gcc-4 defaults forced me to edit many many files to get rid of the

char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
2024-12-22 10:19:57 +01:00 · 2005-06-16 08:12:03 +00:00 · 2005-06-16 08:12:03 +00:00 · deeba405a9
commit deeba405a9
parent 3370164182
69 changed files with 558 additions and 348 deletions
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@ -1,3 +1,49 @@
+2005-06-16  Werner Koch  <wk@g10code.com>
+
+	* protect-tool.c (make_advanced): Makde RESULT a plain char.
+	* call-scd.c (unescape_status_string): Need to cast unsigned char*
+	for strcpy.
+	(agent_card_pksign): Made arg R_BUF an unsigned char**.
+	* divert-scd.c (divert_pksign): Made SIGVAL unsigned char*.
+	(encode_md_for_card): Initialize R_VAL and R_LEN.
+	* genkey.c (store_key): Made BUF unsigned.
+	* protect.c (do_encryption): Ditto.
+	(do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT
+	and RESULTLEN even on error.
+	(merge_lists): Need to cast unsigned char * for strcpy. Initialize 
+	RESULTand RESULTLEN even on error.
+	(agent_unprotect): Likewise for strtoul.
+	(make_shadow_info): Made P and INFO plain char.
+	(agent_shadow_key): Made P plain char.
+
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* query.c (agent_get_passphrase): Made HEXSTRING a char*.
+	* command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned.
+	(ssh_key_grip): Simplified.
+	(data_sign): Initialize variables with the definition.
+	(ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE
+	are set to NULL on error.  Cool, gcc-4 detects uninitialized stuff
+	beyond function boundaries; well it can't know that we do error
+	proper error handling so that this was not a real error.
+	(file_to_buffer): Likewise for BUFFER and BUFFER_N.
+	(data_sign): Likewise for SIG and SIG_N.
+	(stream_read_byte): Set B to a value even on error.
+	* command.c (cmd_genkey): Changed VALUE to char.
+	(cmd_readkey): Cast arg for gcry_sexp_sprint.
+	* agent.h (struct server_control_s): Made KEYGRIP unsigned.
+
+2005-06-13  Werner Koch  <wk@g10code.com>
+
+	* command-ssh.c (start_command_handler_ssh): Reset the SCD.
+
+2005-06-09  Werner Koch  <wk@g10code.com>
+
+	* gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh.
+	* cache.c (housekeeping): Use it.
+	(agent_put_cache): Use a switch to get the default ttl so that it
+	is easier to add more cases.
+
 2005-06-06  Werner Koch  <wk@g10code.com>

 	* gpg-agent.c: New option --default-cache-ttl-ssh.
--- a/agent/agent.h
+++ b/agent/agent.h
@ -71,9 +71,10 @@ struct {
  int no_grab;         /* Don't let the pinentry grab the keyboard */

  /* The default and maximum TTL of cache entries. */
-  unsigned long def_cache_ttl;     /* Normal. */
-  unsigned long def_cache_ttl_ssh; /* SSH. */
-  unsigned long max_cache_ttl;
+  unsigned long def_cache_ttl;     /* Default. */
+  unsigned long def_cache_ttl_ssh; /* for SSH. */
+  unsigned long max_cache_ttl;     /* Default. */
+  unsigned long max_cache_ttl_ssh; /* for SSH. */


  int running_detached; /* We are running detached from the tty. */
@ -107,8 +108,8 @@ struct server_local_s;
 struct scd_local_s;

 /* Collection of data per session (aka connection). */
-struct server_control_s {
-
+struct server_control_s 
+{
  /* Private data of the server (command.c). */
  struct server_local_s *server_local;

@ -128,7 +129,7 @@ struct server_control_s {
    int valuelen;
    int raw_value: 1;
  } digest;
-  char keygrip[20];
+  unsigned char keygrip[20];
  int have_keygrip;

  int use_auth_call; /* Hack to send the PKAUTH command instead of the
@ -289,7 +290,7 @@ int agent_card_pksign (ctrl_t ctrl,
                       int (*getpin_cb)(void *, const char *, char*, size_t),
                       void *getpin_cb_arg,
                       const unsigned char *indata, size_t indatalen,
-                       char **r_buf, size_t *r_buflen);
+                       unsigned char **r_buf, size_t *r_buflen);
 int agent_card_pkdecrypt (ctrl_t ctrl,
                          const char *keyid,
                          int (*getpin_cb)(void *, const char *, char*,size_t),
--- a/agent/cache.c
+++ b/agent/cache.c
@ -103,10 +103,17 @@ housekeeping (void)
    }

  /* Second, make sure that we also remove them based on the created stamp so
-     that the user has to enter it from time to time.  We do this every hour */
+     that the user has to enter it from time to time. */
  for (r=thecache; r; r = r->next)
    {
-      if (!r->lockcount && r->pw && r->created + opt.max_cache_ttl < current)
+      unsigned long maxttl;
+      
+      switch (r->cache_mode)
+        {
+        case CACHE_MODE_SSH: maxttl = opt.max_cache_ttl_ssh; break;
+        default: maxttl = opt.max_cache_ttl; break;
+        }
+      if (!r->lockcount && r->pw && r->created + maxttl < current)
        {
          if (DBG_CACHE)
            log_debug ("  expired `%s' (%lus after creation)\n",
@ -203,10 +210,11 @@ agent_put_cache (const char *key, cache_mode_t cache_mode,

  if (!ttl)
    {
-      if (cache_mode == CACHE_MODE_SSH)
-        ttl = opt.def_cache_ttl_ssh;
-      else
-        ttl = opt.def_cache_ttl;
+      switch(cache_mode)
+        {
+        case CACHE_MODE_SSH: ttl = opt.def_cache_ttl_ssh; break;
+        default: ttl = opt.def_cache_ttl; break;
+        }
    }
  if (!ttl || cache_mode == CACHE_MODE_IGNORE)
    return 0;
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@ -465,7 +465,7 @@ unescape_status_string (const unsigned char *s)
 {
  char *buffer, *d;

-  buffer = d = xtrymalloc (strlen (s)+1);
+  buffer = d = xtrymalloc (strlen ((const char*)s)+1);
  if (!buffer)
    return NULL;
  while (*s)
@ -666,7 +666,7 @@ agent_card_pksign (ctrl_t ctrl,
                   int (*getpin_cb)(void *, const char *, char*, size_t),
                   void *getpin_cb_arg,
                   const unsigned char *indata, size_t indatalen,
-                   char **r_buf, size_t *r_buflen)
+                   unsigned char **r_buf, size_t *r_buflen)
 {
  int rc, i;
  char *p, line[ASSUAN_LINELENGTH];
@ -714,14 +714,11 @@ agent_card_pksign (ctrl_t ctrl,
  /* Create an S-expression from it which is formatted like this:
     "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" */
  *r_buflen = 21 + 11 + sigbuflen + 4;
-  *r_buf = xtrymalloc (*r_buflen);
-  if (!*r_buf)
-    {
-      gpg_error_t tmperr = out_of_core ();
-      xfree (*r_buf);
-      return unlock_scd (ctrl, tmperr);
-    }
-  p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" );
+  p = xtrymalloc (*r_buflen);
+  *r_buf = (unsigned char*)p;
+  if (!p)
+    return unlock_scd (ctrl, out_of_core ());
+  p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
  sprintf (p, "%u:", (unsigned int)sigbuflen);
  p += strlen (p);
  memcpy (p, sigbuf, sigbuflen);
@ -895,7 +892,7 @@ card_getattr_cb (void *opaque, const char *line)
  if (keywordlen == parm->keywordlen
      && !memcmp (keyword, parm->keyword, keywordlen))
    {
-      parm->data = unescape_status_string (line);
+      parm->data = unescape_status_string ((const unsigned char*)line);
      if (!parm->data)
        parm->error = errno;
    }
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@ -297,6 +297,7 @@ stream_read_byte (estream_t stream, unsigned char *b)
 	err = gpg_error_from_errno (errno);
      else
 	err = gpg_error (GPG_ERR_EOF);
+      *b = 0;
    }
  else
    {
@ -604,6 +605,9 @@ file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n)
  gpg_error_t err;
  int ret;

+  *buffer = NULL;
+  *buffer_n = 0;
+
  buffer_new = NULL;
  err = 0;
  
@ -1381,6 +1385,9 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
  gpg_error_t err;
  unsigned int i;

+  *blob = NULL;
+  *blob_size = 0;
+
  blob_new = NULL;
  stream = NULL;
  err = 0;
@ -1535,20 +1542,12 @@ ssh_read_key_public_from_blob (unsigned char *blob, size_t blob_size,
   S-Expression KEY and writes it to BUFFER, which must be large
   enough to hold it.  Returns usual error code.  */
 static gpg_error_t
-ssh_key_grip (gcry_sexp_t key, char *buffer)
+ssh_key_grip (gcry_sexp_t key, unsigned char *buffer)
 {
-  gpg_error_t err;
-  char *p;
+  if (!gcry_pk_get_keygrip (key, buffer))
+    return gpg_error (GPG_ERR_INTERNAL);

-  /* FIXME: unsigned vs. signed.  */
-  
-  p = gcry_pk_get_keygrip (key, buffer);
-  if (! p)
-    err = gpg_error (GPG_ERR_INTERNAL);	/* FIXME?  */
-  else
-    err = 0;
-
-  return err;
+  return 0;
 }

 /* Converts the secret key KEY_SECRET into a public key, storing it in
@ -1654,7 +1653,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
    }

  pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
-  err = gcry_sexp_sscan (&s_pk, NULL, pkbuf, pkbuflen);
+  err = gcry_sexp_sscan (&s_pk, NULL, (char*)pkbuf, pkbuflen);
  if (err)
    {
      log_error ("failed to build S-Exp from received card key: %s\n",
@ -1877,7 +1876,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
          if (err)
            goto out;
 	      
-          err = gcry_sexp_sscan (&key_secret, NULL, buffer, buffer_n);
+          err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n);
          if (err)
            goto out;

@ -1984,14 +1983,14 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
 	   unsigned char **sig, size_t *sig_n)
 {
  gpg_error_t err;
-  gcry_sexp_t signature_sexp;
-  estream_t stream;
-  gcry_sexp_t valuelist;
-  gcry_sexp_t sublist;
-  gcry_mpi_t sig_value;
-  unsigned char *sig_blob;
-  size_t sig_blob_n;
-  char *identifier;
+  gcry_sexp_t signature_sexp = NULL;
+  estream_t stream = NULL;
+  gcry_sexp_t valuelist = NULL;
+  gcry_sexp_t sublist = NULL;
+  gcry_mpi_t sig_value = NULL;
+  unsigned char *sig_blob = NULL;;
+  size_t sig_blob_n = 0;
+  char *identifier = NULL;
  const char *identifier_raw;
  size_t identifier_n;
  ssh_key_type_spec_t spec;
@ -1999,17 +1998,10 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
  unsigned int i;
  const char *elems;
  size_t elems_n;
-  gcry_mpi_t *mpis;
+  gcry_mpi_t *mpis = NULL;

-  signature_sexp = NULL;
-  identifier = NULL;
-  valuelist = NULL;
-  sublist = NULL;
-  sig_blob = NULL;
-  sig_blob_n = 0;
-  stream = NULL;
-  sig_value = NULL;
-  mpis = NULL;
+  *sig = NULL;
+  *sig_n = 0;

  ctrl->use_auth_call = 1;
  err = agent_pksign_do (ctrl,
@ -2119,7 +2111,7 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
  if (err)
    goto out;
  
-  *sig = (char *) sig_blob;
+  *sig = sig_blob;
  *sig_n = sig_blob_n;
  
 out:
@ -2684,7 +2676,7 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
     secure memory, since we never give out secret keys. 

