diff --git a/agent/ChangeLog b/agent/ChangeLog
index 1a157fa52..055dbe53e 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,49 @@
+2005-06-16  Werner Koch  <wk@g10code.com>
+
+	* protect-tool.c (make_advanced): Makde RESULT a plain char.
+	* call-scd.c (unescape_status_string): Need to cast unsigned char*
+	for strcpy.
+	(agent_card_pksign): Made arg R_BUF an unsigned char**.
+	* divert-scd.c (divert_pksign): Made SIGVAL unsigned char*.
+	(encode_md_for_card): Initialize R_VAL and R_LEN.
+	* genkey.c (store_key): Made BUF unsigned.
+	* protect.c (do_encryption): Ditto.
+	(do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT
+	and RESULTLEN even on error.
+	(merge_lists): Need to cast unsigned char * for strcpy. Initialize 
+	RESULTand RESULTLEN even on error.
+	(agent_unprotect): Likewise for strtoul.
+	(make_shadow_info): Made P and INFO plain char.
+	(agent_shadow_key): Made P plain char.
+
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* query.c (agent_get_passphrase): Made HEXSTRING a char*.
+	* command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned.
+	(ssh_key_grip): Simplified.
+	(data_sign): Initialize variables with the definition.
+	(ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE
+	are set to NULL on error.  Cool, gcc-4 detects uninitialized stuff
+	beyond function boundaries; well it can't know that we do error
+	proper error handling so that this was not a real error.
+	(file_to_buffer): Likewise for BUFFER and BUFFER_N.
+	(data_sign): Likewise for SIG and SIG_N.
+	(stream_read_byte): Set B to a value even on error.
+	* command.c (cmd_genkey): Changed VALUE to char.
+	(cmd_readkey): Cast arg for gcry_sexp_sprint.
+	* agent.h (struct server_control_s): Made KEYGRIP unsigned.
+
+2005-06-13  Werner Koch  <wk@g10code.com>
+
+	* command-ssh.c (start_command_handler_ssh): Reset the SCD.
+
+2005-06-09  Werner Koch  <wk@g10code.com>
+
+	* gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh.
+	* cache.c (housekeeping): Use it.
+	(agent_put_cache): Use a switch to get the default ttl so that it
+	is easier to add more cases.
+
 2005-06-06  Werner Koch  <wk@g10code.com>
 
 	* gpg-agent.c: New option --default-cache-ttl-ssh.
diff --git a/agent/agent.h b/agent/agent.h
index 350e5c0d2..7a646a85f 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -71,9 +71,10 @@ struct {
   int no_grab;         /* Don't let the pinentry grab the keyboard */
 
   /* The default and maximum TTL of cache entries. */
-  unsigned long def_cache_ttl;     /* Normal. */
-  unsigned long def_cache_ttl_ssh; /* SSH. */
-  unsigned long max_cache_ttl;
+  unsigned long def_cache_ttl;     /* Default. */
+  unsigned long def_cache_ttl_ssh; /* for SSH. */
+  unsigned long max_cache_ttl;     /* Default. */
+  unsigned long max_cache_ttl_ssh; /* for SSH. */
 
 
   int running_detached; /* We are running detached from the tty. */
@@ -107,8 +108,8 @@ struct server_local_s;
 struct scd_local_s;
 
 /* Collection of data per session (aka connection). */
-struct server_control_s {
-
+struct server_control_s 
+{
   /* Private data of the server (command.c). */
   struct server_local_s *server_local;
 
@@ -128,7 +129,7 @@ struct server_control_s {
     int valuelen;
     int raw_value: 1;
   } digest;
-  char keygrip[20];
+  unsigned char keygrip[20];
   int have_keygrip;
 
   int use_auth_call; /* Hack to send the PKAUTH command instead of the
@@ -289,7 +290,7 @@ int agent_card_pksign (ctrl_t ctrl,
                        int (*getpin_cb)(void *, const char *, char*, size_t),
                        void *getpin_cb_arg,
                        const unsigned char *indata, size_t indatalen,
-                       char **r_buf, size_t *r_buflen);
+                       unsigned char **r_buf, size_t *r_buflen);
 int agent_card_pkdecrypt (ctrl_t ctrl,
                           const char *keyid,
                           int (*getpin_cb)(void *, const char *, char*,size_t),
diff --git a/agent/cache.c b/agent/cache.c
index a032b4fa7..32b6ac0c7 100644
--- a/agent/cache.c
+++ b/agent/cache.c
@@ -103,10 +103,17 @@ housekeeping (void)
     }
 
   /* Second, make sure that we also remove them based on the created stamp so
-     that the user has to enter it from time to time.  We do this every hour */
+     that the user has to enter it from time to time. */
   for (r=thecache; r; r = r->next)
     {
-      if (!r->lockcount && r->pw && r->created + opt.max_cache_ttl < current)
+      unsigned long maxttl;
+      
+      switch (r->cache_mode)
+        {
+        case CACHE_MODE_SSH: maxttl = opt.max_cache_ttl_ssh; break;
+        default: maxttl = opt.max_cache_ttl; break;
+        }
+      if (!r->lockcount && r->pw && r->created + maxttl < current)
         {
           if (DBG_CACHE)
             log_debug ("  expired `%s' (%lus after creation)\n",
@@ -203,10 +210,11 @@ agent_put_cache (const char *key, cache_mode_t cache_mode,
 
   if (!ttl)
     {
-      if (cache_mode == CACHE_MODE_SSH)
-        ttl = opt.def_cache_ttl_ssh;
-      else
-        ttl = opt.def_cache_ttl;
+      switch(cache_mode)
+        {
+        case CACHE_MODE_SSH: ttl = opt.def_cache_ttl_ssh; break;
+        default: ttl = opt.def_cache_ttl; break;
+        }
     }
   if (!ttl || cache_mode == CACHE_MODE_IGNORE)
     return 0;
diff --git a/agent/call-scd.c b/agent/call-scd.c
index 4dff8e3c1..7a623fda4 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -465,7 +465,7 @@ unescape_status_string (const unsigned char *s)
 {
   char *buffer, *d;
 
-  buffer = d = xtrymalloc (strlen (s)+1);
+  buffer = d = xtrymalloc (strlen ((const char*)s)+1);
   if (!buffer)
     return NULL;
   while (*s)
@@ -666,7 +666,7 @@ agent_card_pksign (ctrl_t ctrl,
                    int (*getpin_cb)(void *, const char *, char*, size_t),
                    void *getpin_cb_arg,
                    const unsigned char *indata, size_t indatalen,
-                   char **r_buf, size_t *r_buflen)
+                   unsigned char **r_buf, size_t *r_buflen)
 {
   int rc, i;
   char *p, line[ASSUAN_LINELENGTH];
@@ -714,14 +714,11 @@ agent_card_pksign (ctrl_t ctrl,
   /* Create an S-expression from it which is formatted like this:
      "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" */
   *r_buflen = 21 + 11 + sigbuflen + 4;
-  *r_buf = xtrymalloc (*r_buflen);
-  if (!*r_buf)
-    {
-      gpg_error_t tmperr = out_of_core ();
-      xfree (*r_buf);
-      return unlock_scd (ctrl, tmperr);
-    }
-  p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" );
+  p = xtrymalloc (*r_buflen);
+  *r_buf = (unsigned char*)p;
+  if (!p)
+    return unlock_scd (ctrl, out_of_core ());
+  p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
   sprintf (p, "%u:", (unsigned int)sigbuflen);
   p += strlen (p);
   memcpy (p, sigbuf, sigbuflen);
@@ -895,7 +892,7 @@ card_getattr_cb (void *opaque, const char *line)
   if (keywordlen == parm->keywordlen
       && !memcmp (keyword, parm->keyword, keywordlen))
     {
-      parm->data = unescape_status_string (line);
+      parm->data = unescape_status_string ((const unsigned char*)line);
       if (!parm->data)
         parm->error = errno;
     }
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 870afe059..a43fee24f 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -297,6 +297,7 @@ stream_read_byte (estream_t stream, unsigned char *b)
 	err = gpg_error_from_errno (errno);
       else
 	err = gpg_error (GPG_ERR_EOF);
+      *b = 0;
     }
   else
     {
@@ -604,6 +605,9 @@ file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n)
   gpg_error_t err;
   int ret;
 
+  *buffer = NULL;
+  *buffer_n = 0;
+
   buffer_new = NULL;
   err = 0;
   
@@ -1381,6 +1385,9 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
   gpg_error_t err;
   unsigned int i;
 
+  *blob = NULL;
+  *blob_size = 0;
+
   blob_new = NULL;
   stream = NULL;
   err = 0;
@@ -1535,20 +1542,12 @@ ssh_read_key_public_from_blob (unsigned char *blob, size_t blob_size,
    S-Expression KEY and writes it to BUFFER, which must be large
    enough to hold it.  Returns usual error code.  */
 static gpg_error_t
-ssh_key_grip (gcry_sexp_t key, char *buffer)
+ssh_key_grip (gcry_sexp_t key, unsigned char *buffer)
 {
-  gpg_error_t err;
-  char *p;
+  if (!gcry_pk_get_keygrip (key, buffer))
+    return gpg_error (GPG_ERR_INTERNAL);
 
-  /* FIXME: unsigned vs. signed.  */
-  
-  p = gcry_pk_get_keygrip (key, buffer);
-  if (! p)
-    err = gpg_error (GPG_ERR_INTERNAL);	/* FIXME?  */
-  else
-    err = 0;
-
-  return err;
+  return 0;
 }
 
 /* Converts the secret key KEY_SECRET into a public key, storing it in
@@ -1654,7 +1653,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
     }
 
   pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
-  err = gcry_sexp_sscan (&s_pk, NULL, pkbuf, pkbuflen);
+  err = gcry_sexp_sscan (&s_pk, NULL, (char*)pkbuf, pkbuflen);
   if (err)
     {
       log_error ("failed to build S-Exp from received card key: %s\n",
@@ -1877,7 +1876,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
           if (err)
             goto out;
 	      
-          err = gcry_sexp_sscan (&key_secret, NULL, buffer, buffer_n);
+          err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n);
           if (err)
             goto out;
 
@@ -1984,14 +1983,14 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
 	   unsigned char **sig, size_t *sig_n)
 {
   gpg_error_t err;
-  gcry_sexp_t signature_sexp;
-  estream_t stream;
-  gcry_sexp_t valuelist;
-  gcry_sexp_t sublist;
-  gcry_mpi_t sig_value;
-  unsigned char *sig_blob;
-  size_t sig_blob_n;
-  char *identifier;
+  gcry_sexp_t signature_sexp = NULL;
+  estream_t stream = NULL;
+  gcry_sexp_t valuelist = NULL;
+  gcry_sexp_t sublist = NULL;
+  gcry_mpi_t sig_value = NULL;
+  unsigned char *sig_blob = NULL;;
+  size_t sig_blob_n = 0;
+  char *identifier = NULL;
   const char *identifier_raw;
   size_t identifier_n;
   ssh_key_type_spec_t spec;
@@ -1999,17 +1998,10 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
   unsigned int i;
   const char *elems;
   size_t elems_n;
-  gcry_mpi_t *mpis;
+  gcry_mpi_t *mpis = NULL;
 
-  signature_sexp = NULL;
-  identifier = NULL;
-  valuelist = NULL;
-  sublist = NULL;
-  sig_blob = NULL;
-  sig_blob_n = 0;
-  stream = NULL;
-  sig_value = NULL;
-  mpis = NULL;
+  *sig = NULL;
+  *sig_n = 0;
 
   ctrl->use_auth_call = 1;
   err = agent_pksign_do (ctrl,
@@ -2119,7 +2111,7 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
   if (err)
     goto out;
   
-  *sig = (char *) sig_blob;
+  *sig = sig_blob;
   *sig_n = sig_blob_n;
   
  out:
@@ -2684,7 +2676,7 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
      secure memory, since we never give out secret keys. 
 
