Make use of libgpg-error

2025-07-02 22:46:30 +02:00 · 2003-06-03 19:55:50 +00:00 · 2003-06-03 19:55:50 +00:00 · c3cdaeeff7
commit c3cdaeeff7
parent 7c9855aaa2
58 changed files with 1110 additions and 684 deletions
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@ -1,3 +1,14 @@
+2003-06-03  Werner Koch  <wk@gnupg.org>
+
+	Changed all error codes in all files to the new libgpg-error scheme.
+
+	* agent.h: Include gpg-error.h and errno.h
+	* Makefile.am: Link with libgpg-error
+
+	* query.c: assuan.h is now a system header.
+	* genkey.c (agent_genkey): Fixed silly use of xmalloc by
+	xtrymalloc.
+
 2003-04-29  Werner Koch  <wk@gnupg.org>

 	* command.c (register_commands): Adjusted for new Assuan semantics.
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@ -46,7 +46,7 @@ gpg_agent_SOURCES = \


 gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
-                $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS)
+                $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) -lgpg-error

 gpg_protect_tool_SOURCES = \
 	protect-tool.c \
@ -55,8 +55,6 @@ gpg_protect_tool_SOURCES = \
 	simple-pwquery.c simple-pwquery.h

 gpg_protect_tool_LDADD = ../jnlib/libjnlib.a \
-		     ../common/libcommon.a $(LIBGCRYPT_LIBS)
-
-
+		     ../common/libcommon.a $(LIBGCRYPT_LIBS) -lgpg-error


--- a/agent/agent.h
+++ b/agent/agent.h
@ -21,10 +21,25 @@
 #ifndef AGENT_H
 #define AGENT_H

+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT  GPG_ERR_SOURCE_GPGAGENT
+#include <gpg-error.h>
+#include <errno.h>
+
 #include <gcrypt.h>
 #include "../common/util.h"
 #include "../common/errors.h"

+/* Convenience function to be used instead of returning the old
+   GNUPG_Out_Of_Core. */
+static __inline__ gpg_error_t
+out_of_core (void)
+{
+  return gpg_error (gpg_err_code_from_errno (errno));
+}
+
 #define MAX_DIGEST_LEN 24 

 /* A large struct name "opt" to keep global flags */
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@ -38,7 +38,7 @@
 #endif

 #include "agent.h"
-#include "../assuan/assuan.h"
+#include <assuan.h>

 #ifdef _POSIX_OPEN_MAX
 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@ -144,7 +144,7 @@ unlock_scd (int rc)
    {
      log_error ("failed to release the SCD lock\n");
      if (!rc)
-        rc = GNUPG_Internal_Error;
+        rc = gpg_error (GPG_ERR_INTERNAL);
    }
 #endif
  return rc;
@ -165,7 +165,7 @@ start_scd (void)
  if (!pth_mutex_acquire (&scd_lock, 0, NULL))
    {
      log_error ("failed to acquire the SCD lock\n");
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
    }
 #endif

@ -179,8 +179,9 @@ start_scd (void)
      
  if (fflush (NULL))
    {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
      log_error ("error flushing pending output: %s\n", strerror (errno));
-      return unlock_scd (seterr (Write_Error));
+      return unlock_scd (tmperr);
    }

  if (!opt.scdaemon_program || !*opt.scdaemon_program)
@ -210,7 +211,7 @@ start_scd (void)
    {
      log_error ("can't connect to the SCdaemon: %s\n",
                 assuan_strerror (rc));
-      return unlock_scd (seterr (No_Scdaemon));
+      return unlock_scd (gpg_error (GPG_ERR_NO_SCDAEMON));
    }
  scd_ctx = ctx;
  
@ -410,7 +411,7 @@ agent_card_pksign (const char *keyid,
    return rc;

  if (indatalen*2 + 50 > DIM(line))
-    return unlock_scd (seterr (General_Error));
+    return unlock_scd (gpg_error (GPG_ERR_GENERAL));

  sprintf (line, "SETDATA ");
  p = line + strlen (line);
@ -443,8 +444,9 @@ agent_card_pksign (const char *keyid,
  *r_buf = xtrymalloc (*r_buflen);
  if (!*r_buf)
    {
+      gpg_error_t tmperr = out_of_core ();
      xfree (*r_buf);
-      return unlock_scd (GNUPG_Out_Of_Core);
+      return unlock_scd (tmperr);
    }
  p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" );
  sprintf (p, "%u:", (unsigned int)sigbuflen);
@ -479,7 +481,7 @@ agent_card_pkdecrypt (const char *keyid,

