 @@ -1,15 +1,17 @@
 To Do
 =====
 detached verification
 get rid of assert()s
 need a netpgp_set_{pub,sec}key()? vs _init()?
 default compression when signing
 get rid of ops_memory after used literal_data_body
 sort out callback - ops_export_key, packet-parse callback etc
 Simplify IO
 Make into SHA1Init, SHA1End, SHA1File style of calls
 Work out a way to get text out of a signed file
 Multiple recipients for encryption
 Look at inefficiencies - read() etc
 Done
 ====
 autoconf
 @@ -32,13 +34,14 @@ use PRIsize appropriately
 make a high-level interface
 get rid of multiple local headers
 get rid of long identifier names - all done internally now
 Finish name change for everything
 work out what's exported and what's not
 finish off main header file
 init(&netpgp, userid, pubring, secring)
 __ops
 real naming scheme
 get rid of malloc() instances -> calloc()
 change include directory
 Install man pages
 WARNS=4 (again)
 detached sig

 @@ -1,33 +1,36 @@
 #! /bin/sh
-#mkdir $HOME/netpgp
+env USETOOLS=no MAKEOBJDIRPREFIX=/usr/obj/i386 sh -c 'cd ../lib && \
-./configure --prefix=$HOME/netpgp
+	make cleandir ; \
-make clean
+	make ; \
-make
+	su root -c "make install"'
-(cd src/lib && make install)
+env USETOOLS=no MAKEOBJDIRPREFIX=/usr/obj/i386 sh -c 'cd ../bin && \
 	make cleandir ; \
 	make ; \
 	su root -c "make install"'
 echo "======> sign/verify 180938 file"
 cp configure a
-src/bin/netpgp --sign a
+/usr/bin/netpgp --sign a
-src/bin/netpgp --verify a.gpg
+/usr/bin/netpgp --verify a.gpg
 echo "======> attempt to verify an unsigned file"
-src/bin/netpgp --verify a
+/usr/bin/netpgp --verify a
 echo "======> encrypt/decrypt 10809 file"
 cp src/bin/netpgp.1 b
-src/bin/netpgp --encrypt b
+/usr/bin/netpgp --encrypt b
-src/bin/netpgp --decrypt b.gpg
+/usr/bin/netpgp --decrypt b.gpg
 diff src/bin/netpgp.1 b && echo "No differences found"
 echo "======> encrypt/decrypt 180938 file"
 cp configure c
-src/bin/netpgp --encrypt c
+/usr/bin/netpgp --encrypt c
-src/bin/netpgp --decrypt c.gpg
+/usr/bin/netpgp --decrypt c.gpg
 diff configure c && echo "No differences found"
 echo "======> encrypt/decrypt bigass file"
 cat configure configure configure configure configure configure > d
 ls -l d
 cp d e
-src/bin/netpgp --encrypt d
+/usr/bin/netpgp --encrypt d
-src/bin/netpgp --decrypt d.gpg
+/usr/bin/netpgp --decrypt d.gpg
 diff e d && echo "No differences found"
 echo "======> version information"
-src/bin/netpgp --version
+/usr/bin/netpgp --version
 rm -f a a.gpg b b.gpg c c.gpg d d.gpg e

 @@ -36,26 +36,27 @@ typedef struct netpgp_t {
 	void	*pubring;	/* public key ring */
 	char	*secringfile;	/* name of secret key ring file */
 	void	*secring;	/* secret key ring */
 } netpgp_t;
 /* begin and end */
 int netpgp_init(netpgp_t *, char *, char *, char *);	/* userid, pubring, secring */
 int netpgp_end(netpgp_t *);
 /* debugging, reflection and information */
 int netpgp_set_debug(const char *);
 int netpgp_get_debug(const char *);
 const char *netpgp_get_info(const char *);
 int netpgp_list_packets(netpgp_t *, char *, int, char *);
 /* key management */
 int netpgp_list_keys(netpgp_t *);
 int netpgp_find_key(netpgp_t *, char *);
 int netpgp_export_key(netpgp_t *, char *);
 int netpgp_import_key(netpgp_t *, char *);
 int netpgp_generate_key(netpgp_t *, char *, int);
 /* file management */
 int netpgp_encrypt_file(netpgp_t *, char *, char *, char *, int);
 int netpgp_decrypt_file(netpgp_t *, char *, char *, int);
 int netpgp_sign_file(netpgp_t *, char *, char *, char *, int, int, int);
 int netpgp_verify_file(netpgp_t *, char *, int);

 @@ -1,14 +1,14 @@
-.\" $NetBSD: netpgp.1,v 1.6 2009/05/02 09:40:33 wiz Exp $
+.\" $NetBSD: netpgp.1,v 1.7 2009/05/05 01:28:15 agc Exp $
 .\"
 .\" Copyright (c) 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This manual page is derived from software contributed to
 .\" The NetBSD Foundation by Alistair Crooks (agc@NetBSD.org).