      FIXME: This is a pretty good DoS.  We only have a limited amount
-     of secure memory, we can't trhow hin everything we get from a
+     of secure memory, we can't throw in everything we get from a
      client -wk */
       
   /* Retrieve request.  */
@@ -2824,7 +2816,6 @@ start_command_handler_ssh (int sock_client)
   struct server_control_s ctrl;
   estream_t stream_sock;
   gpg_error_t err;
-  int bad;
   int ret;
 
   /* Setup control structure.  */
@@ -2868,15 +2859,15 @@ start_command_handler_ssh (int sock_client)
       goto out;
     }
 
-  while (1)
-    {
-      bad = ssh_request_process (&ctrl, stream_sock);
-      if (bad)
-	break;
-    };
+  /* Main processing loop. */
+  while ( !ssh_request_process (&ctrl, stream_sock) )
+    ;
+
+  /* Reset the SCD in case it has been used. */
+  agent_reset_scd (&ctrl);
+
 
  out:
-
   if (stream_sock)
     es_fclose (stream_sock);
 
diff --git a/agent/command.c b/agent/command.c
index ebf3a8220..c39bcc6ab 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -168,7 +168,7 @@ parse_keygrip (ASSUAN_CONTEXT ctx, const char *string, unsigned char *buf)
   if (n != 20)
     return set_error (Parameter_Error, "invalid length of keygrip");
 
-  for (p=string, n=0; n < 20; p += 2, n++)
+  for (p=(const unsigned char*)string, n=0; n < 20; p += 2, n++)
     buf[n] = xtoi_2 (p);
 
   return 0;
@@ -494,7 +494,7 @@ cmd_genkey (ASSUAN_CONTEXT ctx, char *line)
 
   init_membuf (&outbuf, 512);
 
-  rc = agent_genkey (ctrl, value, valuelen, &outbuf);
+  rc = agent_genkey (ctrl, (char*)value, valuelen, &outbuf);
   xfree (value);
   if (rc)
     clear_outbuf (&outbuf);
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index 41a5dfcda..9d2fa446c 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -139,10 +139,13 @@ static int
 encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
                     unsigned char **r_val, size_t *r_len)
 {
-  byte *frame;
-  byte asn[100];
+  unsigned char *frame;
+  unsigned char asn[100];
   size_t asnlen;
 
+  *r_val = NULL;
+  *r_len = 0;
+
   asnlen = DIM(asn);
   if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
     {
@@ -295,7 +298,7 @@ divert_pksign (CTRL ctrl,
   int rc;
   char *kid;
   size_t siglen;
-  char *sigval;
+  unsigned char *sigval;
   unsigned char *data;
   size_t ndata;
 
diff --git a/agent/findkey.c b/agent/findkey.c
index 56433c9c4..1cb7efaf3 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -345,7 +345,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
     }
 
   /* Convert the file into a gcrypt S-expression object.  */
-  rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen);
+  rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
   xfree (fname);
   fclose (fp);
   xfree (buf);
@@ -500,7 +500,7 @@ agent_key_from_file (ctrl_t ctrl, const char *desc_text,
     }
 
   buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
-  rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen);
+  rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
   wipememory (buf, buflen);
   xfree (buf);
   if (rc)
diff --git a/agent/genkey.c b/agent/genkey.c
index e07518d5a..d0319f7b4 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -33,7 +33,7 @@ static int
 store_key (gcry_sexp_t private, const char *passphrase, int force)
 {
   int rc;
-  char *buf;
+  unsigned char *buf;
   size_t len;
   unsigned char grip[20];
   
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 6cc08f845..8732c98d7 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -85,6 +85,7 @@ enum cmd_and_opt_values
   oDefCacheTTL,
   oDefCacheTTLSSH,
   oMaxCacheTTL,
+  oMaxCacheTTLSSH,
   oUseStandardSocket,
   oNoUseStandardSocket,
 
@@ -143,6 +144,7 @@ static ARGPARSE_OPTS opts[] = {
                                N_("|N|expire cached PINs after N seconds")},
   { oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" },
   { oMaxCacheTTL, "max-cache-ttl", 4, "@" },
+  { oMaxCacheTTLSSH, "max-cache-ttl-ssh", 4, "@" },
   { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
                                N_("do not use the PIN cache when signing")},
   { oAllowMarkTrusted, "allow-mark-trusted", 0,
@@ -156,8 +158,9 @@ static ARGPARSE_OPTS opts[] = {
 };
 
 
-#define DEFAULT_CACHE_TTL (10*60)  /* 10 minutes */
-#define MAX_CACHE_TTL     (120*60) /* 2 hours */
+#define DEFAULT_CACHE_TTL     (10*60)  /* 10 minutes */
+#define DEFAULT_CACHE_TTL_SSH (30*60)  /* 30 minutes */
+#define MAX_CACHE_TTL         (120*60) /* 2 hours */
 
 
 /* flag to indicate that a shutdown was requested */
@@ -369,8 +372,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.pinentry_program = NULL;
       opt.scdaemon_program = NULL;
       opt.def_cache_ttl = DEFAULT_CACHE_TTL;
-      opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL;
+      opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
       opt.max_cache_ttl = MAX_CACHE_TTL;
+      opt.max_cache_ttl_ssh = MAX_CACHE_TTL;
       opt.ignore_cache_for_signing = 0;
       opt.allow_mark_trusted = 0;
       opt.disable_scdaemon = 0;
@@ -407,6 +411,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
     case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
     case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
+    case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
       
     case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
 
diff --git a/agent/minip12.c b/agent/minip12.c
index 5ca85033d..31be15373 100644
--- a/agent/minip12.c
+++ b/agent/minip12.c
@@ -1552,6 +1552,8 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
   struct buffer_s seqlist[2];
   int seqlistidx = 0;
 
+  n = buflen = 0; /* (avoid compiler warning). */
+
   if (cert && certlen)
     {
       /* Encode the certificate. */
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index 42ce69697..1d64c1b15 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -52,7 +52,7 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
       goto leave;
     }
 
-  rc = gcry_sexp_sscan (&s_cipher, NULL, ciphertext, ciphertextlen);
+  rc = gcry_sexp_sscan (&s_cipher, NULL, (char*)ciphertext, ciphertextlen);
   if (rc)
     {
       log_error ("failed to convert ciphertext: %s\n", gpg_strerror (rc));
diff --git a/agent/pksign.c b/agent/pksign.c
index 2a355e43e..e9df19351 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -117,7 +117,7 @@ agent_pksign_do (ctrl_t ctrl, const char *desc_text,
       len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
       assert (len);
 
-      rc = gcry_sexp_sscan (&s_sig, NULL, buf, len);
+      rc = gcry_sexp_sscan (&s_sig, NULL, (char*)buf, len);
       xfree (buf);
       if (rc)
 	{
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index e8f1d2c10..5f59d5e06 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -239,9 +239,9 @@ make_advanced (const unsigned char *buf, size_t buflen)
   int rc;
   size_t erroff, len;
   gcry_sexp_t sexp;
-  unsigned char *result;
+  char *result;
 
-  rc = gcry_sexp_sscan (&sexp, &erroff, buf, buflen);
+  rc = gcry_sexp_sscan (&sexp, &erroff, (const char*)buf, buflen);
   if (rc)
     {
       log_error ("invalid canonical S-Expression (off=%u): %s\n",
@@ -378,7 +378,7 @@ read_and_protect (const char *fname)
       xfree (result);
       if (!p)
         return;
-      result = p;
+      result = (unsigned char*)p;
       resultlen = strlen (p);
     }
 
@@ -417,7 +417,7 @@ read_and_unprotect (const char *fname)
       xfree (result);
       if (!p)
         return;
-      result = p;
+      result = (unsigned char*)p;
       resultlen = strlen (p);
     }
 
@@ -434,12 +434,13 @@ read_and_shadow (const char *fname)
   unsigned char *key;
   unsigned char *result;
   size_t resultlen;
+  unsigned char dummy_info[] = "(8:313233342:43)";
   
   key = read_key (fname);
   if (!key)
     return;
 
-  rc = agent_shadow_key (key, "(8:313233342:43)", &result);
+  rc = agent_shadow_key (key, dummy_info, &result);
   xfree (key);
   if (rc)
     {
@@ -455,7 +456,7 @@ read_and_shadow (const char *fname)
       xfree (result);
       if (!p)
         return;
-      result = p;
+      result = (unsigned char*)p;
       resultlen = strlen (p);
     }
 
@@ -682,7 +683,7 @@ import_p12_file (const char *fname)
   if (!buf)
     return;
 
-  kparms = p12_parse (buf, buflen, (pw=get_passphrase (2)),
+  kparms = p12_parse ((unsigned char*)buf, buflen, (pw=get_passphrase (2)),
                       import_p12_cert_cb, NULL);
   release_passphrase (pw);
   xfree (buf);
@@ -773,7 +774,7 @@ import_p12_file (const char *fname)
       xfree (result);
       if (!p)
         return;
-      result = p;
+      result = (unsigned char*)p;
       resultlen = strlen (p);
     }
 
@@ -932,7 +933,7 @@ export_p12_file (const char *fname)
 
   if (opt_have_cert)
     {
-      cert = read_file ("-", &certlen);
+      cert = (unsigned char*)read_file ("-", &certlen);
       if (!cert)
         {
           wipememory (key, keylen_for_wipe);
@@ -1040,7 +1041,7 @@ percent_plus_unescape (unsigned char *string)
 static char *
 percent_plus_unescape_string (char *string) 
 {
-  unsigned char *p = string;
+  unsigned char *p = (unsigned char*)string;
   size_t n;
 
   n = percent_plus_unescape (p);
diff --git a/agent/protect.c b/agent/protect.c
index 658c8c529..45bdae496 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -134,19 +134,22 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
 
 */
 static int
-do_encryption (const char *protbegin, size_t protlen, 
+do_encryption (const unsigned char *protbegin, size_t protlen, 
                const char *passphrase,  const unsigned char *sha1hash,
                unsigned char **result, size_t *resultlen)
 {
   gcry_cipher_hd_t hd;
   const char *modestr = "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc";
   int blklen, enclen, outlen;
-  char *iv = NULL;
+  unsigned char *iv = NULL;
   int rc;
   char *outbuf = NULL;
   char *p;
   int saltpos, ivpos, encpos;
 
+  *resultlen = 0;
+  *result = NULL;
+
   rc = gcry_cipher_open (&hd, PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
                          GCRY_CIPHER_SECURE);
   if (rc)
@@ -250,7 +253,7 @@ do_encryption (const char *protbegin, size_t protlen,
       return tmperr;
     }
   *resultlen = strlen (p);
-  *result = p;
+  *result = (unsigned char*)p;
   memcpy (p+saltpos, iv+2*blklen, 8);
   memcpy (p+ivpos, iv, blklen);
   memcpy (p+encpos, outbuf, enclen);
@@ -261,7 +264,7 @@ do_encryption (const char *protbegin, size_t protlen,
 
 
 
-/* Protect the key encoded in canonical format in plainkey.  We assume
+/* Protect the key encoded in canonical format in PLAINKEY.  We assume
    a valid S-Exp here. */
 int 
 agent_protect (const unsigned char *plainkey, const char *passphrase,
@@ -469,6 +472,9 @@ merge_lists (const unsigned char *protectedkey,
   const unsigned char *startpos, *endpos;
   int i, rc;
   
+  *result = NULL;
+  *resultlen = 0;
+
   if (replacepos < 26)
     return gpg_error (GPG_ERR_BUG);
 
@@ -487,7 +493,7 @@ merge_lists (const unsigned char *protectedkey,
     return out_of_core ();
 
   /* Copy the initial segment */
-  strcpy (newlist, "(11:private-key");
+  strcpy ((char*)newlist, "(11:private-key");
   p = newlist + 15;
   memcpy (p, protectedkey+15+10, replacepos-15-10);
   p += replacepos-15-10;
@@ -669,7 +675,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
      is nothing we should worry about */
   if (s[n] != ')' )
     return gpg_error (GPG_ERR_INV_SEXP);
-  s2kcount = strtoul (s, NULL, 10);
+  s2kcount = strtoul ((const char*)s, NULL, 10);
   if (!s2kcount)
     return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
   s += n;
@@ -838,7 +844,7 @@ unsigned char *
 make_shadow_info (const char *serialno, const char *idstring)
 {
   const char *s;
-  unsigned char *info, *p;
+  char *info, *p;
   char numbuf[21];
   int n;
 