     FIXME: This is a pretty good DoS.  We only have a limited amount
-     of secure memory, we can't trhow hin everything we get from a
+     of secure memory, we can't throw in everything we get from a
     client -wk */
      
  /* Retrieve request.  */
@ -2824,7 +2816,6 @@ start_command_handler_ssh (int sock_client)
  struct server_control_s ctrl;
  estream_t stream_sock;
  gpg_error_t err;
-  int bad;
  int ret;

  /* Setup control structure.  */
@ -2868,15 +2859,15 @@ start_command_handler_ssh (int sock_client)
      goto out;
    }

-  while (1)
-    {
-      bad = ssh_request_process (&ctrl, stream_sock);
-      if (bad)
-	break;
-    };
+  /* Main processing loop. */
+  while ( !ssh_request_process (&ctrl, stream_sock) )
+    ;
+
+  /* Reset the SCD in case it has been used. */
+  agent_reset_scd (&ctrl);
+

 out:
-
  if (stream_sock)
    es_fclose (stream_sock);

--- a/agent/command.c
+++ b/agent/command.c
@ -168,7 +168,7 @@ parse_keygrip (ASSUAN_CONTEXT ctx, const char *string, unsigned char *buf)
  if (n != 20)
    return set_error (Parameter_Error, "invalid length of keygrip");

-  for (p=string, n=0; n < 20; p += 2, n++)
+  for (p=(const unsigned char*)string, n=0; n < 20; p += 2, n++)
    buf[n] = xtoi_2 (p);

  return 0;
@ -494,7 +494,7 @@ cmd_genkey (ASSUAN_CONTEXT ctx, char *line)

  init_membuf (&outbuf, 512);

-  rc = agent_genkey (ctrl, value, valuelen, &outbuf);
+  rc = agent_genkey (ctrl, (char*)value, valuelen, &outbuf);
  xfree (value);
  if (rc)
    clear_outbuf (&outbuf);
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@ -139,10 +139,13 @@ static int
 encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
                    unsigned char **r_val, size_t *r_len)
 {
-  byte *frame;
-  byte asn[100];
+  unsigned char *frame;
+  unsigned char asn[100];
  size_t asnlen;

+  *r_val = NULL;
+  *r_len = 0;
+
  asnlen = DIM(asn);
  if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
    {
@ -295,7 +298,7 @@ divert_pksign (CTRL ctrl,
  int rc;
  char *kid;
  size_t siglen;
-  char *sigval;
+  unsigned char *sigval;
  unsigned char *data;
  size_t ndata;

--- a/agent/findkey.c
+++ b/agent/findkey.c
@ -345,7 +345,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
    }

  /* Convert the file into a gcrypt S-expression object.  */
-  rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen);
+  rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
  xfree (fname);
  fclose (fp);
  xfree (buf);
@ -500,7 +500,7 @@ agent_key_from_file (ctrl_t ctrl, const char *desc_text,
    }

  buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
-  rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen);
+  rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
  wipememory (buf, buflen);
  xfree (buf);
  if (rc)
--- a/agent/genkey.c
+++ b/agent/genkey.c
@ -33,7 +33,7 @@ static int
 store_key (gcry_sexp_t private, const char *passphrase, int force)
 {
  int rc;
-  char *buf;
+  unsigned char *buf;
  size_t len;
  unsigned char grip[20];
  
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -85,6 +85,7 @@ enum cmd_and_opt_values
  oDefCacheTTL,
  oDefCacheTTLSSH,
  oMaxCacheTTL,
+  oMaxCacheTTLSSH,
  oUseStandardSocket,
  oNoUseStandardSocket,

@ -143,6 +144,7 @@ static ARGPARSE_OPTS opts[] = {
                               N_("|N|expire cached PINs after N seconds")},
  { oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" },
  { oMaxCacheTTL, "max-cache-ttl", 4, "@" },
+  { oMaxCacheTTLSSH, "max-cache-ttl-ssh", 4, "@" },
  { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
                               N_("do not use the PIN cache when signing")},
  { oAllowMarkTrusted, "allow-mark-trusted", 0,
@ -156,8 +158,9 @@ static ARGPARSE_OPTS opts[] = {
 };


-#define DEFAULT_CACHE_TTL (10*60)  /* 10 minutes */
-#define MAX_CACHE_TTL     (120*60) /* 2 hours */
+#define DEFAULT_CACHE_TTL     (10*60)  /* 10 minutes */
+#define DEFAULT_CACHE_TTL_SSH (30*60)  /* 30 minutes */
+#define MAX_CACHE_TTL         (120*60) /* 2 hours */


 /* flag to indicate that a shutdown was requested */
@ -369,8 +372,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      opt.pinentry_program = NULL;
      opt.scdaemon_program = NULL;
      opt.def_cache_ttl = DEFAULT_CACHE_TTL;
-      opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL;
+      opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
      opt.max_cache_ttl = MAX_CACHE_TTL;
+      opt.max_cache_ttl_ssh = MAX_CACHE_TTL;
      opt.ignore_cache_for_signing = 0;
      opt.allow_mark_trusted = 0;
      opt.disable_scdaemon = 0;
@ -407,6 +411,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
    case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
    case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
    case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
+    case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
      
    case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;

--- a/agent/minip12.c
+++ b/agent/minip12.c
@ -1552,6 +1552,8 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
  struct buffer_s seqlist[2];
  int seqlistidx = 0;

+  n = buflen = 0; /* (avoid compiler warning). */
+
  if (cert && certlen)
    {
      /* Encode the certificate. */
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@ -52,7 +52,7 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
      goto leave;
    }

-  rc = gcry_sexp_sscan (&s_cipher, NULL, ciphertext, ciphertextlen);
+  rc = gcry_sexp_sscan (&s_cipher, NULL, (char*)ciphertext, ciphertextlen);
  if (rc)
    {
      log_error ("failed to convert ciphertext: %s\n", gpg_strerror (rc));
--- a/agent/pksign.c
+++ b/agent/pksign.c
@ -117,7 +117,7 @@ agent_pksign_do (ctrl_t ctrl, const char *desc_text,
      len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
      assert (len);

-      rc = gcry_sexp_sscan (&s_sig, NULL, buf, len);
+      rc = gcry_sexp_sscan (&s_sig, NULL, (char*)buf, len);
      xfree (buf);
      if (rc)
 	{
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@ -239,9 +239,9 @@ make_advanced (const unsigned char *buf, size_t buflen)
  int rc;
  size_t erroff, len;
  gcry_sexp_t sexp;
-  unsigned char *result;
+  char *result;

-  rc = gcry_sexp_sscan (&sexp, &erroff, buf, buflen);
+  rc = gcry_sexp_sscan (&sexp, &erroff, (const char*)buf, buflen);
  if (rc)
    {
      log_error ("invalid canonical S-Expression (off=%u): %s\n",
@ -378,7 +378,7 @@ read_and_protect (const char *fname)
      xfree (result);
      if (!p)
        return;
-      result = p;
+      result = (unsigned char*)p;
      resultlen = strlen (p);
    }

@ -417,7 +417,7 @@ read_and_unprotect (const char *fname)
      xfree (result);
      if (!p)
        return;
-      result = p;
+      result = (unsigned char*)p;
      resultlen = strlen (p);
    }

@ -434,12 +434,13 @@ read_and_shadow (const char *fname)
  unsigned char *key;
  unsigned char *result;
  size_t resultlen;
+  unsigned char dummy_info[] = "(8:313233342:43)";
  
  key = read_key (fname);
  if (!key)
    return;

-  rc = agent_shadow_key (key, "(8:313233342:43)", &result);
+  rc = agent_shadow_key (key, dummy_info, &result);
  xfree (key);
  if (rc)
    {
@ -455,7 +456,7 @@ read_and_shadow (const char *fname)
      xfree (result);
      if (!p)
        return;
-      result = p;
+      result = (unsigned char*)p;
      resultlen = strlen (p);
    }

@ -682,7 +683,7 @@ import_p12_file (const char *fname)
  if (!buf)
    return;

-  kparms = p12_parse (buf, buflen, (pw=get_passphrase (2)),
+  kparms = p12_parse ((unsigned char*)buf, buflen, (pw=get_passphrase (2)),
                      import_p12_cert_cb, NULL);
  release_passphrase (pw);
  xfree (buf);
@ -773,7 +774,7 @@ import_p12_file (const char *fname)
      xfree (result);
      if (!p)
        return;
-      result = p;
+      result = (unsigned char*)p;
      resultlen = strlen (p);
    }

@ -932,7 +933,7 @@ export_p12_file (const char *fname)

  if (opt_have_cert)
    {
-      cert = read_file ("-", &certlen);
+      cert = (unsigned char*)read_file ("-", &certlen);
      if (!cert)
        {
          wipememory (key, keylen_for_wipe);
@ -1040,7 +1041,7 @@ percent_plus_unescape (unsigned char *string)
 static char *
 percent_plus_unescape_string (char *string) 
 {
-  unsigned char *p = string;
+  unsigned char *p = (unsigned char*)string;
  size_t n;

  n = percent_plus_unescape (p);
--- a/agent/protect.c
+++ b/agent/protect.c
@ -134,19 +134,22 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)

 */
 static int
-do_encryption (const char *protbegin, size_t protlen, 
+do_encryption (const unsigned char *protbegin, size_t protlen, 
               const char *passphrase,  const unsigned char *sha1hash,
               unsigned char **result, size_t *resultlen)
 {
  gcry_cipher_hd_t hd;
  const char *modestr = "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc";
  int blklen, enclen, outlen;
-  char *iv = NULL;
+  unsigned char *iv = NULL;
  int rc;
  char *outbuf = NULL;
  char *p;
  int saltpos, ivpos, encpos;

+  *resultlen = 0;
+  *result = NULL;
+
  rc = gcry_cipher_open (&hd, PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
                         GCRY_CIPHER_SECURE);
  if (rc)
@ -250,7 +253,7 @@ do_encryption (const char *protbegin, size_t protlen,
      return tmperr;
    }
  *resultlen = strlen (p);
-  *result = p;
+  *result = (unsigned char*)p;
  memcpy (p+saltpos, iv+2*blklen, 8);
  memcpy (p+ivpos, iv, blklen);
  memcpy (p+encpos, outbuf, enclen);
@ -261,7 +264,7 @@ do_encryption (const char *protbegin, size_t protlen,



-/* Protect the key encoded in canonical format in plainkey.  We assume
+/* Protect the key encoded in canonical format in PLAINKEY.  We assume
   a valid S-Exp here. */
 int 
 agent_protect (const unsigned char *plainkey, const char *passphrase,
@ -469,6 +472,9 @@ merge_lists (const unsigned char *protectedkey,
  const unsigned char *startpos, *endpos;
  int i, rc;
  
+  *result = NULL;
+  *resultlen = 0;
+
  if (replacepos < 26)
    return gpg_error (GPG_ERR_BUG);

@ -487,7 +493,7 @@ merge_lists (const unsigned char *protectedkey,
    return out_of_core ();

  /* Copy the initial segment */
-  strcpy (newlist, "(11:private-key");
+  strcpy ((char*)newlist, "(11:private-key");
  p = newlist + 15;
  memcpy (p, protectedkey+15+10, replacepos-15-10);
  p += replacepos-15-10;
@ -669,7 +675,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
     is nothing we should worry about */
  if (s[n] != ')' )
    return gpg_error (GPG_ERR_INV_SEXP);
-  s2kcount = strtoul (s, NULL, 10);
+  s2kcount = strtoul ((const char*)s, NULL, 10);
  if (!s2kcount)
    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
  s += n;
@ -838,7 +844,7 @@ unsigned char *
 make_shadow_info (const char *serialno, const char *idstring)
 {
  const char *s;
-  unsigned char *info, *p;
+  char *info, *p;
  char numbuf[21];
  int n;

