currently not implemented.  */
   if (!nokeysetup)
     {
       strlist_t sl;
       int failed = 0;
-      
+
       for (sl = recipients; sl; sl = sl->next)
         if (check_encryption_key ())
           failed = 1;
       if (failed)
         g13_exit (1);
     }
-#endif /*0*/ 
- 
+#endif /*0*/
+
   /* Dispatch command.  */
   switch (cmd)
     {
-    case aGPGConfList: 
+    case aGPGConfList:
       { /* List options and default values in the GPG Conf format.  */
 	char *config_filename_esc = percent_escape (opt.config_filename, NULL);
 
@@ -712,7 +712,7 @@ main ( int argc, char **argv)
 
     case aCreate: /* Create a new container. */
       {
-        if (argc != 1) 
+        if (argc != 1)
           wrong_args ("--create filename");
         start_idle_task ();
         err = g13_create_container (&ctrl, argv[0], recipients);
@@ -726,7 +726,7 @@ main ( int argc, char **argv)
 
     case aMount: /* Mount a container. */
       {
-        if (argc != 1 && argc != 2 ) 
+        if (argc != 1 && argc != 2 )
           wrong_args ("--mount filename [mountpoint]");
         start_idle_task ();
         err = g13_mount_container (&ctrl, argv[0], argc == 2?argv[1]:NULL);
@@ -796,7 +796,7 @@ handle_signal (int signo)
       log_info ("SIGHUP received - re-reading configuration\n");
       /* Fixme:  Not yet implemented.  */
       break;
-      
+
     case SIGUSR1:
       log_info ("SIGUSR1 received - printing internal information:\n");
       /* Fixme: We need to see how to integrate pth dumping into our
@@ -823,14 +823,14 @@ handle_signal (int signo)
           g13_exit (0);
 	}
       break;
-      
+
     case SIGINT:
       log_info ("SIGINT received - immediate shutdown\n");
       log_info( "%s %s stopped\n", strusage(11), strusage(13));
       g13_exit (0);
       break;
 #endif /*!HAVE_W32_SYSTEM*/
-      
+
     default:
       log_info ("signal %d received - no action defined\n", signo);
     }
@@ -932,16 +932,16 @@ start_idle_task (void)
 {
   pth_attr_t tattr;
   pth_t tid;
-  
+
   tattr = pth_attr_new ();
   pth_attr_set (tattr, PTH_ATTR_JOINABLE, 1);
   pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 64*1024);
   pth_attr_set (tattr, PTH_ATTR_NAME, "idle-task");
-  
+
   tid = pth_spawn (tattr, idle_task, NULL);
   if (!tid)
     {
-      log_fatal ("error starting idle task: %s\n", 
+      log_fatal ("error starting idle task: %s\n",
                  gpg_strerror (gpg_error_from_syserror ()));
       return; /*NOTREACHED*/
     }
@@ -961,4 +961,3 @@ join_idle_task (void)
                    gpg_strerror (gpg_error_from_syserror ()));
     }
 }
-
diff --git a/g13/g13.h b/g13/g13.h
index 90b6d5013..8e6867a23 100644
--- a/g13/g13.h
+++ b/g13/g13.h
@@ -32,7 +32,7 @@
 #include "../common/session-env.h"
 
 /* A large struct named "opt" to keep global flags.  */
-struct 
+struct
 {
   unsigned int debug; /* Debug flags (DBG_foo_VALUE).  */
   int verbose;        /* Verbosity level.  */
@@ -43,12 +43,12 @@ struct
   const char *config_filename; /* Name of the used config file.  */
 
   /* Filename of the AGENT program.  */
-  const char *agent_program; 
+  const char *agent_program;
 
   /* Filename of the GPG program.  Unless set via an program option it
      is initialzed at the first engine startup to the standard gpg
      filename.  */
-  const char *gpg_program; 
+  const char *gpg_program;
 
   /* Environment variables passed along to the engine.  */
   char *display;
@@ -89,10 +89,10 @@ struct server_control_s
   int no_server;      /* We are not running under server control */
   int  status_fd;     /* Only for non-server mode */
   struct server_local_s *server_local;
-  
+
   int agent_seen;     /* Flag indicating that the gpg-agent has been
                          accessed.  */
-  
+
   int with_colons;    /* Use column delimited output format */
 
   /* Type of the current container.  See the CONTTYPE_ constants.  */
diff --git a/g13/keyblob.h b/g13/keyblob.h
index a7701005d..99d239fee 100644
--- a/g13/keyblob.h
+++ b/g13/keyblob.h
@@ -33,8 +33,8 @@
           u32  Length of the entire header.  This includes all bytes
                starting at the packet type and ending with the last
                padding byte of the header.
-          u8   Number of copies of this header (1..255). 
-          u8   Number of copies of this header at the end of the 
+          u8   Number of copies of this header (1..255).
+          u8   Number of copies of this header at the end of the
                container (usually 0).
           b6   reserved
    n bytes: OpenPGP encrypted and optionally signed message.
@@ -55,7 +55,7 @@
                 b10  Value: "GnuPG/PAD\x00".
                 b(n) Padding stuff.
             Given this structure the minimum padding is 16 bytes.
-   
+
    n bytes: File system container.
    (optionally followed by copies on the header).
 */
diff --git a/g13/mount.c b/g13/mount.c
index 2ab5cc636..387bb6f32 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -41,7 +41,7 @@
 
 /* Parse the header prefix and return the length of the entire header.  */
 static gpg_error_t
-parse_header (const char *filename, 
+parse_header (const char *filename,
               const unsigned char *packet, size_t packetlen,
               size_t *r_headerlen)
 {
@@ -65,7 +65,7 @@ parse_header (const char *filename,
       return gpg_error (GPG_ERR_INV_OBJ);
     }
   if (packet[17] || packet[18]
-      || packet[26] || packet[27] || packet[28] || packet[29] 
+      || packet[26] || packet[27] || packet[28] || packet[29]
       || packet[30] || packet[31])
     log_info ("WARNING: unknown meta information in `%s'\n", filename);
   if (packet[19])
@@ -85,7 +85,7 @@ parse_header (const char *filename,
       log_error ("bad length given in container `%s'\n", filename);
       return gpg_error (GPG_ERR_INV_OBJ);
     }
-     
+
   *r_headerlen = len;
   return 0;
 }
@@ -100,7 +100,7 @@ read_keyblob_prefix (const char *filename, estream_t *r_fp, size_t *r_headerlen)
   gpg_error_t err;
   estream_t fp;
   unsigned char packet[32];
-  
+
   *r_fp = NULL;
 
   fp = es_fopen (filename, "rb");
@@ -110,7 +110,7 @@ read_keyblob_prefix (const char *filename, estream_t *r_fp, size_t *r_headerlen)
       log_error ("error reading `%s': %s\n", filename, gpg_strerror (err));
       return err;
     }
-  
+
   /* Read the header.  It is defined as 32 bytes thus we read it in one go.  */
   if (es_fread (packet, 32, 1, fp) != 1)
     {
@@ -120,7 +120,7 @@ read_keyblob_prefix (const char *filename, estream_t *r_fp, size_t *r_headerlen)
       es_fclose (fp);
       return err;
     }
-  
+
   err = parse_header (filename, packet, 32, r_headerlen);
   if (err)
     es_fclose (fp);
@@ -134,21 +134,21 @@ read_keyblob_prefix (const char *filename, estream_t *r_fp, size_t *r_headerlen)
 /* Read the keyblob at FILENAME.  The caller should have acquired a
    lockfile and checked that the file exists.  */
 static gpg_error_t
-read_keyblob (const char *filename, 
+read_keyblob (const char *filename,
               void **r_enckeyblob, size_t *r_enckeybloblen)
 {
   gpg_error_t err;
   estream_t fp = NULL;
   size_t headerlen, msglen;
   void *msg = NULL;
-  
+
   *r_enckeyblob = NULL;
   *r_enckeybloblen = 0;
 
   err = read_keyblob_prefix (filename, &fp, &headerlen);
   if (err)
     goto leave;
-  
+
   if (opt.verbose)
     log_info ("header length of `%s' is %zu\n", filename, headerlen);
 
@@ -291,7 +291,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
   /* Check again that the file exists.  */
   {
     struct stat sb;
-    
+
     if (stat (filename, &sb))
       {
         err = gpg_error_from_syserror ();
@@ -381,7 +381,7 @@ g13_umount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
   err = mountinfo_find_mount (filename, mountpoint, &rid);
   if (err)
     return err;
-  
+
   runner = runner_find_by_rid (rid);
   if (!runner)
     {
@@ -391,7 +391,7 @@ g13_umount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
 
   runner_cancel (runner);
   runner_release (runner);
-  
+
   return 0;
 }
 
@@ -414,5 +414,3 @@ g13_is_container (ctrl_t ctrl, const char *filename)
     es_fclose (fp);
   return err;
 }
-
-
diff --git a/g13/mount.h b/g13/mount.h
index f99426494..b2fe99e59 100644
--- a/g13/mount.h
+++ b/g13/mount.h
@@ -20,7 +20,7 @@
 #ifndef G13_MOUNT_H
 #define G13_MOUNT_H
 
-gpg_error_t g13_mount_container (ctrl_t ctrl, 
+gpg_error_t g13_mount_container (ctrl_t ctrl,
                                  const char *filename,
                                  const char *mountpoint);
 gpg_error_t g13_umount_container (ctrl_t ctrl,
@@ -31,4 +31,3 @@ gpg_error_t g13_is_container (ctrl_t ctrl, const char *filename);
 
 
 #endif /*G13_MOUNT_H*/
-
diff --git a/g13/mountinfo.c b/g13/mountinfo.c
index 07c6240d4..90b205ed5 100644
--- a/g13/mountinfo.c
+++ b/g13/mountinfo.c
@@ -134,10 +134,10 @@ mountinfo_del_mount (const char *container, const char *mountpoint,
           {
             /* FIXME: This does not always work because the umount may
                not have completed yet.  We should add the mountpoints
-               to an idle queue and retry a remove.  */ 
+               to an idle queue and retry a remove.  */
             if (rmdir (m->mountpoint))
               log_error ("error removing mount point `%s': %s\n",
-                         m->mountpoint, 
+                         m->mountpoint,
                          gpg_strerror (gpg_error_from_syserror ()));
           }
         m->in_use = 0;
@@ -192,8 +192,7 @@ mountinfo_dump_all (void)
 
   for (idx=0, m = mounttable; idx < mounttable_size; idx++, m++)
     if (m->in_use)
-      log_info ("mtab[%d] %s on %s type %d rid %u%s\n", 
+      log_info ("mtab[%d] %s on %s type %d rid %u%s\n",
                 idx, m->container, m->mountpoint, m->conttype, m->rid,
                 m->flags.remove?" [remove]":"");
 }
-
diff --git a/g13/mountinfo.h b/g13/mountinfo.h
index b8ac5bd7b..95e95f51c 100644
--- a/g13/mountinfo.h
+++ b/g13/mountinfo.h
@@ -38,4 +38,3 @@ void mountinfo_dump_all (void);
 
 
 #endif /*G13_MOUNTINFO_H*/
-
diff --git a/g13/runner.c b/g13/runner.c
index 720cd9e58..7e9c262c3 100644
--- a/g13/runner.c
+++ b/g13/runner.c
@@ -53,7 +53,7 @@ struct runner_s
 
      1 = Thread not running or only the thread is still running.
      2 = Thread is running and someone is holding a reference.  */
-  int refcount; 
+  int refcount;
 
   pid_t pid;  /* PID of the backend's process (the engine).  */
   int in_fd;  /* File descriptors to read from the engine.  */
@@ -82,7 +82,7 @@ writen (int fd, const void *buf, size_t nbytes)
 {
   size_t nleft = nbytes;
   int nwritten;
-  
+
   while (nleft > 0)
     {
       nwritten = pth_write (fd, buf, nleft);
@@ -96,7 +96,7 @@ writen (int fd, const void *buf, size_t nbytes)
       nleft -= nwritten;
       buf = (const char*)buf + nwritten;
     }
-    
+
   return 0;
 }
 
@@ -150,7 +150,7 @@ runner_release (runner_t runner)
     close (runner->in_fd);
   if (runner->out_fd != -1)
     close (runner->out_fd);
-  
+
   /* Fixme: close the process. */
 
   /* Tell the engine to release its data.  */
@@ -177,7 +177,7 @@ runner_release (runner_t runner)
 /* Create a new runner context.  On success a new runner object is
    stored at R_RUNNER.  On failure NULL is stored at this address and
    an error code returned.  */
-gpg_error_t 
+gpg_error_t
 runner_new (runner_t *r_runner, const char *name)
 {
   static unsigned int namecounter; /* Global name counter.  */
@@ -215,14 +215,14 @@ runner_new (runner_t *r_runner, const char *name)
   runner->pid = (pid_t)(-1);
   runner->in_fd = -1;
   runner->out_fd = -1;
-  
+
   *r_runner = runner;
   return 0;
 }
 
 
 /* Return the identifier of RUNNER.  */
-unsigned int 
+unsigned int
 runner_get_rid (runner_t runner)
 {
   return runner->identifier;
@@ -282,8 +282,8 @@ runner_set_pid (runner_t runner, pid_t pid)
    and its private HANDLER_DATA with RUNNER.  */
 void
 runner_set_handler (runner_t runner,
-                    engine_handler_fnc_t handler, 
-                    engine_handler_cleanup_fnc_t handler_cleanup, 
+                    engine_handler_fnc_t handler,
+                    engine_handler_cleanup_fnc_t handler_cleanup,
                     void *handler_data)
 {
   if (check_already_spawned (runner, "runner_set_handler"))
@@ -325,14 +325,14 @@ runner_thread (void *arg)
             {
               buffer[pos - (c == '\n')] = 0;
               if (opt.verbose)
-                log_info ("%s%s: %s\n", 
+                log_info ("%s%s: %s\n",
                           runner->name, cont_line? "(cont)":"", buffer);
               /* We handle only complete lines and ignore any stuff we
                  possibly had to truncate.  That is - at least for the
                  encfs engine - not an issue because our changes to
                  the tool make sure that only relatively short prompt
                  lines are of interest.  */
-              if (!cont_line && runner->handler) 
+              if (!cont_line && runner->handler)
                 err = runner->handler (runner->handler_data,
                                        runner, buffer);
               pos = 0;
@@ -349,7 +349,7 @@ runner_thread (void *arg)
           if (opt.verbose)
             log_info ("%s%s: %s\n",
                       runner->name, cont_line? "(cont)":"", buffer);
-          if (!cont_line && !err && runner->handler) 
+          if (!cont_line && !err && runner->handler)
             err = runner->handler (runner->handler_data,
                                           runner, buffer);
         }
@@ -384,7 +384,7 @@ runner_thread (void *arg)
   log_debug ("runner thread releasing runner ...\n");
   {
     runner_t r, rprev;
-    
+
     for (r = running_threads, rprev = NULL; r; rprev = r, r = r->next_running)
       if (r == runner)
         {
@@ -398,7 +398,7 @@ runner_thread (void *arg)
   }
   runner_release (runner);
   log_debug ("runner thread runner released\n");
-  
+
   return NULL;
 }
 
@@ -410,7 +410,7 @@ runner_spawn (runner_t runner)
   gpg_error_t err;
   pth_attr_t tattr;
   pth_t tid;
-  
+
   if (check_already_spawned (runner, "runner_spawn"))
     return gpg_error (GPG_ERR_BUG);
 
@@ -421,7 +421,7 @@ runner_spawn (runner_t runner)
   if (runner->in_fd != -1)
     {
       estream_t fp;
-      
+
       fp = es_fdopen (runner->in_fd, "r");
       if (!fp)
         {
@@ -437,7 +437,7 @@ runner_spawn (runner_t runner)
   pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
   pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 128*1024);
   pth_attr_set (tattr, PTH_ATTR_NAME, runner->name);
-  
+
   tid = pth_spawn (tattr, runner_thread, runner);
   if (!tid)
     {
@@ -483,7 +483,7 @@ runner_cancel_all (void)
 {
   runner_t r;
 
-  do 
+  do
     {
       for (r = running_threads; r; r = r->next_running)
         if (r->spawned && !r->canceled)
@@ -499,7 +499,7 @@ runner_cancel_all (void)
 /* Send a line of data down to the engine.  This line may not contain
    a binary Nul or a LF character.  This function is used by the
    engine's handler.  */
-gpg_error_t 
+gpg_error_t
 runner_send_line (runner_t runner, const void *data, size_t datalen)
 {
   gpg_error_t err = 0;
@@ -533,6 +533,6 @@ runner_send_line (runner_t runner, const void *data, size_t datalen)
   if (!err)
     if (writen (runner->out_fd, "\n", 1))
       err = gpg_error_from_syserror ();
-  
+
   return err;
 }
diff --git a/g13/runner.h b/g13/runner.h
index e68eca03a..3c8214304 100644
--- a/g13/runner.h
+++ b/g13/runner.h
@@ -25,7 +25,7 @@ struct runner_s;
 typedef struct runner_s *runner_t;
 
 /* Prototypes for the handler functions provided by the engine.  */
-typedef gpg_error_t (*engine_handler_fnc_t) (void *opaque, 
+typedef gpg_error_t (*engine_handler_fnc_t) (void *opaque,
                                              runner_t runner,
                                              const char *statusline);
 typedef void (*engine_handler_cleanup_fnc_t) (void *opaque);
@@ -41,7 +41,7 @@ gpg_error_t runner_new (runner_t *r_runner, const char *name);
 void runner_release (runner_t runner);
 
 /* Return the identifier of RUNNER.  */
-unsigned int runner_get_rid (runner_t runner); 
+unsigned int runner_get_rid (runner_t runner);
 
 /* Find a runner by its rid.  */
 runner_t runner_find_by_rid (unsigned int rid);
@@ -53,8 +53,8 @@ void runner_set_pid (runner_t runner, pid_t pid);
 
 /* Register the handler functions with a runner.  */
 void runner_set_handler (runner_t runner,
-                         engine_handler_fnc_t handler, 
-                         engine_handler_cleanup_fnc_t handler_cleanup, 
+                         engine_handler_fnc_t handler,
+                         engine_handler_cleanup_fnc_t handler_cleanup,
                          void *handler_data);
 
 /* Start the runner.  */
@@ -74,4 +74,3 @@ gpg_error_t runner_send_line (runner_t runner,
 
 
 #endif /*G13_RUNNER_H*/
-
diff --git a/g13/server.c b/g13/server.c
index 0c2b880f4..31c961dfb 100644
--- a/g13/server.c
+++ b/g13/server.c
@@ -39,7 +39,7 @@ static FILE *statusfp;
 
 /* Local data for this server module.  A pointer to this is stored in
    the CTRL object of each connection.  */
-struct server_local_s 
+struct server_local_s
 {
   /* The Assuan contect we are working on.  */
   assuan_context_t assuan_ctx;
@@ -59,7 +59,7 @@ static int command_has_option (const char *cmd, const char *cmdopt);
 
 
 /*
-   Helper functions. 
+   Helper functions.
  */
 
 /* Set an error and a description.  */
@@ -202,7 +202,7 @@ reset_notify (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_open[] = 
+static const char hlp_open[] =
   "OPEN [] \n"
   "\n"
   "Open the container FILENAME.  FILENAME must be percent-plus\n"
@@ -255,14 +255,14 @@ cmd_open (assuan_context_t ctx, char *line)
   ctrl->server_local->containername = xtrystrdup (line);
   if (!ctrl->server_local->containername)
     err = gpg_error_from_syserror ();
-  
-  
+
+
  leave:
   return leave_cmd (ctx, err);
 }
 
 
-static const char hlp_mount[] = 
+static const char hlp_mount[] =
   "MOUNT [options] []\n"
   "\n"
   "Mount the currently open file onto MOUNTPOINT.  If MOUNTPOINT is not\n"
@@ -305,7 +305,7 @@ cmd_mount (assuan_context_t ctx, char *line)
     }
 
   /* Perform the mount.  */
-  err = g13_mount_container (ctrl, ctrl->server_local->containername, 
+  err = g13_mount_container (ctrl, ctrl->server_local->containername,
                              *line? line : NULL);
 
  leave:
@@ -313,7 +313,7 @@ cmd_mount (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_umount[] = 
+static const char hlp_umount[] =
   "UMOUNT [options] []\n"
   "\n"
   "Unmount the currently open file or the one opened at MOUNTPOINT.\n"
@@ -350,7 +350,7 @@ cmd_umount (assuan_context_t ctx, char *line)
     }
 
   /* Perform the unmount.  */
-  err = g13_umount_container (ctrl, ctrl->server_local->containername, 
+  err = g13_umount_container (ctrl, ctrl->server_local->containername,
                               *line? line : NULL);
 
  leave:
@@ -358,7 +358,7 @@ cmd_umount (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_recipient[] = 
+static const char hlp_recipient[] =
   "RECIPIENT \n"
   "\n"
   "Add USERID to the list of recipients to be used for the next CREATE\n"
@@ -443,7 +443,7 @@ cmd_create (assuan_context_t ctx, char *line)
   if (!err)
     {
       FREE_STRLIST (ctrl->server_local->recipients);
-  
+
       /* Store the filename.  */
       ctrl->server_local->containername = xtrystrdup (line);
       if (!ctrl->server_local->containername)
@@ -455,7 +455,7 @@ cmd_create (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_getinfo[] = 
+static const char hlp_getinfo[] =
   "GETINFO \n"
   "\n"
   "Multipurpose function to return a variety of information.\n"
@@ -528,7 +528,7 @@ command_has_option (const char *cmd, const char *cmdopt)
 {
   (void)cmd;
   (void)cmdopt;
-      
+
   return 0;
 }
 
@@ -548,8 +548,8 @@ register_commands (assuan_context_t ctx)
     { "RECIPIENT",     cmd_recipient, hlp_recipient },
     { "SIGNER",        cmd_signer, hlp_signer },
     { "CREATE",        cmd_create, hlp_create },
-    { "INPUT",         NULL }, 
-    { "OUTPUT",        NULL }, 
+    { "INPUT",         NULL },
+    { "OUTPUT",        NULL },
     { "GETINFO",       cmd_getinfo,hlp_getinfo },
     { NULL }
   };
@@ -562,7 +562,7 @@ register_commands (assuan_context_t ctx)
                                      table[i].help);
       if (err)
         return err;
-    } 
+    }
   return 0;
 }
 
@@ -652,7 +652,7 @@ g13_server (ctrl_t ctrl)
     err = 0;
   else
     log_info ("Assuan accept problem: %s\n", gpg_strerror (err));
-  
+
  leave:
   reset_notify (ctx, NULL);  /* Release all items hold by SERVER_LOCAL.  */
   if (ctrl->server_local)
@@ -689,17 +689,17 @@ g13_status (ctrl_t ctrl, int no, ...)
             statusfp = stderr;
           else
             statusfp = fdopen (ctrl->status_fd, "w");
-          
+
           if (!statusfp)
             {
               log_fatal ("can't open fd %d for status output: %s\n",
                          ctrl->status_fd, strerror(errno));
             }
         }
-      
+
       fputs ("[GNUPG:] ", statusfp);
       fputs (get_status_string (no), statusfp);
-    
+
       while ( (text = va_arg (arg_ptr, const char*) ))
         {
           putc ( ' ', statusfp );
@@ -752,5 +752,3 @@ g13_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
     return 0;
   return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
 }
-
-
diff --git a/g13/server.h b/g13/server.h
index 9b6eb98d5..af8494a67 100644
--- a/g13/server.h
+++ b/g13/server.h
@@ -26,4 +26,3 @@ gpg_error_t g13_server (ctrl_t ctrl);
 gpg_error_t g13_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line);
 
 #endif /*G13_SERVER_H*/
-
diff --git a/g13/utils.c b/g13/utils.c
index 4b374df10..6fe3e5ac1 100644
--- a/g13/utils.c
+++ b/g13/utils.c
@@ -88,7 +88,7 @@ destroy_tupledesc (tupledesc_t tupledesc)
 {
   if (!tupledesc)
     return;
-  
+
   if (!--tupledesc->refcount)
     {
       xfree (tupledesc->data);
@@ -174,7 +174,6 @@ next_tuple (tupledesc_t tupledesc, unsigned int *r_tag, size_t *r_length)
           return s;
         }
     }
-  
+
   return NULL;
 }
-
diff --git a/g13/utils.h b/g13/utils.h
index cebd0436d..914b2cf3e 100644
--- a/g13/utils.h
+++ b/g13/utils.h
@@ -30,15 +30,14 @@ void append_tuple (membuf_t *membuf,
 struct tupledesc_s;
 typedef struct tupledesc_s *tupledesc_t;
 
-gpg_error_t create_tupledesc (tupledesc_t *r_tupledesc, 
+gpg_error_t create_tupledesc (tupledesc_t *r_tupledesc,
                               void *data, size_t datalen);
 void destroy_tupledesc (tupledesc_t tupledesc);
 tupledesc_t ref_tupledesc (tupledesc_t tupledesc);
-const void *find_tuple (tupledesc_t tupledesc, 
+const void *find_tuple (tupledesc_t tupledesc,
                         unsigned int tag, size_t *r_length);
-const void *next_tuple (tupledesc_t tupledesc, 
+const void *next_tuple (tupledesc_t tupledesc,
                         unsigned int *r_tag, size_t *r_length);
 
 
 #endif /*G13_UTILS_H*/
-
diff --git a/include/ChangeLog b/include/ChangeLog
index 81ba48bab..09d5b6e99 100644
--- a/include/ChangeLog
+++ b/include/ChangeLog
@@ -226,7 +226,7 @@
 
 	* KEYSERVER_SCHEME_NOT_FOUND should be 127 to match the POSIX
 	system() (via /bin/sh) way of signaling this.
-	
+
 	* Added G10ERR_KEYSERVER
 
 2001-12-27  Werner Koch  
@@ -256,7 +256,7 @@
 
 2001-08-24  Werner Koch  
 
-	* cipher.h (md_write): Made buf arg const. 
+	* cipher.h (md_write): Made buf arg const.
 
 2001-08-20  Werner Koch  
 
@@ -266,7 +266,7 @@
 	never use __attribute__.
 	* cipher.h, iobuf.h, memory.h, mpi.h [__riscos__]: extern hack.
 	* i18n.h [__riscos__]: Use another include file
-	
+
 2001-05-30  Werner Koch  
 
 	* ttyio.h (tty_printf): Add missing parenthesis for non gcc.
@@ -442,5 +442,3 @@ Tue Mar  3 15:11:21 1998  Werner Koch  (wk@isil.d.shuttle.de)
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-
diff --git a/include/Makefile.am b/include/Makefile.am
index 25518bfa1..09176ded2 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1 +1 @@
-EXTRA_DIST = cipher.h types.h host2net.h _regex.h 
+EXTRA_DIST = cipher.h types.h host2net.h _regex.h
diff --git a/include/cipher.h b/include/cipher.h
index 4667e8043..db2196e74 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -1,4 +1,4 @@
-/* cipher.h - Definitions for OpenPGP 
+/* cipher.h - Definitions for OpenPGP
  * Copyright (C) 1998, 1999, 2000, 2001, 2006,
  *               2007, 2010  Free Software Foundation, Inc.
  *
@@ -49,11 +49,11 @@
 #define CIPHER_ALGO_CAMELLIA256     13
 #define CIPHER_ALGO_DUMMY          110    /* No encryption at all. */
 
-#define PUBKEY_ALGO_RSA          /*  1 */ GCRY_PK_RSA  
-#define PUBKEY_ALGO_RSA_E        /*  2 */ GCRY_PK_RSA_E /* RSA encrypt only. */ 
+#define PUBKEY_ALGO_RSA          /*  1 */ GCRY_PK_RSA
+#define PUBKEY_ALGO_RSA_E        /*  2 */ GCRY_PK_RSA_E /* RSA encrypt only. */
 #define PUBKEY_ALGO_RSA_S        /*  3 */ GCRY_PK_RSA_S /* RSA sign only.    */
 #define PUBKEY_ALGO_ELGAMAL_E    /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */
-#define PUBKEY_ALGO_DSA          /* 17 */ GCRY_PK_DSA                          
+#define PUBKEY_ALGO_DSA          /* 17 */ GCRY_PK_DSA
 #define PUBKEY_ALGO_ECDH            18
 #define PUBKEY_ALGO_ECDSA           19
 #define PUBKEY_ALGO_ELGAMAL      /* 20 */ GCRY_PK_ELG   /* Elgamal encr+sign */
@@ -86,7 +86,7 @@
 #define is_DSA(a)     ((a)==PUBKEY_ALGO_DSA)
 
 /* The data encryption key object. */
-typedef struct 
+typedef struct
 {
   int algo;
   int keylen;
diff --git a/include/types.h b/include/types.h
index 8a861bc0a..e13b11a69 100644
--- a/include/types.h
+++ b/include/types.h
@@ -48,7 +48,7 @@
 #undef byte	    /* maybe there is a macro with this name */
 #ifndef __riscos__
 typedef unsigned char byte;
-#else 
+#else
 /* Norcroft treats char  = unsigned char  as legal assignment
                but char* = unsigned char* as illegal assignment
    and the same applies to the signed variants as well  */
diff --git a/kbx/ChangeLog b/kbx/ChangeLog
index 1056ad1b3..947aaaa43 100644
--- a/kbx/ChangeLog
+++ b/kbx/ChangeLog
@@ -79,7 +79,7 @@
 
 	* keybox-init.c (keybox_new, keybox_release): Track used handles.
 	(_keybox_close_file): New.
-	* keybox-update.c (keybox_insert_cert, keybox_set_flags) 
+	* keybox-update.c (keybox_insert_cert, keybox_set_flags)
 	(keybox_delete, keybox_compress): Use the new close function.
 
 2008-03-13  Werner Koch  
@@ -162,7 +162,7 @@
 2005-06-15  Werner Koch  
 
 	* keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned.
-	(_keybox_write_blob): 
+	(_keybox_write_blob):
 
 	* keybox-blob.c (create_blob_finish, _keybox_create_x509_blob):
 	Fixed warnings about signed/unsigned pointer mismatches.
@@ -219,7 +219,7 @@
 	* keybox-blob.c (_keybox_update_header_blob): New.
 	* keybox-update.c (blob_filecopy): Handle header blob.
 	* keybox-file.c (_keybox_read_blob2): New. Moved code from
-	_keybox_read_blob to there. 
+	_keybox_read_blob to there.
 	* keybox-dump.c (dump_header_blob): Print header info.
 
 2004-04-21  Werner Koch  
@@ -228,11 +228,11 @@
 	KEYBOX_FLAG_CREATED_AT.
 	* keybox-update.c (keybox_compress): New.
 
-	* keybox-search.c (get32, get16, blob_get_type) 
-	(blob_get_blob_flags, has_short_kid, has_long_kid) 
-	(has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject) 
+	* keybox-search.c (get32, get16, blob_get_type)
+	(blob_get_blob_flags, has_short_kid, has_long_kid)
+	(has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject)
 	(has_subject_or_alt, has_mail): inline them.
-	
+
 	* keybox-update.c (blob_filecopy): Fixed an error/eof check
 	(s/if(fread)/if(nread)/).
 
@@ -256,17 +256,17 @@
 	* keybox-blob.c: Include time.h
 
 2003-06-03  Werner Koch  
-	
+
 	Changed all error codes in all files to the new libgpg-error scheme.
 
 	* keybox-defs.h: Include gpg-error.h .
-	(KeyboxError): Removed. 
+	(KeyboxError): Removed.
 	* Makefile.am: Removed keybox-error.c stuff.
 
 2002-11-14  Werner Koch  
 
 	* keybox-search.c (blob_cmp_name) : Fixed
-	length compare; there is no 0 stored since nearly a year.  
+	length compare; there is no 0 stored since nearly a year.
 
 2002-10-31  Neal H. Walfield  
 
diff --git a/kbx/Makefile.am b/kbx/Makefile.am
index b5bfa19fc..894924e5c 100644
--- a/kbx/Makefile.am
+++ b/kbx/Makefile.am
@@ -1,4 +1,4 @@
-# Keybox Makefile 
+# Keybox Makefile
 # Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
 #
 # This file is part of GnuPG.
@@ -7,12 +7,12 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
@@ -31,7 +31,7 @@ bin_PROGRAMS = kbxutil
 if HAVE_W32CE_SYSTEM
 extra_libs =  $(LIBASSUAN_LIBS)
 else
-extra_libs = 
+extra_libs =
 endif
 
 common_sources = \
@@ -43,7 +43,7 @@ common_sources = \
 	keybox-search.c \
 	keybox-update.c \
 	keybox-openpgp.c \
-	keybox-dump.c 
+	keybox-dump.c
 
 
 libkeybox_a_SOURCES = $(common_sources)
@@ -56,4 +56,4 @@ kbxutil_LDADD   = ../common/libcommon.a ../gl/libgnu.a \
                   $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \
                   $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
 
-$(PROGRAMS) : ../common/libcommon.a ../gl/libgnu.a 
+$(PROGRAMS) : ../common/libcommon.a ../gl/libgnu.a
diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c
index d2a64386f..b1fd3348d 100644
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@@ -46,7 +46,7 @@ enum cmd_and_opt_values {
   oOutput	  = 'o',
   oQuiet	  = 'q',
   oVerbose	  = 'v',
-  
+
   aNoSuchCmd    = 500,   /* force other values not to be a letter */
   aFindByFpr,
   aFindByKid,
@@ -73,13 +73,13 @@ static ARGPARSE_OPTS opts[] = {
 /*   { aFindByFpr,  "find-by-fpr", 0, "|FPR| find key using it's fingerprnt" }, */
 /*   { aFindByKid,  "find-by-kid", 0, "|KID| find key using it's keyid" }, */
 /*   { aFindByUid,  "find-by-uid", 0, "|NAME| find key by user name" }, */
-  { aStats,      "stats",       0, "show key statistics" }, 
+  { aStats,      "stats",       0, "show key statistics" },
   { aImportOpenPGP, "import-openpgp", 0, "import OpenPGP keyblocks"},
   { aFindDups,    "find-dups",   0, "find duplicates" },
   { aCut,         "cut",         0, "export records" },
-  
+
   { 301, NULL, 0, N_("@\nOptions:\n ") },
-  
+
   { oFrom, "from", 4, "|N|first record to export" },
   { oTo,   "to",   4, "|N|last record to export" },
 /*   { oArmor, "armor",     0, N_("create ascii armored output")}, */
@@ -88,7 +88,7 @@ static ARGPARSE_OPTS opts[] = {
   { oVerbose, "verbose",   0, N_("verbose") },
   { oQuiet,	"quiet",   0, N_("be somewhat more quiet") },
   { oDryRun, "dry-run",   0, N_("do not make any changes") },
-  
+
   { oDebug, "debug"     ,4|16, N_("set debugging flags")},
   { oDebugAll, "debug-all" ,0, N_("enable full debugging")},
 
@@ -144,7 +144,7 @@ my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
     case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
     case GCRY_LOG_BUG:  level = JNLIB_LOG_BUG; break;
     case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
-    default:            level = JNLIB_LOG_ERROR; break;  
+    default:            level = JNLIB_LOG_ERROR; break;
     }
   log_logv (level, fmt, arg_ptr);
 }
@@ -236,7 +236,7 @@ read_file (const char *fname, size_t *r_length)
   FILE *fp;
   char *buf;
   size_t buflen;
-  
+
   if (!strcmp (fname, "-"))
     {
       size_t nread, bufsize = 0;
@@ -245,7 +245,7 @@ read_file (const char *fname, size_t *r_length)
       buf = NULL;
       buflen = 0;
 #define NCHUNK 8192
-      do 
+      do
         {
           bufsize += NCHUNK;
           if (!buf)
@@ -278,14 +278,14 @@ read_file (const char *fname, size_t *r_length)
           log_error ("can't open `%s': %s\n", fname, strerror (errno));
           return NULL;
         }
-  
+
       if (fstat (fileno(fp), &st))
         {
           log_error ("can't stat `%s': %s\n", fname, strerror (errno));
           fclose (fp);
           return NULL;
         }
-      
+
       buflen = st.st_size;
       buf = xtrymalloc (buflen+1);
       if (!buf)
@@ -342,7 +342,7 @@ dump_openpgp_key (keybox_openpgp_info_t info, const unsigned char *image)
       struct _keybox_openpgp_key_info *k;
 
       k = &info->subkeys;
-      do 
+      do
         {
           printf ("sub %02X%02X%02X%02X",
                   k->keyid[4], k->keyid[5],
@@ -358,7 +358,7 @@ dump_openpgp_key (keybox_openpgp_info_t info, const unsigned char *image)
       struct _keybox_openpgp_uid_info *u;
 
       u = &info->uids;
-      do 
+      do
         {
           printf ("uid\t\t%.*s\n", (int)u->len, image + u->off);
           u = u->next;
@@ -412,10 +412,10 @@ main( int argc, char **argv )
   ARGPARSE_ARGS pargs;
   enum cmd_and_opt_values cmd = 0;
   unsigned long from = 0, to = ULONG_MAX;
-  
+
   set_strusage( my_strusage );
   gcry_control (GCRYCTL_DISABLE_SECMEM);
-  log_set_prefix ("kbxutil", 1); 
+  log_set_prefix ("kbxutil", 1);
 
   /* Make sure that our subsystems are ready.  */
   i18n_init ();
@@ -474,51 +474,51 @@ main( int argc, char **argv )
           break;
 	}
     }
-  
+
   if (to < from)
     log_error ("record number of \"--to\" is lower than \"--from\" one\n");
 
 
   if (log_get_errorcount(0) )
     myexit(2);
-  
+
   if (!cmd)
     { /* Default is to list a KBX file */
-      if (!argc) 
+      if (!argc)
         _keybox_dump_file (NULL, 0, stdout);
       else
         {
-          for (; argc; argc--, argv++) 
+          for (; argc; argc--, argv++)
             _keybox_dump_file (*argv, 0, stdout);
         }
     }
   else if (cmd == aStats )
     {
-      if (!argc) 
+      if (!argc)
         _keybox_dump_file (NULL, 1, stdout);
       else
         {
-          for (; argc; argc--, argv++) 
+          for (; argc; argc--, argv++)
             _keybox_dump_file (*argv, 1, stdout);
         }
     }
   else if (cmd == aFindDups )
     {
-      if (!argc) 
+      if (!argc)
         _keybox_dump_find_dups (NULL, 0, stdout);
       else
         {
-          for (; argc; argc--, argv++) 
+          for (; argc; argc--, argv++)
             _keybox_dump_find_dups (*argv, 0, stdout);
         }
     }
   else if (cmd == aCut )
     {
-      if (!argc) 
+      if (!argc)
         _keybox_dump_cut_records (NULL, from, to, stdout);
       else
         {
-          for (; argc; argc--, argv++) 
+          for (; argc; argc--, argv++)
             _keybox_dump_cut_records (*argv, from, to, stdout);
         }
     }
@@ -528,12 +528,12 @@ main( int argc, char **argv )
         import_openpgp ("-");
       else
         {
-          for (; argc; argc--, argv++) 
+          for (; argc; argc--, argv++)
             import_openpgp (*argv);
         }
     }
 #if 0
-  else if ( cmd == aFindByFpr ) 
+  else if ( cmd == aFindByFpr )
     {
       char *fpr;
       if ( argc != 2 )
@@ -541,17 +541,17 @@ main( int argc, char **argv )
       fpr = format_fingerprint ( argv[1] );
       if ( !fpr )
         log_error ("invalid formatted fingerprint\n");
-      else 
+      else
         {
           kbxfile_search_by_fpr ( argv[0], fpr );
           gcry_free ( fpr );
         }
     }
-  else if ( cmd == aFindByKid ) 
+  else if ( cmd == aFindByKid )
     {
       u32 kid[2];
       int mode;
-      
+
       if ( argc != 2 )
         wrong_args ("kbxfile short-or-long-keyid");
       mode = format_keyid ( argv[1], kid );
@@ -562,7 +562,7 @@ main( int argc, char **argv )
           kbxfile_search_by_kid ( argv[0], kid, mode );
 	}
     }
-  else if ( cmd == aFindByUid ) 
+  else if ( cmd == aFindByUid )
     {
       if ( argc != 2 )
         wrong_args ("kbxfile userID");
@@ -571,7 +571,7 @@ main( int argc, char **argv )
 #endif
   else
       log_error ("unsupported action\n");
-  
+
   myexit(0);
   return 8; /*NEVER REACHED*/
 }
@@ -590,5 +590,3 @@ myexit( int rc )
 			keybox_errors_seen? 1 : 0;
     exit(rc );
 }
-
-
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index a65bb435b..998a77019 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -62,7 +62,7 @@ X.509 specific are noted like [X.509: xxx]
    u16	special key flags
 	 bit 0 = qualified signature (not yet implemented}
    u16	reserved
- u16  size of serialnumber(may be zero) 
+ u16  size of serialnumber(may be zero)
    n  u16 (see above) bytes of serial number
  u16  number of user IDs
  u16  size of additional user ID information
@@ -84,7 +84,7 @@ X.509 specific are noted like [X.509: xxx]
 	0x10000000 = valid and expires at some date in 1978.
 	0xffffffff = valid and does not expire
  u8	assigned ownertrust [X509: not used]
- u8	all_validity 
+ u8	all_validity
            OpenPGP:  see ../g10/trustdb/TRUST_* [not yet used]
            X509: Bit 4 set := key has been revoked.  Note that this value
                               matches TRUST_FLAG_REVOKED
@@ -180,7 +180,7 @@ struct keyboxblob {
   byte *blob;
   size_t bloblen;
   off_t fileoffset;
-  
+
   /* stuff used only by keybox_create_blob */
   unsigned char *serialbuf;
   const unsigned char *serial;
@@ -193,10 +193,10 @@ struct keyboxblob {
   u32  *sigs;
   struct fixup_list *fixups;
   int fixup_out_of_core;
-  
+
   struct keyid_list *temp_kids;
   struct membuf bufbuf; /* temporary store for the blob */
-  struct membuf *buf; 
+  struct membuf *buf;
 };
 
 
@@ -227,7 +227,7 @@ put_membuf (struct membuf *mb, const void *buf, size_t len)
   if (mb->len + len >= mb->size)
     {
       char *p;
-      
+
       mb->size += len + 1024;
       p = xtryrealloc (mb->buf, mb->size);
       if (!p)
@@ -293,14 +293,14 @@ static void
 add_fixup (KEYBOXBLOB blob, u32 off, u32 val)
 {
   struct fixup_list *fl;
-  
+
   if (blob->fixup_out_of_core)
     return;
 
   fl = xtrycalloc(1, sizeof *fl);
   if (!fl)
     blob->fixup_out_of_core = 1;
-  else 
+  else
     {
       fl->off = off;
       fl->val = val;
@@ -313,7 +313,7 @@ add_fixup (KEYBOXBLOB blob, u32 off, u32 val)
 
 #ifdef KEYBOX_WITH_OPENPGP
 /*
-  OpenPGP specific stuff 
+  OpenPGP specific stuff
 */
 
 
@@ -326,8 +326,8 @@ static int
 pgp_temp_store_kid (KEYBOXBLOB blob, PKT_public_key *pk)
 {
   struct keyid_list *k, *r;
-  
-  k = xtrymalloc (sizeof *k); 
+
+  k = xtrymalloc (sizeof *k);
   if (!k)
     return -1;
   k->kid[0] = pk->keyid[0] >> 24 ;
@@ -341,9 +341,9 @@ pgp_temp_store_kid (KEYBOXBLOB blob, PKT_public_key *pk)
   k->seqno = 0;
   k->next = blob->temp_kids;
   blob->temp_kids = k;
-  for (r=k; r; r = r->next) 
+  for (r=k; r; r = r->next)
     k->seqno++;
-  
+
   return k->seqno;
 }
 
@@ -357,7 +357,7 @@ pgp_create_key_part (KEYBOXBLOB blob, KBNODE keyblock)
   for (n=0, node = keyblock; node; node = node->next)
     {
       if ( node->pkt->pkttype == PKT_PUBLIC_KEY
-           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) 
+           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
         {
           PKT_public_key *pk = node->pkt->pkt.public_key;
           char tmp[20];
@@ -379,7 +379,7 @@ pgp_create_key_part (KEYBOXBLOB blob, KBNODE keyblock)
           n++;
 	}
       else if ( node->pkt->pkttype == PKT_SECRET_KEY
-		  || node->pkt->pkttype == PKT_SECRET_SUBKEY ) 
+		  || node->pkt->pkttype == PKT_SECRET_SUBKEY )
         {
           never_reached (); /* actually not yet implemented */
 	}
@@ -399,7 +399,7 @@ pgp_create_uid_part (KEYBOXBLOB blob, KBNODE keyblock)
       if (node->pkt->pkttype == PKT_USER_ID)
         {
           PKT_user_id *u = node->pkt->pkt.user_id;
-          
+
           blob->uids[n].len = u->len;
           blob->uids[n].flags = 0;
           blob->uids[n].validity = 0;
@@ -415,13 +415,13 @@ pgp_create_sig_part (KEYBOXBLOB blob, KBNODE keyblock)
 {
   KBNODE node;
   int n;
-  
+
   for (n=0, node = keyblock; node; node = node->next)
     {
       if (node->pkt->pkttype == PKT_SIGNATURE)
         {
           PKT_signature *sig = node->pkt->pkt.signature;
-          
+
           blob->sigs[n] = 0;	/* FIXME: check the signature here */
           n++;
 	}
@@ -449,7 +449,7 @@ pgp_create_blob_keyblock (KEYBOXBLOB blob, KBNODE keyblock)
                       node->pkt->pkttype, gpg_errstr(rc) );
         return GPGERR_WRITE_FILE;
       }
-      if ( node->pkt->pkttype == PKT_USER_ID ) 
+      if ( node->pkt->pkttype == PKT_USER_ID )
         {
           PKT_user_id *u = node->pkt->pkt.user_id;
           /* build_packet has set the offset of the name into u ;
@@ -463,12 +463,12 @@ pgp_create_blob_keyblock (KEYBOXBLOB blob, KBNODE keyblock)
   add_fixup (blob, a->len - kbstart);
   return 0;
 }
- 
+
 #endif /*KEYBOX_WITH_OPENPGP*/
 
 
 #ifdef KEYBOX_WITH_X509
-/* 
+/*
    X.509 specific stuff
  */
 
@@ -492,7 +492,7 @@ x509_create_blob_cert (KEYBOXBLOB blob, ksba_cert_t cert)
   add_fixup (blob, 12, a->len - kbstart);
   return 0;
 }
- 
+
 #endif /*KEYBOX_WITH_X509*/
 
 /* Write a stored keyID out to the buffer */
@@ -500,8 +500,8 @@ static void
 write_stored_kid (KEYBOXBLOB blob, int seqno)
 {
   struct keyid_list *r;
-  
-  for ( r = blob->temp_kids; r; r = r->next ) 
+
+  for ( r = blob->temp_kids; r; r = r->next )
     {
       if (r->seqno == seqno )
         {
@@ -517,8 +517,8 @@ static void
 release_kid_list (struct keyid_list *kl)
 {
   struct keyid_list *r, *r2;
-  
-  for ( r = kl; r; r = r2 ) 
+
+  for ( r = kl; r; r = r2 )
     {
       r2 = r->next;
       xfree (r);
@@ -534,7 +534,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
   int i;
 
   put32 ( a, 0 ); /* blob length, needs fixup */
-  put8 ( a, blobtype);  
+  put8 ( a, blobtype);
   put8 ( a, 1 );  /* blob type version */
   put16 ( a, as_ephemeral? 2:0 ); /* blob flags */
 
@@ -593,7 +593,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
          fixup all the keyID offsets */
       for (i=0; i < blob->nkeys; i++ )
         {
-          if (blob->keys[i].off_kid) 
+          if (blob->keys[i].off_kid)
             { /* this is a v3 one */
               add_fixup (blob, blob->keys[i].off_kid_addr, a->len);
               write_stored_kid (blob, blob->keys[i].off_kid);
@@ -601,18 +601,18 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
           else
             { /* the better v4 key IDs - just store an offset 8 bytes back */
               add_fixup (blob, blob->keys[i].off_kid_addr,
-                         blob->keys[i].off_kid_addr - 8); 
+                         blob->keys[i].off_kid_addr - 8);
             }
         }
     }
-  
+
   if (blobtype == BLOBTYPE_X509)
     {
       /* We don't want to point to ASN.1 encoded UserIDs (DNs) but to
          the utf-8 string represenation of them */
       for (i=0; i < blob->nuids; i++ )
         {
-          if (blob->uids[i].name) 
+          if (blob->uids[i].name)
             { /* this is a v3 one */
               add_fixup (blob, blob->uids[i].off_addr, a->len);
               put_membuf (blob->buf, blob->uids[i].name, blob->uids[i].len);
@@ -645,7 +645,7 @@ create_blob_finish (KEYBOXBLOB blob)
   /* write a placeholder for the checksum */
   for (i = 0; i < 16; i++ )
     put32 (a, 0);  /* Hmmm: why put32() ?? */
-  
+
   /* get the memory area */
   n = 0; /* (Just to avoid compiler warning.) */
   p = get_membuf (a, &n);
@@ -681,7 +681,7 @@ create_blob_finish (KEYBOXBLOB blob)
   memcpy (pp , p, n);
   blob->blob = pp;
   blob->bloblen = n;
-  
+
   return 0;
 }
 
@@ -703,7 +703,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
   /* fixme: Do some sanity checks on the keyblock */
 
   /* count userids and keys so that we can allocate the arrays */
-  for (node = keyblock; node; node = node->next) 
+  for (node = keyblock; node; node = node->next)
     {
       switch (node->pkt->pkttype)
         {
@@ -735,7 +735,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
   rc = pgp_create_sig_part ( blob, keyblock );
   if (rc)
     goto leave;
-  
+
   init_membuf (&blob->bufbuf, 1024);
   blob->buf = &blob->bufbuf;
   rc = create_blob_header (blob, BLOBTYPE_OPENPGP, as_ephemeral);
@@ -751,7 +751,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
   if (rc)
     goto leave;
 
-  
+
  leave:
   release_kid_list (blob->temp_kids);
   blob->temp_kids = NULL;
@@ -868,7 +868,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
       rc = gpg_error_from_syserror ();
       goto leave;
     }
-  
+
   p = ksba_cert_get_issuer (cert, 0);
   if (!p)
     {
@@ -881,7 +881,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
       if (blob->nuids >= max_names)
         {
           char **tmp;
-          
+
           max_names += 100;
           tmp = xtryrealloc (names, max_names * sizeof *names);
           if (!tmp)
@@ -895,9 +895,9 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
       if (!i && (p=x509_email_kludge (p)))
         names[blob->nuids++] = p; /* due to !i we don't need to check bounds*/
     }
-  
+
   /* space for signature information */
-  blob->nsigs = 1; 
+  blob->nsigs = 1;
 
   blob->keys = xtrycalloc (blob->nkeys, sizeof *blob->keys );
   blob->uids = xtrycalloc (blob->nuids, sizeof *blob->uids );
@@ -944,14 +944,14 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
   if (rc)
     goto leave;
 
-  
+
  leave:
   release_kid_list (blob->temp_kids);
   blob->temp_kids = NULL;
   if (blob && names)
     {
       for (i=0; i < blob->nuids; i++)
-        xfree (names[i]); 
+        xfree (names[i]);
     }
   xfree (names);
   if (rc)
@@ -974,7 +974,7 @@ _keybox_new_blob (KEYBOXBLOB *r_blob,
                   unsigned char *image, size_t imagelen, off_t off)
 {
   KEYBOXBLOB blob;
-  
+
   *r_blob = NULL;
   blob = xtrycalloc (1, sizeof *blob);
   if (!blob)
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index 98d23b326..aad07f9d6 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -54,7 +54,7 @@ typedef struct keyboxblob *KEYBOXBLOB;
 
 typedef struct keybox_name *KB_NAME;
 typedef struct keybox_name const *CONST_KB_NAME;
-struct keybox_name 
+struct keybox_name
 {
   /* Link to the next resources, so that we can walk all
      resources.  */
@@ -70,7 +70,7 @@ struct keybox_name
      entrues are set to NULL.  HANDLE_TABLE may be NULL. */
   KEYBOX_HANDLE *handle_table;
   size_t handle_table_size;
-  
+
   /* Not yet used.  */
   int is_locked;
 
@@ -89,7 +89,7 @@ struct keybox_handle {
   FILE *fp;
   int eof;
   int error;
-  int ephemeral;  
+  int ephemeral;
   struct {
     KEYBOXBLOB blob;
     off_t offset;
@@ -215,7 +215,7 @@ void  _keybox_free (void *p);
 #define STR2(v) STR(v)
 
 /*
-  a couple of handy macros 
+  a couple of handy macros
 */
 
 #define return_if_fail(expr) do {                        \
@@ -257,5 +257,3 @@ void  _keybox_free (void *p);
 
 
 #endif /*KEYBOX_DEFS_H*/
-
-
diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
index 4be8501a1..f0cd0a5b8 100644
--- a/kbx/keybox-dump.c
+++ b/kbx/keybox-dump.c
@@ -93,9 +93,9 @@ dump_header_blob (const byte *buffer, size_t length, FILE *fp)
   if ( memcmp (buffer+8, "KBXf", 4))
     fprintf (fp, "[Error: invalid magic number]\n");
 
-  n = get32 (buffer+16); 
+  n = get32 (buffer+16);
   fprintf( fp, "created-at: %lu\n", n );
-  n = get32 (buffer+20); 
+  n = get32 (buffer+20);
   fprintf( fp, "last-maint: %lu\n", n );
 
   return 0;
@@ -117,7 +117,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
   const byte *p;
 
   buffer = _keybox_get_blob_image (blob, &length);
-  
+
   if (length < 32)
     {
       fprintf (fp, "[blob too short]\n");
@@ -125,7 +125,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
     }
 
   n = get32( buffer );
-  if (n > length) 
+  if (n > length)
     fprintf (fp, "[blob larger than length - output truncated]\n");
   else
     length = n;  /* ignore the rest */
@@ -159,7 +159,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
       fprintf (fp, "[blob too short]\n");
       return -1;
     }
-  
+
   n = get16 (buffer + 6);
   fprintf( fp, "Blob-Flags: %04lX", n);
   if (n)
@@ -188,7 +188,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
 
   fprintf( fp, "Data-Offset: %lu\n", rawdata_off );
   fprintf( fp, "Data-Length: %lu\n", rawdata_len );
-  if (rawdata_off > length || rawdata_len > length 
+  if (rawdata_off > length || rawdata_len > length
       || rawdata_off+rawdata_off > length)
     fprintf (fp, "[Error: raw data larger than blob]\n");
 
@@ -207,7 +207,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
     {
       int i;
       ulong kidoff, kflags;
-    
+
       fprintf (fp, "Key-Fpr[%lu]: ", n );
       for (i=0; i < 20; i++ )
         fprintf (fp, "%02X", p[i]);
@@ -220,7 +220,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
       kflags = get16 (p + 24 );
       fprintf( fp, "\nKey-Flags[%lu]: %04lX\n", n, kflags);
     }
-  
+
   /* serial number */
   fputs ("Serial-No: ", fp);
   nserial = get16 (p);
@@ -244,7 +244,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
   for (n=0; n < nuids; n++, p += uidinfolen)
     {
       ulong uidoff, uidlen, uflags;
-      
+
       uidoff = get32( p );
       uidlen = get32( p+4 );
       if (type == BLOBTYPE_X509 && !n)
@@ -284,7 +284,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
           fprintf (fp, "Uid-Validity[%lu]: %d\n", n, p[10] );
         }
     }
-  
+
   nsigs = get16 (p);
   fprintf (fp, "Sig-Count: %lu\n", nsigs );
   siginfolen = get16 (p + 2);
@@ -294,7 +294,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
   for (n=0; n < nsigs; n++, p += siginfolen)
     {
       ulong sflags;
-    
+
       sflags = get32 (p);
       fprintf (fp, "Sig-Expire[%lu]: ", n );
       if (!sflags)
@@ -341,11 +341,11 @@ hash_blob_rawdata (KEYBOXBLOB blob, unsigned char *digest)
   ulong rawdata_off, rawdata_len;
 
   buffer = _keybox_get_blob_image (blob, &length);
-  
+
   if (length < 32)
     return -1;
   n = get32 (buffer);
-  if (n < length) 
+  if (n < length)
     length = n;  /* Blob larger than length in header - ignore the rest. */
 
   type = buffer[4];
@@ -364,11 +364,11 @@ hash_blob_rawdata (KEYBOXBLOB blob, unsigned char *digest)
 
   if (length < 40)
     return -1;
-  
+
   rawdata_off = get32 (buffer + 8);
   rawdata_len = get32 (buffer + 12);
 
-  if (rawdata_off > length || rawdata_len > length 
+  if (rawdata_off > length || rawdata_len > length
       || rawdata_off+rawdata_off > length)
     return -1; /* Out of bounds.  */
 
@@ -408,7 +408,7 @@ update_stats (KEYBOXBLOB blob, struct file_stats_s *s)
     }
 
   n = get32( buffer );
-  if (n > length) 
+  if (n > length)
     s->too_large_blobs++;
   else
     length = n;  /* ignore the rest */
@@ -439,7 +439,7 @@ update_stats (KEYBOXBLOB blob, struct file_stats_s *s)
       s->too_short_blobs++;
       return -1;
     }
-  
+
   n = get16 (buffer + 6);
   if (n)
     {
@@ -512,13 +512,13 @@ _keybox_dump_file (const char *filename, int stats_only, FILE *outfp)
     rc = 0;
   if (rc)
     fprintf (outfp, "error reading `%s': %s\n", filename, gpg_strerror (rc));
-  
+
   if (fp != stdin)
     fclose (fp);
 
   if (stats_only)
     {
-      fprintf (outfp, 
+      fprintf (outfp,
                "Total number of blobs: %8lu\n"
                "               header: %8lu\n"
                "                empty: %8lu\n"
@@ -551,9 +551,9 @@ _keybox_dump_file (const char *filename, int stats_only, FILE *outfp)
 
 
 
-struct dupitem_s 
+struct dupitem_s
 {
-  unsigned long recno; 
+  unsigned long recno;
   unsigned char digest[20];
 };
 
@@ -563,7 +563,7 @@ cmp_dupitems (const void *arg_a, const void *arg_b)
 {
   struct dupitem_s *a = (struct dupitem_s *)arg_a;
   struct dupitem_s *b = (struct dupitem_s *)arg_b;
-  
+
   return memcmp (a->digest, b->digest, 20);
 }
 
@@ -581,7 +581,7 @@ _keybox_dump_find_dups (const char *filename, int print_them, FILE *outfp)
   char fprbuf[3*20+1];
 
   (void)print_them;
-  
+
   memset (zerodigest, 0, sizeof zerodigest);
 
   if (!(fp = open_file (&filename, outfp)))
@@ -601,7 +601,7 @@ _keybox_dump_find_dups (const char *filename, int print_them, FILE *outfp)
   while ( !(rc = _keybox_read_blob (&blob, fp)) )
     {
       unsigned char digest[20];
-      
+
       if (hash_blob_rawdata (blob, digest))
         fprintf (outfp, "error in blob %ld of `%s'\n", recno, filename);
       else if (memcmp (digest, zerodigest, 20))
@@ -668,7 +668,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from,
   KEYBOXBLOB blob;
   int rc;
   unsigned long recno = 0;
-  
+
   if (!(fp = open_file (&filename, stderr)))
     return gpg_error_from_syserror ();
 
diff --git a/kbx/keybox-errors.c b/kbx/keybox-errors.c
index e11efc10b..ce2b498d0 100644
--- a/kbx/keybox-errors.c
+++ b/kbx/keybox-errors.c
@@ -6,12 +6,12 @@
 
 /**
  * keybox_strerror:
- * @err:  Error code 
- * 
+ * @err:  Error code
+ *
  * This function returns a textual representaion of the given
  * errorcode. If this is an unknown value, a string with the value
  * is returned (Beware: it is hold in a static buffer).
- * 
+ *
  * Return value: String with the error description.
  **/
 const char *
@@ -44,4 +44,3 @@ keybox_strerror (KeyboxError err)
 
   return s;
 }
-
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
index e3c22bda8..ecfdfbe84 100644
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@@ -76,8 +76,8 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
   imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4;
   if (imagelen > 500000) /* Sanity check. */
     return gpg_error (GPG_ERR_TOO_LARGE);
-  
-  if (imagelen < 5) 
+
+  if (imagelen < 5)
     return gpg_error (GPG_ERR_TOO_SHORT);
 
   if (!type)
@@ -90,7 +90,7 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
     }
 
   image = xtrymalloc (imagelen);
-  if (!image) 
+  if (!image)
     return gpg_error_from_syserror ();
 
   image[0] = c1; image[1] = c2; image[2] = c3; image[3] = c4; image[4] = type;
@@ -100,7 +100,7 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
       xfree (image);
       return tmperr;
     }
-  
+
   rc = r_blob? _keybox_new_blob (r_blob, image, imagelen, off) : 0;
   if (rc || !r_blob)
     xfree (image);
@@ -142,7 +142,7 @@ _keybox_write_header_blob (FILE *fp)
 
   image[4] = BLOBTYPE_HEADER;
   image[5] = 1; /* Version */
-  
+
   memcpy (image+8, "KBXf", 4);
   val = time (NULL);
   /* created_at and last maintenance run. */
@@ -159,5 +159,3 @@ _keybox_write_header_blob (FILE *fp)
     return gpg_error_from_syserror ();
   return 0;
 }
-
-
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
index c364277e3..60594e313 100644
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@@ -1,4 +1,4 @@
-/* keybox-init.c - Initalization of the library 
+/* keybox-init.c - Initalization of the library
  *	Copyright (C) 2001 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -59,7 +59,7 @@ keybox_register_file (const char *fname, int secret)
   /* keep a list of all issued pointers */
   kr->next = kb_names;
   kb_names = kr;
-  
+
   /* create the offset table the first time a function here is used */
 /*      if (!kb_offtbl) */
 /*        kb_offtbl = new_offset_hash_table (); */
@@ -75,11 +75,11 @@ keybox_is_writable (void *token)
   return r? !access (r->fname, W_OK) : 0;
 }
 
-    
+
 
 /* Create a new handle for the resource associated with TOKEN.  SECRET
    is just a cross-check.
-   
+
    The returned handle must be released using keybox_release (). */
 KEYBOX_HANDLE
 keybox_new (void *token, int secret)
@@ -118,7 +118,7 @@ keybox_new (void *token, int secret)
           size_t newsize;
 
           newsize = resource->handle_table_size + 5;
-          tmptbl = xtryrealloc (resource->handle_table, 
+          tmptbl = xtryrealloc (resource->handle_table,
                                 newsize * sizeof (*tmptbl));
           if (!tmptbl)
             {
@@ -135,7 +135,7 @@ keybox_new (void *token, int secret)
   return hd;
 }
 
-void 
+void
 keybox_release (KEYBOX_HANDLE hd)
 {
   if (!hd)
@@ -171,7 +171,7 @@ int
 keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
 {
   if (!hd)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
   hd->ephemeral = yes;
   return 0;
 }
@@ -180,7 +180,7 @@ keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
 /* Close the file of the resource identified by HD.  For consistent
    results this fucntion closes the files of all handles pointing to
    the resource identified by HD.  */
-void 
+void
 _keybox_close_file (KEYBOX_HANDLE hd)
 {
   int idx;
diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c
index f1de685cf..30f99ecc8 100644
--- a/kbx/keybox-openpgp.c
+++ b/kbx/keybox-openpgp.c
@@ -72,8 +72,8 @@ enum packet_types
    follwing data on success:
 
    R_DATAPKT = Pointer to the begin of the packet data.
-   R_DATALEN = Length of this data.  This has already been checked to fit 
-               into the buffer. 
+   R_DATALEN = Length of this data.  This has already been checked to fit
+               into the buffer.
    R_PKTTYPE = The packet type.
    R_NTOTAL  = The total number of bytes of this packet
 
@@ -91,11 +91,11 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
 
   if (!len)
     return gpg_error (GPG_ERR_NO_DATA);
-  
+
   ctb = *buf++; len--;
   if ( !(ctb & 0x80) )
     return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */
-  
+
   pktlen = 0;
   if ((ctb & 0x40))  /* New style (OpenPGP) CTB.  */
     {
@@ -108,7 +108,7 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
       if ( c < 192 )
         pktlen = c;
       else if ( c < 224 )
-        { 
+        {
           pktlen = (c - 192) * 256;
           if (!len)
             return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */
@@ -150,7 +150,7 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
   switch (pkttype)
     {
     case PKT_SIGNATURE:
-    case PKT_SECRET_KEY:	
+    case PKT_SECRET_KEY:
     case PKT_PUBLIC_KEY:
     case PKT_SECRET_SUBKEY:
     case PKT_MARKER:
@@ -166,9 +166,9 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
       return gpg_error (GPG_ERR_UNEXPECTED);
     }
 
-  if (pktlen == 0xffffffff) 
+  if (pktlen == 0xffffffff)
       return gpg_error (GPG_ERR_INV_PACKET);
-  
+
   if (pktlen > len)
     return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */
 
@@ -207,14 +207,14 @@ parse_key (const unsigned char *data, size_t datalen,
   version = *data++; datalen--;
   if (version < 2 || version > 4 )
     return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */
-  
+
   timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));
   data +=4; datalen -=4;
 
   if (version < 4)
     {
       unsigned short ndays;
-      
+
       if (datalen < 2)
         return gpg_error (GPG_ERR_INV_PACKET);
       ndays = ((data[0]<<8)|(data[1]));
@@ -234,7 +234,7 @@ parse_key (const unsigned char *data, size_t datalen,
     case 1:
     case 2:
     case 3: /* RSA */
-      npkey = 2; 
+      npkey = 2;
       break;
     case 16:
     case 20: /* Elgamal */
@@ -256,7 +256,7 @@ parse_key (const unsigned char *data, size_t datalen,
   for (i=0; i < npkey; i++ )
     {
       unsigned int nbits, nbytes;
-      
+
       if (datalen < 2)
         return gpg_error (GPG_ERR_INV_PACKET);
       nbits = ((data[0]<<8)|(data[1]));
@@ -266,14 +266,14 @@ parse_key (const unsigned char *data, size_t datalen,
         return gpg_error (GPG_ERR_INV_PACKET);
       /* For use by v3 fingerprint calculation we need to know the RSA
          modulus and exponent. */
-      if (i==0) 
+      if (i==0)
         {
-          mpi_n = data; 
+          mpi_n = data;
           mpi_n_len = nbytes;
         }
       else if (i==1)
         mpi_e_len = nbytes;
-        
+
       data += nbytes; datalen -= nbytes;
     }
   n = data - data_start;
@@ -293,12 +293,12 @@ parse_key (const unsigned char *data, size_t datalen,
       memcpy (ki->fpr, gcry_md_read (md, 0), 16);
       gcry_md_close (md);
       ki->fprlen = 16;
-      
+
       if (mpi_n_len < 8)
         {
           /* Moduli less than 64 bit are out of the specs scope.  Zero
              them out becuase this is what gpg does too. */
-          memset (ki->keyid, 0, 8); 
+          memset (ki->keyid, 0, 8);
         }
       else
         memcpy (ki->keyid, mpi_n + mpi_n_len - 8, 8);
@@ -359,7 +359,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
   int first = 1;
   struct _keybox_openpgp_key_info *k, **ktail = NULL;
   struct _keybox_openpgp_uid_info *u, **utail = NULL;
-  
+
   memset (info, 0, sizeof *info);
   if (nparsed)
     *nparsed = 0;
@@ -386,7 +386,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
         }
       else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
         break; /* Next keyblock encountered - ready. */
-      
+
       if (nparsed)
         *nparsed += n;
 
@@ -424,7 +424,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
           if (err)
             break;
         }
-      else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' ) 
+      else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' )
         {
           /* Early versions of GnuPG used old PGP comment packets;
            * luckily all those comments are prefixed by a hash
@@ -488,7 +488,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
 
               if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
                 break; /* Next keyblock encountered - ready. */
-              
+
               if (nparsed)
                 *nparsed += n;
             }
diff --git a/kbx/keybox-search-desc.h b/kbx/keybox-search-desc.h
index e5da155f8..ec7a3c139 100644
--- a/kbx/keybox-search-desc.h
+++ b/kbx/keybox-search-desc.h
@@ -17,7 +17,7 @@
  * along with this program; if not, see .
  */
 
-/* 
+/*
    This file is a temporary kludge until we can come up with solution
    to share this description between keybox and the application
    specific keydb
@@ -54,12 +54,12 @@ struct gpg_pkt_user_id_s;
 typedef struct gpg_pkt_user_id_s *gpg_pkt_user_id_t;
 
 /* A search descriptor.  */
-struct keydb_search_desc 
+struct keydb_search_desc
 {
   KeydbSearchMode mode;
-  int (*skipfnc)(void *, u32 *, gpg_pkt_user_id_t); 
+  int (*skipfnc)(void *, u32 *, gpg_pkt_user_id_t);
   void *skipfncvalue;
-  const unsigned char *sn; 
+  const unsigned char *sn;
   int snlen;  /* -1 := sn is a hex string */
   union {
     const char *name;
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 96c873dbe..ef5cd953e 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -112,7 +112,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
       *flag_off = 6;
       *flag_size = 2;
       break;
-    
+
     case KEYBOX_FLAG_OWNERTRUST:
     case KEYBOX_FLAG_VALIDITY:
     case KEYBOX_FLAG_CREATED_AT:
@@ -127,7 +127,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
       if (pos+2 > length)
         return GPG_ERR_INV_OBJ; /* Out of bounds. */
       /* Serial number. */
-      nserial = get16 (buffer+pos); 
+      nserial = get16 (buffer+pos);
       pos += 2 + nserial;
       if (pos+4 > length)
         return GPG_ERR_INV_OBJ; /* Out of bounds. */
@@ -135,7 +135,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
       nuids = get16 (buffer + pos); pos += 2;
       uidinfolen = get16 (buffer + pos); pos += 2;
       if (uidinfolen < 12 )
-        return GPG_ERR_INV_OBJ; 
+        return GPG_ERR_INV_OBJ;
       pos += uidinfolen*nuids;
       if (pos+4 > length)
         return GPG_ERR_INV_OBJ ; /* Out of bounds. */
@@ -143,7 +143,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
       nsigs = get16 (buffer + pos); pos += 2;
       siginfolen = get16 (buffer + pos); pos += 2;
       if (siginfolen < 4 )
-        return GPG_ERR_INV_OBJ; 
+        return GPG_ERR_INV_OBJ;
       pos += siginfolen*nsigs;
       if (pos+1+1+2+4+4+4+4 > length)
         return GPG_ERR_INV_OBJ ; /* Out of bounds. */
@@ -190,7 +190,7 @@ get_flag_from_image (const unsigned char *buffer, size_t length,
       case 4: *value = get32 (buffer + pos); break;
       default: ec = GPG_ERR_BUG; break;
       }
-  
+
   return ec;
 }
 