@@ -853,13 +859,13 @@ make_shadow_info (const char *serialno, const char *idstring)
   sprintf (numbuf, "%d:", n);
   p = stpcpy (p, numbuf);
   for (s=serialno; *s && s[1]; s += 2)
-    *p++ = xtoi_2 (s);
+    *(unsigned char *)p++ = xtoi_2 (s);
   sprintf (numbuf, "%d:", strlen (idstring));
   p = stpcpy (p, numbuf);
   p = stpcpy (p, idstring);
   *p++ = ')';
   *p = 0;
-  return info;
+  return (unsigned char *)info;
 }
 
 
@@ -878,7 +884,7 @@ agent_shadow_key (const unsigned char *pubkey,
   const unsigned char *point;
   size_t n;
   int depth = 0;
-  unsigned char *p;
+  char *p;
   size_t pubkey_len = gcry_sexp_canon_len (pubkey, 0, NULL,NULL);
   size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL);
 
@@ -930,7 +936,8 @@ agent_shadow_key (const unsigned char *pubkey,
   /* Calculate required length by taking in account: the "shadowed-"
      prefix, the "shadowed", "t1-v1" as well as some parenthesis */
   n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
-  *result = p = xtrymalloc (n);
+  *result = xtrymalloc (n);
+  p = (char*)*result;
   if (!p)
       return out_of_core ();
   p = stpcpy (p, "(20:shadowed-private-key");
diff --git a/agent/query.c b/agent/query.c
index c1e4dbacc..b231f6fc3 100644
--- a/agent/query.c
+++ b/agent/query.c
@@ -58,7 +58,7 @@ static pth_mutex_t entry_lock;
 struct entry_parm_s {
   int lines;
   size_t size;
-  char *buffer;
+  unsigned char *buffer;
 };
 
 
@@ -372,7 +372,7 @@ agent_askpin (ctrl_t ctrl,
     {
       memset (&parm, 0, sizeof parm);
       parm.size = pininfo->max_length;
-      parm.buffer = pininfo->pin;
+      parm.buffer = (unsigned char*)pininfo->pin;
 
       if (errtext)
         { 
@@ -444,7 +444,8 @@ agent_get_passphrase (CTRL ctrl,
   int rc;
   char line[ASSUAN_LINELENGTH];
   struct entry_parm_s parm;
-  unsigned char *p, *hexstring;
+  unsigned char *p;
+  char *hexstring;
   int i;
 
   *retpass = NULL;
@@ -497,7 +498,7 @@ agent_get_passphrase (CTRL ctrl,
       return unlock_pinentry (map_assuan_err (rc));
     }
   
-  hexstring = gcry_malloc_secure (strlen (parm.buffer)*2+1);
+  hexstring = gcry_malloc_secure (strlen ((char*)parm.buffer)*2+1);
   if (!hexstring)
     {
       gpg_error_t tmperr = out_of_core ();
diff --git a/common/ChangeLog b/common/ChangeLog
index 08fb06775..e7905ea58 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,9 +1,33 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* miscellaneous.c (make_printable_string): Made P a void*.
+
+	* sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp):
+	Fixed signed/unsigned pointer mismatch.
+	(make_simple_sexp_from_hexstr): Ditto.  This is all too ugly; I
+	wonder why gcc-4's default is to warn about them and forcing us to
+	use cast the warning away.
+	* iobuf.c (block_filter): Ditto.
+	(iobuf_flush): Ditto.
+	(iobuf_read_line): Ditto.
+	(iobuf_read): Make BUFFER a void *.
+	(iobuf_write): Make BUFFER a const void *.
+	* ttyio.c (tty_print_utf8_string2): Ditto.
+	* estream.c (estream_cookie_mem): Make MEMORY unsigned char*.
+	(es_write): Make BUFFER a void *.
+	(es_writen): Ditto.
+	(es_func_fd_read, es_func_fd_write, es_func_mem_read) 
+	(es_func_mem_write): Ditto.
+	(es_read, es_readn): Ditto.
+	(es_func_mem_write): Made MEMORY_NEW an unsigned char *.
+	* estream.h (es_cookie_read_function_t)
+	(es_cookie_write_function_t): Changed buffer arg to void*.
+
 2005-06-03  Werner Koch  <wk@g10code.com>
 
 	* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
 	(es_func_fd_read, es_func_fd_write): Protect against EINTR.
 	
-
 2005-06-01  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (AM_CPPFLAGS): Added.
diff --git a/common/estream.c b/common/estream.c
index bf5b02001..70b3d9c6e 100644
--- a/common/estream.c
+++ b/common/estream.c
@@ -294,7 +294,7 @@ es_init_do (void)
 typedef struct estream_cookie_mem
 {
   unsigned int flags;		/* Open flags.  */
-  char *memory;			/* Data.  */
+  unsigned char *memory;	/* Data.  */
   size_t memory_size;		/* Size of MEMORY.  */
   size_t offset;		/* Current offset in MEMORY.  */
   size_t data_len;		/* Length of data in MEMORY.  */
@@ -350,7 +350,7 @@ es_func_mem_create (void *ES__RESTRICT *ES__RESTRICT cookie,
 
 /* Read function for memory objects.  */
 static ssize_t
-es_func_mem_read (void *cookie, char *buffer, size_t size)
+es_func_mem_read (void *cookie, void *buffer, size_t size)
 {
   estream_cookie_mem_t mem_cookie = cookie;
   ssize_t ret;
@@ -371,11 +371,11 @@ es_func_mem_read (void *cookie, char *buffer, size_t size)
 
 /* Write function for memory objects.  */
 static ssize_t
-es_func_mem_write (void *cookie, const char *buffer, size_t size)
+es_func_mem_write (void *cookie, const void *buffer, size_t size)
 {
   estream_cookie_mem_t mem_cookie = cookie;
   func_realloc_t func_realloc = mem_cookie->func_realloc;
-  char *memory_new;
+  unsigned char *memory_new;
   size_t newsize;
   ssize_t ret;
   int err;
@@ -591,7 +591,7 @@ es_func_fd_create (void **cookie, int fd, unsigned int flags)
 
 /* Read function for fd objects.  */
 static ssize_t
-es_func_fd_read (void *cookie, char *buffer, size_t size)
+es_func_fd_read (void *cookie, void *buffer, size_t size)
 
 {
   estream_cookie_fd_t file_cookie = cookie;
@@ -606,7 +606,7 @@ es_func_fd_read (void *cookie, char *buffer, size_t size)
 
 /* Write function for fd objects.  */
 static ssize_t
-es_func_fd_write (void *cookie, const char *buffer, size_t size)
+es_func_fd_write (void *cookie, const void *buffer, size_t size)
 			   
 {
   estream_cookie_fd_t file_cookie = cookie;
@@ -1122,9 +1122,10 @@ es_read_lbf (estream_t ES__RESTRICT stream,
    *the amount of bytes read in BYTES_READ.  */
 static int
 es_readn (estream_t ES__RESTRICT stream,
-	  unsigned char *ES__RESTRICT buffer,
+	  void *ES__RESTRICT buffer_arg,
 	  size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
 {
+  unsigned char *buffer = (unsigned char *)buffer_arg;
   size_t data_read_unread, data_read;
   int err;
 
@@ -1388,7 +1389,7 @@ es_write_lbf (estream_t ES__RESTRICT stream,
    amount of bytes written in BYTES_WRITTEN.  */
 static int
 es_writen (estream_t ES__RESTRICT stream,
-	   const unsigned char *ES__RESTRICT buffer,
+	   const void *ES__RESTRICT buffer,
 	   size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
 {
   size_t data_written;
@@ -2289,7 +2290,7 @@ es_ungetc (int c, estream_t stream)
 
 int
 es_read (estream_t ES__RESTRICT stream,
-	 char *ES__RESTRICT buffer, size_t bytes_to_read,
+	 void *ES__RESTRICT buffer, size_t bytes_to_read,
 	 size_t *ES__RESTRICT bytes_read)
 {
   int err;
@@ -2309,7 +2310,7 @@ es_read (estream_t ES__RESTRICT stream,
 
 int
 es_write (estream_t ES__RESTRICT stream,
-	  const char *ES__RESTRICT buffer, size_t bytes_to_write,
+	  const void *ES__RESTRICT buffer, size_t bytes_to_write,
 	  size_t *ES__RESTRICT bytes_written)
 {
   int err;
diff --git a/common/estream.h b/common/estream.h
index c201b666a..ebe575926 100644
--- a/common/estream.h
+++ b/common/estream.h
@@ -72,9 +72,9 @@ typedef struct es__stream *estream_t;
 
 
 typedef ssize_t (*es_cookie_read_function_t) (void *cookie,
-					      char *buffer, size_t size);
+					      void *buffer, size_t size);
 typedef ssize_t (*es_cookie_write_function_t) (void *cookie,
-					       const char *buffer,
+					       const void *buffer,
 					       size_t size);
 typedef int (*es_cookie_seek_function_t) (void *cookie,
 					  off_t *pos, int whence);
@@ -166,10 +166,10 @@ int _es_putc_overflow (int c, estream_t stream);
 int es_ungetc (int c, estream_t stream);
 
 int es_read (estream_t ES__RESTRICT stream,
-	     char *ES__RESTRICT buffer, size_t bytes_to_read,
+	     void *ES__RESTRICT buffer, size_t bytes_to_read,
 	     size_t *ES__RESTRICT bytes_read);
 int es_write (estream_t ES__RESTRICT stream,
-	      const char *ES__RESTRICT buffer, size_t bytes_to_write,
+	      const void *ES__RESTRICT buffer, size_t bytes_to_write,
 	      size_t *ES__RESTRICT bytes_written);
 
 size_t es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
diff --git a/common/iobuf.c b/common/iobuf.c
index 52a388514..32b9e18c6 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -675,10 +675,11 @@ sock_filter (void *opaque, int control, iobuf_t chain, byte * buf,
  * without a filter
  */
 static int
-block_filter (void *opaque, int control, iobuf_t chain, byte * buf,
+block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
 	      size_t * ret_len)
 {
   block_filter_ctx_t *a = opaque;
+  char *buf = (char *)buffer;
   size_t size = *ret_len;
   int c, needed, rc = 0;
   char *p;
@@ -1762,7 +1763,7 @@ iobuf_flush (iobuf_t a)
 
   if (a->use == 3)
     {				/* increase the temp buffer */
-      char *newbuf;
+      unsigned char *newbuf;
       size_t newsize = a->d.size + 8192;
 
       if (DBG_IOBUF)
@@ -1829,8 +1830,9 @@ iobuf_readbyte (iobuf_t a)
 
 
 int
-iobuf_read (iobuf_t a, byte * buf, unsigned buflen)
+iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
 {
+  unsigned char *buf = (unsigned char *)buffer;
   int c, n;
 
   if (a->unget.buf || a->nlimit)
@@ -1915,7 +1917,7 @@ iobuf_peek (iobuf_t a, byte * buf, unsigned buflen)
 
 
 int
-iobuf_writebyte (iobuf_t a, unsigned c)
+iobuf_writebyte (iobuf_t a, unsigned int c)
 {
   int rc;
 
@@ -1933,8 +1935,9 @@ iobuf_writebyte (iobuf_t a, unsigned c)
 
 
 int
-iobuf_write (iobuf_t a, byte * buf, unsigned buflen)
+iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
 {
+  const unsigned char *buf = (const unsigned char *)buffer;
   int rc;
 
   if (a->directfp)
@@ -2311,7 +2314,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 		 unsigned *length_of_buffer, unsigned *max_length)
 {
   int c;
-  char *buffer = *addr_of_buffer;
+  char *buffer = (char *)*addr_of_buffer;
   unsigned length = *length_of_buffer;
   unsigned nbytes = 0;
   unsigned maxlen = *max_length;
@@ -2321,7 +2324,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
     {				/* must allocate a new buffer */
       length = 256;
       buffer = xmalloc (length);
-      *addr_of_buffer = buffer;
+      *addr_of_buffer = (unsigned char *)buffer;
       *length_of_buffer = length;
     }
 