@ -853,13 +859,13 @@ make_shadow_info (const char *serialno, const char *idstring)
  sprintf (numbuf, "%d:", n);
  p = stpcpy (p, numbuf);
  for (s=serialno; *s && s[1]; s += 2)
-    *p++ = xtoi_2 (s);
+    *(unsigned char *)p++ = xtoi_2 (s);
  sprintf (numbuf, "%d:", strlen (idstring));
  p = stpcpy (p, numbuf);
  p = stpcpy (p, idstring);
  *p++ = ')';
  *p = 0;
-  return info;
+  return (unsigned char *)info;
 }


@ -878,7 +884,7 @@ agent_shadow_key (const unsigned char *pubkey,
  const unsigned char *point;
  size_t n;
  int depth = 0;
-  unsigned char *p;
+  char *p;
  size_t pubkey_len = gcry_sexp_canon_len (pubkey, 0, NULL,NULL);
  size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL);

@ -930,7 +936,8 @@ agent_shadow_key (const unsigned char *pubkey,
  /* Calculate required length by taking in account: the "shadowed-"
     prefix, the "shadowed", "t1-v1" as well as some parenthesis */
  n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
-  *result = p = xtrymalloc (n);
+  *result = xtrymalloc (n);
+  p = (char*)*result;
  if (!p)
      return out_of_core ();
  p = stpcpy (p, "(20:shadowed-private-key");
--- a/agent/query.c
+++ b/agent/query.c
@ -58,7 +58,7 @@ static pth_mutex_t entry_lock;
 struct entry_parm_s {
  int lines;
  size_t size;
-  char *buffer;
+  unsigned char *buffer;
 };


@ -372,7 +372,7 @@ agent_askpin (ctrl_t ctrl,
    {
      memset (&parm, 0, sizeof parm);
      parm.size = pininfo->max_length;
-      parm.buffer = pininfo->pin;
+      parm.buffer = (unsigned char*)pininfo->pin;

      if (errtext)
        { 
@ -444,7 +444,8 @@ agent_get_passphrase (CTRL ctrl,
  int rc;
  char line[ASSUAN_LINELENGTH];
  struct entry_parm_s parm;
-  unsigned char *p, *hexstring;
+  unsigned char *p;
+  char *hexstring;
  int i;

  *retpass = NULL;
@ -497,7 +498,7 @@ agent_get_passphrase (CTRL ctrl,
      return unlock_pinentry (map_assuan_err (rc));
    }
  
-  hexstring = gcry_malloc_secure (strlen (parm.buffer)*2+1);
+  hexstring = gcry_malloc_secure (strlen ((char*)parm.buffer)*2+1);
  if (!hexstring)
    {
      gpg_error_t tmperr = out_of_core ();
--- a/common/ChangeLog
+++ b/common/ChangeLog
@ -1,9 +1,33 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* miscellaneous.c (make_printable_string): Made P a void*.
+
+	* sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp):
+	Fixed signed/unsigned pointer mismatch.
+	(make_simple_sexp_from_hexstr): Ditto.  This is all too ugly; I
+	wonder why gcc-4's default is to warn about them and forcing us to
+	use cast the warning away.
+	* iobuf.c (block_filter): Ditto.
+	(iobuf_flush): Ditto.
+	(iobuf_read_line): Ditto.
+	(iobuf_read): Make BUFFER a void *.
+	(iobuf_write): Make BUFFER a const void *.
+	* ttyio.c (tty_print_utf8_string2): Ditto.
+	* estream.c (estream_cookie_mem): Make MEMORY unsigned char*.
+	(es_write): Make BUFFER a void *.
+	(es_writen): Ditto.
+	(es_func_fd_read, es_func_fd_write, es_func_mem_read) 
+	(es_func_mem_write): Ditto.
+	(es_read, es_readn): Ditto.
+	(es_func_mem_write): Made MEMORY_NEW an unsigned char *.
+	* estream.h (es_cookie_read_function_t)
+	(es_cookie_write_function_t): Changed buffer arg to void*.
+
 2005-06-03  Werner Koch  <wk@g10code.com>

 	* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
 	(es_func_fd_read, es_func_fd_write): Protect against EINTR.
 	
-
 2005-06-01  Werner Koch  <wk@g10code.com>

 	* Makefile.am (AM_CPPFLAGS): Added.
--- a/common/estream.c
+++ b/common/estream.c
@ -294,7 +294,7 @@ es_init_do (void)
 typedef struct estream_cookie_mem
 {
  unsigned int flags;		/* Open flags.  */
-  char *memory;			/* Data.  */
+  unsigned char *memory;	/* Data.  */
  size_t memory_size;		/* Size of MEMORY.  */
  size_t offset;		/* Current offset in MEMORY.  */
  size_t data_len;		/* Length of data in MEMORY.  */
@ -350,7 +350,7 @@ es_func_mem_create (void *ES__RESTRICT *ES__RESTRICT cookie,

 /* Read function for memory objects.  */
 static ssize_t
-es_func_mem_read (void *cookie, char *buffer, size_t size)
+es_func_mem_read (void *cookie, void *buffer, size_t size)
 {
  estream_cookie_mem_t mem_cookie = cookie;
  ssize_t ret;
@ -371,11 +371,11 @@ es_func_mem_read (void *cookie, char *buffer, size_t size)

 /* Write function for memory objects.  */
 static ssize_t
-es_func_mem_write (void *cookie, const char *buffer, size_t size)
+es_func_mem_write (void *cookie, const void *buffer, size_t size)
 {
  estream_cookie_mem_t mem_cookie = cookie;
  func_realloc_t func_realloc = mem_cookie->func_realloc;
-  char *memory_new;
+  unsigned char *memory_new;
  size_t newsize;
  ssize_t ret;
  int err;
@ -591,7 +591,7 @@ es_func_fd_create (void **cookie, int fd, unsigned int flags)

 /* Read function for fd objects.  */
 static ssize_t
-es_func_fd_read (void *cookie, char *buffer, size_t size)
+es_func_fd_read (void *cookie, void *buffer, size_t size)

 {
  estream_cookie_fd_t file_cookie = cookie;
@ -606,7 +606,7 @@ es_func_fd_read (void *cookie, char *buffer, size_t size)

 /* Write function for fd objects.  */
 static ssize_t
-es_func_fd_write (void *cookie, const char *buffer, size_t size)
+es_func_fd_write (void *cookie, const void *buffer, size_t size)
 			   
 {
  estream_cookie_fd_t file_cookie = cookie;
@ -1122,9 +1122,10 @@ es_read_lbf (estream_t ES__RESTRICT stream,
   *the amount of bytes read in BYTES_READ.  */
 static int
 es_readn (estream_t ES__RESTRICT stream,
-	  unsigned char *ES__RESTRICT buffer,
+	  void *ES__RESTRICT buffer_arg,
 	  size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
 {
+  unsigned char *buffer = (unsigned char *)buffer_arg;
  size_t data_read_unread, data_read;
  int err;

@ -1388,7 +1389,7 @@ es_write_lbf (estream_t ES__RESTRICT stream,
   amount of bytes written in BYTES_WRITTEN.  */
 static int
 es_writen (estream_t ES__RESTRICT stream,
-	   const unsigned char *ES__RESTRICT buffer,
+	   const void *ES__RESTRICT buffer,
 	   size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
 {
  size_t data_written;
@ -2289,7 +2290,7 @@ es_ungetc (int c, estream_t stream)

 int
 es_read (estream_t ES__RESTRICT stream,
-	 char *ES__RESTRICT buffer, size_t bytes_to_read,
+	 void *ES__RESTRICT buffer, size_t bytes_to_read,
 	 size_t *ES__RESTRICT bytes_read)
 {
  int err;
@ -2309,7 +2310,7 @@ es_read (estream_t ES__RESTRICT stream,

 int
 es_write (estream_t ES__RESTRICT stream,
-	  const char *ES__RESTRICT buffer, size_t bytes_to_write,
+	  const void *ES__RESTRICT buffer, size_t bytes_to_write,
 	  size_t *ES__RESTRICT bytes_written)
 {
  int err;
--- a/common/estream.h
+++ b/common/estream.h
@ -72,9 +72,9 @@ typedef struct es__stream *estream_t;


 typedef ssize_t (*es_cookie_read_function_t) (void *cookie,
-					      char *buffer, size_t size);
+					      void *buffer, size_t size);
 typedef ssize_t (*es_cookie_write_function_t) (void *cookie,
-					       const char *buffer,
+					       const void *buffer,
 					       size_t size);
 typedef int (*es_cookie_seek_function_t) (void *cookie,
 					  off_t *pos, int whence);
@ -166,10 +166,10 @@ int _es_putc_overflow (int c, estream_t stream);
 int es_ungetc (int c, estream_t stream);

 int es_read (estream_t ES__RESTRICT stream,
-	     char *ES__RESTRICT buffer, size_t bytes_to_read,
+	     void *ES__RESTRICT buffer, size_t bytes_to_read,
 	     size_t *ES__RESTRICT bytes_read);
 int es_write (estream_t ES__RESTRICT stream,
-	      const char *ES__RESTRICT buffer, size_t bytes_to_write,
+	      const void *ES__RESTRICT buffer, size_t bytes_to_write,
 	      size_t *ES__RESTRICT bytes_written);

 size_t es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
--- a/common/iobuf.c
+++ b/common/iobuf.c
@ -675,10 +675,11 @@ sock_filter (void *opaque, int control, iobuf_t chain, byte * buf,
 * without a filter
 */
 static int
-block_filter (void *opaque, int control, iobuf_t chain, byte * buf,
+block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
 	      size_t * ret_len)
 {
  block_filter_ctx_t *a = opaque;
+  char *buf = (char *)buffer;
  size_t size = *ret_len;
  int c, needed, rc = 0;
  char *p;
@ -1762,7 +1763,7 @@ iobuf_flush (iobuf_t a)

  if (a->use == 3)
    {				/* increase the temp buffer */
-      char *newbuf;
+      unsigned char *newbuf;
      size_t newsize = a->d.size + 8192;

      if (DBG_IOBUF)
@ -1829,8 +1830,9 @@ iobuf_readbyte (iobuf_t a)


 int
-iobuf_read (iobuf_t a, byte * buf, unsigned buflen)
+iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
 {
+  unsigned char *buf = (unsigned char *)buffer;
  int c, n;

  if (a->unget.buf || a->nlimit)
@ -1915,7 +1917,7 @@ iobuf_peek (iobuf_t a, byte * buf, unsigned buflen)


 int
-iobuf_writebyte (iobuf_t a, unsigned c)
+iobuf_writebyte (iobuf_t a, unsigned int c)
 {
  int rc;

@ -1933,8 +1935,9 @@ iobuf_writebyte (iobuf_t a, unsigned c)


 int
-iobuf_write (iobuf_t a, byte * buf, unsigned buflen)
+iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
 {
+  const unsigned char *buf = (const unsigned char *)buffer;
  int rc;

  if (a->directfp)
@ -2311,7 +2314,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 		 unsigned *length_of_buffer, unsigned *max_length)
 {
  int c;
-  char *buffer = *addr_of_buffer;
+  char *buffer = (char *)*addr_of_buffer;
  unsigned length = *length_of_buffer;
  unsigned nbytes = 0;
  unsigned maxlen = *max_length;
@ -2321,7 +2324,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
    {				/* must allocate a new buffer */
      length = 256;
      buffer = xmalloc (length);
-      *addr_of_buffer = buffer;
+      *addr_of_buffer = (unsigned char *)buffer;
      *length_of_buffer = length;
    }