@@ -218,7 +218,7 @@ blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
     return 0; /* out of bounds */
 
   /*serial*/
-  nserial = get16 (buffer+pos); 
+  nserial = get16 (buffer+pos);
   off = pos + 2;
   if (off+nserial > length)
     return 0; /* out of bounds */
@@ -316,7 +316,7 @@ blob_cmp_name (KEYBOXBLOB blob, int idx,
     return 0; /* out of bounds */
 
   /*serial*/
-  nserial = get16 (buffer+pos); 
+  nserial = get16 (buffer+pos);
   pos += 2 + nserial;
   if (pos+4 > length)
     return 0; /* out of bounds */
@@ -332,7 +332,7 @@ blob_cmp_name (KEYBOXBLOB blob, int idx,
   if (idx < 0)
     { /* compare all names starting with that (negated) index */
       idx = -idx;
-      
+
       for ( ;idx < nuids; idx++)
         {
           size_t mypos = pos;
@@ -409,7 +409,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr)
     return 0; /* out of bounds */
 
   /*serial*/
-  nserial = get16 (buffer+pos); 
+  nserial = get16 (buffer+pos);
   pos += 2 + nserial;
   if (pos+4 > length)
     return 0; /* out of bounds */
@@ -428,7 +428,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr)
   for (idx=1 ;idx < nuids; idx++)
     {
       size_t mypos = pos;
-      
+
       mypos += idx*uidinfolen;
       off = get32 (buffer+mypos);
       len = get32 (buffer+mypos+4);
@@ -439,7 +439,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr)
       len--; /* one back */
       if ( len < 3 || buffer[off+len] != '>')
         continue; /* not a proper email address */
-      len--; 
+      len--;
       if (substr)
         {
           if (ascii_memcasemem (buffer+off+1, len, name, namelen))
@@ -474,7 +474,7 @@ blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip)
   unsigned char array[20];
   unsigned char *rcp;
   size_t n;
-  
+
   buffer = _keybox_get_blob_image (blob, &length);
   if (length < 40)
     return 0; /* Too short. */
@@ -527,7 +527,7 @@ blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip)
 
 
 /*
-  The has_foo functions are used as helpers for search 
+  The has_foo functions are used as helpers for search
 */
 static inline int
 has_short_kid (KEYBOXBLOB blob, u32 lkid)
@@ -599,7 +599,7 @@ has_issuer_sn (KEYBOXBLOB blob, const char *name,
     return 0;
 
   namelen = strlen (name);
-  
+
   return (blob_cmp_sn (blob, sn, snlen)
           && blob_cmp_name (blob, 0 /* issuer */, name, namelen, 0));
 }
@@ -678,7 +678,7 @@ release_sn_array (struct sn_array_s *array, size_t size)
 
 */
 
-int 
+int
 keybox_search_reset (KEYBOX_HANDLE hd)
 {
   if (!hd)
@@ -697,13 +697,13 @@ keybox_search_reset (KEYBOX_HANDLE hd)
     }
   hd->error = 0;
   hd->eof = 0;
-  return 0;   
+  return 0;
 }
 
 
 /* Note: When in ephemeral mode the search function does visit all
    blobs but in standard mode, blobs flagged as ephemeral are ignored.  */
-int 
+int
 keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
 {
   int rc;
@@ -722,18 +722,18 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
       hd->found.blob = NULL;
     }
 
-  if (hd->error)  
+  if (hd->error)
     return hd->error; /* still in error state */
-  if (hd->eof)  
+  if (hd->eof)
     return -1; /* still EOF */
 
   /* figure out what information we need */
   need_words = any_skip = 0;
-  for (n=0; n < ndesc; n++) 
+  for (n=0; n < ndesc; n++)
     {
-      switch (desc[n].mode) 
+      switch (desc[n].mode)
         {
-        case KEYDB_SEARCH_MODE_WORDS: 
+        case KEYDB_SEARCH_MODE_WORDS:
           need_words = 1;
           break;
         case KEYDB_SEARCH_MODE_FIRST:
@@ -743,7 +743,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
         default:
           break;
 	}
-      if (desc[n].skipfnc) 
+      if (desc[n].skipfnc)
         any_skip = 1;
       if (desc[n].snlen == -1 && !sn_array)
         {
@@ -776,7 +776,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
       int i, odd;
       size_t snlen;
 
-      for (n=0; n < ndesc; n++) 
+      for (n=0; n < ndesc; n++)
         {
           if (!desc[n].sn)
             ;
@@ -844,14 +844,14 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
       if (!hd->ephemeral && (blobflags & 2))
         continue; /* Not in ephemeral mode but blob is flagged ephemeral.  */
 
-      for (n=0; n < ndesc; n++) 
+      for (n=0; n < ndesc; n++)
         {
           switch (desc[n].mode)
             {
-            case KEYDB_SEARCH_MODE_NONE: 
+            case KEYDB_SEARCH_MODE_NONE:
               never_reached ();
               break;
-            case KEYDB_SEARCH_MODE_EXACT: 
+            case KEYDB_SEARCH_MODE_EXACT:
               if (has_subject_or_alt (blob, desc[n].u.name, 0))
                 goto found;
               break;
@@ -868,7 +868,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
                 goto found;
               break;
             case KEYDB_SEARCH_MODE_MAILEND:
-            case KEYDB_SEARCH_MODE_WORDS: 
+            case KEYDB_SEARCH_MODE_WORDS:
               never_reached (); /* not yet implemented */
               break;
             case KEYDB_SEARCH_MODE_ISSUER:
@@ -890,7 +890,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
               if (has_subject (blob, desc[n].u.name))
                 goto found;
               break;
-            case KEYDB_SEARCH_MODE_SHORT_KID: 
+            case KEYDB_SEARCH_MODE_SHORT_KID:
               if (has_short_kid (blob, desc[n].u.kid[1]))
                 goto found;
               break;
@@ -907,20 +907,20 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
               if (has_keygrip (blob, desc[n].u.grip))
                 goto found;
               break;
-            case KEYDB_SEARCH_MODE_FIRST: 
+            case KEYDB_SEARCH_MODE_FIRST:
               goto found;
               break;
-            case KEYDB_SEARCH_MODE_NEXT: 
+            case KEYDB_SEARCH_MODE_NEXT:
               goto found;
               break;
-            default: 
+            default:
               rc = gpg_error (GPG_ERR_INV_VALUE);
               goto found;
             }
 	}
       continue;
-    found:  
-      for (n=any_skip?0:ndesc; n < ndesc; n++) 
+    found:
+      for (n=any_skip?0:ndesc; n < ndesc; n++)
         {
 /*            if (desc[n].skipfnc */
 /*                && desc[n].skipfnc (desc[n].skipfncvalue, aki, NULL)) */
@@ -929,7 +929,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
       if (n == ndesc)
         break; /* got it */
     }
-  
+
   if (!rc)
     {
       hd->found.blob = blob;
@@ -939,7 +939,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
       _keybox_release_blob (blob);
       hd->eof = 1;
     }
-  else 
+  else
     {
       _keybox_release_blob (blob);
       hd->error = rc;
@@ -1042,4 +1042,3 @@ keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value)
   ec = get_flag_from_image (buffer, length, what, value);
   return ec? gpg_error (ec):0;
 }
-
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index f5cf4483b..106e1ab0d 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -66,12 +66,12 @@ fseeko (FILE * stream, off_t newpos, int whence)
 static int
 create_tmp_file (const char *template,
                  char **r_bakfname, char **r_tmpfname, FILE **r_fp)
-{  
+{
   char *bakfname, *tmpfname;
-  
+
   *r_bakfname = NULL;
   *r_tmpfname = NULL;
-  
+
 # ifdef USE_ONLY_8DOT3
   /* Here is another Windoze bug?:
    * you cant rename("pubring.kbx.tmp", "pubring.kbx");
@@ -88,7 +88,7 @@ create_tmp_file (const char *template,
         return gpg_error_from_syserror ();
       strcpy (bakfname, template);
       strcpy (bakfname+strlen(template)-4, EXTSEP_S "kb_");
-      
+
       tmpfname = xtrymalloc (strlen (template) + 1);
       if (!tmpfname)
         {
@@ -99,14 +99,14 @@ create_tmp_file (const char *template,
       strcpy (tmpfname,template);
       strcpy (tmpfname + strlen (template)-4, EXTSEP_S "k__");
     }
-  else 
+  else
     { /* File does not end with kbx, thus we hope we are working on a
          modern file system and appending a suffix works. */
       bakfname = xtrymalloc ( strlen (template) + 5);
       if (!bakfname)
         return gpg_error_from_syserror ();
       strcpy (stpcpy (bakfname, template), EXTSEP_S "kb_");
-      
+
       tmpfname = xtrymalloc ( strlen (template) + 5);
       if (!tmpfname)
         {
@@ -121,7 +121,7 @@ create_tmp_file (const char *template,
   if (!bakfname)
     return gpg_error_from_syserror ();
   strcpy (stpcpy (bakfname,template),"~");
-  
+
   tmpfname = xtrymalloc ( strlen (template) + 5);
   if (!tmpfname)
     {
@@ -173,7 +173,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 
   /* First make a backup file except for secret keyboxes. */
   if (!secret)
-    { 
+    {
 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
       gnupg_remove (bakfname);
 #endif
@@ -182,7 +182,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
           return gpg_error_from_syserror ();
 	}
     }
-  
+
   /* Then rename the file. */
 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
   gnupg_remove (fname);
@@ -200,7 +200,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 	}
       return rc;
     }
-  
+
   return 0;
 }
 
@@ -212,7 +212,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
  	 3 = update
 */
 static int
-blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, 
+blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
                int secret, off_t start_offset)
 {
   FILE *fp, *newfp;
@@ -222,14 +222,14 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
   char buffer[4096];
   int nread, nbytes;
 
-  /* Open the source file. Because we do a rename, we have to check the 
+  /* Open the source file. Because we do a rename, we have to check the
      permissions of the file */
   if (access (fname, W_OK))
     return gpg_error_from_syserror ();
 
   fp = fopen (fname, "rb");
   if (mode == 1 && !fp && errno == ENOENT)
-    { 
+    {
       /* Insert mode but file does not exist:
          Create a new keybox file. */
       newfp = fopen (fname, "wb");
@@ -268,10 +268,10 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
       fclose(fp);
       goto leave;
     }
-  
+
   /* prepare for insert */
   if (mode == 1)
-    { 
+    {
       /* Copy everything to the new file. */
       while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
         {
@@ -287,12 +287,12 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
           goto leave;
         }
     }
-  
+
   /* Prepare for delete or update. */
-  if ( mode == 2 || mode == 3 ) 
-    { 
+  if ( mode == 2 || mode == 3 )
+    {
       off_t current = 0;
-      
+
       /* Copy first part to the new file. */
       while ( current < start_offset )
         {
@@ -303,7 +303,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
           if (!nread)
             break;
           current += nread;
-          
+
           if (fwrite (buffer, nread, 1, newfp) != 1)
             {
               rc = gpg_error_from_syserror ();
@@ -315,24 +315,24 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
           rc = gpg_error_from_syserror ();
           goto leave;
         }
-      
+
       /* Skip this blob. */
       rc = _keybox_read_blob (NULL, fp);
       if (rc)
         return rc;
     }
-  
+
   /* Do an insert or update. */
   if ( mode == 1 || mode == 3 )
-    { 
+    {
       rc = _keybox_write_blob (blob, newfp);
       if (rc)
           return rc;
     }
-  
+
   /* Copy the rest of the packet for an delete or update. */
   if (mode == 2 || mode == 3)
-    { 
+    {
       while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
         {
           if (fwrite (buffer, nread, 1, newfp) != 1)
@@ -347,7 +347,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
           goto leave;
         }
     }
-    
+
   /* Close both files. */
   if (fclose(fp))
     {
@@ -371,7 +371,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
 
 
 
-#ifdef KEYBOX_WITH_X509 
+#ifdef KEYBOX_WITH_X509
 int
 keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
                     unsigned char *sha1_digest)
@@ -381,12 +381,12 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
   KEYBOXBLOB blob;
 
   if (!hd)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
   if (!hd->kb)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
   fname = hd->kb->fname;
   if (!fname)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
 
   /* Close this one otherwise we will mess up the position for a next
      search.  Fixme: it would be better to adjust the position after
@@ -440,12 +440,12 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
   if (!hd->found.blob)
     return gpg_error (GPG_ERR_NOTHING_FOUND);
   if (!hd->kb)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
   if (!hd->found.blob)
     return gpg_error (GPG_ERR_NOTHING_FOUND);
   fname = hd->kb->fname;
   if (!fname)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
 
   off = _keybox_get_blob_fileoffset (hd->found.blob);
   if (off == (off_t)-1)
@@ -455,7 +455,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
   ec = _keybox_get_flag_location (buffer, length, what, &flag_pos, &flag_size);
   if (ec)
     return gpg_error (ec);
-  
+
   off += flag_pos;
 
   _keybox_close_file (hd);
@@ -477,7 +477,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
 
       switch (flag_size)
         {
-        case 1: 
+        case 1:
         case 2:
         case 4:
           if (fwrite (tmp+4-flag_size, flag_size, 1, fp) != 1)
@@ -513,10 +513,10 @@ keybox_delete (KEYBOX_HANDLE hd)
   if (!hd->found.blob)
     return gpg_error (GPG_ERR_NOTHING_FOUND);
   if (!hd->kb)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
   fname = hd->kb->fname;
   if (!fname)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
 
   off = _keybox_get_blob_fileoffset (hd->found.blob);
   if (off == (off_t)-1)
@@ -562,18 +562,18 @@ keybox_compress (KEYBOX_HANDLE hd)
   int skipped_deleted;
 
   if (!hd)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
   if (!hd->kb)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
   if (hd->secret)
     return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
   fname = hd->kb->fname;
   if (!fname)
-    return gpg_error (GPG_ERR_INV_HANDLE); 
+    return gpg_error (GPG_ERR_INV_HANDLE);
 
   _keybox_close_file (hd);
 
-  /* Open the source file. Because we do a rename, we have to check the 
+  /* Open the source file. Because we do a rename, we have to check the
      permissions of the file */
   if (access (fname, W_OK))
     return gpg_error_from_syserror ();
@@ -599,7 +599,7 @@ keybox_compress (KEYBOX_HANDLE hd)
         {
           u32 last_maint = ((buffer[20] << 24) | (buffer[20+1] << 16)
                             | (buffer[20+2] << 8) | (buffer[20+3]));
-          
+
           if ( (last_maint + 3*3600) > time (NULL) )
             {
               fclose (fp);
@@ -620,7 +620,7 @@ keybox_compress (KEYBOX_HANDLE hd)
       return rc;;
     }
 
-  
+
   /* Processing loop.  By reading using _keybox_read_blob we
      automagically skip any blobs flagged as deleted.  Thus what we
      only have to do is to check all ephemeral flagged blocks whether
@@ -665,7 +665,7 @@ keybox_compress (KEYBOX_HANDLE hd)
           continue;
         }
 
-      if (_keybox_get_flag_location (buffer, length, 
+      if (_keybox_get_flag_location (buffer, length,
                                      KEYBOX_FLAG_BLOB, &pos, &size)
           || size != 2)
         {
@@ -676,7 +676,7 @@ keybox_compress (KEYBOX_HANDLE hd)
       if ((blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL))
         {
           /* This is an ephemeral blob. */
-          if (_keybox_get_flag_location (buffer, length, 
+          if (_keybox_get_flag_location (buffer, length,
                                          KEYBOX_FLAG_CREATED_AT, &pos, &size)
               || size != 4)
             created_at = 0; /* oops. */
@@ -719,4 +719,3 @@ keybox_compress (KEYBOX_HANDLE hd)
   xfree(tmpfname);
   return rc;
 }
-
diff --git a/kbx/keybox-util.c b/kbx/keybox-util.c
index 84de504c4..9fe9290ac 100644
--- a/kbx/keybox-util.c
+++ b/kbx/keybox-util.c
@@ -1,4 +1,4 @@
-/* keybox-util.c - Utility functions for Keybox 
+/* keybox-util.c - Utility functions for Keybox
  *	Copyright (C) 2001 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -68,4 +68,3 @@ _keybox_free (void *p)
   if (p)
     free_func (p);
 }
-
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 43306947f..52bbe21be 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -20,7 +20,7 @@
 #ifndef KEYBOX_H
 #define KEYBOX_H 1
 #ifdef __cplusplus
-extern "C" { 
+extern "C" {
 #if 0
  }
 #endif
@@ -28,7 +28,7 @@ extern "C" {
 
 #include "keybox-search-desc.h"
 
-#define KEYBOX_WITH_OPENPGP 1 
+#define KEYBOX_WITH_OPENPGP 1
 #define KEYBOX_WITH_X509 1
 
 
@@ -73,7 +73,7 @@ int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
 
 
 /*-- keybox-search.c --*/
-#ifdef KEYBOX_WITH_X509 
+#ifdef KEYBOX_WITH_X509
 int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
 #endif /*KEYBOX_WITH_X509*/
 int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value);
@@ -83,7 +83,7 @@ int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc);
 
 
 /*-- keybox-update.c --*/
-#ifdef KEYBOX_WITH_X509 
+#ifdef KEYBOX_WITH_X509
 int keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
                         unsigned char *sha1_digest);
 int keybox_update_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
diff --git a/kbx/mkerrors b/kbx/mkerrors
index cd49d4d69..629485ae0 100755
--- a/kbx/mkerrors
+++ b/kbx/mkerrors
@@ -27,12 +27,12 @@ cat <
@@ -407,22 +407,22 @@
 	* ccid-driver.c (ccid_get_atr): Move debug output to ..
 	(print_r2p_parameters): .. new.
 	(print_r2p_header, print_pr_data, print_r2p_unknown)
-	(print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape) 
+	(print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape)
 	(print_r2p_datarate): New.
 	(bulk_in): Call parameter printing.
 	(ccid_set_debug_level): Add debug level 3.
 	(convert_le_u16): New.
-	(print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff) 
-	(print_p2r_getslotstatus, print_p2r_xfrblock) 
-	(print_p2r_getparameters, print_p2r_resetparameters) 
-	(print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock) 
-	(print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical) 
+	(print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff)
+	(print_p2r_getslotstatus, print_p2r_xfrblock)
+	(print_p2r_getparameters, print_p2r_resetparameters)
+	(print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock)
+	(print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical)
 	(print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New.
 	(bulk_out): Add arg NO_DEBUG and change all callers to pass 0.
 	Call parameter printing.
 	(ccid_slot_status): Call with NO_DEBUG set.
-	(abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr) 
-	(ccid_transceive_apdu_level, ccid_transceive) 
+	(abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr)
+	(ccid_transceive_apdu_level, ccid_transceive)
 	(ccid_transceive_secure): Remove old debug print code.
 
 2009-02-12  Werner Koch  
@@ -473,7 +473,7 @@
 
 2008-12-18  Werner Koch  
 
-	* ccid-driver.c (abort_cmd): New. 
+	* ccid-driver.c (abort_cmd): New.
 	(bulk_in): Call abort_cmd after severe errors.
 
 	* apdu.c (reader_table_s): Add field ANY_STATUS.
@@ -520,7 +520,7 @@
 	(update_reader_status_file): Disconnect if allowed.
 
 	* app-common.h (app_ctx_s): Remove INITIALIZED.  Make REF_COUNT
-	unsigned. 
+	unsigned.
 	* app.c (select_application): Remove INITIALIZED.
 	(app_write_learn_status, app_readcert, app_readkey, app_getattr)
 	(app_setattr, app_sign, app_decipher, app_writecert)
@@ -537,7 +537,7 @@
 	* app.c (app_get_serial_and_stamp): Use bin2hex.
 	* app-help.c (app_help_get_keygrip_string): Ditto.
 	* app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto.
-	* app-openpgp.c (send_fpr_if_not_null, send_key_data) 
+	* app-openpgp.c (send_fpr_if_not_null, send_key_data)
 	(retrieve_fpr_from_card, send_keypair_info): Ditto.
 	* app-nks.c (keygripstr_from_pk_file): Ditto.
 	* command.c (cmd_apdu): Ditto.
@@ -644,7 +644,7 @@
 	(do_change_pin): Do not change CHV2. Add reset code logic for v2
 	cards.
 	* iso7816.c (iso7816_reset_retry_counter_with_rc): New.
-	
+
 	* app-openpgp.c (add_tlv, build_privkey_template): New.
 	(do_writekey): Support v2 keys and other key lengths than 1024.
 	* iso7816.c (iso7816_put_data_odd): New.
@@ -762,7 +762,7 @@
 
 	* scdaemon.c (main): Pass STANDARD_SOCKET flag to
 	create_server_socket.
-	
+
 2007-11-13  Werner Koch  
 
 	* scdaemon.c (start_connection_thread): Do not call
@@ -1003,7 +1003,7 @@
 
 2006-09-06  Werner Koch  
 
-	* apdu.c (pcsc_end_transaction): 
+	* apdu.c (pcsc_end_transaction):
 	* pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration.
 	Reported by Bob Dunlop.
 
@@ -1012,7 +1012,7 @@
 
 	Replaced all Assuan error codes by libgpg-error codes.  Removed
 	all map_to_assuan_status and map_assuan_err.
-	
+
 	* scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan
 	switch to gpg-error codes.
 	* command.c (set_error): Adjusted.
@@ -1091,7 +1091,7 @@
 
 2006-02-09  Werner Koch  
 
-	* command.c (get_reader_slot, do_reset) 
+	* command.c (get_reader_slot, do_reset)
 	(scd_update_reader_status_file): Rewrote.
 
 	* app.c (release_application): Factored code out to ..
@@ -1156,12 +1156,12 @@
 	* iso7816.h (struct iso7816_pininfo_s): New.
 	* iso7816.c (map_sw): Support new code.
 	(iso7816_check_keypad): New.
-	(iso7816_verify_kp, iso7816_change_reference_data_kp) 
+	(iso7816_verify_kp, iso7816_change_reference_data_kp)
 	(iso7816_reset_retry_counter_kp): New.  Extended versions of the
 	original functions.
-	* apdu.c (host_sw_string): Support new code. 
+	* apdu.c (host_sw_string): Support new code.
 	(reader_table_s): New field CHECK_KEYPAD.
-	(new_reader_slot, open_ct_reader, open_pcsc_reader) 
+	(new_reader_slot, open_ct_reader, open_pcsc_reader)
 	(open_ccid_reader, open_rapdu_reader): Initialize it.
 	(check_ccid_keypad): New.
 	(apdu_check_keypad): New.
@@ -1170,7 +1170,7 @@
 	of the orginal function to use this one with a NULL for the new
 	arg.
 	(apdu_send_simple_kp): New.
-	(ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) 
+	(ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu)
 	(send_apdu_ccid): New arg PININFO.
 	(send_apdu_ccid): Use the new arg.
 
@@ -1226,7 +1226,7 @@
 	* iso7816.c (iso7816_read_binary): Use Le=0 when reading all
 	data.  Handle 6C00 error and take 6B00 as indication for EOF.
 	* apdu.h (SW_EXACT_LENGTH_P): New.
-	* apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) 
+	* apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status)
 	(open_pcsc_reader): Set new reader state IS_T0.
 	(apdu_send_le): When doing T=0 make sure not to send Lc and Le.
 	Problem reported by Carl Meijer.
@@ -1253,7 +1253,7 @@
 
 2005-06-06  Werner Koch  
 
-	* scdaemon.c (main): New option --debug-allow-core-dump. 
+	* scdaemon.c (main): New option --debug-allow-core-dump.
 
 2005-06-03  Werner Koch  
 
@@ -1399,9 +1399,9 @@
 	variant.
 	* app-openpgp.c (get_one_do, dump_all_do): Ditto.
 
-	
+
 	Removal of the old OpenSC based code.
-	
+
 	* app-p15.c: New.  Basic support for pkcs15 cards without OpenSC.
 	There are quite a couple of things missing but at least I can use
 	my old TCOS cards from the Aegypten-1 development for signing.
@@ -1409,7 +1409,7 @@
 	* Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h
 	and card-p15.c because they are now obsolete. Added app-p15.c.
 	Removed all OpenSC stuff.
-	* command.c (do_reset, open_card, cmd_serialno, cmd_learn) 
+	* command.c (do_reset, open_card, cmd_serialno, cmd_learn)
 	(cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed
 	all special cases for the old card.c based mechanisms.
 	* scdaemon.c, apdu.c: Removed all special cases for OpenSC.
@@ -1430,7 +1430,7 @@
 2005-04-12  Werner Koch  
 
 	Basic support for several sessions.
-	
+
 	* command.c (scd_command_handler): Replace the primary_connection
 	stuff by a real connection list.  Release the local context on
 	exit.
@@ -1438,7 +1438,7 @@
 	to all connections who registered an event signal.
 	(cmd_lock, cmd_unlock, register_commands): New commands LOCK and
 	UNLOCK.
-	(cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr) 
+	(cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr)
 	(cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader
 	is locked.
 	(do_reset): Handle locking.
@@ -1508,7 +1508,7 @@
 
 	* apdu.c: Added some PCSC error codes.
 	(pcsc_error_to_sw): New.
-	(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) 
+	(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
 	(open_pcsc_reader): Do proper error code mapping.
 
 2005-03-16  Werner Koch  
@@ -1589,7 +1589,7 @@
 	* apdu.c [W32]: Disable use of pcsc_wrapper.
 
 	* Makefile.am (scdaemon_LDADD): Reorder libs.
-	(sc_copykeys_LDADD): Add libassuan because it is needed for W32. 
+	(sc_copykeys_LDADD): Add libassuan because it is needed for W32.
 
 2004-12-06  Werner Koch  
 
@@ -1606,17 +1606,17 @@
 	This avoids problems with missing vasprintf implementations in
 	gnupg 1.4.
 
-	* app-common.h (app_openpgp_storekey: Add prototype. 
+	* app-common.h (app_openpgp_storekey: Add prototype.
 
 2004-10-20  Werner Koch  
 
 	* sc-investigate: Removed.
 	* Makefile.am (sc_investigate): Removed.
-	
+
 	* pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func.
 	(handle_open): Succeed even without a present card.
 	(handle_status, handle_reset): New.
-	
+
 	* apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion.
 	(pcsc_get_status): Implemented.
 	(reset_pcsc_reader): Implemented.
@@ -1631,7 +1631,7 @@
 
 2004-10-14  Werner Koch  
 
-	* app-openpgp.c (parse_login_data): New. 
+	* app-openpgp.c (parse_login_data): New.
 	(app_select_openpgp): Call it.
 	(do_setattr): Reparse it after change.
 
@@ -1658,7 +1658,7 @@
 
 	* app-openpgp.c: Made all strings translatable.
 	(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
-	available for use in gnupg 2. 
+	available for use in gnupg 2.
 	(verify_chv3): Reimplemented countdown showing to use only
 	functions from this module.  Flush the CVH status cache on a
 	successful read.
@@ -1669,7 +1669,7 @@
 	(get_cached_data): Move local data initialization to ..
 	(app_select_openpgp): .. here. Read some flags for later use.
 	(do_getattr): New read-only attribute EXTCAP.
-	
+
 	* apdu.c (open_pcsc_reader): Do not print empty reader string.
 
 	* ccid-driver.c (do_close_reader): Factored some code out from ...
@@ -1754,21 +1754,21 @@
 	* Makefile.am: Make OpenSC lib link after libgcrypt. Do not link
 	to pth.
 	* apdu.c: Don't use Pth if we use OpenSC.
-	* sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used. 
+	* sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used.
 
 	* scdaemon.c (main): Bumbed thread stack size up to 512k.
 
 2004-07-16  Werner Koch  
 
 	* apdu.c (reader_table_s):  Add function pointers for the backends.
-	(apdu_close_reader, apdu_get_status, apdu_activate) 
+	(apdu_close_reader, apdu_get_status, apdu_activate)
 	(send_apdu): Make use of them.
 	(new_reader_slot): Intialize them to NULL.
 	(dump_ccid_reader_status, ct_dump_reader_status): New.
 	(dump_pcsc_reader_status): New.
-	(open_ct_reader, open_pcsc_reader, open_ccid_reader) 
+	(open_ct_reader, open_pcsc_reader, open_ccid_reader)
 	(open_osc_reader, open_rapdu_reader): Intialize function pointers.
-	(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) 
+	(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
 	(error_string): Removed.  Replaced by apdu_strerror.
 	(get_ccid_error_string): Removed.
 	(ct_activate_card): Remove the unused loop.
@@ -1899,7 +1899,7 @@
 	* apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED,
 	SW_HOST_LOCKING_FAILED and SW_HOST_BUSY.
 	* iso7816.c (map_sw): Map it.
-	
+
 	* ccid-driver.c (ccid_slot_status): Add arg STATUSBITS.
 	* apdu.c (apdu_get_status): New.
 	(ct_get_status, pcsc_get_status, ocsc_get_status): New stubs.
@@ -1908,7 +1908,7 @@
 	(reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs.
 	(reset_ccid_reader): New.
 	(apdu_enum_reader): New.
-	
+
 	* apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers.
 	(new_reader_slot) [USE_GNU_PTH]: Init mutex.
 	(apdu_reset, apdu_get_status, apdu_send_le): Run functions
@@ -2001,7 +2001,7 @@
 	(cmd_serialno): Allow optional argument to select the desired
 	application.
 
-	* app-nks.c: New. 
+	* app-nks.c: New.
 
 	* scdaemon.h (opt): Add READER_PORT.
 	* scdaemon.c (main): Set it here.
@@ -2172,12 +2172,12 @@
 	* ccid-driver.c, ccid-driver.h: New but far from being useful.
 	* Makefile.am: Add above.
 	* apdu.c: Add support for that ccid driver.
-	
+
 2003-08-26  Timo Schulz  
 
 	* apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC
 	is used.
-	
+
 2003-08-25  Werner Koch  
 
 	* command.c (cmd_setattr): Use a copy of LINE.
@@ -2193,7 +2193,7 @@
 
 2003-08-18  Werner Koch  
 
-	* Makefile.am: Add OPENSC_LIBS to all programs. 
+	* Makefile.am: Add OPENSC_LIBS to all programs.
 
 	* scdaemon.c, scdaemon.h: New option --disable-opensc.
 	* card.c (card_open): Implement it.
@@ -2233,7 +2233,7 @@
 
 	* scdaemon.c, scdaemon.h: New option --ctapi-driver.
 	* sc-investigate.c, sc-copykeys.c: Ditto.
-	
+
 2003-07-31  Werner Koch  
 
 	* Makefile.am (scdaemon_LDADD): Added INTLLIBS.
@@ -2309,7 +2309,7 @@
 
 	* app-openpgp.c (get_sig_counter): New.
 	(do_sign): Print the signature counter and enable the PIN callback.
-	(do_genkey): Implement the PIN callback. 
+	(do_genkey): Implement the PIN callback.
 
 2003-07-01  Werner Koch  
 
@@ -2380,7 +2380,7 @@
 	* apdu.c, apdu.h: New
 
 	* card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC.
-	
+
 	* Makefile.am (LDFLAGS): Removed.
 
 	* command.c (register_commands): Adjusted for new Assuan semantics.
@@ -2413,7 +2413,7 @@
 2002-07-30  Werner Koch  
 
         Changes to cope with OpenSC 0.7.0:
-	
+
 	* card.c: Removed the check for the packed opensc version.
 	Changed include file names of opensc.
 	(map_sc_err): Adjusted error codes for new opensc version.
@@ -2421,7 +2421,7 @@
 	* card-dinsig.c: Ditto.
 
 	* card-p15.c (p15_decipher): Add flags argument to OpenSC call.
-	
+
 2002-07-24  Werner Koch  
 
 	* card.c (find_simple_tlv, find_iccsn): New.
@@ -2467,7 +2467,7 @@
 	* scdaemon.c scdaemon.h, command.c: New. Based on the code from
 	the gpg-agent.
 
-	
+
  Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
 
  This file is free software; as a special exception the author gives
diff --git a/scd/Makefile.am b/scd/Makefile.am
index 923ebfee0..9153a4403 100644
--- a/scd/Makefile.am
+++ b/scd/Makefile.am
@@ -6,18 +6,18 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
 ## Process this file with automake to produce Makefile.in
 
-bin_PROGRAMS = scdaemon 
+bin_PROGRAMS = scdaemon
 if ! HAVE_W32_SYSTEM
 libexec_PROGRAMS = gnupg-pcsc-wrapper
 endif
@@ -66,4 +66,4 @@ scdaemon_LDADD = $(libcommonpth) ../gl/libgnu.a \
 #
 gnupg_pcsc_wrapper_SOURCES = pcsc-wrapper.c
 gnupg_pcsc_wrapper_LDADD = $(DL_LIBS)
-gnupg_pcsc_wrapper_CFLAGS = 
+gnupg_pcsc_wrapper_CFLAGS =
diff --git a/scd/apdu.c b/scd/apdu.c
index dcb0e23bb..8080b42a1 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -361,7 +361,7 @@ new_reader_slot (void)
   reader_table[reader].dump_status_reader = NULL;
   reader_table[reader].set_progress_cb = NULL;
 
-  reader_table[reader].used = 1;  
+  reader_table[reader].used = 1;
   reader_table[reader].any_status = 0;
   reader_table[reader].last_status = 0;
   reader_table[reader].is_t0 = 1;
@@ -412,8 +412,8 @@ host_sw_string (long err)
     case SW_HOST_GENERAL_ERROR: return "general error";
     case SW_HOST_NO_READER: return "no reader";
     case SW_HOST_ABORTED: return "aborted";
-    case SW_HOST_NO_KEYPAD: return "no keypad"; 
-    case SW_HOST_ALREADY_CONNECTED: return "already connected"; 
+    case SW_HOST_NO_KEYPAD: return "no keypad";
+    case SW_HOST_ALREADY_CONNECTED: return "already connected";
     default: return "unknown host status error";
     }
 }
@@ -789,7 +789,7 @@ pcsc_error_to_sw (long ec)
 
     case PCSC_E_INVALID_TARGET:
     case PCSC_E_INVALID_VALUE:
-    case PCSC_E_INVALID_HANDLE: 
+    case PCSC_E_INVALID_HANDLE:
     case PCSC_E_INVALID_PARAMETER:
     case PCSC_E_INSUFFICIENT_BUFFER: rc = SW_HOST_INV_VALUE; break;
 
@@ -1003,7 +1003,7 @@ pcsc_get_status (int slot, unsigned int *status)
 #ifndef NEED_PCSC_WRAPPER
 static int
 pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen,
-                       unsigned char *buffer, size_t *buflen, 
+                       unsigned char *buffer, size_t *buflen,
                        struct pininfo_s *pininfo)
 {
   long err;
@@ -1039,7 +1039,7 @@ pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen,
 #ifdef NEED_PCSC_WRAPPER
 static int
 pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen,
-                        unsigned char *buffer, size_t *buflen, 
+                        unsigned char *buffer, size_t *buflen,
                         struct pininfo_s *pininfo)
 {
   long err;
@@ -1158,7 +1158,7 @@ pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen,
    BUFLEN.  Returns: A status word. */
 static int
 pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
-                unsigned char *buffer, size_t *buflen, 
+                unsigned char *buffer, size_t *buflen,
                 struct pininfo_s *pininfo)
 {
 #ifdef NEED_PCSC_WRAPPER
@@ -1287,7 +1287,7 @@ connect_pcsc_card (int slot)
   if (err)
     {
       reader_table[slot].pcsc.card = 0;
-      if (err != PCSC_E_NO_SMARTCARD) 
+      if (err != PCSC_E_NO_SMARTCARD)
         log_error ("pcsc_connect failed: %s (0x%lx)\n",
                    pcsc_error_string (err), err);
     }
@@ -1337,7 +1337,7 @@ disconnect_pcsc_card (int slot)
   assert (slot >= 0 && slot < MAX_READER);
 
   if (!reader_table[slot].pcsc.card)
-    return 0; 
+    return 0;
 
   err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD);
   if (err)
@@ -2635,7 +2635,7 @@ apdu_connect (int slot)
     }
   else
     sw = 0;
-  
+
   /* We need to call apdu_get_status_internal, so that the last-status
      machinery gets setup properly even if a card is inserted while
      scdaemon is fired up and apdu_get_status has not yet been called.
@@ -2893,7 +2893,7 @@ send_apdu (int slot, unsigned char *apdu, size_t apdulen,
   if (reader_table[slot].send_apdu_reader)
     return reader_table[slot].send_apdu_reader (slot,
                                                 apdu, apdulen,
-                                                buffer, buflen, 
+                                                buffer, buflen,
                                                 pininfo);
   else
     return SW_HOST_NOT_SUPPORTED;
@@ -2921,7 +2921,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
 {
 #define SHORT_RESULT_BUFFER_SIZE 258
   /* We allocate 8 extra bytes as a safety margin towards a driver bug.  */
-  unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10]; 
+  unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
   unsigned char *result_buffer = NULL;
   size_t result_buffer_size;
   unsigned char *result;
@@ -2959,16 +2959,16 @@ send_le (int slot, int class, int ins, int p0, int p1,
           if (lc > 16384)
             return SW_WRONG_LENGTH;   /* Sanity check.  */
           if ((class&0xf0) != 0)
-            return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0.  */ 
-          use_chaining = extended_mode == -1? 255 : -extended_mode;  
+            return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0.  */
+          use_chaining = extended_mode == -1? 255 : -extended_mode;
           use_chaining &= 0xff;
         }
-      else 
+      else
         return SW_HOST_INV_VALUE;
     }
   else if (lc == -1 && extended_mode > 0)
     use_extended_length = 1;
-    
+
   if (le != -1 && (le > (extended_mode > 0? 255:256) || le < 0))
     {
       /* Expected Data does not fit into an APDU.  What we do now
@@ -2981,7 +2981,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
         ; /* We are already using extended length.  */
       else if (extended_mode > 0)
         use_extended_length = 1;
-      else 
+      else
         return SW_HOST_INV_VALUE;
     }
 
@@ -3052,8 +3052,8 @@ send_le (int slot, int class, int ins, int p0, int p1,
             }
           if (le != -1)
             {
-              apdu[apdulen++] = ((le >> 8) & 0xff); 
-              apdu[apdulen++] = (le & 0xff); 
+              apdu[apdulen++] = ((le >> 8) & 0xff);
+              apdu[apdulen++] = (le & 0xff);
             }
         }
       else
@@ -3107,7 +3107,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
           return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
         }
       sw = (result[resultlen-2] << 8) | result[resultlen-1];
-      if (!use_extended_length 
+      if (!use_extended_length
           && !did_exact_length_hack && SW_EXACT_LENGTH_P (sw))
         {
           apdu[apdulen-1] = (sw & 0x00ff);
@@ -3123,7 +3123,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
       apdu_buffer = NULL;
       apdu_buffer_size = 0;
     }
-  
+
   /* Store away the returned data but strip the statusword. */
   resultlen -= 2;
   if (DBG_CARD_IO)
@@ -3266,7 +3266,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
    that data will be put into *RETBUFLEN.  The caller is reponsible
    for releasing the buffer even in case of errors.  */
 int
-apdu_send_le(int slot, int extended_mode, 
+apdu_send_le(int slot, int extended_mode,
              int class, int ins, int p0, int p1,
              int lc, const char *data, int le,
              unsigned char **retbuf, size_t *retbuflen)
@@ -3309,7 +3309,7 @@ apdu_send_simple (int slot, int extended_mode,
                   int class, int ins, int p0, int p1,
                   int lc, const char *data)
 {
-  return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL, 
+  return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL,
                   extended_mode);
 }
 
@@ -3317,7 +3317,7 @@ apdu_send_simple (int slot, int extended_mode,
 /* Same as apdu_send_simple but uses the keypad of the reader. */
 int
 apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1,
-                     int lc, const char *data,  
+                     int lc, const char *data,
                      int pin_mode,
                      int pinlen_min, int pinlen_max, int pin_padlen)
 {
@@ -3349,7 +3349,7 @@ apdu_send_direct (int slot, size_t extended_length,
                   unsigned char **retbuf, size_t *retbuflen)
 {
 #define SHORT_RESULT_BUFFER_SIZE 258
-  unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10]; 
+  unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
   unsigned char *result_buffer = NULL;
   size_t result_buffer_size;
   unsigned char *result;
diff --git a/scd/apdu.h b/scd/apdu.h
index d79f8b48f..7c0188782 100644
--- a/scd/apdu.h
+++ b/scd/apdu.h
@@ -118,13 +118,13 @@ int apdu_send_simple (int slot, int extended_mode,
                       int class, int ins, int p0, int p1,
                       int lc, const char *data);
 int apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1,
-                         int lc, const char *data,  
+                         int lc, const char *data,
                          int pin_mode,
                          int pinlen_min, int pinlen_max, int pin_padlen);
-int apdu_send (int slot, int extended_mode, 
+int apdu_send (int slot, int extended_mode,
                int class, int ins, int p0, int p1, int lc, const char *data,
                unsigned char **retbuf, size_t *retbuflen);
-int apdu_send_le (int slot, int extended_mode, 
+int apdu_send_le (int slot, int extended_mode,
                   int class, int ins, int p0, int p1,
                   int lc, const char *data, int le,
                   unsigned char **retbuf, size_t *retbuflen);
@@ -135,6 +135,3 @@ int apdu_send_direct (int slot, size_t extended_length,
 
 
 #endif /*APDU_H*/
-
-
-
diff --git a/scd/app-common.h b/scd/app-common.h
index 4b2e13e3a..6a1e2a763 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -25,7 +25,7 @@
 #if GNUPG_MAJOR_VERSION == 1
 # ifdef ENABLE_AGENT_SUPPORT
 # include "assuan.h"
-# endif 
+# endif
 #else
 # include 
 #endif
@@ -47,10 +47,10 @@ struct app_ctx_s {
   /* Flag indicating that a reset has been done for that application
      and that this context is merely lingering and just should not be
      reused.  */
-  int no_reuse;            
+  int no_reuse;
 
   /* Used reader slot. */
-  int slot;     
+  int slot;
 
   /* If this is used by GnuPG 1.4 we need to know the assuan context
      in case we need to divert the operation to an already running
@@ -150,7 +150,7 @@ char *get_supported_applications (void);
 void release_application (app_t app);
 gpg_error_t app_munge_serialno (app_t app);
 gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
-gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl, 
+gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl,
                                     unsigned int flags);
 gpg_error_t app_readcert (app_t app, const char *certid,
                   unsigned char **cert, size_t *certlen);
@@ -223,6 +223,3 @@ gpg_error_t app_select_geldkarte (app_t app);
 
 
 #endif /*GNUPG_SCD_APP_COMMON_H*/
-
-
-
diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c
index 46e9a6a9b..30beb8efb 100644
--- a/scd/app-dinsig.c
+++ b/scd/app-dinsig.c
@@ -22,7 +22,7 @@
    used with an interface specification described in DIN V 66291-1.
    The AID to be used is: 'D27600006601'.
 
-   The file IDs for certificates utilize the generic format: 
+   The file IDs for certificates utilize the generic format:
         Cxyz
     C being the hex digit 'C' (12).
     x being the service indicator:
@@ -41,13 +41,13 @@
          '8' .. 'D' := C.CA (certificate of a CA issue by the Root-CA).
          'E'        := C.RCA (self certified certificate of the Root-CA).
          'F'        := reserved.
-   
+
    The file IDs used by default are:
    '1F00'  EF.SSD (security service descriptor). [o,o]
    '2F02'  EF.GDO (global data objects) [m,m]
    'A000'  EF.PROT (signature log).  Cyclic file with 20 records of 53 byte.
            Read and update after user authentication. [o,o]
-   'B000'  EF.PK.RCA.DS (public keys of Root-CA).  Size is 512b or size 
+   'B000'  EF.PK.RCA.DS (public keys of Root-CA).  Size is 512b or size
            of keys. [m (unless a 'C00E' is present),m]
    'B001'  EF.PK.CA.DS (public keys of CAs).  Size is 512b or size
            of keys. [o,o]
@@ -55,12 +55,12 @@
            with n := 0 .. 7.  Size is 2k or size of cert.  Read and
            update allowed after user authentication. [m,m]
    'C00m'  EF.C.CA.DS (digital signature certificate of CA)
-           with m := 8 .. E.  Size is 1k or size of cert.  Read always 
+           with m := 8 .. E.  Size is 1k or size of cert.  Read always
            allowed, update after user authentication. [o,o]
    'C100'  EF.C.ICC.AUT (AUT certificate of ICC) [o,m]
    'C108'  EF.C.CA.AUT (AUT certificate of CA) [o,m]
    'D000'  EF.DM (display message) [-,m]
-   
+
    The letters in brackets indicate optional or mandatory files: The
    first for card terminals under full control and the second for
    "business" card terminals.
@@ -101,15 +101,15 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 
   /* Return the certificate of the card holder. */
   fid = 0xC000;
-  len = app_help_read_length_of_cert (app->slot, fid, &certoff); 
+  len = app_help_read_length_of_cert (app->slot, fid, &certoff);
   if (!len)
     return 0; /* Card has not been personalized. */
 
   sprintf (ct_buf, "%d", 101);
   sprintf (id_buf, "DINSIG.%04X", fid);
   send_status_info (ctrl, "CERTINFO",
-                    ct_buf, strlen (ct_buf), 
-                    id_buf, strlen (id_buf), 
+                    ct_buf, strlen (ct_buf),
+                    id_buf, strlen (id_buf),
                     NULL, (size_t)0);
 
   /* Now we need to read the certificate, so that we can get the
@@ -128,7 +128,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
       xfree (der);
       return err;
     }
-  err = ksba_cert_init_from_mem (cert, der, derlen); 
+  err = ksba_cert_init_from_mem (cert, der, derlen);
   xfree (der); der = NULL;
   if (err)
     {
@@ -143,13 +143,13 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
       log_error ("failed to calculate the keygrip for FID 0x%04X\n", fid);
       ksba_cert_release (cert);
       return gpg_error (GPG_ERR_CARD);
-    }      
+    }
   ksba_cert_release (cert);
 
   sprintf (id_buf, "DINSIG.%04X", fid);
   send_status_info (ctrl, "KEYPAIRINFO",
-                    hexkeygrip, 40, 
-                    id_buf, strlen (id_buf), 
+                    hexkeygrip, 40,
+                    id_buf, strlen (id_buf),
                     NULL, (size_t)0);
   return 0;
 }
@@ -160,7 +160,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 /* Read the certificate with id CERTID (as returned by learn_status in
    the CERTINFO status lines) and return it in the freshly allocated
    buffer put into CERT and the length of the certificate put into
-   CERTLEN. 
+   CERTLEN.
 
    FIXME: This needs some cleanups and caching with do_learn_status.
 */
@@ -179,11 +179,11 @@ do_readcert (app_t app, const char *certid,
 
   *cert = NULL;
   *certlen = 0;
-  if (strncmp (certid, "DINSIG.", 7) ) 
+  if (strncmp (certid, "DINSIG.", 7) )
     return gpg_error (GPG_ERR_INV_ID);
   certid += 7;
   if (!hexdigitp (certid) || !hexdigitp (certid+1)
-      || !hexdigitp (certid+2) || !hexdigitp (certid+3) 
+      || !hexdigitp (certid+2) || !hexdigitp (certid+3)
       || certid[4])
     return gpg_error (GPG_ERR_INV_ID);
   fid = xtoi_4 (certid);
@@ -207,7 +207,7 @@ do_readcert (app_t app, const char *certid,
                  fid, gpg_strerror (err));
       return err;
     }
-  
+
   if (!buflen || *buffer == 0xff)
     {
       log_info ("no certificate contained in FID 0x%04X\n", fid);
@@ -235,13 +235,13 @@ do_readcert (app_t app, const char *certid,
                           &ndef, &objlen, &hdrlen);
   if (err)
     goto leave;
-  
+
   if (rootca)
     ;
   else if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
     {
       const unsigned char *save_p;
-  
+
       /* The certificate seems to be contained in a userCertificate
          container.  Skip this and assume the following sequence is
          the certificate. */
@@ -255,7 +255,7 @@ do_readcert (app_t app, const char *certid,
       save_p = p;
       err = parse_ber_header (&p, &n, &class, &tag, &constructed,
                               &ndef, &objlen, &hdrlen);
-      if (err) 
+      if (err)
         goto leave;
       if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
         return gpg_error (GPG_ERR_INV_OBJ);
@@ -263,7 +263,7 @@ do_readcert (app_t app, const char *certid,
       assert (save_p + totobjlen <= buffer + buflen);
       memmove (buffer, save_p, totobjlen);
     }
-  
+
   *cert = buffer;
   buffer = NULL;
   *certlen = totobjlen;
@@ -284,7 +284,7 @@ verify_pin (app_t app,
   int rc;
   iso7816_pininfo_t pininfo;
 
-  if ( app->did_chv1 && !app->force_chv1 ) 
+  if ( app->did_chv1 && !app->force_chv1 )
     return 0;  /* No need to verify it again.  */
 
   memset (&pininfo, 0, sizeof pininfo);
@@ -304,7 +304,7 @@ verify_pin (app_t app,
                     gpg_strerror (rc));
           return rc;
         }
-      rc = iso7816_verify_kp (app->slot, 0x81, "", 0, &pininfo); 
+      rc = iso7816_verify_kp (app->slot, 0x81, "", 0, &pininfo);
       /* Dismiss the prompt. */
       pincb (pincb_arg, NULL, NULL);
     }
@@ -355,7 +355,7 @@ verify_pin (app_t app,
              this. */
           char paddedpin[8];
           int i, ndigits;
-          
+
           for (ndigits=0, s=pinvalue; *s; ndigits++, s++)
             ;
           i = 0;
@@ -386,7 +386,7 @@ verify_pin (app_t app,
    If a PIN is required the PINCB will be used to ask for the PIN;
    that callback should return the PIN in an allocated buffer and
    store that in the 3rd argument.  */
-static gpg_error_t 
+static gpg_error_t
 do_sign (app_t app, const char *keyidstr, int hashalgo,
          gpg_error_t (*pincb)(void*, const char *, char **),
          void *pincb_arg,
@@ -417,11 +417,11 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
 
   /* Check that the provided ID is vaid.  This is not really needed
      but we do it to to enforce correct usage by the caller. */
-  if (strncmp (keyidstr, "DINSIG.", 7) ) 
+  if (strncmp (keyidstr, "DINSIG.", 7) )
     return gpg_error (GPG_ERR_INV_ID);
   keyidstr += 7;
   if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
-      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3) 
+      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
       || keyidstr[4])
     return gpg_error (GPG_ERR_INV_ID);
   fid = xtoi_4 (keyidstr);
@@ -439,7 +439,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
         ;
       else if (hashalgo == GCRY_MD_RMD160 && !memcmp (indata, rmd160_prefix,15))
         ;
-      else 
+      else
         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
       memcpy (data, indata, indatalen);
     }
@@ -459,7 +459,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
           hashalgo = GCRY_MD_SHA256;
           datalen  = indatalen;
         }
-      else 
+      else
         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
       memcpy (data, indata, indatalen);
     }
@@ -476,14 +476,14 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
           datalen = len + indatalen;
           memcpy (data, sha256_prefix, len);
         }
-      else 
+      else
         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
       memcpy (data+len, indata, indatalen);
     }
 
   rc = verify_pin (app, pincb, pincb_arg);
   if (!rc)
-    rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0, 
+    rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
                              outdata, outdatalen);
   return rc;
 }
@@ -493,8 +493,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
 #warning test function - works but may brick your card
 /* Handle the PASSWD command.  CHVNOSTR is currently ignored; we
    always use VHV0.  RESET_MODE is not yet implemented.  */
-static gpg_error_t 
-do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr, 
+static gpg_error_t
+do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
                unsigned int flags,
                gpg_error_t (*pincb)(void*, const char *, char **),
                void *pincb_arg)
@@ -526,14 +526,14 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
   /* TRANSLATORS: Do not translate the "|*|" prefixes but
      keep it at the start of the string.  We need this elsewhere
      to get some infos on the string. */
-  err = pincb (pincb_arg, _("|N|Initial New PIN"), &pinvalue); 
+  err = pincb (pincb_arg, _("|N|Initial New PIN"), &pinvalue);
   if (err)
     {
       log_error (_("error getting new PIN: %s\n"), gpg_strerror (err));
       return err;
     }
 
-  err = iso7816_change_reference_data (app->slot, 0x81, 
+  err = iso7816_change_reference_data (app->slot, 0x81,
                                        oldpin, oldpinlen,
                                        pinvalue, strlen (pinvalue));
   xfree (pinvalue);
@@ -550,7 +550,7 @@ app_select_dinsig (app_t app)
   static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 };
   int slot = app->slot;
   int rc;
-  
+
   rc = iso7816_select_application (slot, aid, sizeof aid, 0);
   if (!rc)
     {
diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c
index 6e8d07725..f8ee9f640 100644
--- a/scd/app-geldkarte.c
+++ b/scd/app-geldkarte.c
@@ -90,13 +90,13 @@ send_one_string (ctrl_t ctrl, const char *name, const char *string)
 
 /* Implement the GETATTR command.  This is similar to the LEARN
    command but returns just one value via the status interface. */
-static gpg_error_t 
+static gpg_error_t
 do_getattr (app_t app, ctrl_t ctrl, const char *name)
 {
   gpg_error_t err;
   struct app_local_s *ld = app->app_local;
   char numbuf[100];
-  
+
   if (!strcmp (name, "X-KBLZ"))
     err = send_one_string (ctrl, name, ld->kblz);
   else if (!strcmp (name, "X-BANKINFO"))
@@ -123,24 +123,24 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     }
   else if (!strcmp (name, "X-BALANCE"))
     {
-      snprintf (numbuf, sizeof numbuf, "%.2f", 
+      snprintf (numbuf, sizeof numbuf, "%.2f",
                 (double)ld->balance / 100 * ld->currency_mult100);
       err = send_one_string (ctrl, name, numbuf);
     }
   else if (!strcmp (name, "X-MAXAMOUNT"))
     {
-      snprintf (numbuf, sizeof numbuf, "%.2f", 
+      snprintf (numbuf, sizeof numbuf, "%.2f",
                 (double)ld->maxamount / 100 * ld->currency_mult100);
       err = send_one_string (ctrl, name, numbuf);
     }
   else if (!strcmp (name, "X-MAXAMOUNT1"))
     {
-      snprintf (numbuf, sizeof numbuf, "%.2f", 
+      snprintf (numbuf, sizeof numbuf, "%.2f",
                 (double)ld->maxamount1 / 100 * ld->currency_mult100);
       err = send_one_string (ctrl, name, numbuf);
     }
   else
-    err = gpg_error (GPG_ERR_INV_NAME); 
+    err = gpg_error (GPG_ERR_INV_NAME);
 
   return err;
 }
@@ -185,7 +185,7 @@ copy_bcd (const unsigned char *string, size_t length)
 
   if (!length)
     return xtrystrdup ("");
-      
+
   /* Skip leading zeroes. */
   for (; length && !*string; length--, string++)
     ;
@@ -196,7 +196,7 @@ copy_bcd (const unsigned char *string, size_t length)
     {
       if (!needed && !(*s & 0xf0))
         ; /* Skip the leading zero in the first nibble.  */
-      else 
+      else
         {
           if ( ((*s >> 4) & 0x0f) > 9 )
             {
@@ -216,7 +216,7 @@ copy_bcd (const unsigned char *string, size_t length)
               return NULL;
             }
         }
-      
+
     }
   if (!needed) /* If it is all zero, print a "0". */
     needed++;
@@ -227,12 +227,12 @@ copy_bcd (const unsigned char *string, size_t length)
 
   s = string;
   n = length;
-  needed = 0;  
+  needed = 0;
   for (; n ; n--, s++)
     {
       if (!needed && !(*s & 0xf0))
         ; /* Skip the leading zero in the first nibble.  */
-      else 
+      else
         {
           *dst++ = '0' + ((*s >> 4) & 0x0f);
           needed++;
@@ -247,7 +247,7 @@ copy_bcd (const unsigned char *string, size_t length)
         }
     }
   if (!needed)
-    *dst++ = '0';  
+    *dst++ = '0';
   *dst = 0;
 
   return buffer;
@@ -282,11 +282,11 @@ app_select_geldkarte (app_t app)
   size_t resultlen;
   struct app_local_s *ld;
   const char *banktype;
-  
+
   err = iso7816_select_application (slot, aid, sizeof aid, 0);
   if (err)
-    goto leave; 
-  
+    goto leave;
+
   /* Read the first record of EF_ID (SFI=0x17).  We require this
      record to be at least 24 bytes with the the first byte 0x67 and a
      correct filler byte. */
@@ -298,7 +298,7 @@ app_select_geldkarte (app_t app)
       err = gpg_error (GPG_ERR_NOT_FOUND);
       goto leave;
     }
-  
+
   /* The short Bankleitzahl consists of 3 bytes at offset 1.  */
   switch (result[1])
     {
@@ -307,11 +307,11 @@ app_select_geldkarte (app_t app)
     case 0x25: banktype = "Sparkasse"; break;
     case 0x26:
     case 0x29: banktype = "Genossenschaftsbank"; break;
-    default: 
+    default:
       err = gpg_error (GPG_ERR_NOT_FOUND);
       goto leave; /* Probably not a Geldkarte. */
     }
-  
+
   app->apptype = "GELDKARTE";
   app->fnc.deinit = do_deinit;
 
@@ -339,7 +339,7 @@ app_select_geldkarte (app_t app)
       goto leave;
     }
 
-  snprintf (ld->kblz, sizeof ld->kblz, "%02X-%02X%02X", 
+  snprintf (ld->kblz, sizeof ld->kblz, "%02X-%02X%02X",
             result[1], result[2], result[3]);
   ld->banktype = banktype;
   ld->cardno = copy_bcd (result+4, 5);
@@ -348,8 +348,8 @@ app_select_geldkarte (app_t app)
       err = gpg_err_code_from_syserror ();
       goto leave;
     }
-  
-  snprintf (ld->expires, sizeof ld->expires, "20%02X-%02X", 
+
+  snprintf (ld->expires, sizeof ld->expires, "20%02X-%02X",
             result[10], result[11]);
   snprintf (ld->validfrom, sizeof ld->validfrom, "20%02X-%02X-%02X",
             result[12], result[13], result[14]);
diff --git a/scd/app-help.c b/scd/app-help.c
index 3d9c605f6..2576d5cfa 100644
--- a/scd/app-help.c
+++ b/scd/app-help.c
@@ -120,7 +120,7 @@ app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff)
                  fid, gpg_strerror (err));
       return 0;
     }
-  
+
   if (!buflen || *buffer == 0xff)
     {
       log_info ("no certificate contained in FID 0x%04X\n", fid);
@@ -178,5 +178,3 @@ app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff)
 
   return resultlen;
 }
-
-
diff --git a/scd/app-nks.c b/scd/app-nks.c
index 076b9139f..c1b2aa376 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -188,8 +188,8 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
          libgcrypt but we can't yet rely on it yet.  */
       for (i=0; i < 2; i++)
         {
-          while (buflen[i]-offset[i] > 1 
-                 && !buffer[i][offset[i]] 
+          while (buflen[i]-offset[i] > 1
+                 && !buffer[i][offset[i]]
                  && !(buffer[i][offset[i]+1] & 0x80))
             offset[i]++;
         }
@@ -201,9 +201,9 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
     {
       if ((buflen[i]-offset[i]) && (buffer[i][offset[i]] & 0x80))
         {
-          unsigned char *newbuf;          
+          unsigned char *newbuf;
           size_t newlen;
-          
+
           newlen = 1 + buflen[i] - offset[i];
           newbuf = xtrymalloc (newlen);
           if (!newlen)
@@ -271,7 +271,7 @@ get_chv_status (app_t app, int sigg, int pwid)
   command[2] = 0x00;
   command[3] = pwid;
 
-  if (apdu_send_direct (app->slot, 0, (unsigned char *)command, 
+  if (apdu_send_direct (app->slot, 0, (unsigned char *)command,
                         4, 0, &result, &resultlen))
     rc = -1; /* Error. */
   else if (resultlen < 2)
@@ -299,7 +299,7 @@ get_chv_status (app_t app, int sigg, int pwid)
 
 /* Implement the GETATTR command.  This is similar to the LEARN
    command but returns just one value via the status interface. */
-static gpg_error_t 
+static gpg_error_t
 do_getattr (app_t app, ctrl_t ctrl, const char *name)
 {
   static struct {
@@ -322,7 +322,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
   for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
     ;
   if (!table[idx].name)
-    return gpg_error (GPG_ERR_INV_NAME); 
+    return gpg_error (GPG_ERR_INV_NAME);
 
   switch (table[idx].special)
     {
@@ -350,7 +350,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
            two global passwords followed by the two SigG passwords.
            For the values, see the function get_chv_status.  */
         int tmp[4];
-        
+
         /* We use a helper array so that we can control that there is
            no superfluous application switch.  Note that PW2.CH.SIG
            really has the identifier 0x83 and not 0x82 as one would
@@ -358,8 +358,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
         tmp[0] = get_chv_status (app, 0, 0x00);
         tmp[1] = get_chv_status (app, 0, 0x01);
         tmp[2] = get_chv_status (app, 1, 0x81);
-        tmp[3] = get_chv_status (app, 1, 0x83); 
-        snprintf (buffer, sizeof buffer, 
+        tmp[3] = get_chv_status (app, 1, 0x83);
+        snprintf (buffer, sizeof buffer,
                   "%d %d %d %d", tmp[0], tmp[1], tmp[2], tmp[3]);
         send_status_info (ctrl, table[idx].name,
                           buffer, strlen (buffer), NULL, 0);
@@ -413,11 +413,11 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
                  context so that a following readcert does only need to
                  read that many bytes. */
               snprintf (ct_buf, sizeof ct_buf, "%d", filelist[i].certtype);
-              snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X", 
+              snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
                         tag, filelist[i].fid);
               send_status_info (ctrl, "CERTINFO",
-                                ct_buf, strlen (ct_buf), 
-                                id_buf, strlen (id_buf), 
+                                ct_buf, strlen (ct_buf),
+                                id_buf, strlen (id_buf),
                                 NULL, (size_t)0);
             }
         }
@@ -434,8 +434,8 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
               snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
                         tag, filelist[i].fid);
               send_status_info (ctrl, "KEYPAIRINFO",
-                                gripstr, 40, 
-                                id_buf, strlen (id_buf), 
+                                gripstr, 40,
+                                id_buf, strlen (id_buf),
                                 NULL, (size_t)0);
             }
         }
@@ -453,7 +453,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
   err = switch_application (app, 0);
   if (err)
     return err;
-  
+
   do_learn_status_core (app, ctrl, flags, 0);
 
   err = switch_application (app, 1);
@@ -489,11 +489,11 @@ do_readcert (app_t app, const char *certid,
   *cert = NULL;
   *certlen = 0;
 
-  if (!strncmp (certid, "NKS-NKS3.", 9)) 
+  if (!strncmp (certid, "NKS-NKS3.", 9))
     ;
-  else if (!strncmp (certid, "NKS-DF01.", 9)) 
+  else if (!strncmp (certid, "NKS-DF01.", 9))
     ;
-  else if (!strncmp (certid, "NKS-SIGG.", 9)) 
+  else if (!strncmp (certid, "NKS-SIGG.", 9))
     is_sigg = 1;
   else
     return gpg_error (GPG_ERR_INV_ID);
@@ -504,7 +504,7 @@ do_readcert (app_t app, const char *certid,
 
   certid += 9;
   if (!hexdigitp (certid) || !hexdigitp (certid+1)
-      || !hexdigitp (certid+2) || !hexdigitp (certid+3) 
+      || !hexdigitp (certid+2) || !hexdigitp (certid+3)
       || certid[4])
     return gpg_error (GPG_ERR_INV_ID);
   fid = xtoi_4 (certid);
@@ -541,7 +541,7 @@ do_readcert (app_t app, const char *certid,
                  fid, gpg_strerror (err));
       return err;
     }
-  
+
   if (!buflen || *buffer == 0xff)
     {
       log_info ("no certificate contained in FID 0x%04X\n", fid);
@@ -569,13 +569,13 @@ do_readcert (app_t app, const char *certid,
                           &ndef, &objlen, &hdrlen);
   if (err)
     goto leave;
-  
+
   if (rootca)
     ;
   else if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
     {
       const unsigned char *save_p;
-  
+
       /* The certificate seems to be contained in a userCertificate
          container.  Skip this and assume the following sequence is
          the certificate. */
@@ -589,7 +589,7 @@ do_readcert (app_t app, const char *certid,
       save_p = p;
       err = parse_ber_header (&p, &n, &class, &tag, &constructed,
                               &ndef, &objlen, &hdrlen);
-      if (err) 
+      if (err)
         goto leave;
       if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
         return gpg_error (GPG_ERR_INV_OBJ);
@@ -597,7 +597,7 @@ do_readcert (app_t app, const char *certid,
       assert (save_p + totobjlen <= buffer + buflen);
       memmove (buffer, save_p, totobjlen);
     }
-  
+
   *cert = buffer;
   buffer = NULL;
   *certlen = totobjlen;
@@ -628,7 +628,7 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
   if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
     ;
   else /* Return the error code expected by cmd_readkey.  */
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); 
+    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
   /* Access the KEYD file which is always in the master directory.  */
   err = iso7816_select_path (app->slot, path, DIM (path), NULL, NULL);
@@ -696,14 +696,14 @@ do_writekey (app_t app, ctrl_t ctrl,
     ;
   else
     return gpg_error (GPG_ERR_INV_ID);
-  
+
   if (!force && !do_readkey (app, keyid, NULL, NULL))
     return gpg_error (GPG_ERR_EEXIST);
 
   /* Parse the S-expression.  */
   err = get_rsa_pk_from_canon_sexp (keydata, keydatalen,
                                     &rsa_n, &rsa_n_len, &rsa_e, &rsa_e_len);
-  if (err) 
+  if (err)
     goto leave;
 
   /* Check that the parameters match the requirements.  */
@@ -732,7 +732,7 @@ do_writekey (app_t app, ctrl_t ctrl,
   /* Send the MSE:Store_Public_Key.  */
   err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 /*   mse = xtrymalloc (1000); */
-  
+
 /*   mse[0] = 0x80; /\* Algorithm reference.  *\/ */
 /*   mse[1] = 1; */
 /*   mse[2] = 0x17; */
@@ -802,15 +802,15 @@ verify_pin (app_t app, int pwid, const char *desc,
                     gpg_strerror (rc));
           return rc;
         }
- 
-      rc = iso7816_verify_kp (app->slot, pwid, "", 0, &pininfo); 
+
+      rc = iso7816_verify_kp (app->slot, pwid, "", 0, &pininfo);
       pincb (pincb_arg, NULL, NULL);  /* Dismiss the prompt. */
     }
   else
     {
       char *pinvalue;
 
-      rc = pincb (pincb_arg, desc, &pinvalue); 
+      rc = pincb (pincb_arg, desc, &pinvalue);
       if (rc)
         {
           log_info ("PIN callback returned error: %s\n", gpg_strerror (rc));
@@ -845,7 +845,7 @@ verify_pin (app_t app, int pwid, const char *desc,
    If a PIN is required the PINCB will be used to ask for the PIN;
    that callback should return the PIN in an allocated buffer and
    store that in the 3rd argument.  */
-static gpg_error_t 
+static gpg_error_t
 do_sign (app_t app, const char *keyidstr, int hashalgo,
          gpg_error_t (*pincb)(void*, const char *, char **),
          void *pincb_arg,
@@ -876,11 +876,11 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
 
   /* Check that the provided ID is valid.  This is not really needed
      but we do it to enforce correct usage by the caller. */
-  if (!strncmp (keyidstr, "NKS-NKS3.", 9) ) 
+  if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
     ;
-  else if (!strncmp (keyidstr, "NKS-DF01.", 9) ) 
+  else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
     ;
-  else if (!strncmp (keyidstr, "NKS-SIGG.", 9) ) 
+  else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
     is_sigg = 1;
   else
     return gpg_error (GPG_ERR_INV_ID);
@@ -897,7 +897,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
     }
 
   if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
-      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3) 
+      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
       || keyidstr[4])
     return gpg_error (GPG_ERR_INV_ID);
   fid = xtoi_4 (keyidstr);
@@ -914,7 +914,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   if (app->app_local->nks_version > 2 && (indatalen == 35
                                           || indatalen == 47
                                           || indatalen == 51
-                                          || indatalen == 67 
+                                          || indatalen == 67
                                           || indatalen == 83))
     {
       /* The caller send data matching the length of the ASN.1 encoded
@@ -931,7 +931,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
         ;
       else if (hashalgo == GCRY_MD_RMD160 && !memcmp (indata,rmd160_prefix,15))
         ;
-      else 
+      else
         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
       memcpy (data, indata, indatalen);
       datalen = 35;
@@ -942,7 +942,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
         memcpy (data, sha1_prefix, 15);
       else if (hashalgo == GCRY_MD_RMD160)
         memcpy (data, rmd160_prefix, 15);
-      else 
+      else
         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
       memcpy (data+15, indata, indatalen);
       datalen = 35;
@@ -955,7 +955,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   if (app->app_local->nks_version > 2)
     {
       unsigned char mse[6];
-      
+
       mse[0] = 0x80; /* Algorithm reference.  */
       mse[1] = 1;
       mse[2] = 2;    /* RSA, card does pkcs#1 v1.5 padding, no ASN.1 check.  */
@@ -980,7 +980,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
 /* Decrypt the data in INDATA and return the allocated result in OUTDATA.
    If a PIN is required the PINCB will be used to ask for the PIN; it
    should return the PIN in an allocated buffer and put it into PIN.  */
-static gpg_error_t 
+static gpg_error_t
 do_decipher (app_t app, const char *keyidstr,
              gpg_error_t (*pincb)(void*, const char *, char **),
              void *pincb_arg,
@@ -997,11 +997,11 @@ do_decipher (app_t app, const char *keyidstr,
 
   /* Check that the provided ID is valid.  This is not really needed
      but we do it to to enforce correct usage by the caller. */
-  if (!strncmp (keyidstr, "NKS-NKS3.", 9) ) 
+  if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
     ;
-  else if (!strncmp (keyidstr, "NKS-DF01.", 9) ) 
+  else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
     ;
-  else if (!strncmp (keyidstr, "NKS-SIGG.", 9) ) 
+  else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
     is_sigg = 1;
   else
     return gpg_error (GPG_ERR_INV_ID);
@@ -1012,7 +1012,7 @@ do_decipher (app_t app, const char *keyidstr,
     return rc;
 
   if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
-      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3) 
+      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
       || keyidstr[4])
     return gpg_error (GPG_ERR_INV_ID);
   fid = xtoi_4 (keyidstr);
@@ -1039,7 +1039,7 @@ do_decipher (app_t app, const char *keyidstr,
     }
   else
     {
-      static const unsigned char mse[] = 
+      static const unsigned char mse[] =
         {
           0x80, 1, 0x10, /* Select algorithm RSA. */
           0x84, 1, 0x81  /* Select local secret key 1 for decryption. */
@@ -1130,8 +1130,8 @@ parse_pwidstr (const char *pwidstr, int new_mode, int *r_sigg, int *r_pwid)
 