  /* FIXME: use secure memory where appropriate */
  if (indatalen*2 + 50 > DIM(line))
-    return unlock_scd (seterr (General_Error));
+    return unlock_scd (gpg_error (GPG_ERR_GENERAL));

  sprintf (line, "SETDATA ");
  p = line + strlen (line);
@ -506,7 +508,7 @@ agent_card_pkdecrypt (const char *keyid,
    }
  *r_buf = get_membuf (&data, r_buflen);
  if (!*r_buf)
-    return unlock_scd (GNUPG_Out_Of_Core);
+    return unlock_scd (gpg_error (GPG_ERR_ENOMEM));

  return unlock_scd (0);
 }
@ -541,7 +543,7 @@ agent_card_readcert (const char *id, char **r_buf, size_t *r_buflen)
    }
  *r_buf = get_membuf (&data, r_buflen);
  if (!*r_buf)
-    return unlock_scd (GNUPG_Out_Of_Core);
+    return unlock_scd (gpg_error (GPG_ERR_ENOMEM));

  return unlock_scd (0);
 }
@ -577,12 +579,12 @@ agent_card_readkey (const char *id, unsigned char **r_buf)
    }
  *r_buf = get_membuf (&data, &buflen);
  if (!*r_buf)
-    return unlock_scd (GNUPG_Out_Of_Core);
+    return unlock_scd (gpg_error (GPG_ERR_ENOMEM));

  if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
    {
      xfree (*r_buf); *r_buf = NULL;
-      return unlock_scd (GNUPG_Invalid_Value);
+      return unlock_scd (gpg_error (GPG_ERR_INV_VALUE));
    }

  return unlock_scd (0);
--- a/agent/command.c
+++ b/agent/command.c
@ -559,11 +559,11 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line)

  s_skey = agent_key_from_file (ctrl, grip, &shadow_info, 1);
  if (!s_skey && !shadow_info)
-    rc = seterr (No_Secret_Key);
+    rc = gpg_error (GPG_ERR_NO_SECKEY);
  else if (!s_skey)
    {
      log_error ("changing a smartcard PIN is not yet supported\n");
-      rc = seterr (Not_Implemented);
+      rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
    }
  else
    rc = agent_protect_and_store (ctrl, s_skey);
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@ -48,14 +48,14 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
  *r_kid = NULL;
  s = shadow_info;
  if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  want_sn = xtrymalloc (n*2+1);
  if (!want_sn)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
  for (i=0; i < n; i++)
    sprintf (want_sn+2*i, "%02X", s[i]);
  s += n;
@ -68,12 +68,13 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)

  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  want_kid = xtrymalloc (n+1);
  if (!want_kid)
    {
+      gpg_error_t tmperr = out_of_core ();
      xfree (want_sn);
-      return GNUPG_Out_Of_Core;
+      return tmperr;
    }
  memcpy (want_kid, s, n);
  want_kid[n] = 0;
@ -94,7 +95,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
              return 0; /* yes, we have the correct card */
            }
        }
-      else if (rc == GNUPG_Card_Not_Present)
+      else if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
        {
          log_debug ("no card present\n");
          rc = 0;
@ -115,7 +116,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
                    "insert the one with serial number",
                    want_sn_displen, want_sn) < 0)
            {
-              rc = GNUPG_Out_Of_Core;
+              rc = out_of_core ();
            }
          else
            {
@ -146,12 +147,12 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
  if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
    {
      log_error ("no object identifier for algo %d\n", algo);
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
    }

  frame = xtrymalloc (asnlen + digestlen);
  if (!frame)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
  memcpy (frame, asn, asnlen);
  memcpy (frame+asnlen, digest, digestlen);
  if (DBG_CRYPTO)
@ -177,7 +178,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
  CTRL ctrl = opaque;

  if (maxbuf < 2)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INV_VALUE);


  /* FIXME: keep PI and TRIES in OPAQUE.  Frankly this is a whole
@ -260,32 +261,32 @@ divert_pkdecrypt (CTRL ctrl,

  s = cipher;
  if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "enc-val"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
  if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "rsa"))
-    return GNUPG_Unsupported_Algorithm; 
+    return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); 
  if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "a"))
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  n = snext (&s);
  if (!n)
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
  ciphertext = s;
  ciphertextlen = n;

--- a/agent/findkey.c
+++ b/agent/findkey.c
@ -64,7 +64,7 @@ agent_write_private_key (const unsigned char *grip,
      {
        log_error ("secret key file `%s' already exists\n", fname);
        xfree (fname);
-        return seterr (General_Error);
+        return gpg_error (GPG_ERR_GENERAL);
      }