@ -2344,7 +2347,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 	  length += 3;		/* correct for the reserved byte */
 	  length += length < 1024 ? 256 : 1024;
 	  buffer = xrealloc (buffer, length);
-	  *addr_of_buffer = buffer;
+	  *addr_of_buffer = (unsigned char *)buffer;
 	  *length_of_buffer = length;
 	  length -= 3;		/* and reserve again */
 	  p = buffer + nbytes;
--- a/common/iobuf.h
+++ b/common/iobuf.h
@ -120,12 +120,12 @@ off_t iobuf_tell (iobuf_t a);
 int iobuf_seek (iobuf_t a, off_t newpos);

 int iobuf_readbyte (iobuf_t a);
-int iobuf_read (iobuf_t a, byte * buf, unsigned buflen);
+int iobuf_read (iobuf_t a, void *buf, unsigned buflen);
 unsigned iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 			  unsigned *length_of_buffer, unsigned *max_length);
 int iobuf_peek (iobuf_t a, byte * buf, unsigned buflen);
 int iobuf_writebyte (iobuf_t a, unsigned c);
-int iobuf_write (iobuf_t a, byte * buf, unsigned buflen);
+int iobuf_write (iobuf_t a, const void *buf, unsigned buflen);
 int iobuf_writestr (iobuf_t a, const char *buf);

 void iobuf_flush_temp (iobuf_t temp);
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@ -66,7 +66,7 @@ print_utf8_string( FILE *fp, const byte *p, size_t n )
 }

 char *
-make_printable_string( const byte *p, size_t n, int delim )
+make_printable_string (const void *p, size_t n, int delim )
 {
  return sanitize_buffer (p, n, delim);
 }
--- a/common/sexputil.c
+++ b/common/sexputil.c
@ -52,7 +52,7 @@ keygrip_from_canon_sexp (const unsigned char *key, size_t keylen,

  if (!grip)
    return gpg_error (GPG_ERR_INV_VALUE);
-  err = gcry_sexp_sscan (&sexp, NULL, key, keylen);
+  err = gcry_sexp_sscan (&sexp, NULL, (const char *)key, keylen);
  if (err)
    return err;
  if (!gcry_pk_get_keygrip (sexp, grip))
@ -66,8 +66,11 @@ keygrip_from_canon_sexp (const unsigned char *key, size_t keylen,
   are identical or !0 if they are not.  Not that this function can't
   be used for sorting. */
 int
-cmp_simple_canon_sexp (const unsigned char *a, const unsigned char *b)
+cmp_simple_canon_sexp (const unsigned char *a_orig,
+                       const unsigned char *b_orig)
 {
+  const char *a = (const char *)a_orig;
+  const char *b = (const char *)b_orig;
  unsigned long n1, n2;
  char *endp;

@ -124,7 +127,7 @@ make_simple_sexp_from_hexstr (const char *line, size_t *nscanned)
  buf = xtrymalloc (strlen (numbuf) + len + 1 + 1);
  if (!buf)
    return NULL;
-  p = stpcpy (buf, numbuf);
+  p = (unsigned char *)stpcpy ((char *)buf, numbuf);
  s = line;
  if ((n&1))
    {
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@ -404,7 +404,7 @@ static char *
 copy_and_escape (char *buffer, const char *text)
 {
  int i;
-  const unsigned char *s = text;
+  const unsigned char *s = (unsigned char *)text;
  char *p = buffer;
  

--- a/common/ttyio.c
+++ b/common/ttyio.c
@ -322,7 +322,7 @@ tty_print_utf8_string2( const byte *p, size_t n, size_t max_n )
 	    break;
    }
    if( i < n ) {
-	buf = utf8_to_native( p, n, 0 );
+	buf = utf8_to_native( (const char *)p, n, 0 );
 	if( max_n && (strlen( buf ) > max_n )) {
 	    buf[max_n] = 0;
 	}
--- a/common/util.h
+++ b/common/util.h
@ -153,7 +153,7 @@ const char *print_fname_stdin (const char *s);
 void print_string (FILE *fp, const byte *p, size_t n, int delim);
 void print_utf8_string2 ( FILE *fp, const byte *p, size_t n, int delim);
 void print_utf8_string (FILE *fp, const byte *p, size_t n);
-char *make_printable_string (const byte *p, size_t n, int delim);
+char *make_printable_string (const void *p, size_t n, int delim);

 int is_file_compressed (const char *s, int *ret_rc);

--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -293,7 +293,7 @@ Set the time a cache entry is valid to @var{n} seconds.  The default are
@item --default-cache-ttl-ssh @var{n}
@opindex default-cache-ttl
 Set the time a cache entry used for SSH keys is valid to @var{n}
-seconds.  The default are 600 seconds.
+seconds.  The default are 1800 seconds.

@item --max-cache-ttl @var{n}
@opindex max-cache-ttl
@ -301,6 +301,12 @@ Set the maximum time a cache entry is valid to @var{n} seconds.  After
 this time a cache entry will get expired even if it has been accessed
 recently.  The default are 2 hours (7200 seconds).

+@item --max-cache-ttl-ssh @var{n}
+@opindex max-cache-ttl-ssh
+Set the maximum time a cache entry used for SSH keys is valid to @var{n}
+seconds.  After this time a cache entry will get expired even if it has
+been accessed recently.  The default are 2 hours (7200 seconds).
+
@item --pinentry-program @var{filename}
@opindex pinentry-program
 Use program @var{filename} as the PIN entry.  The default is installation
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,8 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* g10.c (print_hashline, add_group): Fixes for signed/unsigned
+	pointer mismatch warnings.
+
 2005-06-01  Werner Koch  <wk@g10code.com>

 	* mkdtemp.c: Removed.
--- a/g10/g10.c
+++ b/g10/g10.c
@ -933,7 +933,7 @@ static void add_group(char *string)
      return;
    }

-  trim_trailing_ws(name,strlen(name));
+  trim_trailing_ws((unsigned char *)name,strlen(name));

  /* Break apart the values */
  while ((value= strsep(&string," \t")))
@ -3124,7 +3124,7 @@ print_hashline( MD_HANDLE md, int algo, const char *fname )
    const byte *p;
    
    if ( fname ) {
-        for (p = fname; *p; p++ ) {
+        for (p = (const unsigned char *)fname; *p; p++ ) {
            if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
                printf("%%%02X", *p );
            else 
--- a/g10/misc.c
+++ b/g10/misc.c
@ -986,9 +986,10 @@ mpi_print( FILE *fp, gcry_mpi_t a, int mode )
    }
    else {
 	int rc;
-	unsigned char *buffer;
+	char *buffer;

-	rc = gcry_mpi_aprint( GCRYMPI_FMT_HEX, &buffer, NULL, a );
+	rc = gcry_mpi_aprint( GCRYMPI_FMT_HEX,
+                              &(unsigned char*)buffer, NULL, a );
 	assert( !rc );
 	fputs( buffer, fp );
 	n += strlen(buffer);
--- a/jnlib/ChangeLog
+++ b/jnlib/ChangeLog
@ -1,3 +1,16 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* stringhelp.c (sanitize_buffer): Make P a void*.
+	(ascii_memistr, memistr): Ditto.
+	(ascii_memcasecmp): Ditto.
+	* logging.c (writen): Use void * for arg BUFFER.
+	* stringhelp.c (memistr): Fixed unsigned/signed pointer conflict.
+	(ascii_memistr): Ditto.
+	(ascii_memcasemem): Ditto.
+	* utf8conv.c (utf8_to_native): Ditto.
+	(utf8_to_native): Ditto.
+	* argparse.c (show_version): Removed non-required cast.
+
 2005-01-19  Werner Koch  <wk@g10code.com>

 	* logging.c (fun_writer): Don't fallback to stderr. Print to
--- a/jnlib/argparse.c
+++ b/jnlib/argparse.c
@ -852,7 +852,7 @@ show_version()
    /* additional program info */
    for(i=30; i < 40; i++ )
 	if( (s=strusage(i)) )
-	    fputs( (const byte*)s, stdout);
+	    fputs (s, stdout);
    fflush(stdout);
 }

--- a/jnlib/logging.c
+++ b/jnlib/logging.c
@ -87,10 +87,11 @@ struct fun_cookie_s {
  char name[1];
 };

-/* Write NBYTES of BUF to file descriptor FD. */
+/* Write NBYTES of BUFFER to file descriptor FD. */
 static int
-writen (int fd, const unsigned char *buf, size_t nbytes)
+writen (int fd, const void *buffer, size_t nbytes)
 {
+  const char *buf = buffer;
  size_t nleft = nbytes;
  int nwritten;
  
--- a/jnlib/stringhelp.c
+++ b/jnlib/stringhelp.c
@ -1,6 +1,6 @@
 /* stringhelp.c -  standard string helper functions
 * Copyright (C) 1998, 1999, 2000, 2001, 2003,
- *               2004  Free Software Foundation, Inc.
+ *               2004, 2005  Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -35,45 +35,57 @@

 /*
 * Look for the substring SUB in buffer and return a pointer to that
- * substring in BUF or NULL if not found.
+ * substring in BUFFER or NULL if not found.
 * Comparison is case-insensitive.
 */
 const char *
-memistr( const char *buf, size_t buflen, const char *sub )
+memistr (const void *buffer, size_t buflen, const char *sub)
 {
-    const byte *t, *s ;
-    size_t n;
+  const unsigned char *buf = buffer;
+  const unsigned char *t = (const unsigned char *)buffer;
+  const unsigned char *s = (const unsigned char *)sub;
+  size_t n = buflen;

-    for( t=buf, n=buflen, s=sub ; n ; t++, n-- )
-	if( toupper(*t) == toupper(*s) ) {
-	    for( buf=t++, buflen = n--, s++;
-		 n && toupper(*t) == toupper(*s); t++, s++, n-- )
-		;
-	    if( !*s )
-		return buf;
-	    t = buf; n = buflen; s = sub ;
+  for ( ; n ; t++, n-- )
+    {
+      if ( toupper (*t) == toupper (*s) )
+        {
+          for ( buf=t++, buflen = n--, s++;
+                n && toupper (*t) == toupper (*s); t++, s++, n-- )
+            ;
+          if (!*s)
+            return (const char*)buf;
+          t = buf;
+          s = (const unsigned char *)sub ;
+          n = buflen;
 	}
-
-    return NULL ;
+    }
+  return NULL;
 }

 const char *
-ascii_memistr( const char *buf, size_t buflen, const char *sub )
+ascii_memistr ( const void *buffer, size_t buflen, const char *sub )
 {
-    const byte *t, *s ;
-    size_t n;
+  const unsigned char *buf = buffer;
+  const unsigned char *t = (const unsigned char *)buf;
+  const unsigned char *s = (const unsigned char *)sub;
+  size_t n = buflen;

-    for( t=buf, n=buflen, s=sub ; n ; t++, n-- )
-	if( ascii_toupper(*t) == ascii_toupper(*s) ) {
-	    for( buf=t++, buflen = n--, s++;
-		 n && ascii_toupper(*t) == ascii_toupper(*s); t++, s++, n-- )
-		;
-	    if( !*s )
-		return buf;
-	    t = buf; n = buflen; s = sub ;
+  for ( ; n ; t++, n-- )
+    {
+      if (ascii_toupper (*t) == ascii_toupper (*s) )
+        {
+          for ( buf=t++, buflen = n--, s++;
+                n && ascii_toupper (*t) == ascii_toupper (*s); t++, s++, n-- )
+            ;
+          if (!*s)
+            return (const char*)buf;
+          t = (const unsigned char *)buf;
+          s = (const unsigned char *)sub ;
+          n = buflen;
 	}
-
-    return NULL ;
+    }
+  return NULL;
 }