 /* Handle the PASSWD command. See parse_pwidstr() for allowed values
    for CHVNOSTR.  */
-static gpg_error_t 
-do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr, 
+static gpg_error_t
+do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
                unsigned int flags,
                gpg_error_t (*pincb)(void*, const char *, char **),
                void *pincb_arg)
@@ -1153,7 +1153,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
   memset (&pininfo, 0, sizeof pininfo);
   pininfo.minlen = 6;
   pininfo.maxlen = 16;
-  
+
   newdesc = parse_pwidstr (pwidstr, 1, &is_sigg, &pwid);
   if (!newdesc)
     return gpg_error (GPG_ERR_INV_ID);
@@ -1204,7 +1204,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
           /* Regular change mode:  Ask for the old PIN.  */
           desc = parse_pwidstr (pwidstr, 0, &dummy1, &dummy2);
         }
-      err = pincb (pincb_arg, desc, &oldpin); 
+      err = pincb (pincb_arg, desc, &oldpin);
       if (err)
         {
           log_error ("error getting old PIN: %s\n", gpg_strerror (err));
@@ -1216,14 +1216,14 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
         goto leave;
     }
 
-  err = pincb (pincb_arg, newdesc, &newpin); 
+  err = pincb (pincb_arg, newdesc, &newpin);
   if (err)
     {
       log_error (_("error getting new PIN: %s\n"), gpg_strerror (err));
       goto leave;
     }
   newpinlen = strlen (newpin);
-  
+
   err = basic_pin_checks (newpin, pininfo.minlen, pininfo.maxlen);
   if (err)
     goto leave;
@@ -1246,8 +1246,8 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
       wipememory (data, datalen);
       xfree (data);
     }
-  else 
-    err = iso7816_change_reference_data (app->slot, pwid, 
+  else
+    err = iso7816_change_reference_data (app->slot, pwid,
                                          oldpin, oldpinlen,
                                          newpin, newpinlen);
  leave:
@@ -1258,7 +1258,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
 
 
 /* Perform a simple verify operation.  KEYIDSTR should be NULL or empty.  */
-static gpg_error_t 
+static gpg_error_t
 do_check_pin (app_t app, const char *pwidstr,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg)
@@ -1288,10 +1288,10 @@ get_nks_version (int slot)
   size_t resultlen;
   int type;
 
-  if (iso7816_apdu_direct (slot, "\x80\xaa\x06\x00\x00", 5, 0, 
+  if (iso7816_apdu_direct (slot, "\x80\xaa\x06\x00\x00", 5, 0,
                            &result, &resultlen))
     return 2; /* NKS 2 does not support this command.  */
-  
+
   /* Example value:    04 11 19 22 21 6A 20 80 03 03 01 01 01 00 00 00
                        vv tt ccccccccccccccccc aa bb cc vvvvvvvvvvv xx
      vendor (Philips) -+  |  |                 |  |  |  |           |
@@ -1332,7 +1332,7 @@ switch_application (app_t app, int enable_sigg)
   else
     err = iso7816_select_application (app->slot, aid_nks, sizeof aid_nks, 0);
 
-  if (!err && enable_sigg && app->app_local->nks_version >= 3 
+  if (!err && enable_sigg && app->app_local->nks_version >= 3
       && !app->app_local->sigg_msig_checked)
     {
       /* Check whether this card is a mass signature card.  */
@@ -1340,7 +1340,7 @@ switch_application (app_t app, int enable_sigg)
       size_t buflen;
       const unsigned char *tmpl;
       size_t tmpllen;
-      
+
       app->app_local->sigg_msig_checked = 1;
       app->app_local->sigg_is_msig = 1;
       err = iso7816_select_file (app->slot, 0x5349, 0, NULL, NULL);
@@ -1349,7 +1349,7 @@ switch_application (app_t app, int enable_sigg)
       if (!err)
         {
           tmpl = find_tlv (buffer, buflen, 0x7a, &tmpllen);
-          if (tmpl && tmpllen == 12 
+          if (tmpl && tmpllen == 12
               && !memcmp (tmpl,
                           "\x93\x02\x00\x01\xA4\x06\x83\x01\x81\x83\x01\x83",
                           12))
@@ -1359,7 +1359,7 @@ switch_application (app_t app, int enable_sigg)
       if (app->app_local->sigg_is_msig)
         log_info ("This is a mass signature card\n");
     }
-  
+
   if (!err)
     {
       app->app_local->need_app_select = 0;
@@ -1379,7 +1379,7 @@ app_select_nks (app_t app)
 {
   int slot = app->slot;
   int rc;
-  
+
   rc = iso7816_select_application (slot, aid_nks, sizeof aid_nks, 0);
   if (!rc)
     {
@@ -1416,5 +1416,3 @@ app_select_nks (app_t app)
     do_deinit (app);
   return rc;
 }
-
-
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 029d99fb3..660519059 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -118,13 +118,13 @@ static struct {
 
 /* The format of RSA private keys.  */
 typedef enum
-  { 
+  {
     RSA_UNKNOWN_FMT,
     RSA_STD,
     RSA_STD_N,
     RSA_CRT,
     RSA_CRT_N
-  } 
+  }
 rsa_key_format_t;
 
 
@@ -141,7 +141,7 @@ struct cache_s {
 struct app_local_s {
   /* A linked list with cached DOs.  */
   struct cache_s *cache;
-  
+
   /* Keep track of the public keys.  */
   struct
   {
@@ -166,7 +166,7 @@ struct app_local_s {
   } cardcap;
 
   /* Keep track of extended card capabilities.  */
-  struct 
+  struct
   {
     unsigned int is_v2:1;              /* This is a v2.0 compatible card.  */
     unsigned int get_challenge:1;
@@ -195,7 +195,7 @@ struct app_local_s {
                                 of this strucuire is only valid if
                                 this is not 0.  */
     unsigned int e_bits;     /* Size of the public exponent in bits.  */
-    rsa_key_format_t format;  
+    rsa_key_format_t format;
   } keyattr[3];
 
 };
@@ -213,7 +213,7 @@ static gpg_error_t do_auth (app_t app, const char *keyidstr,
                             unsigned char **outdata, size_t *outdatalen);
 static void parse_algorithm_attribute (app_t app, int keyno);
 static gpg_error_t change_keyattr_from_string
-                           (app_t app, 
+                           (app_t app,
                             gpg_error_t (*pincb)(void*, const char *, char **),
                             void *pincb_arg,
                             const void *value, size_t valuelen);
@@ -253,7 +253,7 @@ do_deinit (app_t app)
    bypassed.  With TRY_EXTLEN extended lengths APDUs are use if
    supported by the card.  */
 static gpg_error_t
-get_cached_data (app_t app, int tag, 
+get_cached_data (app_t app, int tag,
                  unsigned char **result, size_t *resultlen,
                  int get_immediate, int try_extlen)
 {
@@ -280,13 +280,13 @@ get_cached_data (app_t app, int tag,
                 memcpy (p, c->data, c->length);
                 *result = p;
               }
-            
+
             *resultlen = c->length;
-            
+
             return 0;
           }
     }
-  
+
   if (try_extlen && app->app_local->cardcap.ext_lc_le)
     exmode = app->app_local->extcap.max_rsp_data;
   else
@@ -313,7 +313,7 @@ get_cached_data (app_t app, int tag,
   /* Okay, cache it. */
   for (c=app->app_local->cache; c; c = c->next)
     assert (c->tag != tag);
-  
+
   c = xtrymalloc (sizeof *c + len);
   if (c)
     {
@@ -439,7 +439,7 @@ get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes,
     {
       rc = get_cached_data (app, data_objects[i].get_from,
                             &buffer, &buflen,
-                            (data_objects[i].dont_cache 
+                            (data_objects[i].dont_cache
                              || data_objects[i].get_immediate_in_v11),
                             data_objects[i].try_extlen);
       if (!rc)
@@ -463,7 +463,7 @@ get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes,
   if (!value) /* Not in a constructed DO, try simple. */
     {
       rc = get_cached_data (app, tag, &buffer, &buflen,
-                            (data_objects[i].dont_cache 
+                            (data_objects[i].dont_cache
                              || data_objects[i].get_immediate_in_v11),
                             data_objects[i].try_extlen);
       if (!rc)
@@ -490,7 +490,7 @@ dump_all_do (int slot)
   int rc, i, j;
   unsigned char *buffer;
   size_t buflen;
-  
+
   for (i=0; data_objects[i].tag; i++)
     {
       if (data_objects[i].get_from)
@@ -501,7 +501,7 @@ dump_all_do (int slot)
       rc = iso7816_get_data (slot, 0, data_objects[i].tag, &buffer, &buflen);
       if (gpg_err_code (rc) == GPG_ERR_NO_OBJ)
         ;
-      else if (rc) 
+      else if (rc)
         log_info ("DO `%s' not available: %s\n",
                   data_objects[i].desc, gpg_strerror (rc));
       else
@@ -522,7 +522,7 @@ dump_all_do (int slot)
                 {
                   const unsigned char *value;
                   size_t valuelen;
-                  
+
                   if (j==i || data_objects[i].tag != data_objects[j].get_from)
                     continue;
                   value = find_tlv_unchecked (buffer, buflen,
@@ -634,7 +634,7 @@ parse_login_data (app_t app)
     next:
       for (; buflen && *buffer != '\x18'; buflen--, buffer++)
         if (*buffer == '\n')
-          buflen = 1; 
+          buflen = 1;
     }
   while (buflen);
 
@@ -642,17 +642,17 @@ parse_login_data (app_t app)
 }
 
 /* Note, that FPR must be at least 20 bytes. */
-static gpg_error_t 
+static gpg_error_t
 store_fpr (app_t app, int keynumber, u32 timestamp,
            const unsigned char *m, size_t mlen,
-           const unsigned char *e, size_t elen, 
+           const unsigned char *e, size_t elen,
            unsigned char *fpr, unsigned int card_version)
 {
   unsigned int n, nbits;
   unsigned char *buffer, *p;
   int tag, tag2;
   int rc;
-  
+
   for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */
     ;
   for (; elen && !*e; elen--, e++) /* strip leading zeroes */
@@ -662,7 +662,7 @@ store_fpr (app_t app, int keynumber, u32 timestamp,
   p = buffer = xtrymalloc (3 + n);
   if (!buffer)
     return gpg_error_from_syserror ();
-  
+
   *p++ = 0x99;     /* ctb */
   *p++ = n >> 8;   /* 2 byte length header */
   *p++ = n;
@@ -680,7 +680,7 @@ store_fpr (app_t app, int keynumber, u32 timestamp,
   *p++ = nbits >> 8;
   *p++ = nbits;
   memcpy (p, e, elen); p += elen;
-    
+
   gcry_md_hash_buffer (GCRY_MD_SHA1, fpr, buffer, n+3);
 
   xfree (buffer);
@@ -712,11 +712,11 @@ store_fpr (app_t app, int keynumber, u32 timestamp,
   return rc;
 }
 
-       
+
 static void
 send_fpr_if_not_null (ctrl_t ctrl, const char *keyword,
                       int number, const unsigned char *fpr)
-{                      
+{
   int i;
   char buf[41];
   char numbuf[25];
@@ -738,7 +738,7 @@ send_fpr_if_not_null (ctrl_t ctrl, const char *keyword,
 static void
 send_fprtime_if_not_null (ctrl_t ctrl, const char *keyword,
                           int number, const unsigned char *stamp)
-{                      
+{
   char numbuf1[50], numbuf2[50];
   unsigned long value;
 
@@ -753,11 +753,11 @@ send_fprtime_if_not_null (ctrl_t ctrl, const char *keyword,
 }
 
 static void
-send_key_data (ctrl_t ctrl, const char *name, 
+send_key_data (ctrl_t ctrl, const char *name,
                const unsigned char *a, size_t alen)
 {
   char *buf;
-  
+
   buf = bin2hex (a, alen, NULL);
   if (!buf)
     {
@@ -766,7 +766,7 @@ send_key_data (ctrl_t ctrl, const char *name,
     }
 
   send_status_info (ctrl, "KEY-DATA",
-                    name, (size_t)strlen(name), 
+                    name, (size_t)strlen(name),
                     buf, (size_t)strlen (buf),
                     NULL, 0);
   xfree (buf);
@@ -775,7 +775,7 @@ send_key_data (ctrl_t ctrl, const char *name,
 
 static void
 send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int number)
-{                      
+{
   char buffer[200];
 
   assert (number >=0 && number < DIM(app->app_local->keyattr));
@@ -792,7 +792,7 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int number)
 
 /* Implement the GETATTR command.  This is similar to the LEARN
    command but returns just one value via the status interface. */
-static gpg_error_t 
+static gpg_error_t
 do_getattr (app_t app, ctrl_t ctrl, const char *name)
 {
   static struct {
@@ -809,7 +809,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     { "KEY-TIME",     0x00CD, 4 },
     { "KEY-ATTR",     0x0000, -5 },
     { "CA-FPR",       0x00C6, 3 },
-    { "CHV-STATUS",   0x00C4, 1 }, 
+    { "CHV-STATUS",   0x00C4, 1 },
     { "SIG-COUNTER",  0x0093, 2 },
     { "SERIALNO",     0x004F, -1 },
     { "AID",          0x004F },
@@ -830,8 +830,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
   for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
     ;
   if (!table[idx].name)
-    return gpg_error (GPG_ERR_INV_NAME); 
-  
+    return gpg_error (GPG_ERR_INV_NAME);
+
   if (table[idx].special == -1)
     {
       /* The serial number is very special.  We could have used the
@@ -859,7 +859,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
       char tmp[100];
 
       snprintf (tmp, sizeof tmp,
-                "gc=%d ki=%d fc=%d pd=%d mcl3=%u aac=%d sm=%d", 
+                "gc=%d ki=%d fc=%d pd=%d mcl3=%u aac=%d sm=%d",
                 app->app_local->extcap.get_challenge,
                 app->app_local->extcap.key_import,
                 app->app_local->extcap.change_force_chv,
@@ -882,7 +882,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     {
       char *serial;
       time_t stamp;
-    
+
       if (!app_get_serial_and_stamp (app, &serial, &stamp))
         {
           if (strlen (serial) > 16+12)
@@ -893,7 +893,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
             }
           xfree (serial);
         }
-      return gpg_error (GPG_ERR_INV_NAME); 
+      return gpg_error (GPG_ERR_INV_NAME);
     }
   if (table[idx].special == -5)
     {
@@ -908,9 +908,9 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
       if (table[idx].special == 1)
         {
           char numbuf[7*23];
-          
+
           for (i=0,*numbuf=0; i < valuelen && i < 7; i++)
-            sprintf (numbuf+strlen (numbuf), " %d", value[i]); 
+            sprintf (numbuf+strlen (numbuf), " %d", value[i]);
           send_status_info (ctrl, table[idx].name,
                             numbuf, strlen (numbuf), NULL, 0);
         }
@@ -1036,7 +1036,7 @@ retrieve_key_material (FILE *fp, const char *hexkeyid,
             found_key = 1;
           continue;
       	}
-      
+
       if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
         break; /* Next key - stop.  */
 
@@ -1049,7 +1049,7 @@ retrieve_key_material (FILE *fp, const char *hexkeyid,
           err = gpg_error (GPG_ERR_GENERAL);
           goto leave; /* Error: Invalid key data record or not an RSA key.  */
         }
-      
+
       err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL);
       if (err)
         mpi = NULL;
@@ -1061,7 +1061,7 @@ retrieve_key_material (FILE *fp, const char *hexkeyid,
       if (err)
         goto leave;
     }
-  
+
   if (m_new && e_new)
     {
       *m = m_new;
@@ -1136,10 +1136,10 @@ get_public_key (app_t app, int keyno)
           le_value = 256; /* Use legacy value. */
         }
 
-      err = iso7816_read_public_key 
+      err = iso7816_read_public_key
         (app->slot, exmode,
          (const unsigned char*)(keyno == 0? "\xB6" :
-                                keyno == 1? "\xB8" : "\xA4"), 2,  
+                                keyno == 1? "\xB8" : "\xA4"), 2,
          le_value,
          &buffer, &buflen);
       if (err)
@@ -1155,7 +1155,7 @@ get_public_key (app_t app, int keyno)
           log_error (_("response does not contain the public key data\n"));
           goto leave;
         }
- 
+
       m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
       if (!m)
         {
@@ -1163,7 +1163,7 @@ get_public_key (app_t app, int keyno)
           log_error (_("response does not contain the RSA modulus\n"));
           goto leave;
         }
-      
+
 
       e = find_tlv (keydata, keydatalen, 0x0082, &elen);
       if (!e)
@@ -1266,7 +1266,7 @@ get_public_key (app_t app, int keyno)
       err = gpg_error_from_syserror ();
       goto leave;
     }
-  
+
   sprintf (keybuf, "(10:public-key(3:rsa(1:n%u:", (unsigned int) mlen);
   keybuf_p = keybuf + strlen (keybuf);
   memcpy (keybuf_p, m, mlen);
@@ -1277,7 +1277,7 @@ get_public_key (app_t app, int keyno)
   keybuf_p += elen;
   strcpy (keybuf_p, ")))");
   keybuf_p += strlen (keybuf_p);
-  
+
   app->app_local->pk[keyno].key = (unsigned char*)keybuf;
   app->app_local->pk[keyno].keylen = (keybuf_p - keybuf);
 
@@ -1310,7 +1310,7 @@ send_keypair_info (app_t app, ctrl_t ctrl, int keyno)
   err = get_public_key (app, keyno);
   if (err)
     goto leave;
-  
+
   assert (keyno >= 1 && keyno <= 3);
   if (!app->app_local->pk[keyno-1].key)
     goto leave; /* No such key - ignore. */
@@ -1320,19 +1320,19 @@ send_keypair_info (app_t app, ctrl_t ctrl, int keyno)
                                  grip);
   if (err)
     goto leave;
-  
+
   bin2hex (grip, 20, gripstr);
 
   sprintf (idbuf, "OPENPGP.%d", keyno);
-  send_status_info (ctrl, "KEYPAIRINFO", 
-                    gripstr, 40, 
-                    idbuf, strlen (idbuf), 
+  send_status_info (ctrl, "KEYPAIRINFO",
+                    gripstr, 40,
+                    idbuf, strlen (idbuf),
                     NULL, (size_t)0);
 
  leave:
 #endif /* GNUPG_MAJOR_VERSION > 1 */
 
-  return err; 
+  return err;
 }
 
 
@@ -1341,7 +1341,7 @@ static gpg_error_t
 do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 {
   (void)flags;
-  
+
   do_getattr (app, ctrl, "EXTCAP");
   do_getattr (app, ctrl, "DISP-NAME");
   do_getattr (app, ctrl, "DISP-LANG");
@@ -1524,16 +1524,16 @@ verify_a_chv (app_t app,
   else
     prompt = _("||Please enter the PIN");
 
-  
+
   if (!opt.disable_keypad
       && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
     {
       /* The reader supports the verify command through the keypad.
          Note that the pincb appends a text to the prompt telling the
          user to use the keypad. */
-      rc = pincb (pincb_arg, prompt, NULL); 
+      rc = pincb (pincb_arg, prompt, NULL);
       prompt = NULL;
-      xfree (prompt_buffer); 
+      xfree (prompt_buffer);
       prompt_buffer = NULL;
       if (rc)
         {
@@ -1541,7 +1541,7 @@ verify_a_chv (app_t app,
                     gpg_strerror (rc));
           return rc;
         }
-      rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo); 
+      rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo);
       /* Dismiss the prompt. */
       pincb (pincb_arg, NULL, NULL);
 
@@ -1550,9 +1550,9 @@ verify_a_chv (app_t app,
   else
     {
       /* The reader has no keypad or we don't want to use it. */
-      rc = pincb (pincb_arg, prompt, pinvalue); 
+      rc = pincb (pincb_arg, prompt, pinvalue);
       prompt = NULL;
-      xfree (prompt_buffer); 
+      xfree (prompt_buffer);
       prompt_buffer = NULL;
       if (rc)
         {
@@ -1560,7 +1560,7 @@ verify_a_chv (app_t app,
                     gpg_strerror (rc));
           return rc;
         }
-      
+
       if (strlen (*pinvalue) < minlen)
         {
           log_error (_("PIN for CHV%d is too short;"
@@ -1573,7 +1573,7 @@ verify_a_chv (app_t app,
       rc = iso7816_verify (app->slot, 0x80+chvno,
                            *pinvalue, strlen (*pinvalue));
     }
-  
+
   if (rc)
     {
       log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc));
@@ -1596,14 +1596,14 @@ verify_chv2 (app_t app,
   int rc;
   char *pinvalue;
 
-  if (app->did_chv2) 
+  if (app->did_chv2)
     return 0;  /* We already verified CHV2.  */
 
   rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
   if (rc)
     return rc;
   app->did_chv2 = 1;
-  
+
   if (!app->did_chv1 && !app->force_chv1 && pinvalue)
     {
       /* For convenience we verify CHV1 here too.  We do this only if
@@ -1630,7 +1630,7 @@ verify_chv2 (app_t app,
 
 /* Build the prompt to enter the Admin PIN.  The prompt depends on the
    current sdtate of the card.  */
-static gpg_error_t 
+static gpg_error_t
 build_enter_admin_pin_prompt (app_t app, char **r_prompt)
 {
   void *relptr;
@@ -1656,7 +1656,7 @@ build_enter_admin_pin_prompt (app_t app, char **r_prompt)
     }
   remaining = value[6];
   xfree (relptr);
-  
+
   log_info(_("%d Admin PIN attempts remaining before card"
              " is permanently locked\n"), remaining);
 
@@ -1669,10 +1669,10 @@ build_enter_admin_pin_prompt (app_t app, char **r_prompt)
     }
   else
     prompt = xtrystrdup (_("|A|Please enter the Admin PIN"));
-  
+
   if (!prompt)
     return gpg_error_from_syserror ();
-  
+
   *r_prompt = prompt;
   return 0;
 }
@@ -1693,8 +1693,8 @@ verify_chv3 (app_t app,
       return gpg_error (GPG_ERR_EACCES);
     }
 #endif
-      
-  if (!app->did_chv3) 
+
+  if (!app->did_chv3)
     {
       iso7816_pininfo_t pininfo;
       int minlen = 8;
@@ -1712,7 +1712,7 @@ verify_chv3 (app_t app,
           && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
         {
           /* The reader supports the verify command through the keypad. */
-          rc = pincb (pincb_arg, prompt, NULL); 
+          rc = pincb (pincb_arg, prompt, NULL);
           xfree (prompt);
           prompt = NULL;
           if (rc)
@@ -1721,7 +1721,7 @@ verify_chv3 (app_t app,
                         gpg_strerror (rc));
               return rc;
             }
-          rc = iso7816_verify_kp (app->slot, 0x83, "", 0, &pininfo); 
+          rc = iso7816_verify_kp (app->slot, 0x83, "", 0, &pininfo);
           /* Dismiss the prompt. */
           pincb (pincb_arg, NULL, NULL);
         }
@@ -1729,7 +1729,7 @@ verify_chv3 (app_t app,
         {
           char *pinvalue;
 
-          rc = pincb (pincb_arg, prompt, &pinvalue); 
+          rc = pincb (pincb_arg, prompt, &pinvalue);
           xfree (prompt);
           prompt = NULL;
           if (rc)
@@ -1738,7 +1738,7 @@ verify_chv3 (app_t app,
                         gpg_strerror (rc));
               return rc;
             }
-          
+
           if (strlen (pinvalue) < minlen)
             {
               log_error (_("PIN for CHV%d is too short;"
@@ -1746,11 +1746,11 @@ verify_chv3 (app_t app,
               xfree (pinvalue);
               return gpg_error (GPG_ERR_BAD_PIN);
             }
-          
+
           rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
           xfree (pinvalue);
         }
-      
+
       if (rc)
         {
           log_error (_("verify CHV%d failed: %s\n"), 3, gpg_strerror (rc));
@@ -1765,7 +1765,7 @@ verify_chv3 (app_t app,
 
 /* Handle the SETATTR operation. All arguments are already basically
    checked. */
-static gpg_error_t 
+static gpg_error_t
 do_setattr (app_t app, const char *name,
             gpg_error_t (*pincb)(void*, const char *, char **),
             void *pincb_arg,
@@ -1804,7 +1804,7 @@ do_setattr (app_t app, const char *name,
   for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
     ;
   if (!table[idx].name)
-    return gpg_error (GPG_ERR_INV_NAME); 
+    return gpg_error (GPG_ERR_INV_NAME);
   if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
     return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported.  */
 
@@ -1855,7 +1855,7 @@ do_setattr (app_t app, const char *name,
    callback.  */
 static gpg_error_t
 do_writecert (app_t app, ctrl_t ctrl,
-              const char *certidstr, 
+              const char *certidstr,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg,
               const unsigned char *certdata, size_t certdatalen)
@@ -1893,8 +1893,8 @@ do_writecert (app_t app, ctrl_t ctrl,
      -       2   2      Verify Reset Code and set a new PW1.
      -       3   any    Verify CHV3/PW3 and set a new CHV3/PW3.
  */
-static gpg_error_t 
-do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr, 
+static gpg_error_t
+do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
                unsigned int flags,
                gpg_error_t (*pincb)(void*, const char *, char **),
                void *pincb_arg)
@@ -1932,7 +1932,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
           /* On a v1.x card CHV1 and CVH2 should always have the same
              value, thus we enforce it here.  */
           int save_force = app->force_chv1;
-          
+
           app->force_chv1 = 0;
           app->did_chv1 = 0;
           app->did_chv2 = 0;
@@ -1958,7 +1958,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
           rc = verify_chv3 (app, pincb, pincb_arg);
           if (rc)
             goto leave;
-          
+
           if (chvno == 2)
             set_resetcode = 1;
         }
@@ -2020,14 +2020,14 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
               log_error (_("Reset Code not or not anymore available\n"));
               rc = gpg_error (GPG_ERR_BAD_PIN);
               goto leave;
-            }          
-          
+            }
+
           rc = pincb (pincb_arg,
                       _("||Please enter the Reset Code for the card"),
-                      &resetcode); 
+                      &resetcode);
           if (rc)
             {
-              log_info (_("PIN callback returned error: %s\n"), 
+              log_info (_("PIN callback returned error: %s\n"),
                         gpg_strerror (rc));
               goto leave;
             }
@@ -2054,10 +2054,10 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
   /* TRANSLATORS: Do not translate the "|*|" prefixes but
      keep it at the start of the string.  We need this elsewhere
      to get some infos on the string. */
-  rc = pincb (pincb_arg, 
+  rc = pincb (pincb_arg,
               set_resetcode? _("|RN|New Reset Code") :
-              chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"), 
-              &pinvalue); 
+              chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"),
+              &pinvalue);
   if (rc)
     {
       log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
@@ -2121,7 +2121,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
     {
       /* Version 2 cards.  */
       assert (chvno == 1 || chvno == 3);
-      
+
       rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
                                           oldpinvalue, strlen (oldpinvalue),
                                           pinvalue, strlen (pinvalue));
@@ -2199,7 +2199,7 @@ does_key_exist (app_t app, int keyidx, int generating, int force)
    of tag and length.  A LENGTH greater than 65535 is truncated. */
 static size_t
 add_tlv (unsigned char *buffer, unsigned int tag, size_t length)
-{ 
+{
   unsigned char *p = buffer;
 
   assert (tag <= 0xffff);
@@ -2325,15 +2325,15 @@ build_privkey_template (app_t app, int keyno,
       /* Right justify E. */
       memmove (tp + rsa_e_reqlen - rsa_e_len, tp, rsa_e_len);
       memset (tp, 0, rsa_e_reqlen - rsa_e_len);
-    }                 
+    }
   tp += rsa_e_reqlen;
-      
+
   memcpy (tp, rsa_p, rsa_p_len);
   tp += rsa_p_len;
-      
+
   memcpy (tp, rsa_q, rsa_q_len);
   tp += rsa_q_len;
-  
+
   if (app->app_local->keyattr[keyno].format == RSA_STD_N
       || app->app_local->keyattr[keyno].format == RSA_CRT_N)
     {
@@ -2378,7 +2378,7 @@ change_keyattr (app_t app, int keyno, unsigned int nbits,
       xfree (relptr);
       return gpg_error (GPG_ERR_CARD);
     }
-  
+
   /* We only change n_bits and don't touch anything else.  Before we
      do so, we round up NBITS to a sensible way in the same way as
      gpg's key generation does it.  This may help to sort out problems
@@ -2413,8 +2413,8 @@ change_keyattr (app_t app, int keyno, unsigned int nbits,
 
 /* Helper to process an setattr command for name KEY-ATTR.  It expects
    a string "--force   " in (VALUE,VALUELEN).  */
-static gpg_error_t 
-change_keyattr_from_string (app_t app, 
+static gpg_error_t
+change_keyattr_from_string (app_t app,
                             gpg_error_t (*pincb)(void*, const char *, char **),
                             void *pincb_arg,
                             const void *value, size_t valuelen)
@@ -2494,13 +2494,13 @@ do_writekey (app_t app, ctrl_t ctrl,
     keyno = 2;
   else
     return gpg_error (GPG_ERR_INV_ID);
-  
+
   err = does_key_exist (app, keyno, 0, force);
   if (err)
     return err;
 
 
-  /* 
+  /*
      Parse the S-expression
    */
   buf = keydata;
@@ -2548,10 +2548,10 @@ do_writekey (app_t app, ctrl_t ctrl,
 
           switch (*tok)
             {
-            case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break; 
-            case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break; 
-            case 'p': mpi = &rsa_p; mpi_len = &rsa_p_len; break; 
-            case 'q': mpi = &rsa_q; mpi_len = &rsa_q_len;break; 
+            case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
+            case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
+            case 'p': mpi = &rsa_p; mpi_len = &rsa_p_len; break;
+            case 'q': mpi = &rsa_q; mpi_len = &rsa_q_len;break;
             default: mpi = NULL;  mpi_len = NULL; break;
             }
           if (mpi && *mpi)
@@ -2623,7 +2623,7 @@ do_writekey (app_t app, ctrl_t ctrl,
   maxbits = app->app_local->keyattr[keyno].n_bits;
   nbits = rsa_n? count_bits (rsa_n, rsa_n_len) : 0;
   if (opt.verbose)
-    log_info ("RSA modulus size is %u bits (%u bytes)\n", 
+    log_info ("RSA modulus size is %u bits (%u bytes)\n",
               nbits, (unsigned int)rsa_n_len);
   if (nbits && nbits != maxbits
       && app->app_local->extcap.algo_attr_change)
@@ -2635,7 +2635,7 @@ do_writekey (app_t app, ctrl_t ctrl,
     }
   if (nbits != maxbits)
     {
-      log_error (_("RSA modulus missing or not of size %d bits\n"), 
+      log_error (_("RSA modulus missing or not of size %d bits\n"),
                  (int)maxbits);
       err = gpg_error (GPG_ERR_BAD_SECKEY);
       goto leave;
@@ -2657,7 +2657,7 @@ do_writekey (app_t app, ctrl_t ctrl,
   nbits = rsa_p? count_bits (rsa_p, rsa_p_len) : 0;
   if (nbits != maxbits)
     {
-      log_error (_("RSA prime %s missing or not of size %d bits\n"), 
+      log_error (_("RSA prime %s missing or not of size %d bits\n"),
                  "P", (int)maxbits);
       err = gpg_error (GPG_ERR_BAD_SECKEY);
       goto leave;
@@ -2665,12 +2665,12 @@ do_writekey (app_t app, ctrl_t ctrl,
   nbits = rsa_q? count_bits (rsa_q, rsa_q_len) : 0;
   if (nbits != maxbits)
     {
-      log_error (_("RSA prime %s missing or not of size %d bits\n"), 
+      log_error (_("RSA prime %s missing or not of size %d bits\n"),
                  "Q", (int)maxbits);
       err = gpg_error (GPG_ERR_BAD_SECKEY);
       goto leave;
     }
-  
+
   /* We need to remove the cached public key.  */
   xfree (app->app_local->pk[keyno].key);
   app->app_local->pk[keyno].key = NULL;
@@ -2683,7 +2683,7 @@ do_writekey (app_t app, ctrl_t ctrl,
       /* Build the private key template as described in section 4.3.3.7 of
          the OpenPGP card specs version 2.0.  */
       int exmode;
- 
+
       err = build_privkey_template (app, keyno,
                                     rsa_n, rsa_n_len,
                                     rsa_e, rsa_e_len,
@@ -2713,8 +2713,8 @@ do_writekey (app_t app, ctrl_t ctrl,
       /* Build the private key template as described in section 4.3.3.6 of
          the OpenPGP card specs version 1.1:
          0xC0    public exponent
-         0xC1    prime p 
-         0xC2    prime q 
+         0xC1    prime p
+         0xC2    prime q
       */
       assert (rsa_e_len <= 4);
       template_len = (1 + 1 + 4
@@ -2734,21 +2734,21 @@ do_writekey (app_t app, ctrl_t ctrl,
           /* Right justify E. */
           memmove (tp+4-rsa_e_len, tp, rsa_e_len);
           memset (tp, 0, 4-rsa_e_len);
-        }                 
+        }
       tp += 4;
-      
+
       *tp++ = 0xC1;
       *tp++ = rsa_p_len;
       memcpy (tp, rsa_p, rsa_p_len);
       tp += rsa_p_len;
-      
+
       *tp++ = 0xC2;
       *tp++ = rsa_q_len;
       memcpy (tp, rsa_q, rsa_q_len);
       tp += rsa_q_len;
-      
+
       assert (tp - template == template_len);
-      
+
       /* Prepare for storing the key.  */
       err = verify_chv3 (app, pincb, pincb_arg);
       if (err)
@@ -2764,7 +2764,7 @@ do_writekey (app_t app, ctrl_t ctrl,
       log_error (_("failed to store the key: %s\n"), gpg_strerror (err));
       goto leave;
     }
- 
+
   err = store_fpr (app, keyno, created_at,
                   rsa_n, rsa_n_len, rsa_e, rsa_e_len,
                   fprbuf, app->card_version);
@@ -2779,7 +2779,7 @@ do_writekey (app_t app, ctrl_t ctrl,
 
 
 /* Handle the GENKEY command. */
-static gpg_error_t 
+static gpg_error_t
 do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
            time_t createtime,
            gpg_error_t (*pincb)(void*, const char *, char **),
@@ -2797,7 +2797,7 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
   time_t start_at;
   int exmode;
   int le_value;
-  unsigned int keybits; 
+  unsigned int keybits;
 
   if (keyno < 1 || keyno > 3)
     return gpg_error (GPG_ERR_INV_ID);
@@ -2821,7 +2821,7 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
   /* Because we send the key parameter back via status lines we need
      to put a limit on the max. allowed keysize.  2048 bit will
      already lead to a 527 byte long status line and thus a 4096 bit
-     key would exceed the Assuan line length limit.  */ 
+     key would exceed the Assuan line length limit.  */
   keybits = app->app_local->keyattr[keyno].n_bits;
   if (keybits > 3072)
     return gpg_error (GPG_ERR_TOO_LARGE);
@@ -2839,7 +2839,7 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
       le_value = app->app_local->extcap.max_rsp_data;
       /* No need to check le_value because it comes from a 16 bit
          value and thus can't create an overflow on a 32 bit
-         system.  */ 
+         system.  */
     }
   else
     {
@@ -2849,10 +2849,10 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
 
   log_info (_("please wait while key is being generated ...\n"));
   start_at = time (NULL);
-  rc = iso7816_generate_keypair 
+  rc = iso7816_generate_keypair
 /* # warning key generation temporary replaced by reading an existing key. */
 /*   rc = iso7816_read_public_key */
-    (app->slot, exmode, 
+    (app->slot, exmode,
      (const unsigned char*)(keyno == 0? "\xB6" :
                             keyno == 1? "\xB8" : "\xA4"), 2,
      le_value,
@@ -2873,7 +2873,7 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
       log_error (_("response does not contain the public key data\n"));
       goto leave;
     }
- 
+
   m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
   if (!m)
     {
@@ -2950,7 +2950,7 @@ compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
   unsigned char *buffer;
   size_t buflen, n;
   int rc, i;
-  
+
   assert (keyno >= 1 && keyno <= 3);
 
   rc = get_cached_data (app, 0x006E, &buffer, &buflen, 0, 0);
@@ -3014,12 +3014,12 @@ check_against_given_fingerprint (app_t app, const char *fpr, int keyno)
    Note that this function may return the error code
    GPG_ERR_WRONG_CARD to indicate that the card currently present does
    not match the one required for the requested action (e.g. the
-   serial number does not match). 
-   
+   serial number does not match).
+
    As a special feature a KEYIDSTR of "OPENPGP.3" redirects the
    operation to the auth command.
 */
-static gpg_error_t 
+static gpg_error_t
 do_sign (app_t app, const char *keyidstr, int hashalgo,
          gpg_error_t (*pincb)(void*, const char *, char **),
          void *pincb_arg,
@@ -3071,7 +3071,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
     {                                                         \
       indata = (const char*)indata + sizeof b ## _prefix;     \
       indatalen -= sizeof b ## _prefix;                       \
-    }                                                         
+    }
 
   if (indatalen == 20)
     ;  /* Assume a plain SHA-1 or RMD160 digest has been given.  */
@@ -3081,7 +3081,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   else X(SHA256, sha256, 32, app->app_local->extcap.is_v2)
   else X(SHA384, sha384, 48, app->app_local->extcap.is_v2)
   else X(SHA512, sha512, 64, app->app_local->extcap.is_v2)
-  else if ((indatalen == 28 || indatalen == 32 
+  else if ((indatalen == 28 || indatalen == 32
             || indatalen == 48 || indatalen ==64)
            && app->app_local->extcap.is_v2)
     ;  /* Assume a plain SHA-3 digest has been given.  */
@@ -3110,7 +3110,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
       else if (!*s)
 	; /* no fingerprint given: we allow this for now. */
       else if (*s == '/')
-	fpr = s + 1; 
+	fpr = s + 1;
       else
 	return gpg_error (GPG_ERR_INV_ID);
 
@@ -3141,7 +3141,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
       assert (datalen <= sizeof data);                        \
       memcpy (data, b ## _prefix, sizeof b ## _prefix);       \
       memcpy (data + sizeof b ## _prefix, indata, indatalen); \
-    }                                                         
+    }
 
   X(SHA1,   sha1,   1)
   else X(RMD160, rmd160, 1)
@@ -3149,7 +3149,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   else X(SHA256, sha256, app->app_local->extcap.is_v2)
   else X(SHA384, sha384, app->app_local->extcap.is_v2)
   else X(SHA512, sha512, app->app_local->extcap.is_v2)
-  else 
+  else
     return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
 #undef X
 
@@ -3166,7 +3166,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   log_info (_("signatures created so far: %lu\n"), sigcount);
 
   /* Check CHV if needed.  */
-  if (!app->did_chv1 || app->force_chv1 ) 
+  if (!app->did_chv1 || app->force_chv1 )
     {
       char *pinvalue;
 
@@ -3207,7 +3207,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   else
     {
       exmode = 0;
-      le_value = 0; 
+      le_value = 0;
     }
   rc = iso7816_compute_ds (app->slot, exmode, data, datalen, le_value,
                            outdata, outdatalen);
@@ -3224,7 +3224,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
    GPG_ERR_WRONG_CARD to indicate that the card currently present does
    not match the one required for the requested action (e.g. the
    serial number does not match). */
-static gpg_error_t 
+static gpg_error_t
 do_auth (app_t app, const char *keyidstr,
          gpg_error_t (*pincb)(void*, const char *, char **),
          void *pincb_arg,
@@ -3256,13 +3256,13 @@ do_auth (app_t app, const char *keyidstr,
       else if (!*s)
         ; /* no fingerprint given: we allow this for now. */
       else if (*s == '/')
-        fpr = s + 1; 
+        fpr = s + 1;
       else
         return gpg_error (GPG_ERR_INV_ID);
 
       for (s=keyidstr, n=0; n < 16; s += 2, n++)
         tmp_sn[n] = xtoi_2 (s);
-      
+
       if (app->serialnolen != 16)
         return gpg_error (GPG_ERR_INV_CARD);
       if (memcmp (app->serialno, tmp_sn, 16))
@@ -3292,7 +3292,7 @@ do_auth (app_t app, const char *keyidstr,
       else
         {
           exmode = 0;
-          le_value = 0; 
+          le_value = 0;
         }
       rc = iso7816_internal_authenticate (app->slot, exmode,
                                           indata, indatalen, le_value,
@@ -3302,7 +3302,7 @@ do_auth (app_t app, const char *keyidstr,
 }
 
 
-static gpg_error_t 
+static gpg_error_t
 do_decipher (app_t app, const char *keyidstr,
              gpg_error_t (*pincb)(void*, const char *, char **),
              void *pincb_arg,
@@ -3333,13 +3333,13 @@ do_decipher (app_t app, const char *keyidstr,
       else if (!*s)
 	; /* no fingerprint given: we allow this for now. */
       else if (*s == '/')
-	fpr = s + 1; 
+	fpr = s + 1;
       else
 	return gpg_error (GPG_ERR_INV_ID);
-      
+
       for (s=keyidstr, n=0; n < 16; s += 2, n++)
 	tmp_sn[n] = xtoi_2 (s);
-      
+
       if (app->serialnolen != 16)
 	return gpg_error (GPG_ERR_INV_CARD);
       if (memcmp (app->serialno, tmp_sn, 16))
@@ -3390,7 +3390,7 @@ do_decipher (app_t app, const char *keyidstr,
           fixbuf = xtrymalloc (fixuplen + indatalen);
           if (!fixbuf)
             return gpg_error_from_syserror ();
-          
+
           memset (fixbuf, 0, fixuplen);
           memcpy (fixbuf+fixuplen, indata, indatalen);
           indata = fixbuf;
@@ -3409,9 +3409,9 @@ do_decipher (app_t app, const char *keyidstr,
           le_value = 0;
         }
       else
-        exmode = le_value = 0;    
+        exmode = le_value = 0;
 
-      rc = iso7816_decipher (app->slot, exmode, 
+      rc = iso7816_decipher (app->slot, exmode,
                              indata, indatalen, le_value, padind,
                              outdata, outdatalen);
       xfree (fixbuf);
@@ -3431,12 +3431,12 @@ do_decipher (app_t app, const char *keyidstr,
    There is a special mode if the keyidstr is "[CHV3]" with
    the "[CHV3]" being a literal string:  The Admin Pin is checked if
    and only if the retry counter is still at 3. */
-static gpg_error_t 
+static gpg_error_t
 do_check_pin (app_t app, const char *keyidstr,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg)
 {
-  unsigned char tmp_sn[20]; 
+  unsigned char tmp_sn[20];
   const char *s;
   int n;
   int admin_pin = 0;
@@ -3447,7 +3447,7 @@ do_check_pin (app_t app, const char *keyidstr,
   /* Check whether an OpenPGP card of any version has been requested. */
   if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
     return gpg_error (GPG_ERR_INV_ID);
-  
+
   for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
     ;
   if (n != 32)
@@ -3480,7 +3480,7 @@ do_check_pin (app_t app, const char *keyidstr,
       unsigned char *value;
       size_t valuelen;
       int count;
-      
+
       relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
       if (!relptr || valuelen < 7)
         {
@@ -3541,7 +3541,7 @@ show_caps (struct app_local_s *s)
 /* Parse the historical bytes in BUFFER of BUFLEN and store them in
    APPLOC.  */
 static void
-parse_historical (struct app_local_s *apploc, 
+parse_historical (struct app_local_s *apploc,
                   const unsigned char * buffer, size_t buflen)
 {
   /* Example buffer: 00 31 C5 73 C0 01 80 00 90 00  */
@@ -3553,9 +3553,9 @@ parse_historical (struct app_local_s *apploc,
   if (*buffer)
     {
       log_error ("warning: bad category indicator in historical bytes\n");
-      return; 
+      return;
     }
-  
+
   /* Skip category indicator.  */
   buffer++;
   buflen--;
@@ -3590,9 +3590,9 @@ parse_historical (struct app_local_s *apploc,
 
 /* Parse and optionally show the algorithm attributes for KEYNO.
    KEYNO must be in the range 0..2.  */
-static void 
+static void
 parse_algorithm_attribute (app_t app, int keyno)
-{ 
+{
   unsigned char *buffer;
   size_t buflen;
   void *relptr;
@@ -3601,7 +3601,7 @@ parse_algorithm_attribute (app_t app, int keyno)
   assert (keyno >=0 && keyno <= 2);
 
   app->app_local->keyattr[keyno].n_bits = 0;
-      
+
   relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL);
   if (!relptr)
     {
@@ -3628,7 +3628,7 @@ parse_algorithm_attribute (app_t app, int keyno)
         app->app_local->keyattr[keyno].format = (buffer[5] == 0? RSA_STD   :
                                                  buffer[5] == 1? RSA_STD_N :
                                                  buffer[5] == 2? RSA_CRT   :
-                                                 buffer[5] == 3? RSA_CRT_N : 
+                                                 buffer[5] == 3? RSA_CRT_N :
                                                  RSA_UNKNOWN_FMT);
 
       if (opt.verbose)
@@ -3658,7 +3658,7 @@ app_select_openpgp (app_t app)
   unsigned char *buffer;
   size_t buflen;
   void *relptr;
-  
+
   /* Note that the card can't cope with P2=0xCO, thus we need to pass a
      special flag value. */
   rc = iso7816_select_application (slot, aid, sizeof aid, 0x0001);
@@ -3751,7 +3751,7 @@ app_select_openpgp (app_t app)
         {
           /* Available with v2 cards.  */
           app->app_local->extcap.sm_aes128     = (buffer[1] == 1);
-          app->app_local->extcap.max_get_challenge 
+          app->app_local->extcap.max_get_challenge
                                                = (buffer[2] << 8 | buffer[3]);
           app->app_local->extcap.max_certlen_3 = (buffer[4] << 8 | buffer[5]);
           app->app_local->extcap.max_cmd_data  = (buffer[6] << 8 | buffer[7]);
@@ -3772,7 +3772,7 @@ app_select_openpgp (app_t app)
       parse_algorithm_attribute (app, 0);
       parse_algorithm_attribute (app, 1);
       parse_algorithm_attribute (app, 2);
-      
+
       if (opt.verbose > 1)
         dump_all_do (slot);
 
@@ -3797,6 +3797,3 @@ leave:
     do_deinit (app);
   return rc;
 }
-
-
-
diff --git a/scd/app-p15.c b/scd/app-p15.c
index f7c4cfee9..8e3081409 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -22,7 +22,7 @@
        Unblock PUK: "222222111111"
        Reset PIN:   "333333111111")
 
-   e.g. the APDUs 00:20:00:02:08:2C:33:33:33:11:11:11:FF 
+   e.g. the APDUs 00:20:00:02:08:2C:33:33:33:11:11:11:FF
               and 00:24:01:01:08:24:12:34:FF:FF:FF:FF:FF
    should change the PIN into 1234.
 */
@@ -50,22 +50,22 @@ typedef enum
     CARD_TYPE_TCOS,
     CARD_TYPE_MICARDO,
     CARD_TYPE_BELPIC   /* Belgian eID card specs. */
-  } 
+  }
 card_type_t;
 
 /* A list card types with ATRs noticed with these cards. */
 #define X(a) ((unsigned char const *)(a))
-static struct 
+static struct
 {
   size_t atrlen;
   unsigned char const *atr;
   card_type_t type;
 } card_atr_list[] = {
   { 19, X("\x3B\xBA\x13\x00\x81\x31\x86\x5D\x00\x64\x05\x0A\x02\x01\x31\x80"
-          "\x90\x00\x8B"), 
+          "\x90\x00\x8B"),
     CARD_TYPE_TCOS },  /* SLE44 */
   { 19, X("\x3B\xBA\x14\x00\x81\x31\x86\x5D\x00\x64\x05\x14\x02\x02\x31\x80"
-          "\x90\x00\x91"), 
+          "\x90\x00\x91"),
     CARD_TYPE_TCOS }, /* SLE66S */
   { 19, X("\x3B\xBA\x96\x00\x81\x31\x86\x5D\x00\x64\x05\x60\x02\x03\x31\x80"
           "\x90\x00\x66"),
@@ -96,7 +96,7 @@ static char const pkcs15be_aid[] = { 0xA0, 0, 0, 0x01, 0x77,
 
 
 /* The PIN types as defined in pkcs#15 v1.1 */
-typedef enum 
+typedef enum
   {
     PIN_TYPE_BCD = 0,
     PIN_TYPE_ASCII_NUMERIC = 1,
@@ -130,10 +130,10 @@ typedef struct keyusage_flags_s keyusage_flags_t;
    us. To keep memory management, simple we use a linked list of
    items; i.e. one such object represents one certificate and the list
    the entire CDF. */
-struct cdf_object_s 
+struct cdf_object_s
 {
   /* Link to next item when used in a linked list. */
-  struct cdf_object_s *next; 
+  struct cdf_object_s *next;
 
   /* Length and allocated buffer with the Id of this object. */
   size_t objidlen;
@@ -143,7 +143,7 @@ struct cdf_object_s
      allocated memory IMAGE of IMAGELEN. */
   size_t imagelen;
   unsigned char *image;
-  
+
   /* Set to true if a length and offset is available. */
   int have_off;
   /* The offset and length of the object.  They are only valid if
@@ -164,10 +164,10 @@ typedef struct cdf_object_s *cdf_object_t;
    by us. To keep memory management, simple we use a linked list of
    items; i.e. one such object represents one certificate and the list
    the entire PrKDF. */
-struct prkdf_object_s 
+struct prkdf_object_s
 {
   /* Link to next item when used in a linked list. */
-  struct prkdf_object_s *next; 
+  struct prkdf_object_s *next;
 
   /* Length and allocated buffer with the Id of this object. */
   size_t objidlen;
@@ -181,7 +181,7 @@ struct prkdf_object_s
   /* The key's usage flags. */
   keyusage_flags_t usageflags;
 
-  /* The keyReference and a flag telling whether it is valid. */ 
+  /* The keyReference and a flag telling whether it is valid. */
   unsigned long key_reference;
   int key_reference_valid;
 
@@ -204,10 +204,10 @@ typedef struct prkdf_object_s *prkdf_object_t;
    processing by us. To keep memory management, simple we use a linked
    list of items; i.e. one such object represents one authentication
    object and the list the entire AOKDF. */
-struct aodf_object_s 
+struct aodf_object_s
 {
   /* Link to next item when used in a linked list. */
-  struct aodf_object_s *next; 
+  struct aodf_object_s *next;
 
   /* Length and allocated buffer with the Id of this object. */
   size_t objidlen;
@@ -219,7 +219,7 @@ struct aodf_object_s
   unsigned char *authid;
 
   /* The PIN Flags. */
-  struct 
+  struct
   {
     unsigned int case_sensitive: 1;
     unsigned int local: 1;
@@ -248,7 +248,7 @@ struct aodf_object_s
   unsigned long max_length;
   int max_length_valid;
 
-  /* The pinReference and a flag telling whether it is valid. */ 
+  /* The pinReference and a flag telling whether it is valid. */
   unsigned long pin_reference;
   int pin_reference_valid;
 
@@ -273,7 +273,7 @@ typedef struct aodf_object_s *aodf_object_t;
 
 
 /* Context local to this application. */
-struct app_local_s 
+struct app_local_s
 {
   /* The home DF. Note, that we don't yet support a multilevel
      hierachy.  Thus we assume this is directly below the MF.  */
@@ -298,7 +298,7 @@ struct app_local_s
     unsigned short useful_certificates;
     unsigned short data_objects;
     unsigned short auth_objects;
-  } odf;  
+  } odf;
 
   /* The PKCS#15 serialnumber from EF(TokeiNFo) or NULL.  Malloced. */
   unsigned char *serialno;
@@ -403,7 +403,7 @@ do_deinit (app_t app)
    desctription of the EF to be used with error messages.  On success
    BUFFER and BUFLEN contain the entire content of the EF.  The caller
    must free BUFFER only on success. */
-static gpg_error_t 
+static gpg_error_t
 select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
                         unsigned char **buffer, size_t *buflen)
 {
@@ -428,7 +428,7 @@ select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
 
 
 /* This function calls select file to read a file using a complete
-   path which may or may not start at the master file (MF). */ 
+   path which may or may not start at the master file (MF). */
 static gpg_error_t
 select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
 {
@@ -440,7 +440,7 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
 
   if (pathlen && *path != 0x3f00 )
     log_debug ("WARNING: relative path selection not yet implemented\n");
-      
+
   if (app->app_local->direct_path_selection)
     {
       err = iso7816_select_path (app->slot, path+1, pathlen-1, NULL, NULL);
@@ -594,11 +594,11 @@ prkdf_object_from_keyidstr (app_t app, const char *keyidstr,
    Example of such a file:
 
    A0 06 30 04 04 02 60 34  = Private Keys
-   A4 06 30 04 04 02 60 35  = Certificates 
+   A4 06 30 04 04 02 60 35  = Certificates
    A5 06 30 04 04 02 60 36  = TrustedCertificates
    A7 06 30 04 04 02 60 37  = DataObjects
    A8 06 30 04 04 02 60 38  = AuthObjects
-    
+
    These are all PathOrObjects using the path CHOICE element.  The
    paths are octet strings of length 2.  Using this Path CHOICE
    element is recommended, so we only implement that for now.
@@ -631,7 +631,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
         {
           offset = 6;
         }
-      else if ( buflen >= 12 
+      else if ( buflen >= 12
                 && (p[0] & 0xf0) == 0xA0
                 && !memcmp (p+1, "\x0a\x30\x08\x04\x06\x3F\x00", 7)
                 && app->app_local->home_df == ((p[8]<<8)|p[9]) )
@@ -678,7 +678,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
         case 6: app->app_local->odf.useful_certificates = value; break;
         case 7: app->app_local->odf.data_objects = value; break;
         case 8: app->app_local->odf.auth_objects = value; break;
-        default: 
+        default:
           log_error ("unknown object type %d in ODF ignored\n", (p[0]&0x0f));
         }
       offset += 2;
@@ -710,7 +710,7 @@ parse_keyusage_flags (const unsigned char *der, size_t derlen,
   memset (usageflags, 0, sizeof *usageflags);
   if (!derlen)
     return gpg_error (GPG_ERR_INV_OBJ);
-          
+
   unused = *der++; derlen--;
   if ((!derlen && unused) || unused/8 > derlen)
     return gpg_error (GPG_ERR_ENCODING_PROBLEM);
@@ -719,28 +719,28 @@ parse_keyusage_flags (const unsigned char *der, size_t derlen,
   mask = 0;
   for (i=1; unused; i <<= 1, unused--)
     mask |= i;
-  
+
   /* First octet */
   if (derlen)
     {
       bits = *der++; derlen--;
       if (full)
         full--;
-      else 
+      else
         {
           bits &= ~mask;
-          mask = 0; 
+          mask = 0;
         }
     }
   else
     bits = 0;
   if ((bits & 0x80)) usageflags->encrypt = 1;
   if ((bits & 0x40)) usageflags->decrypt = 1;
-  if ((bits & 0x20)) usageflags->sign = 1;  
+  if ((bits & 0x20)) usageflags->sign = 1;
   if ((bits & 0x10)) usageflags->sign_recover = 1;
   if ((bits & 0x08)) usageflags->wrap = 1;
-  if ((bits & 0x04)) usageflags->unwrap = 1; 
-  if ((bits & 0x02)) usageflags->verify = 1;  
+  if ((bits & 0x04)) usageflags->unwrap = 1;
+  if ((bits & 0x02)) usageflags->verify = 1;
   if ((bits & 0x01)) usageflags->verify_recover = 1;
 
   /* Second octet. */
@@ -749,10 +749,10 @@ parse_keyusage_flags (const unsigned char *der, size_t derlen,
       bits = *der++; derlen--;
       if (full)
         full--;
-      else 
+      else
         {
           bits &= ~mask;
-          mask = 0; 
+          mask = 0;
         }
     }
   else
@@ -823,14 +823,14 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
   int class, tag, constructed, ndef;
   prkdf_object_t prkdflist = NULL;
   int i;
-  
+
   if (!fid)
     return gpg_error (GPG_ERR_NO_DATA); /* No private keys. */
-  
+
   err = select_and_read_binary (app->slot, fid, "PrKDF", &buffer, &buflen);
   if (err)
     return err;
-  
+
   p = buffer;
   n = buflen;
 
@@ -995,7 +995,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
             /* Skip the native element. */
             ppp += objlen;
             nnn -= objlen;
-            
+
             err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
                                     &ndef, &objlen, &hdrlen);
             if (gpg_err_code (err) == GPG_ERR_EOF)
@@ -1010,7 +1010,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
             /* Skip the accessFlags. */
             ppp += objlen;
             nnn -= objlen;
-            
+
             err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
                                     &ndef, &objlen, &hdrlen);
             if (gpg_err_code (err) == GPG_ERR_EOF)
@@ -1026,7 +1026,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
             for (ul=0; objlen; objlen--)
               {
                 ul <<= 8;
-                ul |= (*ppp++) & 0xff; 
+                ul |= (*ppp++) & 0xff;
                 nnn--;
             }
             key_reference = ul;
@@ -1050,7 +1050,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
         {
           pp += objlen;
           nn -= objlen;
-      
+
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -1124,7 +1124,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
           goto parse_error;
         }
       /* Create a new PrKDF list item. */
-      prkdf = xtrycalloc (1, (sizeof *prkdf 
+      prkdf = xtrycalloc (1, (sizeof *prkdf
                               - sizeof(unsigned short)
                               + objlen/2 * sizeof(unsigned short)));
       if (!prkdf)
@@ -1175,15 +1175,15 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
             err = gpg_error (GPG_ERR_INV_OBJ);
           if (err)
             goto parse_error;
-          
+
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
-              ul |= (*pp++) & 0xff; 
+              ul |= (*pp++) & 0xff;
               nn--;
             }
           prkdf->off = ul;
-          
+
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -1192,11 +1192,11 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
             err = gpg_error (GPG_ERR_INV_OBJ);
           if (err)
             goto parse_error;
-          
+
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
-              ul |= (*pp++) & 0xff; 
+              ul |= (*pp++) & 0xff;
               nn--;
             }
           prkdf->len = ul;
@@ -1235,7 +1235,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
       if (prkdf->usageflags.non_repudiation)
         log_printf ("%snon_repudiation", s), s = ",";
       log_printf ("\n");
-      
+
       /* Put it into the list. */
       prkdf->next = prkdflist;
       prkdflist = prkdf;
@@ -1279,14 +1279,14 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
   int class, tag, constructed, ndef;
   cdf_object_t cdflist = NULL;
   int i;
-  
+
   if (!fid)
     return gpg_error (GPG_ERR_NO_DATA); /* No certificates. */
-  
+
   err = select_and_read_binary (app->slot, fid, "CDF", &buffer, &buflen);
   if (err)
     return err;
-  
+
   p = buffer;
   n = buflen;
 
@@ -1303,7 +1303,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
       unsigned long ul;
       const unsigned char *objid;
       size_t objidlen;
-      
+
       err = parse_ber_header (&p, &n, &class, &tag, &constructed,
                               &ndef, &objlen, &hdrlen);
       if (!err && (objlen > n || tag != TAG_SEQUENCE))
@@ -1410,7 +1410,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
           goto parse_error;
         }
       /* Create a new CDF list item. */
-      cdf = xtrycalloc (1, (sizeof *cdf 
+      cdf = xtrycalloc (1, (sizeof *cdf
                             - sizeof(unsigned short)
                             + objlen/2 * sizeof(unsigned short)));
       if (!cdf)
@@ -1444,15 +1444,15 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
             err = gpg_error (GPG_ERR_INV_OBJ);
           if (err)
             goto parse_error;
-          
+
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
-              ul |= (*pp++) & 0xff; 
+              ul |= (*pp++) & 0xff;
               nn--;
             }
           cdf->off = ul;
-          
+
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -1461,11 +1461,11 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
             err = gpg_error (GPG_ERR_INV_OBJ);
           if (err)
             goto parse_error;
-          
+
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
-              ul |= (*pp++) & 0xff; 
+              ul |= (*pp++) & 0xff;
               nn--;
             }
           cdf->len = ul;
@@ -1480,7 +1480,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
       if (cdf->have_off)
         log_printf ("[%lu/%lu]", cdf->off, cdf->len);
       log_printf ("\n");
-      
+
       /* Put it into the list. */
       cdf->next = cdflist;
       cdflist = cdf;
@@ -1552,14 +1552,14 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
   int class, tag, constructed, ndef;
   aodf_object_t aodflist = NULL;
   int i;
-  
+
   if (!fid)
     return gpg_error (GPG_ERR_NO_DATA); /* No authentication objects. */
-  
+
   err = select_and_read_binary (app->slot, fid, "AODF", &buffer, &buflen);
   if (err)
     return err;
-  
+
   p = buffer;
   n = buflen;
 
@@ -1749,7 +1749,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       {
         unsigned int bits, mask;
         int unused, full;
-        
+
         unused = *pp++; nn--; objlen--;
         if ((!objlen && unused) || unused/8 > objlen)
           {
@@ -1761,7 +1761,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
         mask = 0;
         for (i=1; unused; i <<= 1, unused--)
           mask |= i;
-      
+
         /* The first octet */
         bits = 0;
         if (objlen)
@@ -1769,27 +1769,27 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
             bits = *pp++; nn--; objlen--;
             if (full)
               full--;
-            else 
+            else
               {
                 bits &= ~mask;
-                mask = 0; 
+                mask = 0;
               }
           }
         if ((bits & 0x80)) /* ASN.1 bit 0. */
           aodf->pinflags.case_sensitive = 1;
         if ((bits & 0x40)) /* ASN.1 bit 1. */
           aodf->pinflags.local = 1;
-        if ((bits & 0x20)) 
+        if ((bits & 0x20))
           aodf->pinflags.change_disabled = 1;
-        if ((bits & 0x10)) 
+        if ((bits & 0x10))
           aodf->pinflags.unblock_disabled = 1;
-        if ((bits & 0x08)) 
+        if ((bits & 0x08))
           aodf->pinflags.initialized = 1;
-        if ((bits & 0x04)) 
+        if ((bits & 0x04))
           aodf->pinflags.needs_padding = 1;
-        if ((bits & 0x02)) 
+        if ((bits & 0x02))
           aodf->pinflags.unblocking_pin = 1;
-        if ((bits & 0x01)) 
+        if ((bits & 0x01))
           aodf->pinflags.so_pin = 1;
         /* The second octet. */
         bits = 0;
@@ -1798,19 +1798,19 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
             bits = *pp++; nn--; objlen--;
             if (full)
               full--;
-            else 
+            else
               {
                 bits &= ~mask;
-                mask = 0; 
+                mask = 0;
               }
           }
-        if ((bits & 0x80)) 
+        if ((bits & 0x80))
           aodf->pinflags.disable_allowed = 1;
-        if ((bits & 0x40)) 
+        if ((bits & 0x40))
           aodf->pinflags.integrity_protected = 1;
-        if ((bits & 0x20)) 
+        if ((bits & 0x20))
           aodf->pinflags.confidentiality_protected = 1;
-        if ((bits & 0x10)) 
+        if ((bits & 0x10))
           aodf->pinflags.exchange_ref_data = 1;
         /* Skip remaining bits. */
         pp += objlen;
@@ -1833,7 +1833,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       for (ul=0; objlen; objlen--)
         {
           ul <<= 8;
-          ul |= (*pp++) & 0xff; 
+          ul |= (*pp++) & 0xff;
           nn--;
         }
       aodf->pintype = ul;
@@ -1853,7 +1853,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       for (ul=0; objlen; objlen--)
         {
           ul <<= 8;
-          ul |= (*pp++) & 0xff; 
+          ul |= (*pp++) & 0xff;
           nn--;
         }
       aodf->min_length = ul;
@@ -1873,7 +1873,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       for (ul=0; objlen; objlen--)
         {
           ul <<= 8;
-          ul |= (*pp++) & 0xff; 
+          ul |= (*pp++) & 0xff;
           nn--;
         }
       aodf->stored_length = ul;
@@ -1898,12 +1898,12 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
-              ul |= (*pp++) & 0xff; 
+              ul |= (*pp++) & 0xff;
               nn--;
             }
           aodf->max_length = ul;
           aodf->max_length_valid = 1;
-          
+
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -1926,12 +1926,12 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
-              ul |= (*pp++) & 0xff; 
+              ul |= (*pp++) & 0xff;
               nn--;
             }
           aodf->pin_reference = ul;
           aodf->pin_reference_valid = 1;
-          
+
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -1953,7 +1953,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
             }
           aodf->pad_char = *pp++; nn--;
           aodf->pad_char_valid = 1;
-          
+
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -1970,7 +1970,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
         {
           pp += objlen;
           nn -= objlen;
-          
+
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -1987,7 +1987,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
         {
           const unsigned char *ppp = pp;
           size_t nnn = objlen;
-          
+
           pp += objlen;
           nn -= objlen;
 
@@ -2014,7 +2014,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
             goto no_core;
           for (i=0; i < aodf->pathlen; i++, ppp += 2, nnn -= 2)
             aodf->path[i] = ((ppp[0] << 8) | ppp[1]);
-          
+
           if (nnn)
             {
               /* An index and length follows. */
@@ -2027,15 +2027,15 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
                 err = gpg_error (GPG_ERR_INV_OBJ);
               if (err)
                 goto parse_error;
-              
+
               for (ul=0; objlen; objlen--)
                 {
                   ul <<= 8;
-                  ul |= (*ppp++) & 0xff; 
+                  ul |= (*ppp++) & 0xff;
                   nnn--;
                 }
               aodf->off = ul;
-              
+
               where = __LINE__;
               err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
                                       &ndef, &objlen, &hdrlen);
@@ -2044,17 +2044,17 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
                 err = gpg_error (GPG_ERR_INV_OBJ);
               if (err)
                 goto parse_error;
-              
+
               for (ul=0; objlen; objlen--)
                 {
                   ul <<= 8;
-                  ul |= (*ppp++) & 0xff; 
+                  ul |= (*ppp++) & 0xff;
                   nnn--;
                 }
               aodf->len = ul;
             }
         }
-      
+
       /* Igonore further objects which might be there due to future
          extensions of pkcs#15. */
 
@@ -2126,7 +2126,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
             log_printf ("[%lu/%lu]", aodf->off, aodf->len);
         }
       log_printf ("\n");
-      
+
       /* Put it into the list. */
       aodf->next = aodflist;
       aodflist = aodf;
@@ -2158,7 +2158,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
 
 
 
-/* Read and parse the EF(TokenInfo). 
+/* Read and parse the EF(TokenInfo).
 
 TokenInfo ::= SEQUENCE {
     version		INTEGER {v1(0)} (v1,...),
@@ -2174,7 +2174,7 @@ TokenInfo ::= SEQUENCE {
     holderId		[4] Label OPTIONAL,
     lastUpdate		[5] LastUpdate OPTIONAL,
     preferredLanguage	PrintableString OPTIONAL -- In accordance with
-    -- IETF RFC 1766 
+    -- IETF RFC 1766
 } (CONSTRAINED BY { -- Each AlgorithmInfo.reference value must be unique --})
 
 TokenFlags ::= BIT STRING {
@@ -2217,12 +2217,12 @@ read_ef_tokeninfo (app_t app)
   size_t n, objlen, hdrlen;
   int class, tag, constructed, ndef;
   unsigned long ul;
-  
+
   err = select_and_read_binary (app->slot, 0x5032, "TokenInfo",
                                 &buffer, &buflen);
   if (err)
     return err;
-  
+
   p = buffer;
   n = buflen;
 
@@ -2249,7 +2249,7 @@ read_ef_tokeninfo (app_t app)
   for (ul=0; objlen; objlen--)
     {
       ul <<= 8;
-      ul |= (*p++) & 0xff; 
+      ul |= (*p++) & 0xff;
       n--;
     }
   if (ul)
@@ -2266,7 +2266,7 @@ read_ef_tokeninfo (app_t app)
     err = gpg_error (GPG_ERR_INV_OBJ);
   if (err)
     goto leave;
-  
+
   xfree (app->app_local->serialno);
   app->app_local->serialno = xtrymalloc (objlen);
   if (!app->app_local->serialno)
@@ -2307,7 +2307,7 @@ read_p15_info (app_t app)
             return err;
         }
     }
-  
+
   /* Read the ODF so that we know the location of all directory
      files. */
   /* Fixme: We might need to get a non-standard ODF FID from TokenInfo. */
@@ -2319,13 +2319,13 @@ read_p15_info (app_t app)
   assert (!app->app_local->certificate_info);
   assert (!app->app_local->trusted_certificate_info);
   assert (!app->app_local->useful_certificate_info);
-  err = read_ef_cdf (app, app->app_local->odf.certificates, 
+  err = read_ef_cdf (app, app->app_local->odf.certificates,
                      &app->app_local->certificate_info);
   if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
-    err = read_ef_cdf (app, app->app_local->odf.trusted_certificates, 
+    err = read_ef_cdf (app, app->app_local->odf.trusted_certificates,
                        &app->app_local->trusted_certificate_info);
   if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
-    err = read_ef_cdf (app, app->app_local->odf.useful_certificates, 
+    err = read_ef_cdf (app, app->app_local->odf.useful_certificates,
                        &app->app_local->useful_certificate_info);
   if (gpg_err_code (err) == GPG_ERR_NO_DATA)
     err = 0;
@@ -2378,7 +2378,7 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
 
       send_status_info (ctrl, "CERTINFO",
                         certtype, strlen (certtype),
-                        buf, strlen (buf), 
+                        buf, strlen (buf),
                         NULL, (size_t)0);
       xfree (buf);
     }
@@ -2480,7 +2480,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
           assert (strlen (gripstr) == 40);
           send_status_info (ctrl, "KEYPAIRINFO",
                             gripstr, 40,
-                            buf, strlen (buf), 
+                            buf, strlen (buf),
                             NULL, (size_t)0);
         }
       xfree (buf);
@@ -2491,7 +2491,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
 
 
 /* This is the handler for the LEARN command.  */
-static gpg_error_t 
+static gpg_error_t
 do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 {
   gpg_error_t err;
@@ -2564,7 +2564,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
       log_printf (": %s\n", gpg_strerror (err));
       goto leave;
     }
-  
+
   /* Check whether this is really a certificate.  */
   p = buffer;
   n = buflen;
@@ -2589,7 +2589,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
                           &ndef, &objlen, &hdrlen);
   if (err)
     goto leave;
-  
+
   if (!rootca
       && class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
     {
@@ -2606,7 +2606,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
       save_p = p;
       err = parse_ber_header (&p, &n, &class, &tag, &constructed,
                               &ndef, &objlen, &hdrlen);
-      if (err) 
+      if (err)
         goto leave;
       if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
         {
@@ -2643,7 +2643,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
    buffer to be stored at R_CERT and its length at R_CERTLEN.  A error
    code will be returned on failure and R_CERT and R_CERTLEN will be
    set to NULL/0. */
-static gpg_error_t 
+static gpg_error_t
 do_readcert (app_t app, const char *certid,
              unsigned char **r_cert, size_t *r_certlen)
 {
@@ -2662,7 +2662,7 @@ do_readcert (app_t app, const char *certid,
 
 /* Implement the GETATTR command.  This is similar to the LEARN
    command but returns just one value via the status interface. */
-static gpg_error_t 
+static gpg_error_t
 do_getattr (app_t app, ctrl_t ctrl, const char *name)
 {
   gpg_error_t err;
@@ -2737,7 +2737,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
         }
 
     }
-  return gpg_error (GPG_ERR_INV_NAME); 
+  return gpg_error (GPG_ERR_INV_NAME);
 }
 
 
@@ -2763,14 +2763,14 @@ micardo_mse (app_t app, unsigned short fid)
       log_error ("error reading EF_keyD: %s\n", gpg_strerror (err));
       return err;
     }
-  
+
   for (recno = 1, se_num = -1; ; recno++)
     {
       unsigned char *buffer;
       size_t buflen;
       size_t n, nn;
       const unsigned char *p, *pp;
-      
+
       err = iso7816_read_record (app->slot, recno, 1, 0, &buffer, &buflen);
       if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
         break; /* ready */
@@ -2805,8 +2805,8 @@ micardo_mse (app_t app, unsigned short fid)
       log_error ("CRT for keyfile %04hX not found\n", fid);
       return gpg_error (GPG_ERR_NOT_FOUND);
     }
-  
-  
+
+
   /* Restore the security environment to SE_NUM if needed */
   if (se_num)
     {
@@ -2837,13 +2837,13 @@ micardo_mse (app_t app, unsigned short fid)
 
 
 
-/* Handler for the PKSIGN command. 
+/* Handler for the PKSIGN command.
 