      /* We would like to create FNAME but only if it does not already
@ -82,32 +82,39 @@ agent_write_private_key (const unsigned char *grip,
      else
 	{
 	  fp = fdopen (fd, "wb");
-	  if (! fp)
-	    close (fd);
+	  if (!fp)
+            { 
+              int save_e = errno;
+              close (fd);
+              errno = save_e;
+            }
 	}
    }

  if (!fp) 
    { 
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
      log_error ("can't create `%s': %s\n", fname, strerror (errno));
      xfree (fname);
-      return seterr (File_Create_Error);
+      return tmperr;
    }

  if (fwrite (buffer, length, 1, fp) != 1)
    {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
      log_error ("error writing `%s': %s\n", fname, strerror (errno));
      fclose (fp);
      remove (fname);
      xfree (fname);
-      return seterr (File_Create_Error);
+      return tmperr;
    }
  if ( fclose (fp) )
    {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
      log_error ("error closing `%s': %s\n", fname, strerror (errno));
      remove (fname);
      xfree (fname);
-      return seterr (File_Create_Error);
+      return tmperr;
    }

  xfree (fname);
@ -291,7 +298,7 @@ agent_key_from_file (CTRL ctrl,
              assert (n);
              *shadow_info = xtrymalloc (n);
              if (!*shadow_info)
-                rc = GNUPG_Out_Of_Core;
+                rc = out_of_core ();
              else
                {
                  memcpy (*shadow_info, s, n);
@ -306,7 +313,7 @@ agent_key_from_file (CTRL ctrl,
      break;
    default:
      log_error ("invalid private key format\n");
-      rc = GNUPG_Bad_Secret_Key;
+      rc = gpg_error (GPG_ERR_BAD_SECKEY);
      break;
    }
  if (rc)
--- a/agent/genkey.c
+++ b/agent/genkey.c
@ -40,14 +40,14 @@ store_key (GCRY_SEXP private, const char *passphrase, int force)
  if ( !gcry_pk_get_keygrip (private, grip) )
    {
      log_error ("can't calculate keygrip\n");
-      return seterr (General_Error);
+      return gpg_error (GPG_ERR_GENERAL);
    }

  len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0);
  assert (len);
  buf = gcry_malloc_secure (len);
  if (!buf)
-      return seterr (Out_Of_Core);
+      return out_of_core ();
  len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len);
  assert (len);

@ -101,7 +101,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
  if (rc)
    {
      log_error ("failed to convert keyparam: %s\n", gcry_strerror (rc));
-      return seterr (Invalid_Data);
+      return gpg_error (GPG_ERR_INVALID_DATA);
    }

  /* Get the passphrase now, cause key generation may take a while. */
@ -147,7 +147,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
      log_error ("key generation failed: invalid return value\n");
      gcry_sexp_release (s_key);
      xfree (pi);
-      return seterr (Invalid_Data);
+      return gpg_error (GPG_ERR_INVALID_DATA);
    }
  s_public = gcry_sexp_find_token (s_key, "public-key", 0);
  if (!s_public)
@ -156,7 +156,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
      gcry_sexp_release (s_private);
      gcry_sexp_release (s_key);
      xfree (pi);
-      return seterr (Invalid_Data);
+      return gpg_error (GPG_ERR_INVALID_DATA);
    }
  gcry_sexp_release (s_key); s_key = NULL;
  
@ -175,22 +175,24 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
  log_debug ("returning public key\n");
  len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
  assert (len);
-  buf = xmalloc (len);
+  buf = xtrymalloc (len);
  if (!buf)
    {
+      gpg_error_t tmperr = out_of_core ();
      gcry_sexp_release (s_private);
      gcry_sexp_release (s_public);
-      return seterr (Out_Of_Core);
+      return tmperr;
    }
  len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
  assert (len);
  if (fwrite (buf, len, 1, outfp) != 1)
    {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
      log_error ("error writing public key: %s\n", strerror (errno));
      gcry_sexp_release (s_private);
      gcry_sexp_release (s_public);
      xfree (buf);
-      return seterr (File_Create_Error);
+      return tmperr;
    }
  gcry_sexp_release (s_public);
  xfree (buf);
--- a/agent/learncard.c
+++ b/agent/learncard.c
@ -29,7 +29,7 @@
 #include <sys/stat.h>