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 @@ -17,46 +17,47 @@
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 1, 2009
+.Dd May 4, 2009
 .Dt NETPGP 1
 .Os
 .Sh NAME
 .Nm netpgp
 .Nd signing, verification, encryption, and decryption utility
 .Sh SYNOPSIS
 .Nm netpgp
 .Op Fl Fl armour
 .Op Fl Fl clearsign
 .Op Fl Fl decrypt
 .Op Fl Fl detached
 .Op Fl Fl encrypt
 .Op Fl Fl export-key
 .Op Fl Fl find-key
 .Op Fl Fl generate-key
 .Op Fl Fl homedir Ns = Ns Ar home-directory
 .Op Fl Fl import-key
 .Op Fl Fl keyring Ns = Ns Ar keyring
 .Op Fl Fl list-keys
 .Op Fl Fl list-packets
 .Op Fl Fl numbits Ns = Ns Ar numbits
 .Op Fl Fl sign
 .Op Fl Fl userid Ns = Ns Ar userid
 .Op Fl Fl verify
 .Op Fl Fl version
 .Ar file ...
 .Sh DESCRIPTION
 The
 .Nm
 command can digitally sign files and verify that the signatures
 attached to files were signed by a given user identifier.
 .Nm
 can also encrypt files using the public or private keys of
 @@ -108,26 +109,35 @@ public key servers, for example.
 Find the appropriate public key from the current keyring.
 If no keyring is provided, the user's public keyring is used.
 .It Fl Fl generate-key
 This command is used to generate a new public and private key pair.
 The user id is taken from the command line, and the user will be
 prompted to provide a suitable pass phrase.
 .It Fl Fl import-key
 Import a public key as retrieved from one of the public key servers.
 This is in the form of a file which has previously been
 retrieved from elsewhere.
 .It Fl Fl list-keys
 List all the public keys in the current keyring.
 If no keyring is provided, the user's public keyring is used.
 .It Fl Fl list-packets
 List all the
 .Dq packets
 in an encrypted or signed file.
 Internally,
 .Nm
 splits an encrypted or signed file into separate packets, and
 this option is used to give a verbose representation
 of these packets on standard output.
 .It Fl Fl sign
 The private key is used to digitally sign the files named on the
 command line.
 Extra text is added to the file.
 In rough terms, this text is a digest of the file's contents,
 encrypted with the user's private key.
 Since together, the private and public keys identify the user
 uniquely, the added text can be used to identify the exact version
 of the file, and any changes made to the file will mean that the
 signature no longer matches.
 The file and its attached signature are created with a
 .Dq Pa .gpg
 extension to the original file name.

 @@ -163,26 +163,29 @@ netpgp_cmd(netpgp_t *netpgp, prog_t *p,
 		netpgp_decrypt_file(netpgp, f, NULL, p->armour);
 		break;
 	case SIGN:
 		netpgp_sign_file(netpgp, p->userid, f, NULL, p->armour, 0,
 				p->detached);
 		break;
 	case CLEARSIGN:
 		netpgp_sign_file(netpgp, p->userid, f, NULL, p->armour, 1,
 				p->detached);
 		break;
 	case VERIFY:
 		netpgp_verify_file(netpgp, f, p->armour);
 		break;
 	case LIST_PACKETS:
 		netpgp_list_packets(netpgp, f, p->armour, NULL);
 		break;
 	default:
 		print_usage(usage, pname);
 		exit(EXIT_ERROR);
+	}
+}
 int
 main(int argc, char **argv)
+{
 	netpgp_t	netpgp;
 	prog_t          p;
 	char            homedir[MAXBUF + 1];
 	int		zeroargs;
 @@ -219,27 +222,27 @@ main(int argc, char **argv)
 		case EXPORT_KEY:
 		case IMPORT_KEY:
 		case GENERATE_KEY:
 		case ENCRYPT:
 		case DECRYPT:
 		case SIGN:
 		case CLEARSIGN:
 		case VERIFY:
 		case LIST_PACKETS:
 			p.cmd = long_options[optindex].val;
 			break;
 		case VERSION_CMD:
-			printf("%s\nAll bug reports, praise and chocolate, please, to: %s\n",