    Create the signature and return the allocated result in OUTDATA.
    If a PIN is required, the PINCB will be used to ask for the PIN;
    that callback should return the PIN in an allocated buffer and
    store that as the 3rd argument.  */
-static gpg_error_t 
+static gpg_error_t
 do_sign (app_t app, const char *keyidstr, int hashalgo,
          gpg_error_t (*pincb)(void*, const char *, char **),
          void *pincb_arg,
@@ -2892,7 +2892,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
 
   /* Find the authentication object to this private key object. */
   for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next)
-    if (aodf->objidlen == prkdf->authidlen 
+    if (aodf->objidlen == prkdf->authidlen
         && !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen))
       break;
   if (!aodf)
@@ -2937,7 +2937,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   if (app->app_local->card_type == CARD_TYPE_BELPIC)
     {
       unsigned char mse[5];
-      
+
       mse[0] = 4;    /* Length of the template. */
       mse[1] = 0x80; /* Algorithm reference tag. */
       if (hashalgo == MD_USER_TLS_MD5SHA1)
@@ -2947,7 +2947,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
       mse[3] = 0x84; /* Private key reference tag. */
       mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82;
 
-      err = iso7816_manage_security_env (app->slot, 
+      err = iso7816_manage_security_env (app->slot,
                                          0x41, 0xB6,
                                          mse, sizeof mse);
       no_data_padding = 1;
@@ -2987,7 +2987,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
       if (strlen (pinvalue) < aodf->min_length)
         {
           log_error ("PIN is too short; minimum length is %lu\n",
-                     aodf->min_length);         
+                     aodf->min_length);
           err = gpg_error (GPG_ERR_BAD_PIN);
         }
       else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length)
@@ -3027,7 +3027,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
         case PIN_TYPE_UTF8:
           break;
         case PIN_TYPE_HALF_NIBBLE_BCD:
-          errstr = "PIN type Half-Nibble-BCD is not supported"; 
+          errstr = "PIN type Half-Nibble-BCD is not supported";
           break;
         case PIN_TYPE_ISO9564_1:
           errstr = "PIN type ISO9564-1 is not supported";
@@ -3064,7 +3064,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
           for (s=pinvalue; i < aodf->stored_length && *s && s[1]; s = s+2 )
             paddedpin[i++] = (((*s - '0') << 4) | ((s[1] - '0') & 0x0f));
           if (i < aodf->stored_length && *s)
-            paddedpin[i++] = (((*s - '0') << 4) 
+            paddedpin[i++] = (((*s - '0') << 4)
                               |((aodf->pad_char_valid?aodf->pad_char:0)&0x0f));
 
           if (aodf->pinflags.needs_padding)
@@ -3130,7 +3130,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
       else if (hashalgo == GCRY_MD_RMD160
                && !memcmp (indata, rmd160_prefix, 15))
         ;
-      else 
+      else
         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
       memcpy (data, indata, indatalen);
     }
@@ -3141,7 +3141,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
         memcpy (data, sha1_prefix, 15);
       else if (hashalgo == GCRY_MD_RMD160)
         memcpy (data, rmd160_prefix, 15);
-      else 
+      else
         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
       memcpy (data+15, indata, indatalen);
     }
@@ -3164,12 +3164,12 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   else if (prkdf->key_reference_valid)
     {
       unsigned char mse[3];
-      
+
       mse[0] = 0x84; /* Select asym. key. */
       mse[1] = 1;
       mse[2] = prkdf->key_reference;
 
-      err = iso7816_manage_security_env (app->slot, 
+      err = iso7816_manage_security_env (app->slot,
                                          0x41, 0xB6,
                                          mse, sizeof mse);
     }
@@ -3189,14 +3189,14 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
 }
 
 
-/* Handler for the PKAUTH command. 
+/* Handler for the PKAUTH command.
 
    This is basically the same as the PKSIGN command but we first check
    that the requested key is suitable for authentication; that is, it
    must match the criteria used for the attribute $AUTHKEYID.  See
    do_sign for calling conventions; there is no HASHALGO, though. */
-static gpg_error_t 
-do_auth (app_t app, const char *keyidstr, 
+static gpg_error_t
+do_auth (app_t app, const char *keyidstr,
          gpg_error_t (*pincb)(void*, const char *, char **),
          void *pincb_arg,
          const void *indata, size_t indatalen,
@@ -3219,7 +3219,7 @@ do_auth (app_t app, const char *keyidstr,
     }
 
   algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
-  return do_sign (app, keyidstr, algo, pincb, pincb_arg, 
+  return do_sign (app, keyidstr, algo, pincb, pincb_arg,
                   indata, indatalen, outdata, outdatalen);
 }
 
@@ -3273,8 +3273,8 @@ read_home_df (int slot, int *r_belpic)
 }
 
 
-/* 
-   Select the PKCS#15 application on the card in SLOT. 
+/*
+   Select the PKCS#15 application on the card in SLOT.
  */
 gpg_error_t
 app_select_p15 (app_t app)
@@ -3388,7 +3388,7 @@ app_select_p15 (app_t app)
           unsigned char *p;
 
           /* FIXME: actually get it from EF(TokenInfo). */
-          
+
           p = xtrymalloc (3 + app->serialnolen);
           if (!p)
             rc = gpg_error (gpg_err_code_from_errno (errno));
diff --git a/scd/app.c b/scd/app.c
index a23c4a546..6d652360c 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -69,7 +69,7 @@ print_progress_line (void *opaque, const char *what, int pc, int cur, int tot)
    never shares a reader (while performing one command).  Returns 0 on
    success; only then the unlock_reader function must be called after
    returning from the handler. */
-static gpg_error_t 
+static gpg_error_t
 lock_reader (int slot, ctrl_t ctrl)
 {
   gpg_error_t err;
@@ -89,7 +89,7 @@ lock_reader (int slot, ctrl_t ctrl)
       lock_table[slot].app = NULL;
       lock_table[slot].last_app = NULL;
     }
-  
+
   if (!pth_mutex_acquire (&lock_table[slot].lock, 0, NULL))
     {
       err = gpg_error_from_syserror ();
@@ -188,7 +188,7 @@ application_notify_card_reset (int slot)
     return;
 
   /* FIXME: We are ignoring any error value here.  */
-  lock_reader (slot, NULL); 
+  lock_reader (slot, NULL);
 
   /* Mark application as non-reusable.  */
   if (lock_table[slot].app)
@@ -204,10 +204,10 @@ application_notify_card_reset (int slot)
       lock_table[slot].last_app = NULL;
       deallocate_app (app);
     }
-  unlock_reader (slot); 
+  unlock_reader (slot);
 }
 
- 
+
 /* This function is used by the serialno command to check for an
    application conflict which may appear if the serialno command is
    used to request a specific application and the connection has
@@ -287,7 +287,7 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
           lock_table[slot].app = app;
           lock_table[slot].last_app = NULL;
         }
-      else 
+      else
         {
           /* No, this saved application can't be used - deallocate it. */
           lock_table[slot].last_app = NULL;
@@ -309,7 +309,7 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
       unlock_reader (slot);
       return 0; /* Okay: We share that one. */
     }
-  
+
   /* Need to allocate a new one.  */
   app = xtrycalloc (1, sizeof *app);
   if (!app)
@@ -370,7 +370,7 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
   if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT
       || gpg_err_code (err) == GPG_ERR_ENODEV)
     goto leave;
-  
+
   /* Figure out the application to use.  */
   err = gpg_error (GPG_ERR_NOT_FOUND);
 
@@ -426,10 +426,10 @@ get_supported_applications (void)
   int idx;
   size_t nbytes;
   char *buffer, *p;
-  
+
   for (nbytes=1, idx=0; list[idx]; idx++)
     nbytes += strlen (list[idx]) + 1 + 1;
-  
+
   buffer = xtrymalloc (nbytes);
   if (!buffer)
     return NULL;
@@ -506,22 +506,22 @@ release_application (app_t app)
 
 /* The serial number may need some cosmetics.  Do it here.  This
    function shall only be called once after a new serial number has
-   been put into APP->serialno. 
+   been put into APP->serialno.
 
    Prefixes we use:
-   
+
      FF 00 00 = For serial numbers starting with an FF
      FF 01 00 = Some german p15 cards return an empty serial number so the
                 serial number from the EF(TokenInfo) is used instead.
      FF 7F 00 = No serialno.
-     
+
      All other serial number not starting with FF are used as they are.
 */
 gpg_error_t
 app_munge_serialno (app_t app)
 {
   if (app->serialnolen && app->serialno[0] == 0xff)
-    { 
+    {
       /* The serial number starts with our special prefix.  This
          requires that we put our default prefix "FF0000" in front. */
       unsigned char *p = xtrymalloc (app->serialnolen + 3);
@@ -534,7 +534,7 @@ app_munge_serialno (app_t app)
       app->serialno = p;
     }
   else if (!app->serialnolen)
-    { 
+    {
       unsigned char *p = xtrymalloc (3);
       if (!p)
         return gpg_error_from_syserror ();
@@ -554,7 +554,7 @@ app_munge_serialno (app_t app)
    no update time is available the returned value is 0.  Caller must
    free SERIAL unless the function returns an error.  If STAMP is not
    of interest, NULL may be passed. */
-gpg_error_t 
+gpg_error_t
 app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
 {
   char *buf;
@@ -637,7 +637,7 @@ app_readcert (app_t app, const char *certid,
    code returned.
 
    This function might not be supported by all applications.  */
-gpg_error_t 
+gpg_error_t
 app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
 {
   gpg_error_t err;
@@ -663,7 +663,7 @@ app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
 
 
 /* Perform a GETATTR operation.  */
-gpg_error_t 
+gpg_error_t
 app_getattr (app_t app, ctrl_t ctrl, const char *name)
 {
   gpg_error_t err;
@@ -684,7 +684,7 @@ app_getattr (app_t app, ctrl_t ctrl, const char *name)
       char *serial;
       time_t stamp;
       int rc;
-      
+
       rc = app_get_serial_and_stamp (app, &serial, &stamp);
       if (rc)
         return rc;
@@ -704,7 +704,7 @@ app_getattr (app_t app, ctrl_t ctrl, const char *name)
 }
 
 /* Perform a SETATTR operation.  */
-gpg_error_t 
+gpg_error_t
 app_setattr (app_t app, const char *name,
              gpg_error_t (*pincb)(void*, const char *, char **),
              void *pincb_arg,
@@ -729,7 +729,7 @@ app_setattr (app_t app, const char *name,
 /* Create the signature and return the allocated result in OUTDATA.
    If a PIN is required the PINCB will be used to ask for the PIN; it
    should return the PIN in an allocated buffer and put it into PIN.  */
-gpg_error_t 
+gpg_error_t
 app_sign (app_t app, const char *keyidstr, int hashalgo,
           gpg_error_t (*pincb)(void*, const char *, char **),
           void *pincb_arg,
@@ -761,7 +761,7 @@ app_sign (app_t app, const char *keyidstr, int hashalgo,
    return the allocated result in OUTDATA.  If a PIN is required the
    PINCB will be used to ask for the PIN; it should return the PIN in
    an allocated buffer and put it into PIN.  */
-gpg_error_t 
+gpg_error_t
 app_auth (app_t app, const char *keyidstr,
           gpg_error_t (*pincb)(void*, const char *, char **),
           void *pincb_arg,
@@ -793,7 +793,7 @@ app_auth (app_t app, const char *keyidstr,
 /* Decrypt the data in INDATA and return the allocated result in OUTDATA.
    If a PIN is required the PINCB will be used to ask for the PIN; it
    should return the PIN in an allocated buffer and put it into PIN.  */
-gpg_error_t 
+gpg_error_t
 app_decipher (app_t app, const char *keyidstr,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg,
@@ -879,7 +879,7 @@ app_writekey (app_t app, ctrl_t ctrl,
 
 
 /* Perform a SETATTR operation.  */
-gpg_error_t 
+gpg_error_t
 app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
             time_t createtime,
             gpg_error_t (*pincb)(void*, const char *, char **),
@@ -896,7 +896,7 @@ app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
   err = lock_reader (app->slot, ctrl);
   if (err)
     return err;
-  err = app->fnc.genkey (app, ctrl, keynostr, flags, 
+  err = app->fnc.genkey (app, ctrl, keynostr, flags,
                          createtime, pincb, pincb_arg);
   unlock_reader (app->slot);
   if (opt.verbose)
@@ -928,7 +928,7 @@ app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer)
 
 
 /* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation.  */
-gpg_error_t 
+gpg_error_t
 app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
                 gpg_error_t (*pincb)(void*, const char *, char **),
                 void *pincb_arg)
@@ -956,7 +956,7 @@ app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
 /* Perform a VERIFY operation without doing anything lese.  This may
    be used to initialze a the PIN cache for long lasting other
    operations.  Its use is highly application dependent. */
-gpg_error_t 
+gpg_error_t
 app_check_pin (app_t app, const char *keyidstr,
                gpg_error_t (*pincb)(void*, const char *, char **),
                void *pincb_arg)
@@ -978,4 +978,3 @@ app_check_pin (app_t app, const char *keyidstr,
     log_info ("operation check_pin result: %s\n", gpg_strerror (err));
   return err;
 }
-
diff --git a/scd/atr.c b/scd/atr.c
index f6efd8a95..16f26fb7d 100644
--- a/scd/atr.c
+++ b/scd/atr.c
@@ -33,7 +33,7 @@ static int const fi_table[16] = { 0, 372, 558, 744, 1116,1488, 1860, -1,
                                   -1, 512, 768, 1024, 1536, 2048, -1, -1 };
 static int const di_table[16] = { -1, 1, 2, 4, 8, 16, -1, -1,
                                   0, -1, -2, -4, -8, -16, -32, -64};
-                                  
+
 
 /* Dump the ATR of the card at SLOT in a human readable format to
    stream FP.  */
@@ -50,7 +50,7 @@ atr_dump (int slot, FILE *fp)
   atr = atrbuffer = apdu_get_atr (slot, &atrlen);
   if (!atr)
     return gpg_error (GPG_ERR_GENERAL);
-  
+
   fprintf (fp, "Info on ATR of length %u at slot %d\n",
            (unsigned int)atrlen, slot);
   if (!atrlen)
@@ -59,7 +59,7 @@ atr_dump (int slot, FILE *fp)
       goto bailout;
     }
 
-  
+
   if (*atr == 0x3b)
     fputs ("direct convention\n", fp);
   else if (*atr == 0x3f)
@@ -98,21 +98,21 @@ atr_dump (int slot, FILE *fp)
       else
         fprintf (fp, "%d", val);
       fputs (" D=", fp);
-      val = di_table[*atr & 0x0f]; 
+      val = di_table[*atr & 0x0f];
       if (!val)
         fputs ("[impossible value]\n", fp);
       else if (val == -1)
         fputs ("RFU\n", fp);
       else if (val < 0 )
         fprintf (fp, "1/%d\n", val);
-      else 
+      else
         fprintf (fp, "%d\n", val);
-      
+
       if (!--atrlen)
         goto bailout;
       atr++;
     }
-     
+
   if (have_tb)
     {
       fprintf (fp, "TB1: II=%d PI1=%d%s\n", (*atr >> 5) & 3, *atr & 0x1f,
@@ -249,7 +249,7 @@ atr_dump (int slot, FILE *fp)
   if (n_historical + 1 > atrlen)
     fputs ("error: ATR shorter than required for historical bytes "
            "and checksum\n", fp);
-  
+
   if (n_historical)
     {
       fputs ("Historical:", fp);
@@ -375,7 +375,7 @@ atr_get_historical (int slot, unsigned char historical[])
 
   if (n_historical >= atrlen)
     goto leave; /* ATR shorter than required for historical bytes. */
-  
+
   if (n_historical)
     {
       for (idx=0; n_historical && atrlen; n_historical--, atrlen--, atr++)
@@ -394,4 +394,3 @@ atr_get_historical (int slot, unsigned char historical[])
 
   return result;
 }
-
diff --git a/scd/card-common.h b/scd/card-common.h
index 78f2f6047..640cec776 100644
--- a/scd/card-common.h
+++ b/scd/card-common.h
@@ -54,7 +54,7 @@ struct card_ctx_s {
                      const void *indata, size_t indatalen,
                      unsigned char **outdata, size_t *outdatalen);
   } fnc;
-  
+
 };
 
 /*-- card.c --*/
diff --git a/scd/card-dinsig.c b/scd/card-dinsig.c
index 0cbcd3169..5be006179 100644
--- a/scd/card-dinsig.c
+++ b/scd/card-dinsig.c
@@ -21,7 +21,7 @@
    used with an interface specification described in DIN V 66291-1.
    The AID to be used is: 'D27600006601'.
 
-   The file IDs for certificates utilize the generic format: 
+   The file IDs for certificates utilize the generic format:
         Cxyz
     C being the hex digit 'C' (12).
     x being the service indicator:
@@ -40,13 +40,13 @@
          '8' .. 'D' := C.CA (certificate of a CA issue by the Root-CA).
          'E'        := C.RCA (self certified certificate of the Root-CA).
          'F'        := reserved.
-   
+
    The file IDs used by default are:
    '1F00'  EF.SSD (security service descriptor). [o,o]
    '2F02'  EF.GDO (global data objects) [m,m]
    'A000'  EF.PROT (signature log).  Cyclic file with 20 records of 53 byte.
            Read and update after user authentication. [o,o]
-   'B000'  EF.PK.RCA.DS (public keys of Root-CA).  Size is 512b or size 
+   'B000'  EF.PK.RCA.DS (public keys of Root-CA).  Size is 512b or size
            of keys. [m (unless a 'C00E' is present),m]
    'B001'  EF.PK.CA.DS (public keys of CAs).  Size is 512b or size
            of keys. [o,o]
@@ -54,12 +54,12 @@
            with n := 0 .. 7.  Size is 2k or size of cert.  Read and
            update allowed after user authentication. [m,m]
    'C00m'  EF.C.CA.DS (digital signature certificate of CA)
-           with m := 8 .. E.  Size is 1k or size of cert.  Read always 
+           with m := 8 .. E.  Size is 1k or size of cert.  Read always
            allowed, update after uder authentication. [o,o]
    'C100'  EF.C.ICC.AUT (AUT certificate of ICC) [o,m]
    'C108'  EF.C.CA.AUT (AUT certificate of CA) [o,m]
    'D000'  EF.DM (display message) [-,m]
-   
+
    The letters in brackets indicate optional or mandatory files: The
    first for card terminals under full control and the second for
    "business" card terminals.
@@ -118,7 +118,7 @@ dinsig_enum_keypairs (CARD card, int idx,
       return rc;
     }
 
-  rc = ksba_cert_init_from_mem (cert, buf, buflen); 
+  rc = ksba_cert_init_from_mem (cert, buf, buflen);
   xfree (buf);
   if (rc)
     {
@@ -132,7 +132,7 @@ dinsig_enum_keypairs (CARD card, int idx,
       log_error ("failed to calculate the keygrip at index %d\n", idx);
       ksba_cert_release (cert);
       return gpg_error (GPG_ERR_CARD);
-    }      
+    }
   ksba_cert_release (cert);
 
   /* return the iD */
@@ -146,7 +146,7 @@ dinsig_enum_keypairs (CARD card, int idx,
       else
         strcpy (*keyid, "DINSIG-DF01.C200");
     }
-  
+
   return 0;
 }
 
@@ -171,7 +171,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
     return gpg_error (GPG_ERR_INV_ID);
 
   rc = sc_select_file (card->scard, &path, &file);
-  if (rc) 
+  if (rc)
     {
       log_error ("sc_select_file failed: %s\n", sc_strerror (rc));
       return map_sc_err (rc);
@@ -184,7 +184,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
       return gpg_error (GPG_ERR_CARD);
     }
   if (file->size < 20) /* check against a somewhat arbitrary length */
-    { 
+    {
       log_error ("certificate EF too short\n");
       sc_file_free (file);
       return gpg_error (GPG_ERR_CARD);
@@ -196,7 +196,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
       sc_file_free (file);
       return tmperr;
     }
-      
+
   rc = sc_read_binary (card->scard, 0, buf, file->size, 0);
   if (rc >= 0 && rc != file->size)
     {
@@ -206,7 +206,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
       return gpg_error (GPG_ERR_CARD);
     }
   sc_file_free (file);
-  if (rc < 0) 
+  if (rc < 0)
     {
       log_error ("error reading certificate EF: %s\n", sc_strerror (rc));
       xfree (buf);
@@ -236,7 +236,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
         }
       memmove (buf, buf+9, buflen-9);
       buflen -= 9;
-    } 
+    }
 
   *cert = buf;
   *ncert = buflen;
diff --git a/scd/card-p15.c b/scd/card-p15.c
index 34a88f714..4af447278 100644
--- a/scd/card-p15.c
+++ b/scd/card-p15.c
@@ -41,7 +41,7 @@ struct p15private_s {
 
 
 /* Allocate private data. */
-static int 
+static int
 init_private_data (CARD card)
 {
   struct p15private_s *priv;
@@ -62,10 +62,10 @@ init_private_data (CARD card)
      numer of objects and used this to figure out what the last object
      enumerated is.  We now do an enum_objects just once and keep it
      in the private data. */
-  rc = sc_pkcs15_get_objects (card->p15card, SC_PKCS15_TYPE_PRKEY_RSA, 
+  rc = sc_pkcs15_get_objects (card->p15card, SC_PKCS15_TYPE_PRKEY_RSA,
                               priv->prkey_rsa_objs,
                               DIM (priv->prkey_rsa_objs));
-  if (rc < 0) 
+  if (rc < 0)
     {
       log_error ("private keys enumeration failed: %s\n", sc_strerror (rc));
       xfree (priv);
@@ -74,10 +74,10 @@ init_private_data (CARD card)
   priv->n_prkey_rsa_objs = rc;
 
   /* Read all certificate objects. */
-  rc = sc_pkcs15_get_objects (card->p15card, SC_PKCS15_TYPE_CERT_X509, 
+  rc = sc_pkcs15_get_objects (card->p15card, SC_PKCS15_TYPE_CERT_X509,
                               priv->cert_objs,
                               DIM (priv->cert_objs));
-  if (rc < 0) 
+  if (rc < 0)
     {
       log_error ("private keys enumeration failed: %s\n", sc_strerror (rc));
       xfree (priv);
@@ -117,7 +117,7 @@ p15_enum_keypairs (CARD card, int idx,
   ksba_cert_t cert;
 
   rc = init_private_data (card);
-  if (rc) 
+  if (rc)
       return rc;
   priv = card->p15priv;
   nobjs = priv->n_prkey_rsa_objs;
@@ -125,7 +125,7 @@ p15_enum_keypairs (CARD card, int idx,
   if (idx >= nobjs)
     return -1;
   pinfo = priv->prkey_rsa_objs[idx]->data;
-  
+
   /* now we need to read the certificate so that we can calculate the
      keygrip */
   rc = sc_pkcs15_find_cert_by_id (card->p15card, &pinfo->id, &tmpobj);
@@ -166,7 +166,7 @@ p15_enum_keypairs (CARD card, int idx,
       log_error ("failed to calculate the keygrip of private key %d\n", idx);
       ksba_cert_release (cert);
       return gpg_error (GPG_ERR_CARD);
-    }      
+    }
   ksba_cert_release (cert);
 
   rc = 0;
@@ -181,7 +181,7 @@ p15_enum_keypairs (CARD card, int idx,
       p = stpcpy (p, "P15-5015.");
       bin2hex (pinfo->id.value, pinfo->id.len, p);
     }
-  
+
   return rc;
 }
 
@@ -196,7 +196,7 @@ p15_enum_certs (CARD card, int idx, char **certid, int *type)
   int nobjs;
 
   rc = init_private_data (card);
-  if (rc) 
+  if (rc)
       return rc;
   priv = card->p15priv;
   nobjs = priv->n_cert_objs;
@@ -205,7 +205,7 @@ p15_enum_certs (CARD card, int idx, char **certid, int *type)
     return -1;
   obj =  priv->cert_objs[idx];
   cinfo = obj->data;
-  
+
   if (certid)
     {
       char *p;
@@ -227,10 +227,10 @@ p15_enum_certs (CARD card, int idx, char **certid, int *type)
         *type = 101;
       else if (obj->df->type == SC_PKCS15_CDF_USEFUL)
         *type = 102;
-      else 
+      else
         *type = 0; /* error -> unknown */
     }
-  
+
   return rc;
 }
 
@@ -243,7 +243,7 @@ idstr_to_id (const char *idstr, struct sc_pkcs15_id *id)
   int n;
 
   /* For now we only support the standard DF */
-  if (strncmp (idstr, "P15-5015.", 9) ) 
+  if (strncmp (idstr, "P15-5015.", 9) )
     return gpg_error (GPG_ERR_INV_ID);
   for (s=idstr+9, n=0; hexdigitp (s); s++, n++)
     ;
@@ -282,7 +282,7 @@ p15_read_cert (CARD card, const char *certidstr,
   rc = sc_pkcs15_find_cert_by_id (card->p15card, &certid, &tmpobj);
   if (rc)
     {
-      log_info ("certificate '%s' not found: %s\n", 
+      log_info ("certificate '%s' not found: %s\n",
                 certidstr, sc_strerror (rc));
       return -1;
     }
@@ -344,7 +344,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
   pin = pinobj->data;
 
   /* Fixme: pack this into a verification loop */
-  /* Fixme: we might want to pass pin->min_length and 
+  /* Fixme: we might want to pass pin->min_length and
      pin->stored_length */
   rc = pincb (pincb_arg, pinobj->label, &pinvalue);
   if (rc)
@@ -369,7 +369,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
 
 
 /* See card.c for interface description */
-static int 
+static int
 p15_sign (CARD card, const char *keyidstr, int hashalgo,
           int (pincb)(void*, const char *, char **),
           void *pincb_arg,
@@ -391,11 +391,11 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
 
   cryptflags = SC_ALGORITHM_RSA_PAD_PKCS1;
 
-  outbuflen = 1024; 
+  outbuflen = 1024;
   outbuf = xtrymalloc (outbuflen);
   if (!outbuf)
     return gpg_error (gpg_err_code_from_errno (errno));
-  
+
   rc = sc_pkcs15_compute_signature (card->p15card, keyobj,
                                     cryptflags,
                                     indata, indatalen,
@@ -419,7 +419,7 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
 
 
 /* See card.c for description */
-static int 
+static int
 p15_decipher (CARD card, const char *keyidstr,
               int (pincb)(void*, const char *, char **),
               void *pincb_arg,
@@ -453,15 +453,15 @@ p15_decipher (CARD card, const char *keyidstr,
         }
     }
 
-  outbuflen = indatalen < 256? 256 : indatalen; 
+  outbuflen = indatalen < 256? 256 : indatalen;
   outbuf = xtrymalloc (outbuflen);
   if (!outbuf)
     return gpg_error (gpg_err_code_from_errno (errno));
 
-  rc = sc_pkcs15_decipher (card->p15card, keyobj, 
+  rc = sc_pkcs15_decipher (card->p15card, keyobj,
                            0,
-                           indata, indatalen, 
-                           outbuf, outbuflen); 
+                           indata, indatalen,
+                           outbuf, outbuflen);
   if (rc < 0)
     {
       log_error ("failed to decipher the data: %s\n", sc_strerror (rc));
diff --git a/scd/card.c b/scd/card.c
index a0213483f..1fb554421 100644
--- a/scd/card.c
+++ b/scd/card.c
@@ -66,7 +66,7 @@ card_help_get_keygrip (ksba_cert_t cert, unsigned char *array)
   int rc;
   ksba_sexp_t p;
   size_t n;
-  
+
   p = ksba_cert_get_public_key (cert);
   if (!p)
     return -1; /* oops */
@@ -109,7 +109,7 @@ card_open (CARD *rcard)
   if (!card)
     return gpg_error (gpg_err_code_from_errno (errno));
   card->reader = 0;
-  
+
   rc = sc_establish_context (&card->ctx, "scdaemon");
   if (rc)
     {
@@ -154,7 +154,7 @@ card_open (CARD *rcard)
       goto leave;
     }
 
-    
+
  leave:
   if (rc)
     card_close (card);
@@ -195,7 +195,7 @@ card_close (CARD card)
         }
 #endif
       xfree (card);
-    }      
+    }
 }
 
 /* Locate a simple TLV encoded data object in BUFFER of LENGTH and
@@ -210,7 +210,7 @@ find_simple_tlv (const unsigned char *buffer, size_t length,
   const char *s = buffer;
   size_t n = length;
   size_t len;
-    
+
   for (;;)
     {
       buffer = s;
@@ -290,7 +290,7 @@ find_iccsn (const unsigned char *buffer, size_t length, char **serial)
    returned if this value is not availbale.  For non-PKCS-15 cards a
    serial number is constructed by other means. Caller must free
    SERIAL unless the function returns an error. */
-int 
+int
 card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
 {
 #ifdef HAVE_OPENSC
@@ -311,7 +311,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
   if (!card->fnc.initialized)
     {
       card->fnc.initialized = 1;
-      /* The first use of this card tries to figure out the type of the card 
+      /* The first use of this card tries to figure out the type of the card
          and sets up the function pointers. */
       rc = sc_pkcs15_bind (card->scard, &card->p15card);
       if (rc)
@@ -326,7 +326,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
         card_p15_bind (card);
       card->fnc.initialized = 1;
     }
-      
+
 
   /* We should lookup the iso 7812-1 and 8583-3 - argh ISO
      practice is suppressing innovation - IETF rules!  So we
@@ -355,10 +355,10 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
       return gpg_error (GPG_ERR_CARD);
     }
   buflen = file->size;
-      
+
   rc = sc_read_binary (card->scard, 0, buf, buflen, 0);
   sc_file_free (file);
-  if (rc < 0) 
+  if (rc < 0)
     {
       log_error ("error reading GDO file: %s\n", sc_strerror (rc));
       return gpg_error (GPG_ERR_CARD);
@@ -381,7 +381,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
 
       if (!efser)
         efser = "";
-        
+
       xfree (*serial);
       *serial = NULL;
       p = xtrymalloc (strlen (efser) + 7);
@@ -515,7 +515,7 @@ card_read_cert (CARD card, const char *certidstr,
 /* Create the signature and return the allocated result in OUTDATA.
    If a PIN is required the PINCB will be used to ask for the PIN; it
    should return the PIN in an allocated buffer and put it into PIN.  */
-int 
+int
 card_sign (CARD card, const char *keyidstr, int hashalgo,
            int (pincb)(void*, const char *, char **),
            void *pincb_arg,
@@ -543,7 +543,7 @@ card_sign (CARD card, const char *keyidstr, int hashalgo,
 /* Create the signature and return the allocated result in OUTDATA.
    If a PIN is required the PINCB will be used to ask for the PIN; it
    should return the PIN in an allocated buffer and put it into PIN.  */
-int 
+int
 card_decipher (CARD card, const char *keyidstr,
                int (pincb)(void*, const char *, char **),
                void *pincb_arg,
@@ -566,4 +566,3 @@ card_decipher (CARD card, const char *keyidstr,
     log_info ("card operation decipher result: %s\n", gpg_strerror (rc));
   return rc;
 }
-
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 98268c00c..2abb6b5b1 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -57,7 +57,7 @@
 
 
 /* CCID (ChipCardInterfaceDevices) is a specification for accessing
-   smartcard via a reader connected to the USB.  
+   smartcard via a reader connected to the USB.
 
    This is a limited driver allowing to use some CCID drivers directly
    without any other specila drivers. This is a fallback driver to be
@@ -220,20 +220,20 @@ enum {
 };
 
 static struct
-{ 
+{
   char *name;  /* Device name. */
   int  type;
 
 } transports[] = {
-  { "/dev/cmx0", TRANSPORT_CM4040 },  
-  { "/dev/cmx1", TRANSPORT_CM4040 },  
+  { "/dev/cmx0", TRANSPORT_CM4040 },
+  { "/dev/cmx1", TRANSPORT_CM4040 },
   { NULL },
 };
 
 
 /* Store information on the driver's state.  A pointer to such a
    structure is used as handle for most functions. */
-struct ccid_driver_s 
+struct ccid_driver_s
 {
   usb_dev_handle *idev;
   char *rid;
@@ -271,7 +271,7 @@ struct ccid_driver_s
 
 
 static int initialized_usb; /* Tracks whether USB has been initialized. */
-static int debug_level;     /* Flag to control the debug output. 
+static int debug_level;     /* Flag to control the debug output.
                                0 = No debugging
                                1 = USB I/O info
                                2 = Level 1 + T=1 protocol tracing
@@ -290,19 +290,19 @@ static int abort_cmd (ccid_driver_t handle, int seqno);
 
 /* Convert a little endian stored 4 byte value into an unsigned
    integer. */
-static unsigned int 
+static unsigned int
 convert_le_u32 (const unsigned char *buf)
 {
-  return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); 
+  return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
 }
 
 
 /* Convert a little endian stored 2 byte value into an unsigned
    integer. */
-static unsigned int 
+static unsigned int
 convert_le_u16 (const unsigned char *buf)
 {
-  return buf[0] | (buf[1] << 8); 
+  return buf[0] | (buf[1] << 8);
 }
 
 static void
@@ -323,7 +323,7 @@ my_sleep (int seconds)
      may give up its timeslot.  */
   if (!seconds)
     {
-# ifdef HAVE_W32_SYSTEM    
+# ifdef HAVE_W32_SYSTEM
       Sleep (0);
 # else
       sleep (0);
@@ -331,7 +331,7 @@ my_sleep (int seconds)
     }
   pth_sleep (seconds);
 #else
-# ifdef HAVE_W32_SYSTEM    
+# ifdef HAVE_W32_SYSTEM
   Sleep (seconds*1000);
 # else
   sleep (seconds);
@@ -372,7 +372,7 @@ print_command_failed (const unsigned char *msg)
   switch (ec)
     {
     case 0x00: t = "Command not supported"; break;
-    
+
     case 0xE0: t = "Slot busy"; break;
     case 0xEF: t = "PIN cancelled"; break;
     case 0xF0: t = "PIN timeout"; break;
@@ -423,7 +423,7 @@ print_pr_data (const unsigned char *data, size_t datalen, size_t off)
     DEBUGOUT_LF ();
 }
 
- 
+
 static void
 print_p2r_header (const char *name, const unsigned char *msg, size_t msglen)
 {
@@ -647,7 +647,7 @@ print_r2p_slotstatus (const unsigned char *msg, size_t msglen)
               msg[9] == 3? " (stopped)":"");
   print_pr_data (msg, msglen, 10);
 }
-  
+
 
 static void
 print_r2p_parameters (const unsigned char *msg, size_t msglen)
@@ -771,7 +771,7 @@ parse_ccid_descriptor (ccid_driver_t handle,
   DEBUGOUT_1 ("  bLength             %5u\n", buf[0]);
   DEBUGOUT_1 ("  bDescriptorType     %5u\n", buf[1]);
   DEBUGOUT_2 ("  bcdCCID             %2x.%02x", buf[3], buf[2]);
-    if (buf[3] != 1 || buf[2] != 0) 
+    if (buf[3] != 1 || buf[2] != 0)
       DEBUGOUT_CONT("  (Warning: Only accurate for version 1.0)");
   DEBUGOUT_LF ();
 
@@ -803,7 +803,7 @@ parse_ccid_descriptor (ccid_driver_t handle,
   us = convert_le_u32(buf+23);
   DEBUGOUT_1 ("  dwMaxDataRate     %7u bps\n", us);
   DEBUGOUT_1 ("  bNumDataRatesSupp.  %5u\n", buf[27]);
-        
+
   us = convert_le_u32(buf+28);
   DEBUGOUT_1 ("  dwMaxIFSD           %5u\n", us);
   handle->max_ifsd = us;
@@ -869,7 +869,7 @@ parse_ccid_descriptor (ccid_driver_t handle,
     {
       DEBUGOUT ("    TPDU level exchange\n");
       have_tpdu = 1;
-    } 
+    }
   else if ((us & 0x00020000))
     {
       DEBUGOUT ("    Short APDU level exchange\n");
@@ -903,7 +903,7 @@ parse_ccid_descriptor (ccid_driver_t handle,
     DEBUGOUT_CONT ("none\n");
   else
     DEBUGOUT_CONT_2 ("%u cols %u lines\n", buf[50], buf[51]);
-        
+
   DEBUGOUT_1 ("  bPINSupport         %5u ", buf[52]);
   if ((buf[52] & 1))
     {
@@ -916,7 +916,7 @@ parse_ccid_descriptor (ccid_driver_t handle,
       handle->has_pinpad |= 2;
     }
   DEBUGOUT_LF ();
-        
+
   DEBUGOUT_1 ("  bMaxCCIDBusySlots   %5u\n", buf[53]);
 
   if (buf[0] > 54)
@@ -942,18 +942,18 @@ parse_ccid_descriptor (ccid_driver_t handle,
      lower than that:
         64 - 10 CCID header -  4 T1frame - 2 reserved = 48
      Product Ids:
-	 0xe001 - SCR 331 
-	 0x5111 - SCR 331-DI 
-	 0x5115 - SCR 335 
-	 0xe003 - SPR 532 
-     The     
+	 0xe001 - SCR 331
+	 0x5111 - SCR 331-DI
+	 0x5115 - SCR 335
+	 0xe003 - SPR 532
+     The
          0x5117 - SCR 3320 USB ID-000 reader
      seems to be very slow but enabling this workaround boosts the
-     performance to a a more or less acceptable level (tested by David). 
-         
+     performance to a a more or less acceptable level (tested by David).
+
   */
   if (handle->id_vendor == VENDOR_SCM
-      && handle->max_ifsd > 48      
+      && handle->max_ifsd > 48
       && (  (handle->id_product == 0xe001 && handle->bcd_device < 0x0516)
           ||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620)
           ||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514)
@@ -992,7 +992,7 @@ get_escaped_usb_string (usb_dev_handle *idev, int idx,
      If we do don't find it we try to use English.  Note that this is
      all in a 2 bute Unicode encoding using little endian. */
   rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
-                        (USB_DT_STRING << 8), 0, 
+                        (USB_DT_STRING << 8), 0,
                         (char*)buf, sizeof buf, 1000 /* ms timeout */);
   if (rc < 4)
     langid = 0x0409; /* English.  */
@@ -1014,7 +1014,7 @@ get_escaped_usb_string (usb_dev_handle *idev, int idx,
         n++; /* High byte set. */
       else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':')
         n += 3 ;
-      else 
+      else
         n++;
     }
 
@@ -1033,7 +1033,7 @@ get_escaped_usb_string (usb_dev_handle *idev, int idx,
           sprintf (result+n, "%%%02X", *s);
           n += 3;
         }
-      else 
+      else
         result[n++] = *s;
     }
   strcpy (result+n, suffix);
@@ -1115,7 +1115,7 @@ scan_or_find_usb_device (int scan_mode,
   int ifc_no;
   int set_no;
   struct usb_config_descriptor *config;
-  struct usb_interface *interface;          
+  struct usb_interface *interface;
   struct usb_interface_descriptor *ifcdesc;
   char *rid;
   usb_dev_handle *idev;
@@ -1133,7 +1133,7 @@ scan_or_find_usb_device (int scan_mode,
           interface = config->interface + ifc_no;
           if (!interface)
             continue;
-                  
+
           for (set_no=0; set_no < interface->num_altsetting; set_no++)
             {
               ifcdesc = (interface->altsetting + set_no);
@@ -1156,7 +1156,7 @@ scan_or_find_usb_device (int scan_mode,
                                   strerror (errno));
                       continue; /* with next setting. */
                     }
-                  
+
                   rid = make_reader_id (idev,
                                         dev->descriptor.idVendor,
                                         dev->descriptor.idProduct,
@@ -1166,7 +1166,7 @@ scan_or_find_usb_device (int scan_mode,
                       if (scan_mode)
                         {
                           char *p;
-                          
+
                           /* We are collecting infos about all
                              available CCID readers.  Store them and
                              continue. */
@@ -1188,7 +1188,7 @@ scan_or_find_usb_device (int scan_mode,
                             }
                           else /* Out of memory. */
                             free (rid);
-                          
+
                           rid = NULL;
                           ++*count;
                         }
@@ -1232,7 +1232,7 @@ scan_or_find_usb_device (int scan_mode,
                             }
                           else
                             free (rid);
-                          
+
                           *r_idev = idev;
                           return 1; /* Found requested device. */
                         }
@@ -1246,7 +1246,7 @@ scan_or_find_usb_device (int scan_mode,
                         }
                       free (rid);
                     }
-                  
+
                   usb_close (idev);
                   idev = NULL;
                   return 0;
@@ -1259,7 +1259,7 @@ scan_or_find_usb_device (int scan_mode,
 }
 
 /* Combination function to either scan all CCID devices or to find and
-   open one specific device. 
+   open one specific device.
 
    The function returns 0 if a reader has been found or when a scan
    returned without error.
@@ -1318,7 +1318,7 @@ scan_or_find_devices (int readerno, const char *readerid,
   if (r_rid)
     *r_rid = NULL;
   if (r_dev)
-    *r_dev = NULL; 
+    *r_dev = NULL;
   if (ifcdesc_extra)
     *ifcdesc_extra = NULL;
   if (ifcdesc_extra_len)
@@ -1331,7 +1331,7 @@ scan_or_find_devices (int readerno, const char *readerid,
     *r_fd = -1;
 
   /* See whether we want scan or find mode. */
-  if (scan_mode) 
+  if (scan_mode)
     {
       assert (r_rid);
     }
@@ -1345,7 +1345,7 @@ scan_or_find_devices (int readerno, const char *readerid,
   busses = usb_busses;
 #endif
 
-  for (bus = busses; bus; bus = bus->next) 
+  for (bus = busses; bus; bus = bus->next)
     {
       for (dev = bus->devices; dev; dev = dev->next)
         {
@@ -1367,7 +1367,7 @@ scan_or_find_devices (int readerno, const char *readerid,
                   return -1; /* error */
                 }
               *r_idev = idev;
-              return 0; 
+              return 0;
             }
         }
     }
@@ -1494,9 +1494,9 @@ ccid_get_reader_list (void)
 }
 
 
-/* Open the reader with the internal number READERNO and return a 
+/* Open the reader with the internal number READERNO and return a
    pointer to be used as handle in HANDLE.  Returns 0 on success. */
-int 
+int
 ccid_open_reader (ccid_driver_t *handle, const char *readerid)
 {
   int rc = 0;
@@ -1592,7 +1592,7 @@ ccid_open_reader (ccid_driver_t *handle, const char *readerid)
           rc = CCID_DRIVER_ERR_NO_READER;
           goto leave;
         }
-      
+
       rc = usb_claim_interface (idev, ifc_no);
       if (rc)
         {
@@ -1626,7 +1626,7 @@ do_close_reader (ccid_driver_t handle)
   unsigned char msg[100];
   size_t msglen;
   unsigned char seqno;
-  
+
   if (!handle->powered_off)
     {
       msg[0] = PC_to_RDR_IccPowerOff;
@@ -1637,7 +1637,7 @@ do_close_reader (ccid_driver_t handle)
       msg[9] = 0; /* RFU */
       set_msg_len (msg, 0);
       msglen = 10;
-      
+
       rc = bulk_out (handle, msg, msglen, 0);
       if (!rc)
         bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,
@@ -1661,12 +1661,12 @@ do_close_reader (ccid_driver_t handle)
 /* Reset a reader on HANDLE.  This is useful in case a reader has been
    plugged of and inserted at a different port.  By resetting the
    handle, the same reader will be get used.  Note, that on error the
-   handle won't get released. 
+   handle won't get released.
 
    This does not return an ATR, so ccid_get_atr should be called right
    after this one.
 */
-int 
+int
 ccid_shutdown_reader (ccid_driver_t handle)
 {
   int rc = 0;
@@ -1704,7 +1704,7 @@ ccid_shutdown_reader (ccid_driver_t handle)
           rc = CCID_DRIVER_ERR_NO_READER;
           goto leave;
         }
-      
+
       rc = usb_claim_interface (idev, ifc_no);
       if (rc)
         {
@@ -1731,8 +1731,8 @@ ccid_shutdown_reader (ccid_driver_t handle)
 }
 
 
-int 
-ccid_set_progress_cb (ccid_driver_t handle, 
+int
+ccid_set_progress_cb (ccid_driver_t handle,
                       void (*cb)(void *, const char *, int, int, int),
                       void *cb_arg)
 {
@@ -1746,7 +1746,7 @@ ccid_set_progress_cb (ccid_driver_t handle,
 
 
 /* Close the reader HANDLE. */
-int 
+int
 ccid_close_reader (ccid_driver_t handle)
 {
   if (!handle || (!handle->idev && handle->dev_fd == -1))
@@ -1774,7 +1774,7 @@ writen (int fd, const void *buf, size_t nbytes)
 {
   size_t nleft = nbytes;
   int nwritten;
-  
+
   while (nleft > 0)
     {
       nwritten = write (fd, buf, nleft);
@@ -1788,7 +1788,7 @@ writen (int fd, const void *buf, size_t nbytes)
       nleft -= nwritten;
       buf = (const char*)buf + nwritten;
     }
-    
+
   return 0;
 }
 
@@ -1857,10 +1857,10 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
           break;
         }
     }
-  
+
   if (handle->idev)
     {
-      rc = usb_bulk_write (handle->idev, 
+      rc = usb_bulk_write (handle->idev,
                            handle->ep_bulk_out,
                            (char*)msg, msglen,
                            5000 /* ms timeout */);
@@ -1897,7 +1897,7 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
         return 0;
       DEBUGOUT_2 ("writen to %d failed: %s\n",
                   handle->dev_fd, strerror (errno));
-      
+
     }
   return CCID_DRIVER_ERR_CARD_IO_ERROR;
 }
@@ -1925,7 +1925,7 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
  retry:
   if (handle->idev)
     {
-      rc = usb_bulk_read (handle->idev, 
+      rc = usb_bulk_read (handle->idev,
                           handle->ep_bulk_in,
                           (char*)buffer, length,
                           timeout);
@@ -1967,12 +1967,12 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
       abort_cmd (handle, seqno);
       return CCID_DRIVER_ERR_INV_VALUE;
     }
-  if (buffer[5] != 0)    
+  if (buffer[5] != 0)
     {
       DEBUGOUT_1 ("unexpected bulk-in slot (%d)\n", buffer[5]);
       return CCID_DRIVER_ERR_INV_VALUE;
     }
-  if (buffer[6] != seqno)    
+  if (buffer[6] != seqno)
     {
       DEBUGOUT_2 ("bulk-in seqno does not match (%d/%d)\n",
                   seqno, buffer[6]);
@@ -1985,7 +1985,7 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
      for the Cherry keyboard which sends a time extension request for
      each key hit.  */
   if ( !(buffer[7] & 0x03) && (buffer[7] & 0xC0) == 0x80)
-    { 
+    {
       /* Card present and active, time extension requested. */
       DEBUGOUT_2 ("time extension requested (%02X,%02X)\n",
                   buffer[7], buffer[8]);
@@ -2055,13 +2055,13 @@ abort_cmd (ccid_driver_t handle, int seqno)
       /* I don't know how to send an abort to non-USB devices.  */
       rc = CCID_DRIVER_ERR_NOT_SUPPORTED;
     }
-  
+
   seqno &= 0xff;
   DEBUGOUT_1 ("sending abort sequence for seqno %d\n", seqno);
   /* Send the abort command to the control pipe.  Note that we don't
      need to keep track of sent abort commands because there should
      never be another thread using the same slot concurrently.  */
-  rc = usb_control_msg (handle->idev, 
+  rc = usb_control_msg (handle->idev,
                         0x21,/* bmRequestType: host-to-device,
                                 class specific, to interface.  */
                         1,   /* ABORT */
@@ -2081,7 +2081,7 @@ abort_cmd (ccid_driver_t handle, int seqno)
   seqno--;  /* Adjust for next increment.  */
   do
     {
-      seqno++; 
+      seqno++;
       msg[0] = PC_to_RDR_Abort;
       msg[5] = 0; /* slot */
       msg[6] = seqno;
@@ -2091,24 +2091,24 @@ abort_cmd (ccid_driver_t handle, int seqno)
       msglen = 10;
       set_msg_len (msg, 0);
 
-      rc = usb_bulk_write (handle->idev, 
+      rc = usb_bulk_write (handle->idev,
                            handle->ep_bulk_out,
                            (char*)msg, msglen,
                            5000 /* ms timeout */);
       if (rc == msglen)
         rc = 0;
       else if (rc == -1)
-        DEBUGOUT_1 ("usb_bulk_write error in abort_cmd: %s\n", 
+        DEBUGOUT_1 ("usb_bulk_write error in abort_cmd: %s\n",
                     strerror (errno));
       else
         DEBUGOUT_1 ("usb_bulk_write failed in abort_cmd: %d\n", rc);
 
       if (rc)
         return rc;
-      
-      rc = usb_bulk_read (handle->idev, 
+
+      rc = usb_bulk_read (handle->idev,
                           handle->ep_bulk_in,
-                          (char*)msg, sizeof msg, 
+                          (char*)msg, sizeof msg,
                           5000 /*ms timeout*/);
       if (rc < 0)
         {
@@ -2124,7 +2124,7 @@ abort_cmd (ccid_driver_t handle, int seqno)
                       (unsigned int)msglen);
           return CCID_DRIVER_ERR_INV_VALUE;
         }
-      if (msg[5] != 0)    
+      if (msg[5] != 0)
         {
           DEBUGOUT_1 ("unexpected bulk-in slot (%d) in abort_cmd\n", msg[5]);
           return CCID_DRIVER_ERR_INV_VALUE;
@@ -2149,7 +2149,7 @@ abort_cmd (ccid_driver_t handle, int seqno)
    operation will get returned in RESULT and its length in RESULTLEN.
    If the response is larger than RESULTMAX, an error is returned and
    the required buffer length returned in RESULTLEN.  */
-static int 
+static int
 send_escape_cmd (ccid_driver_t handle,
                  const unsigned char *data, size_t datalen,
                  unsigned char *result, size_t resultmax, size_t *resultlen)
@@ -2201,7 +2201,7 @@ send_escape_cmd (ccid_driver_t handle,
       default:
         break;
       }
-  
+
   return rc;
 }
 
@@ -2227,14 +2227,14 @@ ccid_poll (ccid_driver_t handle)
 
   if (handle->idev)
     {
-      rc = usb_bulk_read (handle->idev, 
+      rc = usb_bulk_read (handle->idev,
                           handle->ep_intr,
                           (char*)msg, sizeof msg,
                           0 /* ms timeout */ );
       if (rc < 0 && errno == ETIMEDOUT)
         return 0;
     }
-  else 
+  else
     return 0;
 
   if (rc < 0)
@@ -2258,12 +2258,12 @@ ccid_poll (ccid_driver_t handle)
       for (i=1; i < msglen; i++)
         for (j=0; j < 4; j++)
           DEBUGOUT_CONT_3 (" %d:%c%c",
-                           (i-1)*4+j, 
+                           (i-1)*4+j,
                            (msg[i] & (1<<(j*2)))? 'p':'-',
                            (msg[i] & (2<<(j*2)))? '*':' ');
       DEBUGOUT_LF ();
     }
-  else if (msg[0] == RDR_to_PC_HardwareError)    
+  else if (msg[0] == RDR_to_PC_HardwareError)
     {
       DEBUGOUT ("hardware error occured\n");
     }
@@ -2278,7 +2278,7 @@ ccid_poll (ccid_driver_t handle)
 
 /* Note that this function won't return the error codes NO_CARD or
    CARD_INACTIVE */
-int 
+int
 ccid_slot_status (ccid_driver_t handle, int *statusbits)
 {
   int rc;
@@ -2328,7 +2328,7 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits)
 
 /* Return the ATR of the card.  This is not a cached value and thus an
    actual reset is done.  */
-int 
+int
 ccid_get_atr (ccid_driver_t handle,
               unsigned char *atr, size_t maxatrlen, size_t *atrlen)
 {
@@ -2387,7 +2387,7 @@ ccid_get_atr (ccid_driver_t handle,
 
 
   handle->powered_off = 0;
-  
+
   if (atr)
     {
       size_t n = msglen - 10;
@@ -2462,7 +2462,7 @@ ccid_get_atr (ccid_driver_t handle,
       tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0;
       tpdu[1] = (0xc0 | 0 | 1); /* S-block request: change IFSD */
       tpdu[2] = 1;
-      tpdu[3] = handle->max_ifsd? handle->max_ifsd : 32; 
+      tpdu[3] = handle->max_ifsd? handle->max_ifsd : 32;
       tpdulen = 4;
       edc = compute_edc (tpdu, tpdulen, use_crc);
       if (use_crc)
@@ -2472,7 +2472,7 @@ ccid_get_atr (ccid_driver_t handle,
       msg[0] = PC_to_RDR_XfrBlock;
       msg[5] = 0; /* slot */
       msg[6] = seqno = handle->seqno++;
-      msg[7] = 0; 
+      msg[7] = 0;
       msg[8] = 0; /* RFU */
       msg[9] = 0; /* RFU */
       set_msg_len (msg, tpdulen);
@@ -2495,12 +2495,12 @@ ccid_get_atr (ccid_driver_t handle,
                     RDR_to_PC_DataBlock, seqno, 5000, 0);
       if (rc)
         return rc;
-      
+
       tpdu = msg + 10;
       tpdulen = msglen - 10;
-      
-      if (tpdulen < 4) 
-        return CCID_DRIVER_ERR_ABORTED; 
+
+      if (tpdulen < 4)
+        return CCID_DRIVER_ERR_ABORTED;
 
       if (debug_level > 1)
         DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
@@ -2525,7 +2525,7 @@ ccid_get_atr (ccid_driver_t handle,
 
 
 
-static unsigned int 
+static unsigned int
 compute_edc (const unsigned char *data, size_t datalen, int use_crc)
 {
   if (use_crc)
@@ -2535,7 +2535,7 @@ compute_edc (const unsigned char *data, size_t datalen, int use_crc)
   else
     {
       unsigned char crc = 0;
-      
+
       for (; datalen; datalen--)
         crc ^= *data++;
       return crc;
@@ -2580,7 +2580,7 @@ ccid_transceive_apdu_level (ccid_driver_t handle,
      extended APDU exchange level is not yet supported.  */
   if (apdulen > 261)
     return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */
-  
+
   msg[0] = PC_to_RDR_XfrBlock;
   msg[5] = 0; /* slot */
   msg[6] = seqno = handle->seqno++;
@@ -2600,10 +2600,10 @@ ccid_transceive_apdu_level (ccid_driver_t handle,
                 RDR_to_PC_DataBlock, seqno, 5000, 0);
   if (rc)
     return rc;
-      
+
   apdu = msg + 10;
   apdulen = msglen - 10;
-      
+
   if (resp)
     {
       if (apdulen > maxresplen)
@@ -2613,11 +2613,11 @@ ccid_transceive_apdu_level (ccid_driver_t handle,
                       (unsigned int)apdulen, (unsigned int)maxresplen);
           return CCID_DRIVER_ERR_INV_VALUE;
         }
-      
-      memcpy (resp, apdu, apdulen); 
+
+      memcpy (resp, apdu, apdulen);
       *nresp = apdulen;
     }
-          
+
   return 0;
 }
 
@@ -2628,15 +2628,15 @@ ccid_transceive_apdu_level (ccid_driver_t handle,
 
   Block Structure:
            Prologue Field:
-   1 byte     Node Address (NAD) 
+   1 byte     Node Address (NAD)
    1 byte     Protocol Control Byte (PCB)
-   1 byte     Length (LEN) 
+   1 byte     Length (LEN)
            Information Field:
    0-254 byte APDU or Control Information (INF)
            Epilogue Field:
    1 byte     Error Detection Code (EDC)
 
-  NAD:  
+  NAD:
    bit 7     unused
    bit 4..6  Destination Node Address (DAD)
    bit 3     unused
@@ -2651,7 +2651,7 @@ ccid_transceive_apdu_level (ccid_driver_t handle,
    Information Block (I-Block):
       bit 7    0
       bit 6    Sequence number (yep, that is modulo 2)
-      bit 5    Chaining flag 
+      bit 5    Chaining flag
       bit 4..0 reserved
    Received-Ready Block (R-Block):
       bit 7    1
@@ -2754,7 +2754,7 @@ ccid_transceive (ccid_driver_t handle,
           if (apdulen > handle->ifsc )
             {
               apdulen = handle->ifsc;
-              apdu_buf += handle->ifsc;  
+              apdu_buf += handle->ifsc;
               apdu_buflen -= handle->ifsc;
               tpdu[1] |= (1 << 5); /* Set more bit. */
             }
@@ -2801,14 +2801,14 @@ ccid_transceive (ccid_driver_t handle,
                      : !!(msg[pcboff] & 0x40)),
                     (!(msg[pcboff] & 0x80) && (msg[pcboff] & 0x20)?
                      " [more]":""));
-      
+
       rc = bulk_out (handle, msg, msglen, 0);
       if (rc)
         return rc;
 
       msg = recv_buffer;
       rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
-                    via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock, 
+                    via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock,
                     seqno, 5000, 0);
       if (rc)
         return rc;
@@ -2816,11 +2816,11 @@ ccid_transceive (ccid_driver_t handle,
       tpdu = msg + hdrlen;
       tpdulen = msglen - hdrlen;
       resyncing = 0;
-            
-      if (tpdulen < 4) 
+
+      if (tpdulen < 4)
         {
           usb_clear_halt (handle->idev, handle->ep_bulk_in);
-          return CCID_DRIVER_ERR_ABORTED; 
+          return CCID_DRIVER_ERR_ABORTED;
         }
 
       if (debug_level > 1)
@@ -2872,16 +2872,16 @@ ccid_transceive (ccid_driver_t handle,
                               (unsigned int)n, (unsigned int)maxresplen);
                   return CCID_DRIVER_ERR_INV_VALUE;
                 }
-              
-              memcpy (resp, p, n); 
+
+              memcpy (resp, p, n);
               resp += n;
               *nresp += n;
               maxresplen -= n;
             }
-          
+
           if (!(tpdu[1] & 0x20))
             return 0; /* No chaining requested - ready. */
-          
+
           msg = send_buffer;
           tpdu = msg + hdrlen;
           tpdu[0] = nad_byte;
@@ -2895,8 +2895,8 @@ ccid_transceive (ccid_driver_t handle,
         }
       else if ((tpdu[1] & 0xc0) == 0x80)
         { /* This is a R-block. */
-          if ( (tpdu[1] & 0x0f)) 
-            { 
+          if ( (tpdu[1] & 0x0f))
+            {
               retries++;
               if (via_escape && retries == 1 && (msg[pcboff] & 0x0f))
                 {
@@ -2946,7 +2946,7 @@ ccid_transceive (ccid_driver_t handle,
               return CCID_DRIVER_ERR_CARD_IO_ERROR;
             }
         }
-      else 
+      else
         { /* This is a S-block. */
           retries = 0;
           DEBUGOUT_2 ("T=1: S-block %s received cmd=%d\n",
@@ -3010,14 +3010,14 @@ ccid_transceive (ccid_driver_t handle,
 /* Send the CCID Secure command to the reader.  APDU_BUF should
    contain the APDU template.  PIN_MODE defines how the pin gets
    formatted:
-   
+
      1 := The PIN is ASCII encoded and of variable length.  The
           length of the PIN entered will be put into Lc by the reader.
           The APDU should me made up of 4 bytes without Lc.
 