 #include "agent.h"
-#include "../assuan/assuan.h"
+#include <assuan.h>

 struct keypair_info_s {
  struct keypair_info_s *next;
@ -97,7 +97,7 @@ kpinfo_cb (void *opaque, const char *line)
  item = xtrycalloc (1, sizeof *item + strlen (line));
  if (!item)
    {
-      parm->error = GNUPG_Out_Of_Core;
+      parm->error = out_of_core ();
      return;
    }
  strcpy (item->hexgrip, line);
@ -110,7 +110,7 @@ kpinfo_cb (void *opaque, const char *line)
    }
  else if ((p - item->hexgrip) != 40 || !spacep (p))
    { /* not a 20 byte hex keygrip or not followed by a space */
-      parm->error = GNUPG_Invalid_Response;
+      parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
      xfree (item);
      return;
    }
@ -122,7 +122,7 @@ kpinfo_cb (void *opaque, const char *line)
    p++;
  if (p == item->id)
    { /* invalid ID string */
-      parm->error = GNUPG_Invalid_Response;
+      parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
      xfree (item);
      return;
    }
@ -154,7 +154,7 @@ certinfo_cb (void *opaque, const char *line)
    ;
  if (p == pend || !*p)
    { 
-      parm->error = GNUPG_Invalid_Response;
+      parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
      return;
    }
  *pend = 0; /* ignore trailing stuff */
@ -162,7 +162,7 @@ certinfo_cb (void *opaque, const char *line)
  item = xtrycalloc (1, sizeof *item + strlen (p));
  if (!item)
    {
-      parm->error = GNUPG_Out_Of_Core;
+      parm->error = out_of_core ();
      return;
    }
  item->type = type;
@ -323,7 +323,7 @@ agent_handle_learn (void *assuan_context)
        unsigned char *shadow_info = make_shadow_info (serialno, item->id);
        if (!shadow_info)
          {
-            rc = GNUPG_Out_Of_Core;
+            rc = gpg_error (GPG_ERR_ENOMEM);
            xfree (pubkey);
            goto leave;
          }
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@ -47,7 +47,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
  if (!ctrl->have_keygrip)
    {
      log_error ("speculative decryption not yet supported\n");
-      rc = seterr (No_Secret_Key);
+      rc = gpg_error (GPG_ERR_NO_SECKEY);
      goto leave;
    }

@ -55,7 +55,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
  if (rc)
    {
      log_error ("failed to convert ciphertext: %s\n", gcry_strerror (rc));
-      rc = seterr (Invalid_Data);
+      rc = gpg_error (GPG_ERR_INV_DATA);
      goto leave;
    }

@ -68,7 +68,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
  if (!s_skey && !shadow_info)
    {
      log_error ("failed to read the secret key\n");
-      rc = seterr (No_Secret_Key);
+      rc = gpg_error (GPG_ERR_NO_SECKEY);
      goto leave;
    }

@ -77,7 +77,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,

      if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL))
        {
-          rc = GNUPG_Invalid_Sexp;
+          rc = gpg_error (GPG_ERR_INVALID_SEXP);
          goto leave;
        }

--- a/agent/pksign.c
+++ b/agent/pksign.c
@ -45,14 +45,14 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
  if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
    {
      log_error ("no object identifier for algo %d\n", algo);
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
    }

  if (digestlen + asnlen + 4  > nframe )
    {
      log_error ("can't encode a %d bit MD into a %d bits frame\n",
                 (int)(digestlen*8), (int)nbits);
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
    }
  
  /* We encode the MD in this way:
@ -63,7 +63,7 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
   */
  frame = xtrymalloc (nframe);
  if (!frame)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
  n = 0;
  frame[n++] = 0;
  frame[n++] = 1; /* block type */
@ -96,14 +96,14 @@ agent_pksign (CTRL ctrl, FILE *outfp, int ignore_cache)
  size_t len;

  if (!ctrl->have_keygrip)
-    return seterr (No_Secret_Key);
+    return gpg_error (GPG_ERR_NO_SECKEY);

  s_skey = agent_key_from_file (ctrl,
                                ctrl->keygrip, &shadow_info, ignore_cache);
  if (!s_skey && !shadow_info)
    {
      log_error ("failed to read the secret key\n");
-      rc = seterr (No_Secret_Key);
+      rc = gpg_error (GPG_ERR_NO_SECKEY);
      goto leave;
    }

--- a/agent/protect.c
+++ b/agent/protect.c
@ -68,20 +68,20 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)

  s = plainkey;
  if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
  if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  hash_begin = s;
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  s += n; /* skip over the algorithm name */

  while (*s == '(')
@ -89,18 +89,18 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
      s++;
      n = snext (&s);
      if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s += n;
      n = snext (&s);
      if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s += n;
      if ( *s != ')' )
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s++;
    }
  if (*s != ')')
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  s++;
  hash_end = s;

@ -164,13 +164,13 @@ do_encryption (const char *protbegin, size_t protlen,
  enclen = outlen/blklen * blklen;
  outbuf = gcry_malloc_secure (outlen);
  if (!outbuf)
-    rc = GNUPG_Out_Of_Core;
+    rc = out_of_core ();
  if (!rc)
    {
      /* allocate random bytes to be used as IV, padding and s2k salt*/
      iv = gcry_random_bytes (blklen*2+8, GCRY_WEAK_RANDOM);
      if (!iv)
-        rc = GNUPG_Out_Of_Core;
+        rc = gpg_error (GPG_ERR_ENOMEM);
      else
        rc = gcry_cipher_setiv (hd, iv, blklen);
    }
@ -181,7 +181,7 @@ do_encryption (const char *protbegin, size_t protlen,
      