 /* This function is similar to strncpy().  However it won't copy more
@ -402,13 +414,14 @@ print_sanitized_utf8_string (FILE *fp, const char *string, int delim)
                                              delim) : 0;
 }

-/* Create a string from the buffer P of length N which is suitable for
+/* Create a string from the buffer P_ARG of length N which is suitable for
   printing.  Caller must release the created string using xfree. */
 char *
-sanitize_buffer (const unsigned char *p, size_t n, int delim)
+sanitize_buffer (const void *p_arg, size_t n, int delim)
 {
+  const unsigned char *p = p_arg;
  size_t save_n, buflen;
-  const byte *save_p;
+  const unsigned char *save_p;
  char *buffer, *d;

  /* first count length */
@ -552,15 +565,19 @@ ascii_strncasecmp (const char *a, const char *b, size_t n)


 int
-ascii_memcasecmp( const char *a, const char *b, size_t n )
+ascii_memcasecmp (const void *a_arg, const void *b_arg, size_t n )
 {
-    if (a == b)
-        return 0;
-    for ( ; n; n--, a++, b++ ) {
-	if( *a != *b  && ascii_toupper (*a) != ascii_toupper (*b) )
-            return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
-    }
+  const char *a = a_arg;
+  const char *b = b_arg;
+
+  if (a == b)
    return 0;
+  for ( ; n; n--, a++, b++ )
+    {
+      if( *a != *b  && ascii_toupper (*a) != ascii_toupper (*b) )
+        return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
+    }
+  return 0;
 }

 int
@ -586,8 +603,8 @@ ascii_memcasemem (const void *haystack, size_t nhaystack,
    return (void*)haystack; /* finding an empty needle is really easy */
  if (nneedle <= nhaystack)
    {
-      const unsigned char *a = haystack;
-      const unsigned char *b = a + nhaystack - nneedle;
+      const char *a = haystack;
+      const char *b = a + nhaystack - nneedle;
      
      for (; a <= b; a++)
        {
--- a/jnlib/stringhelp.h
+++ b/jnlib/stringhelp.h
@ -23,7 +23,7 @@

 #include "types.h"

-const char *memistr( const char *buf, size_t buflen, const char *sub );
+const char *memistr (const void *buf, size_t buflen, const char *sub);
 char *mem2str( char *, const void *, size_t);
 char *trim_spaces( char *string );
 char *trim_trailing_spaces( char *string );
@ -46,7 +46,7 @@ size_t print_sanitized_utf8_buffer (FILE *fp, const void *buffer,
                                    size_t length, int delim);
 size_t print_sanitized_string (FILE *fp, const char *string, int delim);
 size_t print_sanitized_utf8_string (FILE *fp, const char *string, int delim);
-char *sanitize_buffer (const unsigned char *p, size_t n, int delim);
+char *sanitize_buffer (const void *p, size_t n, int delim);


 #ifdef HAVE_W32_SYSTEM
@ -54,15 +54,14 @@ const char *w32_strerror (int ec);
 #endif


-const char *ascii_memistr( const char *buf, size_t buflen, const char *sub );
 int ascii_isupper (int c);
 int ascii_islower (int c);
 int ascii_toupper (int c);
 int ascii_tolower (int c);
 int ascii_strcasecmp( const char *a, const char *b );
 int ascii_strncasecmp (const char *a, const char *b, size_t n);
-int ascii_memcasecmp( const char *a, const char *b, size_t n );
-const char *ascii_memistr ( const char *buf, size_t buflen, const char *sub);
+int ascii_memcasecmp( const void *a, const void *b, size_t n );
+const char *ascii_memistr ( const void *buf, size_t buflen, const char *sub);
 void *ascii_memcasemem (const void *haystack, size_t nhaystack,
                        const void *needle, size_t nneedle);

--- a/jnlib/utf8conv.c
+++ b/jnlib/utf8conv.c
@ -136,16 +136,17 @@ get_native_charset ()
 * new allocated UTF8 string.
 */
 char *
-native_to_utf8 (const char *string)
+native_to_utf8 (const char *orig_string)
 {
-  const byte *s;
+  const unsigned char *string = (const unsigned char *)orig_string;
+  const unsigned char *s;
  char *buffer;
-  byte *p;
+  unsigned char *p;
  size_t length = 0;

  if (no_translation)
    {
-      buffer = jnlib_xstrdup (string);
+      buffer = jnlib_xstrdup (orig_string);
    }
  else if (active_charset)
    {
@ -156,7 +157,7 @@ native_to_utf8 (const char *string)
 	    length += 2;	/* we may need 3 bytes */
 	}
      buffer = jnlib_xmalloc (length + 1);
-      for (p = buffer, s = string; *s; s++)
+      for (p = (unsigned char *)buffer, s = string; *s; s++)
 	{
 	  if ((*s & 0x80))
 	    {
@ -187,7 +188,7 @@ native_to_utf8 (const char *string)
 	    length++;
 	}
      buffer = jnlib_xmalloc (length + 1);
-      for (p = buffer, s = string; *s; s++)
+      for (p = (unsigned char *)buffer, s = string; *s; s++)
 	{
 	  if (*s & 0x80)
 	    {
@ -212,11 +213,12 @@ utf8_to_native (const char *string, size_t length, int delim)
 {
  int nleft;
  int i;
-  byte encbuf[8];
+  unsigned char encbuf[8];
  int encidx;
  const byte *s;
  size_t n;
-  byte *buffer = NULL, *p = NULL;
+  char *buffer = NULL;
+  char *p = NULL;
  unsigned long val = 0;
  size_t slen;
  int resync = 0;
@ -225,7 +227,8 @@ utf8_to_native (const char *string, size_t length, int delim)
  /* 2. pass (p!=NULL): create string */
  for (;;)
    {
-      for (slen = length, nleft = encidx = 0, n = 0, s = string; slen;
+      for (slen = length, nleft = encidx = 0, n = 0,
+             s = (const unsigned char *)string; slen;
 	   s++, slen--)
 	{
 	  if (resync)
--- a/kbx/ChangeLog
+++ b/kbx/ChangeLog
@ -1,3 +1,14 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned.
+	(_keybox_write_blob): 
+
+	* keybox-blob.c (create_blob_finish, _keybox_create_x509_blob):
+	Fixed warnings about signed/unsigned pointer mismatches.
+	(x509_email_kludge): Ditto.
+	(_keybox_new_blob): Changed arg IMAGE to unsigned char *.
+	(_keybox_get_blob_image): Changed return type to unsigned char*.
+
 2005-06-01  Werner Koch  <wk@g10code.com>

 	* keybox-file.c (ftello) [!HAVE_FSEEKO]: New replacement
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@ -386,7 +386,7 @@ import_openpgp (const char *filename)
  buffer = read_file (filename, &buflen);
  if (!buffer)
    return;
-  p = buffer;
+  p = (unsigned char *)buffer;
  for (;;)
    {
      err = _keybox_parse_openpgp (p, buflen, &nparsed, &info);
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@ -646,8 +646,8 @@ static int
 create_blob_finish (KEYBOXBLOB blob)
 {
  struct membuf *a = blob->buf;
-  byte *p;
-  char *pp;
+  unsigned char *p;
+  unsigned char *pp;
  int i;
  size_t n;

@ -656,6 +656,7 @@ create_blob_finish (KEYBOXBLOB blob)
    put32 (a, 0);  /* Hmmm: why put32() ?? */
  
  /* get the memory area */
+  n = 0; /* (Just to avoid compiler warning.) */
  p = get_membuf (a, &n);
  if (!p)
    return gpg_error (GPG_ERR_ENOMEM);
@ -783,7 +784,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
 static char *
 x509_email_kludge (const char *name)
 {
-  const unsigned char *p;
+  const char *p;
  unsigned char *buf;
  int n;

@ -805,7 +806,7 @@ x509_email_kludge (const char *name)
    buf[n] = xtoi_2 (p);
  buf[n++] = '>';
  buf[n] = 0;
-  return buf;
+  return (char *)buf;
 }


@ -818,8 +819,9 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
 {
  int i, rc = 0;
  KEYBOXBLOB blob;
-  unsigned char *p;
-  unsigned char **names = NULL;
+  unsigned char *sn;
+  char *p;
+  char **names = NULL;
  size_t max_names;

  *r_blob = NULL;
@ -827,28 +829,28 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
  if( !blob )
    return gpg_error (gpg_err_code_from_errno (errno));

-  p = ksba_cert_get_serial (cert);
-  if (p)
+  sn = ksba_cert_get_serial (cert);
+  if (sn)
    {
      size_t n, len;
-      n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+      n = gcry_sexp_canon_len (sn, 0, NULL, NULL);
      if (n < 2)
        {
-          xfree (p);
+          xfree (sn);
          return gpg_error (GPG_ERR_GENERAL);
        }
-      blob->serialbuf = p;
-      p++; n--; /* skip '(' */
-      for (len=0; n && *p && *p != ':' && digitp (p); n--, p++)
-        len = len*10 + atoi_1 (p);
-      if (*p != ':')
+      blob->serialbuf = sn;
+      sn++; n--; /* skip '(' */
+      for (len=0; n && *sn && *sn != ':' && digitp (sn); n--, sn++)
+        len = len*10 + atoi_1 (sn);
+      if (*sn != ':')
        {
          xfree (blob->serialbuf);
          blob->serialbuf = NULL;
          return gpg_error (GPG_ERR_GENERAL);
        }
-      p++;
-      blob->serial = p;
+      sn++;
+      blob->serial = sn;
      blob->seriallen = len;
    }

@ -863,6 +865,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
      rc = gpg_error (gpg_err_code_from_errno (errno));
      goto leave;
    }
+  
  p = ksba_cert_get_issuer (cert, 0);
  if (!p)
    {
@ -872,10 +875,9 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
  names[blob->nuids++] = p;
  for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
    {
-
      if (blob->nuids >= max_names)
        {
-          unsigned char **tmp;
+          char **tmp;
          
          max_names += 100;
          tmp = xtryrealloc (names, max_names * sizeof *names);
@ -964,7 +966,8 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,


 int
-_keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen, off_t off)
+_keybox_new_blob (KEYBOXBLOB *r_blob,
+                  unsigned char *image, size_t imagelen, off_t off)
 {
  KEYBOXBLOB blob;
  
@ -1000,7 +1003,7 @@ _keybox_release_blob (KEYBOXBLOB blob)



-const char *
+const unsigned char *
 _keybox_get_blob_image ( KEYBOXBLOB blob, size_t *n )
 {
  *n = blob->bloblen;
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@ -140,10 +140,11 @@ int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
                              unsigned char *sha1_digest, int as_ephemeral);
 #endif /*KEYBOX_WITH_X509*/

-int  _keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen,
+int  _keybox_new_blob (KEYBOXBLOB *r_blob,
+                       unsigned char *image, size_t imagelen,
                       off_t off);
 void _keybox_release_blob (KEYBOXBLOB blob);
-const char *_keybox_get_blob_image (KEYBOXBLOB blob, size_t *n);
+const unsigned char *_keybox_get_blob_image (KEYBOXBLOB blob, size_t *n);
 off_t _keybox_get_blob_fileoffset (KEYBOXBLOB blob);
 void _keybox_update_header_blob (KEYBOXBLOB blob);