    PINLEN_MIN and PINLEN_MAX define the limits for the pin length. 0
    may be used t enable reasonable defaults.  PIN_PADLEN should be 0.
-   
+
    When called with RESP and NRESP set to NULL, the function will
    merely check whether the reader supports the secure command for the
    given APDU and PIN_MODE. */
@@ -3025,7 +3025,7 @@ int
 ccid_transceive_secure (ccid_driver_t handle,
                         const unsigned char *apdu_buf, size_t apdu_buflen,
                         int pin_mode, int pinlen_min, int pinlen_max,
-                        int pin_padlen, 
+                        int pin_padlen,
                         unsigned char *resp, size_t maxresplen, size_t *nresp)
 {
   int rc;
@@ -3049,7 +3049,7 @@ ccid_transceive_secure (ccid_driver_t handle,
     return CCID_DRIVER_ERR_NOT_SUPPORTED; /* Not yet by our code. */
   else
     return CCID_DRIVER_ERR_NO_KEYPAD;
-    
+
   if (pin_mode != 1)
     return CCID_DRIVER_ERR_NOT_SUPPORTED;
 
@@ -3063,7 +3063,7 @@ ccid_transceive_secure (ccid_driver_t handle,
 
   /* Note that the 25 is the maximum value the SPR532 allows.  */
   if (pinlen_min < 1 || pinlen_min > 25
-      || pinlen_max < 1 || pinlen_max > 25 
+      || pinlen_max < 1 || pinlen_max > 25
       || pinlen_min > pinlen_max)
     return CCID_DRIVER_ERR_INV_VALUE;
 
@@ -3091,7 +3091,7 @@ ccid_transceive_secure (ccid_driver_t handle,
 
   if (testmode)
     return 0; /* Success */
-    
+
   msg = send_buffer;
   if (handle->id_vendor == VENDOR_SCM)
     {
@@ -3121,7 +3121,7 @@ ccid_transceive_secure (ccid_driver_t handle,
   else
     {
       msg[13] = 0x00; /* bmPINBlockString:
-                         0 bits of pin length to insert. 
+                         0 bits of pin length to insert.
                          0 bytes of PIN block size.  */
       msg[14] = 0x00; /* bmPINLengthFormat:
                          Units are bytes, position is 0. */
@@ -3157,13 +3157,13 @@ ccid_transceive_secure (ccid_driver_t handle,
   rc = bulk_out (handle, msg, msglen, 0);
   if (rc)
     return rc;
-  
+
   msg = recv_buffer;
   rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
                 RDR_to_PC_DataBlock, seqno, 30000, 0);
   if (rc)
     return rc;
-  
+
   tpdu = msg + 10;
   tpdulen = msglen - 10;
 
@@ -3178,17 +3178,17 @@ ccid_transceive_secure (ccid_driver_t handle,
                           (unsigned int)tpdulen, (unsigned int)maxresplen);
               return CCID_DRIVER_ERR_INV_VALUE;
             }
-          
-          memcpy (resp, tpdu, tpdulen); 
+
+          memcpy (resp, tpdu, tpdulen);
           *nresp = tpdulen;
         }
       return 0;
     }
-  
-  if (tpdulen < 4) 
+
+  if (tpdulen < 4)
     {
       usb_clear_halt (handle->idev, handle->ep_bulk_in);
-      return CCID_DRIVER_ERR_ABORTED; 
+      return CCID_DRIVER_ERR_ABORTED;
     }
   if (debug_level > 1)
     DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
@@ -3223,22 +3223,22 @@ ccid_transceive_secure (ccid_driver_t handle,
                           (unsigned int)n, (unsigned int)maxresplen);
               return CCID_DRIVER_ERR_INV_VALUE;
             }
-              
-          memcpy (resp, p, n); 
+
+          memcpy (resp, p, n);
           resp += n;
           *nresp += n;
           maxresplen -= n;
         }
-          
+
       if (!(tpdu[1] & 0x20))
         return 0; /* No chaining requested - ready. */
-      
+
       DEBUGOUT ("chaining requested but not supported for Secure operation\n");
       return CCID_DRIVER_ERR_CARD_IO_ERROR;
     }
   else if ((tpdu[1] & 0xc0) == 0x80)
     { /* This is a R-block. */
-      if ( (tpdu[1] & 0x0f)) 
+      if ( (tpdu[1] & 0x0f))
         { /* Error: repeat last block */
           DEBUGOUT ("No retries supported for Secure operation\n");
           return CCID_DRIVER_ERR_CARD_IO_ERROR;
@@ -3254,13 +3254,13 @@ ccid_transceive_secure (ccid_driver_t handle,
           return CCID_DRIVER_ERR_CARD_IO_ERROR;
         }
     }
-  else 
+  else
     { /* This is a S-block. */
       DEBUGOUT_2 ("T=1: S-block %s received cmd=%d for Secure operation\n",
                   (tpdu[1] & 0x20)? "response": "request",
                   (tpdu[1] & 0x1f));
       return CCID_DRIVER_ERR_CARD_IO_ERROR;
-    } 
+    }
 
   return 0;
 }
@@ -3416,7 +3416,7 @@ main (int argc, char **argv)
                           result, sizeof result, &resultlen);
     print_result (rc, result, resultlen);
   }
-  
+
 
   if (!no_poll)
     ccid_poll (ccid);
@@ -3437,7 +3437,7 @@ main (int argc, char **argv)
     {
       static unsigned char apdu[] = { 0, 0x20, 0, 0x81 };
 
-      
+
       if (ccid_transceive_secure (ccid,
                                   apdu, sizeof apdu,
                                   1, 0, 0, 0,
@@ -3446,7 +3446,7 @@ main (int argc, char **argv)
       else
         {
           fputs ("verifying CHV1 using the PINPad ....\n", stderr);
-          
+
           rc = ccid_transceive_secure (ccid,
                                        apdu, sizeof apdu,
                                        1, 0, 0, 0,
@@ -3455,7 +3455,7 @@ main (int argc, char **argv)
           did_verify = 1;
         }
     }
-  
+
   if (verify_123456 && !did_verify)
     {
       fputs ("verifying that CHV1 is 123456....\n", stderr);
diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
index 6bb1913e1..8b709aee8 100644
--- a/scd/ccid-driver.h
+++ b/scd/ccid-driver.h
@@ -59,7 +59,7 @@
 /* The CID driver returns the same error codes as the status words
    used by GnuPG's apdu.h.  For ease of maintenance they should always
    match.  */
-#define CCID_DRIVER_ERR_OUT_OF_CORE    0x10001 
+#define CCID_DRIVER_ERR_OUT_OF_CORE    0x10001
 #define CCID_DRIVER_ERR_INV_VALUE      0x10002
 #define CCID_DRIVER_ERR_INCOMPLETE_CARD_RESPONSE = 0x10003
 #define CCID_DRIVER_ERR_NO_DRIVER      0x10004
@@ -80,7 +80,7 @@ typedef struct ccid_driver_s *ccid_driver_t;
 int ccid_set_debug_level (int level);
 char *ccid_get_reader_list (void);
 int ccid_open_reader (ccid_driver_t *handle, const char *readerid);
-int ccid_set_progress_cb (ccid_driver_t handle, 
+int ccid_set_progress_cb (ccid_driver_t handle,
                           void (*cb)(void *, const char *, int, int, int),
                           void *cb_arg);
 int ccid_shutdown_reader (ccid_driver_t handle);
@@ -93,8 +93,8 @@ int ccid_transceive (ccid_driver_t handle,
                      unsigned char *resp, size_t maxresplen, size_t *nresp);
 int ccid_transceive_secure (ccid_driver_t handle,
                      const unsigned char *apdu, size_t apdulen,
-                     int pin_mode, 
-                     int pinlen_min, int pinlen_max, int pin_padlen, 
+                     int pin_mode,
+                     int pinlen_min, int pinlen_max, int pin_padlen,
                      unsigned char *resp, size_t maxresplen, size_t *nresp);
 int ccid_transceive_escape (ccid_driver_t handle,
                             const unsigned char *data, size_t datalen,
@@ -104,6 +104,3 @@ int ccid_transceive_escape (ccid_driver_t handle,
 
 
 #endif /*CCID_DRIVER_H*/
-
-
-
diff --git a/scd/command.c b/scd/command.c
index a44378d43..be11ccb77 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -75,7 +75,7 @@ static int reader_disabled;
 
 
 /* This structure is used to keep track of open readers (slots). */
-struct slot_status_s 
+struct slot_status_s
 {
   int valid;  /* True if the other objects are valid. */
   int slot;   /* Slot number of the reader or -1 if not open. */
@@ -92,11 +92,11 @@ struct slot_status_s
 
 /* Data used to associate an Assuan context with local server data.
    This object describes the local properties of one session.  */
-struct server_local_s 
+struct server_local_s
 {
   /* We keep a list of all active sessions with the anchor at
      SESSION_LIST (see below).  This field is used for linking. */
-  struct server_local_s *next_session; 
+  struct server_local_s *next_session;
 
   /* This object is usually assigned to a CTRL object (which is
      globally visible).  While enumerating all sessions we sometimes
@@ -112,10 +112,10 @@ struct server_local_s
 #else
   int event_signal;             /* Or 0 if not used. */
 #endif
-  
+
   /* True if the card has been removed and a reset is required to
      continue operation. */
-  int card_removed;        
+  int card_removed;
 
   /* Flag indicating that the application context needs to be released
      at the next opportunity.  */
@@ -126,7 +126,7 @@ struct server_local_s
 
   /* If set to true we will be terminate ourself at the end of the
      this session.  */
-  int stopme;  
+  int stopme;
 
 };
 
@@ -256,7 +256,7 @@ hex_to_buffer (const char *string, size_t *r_length)
     return NULL;
   for (s=string, n=0; *s; s++)
     {
-      if (spacep (s) || *s == ':') 
+      if (spacep (s) || *s == ':')
         continue;
       if (hexdigitp (s) && hexdigitp (s+1))
         {
@@ -293,7 +293,7 @@ do_reset (ctrl_t ctrl, int send_reset)
       if (send_reset)
         {
           struct server_local_s *sl;
-          
+
           for (sl=session_list; sl; sl = sl->next_session)
             if (sl->ctrl_backlink
                 && sl->ctrl_backlink->reader_slot == slot)
@@ -307,7 +307,7 @@ do_reset (ctrl_t ctrl, int send_reset)
      tell the application layer about it.  */
   if (slot != -1 && send_reset && !IS_LOCKED (ctrl) )
     {
-      if (apdu_reset (slot)) 
+      if (apdu_reset (slot))
         {
           slot_table[slot].valid = 0;
         }
@@ -345,7 +345,7 @@ do_reset (ctrl_t ctrl, int send_reset)
 static gpg_error_t
 reset_notify (assuan_context_t ctx, char *line)
 {
-  ctrl_t ctrl = assuan_get_pointer (ctx); 
+  ctrl_t ctrl = assuan_get_pointer (ctx);
 
   (void) line;
 
@@ -489,7 +489,7 @@ open_card (ctrl_t ctrl, const char *apptype)
 }
 
 
-static const char hlp_serialno[] = 
+static const char hlp_serialno[] =
   "SERIALNO []\n"
   "\n"
   "Return the serial number of the card using a status reponse.  This\n"
@@ -544,7 +544,7 @@ cmd_serialno (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_learn[] = 
+static const char hlp_learn[] =
   "LEARN [--force] [--keypairinfo]\n"
   "\n"
   "Learn all useful information of the currently inserted card.  When\n"
@@ -632,7 +632,7 @@ cmd_learn (assuan_context_t ctx, char *line)
       char *serial_and_stamp;
       char *serial;
       time_t stamp;
-      
+
       rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp);
       if (rc)
         return rc;
@@ -643,11 +643,11 @@ cmd_learn (assuan_context_t ctx, char *line)
         return out_of_core ();
       rc = 0;
       assuan_write_status (ctx, "SERIALNO", serial_and_stamp);
-      
+
       if (!has_option (line, "--force"))
         {
           char *command;
-          
+
           rc = estream_asprintf (&command, "KNOWNCARDP %s", serial_and_stamp);
           if (rc < 0)
             {
@@ -655,7 +655,7 @@ cmd_learn (assuan_context_t ctx, char *line)
               return out_of_core ();
             }
           rc = 0;
-          rc = assuan_inquire (ctx, command, NULL, NULL, 0); 
+          rc = assuan_inquire (ctx, command, NULL, NULL, 0);
           xfree (command);
           if (rc)
             {
@@ -663,13 +663,13 @@ cmd_learn (assuan_context_t ctx, char *line)
                 log_error ("inquire KNOWNCARDP failed: %s\n",
                            gpg_strerror (rc));
               xfree (serial_and_stamp);
-              return rc; 
+              return rc;
             }
           /* Not canceled, so we have to proceeed.  */
         }
       xfree (serial_and_stamp);
     }
-  
+
   /* Let the application print out its collection of useful status
      information. */
   if (!rc)
@@ -715,7 +715,7 @@ cmd_readcert (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_readkey[] = 
+static const char hlp_readkey[] =
   "READKEY \n"
   "\n"
   "Return the public key for the given cert or key ID as a standard\n"
@@ -753,7 +753,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
 
   if (gpg_err_code (rc) != GPG_ERR_UNSUPPORTED_OPERATION)
     log_error ("app_readkey failed: %s\n", gpg_strerror (rc));
-  else  
+  else
     {
       rc = app_readcert (ctrl->app_ctx, line, &cert, &ncert);
       if (rc)
@@ -763,7 +763,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
   line = NULL;
   if (rc)
     goto leave;
-      
+
   rc = ksba_cert_new (&kc);
   if (rc)
     {
@@ -798,7 +798,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
 
 
 
-static const char hlp_setdata[] = 
+static const char hlp_setdata[] =
   "SETDATA  \n"
   "\n"
   "The client should use this command to tell us the data he want to sign.";
@@ -837,7 +837,7 @@ cmd_setdata (assuan_context_t ctx, char *line)
 
 
 
-static gpg_error_t 
+static gpg_error_t
 pin_cb (void *opaque, const char *info, char **retstr)
 {
   assuan_context_t ctx = opaque;
@@ -857,14 +857,14 @@ pin_cb (void *opaque, const char *info, char **retstr)
           rc = estream_asprintf (&command, "POPUPKEYPADPROMPT %s", info);
           if (rc < 0)
             return gpg_error (gpg_err_code_from_errno (errno));
-          rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN); 
-          xfree (command);  
+          rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
+          xfree (command);
         }
       else
         {
           log_debug ("dismiss keypad entry prompt\n");
           rc = assuan_inquire (ctx, "DISMISSKEYPADPROMPT",
-                               &value, &valuelen, MAXLEN_PIN); 
+                               &value, &valuelen, MAXLEN_PIN);
         }
       if (!rc)
         xfree (value);
@@ -880,8 +880,8 @@ pin_cb (void *opaque, const char *info, char **retstr)
 
   /* Fixme: Write an inquire function which returns the result in
      secure memory and check all further handling of the PIN. */
-  rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN); 
-  xfree (command);  
+  rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
+  xfree (command);
   if (rc)
     return rc;
 
@@ -896,7 +896,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
 }
 
 
-static const char hlp_pksign[] = 
+static const char hlp_pksign[] =
   "PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] \n"
   "\n"
   "The --hash option is optional; the default is SHA1.";
@@ -925,7 +925,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
   else if (has_option (line, "--hash=md5"))
     hash_algo = GCRY_MD_MD5;
   else if (!strstr (line, "--"))
-    hash_algo = GCRY_MD_SHA1; 
+    hash_algo = GCRY_MD_SHA1;
   else
     return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
 
@@ -943,7 +943,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
   keyidstr = xtrystrdup (line);
   if (!keyidstr)
     return out_of_core ();
-  
+
   rc = app_sign (ctrl->app_ctx,
                  keyidstr, hash_algo,
                  pin_cb, ctx,
@@ -968,7 +968,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_pkauth[] = 
+static const char hlp_pkauth[] =
   "PKAUTH ";
 static gpg_error_t
 cmd_pkauth (assuan_context_t ctx, char *line)
@@ -994,7 +994,7 @@ cmd_pkauth (assuan_context_t ctx, char *line)
   keyidstr = xtrystrdup (line);
   if (!keyidstr)
     return out_of_core ();
-  
+
   rc = app_auth (ctrl->app_ctx,
                  keyidstr,
                  pin_cb, ctx,
@@ -1018,7 +1018,7 @@ cmd_pkauth (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_pkdecrypt[] = 
+static const char hlp_pkdecrypt[] =
   "PKDECRYPT ";
 static gpg_error_t
 cmd_pkdecrypt (assuan_context_t ctx, char *line)
@@ -1039,7 +1039,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
   if (!keyidstr)
     return out_of_core ();
   rc = app_decipher (ctrl->app_ctx,
-                     keyidstr, 
+                     keyidstr,
                      pin_cb, ctx,
                      ctrl->in_data.value, ctrl->in_data.valuelen,
                      &outdata, &outdatalen);
@@ -1062,7 +1062,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_getattr[] = 
+static const char hlp_getattr[] =
   "GETATTR \n"
   "\n"
   "This command is used to retrieve data from a smartcard.  The\n"
@@ -1101,7 +1101,7 @@ cmd_getattr (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_setattr[] = 
+static const char hlp_setattr[] =
   "SETATTR   \n"
   "\n"
   "This command is used to store data on a a smartcard.  The allowed\n"
@@ -1154,7 +1154,7 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
 }
 
 
-static const char hlp_writecert[] = 
+static const char hlp_writecert[] =
   "WRITECERT \n"
   "\n"
   "This command is used to store a certifciate on a smartcard.  The\n"
@@ -1206,7 +1206,7 @@ cmd_writecert (assuan_context_t ctx, char *line)
     }
 
   /* Write the certificate to the card. */
-  rc = app_writecert (ctrl->app_ctx, ctrl, certid, 
+  rc = app_writecert (ctrl->app_ctx, ctrl, certid,
                       pin_cb, ctx, certdata, certdatalen);
   xfree (certid);
   xfree (certdata);
@@ -1216,7 +1216,7 @@ cmd_writecert (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_writekey[] = 
+static const char hlp_writekey[] =
   "WRITEKEY [--force]  \n"
   "\n"
   "This command is used to store a secret key on a a smartcard.  The\n"
@@ -1283,7 +1283,7 @@ cmd_writekey (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_genkey[] = 
+static const char hlp_genkey[] =
   "GENKEY [--force] [--timestamp=] \n"
   "\n"
   "Generate a key on-card identified by NO, which is application\n"
@@ -1357,7 +1357,7 @@ cmd_genkey (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_random[] = 
+static const char hlp_random[] =
   "RANDOM \n"
   "\n"
   "Get NBYTES of random from the card and send them back as data.\n"
@@ -1374,7 +1374,7 @@ cmd_random (assuan_context_t ctx, char *line)
   unsigned char *buffer;
 
   if (!*line)
-    return set_error (GPG_ERR_ASS_PARAMETER, 
+    return set_error (GPG_ERR_ASS_PARAMETER,
                       "number of requested bytes missing");
   nbytes = strtoul (line, NULL, 0);
 
@@ -1440,7 +1440,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
 
   if (!ctrl->app_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  
+
   chvnostr = xtrystrdup (chvnostr);
   if (!chvnostr)
     return out_of_core ();
@@ -1454,7 +1454,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_checkpin[] = 
+static const char hlp_checkpin[] =
   "CHECKPIN \n"
   "\n"
   "Perform a VERIFY operation without doing anything else.  This may\n"
@@ -1508,7 +1508,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
   idstr = xtrystrdup (line);
   if (!idstr)
     return out_of_core ();
-  
+
   rc = app_check_pin (ctrl->app_ctx, idstr, pin_cb, ctx);
   xfree (idstr);
   if (rc)
@@ -1519,7 +1519,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_lock[] = 
+static const char hlp_lock[] =
   "LOCK [--wait]\n"
   "\n"
   "Grant exclusive card access to this session.  Note that there is\n"
@@ -1556,14 +1556,14 @@ cmd_lock (assuan_context_t ctx, char *line)
       goto retry;
     }
 #endif /*USE_GNU_PTH*/
-  
+
   if (rc)
     log_error ("cmd_lock failed: %s\n", gpg_strerror (rc));
   return rc;
 }
 
 
-static const char hlp_unlock[] = 
+static const char hlp_unlock[] =
   "UNLOCK\n"
   "\n"
   "Release exclusive card access.";
@@ -1591,7 +1591,7 @@ cmd_unlock (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_getinfo[] = 
+static const char hlp_getinfo[] =
   "GETINFO \n"
   "\n"
   "Multi purpose command to return certain information.  \n"
@@ -1653,7 +1653,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
       if (!ctrl->server_local->card_removed && slot != -1)
 	{
 	  struct slot_status_s *ss;
-	  
+
 	  if (!(slot >= 0 && slot < DIM(slot_table)))
 	    BUG ();
 
@@ -1674,7 +1674,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
 #else
       char *s = NULL;
 #endif
-      
+
       if (s)
         rc = assuan_send_data (ctx, s, strlen (s));
       else
@@ -1698,7 +1698,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_restart[] = 
+static const char hlp_restart[] =
   "RESTART\n"
   "\n"
   "Restart the current connection; this is a kind of warm reset.  It\n"
@@ -1729,7 +1729,7 @@ cmd_restart (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_disconnect[] = 
+static const char hlp_disconnect[] =
   "DISCONNECT\n"
   "\n"
   "Disconnect the card if it is not any longer used by other\n"
@@ -1740,14 +1740,14 @@ cmd_disconnect (assuan_context_t ctx, char *line)
   ctrl_t ctrl = assuan_get_pointer (ctx);
 
   (void)line;
-  
+
   ctrl->server_local->disconnect_allowed = 1;
   return 0;
 }
 
 
 
-static const char hlp_apdu[] = 
+static const char hlp_apdu[] =
   "APDU [--atr] [--more] [--exlen[=N]] [hexstring]\n"
   "\n"
   "Send an APDU to the current reader.  This command bypasses the high\n"
@@ -1804,7 +1804,7 @@ cmd_apdu (assuan_context_t ctx, char *line)
       unsigned char *atr;
       size_t atrlen;
       char hexbuf[400];
-      
+
       atr = apdu_get_atr (ctrl->reader_slot, &atrlen);
       if (!atr || atrlen > sizeof hexbuf - 2 )
         {
@@ -1846,7 +1846,7 @@ cmd_apdu (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_killscd[] = 
+static const char hlp_killscd[] =
   "KILLSCD\n"
   "\n"
   "Commit suicide.";
@@ -1880,8 +1880,8 @@ register_commands (assuan_context_t ctx)
     { "PKSIGN",       cmd_pksign,   hlp_pksign },
     { "PKAUTH",       cmd_pkauth,   hlp_pkauth },
     { "PKDECRYPT",    cmd_pkdecrypt,hlp_pkdecrypt },
-    { "INPUT",        NULL }, 
-    { "OUTPUT",       NULL }, 
+    { "INPUT",        NULL },
+    { "OUTPUT",       NULL },
     { "GETATTR",      cmd_getattr,  hlp_getattr },
     { "SETATTR",      cmd_setattr,  hlp_setattr },
     { "WRITECERT",    cmd_writecert,hlp_writecert },
@@ -1907,7 +1907,7 @@ register_commands (assuan_context_t ctx)
                                     table[i].help);
       if (rc)
         return rc;
-    } 
+    }
   assuan_set_hello_line (ctx, "GNU Privacy Guard's Smartcard server ready");
 
   assuan_register_reset_notify (ctx, reset_notify);
@@ -1925,7 +1925,7 @@ scd_command_handler (ctrl_t ctrl, int fd)
   int rc;
   assuan_context_t ctx = NULL;
   int stopme;
-  
+
   rc = assuan_new (&ctx);
   if (rc)
     {
@@ -1990,7 +1990,7 @@ scd_command_handler (ctrl_t ctrl, int fd)
           log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
           break;
         }
-      
+
       rc = assuan_process (ctx);
       if (rc)
         {
@@ -2000,7 +2000,7 @@ scd_command_handler (ctrl_t ctrl, int fd)
     }
 
   /* Cleanup.  We don't send an explicit reset to the card.  */
-  do_reset (ctrl, 0); 
+  do_reset (ctrl, 0);
 
   /* Release the server object.  */
   if (session_list == ctrl->server_local)
@@ -2008,7 +2008,7 @@ scd_command_handler (ctrl_t ctrl, int fd)
   else
     {
       struct server_local_s *sl;
-      
+
       for (sl=session_list; sl->next_session; sl = sl->next_session)
         if (sl->next_session == ctrl->server_local)
           break;
@@ -2043,10 +2043,10 @@ send_status_info (ctrl_t ctrl, const char *keyword, ...)
   char buf[950], *p;
   size_t n;
   assuan_context_t ctx = ctrl->server_local->assuan_ctx;
-  
+
   va_start (arg_ptr, keyword);
 
-  p = buf; 
+  p = buf;
   n = 0;
   while ( (value = va_arg (arg_ptr, const unsigned char *)) )
     {
@@ -2096,17 +2096,17 @@ static void
 send_client_notifications (void)
 {
   struct {
-    pid_t pid; 
+    pid_t pid;
 #ifdef HAVE_W32_SYSTEM
     HANDLE handle;
 #else
-    int signo; 
+    int signo;
 #endif
   } killed[50];
   int killidx = 0;
   int kidx;
   struct server_local_s *sl;
-  
+
   for (sl=session_list; sl; sl = sl->next_session)
     {
       if (sl->event_signal && sl->assuan_ctx)
@@ -2114,9 +2114,9 @@ send_client_notifications (void)
           pid_t pid = assuan_get_pid (sl->assuan_ctx);
 #ifdef HAVE_W32_SYSTEM
           HANDLE handle = (void *)sl->event_signal;
-          
+
           for (kidx=0; kidx < killidx; kidx++)
-            if (killed[kidx].pid == pid 
+            if (killed[kidx].pid == pid
                 && killed[kidx].handle == handle)
               break;
           if (kidx < killidx)
@@ -2138,11 +2138,11 @@ send_client_notifications (void)
             }
 #else /*!HAVE_W32_SYSTEM*/
           int signo = sl->event_signal;
-          
+
           if (pid != (pid_t)(-1) && pid && signo > 0)
             {
               for (kidx=0; kidx < killidx; kidx++)
-                if (killed[kidx].pid == pid 
+                if (killed[kidx].pid == pid
                     && killed[kidx].signo == signo)
                   break;
               if (kidx < killidx)
@@ -2193,7 +2193,7 @@ update_reader_status_file (int set_card_removed_flag)
 
       if (!ss->valid || ss->slot == -1)
         continue; /* Not valid or reader not yet open. */
-      
+
       sw_apdu = apdu_get_status (ss->slot, 0, &status, &changed);
       if (sw_apdu == SW_HOST_NO_READER)
         {
@@ -2206,7 +2206,7 @@ update_reader_status_file (int set_card_removed_flag)
       else if (sw_apdu)
         {
           /* Get status failed.  Ignore that.  */
-          continue; 
+          continue;
         }
 
       if (!ss->any || ss->status != status || ss->changed != changed )
@@ -2235,14 +2235,14 @@ update_reader_status_file (int set_card_removed_flag)
               fclose (fp);
             }
           xfree (fname);
-            
+
           /* If a status script is executable, run it. */
           {
             const char *args[9], *envs[2];
             char numbuf1[30], numbuf2[30], numbuf3[30];
             char *homestr, *envstr;
             gpg_error_t err;
-            
+
             homestr = make_filename (opt.homedir, NULL);
             if (estream_asprintf (&envstr, "GNUPGHOME=%s", homestr) < 0)
               log_error ("out of core while building environment\n");
@@ -2255,16 +2255,16 @@ update_reader_status_file (int set_card_removed_flag)
                 sprintf (numbuf2, "0x%04X", ss->status);
                 sprintf (numbuf3, "0x%04X", status);
                 args[0] = "--reader-port";
-                args[1] = numbuf1; 
+                args[1] = numbuf1;
                 args[2] = "--old-code";
-                args[3] = numbuf2;  
+                args[3] = numbuf2;
                 args[4] = "--new-code";
-                args[5] = numbuf3; 
+                args[5] = numbuf3;
                 args[6] = "--status";
                 args[7] = ((status & 1)? "USABLE":
                            (status & 4)? "ACTIVE":
                            (status & 2)? "PRESENT": "NOCARD");
-                args[8] = NULL;  
+                args[8] = NULL;
 
                 fname = make_filename (opt.homedir, "scd-event", NULL);
                 err = gnupg_spawn_process_detached (fname, args, envs);
@@ -2282,19 +2282,19 @@ update_reader_status_file (int set_card_removed_flag)
              SERIALNO request must be done in any case.  */
           if (ss->any && set_card_removed_flag)
             update_card_removed (idx, 1);
-          
+
           ss->any = 1;
 
           /* Send a signal to all clients who applied for it.  */
           send_client_notifications ();
         }
-      
+
       /* Check whether a disconnect is pending.  */
       if (opt.card_timeout)
         {
           for (sl=session_list; sl; sl = sl->next_session)
             if (!sl->disconnect_allowed)
-              break; 
+              break;
           if (session_list && !sl)
             {
               /* FIXME: Use a real timeout.  */
@@ -2303,7 +2303,7 @@ update_reader_status_file (int set_card_removed_flag)
               apdu_disconnect (ss->slot);
             }
         }
-      
+
     }
 }
 
diff --git a/scd/iso7816.c b/scd/iso7816.c
index b55da4148..318fec8a2 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -174,17 +174,17 @@ iso7816_select_path (int slot, const unsigned short *path, size_t pathlen,
   int sw, p0, p1;
   unsigned char buffer[100];
   int buflen;
-  
+
   if (result || resultlen)
     {
       *result = NULL;
       *resultlen = 0;
       return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
     }
-  
+
   if (pathlen/2 >= sizeof buffer)
     return gpg_error (GPG_ERR_TOO_LARGE);
-  
+
   for (buflen = 0; pathlen; pathlen--, path++)
     {
       buffer[buflen++] = (*path >> 8);
@@ -231,7 +231,7 @@ iso7816_list_directory (int slot, int list_dirs,
    it maps the status word and does not return it in the result
    buffer.  */
 gpg_error_t
-iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen, 
+iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen,
                      int handle_more,
                      unsigned char **result, size_t *resultlen)
 {
@@ -273,7 +273,7 @@ iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo)
 {
   int sw;
 
-  sw = apdu_check_keypad (slot, command, 
+  sw = apdu_check_keypad (slot, command,
                           pininfo->mode, pininfo->minlen, pininfo->maxlen,
                           pininfo->padlen);
   return iso7816_map_sw (sw);
@@ -494,7 +494,7 @@ iso7816_manage_security_env (int slot, int p1, int p2,
   if (p1 < 0 || p1 > 255 || p2 < 0 || p2 > 255 )
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  sw = apdu_send_simple (slot, 0, 0x00, CMD_MSE, p1, p2, 
+  sw = apdu_send_simple (slot, 0, 0x00, CMD_MSE, p1, p2,
                          data? datalen : -1, (const char*)data);
   return map_sw (sw);
 }
@@ -521,7 +521,7 @@ iso7816_compute_ds (int slot, int extended_mode,
   else if (le >= 0 && le < 256)
     le = 256;
 
-  sw = apdu_send_le (slot, extended_mode, 
+  sw = apdu_send_le (slot, extended_mode,
                      0x00, CMD_PSO, 0x9E, 0x9A,
                      datalen, (const char*)data,
                      le,
@@ -546,7 +546,7 @@ iso7816_compute_ds (int slot, int extended_mode,
    at RESULT with its length stored at RESULTLEN.  For LE see
    do_generate_keypair. */
 gpg_error_t
-iso7816_decipher (int slot, int extended_mode, 
+iso7816_decipher (int slot, int extended_mode,
                   const unsigned char *data, size_t datalen, int le,
                   int padind, unsigned char **result, size_t *resultlen)
 {
@@ -569,10 +569,10 @@ iso7816_decipher (int slot, int extended_mode,
       buf = xtrymalloc (datalen + 1);
       if (!buf)
         return gpg_error (gpg_err_code_from_errno (errno));
-      
+
       *buf = padind; /* Padding indicator. */
       memcpy (buf+1, data, datalen);
-      sw = apdu_send_le (slot, extended_mode, 
+      sw = apdu_send_le (slot, extended_mode,
                          0x00, CMD_PSO, 0x80, 0x86,
                          datalen+1, (char*)buf, le,
                          result, resultlen);
@@ -642,7 +642,7 @@ iso7816_internal_authenticate (int slot, int extended_mode,
 static gpg_error_t
 do_generate_keypair (int slot, int extended_mode, int read_only,
                      const unsigned char *data, size_t datalen,
-                     int le, 
+                     int le,
                      unsigned char **result, size_t *resultlen)
 {
   int sw;
@@ -673,7 +673,7 @@ do_generate_keypair (int slot, int extended_mode, int read_only,
 gpg_error_t
 iso7816_generate_keypair (int slot, int extended_mode,
                           const unsigned char *data, size_t datalen,
-                          int le, 
+                          int le,
                           unsigned char **result, size_t *resultlen)
 {
   return do_generate_keypair (slot, extended_mode, 0,
@@ -684,7 +684,7 @@ iso7816_generate_keypair (int slot, int extended_mode,
 gpg_error_t
 iso7816_read_public_key (int slot, int extended_mode,
                          const unsigned char *data, size_t datalen,
-                         int le, 
+                         int le,
                          unsigned char **result, size_t *resultlen)
 {
   return do_generate_keypair (slot, extended_mode, 1,
@@ -707,7 +707,7 @@ iso7816_get_challenge (int slot, int length, unsigned char *buffer)
     {
       result = NULL;
       n = length > 254? 254 : length;
-      sw = apdu_send_le (slot, 0, 
+      sw = apdu_send_le (slot, 0,
                          0x00, CMD_GET_CHALLENGE, 0, 0, -1, NULL, n,
                          &result, &resultlen);
       if (sw != SW_SUCCESS)
@@ -818,7 +818,7 @@ iso7816_read_binary (int slot, size_t offset, size_t nmax,
         nmax = 0;
     }
   while ((read_all && sw != SW_EOF_REACHED) || (!read_all && nmax));
-  
+
   return 0;
 }
 
@@ -851,7 +851,7 @@ iso7816_read_record (int slot, int recno, int reccount, int short_ef,
   buffer = NULL;
   bufferlen = 0;
   sw = apdu_send_le (slot, 0, 0x00, CMD_READ_RECORD,
-                     recno, 
+                     recno,
                      short_ef? short_ef : 0x04,
                      -1, NULL,
                      0, &buffer, &bufferlen);
@@ -867,7 +867,6 @@ iso7816_read_record (int slot, int recno, int reccount, int short_ef,
     }
   *result = buffer;
   *resultlen = bufferlen;
-  
+
   return 0;
 }
-
diff --git a/scd/iso7816.h b/scd/iso7816.h
index 85197124d..a37759dbe 100644
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@@ -56,7 +56,7 @@ gpg_error_t iso7816_select_path (int slot,
 gpg_error_t iso7816_list_directory (int slot, int list_dirs,
                                     unsigned char **result, size_t *resultlen);
 gpg_error_t iso7816_apdu_direct (int slot,
-                                 const void *apdudata, size_t apdudatalen, 
+                                 const void *apdudata, size_t apdudatalen,
                                  int handle_more,
                                  unsigned char **result, size_t *resultlen);
 gpg_error_t iso7816_check_keypad (int slot, int command,
diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c
index a7b219822..f2f6d52bc 100644
--- a/scd/pcsc-wrapper.c
+++ b/scd/pcsc-wrapper.c
@@ -27,7 +27,7 @@
   pcsc interface but to a higher level one which resembles the code
   used in scdaemon (apdu.c) when not using Pth or while running under
   Windows.
-  
+
   The interface is binary consisting of a command tag and the length
   of the parameter list.  The calling process needs to pass the
   version number of the interface on the command line to make sure
@@ -56,7 +56,7 @@
 #define MYVERSION_LINE PGM " (GnuPG) " VERSION
 #define BUGREPORT_LINE "\nReport bugs to .\n"
 #else
-#define MYVERSION_LINE PGM 
+#define MYVERSION_LINE PGM
 #define BUGREPORT_LINE ""
 #endif
 
@@ -67,14 +67,14 @@ static int verbose;
 
 
 /* PC/SC constants and function pointer. */
-#define PCSC_SCOPE_USER      0 
-#define PCSC_SCOPE_TERMINAL  1 
-#define PCSC_SCOPE_SYSTEM    2 
-#define PCSC_SCOPE_GLOBAL    3 
+#define PCSC_SCOPE_USER      0
+#define PCSC_SCOPE_TERMINAL  1
+#define PCSC_SCOPE_SYSTEM    2
+#define PCSC_SCOPE_GLOBAL    3
 
-#define PCSC_PROTOCOL_T0     1 
-#define PCSC_PROTOCOL_T1     2 
-#define PCSC_PROTOCOL_RAW    4 
+#define PCSC_PROTOCOL_T0     1
+#define PCSC_PROTOCOL_T1     2
+#define PCSC_PROTOCOL_RAW    4
 
 #define PCSC_SHARE_EXCLUSIVE 1
 #define PCSC_SHARE_SHARED    2
@@ -85,7 +85,7 @@ static int verbose;
 #define PCSC_UNPOWER_CARD    2
 #define PCSC_EJECT_CARD      3
 
-#define PCSC_UNKNOWN    0x0001  
+#define PCSC_UNKNOWN    0x0001
 #define PCSC_ABSENT     0x0002  /* Card is absent.  */
 #define PCSC_PRESENT    0x0004  /* Card is present.  */
 #define PCSC_SWALLOWED  0x0008  /* Card is present and electrical connected. */
@@ -106,7 +106,7 @@ static int verbose;
 #define PCSC_STATE_MUTE	       0x0200  /* Unresponsive card.  */
 
 struct pcsc_io_request_s {
-  unsigned long protocol; 
+  unsigned long protocol;
   unsigned long pci_len;
 };
 
@@ -235,7 +235,7 @@ request_succeeded (const void *buffer, size_t buflen)
 
   fflush (stdout);
 }
-  
+
 
 
 static unsigned long
@@ -271,40 +271,40 @@ pcsc_error_string (long err)
     {
     case 0x0002: s = "cancelled"; break;
     case 0x000e: s = "can't dispose"; break;
-    case 0x0008: s = "insufficient buffer"; break;   
+    case 0x0008: s = "insufficient buffer"; break;
     case 0x0015: s = "invalid ATR"; break;
     case 0x0003: s = "invalid handle"; break;
-    case 0x0004: s = "invalid parameter"; break; 
+    case 0x0004: s = "invalid parameter"; break;
     case 0x0005: s = "invalid target"; break;
-    case 0x0011: s = "invalid value"; break; 
-    case 0x0006: s = "no memory"; break;  
-    case 0x0013: s = "comm error"; break;      
-    case 0x0001: s = "internal error"; break;     
-    case 0x0014: s = "unknown error"; break; 
-    case 0x0007: s = "waited too long"; break;  
+    case 0x0011: s = "invalid value"; break;
+    case 0x0006: s = "no memory"; break;
+    case 0x0013: s = "comm error"; break;
+    case 0x0001: s = "internal error"; break;
+    case 0x0014: s = "unknown error"; break;
+    case 0x0007: s = "waited too long"; break;
     case 0x0009: s = "unknown reader"; break;
-    case 0x000a: s = "timeout"; break; 
-    case 0x000b: s = "sharing violation"; break;       
+    case 0x000a: s = "timeout"; break;
+    case 0x000b: s = "sharing violation"; break;
     case 0x000c: s = "no smartcard"; break;
-    case 0x000d: s = "unknown card"; break;   
-    case 0x000f: s = "proto mismatch"; break;          
-    case 0x0010: s = "not ready"; break;               
-    case 0x0012: s = "system cancelled"; break;        
+    case 0x000d: s = "unknown card"; break;
+    case 0x000f: s = "proto mismatch"; break;
+    case 0x0010: s = "not ready"; break;
+    case 0x0012: s = "system cancelled"; break;
     case 0x0016: s = "not transacted"; break;
-    case 0x0017: s = "reader unavailable"; break; 
-    case 0x0065: s = "unsupported card"; break;        
-    case 0x0066: s = "unresponsive card"; break;       
-    case 0x0067: s = "unpowered card"; break;          
-    case 0x0068: s = "reset card"; break;              
-    case 0x0069: s = "removed card"; break;            
-    case 0x006a: s = "inserted card"; break;           
-    case 0x001f: s = "unsupported feature"; break;     
-    case 0x0019: s = "PCI too small"; break;           
-    case 0x001a: s = "reader unsupported"; break;      
-    case 0x001b: s = "duplicate reader"; break;        
-    case 0x001c: s = "card unsupported"; break;        
-    case 0x001d: s = "no service"; break;              
-    case 0x001e: s = "service stopped"; break;      
+    case 0x0017: s = "reader unavailable"; break;
+    case 0x0065: s = "unsupported card"; break;
+    case 0x0066: s = "unresponsive card"; break;
+    case 0x0067: s = "unpowered card"; break;
+    case 0x0068: s = "reset card"; break;
+    case 0x0069: s = "removed card"; break;
+    case 0x006a: s = "inserted card"; break;
+    case 0x001f: s = "unsupported feature"; break;
+    case 0x0019: s = "PCI too small"; break;
+    case 0x001a: s = "reader unsupported"; break;
+    case 0x001b: s = "duplicate reader"; break;
+    case 0x001c: s = "card unsupported"; break;
+    case 0x001d: s = "no service"; break;
+    case 0x001e: s = "service stopped"; break;
     default:     s = "unknown PC/SC error code"; break;
     }
   return s;
@@ -337,16 +337,16 @@ load_pcsc_driver (const char *libname)
   pcsc_set_timeout       = dlsym (handle, "SCardSetTimeout");
 
   if (!pcsc_establish_context
-      || !pcsc_release_context  
-      || !pcsc_list_readers     
+      || !pcsc_release_context
+      || !pcsc_list_readers
       || !pcsc_get_status_change
-      || !pcsc_connect          
-      || !pcsc_reconnect          
+      || !pcsc_connect
+      || !pcsc_reconnect
       || !pcsc_disconnect
       || !pcsc_status
       || !pcsc_begin_transaction
       || !pcsc_end_transaction
-      || !pcsc_transmit         
+      || !pcsc_transmit
       /* || !pcsc_set_timeout */)
     {
       /* Note that set_timeout is currently not used and also not
@@ -355,22 +355,22 @@ load_pcsc_driver (const char *libname)
                "apdu_open_reader: invalid PC/SC driver "
                "(%d%d%d%d%d%d%d%d%d%d%d%d)\n",
                !!pcsc_establish_context,
-               !!pcsc_release_context,  
-               !!pcsc_list_readers,     
-               !!pcsc_get_status_change,     
-               !!pcsc_connect,          
-               !!pcsc_reconnect,          
+               !!pcsc_release_context,
+               !!pcsc_list_readers,
+               !!pcsc_get_status_change,
+               !!pcsc_connect,
+               !!pcsc_reconnect,
                !!pcsc_disconnect,
                !!pcsc_status,
                !!pcsc_begin_transaction,
                !!pcsc_end_transaction,
-               !!pcsc_transmit,         
+               !!pcsc_transmit,
                !!pcsc_set_timeout );
       dlclose (handle);
       exit (1);
     }
 }
-  
+
 
 
 
@@ -409,7 +409,7 @@ handle_open (unsigned char *argbuf, size_t arglen)
       request_failed (err);
       return;
     }
-  
+
   err = pcsc_list_readers (pcsc_context, NULL, NULL, &nreader);
   if (!err)
     {
@@ -477,8 +477,8 @@ handle_open (unsigned char *argbuf, size_t arglen)
       pcsc_protocol = 0;
       request_failed (err);
       return;
-    }      
-  
+    }
+
   current_atrlen = 0;
   if (!err)
     {
@@ -658,9 +658,9 @@ handle_reset (unsigned char *argbuf, size_t arglen)
       pcsc_card = 0;
       request_failed (err);
       return;
-    }      
+    }
+
 
-  
   atrlen = 33;
   nreader = sizeof reader - 1;
   err = pcsc_status (pcsc_card,
@@ -731,7 +731,7 @@ print_version (int with_help)
          "This is free software, and you are welcome to redistribute it\n"
          "under certain conditions. See the file COPYING for details.\n",
          stdout);
-        
+
   if (with_help)
     fputs ("\n"
           "Usage: " PGM " [OPTIONS] API-NUMBER [LIBNAME]\n"
@@ -741,7 +741,7 @@ print_version (int with_help)
           "  --version   print version of the program and exit\n"
           "  --help      display this help and exit\n"
           BUGREPORT_LINE, stdout );
-  
+
   exit (0);
 }
 
@@ -752,7 +752,7 @@ main (int argc, char **argv)
   int last_argc = -1;
   int api_number = 0;
   int c;
- 
+
   if (argc)
     {
       argc--; argv++;
@@ -774,7 +774,7 @@ main (int argc, char **argv)
           verbose = 1;
           argc--; argv++;
         }
-    }          
+    }
   if (argc != 1 && argc != 2)
     {
       fprintf (stderr, "usage: " PGM " API-NUMBER [LIBNAME]\n");
@@ -795,7 +795,7 @@ main (int argc, char **argv)
     {
       size_t arglen;
       unsigned char argbuffer[2048];
-      
+
       arglen = read_32 (stdin);
       if (arglen >= sizeof argbuffer - 1)
         {
diff --git a/scd/sc-copykeys.c b/scd/sc-copykeys.c
index b863b01b3..c30fd99f6 100644
--- a/scd/sc-copykeys.c
+++ b/scd/sc-copykeys.c
@@ -40,7 +40,7 @@
 #define _(a) (a)
 
 
-enum cmd_and_opt_values 
+enum cmd_and_opt_values
 { oVerbose	  = 'v',
   oReaderPort     = 500,
   octapiDriver,
@@ -51,7 +51,7 @@ aTest };
 
 
 static ARGPARSE_OPTS opts[] = {
-  
+
   { 301, NULL, 0, "@Options:\n " },
 
   { oVerbose, "verbose",   0, "verbose" },
@@ -85,7 +85,7 @@ my_strusage (int level)
                    "file-with-key\n"
                     "Copy keys to a smartcards\n");
     break;
-    
+
     default: p = NULL;
     }
   return p;
@@ -104,7 +104,7 @@ main (int argc, char **argv )
 
   set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
-  log_set_prefix ("sc-copykeys", 1); 
+  log_set_prefix ("sc-copykeys", 1);
 
   /* check that the libraries are suitable.  Do it here because
      the option parsing may need services of the library */
@@ -179,7 +179,7 @@ read_file (const char *fname, size_t *r_length)
   struct stat st;
   char *buf;
   size_t buflen;
-  
+
   fp = fname? fopen (fname, "rb") : stdin;
   if (!fp)
     {
@@ -187,10 +187,10 @@ read_file (const char *fname, size_t *r_length)
                  fname? fname: "[stdin]", strerror (errno));
       return NULL;
     }
-  
+
   if (fstat (fileno(fp), &st))
     {
-      log_error ("can't stat `%s': %s\n", 
+      log_error ("can't stat `%s': %s\n",
                  fname? fname: "[stdin]", strerror (errno));
       if (fname)
         fclose (fp);
@@ -201,7 +201,7 @@ read_file (const char *fname, size_t *r_length)
   buf = xmalloc (buflen+1);
   if (fread (buf, buflen, 1, fp) != 1)
     {
-      log_error ("error reading `%s': %s\n", 
+      log_error ("error reading `%s': %s\n",
                  fname? fname: "[stdin]", strerror (errno));
       if (fname)
         fclose (fp);
@@ -223,7 +223,7 @@ read_key (const char *fname)
   size_t buflen;
   gcry_sexp_t private;
   int rc;
-  
+
   buf = read_file (fname, &buflen);
   if (!buf)
     return NULL;
@@ -233,7 +233,7 @@ read_key (const char *fname)
     {
       log_error ("gcry_sexp_new failed: %s\n", gpg_strerror (rc));
       return NULL;
-    } 
+    }
   xfree (buf);
 
   return private;
@@ -255,7 +255,7 @@ sexp_to_kparms (gcry_sexp_t sexp, unsigned long *created)
   *created = 0;
   list = gcry_sexp_find_token (sexp, "private-key", 0 );
   if(!list)
-    return NULL; 
+    return NULL;
 
   /* quick hack to get the creation time. */
   l2 = gcry_sexp_find_token (list, "created", 0);
@@ -281,7 +281,7 @@ sexp_to_kparms (gcry_sexp_t sexp, unsigned long *created)
   /* Parameter names used with RSA. */
   elems = "nedpqu";
   array = xcalloc (strlen(elems) + 1, sizeof *array);
-  for (idx=0, s=elems; *s; s++, idx++ ) 
+  for (idx=0, s=elems; *s; s++, idx++ )
     {
       l2 = gcry_sexp_find_token (list, s, 1);
       if (!l2)
@@ -303,7 +303,7 @@ sexp_to_kparms (gcry_sexp_t sexp, unsigned long *created)
           return NULL; /* required parameter is invalid */
 	}
     }
-  
+
   gcry_sexp_release (list);
   return array;
 }
@@ -453,8 +453,8 @@ query_card (APP app)
         }
     }
 
-  xfree (serialno); 
-  xfree (disp_name); 
+  xfree (serialno);
+  xfree (disp_name);
   xfree (pubkey_url);
   xfree (fpr1);
   xfree (fpr2);
@@ -497,7 +497,7 @@ pincb (void *arg, const char *prompt, char **pinvalue)
      (q #00f7a7c..[some bytes not shown]..61#)
      (u #304559a..[some bytes not shown]..9b#))
     (uri http://foo.bar x-foo:whatever_you_want))
-   
+
 */
 static void
 copykeys (APP app, const char *fname)
@@ -520,7 +520,7 @@ copykeys (APP app, const char *fname)
   private = read_key (fname);
   if (!private)
     exit (1);
-  
+
   mpis = sexp_to_kparms (private, &creation_date);
   if (!creation_date)
     {
@@ -577,7 +577,7 @@ copykeys (APP app, const char *fname)
   /* Build the private key template as described in section 4.3.3.6 of
      the specs.
                    0xC0    public exponent
-                   0xC1    prime p 
+                   0xC1    prime p
                    0xC2    prime q  */
   template = tp = xmalloc (1+2 + 1+1+4 + 1+1+64 + 1+1+64);
   *tp++ = 0xC0;
@@ -595,7 +595,7 @@ copykeys (APP app, const char *fname)
     {
       memmove (tp+4-n, tp, 4-n);
       memset (tp, 0, 4-n);
-    }                 
+    }
   tp += 4;
 
   *tp++ = 0xC1;
@@ -713,5 +713,3 @@ copykeys (APP app, const char *fname)
   gcry_mpi_release (rsa_n);
   exit (1);
 }
-
-
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index da1d7f478..57023958a 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -1,5 +1,5 @@
 /* scdaemon.c  -  The GnuPG Smartcard Daemon
- * Copyright (C) 2001, 2002, 2004, 2005, 
+ * Copyright (C) 2001, 2002, 2004, 2005,
  *               2007, 2008, 2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -54,13 +54,13 @@
 #include "gc-opt-flags.h"
 #include "asshelp.h"
 
-enum cmd_and_opt_values 
+enum cmd_and_opt_values
 { aNull = 0,
   oCsh		  = 'c',
   oQuiet	  = 'q',
   oSh		  = 's',
   oVerbose	  = 'v',
-  
+
   oNoVerbose = 500,
   aGPGConfList,
   aGPGConfTest,
@@ -100,11 +100,11 @@ enum cmd_and_opt_values
 static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
   ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
-  
+
   ARGPARSE_group (301, N_("@Options:\n ")),
 
   ARGPARSE_s_n (oServer,"server", N_("run in server mode (foreground)")),
-  ARGPARSE_s_n (oMultiServer, "multi-server", 
+  ARGPARSE_s_n (oMultiServer, "multi-server",
                 N_("run in multi server mode (foreground)")),
   ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
   ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
@@ -123,11 +123,11 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
   ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
   ARGPARSE_s_s (oLogFile,  "log-file", N_("|FILE|write a log to FILE")),
-  ARGPARSE_s_s (oReaderPort, "reader-port", 
+  ARGPARSE_s_s (oReaderPort, "reader-port",
                 N_("|N|connect to reader at port N")),
-  ARGPARSE_s_s (octapiDriver, "ctapi-driver", 
+  ARGPARSE_s_s (octapiDriver, "ctapi-driver",
                 N_("|NAME|use NAME as ct-API driver")),
-  ARGPARSE_s_s (opcscDriver, "pcsc-driver", 
+  ARGPARSE_s_s (opcscDriver, "pcsc-driver",
                 N_("|NAME|use NAME as PC/SC driver")),
   ARGPARSE_s_n (oDisableCCID, "disable-ccid",
 #ifdef HAVE_LIBUSB
@@ -136,15 +136,15 @@ static ARGPARSE_OPTS opts[] = {
                                     "@"
 #endif
                 /* end --disable-ccid */),
-  ARGPARSE_s_u (oCardTimeout, "card-timeout", 
+  ARGPARSE_s_u (oCardTimeout, "card-timeout",
                 N_("|N|disconnect the card after N seconds of inactivity")),
-  ARGPARSE_s_n (oDisableKeypad, "disable-keypad", 
+  ARGPARSE_s_n (oDisableKeypad, "disable-keypad",
                 N_("do not use a reader's keypad")),
   ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"),
-  ARGPARSE_s_n (oDenyAdmin, "deny-admin", 
+  ARGPARSE_s_n (oDenyAdmin, "deny-admin",
                 N_("deny the use of admin card commands")),
   ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
-  
+
   ARGPARSE_end ()
 };
 
@@ -219,7 +219,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
 {
   const char *s;
   char *result;
-  
+
   if (maybe_setuid)
     {
       gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
@@ -262,7 +262,7 @@ my_strusage (int level)
     case 41: p =  _("Syntax: scdaemon [options] [command [args]]\n"
                     "Smartcard daemon for GnuPG\n");
     break;
-    
+
     default: p = NULL;
     }
   return p;
@@ -311,7 +311,7 @@ set_debug (const char *level)
       /* Unless the "guru" string has been used we don't want to allow
          hashing debugging.  The rationale is that people tend to
          select the highest debug value and would then clutter their
-         disk with debug files which may reveal confidential data.  */ 
+         disk with debug files which may reveal confidential data.  */
       if (numok)
         opt.debug &= ~(DBG_HASHING_VALUE);
     }
@@ -335,17 +335,17 @@ set_debug (const char *level)
 
   if (opt.debug)
     log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s\n",
-              (opt.debug & DBG_COMMAND_VALUE)? " command":"",    
-              (opt.debug & DBG_MPI_VALUE    )? " mpi":"",    
-              (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",    
-              (opt.debug & DBG_MEMORY_VALUE )? " memory":"", 
-              (opt.debug & DBG_CACHE_VALUE  )? " cache":"", 
-              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", 
-              (opt.debug & DBG_HASHING_VALUE)? " hashing":"", 
+              (opt.debug & DBG_COMMAND_VALUE)? " command":"",
+              (opt.debug & DBG_MPI_VALUE    )? " mpi":"",
+              (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
+              (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+              (opt.debug & DBG_CACHE_VALUE  )? " cache":"",
+              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
+              (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
               (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"",
               (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"");
 }
- 
+
 
 
 static void
@@ -397,13 +397,13 @@ main (int argc, char **argv )
   int allow_coredump = 0;
   int standard_socket = 0;
   struct assuan_malloc_hooks malloc_hooks;
-  
+
   set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
   /* Please note that we may running SUID(ROOT), so be very CAREFUL
      when adding any stuff between here and the call to INIT_SECMEM()
      somewhere after the option parsing */
-  log_set_prefix ("scdaemon", 1|4); 
+  log_set_prefix ("scdaemon", 1|4);
 
   /* Make sure that our subsystems are ready.  */
   i18n_init ();
@@ -446,7 +446,7 @@ main (int argc, char **argv )
 
   /* Set default options. */
   opt.allow_admin = 1;
-  opt.pcsc_driver = DEFAULT_PCSC_DRIVER; 
+  opt.pcsc_driver = DEFAULT_PCSC_DRIVER;
 
 #ifdef HAVE_W32_SYSTEM
   standard_socket = 1;  /* Under Windows we always use a standard
@@ -457,7 +457,7 @@ main (int argc, char **argv )
   shell = getenv ("SHELL");
   if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
     csh_style = 1;
-  
+
   opt.homedir = default_homedir ();
 
   /* Check whether we have a config file on the commandline */
@@ -486,15 +486,15 @@ main (int argc, char **argv )
   gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
   maybe_setuid = 0;
 
-  /* 
-     Now we are working under our real uid 
+  /*
+     Now we are working under our real uid
   */
 
 
   if (default_config)
     configname = make_filename (opt.homedir, "scdaemon.conf", NULL );
 
-  
+
   argc = orig_argc;
   argv = orig_argv;
   pargs.argc = &argc;
@@ -519,7 +519,7 @@ main (int argc, char **argv )
                          configname, strerror(errno) );
               exit(2);
 	    }
-          xfree (configname); 
+          xfree (configname);
           configname = NULL;
 	}
       if (parse_debug && configname )
@@ -545,13 +545,13 @@ main (int argc, char **argv )
           enable_core_dumps ();
           allow_coredump = 1;
           break;
-        case oDebugCCIDDriver: 
+        case oDebugCCIDDriver:
 #ifdef HAVE_LIBUSB
           ccid_set_debug_level (ccid_set_debug_level (-1)+1);
 #endif /*HAVE_LIBUSB*/
           break;
         case oDebugDisableTicker: ticker_disabled = 1; break;
-        case oDebugLogTid: 
+        case oDebugLogTid:
           log_set_pid_suffix_cb (tid_log_callback);
           break;
 
@@ -587,15 +587,15 @@ main (int argc, char **argv )
         case oAllowAdmin: /* Dummy because allow is now the default.  */
           break;
         case oDenyAdmin: opt.allow_admin = 0; break;
-          
+
         case oCardTimeout: opt.card_timeout = pargs.r.ret_ulong; break;
 
         case oDisableApplication:
-          add_to_strlist (&opt.disabled_applications, pargs.r.ret_str); 
+          add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
           break;
 
-        default: 
-          pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; 
+        default:
+          pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
           break;
 	}
     }
@@ -625,7 +625,7 @@ main (int argc, char **argv )
   log_info ("NOTE: this is a development version!\n");
 #endif
 
- 
+
   if (atexit (cleanup))
     {
       log_error ("atexit failed\n");
@@ -693,9 +693,9 @@ main (int argc, char **argv )
       gnupg_sleep (debug_wait);
       log_debug ("... okay\n");
     }
-  
+
   if (pipe_server)
-    { 
+    {
       /* This is the simple pipe based server */
       ctrl_t ctrl;
       pth_attr_t tattr;
@@ -704,7 +704,7 @@ main (int argc, char **argv )
 #ifndef HAVE_W32_SYSTEM
       {
         struct sigaction sa;
-        
+
         sa.sa_handler = SIG_IGN;
         sigemptyset (&sa.sa_mask);
         sa.sa_flags = 0;
@@ -732,7 +732,7 @@ main (int argc, char **argv )
           socket_name = create_socket_name (standard_socket,
                                             "S.scdaemon",
                                             "gpg-XXXXXX/S.scdaemon");
-          
+
           fd = FD2INT(create_server_socket (standard_socket,
                                             socket_name, &socket_nonce));
         }
@@ -789,17 +789,17 @@ main (int argc, char **argv )
       fflush (NULL);
 #ifndef HAVE_W32_SYSTEM
       pid = fork ();
-      if (pid == (pid_t)-1) 
+      if (pid == (pid_t)-1)
         {
           log_fatal ("fork failed: %s\n", strerror (errno) );
           exit (1);
         }
-      else if (pid) 
+      else if (pid)
         { /* we are the parent */
           char *infostr;
-          
+
           close (fd);
-          
+
           /* create the info string: :: */
           if (estream_asprintf (&infostr, "SCDAEMON_INFO=%s:%lu:1",
 				socket_name, (ulong) pid) < 0)
@@ -810,7 +810,7 @@ main (int argc, char **argv )
             }
           *socket_name = 0; /* don't let cleanup() remove the socket -
                                the child should do this from now on */
-          if (argc) 
+          if (argc)
             { /* run the program given on the commandline */
               if (putenv (infostr))
                 {
@@ -838,18 +838,18 @@ main (int argc, char **argv )
                   es_printf ( "%s; export SCDAEMON_INFO;\n", infostr);
                 }
               xfree (infostr);
-              exit (0); 
+              exit (0);
             }
           /* NOTREACHED */
         } /* end parent */
-      
+
       /* This is the child. */
 
       /* Detach from tty and put process into a new session. */
       if (!nodetach )
-        {  
+        {
           /* Close stdin, stdout and stderr unless it is the log stream. */
-          for (i=0; i <= 2; i++) 
+          for (i=0; i <= 2; i++)
             {
               if ( log_test_fd (i) && i != fd)
                 close (i);
@@ -864,7 +864,7 @@ main (int argc, char **argv )
 
       {
         struct sigaction sa;
-        
+
         sa.sa_handler = SIG_IGN;
         sigemptyset (&sa.sa_mask);
         sa.sa_flags = 0;
@@ -883,7 +883,7 @@ main (int argc, char **argv )
 
       close (fd);
     }
-  
+
   return 0;
 }
 
@@ -950,7 +950,7 @@ handle_signal (int signo)
                 "re-reading configuration and resetting cards\n");
 /*       reread_configuration (); */
       break;
-      
+
     case SIGUSR1:
       log_info ("SIGUSR1 received - printing internal information:\n");
       /* Fixme: We need to see how to integrate pth dumping into our
@@ -978,7 +978,7 @@ handle_signal (int signo)
           scd_exit (0);
 	}
       break;
-        
+
     case SIGINT:
       log_info ("SIGINT received - immediate shutdown\n");
       log_info( "%s %s stopped\n", strusage(11), strusage(13));
@@ -1075,7 +1075,7 @@ create_server_socket (int is_standard_name, const char *name,
       scd_exit (2);
     }
 
-  serv_addr = xmalloc (sizeof (*serv_addr)); 
+  serv_addr = xmalloc (sizeof (*serv_addr));
   memset (serv_addr, 0, sizeof *serv_addr);
   serv_addr->sun_family = AF_UNIX;
   assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
@@ -1088,7 +1088,7 @@ create_server_socket (int is_standard_name, const char *name,
       remove (name);
       rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
     }
-  if (rc != -1 
+  if (rc != -1
       && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))
     log_error (_("error getting nonce for the socket\n"));
  if (rc == -1)
@@ -1107,7 +1107,7 @@ create_server_socket (int is_standard_name, const char *name,
       assuan_sock_close (fd);
       scd_exit (2);
     }
-          
+
   if (opt.verbose)
     log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
 
@@ -1125,7 +1125,7 @@ start_connection_thread (void *arg)
   if (ctrl->thread_startup.fd != GNUPG_INVALID_FD
       && assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce))
     {
-      log_info (_("error reading nonce on fd %d: %s\n"), 
+      log_info (_("error reading nonce on fd %d: %s\n"),
                 FD2INT(ctrl->thread_startup.fd), strerror (errno));
       assuan_sock_close (ctrl->thread_startup.fd);
       xfree (ctrl);
@@ -1203,7 +1203,7 @@ handle_connections (int listen_fd)
   for (;;)
     {
       sigset_t oldsigs;
-      
+
       if (shutdown_pending)
         {
           if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
@@ -1331,5 +1331,3 @@ handle_connections (int listen_fd)
   cleanup ();
   log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
 }
-
-
diff --git a/scd/scdaemon.h b/scd/scdaemon.h
index c42939643..0cf2f249d 100644
--- a/scd/scdaemon.h
+++ b/scd/scdaemon.h
@@ -72,7 +72,7 @@ struct
 #define DBG_CACHE_VALUE   64	/* debug the caching */
 #define DBG_MEMSTAT_VALUE 128	/* show memory statistics */
 #define DBG_HASHING_VALUE 512	/* debug hashing operations */
-#define DBG_ASSUAN_VALUE 1024   
+#define DBG_ASSUAN_VALUE 1024
 #define DBG_CARD_IO_VALUE 2048
 
 #define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE)
@@ -86,19 +86,19 @@ struct
 struct server_local_s;
 struct app_ctx_s;
 
-struct server_control_s 
+struct server_control_s
 {
   /* Private data used to fire up the connection thread.  We use this
      structure do avoid an extra allocation for just a few bytes. */
   struct {
     gnupg_fd_t fd;
   } thread_startup;
-  
+
   /* Local data of the server; used only in command.c. */
   struct server_local_s *server_local;
 
   /* Slot of the open reader or -1 if not open. */
-  int reader_slot; 
+  int reader_slot;
 
   /* The application context used with this connection or NULL if none
      associated.  Note that this is shared with the other connections:
@@ -107,11 +107,11 @@ struct server_control_s
   struct app_ctx_s *app_ctx;
 
   /* Helper to store the value we are going to sign */
-  struct 
+  struct
   {
-    unsigned char *value;  
+    unsigned char *value;
     int valuelen;
-  } in_data;  
+  } in_data;
 };
 
 typedef struct app_ctx_s *app_t;
diff --git a/scripts/ChangeLog b/scripts/ChangeLog
index dacea163a..9b536bf61 100644
--- a/scripts/ChangeLog
+++ b/scripts/ChangeLog
@@ -36,4 +36,3 @@
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
diff --git a/scripts/potomo b/scripts/potomo
index 20617288e..b4c0a6b5c 100755
--- a/scripts/potomo
+++ b/scripts/potomo
@@ -43,18 +43,18 @@ if [ "$outfile" -nt "$infile" ]; then
   echo "potomo: '$outfile' is newer than source - keeping" 2>&1
   exit 0
 fi
-  
+
 # Note that we could use the newer msgconv.  However this tool was not
 # widely available back in 2008.
 
 fromset=`sed -n '/^"Content-Type:/ s/.*charset=\([a-zA-Z0-9_-]*\).*/\1/p' \
          "$infile"`
 
-case "$fromset" in 
-    utf8|utf-8|UTF8|UTF-8) 
-        echo "potomo: '$infile' keeping $fromset" >&2 
+case "$fromset" in
+    utf8|utf-8|UTF8|UTF-8)
+        echo "potomo: '$infile' keeping $fromset" >&2
         msgfmt --output-file="$outfile" "$infile"
-        ;;   
+        ;;
     *)
         echo "potomo: '$infile' converting from $fromset to utf-8" >&2
         iconv --silent --from-code=$fromset --to-code=utf-8 < "$infile" |\
diff --git a/sm/Makefile.am b/sm/Makefile.am
index 122323dcd..89b553809 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -6,12 +6,12 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
@@ -20,9 +20,9 @@
 
 bin_PROGRAMS = gpgsm
 
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) 
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
 
-AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl 
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
 include $(top_srcdir)/am/cmacros.am
 
 
@@ -64,8 +64,3 @@ gpgsm_LDFLAGS = $(extra_bin_ldflags)
 # Make sure that all libs are build before we use them.  This is
 # important for things like make -j2.
 $(PROGRAMS): $(common_libs)
-
-
-
-
-
diff --git a/sm/base64.c b/sm/base64.c
index f6329c96b..1539e2a47 100644
--- a/sm/base64.c
+++ b/sm/base64.c
@@ -1,4 +1,4 @@
-/* base64.c 
+/* base64.c
  * Copyright (C) 2001, 2003, 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -40,10 +40,10 @@
 #endif
 
 /* Data used by the reader callbacks.  */
-struct reader_cb_parm_s 
+struct reader_cb_parm_s
 {
   estream_t fp;
-  
+
   unsigned char line[1024];
   int linelen;
   int readpos;
@@ -61,7 +61,7 @@ struct reader_cb_parm_s
   int stop_seen;
   int might_be_smime;
 
-  int eof_seen;         
+  int eof_seen;
 
   struct {
     int idx;
@@ -72,12 +72,12 @@ struct reader_cb_parm_s
 
 
 /* Data used by the writer callbacks.  */
-struct writer_cb_parm_s 
+struct writer_cb_parm_s
 {
   estream_t stream;    /* Output stream.  */
-  
+
   const char *pem_name;
-  
+
   int wrote_begin;
   int did_finish;
 
@@ -105,33 +105,33 @@ struct base64_context_s {
 
 
 /* The base-64 character list */
-static char bintoasc[64] = 
-       "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 
-       "abcdefghijklmnopqrstuvwxyz" 
-       "0123456789+/"; 
+static char bintoasc[64] =
+       "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+       "abcdefghijklmnopqrstuvwxyz"
+       "0123456789+/";
 /* The reverse base-64 list */
 static unsigned char asctobin[256] = {
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, 
-  0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
-  0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 
-  0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 
-  0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 
-  0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+  0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+  0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
+  0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
+  0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+  0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
   0xff, 0xff, 0xff, 0xff
 };
 
@@ -187,7 +187,7 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
               parm->eof_seen = 1;
               if (es_ferror (parm->fp))
                 return -1;
-              break; 
+              break;
             }
           parm->line[n++] = c;
           if (c == '\n')
@@ -212,7 +212,7 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
             {
               /* wait for the header line */
               parm->linelen = parm->readpos = 0;
-              if (!parm->have_lf 
+              if (!parm->have_lf
                   || strncmp ((char*)parm->line, "-----BEGIN ", 11)
                   || !strncmp ((char*)parm->line+11, "PGP ", 4))
                 goto next;
@@ -274,14 +274,14 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
       parm->base64.stop_seen = 0;
       parm->base64.idx = 0;
     }
-  
+
 
   n = 0;
   if (parm->is_pem || parm->is_base64)
-    {  
+    {
       if (parm->is_pem && parm->have_lf
           && !strncmp ((char*)parm->line, "-----END ", 9))
-        { 
+        {
           parm->identified = 0;
           parm->linelen = parm->readpos = 0;
 
@@ -318,32 +318,32 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
               if (c == '=')
                 { /* pad character: stop */
                   if (idx == 1)
-                    buffer[n++] = val; 
+                    buffer[n++] = val;
                   parm->stop_seen = 1;
                   break;
                 }
-              if( (c = asctobin[(c2=c)]) == 255 ) 
+              if( (c = asctobin[(c2=c)]) == 255 )
                 {
                   log_error (_("invalid radix64 character %02x skipped\n"),
                              c2);
                   continue;
                 }
-              switch (idx) 
+              switch (idx)
                 {
-                case 0: 
+                case 0:
                   val = c << 2;
                   break;
-                case 1: 
+                case 1:
                   val |= (c>>4)&3;
                   buffer[n++] = val;
                   val = (c<<4)&0xf0;
                   break;
-                case 2: 
+                case 2:
                   val |= (c>>2)&15;
                   buffer[n++] = val;
                   val = (c<<6)&0xc0;
                   break;
-                case 3: 
+                case 3:
                   val |= c&0x3f;
                   buffer[n++] = val;
                   break;
@@ -448,7 +448,7 @@ base64_writer_cb (void *cb_value, const void *buffer, size_t count)
           es_putc (c, stream);
           c = bintoasc[radbuf[2]&077];
           es_putc (c, stream);
-          if (++quad_count >= (64/4)) 
+          if (++quad_count >= (64/4))
             {
               es_fputs (LF, stream);
               quad_count = 0;
@@ -508,8 +508,8 @@ base64_finish_write (struct writer_cb_parm_s *parm)
           es_putc ('=', stream);
           es_putc ('=', stream);
         }
-      else 
-        { 
+      else
+        {
           c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
           es_putc (c, stream);
           c = bintoasc[((radbuf[1] << 2) & 074) & 077];
@@ -517,7 +517,7 @@ base64_finish_write (struct writer_cb_parm_s *parm)
           es_putc ('=', stream);
 
         }
-      if (++quad_count >= (64/4)) 
+      if (++quad_count >= (64/4))
         {
           es_fputs (LF, stream);
           quad_count = 0;
@@ -614,7 +614,7 @@ gpgsm_destroy_reader (Base64Context ctx)
   if (!ctx)
     return;
 
-  ksba_reader_release (ctx->u2.reader);  
+  ksba_reader_release (ctx->u2.reader);
   xfree (ctx);
 }
 
@@ -678,7 +678,7 @@ int
 gpgsm_finish_writer (Base64Context ctx)
 {
   struct writer_cb_parm_s *parm;
-  
+
   if (!ctx)
     return gpg_error (GPG_ERR_INV_VALUE);
   parm = &ctx->u.wparm;
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 81d486bd2..9619b856f 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 #ifdef HAVE_LOCALE_H
@@ -97,7 +97,7 @@ start_agent (ctrl_t ctrl)
                                 opt.session_env,
                                 opt.verbose, DBG_ASSUAN,
                                 gpgsm_status2, ctrl);
-      
+
       if (!rc)
         {
           /* Tell the agent that we support Pinentry notifications.  No
@@ -128,7 +128,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
     put_membuf (data, buffer, length);
   return 0;
 }
-  
+
 
 /* This is the default inquiry callback.  It mainly handles the
    Pinentry notifications.  */
@@ -142,7 +142,7 @@ default_inq_cb (void *opaque, const char *line)
     {
       err = gpgsm_proxy_pinentry_notify (ctrl, line);
       if (err)
-        log_error (_("failed to proxy %s inquiry to client\n"), 
+        log_error (_("failed to proxy %s inquiry to client\n"),
                    "PINENTRY_LAUNCHED");
       /* We do not pass errors to avoid breaking other code.  */
     }
@@ -249,7 +249,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
     case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
     case GCRY_MD_MD5:   hashopt = "--hash=md5"; break;
     case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
-    default: 
+    default:
       return gpg_error (GPG_ERR_DIGEST_ALGO);
     }
 
@@ -312,7 +312,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
 static gpg_error_t
 inq_ciphertext_cb (void *opaque, const char *line)
 {
-  struct cipher_parm_s *parm = opaque; 
+  struct cipher_parm_s *parm = opaque;
   int rc;
 
   if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10]))
@@ -324,7 +324,7 @@ inq_ciphertext_cb (void *opaque, const char *line)
   else
     rc = default_inq_cb (parm->ctrl, line);
 
-  return rc; 
+  return rc;
 }
 
 
@@ -332,7 +332,7 @@ inq_ciphertext_cb (void *opaque, const char *line)
    the hex string KEYGRIP. */
 int
 gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
-                       ksba_const_sexp_t ciphertext, 
+                       ksba_const_sexp_t ciphertext,
                        char **r_buf, size_t *r_buflen )
 {
   int rc;
@@ -342,7 +342,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
   size_t n, len;
   char *p, *buf, *endp;
   size_t ciphertextlen;
-  
+
   if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
     return gpg_error (GPG_ERR_INV_VALUE);
   *r_buf = NULL;
@@ -417,7 +417,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
   endp++;
   if (endp-p+n > len)
     return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
-  
+
   memmove (buf, endp, n);
 
   *r_buflen = n;
@@ -434,7 +434,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
 static gpg_error_t
 inq_genkey_parms (void *opaque, const char *line)
 {
-  struct genkey_parm_s *parm = opaque; 
+  struct genkey_parm_s *parm = opaque;
   int rc;
 
   if (!strncmp (line, "KEYPARAM", 8) && (line[8]==' '||!line[8]))
@@ -444,7 +444,7 @@ inq_genkey_parms (void *opaque, const char *line)
   else
     rc = default_inq_cb (parm->ctrl, line);
 
-  return rc; 
+  return rc;
 }
 
 
@@ -477,7 +477,7 @@ gpgsm_agent_genkey (ctrl_t ctrl,
   if (!gk_parm.sexplen)
     return gpg_error (GPG_ERR_INV_VALUE);
   rc = assuan_transact (agent_ctx, "GENKEY",
-                        membuf_data_cb, &data, 
+                        membuf_data_cb, &data,
                         inq_genkey_parms, &gk_parm, NULL, NULL);
   if (rc)
     {
@@ -526,7 +526,7 @@ gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
 
   init_membuf (&data, 1024);
   rc = assuan_transact (agent_ctx, line,
-                        membuf_data_cb, &data, 
+                        membuf_data_cb, &data,
                         default_inq_cb, ctrl, NULL, NULL);
   if (rc)
     {
@@ -597,7 +597,7 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
 {
   int rc;
   char *serialno = NULL;
- 
+
   *r_serialno = NULL;
   rc = start_agent (ctrl);
   if (rc)
@@ -666,7 +666,7 @@ gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
 {
   int rc;
   strlist_t list = NULL;
- 
+
   *r_list = NULL;
   rc = start_agent (ctrl);
   if (rc)
@@ -743,7 +743,7 @@ gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
           log_error ("error getting the fingerprint\n");
           return gpg_error (GPG_ERR_GENERAL);
         }
-      
+
       snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
       line[DIM(line)-1] = 0;
       xfree (fpr);
@@ -907,7 +907,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
   init_membuf (parm->data, 4096);
   return 0;
 }
-  
+
 /* Call the agent to learn about a smartcard */
 int
 gpgsm_agent_learn (ctrl_t ctrl)
@@ -927,8 +927,8 @@ gpgsm_agent_learn (ctrl_t ctrl)
   learn_parm.ctx = agent_ctx;
   learn_parm.data = &data;
   rc = assuan_transact (agent_ctx, "LEARN --send",
-                        learn_cb, &learn_parm, 
-                        NULL, NULL, 
+                        learn_cb, &learn_parm,
+                        NULL, NULL,
                         learn_status_cb, &learn_parm);
   xfree (get_membuf (&data, &len));
   if (rc)
@@ -1099,20 +1099,20 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
 
   if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg)))
     return gpg_error_from_syserror ();
-  
+
   snprintf (line, DIM(line)-1, "GET_PASSPHRASE --data%s -- X X X %s",
             repeat? " --repeat=1 --check --qualitybar":"",
             arg4);
   xfree (arg4);
 
   init_membuf_secure (&data, 64);
-  err = assuan_transact (agent_ctx, line, 
+  err = assuan_transact (agent_ctx, line,
                          membuf_data_cb, &data,
                          default_inq_cb, NULL, NULL, NULL);
 
   if (err)
     xfree (get_membuf (&data, NULL));
-  else 
+  else
     {
       put_membuf (&data, "", 1);
       *r_passphrase = get_membuf (&data, NULL);
@@ -1147,7 +1147,7 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
 
   init_membuf_secure (&data, 64);
   err = assuan_transact (agent_ctx, line,
-                         membuf_data_cb, &data, 
+                         membuf_data_cb, &data,
                          default_inq_cb, ctrl, NULL, NULL);
   if (err)
     {
@@ -1169,7 +1169,7 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
 static gpg_error_t
 inq_import_key_parms (void *opaque, const char *line)
 {
-  struct import_key_parm_s *parm = opaque; 
+  struct import_key_parm_s *parm = opaque;
   gpg_error_t err;
 
   if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7]))
@@ -1181,7 +1181,7 @@ inq_import_key_parms (void *opaque, const char *line)
   else
     err = default_inq_cb (parm->ctrl, line);
 