      key = gcry_malloc_secure (keylen);
      if (!key)
-        rc = GNUPG_Out_Of_Core;
+        rc = out_of_core ();
      else
        {
          rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@ -232,7 +232,7 @@ do_encryption (const char *protbegin, size_t protlen,
            blklen, &ivpos, blklen, "",
            enclen, &encpos, enclen, "");
  if (p)
-    { /* asprintf does not use out malloc system */
+    { /* asprintf does not use our malloc system */
      char *psave = p;
      p = xtrymalloc (strlen (psave)+1);
      if (p)
@ -241,9 +241,10 @@ do_encryption (const char *protbegin, size_t protlen,
    }
  if (!p)
    {
+      gpg_error_t tmperr = out_of_core ();
      xfree (iv);
      xfree (outbuf);
-      return GNUPG_Out_Of_Core;
+      return tmperr;
    }
  *resultlen = strlen (p);
  *result = p;
@ -277,28 +278,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,

  s = plainkey;
  if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  depth++;
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
  if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  depth++;
  hash_begin = s;
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 

  for (infidx=0; protect_info[infidx].algo
              && !smatch (&s, n, protect_info[infidx].algo); infidx++)
    ;
  if (!protect_info[infidx].algo)
-    return GNUPG_Unsupported_Algorithm; 
+    return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); 

  prot_begin = prot_end = NULL;
  for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
@ -306,28 +307,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
      if (i == protect_info[infidx].prot_from)
        prot_begin = s;
      if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
      depth++;
      s++;
      n = snext (&s);
      if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      if (n != 1 || c != *s)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s += n;
      n = snext (&s);
      if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s +=n; /* skip value */
      if (*s != ')')
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      depth--;
      if (i == protect_info[infidx].prot_to)
        prot_end = s;
      s++;
    }
  if (*s != ')' || !prot_begin || !prot_end )
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  depth--;
  hash_end = s;
  s++;
@ -358,8 +359,9 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
  *result = p = xtrymalloc (*resultlen);
  if (!p)
    {
+      gpg_error_t tmperr = out_of_core ();
      xfree (protected);
-      return GNUPG_Out_Of_Core;
+      return tmperr;
    }
  memcpy (p, "(21:protected-", 14);
  p += 14;
@ -391,7 +393,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,

  blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER);
  if (protectedlen < 4 || (protectedlen%blklen))
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);

  hd = gcry_cipher_open (PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
                         GCRY_CIPHER_SECURE);
@ -400,7 +402,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,

  outbuf = gcry_malloc_secure (protectedlen);
  if (!outbuf)
-    rc = GNUPG_Out_Of_Core;
+    rc = out_of_core ();
  if (!rc)
    rc = gcry_cipher_setiv (hd, iv, ivlen);
  if (!rc)
@ -410,7 +412,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
      
      key = gcry_malloc_secure (keylen);
      if (!key)
-        rc = GNUPG_Out_Of_Core;
+        rc = out_of_core ();
      else
        {
          rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@ -433,14 +435,14 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
  if (*outbuf != '(' && outbuf[1] != '(')
    {
      xfree (outbuf);
-      return GNUPG_Bad_Passphrase;
+      return gpg_error (GPG_ERR_BAD_PASSPHRASE);
    }
  /* check that we have a consistent S-Exp */
  reallen = gcry_sexp_canon_len (outbuf, protectedlen, NULL, NULL);
  if (!reallen || (reallen + blklen < protectedlen) )
    {
      xfree (outbuf);
-      return GNUPG_Bad_Passphrase;
+      return gpg_error (GPG_ERR_BAD_PASSPHRASE);
    }
  *result = outbuf;
  return 0;
@ -464,21 +466,21 @@ merge_lists (const unsigned char *protectedkey,
  int i, rc;
  
  if (replacepos < 26)
-    return GNUPG_Bug;
+    return gpg_error (GPG_ERR_BUG);

  /* Estimate the required size of the resulting list.  We have a large
     safety margin of >20 bytes (MIC hash from CLEARTEXT and the
     removed "protected-" */
  newlistlen = gcry_sexp_canon_len (protectedkey, 0, NULL, NULL);
  if (!newlistlen)
-    return GNUPG_Bug;
+    return gpg_error (GPG_ERR_BUG);
  n = gcry_sexp_canon_len (cleartext, 0, NULL, NULL);
  if (!n)
-    return GNUPG_Bug;
+    return gpg_error (GPG_ERR_BUG);
  newlistlen += n;
  newlist = gcry_malloc_secure (newlistlen);
  if (!newlist)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();