@@ -2344,7 +2347,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 	  length += 3;		/* correct for the reserved byte */
 	  length += length < 1024 ? 256 : 1024;
 	  buffer = xrealloc (buffer, length);
-	  *addr_of_buffer = buffer;
+	  *addr_of_buffer = (unsigned char *)buffer;
 	  *length_of_buffer = length;
 	  length -= 3;		/* and reserve again */
 	  p = buffer + nbytes;
diff --git a/common/iobuf.h b/common/iobuf.h
index 0af94e22d..b991717c2 100644
--- a/common/iobuf.h
+++ b/common/iobuf.h
@@ -120,12 +120,12 @@ off_t iobuf_tell (iobuf_t a);
 int iobuf_seek (iobuf_t a, off_t newpos);
 
 int iobuf_readbyte (iobuf_t a);
-int iobuf_read (iobuf_t a, byte * buf, unsigned buflen);
+int iobuf_read (iobuf_t a, void *buf, unsigned buflen);
 unsigned iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 			  unsigned *length_of_buffer, unsigned *max_length);
 int iobuf_peek (iobuf_t a, byte * buf, unsigned buflen);
 int iobuf_writebyte (iobuf_t a, unsigned c);
-int iobuf_write (iobuf_t a, byte * buf, unsigned buflen);
+int iobuf_write (iobuf_t a, const void *buf, unsigned buflen);
 int iobuf_writestr (iobuf_t a, const char *buf);
 
 void iobuf_flush_temp (iobuf_t temp);
diff --git a/common/miscellaneous.c b/common/miscellaneous.c
index 86b0fcb3a..d81213ef9 100644
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@@ -66,7 +66,7 @@ print_utf8_string( FILE *fp, const byte *p, size_t n )
 }
 
 char *
-make_printable_string( const byte *p, size_t n, int delim )
+make_printable_string (const void *p, size_t n, int delim )
 {
   return sanitize_buffer (p, n, delim);
 }
diff --git a/common/sexputil.c b/common/sexputil.c
index 802916b44..8a27ad978 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -52,7 +52,7 @@ keygrip_from_canon_sexp (const unsigned char *key, size_t keylen,
 
   if (!grip)
     return gpg_error (GPG_ERR_INV_VALUE);
-  err = gcry_sexp_sscan (&sexp, NULL, key, keylen);
+  err = gcry_sexp_sscan (&sexp, NULL, (const char *)key, keylen);
   if (err)
     return err;
   if (!gcry_pk_get_keygrip (sexp, grip))
@@ -66,8 +66,11 @@ keygrip_from_canon_sexp (const unsigned char *key, size_t keylen,
    are identical or !0 if they are not.  Not that this function can't
    be used for sorting. */
 int
-cmp_simple_canon_sexp (const unsigned char *a, const unsigned char *b)
+cmp_simple_canon_sexp (const unsigned char *a_orig,
+                       const unsigned char *b_orig)
 {
+  const char *a = (const char *)a_orig;
+  const char *b = (const char *)b_orig;
   unsigned long n1, n2;
   char *endp;
 
@@ -124,7 +127,7 @@ make_simple_sexp_from_hexstr (const char *line, size_t *nscanned)
   buf = xtrymalloc (strlen (numbuf) + len + 1 + 1);
   if (!buf)
     return NULL;
-  p = stpcpy (buf, numbuf);
+  p = (unsigned char *)stpcpy ((char *)buf, numbuf);
   s = line;
   if ((n&1))
     {
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index 8a027e799..de3689810 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -404,7 +404,7 @@ static char *
 copy_and_escape (char *buffer, const char *text)
 {
   int i;
-  const unsigned char *s = text;
+  const unsigned char *s = (unsigned char *)text;
   char *p = buffer;
   
 
diff --git a/common/ttyio.c b/common/ttyio.c
index eab805e20..5749c59fe 100644
--- a/common/ttyio.c
+++ b/common/ttyio.c
@@ -322,7 +322,7 @@ tty_print_utf8_string2( const byte *p, size_t n, size_t max_n )
 	    break;
     }
     if( i < n ) {
-	buf = utf8_to_native( p, n, 0 );
+	buf = utf8_to_native( (const char *)p, n, 0 );
 	if( max_n && (strlen( buf ) > max_n )) {
 	    buf[max_n] = 0;
 	}
diff --git a/common/util.h b/common/util.h
index d233dbf5e..1ced59b67 100644
--- a/common/util.h
+++ b/common/util.h
@@ -153,7 +153,7 @@ const char *print_fname_stdin (const char *s);
 void print_string (FILE *fp, const byte *p, size_t n, int delim);
 void print_utf8_string2 ( FILE *fp, const byte *p, size_t n, int delim);
 void print_utf8_string (FILE *fp, const byte *p, size_t n);
-char *make_printable_string (const byte *p, size_t n, int delim);
+char *make_printable_string (const void *p, size_t n, int delim);
 
 int is_file_compressed (const char *s, int *ret_rc);
 
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index bad6639e2..144745b4c 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -293,7 +293,7 @@ Set the time a cache entry is valid to @var{n} seconds.  The default are
 @item --default-cache-ttl-ssh @var{n}
 @opindex default-cache-ttl
 Set the time a cache entry used for SSH keys is valid to @var{n}
-seconds.  The default are 600 seconds.
+seconds.  The default are 1800 seconds.
 
 @item --max-cache-ttl @var{n}
 @opindex max-cache-ttl
@@ -301,6 +301,12 @@ Set the maximum time a cache entry is valid to @var{n} seconds.  After
 this time a cache entry will get expired even if it has been accessed
 recently.  The default are 2 hours (7200 seconds).
 
+@item --max-cache-ttl-ssh @var{n}
+@opindex max-cache-ttl-ssh
+Set the maximum time a cache entry used for SSH keys is valid to @var{n}
+seconds.  After this time a cache entry will get expired even if it has
+been accessed recently.  The default are 2 hours (7200 seconds).
+
 @item --pinentry-program @var{filename}
 @opindex pinentry-program
 Use program @var{filename} as the PIN entry.  The default is installation
diff --git a/g10/ChangeLog b/g10/ChangeLog
index b33735e1f..0ae73b535 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* g10.c (print_hashline, add_group): Fixes for signed/unsigned
+	pointer mismatch warnings.
+
 2005-06-01  Werner Koch  <wk@g10code.com>
 
 	* mkdtemp.c: Removed.
diff --git a/g10/g10.c b/g10/g10.c
index 0be5636a2..234d13f41 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -933,7 +933,7 @@ static void add_group(char *string)
       return;
     }
 
-  trim_trailing_ws(name,strlen(name));
+  trim_trailing_ws((unsigned char *)name,strlen(name));
 
   /* Break apart the values */
   while ((value= strsep(&string," \t")))
@@ -3124,7 +3124,7 @@ print_hashline( MD_HANDLE md, int algo, const char *fname )
     const byte *p;
     
     if ( fname ) {
-        for (p = fname; *p; p++ ) {
+        for (p = (const unsigned char *)fname; *p; p++ ) {
             if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
                 printf("%%%02X", *p );
             else 
diff --git a/g10/misc.c b/g10/misc.c
index 7012a8a25..516e80bcc 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -986,9 +986,10 @@ mpi_print( FILE *fp, gcry_mpi_t a, int mode )
     }
     else {
 	int rc;
-	unsigned char *buffer;
+	char *buffer;
 
-	rc = gcry_mpi_aprint( GCRYMPI_FMT_HEX, &buffer, NULL, a );
+	rc = gcry_mpi_aprint( GCRYMPI_FMT_HEX,
+                              &(unsigned char*)buffer, NULL, a );
 	assert( !rc );
 	fputs( buffer, fp );
 	n += strlen(buffer);
diff --git a/jnlib/ChangeLog b/jnlib/ChangeLog
index f308a7ea3..f0463c5b3 100644
--- a/jnlib/ChangeLog
+++ b/jnlib/ChangeLog
@@ -1,3 +1,16 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* stringhelp.c (sanitize_buffer): Make P a void*.
+	(ascii_memistr, memistr): Ditto.
+	(ascii_memcasecmp): Ditto.
+	* logging.c (writen): Use void * for arg BUFFER.
+	* stringhelp.c (memistr): Fixed unsigned/signed pointer conflict.
+	(ascii_memistr): Ditto.
+	(ascii_memcasemem): Ditto.
+	* utf8conv.c (utf8_to_native): Ditto.
+	(utf8_to_native): Ditto.
+	* argparse.c (show_version): Removed non-required cast.
+
 2005-01-19  Werner Koch  <wk@g10code.com>
 
 	* logging.c (fun_writer): Don't fallback to stderr. Print to
diff --git a/jnlib/argparse.c b/jnlib/argparse.c
index 485c60786..980d1186c 100644
--- a/jnlib/argparse.c
+++ b/jnlib/argparse.c
@@ -852,7 +852,7 @@ show_version()
     /* additional program info */
     for(i=30; i < 40; i++ )
 	if( (s=strusage(i)) )
-	    fputs( (const byte*)s, stdout);
+	    fputs (s, stdout);
     fflush(stdout);
 }
 
diff --git a/jnlib/logging.c b/jnlib/logging.c
index 97a2b9c9e..c944006a5 100644
--- a/jnlib/logging.c
+++ b/jnlib/logging.c
@@ -87,10 +87,11 @@ struct fun_cookie_s {
   char name[1];
 };
 
-/* Write NBYTES of BUF to file descriptor FD. */
+/* Write NBYTES of BUFFER to file descriptor FD. */
 static int
-writen (int fd, const unsigned char *buf, size_t nbytes)
+writen (int fd, const void *buffer, size_t nbytes)
 {
+  const char *buf = buffer;
   size_t nleft = nbytes;
   int nwritten;
   
diff --git a/jnlib/stringhelp.c b/jnlib/stringhelp.c
index 5a3b41528..760398b0c 100644
--- a/jnlib/stringhelp.c
+++ b/jnlib/stringhelp.c
@@ -1,6 +1,6 @@
 /* stringhelp.c -  standard string helper functions
  * Copyright (C) 1998, 1999, 2000, 2001, 2003,
- *               2004  Free Software Foundation, Inc.
+ *               2004, 2005  Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -35,45 +35,57 @@
 
 /*
  * Look for the substring SUB in buffer and return a pointer to that
- * substring in BUF or NULL if not found.
+ * substring in BUFFER or NULL if not found.
  * Comparison is case-insensitive.
  */
 const char *
-memistr( const char *buf, size_t buflen, const char *sub )
+memistr (const void *buffer, size_t buflen, const char *sub)
 {
-    const byte *t, *s ;
-    size_t n;
+  const unsigned char *buf = buffer;
+  const unsigned char *t = (const unsigned char *)buffer;
+  const unsigned char *s = (const unsigned char *)sub;
+  size_t n = buflen;
 
-    for( t=buf, n=buflen, s=sub ; n ; t++, n-- )
-	if( toupper(*t) == toupper(*s) ) {
-	    for( buf=t++, buflen = n--, s++;
-		 n && toupper(*t) == toupper(*s); t++, s++, n-- )
-		;
-	    if( !*s )
-		return buf;
-	    t = buf; n = buflen; s = sub ;
+  for ( ; n ; t++, n-- )
+    {
+      if ( toupper (*t) == toupper (*s) )
+        {
+          for ( buf=t++, buflen = n--, s++;
+                n && toupper (*t) == toupper (*s); t++, s++, n-- )
+            ;
+          if (!*s)
+            return (const char*)buf;
+          t = buf;
+          s = (const unsigned char *)sub ;
+          n = buflen;
 	}
-
-    return NULL ;
+    }
+  return NULL;
 }
 
 const char *
-ascii_memistr( const char *buf, size_t buflen, const char *sub )
+ascii_memistr ( const void *buffer, size_t buflen, const char *sub )
 {
-    const byte *t, *s ;
-    size_t n;
+  const unsigned char *buf = buffer;
+  const unsigned char *t = (const unsigned char *)buf;
+  const unsigned char *s = (const unsigned char *)sub;
+  size_t n = buflen;
 
-    for( t=buf, n=buflen, s=sub ; n ; t++, n-- )
-	if( ascii_toupper(*t) == ascii_toupper(*s) ) {
-	    for( buf=t++, buflen = n--, s++;
-		 n && ascii_toupper(*t) == ascii_toupper(*s); t++, s++, n-- )
-		;
-	    if( !*s )
-		return buf;
-	    t = buf; n = buflen; s = sub ;
+  for ( ; n ; t++, n-- )
+    {
+      if (ascii_toupper (*t) == ascii_toupper (*s) )
+        {
+          for ( buf=t++, buflen = n--, s++;
+                n && ascii_toupper (*t) == ascii_toupper (*s); t++, s++, n-- )
+            ;
+          if (!*s)
+            return (const char*)buf;
+          t = (const unsigned char *)buf;
+          s = (const unsigned char *)sub ;
+          n = buflen;
 	}
-
-    return NULL ;
+    }
+  return NULL;
 }
 