-  return err; 
+  return err;
 }
 
 
@@ -1241,7 +1241,7 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
 
   init_membuf_secure (&data, 1024);
   err = assuan_transact (agent_ctx, line,
-                         membuf_data_cb, &data, 
+                         membuf_data_cb, &data,
                          default_inq_cb, ctrl, NULL, NULL);
   if (err)
     {
@@ -1255,5 +1255,3 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
   *r_resultlen = len;
   return 0;
 }
-
-
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 6d0236c72..d927a29c0 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -1,4 +1,4 @@
-/* call-dirmngr.c - Communication with the dirmngr 
+/* call-dirmngr.c - Communication with the dirmngr
  * Copyright (C) 2002, 2003, 2005, 2007, 2008,
  *               2010  Free Software Foundation, Inc.
  *
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 #include 
@@ -108,7 +108,7 @@ put_membuf (struct membuf *mb, const void *buf, size_t len)
   if (mb->len + len >= mb->size)
     {
       char *p;
-      
+
       mb->size += len + 1024;
       p = xtryrealloc (mb->buf, mb->size);
       if (!p)
@@ -169,7 +169,7 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
       char *user = server->user ? server->user : "";
       char *pass = server->pass ? server->pass : "";
       char *base = server->base ? server->base : "";
-      
+
       snprintf (line, DIM (line) - 1, "LDAPSERVER %s:%i:%s:%s:%s",
 		server->host, server->port, user, pass, base);
       line[DIM (line) - 1] = 0;
@@ -201,7 +201,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
      to take care of the implicit option sending caching. */
 
   err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT,
-                           opt.homedir, opt.dirmngr_program, 
+                           opt.homedir, opt.dirmngr_program,
                            opt.verbose, DBG_ASSUAN,
                            gpgsm_status2, ctrl);
   prepare_dirmngr (ctrl, ctx, err);
@@ -228,7 +228,7 @@ start_dirmngr (ctrl_t ctrl)
      an error in prepare_dirmngr?  */
   if (!dirmngr_ctx)
     dirmngr_ctx_locked = 0;
-  return err;  
+  return err;
 }
 
 
@@ -324,7 +324,7 @@ inq_certificate (void *opaque, const char *line)
       for (s=line, n=0; n < 40; s++, n++)
         fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
       fpr[n] = 0;
-      
+
       if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
         rc = assuan_send_data (parm->ctx, "1", 1);
       else
@@ -352,7 +352,7 @@ inq_certificate (void *opaque, const char *line)
                  "is not yet implemented\n");
       rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     }
-  else 
+  else
     { /* Send the given certificate. */
       int err;
       ksba_cert_t cert;
@@ -376,7 +376,7 @@ inq_certificate (void *opaque, const char *line)
     }
 
   xfree (ski);
-  return rc; 
+  return rc;
 }
 
 
@@ -500,7 +500,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
                          NULL, NULL, NULL, NULL, NULL, NULL);
       did_options = 1;
     }
-  snprintf (line, DIM(line)-1, "ISVALID%s %s", 
+  snprintf (line, DIM(line)-1, "ISVALID%s %s",
             use_ocsp == 2? " --only-ocsp --force-default-responder":"",
             certid);
   line[DIM(line)-1] = 0;
@@ -552,7 +552,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
                 {
                   /* Note the no_dirmngr flag: This avoids checking
                      this certificate over and over again. */
-                  rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL, 
+                  rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL,
                                              VALIDATE_FLAG_NO_DIRMNGR, NULL);
                   if (rc)
                     {
@@ -674,7 +674,7 @@ pattern_from_strlist (strlist_t names)
     *pattern = 0; /* is empty */
   else
     p[-1] = '\0'; /* remove trailing blank */
-  
+
   return pattern;
 }
 
@@ -711,10 +711,10 @@ lookup_status_cb (void *opaque, const char *line)
    the callback CB which will be passed cert by cert.  Note that CTRL
    is optional.  With CACHE_ONLY the dirmngr will search only its own
    key cache. */
-int 
+int
 gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
                       void (*cb)(void*, ksba_cert_t), void *cb_value)
-{ 
+{
   int rc;
   char *pattern;
   char line[ASSUAN_LINELENGTH];
@@ -753,7 +753,7 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
 
       return out_of_core ();
     }
-  snprintf (line, DIM(line)-1, "LOOKUP%s %s", 
+  snprintf (line, DIM(line)-1, "LOOKUP%s %s",
             cache_only? " --cache-only":"", pattern);
   line[DIM(line)-1] = 0;
   xfree (pattern);
@@ -842,7 +842,7 @@ run_command_inq_cb (void *opaque, const char *line)
       rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     }
 
-  return rc; 
+  return rc;
 }
 
 static gpg_error_t
@@ -877,7 +877,7 @@ run_command_status_cb (void *opaque, const char *line)
 int
 gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
                            int argc, char **argv)
-{ 
+{
   int rc;
   int i;
   const char *s;
diff --git a/sm/certchain.c b/sm/certchain.c
index 3d856fee1..1a2632504 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 #include 
@@ -193,7 +193,7 @@ has_validation_model_chain (ksba_cert_t cert, int listmode, estream_t listfp)
 
   if (opt.verbose)
     do_list (0, listmode, listfp,
-             _("validation model requested by certificate: %s"), 
+             _("validation model requested by certificate: %s"),
               !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.1")? _("chain") :
               !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.2")? _("shell") :
               /* */                                       oidbuf);
@@ -276,7 +276,7 @@ unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp)
    BasicConstraints extension.  The function returns 0 on success and
    the allowed length of the chain at CHAINLEN. */
 static int
-allowed_ca (ctrl_t ctrl, 
+allowed_ca (ctrl_t ctrl,
             ksba_cert_t cert, int *chainlen, int listmode, estream_t fp)
 {
   gpg_error_t err;
@@ -327,7 +327,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
   any_critical = !!strstr (policies, ":C");
 
   if (!opt.policy_file)
-    { 
+    {
       xfree (policies);
       if (any_critical)
         {
@@ -358,7 +358,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
       return gpg_error (GPG_ERR_NO_POLICY_MATCH);
     }
 
-  for (;;) 
+  for (;;)
     {
       int c;
       char *p, line[256];
@@ -389,7 +389,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
               fclose (fp);
               return tmperr;
             }
-      
+
           if (!*line || line[strlen(line)-1] != '\n')
             {
               /* eat until end of line */
@@ -400,13 +400,13 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
               return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
                                      : GPG_ERR_INCOMPLETE_LINE);
             }
-          
+
           /* Allow for empty lines and spaces */
           for (p=line; spacep (p); p++)
             ;
         }
       while (!*p || *p == '\n' || *p == '#');
-  
+
       /* parse line */
       for (allowed=line; spacep (allowed); allowed++)
         ;
@@ -463,7 +463,7 @@ find_up_search_by_keyid (KEYDB_HANDLE kh,
             break; /* Found matching cert. */
         }
     }
-  
+
   ksba_cert_release (cert);
   xfree (subj);
   return rc? -1:0;
@@ -493,7 +493,7 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
   int count = 0;
   char *pattern;
   const char *s;
-      
+
   if (opt.verbose)
     log_info (_("looking up issuer at external location\n"));
   /* The Dirmngr process is confused about unknown attributes.  As a
@@ -515,7 +515,7 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
 
   if (opt.verbose)
     log_info (_("number of issuers matching: %d\n"), count);
-  if (rc) 
+  if (rc)
     {
       log_error ("external key lookup failed: %s\n", gpg_strerror (rc));
       rc = -1;
@@ -556,7 +556,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
   char *pattern;
 
   (void)kh;
-      
+
   if (opt.verbose)
     log_info (_("looking up issuer from the Dirmngr cache\n"));
   if (subject_mode)
@@ -583,7 +583,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
 
   if (opt.verbose)
     log_info (_("number of matching certificates: %d\n"), count);
-  if (rc && !opt.quiet) 
+  if (rc && !opt.quiet)
     log_info (_("dirmngr cache-only key lookup failed: %s\n"),
               gpg_strerror (rc));
   return (!rc && count)? 0 : -1;
@@ -598,7 +598,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
    keydb_get_cert on the keyDb context KH will return it.  Returns 0
    on success, -1 if not found or an error code.  */
 static int
-find_up (ctrl_t ctrl, KEYDB_HANDLE kh, 
+find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
          ksba_cert_t cert, const char *issuer, int find_next)
 {
   ksba_name_t authid;
@@ -614,7 +614,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
           rc = keydb_search_issuer_sn (kh, s, authidno);
           if (rc)
             keydb_search_reset (kh);
-          
+
           /* In case of an error, try to get the certificate from the
              dirmngr.  That is done by trying to put that certifcate
              into the ephemeral DB and let the code below do the
@@ -627,7 +627,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
              that in find_next mode because we can't keep the search
              state then. */
           if (rc == -1 && !find_next)
-            { 
+            {
               int old = keydb_set_ephemeral (kh, 1);
               if (!old)
                 {
@@ -637,7 +637,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
                 }
               keydb_set_ephemeral (kh, old);
             }
-          if (rc) 
+          if (rc)
             rc = -1; /* Need to make sure to have this error code. */
         }
 
@@ -656,7 +656,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
                 rc = find_up_search_by_keyid (kh, issuer, keyid);
               keydb_set_ephemeral (kh, old);
             }
-          if (rc) 
+          if (rc)
             rc = -1; /* Need to make sure to have this error code. */
         }
 
@@ -676,7 +676,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
                 }
               keydb_set_ephemeral (kh, old);
             }
-          if (rc) 
+          if (rc)
             rc = -1; /* Need to make sure to have this error code. */
         }
 
@@ -714,7 +714,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
       ksba_name_release (authid);
       xfree (authidno);
     }
-  
+
   if (rc) /* Not found via authorithyKeyIdentifier, try regular issuer name. */
     rc = keydb_search_subject (kh, issuer);
   if (rc == -1 && !find_next)
@@ -748,7 +748,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
 int
 gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
 {
-  int rc = 0; 
+  int rc = 0;
   char *issuer = NULL;
   char *subject = NULL;
   KEYDB_HANDLE kh = keydb_new (0);
@@ -779,7 +779,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
   if (is_root_cert (start, issuer, subject))
     {
       rc = -1; /* we are at the root */
-      goto leave; 
+      goto leave;
     }
 
   rc = find_up (ctrl, kh, start, issuer, 0);
@@ -803,7 +803,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
  leave:
   xfree (issuer);
   xfree (subject);
-  keydb_release (kh); 
+  keydb_release (kh);
   return rc;
 }
 
@@ -850,20 +850,20 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
      that is the case this is a root certificate.  */
   ak_name_str = ksba_name_enum (ak_name, 0);
   if (ak_name_str
-      && !strcmp (ak_name_str, issuerdn) 
+      && !strcmp (ak_name_str, issuerdn)
       && !cmp_simple_canon_sexp (ak_sn, serialno))
     {
       result = 1;  /* Right, CERT is self-signed.  */
       goto leave;
-    } 
-   
+    }
+
   /* Similar for the ak_keyid. */
   if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
       && !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
     {
       result = 1;  /* Right, CERT is self-signed.  */
       goto leave;
-    } 
+    }
 
 
  leave:
@@ -872,7 +872,7 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
   ksba_name_release (ak_name);
   ksba_free (ak_sn);
   ksba_free (serialno);
-  return result; 
+  return result;
 }
 
 
@@ -896,7 +896,7 @@ gpgsm_is_root_cert (ksba_cert_t cert)
 
 
 /* This is a helper for gpgsm_validate_chain. */
-static gpg_error_t 
+static gpg_error_t
 is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
                      ksba_cert_t subject_cert, ksba_cert_t issuer_cert,
                      int *any_revoked, int *any_no_crl, int *any_crl_too_old)
@@ -905,13 +905,13 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
 
   if (opt.no_crl_check && !ctrl->use_ocsp)
     {
-      audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, 
+      audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK,
                     gpg_error (GPG_ERR_NOT_ENABLED));
       return 0;
     }
 
   err = gpgsm_dirmngr_isvalid (ctrl,
-                               subject_cert, issuer_cert, 
+                               subject_cert, issuer_cert,
                                force_ocsp? 2 : !!ctrl->use_ocsp);
   audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
 
@@ -948,7 +948,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
                         "\"dirmngr\" is properly installed\n"));
           *any_crl_too_old = 1;
           break;
-          
+
         default:
           do_list (1, lm, fp, _("checking the CRL failed: %s"),
                    gpg_strerror (err));
@@ -963,7 +963,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
    SUBJECT_CERT.  The caller needs to pass EXPTIME which will be
    updated to the nearest expiration time seen.  A DEPTH of 0 indicates
    the target certifciate, -1 the final root certificate and other
-   values intermediate certificates. */ 
+   values intermediate certificates. */
 static gpg_error_t
 check_validity_period (ksba_isotime_t current_time,
                        ksba_cert_t subject_cert,
@@ -993,7 +993,7 @@ check_validity_period (ksba_isotime_t current_time,
 
   if (*not_before && strcmp (current_time, not_before) < 0 )
     {
-      do_list (1, listmode, listfp, 
+      do_list (1, listmode, listfp,
                depth ==  0 ? _("certificate not yet valid") :
                depth == -1 ? _("root certificate not yet valid") :
                /* other */   _("intermediate certificate not yet valid"));
@@ -1004,8 +1004,8 @@ check_validity_period (ksba_isotime_t current_time,
           log_printf (")\n");
         }
       return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
-    } 
-           
+    }
+
   if (*not_after && strcmp (current_time, not_after) > 0 )
     {
       do_list (opt.ignore_expiration?0:1, listmode, listfp,
@@ -1022,8 +1022,8 @@ check_validity_period (ksba_isotime_t current_time,
         log_info ("WARNING: ignoring expiration\n");
       else
         return gpg_error (GPG_ERR_CERT_EXPIRED);
-    }      
-      
+    }
+
   return 0;
 }
 
@@ -1070,7 +1070,7 @@ check_validity_period_cm (ksba_isotime_t current_time,
       log_printf (")\n");
       return gpg_error (GPG_ERR_BAD_CERT);
     }
-  
+
   if (!*exptime)
     gnupg_copy_time (exptime, not_after);
   else if (strcmp (not_after, exptime) < 0 )
@@ -1078,7 +1078,7 @@ check_validity_period_cm (ksba_isotime_t current_time,
 
   if (strcmp (current_time, not_before) < 0 )
     {
-      do_list (1, listmode, listfp, 
+      do_list (1, listmode, listfp,
                depth ==  0 ? _("certificate not yet valid") :
                depth == -1 ? _("root certificate not yet valid") :
                /* other */   _("intermediate certificate not yet valid"));
@@ -1089,16 +1089,16 @@ check_validity_period_cm (ksba_isotime_t current_time,
           log_printf (")\n");
         }
       return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
-    } 
+    }
 
   if (*check_time
-      && (strcmp (check_time, not_before) < 0 
+      && (strcmp (check_time, not_before) < 0
           || strcmp (check_time, not_after) > 0))
     {
       /* Note that we don't need a case for the root certificate
          because its own consitency has already been checked.  */
       do_list(opt.ignore_expiration?0:1, listmode, listfp,
-              depth == 0 ? 
+              depth == 0 ?
               _("signature not created during lifetime of certificate") :
               depth == 1 ?
               _("certificate not created during lifetime of issuer") :
@@ -1135,7 +1135,7 @@ check_validity_period_cm (ksba_isotime_t current_time,
 static int
 ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode)
 {
-  static int no_more_questions; 
+  static int no_more_questions;
   int rc;
   char *fpr;
   int success = 0;
@@ -1143,7 +1143,7 @@ ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode)
   fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1);
   log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
   xfree (fpr);
-  
+
   if (no_more_questions)
     rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
   else
@@ -1225,7 +1225,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
     {
       if (!strcmp (checktime_arg, "19700101T000000"))
         {
-          do_list (1, listmode, listfp, 
+          do_list (1, listmode, listfp,
                    _("WARNING: creation time of signature not known - "
                      "assuming current time"));
           gnupg_copy_time (check_time, current_time);
@@ -1314,7 +1314,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
           if (has_validation_model_chain (subject_cert, listmode, listfp))
             rootca_flags->chain_model = 1;
         }
-      
+
 
       /* Check the validity period. */
       if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
@@ -1332,7 +1332,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
         }
       else if (rc)
         goto leave;
-        
+
 
       /* Assert that we understand all critical extensions. */
       rc = unknown_criticals (subject_cert, listmode, listfp);
@@ -1355,7 +1355,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
 
       /* If this is the root certificate we are at the end of the chain.  */
       if (is_root)
-        { 
+        {
           if (!istrusted_rc)
             ; /* No need to check the certificate for a trusted one. */
           else if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
@@ -1378,8 +1378,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
               if (rc)
                 goto leave;
             }
-              
-          
+
+
           /* Set the flag for qualified signatures.  This flag is
              deduced from a list of root certificates allowed for
              qualified signatures. */
@@ -1388,15 +1388,15 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
               gpg_error_t err;
               size_t buflen;
               char buf[1];
-              
-              if (!ksba_cert_get_user_data (cert, "is_qualified", 
+
+              if (!ksba_cert_get_user_data (cert, "is_qualified",
                                             &buf, sizeof (buf),
                                             &buflen) && buflen)
                 {
                   /* We already checked this for this certificate,
                      thus we simply take it from the user data. */
                   is_qualified = !!*buf;
-                }    
+                }
               else
                 {
                   /* Need to consult the list of root certificates for
@@ -1419,7 +1419,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
                                                      "is_qualified", buf, 1);
                       if (err)
                         log_error ("set_user_data(is_qualified) failed: %s\n",
-                                   gpg_strerror (err)); 
+                                   gpg_strerror (err));
                     }
                 }
             }
@@ -1431,7 +1431,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
             ;
           else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
             {
-              do_list (0, listmode, listfp, 
+              do_list (0, listmode, listfp,
                        _("root certificate is not marked trusted"));
               /* If we already figured out that the certificate is
                  expired it does not make much sense to ask the user
@@ -1443,12 +1443,12 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
                    && ask_marktrusted (ctrl, subject_cert, listmode) )
                 rc = 0;
             }
-          else 
+          else
             {
               log_error (_("checking the trust list failed: %s\n"),
                          gpg_strerror (rc));
             }
-          
+
           if (rc)
             goto leave;
 
@@ -1456,9 +1456,9 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
           if ((flags & VALIDATE_FLAG_NO_DIRMNGR))
             ;
           else if (opt.no_trusted_cert_crl_check || rootca_flags->relax)
-            ; 
+            ;
           else
-            rc = is_cert_still_valid (ctrl, 
+            rc = is_cert_still_valid (ctrl,
                                       (flags & VALIDATE_FLAG_CHAIN_MODEL),
                                       listmode, listfp,
                                       subject_cert, subject_cert,
@@ -1470,7 +1470,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
           break;  /* Okay: a self-signed certicate is an end-point. */
         } /* End is_root.  */
 
-      
+
       /* Take care that the chain does not get too long. */
       if ((depth+1) > maxdepth)
         {
@@ -1552,7 +1552,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
                       do_list (0, listmode, listfp,
                                _("found another possible matching "
                                  "CA certificate - trying again"));
-                      ksba_cert_release (issuer_cert); 
+                      ksba_cert_release (issuer_cert);
                       issuer_cert = tmp_cert;
                       goto try_another_cert;
                     }
@@ -1629,9 +1629,9 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
         rc = 0;
       else if (is_root && (opt.no_trusted_cert_crl_check
                            || (!istrusted_rc && rootca_flags->relax)))
-        rc = 0; 
+        rc = 0;
       else
-        rc = is_cert_still_valid (ctrl, 
+        rc = is_cert_still_valid (ctrl,
                                   (flags & VALIDATE_FLAG_CHAIN_MODEL),
                                   listmode, listfp,
                                   subject_cert, issuer_cert,
@@ -1690,7 +1690,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
       else if (any_no_policy_match)
         rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
     }
-  
+
  leave:
   /* If we have traversed a complete chain up to the root we will
      reset the ephemeral flag for all these certificates.  This is done
@@ -1700,7 +1700,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
     {
       gpg_error_t err;
       chain_item_t ci;
-      
+
       for (ci = chain; ci; ci = ci->next)
         {
           /* Note that it is possible for the last certificate in the
@@ -1714,7 +1714,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
             ;
           else if (err)
             log_error ("clearing ephemeral flag failed: %s\n",
-                       gpg_strerror (err)); 
+                       gpg_strerror (err));
         }
     }
 
@@ -1729,14 +1729,14 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
       char buf[1];
 
       buf[0] = !!is_qualified;
-      
+
       for (ci = chain; ci; ci = ci->next)
         {
           err = ksba_cert_set_user_data (ci->cert, "is_qualified", buf, 1);
           if (err)
             {
               log_error ("set_user_data(is_qualified) failed: %s\n",
-                         gpg_strerror (err)); 
+                         gpg_strerror (err));
               if (!rc)
                 rc = err;
             }
@@ -1762,7 +1762,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
     gnupg_copy_time (r_exptime, exptime);
   xfree (issuer);
   xfree (subject);
-  keydb_release (kh); 
+  keydb_release (kh);
   while (chain)
     {
       chain_item_t ci_next = chain->next;
@@ -1807,7 +1807,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
   *retflags = (flags & VALIDATE_FLAG_CHAIN_MODEL);
   memset (&rootca_flags, 0, sizeof rootca_flags);
 
-  rc = do_validate_chain (ctrl, cert, checktime, 
+  rc = do_validate_chain (ctrl, cert, checktime,
                           r_exptime, listmode, listfp, flags,
                           &rootca_flags);
   if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED
@@ -1816,17 +1816,17 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
     {
       do_list (0, listmode, listfp, _("switching to chain model"));
       rc = do_validate_chain (ctrl, cert, checktime,
-                              r_exptime, listmode, listfp, 
+                              r_exptime, listmode, listfp,
                               (flags |= VALIDATE_FLAG_CHAIN_MODEL),
                               &rootca_flags);
       *retflags |= VALIDATE_FLAG_CHAIN_MODEL;
     }
 
   if (opt.verbose)
-    do_list (0, listmode, listfp, _("validation model used: %s"), 
+    do_list (0, listmode, listfp, _("validation model used: %s"),
              (*retflags & VALIDATE_FLAG_CHAIN_MODEL)?
              _("chain"):_("shell"));
-  
+
   return rc;
 }
 
@@ -1843,7 +1843,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
   char *subject = NULL;
   KEYDB_HANDLE kh;
   ksba_cert_t issuer_cert = NULL;
-  
+
   if (opt.no_chain_validation)
     {
       log_info ("WARNING: bypassing basic certificate checks\n");
@@ -1900,7 +1900,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
           rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
           goto leave;
         }
-      
+
       ksba_cert_release (issuer_cert); issuer_cert = NULL;
       rc = keydb_get_cert (kh, &issuer_cert);
       if (rc)
@@ -1930,7 +1930,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
  leave:
   xfree (issuer);
   xfree (subject);
-  keydb_release (kh); 
+  keydb_release (kh);
   ksba_cert_release (issuer_cert);
   return rc;
 }
@@ -1941,7 +1941,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
    authority for qualified signature.  They do not set the
    basicConstraints and thus we need this workaround.  It works by
    looking up the root certificate and checking whether that one is
-   listed as a qualified certificate for Germany. 
+   listed as a qualified certificate for Germany.
 
    We also try to cache this data but as long as don't keep a
    reference to the certificate this won't be used.
@@ -1967,7 +1967,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
     chainlen = &dummy_chainlen;
 
   *chainlen = 0;
-  err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen", 
+  err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen",
                                  &buf, sizeof (buf), &buflen);
   if (!err)
     {
@@ -2024,7 +2024,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
                                        "\x01\x00", 2);
       if (err)
         log_error ("ksba_set_user_data(%s) failed: %s\n",
-                   "regtp_ca_chainlen", gpg_strerror (err)); 
+                   "regtp_ca_chainlen", gpg_strerror (err));
       for (i=0; i < depth; i++)
         ksba_cert_release (array[i]);
       *chainlen = (depth>1? 0:1);
@@ -2033,11 +2033,11 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
 
  leave:
   /* Nothing special with this certificate. Mark the target
-     certificate anyway to avoid duplicate lookups. */ 
+     certificate anyway to avoid duplicate lookups. */
   err = ksba_cert_set_user_data (cert, "regtp_ca_chainlen", "", 1);
   if (err)
     log_error ("ksba_set_user_data(%s) failed: %s\n",
-               "regtp_ca_chainlen", gpg_strerror (err)); 
+               "regtp_ca_chainlen", gpg_strerror (err));
   for (i=0; i < depth; i++)
     ksba_cert_release (array[i]);
   return 0;
diff --git a/sm/certcheck.c b/sm/certcheck.c
index 51a809b8f..18fadb1fe 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -106,7 +106,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
         {
 	  log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
                      (unsigned int)nframe*8,
-                     gcry_pk_get_nbits (pkey), 
+                     gcry_pk_get_nbits (pkey),
                      gcry_pk_algo_name (pkalgo));
           /* FIXME: we need to check the requirements for ECDSA.  */
           if (nframe < 20 || pkalgo == GCRY_PK_DSA  )
@@ -139,16 +139,16 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
           log_error ("no object identifier for algo %d\n", algo);
           return gpg_error (GPG_ERR_INTERNAL);
         }
-      
+
       len = gcry_md_get_algo_dlen (algo);
-      
+
       if ( len + asnlen + 4  > nframe )
         {
           log_error ("can't encode a %d bit MD into a %d bits frame\n",
                      (int)(len*8), (int)nbits);
           return gpg_error (GPG_ERR_INTERNAL);
         }
-      
+
       /* We encode the MD in this way:
        *
        *	   0  A PAD(n bytes)   0  ASN(asnlen bytes)  MD(len bytes)
@@ -177,7 +177,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
         log_printf (" %02X", frame[j]);
       log_printf ("\n");
     }
-      
+
   gcry_mpi_scan (r_val, GCRYMPI_FMT_USG, frame, n, &nframe);
   xfree (frame);
   return 0;
@@ -324,7 +324,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
     BUG ();
   gcry_mpi_release (frame);
 
-  
+
   rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
   if (DBG_X509)
       log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
@@ -400,7 +400,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
   if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
     BUG ();
   gcry_mpi_release (frame);
-  
+
   rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
   if (DBG_X509)
       log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
@@ -427,13 +427,10 @@ gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
 
   desc = gpgsm_format_keydesc (cert);
 
-  rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo), 
+  rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo),
                            gcry_md_get_algo_dlen (mdalgo), mdalgo,
                            r_sigval, &siglen);
   xfree (desc);
   xfree (grip);
   return rc;
 }
-
-
-
diff --git a/sm/certdump.c b/sm/certdump.c
index 6d7d5b68e..9d9feb07d 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 #ifdef HAVE_LOCALE_H
@@ -175,7 +175,7 @@ gpgsm_dump_string (const char *string)
 
 
 /* This simple dump function is mainly used for debugging purposes. */
-void 
+void
 gpgsm_dump_cert (const char *text, ksba_cert_t cert)
 {
   ksba_sexp_t sexp;
@@ -206,7 +206,7 @@ gpgsm_dump_cert (const char *text, ksba_cert_t cert)
       gpgsm_dump_string (dn);
       ksba_free (dn);
       log_printf ("\n");
-    
+
       dn = ksba_cert_get_subject (cert, 0);
       log_debug ("    subject: ");
       gpgsm_dump_string (dn);
@@ -256,7 +256,7 @@ gpgsm_format_sn_issuer (ksba_sexp_t sn, const char *issuer)
 
 /* Log the certificate's name in "#SN/ISSUERDN" format along with
    TEXT. */
-void 
+void
 gpgsm_cert_log_name (const char *text, ksba_cert_t cert)
 {
   log_info ("%s", text? text:"certificate" );
@@ -301,7 +301,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
     {"T",            "2.5.4.12" },
     {"GN",           "2.5.4.42" },
     {"SN",           "2.5.4.4" },
-    {"NameDistinguisher", "0.2.262.1.10.7.20"}, 
+    {"NameDistinguisher", "0.2.262.1.10.7.20"},
     {"ADDR",         "2.5.4.16" },
     {"BC",           "2.5.4.15" },
     {"D",            "2.5.4.13" },
@@ -329,7 +329,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
   array->key = p = xtrymalloc (n+10);
   if (!array->key)
     return NULL;
-  memcpy (p, string, n); 
+  memcpy (p, string, n);
   p[n] = 0;
   trim_trailing_spaces (p);
 
@@ -373,7 +373,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
             { /* pair */
               s++;
               if (*s == ',' || *s == '=' || *s == '+'
-                  || *s == '<' || *s == '>' || *s == '#' || *s == ';' 
+                  || *s == '<' || *s == '>' || *s == '#' || *s == ';'
                   || *s == '\\' || *s == '\"' || *s == ' ')
                 n++;
               else if (hexdigitp (s) && hexdigitp (s+1))
@@ -388,7 +388,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
             return NULL; /* invalid encoding */
           else if (*s == ',' || *s == '=' || *s == '+'
                    || *s == '<' || *s == '>' || *s == ';' )
-            break; 
+            break;
           else
             n++;
         }
@@ -399,7 +399,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
       for (s=string; n; s++, n--)
         {
           if (*s == '\\')
-            { 
+            {
               s++;
               if (hexdigitp (s))
                 {
@@ -440,7 +440,7 @@ parse_dn (const unsigned char *string)
       if (!*string)
         break; /* ready */
       if (arrayidx >= arraysize)
-        { 
+        {
           struct dn_array_s *a2;
 
           arraysize += 5;
@@ -537,10 +537,10 @@ print_dn_parts (FILE *fp, estream_t stream,
                 struct dn_array_s *dn, int translate)
 {
   const char *stdpart[] = {
-    "CN", "OU", "O", "STREET", "L", "ST", "C", "EMail", NULL 
+    "CN", "OU", "O", "STREET", "L", "ST", "C", "EMail", NULL
   };
   int i;
-  
+
   for (i=0; stdpart[i]; i++)
       print_dn_part (fp, stream, dn, stdpart[i], translate);
 
@@ -677,9 +677,9 @@ gpgsm_print_name2 (FILE *fp, const char *name, int translate)
       struct dn_array_s *dn = parse_dn (s);
       if (!dn)
         fputs (_("[Error - invalid DN]"), fp);
-      else 
+      else
         {
-          print_dn_parts (fp, NULL, dn, translate);          
+          print_dn_parts (fp, NULL, dn, translate);
           for (i=0; dn[i].key; i++)
             {
               xfree (dn[i].key);
@@ -736,9 +736,9 @@ gpgsm_es_print_name2 (estream_t fp, const char *name, int translate)
 
       if (!dn)
         es_fputs (_("[Error - invalid DN]"), fp);
-      else 
+      else
         {
-          print_dn_parts (NULL, fp, dn, translate);          
+          print_dn_parts (NULL, fp, dn, translate);
           for (i=0; dn[i].key; i++)
             {
               xfree (dn[i].key);
@@ -758,7 +758,7 @@ gpgsm_es_print_name (estream_t fp, const char *name)
 
 
 /* A cookie structure used for the memory stream. */
-struct format_name_cookie 
+struct format_name_cookie
 {
   char *buffer;         /* Malloced buffer with the data to deliver. */
   size_t size;          /* Allocated size of this buffer. */
@@ -809,7 +809,7 @@ format_name_writer (void *cookie, const void *buffer, size_t size)
     }
   memcpy (p + c->len, buffer, size);
   c->len += size;
-  p[c->len] = 0; /* Terminate string. */ 
+  p[c->len] = 0; /* Terminate string. */
 
   return (ssize_t)size;
 }
@@ -869,7 +869,7 @@ gpgsm_fpr_and_name_for_status (ksba_cert_t cert)
   fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
   if (!fpr)
     return NULL;
-  
+
   name = ksba_cert_get_subject (cert, 0);
   if (!name)
     {
@@ -954,21 +954,20 @@ gpgsm_format_keydesc (ksba_cert_t cert)
                        sn? sn: "?",
                        gpgsm_get_short_fingerprint (cert, NULL),
                        created, expires);
-  
+
   i18n_switchback (orig_codeset);
-  
+
   if (!name)
     {
       xfree (subject);
       xfree (sn);
       return NULL;
     }
-  
+
   xfree (subject);
   xfree (sn);
 
   buffer = percent_plus_escape (name);
-  xfree (name); 
+  xfree (name);
   return buffer;
 }
-
diff --git a/sm/certlist.c b/sm/certlist.c
index 8221e4ac3..299d075f2 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -95,7 +95,7 @@ cert_usage_p (ksba_cert_t cert, int mode)
                     extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
                                    | KSBA_KEYUSAGE_NON_REPUDIATION);
                 }
-              
+
               /* This is a hack to cope with OCSP.  Note that we do
                  not yet fully comply with the requirements and that
                  the entire CRL/OCSP checking thing should undergo a
@@ -108,7 +108,7 @@ cert_usage_p (ksba_cert_t cert, int mode)
             }
           xfree (extkeyusages);
           extkeyusages = NULL;
-          
+
           if (!any_critical)
             extusemask = ~0; /* Reset to the don't care mask. */
         }
@@ -128,12 +128,12 @@ cert_usage_p (ksba_cert_t cert, int mode)
 
     }
   if (err)
-    { 
+    {
       log_error (_("error getting key usage information: %s\n"),
                  gpg_strerror (err));
       xfree (extkeyusages);
       return err;
-    } 
+    }
 
   if (mode == 4)
     {
@@ -146,7 +146,7 @@ cert_usage_p (ksba_cert_t cert, int mode)
 
   if (mode == 5)
     {
-      if (use != ~0 
+      if (use != ~0
           && (have_ocsp_signing
               || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
                          |KSBA_KEYUSAGE_CRL_SIGN))))
@@ -216,7 +216,7 @@ same_subject_issuer (const char *subject, const char *issuer, ksba_cert_t cert)
   char *subject2 = ksba_cert_get_subject (cert, 0);
   char *issuer2 = ksba_cert_get_issuer (cert, 0);
   int tmp;
-  
+
   tmp = (subject && subject2
          && !strcmp (subject, subject2)
          && issuer && issuer2
@@ -268,7 +268,7 @@ is_cert_in_certlist (ksba_cert_t cert, certlist_t certlist)
 
 /* Add CERT to the list of certificates at CERTADDR but avoid
    duplicates. */
-int 
+int
 gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
                             certlist_t *listaddr, int is_encrypt_to)
 {
@@ -355,7 +355,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
           /* We want the error code from the first match in this case. */
           if (rc && wrong_usage)
             rc = wrong_usage;
-          
+
           if (!rc)
             {
               certlist_t dup_certs = NULL;
@@ -367,8 +367,8 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
               else if (!rc)
                 {
                   ksba_cert_t cert2 = NULL;
-                  
-                  /* If this is the first possible duplicate, add the original 
+
+                  /* If this is the first possible duplicate, add the original
                      certificate to our list of duplicates.  */
                   if (!dup_certs)
                     gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0);
@@ -384,8 +384,8 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                      keybox).  */
                   if (!keydb_get_cert (kh, &cert2))
                     {
-                      int tmp = (same_subject_issuer (first_subject, 
-                                                      first_issuer, 
+                      int tmp = (same_subject_issuer (first_subject,
+                                                      first_issuer,
                                                       cert2)
                                  && ((gpg_err_code (
                                       secret? gpgsm_cert_use_sign_p (cert2)
@@ -400,7 +400,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                           if (is_cert_in_certlist (cert2, dup_certs))
                             tmp = 1;
                         }
-                      
+
                       ksba_cert_release (cert2);
                       if (tmp)
                         goto next_ambigious;
@@ -416,10 +416,10 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
 
           if (!rc && !is_cert_in_certlist (cert, *listaddr))
             {
-              if (!rc && secret) 
+              if (!rc && secret)
                 {
                   char *p;
-                  
+
                   rc = gpg_error (GPG_ERR_NO_SECKEY);
                   p = gpgsm_get_keygrip_hexstring (cert);
                   if (p)
@@ -437,7 +437,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                   certlist_t cl = xtrycalloc (1, sizeof *cl);
                   if (!cl)
                     rc = out_of_core ();
-                  else 
+                  else
                     {
                       cl->cert = cert; cert = NULL;
                       cl->next = *listaddr;
@@ -448,7 +448,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
             }
         }
     }
-  
+
   keydb_release (kh);
   ksba_cert_release (cert);
   return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
@@ -496,7 +496,7 @@ gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
               if (!rc && keyid)
                 {
                   ksba_sexp_t subj;
-                  
+
                   rc = ksba_cert_get_subj_key_id (*r_cert, NULL, &subj);
                   if (!rc)
                     {
@@ -525,7 +525,7 @@ gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
               rc = keydb_search (kh, &desc, 1);
               if (rc == -1)
                 rc = 0;
-              else 
+              else
                 {
                   if (!rc)
                     {
@@ -548,8 +548,7 @@ gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
             }
         }
     }
-  
+
   keydb_release (kh);
   return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
 }
-
diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c
index 3dabb654e..526a182bb 100644
--- a/sm/certreqgen-ui.c
+++ b/sm/certreqgen-ui.c
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -40,7 +40,7 @@ ask_mb_lines (membuf_t *mb, const char *prefix)
 {
   char *answer = NULL;
 
-  do 
+  do
     {
       xfree (answer);
       answer = tty_get ("> ");
@@ -88,7 +88,7 @@ store_mb_lines (membuf_t *mb, membuf_t *lines)
 
 /* Chech whether we have a key for the key with HEXGRIP.  Returns NULL
    if not or a string describing the type of the key (RSA, ELG, DSA,
-   etc..).  */ 
+   etc..).  */
 static const char *
 check_keygrip (ctrl_t ctrl, const char *hexgrip)
 {
@@ -202,7 +202,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream)
           answer = tty_get (_("Enter the keygrip: "));
           tty_kill_prompt ();
           trim_spaces (answer);
-          
+
           if (!*answer)
             goto again;
           else if (strlen (answer) != 40 &&
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 72cab29c6..4218908d2 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -75,9 +75,9 @@ The format of the native parameter file is follows:
         This is the DN name of the subject in rfc2253 format.
      Name-Email: 
 	The is an email address for the altSubjectName
-     Name-DNS:  
+     Name-DNS: 
 	The is an DNS name for the altSubjectName
-     Name-URI:  
+     Name-URI: 
 	The is an URI for the altSubjectName
 
 Here is an example:
@@ -99,7 +99,7 @@ EOF
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -127,7 +127,7 @@ struct para_data_s {
   int lnr;
   enum para_name key;
   union {
-    unsigned int usage; 
+    unsigned int usage;
     char value[1];
   } u;
 };
@@ -157,7 +157,7 @@ static void
 release_parameter_list (struct para_data_s *r)
 {
   struct para_data_s *r2;
-  
+
   for (; r ; r = r2)
     {
       r2 = r->next;
@@ -169,7 +169,7 @@ static struct para_data_s *
 get_parameter (struct para_data_s *para, enum para_name key, int seq)
 {
   struct para_data_s *r;
-  
+
   for (r = para; r ; r = r->next)
     if ( r->key == key && !seq--)
       return r;
@@ -191,7 +191,7 @@ get_parameter_algo (struct para_data_s *para, enum para_name key)
     return -1;
   if (digitp (r->u.value))
     return atoi( r->u.value );
-  return gcry_pk_map_name (r->u.value); 
+  return gcry_pk_map_name (r->u.value);
 }
 
 /* Parse the usage parameter.  Returns 0 on success.  Note that we
@@ -204,10 +204,10 @@ parse_parameter_usage (struct para_data_s *para, enum para_name key)
   struct para_data_s *r = get_parameter (para, key, 0);
   char *p, *pn;
   unsigned int use;
-  
+
   if (!r)
     return 0; /* none (this is an optional parameter)*/
-    
+
   use = 0;
   pn = r->u.value;
   while ( (p = strsep (&pn, " \t,")) )
@@ -475,7 +475,7 @@ proc_parameters (ctrl_t ctrl,
       log_error (_("line %d: invalid algorithm\n"), r->lnr);
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
-  
+
   /* Check the keylength.  NOTE: If you change this make sure that it
      macthes the gpgconflist item in gpgsm.c  */
   if (!get_parameter (para, pKEYLENGTH, 0))
@@ -491,7 +491,7 @@ proc_parameters (ctrl_t ctrl,
       xfree (cardkeyid);
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
-    
+
   /* Check the usage. */
   if (parse_parameter_usage (para, pKEYUSAGE))
     {
@@ -525,7 +525,7 @@ proc_parameters (ctrl_t ctrl,
 
   /* Check that the optional email address is okay. */
   for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
-    { 
+    {
       if (has_invalid_email_chars (s)
           || *s == '@'
           || s[strlen(s)-1] == '@'
@@ -566,7 +566,7 @@ proc_parameters (ctrl_t ctrl,
   else /* Generate new key.  */
     {
       sprintf (numbuf, "%u", nbits);
-      snprintf ((char*)keyparms, DIM (keyparms)-1, 
+      snprintf ((char*)keyparms, DIM (keyparms)-1,
                 "(6:genkey(3:rsa(5:nbits%d:%s)))",
                 (int)strlen (numbuf), numbuf);
       rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
@@ -591,8 +591,8 @@ proc_parameters (ctrl_t ctrl,
 /* Parameters are checked, the key pair has been created.  Now
    generate the request and write it out */
 static int
-create_request (ctrl_t ctrl, 
-                struct para_data_s *para, 
+create_request (ctrl_t ctrl,
+                struct para_data_s *para,
                 const char *carddirect,
                 ksba_const_sexp_t public,
                 struct reqgen_ctrl_s *outctrl)
@@ -624,7 +624,7 @@ create_request (ctrl_t ctrl,
 
   ksba_certreq_set_hash_function (cr, HASH_FNC, md);
   ksba_certreq_set_writer (cr, outctrl->writer);
-  
+
   err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0));
   if (err)
     {
@@ -720,14 +720,14 @@ create_request (ctrl_t ctrl,
       goto leave;
     }
 
-  
+
   use = get_parameter_uint (para, pKEYUSAGE);
   if (use == GCRY_PK_USAGE_SIGN)
     {
       /* For signing only we encode the bits:
          KSBA_KEYUSAGE_DIGITAL_SIGNATURE
          KSBA_KEYUSAGE_NON_REPUDIATION */
-      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, 
+      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
                                         "\x03\x02\x06\xC0", 4);
     }
   else if (use == GCRY_PK_USAGE_ENCR)
@@ -735,7 +735,7 @@ create_request (ctrl_t ctrl,
       /* For encrypt only we encode the bits:
          KSBA_KEYUSAGE_KEY_ENCIPHERMENT
          KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
-      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, 
+      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
                                         "\x03\x02\x04\x30", 4);
     }
   else
@@ -748,7 +748,7 @@ create_request (ctrl_t ctrl,
       goto leave;
     }
 
-               
+
   do
     {
       err = ksba_certreq_build (cr, &stopreason);
@@ -790,11 +790,11 @@ create_request (ctrl_t ctrl,
           gcry_sexp_release (s_pkey);
           bin2hex (grip, 20, hexgrip);
 
-          log_info ("about to sign CSR for key: &%s\n", hexgrip); 
+          log_info ("about to sign CSR for key: &%s\n", hexgrip);
 
           if (carddirect)
             rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
-                                     gcry_md_read(md, GCRY_MD_SHA1), 
+                                     gcry_md_read(md, GCRY_MD_SHA1),
                                      gcry_md_get_algo_dlen (GCRY_MD_SHA1),
                                      GCRY_MD_SHA1,
                                      &sigval, &siglen);
@@ -804,13 +804,13 @@ create_request (ctrl_t ctrl,
               char *desc;
 
               orig_codeset = i18n_switchto_utf8 ();
-              desc = percent_plus_escape 
+              desc = percent_plus_escape
                 (_("To complete this certificate request please enter"
                    " the passphrase for the key you just created once"
                    " more.\n"));
               i18n_switchback (orig_codeset);
               rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
-                                       gcry_md_read(md, GCRY_MD_SHA1), 
+                                       gcry_md_read(md, GCRY_MD_SHA1),
                                        gcry_md_get_algo_dlen (GCRY_MD_SHA1),
                                        GCRY_MD_SHA1,
                                        &sigval, &siglen);
@@ -821,7 +821,7 @@ create_request (ctrl_t ctrl,
               log_error ("signing failed: %s\n", gpg_strerror (rc));
               goto leave;
             }
-          
+
           err = ksba_certreq_set_sig_val (cr, sigval);
           xfree (sigval);
           if (err)
@@ -833,13 +833,13 @@ create_request (ctrl_t ctrl,
             }
         }
     }
-  while (stopreason != KSBA_SR_READY);   
+  while (stopreason != KSBA_SR_READY);
 
 
  leave:
   gcry_md_close (md);
   ksba_certreq_release (cr);
-  return rc;  
+  return rc;
 }
 
 
@@ -870,7 +870,7 @@ gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, estream_t out_stream)
     }
 
   rc = gpgsm_finish_writer (b64writer);
-  if (rc) 
+  if (rc)
     {
       log_error ("write failed: %s\n", gpg_strerror (rc));
       goto leave;
@@ -883,4 +883,3 @@ gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, estream_t out_stream)
   gpgsm_destroy_writer (b64writer);
   return rc;
 }
-
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 4fb3c2d3c..da833e106 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -33,7 +33,7 @@
 #include "keydb.h"
 #include "i18n.h"
 
-struct decrypt_filter_parm_s 
+struct decrypt_filter_parm_s
 {
   int algo;
   int mode;
@@ -53,7 +53,7 @@ struct decrypt_filter_parm_s
 
 /* Decrypt the session key and fill in the parm structure.  The
    algo and the IV is expected to be already in PARM. */
-static int 
+static int
 prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
                     ksba_const_sexp_t enc_val,
                     struct decrypt_filter_parm_s *parm)
@@ -84,9 +84,9 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
       if (n + 7 > seskeylen )
         {
           rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
-          goto leave; 
+          goto leave;
         }
-      
+
       /* FIXME: Actually the leading zero is required but due to the way
          we encode the output in libgcrypt as an MPI we are not able to
          encode that leading zero.  However, when using a Smartcard we are
@@ -94,20 +94,20 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
          should be fixed in gpg-agent of course. */
       if (!seskey[n])
         n++;
-      
+
       if (seskey[n] != 2 )  /* Wrong block type version. */
-        { 
+        {
           rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
-          goto leave; 
+          goto leave;
         }
-      
+
       for (n++; n < seskeylen && seskey[n]; n++) /* Skip the random bytes. */
         ;
       n++; /* and the zero byte */
       if (n >= seskeylen )
-        { 
+        {
           rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
-          goto leave; 
+          goto leave;
         }
     }
 
@@ -120,7 +120,7 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
       log_error ("error creating decryptor: %s\n", gpg_strerror (rc));
       goto leave;
     }
-                        
+
   rc = gcry_cipher_setkey (parm->hd, seskey+n, seskeylen-n);
   if (gpg_err_code (rc) == GPG_ERR_WEAK_KEY)
     {
@@ -301,7 +301,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
   audit_log (ctrl->audit, AUDIT_SETUP_READY);
 
   /* Parser loop. */
-  do 
+  do
     {
       rc = ksba_cms_parse (cms, &stopreason);
       if (rc)
@@ -316,7 +316,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
           int algo, mode;
           const char *algoid;
           int any_key = 0;
-          
+
           audit_log (ctrl->audit, AUDIT_GOT_DATA);
 
           algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/);
@@ -363,7 +363,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
               log_error ("error getting IV: %s\n", gpg_strerror (rc));
               goto leave;
             }
-          
+
           for (recp=0; !any_key; recp++)
             {
               char *issuer;
@@ -412,7 +412,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                   if (rc)
                     {
                       log_error ("failed to get cert: %s\n", gpg_strerror (rc));
-                      goto oops;     
+                      goto oops;
                     }
 
                   /* Print the ENC_TO status line.  Note that we can
@@ -424,11 +424,11 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                      keyid for later use.  */
                   {
                     unsigned long kid[2];
-                    
+
                     kid[0] = gpgsm_get_short_fingerprint (cert, kid+1);
                     snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX",
                               kid[1], kid[0]);
-                    gpgsm_status2 (ctrl, STATUS_ENC_TO, 
+                    gpgsm_status2 (ctrl, STATUS_ENC_TO,
                                    kidbuf, "0", "0", NULL);
                   }
 
@@ -535,7 +535,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                   goto leave;
                 }
               rc = ksba_writer_write (writer,
-                                      dfparm.lastblock, 
+                                      dfparm.lastblock,
                                       dfparm.blklen - npadding);
               if (rc)
                 goto leave;
@@ -553,10 +553,10 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
         }
 
     }
-  while (stopreason != KSBA_SR_READY);   
+  while (stopreason != KSBA_SR_READY);
 
   rc = gpgsm_finish_writer (b64writer);
-  if (rc) 
+  if (rc)
     {
       log_error ("write failed: %s\n", gpg_strerror (rc));
       goto leave;
@@ -575,11 +575,9 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
   ksba_cms_release (cms);
   gpgsm_destroy_reader (b64reader);
   gpgsm_destroy_writer (b64writer);
-  keydb_release (kh); 
+  keydb_release (kh);
   es_fclose (in_fp);
   if (dfparm.hd)
-    gcry_cipher_close (dfparm.hd); 
+    gcry_cipher_close (dfparm.hd);
   return rc;
 }
-
-
diff --git a/sm/delete.c b/sm/delete.c
index e2835a98b..10ec965cb 100644
--- a/sm/delete.c
+++ b/sm/delete.c
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -44,7 +44,7 @@ delete_one (ctrl_t ctrl, const char *username)
   ksba_cert_t cert = NULL;
   int duplicates = 0;
   int is_ephem = 0;
-  
+
   rc = classify_user_id (username, &desc);
   if (rc)
     {
@@ -122,8 +122,8 @@ delete_one (ctrl_t ctrl, const char *username)
       log_error (_("error locking keybox: %s\n"), gpg_strerror (rc));
       goto leave;
     }
-                   
-  do 
+
+  do
     {
       keydb_search_reset (kh);
       rc = keydb_search (kh, &desc, 1);
@@ -133,9 +133,9 @@ delete_one (ctrl_t ctrl, const char *username)
                      gpg_strerror (rc));
           goto leave;
         }
-      
+
       rc = keydb_delete (kh, duplicates ? 0 : 1);
-      if (rc) 
+      if (rc)
         goto leave;
       if (opt.verbose)
         {
@@ -166,7 +166,7 @@ gpgsm_delete (ctrl_t ctrl, strlist_t names)
       log_error ("nothing to delete\n");
       return gpg_error (GPG_ERR_NO_DATA);
     }
-  
+
   for (; names; names=names->next )
     {
       rc = delete_one (ctrl, names->d);
@@ -177,6 +177,6 @@ gpgsm_delete (ctrl_t ctrl, strlist_t names)
           return rc;
         }
     }
-  
+
   return 0;
 }
diff --git a/sm/encrypt.c b/sm/encrypt.c
index ffe88a790..e66fac7f6 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -48,7 +48,7 @@ typedef struct dek_s *DEK;
 
 
 /* Callback parameters for the encryption.  */
-struct encrypt_cb_parm_s 
+struct encrypt_cb_parm_s
 {
   estream_t fp;
   DEK dek;
@@ -77,7 +77,7 @@ init_dek (DEK dek)
       log_error ("unsupported algorithm `%s'\n", dek->algoid);
       return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
     }
-  
+
   /* Extra check for algorithms we consider to be too weak for
      encryption, although we support them for decryption.  Note that
      there is another check below discriminating on the key length. */
@@ -102,18 +102,18 @@ init_dek (DEK dek)
 
   /* Make sure we don't use weak keys. */
   if (dek->keylen < 100/8)
-    { 
+    {
       log_error ("key length of `%s' too small\n", dek->algoid);
       return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
     }
-  
+
   rc = gcry_cipher_open (&dek->chd, dek->algo, mode, GCRY_CIPHER_SECURE);
   if (rc)
     {
       log_error ("failed to create cipher context: %s\n", gpg_strerror (rc));
       return rc;
     }
-  
+
   for (i=0; i < 8; i++)
     {
       gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
@@ -139,7 +139,7 @@ init_dek (DEK dek)
       dek->chd = NULL;
       return rc;
     }
-  
+
   return 0;
 }
 
@@ -160,7 +160,7 @@ encode_session_key (DEK dek, gcry_sexp_t * r_data)
   rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
   xfree (p);
   *r_data = data;
-  return rc;    
+  return rc;
 }
 
 
@@ -210,7 +210,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
   rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
   gcry_sexp_release (s_data);
   gcry_sexp_release (s_pkey);
-  
+
   /* Reformat it. */
   rc = make_canon_sexp (s_ciph, encval, NULL);
   gcry_sexp_release (s_ciph);
@@ -237,7 +237,7 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
 
   if (count < blklen)
     BUG ();
-     
+
   if (!parm->eof_seen)
     { /* fillup the buffer */
       p = parm->buffer;
@@ -252,13 +252,13 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
                   return -1;
                 }
               parm->eof_seen = 1;
-              break; 
+              break;
             }
           p[n] = c;
         }
       parm->buflen = n;
     }
-  
+
   n = parm->buflen < count? parm->buflen : count;
   n = n/blklen * blklen;
   if (n)
@@ -287,7 +287,7 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
 
 
 
-/* Perform an encrypt operation.  
+/* Perform an encrypt operation.
 
    Encrypt the data received on DATA-FD and write it to OUT_FP.  The
    recipients are take from the certificate given in recplist; if this
@@ -400,7 +400,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
     }
 
   /* Create a session key */
-  dek = xtrycalloc_secure (1, sizeof *dek); 
+  dek = xtrycalloc_secure (1, sizeof *dek);
   if (!dek)
     rc = out_of_core ();
   else
@@ -433,7 +433,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
       rc = out_of_core ();
       goto leave;
     }
-  
+
   audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid);
 
   /* Gather certificates of recipients, encrypt the session key for
@@ -441,7 +441,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
   for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
     {
       unsigned char *encval;
-      
+
       rc = encrypt_dek (dek, cl->cert, &encval);
       if (rc)
         {
@@ -450,7 +450,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
                      recpno, gpg_strerror (rc));
           goto leave;
         }
-      
+
       err = ksba_cms_add_recipient (cms, cl->cert);
       if (err)
         {
@@ -461,7 +461,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
           xfree (encval);
           goto leave;
         }
-      
+
       err = ksba_cms_set_enc_val (cms, recpno, encval);
       xfree (encval);
       audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
@@ -476,7 +476,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
 
   /* Main control loop for encryption. */
   recpno = 0;
-  do 
+  do
     {
       err = ksba_cms_build (cms, &stopreason);
       if (err)
@@ -486,7 +486,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
           goto leave;
         }
     }
-  while (stopreason != KSBA_SR_READY);   
+  while (stopreason != KSBA_SR_READY);
 
   if (encparm.readerror)
     {
@@ -497,7 +497,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
 
 
   rc = gpgsm_finish_writer (b64writer);
-  if (rc) 
+  if (rc)
     {
       log_error ("write failed: %s\n", gpg_strerror (rc));
       goto leave;
@@ -509,7 +509,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
   ksba_cms_release (cms);
   gpgsm_destroy_writer (b64writer);
   ksba_reader_release (reader);
-  keydb_release (kh); 
+  keydb_release (kh);
   xfree (dek);
   es_fclose (data_fp);
   xfree (encparm.buffer);
diff --git a/sm/export.c b/sm/export.c
index f76ed8f01..7884adff3 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -78,7 +78,7 @@ destroy_duptable (duptable_t *table)
 
   if (table)
     {
-      for (idx=0; idx < DUPTABLE_SIZE; idx++) 
+      for (idx=0; idx < DUPTABLE_SIZE; idx++)
         for (t = table[idx]; t; t = t2)
           {
             t2 = t->next;
@@ -95,15 +95,15 @@ insert_duptable (duptable_t *table, unsigned char *fpr, int *exists)
 {
   size_t idx;
   duptable_t t;
-  
+
   *exists = 0;
   idx = fpr[0];
 #if DUPTABLE_BITS > 16 || DUPTABLE_BITS < 8
 #error cannot handle a table larger than 16 bits or smaller than 8 bits
 #elif DUPTABLE_BITS > 8
-  idx <<= (DUPTABLE_BITS - 8);  
-  idx |= (fpr[1] & ~(~0 << 4)); 
-#endif  
+  idx <<= (DUPTABLE_BITS - 8);
+  idx |= (fpr[1] & ~(~0 << 4));
+#endif
 
   for (t = table[idx]; t; t = t->next)
     if (!memcmp (t->fpr, fpr+1, 19))
@@ -141,7 +141,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
   int i;
   duptable_t *dtable;
 
-  
+
   dtable = create_duptable ();
   if (!dtable)
     {
@@ -160,7 +160,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
     ndesc = 1;
   else
     {
-      for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++) 
+      for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
         ;
     }
 
@@ -174,9 +174,9 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
 
   if (!names)
     desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
-  else 
+  else
     {
-      for (ndesc=0, sl=names; sl; sl = sl->next) 
+      for (ndesc=0, sl=names; sl; sl = sl->next)
         {
           rc = classify_user_id (sl->d, desc+ndesc);
           if (rc)
@@ -204,17 +204,17 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
       if (i == ndesc)
         keydb_set_ephemeral (hd, 1);
     }
-      
+
   while (!(rc = keydb_search (hd, desc, ndesc)))
     {
       unsigned char fpr[20];
       int exists;
 
-      if (!names) 
+      if (!names)
         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
 
       rc = keydb_get_cert (hd, &cert);
-      if (rc) 
+      if (rc)
         {
           log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
           goto leave;
@@ -281,7 +281,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
             {
               /* We want one certificate per PEM block */
               rc = gpgsm_finish_writer (b64writer);
-              if (rc) 
+              if (rc)
                 {
                   log_error ("write failed: %s\n", gpg_strerror (rc));
                   goto leave;
@@ -291,7 +291,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
             }
         }
 
-      ksba_cert_release (cert); 
+      ksba_cert_release (cert);
       cert = NULL;
     }
   if (rc && rc != -1)
@@ -299,13 +299,13 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
   else if (b64writer)
     {
       rc = gpgsm_finish_writer (b64writer);
-      if (rc) 
+      if (rc)
         {
           log_error ("write failed: %s\n", gpg_strerror (rc));
           goto leave;
         }
     }
-  
+
  leave:
   gpgsm_destroy_writer (b64writer);
   ksba_cert_release (cert);
@@ -361,13 +361,13 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
   if (!err)
     {
       err = keydb_get_cert (hd, &cert);
-      if (err) 
+      if (err)
         {
           log_error ("keydb_get_cert failed: %s\n", gpg_strerror (err));
           goto leave;
         }
 
-    next_ambiguous:      
+    next_ambiguous:
       err = keydb_search (hd, desc, 1);
       if (!err)
         {
@@ -393,7 +393,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
           goto leave;
         }
     }
-      
+
   keygrip = gpgsm_get_keygrip_hexstring (cert);
   if (!keygrip || gpgsm_agent_havekey (ctrl, keygrip))
     {
@@ -402,7 +402,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
       log_error ("can't export key `%s': %s\n", name, gpg_strerror (err));
       goto leave;
     }
-  
+
   image = ksba_cert_get_image (cert, &imagelen);
   if (!image)
     {
@@ -447,7 +447,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
     {
       /* We want one certificate per PEM block */
       err = gpgsm_finish_writer (b64writer);
-      if (err) 
+      if (err)
         {
           log_error ("write failed: %s\n", gpg_strerror (err));
           goto leave;
@@ -455,8 +455,8 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
       gpgsm_destroy_writer (b64writer);
       b64writer = NULL;
     }
-  
-  ksba_cert_release (cert); 
+
+  ksba_cert_release (cert);
   cert = NULL;
 
  leave:
@@ -479,19 +479,19 @@ print_short_info (ksba_cert_t cert, estream_t stream)
     {
       es_fputs ((!idx
                  ?   "Issuer ...: "
-                 : "\n   aka ...: "), stream); 
+                 : "\n   aka ...: "), stream);
       gpgsm_es_print_name (stream, p);
       xfree (p);
     }
   es_putc ('\n', stream);
 
-  es_fputs ("Serial ...: ", stream); 
+  es_fputs ("Serial ...: ", stream);
   sexp = ksba_cert_get_serial (cert);
   if (sexp)
     {
       int len;
       const unsigned char *s = sexp;
-      
+
       if (*s == '(')
         {
           s++;
@@ -508,7 +508,7 @@ print_short_info (ksba_cert_t cert, estream_t stream)
     {
       es_fputs ((!idx
                  ?   "Subject ..: "
-                 : "\n    aka ..: "), stream); 
+                 : "\n    aka ..: "), stream);
       gpgsm_es_print_name (stream, p);
       xfree (p);
     }
@@ -533,7 +533,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
 
   list = gcry_sexp_find_token (sexp, "private-key", 0 );
   if(!list)
-    return NULL; 
+    return NULL;
   l2 = gcry_sexp_cadr (list);
   gcry_sexp_release (list);
   list = l2;
@@ -552,7 +552,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
       gcry_sexp_release (list);
       return NULL;
     }
-  for (idx=0, s=elems; *s; s++, idx++ ) 
+  for (idx=0, s=elems; *s; s++, idx++ )
     {
       if (*s == '-')
         continue; /* Computed below  */
@@ -575,11 +575,11 @@ sexp_to_kparms (gcry_sexp_t sexp)
 
   array[5] = gcry_mpi_snew (0);  /* compute d mod (q-1) */
   gcry_mpi_sub_ui (array[5], array[3], 1);
-  gcry_mpi_mod (array[5], array[2], array[5]);   
+  gcry_mpi_mod (array[5], array[2], array[5]);
 
   array[6] = gcry_mpi_snew (0);  /* compute d mod (p-1) */
   gcry_mpi_sub_ui (array[6], array[4], 1);
-  gcry_mpi_mod (array[6], array[3], array[6]);   
+  gcry_mpi_mod (array[6], array[3], array[6]);
 
   return array;
 }
@@ -616,7 +616,7 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
     }
 
   /* Receive the wrapped key from the agent.  */
-  err = gpgsm_agent_export_key (ctrl, keygrip, prompt, 
+  err = gpgsm_agent_export_key (ctrl, keygrip, prompt,
                                 &wrappedkey, &wrappedkeylen);
   if (err)
     goto leave;
@@ -669,8 +669,8 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
       log_error ("error converting key parameters\n");
       err = GPG_ERR_BAD_SECKEY;
       goto leave;
-    } 
-    
+    }
+
   err = gpgsm_agent_ask_passphrase
     (ctrl,
      i18n_utf8 ("Please enter the passphrase to protect the "
@@ -685,7 +685,7 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
   passphrase = NULL;
   if (!result)
     err = gpg_error (GPG_ERR_GENERAL);
-  
+
  leave:
   xfree (key);
   gcry_sexp_release (s_skey);
@@ -698,7 +698,7 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
   gcry_cipher_close (cipherhd);
   xfree (wrappedkey);
   xfree (kek);
-  
+
   if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
     {
       /* During export this is the passphrase used to unprotect the
@@ -719,4 +719,3 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
     }
   return err;
 }
-
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index 4704f5972..b0c7608cf 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -22,7 +22,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -37,7 +37,7 @@
    allocates the array.  If r_len is not NULL, the length of the
    digest is returned; well, this can also be done by using
    gcry_md_get_algo_dlen().  If algo is 0, a SHA-1 will be used.
-   
+
    If there is a problem , the function does never return NULL but a
    digest of all 0xff.
  */
@@ -47,7 +47,7 @@ gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
 {
   gcry_md_hd_t md;
   int rc, len;
-  
+
   if (!algo)
     algo = GCRY_MD_SHA1;
 
@@ -65,7 +65,7 @@ gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
       size_t buflen;
 
       assert (len >= 20);
-      if (!ksba_cert_get_user_data (cert, "sha1-fingerprint", 
+      if (!ksba_cert_get_user_data (cert, "sha1-fingerprint",
                                     array, len, &buflen)
           && buflen == 20)
         return array;
@@ -165,7 +165,7 @@ gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array)
   int rc;
   ksba_sexp_t p;
   size_t n;
-  
+
   p = ksba_cert_get_public_key (cert);
   if (!p)
     return NULL; /* oops */
@@ -234,7 +234,7 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
 
   p = ksba_cert_get_public_key (cert);
   if (!p)
-    return 0; 
+    return 0;
   n = gcry_sexp_canon_len (p, 0, NULL, NULL);
   if (!n)
     {
@@ -282,7 +282,7 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
    serial number for this.  In most cases the serial number is not
    that large and the resulting string can be passed on an assuan
    command line.  Everything is hexencoded with the serialnumber
-   delimited from the hash by a dot. 
+   delimited from the hash by a dot.
 
    The caller must free the string.
 */
@@ -296,7 +296,7 @@ gpgsm_get_certid (ksba_cert_t cert)
   unsigned long n;
   char *certid;
   int i;
-  
+
   p = ksba_cert_get_issuer (cert, 0);
   if (!p)
     return NULL; /* Ooops: No issuer */
@@ -341,7 +341,3 @@ gpgsm_get_certid (ksba_cert_t cert)
   xfree (serial);
   return certid;
 }
-
-
-
-
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index f3718ae9f..c6732fce9 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1,4 +1,4 @@
-/* gpgsm.c - GnuPG for S/MIME 
+/* gpgsm.c - GnuPG for S/MIME
  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
  *               2010  Free Software Foundation, Inc.
  *
@@ -72,7 +72,7 @@ enum cmd_and_opt_values {
   aRecvKeys,
   aExport,
   aExportSecretKeyP12,
-  aServer,                        
+  aServer,
   aLearnCard,
   aCallDirmngr,
   aCallProtectTool,
@@ -140,7 +140,7 @@ enum cmd_and_opt_values {
   oDisablePolicyChecks,
   oEnablePolicyChecks,
   oAutoIssuerKeyRetrieve,
-  
+
   oWithFingerprint,
   oWithMD5Fingerprint,
   oWithKeygrip,
@@ -194,22 +194,22 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
   ARGPARSE_c (aVerify, "verify",  N_("verify a signature")),
   ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
-  ARGPARSE_c (aListExternalKeys, "list-external-keys", 
+  ARGPARSE_c (aListExternalKeys, "list-external-keys",
               N_("list external keys")),
   ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
-  ARGPARSE_c (aListChain,   "list-chain",  N_("list certificate chain")), 
+  ARGPARSE_c (aListChain,   "list-chain",  N_("list certificate chain")),
   ARGPARSE_c (aFingerprint, "fingerprint", N_("list keys and fingerprints")),
   ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")),
-  ARGPARSE_c (aDeleteKey, "delete-keys", 
+  ARGPARSE_c (aDeleteKey, "delete-keys",
               N_("remove keys from the public keyring")),
   ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")),
   ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),
   ARGPARSE_c (aImport, "import", N_("import certificates")),
   ARGPARSE_c (aExport, "export", N_("export certificates")),
-  ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"), 
+  ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"),
   ARGPARSE_c (aLearnCard, "learn-card", N_("register a smartcard")),
   ARGPARSE_c (aServer, "server", N_("run in server mode")),
-  ARGPARSE_c (aCallDirmngr, "call-dirmngr", 
+  ARGPARSE_c (aCallDirmngr, "call-dirmngr",
               N_("pass a command to the dirmngr")),
   ARGPARSE_c (aCallProtectTool, "call-protect-tool",
               N_("invoke gpg-protect-tool")),
@@ -232,23 +232,23 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_s (oP12Charset, "p12-charset", "@"),
 
-  ARGPARSE_s_n (oAssumeArmor, "assume-armor", 
+  ARGPARSE_s_n (oAssumeArmor, "assume-armor",
                 N_("assume input is in PEM format")),
   ARGPARSE_s_n (oAssumeBase64, "assume-base64",
                 N_("assume input is in base-64 format")),
-  ARGPARSE_s_n (oAssumeBinary, "assume-binary", 
+  ARGPARSE_s_n (oAssumeBinary, "assume-binary",
                 N_("assume input is in binary format")),
 
   ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
 
   ARGPARSE_s_n (oPreferSystemDirmngr,"prefer-system-dirmngr", "@"),
 
-  ARGPARSE_s_n (oDisableCRLChecks, "disable-crl-checks", 
+  ARGPARSE_s_n (oDisableCRLChecks, "disable-crl-checks",
                 N_("never consult a CRL")),
   ARGPARSE_s_n (oEnableCRLChecks, "enable-crl-checks", "@"),
   ARGPARSE_s_n (oDisableTrustedCertCRLCheck,
                 "disable-trusted-cert-crl-check", "@"),
-  ARGPARSE_s_n (oEnableTrustedCertCRLCheck, 
+  ARGPARSE_s_n (oEnableTrustedCertCRLCheck,
                 "enable-trusted-cert-crl-check", "@"),
 
   ARGPARSE_s_n (oForceCRLRefresh, "force-crl-refresh", "@"),
@@ -258,7 +258,7 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_s (oValidationModel, "validation-model", "@"),
 
-  ARGPARSE_s_i (oIncludeCerts, "include-certs", 
+  ARGPARSE_s_i (oIncludeCerts, "include-certs",
                 N_("|N|number of certificates to include") ),
 
   ARGPARSE_s_s (oPolicyFile, "policy-file",
@@ -286,7 +286,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoLogFile, "no-log-file", "@"),
   ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
 
-  ARGPARSE_s_s (oAuditLog, "audit-log", 
+  ARGPARSE_s_s (oAuditLog, "audit-log",
                 N_("|FILE|write an audit log to FILE")),
   ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
   ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
@@ -325,12 +325,12 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_i (oStatusFD, "status-fd",
                 N_("|FD|write status info to this FD")),
 
-  ARGPARSE_s_s (oCipherAlgo, "cipher-algo", 
+  ARGPARSE_s_s (oCipherAlgo, "cipher-algo",
                 N_("|NAME|use cipher algorithm NAME")),
   ARGPARSE_s_s (oDigestAlgo, "digest-algo",
                 N_("|NAME|use message digest algorithm NAME")),
   ARGPARSE_s_s (oExtraDigestAlgo, "extra-digest-algo", "@"),
-    
+
 
   ARGPARSE_group (302, N_(
   "@\n(See the man page for a complete listing of all commands and options)\n"
@@ -346,13 +346,13 @@ static ARGPARSE_OPTS opts[] = {
   /* Hidden options. */
   ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
   ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
-  ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"), 
+  ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
   ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
   ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
   ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
   ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
   ARGPARSE_s_n (oNoOptions, "no-options", "@"),
-  ARGPARSE_s_s (oHomedir, "homedir", "@"),   
+  ARGPARSE_s_s (oHomedir, "homedir", "@"),
   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
   ARGPARSE_s_s (oDisplay,    "display", "@"),
   ARGPARSE_s_s (oTTYname,    "ttyname", "@"),
@@ -381,11 +381,11 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
 
   /* Command aliases.  */
-  ARGPARSE_c (aListKeys, "list-key", "@"),  
-  ARGPARSE_c (aListChain, "list-sig", "@"), 
-  ARGPARSE_c (aListChain, "list-sigs", "@"), 
-  ARGPARSE_c (aListChain, "check-sig", "@"), 
-  ARGPARSE_c (aListChain, "check-sigs", "@"), 
+  ARGPARSE_c (aListKeys, "list-key", "@"),
+  ARGPARSE_c (aListChain, "list-sig", "@"),
+  ARGPARSE_c (aListChain, "list-sigs", "@"),
+  ARGPARSE_c (aListChain, "check-sig", "@"),
+  ARGPARSE_c (aListChain, "check-sigs", "@"),
   ARGPARSE_c (aDeleteKey, "delete-key", "@"),
 
   ARGPARSE_end ()
@@ -409,7 +409,7 @@ static int allow_special_filenames;
 
 /* Default value for include-certs.  We need an extra macro for
    gpgconf-list because the variable will be changed by the command
-   line option.  
+   line option.
 