  /* Copy the initial segment */
  strcpy (newlist, "(11:private-key");
@ -489,7 +491,7 @@ merge_lists (const unsigned char *protectedkey,
  /* copy the cleartext */
  s = cleartext;
  if (*s != '(' && s[1] != '(')
-    return GNUPG_Bug;  /*we already checked this */
+    return gpg_error (GPG_ERR_BUG);  /*we already checked this */
  s += 2;
  startpos = s;
  while ( *s == '(' )
@ -564,7 +566,7 @@ merge_lists (const unsigned char *protectedkey,

 invalid_sexp:
  xfree (newlist);
-  return GNUPG_Invalid_Sexp;
+  return gpg_error (GPG_ERR_INVALID_SEXP);
 }


@ -589,25 +591,25 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,

  s = protectedkey;
  if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "protected-private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
  if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 

  for (infidx=0; protect_info[infidx].algo
              && !smatch (&s, n, protect_info[infidx].algo); infidx++)
    ;
  if (!protect_info[infidx].algo)
-    return GNUPG_Unsupported_Algorithm; 
+    return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); 

  /* now find the list with the protected information.  Here is an
     example for such a list:
@ -618,12 +620,12 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
  for (;;)
    {
      if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
      prot_begin = s;
      s++;
      n = snext (&s);
      if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      if (smatch (&s, n, "protected"))
        break;
      s += n;
@ -635,47 +637,47 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
  /* found */
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"))
-    return GNUPG_Unsupported_Protection;
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
  if (*s != '(' || s[1] != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  s += 2;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "sha1"))
-    return GNUPG_Unsupported_Protection;
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
  n = snext (&s);
  if (n != 8)
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
  s2ksalt = s;
  s += n;
  n = snext (&s);
  if (!n)
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
  /* We expect a list close as next, so we can simply use strtoul()
     here.  We might want to check that we only have digits - but this
     is nothing we should worry about */
  if (s[n] != ')' )
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  s2kcount = strtoul (s, NULL, 10);
  if (!s2kcount)
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
  s += n;
  s++; /* skip list end */

  n = snext (&s);
  if (n != 16) /* Wrong blocksize for IV (we support ony aes-128) */
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
  iv = s;
  s += n;
  if (*s != ')' )
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  
  rc = do_decryption (s, n,
                      passphrase, s2ksalt, s2kcount,
@ -692,7 +694,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,

  rc = calculate_mic (final, sha1hash2);
  if (!rc && memcmp (sha1hash, sha1hash2, 20))
-    rc = GNUPG_Corrupted_Protection;
+    rc = gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
  if (rc)
    {
      xfree (final);
@ -755,9 +757,9 @@ hash_passphrase (const char *passphrase, int hashalgo,

  if ( (s2kmode != 0 && s2kmode != 1 && s2kmode != 3)
      || !hashalgo || !keylen || !key || !passphrase)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INV_VALUE);
  if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INV_VALUE);
  
  md = gcry_md_open (hashalgo, GCRY_MD_FLAG_SECURE);
  if (!md)
@ -834,42 +836,42 @@ agent_shadow_key (const unsigned char *pubkey,
  size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL);

  if (!pubkey_len || !shadow_info_len)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INVALID_VALUE);
  s = pubkey;
  if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  depth++;
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "public-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
  if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  depth++;
  s++;
  n = snext (&s); 
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  s += n; /* skip over the algorithm name */

  while (*s != ')')
    {
      if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
      depth++;
      s++;
      n = snext (&s);
      if (!n) 
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s += n;
      n = snext (&s);
      if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s +=n; /* skip value */
      if (*s != ')')
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      depth--;
      s++;
    }
@ -883,7 +885,7 @@ agent_shadow_key (const unsigned char *pubkey,
  n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
  *result = p = xtrymalloc (n);
  if (!p)
-      return GNUPG_Out_Of_Core;
+      return out_of_core ();
  p = stpcpy (p, "(20:shadowed-private-key");
  /* (10:public-key ...)*/
  memcpy (p, pubkey+14, point - (pubkey+14));
@ -910,58 +912,58 @@ agent_get_shadow_info (const unsigned char *shadowkey,

  s = shadowkey;
  if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
  depth++;
  s++;
  n = snext (&s);
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (!smatch (&s, n, "shadowed-private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
  if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
  depth++;
  s++;
  n = snext (&s); 
  if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  s += n; /* skip over the algorithm name */

  for (;;)
    {
      if (*s == ')')
-        return GNUPG_Unknown_Sexp;
+        return gpg_error (GPG_ERR_UNKNOWN_SEXP);
      if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
      depth++;
      s++;
      n = snext (&s);
      if (!n) 
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      if (smatch (&s, n, "shadowed"))
        break;
      s += n;
      n = snext (&s);
      if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      s +=n; /* skip value */
      if (*s != ')')
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
      depth--;
      s++;
    }
  /* found the shadowed list, s points to the protocol */
  n = snext (&s);
  if (!n) 
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
  if (smatch (&s, n, "t1-v1"))
    {
      if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
      *shadow_info = s;
    }
  else
-    return GNUPG_Unsupported_Protocol;
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
  return 0;
 }