+			printf("%s\nAll bug reports, praise and chocolate, please, to:\n%s\n",
 				netpgp_get_info("version"),
 				netpgp_get_info("maintainer"));
 			exit(EXIT_SUCCESS);
 			/* options */
 		case KEYRING:
 			if (optarg == NULL) {
 				(void) fprintf(stderr, "No keyring argument provided\n");
 				exit(EXIT_ERROR);
+			}
 			snprintf(p.keyring, sizeof(p.keyring), "%s", optarg);
 			break;

 @@ -21,30 +21,26 @@
 /** \file
  */
 #include "config.h"
 #ifdef HAVE_ZLIB_H
 #include <zlib.h>
 #endif
 #ifdef HAVE_BZLIB_H
 #include <bzlib.h>
 #endif
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #include <string.h>
 #include "packet-parse.h"
 #include "errors.h"
 #include "netpgpdefs.h"
 #include "parse_local.h"
 #include "memory.h"
 #include "writer.h"
 #define DECOMPRESS_BUFFER	1024
 typedef struct {
 	__ops_compression_type_t type;
 @@ -77,27 +73,32 @@ typedef struct {
  * bzip2_compressed_data_reader
  */
 static int
 zlib_compressed_data_reader(void *dest, size_t length,
 			    __ops_error_t ** errors,
 			    __ops_reader_info_t *rinfo,
 			    __ops_parse_cb_info_t *cbinfo)
+{
 	z_decompress_t *z = __ops_reader_get_arg(rinfo);
 	size_t           len;
 	size_t		 cc;
 	char		*cdest = dest;
-	assert(z->type == OPS_C_ZIP || z->type == OPS_C_ZLIB);
+	if (z->type != OPS_C_ZIP && z->type != OPS_C_ZLIB) {
 		(void) fprintf(stderr,
 			"zlib_compressed_data_reader: weird type %d\n",
 			z->type);
 		return 0;
+	}
 	if (z->inflate_ret == Z_STREAM_END &&
 	    z->zstream.next_out == &z->out[z->offset]) {
 		return 0;
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		(void) fprintf(stderr, "zlib_compressed_data_reader: length %" PRIsize "d\n", length);
+	}
 	if (z->region->length_read == z->region->length) {
 		if (z->inflate_ret != Z_STREAM_END) {
 			OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,
 @@ -136,51 +137,57 @@ zlib_compressed_data_reader(void *dest,
 			if (ret == Z_STREAM_END) {
 				if (!z->region->indeterminate &&
 				    z->region->length_read != z->region->length) {
 					OPS_ERROR(cbinfo->errors,
 						OPS_E_P_DECOMPRESSION_ERROR,
 						"Compressed stream ended before packet end.");
+				}
 			} else if (ret != Z_OK) {
 				(void) fprintf(stderr, "ret=%d\n", ret);
 				OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, z->zstream.msg);
+			}
 			z->inflate_ret = ret;
+		}
-		assert(z->zstream.next_out > &z->out[z->offset]);
+		if (z->zstream.next_out <= &z->out[z->offset]) {
 			(void) fprintf(stderr, "Out of memory in buffer\n");
 			return 0;
+		}
 		len = z->zstream.next_out - &z->out[z->offset];
 		if (len > length) {
 			len = length;
+		}
 		(void) memcpy(&cdest[cc], &z->out[z->offset], len);
 		z->offset += len;
+	}
 	return length;
+}
 /* \todo remove code duplication between this and zlib_compressed_data_reader */
 static int
 bzip2_compressed_data_reader(void *dest, size_t length,
 			     __ops_error_t ** errors,
 			     __ops_reader_info_t * rinfo,
 			     __ops_parse_cb_info_t * cbinfo)
+{
 	bz_decompress_t *bz = __ops_reader_get_arg(rinfo);
 	size_t		len;
 	size_t		 cc;
 	char		*cdest = dest;
-	assert(bz->type == OPS_C_BZIP2);
+	if (bz->type != OPS_C_BZIP2) {
 		(void) fprintf(stderr, "Weird type %d\n", bz->type);
 		return 0;
+	}
 	if (bz->inflate_ret == BZ_STREAM_END &&
 	    bz->bzstream.next_out == &bz->out[bz->offset]) {
 		return 0;
+	}
 	if (bz->region->length_read == bz->region->length) {
 		if (bz->inflate_ret != BZ_STREAM_END) {
 			OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,
 				"Compressed data didn't end when region ended.");