    It is often cumbersome to locate intermediate certificates, thus by
    default we include all certificates in the chain.  However we leave
@@ -418,7 +418,7 @@ static int allow_special_filenames;
    should be installed only after due checks and thus it won't help to
    send it along with each message.  */
 #define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */
-static int default_include_certs = DEFAULT_INCLUDE_CERTS; 
+static int default_include_certs = DEFAULT_INCLUDE_CERTS;
 
 /* Whether the chain mode shall be used for validation.  */
 static int default_validation_model;
@@ -500,7 +500,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
 {
   const char *s;
   char *result;
-  
+
   if (maybe_setuid)
     {
       gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
@@ -568,7 +568,7 @@ my_strusage( int level )
         digests = build_list("Hash: ", gcry_md_algo_name, our_md_test_algo );
       p = digests;
       break;
-     
+
     default: p = NULL; break;
     }
   return p;
@@ -581,7 +581,7 @@ build_list (const char *text, const char * (*mapf)(int), int (*chkf)(int))
   int i;
   size_t n=strlen(text)+2;
   char *list, *p;
-  
+
   if (maybe_setuid) {
     gcry_control (GCRYCTL_DROP_PRIVS); /* drop setuid */
   }
@@ -635,7 +635,7 @@ static void
 set_opt_session_env (const char *name, const char *value)
 {
   gpg_error_t err;
-  
+
   err = session_env_setenv (opt.session_env, name, value);
   if (err)
     log_fatal ("error setting session environment: %s\n",
@@ -670,7 +670,7 @@ set_debug (void)
       /* Unless the "guru" string has been used we don't want to allow
          hashing debugging.  The rationale is that people tend to
          select the highest debug value and would then clutter their
-         disk with debug files which may reveal confidential data.  */ 
+         disk with debug files which may reveal confidential data.  */
       if (numok)
         opt.debug &= ~(DBG_HASHING_VALUE);
     }
@@ -695,16 +695,16 @@ set_debug (void)
 
   if (opt.debug)
     log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n",
-              (opt.debug & DBG_X509_VALUE   )? " x509":"",    
-              (opt.debug & DBG_MPI_VALUE    )? " mpi":"",    
-              (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", 
-              (opt.debug & DBG_MEMORY_VALUE )? " memory":"", 
-              (opt.debug & DBG_CACHE_VALUE  )? " cache":"", 
-              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", 
-              (opt.debug & DBG_HASHING_VALUE)? " hashing":"", 
+              (opt.debug & DBG_X509_VALUE   )? " x509":"",
+              (opt.debug & DBG_MPI_VALUE    )? " mpi":"",
+              (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
+              (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+              (opt.debug & DBG_CACHE_VALUE  )? " cache":"",
+              (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
+              (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
               (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" );
 }
- 
+
 
 
 static void
@@ -721,7 +721,7 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
   else if ( (cmd == aSign && new_cmd == aClearsign)
             || (cmd == aClearsign && new_cmd == aSign) )
     cmd = aClearsign;
-  else 
+  else
     {
       log_error(_("conflicting commands\n"));
       gpgsm_exit(2);
@@ -813,39 +813,39 @@ parse_keyserver_line (char *line,
 	      fail = 1;
 	    }
 	  break;
-          
+
 	case 2:
 	  if (*p)
 	    server->port = atoi (p);
 	  break;
-	  
+
 	case 3:
 	  if (*p)
 	    server->user = xstrdup (p);
 	  break;
-	  
+
 	case 4:
 	  if (*p && !server->user)
 	    {
-	      log_error (_("%s:%u: password given without user\n"), 
+	      log_error (_("%s:%u: password given without user\n"),
 			 filename, lineno);
 	      fail = 1;
 	    }
 	  else if (*p)
 	    server->pass = xstrdup (p);
 	  break;
-	  
+
 	case 5:
 	  if (*p)
 	    server->base = xstrdup (p);
 	  break;
-	  
+
 	default:
 	  /* (We silently ignore extra fields.) */
 	  break;
 	}
     }
-  
+
   if (fail)
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
@@ -916,7 +916,7 @@ main ( int argc, char **argv)
   /* Check that the libraries are suitable.  Do it here because the
      option parse may need services of the library */
   if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
-    log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", 
+    log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
                NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
   if (!ksba_check_version (NEED_KSBA_VERSION) )
     log_fatal (_("%s is too old (need %s, have %s)\n"), "libksba",
@@ -926,9 +926,9 @@ main ( int argc, char **argv)
   gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
 
   may_coredump = disable_core_dumps ();
-  
+
   gnupg_init_signals (0, emergency_cleanup);
-  
+
   create_dotlock (NULL); /* register locking cleanup */
 
   opt.session_env = session_env_new ();
@@ -938,11 +938,11 @@ main ( int argc, char **argv)
 
   /* Note: If you change this default cipher algorithm , please
      remember to update the Gpgconflist entry as well.  */
-  opt.def_cipher_algoid = DEFAULT_CIPHER_ALGO; 
+  opt.def_cipher_algoid = DEFAULT_CIPHER_ALGO;
 
   opt.homedir = default_homedir ();
 
- 
+
   /* First check whether we have a config file on the commandline */
   orig_argc = argc;
   orig_argv = argv;
@@ -967,14 +967,14 @@ main ( int argc, char **argv)
         break; /* This break makes sure that --version and --help are
                   passed to the protect-tool. */
     }
-  
-  
+
+
   /* Initialize the secure memory. */
   gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
   maybe_setuid = 0;
 
-  /* 
-     Now we are now working under our real uid 
+  /*
+     Now we are now working under our real uid
   */
 
   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
@@ -1000,7 +1000,7 @@ main ( int argc, char **argv)
     configname = make_filename (opt.homedir, "gpgsm.conf", NULL);
   /* Set the default policy file */
   opt.policy_file = make_filename (opt.homedir, "policies.txt", NULL);
-  
+
   argc        = orig_argc;
   argv        = orig_argv;
   pargs.argc  = &argc;
@@ -1018,7 +1018,7 @@ main ( int argc, char **argv)
             if (parse_debug)
               log_info (_("NOTE: no default option file `%s'\n"), configname);
           }
-        else 
+        else
           {
             log_error (_("option file `%s': %s\n"), configname, strerror(errno));
             gpgsm_exit(2);
@@ -1031,19 +1031,19 @@ main ( int argc, char **argv)
     default_config = 0;
   }
 
-  while (!no_more_options 
+  while (!no_more_options
          && optfile_parse (configfp, configname, &configlineno, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
-	case aGPGConfList: 
-	case aGPGConfTest: 
+	case aGPGConfList:
+	case aGPGConfTest:
           set_cmd (&cmd, pargs.r_opt);
           do_not_setup_keys = 1;
           nogreeting = 1;
           break;
 
-        case aServer: 
+        case aServer:
           opt.batch = 1;
           set_cmd (&cmd, aServer);
           break;
@@ -1060,7 +1060,7 @@ main ( int argc, char **argv)
           no_more_options = 1; /* Stop parsing. */
           do_not_setup_keys = 1;
           break;
-        
+
         case aDeleteKey:
           set_cmd (&cmd, aDeleteKey);
           /*greeting=1;*/
@@ -1069,45 +1069,45 @@ main ( int argc, char **argv)
 
         case aDetachedSign:
           detached_sig = 1;
-          set_cmd (&cmd, aSign ); 
+          set_cmd (&cmd, aSign );
           break;
 
         case aKeygen:
           set_cmd (&cmd, aKeygen);
-          greeting=1; 
+          greeting=1;
           do_not_setup_keys = 1;
           break;
 
-        case aImport: 
-        case aSendKeys: 
-        case aRecvKeys: 
-        case aExport: 
-        case aExportSecretKeyP12: 
+        case aImport:
+        case aSendKeys:
+        case aRecvKeys:
+        case aExport:
+        case aExportSecretKeyP12:
         case aDumpKeys:
         case aDumpChain:
-        case aDumpExternalKeys: 
-        case aDumpSecretKeys: 
+        case aDumpExternalKeys:
+        case aDumpSecretKeys:
         case aListKeys:
-        case aListExternalKeys: 
-        case aListSecretKeys: 
-        case aListChain: 
-        case aLearnCard: 
-        case aPasswd: 
+        case aListExternalKeys:
+        case aListSecretKeys:
+        case aListChain:
+        case aLearnCard:
+        case aPasswd:
         case aKeydbClearSomeCertFlags:
           do_not_setup_keys = 1;
           set_cmd (&cmd, pargs.r_opt);
           break;
 
-        case aEncr: 
+        case aEncr:
           recp_required = 1;
           set_cmd (&cmd, pargs.r_opt);
           break;
 
         case aSym:
-        case aDecrypt: 
-        case aSign: 
-        case aClearsign: 
-        case aVerify: 
+        case aDecrypt:
+        case aSign:
+        case aClearsign:
+        case aVerify:
           set_cmd (&cmd, pargs.r_opt);
           break;
 
@@ -1115,15 +1115,15 @@ main ( int argc, char **argv)
         case oArmor:
           ctrl.create_pem = 1;
           break;
-        case oBase64: 
+        case oBase64:
           ctrl.create_pem = 0;
           ctrl.create_base64 = 1;
           break;
-        case oNoArmor: 
+        case oNoArmor:
           ctrl.create_pem = 0;
           ctrl.create_base64 = 0;
           break;
-          
+
         case oP12Charset:
           opt.p12_charset = pargs.r.ret_str;
           break;
@@ -1168,8 +1168,8 @@ main ( int argc, char **argv)
           ctrl.use_ocsp = opt.enable_ocsp = 1;
           break;
 
-        case oIncludeCerts: 
-          ctrl.include_certs = default_include_certs = pargs.r.ret_int; 
+        case oIncludeCerts:
+          ctrl.include_certs = default_include_certs = pargs.r.ret_int;
           break;
 
         case oPolicyFile:
@@ -1186,14 +1186,14 @@ main ( int argc, char **argv)
         case oEnablePolicyChecks:
           opt.no_policy_check = 0;
           break;
-          
+
         case oAutoIssuerKeyRetrieve:
           opt.auto_issuer_key_retrieve = 1;
           break;
 
         case oOutput: opt.outfile = pargs.r.ret_str; break;
 
-        
+
         case oQuiet: opt.quiet = 1; break;
         case oNoTTY: /* fixme:tty_no_terminal(1);*/ break;
         case oDryRun: opt.dry_run = 1; break;
@@ -1208,17 +1208,17 @@ main ( int argc, char **argv)
           break;
 
         case oLogFile: logfile = pargs.r.ret_str; break;
-        case oNoLogFile: logfile = NULL; break;          
+        case oNoLogFile: logfile = NULL; break;
 
         case oAuditLog: auditlog = pargs.r.ret_str; break;
         case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break;
 
-        case oBatch: 
+        case oBatch:
           opt.batch = 1;
           greeting = 0;
           break;
         case oNoBatch: opt.batch = 0; break;
-          
+
         case oAnswerYes: opt.answer_yes = 1; break;
         case oAnswerNo: opt.answer_no = 1; break;
 
@@ -1283,12 +1283,12 @@ main ( int argc, char **argv)
         case oDisableDirmngr: opt.disable_dirmngr = 1;  break;
         case oPreferSystemDirmngr: /* Obsolete */; break;
         case oProtectToolProgram:
-          opt.protect_tool_program = pargs.r.ret_str; 
+          opt.protect_tool_program = pargs.r.ret_str;
           break;
-          
+
         case oFakedSystemTime:
           {
-            time_t faked_time = isotime2epoch (pargs.r.ret_str); 
+            time_t faked_time = isotime2epoch (pargs.r.ret_str);
             if (faked_time == (time_t)(-1))
               faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
             gnupg_set_time (faked_time, 0);
@@ -1344,20 +1344,20 @@ main ( int argc, char **argv)
           break;
 
         case oNoSecmemWarn:
-          gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); 
+          gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
           break;
 
         case oCipherAlgo:
           opt.def_cipher_algoid = pargs.r.ret_str;
           break;
 
-        case oDisableCipherAlgo: 
+        case oDisableCipherAlgo:
           {
             int algo = gcry_cipher_map_name (pargs.r.ret_str);
             gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
           }
           break;
-        case oDisablePubkeyAlgo: 
+        case oDisablePubkeyAlgo:
           {
             int algo = gcry_pk_map_name (pargs.r.ret_str);
             gcry_pk_ctl (GCRYCTL_DISABLE_ALGO,&algo, sizeof algo );
@@ -1368,7 +1368,7 @@ main ( int argc, char **argv)
           forced_digest_algo = pargs.r.ret_str;
           break;
 
-        case oExtraDigestAlgo: 
+        case oExtraDigestAlgo:
           extra_digest_algo = pargs.r.ret_str;
           break;
 
@@ -1402,8 +1402,8 @@ main ( int argc, char **argv)
           add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str);
           break;
 
-        default: 
-          pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; 
+        default:
+          pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
           break;
 	}
     }
@@ -1432,7 +1432,7 @@ main ( int argc, char **argv)
 
   if (nogreeting)
     greeting = 0;
-  
+
   if (greeting)
     {
       es_fprintf (es_stderr, "%s %s; %s\n",
@@ -1471,7 +1471,7 @@ main ( int argc, char **argv)
       dump_isotime (tbuf);
       log_printf ("\n");
     }
-  
+
 /*FIXME    if (opt.batch) */
 /*      tty_batchmode (1); */
 
@@ -1509,7 +1509,7 @@ main ( int argc, char **argv)
     opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.42";
   else if (!strcmp (opt.def_cipher_algoid, "SEED") )
     opt.def_cipher_algoid = "1.2.410.200004.1.4";
-  else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA") 
+  else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA")
            || !strcmp (opt.def_cipher_algoid, "CAMELLIA128") )
     opt.def_cipher_algoid = "1.2.392.200011.61.1.1.1.2";
   else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA192") )
@@ -1539,18 +1539,18 @@ main ( int argc, char **argv)
 
   if (log_get_errorcount(0))
     gpgsm_exit(2);
-  
+
   /* Set the random seed file. */
-  if (use_random_seed) 
+  if (use_random_seed)
     {
       char *p = make_filename (opt.homedir, "random_seed", NULL);
       gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
       xfree(p);
     }
-  
+
   if (!cmd && opt.fingerprint && !with_fpr)
     set_cmd (&cmd, aListKeys);
-  
+
   /* Add default keybox. */
   if (!nrings && default_keyring)
     {
@@ -1561,7 +1561,7 @@ main ( int argc, char **argv)
         {
           /* Import the standard certificates for a new default keybox. */
           char *filelist[2];
-          
+
           filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL);
           filelist[1] = NULL;
           if (!access (filelist[0], F_OK))
@@ -1583,7 +1583,7 @@ main ( int argc, char **argv)
     {
       switch (cmd)
         {
-        case aEncr: 
+        case aEncr:
         case aSign:
         case aDecrypt:
         case aVerify:
@@ -1615,7 +1615,7 @@ main ( int argc, char **argv)
                              get_inv_recpsgnr_code (rc), sl->d, NULL);
             }
         }
-      
+
       /* Build the recipient list.  We first add the regular ones and then
          the encrypt-to ones because the underlying function will silently
          ignore duplicates and we can't allow to keep a duplicate which is
@@ -1634,13 +1634,13 @@ main ( int argc, char **argv)
 
   if (log_get_errorcount(0))
     gpgsm_exit(1); /* Must stop for invalid recipients. */
-  
+
   fname = argc? *argv : NULL;
-  
+
   /* Dispatch command.  */
   switch (cmd)
     {
-    case aGPGConfList: 
+    case aGPGConfList:
       { /* List options and default values in the GPG Conf format.  */
 	char *config_filename_esc = percent_escape (opt.config_filename, NULL);
 
@@ -1709,7 +1709,7 @@ main ( int argc, char **argv)
         set_binary (stdin);
 
         if (!argc) /* Source is stdin. */
-          gpgsm_encrypt (&ctrl, recplist, 0, fp); 
+          gpgsm_encrypt (&ctrl, recplist, 0, fp);
         else if (argc == 1)  /* Source is the given file. */
           gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
         else
@@ -1727,17 +1727,17 @@ main ( int argc, char **argv)
            signing because that is what gpg does.*/
         set_binary (stdin);
         if (!argc) /* Create from stdin. */
-          gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp); 
+          gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
         else if (argc == 1) /* From file. */
           gpgsm_sign (&ctrl, signerlist,
-                      open_read (*argv), detached_sig, fp); 
+                      open_read (*argv), detached_sig, fp);
         else
           wrong_args ("--sign [datafile]");
 
         es_fclose (fp);
       }
       break;
-        
+
     case aSignEncr: /* sign and encrypt the given file */
       log_error ("this command has not yet been implemented\n");
       break;
@@ -1761,7 +1761,7 @@ main ( int argc, char **argv)
         else if (argc == 1)
           gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */
         else if (argc == 2) /* detached signature (sig, detached) */
-          gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL); 
+          gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
         else
           wrong_args ("--verify [signature [detached_data]]");
 
@@ -1809,7 +1809,7 @@ main ( int argc, char **argv)
           {
           case aListChain:
           case aListKeys:         mode = (0   | 0 | (1<<6)); break;
-          case aDumpChain: 
+          case aDumpChain:
           case aDumpKeys:         mode = (256 | 0 | (1<<6)); break;
           case aListExternalKeys: mode = (0   | 0 | (1<<7)); break;
           case aDumpExternalKeys: mode = (256 | 0 | (1<<7)); break;
@@ -1836,13 +1836,13 @@ main ( int argc, char **argv)
         if (opt.batch)
           {
             if (!argc) /* Create from stdin. */
-              fpin = open_es_fread ("-", "r"); 
+              fpin = open_es_fread ("-", "r");
             else if (argc == 1) /* From file. */
-              fpin = open_es_fread (*argv, "r"); 
+              fpin = open_es_fread (*argv, "r");
             else
               wrong_args ("--gen-key --batch [parmfile]");
           }
-        
+
         fpout = open_es_fwrite (opt.outfile?opt.outfile:"-");
 
         if (fpin)
@@ -1884,7 +1884,7 @@ main ( int argc, char **argv)
           es_fclose (fp);
       }
       break;
-      
+
     case aSendKeys:
     case aRecvKeys:
       log_error ("this command has not yet been implemented\n");
@@ -1916,7 +1916,7 @@ main ( int argc, char **argv)
             ;
           else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
             rc = gpg_error (GPG_ERR_BUG);
-          else 
+          else
             {
               char *desc = gpgsm_format_keydesc (cert);
               rc = gpgsm_agent_passwd (&ctrl, grip, desc);
@@ -1954,7 +1954,7 @@ main ( int argc, char **argv)
       es_fclose (auditfp);
       es_fclose (htmlauditfp);
     }
-  
+
   /* cleanup */
   keyserver_list_free (opt.keyserver);
   opt.keyserver = NULL;
@@ -2002,7 +2002,7 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl)
 
 int
 gpgsm_parse_validation_model (const char *model)
-{     
+{
   if (!ascii_strcasecmp (model, "shell") )
     return 0;
   else if ( !ascii_strcasecmp (model, "chain") )
@@ -2020,11 +2020,11 @@ check_special_filename (const char *fname, int for_write)
   if (allow_special_filenames
       && fname && *fname == '-' && fname[1] == '&' ) {
     int i;
-    
+
     fname += 2;
     for (i=0; isdigit (fname[i]); i++ )
       ;
-    if ( !fname[i] ) 
+    if ( !fname[i] )
       return translate_sys2libc_fd_int (atoi (fname), for_write);
   }
   return -1;
@@ -2035,7 +2035,7 @@ check_special_filename (const char *fname, int for_write)
 /* Open the FILENAME for read and return the file descriptor.  Stop
    with an error message in case of problems.  "-" denotes stdin and
    if special filenames are allowed the given fd is opened instead.  */
-static int 
+static int
 open_read (const char *filename)
 {
   int fd;
@@ -2146,7 +2146,7 @@ run_protect_tool (int argc, char **argv)
   for (i=1; argc; i++, argc--, argv++)
     av[i] = *argv;
   av[i] = NULL;
-  execv (pgm, av); 
+  execv (pgm, av);
   log_error ("error executing `%s': %s\n", pgm, strerror (errno));
 #endif /*HAVE_W32_SYSTEM*/
   gpgsm_exit (2);
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 7953f9915..54d4aff93 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -50,7 +50,7 @@ struct keyserver_spec
 
 
 /* A large struct named "opt" to keep global flags. */
-struct 
+struct
 {
   unsigned int debug; /* debug flags (DBG_foo_VALUE) */
   int verbose;      /* verbosity level */
@@ -62,7 +62,7 @@ struct
 
   const char *homedir;         /* Configuration directory name */
   const char *config_filename; /* Name of the used config file. */
-  const char *agent_program; 
+  const char *agent_program;
 
   session_env_t session_env;
   char *lc_ctype;
@@ -74,7 +74,7 @@ struct
   char *outfile;    /* name of output file */
 
   int with_key_data;/* include raw key in the column delimted output */
-  
+
   int fingerprint;  /* list fingerprints in all key listings */
 
   int with_md5_fingerprint; /* Also print an MD5 fingerprint for
@@ -171,11 +171,11 @@ struct server_control_s
   int no_server;      /* We are not running under server control */
   int  status_fd;     /* Only for non-server mode */
   struct server_local_s *server_local;
-  
+
   audit_ctx_t audit;  /* NULL or a context for the audit subsystem.  */
   int agent_seen;     /* Flag indicating that the gpg-agent has been
                          accessed.  */
-  
+
   int with_colons;    /* Use column delimited output format */
   int with_chain;     /* Include the certifying certs in a listing */
   int with_validation;/* Validate each key while listing. */
@@ -204,7 +204,7 @@ typedef struct base64_context_s *Base64Context;
 
 
 /* An object to keep a list of certificates. */
-struct certlist_s 
+struct certlist_s
 {
   struct certlist_s *next;
   ksba_cert_t cert;
@@ -388,7 +388,7 @@ int gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
                       unsigned char *digest, size_t digestlen, int digestalgo,
                       unsigned char **r_buf, size_t *r_buflen);
 int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
-                           ksba_const_sexp_t ciphertext, 
+                           ksba_const_sexp_t ciphertext,
                            char **r_buf, size_t *r_buflen);
 int gpgsm_agent_genkey (ctrl_t ctrl,
                         ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
diff --git a/sm/import.c b/sm/import.c
index c70e4e916..7b5852443 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -53,7 +53,7 @@ struct stats_s {
  };
 
 
-struct rsa_secret_key_s 
+struct rsa_secret_key_s
 {
   gcry_mpi_t n;	    /* public modulus */
   gcry_mpi_t e;	    /* public exponent */
@@ -73,12 +73,12 @@ static void
 print_imported_status (ctrl_t ctrl, ksba_cert_t cert, int new_cert)
 {
   char *fpr;
-     
+
   fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
   if (new_cert)
     gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, "[X.509]", NULL);
 
-  gpgsm_status2 (ctrl, STATUS_IMPORT_OK, 
+  gpgsm_status2 (ctrl, STATUS_IMPORT_OK,
                  new_cert? "1":"0",  fpr, NULL);
 
   xfree (fpr);
@@ -125,7 +125,7 @@ print_imported_summary (ctrl_t ctrl, struct stats_s *stats)
   if (!opt.quiet)
     {
       log_info (_("total number processed: %lu\n"), stats->count);
-      if (stats->imported) 
+      if (stats->imported)
         {
           log_info (_("              imported: %lu"), stats->imported );
           log_printf ("\n");
@@ -186,8 +186,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
      to be different but because gpgsm_verify even imports
      certificates without any checks, it doesn't matter much and the
      code gets much cleaner.  A housekeeping function to remove
-     certificates w/o an anchor would be nice, though. 
-     
+     certificates w/o an anchor would be nice, though.
+
      Optionally we do a full validation in addition to the basic test.
   */
   rc = gpgsm_basic_cert_check (ctrl, cert);
@@ -215,7 +215,7 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
               if (stats)
                 stats->unchanged++;
             }
-            
+
           if (opt.verbose > 1 && existed)
             {
               if (depth)
@@ -257,7 +257,7 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
       /* We keep the test for GPG_ERR_MISSING_CERT only in case
          GPG_ERR_MISSING_CERT has been used instead of the newer
          GPG_ERR_MISSING_ISSUER_CERT.  */
-      print_import_problem 
+      print_import_problem
         (ctrl, cert,
          gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
          gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
@@ -294,25 +294,25 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
       log_error ("can't create reader: %s\n", gpg_strerror (rc));
       goto leave;
     }
-  
-  
+
+
   /* We need to loop here to handle multiple PEM objects in one
      file. */
   do
     {
       ksba_cms_release (cms); cms = NULL;
       ksba_cert_release (cert); cert = NULL;
-      
+
       ct = ksba_cms_identify (reader);
       if (ct == KSBA_CT_SIGNED_DATA)
         { /* This is probably a signed-only message - import the certs */
           ksba_stop_reason_t stopreason;
           int i;
-          
+
           rc = ksba_cms_new (&cms);
           if (rc)
             goto leave;
-          
+
           rc = ksba_cms_set_reader_writer (cms, reader, NULL);
           if (rc)
             {
@@ -321,7 +321,7 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
               goto leave;
             }
 
-          do 
+          do
             {
               rc = ksba_cms_parse (cms, &stopreason);
               if (rc)
@@ -333,12 +333,12 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
               if (stopreason == KSBA_SR_BEGIN_DATA)
                 log_info ("not a certs-only message\n");
             }
-          while (stopreason != KSBA_SR_READY);   
-      
+          while (stopreason != KSBA_SR_READY);
+
           for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
             {
               check_and_store (ctrl, stats, cert, 0);
-              ksba_cert_release (cert); 
+              ksba_cert_release (cert);
               cert = NULL;
             }
           if (!i)
@@ -347,7 +347,7 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
             any = 1;
         }
       else if (ct == KSBA_CT_PKCS12)
-        { 
+        {
           /* This seems to be a pkcs12 message. */
           rc = parse_p12 (ctrl, reader, stats);
           if (!rc)
@@ -372,7 +372,7 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
           log_error ("can't extract certificates from input\n");
           rc = gpg_error (GPG_ERR_NO_DATA);
         }
-      
+
       ksba_reader_clear (reader, NULL, NULL);
     }
   while (!gpgsm_reader_eof_seen (b64reader));
@@ -411,7 +411,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
       goto leave;
     }
   keydb_set_ephemeral (kh, 1);
-   
+
   fp = es_fdopen_nc (in_fd, "r");
   if (!fp)
     {
@@ -430,7 +430,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
       trim_spaces (line);
       if (!*line)
         continue;
-    
+
       stats->count++;
 
       err = classify_user_id (line, &desc);
@@ -481,7 +481,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
       if (err)
         {
           log_error ("clearing ephemeral flag failed: %s\n",
-                     gpg_strerror (err)); 
+                     gpg_strerror (err));
           print_import_problem (ctrl, cert, 0);
           stats->not_imported++;
           continue;
@@ -536,7 +536,7 @@ gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
   struct stats_s stats;
 
   memset (&stats, 0, sizeof stats);
-  
+
   if (!nfiles)
     rc = import_one (ctrl, &stats, 0);
   else
@@ -615,7 +615,7 @@ rsa_key_check (struct rsa_secret_key_s *skey)
   gcry_mpi_mul (phi, t1, t2);
   gcry_mpi_invm (t, skey->e, phi);
   if (gcry_mpi_cmp (t, skey->d))
-    { 
+    {
       /* No: try universal exponent. */
       gcry_mpi_gcd (t, t1, t2);
       gcry_mpi_div (t, NULL, phi, t, 0);
@@ -656,7 +656,7 @@ struct store_cert_parm_s
 };
 
 /* Helper to store the DER encoded certificate CERTDATA of length
-   CERTDATALEN.  */ 
+   CERTDATALEN.  */
 static void
 store_cert_cb (void *opaque,
                const unsigned char *certdata, size_t certdatalen)
@@ -808,7 +808,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
 /*    print_mpi ("   p", sk.p); */
 /*    print_mpi ("   q", sk.q); */
 /*    print_mpi ("   u", sk.u); */
-  
+
   /* Create an S-expresion from the parameters. */
   err = gcry_sexp_build (&s_key, NULL,
                          "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
@@ -929,6 +929,6 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
       gpgsm_status_with_err_code (ctrl, STATUS_ERROR,
                                   "import.parsep12", GPG_ERR_BAD_PASSPHRASE);
     }
-  
+
   return err;
 }
diff --git a/sm/keydb.c b/sm/keydb.c
index ddf9a4830..35343f3dc 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -29,7 +29,7 @@
 
 #include "gpgsm.h"
 #include "../kbx/keybox.h"
-#include "keydb.h" 
+#include "keydb.h"
 #include "i18n.h"
 
 static int active_handles;
@@ -71,7 +71,7 @@ static void unlock_all (KEYDB_HANDLE hd);
  * Register a resource (which currently may only be a keybox file).
  * The first keybox which is added by this function is created if it
  * does not exist.  If AUTO_CREATED is not NULL it will be set to true
- * if the function has created a a new keybox. 
+ * if the function has created a a new keybox.
  */
 int
 keydb_add_resource (const char *url, int force, int secret, int *auto_created)
@@ -79,7 +79,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
   static int any_secret, any_public;
   const char *resname = url;
   char *filename = NULL;
-  int rc = 0; 
+  int rc = 0;
   FILE *fp;
   KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
   const char *created_fname = NULL;
@@ -91,7 +91,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
      gnupg-kbx:filename := this is a plain keybox
      filename := See what is is, but create as plain keybox.
   */
-  if (strlen (resname) > 10) 
+  if (strlen (resname) > 10)
     {
       if (!strncmp (resname, "gnupg-kbx:", 10) )
         {
@@ -117,20 +117,20 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
     }
   else
     filename = xstrdup (resname);
-  
+
   if (!force)
     force = secret? !any_secret : !any_public;
-  
+
   /* see whether we can determine the filetype */
   if (rt == KEYDB_RESOURCE_TYPE_NONE)
     {
       FILE *fp2 = fopen( filename, "rb" );
-      
+
       if (fp2) {
         u32 magic;
-        
+
         /* FIXME: check for the keybox magic */
-        if (fread( &magic, 4, 1, fp2) == 1 ) 
+        if (fread( &magic, 4, 1, fp2) == 1 )
           {
             if (magic == 0x13579ace || magic == 0xce9a5713)
               ; /* GDBM magic - no more support */
@@ -144,14 +144,14 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
       else /* no file yet: create ring */
         rt = KEYDB_RESOURCE_TYPE_KEYBOX;
     }
-    
+
   switch (rt)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
       log_error ("unknown type of key resource `%s'\n", url );
       rc = gpg_error (GPG_ERR_GENERAL);
       goto leave;
-      
+
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       fp = fopen (filename, "rb");
       if (!fp && !force)
@@ -159,13 +159,13 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
           rc = gpg_error (gpg_err_code_from_errno (errno));
           goto leave;
         }
-      
+
       if (!fp)
         { /* no file */
 #if 0 /* no autocreate of the homedirectory yet */
           {
             char *last_slash_in_filename;
-            
+
             last_slash_in_filename = strrchr (filename, DIRSEP_C);
             *last_slash_in_filename = 0;
             if (access (filename, F_OK))
@@ -202,13 +202,13 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
 	fp = NULL;
         /* now register the file */
         {
-          
+
           void *token = keybox_register_file (filename, secret);
           if (!token)
             ; /* already registered - ignore it */
           else if (used_resources >= MAX_KEYDB_RESOURCES)
             rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
-          else 
+          else
             {
               all_resources[used_resources].type = rt;
               all_resources[used_resources].u.kr = NULL; /* Not used here */
@@ -224,7 +224,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
               if (!make_dotlock (all_resources[used_resources].lockhandle, 0))
                 {
                   KEYBOX_HANDLE kbxhd = keybox_new (token, secret);
-                  
+
                   if (kbxhd)
                     {
                       keybox_compress (kbxhd);
@@ -232,7 +232,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
                     }
                   release_dotlock (all_resources[used_resources].lockhandle);
                 }
-                  
+
               used_resources++;
             }
         }
@@ -264,10 +264,10 @@ keydb_new (int secret)
 {
   KEYDB_HANDLE hd;
   int i, j;
-  
+
   hd = xcalloc (1, sizeof *hd);
   hd->found = -1;
-  
+
   assert (used_resources <= MAX_KEYDB_RESOURCES);
   for (i=j=0; i < used_resources; i++)
     {
@@ -283,7 +283,7 @@ keydb_new (int secret)
           hd->active[j].secret = all_resources[i].secret;
           hd->active[j].lockhandle = all_resources[i].lockhandle;
           hd->active[j].u.kr = keybox_new (all_resources[i].token, secret);
-          if (!hd->active[j].u.kr) 
+          if (!hd->active[j].u.kr)
             {
               xfree (hd);
               return NULL; /* fixme: release all previously allocated handles*/
@@ -293,16 +293,16 @@ keydb_new (int secret)
         }
     }
   hd->used = j;
-  
+
   active_handles++;
   return hd;
 }
 
-void 
+void
 keydb_release (KEYDB_HANDLE hd)
 {
   int i;
-  
+
   if (!hd)
     return;
   assert (active_handles > 0);
@@ -311,7 +311,7 @@ keydb_release (KEYDB_HANDLE hd)
   unlock_all (hd);
   for (i=0; i < hd->used; i++)
     {
-      switch (hd->active[i].type) 
+      switch (hd->active[i].type)
         {
         case KEYDB_RESOURCE_TYPE_NONE:
           break;
@@ -336,27 +336,27 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
 {
   int idx;
   const char *s = NULL;
-  
-  if (!hd) 
+
+  if (!hd)
     return NULL;
 
-  if ( hd->found >= 0 && hd->found < hd->used) 
+  if ( hd->found >= 0 && hd->found < hd->used)
     idx = hd->found;
-  else if ( hd->current >= 0 && hd->current < hd->used) 
+  else if ( hd->current >= 0 && hd->current < hd->used)
     idx = hd->current;
   else
     idx = 0;
 
-  switch (hd->active[idx].type) 
+  switch (hd->active[idx].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
-      s = NULL; 
+      s = NULL;
       break;
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       s = keybox_get_resource_name (hd->active[idx].u.kr);
       break;
     }
-  
+
   return s? s: "";
 }
 
@@ -374,7 +374,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
     {
       for (i=0; i < hd->used; i++)
         {
-          switch (hd->active[i].type) 
+          switch (hd->active[i].type)
             {
             case KEYDB_RESOURCE_TYPE_NONE:
               break;
@@ -384,7 +384,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
             }
         }
     }
-      
+
   i = hd->is_ephemeral;
   hd->is_ephemeral = yes;
   return i;
@@ -407,7 +407,7 @@ keydb_lock (KEYDB_HANDLE hd)
 
 
 
-static int 
+static int
 lock_all (KEYDB_HANDLE hd)
 {
   int i, rc = 0;
@@ -415,9 +415,9 @@ lock_all (KEYDB_HANDLE hd)
   /* Fixme: This locking scheme may lead to deadlock if the resources
      are not added in the same order by all processes.  We are
      currently only allowing one resource so it is not a problem. */
-  for (i=0; i < hd->used; i++) 
+  for (i=0; i < hd->used; i++)
     {
-      switch (hd->active[i].type) 
+      switch (hd->active[i].type)
         {
         case KEYDB_RESOURCE_TYPE_NONE:
           break;
@@ -430,12 +430,12 @@ lock_all (KEYDB_HANDLE hd)
         break;
     }
 
-    if (rc) 
+    if (rc)
       {
         /* revert the already set locks */
-        for (i--; i >= 0; i--) 
+        for (i--; i >= 0; i--)
           {
-            switch (hd->active[i].type) 
+            switch (hd->active[i].type)
               {
               case KEYDB_RESOURCE_TYPE_NONE:
                 break;
@@ -459,13 +459,13 @@ static void
 unlock_all (KEYDB_HANDLE hd)
 {
   int i;
-  
+
   if (!hd->locked)
     return;
 
-  for (i=hd->used-1; i >= 0; i--) 
+  for (i=hd->used-1; i >= 0; i--)
     {
-      switch (hd->active[i].type) 
+      switch (hd->active[i].type)
         {
         case KEYDB_RESOURCE_TYPE_NONE:
           break;
@@ -483,7 +483,7 @@ unlock_all (KEYDB_HANDLE hd)
 /*
  * Return the last found keybox.  Caller must free it.
  * The returned keyblock has the kbode flag bit 0 set for the node with
- * the public key used to locate the keyblock or flag bit 1 set for 
+ * the public key used to locate the keyblock or flag bit 1 set for
  * the user ID node.
  */
 int
@@ -494,7 +494,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
     if (!hd)
         return G10ERR_INV_ARG;
 
-    if ( hd->found < 0 || hd->found >= hd->used) 
+    if ( hd->found < 0 || hd->found >= hd->used)
         return -1; /* nothing found */
 
     switch (hd->active[hd->found].type) {
@@ -509,7 +509,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
     return rc;
 }
 
-/* 
+/*
  * update the current keyblock with KB
  */
 int
@@ -520,7 +520,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
     if (!hd)
         return G10ERR_INV_ARG;
 
-    if ( hd->found < 0 || hd->found >= hd->used) 
+    if ( hd->found < 0 || hd->found >= hd->used)
         return -1; /* nothing found */
 
     if( opt.dry_run )
@@ -543,8 +543,8 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
 }
 
 
-/* 
- * Insert a new KB into one of the resources. 
+/*
+ * Insert a new KB into one of the resources.
  */
 int
 keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
@@ -552,15 +552,15 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
     int rc = -1;
     int idx;
 
-    if (!hd) 
+    if (!hd)
         return G10ERR_INV_ARG;
 
     if( opt.dry_run )
 	return 0;
 
-    if ( hd->found >= 0 && hd->found < hd->used) 
+    if ( hd->found >= 0 && hd->found < hd->used)
         idx = hd->found;
-    else if ( hd->current >= 0 && hd->current < hd->used) 
+    else if ( hd->current >= 0 && hd->current < hd->used)
         idx = hd->current;
     else
         return G10ERR_GENERAL;
@@ -598,11 +598,11 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
-  
-  if ( hd->found < 0 || hd->found >= hd->used) 
+
+  if ( hd->found < 0 || hd->found >= hd->used)
     return -1; /* nothing found */
-  
-  switch (hd->active[hd->found].type) 
+
+  switch (hd->active[hd->found].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
       rc = gpg_error (GPG_ERR_GENERAL); /* oops */
@@ -611,7 +611,7 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
       rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
       break;
     }
-  
+
   return rc;
 }
 
@@ -626,11 +626,11 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
-  
-  if ( hd->found < 0 || hd->found >= hd->used) 
+
+  if ( hd->found < 0 || hd->found >= hd->used)
     return gpg_error (GPG_ERR_NOTHING_FOUND);
-  
-  switch (hd->active[hd->found].type) 
+
+  switch (hd->active[hd->found].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
       err = gpg_error (GPG_ERR_GENERAL); /* oops */
@@ -639,7 +639,7 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
       err = keybox_get_flags (hd->active[hd->found].u.kr, which, idx, value);
       break;
     }
-  
+
   return err;
 }
 
@@ -656,14 +656,14 @@ keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
-  
-  if ( hd->found < 0 || hd->found >= hd->used) 
+
+  if ( hd->found < 0 || hd->found >= hd->used)
     return gpg_error (GPG_ERR_NOTHING_FOUND);
-  
+
   if (!hd->locked)
     return gpg_error (GPG_ERR_NOT_LOCKED);
 
-  switch (hd->active[hd->found].type) 
+  switch (hd->active[hd->found].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
       err = gpg_error (GPG_ERR_GENERAL); /* oops */
@@ -672,12 +672,12 @@ keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
       err = keybox_set_flags (hd->active[hd->found].u.kr, which, idx, value);
       break;
     }
-  
+
   return err;
 }
 
-/* 
- * Insert a new Certificate into one of the resources. 
+/*
+ * Insert a new Certificate into one of the resources.
  */
 int
 keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
@@ -685,16 +685,16 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
   int rc = -1;
   int idx;
   unsigned char digest[20];
-  
-  if (!hd) 
+
+  if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
   if (opt.dry_run)
     return 0;
-  
-  if ( hd->found >= 0 && hd->found < hd->used) 
+
+  if ( hd->found >= 0 && hd->found < hd->used)
     idx = hd->found;
-  else if ( hd->current >= 0 && hd->current < hd->used) 
+  else if ( hd->current >= 0 && hd->current < hd->used)
     idx = hd->current;
   else
     return gpg_error (GPG_ERR_GENERAL);
@@ -704,7 +704,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 
   gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
 
-  switch (hd->active[idx].type) 
+  switch (hd->active[idx].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
       rc = gpg_error (GPG_ERR_GENERAL);
@@ -713,7 +713,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
       rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
       break;
     }
-  
+
   unlock_all (hd);
   return rc;
 }
@@ -726,11 +726,11 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 {
   int rc = 0;
   unsigned char digest[20];
-  
+
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  if ( hd->found < 0 || hd->found >= hd->used) 
+  if ( hd->found < 0 || hd->found >= hd->used)
     return -1; /* nothing found */
 
   if (opt.dry_run)
@@ -742,7 +742,7 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 
   gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
 
-  switch (hd->active[hd->found].type) 
+  switch (hd->active[hd->found].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
       rc = gpg_error (GPG_ERR_GENERAL); /* oops */
@@ -757,25 +757,25 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 }
 
 
-/* 
+/*
  * The current keyblock or cert will be deleted.
  */
 int
 keydb_delete (KEYDB_HANDLE hd, int unlock)
 {
   int rc = -1;
-  
+
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  if ( hd->found < 0 || hd->found >= hd->used) 
+  if ( hd->found < 0 || hd->found >= hd->used)
     return -1; /* nothing found */
 
   if( opt.dry_run )
     return 0;
 
   if (!hd->locked)
-    return gpg_error (GPG_ERR_NOT_LOCKED); 
+    return gpg_error (GPG_ERR_NOT_LOCKED);
 
   switch (hd->active[hd->found].type)
     {
@@ -797,7 +797,7 @@ keydb_delete (KEYDB_HANDLE hd, int unlock)
 /*
  * Locate the default writable key resource, so that the next
  * operation (which is only relevant for inserts) will be done on this
- * resource.  
+ * resource.
  */
 int
 keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
@@ -805,17 +805,17 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
   int rc;
 
   (void)reserved;
-  
+
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
-  
+
   rc = keydb_search_reset (hd); /* this does reset hd->current */
   if (rc)
     return rc;
-  
-  for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++) 
+
+  for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
     {
-      switch (hd->active[hd->current].type) 
+      switch (hd->active[hd->current].type)
         {
         case KEYDB_RESOURCE_TYPE_NONE:
           BUG();
@@ -826,7 +826,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
           break;
         }
     }
-  
+
   return -1;
 }
 
@@ -837,7 +837,7 @@ void
 keydb_rebuild_caches (void)
 {
   int i;
-  
+
   for (i=0; i < used_resources; i++)
     {
       if (all_resources[i].secret)
@@ -858,23 +858,23 @@ keydb_rebuild_caches (void)
 
 
 
-/* 
+/*
  * Start the next search on this handle right at the beginning
  */
-int 
+int
 keydb_search_reset (KEYDB_HANDLE hd)
 {
   int i, rc = 0;
-  
+
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  hd->current = 0; 
+  hd->current = 0;
   hd->found = -1;
   /* and reset all resources */
-  for (i=0; !rc && i < hd->used; i++) 
+  for (i=0; !rc && i < hd->used; i++)
     {
-      switch (hd->active[i].type) 
+      switch (hd->active[i].type)
         {
         case KEYDB_RESOURCE_TYPE_NONE:
           break;
@@ -887,21 +887,21 @@ keydb_search_reset (KEYDB_HANDLE hd)
                 all modules*/
 }
 
-/* 
+/*
  * Search through all keydb resources, starting at the current position,
  * for a keyblock which contains one of the keys described in the DESC array.
  */
-int 
+int
 keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
 {
   int rc = -1;
-  
+
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  while (rc == -1 && hd->current >= 0 && hd->current < hd->used) 
+  while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
     {
-      switch (hd->active[hd->current].type) 
+      switch (hd->active[hd->current].type)
         {
         case KEYDB_RESOURCE_TYPE_NONE:
           BUG(); /* we should never see it here */
@@ -911,12 +911,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
           break;
         }
       if (rc == -1) /* EOF -> switch to next resource */
-        hd->current++; 
+        hd->current++;
       else if (!rc)
         hd->found = hd->current;
     }
-  
-  return rc; 
+
+  return rc;
 }
 
 
@@ -924,7 +924,7 @@ int
 keydb_search_first (KEYDB_HANDLE hd)
 {
   KEYDB_SEARCH_DESC desc;
-  
+
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_FIRST;
   return keydb_search (hd, &desc, 1);
@@ -934,7 +934,7 @@ int
 keydb_search_next (KEYDB_HANDLE hd)
 {
   KEYDB_SEARCH_DESC desc;
-  
+
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_NEXT;
   return keydb_search (hd, &desc, 1);
@@ -946,7 +946,7 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
   KEYDB_SEARCH_DESC desc;
 
   (void)kid;
-  
+
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
   desc.u.kid[0] = kid[0];
@@ -958,7 +958,7 @@ int
 keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
 {
   KEYDB_SEARCH_DESC desc;
-  
+
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_FPR;
   memcpy (desc.u.fpr, fpr, 20);
@@ -970,7 +970,7 @@ keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
 {
   KEYDB_SEARCH_DESC desc;
   int rc;
-  
+
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_ISSUER;
   desc.u.name = issuer;
@@ -985,7 +985,7 @@ keydb_search_issuer_sn (KEYDB_HANDLE hd,
   KEYDB_SEARCH_DESC desc;
   int rc;
   const unsigned char *s;
-  
+
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
   s = serial;
@@ -1007,7 +1007,7 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
 {
   KEYDB_SEARCH_DESC desc;
   int rc;
-  
+
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
   desc.u.name = name;
@@ -1046,7 +1046,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
 
   if (ephemeral)
     keydb_set_ephemeral (kh, 1);
-  
+
   rc = lock_all (kh);
   if (rc)
     return rc;
@@ -1081,7 +1081,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
       keydb_release (kh);
       return rc;
     }
-  keydb_release (kh);               
+  keydb_release (kh);
   return 0;
 }
 
@@ -1090,8 +1090,8 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
    transaction by locating the certificate in the DB and updating the
    flags. */
 gpg_error_t
-keydb_set_cert_flags (ksba_cert_t cert, int ephemeral, 
-                      int which, int idx, 
+keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
+                      int which, int idx,
                       unsigned int mask, unsigned int value)
 {
   KEYDB_HANDLE kh;
@@ -1156,7 +1156,7 @@ keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
         }
     }
 
-  keydb_release (kh);               
+  keydb_release (kh);
   return 0;
 }
 
@@ -1175,7 +1175,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
   unsigned int old_value, value;
 
   (void)ctrl;
-  
+
   hd = keydb_new (0);
   if (!hd)
     {
@@ -1187,7 +1187,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
     ndesc = 1;
   else
     {
-      for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++) 
+      for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
         ;
     }
 
@@ -1201,9 +1201,9 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
 
   if (!names)
     desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
-  else 
+  else
     {
-      for (ndesc=0, sl=names; sl; sl = sl->next) 
+      for (ndesc=0, sl=names; sl; sl = sl->next)
         {
           rc = classify_user_id (sl->d, desc+ndesc);
           if (rc)
@@ -1226,7 +1226,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
 
   while (!(rc = keydb_search (hd, desc, ndesc)))
     {
-      if (!names) 
+      if (!names)
         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
 
       err = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &old_value);
@@ -1236,7 +1236,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
                      gpg_strerror (err));
           goto leave;
         }
- 
+
       value = (old_value & ~VALIDITY_REVOKED);
       if (value != old_value)
         {
@@ -1250,10 +1250,8 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
     }
   if (rc && rc != -1)
     log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
-  
+
  leave:
   xfree (desc);
   keydb_release (hd);
 }
-
-
diff --git a/sm/keydb.h b/sm/keydb.h
index a62ce99cb..33876ceba 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -78,7 +78,3 @@ void keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names);
 
 
 #endif /*GNUPG_KEYDB_H*/
-
-
-
-
diff --git a/sm/keylist.c b/sm/keylist.c
index 4f876ff60..1d6ce6e89 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -37,7 +37,7 @@
 #include "i18n.h"
 #include "tlv.h"
 
-struct list_external_parm_s 
+struct list_external_parm_s
 {
   ctrl_t ctrl;
   estream_t fp;
@@ -56,18 +56,18 @@ struct
   const char *name;
 } key_purpose_map[] = {
   { "1.3.6.1.5.5.7.3.1",  "serverAuth" },
-  { "1.3.6.1.5.5.7.3.2",  "clientAuth" },          
-  { "1.3.6.1.5.5.7.3.3",  "codeSigning" },      
-  { "1.3.6.1.5.5.7.3.4",  "emailProtection" },     
-  { "1.3.6.1.5.5.7.3.5",  "ipsecEndSystem" }, 
-  { "1.3.6.1.5.5.7.3.6",  "ipsecTunnel" },  
-  { "1.3.6.1.5.5.7.3.7",  "ipsecUser" },     
-  { "1.3.6.1.5.5.7.3.8",  "timeStamping" },       
-  { "1.3.6.1.5.5.7.3.9",  "ocspSigning" },    
-  { "1.3.6.1.5.5.7.3.10", "dvcs" },      
+  { "1.3.6.1.5.5.7.3.2",  "clientAuth" },
+  { "1.3.6.1.5.5.7.3.3",  "codeSigning" },
+  { "1.3.6.1.5.5.7.3.4",  "emailProtection" },
+  { "1.3.6.1.5.5.7.3.5",  "ipsecEndSystem" },
+  { "1.3.6.1.5.5.7.3.6",  "ipsecTunnel" },
+  { "1.3.6.1.5.5.7.3.7",  "ipsecUser" },
+  { "1.3.6.1.5.5.7.3.8",  "timeStamping" },
+  { "1.3.6.1.5.5.7.3.9",  "ocspSigning" },
+  { "1.3.6.1.5.5.7.3.10", "dvcs" },
   { "1.3.6.1.5.5.7.3.11", "sbgpCertAAServerAuth" },
   { "1.3.6.1.5.5.7.3.13", "eapOverPPP" },
-  { "1.3.6.1.5.5.7.3.14", "wlanSSID" },       
+  { "1.3.6.1.5.5.7.3.14", "wlanSSID" },
 
   { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns" }, /* Netscape. */
   { "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms"}, /* Microsoft. */
@@ -82,10 +82,10 @@ struct
    for oids which are already available via ksba fucntions. */
 #define OID_FLAG_SKIP 1
 /* The extension is a simple UTF8String and should be printed.  */
-#define OID_FLAG_UTF8 2 
+#define OID_FLAG_UTF8 2
 
 /* A table mapping OIDs to a descriptive string. */
-static struct 
+static struct
 {
   char *oid;
   char *name;
@@ -155,7 +155,7 @@ static struct
   { "2.5.29.20", "cRLNumber" },
   { "2.5.29.21", "cRLReason" },
   { "2.5.29.22", "expirationDate" },
-  { "2.5.29.23", "instructionCode" }, 
+  { "2.5.29.23", "instructionCode" },
   { "2.5.29.24", "invalidityDate" },
   { "2.5.29.27", "deltaCRLIndicator" },
   { "2.5.29.28", "issuingDistributionPoint" },
@@ -194,7 +194,7 @@ static struct
 };
 
 
-/* Return the description for OID; if no description is available 
+/* Return the description for OID; if no description is available
    NULL is returned. */
 static const char *
 get_oid_desc (const char *oid, unsigned int *flag)
@@ -218,11 +218,11 @@ get_oid_desc (const char *oid, unsigned int *flag)
 static void
 print_key_data (ksba_cert_t cert, estream_t fp)
 {
-#if 0  
+#if 0
   int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
   int i;
 
-  for(i=0; i < n; i++ ) 
+  for(i=0; i < n; i++ )
     {
       es_fprintf (fp, "pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );
       mpi_print(stdout, pk->pkey[i], 1 );
@@ -243,18 +243,18 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
   size_t buflen;
   char buffer[1];
 
-  err = ksba_cert_get_user_data (cert, "is_qualified", 
+  err = ksba_cert_get_user_data (cert, "is_qualified",
                                  &buffer, sizeof (buffer), &buflen);
   if (!err && buflen)
     {
       if (*buffer)
         es_putc ('q', fp);
-    }    
+    }
   else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     ; /* Don't know - will not get marked as 'q' */
   else
     log_debug ("get_user_data(is_qualified) failed: %s\n",
-               gpg_strerror (err)); 
+               gpg_strerror (err));
 
   err = ksba_cert_get_key_usage (cert, &use);
   if (gpg_err_code (err) == GPG_ERR_NO_DATA)
@@ -268,11 +268,11 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
       return;
     }
   if (err)
-    { 
+    {
       log_error (_("error getting key usage information: %s\n"),
                  gpg_strerror (err));
       return;
-    } 
+    }
 
   if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
     es_putc ('e', fp);
@@ -296,7 +296,7 @@ print_time (gnupg_isotime_t t, estream_t fp)
 {
   if (!t || !*t)
     ;
-  else 
+  else
     es_fputs (t, fp);
 }
 
@@ -406,13 +406,13 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
     *truststring = 'r';
   else if (gpg_err_code (valerr) == GPG_ERR_CERT_EXPIRED)
     *truststring = 'e';
-  else 
+  else
     {
       /* Lets also check whether the certificate under question
          expired.  This is merely a hack until we found a proper way
          to store the expiration flag in the keybox. */
       ksba_isotime_t current_time, not_after;
-  
+
       gnupg_get_isotime (current_time);
       if (!opt.ignore_expiration
           && !ksba_cert_get_validity (cert, 1, not_after)
@@ -438,7 +438,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
         *truststring = 'n';  /* No, we do not trust this one. */
       /* (in case of an error we can't tell anything.) */
     }
-  
+
   if (*truststring)
     es_fputs (truststring, fp);
 
@@ -457,7 +457,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
     {
       int len;
       const unsigned char *s = sexp;
-      
+
       if (*s == '(')
         {
           s++;
@@ -479,9 +479,9 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
       xfree (p);
     }
   es_putc (':', fp);
-  /* Field 11, signature class - not used */ 
+  /* Field 11, signature class - not used */
   es_putc (':', fp);
-  /* Field 12, capabilities: */ 
+  /* Field 12, capabilities: */
   print_capabilities (cert, fp);
   /* Field 13, not used: */
   es_putc (':', fp);
@@ -584,7 +584,7 @@ print_names_raw (estream_t fp, int indent, ksba_name_t name)
       es_fputs ("none\n", fp);
       return;
     }
-  
+
   for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
     {
       char *p = ksba_name_get_uri (name, idx);
@@ -597,7 +597,7 @@ print_names_raw (estream_t fp, int indent, ksba_name_t name)
 
 
 static void
-print_utf8_extn_raw (estream_t fp, int indent, 
+print_utf8_extn_raw (estream_t fp, int indent,
                      const unsigned char *der, size_t derlen)
 {
   gpg_error_t err;
@@ -621,7 +621,7 @@ print_utf8_extn_raw (estream_t fp, int indent,
 
 
 static void
-print_utf8_extn (estream_t fp, int indent, 
+print_utf8_extn (estream_t fp, int indent,
                  const unsigned char *der, size_t derlen)
 {
   gpg_error_t err;
@@ -800,21 +800,21 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
         {
           if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
             es_fputs (" digitalSignature", fp);
-          if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))  
+          if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))
             es_fputs (" nonRepudiation", fp);
-          if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT)) 
+          if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
             es_fputs (" keyEncipherment", fp);
           if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
             es_fputs (" dataEncipherment", fp);
-          if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))    
+          if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))
             es_fputs (" keyAgreement", fp);
           if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
             es_fputs (" certSign", fp);
-          if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))  
+          if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))
             es_fputs (" crlSign", fp);
           if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
             es_fputs (" encipherOnly", fp);
-          if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))  
+          if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))
             es_fputs (" decipherOnly", fp);
         }
       es_putc ('\n', fp);
@@ -825,7 +825,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
   es_fputs ("  extKeyUsage: ", fp);
   err = ksba_cert_get_ext_key_usages (cert, &string);
   if (gpg_err_code (err) != GPG_ERR_NO_DATA)
-    { 
+    {
       if (err)
         es_fprintf (fp, "[error: %s]", gpg_strerror (err));
       else
@@ -1106,21 +1106,21 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
         {
           if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
             es_fputs (" digitalSignature", fp);
-          if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))  
+          if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))
             es_fputs (" nonRepudiation", fp);
-          if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT)) 
+          if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
             es_fputs (" keyEncipherment", fp);
           if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
             es_fputs (" dataEncipherment", fp);
-          if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))    
+          if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))
             es_fputs (" keyAgreement", fp);
           if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
             es_fputs (" certSign", fp);
-          if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))  
+          if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))
             es_fputs (" crlSign", fp);
           if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
             es_fputs (" encipherOnly", fp);
-          if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))  
+          if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))
             es_fputs (" decipherOnly", fp);
         }
       es_putc ('\n', fp);
@@ -1128,7 +1128,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
 
   err = ksba_cert_get_ext_key_usages (cert, &string);
   if (gpg_err_code (err) != GPG_ERR_NO_DATA)
-    { 
+    {
       es_fputs ("ext key usage: ", fp);
       if (err)
         es_fprintf (fp, "[error: %s]", gpg_strerror (err));
@@ -1224,7 +1224,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
           es_fprintf (fp, "      keygrip: %s\n", dn);
           xfree (dn);
         }
-    }      
+    }
 
   if (have_secret)
     {
@@ -1242,20 +1242,20 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
       gpg_error_t tmperr;
       size_t buflen;
       char buffer[1];
-      
+
       err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL);
-      tmperr = ksba_cert_get_user_data (cert, "is_qualified", 
+      tmperr = ksba_cert_get_user_data (cert, "is_qualified",
                                         &buffer, sizeof (buffer), &buflen);
       if (!tmperr && buflen)
         {
           if (*buffer)
             es_fputs ("  [qualified]\n", fp);
-        }    
+        }
       else if (gpg_err_code (tmperr) == GPG_ERR_NOT_FOUND)
         ; /* Don't know - will not get marked as 'q' */
       else
         log_debug ("get_user_data(is_qualified) failed: %s\n",
-                   gpg_strerror (tmperr)); 
+                   gpg_strerror (tmperr));
 
       if (!err)
         es_fprintf (fp, "  [certificate is good]\n");
@@ -1326,7 +1326,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
     ndesc = 1;
   else
     {
-      for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++) 
+      for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
         ;
     }
 
@@ -1340,9 +1340,9 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
 
   if (!names)
     desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
-  else 
+  else
     {
-      for (ndesc=0, sl=names; sl; sl = sl->next) 
+      for (ndesc=0, sl=names; sl; sl = sl->next)
         {
           rc = classify_user_id (sl->d, desc+ndesc);
           if (rc)
@@ -1354,7 +1354,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
           else
             ndesc++;
         }
-      
+
     }
 
   /* If all specifications are done by fingerprint or keygrip, we
@@ -1390,7 +1390,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
     {
       unsigned int validity;
 
-      if (!names) 
+      if (!names)
         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
 
       rc = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &validity);
@@ -1400,7 +1400,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
           goto leave;
         }
       rc = keydb_get_cert (hd, &cert);
-      if (rc) 
+      if (rc)
         {
           log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
           goto leave;
@@ -1416,11 +1416,11 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
 	}
 
       resname = keydb_get_resource_name (hd);
-      
-      if (lastresname != resname ) 
+
+      if (lastresname != resname )
         {
           int i;
-          
+
           if (ctrl->no_server)
             {
               es_fprintf (fp, "%s\n", resname );
@@ -1437,7 +1437,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
           char *p = gpgsm_get_keygrip_hexstring (cert);
           if (p)
             {
-              rc = gpgsm_agent_havekey (ctrl, p); 
+              rc = gpgsm_agent_havekey (ctrl, p);
               if (!rc)
                 have_secret = 1;
               else if ( gpg_err_code (rc) != GPG_ERR_NO_SECKEY)
@@ -1468,7 +1468,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
             }
         }
 
-      ksba_cert_release (lastcert); 
+      ksba_cert_release (lastcert);
       lastcert = cert;
       cert = NULL;
     }
@@ -1476,10 +1476,10 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
     rc = 0;
   if (rc)
     log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
-  
+
  leave:
   ksba_cert_release (cert);
-  ksba_cert_release (lastcert); 
+  ksba_cert_release (lastcert);
   xfree (desc);
   keydb_release (hd);
   return rc;
@@ -1539,7 +1539,7 @@ list_external_keys (ctrl_t ctrl, strlist_t names, estream_t fp, int raw_mode)
   parm.raw_mode  = raw_mode;
 
   rc = gpgsm_dirmngr_lookup (ctrl, names, 0, list_external_cb, &parm);
-  if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1 
+  if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1
       || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
     rc = 0; /* "Not found" is not an error here. */
   if (rc)
@@ -1548,7 +1548,7 @@ list_external_keys (ctrl_t ctrl, strlist_t names, estream_t fp, int raw_mode)
 }
 
 /* List all keys or just the key given as NAMES.
-   MODE controls the operation mode: 
+   MODE controls the operation mode:
     Bit 0-2:
       0 = list all public keys but don't flag secret ones
       1 = list only public keys
@@ -1567,6 +1567,6 @@ gpgsm_list_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
   if ((mode & (1<<6)))
     err = list_internal_keys (ctrl, names, fp, (mode & 3), (mode&256));
   if (!err && (mode & (1<<7)))
-    err = list_external_keys (ctrl, names, fp, (mode&256)); 
+    err = list_external_keys (ctrl, names, fp, (mode&256));
   return err;
 }
diff --git a/sm/minip12.c b/sm/minip12.c
index d340f9821..10f7c99f6 100644
--- a/sm/minip12.c
+++ b/sm/minip12.c
@@ -111,14 +111,14 @@ static unsigned char const oid_rsaEncryption[9] = {
 
 static unsigned char const data_3desiter2048[30] = {
   0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48, 0x86,
-  0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03, 0x30, 0x0E, 
+  0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03, 0x30, 0x0E,
   0x04, 0x08, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
   0xFF, 0xFF, 0x02, 0x02, 0x08, 0x00 };
 #define DATA_3DESITER2048_SALT_OFF  18
 
 static unsigned char const data_rc2iter2048[30] = {
   0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48, 0x86,
-  0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x06, 0x30, 0x0E, 
+  0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x06, 0x30, 0x0E,
   0x04, 0x08, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
   0xFF, 0xFF, 0x02, 0x02, 0x08, 0x00 };
 #define DATA_RC2ITER2048_SALT_OFF  18
@@ -130,7 +130,7 @@ static unsigned char const data_mactemplate[51] = {
   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
   0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x08, 0xff,
   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x02,
-  0x02, 0x08, 0x00 }; 
+  0x02, 0x08, 0x00 };
 #define DATA_MACTEMPLATE_MAC_OFF 17
 #define DATA_MACTEMPLATE_SALT_OFF 39
 
@@ -151,14 +151,14 @@ static unsigned char const data_attrtemplate[106] = {
   0x04, 0x14 }; /* Need to append SHA-1 digest. */
 #define DATA_ATTRTEMPLATE_KEYID_OFF 73
 
-struct buffer_s 
+struct buffer_s
 {
   unsigned char *buffer;
   size_t length;
-};  
+};
 
 
-struct tag_info 
+struct tag_info
 {
   int class;
   int is_constructed;
@@ -173,7 +173,7 @@ struct tag_info
    the tag and the length part from the TLV triplet.  Update BUFFER
    and SIZE on success.  Checks that the encoded length does not
    exhaust the length of the provided buffer. */
-static int 
+static int
 parse_tag (unsigned char const **buffer, size_t *size, struct tag_info *ti)
 {
   int c;
@@ -239,13 +239,13 @@ parse_tag (unsigned char const **buffer, size_t *size, struct tag_info *ti)
         }
       ti->length = len;
     }
-  
+
   if (ti->class == UNIVERSAL && !ti->tag)
     ti->length = 0;
 
   if (ti->length > length)
     return -1; /* data larger than buffer. */
-  
+
   *buffer = buf;
   *size = length;
   return 0;
@@ -262,9 +262,9 @@ parse_tag (unsigned char const **buffer, size_t *size, struct tag_info *ti)
           [...]
      04    2:         OCTET STRING
             :           00 00
-            :         } -- This denotes a Null tag and are the last 
+            :         } -- This denotes a Null tag and are the last
                         -- two bytes in INPUT.
-   
+
    Create a new buffer with the content of that octet string.  INPUT
    is the orginal buffer with a length as stored at LENGTH.  Returns
    NULL on error or a new malloced buffer with the length of this new
@@ -291,7 +291,7 @@ cram_octet_string (const unsigned char *input, size_t *length,
     {
       if (parse_tag (&s, &n, &ti))
         goto bailout;
-      if (ti.class == UNIVERSAL && ti.tag == TAG_OCTET_STRING 
+      if (ti.class == UNIVERSAL && ti.tag == TAG_OCTET_STRING
           && !ti.ndef && !ti.is_constructed)
         {
           memcpy (d, s, ti.length);
@@ -300,7 +300,7 @@ cram_octet_string (const unsigned char *input, size_t *length,
           n -= ti.length;
         }
       else if (ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed)
-        break; /* Ready */ 
+        break; /* Ready */
       else
         goto bailout;
     }
@@ -320,7 +320,7 @@ cram_octet_string (const unsigned char *input, size_t *length,
 
 
 
-static int 
+static int
 string_to_key (int id, char *salt, size_t saltlen, int iter, const char *pw,
                int req_keylen, unsigned char *keybuf)
 {
@@ -345,7 +345,7 @@ string_to_key (int id, char *salt, size_t saltlen, int iter, const char *pw,
       log_error ("salt too short\n");
       return -1;
     }
-  
+
   /* Store salt and password in BUF_I */
   p = buf_i;
   for(i=0; i < 64; i++)
@@ -381,7 +381,7 @@ string_to_key (int id, char *salt, size_t saltlen, int iter, const char *pw,
           gcry_mpi_release (num_b1);
           return 0; /* ready */
         }
-      
+
       /* need more bytes. */
       for(i=0; i < 64; i++)
         buf_b[i] = hash[i % 20];
@@ -418,7 +418,7 @@ string_to_key (int id, char *salt, size_t saltlen, int iter, const char *pw,
 }
 
 
-static int 
+static int
 set_key_iv (gcry_cipher_hd_t chd, char *salt, size_t saltlen, int iter,
             const char *pw, int keybytes)
 {
@@ -454,7 +454,7 @@ crypt_block (unsigned char *buffer, size_t length, char *salt, size_t saltlen,
   gcry_cipher_hd_t chd;
   int rc;
 
-  rc = gcry_cipher_open (&chd, cipher_algo, GCRY_CIPHER_MODE_CBC, 0); 
+  rc = gcry_cipher_open (&chd, cipher_algo, GCRY_CIPHER_MODE_CBC, 0);
   if (rc)
     {
       log_error ( "gcry_cipher_open failed: %s\n", gpg_strerror(rc));
@@ -481,7 +481,7 @@ crypt_block (unsigned char *buffer, size_t length, char *salt, size_t saltlen,
  leave:
   gcry_cipher_close (chd);
 }
-  
+
 
 /* Decrypt a block of data and try several encodings of the key.
    CIPHERTEXT is the encrypted data of size LENGTH bytes; PLAINTEXT is
@@ -555,7 +555,7 @@ decrypt_block (const void *ciphertext, unsigned char *plaintext, size_t length,
           outptr = convertedpw;
           outbytes = convertedpwsize - 1;
           if ( jnlib_iconv (cd, (const char **)&inptr, &inbytes,
-                      &outptr, &outbytes) == (size_t)-1) 
+                      &outptr, &outbytes) == (size_t)-1)
             {
               jnlib_iconv_close (cd);
               continue;
@@ -591,7 +591,7 @@ bag_decrypted_data_p (const void *plaintext, size_t length)
   /*       exit (2); */
   /*     fclose (fp); */
   /*   } */
-  
+
   if (parse_tag (&p, &n, &ti))
     return 0;
   if (ti.class || ti.tag != TAG_SEQUENCE)
@@ -599,7 +599,7 @@ bag_decrypted_data_p (const void *plaintext, size_t length)
   if (parse_tag (&p, &n, &ti))
     return 0;
 
-  return 1; 
+  return 1;
 }
 
 /* Note: If R_RESULT is passed as NULL, a key object as already be
@@ -666,7 +666,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
     goto bailout;
   if (parse_tag (&p, &n, &ti))
     goto bailout;
-  if (!ti.class && ti.tag == TAG_OBJECT_ID 
+  if (!ti.class && ti.tag == TAG_OBJECT_ID
       && ti.length == DIM(oid_pbeWithSHAAnd40BitRC2_CBC)
       && !memcmp (p, oid_pbeWithSHAAnd40BitRC2_CBC,
                   DIM(oid_pbeWithSHAAnd40BitRC2_CBC)))
@@ -674,7 +674,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
       p += DIM(oid_pbeWithSHAAnd40BitRC2_CBC);
       n -= DIM(oid_pbeWithSHAAnd40BitRC2_CBC);
     }
-  else if (!ti.class && ti.tag == TAG_OBJECT_ID 
+  else if (!ti.class && ti.tag == TAG_OBJECT_ID
       && ti.length == DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC)
       && !memcmp (p, oid_pbeWithSHAAnd3_KeyTripleDES_CBC,
                   DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC)))
@@ -707,10 +707,10 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
   for (iter=0; ti.length; ti.length--)
     {
       iter <<= 8;
-      iter |= (*p++) & 0xff; 
+      iter |= (*p++) & 0xff;
       n--;
     }
-  
+
   where = "rc2or3des-ciphertext";
   if (parse_tag (&p, &n, &ti))
     goto bailout;
@@ -734,7 +734,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
     ;
   else
     goto bailout;
-  
+
   log_info ("%lu bytes of %s encrypted text\n",ti.length,is_3des?"3DES":"RC2");
 
   plain = gcry_malloc_secure (ti.length);
@@ -743,8 +743,8 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
       log_error ("error allocating decryption buffer\n");
       goto bailout;
     }
-  decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw, 
-                 is_3des? GCRY_CIPHER_3DES : GCRY_CIPHER_RFC2268_40, 
+  decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw,
+                 is_3des? GCRY_CIPHER_3DES : GCRY_CIPHER_RFC2268_40,
                  bag_decrypted_data_p);
   n = ti.length;
   startoffset = 0;
@@ -891,7 +891,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
               len -= ti.length;
               if (!result_count && ti.length == 1 && !*p)
                 ; /* ignore the very first one if it is a 0 */
-              else 
+              else
                 {
                   int rc;
 