--- a/agent/query.c
+++ b/agent/query.c
@ -33,7 +33,7 @@

 #include "agent.h"
 #include "i18n.h"
-#include "../assuan/assuan.h"
+#include <assuan.h>

 #ifdef _POSIX_OPEN_MAX
 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@ -70,7 +70,7 @@ unlock_pinentry (int rc)
    {
      log_error ("failed to release the entry lock\n");
      if (!rc)
-        rc = GNUPG_Internal_Error;
+        rc = gpg_error (GPG_ERR_INTERNAL);
    }
 #endif
  entry_ctx = NULL;
@ -96,7 +96,7 @@ start_pinentry (CTRL ctrl)
  if (!pth_mutex_acquire (&entry_lock, 0, NULL))
    {
      log_error ("failed to acquire the entry lock\n");
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
    }
 #endif

@ -108,8 +108,9 @@ start_pinentry (CTRL ctrl)
      
  if (fflush (NULL))
    {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
      log_error ("error flushing pending output: %s\n", strerror (errno));
-      return unlock_pinentry (seterr (Write_Error));
+      return unlock_pinentry (tmperr);
    }

  if (!opt.pinentry_program || !*opt.pinentry_program)
@ -145,7 +146,7 @@ start_pinentry (CTRL ctrl)
    {
      log_error ("can't connect to the PIN entry module: %s\n",
                 assuan_strerror (rc));
-      return unlock_pinentry (seterr (No_PIN_Entry));
+      return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
    }
  entry_ctx = ctx;

@ -161,7 +162,7 @@ start_pinentry (CTRL ctrl)
    {
      char *optstr;
      if (asprintf (&optstr, "OPTION ttyname=%s", ctrl->ttyname) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
      rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
      free (optstr);
@ -172,7 +173,7 @@ start_pinentry (CTRL ctrl)
    {
      char *optstr;
      if (asprintf (&optstr, "OPTION ttytype=%s", ctrl->ttytype) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
      rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
      if (rc)
@ -182,7 +183,7 @@ start_pinentry (CTRL ctrl)
    {
      char *optstr;
      if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
      rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
      if (rc)
@ -192,7 +193,7 @@ start_pinentry (CTRL ctrl)
    {
      char *optstr;
      if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
      rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
      if (rc)
@ -250,7 +251,7 @@ agent_askpin (CTRL ctrl,
    return 0; /* fixme: we should return BAD PIN */

  if (!pininfo || pininfo->max_length < 1)
-    return seterr (Invalid_Value);
+    return gpg_error (GPG_ERR_INV_VALUE);
  if (!desc_text && pininfo->min_digits)
    desc_text = _("Please enter your PIN, so that the secret key "
                  "can be unlocked for this session");
@ -322,7 +323,8 @@ agent_askpin (CTRL ctrl,
          rc = pininfo->check_cb (pininfo);
          if (rc == -1 && pininfo->cb_errtext)
            errtext = pininfo->cb_errtext;
-          else if (rc == GNUPG_Bad_Passphrase || rc == GNUPG_Bad_PIN)
+          else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+                   || gpg_err_code (rc) == GPG_ERR_BAD_PIN)
            errtext = (is_pin? _("Bad PIN")
                       : _("Bad Passphrase"));
          else if (rc)
@ -333,8 +335,8 @@ agent_askpin (CTRL ctrl,
        return unlock_pinentry (0); /* okay, got a PIN or passphrase */
    }

-  return unlock_pinentry (pininfo->min_digits? GNUPG_Bad_PIN
-                          : GNUPG_Bad_Passphrase);
+  return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
+                          : GPG_ERR_BAD_PASSPHRASE));
 }


@ -356,7 +358,7 @@ agent_get_passphrase (CTRL ctrl,

  *retpass = NULL;
  if (opt.batch)
-    return GNUPG_Bad_Passphrase; 
+    return gpg_error (GPG_ERR_BAD_PASSPHRASE); 

  rc = start_pinentry (ctrl);
  if (rc)
@ -394,7 +396,7 @@ agent_get_passphrase (CTRL ctrl,
  parm.size = ASSUAN_LINELENGTH/2 - 5;
  parm.buffer = gcry_malloc_secure (parm.size+10);
  if (!parm.buffer)
-    return unlock_pinentry (seterr (Out_Of_Core));
+    return unlock_pinentry (out_of_core ());

  assuan_begin_confidential (entry_ctx);
  rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL);
@ -407,8 +409,9 @@ agent_get_passphrase (CTRL ctrl,
  hexstring = gcry_malloc_secure (strlen (parm.buffer)*2+1);
  if (!hexstring)
    {
+      gpg_error_t tmperr = out_of_core ();
      xfree (parm.buffer);
-      return unlock_pinentry (seterr (Out_Of_Core));
+      return unlock_pinentry (tmperr);
    }

  for (i=0, p=parm.buffer; *p; p++, i += 2)
@ -423,7 +426,7 @@ agent_get_passphrase (CTRL ctrl,