 /* This function is similar to strncpy().  However it won't copy more
@@ -402,13 +414,14 @@ print_sanitized_utf8_string (FILE *fp, const char *string, int delim)
                                               delim) : 0;
 }
 
-/* Create a string from the buffer P of length N which is suitable for
+/* Create a string from the buffer P_ARG of length N which is suitable for
    printing.  Caller must release the created string using xfree. */
 char *
-sanitize_buffer (const unsigned char *p, size_t n, int delim)
+sanitize_buffer (const void *p_arg, size_t n, int delim)
 {
+  const unsigned char *p = p_arg;
   size_t save_n, buflen;
-  const byte *save_p;
+  const unsigned char *save_p;
   char *buffer, *d;
 
   /* first count length */
@@ -552,15 +565,19 @@ ascii_strncasecmp (const char *a, const char *b, size_t n)
 
 
 int
-ascii_memcasecmp( const char *a, const char *b, size_t n )
+ascii_memcasecmp (const void *a_arg, const void *b_arg, size_t n )
 {
-    if (a == b)
-        return 0;
-    for ( ; n; n--, a++, b++ ) {
-	if( *a != *b  && ascii_toupper (*a) != ascii_toupper (*b) )
-            return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
-    }
+  const char *a = a_arg;
+  const char *b = b_arg;
+
+  if (a == b)
     return 0;
+  for ( ; n; n--, a++, b++ )
+    {
+      if( *a != *b  && ascii_toupper (*a) != ascii_toupper (*b) )
+        return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
+    }
+  return 0;
 }
 
 int
@@ -586,8 +603,8 @@ ascii_memcasemem (const void *haystack, size_t nhaystack,
     return (void*)haystack; /* finding an empty needle is really easy */
   if (nneedle <= nhaystack)
     {
-      const unsigned char *a = haystack;
-      const unsigned char *b = a + nhaystack - nneedle;
+      const char *a = haystack;
+      const char *b = a + nhaystack - nneedle;
       
       for (; a <= b; a++)
         {
diff --git a/jnlib/stringhelp.h b/jnlib/stringhelp.h
index 412da3a0e..bdd7d561c 100644
--- a/jnlib/stringhelp.h
+++ b/jnlib/stringhelp.h
@@ -23,7 +23,7 @@
 
 #include "types.h"
 
-const char *memistr( const char *buf, size_t buflen, const char *sub );
+const char *memistr (const void *buf, size_t buflen, const char *sub);
 char *mem2str( char *, const void *, size_t);
 char *trim_spaces( char *string );
 char *trim_trailing_spaces( char *string );
@@ -46,7 +46,7 @@ size_t print_sanitized_utf8_buffer (FILE *fp, const void *buffer,
                                     size_t length, int delim);
 size_t print_sanitized_string (FILE *fp, const char *string, int delim);
 size_t print_sanitized_utf8_string (FILE *fp, const char *string, int delim);
-char *sanitize_buffer (const unsigned char *p, size_t n, int delim);
+char *sanitize_buffer (const void *p, size_t n, int delim);
 
 
 #ifdef HAVE_W32_SYSTEM
@@ -54,15 +54,14 @@ const char *w32_strerror (int ec);
 #endif
 
 
-const char *ascii_memistr( const char *buf, size_t buflen, const char *sub );
 int ascii_isupper (int c);
 int ascii_islower (int c);
 int ascii_toupper (int c);
 int ascii_tolower (int c);
 int ascii_strcasecmp( const char *a, const char *b );
 int ascii_strncasecmp (const char *a, const char *b, size_t n);
-int ascii_memcasecmp( const char *a, const char *b, size_t n );
-const char *ascii_memistr ( const char *buf, size_t buflen, const char *sub);
+int ascii_memcasecmp( const void *a, const void *b, size_t n );
+const char *ascii_memistr ( const void *buf, size_t buflen, const char *sub);
 void *ascii_memcasemem (const void *haystack, size_t nhaystack,
                         const void *needle, size_t nneedle);
 
diff --git a/jnlib/utf8conv.c b/jnlib/utf8conv.c
index 691176766..4df8b7b32 100644
--- a/jnlib/utf8conv.c
+++ b/jnlib/utf8conv.c
@@ -136,16 +136,17 @@ get_native_charset ()
  * new allocated UTF8 string.
  */
 char *
-native_to_utf8 (const char *string)
+native_to_utf8 (const char *orig_string)
 {
-  const byte *s;
+  const unsigned char *string = (const unsigned char *)orig_string;
+  const unsigned char *s;
   char *buffer;
-  byte *p;
+  unsigned char *p;
   size_t length = 0;
 
   if (no_translation)
     {
-      buffer = jnlib_xstrdup (string);
+      buffer = jnlib_xstrdup (orig_string);
     }
   else if (active_charset)
     {
@@ -156,7 +157,7 @@ native_to_utf8 (const char *string)
 	    length += 2;	/* we may need 3 bytes */
 	}
       buffer = jnlib_xmalloc (length + 1);
-      for (p = buffer, s = string; *s; s++)
+      for (p = (unsigned char *)buffer, s = string; *s; s++)
 	{
 	  if ((*s & 0x80))
 	    {
@@ -187,7 +188,7 @@ native_to_utf8 (const char *string)
 	    length++;
 	}
       buffer = jnlib_xmalloc (length + 1);
-      for (p = buffer, s = string; *s; s++)
+      for (p = (unsigned char *)buffer, s = string; *s; s++)
 	{
 	  if (*s & 0x80)
 	    {
@@ -212,11 +213,12 @@ utf8_to_native (const char *string, size_t length, int delim)
 {
   int nleft;
   int i;
-  byte encbuf[8];
+  unsigned char encbuf[8];
   int encidx;
   const byte *s;
   size_t n;
-  byte *buffer = NULL, *p = NULL;
+  char *buffer = NULL;
+  char *p = NULL;
   unsigned long val = 0;
   size_t slen;
   int resync = 0;
@@ -225,7 +227,8 @@ utf8_to_native (const char *string, size_t length, int delim)
   /* 2. pass (p!=NULL): create string */
   for (;;)
     {
-      for (slen = length, nleft = encidx = 0, n = 0, s = string; slen;
+      for (slen = length, nleft = encidx = 0, n = 0,
+             s = (const unsigned char *)string; slen;
 	   s++, slen--)
 	{
 	  if (resync)
diff --git a/kbx/ChangeLog b/kbx/ChangeLog
index 7c112085c..4fd06d5ca 100644
--- a/kbx/ChangeLog
+++ b/kbx/ChangeLog
@@ -1,3 +1,14 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned.
+	(_keybox_write_blob): 
+
+	* keybox-blob.c (create_blob_finish, _keybox_create_x509_blob):
+	Fixed warnings about signed/unsigned pointer mismatches.
+	(x509_email_kludge): Ditto.
+	(_keybox_new_blob): Changed arg IMAGE to unsigned char *.
+	(_keybox_get_blob_image): Changed return type to unsigned char*.
+
 2005-06-01  Werner Koch  <wk@g10code.com>
 
 	* keybox-file.c (ftello) [!HAVE_FSEEKO]: New replacement
diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c
index 7fe6178d6..0569b5a67 100644
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@@ -386,7 +386,7 @@ import_openpgp (const char *filename)
   buffer = read_file (filename, &buflen);
   if (!buffer)
     return;
-  p = buffer;
+  p = (unsigned char *)buffer;
   for (;;)
     {
       err = _keybox_parse_openpgp (p, buflen, &nparsed, &info);
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index 48bce28e2..67c74b777 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -646,8 +646,8 @@ static int
 create_blob_finish (KEYBOXBLOB blob)
 {
   struct membuf *a = blob->buf;
-  byte *p;
-  char *pp;
+  unsigned char *p;
+  unsigned char *pp;
   int i;
   size_t n;
 
@@ -656,6 +656,7 @@ create_blob_finish (KEYBOXBLOB blob)
     put32 (a, 0);  /* Hmmm: why put32() ?? */
   
   /* get the memory area */
+  n = 0; /* (Just to avoid compiler warning.) */
   p = get_membuf (a, &n);
   if (!p)
     return gpg_error (GPG_ERR_ENOMEM);
@@ -783,7 +784,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
 static char *
 x509_email_kludge (const char *name)
 {
-  const unsigned char *p;
+  const char *p;
   unsigned char *buf;
   int n;
 
@@ -805,7 +806,7 @@ x509_email_kludge (const char *name)
     buf[n] = xtoi_2 (p);
   buf[n++] = '>';
   buf[n] = 0;
-  return buf;
+  return (char *)buf;
 }
 
 
@@ -818,8 +819,9 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
 {
   int i, rc = 0;
   KEYBOXBLOB blob;
-  unsigned char *p;
-  unsigned char **names = NULL;
+  unsigned char *sn;
+  char *p;
+  char **names = NULL;
   size_t max_names;
 
   *r_blob = NULL;
@@ -827,28 +829,28 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
   if( !blob )
     return gpg_error (gpg_err_code_from_errno (errno));
 
-  p = ksba_cert_get_serial (cert);
-  if (p)
+  sn = ksba_cert_get_serial (cert);
+  if (sn)
     {
       size_t n, len;
-      n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+      n = gcry_sexp_canon_len (sn, 0, NULL, NULL);
       if (n < 2)
         {
-          xfree (p);
+          xfree (sn);
           return gpg_error (GPG_ERR_GENERAL);
         }
-      blob->serialbuf = p;
-      p++; n--; /* skip '(' */
-      for (len=0; n && *p && *p != ':' && digitp (p); n--, p++)
-        len = len*10 + atoi_1 (p);
-      if (*p != ':')
+      blob->serialbuf = sn;
+      sn++; n--; /* skip '(' */
+      for (len=0; n && *sn && *sn != ':' && digitp (sn); n--, sn++)
+        len = len*10 + atoi_1 (sn);
+      if (*sn != ':')
         {
           xfree (blob->serialbuf);
           blob->serialbuf = NULL;
           return gpg_error (GPG_ERR_GENERAL);
         }
-      p++;
-      blob->serial = p;
+      sn++;
+      blob->serial = sn;
       blob->seriallen = len;
     }
 
@@ -863,6 +865,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
       rc = gpg_error (gpg_err_code_from_errno (errno));
       goto leave;
     }
+  
   p = ksba_cert_get_issuer (cert, 0);
   if (!p)
     {
@@ -872,10 +875,9 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
   names[blob->nuids++] = p;
   for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
     {
-
       if (blob->nuids >= max_names)
         {
-          unsigned char **tmp;
+          char **tmp;
           
           max_names += 100;
           tmp = xtryrealloc (names, max_names * sizeof *names);
@@ -964,7 +966,8 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
 
 
 int
-_keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen, off_t off)
+_keybox_new_blob (KEYBOXBLOB *r_blob,
+                  unsigned char *image, size_t imagelen, off_t off)
 {
   KEYBOXBLOB blob;
   
@@ -1000,7 +1003,7 @@ _keybox_release_blob (KEYBOXBLOB blob)
 
 
 
-const char *
+const unsigned char *
 _keybox_get_blob_image ( KEYBOXBLOB blob, size_t *n )
 {
   *n = blob->bloblen;
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index b58294459..7bbed8519 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -140,10 +140,11 @@ int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
                               unsigned char *sha1_digest, int as_ephemeral);
 #endif /*KEYBOX_WITH_X509*/
 
-int  _keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen,
+int  _keybox_new_blob (KEYBOXBLOB *r_blob,
+                       unsigned char *image, size_t imagelen,
                        off_t off);
 void _keybox_release_blob (KEYBOXBLOB blob);
-const char *_keybox_get_blob_image (KEYBOXBLOB blob, size_t *n);
+const unsigned char *_keybox_get_blob_image (KEYBOXBLOB blob, size_t *n);
 off_t _keybox_get_blob_fileoffset (KEYBOXBLOB blob);
 void _keybox_update_header_blob (KEYBOXBLOB blob);
 