+		}
+	}
 	for (cc = 0 ; cc < length ; cc += len) {
 		if (&bz->out[bz->offset] == bz->bzstream.next_out) {
 @@ -211,30 +218,34 @@ bzip2_compressed_data_reader(void *dest,
 			if (ret == BZ_STREAM_END) {
 				if (!bz->region->indeterminate &&
 				    bz->region->length_read != bz->region->length)
 					OPS_ERROR(cbinfo->errors,
 						OPS_E_P_DECOMPRESSION_ERROR,
 						"Compressed stream ended before packet end.");
 			} else if (ret != BZ_OK) {
 				OPS_ERROR_1(cbinfo->errors,
 					OPS_E_P_DECOMPRESSION_ERROR,
 					"Invalid return %d from BZ2_bzDecompress", ret);
+			}
 			bz->inflate_ret = ret;
+		}
-		assert(bz->bzstream.next_out > &bz->out[bz->offset]);
+		if (bz->bzstream.next_out <= &bz->out[bz->offset]) {
 			(void) fprintf(stderr, "Out of bz memroy\n");
 			return 0;
+		}
 		len = bz->bzstream.next_out - &bz->out[bz->offset];
-		if (len > length)
+		if (len > length) {
 			len = length;
+		}
 		(void) memcpy(&cdest[cc], &bz->out[bz->offset], len);
 		bz->offset += len;
+	}
 	return length;
+}
 /**
  * \ingroup Core_Compress
+ *
  * \param *region 	Pointer to a region
  * \param *parse_info 	How to parse
  * \param type Which compression type to expect
 @@ -328,27 +339,27 @@ __ops_decompress(__ops_region_t *region,
 				"Cannot initialise BZIP2 stream for decompression: error=%d", ret);
 			return 0;
+		}
 		__ops_reader_push(parse_info, bzip2_compressed_data_reader, NULL, &bz);
 		break;
 	default:
 		OPS_ERROR_1(&parse_info->errors,
 			OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG,
 			"Compression algorithm %d is not yet supported", type);
 		return 0;
+	}
-	ret = __ops_parse(parse_info);
+	ret = __ops_parse(parse_info, 0);
 	__ops_reader_pop(parse_info);
 	return ret;
+}
 /**
 \ingroup Core_WritePackets
 \brief Writes Compressed packet
 \param data Data to write out
 \param len Length of data
 \param cinfo Write settings
 \return true if OK; else false
 @@ -364,45 +375,50 @@ __ops_write_compressed(const unsigned ch
 	size_t		 sz_out = 0;
 	int              r = 0;
 	/* compress the data */
 	const int       level = Z_DEFAULT_COMPRESSION;	/* \todo allow varying
 							 * levels */
 	zip->stream.zalloc = Z_NULL;
 	zip->stream.zfree = Z_NULL;
 	zip->stream.opaque = NULL;
 	/* all other fields set to zero by use of calloc */
 	if (deflateInit(&zip->stream, level) != Z_OK) {
-		/* can't initialise */
+		(void) fprintf(stderr,
-		assert(/* CONSTCOND */0);
+			"__ops_write_compressed: can't initialise\n");
 		return false;
+	}
 	/* do necessary transformation */
 	/* copy input to maintain const'ness of src */
-	assert(zip->src == NULL);
+	if (zip->src != NULL || zip->dst != NULL) {
-	assert(zip->dst == NULL);
+		(void) fprintf(stderr,
 			"__ops_write_compressed: non-null streams\n");
 		return false;
+	}
 	sz_in = len * sizeof(unsigned char);
 	sz_out = (sz_in * 1.01) + 12;	/* from zlib webpage */
 	zip->src = calloc(1, sz_in);
 	zip->dst = calloc(1, sz_out);
 	(void) memcpy(zip->src, data, len);
 	/* setup stream */
 	zip->stream.next_in = zip->src;
 	zip->stream.avail_in = sz_in;
 	zip->stream.total_in = 0;
 	zip->stream.next_out = zip->dst;
 	zip->stream.avail_out = sz_out;
 	zip->stream.total_out = 0;
-	r = deflate(&zip->stream, Z_FINISH);
+	do {
-	assert(r == Z_STREAM_END);	/* need to loop if not */
+		r = deflate(&zip->stream, Z_FINISH);
 	} while (r != Z_STREAM_END);
 	/* write it out */
 	return (__ops_write_ptag(OPS_PTAG_CT_COMPRESSED, cinfo) &&
 		__ops_write_length((unsigned)(zip->stream.total_out + 1), cinfo) &&