--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@ -48,7 +48,7 @@ ftello (FILE *stream)
 int
 _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
 {
-  char *image;
+  unsigned char *image;
  size_t imagelen = 0;
  int c1, c2, c3, c4, type;
  int rc;
@ -118,7 +118,7 @@ _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
 int
 _keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
 {
-  const char *image;
+  const unsigned char *image;
  size_t length;

  image = _keybox_get_blob_image (blob, &length);
--- a/scd/apdu.c
+++ b/scd/apdu.c
@ -2393,7 +2393,7 @@ apdu_activate (int slot)
 unsigned char *
 apdu_get_atr (int slot, size_t *atrlen)
 {
-  char *buf;
+  unsigned char *buf;

  if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
    return NULL;
--- a/scd/app-help.c
+++ b/scd/app-help.c
@ -48,7 +48,7 @@ app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip)
  n = gcry_sexp_canon_len (p, 0, NULL, NULL);
  if (!n)
    return gpg_error (GPG_ERR_INV_SEXP);
-  err = gcry_sexp_sscan (&s_pkey, NULL, p, n);
+  err = gcry_sexp_sscan (&s_pkey, NULL, (char*)p, n);
  xfree (p);
  if (err)
    return err; /* Can't parse that S-expression. */
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -948,8 +948,8 @@ get_public_key (app_t app, int keyno)
  size_t buflen, keydatalen, mlen, elen;
  unsigned char *mbuf = NULL;
  unsigned char *ebuf = NULL;
-  unsigned char *keybuf = NULL;
-  unsigned char *keybuf_p;
+  char *keybuf = NULL;
+  char *keybuf_p;

  if (keyno < 1 || keyno > 3)
    return gpg_error (GPG_ERR_INV_ID);
@ -963,14 +963,16 @@ get_public_key (app_t app, int keyno)
  app->app_local->pk[keyno].key = NULL;
  app->app_local->pk[keyno].keylen = 0;

+  m = e = NULL; /* (avoid cc warning) */
+
  if (app->card_version > 0x0100)
    {
      /* We may simply read the public key out of these cards.  */
-      err = iso7816_read_public_key (app->slot, 
-                                    keyno == 0? "\xB6" :
-                                    keyno == 1? "\xB8" : "\xA4",
-                                    2,  
-                                    &buffer, &buflen);
+      err = iso7816_read_public_key 
+        (app->slot, (const unsigned char*)(keyno == 0? "\xB6" :
+                                           keyno == 1? "\xB8" : "\xA4"),
+         2,  
+         &buffer, &buflen);
      if (err)
        {
          log_error (_("reading public key failed: %s\n"), gpg_strerror (err));
@ -1107,7 +1109,7 @@ get_public_key (app_t app, int keyno)
  strcpy (keybuf_p, ")))");
  keybuf_p += strlen (keybuf_p);
  
-  app->app_local->pk[keyno].key = keybuf;
+  app->app_local->pk[keyno].key = (unsigned char*)keybuf;
  app->app_local->pk[keyno].keylen = (keybuf_p - keybuf);

 leave:
@ -1889,11 +1891,10 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
 #warning key generation temporary replaced by reading an existing key.
  rc = iso7816_read_public_key
 #endif
-                              (app->slot, 
-                                 keyno == 0? "\xB6" :
-                                 keyno == 1? "\xB8" : "\xA4",
-                                 2,
-                                 &buffer, &buflen);
+    (app->slot, (const unsigned char*)(keyno == 0? "\xB6" :
+                                       keyno == 1? "\xB8" : "\xA4"),
+     2,
+     &buffer, &buflen);
  if (rc)
    {
      rc = gpg_error (GPG_ERR_CARD);
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@ -43,33 +43,35 @@ typedef enum
  } card_type_t;

 /* A list card types with ATRs noticed with these cards. */
+#define X(a) ((unsigned char const *)(a))
 static struct 
 {
  size_t atrlen;
-  unsigned char *atr;
+  unsigned char const *atr;
  card_type_t type;
 } card_atr_list[] = {
-  { 19, "\x3B\xBA\x13\x00\x81\x31\x86\x5D\x00\x64\x05\x0A\x02\x01\x31\x80"
-        "\x90\x00\x8B", 
+  { 19, X("\x3B\xBA\x13\x00\x81\x31\x86\x5D\x00\x64\x05\x0A\x02\x01\x31\x80"
+          "\x90\x00\x8B"), 
    CARD_TYPE_TCOS },  /* SLE44 */
-  { 19, "\x3B\xBA\x14\x00\x81\x31\x86\x5D\x00\x64\x05\x14\x02\x02\x31\x80"
-        "\x90\x00\x91", 
+  { 19, X("\x3B\xBA\x14\x00\x81\x31\x86\x5D\x00\x64\x05\x14\x02\x02\x31\x80"
+          "\x90\x00\x91"), 
    CARD_TYPE_TCOS }, /* SLE66S */
-  { 19, "\x3B\xBA\x96\x00\x81\x31\x86\x5D\x00\x64\x05\x60\x02\x03\x31\x80"
-        "\x90\x00\x66",
+  { 19, X("\x3B\xBA\x96\x00\x81\x31\x86\x5D\x00\x64\x05\x60\x02\x03\x31\x80"
+          "\x90\x00\x66"),
    CARD_TYPE_TCOS }, /* SLE66P */
-  { 27, "\x3B\xFF\x94\x00\xFF\x80\xB1\xFE\x45\x1F\x03\x00\x68\xD2\x76\x00"
-        "\x00\x28\xFF\x05\x1E\x31\x80\x00\x90\x00\x23",
+  { 27, X("\x3B\xFF\x94\x00\xFF\x80\xB1\xFE\x45\x1F\x03\x00\x68\xD2\x76\x00"
+          "\x00\x28\xFF\x05\x1E\x31\x80\x00\x90\x00\x23"),
    CARD_TYPE_MICARDO }, /* German BMI card */
-  { 19, "\x3B\x6F\x00\xFF\x00\x68\xD2\x76\x00\x00\x28\xFF\x05\x1E\x31\x80"
-        "\x00\x90\x00",
+  { 19, X("\x3B\x6F\x00\xFF\x00\x68\xD2\x76\x00\x00\x28\xFF\x05\x1E\x31\x80"
+          "\x00\x90\x00"),
    CARD_TYPE_MICARDO }, /* German BMI card (ATR due to reader problem) */
-  { 26, "\x3B\xFE\x94\x00\xFF\x80\xB1\xFA\x45\x1F\x03\x45\x73\x74\x45\x49"
-        "\x44\x20\x76\x65\x72\x20\x31\x2E\x30\x43",
+  { 26, X("\x3B\xFE\x94\x00\xFF\x80\xB1\xFA\x45\x1F\x03\x45\x73\x74\x45\x49"
+          "\x44\x20\x76\x65\x72\x20\x31\x2E\x30\x43"),
    CARD_TYPE_MICARDO }, /* EstEID (Estonian Big Brother card) */

  { 0 }
 };
+#undef X


 /* The Pin Types as defined in pkcs#15 v1.1 */
--- a/scd/app.c
+++ b/scd/app.c
@ -357,7 +357,7 @@ app_munge_serialno (app_t app)
 gpg_error_t 
 app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
 {
-  unsigned char *buf, *p;
+  char *buf, *p;
  int i;

  if (!app || !serial)
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@ -555,7 +555,7 @@ get_escaped_usb_string (usb_dev_handle *idev, int idx,
     all in a 2 bute Unicode encoding using little endian. */
  rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
                        (USB_DT_STRING << 8), 0, 
-                        buf, sizeof buf, 1000 /* ms timeout */);
+                        (char*)buf, sizeof buf, 1000 /* ms timeout */);
  if (rc < 4)
    langid = 0x0409; /* English.  */
  else
@ -563,7 +563,7 @@ get_escaped_usb_string (usb_dev_handle *idev, int idx,

  rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
                        (USB_DT_STRING << 8) + idx, langid,
-                        buf, sizeof buf, 1000 /* ms timeout */);
+                        (char*)buf, sizeof buf, 1000 /* ms timeout */);
  if (rc < 2 || buf[1] != USB_DT_STRING)
    return NULL; /* Error or not a string. */
  len = buf[0];
@ -1155,7 +1155,7 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen)

  rc = usb_bulk_write (handle->idev, 
                       handle->ep_bulk_out,
-                       msg, msglen,
+                       (char*)msg, msglen,
                       1000 /* ms timeout */);
  if (rc == msglen)
    return 0;
@ -1188,7 +1188,7 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
 retry:
  rc = usb_bulk_read (handle->idev, 
                      handle->ep_bulk_in,
-                      buffer, length,
+                      (char*)buffer, length,
                      timeout);
  if (rc < 0)
    {
@ -1300,7 +1300,7 @@ ccid_poll (ccid_driver_t handle)

  rc = usb_bulk_read (handle->idev, 
                      handle->ep_intr,
-                      msg, sizeof msg,
+                      (char*)msg, sizeof msg,
                      0 /* ms timeout */ );
  if (rc < 0 && errno == ETIMEDOUT)
    return 0;
@ -1444,7 +1444,7 @@ ccid_get_atr (ccid_driver_t handle,
    {
      tried_iso = 1;
      /* Try switching to ISO mode. */
-      if (!send_escape_cmd (handle, "\xF1\x01", 2))
+      if (!send_escape_cmd (handle, (const unsigned char*)"\xF1\x01", 2))
        goto again;
    }
  else if (CCID_COMMAND_FAILED (msg))
@ -2026,7 +2026,7 @@ ccid_transceive_secure (ccid_driver_t handle,
  if (handle->id_vendor == VENDOR_SCM)
    {
      DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n");
-      rc = send_escape_cmd (handle, "\x80\x02\x00", 3);
+      rc = send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3);
      if (rc)
        return rc;
    }
--- a/scd/command.c
+++ b/scd/command.c
@ -679,7 +679,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
      xfree (value);
      return gpg_error (GPG_ERR_INV_RESPONSE);
    }
-  *retstr = value;
+  *retstr = (char*)value;
  return 0;
 }

@ -844,7 +844,7 @@ cmd_getattr (assuan_context_t ctx, char *line)
 {
  ctrl_t ctrl = assuan_get_pointer (ctx);
  int rc;
-  char *keyword;
+  const char *keyword;

  if ((rc = open_card (ctrl, NULL)))
    return rc;
@ -860,7 +860,6 @@ cmd_getattr (assuan_context_t ctx, char *line)
  /* FIXME: Applications should not return sensistive data if the card
     is locked.  */
  rc = app_getattr (ctrl->app_ctx, ctrl, keyword);
-  xfree (keyword);

  TEST_CARD_REMOVAL (ctrl, rc);
  return map_to_assuan_status (rc);
@ -908,9 +907,10 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
      *line++ = 0;
  while (spacep (line))
    line++;
-  nbytes = percent_plus_unescape (line);
+  nbytes = percent_plus_unescape ((unsigned char*)line);

-  rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx, line, nbytes);
+  rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx,
+                    (const unsigned char*)line, nbytes);
  xfree (linebuf);

  TEST_CARD_REMOVAL (ctrl, rc);
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@ -153,7 +153,7 @@ iso7816_select_file (int slot, int tag, int is_dir,
      p0 = (tag == 0x3F00)? 0: is_dir? 1:2;
      p1 = 0x0c; /* No FC return. */
      sw = apdu_send_simple (slot, 0x00, CMD_SELECT_FILE,
-                             p0, p1, 2, tagbuf );
+                             p0, p1, 2, (char*)tagbuf );
      return map_sw (sw);
    }