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
index fe02c1f9f..3883ce607 100644
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@@ -48,7 +48,7 @@ ftello (FILE *stream)
 int
 _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
 {
-  char *image;
+  unsigned char *image;
   size_t imagelen = 0;
   int c1, c2, c3, c4, type;
   int rc;
@@ -118,7 +118,7 @@ _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
 int
 _keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
 {
-  const char *image;
+  const unsigned char *image;
   size_t length;
 
   image = _keybox_get_blob_image (blob, &length);
diff --git a/scd/apdu.c b/scd/apdu.c
index 212b9df24..975fffa24 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -2393,7 +2393,7 @@ apdu_activate (int slot)
 unsigned char *
 apdu_get_atr (int slot, size_t *atrlen)
 {
-  char *buf;
+  unsigned char *buf;
 
   if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
     return NULL;
diff --git a/scd/app-help.c b/scd/app-help.c
index 1c3c52b15..27cbea5c7 100644
--- a/scd/app-help.c
+++ b/scd/app-help.c
@@ -48,7 +48,7 @@ app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip)
   n = gcry_sexp_canon_len (p, 0, NULL, NULL);
   if (!n)
     return gpg_error (GPG_ERR_INV_SEXP);
-  err = gcry_sexp_sscan (&s_pkey, NULL, p, n);
+  err = gcry_sexp_sscan (&s_pkey, NULL, (char*)p, n);
   xfree (p);
   if (err)
     return err; /* Can't parse that S-expression. */
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 1ff096138..11e6eebaf 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -948,8 +948,8 @@ get_public_key (app_t app, int keyno)
   size_t buflen, keydatalen, mlen, elen;
   unsigned char *mbuf = NULL;
   unsigned char *ebuf = NULL;
-  unsigned char *keybuf = NULL;
-  unsigned char *keybuf_p;
+  char *keybuf = NULL;
+  char *keybuf_p;
 
   if (keyno < 1 || keyno > 3)
     return gpg_error (GPG_ERR_INV_ID);
@@ -963,14 +963,16 @@ get_public_key (app_t app, int keyno)
   app->app_local->pk[keyno].key = NULL;
   app->app_local->pk[keyno].keylen = 0;
 
+  m = e = NULL; /* (avoid cc warning) */
+
   if (app->card_version > 0x0100)
     {
       /* We may simply read the public key out of these cards.  */
-      err = iso7816_read_public_key (app->slot, 
-                                    keyno == 0? "\xB6" :
-                                    keyno == 1? "\xB8" : "\xA4",
-                                    2,  
-                                    &buffer, &buflen);
+      err = iso7816_read_public_key 
+        (app->slot, (const unsigned char*)(keyno == 0? "\xB6" :
+                                           keyno == 1? "\xB8" : "\xA4"),
+         2,  
+         &buffer, &buflen);
       if (err)
         {
           log_error (_("reading public key failed: %s\n"), gpg_strerror (err));
@@ -1107,7 +1109,7 @@ get_public_key (app_t app, int keyno)
   strcpy (keybuf_p, ")))");
   keybuf_p += strlen (keybuf_p);
   
-  app->app_local->pk[keyno].key = keybuf;
+  app->app_local->pk[keyno].key = (unsigned char*)keybuf;
   app->app_local->pk[keyno].keylen = (keybuf_p - keybuf);
 
  leave:
@@ -1889,11 +1891,10 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
 #warning key generation temporary replaced by reading an existing key.
   rc = iso7816_read_public_key
 #endif
-                              (app->slot, 
-                                 keyno == 0? "\xB6" :
-                                 keyno == 1? "\xB8" : "\xA4",
-                                 2,
-                                 &buffer, &buflen);
+    (app->slot, (const unsigned char*)(keyno == 0? "\xB6" :
+                                       keyno == 1? "\xB8" : "\xA4"),
+     2,
+     &buffer, &buflen);
   if (rc)
     {
       rc = gpg_error (GPG_ERR_CARD);
diff --git a/scd/app-p15.c b/scd/app-p15.c
index 831f0d1f4..f03e5d5f0 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -43,33 +43,35 @@ typedef enum
   } card_type_t;
 
 /* A list card types with ATRs noticed with these cards. */
+#define X(a) ((unsigned char const *)(a))
 static struct 
 {
   size_t atrlen;
-  unsigned char *atr;
+  unsigned char const *atr;
   card_type_t type;
 } card_atr_list[] = {
-  { 19, "\x3B\xBA\x13\x00\x81\x31\x86\x5D\x00\x64\x05\x0A\x02\x01\x31\x80"
-        "\x90\x00\x8B", 
+  { 19, X("\x3B\xBA\x13\x00\x81\x31\x86\x5D\x00\x64\x05\x0A\x02\x01\x31\x80"
+          "\x90\x00\x8B"), 
     CARD_TYPE_TCOS },  /* SLE44 */
-  { 19, "\x3B\xBA\x14\x00\x81\x31\x86\x5D\x00\x64\x05\x14\x02\x02\x31\x80"
-        "\x90\x00\x91", 
+  { 19, X("\x3B\xBA\x14\x00\x81\x31\x86\x5D\x00\x64\x05\x14\x02\x02\x31\x80"
+          "\x90\x00\x91"), 
     CARD_TYPE_TCOS }, /* SLE66S */
-  { 19, "\x3B\xBA\x96\x00\x81\x31\x86\x5D\x00\x64\x05\x60\x02\x03\x31\x80"
-        "\x90\x00\x66",
+  { 19, X("\x3B\xBA\x96\x00\x81\x31\x86\x5D\x00\x64\x05\x60\x02\x03\x31\x80"
+          "\x90\x00\x66"),
     CARD_TYPE_TCOS }, /* SLE66P */
-  { 27, "\x3B\xFF\x94\x00\xFF\x80\xB1\xFE\x45\x1F\x03\x00\x68\xD2\x76\x00"
-        "\x00\x28\xFF\x05\x1E\x31\x80\x00\x90\x00\x23",
+  { 27, X("\x3B\xFF\x94\x00\xFF\x80\xB1\xFE\x45\x1F\x03\x00\x68\xD2\x76\x00"
+          "\x00\x28\xFF\x05\x1E\x31\x80\x00\x90\x00\x23"),
     CARD_TYPE_MICARDO }, /* German BMI card */
-  { 19, "\x3B\x6F\x00\xFF\x00\x68\xD2\x76\x00\x00\x28\xFF\x05\x1E\x31\x80"
-        "\x00\x90\x00",
+  { 19, X("\x3B\x6F\x00\xFF\x00\x68\xD2\x76\x00\x00\x28\xFF\x05\x1E\x31\x80"
+          "\x00\x90\x00"),
     CARD_TYPE_MICARDO }, /* German BMI card (ATR due to reader problem) */
-  { 26, "\x3B\xFE\x94\x00\xFF\x80\xB1\xFA\x45\x1F\x03\x45\x73\x74\x45\x49"
-        "\x44\x20\x76\x65\x72\x20\x31\x2E\x30\x43",
+  { 26, X("\x3B\xFE\x94\x00\xFF\x80\xB1\xFA\x45\x1F\x03\x45\x73\x74\x45\x49"
+          "\x44\x20\x76\x65\x72\x20\x31\x2E\x30\x43"),
     CARD_TYPE_MICARDO }, /* EstEID (Estonian Big Brother card) */
 
   { 0 }
 };
+#undef X
 
 
 /* The Pin Types as defined in pkcs#15 v1.1 */
diff --git a/scd/app.c b/scd/app.c
index 2c8c915d7..f27b400b1 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -357,7 +357,7 @@ app_munge_serialno (app_t app)
 gpg_error_t 
 app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
 {
-  unsigned char *buf, *p;
+  char *buf, *p;
   int i;
 
   if (!app || !serial)
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 9ac655e63..096a6811b 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -555,7 +555,7 @@ get_escaped_usb_string (usb_dev_handle *idev, int idx,
      all in a 2 bute Unicode encoding using little endian. */
   rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
                         (USB_DT_STRING << 8), 0, 
-                        buf, sizeof buf, 1000 /* ms timeout */);
+                        (char*)buf, sizeof buf, 1000 /* ms timeout */);
   if (rc < 4)
     langid = 0x0409; /* English.  */
   else
@@ -563,7 +563,7 @@ get_escaped_usb_string (usb_dev_handle *idev, int idx,
 
   rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
                         (USB_DT_STRING << 8) + idx, langid,
-                        buf, sizeof buf, 1000 /* ms timeout */);
+                        (char*)buf, sizeof buf, 1000 /* ms timeout */);
   if (rc < 2 || buf[1] != USB_DT_STRING)
     return NULL; /* Error or not a string. */
   len = buf[0];
@@ -1155,7 +1155,7 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen)
 
   rc = usb_bulk_write (handle->idev, 
                        handle->ep_bulk_out,
-                       msg, msglen,
+                       (char*)msg, msglen,
                        1000 /* ms timeout */);
   if (rc == msglen)
     return 0;
@@ -1188,7 +1188,7 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
  retry:
   rc = usb_bulk_read (handle->idev, 
                       handle->ep_bulk_in,
-                      buffer, length,
+                      (char*)buffer, length,
                       timeout);
   if (rc < 0)
     {
@@ -1300,7 +1300,7 @@ ccid_poll (ccid_driver_t handle)
 
   rc = usb_bulk_read (handle->idev, 
                       handle->ep_intr,
-                      msg, sizeof msg,
+                      (char*)msg, sizeof msg,
                       0 /* ms timeout */ );
   if (rc < 0 && errno == ETIMEDOUT)
     return 0;
@@ -1444,7 +1444,7 @@ ccid_get_atr (ccid_driver_t handle,
     {
       tried_iso = 1;
       /* Try switching to ISO mode. */
-      if (!send_escape_cmd (handle, "\xF1\x01", 2))
+      if (!send_escape_cmd (handle, (const unsigned char*)"\xF1\x01", 2))
         goto again;
     }
   else if (CCID_COMMAND_FAILED (msg))
@@ -2026,7 +2026,7 @@ ccid_transceive_secure (ccid_driver_t handle,
   if (handle->id_vendor == VENDOR_SCM)
     {
       DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n");
-      rc = send_escape_cmd (handle, "\x80\x02\x00", 3);
+      rc = send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3);
       if (rc)
         return rc;
     }
diff --git a/scd/command.c b/scd/command.c
index a308078d3..52a86871e 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -679,7 +679,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
       xfree (value);
       return gpg_error (GPG_ERR_INV_RESPONSE);
     }
-  *retstr = value;
+  *retstr = (char*)value;
   return 0;
 }
 
@@ -844,7 +844,7 @@ cmd_getattr (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
   int rc;
-  char *keyword;
+  const char *keyword;
 
   if ((rc = open_card (ctrl, NULL)))
     return rc;
@@ -860,7 +860,6 @@ cmd_getattr (assuan_context_t ctx, char *line)
   /* FIXME: Applications should not return sensistive data if the card
      is locked.  */
   rc = app_getattr (ctrl->app_ctx, ctrl, keyword);
-  xfree (keyword);
 
   TEST_CARD_REMOVAL (ctrl, rc);
   return map_to_assuan_status (rc);
@@ -908,9 +907,10 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
       *line++ = 0;
   while (spacep (line))
     line++;
-  nbytes = percent_plus_unescape (line);
+  nbytes = percent_plus_unescape ((unsigned char*)line);
 
-  rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx, line, nbytes);
+  rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx,
+                    (const unsigned char*)line, nbytes);
   xfree (linebuf);
 
   TEST_CARD_REMOVAL (ctrl, rc);
diff --git a/scd/iso7816.c b/scd/iso7816.c
index e9dc6541c..742ed9433 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -153,7 +153,7 @@ iso7816_select_file (int slot, int tag, int is_dir,
       p0 = (tag == 0x3F00)? 0: is_dir? 1:2;
       p1 = 0x0c; /* No FC return. */
       sw = apdu_send_simple (slot, 0x00, CMD_SELECT_FILE,
-                             p0, p1, 2, tagbuf );
+                             p0, p1, 2, (char*)tagbuf );
       return map_sw (sw);
     }
 