@@ -927,7 +927,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
             goto bailout;
           p += DIM(oid_x509Certificate_for_pkcs_12);
           n -= DIM(oid_x509Certificate_for_pkcs_12);
-          
+
           where = "certbag.before.octetstring";
           if (parse_tag (&p, &n, &ti))
             goto bailout;
@@ -937,11 +937,11 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
             goto bailout;
           if (ti.class || ti.tag != TAG_OCTET_STRING || ti.ndef)
             goto bailout;
-          
+
           /* Return the certificate. */
           if (certcb)
             certcb (certcbarg, p, ti.length);
-   
+
           p += ti.length;
           n -= ti.length;
         }
@@ -951,7 +951,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
          reasonable assume that all valid data will be longer than
          just one block. */
       if (n <= 8)
-        n = 0;  
+        n = 0;
 
       /* Skip the optional SET with the pkcs12 cert attributes. */
       if (n)
@@ -974,7 +974,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
             goto bailout;
         }
     }
-  
+
   if (r_consumed)
     *r_consumed = consumed;
   gcry_free (plain);
@@ -1033,7 +1033,7 @@ bag_data_p (const void *plaintext, size_t length)
       || ti.length != 1 || *p)
     return 0;
 
-  return 1; 
+  return 1;
 }
 
 
@@ -1081,7 +1081,7 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset,
         *r_consumed = consumed;
       r_consumed = NULL; /* Ugly hack to not update that value any further. */
     }
-  
+
 
   where = "data.outerseqs";
   if (parse_tag (&p, &n, &ti))
@@ -1148,18 +1148,18 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset,
   for (iter=0; ti.length; ti.length--)
     {
       iter <<= 8;
-      iter |= (*p++) & 0xff; 
+      iter |= (*p++) & 0xff;
       n--;
     }
-  
+
   where = "3des-ciphertext";
   if (parse_tag (&p, &n, &ti))
     goto bailout;
   if (ti.class || ti.tag != TAG_OCTET_STRING || !ti.length )
     goto bailout;
-  
+
   log_info ("%lu bytes of 3DES encrypted text\n", ti.length);
-  
+
   plain = gcry_malloc_secure (ti.length);
   if (!plain)
     {
@@ -1167,8 +1167,8 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset,
       goto bailout;
     }
   consumed += p - p_start + ti.length;
-  decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw, 
-                 GCRY_CIPHER_3DES, 
+  decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw,
+                 GCRY_CIPHER_3DES,
                  bag_data_p);
   n = ti.length;
   startoffset = 0;
@@ -1230,7 +1230,7 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset,
       len -= ti.length;
       if (!result_count && ti.length == 1 && !*p)
         ; /* ignore the very first one if it is a 0 */
-      else 
+      else
         {
           rc = gcry_mpi_scan (result+result_count, GCRYMPI_FMT_USG, p,
                               ti.length, NULL);
@@ -1304,7 +1304,7 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
   if (ti.tag != TAG_INTEGER || ti.length != 1 || *p != 3)
     goto bailout;
   p++; n--;
-  
+
   where = "authSave";
   if (parse_tag (&p, &n, &ti))
     goto bailout;
@@ -1352,7 +1352,7 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
       if (parse_tag (&p, &n, &ti))
         goto bailout;
       if (bagseqndef && ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed)
-        break; /* Ready */ 
+        break; /* Ready */
       if (ti.class != UNIVERSAL || ti.tag != TAG_SEQUENCE)
         goto bailout;
 
@@ -1371,9 +1371,9 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
       if (parse_tag (&p, &n, &ti))
         goto bailout;
       if (lenndef)
-        len = ti.nhdr; 
+        len = ti.nhdr;
       else
-        len -= ti.nhdr; 
+        len -= ti.nhdr;
 
       if (ti.tag == TAG_OBJECT_ID && ti.length == DIM(oid_encryptedData)
           && !memcmp (p, oid_encryptedData, DIM(oid_encryptedData)))
@@ -1436,7 +1436,7 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
             goto bailout;
         }
     }
-  
+
   gcry_free (cram_buffer);
   return result;
  bailout:
@@ -1458,7 +1458,7 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
 
 static size_t
 compute_tag_length (size_t n)
-{     
+{
   int needed = 0;
 
   if (n < 128)
@@ -1477,7 +1477,7 @@ compute_tag_length (size_t n)
 
 static unsigned char *
 store_tag_length (unsigned char *p, int tag, size_t n)
-{     
+{
   if (tag == TAG_SEQUENCE)
     tag |= 0x20; /* constructed */
 
@@ -1576,7 +1576,7 @@ create_final (struct buffer_s *sequences, const char *pw, size_t *r_length)
 
   /* 1. Store the version integer 3. */
   *p++ = TAG_INTEGER;
-  *p++ = 1; 
+  *p++ = 1;
   *p++ = 3;
 
   /* 2. Store another sequence. */
@@ -1584,8 +1584,8 @@ create_final (struct buffer_s *sequences, const char *pw, size_t *r_length)
 
   /* 3. Store the data OID. */
   p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data));
-  memcpy (p, oid_data, DIM (oid_data)); 
-  p += DIM (oid_data); 
+  memcpy (p, oid_data, DIM (oid_data));
+  p += DIM (oid_data);
 
   /* 4. Next comes a context tag. */
   p = store_tag_length (p, 0xa0, len[4]);
@@ -1662,7 +1662,7 @@ create_final (struct buffer_s *sequences, const char *pw, size_t *r_length)
        SEQUENCE {
          INTEGER 0
          INTEGER
-         INTEGER 
+         INTEGER
          INTEGER
          INTEGER
          INTEGER
@@ -1672,9 +1672,9 @@ create_final (struct buffer_s *sequences, const char *pw, size_t *r_length)
          }
        }
      }
-*/  
-  
-static unsigned char * 
+*/
+
+static unsigned char *
 build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
 {
   int rc, i;
@@ -1727,7 +1727,7 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
   if (!n)
     return NULL;
   needed += n;
-  
+
   /* allocate 8 extra bytes for padding */
   plain = gcry_malloc_secure (needed+8);
   if (!plain)
@@ -1735,7 +1735,7 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
       log_error ("error allocating encryption buffer\n");
       return NULL;
     }
-  
+
   /* And now fill the plaintext buffer. */
   p = plain;
   p = store_tag_length (p, TAG_SEQUENCE, outseqlen);
@@ -1746,8 +1746,8 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
   /* Store object identifier sequence. */
   p = store_tag_length (p, TAG_SEQUENCE, oidseqlen);
   p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_rsaEncryption));
-  memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption)); 
-  p += DIM (oid_rsaEncryption); 
+  memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption));
+  p += DIM (oid_rsaEncryption);
   *p++ = TAG_NULL;
   *p++ = 0;
   /* Start with the octet string. */
@@ -1769,7 +1769,7 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
           return NULL;
         }
       p = store_tag_length (p, TAG_INTEGER, n);
-      
+
       n = plain + needed - p;
       rc = gcry_mpi_print (GCRYMPI_FMT_STD, p, n, &n, kparms[i]);
       if (rc)
@@ -1864,8 +1864,8 @@ build_key_bag (unsigned char *buffer, size_t buflen, char *salt,
 
   /* 1. Store the data OID. */
   p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data));
-  memcpy (p, oid_data, DIM (oid_data)); 
-  p += DIM (oid_data); 
+  memcpy (p, oid_data, DIM (oid_data));
+  p += DIM (oid_data);
 
   /* 2. Store a [0] tag. */
   p = store_tag_length (p, 0xa0, len[2]);
@@ -1881,8 +1881,8 @@ build_key_bag (unsigned char *buffer, size_t buflen, char *salt,
   p = store_tag_length (p, TAG_OBJECT_ID,
                         DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag));
   memcpy (p, oid_pkcs_12_pkcs_8ShroudedKeyBag,
-          DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag)); 
-  p += DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag); 
+          DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag));
+  p += DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag);
 
   /* 7. Store a [0] tag. */
   p = store_tag_length (p, 0xa0, len[7]);
@@ -1918,7 +1918,7 @@ build_key_bag (unsigned char *buffer, size_t buflen, char *salt,
   if (needed != keybaglen)
     log_debug ("length mismatch: %lu, %lu\n",
                (unsigned long)needed, (unsigned long)keybaglen);
-  
+
   *r_length = keybaglen;
   return keybag;
 }
@@ -1981,8 +1981,8 @@ build_cert_bag (unsigned char *buffer, size_t buflen, char *salt,
 
   /* 1. Store the encryptedData OID. */
   p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_encryptedData));
-  memcpy (p, oid_encryptedData, DIM (oid_encryptedData)); 
-  p += DIM (oid_encryptedData); 
+  memcpy (p, oid_encryptedData, DIM (oid_encryptedData));
+  p += DIM (oid_encryptedData);
 
   /* 2. Store a [0] tag. */
   p = store_tag_length (p, 0xa0, len[2]);
@@ -1992,7 +1992,7 @@ build_cert_bag (unsigned char *buffer, size_t buflen, char *salt,
 
   /* 4. Store the integer 0. */
   *p++ = TAG_INTEGER;
-  *p++ = 1; 
+  *p++ = 1;
   *p++ = 0;
 
   /* 5. Store a sequence. */
@@ -2000,8 +2000,8 @@ build_cert_bag (unsigned char *buffer, size_t buflen, char *salt,
 
   /* 6. Store the data OID. */
   p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data));
-  memcpy (p, oid_data, DIM (oid_data)); 
-  p += DIM (oid_data); 
+  memcpy (p, oid_data, DIM (oid_data));
+  p += DIM (oid_data);
 
   /* 7. Now for the pre-encoded algorithm identifier and the salt. */
   memcpy (p, data_rc2iter2048, DIM (data_rc2iter2048));
@@ -2013,7 +2013,7 @@ build_cert_bag (unsigned char *buffer, size_t buflen, char *salt,
   memcpy (p, buffer, buflen);
   p += buflen;
   certbaglen = p - certbag;
-  
+
   if (needed != certbaglen)
     log_debug ("length mismatch: %lu, %lu\n",
                (unsigned long)needed, (unsigned long)certbaglen);
@@ -2024,7 +2024,7 @@ build_cert_bag (unsigned char *buffer, size_t buflen, char *salt,
 
 
 static unsigned char *
-build_cert_sequence (const unsigned char *buffer, size_t buflen, 
+build_cert_sequence (const unsigned char *buffer, size_t buflen,
                      const unsigned char *sha1hash, const char *keyidstr,
                      size_t *r_length)
 {
@@ -2089,8 +2089,8 @@ build_cert_sequence (const unsigned char *buffer, size_t buflen,
 
   /* 2. Store the pkcs12-cert-bag OID. */
   p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_pkcs_12_CertBag));
-  memcpy (p, oid_pkcs_12_CertBag, DIM (oid_pkcs_12_CertBag)); 
-  p += DIM (oid_pkcs_12_CertBag); 
+  memcpy (p, oid_pkcs_12_CertBag, DIM (oid_pkcs_12_CertBag));
+  p += DIM (oid_pkcs_12_CertBag);
 
   /* 3. Store a [0] tag. */
   p = store_tag_length (p, 0xa0, len[3]);
@@ -2102,8 +2102,8 @@ build_cert_sequence (const unsigned char *buffer, size_t buflen,
   p = store_tag_length (p, TAG_OBJECT_ID,
                         DIM (oid_x509Certificate_for_pkcs_12));
   memcpy (p, oid_x509Certificate_for_pkcs_12,
-          DIM (oid_x509Certificate_for_pkcs_12)); 
-  p += DIM (oid_x509Certificate_for_pkcs_12); 
+          DIM (oid_x509Certificate_for_pkcs_12));
+  p += DIM (oid_x509Certificate_for_pkcs_12);
 
   /* 6. Store a [0] tag. */
   p = store_tag_length (p, 0xa0, len[6]);
@@ -2112,7 +2112,7 @@ build_cert_sequence (const unsigned char *buffer, size_t buflen,
   p = store_tag_length (p, TAG_OCTET_STRING, buflen);
   memcpy (p, buffer, buflen);
   p += buflen;
-  
+
   /* Append the attributes whose length we calculated at step 2b. */
   if (sha1hash)
     {
@@ -2133,7 +2133,7 @@ build_cert_sequence (const unsigned char *buffer, size_t buflen,
   n = 8 - certseqlen % 8;
   for (i=0; i < n; i++, certseqlen++)
     *p++ = n;
-  
+
   *r_length = certseqlen;
   return certseq;
 }
@@ -2143,7 +2143,7 @@ build_cert_sequence (const unsigned char *buffer, size_t buflen,
    Create a PKCS structure from it and return it as well as the length
    in R_LENGTH; return NULL in case of an error.  If CHARSET is not
    NULL, re-encode PW to that character set. */
-unsigned char * 
+unsigned char *
 p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
            const char *pw, const char *charset, size_t *r_length)
 {
@@ -2193,7 +2193,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
       outptr = pwbuf;
       outbytes = pwbufsize - 1;
       if ( jnlib_iconv (cd, (const char **)&inptr, &inbytes,
-                      &outptr, &outbytes) == (size_t)-1) 
+                      &outptr, &outbytes) == (size_t)-1)
         {
           log_error ("error converting passphrase to"
                      " requested charset `%s': %s\n",
@@ -2225,7 +2225,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
       gcry_randomize (salt, 8, GCRY_STRONG_RANDOM);
       crypt_block (buffer, buflen, salt, 8, 2048, pw,
                    GCRY_CIPHER_RFC2268_40, 1);
-      
+
       /* Encode the encrypted stuff into a bag. */
       seqlist[seqlistidx].buffer = build_cert_bag (buffer, buflen, salt, &n);
       seqlist[seqlistidx].length = n;
@@ -2243,14 +2243,14 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
       buffer = build_key_sequence (kparms, &buflen);
       if (!buffer)
         goto failure;
-      
+
       /* Encrypt it. */
       gcry_randomize (salt, 8, GCRY_STRONG_RANDOM);
       crypt_block (buffer, buflen, salt, 8, 2048, pw, GCRY_CIPHER_3DES, 1);
 
       /* Encode the encrypted stuff into a bag. */
       if (cert && certlen)
-        seqlist[seqlistidx].buffer = build_key_bag (buffer, buflen, salt, 
+        seqlist[seqlistidx].buffer = build_key_bag (buffer, buflen, salt,
                                                     sha1hash, keyidstr, &n);
       else
         seqlist[seqlistidx].buffer = build_key_bag (buffer, buflen, salt,
@@ -2284,7 +2284,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
 
 #ifdef TEST
 
-static void 
+static void
 cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
 {
   printf ("got a certificate of %u bytes length\n", certlen);
@@ -2315,7 +2315,7 @@ main (int argc, char **argv)
       fprintf (stderr, "can't open `%s': %s\n", argv[1], strerror (errno));
       return 1;
     }
-  
+
   if (fstat (fileno(fp), &st))
     {
       fprintf (stderr, "can't stat `%s': %s\n", argv[1], strerror (errno));
diff --git a/sm/misc.c b/sm/misc.c
index 58ef4833c..2d6cdd6b5 100644
--- a/sm/misc.c
+++ b/sm/misc.c
@@ -86,4 +86,3 @@ setup_pinentry_env (void)
 
 #endif /*!HAVE_W32_SYSTEM*/
 }
-
diff --git a/sm/qualified.c b/sm/qualified.c
index bb8e78f7f..b24b65eaf 100644
--- a/sm/qualified.c
+++ b/sm/qualified.c
@@ -89,13 +89,13 @@ read_list (char *key, char *country, int *lnr)
                                  : GPG_ERR_INCOMPLETE_LINE);
         }
       ++*lnr;
-      
+
       /* Allow for empty lines and spaces */
       for (p=line; spacep (p); p++)
         ;
     }
   while (!*p || *p == '\n' || *p == '#');
-  
+
   for (i=j=0; (p[i] == ':' || hexdigitp (p+i)) && j < 40; i++)
     if ( p[i] != ':' )
       key[j++] = p[i] >= 'a'? (p[i] & 0xdf): p[i];
@@ -110,8 +110,8 @@ read_list (char *key, char *country, int *lnr)
   i++;
   while (spacep (p+i))
     i++;
-  if ( p[i] >= 'a' && p[i] <= 'z' 
-       && p[i+1] >= 'a' && p[i+1] <= 'z' 
+  if ( p[i] >= 'a' && p[i] <= 'z'
+       && p[i+1] >= 'a' && p[i+1] <= 'z'
        && (spacep (p+i+2) || p[i+2] == '\n'))
     {
       country[0] = p[i];
@@ -135,7 +135,7 @@ read_list (char *key, char *country, int *lnr)
    as maintained by gpg-agent and includes fingerprints of root
    certificates to be used for qualified (legally binding like
    handwritten) signatures.  We keep this list system wide and not
-   per user because it is not a decision of the user. 
+   per user because it is not a decision of the user.
 
    Returns: 0 if the certificate is included.  GPG_ERR_NOT_FOUND if it
    is not in the list or any other error (e.g. if no list of
@@ -210,7 +210,7 @@ gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert)
                   "equated to a handwritten signature.\n\n%s%s"
                   "Are you really sure that you want to do this?"),
                 subject? subject:"?",
-                opt.qualsig_approval? 
+                opt.qualsig_approval?
                 "":
                 _("Note, that this software is not officially approved "
                   "to create or verify such signatures.\n"),
@@ -246,7 +246,7 @@ gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert)
         *p++ = *s;
     }
   *p = 0;
-  free (name); 
+  free (name);
 
 
   err = gpgsm_agent_get_confirmation (ctrl, buffer);
@@ -315,7 +315,7 @@ gpgsm_not_qualified_warning (ctrl_t ctrl, ksba_cert_t cert)
         *p++ = *s;
     }
   *p = 0;
-  free (name); 
+  free (name);
 
 
   err = gpgsm_agent_get_confirmation (ctrl, buffer);
diff --git a/sm/server.c b/sm/server.c
index 6eaadd768..19c4a1678 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -1,4 +1,4 @@
-/* server.c - Server mode and main entry point 
+/* server.c - Server mode and main entry point
  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
  *               2010 Free Software Foundation, Inc.
  *
@@ -81,7 +81,7 @@ strcpy_escaped_plus (char *d, const char *s)
   while (*s)
     {
       if (*s == '%' && s[1] && s[2])
-        { 
+        {
           s++;
           *d++ = xtoi_2 (s);
           s += 2;
@@ -91,11 +91,11 @@ strcpy_escaped_plus (char *d, const char *s)
       else
         *d++ = *s++;
     }
-  *d = 0; 
+  *d = 0;
 }
 
 
-/* Skip over options.  
+/* Skip over options.
    Blanks after the options are also removed. */
 static char *
 skip_options (const char *line)
@@ -158,7 +158,7 @@ data_line_cookie_close (void *cookie)
 }
 
 
-static void 
+static void
 close_message_fd (ctrl_t ctrl)
 {
   if (ctrl->server_local->message_fd != -1)
@@ -180,7 +180,7 @@ start_audit_session (ctrl_t ctrl)
   ctrl->audit = NULL;
   if (ctrl->server_local->enable_audit_log && !(ctrl->audit = audit_new ()) )
     return gpg_error_from_syserror ();
-  
+
   return 0;
 }
 
@@ -338,9 +338,9 @@ input_notify (assuan_context_t ctx, char *line)
   ctrl->is_pem = 0;
   ctrl->is_base64 = 0;
   if (strstr (line, "--armor"))
-    ctrl->is_pem = 1;  
+    ctrl->is_pem = 1;
   else if (strstr (line, "--base64"))
-    ctrl->is_base64 = 1; 
+    ctrl->is_base64 = 1;
   else if (strstr (line, "--binary"))
     ;
   else
@@ -356,14 +356,14 @@ output_notify (assuan_context_t ctx, char *line)
   ctrl->create_pem = 0;
   ctrl->create_base64 = 0;
   if (strstr (line, "--armor"))
-    ctrl->create_pem = 1;  
+    ctrl->create_pem = 1;
   else if (strstr (line, "--base64"))
     ctrl->create_base64 = 1; /* just the raw output */
   return 0;
 }
 
 
-static const char hlp_recipient[] = 
+static const char hlp_recipient[] =
   "RECIPIENT \n"
   "\n"
   "Set the recipient for the encryption.  USERID shall be the\n"
@@ -399,7 +399,7 @@ cmd_recipient (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_signer[] = 
+static const char hlp_signer[] =
   "SIGNER \n"
   "\n"
   "Set the signer's keys for the signature creation.  USERID should\n"
@@ -423,18 +423,18 @@ cmd_signer (assuan_context_t ctx, char *line)
                               &ctrl->server_local->signerlist, 0);
   if (rc)
     {
-      gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+      gpgsm_status2 (ctrl, STATUS_INV_SGNR,
                      get_inv_recpsgnr_code (rc), line, NULL);
       /* For compatibiliy reasons we also issue the old code after the
          new one.  */
-      gpgsm_status2 (ctrl, STATUS_INV_RECP, 
+      gpgsm_status2 (ctrl, STATUS_INV_RECP,
                      get_inv_recpsgnr_code (rc), line, NULL);
     }
   return rc;
 }
 
 
-static const char hlp_encrypt[] = 
+static const char hlp_encrypt[] =
   "ENCRYPT \n"
   "\n"
   "Do the actual encryption process. Takes the plaintext from the INPUT\n"
@@ -469,7 +469,7 @@ cmd_encrypt (assuan_context_t ctx, char *line)
   out_fp = es_fdopen_nc (out_fd, "w");
   if (!out_fp)
     return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
-  
+
   /* Now add all encrypt-to marked recipients from the default
      list. */
   rc = 0;
@@ -498,7 +498,7 @@ cmd_encrypt (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_decrypt[] = 
+static const char hlp_decrypt[] =
   "DECRYPT\n"
   "\n"
   "This performs the decrypt operation after doing some check on the\n"
@@ -529,7 +529,7 @@ cmd_decrypt (assuan_context_t ctx, char *line)
 
   rc = start_audit_session (ctrl);
   if (!rc)
-    rc = gpgsm_decrypt (ctrl, inp_fd, out_fp); 
+    rc = gpgsm_decrypt (ctrl, inp_fd, out_fp);
   es_fclose (out_fp);
 
   /* Close and reset the fds. */
@@ -541,7 +541,7 @@ cmd_decrypt (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_verify[] = 
+static const char hlp_verify[] =
   "VERIFY\n"
   "\n"
   "This does a verify operation on the message send to the input FD.\n"
@@ -586,7 +586,7 @@ cmd_verify (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_sign[] = 
+static const char hlp_sign[] =
   "SIGN [--detached]\n"
   "\n"
   "Sign the data set with the INPUT command and write it to the sink\n"
@@ -608,7 +608,7 @@ cmd_sign (assuan_context_t ctx, char *line)
   if (out_fd == -1)
     return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
 
-  detached = has_option (line, "--detached"); 
+  detached = has_option (line, "--detached");
 
   out_fp = es_fdopen_nc (out_fd, "w");
   if (!out_fp)
@@ -629,7 +629,7 @@ cmd_sign (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_import[] = 
+static const char hlp_import[] =
   "IMPORT [--re-import]\n"
   "\n"
   "Import the certificates read form the input-fd, return status\n"
@@ -647,7 +647,7 @@ cmd_import (assuan_context_t ctx, char *line)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   int rc;
   int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
-  int reimport = has_option (line, "--re-import"); 
+  int reimport = has_option (line, "--re-import");
 
   (void)line;
 
@@ -680,7 +680,7 @@ cmd_export (assuan_context_t ctx, char *line)
   char *p;
   strlist_t list, sl;
   int use_data;
-  
+
   use_data = has_option (line, "--data");
 
   if (use_data)
@@ -723,7 +723,7 @@ cmd_export (assuan_context_t ctx, char *line)
       if (!stream)
         {
           free_strlist (list);
-          return set_error (GPG_ERR_ASS_GENERAL, 
+          return set_error (GPG_ERR_ASS_GENERAL,
                             "error setting up a data stream");
         }
       gpgsm_export (ctrl, list, stream);
@@ -745,7 +745,7 @@ cmd_export (assuan_context_t ctx, char *line)
           free_strlist (list);
           return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
         }
-      
+
       gpgsm_export (ctrl, list, out_fp);
       es_fclose (out_fp);
     }
@@ -859,7 +859,7 @@ cmd_message (assuan_context_t ctx, char *line)
 
 
 
-static const char hlp_listkeys[] = 
+static const char hlp_listkeys[] =
   "LISTKEYS []\n"
   "LISTSECRETKEYS []\n"
   "DUMPKEYS []\n"
@@ -887,7 +887,7 @@ static const char hlp_listkeys[] =
   "\n"
   "  \"list-to-output\" set to true: Write output to the file descriptor\n"
   "                                given by the last \"OUTPUT\" command.";
-static int 
+static int
 do_listkeys (assuan_context_t ctx, char *line, int mode)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
@@ -934,12 +934,12 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
     {
       fp = es_fopencookie (ctx, "w", data_line_cookie_functions);
       if (!fp)
-        return set_error (GPG_ERR_ASS_GENERAL, 
+        return set_error (GPG_ERR_ASS_GENERAL,
                           "error setting up a data stream");
     }
-  
+
   ctrl->with_colons = 1;
-  listmode = mode; 
+  listmode = mode;
   if (ctrl->server_local->list_internal)
     listmode |= (1<<6);
   if (ctrl->server_local->list_external)
@@ -1040,8 +1040,8 @@ cmd_getauditlog (assuan_context_t ctx, char *line)
   int opt_data, opt_html;
   int rc;
 
-  opt_data = has_option (line, "--data"); 
-  opt_html = has_option (line, "--html"); 
+  opt_data = has_option (line, "--data");
+  opt_html = has_option (line, "--html");
   line = skip_options (line);
 
   if (!ctrl->audit)
@@ -1051,7 +1051,7 @@ cmd_getauditlog (assuan_context_t ctx, char *line)
     {
       out_stream = es_fopencookie (ctx, "w", data_line_cookie_functions);
       if (!out_stream)
-        return set_error (GPG_ERR_ASS_GENERAL, 
+        return set_error (GPG_ERR_ASS_GENERAL,
                           "error setting up a data stream");
     }
   else
@@ -1059,7 +1059,7 @@ cmd_getauditlog (assuan_context_t ctx, char *line)
       out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
       if (out_fd == -1)
         return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
-      
+
       out_stream = es_fdopen_nc (out_fd, "w");
       if (!out_stream)
         {
@@ -1078,7 +1078,7 @@ cmd_getauditlog (assuan_context_t ctx, char *line)
   return rc;
 }
 
-static const char hlp_getinfo[] = 
+static const char hlp_getinfo[] =
   "GETINFO \n"
   "\n"
   "Multipurpose function to return a variety of information.\n"
@@ -1169,7 +1169,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
     ;
   else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
     err = gpg_error (GPG_ERR_INTERNAL);
-  else 
+  else
     {
       char *desc = gpgsm_format_keydesc (cert);
       err = gpgsm_agent_passwd (ctrl, grip, desc);
@@ -1193,7 +1193,7 @@ command_has_option (const char *cmd, const char *cmdopt)
       if (!strcmp (cmdopt, "re-import"))
         return 1;
     }
-      
+
   return 0;
 }
 
@@ -1215,8 +1215,8 @@ register_commands (assuan_context_t ctx)
     { "SIGN",          cmd_sign,      hlp_sign },
     { "IMPORT",        cmd_import,    hlp_import },
     { "EXPORT",        cmd_export,    hlp_export },
-    { "INPUT",         NULL,          hlp_input }, 
-    { "OUTPUT",        NULL,          hlp_output }, 
+    { "INPUT",         NULL,          hlp_input },
+    { "OUTPUT",        NULL,          hlp_output },
     { "MESSAGE",       cmd_message,   hlp_message },
     { "LISTKEYS",      cmd_listkeys,  hlp_listkeys },
     { "DUMPKEYS",      cmd_dumpkeys,  hlp_listkeys },
@@ -1237,7 +1237,7 @@ register_commands (assuan_context_t ctx)
                                     table[i].help);
       if (rc)
         return rc;
-    } 
+    }
   return 0;
 }
 
@@ -1340,7 +1340,7 @@ gpgsm_server (certlist_t default_recplist)
           log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
           break;
         }
-      
+
       rc = assuan_process (ctx);
       if (rc)
         {
@@ -1384,40 +1384,40 @@ gpgsm_status2 (ctrl_t ctrl, int no, ...)
             statusfp = stderr;
           else
             statusfp = fdopen (ctrl->status_fd, "w");
-      
+
           if (!statusfp)
             {
               log_fatal ("can't open fd %d for status output: %s\n",
                          ctrl->status_fd, strerror(errno));
             }
         }
-      
+
       fputs ("[GNUPG:] ", statusfp);
       fputs (get_status_string (no), statusfp);
-    
+
       while ( (text = va_arg (arg_ptr, const char*) ))
         {
           putc ( ' ', statusfp );
-          for (; *text; text++) 
+          for (; *text; text++)
             {
               if (*text == '\n')
                 fputs ( "\\n", statusfp );
               else if (*text == '\r')
                 fputs ( "\\r", statusfp );
-              else 
+              else
                 putc ( *(const byte *)text,  statusfp );
             }
         }
       putc ('\n', statusfp);
       fflush (statusfp);
     }
-  else 
+  else
     {
       assuan_context_t ctx = ctrl->server_local->assuan_ctx;
       char buf[950], *p;
       size_t n;
 
-      p = buf; 
+      p = buf;
       n = 0;
       while ( (text = va_arg (arg_ptr, const char *)) )
         {
@@ -1463,11 +1463,8 @@ gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
 gpg_error_t
 gpgsm_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
 {
-  if (!ctrl || !ctrl->server_local 
+  if (!ctrl || !ctrl->server_local
       || !ctrl->server_local->allow_pinentry_notify)
     return 0;
   return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
 }
-
-
-
diff --git a/sm/sign.c b/sm/sign.c
index 250363be9..0f83db60b 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -51,7 +51,7 @@ hash_data (int fd, gcry_md_hd_t md)
       return -1;
     }
 
-  do 
+  do
     {
       nread = es_fread (buffer, 1, DIM(buffer), fp);
       gcry_md_write (md, buffer, nread);
@@ -85,7 +85,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
       return tmperr;
     }
 
-  do 
+  do
     {
       nread = es_fread (buffer, 1, DIM(buffer), fp);
       if (nread)
@@ -154,7 +154,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
   do
     {
       rc = keydb_get_cert (hd, &cert);
-      if (rc) 
+      if (rc)
         {
           log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
           keydb_release (hd);
@@ -177,13 +177,13 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
             }
         }
 
-      ksba_cert_release (cert); 
+      ksba_cert_release (cert);
       cert = NULL;
     }
   while (!(rc = keydb_search_next (hd)));
   if (rc && rc != -1)
     log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
-  
+
   ksba_cert_release (cert);
   keydb_release (hd);
   return rc;
@@ -227,7 +227,7 @@ get_default_signer (ctrl_t ctrl)
     {
       log_debug ("failed to find default certificate: rc=%d\n", rc);
     }
-  else 
+  else
     {
       rc = keydb_get_cert (kh, &cert);
       if (rc)
@@ -243,7 +243,7 @@ get_default_signer (ctrl_t ctrl)
 /* Depending on the options in CTRL add the certificate CERT as well as
    other certificate up in the chain to the Root-CA to the CMS
    object. */
-static int 
+static int
 add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
 {
   gpg_error_t err;
@@ -304,7 +304,7 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
 
 
 
-/* Perform a sign operation.  
+/* Perform a sign operation.
 
    Sign the data received on DATA-FD in embedded mode or in detached
    mode when DETACHED is true.  Write the signature to OUT_FP.  The
@@ -382,7 +382,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
       if (!cert)
         {
           log_error ("no default signer found\n");
-          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR,
                          get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
           rc = gpg_error (GPG_ERR_GENERAL);
           goto leave;
@@ -398,7 +398,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
           char *tmpfpr;
 
           tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
-          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR,
                          get_inv_recpsgnr_code (rc), tmpfpr, NULL);
           xfree (tmpfpr);
           goto leave;
@@ -444,13 +444,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
         case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break;
         case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break;
 /*         case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */
-              
+
         case GCRY_MD_MD5:  /* We don't want to use MD5.  */
         case 0:            /* No algorithm found in cert.  */
         default:           /* Other algorithms.  */
           log_info (_("hash algorithm %d (%s) for signer %d not supported;"
                       " using %s\n"),
-                    cl->hash_algo, oid? oid: "?", i, 
+                    cl->hash_algo, oid? oid: "?", i,
                     gcry_md_algo_name (GCRY_MD_SHA1));
           cl->hash_algo = GCRY_MD_SHA1;
           oid = "1.3.14.3.2.26";
@@ -462,7 +462,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
   if (opt.verbose)
     {
       for (i=0, cl=signerlist; cl; cl = cl->next, i++)
-        log_info (_("hash algorithm used for signer %d: %s (%s)\n"), 
+        log_info (_("hash algorithm used for signer %d: %s (%s)\n"),
                   i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid);
     }
 
@@ -473,7 +473,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
       rc = gpgsm_cert_use_sign_p (cl->cert);
       if (rc)
         goto leave;
-      
+
       err = ksba_cms_add_signer (cms, cl->cert);
       if (err)
         {
@@ -509,13 +509,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
         {
           size_t buflen;
           char buffer[1];
-          
-          err = ksba_cert_get_user_data (cl->cert, "is_qualified", 
+
+          err = ksba_cert_get_user_data (cl->cert, "is_qualified",
                                          &buffer, sizeof (buffer), &buflen);
           if (err || !buflen)
             {
               log_error (_("checking for qualified certificate failed: %s\n"),
-                         gpg_strerror (err)); 
+                         gpg_strerror (err));
               rc = err;
               goto leave;
             }
@@ -619,7 +619,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
 
 
   /* Main building loop. */
-  do 
+  do
     {
       err = ksba_cms_build (cms, &stopreason);
       if (err)
@@ -630,7 +630,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
         }
 
       if (stopreason == KSBA_SR_BEGIN_DATA)
-        { 
+        {
           /* Hash the data and store the message digest. */
           unsigned char *digest;
           size_t digest_len;
@@ -663,7 +663,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
             }
         }
       else if (stopreason == KSBA_SR_NEED_SIG)
-        { 
+        {
           /* Compute the signature for all signers.  */
           gcry_md_hd_t md;
 
@@ -690,7 +690,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
                 for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next)
                   {
                     gcry_md_enable (md, cl_tmp->hash_algo);
-                    audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, 
+                    audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO,
                                  cl_tmp->hash_algo);
                   }
               }
@@ -703,7 +703,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
                   gcry_md_close (md);
                   goto leave;
                 }
-            
+
               rc = gpgsm_create_cms_signature (ctrl, cl->cert,
                                                md, cl->hash_algo, &sigval);
               if (rc)
@@ -738,8 +738,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
                 int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL);
                 buf = xtryasprintf ("%c %d %d 00 %s %s",
                                     detached? 'D':'S',
-                                    pkalgo, 
-                                    cl->hash_algo, 
+                                    pkalgo,
+                                    cl->hash_algo,
                                     signed_at,
                                     fpr);
                 if (!buf)
@@ -758,10 +758,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
           gcry_md_close (md);
         }
     }
-  while (stopreason != KSBA_SR_READY);   
+  while (stopreason != KSBA_SR_READY);
 
   rc = gpgsm_finish_writer (b64writer);
-  if (rc) 
+  if (rc)
     {
       log_error ("write failed: %s\n", gpg_strerror (rc));
       goto leave;
@@ -779,7 +779,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
     gpgsm_release_certlist (signerlist);
   ksba_cms_release (cms);
   gpgsm_destroy_writer (b64writer);
-  keydb_release (kh); 
+  keydb_release (kh);
   gcry_md_close (data_md);
   return rc;
 }
diff --git a/sm/verify.c b/sm/verify.c
index 7a13bcb7c..add1b445b 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -1,5 +1,5 @@
 /* verify.c - Verify a messages signature
- * Copyright (C) 2001, 2002, 2003, 2007, 
+ * Copyright (C) 2001, 2002, 2003, 2007,
  *               2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -23,7 +23,7 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
 #include 
 
@@ -38,7 +38,7 @@ static char *
 strtimestamp_r (ksba_isotime_t atime)
 {
   char *buffer = xmalloc (15);
-  
+
   if (!atime || !*atime)
     strcpy (buffer, "none");
   else
@@ -65,7 +65,7 @@ hash_data (int fd, gcry_md_hd_t md)
       return err;
     }
 
-  do 
+  do
     {
       nread = es_fread (buffer, 1, DIM(buffer), fp);
       gcry_md_write (md, buffer, nread);
@@ -166,7 +166,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
   audit_log (ctrl->audit, AUDIT_SETUP_READY);
 
   is_detached = 0;
-  do 
+  do
     {
       rc = ksba_cms_parse (cms, &stopreason);
       if (rc)
@@ -185,7 +185,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
       if (stopreason == KSBA_SR_NEED_HASH
           || stopreason == KSBA_SR_BEGIN_DATA)
-        { 
+        {
           audit_log (ctrl->audit, AUDIT_GOT_DATA);
 
           /* We are now able to enable the hash algorithms */
@@ -214,7 +214,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           if (opt.extra_digest_algo)
             {
               if (DBG_X509)
-                log_debug ("enabling extra hash algorithm %d\n", 
+                log_debug ("enabling extra hash algorithm %d\n",
                            opt.extra_digest_algo);
               gcry_md_enable (data_md, opt.extra_digest_algo);
               audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO,
@@ -242,12 +242,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0);
         }
     }
-  while (stopreason != KSBA_SR_READY);   
+  while (stopreason != KSBA_SR_READY);
 
   if (b64writer)
     {
       rc = gpgsm_finish_writer (b64writer);
-      if (rc) 
+      if (rc)
         {
           log_error ("write failed: %s\n", gpg_strerror (rc));
           audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc);
@@ -269,7 +269,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
          certificate first before entering it into the DB.  This way
          we would avoid cluttering the DB with invalid
          certificates. */
-      audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, 
+      audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert,
                       keydb_store_cert (cert, 0, NULL));
       ksba_cert_release (cert);
     }
@@ -345,7 +345,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
                              &algo, &is_enabled)
                || !is_enabled)
             {
-              log_error ("digest algo %d (%s) has not been enabled\n", 
+              log_error ("digest algo %d (%s) has not been enabled\n",
                          algo, algoid?algoid:"");
               audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported");
               goto next_signer;
@@ -356,7 +356,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           assert (!msgdigest);
           rc = 0;
           algoid = NULL;
-          algo = 0; 
+          algo = 0;
         }
       else /* real error */
         {
@@ -366,7 +366,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
       rc = ksba_cms_get_sigattr_oids (cms, signer,
                                       "1.2.840.113549.1.9.3", &ctattr);
-      if (!rc) 
+      if (!rc)
         {
           const char *s;
 
@@ -485,9 +485,9 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
               gpgsm_status (ctrl, STATUS_BADSIG, fpr);
               xfree (fpr);
               audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
-              goto next_signer; 
+              goto next_signer;
             }
-            
+
           audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo);
           rc = gcry_md_open (&md, sigval_hash_algo, 0);
           if (rc)
@@ -509,13 +509,13 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
               audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
               goto next_signer;
             }
-          rc = gpgsm_check_cms_signature (cert, sigval, md, 
+          rc = gpgsm_check_cms_signature (cert, sigval, md,
                                           sigval_hash_algo, &info_pkalgo);
           gcry_md_close (md);
         }
       else
         {
-          rc = gpgsm_check_cms_signature (cert, sigval, data_md, 
+          rc = gpgsm_check_cms_signature (cert, sigval, data_md,
                                           algo, &info_pkalgo);
         }
 
@@ -543,7 +543,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
       audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN);
       rc = gpgsm_validate_chain (ctrl, cert,
                                  *sigtime? sigtime : "19700101T000000",
-                                 keyexptime, 0, 
+                                 keyexptime, 0,
                                  NULL, 0, &verifyflags);
       {
         char *fpr, *buf, *tstr;
@@ -556,7 +556,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           }
         else
           gpgsm_status (ctrl, STATUS_GOODSIG, fpr);
-        
+
         xfree (fpr);
 
         fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
@@ -582,7 +582,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
             gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL,
                                         gpg_err_code (rc));
           else
-            gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL, 
+            gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL,
                                         gpg_err_code (rc));
           audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
           goto next_signer;
@@ -604,7 +604,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
       {
         size_t qualbuflen;
         char qualbuffer[1];
-        
+
         rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer,
                                       sizeof (qualbuffer), &qualbuflen);
         if (!rc && qualbuflen)
@@ -613,20 +613,20 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
               {
                 log_info (_("This is a qualified signature\n"));
                 if (!opt.qualsig_approval)
-                  log_info 
+                  log_info
                     (_("Note, that this software is not officially approved "
                        "to create or verify such signatures.\n"));
               }
-          }    
+          }
         else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
           log_error ("get_user_data(is_qualified) failed: %s\n",
-                     gpg_strerror (rc)); 
+                     gpg_strerror (rc));
       }
 
-      gpgsm_status (ctrl, STATUS_TRUST_FULLY, 
+      gpgsm_status (ctrl, STATUS_TRUST_FULLY,
                     (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)?
                     "0 chain": "0 shell");
-          
+
 
     next_signer:
       rc = 0;
@@ -643,7 +643,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
   ksba_cms_release (cms);
   gpgsm_destroy_reader (b64reader);
   gpgsm_destroy_writer (b64writer);
-  keydb_release (kh); 
+  keydb_release (kh);
   gcry_md_close (data_md);
   es_fclose (in_fp);
 
@@ -657,4 +657,3 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
   return rc;
 }
-
diff --git a/tests/ChangeLog b/tests/ChangeLog
index 124ff9b8f..b2e95f323 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -12,7 +12,7 @@
 2008-10-20  Werner Koch  
 
 	* asschk.c (cmd_echo): Mark unused arg.
-	(cmd_send, cmd_expect_ok, cmd_expect_err, cmd_pipeserver) 
+	(cmd_send, cmd_expect_ok, cmd_expect_err, cmd_pipeserver)
 	(cmd_quit_if, cmd_fail_if): Ditto.
 
 2008-09-29  Werner Koch  
@@ -108,7 +108,7 @@
 
 	* Makefile.am: Fixes for make dist.
 	* samplekets/Makefile.am: New.
-	
+
 2002-08-08  Werner Koch  
 
 	* asschk.c: Added some new features.
@@ -123,7 +123,7 @@
 
 	* Makefile.am, asschk.c: New.
 
-	
+
  Copyright 2002 Free Software Foundation, Inc.
 
  This file is free software; as a special exception the author gives
@@ -133,5 +133,3 @@
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-	
-
diff --git a/tests/Makefile.am b/tests/Makefile.am
index e9f3df232..70b5fe270 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,18 +1,18 @@
 # Makefile.am -tests makefile for libxtime
 #     	Copyright (C) 2002 Free Software Foundation, Inc.
-# 
+#
 # This file is part of GnuPG.
-# 
+#
 # GnuPG is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
@@ -52,10 +52,10 @@ EXTRA_DIST = runtest inittests $(testscripts) \
 # write new tests based on gpg-connect-agent which has a full fledged
 # script language and thus makes it far easier to write tests than to
 # use the low--level asschk stuff.
-TESTS = 
+TESTS =
 
 CLEANFILES = inittests.stamp x y y z out err \
-	     *.lock .\#lk* 
+	     *.lock .\#lk*
 
 DISTCLEANFILES = pubring.kbx~ random_seed
 
@@ -72,4 +72,3 @@ clean-local:
 inittests.stamp: inittests
 	srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
 	echo timestamp >./inittests.stamp
-
diff --git a/tests/asschk.c b/tests/asschk.c
index ec338e73d..3eb262178 100644
--- a/tests/asschk.c
+++ b/tests/asschk.c
@@ -19,12 +19,12 @@
 
 /* This is a simple stand-alone Assuan server test program.  We don't
    want to use the assuan library because we don't want to hide errors
-   in that library. 
+   in that library.
 
    The script language is line based.  Empty lines or lines containing
    only white spaces are ignored, line with a hash sign as first non
    white space character are treated as comments.
-   
+
    A simple macro mechanism is implemnted.  Macros are expanded before
    a line is processed but after comment processing.  Macros are only
    expanded once and non existing macros expand to the empty string.
@@ -79,7 +79,7 @@
       is ignored.
 
    count-status 
-      Initialize the assigned variable to 0 and assign it as an counter for 
+      Initialize the assigned variable to 0 and assign it as an counter for
       status code CODE.  This command must be called with an assignment.
 
    quit
@@ -252,7 +252,7 @@ writen (int fd, const char *buffer, size_t length)
   while (length)
     {
       int nwritten = write (fd, buffer, length);
-      
+
       if (nwritten < 0)
         {
           if (errno == EINTR)
@@ -306,7 +306,7 @@ read_assuan (int fd)
             }
           while (n < 0 && errno == EINTR);
         }
-      
+
       if (opt_verbose && n >= 0 )
 	{
 	  int i;
@@ -324,7 +324,7 @@ read_assuan (int fd)
       p = buf;
       nleft -= n;
       buf += n;
-      
+
       for (; n && *p != '\n'; n--, p++)
         ;
       if (n)
@@ -369,7 +369,7 @@ read_assuan (int fd)
       recv_type = LINE_END;
       p += 3;
     }
-  else 
+  else
     die_1 ("invalid line type (%.5s)", p);
 
   return p;
@@ -451,7 +451,7 @@ start_server (const char *pgmname)
 
       close (wp[1]);
       close (rp[0]);
-      execl (pgmname, arg0, "--server", NULL); 
+      execl (pgmname, arg0, "--server", NULL);
       die_2 ("exec failed for `%s': %s", pgmname, strerror (errno));
     }
   close (wp[0]);
@@ -503,7 +503,7 @@ set_type_var (const char *name, const char *value, VARTYPE type)
   VARIABLE var;
 
   if (!name)
-    name = "?"; 
+    name = "?";
   for (var=variable_list; var && strcmp (var->name, name); var = var->next)
     ;
   if (!var)
@@ -524,7 +524,7 @@ set_type_var (const char *name, const char *value, VARTYPE type)
       if (fd != -1 && fd != 0 && fd != 1 && fd != 2)
           close (fd);
     }
-  
+
   var->type = type;
   var->count = 0;
   if (var->type == VARTYPE_COUNTER)
@@ -598,7 +598,7 @@ expand_line (char *buffer)
       p = strchr (line, '$');
       if (!p)
         return result; /* nothing more to expand */
-      
+
       if (p[1] == '$') /* quoted */
         {
           memmove (p, p+1, strlen (p+1)+1);
@@ -650,7 +650,7 @@ expand_line (char *buffer)
 
 
 /* Evaluate COND and return the result. */
-static int 
+static int
 eval_boolean (const char *cond)
 {
   int true = 1;
@@ -687,7 +687,7 @@ cmd_send (const char *assign_to, char *arg)
   (void)assign_to;
   if (opt_verbose)
     fprintf (stderr, "sending `%s'\n", arg);
-  write_assuan (server_send_fd, arg); 
+  write_assuan (server_send_fd, arg);
 }
 
 static void
@@ -776,12 +776,12 @@ cmd_openfile (const char *assign_to, char *arg)
   int fd;
   char numbuf[20];
 
-  do 
+  do
     fd = open (arg, O_RDONLY);
   while (fd == -1 && errno == EINTR);
   if (fd == -1)
     die_2 ("error opening `%s': %s", arg, strerror (errno));
-  
+
   sprintf (numbuf, "%d", fd);
   set_type_var (assign_to, numbuf, VARTYPE_FD);
 }
@@ -792,7 +792,7 @@ cmd_createfile (const char *assign_to, char *arg)
   int fd;
   char numbuf[20];
 
-  do 
+  do
     fd = open (arg, O_WRONLY|O_CREAT|O_TRUNC, 0666);
   while (fd == -1 && errno == EINTR);
   if (fd == -1)
@@ -845,7 +845,7 @@ cmd_cmpfiles (const char *assign_to, char *arg)
   size_t nread1, nread2;
   int rc = 0;
 
-  set_var (assign_to, "0"); 
+  set_var (assign_to, "0");
   for (p=arg; *p && !spacep (p); p++)
     ;
   if (!*p)
@@ -862,7 +862,7 @@ cmd_cmpfiles (const char *assign_to, char *arg)
       if (*p)
         die_0 ("cmpfiles: syntax error");
     }
-  
+
   fp1 = fopen (arg, "rb");
   if (!fp1)
     {
@@ -893,7 +893,7 @@ cmd_cmpfiles (const char *assign_to, char *arg)
     {
       if (opt_verbose)
         err ("files match");
-      set_var (assign_to, "1"); 
+      set_var (assign_to, "1");
     }
   else if (!rc)
     err ("cmpfiles: read error: %s", strerror (errno));
@@ -1089,4 +1089,3 @@ main (int argc, char **argv)
     }
   return 0;
 }
-
diff --git a/tests/runtest b/tests/runtest
index 8d5078647..5c832bdb0 100755
--- a/tests/runtest
+++ b/tests/runtest
@@ -1,4 +1,3 @@
 #!/bin/sh
 [ -x "$1" ] && exec $1 $2
 exec ./asschk --no-echo -DGPGSM=${GPGSM} <"$1"
-
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 323e11433..584967040 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -1,18 +1,18 @@
 # Makefile.am - Tools directory
 #     	Copyright (C) 2003, 2007 Free Software Foundation, Inc.
-# 
+#
 # This file is part of GnuPG.
-# 
+#
 # GnuPG is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see .
 
@@ -76,7 +76,7 @@ maybe_commonpth_libs = $(common_libs)
 endif
 
 if HAVE_W32CE_SYSTEM
-pwquery_libs = 
+pwquery_libs =
 else
 pwquery_libs = ../common/libsimple-pwquery.a
 endif
@@ -99,14 +99,14 @@ gpgconf_LDADD = $(maybe_commonpth_libs) $(opt_libassuan_libs) \
 gpgconf_LDFLAGS = $(extra_bin_ldflags)
 
 gpgparsemail_SOURCES = gpgparsemail.c rfc822parse.c rfc822parse.h
-gpgparsemail_LDADD = 
+gpgparsemail_LDADD =
 
 symcryptrun_SOURCES = symcryptrun.c
 symcryptrun_LDADD = $(LIBUTIL_LIBS) $(common_libs) $(pwquery_libs) \
                     $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) \
                     $(LIBICONV) $(NETLIBS) $(W32SOCKLIBS)
 
-watchgnupg_SOURCES = watchgnupg.c 
+watchgnupg_SOURCES = watchgnupg.c
 watchgnupg_LDADD = $(NETLIBS)
 
 gpg_connect_agent_SOURCES = gpg-connect-agent.c no-libgcrypt.c
@@ -146,4 +146,3 @@ gpgtar_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(W32SOCKLIBS)
 # Make sure that all libs are build before we use them.  This is
 # important for things like make -j2.
 $(PROGRAMS): $(common_libs) $(pwquery_libs) ../common/libgpgrl.a
-
diff --git a/tools/addgnupghome b/tools/addgnupghome
index fb032b674..e13c3cd01 100755
--- a/tools/addgnupghome
+++ b/tools/addgnupghome
@@ -1,4 +1,4 @@
-#!/bin/sh                                               
+#!/bin/sh
 # Add a new .gnupg home directory for a list of users         -*- sh -*-
 #
 # Copyright 2004 Free Software Foundation, Inc.
@@ -89,7 +89,7 @@ one_user () {
 
 }
 
-if [ -z "$1" ]; then 
+if [ -z "$1" ]; then
     echo "usage: $PGM userids"
     exit 1
 fi
diff --git a/tools/applygnupgdefaults b/tools/applygnupgdefaults
index b4cff6390..2f298541b 100755
--- a/tools/applygnupgdefaults
+++ b/tools/applygnupgdefaults
@@ -1,4 +1,4 @@
-#!/bin/sh                                               
+#!/bin/sh
 # Apply defaults from /etc/gnupg/gpg.conf to all users             -*- sh -*-
 #
 # Copyright 2007 Free Software Foundation, Inc.
@@ -23,7 +23,7 @@ info () {
   echo "$PGM: $*" >&2
 }
 
-if [ -n "$1" ]; then 
+if [ -n "$1" ]; then
     echo "usage: $PGM" >&2
     exit 1
 fi
@@ -79,4 +79,3 @@ done
 
 [ "$(wc -c <$errorfile)" -gt 0 ] && exit 1
 exit 0
-
diff --git a/tools/ccidmon.c b/tools/ccidmon.c
index b8546407e..f632c0d85 100644
--- a/tools/ccidmon.c
+++ b/tools/ccidmon.c
@@ -52,7 +52,7 @@ static int debug;
 static int skip_escape;
 static int usb_bus, usb_dev;
 static int sniffusb;
- 
+
 
 /* Error counter.  */
 static int any_error;
@@ -142,19 +142,19 @@ err (const char *format, ...)
 
 /* Convert a little endian stored 4 byte value into an unsigned
    integer. */
-static unsigned int 
+static unsigned int
 convert_le_u32 (const unsigned char *buf)
 {
-  return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); 
+  return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
 }
 
 
 /* Convert a little endian stored 2 byte value into an unsigned
    integer. */
-static unsigned int 
+static unsigned int
 convert_le_u16 (const unsigned char *buf)
 {
-  return buf[0] | (buf[1] << 8); 
+  return buf[0] | (buf[1] << 8);
 }
 
 
@@ -182,7 +182,7 @@ print_pr_data (const unsigned char *data, size_t datalen, size_t off)
     putchar ('\n');
 }
 
- 
+
 static void
 print_p2r_header (const char *name, const unsigned char *msg, size_t msglen)
 {
@@ -359,7 +359,7 @@ print_p2r_unknown (const unsigned char *msg, size_t msglen)
 {
   char buf[100];
 
-  snprintf (buf, sizeof buf, "Unknown PC_to_RDR command 0x%02X", 
+  snprintf (buf, sizeof buf, "Unknown PC_to_RDR command 0x%02X",
             msglen? msg[0]:0);
   print_p2r_header (buf, msg, msglen);
   if (msglen < 10)
@@ -466,7 +466,7 @@ print_r2p_slotstatus (const unsigned char *msg, size_t msglen)
           msg[9] == 3? " (stopped)":"");
   print_pr_data (msg, msglen, 10);
 }
-  
+
 
 static void
 print_r2p_parameters (const unsigned char *msg, size_t msglen)
@@ -527,7 +527,7 @@ print_r2p_unknown (const unsigned char *msg, size_t msglen)
 {
   char buf[100];
 
-  snprintf (buf, sizeof buf, "Unknown RDR_to_PC command 0x%02X", 
+  snprintf (buf, sizeof buf, "Unknown RDR_to_PC command 0x%02X",
             msglen? msg[0]:0);
   print_r2p_header (buf, msg, msglen);
   if (msglen < 10)
@@ -571,7 +571,7 @@ flush_data (void)
 {
   if (!databuffer.count)
     return;
-  
+
   if (verbose)
     printf ("Address: %s\n", databuffer.address);
   if (databuffer.is_bi)
@@ -684,7 +684,7 @@ parse_line (char *line, unsigned int lineno)
   p = strtok (NULL, " ");
   if (!p)
     return; /* No data length.  */
-  
+
   datatag = strtok (NULL, " ");
   if (datatag && *datatag == '=')
     {
@@ -707,10 +707,10 @@ parse_line_sniffusb (char *line, unsigned int lineno)
     return;
   p = strtok (NULL, " \t");
   if (!p)
-    return; 
+    return;
   p = strtok (NULL, " \t");
   if (!p)
-    return; 
+    return;
 
   if (hexdigitp (p[0]) && hexdigitp (p[1])
       && hexdigitp (p[2]) && hexdigitp (p[3])
@@ -718,7 +718,7 @@ parse_line_sniffusb (char *line, unsigned int lineno)
     {
       size_t length;
       unsigned int value;
-      
+
       length = databuffer.count;
       while ((p=strtok (NULL, " \t")))
         {
@@ -791,7 +791,7 @@ parse_input (FILE *fp)
 }
 
 
-int 
+int
 main (int argc, char **argv)
 {
   int last_argc = -1;
@@ -845,7 +845,7 @@ main (int argc, char **argv)
           sniffusb = 1;
           argc--; argv++;
         }
-    }          
+    }
 
   if (argc && sniffusb)
     die ("no arguments expected when using --sniffusb\n");
@@ -855,14 +855,14 @@ main (int argc, char **argv)
   if (argc == 1)
     {
       const char *s = strchr (argv[0], ':');
-      
+
       usb_bus = atoi (argv[0]);
       if (s)
         usb_dev =  atoi (s+1);
       if (usb_bus < 1 || usb_bus > 999 || usb_dev < 1 || usb_dev > 999)
         die ("invalid bus:dev specified");
     }
-  
+
 
   signal (SIGPIPE, SIG_IGN);
 
diff --git a/tools/clean-sat.c b/tools/clean-sat.c
index 4b44a7bcd..4848f97f6 100644
--- a/tools/clean-sat.c
+++ b/tools/clean-sat.c
@@ -33,4 +33,3 @@ main(int argc, char **argv)
 
     return 0;
 }
-
diff --git a/tools/mk-tdata.c b/tools/mk-tdata.c
index 9328dc12a..b19796110 100644
--- a/tools/mk-tdata.c
+++ b/tools/mk-tdata.c
@@ -44,12 +44,12 @@ main(int argc, char **argv)
       argc -= 2;
       argv += 2;
     }
-      
+
   limit = argc ? atoi(argv[0]) : 0;
 
   srand(getpid());
 
-  for (i=0; !limit || i < limit; i++ ) 
+  for (i=0; !limit || i < limit; i++ )
     {
       if (char_mode)
         {
diff --git a/tools/no-libgcrypt.c b/tools/no-libgcrypt.c
index e4b304a51..496757647 100644
--- a/tools/no-libgcrypt.c
+++ b/tools/no-libgcrypt.c
@@ -4,7 +4,7 @@
  * This file is free software; as a special exception the author gives
  * unlimited permission to copy and/or distribute it, with or without
  * modifications, as long as this notice is preserved.
- * 
+ *
  * This file is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
  * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
@@ -115,28 +115,28 @@ gcry_free (void *a)
 
 /* We need this dummy because exechelp.c uses gcry_control to
    terminate the secure memeory.  */
-gcry_error_t 
+gcry_error_t
 gcry_control (enum gcry_ctl_cmds cmd, ...)
 {
   (void)cmd;
   return 0;
 }
 
-void 
+void
 gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque)
 {
   (void)h;
   (void)opaque;
 }
 
-void 
+void
 gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque)
 {
   (void)fnc;
   (void)opaque;
 }
 
-void 
+void
 gcry_set_log_handler (gcry_handler_log_t f, void *opaque)
 {
   (void)f;
@@ -149,7 +149,7 @@ gcry_create_nonce (void *buffer, size_t length)
 {
   (void)buffer;
   (void)length;
-  
+
   log_fatal ("unexpected call to gcry_create_nonce\n");
 }
 
diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c
index 8fbe3c283..dd8b31601 100644
--- a/tools/rfc822parse.c
+++ b/tools/rfc822parse.c
@@ -6,12 +6,12 @@
  * modify it under the terms of the GNU Lesser General Public License
  * as published by the Free Software Foundation; either version 3 of
  * the License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  * GNU Lesser General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this program; if not, see .
  */
@@ -105,7 +105,7 @@ length_sans_trailing_ws (const unsigned char *line, size_t len)
 {
   const unsigned char *p, *mark;
   size_t n;
-  
+
   for (mark=NULL, p=line, n=0; n < len; n++, p++)
     {
       if (strchr (" \t\r\n", *p ))
@@ -116,8 +116,8 @@ length_sans_trailing_ws (const unsigned char *line, size_t len)
       else
         mark = NULL;
     }
-  
-  if (mark) 
+
+  if (mark)
     return mark - line;
   return len;
 }
@@ -160,7 +160,7 @@ stpcpy (char *a,const char *b)
   while (*b)
     *a++ = *b++;
   *a = 0;
-  
+
   return (char*)a;
 }
 #endif
@@ -356,10 +356,10 @@ transition_to_body (rfc822parse_t msg)
                 {
                   assert (!msg->current_part->boundary);
                   msg->current_part->boundary = malloc (strlen (s) + 1);
-                  if (msg->current_part->boundary) 
+                  if (msg->current_part->boundary)
                     {
                       part_t part;
-                  
+
                       strcpy (msg->current_part->boundary, s);
                       msg->boundary = msg->current_part->boundary;
                       part = new_part ();
@@ -428,7 +428,7 @@ insert_header (rfc822parse_t msg, const unsigned char *line, size_t length)
   hdr->cont = (*line == ' ' || *line == '\t');
   memcpy (hdr->line, line, length);
   hdr->line[length] = 0; /* Make it a string. */
-  
+
   /* Transform a field name into canonical format. */
   if (!hdr->cont && strchr (line, ':'))
      capitalize_header_name (hdr->line);
@@ -490,7 +490,7 @@ insert_body (rfc822parse_t msg, const unsigned char *line, size_t length)
 int
 rfc822parse_insert (rfc822parse_t msg, const unsigned char *line, size_t length)
 {
-  return (msg->in_body 
+  return (msg->in_body
           ? insert_body (msg, line, length)
           : insert_header (msg, line, length));
 }
@@ -516,11 +516,11 @@ rfc822parse_finish (rfc822parse_t msg)
  * WHICH gives the mode:
  *  -1 := Take the last occurence
  *   n := Take the n-th  one.
- * 
+ *
  * Returns a newly allocated buffer or NULL on error.  errno is set in
  * case of a memory failure or set to 0 if the requested field is not
  * available.
- * 
+ *
  * If VALUEOFF is not NULL it will receive the offset of the first non
  * space character in the value part of the line (i.e. after the first
  * colon).
@@ -589,7 +589,7 @@ rfc822parse_enum_header_lines (rfc822parse_t msg, void **context)
   HDR_LINE l;
 
   if (!msg) /* Close. */
-    return NULL;	
+    return NULL;
 
   if (*context == msg || !msg->current_part)
     return NULL;
@@ -760,7 +760,7 @@ parse_field (HDR_LINE hdr)
   static const char tspecials[] = "/?=<>@,;:\\[]\"()";
   static const char tspecials2[] = "/?=<>@.,;:";  /* FIXME: really
                                                      include '.'?*/
-  static struct 
+  static struct
   {
     const unsigned char *name;
     size_t namelen;
@@ -871,13 +871,13 @@ parse_field (HDR_LINE hdr)
 		  else if (*s2 == '\\' && s2[1]) /* what about continuation? */
 		    s2++;
 		}
-              
+
 	      t = (t
                    ? append_to_token (t, s, s2 - s)
                    : new_token (term == '\"'? tQUOTED : tDOMAINLIT, s, s2 - s));
               if (!t)
                 goto failure;
-                   
+
 	      if (*s2 || !hdr->next || !hdr->next->cont)
 		break;
 	      hdr = hdr->next;
@@ -1007,10 +1007,10 @@ is_parameter (TOKEN t)
    Returns a pointer to the value which is valid as long as the
    parse context is valid; NULL is returned in case that attr is not
    defined in the header, a missing value is reppresented by an empty string.
- 
+
    With LOWER_VALUE set to true, a matching field valuebe be
    lowercased.
- 
+
    Note, that ATTR should be lowercase.
  */
 const char *
@@ -1115,7 +1115,7 @@ dump_structure (rfc822parse_t msg, part_t part, int indent)
       part_t save_part; /* ugly hack - we should have a function to
                            get part inforation. */
       const char *s;
-      
+
       save_part = msg->current_part;
       msg->current_part = part;
       ctx = rfc822parse_parse_field (msg, "Content-Type", -1);
@@ -1141,7 +1141,7 @@ dump_structure (rfc822parse_t msg, part_t part, int indent)
       if (part->down)
         dump_structure (msg, part->down, indent + 1);
     }
-  
+
 }
 
 
@@ -1211,7 +1211,7 @@ msg_cb (void *dummy_arg, rfc822parse_event_t event, rfc822parse_t msg)
         }
       else
         printf ("***   media: text/plain [assumed]\n");
-      
+
     }
 
 
diff --git a/tools/rfc822parse.h b/tools/rfc822parse.h
index 12699d5e8..8bb5536a1 100644
--- a/tools/rfc822parse.h
+++ b/tools/rfc822parse.h
@@ -6,12 +6,12 @@
  * modify it under the terms of the GNU Lesser General Public License
  * as published by the Free Software Foundation; either version 3 of
  * the License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  * GNU Lesser General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this program; if not, see .
  */
@@ -22,7 +22,7 @@
 struct rfc822parse_context;
 typedef struct rfc822parse_context *rfc822parse_t;
 
-typedef enum 
+typedef enum
   {
     RFC822PARSE_OPEN = 1,
     RFC822PARSE_CLOSE,
@@ -37,7 +37,7 @@ typedef enum
     RFC822PARSE_BEGIN_HEADER,
     RFC822PARSE_PREAMBLE,
     RFC822PARSE_EPILOGUE
-  } 
+  }
 rfc822parse_event_t;
 
 struct rfc822parse_field_context;
diff --git a/tools/sockprox.c b/tools/sockprox.c
index fe8d320a1..38648f066 100644
--- a/tools/sockprox.c
+++ b/tools/sockprox.c
@@ -15,7 +15,7 @@
  * along with this program; if not, see .
  */
 
-/* Hacked by Moritz Schulte . 
+/* Hacked by Moritz Schulte .
 
    Usage example:
 
@@ -24,10 +24,10 @@
    sockprox opens a new local socket (here "mysock"); the whole
    traffic between server and client is written to "/tmp/prot" in this
    case.
-  
+
      ./sockprox --server /tmp/gpg-PKdD8r/S.gpg-agent.ssh \
                 --listen mysock --protocol /tmp/prot
-  
+
    Then, redirect your ssh-agent client to sockprox by setting
    SSH_AUTH_SOCK to "mysock".
 */
@@ -441,7 +441,7 @@ run_proxy (void)
   /* ? */
 
  out:
-  
+
   pthread_attr_destroy (&thread_attr);
   fclose (protocol_file);	/* FIXME, err checking.  */
 
diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
index 438ed459c..1d882a1d5 100644
--- a/tools/symcryptrun.c
+++ b/tools/symcryptrun.c
@@ -152,9 +152,9 @@ static ARGPARSE_OPTS opts[] =
 
     { oDecrypt, "decrypt", 0, N_("decryption modus") },
     { oEncrypt, "encrypt", 0, N_("encryption modus") },
-    
+
     { 302, NULL, 0, N_("@\nOptions:\n ") },
-    
+
     { oClass, "class", 2, N_("tool class (confucius)") },
     { oProgram, "program", 2, N_("program filename") },
 
@@ -167,7 +167,7 @@ static ARGPARSE_OPTS opts[] =
 
     /* Hidden options.  */
     { oNoVerbose, "no-verbose",  0, "@" },
-    { oHomedir, "homedir", 2, "@" },   
+    { oHomedir, "homedir", 2, "@" },
     { oNoOptions, "no-options", 0, "@" },/* shortcut for --options /dev/null */
 
     {0}
@@ -253,10 +253,10 @@ remove_file (char *name, int shred)
       if (pid == 0)
 	{
 	  /* Child.  */
-	  
+
 	  /* -f forces file to be writable, and -u unlinks it afterwards.  */
 	  char *args[] = { SHRED, "-uf", name, NULL };
-	  
+
 	  execv (SHRED, args);
 	  _exit (127);
 	}
@@ -268,11 +268,11 @@ remove_file (char *name, int shred)
       else
 	{
 	  /* Parent.  */
-	  
+
 	  if (TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)) != pid)
 	    status = -1;
 	}
-      
+
       if (!WIFEXITED (status))
 	{
 	  log_error (_("%s on %s aborted with status %i\n"),
@@ -433,7 +433,7 @@ confucius_get_pass (const char *cacheid, int again, int *canceled)
 
   if (canceled)
     *canceled = 0;
-  
+
   orig_codeset = i18n_switchto_utf8 ();
   pw = simple_pwquery (cacheid,
                        again ? _("does not match - try again"):NULL,
@@ -451,7 +451,7 @@ confucius_get_pass (const char *cacheid, int again, int *canceled)
 	  log_info (_("cancelled\n"));
 	  if (canceled)
 	    *canceled = 1;
-	}      
+	}
     }
 
   return pw;
@@ -560,7 +560,7 @@ confucius_process (int mode, char *infile, char *outfile,
       free (args);
       return 1;
     }
-  else if (pid == 0) 
+  else if (pid == 0)
     {
       /* Child.  */
 
@@ -633,7 +633,7 @@ confucius_process (int mode, char *infile, char *outfile,
 		  close (cstderr[0]);
 		  return 1;
 		}
-	      else  
+	      else
 		{
 		  char *newline;
 
@@ -859,7 +859,7 @@ confucius_main (int mode, int argc, char *argv[])
       rmdir (tmpdir);
       return res;
     }
-  
+
   remove_file (outfile, mode == oDecrypt);
   if (infile_from_stdin)
     remove_file (infile, mode == oEncrypt);
@@ -879,7 +879,7 @@ main (int argc, char **argv)
   char **orig_argv;
   FILE *configfp = NULL;
   char *configname = NULL;
-  unsigned configlineno; 
+  unsigned configlineno;
   int mode = 0;
   int res;
   char *logfile = NULL;
@@ -916,7 +916,7 @@ main (int argc, char **argv)
 
   if (default_config)
     configname = make_filename (opt.homedir, "symcryptrun.conf", NULL );
-  
+
   argc = orig_argc;
   argv = orig_argv;
   pargs.argc = &argc;
@@ -935,7 +935,7 @@ main (int argc, char **argv)
                          configname, strerror(errno) );
               exit(1);
 	    }
-          xfree (configname); 
+          xfree (configname);
           configname = NULL;
 	}
       default_config = 0;
@@ -952,7 +952,7 @@ main (int argc, char **argv)
 	case oQuiet:     opt.quiet = 1; break;
         case oVerbose:   opt.verbose++; break;
         case oNoVerbose: opt.verbose = 0; break;
-	  
+
 	case oClass:	opt.class = pargs.r.ret_str; break;
 	case oProgram:	opt.program = pargs.r.ret_str; break;
 	case oKeyfile:	opt.keyfile = pargs.r.ret_str; break;