 		__ops_write_scalar(OPS_C_ZLIB, 1, cinfo) &&
 		__ops_write(zip->dst, (unsigned)zip->stream.total_out, cinfo));
+}

 @@ -13,60 +13,60 @@
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /** \file
  */
 #include "config.h"
 #ifdef HAVE_OPENSSL_CAST_H
 #include <openssl/cast.h>
 #endif
 #include "create.h"
 #include "keyring.h"
 #include "packet.h"
 #include "signature.h"
 #include "writer.h"
 #include "readerwriter.h"
 #include "keyring_local.h"
 #include "loccreate.h"
 #include "memory.h"
 #include "netpgpdefs.h"
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/mman.h>
 #include <string.h>
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include <string.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #ifdef HAVE_OPENSSL_CAST_H
 #include <openssl/cast.h>
 #endif
 #include "create.h"
 #include "keyring.h"
 #include "packet.h"
 #include "signature.h"
 #include "writer.h"
 #include "readerwriter.h"
 #include "keyring_local.h"
 #include "loccreate.h"
 #include "memory.h"
 #include "netpgpdefs.h"
 /**
  * \ingroup Core_Create
  * \param length
  * \param type
  * \param info
  * \return true if OK, otherwise false
  */
 bool
 __ops_write_ss_header(unsigned length, __ops_content_tag_t type,
 		    __ops_create_info_t * info)
+{
 	return __ops_write_length(length, info) &&
 @@ -146,37 +146,37 @@ public_key_length(const __ops_public_key
 	default:
 		assert(!"unknown key algorithm");
+	}
 	/* not reached */
 	return 0;
+}
 static unsigned
 secret_key_length(const __ops_secret_key_t * key)
+{
 	int             l;
 	l = 0;
-	switch (key->public_key.algorithm) {
+	switch (key->pubkey.algorithm) {
 	case OPS_PKA_RSA:
-		l = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p)
+		l = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) +
-			+ mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u);
+			mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u);
 		break;
 	default:
 		assert(!"unknown key algorithm");
+	}
-	return l + public_key_length(&key->public_key);
+	return l + public_key_length(&key->pubkey);
+}
 /**
  * \ingroup Core_Create
  * \param key
  * \param t
  * \param n
  * \param e
 */
 void
 __ops_fast_create_rsa_public_key(__ops_public_key_t * key, time_t t,
 			       BIGNUM * n, BIGNUM * e)
+{
 @@ -186,52 +186,56 @@ __ops_fast_create_rsa_public_key(__ops_p
 	key->key.rsa.n = n;
 	key->key.rsa.e = e;
+}
 /*
  * Note that we support v3 keys here because they're needed for for
  * verification - the writer doesn't allow them, though
  */
 static bool
 write_public_key_body(const __ops_public_key_t * key,
 		      __ops_create_info_t * info)
+{
 	if (!(__ops_write_scalar((unsigned)key->version, 1, info) &&
-	      __ops_write_scalar((unsigned)key->creation_time, 4, info)))
+	      __ops_write_scalar((unsigned)key->creation_time, 4, info))) {
 		return false;
+	}
-	if (key->version != 4 && !__ops_write_scalar(key->days_valid, 2, info))
+	if (key->version != 4 &&
 	    !__ops_write_scalar(key->days_valid, 2, info)) {
 		return false;
+	}
-	if (!__ops_write_scalar((unsigned)key->algorithm, 1, info))
+	if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) {
 		return false;
+	}
 	switch (key->algorithm) {
 	case OPS_PKA_DSA:
-		return __ops_write_mpi(key->key.dsa.p, info)
+		return __ops_write_mpi(key->key.dsa.p, info) &&
-			&& __ops_write_mpi(key->key.dsa.q, info)
+			__ops_write_mpi(key->key.dsa.q, info) &&
-			&& __ops_write_mpi(key->key.dsa.g, info)
+			__ops_write_mpi(key->key.dsa.g, info) &&
-			&& __ops_write_mpi(key->key.dsa.y, info);
+			__ops_write_mpi(key->key.dsa.y, info);