@@ -285,7 +285,7 @@ iso7816_put_data (int slot, int tag,
 
   sw = apdu_send_simple (slot, 0x00, CMD_PUT_DATA,
                          ((tag >> 8) & 0xff), (tag & 0xff),
-                         datalen, data);
+                         datalen, (const char*)data);
   return map_sw (sw);
 }
 
@@ -303,7 +303,7 @@ iso7816_manage_security_env (int slot, int p1, int p2,
     return gpg_error (GPG_ERR_INV_VALUE);
 
   sw = apdu_send_simple (slot, 0x00, CMD_MSE, p1, p2, 
-                         data? datalen : -1, data);
+                         data? datalen : -1, (const char*)data);
   return map_sw (sw);
 }
 
@@ -323,7 +323,7 @@ iso7816_compute_ds (int slot, const unsigned char *data, size_t datalen,
   *result = NULL;
   *resultlen = 0;
 
-  sw = apdu_send (slot, 0x00, CMD_PSO, 0x9E, 0x9A, datalen, data,
+  sw = apdu_send (slot, 0x00, CMD_PSO, 0x9E, 0x9A, datalen, (const char*)data,
                   result, resultlen);
   if (sw != SW_SUCCESS)
     {
@@ -364,13 +364,15 @@ iso7816_decipher (int slot, const unsigned char *data, size_t datalen,
 
       *buf = padind; /* Padding indicator. */
       memcpy (buf+1, data, datalen);
-      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86, datalen+1, buf,
+      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86,
+                      datalen+1, (char*)buf,
                       result, resultlen);
       xfree (buf);
     }
   else
     {
-      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86, datalen, data,
+      sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86,
+                      datalen, (const char *)data,
                       result, resultlen);
     }
   if (sw != SW_SUCCESS)
@@ -399,7 +401,7 @@ iso7816_internal_authenticate (int slot,
   *resultlen = 0;
 
   sw = apdu_send (slot, 0x00, CMD_INTERNAL_AUTHENTICATE, 0, 0,
-                  datalen, data,  result, resultlen);
+                  datalen, (const char*)data,  result, resultlen);
   if (sw != SW_SUCCESS)
     {
       /* Make sure that pending buffers are released. */
@@ -426,7 +428,7 @@ do_generate_keypair (int slot, int readonly,
   *resultlen = 0;
 
   sw = apdu_send (slot, 0x00, CMD_GENERATE_KEYPAIR, readonly? 0x81:0x80, 0,
-                  datalen, data,  result, resultlen);
+                  datalen, (const char*)data,  result, resultlen);
   if (sw != SW_SUCCESS)
     {
       /* Make sure that pending buffers are released. */
diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c
index 93e78fdfe..21af16fba 100644
--- a/scd/pcsc-wrapper.c
+++ b/scd/pcsc-wrapper.c
@@ -390,9 +390,9 @@ handle_open (unsigned char *argbuf, size_t arglen)
   unsigned char atr[33];
 
   /* Make sure there is only the port string */
-  if (arglen != strlen (argbuf))
+  if (arglen != strlen ((char*)argbuf))
     bad_request ("OPEN");
-  portstr = argbuf;
+  portstr = (char*)argbuf;
 
   if (driver_is_open)
     {
diff --git a/sm/ChangeLog b/sm/ChangeLog
index ffb61a294..d9f295e1d 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,35 @@
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+	* delete.c (delete_one): Changed FPR to unsigned.
+	* encrypt.c (encrypt_dek): Made ENCVAL unsigned.
+	(gpgsm_encrypt): Ditto.
+	* sign.c (gpgsm_sign): Made SIGVAL unsigned.
+	* base64.c (base64_reader_cb): Need to use some casting to get
+	around signed/unsigned char* warnings.
+	* certcheck.c (gpgsm_check_cms_signature): Ditto.
+	(gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*.
+	(do_encode_md): Made NFRAME a size_t.
+	* certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning.
+	(gpgsm_dump_serial): Ditto.
+	(gpgsm_format_serial): Ditto.
+	(gpgsm_dump_string): Ditto.
+	(gpgsm_dump_cert): Ditto.
+	(parse_dn_part): Ditto.
+	(gpgsm_print_name2): Ditto.
+	* keylist.c (email_kludge): Ditto.
+	* certreqgen.c (proc_parameters, create_request): Ditto.
+	(create_request): Ditto.
+	* call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned.
+	(struct cipher_parm_s): Made CIPHERTEXT unsigned.
+	(struct genkey_parm_s): Ditto.
+	* server.c (strcpy_escaped_plus): Made arg S signed char*.
+	* fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned.
+	(gpgsm_get_keygrip): Ditto.
+	* keydb.c (keydb_insert_cert): Made DIGEST unsigned.
+	(keydb_update_cert): Ditto.
+	(classify_user_id): Apply cast to signed/unsigned assignment.
+	(hextobyte): Ditto.
+
 2005-06-01  Werner Koch  <wk@g10code.com>
 
 	* misc.c: Include setenv.h.
diff --git a/sm/base64.c b/sm/base64.c
index 4cc6ffa27..62c2c9ad9 100644
--- a/sm/base64.c
+++ b/sm/base64.c
@@ -95,7 +95,7 @@ struct base64_context_s {
 
 
 /* The base-64 character list */
-static unsigned char bintoasc[64] = 
+static char bintoasc[64] = 
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 
        "abcdefghijklmnopqrstuvwxyz" 
        "0123456789+/"; 
@@ -202,8 +202,9 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
             {
               /* wait for the header line */
               parm->linelen = parm->readpos = 0;
-              if (!parm->have_lf || strncmp (parm->line, "-----BEGIN ", 11)
-                  || !strncmp (parm->line+11, "PGP ", 4))
+              if (!parm->have_lf 
+                  || strncmp ((char*)parm->line, "-----BEGIN ", 11)
+                  || !strncmp ((char*)parm->line+11, "PGP ", 4))
                 goto next;
               parm->is_pem = 1;
             }
@@ -220,8 +221,9 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
           /* the very first byte does pretty much look like a SEQUENCE tag*/
           parm->is_pem = 0;
         }
-      else if ( parm->have_lf && !strncmp (parm->line, "-----BEGIN ", 11)
-                && strncmp (parm->line+11, "PGP ", 4) )
+      else if ( parm->have_lf
+                && !strncmp ((char*)parm->line, "-----BEGIN ", 11)
+                && strncmp ((char *)parm->line+11, "PGP ", 4) )
         {
           /* Fixme: we must only compare if the line really starts at
              the beginning */
@@ -268,7 +270,7 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
   if (parm->is_pem || parm->is_base64)
     {  
       if (parm->is_pem && parm->have_lf
-          && !strncmp (parm->line, "-----END ", 9))
+          && !strncmp ((char*)parm->line, "-----END ", 9))
         { 
           parm->identified = 0;
           parm->linelen = parm->readpos = 0;
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 885abf421..92a29928c 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -39,24 +39,27 @@
 #include "../common/membuf.h"
 
 
-static ASSUAN_CONTEXT agent_ctx = NULL;
+static assuan_context_t agent_ctx = NULL;
 static int force_pipe_server = 0;
 
-struct cipher_parm_s {
-  ASSUAN_CONTEXT ctx;
-  const char *ciphertext;
+struct cipher_parm_s
+{
+  assuan_context_t ctx;
+  const unsigned char *ciphertext;
   size_t ciphertextlen;
 };
 
-struct genkey_parm_s {
-  ASSUAN_CONTEXT ctx;
-  const char *sexp;
+struct genkey_parm_s
+{
+  assuan_context_t ctx;
+  const unsigned char *sexp;
   size_t sexplen;
 };
 
-struct learn_parm_s {
+struct learn_parm_s
+{
   int error;
-  ASSUAN_CONTEXT ctx;
+  assuan_context_t ctx;
   membuf_t *data;
 };
 
@@ -204,7 +207,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
 int
 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
                     unsigned char *digest, size_t digestlen, int digestalgo,
-                    char **r_buf, size_t *r_buflen )
+                    unsigned char **r_buf, size_t *r_buflen )
 {
   int rc, i;
   char *p, line[ASSUAN_LINELENGTH];
@@ -392,7 +395,7 @@ gpgsm_agent_genkey (ctrl_t ctrl,
   struct genkey_parm_s gk_parm;
   membuf_t data;
   size_t len;
-  char *buf;
+  unsigned char *buf;
 
   *r_pubkey = NULL;
   rc = start_agent (ctrl);
diff --git a/sm/certcheck.c b/sm/certcheck.c
index 611d3219c..84dfdb9ab 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -39,7 +39,8 @@ static int
 do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
               gcry_mpi_t *r_val)
 {
-  int n, nframe;
+  int n;
+  size_t nframe;
   unsigned char *frame;
 
   if (pkalgo == GCRY_PK_DSA)
@@ -205,7 +206,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
       log_printf ("\n");
     }
 
-  rc = gcry_sexp_sscan ( &s_sig, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_sig, NULL, (char*)p, n);
   ksba_free (p);
   if (rc)
     {
@@ -224,7 +225,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
       gcry_sexp_release (s_sig);
       return gpg_error (GPG_ERR_BUG);
     }
-  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
   ksba_free (p);
   if (rc)
     {
@@ -278,7 +279,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
       log_error ("libksba did not return a proper S-Exp\n");
       return gpg_error (GPG_ERR_BUG);
     }
-  rc = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
+  rc = gcry_sexp_sscan (&s_sig, NULL, (char*)sigval, n);
   if (rc)
     {
       log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
@@ -297,7 +298,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
   if (DBG_CRYPTO)
     log_printhex ("public key: ", p, n);
 
-  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
   ksba_free (p);
   if (rc)
     {
@@ -333,7 +334,8 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
 
 int
 gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
-                            gcry_md_hd_t md, int mdalgo, char **r_sigval)
+                            gcry_md_hd_t md, int mdalgo,
+                            unsigned char **r_sigval)
 {
   int rc;
   char *grip, *desc;
diff --git a/sm/certdump.c b/sm/certdump.c
index 26510c70d..98f019c4a 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -50,8 +50,9 @@ struct dn_array_s {
 
 /* print the first element of an S-Expression */
 void
-gpgsm_print_serial (FILE *fp, ksba_const_sexp_t p)
+gpgsm_print_serial (FILE *fp, ksba_const_sexp_t sn)
 {
+  const char *p = (const char *)sn;
   unsigned long n;
   char *endp;
 
@@ -77,8 +78,9 @@ gpgsm_print_serial (FILE *fp, ksba_const_sexp_t p)
 
 /* Dump the serial number or any other simple S-expression. */
 void
-gpgsm_dump_serial (ksba_const_sexp_t p)
+gpgsm_dump_serial (ksba_const_sexp_t sn)
 {
+  const char *p = (const char *)sn;
   unsigned long n;
   char *endp;
 
@@ -103,8 +105,9 @@ gpgsm_dump_serial (ksba_const_sexp_t p)
 
 
 char *
-gpgsm_format_serial (ksba_const_sexp_t p)
+gpgsm_format_serial (ksba_const_sexp_t sn)
 {
+  const char *p = (const char *)sn;
   unsigned long n;
   char *endp;
   char *buffer;
@@ -168,7 +171,7 @@ gpgsm_dump_string (const char *string)
     {
       const unsigned char *s;
 
-      for (s=string; *s; s++)
+      for (s=(const unsigned char*)string; *s; s++)
         {
           if (*s < ' ' || (*s >= 0x7f && *s <= 0xa0))
             break;
@@ -190,7 +193,7 @@ void
 gpgsm_dump_cert (const char *text, ksba_cert_t cert)
 {
   ksba_sexp_t sexp;
-  unsigned char *p;
+  char *p;
   char *dn;
   ksba_isotime_t t;
 
@@ -260,7 +263,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
   };
   const unsigned char *s, *s1;
   size_t n;
-  unsigned char *p;
+  char *p;
   int i;
 
   /* Parse attributeType */
@@ -306,7 +309,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
         return NULL;
       for (s1=string; n; s1 += 2, n--, p++)
         {
-          *p = xtoi_2 (s1);
+          *(unsigned char *)p = xtoi_2 (s1);
           if (!*p)
             *p = 0x01; /* Better print a wrong value than truncating
                           the string. */
@@ -351,7 +354,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
               s++;
               if (hexdigitp (s))
                 {
-                  *p++ = xtoi_2 (s);
+                  *(unsigned char *)p++ = xtoi_2 (s);
                   s++;
                 }
               else
@@ -485,23 +488,22 @@ print_dn_parts (FILE *fp, struct dn_array_s *dn, int translate)
 void
 gpgsm_print_name2 (FILE *fp, const char *name, int translate)
 {
-  const unsigned char *s;
+  const unsigned char *s = (const unsigned char *)name;
   int i;
 