@ -285,7 +285,7 @@ iso7816_put_data (int slot, int tag,

  sw = apdu_send_simple (slot, 0x00, CMD_PUT_DATA,
                         ((tag >> 8) & 0xff), (tag & 0xff),
-                         datalen, data);
+                         datalen, (const char*)data);
  return map_sw (sw);
 }

@ -303,7 +303,7 @@ iso7816_manage_security_env (int slot, int p1, int p2,
    return gpg_error (GPG_ERR_INV_VALUE);

  sw = apdu_send_simple (slot, 0x00, CMD_MSE, p1, p2, 
-                         data? datalen : -1, data);
+                         data? datalen : -1, (const char*)data);
  return map_sw (sw);
 }

@ -323,7 +323,7 @@ iso7816_compute_ds (int slot, const unsigned char *data, size_t datalen,
  *result = NULL;
  *resultlen = 0;

-  sw = apdu_send (slot, 0x00, CMD_PSO, 0x9E, 0x9A, datalen, data,
+  sw = apdu_send (slot, 0x00, CMD_PSO, 0x9E, 0x9A, datalen, (const char*)data,
                  result, resultlen);
  if (sw != SW_SUCCESS)
    {
@ -364,13 +364,15 @@ iso7816_decipher (int slot, const unsigned char *data, size_t datalen,

      *buf = padind; /* Padding indicator. */
      memcpy (buf+1, data, datalen);
-      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86, datalen+1, buf,
+      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86,
+                      datalen+1, (char*)buf,
                      result, resultlen);
      xfree (buf);
    }
  else
    {
-      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86, datalen, data,
+      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86,
+                      datalen, (const char *)data,
                      result, resultlen);
    }
  if (sw != SW_SUCCESS)
@ -399,7 +401,7 @@ iso7816_internal_authenticate (int slot,
  *resultlen = 0;

  sw = apdu_send (slot, 0x00, CMD_INTERNAL_AUTHENTICATE, 0, 0,
-                  datalen, data,  result, resultlen);
+                  datalen, (const char*)data,  result, resultlen);
  if (sw != SW_SUCCESS)
    {
      /* Make sure that pending buffers are released. */
@ -426,7 +428,7 @@ do_generate_keypair (int slot, int readonly,
  *resultlen = 0;

  sw = apdu_send (slot, 0x00, CMD_GENERATE_KEYPAIR, readonly? 0x81:0x80, 0,
-                  datalen, data,  result, resultlen);
+                  datalen, (const char*)data,  result, resultlen);
  if (sw != SW_SUCCESS)
    {
      /* Make sure that pending buffers are released. */
--- a/scd/pcsc-wrapper.c
+++ b/scd/pcsc-wrapper.c
@ -390,9 +390,9 @@ handle_open (unsigned char *argbuf, size_t arglen)
  unsigned char atr[33];

  /* Make sure there is only the port string */
-  if (arglen != strlen (argbuf))
+  if (arglen != strlen ((char*)argbuf))
    bad_request ("OPEN");
-  portstr = argbuf;
+  portstr = (char*)argbuf;

  if (driver_is_open)
    {
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,35 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* delete.c (delete_one): Changed FPR to unsigned.
+	* encrypt.c (encrypt_dek): Made ENCVAL unsigned.
+	(gpgsm_encrypt): Ditto.
+	* sign.c (gpgsm_sign): Made SIGVAL unsigned.
+	* base64.c (base64_reader_cb): Need to use some casting to get
+	around signed/unsigned char* warnings.
+	* certcheck.c (gpgsm_check_cms_signature): Ditto.
+	(gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*.
+	(do_encode_md): Made NFRAME a size_t.
+	* certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning.
+	(gpgsm_dump_serial): Ditto.
+	(gpgsm_format_serial): Ditto.
+	(gpgsm_dump_string): Ditto.
+	(gpgsm_dump_cert): Ditto.
+	(parse_dn_part): Ditto.
+	(gpgsm_print_name2): Ditto.
+	* keylist.c (email_kludge): Ditto.
+	* certreqgen.c (proc_parameters, create_request): Ditto.
+	(create_request): Ditto.
+	* call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned.
+	(struct cipher_parm_s): Made CIPHERTEXT unsigned.
+	(struct genkey_parm_s): Ditto.
+	* server.c (strcpy_escaped_plus): Made arg S signed char*.
+	* fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned.
+	(gpgsm_get_keygrip): Ditto.
+	* keydb.c (keydb_insert_cert): Made DIGEST unsigned.
+	(keydb_update_cert): Ditto.
+	(classify_user_id): Apply cast to signed/unsigned assignment.
+	(hextobyte): Ditto.
+
 2005-06-01  Werner Koch  <wk@g10code.com>

 	* misc.c: Include setenv.h.
--- a/sm/base64.c
+++ b/sm/base64.c
@ -95,7 +95,7 @@ struct base64_context_s {


 /* The base-64 character list */
-static unsigned char bintoasc[64] = 
+static char bintoasc[64] = 
       "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 
       "abcdefghijklmnopqrstuvwxyz" 
       "0123456789+/"; 
@ -202,8 +202,9 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
            {
              /* wait for the header line */
              parm->linelen = parm->readpos = 0;
-              if (!parm->have_lf || strncmp (parm->line, "-----BEGIN ", 11)
-                  || !strncmp (parm->line+11, "PGP ", 4))
+              if (!parm->have_lf 
+                  || strncmp ((char*)parm->line, "-----BEGIN ", 11)
+                  || !strncmp ((char*)parm->line+11, "PGP ", 4))
                goto next;
              parm->is_pem = 1;
            }
@ -220,8 +221,9 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
          /* the very first byte does pretty much look like a SEQUENCE tag*/
          parm->is_pem = 0;
        }
-      else if ( parm->have_lf && !strncmp (parm->line, "-----BEGIN ", 11)
-                && strncmp (parm->line+11, "PGP ", 4) )
+      else if ( parm->have_lf
+                && !strncmp ((char*)parm->line, "-----BEGIN ", 11)
+                && strncmp ((char *)parm->line+11, "PGP ", 4) )
        {
          /* Fixme: we must only compare if the line really starts at
             the beginning */
@ -268,7 +270,7 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
  if (parm->is_pem || parm->is_base64)
    {  
      if (parm->is_pem && parm->have_lf
-          && !strncmp (parm->line, "-----END ", 9))
+          && !strncmp ((char*)parm->line, "-----END ", 9))
        { 
          parm->identified = 0;
          parm->linelen = parm->readpos = 0;
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -39,24 +39,27 @@
 #include "../common/membuf.h"


-static ASSUAN_CONTEXT agent_ctx = NULL;
+static assuan_context_t agent_ctx = NULL;
 static int force_pipe_server = 0;

-struct cipher_parm_s {
-  ASSUAN_CONTEXT ctx;
-  const char *ciphertext;
+struct cipher_parm_s
+{
+  assuan_context_t ctx;
+  const unsigned char *ciphertext;
  size_t ciphertextlen;
 };

-struct genkey_parm_s {
-  ASSUAN_CONTEXT ctx;
-  const char *sexp;
+struct genkey_parm_s
+{
+  assuan_context_t ctx;
+  const unsigned char *sexp;
  size_t sexplen;
 };

-struct learn_parm_s {
+struct learn_parm_s
+{
  int error;
-  ASSUAN_CONTEXT ctx;
+  assuan_context_t ctx;
  membuf_t *data;
 };

@ -204,7 +207,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
 int
 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
                    unsigned char *digest, size_t digestlen, int digestalgo,
-                    char **r_buf, size_t *r_buflen )
+                    unsigned char **r_buf, size_t *r_buflen )
 {
  int rc, i;
  char *p, line[ASSUAN_LINELENGTH];
@ -392,7 +395,7 @@ gpgsm_agent_genkey (ctrl_t ctrl,
  struct genkey_parm_s gk_parm;
  membuf_t data;
  size_t len;
-  char *buf;
+  unsigned char *buf;

  *r_pubkey = NULL;
  rc = start_agent (ctrl);
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -39,7 +39,8 @@ static int
 do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
              gcry_mpi_t *r_val)
 {
-  int n, nframe;
+  int n;
+  size_t nframe;
  unsigned char *frame;

  if (pkalgo == GCRY_PK_DSA)
@ -205,7 +206,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
      log_printf ("\n");
    }

-  rc = gcry_sexp_sscan ( &s_sig, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_sig, NULL, (char*)p, n);
  ksba_free (p);
  if (rc)
    {
@ -224,7 +225,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
      gcry_sexp_release (s_sig);
      return gpg_error (GPG_ERR_BUG);
    }
-  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
  ksba_free (p);
  if (rc)
    {
@ -278,7 +279,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
      log_error ("libksba did not return a proper S-Exp\n");
      return gpg_error (GPG_ERR_BUG);
    }
-  rc = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
+  rc = gcry_sexp_sscan (&s_sig, NULL, (char*)sigval, n);
  if (rc)
    {
      log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
@ -297,7 +298,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
  if (DBG_CRYPTO)
    log_printhex ("public key: ", p, n);

-  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
  ksba_free (p);
  if (rc)
    {
@ -333,7 +334,8 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,

 int
 gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
-                            gcry_md_hd_t md, int mdalgo, char **r_sigval)
+                            gcry_md_hd_t md, int mdalgo,
+                            unsigned char **r_sigval)
 {
  int rc;
  char *grip, *desc;
--- a/sm/certdump.c
+++ b/sm/certdump.c
@ -50,8 +50,9 @@ struct dn_array_s {

 /* print the first element of an S-Expression */
 void
-gpgsm_print_serial (FILE *fp, ksba_const_sexp_t p)
+gpgsm_print_serial (FILE *fp, ksba_const_sexp_t sn)
 {
+  const char *p = (const char *)sn;
  unsigned long n;
  char *endp;

@ -77,8 +78,9 @@ gpgsm_print_serial (FILE *fp, ksba_const_sexp_t p)

 /* Dump the serial number or any other simple S-expression. */
 void
-gpgsm_dump_serial (ksba_const_sexp_t p)
+gpgsm_dump_serial (ksba_const_sexp_t sn)
 {
+  const char *p = (const char *)sn;
  unsigned long n;
  char *endp;

@ -103,8 +105,9 @@ gpgsm_dump_serial (ksba_const_sexp_t p)


 char *
-gpgsm_format_serial (ksba_const_sexp_t p)
+gpgsm_format_serial (ksba_const_sexp_t sn)
 {
+  const char *p = (const char *)sn;
  unsigned long n;
  char *endp;
  char *buffer;
@ -168,7 +171,7 @@ gpgsm_dump_string (const char *string)
    {
      const unsigned char *s;

-      for (s=string; *s; s++)
+      for (s=(const unsigned char*)string; *s; s++)
        {
          if (*s < ' ' || (*s >= 0x7f && *s <= 0xa0))
            break;
@ -190,7 +193,7 @@ void
 gpgsm_dump_cert (const char *text, ksba_cert_t cert)
 {
  ksba_sexp_t sexp;
-  unsigned char *p;
+  char *p;
  char *dn;
  ksba_isotime_t t;

@ -260,7 +263,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
  };
  const unsigned char *s, *s1;
  size_t n;
-  unsigned char *p;
+  char *p;
  int i;