 /* Pop up the PIN-entry, display the text and the prompt and ask the
   user to confirm this.  We return 0 for success, ie. the used
-   confirmed it, GNUPG_Not_Confirmed for what the text says or an
+   confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
   other error. */
 int 
 agent_get_confirmation (CTRL ctrl,
--- a/agent/sexp-parse.h
+++ b/agent/sexp-parse.h
@ -68,10 +68,10 @@ sskip (unsigned char const **buf, int *depth)
      else
        {
          if (!d)
-            return GNUPG_Invalid_Sexp;
+            return gpg_error (GPG_ERR_INVALID_SEXP);
          n = snext (&s);
          if (!n)
-            return GNUPG_Invalid_Sexp; 
+            return gpg_error (GPG_ERR_INVALID_SEXP); 
          s += n;
        }
    }
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@ -29,8 +29,7 @@
 #include <sys/stat.h>

 #include "agent.h"
-#include "../assuan/assuan.h" /* fixme: need a way to avoid assuan
-                                 calls here */
+#include <assuan.h> /* fixme: need a way to avoid assuan calls here */

 static const char headerblurb[] =
 "# This is the list of trusted keys.  Comments like this one and empty\n"
@ -60,9 +59,10 @@ open_list (int append)
      trustfp = fopen (fname, "wx");
      if (!trustfp)
        {
+          gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
          log_error ("can't create `%s': %s\n", fname, strerror (errno));
          xfree (fname);
-          return seterr (File_Create_Error);
+          return tmperr;
        }
      fputs (headerblurb, trustfp);
      fclose (trustfp);
@ -71,9 +71,10 @@ open_list (int append)

  if (!trustfp)
    {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
      log_error ("can't open `%s': %s\n", fname, strerror (errno));
      xfree (fname);
-      return seterr (File_Open_Error);
+      return tmperr;
    }

  /*FIXME: check the MAC */
@ -109,7 +110,7 @@ read_list (char *key, int *keyflag)
        {
          if (feof (trustfp))
            return -1;
-          return GNUPG_Read_Error;
+          return gpg_error (gpg_err_code_from_errno (errno));
        }
      
      if (!*line || line[strlen(line)-1] != '\n')
@ -117,7 +118,8 @@ read_list (char *key, int *keyflag)
          /* eat until end of line */
          while ( (c=getc (trustfp)) != EOF && c != '\n')
            ;
-          return *line? GNUPG_Line_Too_Long: GNUPG_Incomplete_Line;
+          return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+                                 : GPG_ERR_INCOMPLETE_LINE);
        }
      
      /* Allow for emty lines and spaces */
@ -132,7 +134,7 @@ read_list (char *key, int *keyflag)
  if (i!=40 || !(spacep (p+i) || p[i] == '\n'))
    {
      log_error ("invalid formatted fingerprint in trustlist\n");
-      return GNUPG_Bad_Data;
+      return gpg_error (GPG_ERR_BAD_DATA);
    }
  assert (p[i]);
  if (p[i] == '\n')
@ -149,13 +151,13 @@ read_list (char *key, int *keyflag)
      else
        {
          log_error ("invalid keyflag in trustlist\n");
-          return GNUPG_Bad_Data;
+          return gpg_error (GPG_ERR_BAD_DATA);
        }
      i++;
      if ( !(spacep (p+i) || p[i] == '\n'))
        {
          log_error ("invalid keyflag in trustlist\n");
-          return GNUPG_Bad_Data;
+          return gpg_error (GPG_ERR_BAD_DATA);
        }
    }

@ -253,7 +255,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
                "  \"%s\"%%0A"
                "has the fingerprint:%%0A"
                "  %s", name, fpr) < 0 )
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
  rc = agent_get_confirmation (ctrl, desc, "Correct", "No");
  free (desc);
  if (rc)
@ -264,7 +266,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
                "  \"%s\"%%0A"
                "to correctly certify user certificates?",
                name) < 0 )
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
  rc = agent_get_confirmation (ctrl, desc, "Yes", "No");
  free (desc);
  if (rc)
@ -294,11 +296,11 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
  print_sanitized_string (trustfp, name, 0);
  fprintf (trustfp, "\n%s %c\n", fpr, flag);
  if (ferror (trustfp))
-    rc = GNUPG_Write_Error;
+    rc = gpg_error (gpg_err_code_from_errno (errno));
  
  /* close because we are in append mode */
  if (fclose (trustfp))
-    rc = GNUPG_File_Error;
+    rc = gpg_error (gpg_err_code_from_errno (errno));
  trustfp = NULL;
  return rc;
 }