-  s = name;
   if (!s)
     {
       fputs (_("[Error - No name]"), fp);
     }
   else if (*s == '<')
     {
-      const unsigned char *s2 = strchr (s+1, '>');
+      const char *s2 = strchr ( (char*)s+1, '>');
       if (s2)
         {
           if (translate)
-            print_sanitized_utf8_buffer (fp, s + 1, s2 - s - 1, 0);
+            print_sanitized_utf8_buffer (fp, s + 1, s2 - (char*)s - 1, 0);
           else
-            print_sanitized_buffer (fp, s + 1, s2 - s - 1, 0);
+            print_sanitized_buffer (fp, s + 1, s2 - (char*)s - 1, 0);
         }
     }
   else if (*s == '(')
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 7b29a5b8d..2b920da7e 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -492,7 +492,7 @@ proc_parameters (ctrl_t ctrl,
     }
 
   sprintf (numbuf, "%u", nbits);
-  snprintf (keyparms, DIM (keyparms)-1, 
+  snprintf ((char*)keyparms, DIM (keyparms)-1, 
             "(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf);
   rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
   if (rc)
@@ -627,8 +627,9 @@ create_request (ctrl_t ctrl,
         {
           gcry_sexp_t s_pkey;
           size_t n;
-          unsigned char grip[20], hexgrip[41];
-          char *sigval;
+          unsigned char grip[20];
+          char hexgrip[41];
+          unsigned char *sigval;
           size_t siglen;
 
           n = gcry_sexp_canon_len (public, 0, NULL, NULL);
@@ -638,7 +639,7 @@ create_request (ctrl_t ctrl,
               err = gpg_error (GPG_ERR_BUG);
               goto leave;
             }
-          rc = gcry_sexp_sscan (&s_pkey, NULL, public, n);
+          rc = gcry_sexp_sscan (&s_pkey, NULL, (const char*)public, n);
           if (rc)
             {
               log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
diff --git a/sm/delete.c b/sm/delete.c
index 11a0a5476..8e06b9489 100644
--- a/sm/delete.c
+++ b/sm/delete.c
@@ -67,7 +67,7 @@ delete_one (CTRL ctrl, const char *username)
     rc = keydb_get_cert (kh, &cert);
   if (!rc)
     {
-      char fpr[20];
+      unsigned char fpr[20];
 
       gpgsm_get_fingerprint (cert, 0, fpr, NULL);
 
@@ -78,7 +78,7 @@ delete_one (CTRL ctrl, const char *username)
       else if (!rc)
         {
           ksba_cert_t cert2 = NULL;
-          char fpr2[20];
+          unsigned char fpr2[20];
 
           /* We ignore all duplicated certificates which might have
              been inserted due to program bugs. */
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 50da92c32..e4c0d5437 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -164,10 +164,10 @@ encode_session_key (DEK dek, gcry_sexp_t * r_data)
 }
 
 
-/* encrypt the DEK under the key contained in CERT and return it as a
-   canonical S-Exp in encval */
+/* Encrypt the DEK under the key contained in CERT and return it as a
+   canonical S-Exp in encval. */
 static int
-encrypt_dek (const DEK dek, ksba_cert_t cert, char **encval)
+encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
 {
   gcry_sexp_t s_ciph, s_data, s_pkey;
   int rc;
@@ -189,7 +189,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, char **encval)
       log_error ("libksba did not return a proper S-Exp\n");
       return gpg_error (GPG_ERR_BUG);
     }
-  rc = gcry_sexp_sscan (&s_pkey, NULL, buf, len);
+  rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)buf, len);
   xfree (buf); buf = NULL;
   if (rc)
     {
@@ -220,7 +220,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, char **encval)
       gcry_sexp_release (s_ciph);
       return tmperr;
     }
-  len = gcry_sexp_sprint (s_ciph, GCRYSEXP_FMT_CANON, buf, len);
+  len = gcry_sexp_sprint (s_ciph, GCRYSEXP_FMT_CANON, (char*)buf, len);
   assert (len);
 
   *encval = buf;
@@ -437,7 +437,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
      each and store them in the CMS object */
   for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
     {
-      char *encval;
+      unsigned char *encval;
       
       rc = encrypt_dek (dek, cl->cert, &encval);
       if (rc)
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index 7fe619c18..9c3ab85db 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -42,8 +42,9 @@
    If there is a problem , the function does never return NULL but a
    digest of all 0xff.
  */
-char *
-gpgsm_get_fingerprint (ksba_cert_t cert, int algo, char *array, int *r_len)
+unsigned char *
+gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
+                       unsigned char *array, int *r_len)
 {
   gcry_md_hd_t md;
   int rc, len;
@@ -140,8 +141,8 @@ gpgsm_get_short_fingerprint (ksba_cert_t cert)
    key parameters expressed as an canoncial encoded S-Exp.  array must
    be 20 bytes long. returns the array or a newly allocated one if the
    passed one was NULL */
-char *
-gpgsm_get_keygrip (ksba_cert_t cert, char *array)
+unsigned char *
+gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array)
 {
   gcry_sexp_t s_pkey;
   int rc;
@@ -160,7 +161,7 @@ gpgsm_get_keygrip (ksba_cert_t cert, char *array)
       log_error ("libksba did not return a proper S-Exp\n");
       return NULL;
     }
-  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
   xfree (p);
   if (rc)
     {
@@ -223,7 +224,7 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
       xfree (p);
       return 0;
     }
-  rc = gcry_sexp_sscan (&s_pkey, NULL, p, n);
+  rc = gcry_sexp_sscan (&s_pkey, NULL, (char *)p, n);
   xfree (p);
   if (rc)
     return 0;
@@ -272,7 +273,7 @@ char *
 gpgsm_get_certid (ksba_cert_t cert)
 {
   ksba_sexp_t serial;
-  unsigned char *p;
+  char *p;
   char *endp;
   unsigned char hash[20];
   unsigned long n;
@@ -288,7 +289,7 @@ gpgsm_get_certid (ksba_cert_t cert)
   serial = ksba_cert_get_serial (cert);
   if (!serial)
     return NULL; /* oops: no serial number */
-  p = serial;
+  p = (char *)serial;
   if (*p != '(')
     {
       log_error ("Ooops: invalid serial number\n");
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 1068e9d5e..2f3e83485 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -181,12 +181,12 @@ gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
                                         gpg_err_code_t ec);
 
 /*-- fingerprint --*/
-char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
-                             char *array, int *r_len);
+unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
+                                      unsigned char *array, int *r_len);
 char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
 char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
 unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
-char *gpgsm_get_keygrip (ksba_cert_t cert, char *array);
+unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
 char *gpgsm_get_certid (ksba_cert_t cert);
@@ -229,7 +229,7 @@ int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
 /* fixme: move create functions to another file */
 int gpgsm_create_cms_signature (ctrl_t ctrl,
                                 ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
-                                char **r_sigval);
+                                unsigned char **r_sigval);
 
 
 /*-- certchain.c --*/
@@ -293,7 +293,7 @@ int gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
                         unsigned char *digest,
                         size_t digestlen,
                         int digestalgo,
-                        char **r_buf, size_t *r_buflen);
+                        unsigned char **r_buf, size_t *r_buflen);
 int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
                            ksba_const_sexp_t ciphertext, 
                            char **r_buf, size_t *r_buflen);
diff --git a/sm/keydb.c b/sm/keydb.c
index 293e5233d..17f04fe4b 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -681,7 +681,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 {
   int rc = -1;
   int idx;
-  char digest[20];
+  unsigned char digest[20];
   
   if (!hd) 
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -723,7 +723,7 @@ int
 keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 {
   int rc = 0;
-  char digest[20];
+  unsigned char digest[20];
   
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -1010,8 +1010,9 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
 
 
 static int
-hextobyte (const unsigned char *s)
+hextobyte (const char *string)
 {
+  const unsigned char *s = (const unsigned char *)string;
   int c;
 
   if( *s >= '0' && *s <= '9' )
@@ -1122,7 +1123,7 @@ classify_user_id (const char *name,
                 if (!strchr("01234567890abcdefABCDEF", *si))
                   return 0; /* invalid digit in serial number*/
               }
-            desc->sn = s;
+            desc->sn = (const unsigned char*)s;
             desc->snlen = -1;
             if (!*si)
               mode = KEYDB_SEARCH_MODE_SN;
diff --git a/sm/keylist.c b/sm/keylist.c
index 8e1233341..a0ac73fb3 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -256,7 +256,7 @@ print_time (gnupg_isotime_t t, FILE *fp)
 static char *
 email_kludge (const char *name)
 {
-  const unsigned char *p;
+  const char *p;
   unsigned char *buf;
   int n;
 
@@ -278,7 +278,7 @@ email_kludge (const char *name)
     buf[n] = xtoi_2 (p);
   buf[n++] = '>';
   buf[n] = 0;
-  return buf;
+  return (char*)buf;
 }
 
 
diff --git a/sm/server.c b/sm/server.c
index 7bfd3fc20..b3816d3d9 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -53,14 +53,14 @@ struct server_local_s {
 /* Note that it is sufficient to allocate the target string D as
    long as the source string S, i.e.: strlen(s)+1; */
 static void
-strcpy_escaped_plus (char *d, const unsigned char *s)
+strcpy_escaped_plus (char *d, const char *s)
 {
   while (*s)
     {
       if (*s == '%' && s[1] && s[2])
         { 
           s++;
-          *d++ = xtoi_2 ( s);
+          *d++ = xtoi_2 (s);
           s += 2;
         }
       else if (*s == '+')
diff --git a/sm/sign.c b/sm/sign.c
index 5deef6088..3230a0e98 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -575,7 +575,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
           ksba_cms_set_hash_function (cms, HASH_FNC, md);
           for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
             {
-              char *sigval = NULL;
+              unsigned char *sigval = NULL;
               char *buf, *fpr;
 
               if (signer)
diff --git a/tools/ChangeLog b/tools/ChangeLog
index 39f17e2ce..5965b2871 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,3 +1,8 @@
+2005-06-16  Werner Koch  <wk@g10code.com>
+
+	* gpg-connect-agent.c (read_and_print_response): Made LINELEN a
+	size_t.
+
 2005-06-04  Marcus Brinkmann  <marcus@g10code.de>
 
 	* symcryptrun.c (main): Allow any number of arguments, don't use
diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
index bb05030ee..c9a324fa8 100644
--- a/tools/gpg-connect-agent.c
+++ b/tools/gpg-connect-agent.c
@@ -458,7 +458,7 @@ static int
 read_and_print_response (assuan_context_t ctx)
 {
   char *line;
-  int linelen;
+  size_t linelen;
   assuan_error_t rc;
   int i, j;
 
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index c49d1dcbb..e8d9ca27e 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -2316,7 +2316,7 @@ gc_component_change_options (int component, FILE *in)
       char *linep;
       unsigned long flags = 0;
       char *new_value = "";
-      unsigned long new_value_nr;
+      unsigned long new_value_nr = 0;
 
       /* Strip newline and carriage return, if present.  */
       while (length > 0
diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
index 75b18b29b..e874ab22e 100644
--- a/tools/gpgkey2ssh.c
+++ b/tools/gpgkey2ssh.c
@@ -249,6 +249,9 @@ main (int argc, char **argv)
   pkdbuf = NULL;
   pkdbuf_n = 0;
 
+  algorithm_id = 0;  /* (avoid cc warning) */
+  identifier = NULL; /* (avoid cc warning) */
+
   assert (argc == 2);
 
   keyid = argv[1];
diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c
index 25ca8c413..6cb570fbc 100644
--- a/tools/watchgnupg.c
+++ b/tools/watchgnupg.c
@@ -223,7 +223,7 @@ main (int argc, char **argv)
   int force = 0;
 
   struct sockaddr_un srvr_addr;
-  int addrlen;
+  socklen_t addrlen;
   int server;
   int flags;
   client_t client_list = NULL;