  /* Parse attributeType */
@ -306,7 +309,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
        return NULL;
      for (s1=string; n; s1 += 2, n--, p++)
        {
-          *p = xtoi_2 (s1);
+          *(unsigned char *)p = xtoi_2 (s1);
          if (!*p)
            *p = 0x01; /* Better print a wrong value than truncating
                          the string. */
@ -351,7 +354,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
              s++;
              if (hexdigitp (s))
                {
-                  *p++ = xtoi_2 (s);
+                  *(unsigned char *)p++ = xtoi_2 (s);
                  s++;
                }
              else
@ -485,23 +488,22 @@ print_dn_parts (FILE *fp, struct dn_array_s *dn, int translate)
 void
 gpgsm_print_name2 (FILE *fp, const char *name, int translate)
 {
-  const unsigned char *s;
+  const unsigned char *s = (const unsigned char *)name;
  int i;

-  s = name;
  if (!s)
    {
      fputs (_("[Error - No name]"), fp);
    }
  else if (*s == '<')
    {
-      const unsigned char *s2 = strchr (s+1, '>');
+      const char *s2 = strchr ( (char*)s+1, '>');
      if (s2)
        {
          if (translate)
-            print_sanitized_utf8_buffer (fp, s + 1, s2 - s - 1, 0);
+            print_sanitized_utf8_buffer (fp, s + 1, s2 - (char*)s - 1, 0);
          else
-            print_sanitized_buffer (fp, s + 1, s2 - s - 1, 0);
+            print_sanitized_buffer (fp, s + 1, s2 - (char*)s - 1, 0);
        }
    }
  else if (*s == '(')
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@ -492,7 +492,7 @@ proc_parameters (ctrl_t ctrl,
    }

  sprintf (numbuf, "%u", nbits);
-  snprintf (keyparms, DIM (keyparms)-1, 
+  snprintf ((char*)keyparms, DIM (keyparms)-1, 
            "(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf);
  rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
  if (rc)
@ -627,8 +627,9 @@ create_request (ctrl_t ctrl,
        {
          gcry_sexp_t s_pkey;
          size_t n;
-          unsigned char grip[20], hexgrip[41];
-          char *sigval;
+          unsigned char grip[20];
+          char hexgrip[41];
+          unsigned char *sigval;
          size_t siglen;

          n = gcry_sexp_canon_len (public, 0, NULL, NULL);
@ -638,7 +639,7 @@ create_request (ctrl_t ctrl,
              err = gpg_error (GPG_ERR_BUG);
              goto leave;
            }
-          rc = gcry_sexp_sscan (&s_pkey, NULL, public, n);
+          rc = gcry_sexp_sscan (&s_pkey, NULL, (const char*)public, n);
          if (rc)
            {
              log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
--- a/sm/delete.c
+++ b/sm/delete.c
@ -67,7 +67,7 @@ delete_one (CTRL ctrl, const char *username)
    rc = keydb_get_cert (kh, &cert);
  if (!rc)
    {
-      char fpr[20];
+      unsigned char fpr[20];

      gpgsm_get_fingerprint (cert, 0, fpr, NULL);

@ -78,7 +78,7 @@ delete_one (CTRL ctrl, const char *username)
      else if (!rc)
        {
          ksba_cert_t cert2 = NULL;
-          char fpr2[20];
+          unsigned char fpr2[20];

          /* We ignore all duplicated certificates which might have
             been inserted due to program bugs. */
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@ -164,10 +164,10 @@ encode_session_key (DEK dek, gcry_sexp_t * r_data)
 }


-/* encrypt the DEK under the key contained in CERT and return it as a
-   canonical S-Exp in encval */
+/* Encrypt the DEK under the key contained in CERT and return it as a
+   canonical S-Exp in encval. */
 static int
-encrypt_dek (const DEK dek, ksba_cert_t cert, char **encval)
+encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
 {
  gcry_sexp_t s_ciph, s_data, s_pkey;
  int rc;
@ -189,7 +189,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, char **encval)
      log_error ("libksba did not return a proper S-Exp\n");
      return gpg_error (GPG_ERR_BUG);
    }
-  rc = gcry_sexp_sscan (&s_pkey, NULL, buf, len);
+  rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)buf, len);
  xfree (buf); buf = NULL;
  if (rc)
    {
@ -220,7 +220,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, char **encval)
      gcry_sexp_release (s_ciph);
      return tmperr;
    }
-  len = gcry_sexp_sprint (s_ciph, GCRYSEXP_FMT_CANON, buf, len);
+  len = gcry_sexp_sprint (s_ciph, GCRYSEXP_FMT_CANON, (char*)buf, len);
  assert (len);

  *encval = buf;
@ -437,7 +437,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
     each and store them in the CMS object */
  for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
    {
-      char *encval;
+      unsigned char *encval;
      
      rc = encrypt_dek (dek, cl->cert, &encval);
      if (rc)
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@ -42,8 +42,9 @@
   If there is a problem , the function does never return NULL but a
   digest of all 0xff.
 */
-char *
-gpgsm_get_fingerprint (ksba_cert_t cert, int algo, char *array, int *r_len)
+unsigned char *
+gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
+                       unsigned char *array, int *r_len)
 {
  gcry_md_hd_t md;
  int rc, len;
@ -140,8 +141,8 @@ gpgsm_get_short_fingerprint (ksba_cert_t cert)
   key parameters expressed as an canoncial encoded S-Exp.  array must
   be 20 bytes long. returns the array or a newly allocated one if the
   passed one was NULL */
-char *
-gpgsm_get_keygrip (ksba_cert_t cert, char *array)
+unsigned char *
+gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array)
 {
  gcry_sexp_t s_pkey;
  int rc;
@ -160,7 +161,7 @@ gpgsm_get_keygrip (ksba_cert_t cert, char *array)
      log_error ("libksba did not return a proper S-Exp\n");
      return NULL;
    }
-  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
  xfree (p);
  if (rc)
    {
@ -223,7 +224,7 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
      xfree (p);
      return 0;
    }
-  rc = gcry_sexp_sscan (&s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan (&s_pkey, NULL, (char *)p, n);
  xfree (p);
  if (rc)
    return 0;
@ -272,7 +273,7 @@ char *
 gpgsm_get_certid (ksba_cert_t cert)
 {
  ksba_sexp_t serial;
-  unsigned char *p;
+  char *p;
  char *endp;
  unsigned char hash[20];
  unsigned long n;
@ -288,7 +289,7 @@ gpgsm_get_certid (ksba_cert_t cert)
  serial = ksba_cert_get_serial (cert);
  if (!serial)
    return NULL; /* oops: no serial number */
-  p = serial;
+  p = (char *)serial;
  if (*p != '(')
    {
      log_error ("Ooops: invalid serial number\n");
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -181,12 +181,12 @@ gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
                                        gpg_err_code_t ec);

 /*-- fingerprint --*/
-char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
-                             char *array, int *r_len);
+unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
+                                      unsigned char *array, int *r_len);
 char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
 char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
 unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
-char *gpgsm_get_keygrip (ksba_cert_t cert, char *array);
+unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
 char *gpgsm_get_certid (ksba_cert_t cert);
@ -229,7 +229,7 @@ int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
 /* fixme: move create functions to another file */
 int gpgsm_create_cms_signature (ctrl_t ctrl,
                                ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
-                                char **r_sigval);
+                                unsigned char **r_sigval);


 /*-- certchain.c --*/
@ -293,7 +293,7 @@ int gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
                        unsigned char *digest,
                        size_t digestlen,
                        int digestalgo,
-                        char **r_buf, size_t *r_buflen);
+                        unsigned char **r_buf, size_t *r_buflen);
 int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
                           ksba_const_sexp_t ciphertext, 
                           char **r_buf, size_t *r_buflen);
--- a/sm/keydb.c
+++ b/sm/keydb.c
@ -681,7 +681,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 {
  int rc = -1;
  int idx;
-  char digest[20];
+  unsigned char digest[20];
  
  if (!hd) 
    return gpg_error (GPG_ERR_INV_VALUE);
@ -723,7 +723,7 @@ int
 keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 {
  int rc = 0;
-  char digest[20];
+  unsigned char digest[20];
  
  if (!hd)
    return gpg_error (GPG_ERR_INV_VALUE);
@ -1010,8 +1010,9 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)


 static int
-hextobyte (const unsigned char *s)
+hextobyte (const char *string)
 {
+  const unsigned char *s = (const unsigned char *)string;
  int c;

  if( *s >= '0' && *s <= '9' )
@ -1122,7 +1123,7 @@ classify_user_id (const char *name,
                if (!strchr("01234567890abcdefABCDEF", *si))
                  return 0; /* invalid digit in serial number*/
              }
-            desc->sn = s;
+            desc->sn = (const unsigned char*)s;
            desc->snlen = -1;
            if (!*si)
              mode = KEYDB_SEARCH_MODE_SN;
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -256,7 +256,7 @@ print_time (gnupg_isotime_t t, FILE *fp)
 static char *
 email_kludge (const char *name)
 {
-  const unsigned char *p;
+  const char *p;
  unsigned char *buf;
  int n;

@ -278,7 +278,7 @@ email_kludge (const char *name)
    buf[n] = xtoi_2 (p);
  buf[n++] = '>';
  buf[n] = 0;
-  return buf;
+  return (char*)buf;
 }


--- a/sm/server.c
+++ b/sm/server.c
@ -53,14 +53,14 @@ struct server_local_s {
 /* Note that it is sufficient to allocate the target string D as
   long as the source string S, i.e.: strlen(s)+1; */
 static void
-strcpy_escaped_plus (char *d, const unsigned char *s)
+strcpy_escaped_plus (char *d, const char *s)
 {
  while (*s)
    {
      if (*s == '%' && s[1] && s[2])
        { 
          s++;
-          *d++ = xtoi_2 ( s);
+          *d++ = xtoi_2 (s);
          s += 2;
        }
      else if (*s == '+')
--- a/sm/sign.c
+++ b/sm/sign.c
@ -575,7 +575,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
          ksba_cms_set_hash_function (cms, HASH_FNC, md);
          for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
            {
-              char *sigval = NULL;
+              unsigned char *sigval = NULL;
              char *buf, *fpr;

              if (signer)
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@ -1,3 +1,8 @@
+2005-06-16  Werner Koch  <wk@g10code.com>
+
+	* gpg-connect-agent.c (read_and_print_response): Made LINELEN a
+	size_t.
+
 2005-06-04  Marcus Brinkmann  <marcus@g10code.de>

 	* symcryptrun.c (main): Allow any number of arguments, don't use
--- a/tools/gpg-connect-agent.c
+++ b/tools/gpg-connect-agent.c
@ -458,7 +458,7 @@ static int
 read_and_print_response (assuan_context_t ctx)
 {
  char *line;
-  int linelen;
+  size_t linelen;
  assuan_error_t rc;
  int i, j;

--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@ -2316,7 +2316,7 @@ gc_component_change_options (int component, FILE *in)
      char *linep;
      unsigned long flags = 0;
      char *new_value = "";
-      unsigned long new_value_nr;
+      unsigned long new_value_nr = 0;

      /* Strip newline and carriage return, if present.  */
      while (length > 0
--- a/tools/gpgkey2ssh.c
+++ b/tools/gpgkey2ssh.c
@ -249,6 +249,9 @@ main (int argc, char **argv)
  pkdbuf = NULL;
  pkdbuf_n = 0;

+  algorithm_id = 0;  /* (avoid cc warning) */
+  identifier = NULL; /* (avoid cc warning) */
+
  assert (argc == 2);

  keyid = argv[1];
--- a/tools/watchgnupg.c
+++ b/tools/watchgnupg.c
@ -223,7 +223,7 @@ main (int argc, char **argv)
  int force = 0;

  struct sockaddr_un srvr_addr;
-  int addrlen;
+  socklen_t addrlen;
  int server;
  int flags;
  client_t client_list = NULL;