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
-		return __ops_write_mpi(key->key.rsa.n, info)
+		return __ops_write_mpi(key->key.rsa.n, info) &&
-			&& __ops_write_mpi(key->key.rsa.e, info);
+			__ops_write_mpi(key->key.rsa.e, info);
 	case OPS_PKA_ELGAMAL:
-		return __ops_write_mpi(key->key.elgamal.p, info)
+		return __ops_write_mpi(key->key.elgamal.p, info) &&
-			&& __ops_write_mpi(key->key.elgamal.g, info)
+			__ops_write_mpi(key->key.elgamal.g, info) &&
-			&& __ops_write_mpi(key->key.elgamal.y, info);
+			__ops_write_mpi(key->key.elgamal.y, info);
 	default:
 		assert( /* CONSTCOND */ 0);
 		break;
+	}
 	/* not reached */
 	return false;
+}
 /*
  * Note that we support v3 keys here because they're needed for for
  * verification - the writer doesn't allow them, though
 @@ -241,71 +245,80 @@ write_secret_key_body(const __ops_secret
 		      const unsigned char *passphrase,
 		      const size_t pplen,
 		      __ops_create_info_t * info)
+{
 	/* RFC4880 Section 5.5.3 Secret-Key Packet Formats */
 	__ops_crypt_t     crypted;
 	__ops_hash_t      hash;
 	unsigned char   hashed[OPS_SHA1_HASH_SIZE];
 	unsigned char   session_key[CAST_KEY_LENGTH];
 	unsigned int    done = 0;
 	unsigned int    i = 0;
-	if (!write_public_key_body(&key->public_key, info))
+	if (!write_public_key_body(&key->pubkey, info)) {
 		return false;
+	}
-	assert(key->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED);	/* = 254 */
+	assert(key->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED); /* = 254 */
-	if (!__ops_write_scalar((unsigned)key->s2k_usage, 1, info))
+	if (!__ops_write_scalar((unsigned)key->s2k_usage, 1, info)) {
 		return false;
+	}
 	assert(key->algorithm == OPS_SA_CAST5);
-	if (!__ops_write_scalar((unsigned)key->algorithm, 1, info))
+	if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) {
 		return false;
+	}
-	assert(key->s2k_specifier == OPS_S2KS_SIMPLE || key->s2k_specifier == OPS_S2KS_SALTED);	/* = 1 \todo could also
+	assert(key->s2k_specifier == OPS_S2KS_SIMPLE ||
-												 * be
+		key->s2k_specifier == OPS_S2KS_SALTED);
-												 * iterated-and-salted */
+		/* = 1 \todo could also be iterated-and-salted */
-	if (!__ops_write_scalar((unsigned)key->s2k_specifier, 1, info))
+	if (!__ops_write_scalar((unsigned)key->s2k_specifier, 1, info)) {
 		return false;
+	}
 	assert(key->hash_algorithm == OPS_HASH_SHA1);
-	if (!__ops_write_scalar((unsigned)key->hash_algorithm, 1, info))
+	if (!__ops_write_scalar((unsigned)key->hash_algorithm, 1, info)) {
 		return false;
+	}
 	switch (key->s2k_specifier) {
 	case OPS_S2KS_SIMPLE:
 		/* nothing more to do */
 		break;
 	case OPS_S2KS_SALTED:
 		/* 8-octet salt value */
 		__ops_random(__UNCONST(&key->salt[0]), OPS_SALT_SIZE);
-		if (!__ops_write(key->salt, OPS_SALT_SIZE, info))
+		if (!__ops_write(key->salt, OPS_SALT_SIZE, info)) {
 			return false;
+		}
 		break;
 		/*
 		 * \todo case OPS_S2KS_ITERATED_AND_SALTED: // 8-octet salt
 		 * value // 1-octet count break;
 		 */
 	default:
-		fprintf(stderr, "invalid/unsupported s2k specifier %d\n", key->s2k_specifier);
+		(void) fprintf(stderr,
 			"invalid/unsupported s2k specifier %d\n",
 			key->s2k_specifier);
 		assert( /* CONSTCOND */ 0);
+	}
-	if (!__ops_write(&key->iv[0], __ops_block_size(key->algorithm), info))
+	if (!__ops_write(&key->iv[0], __ops_block_size(key->algorithm), info)) {
 		return false;
+	}
 	/*
 	 * create the session key for encrypting the algorithm-specific
 	 * fields
 	 */
 	switch (key->s2k_specifier) {
 	case OPS_S2KS_SIMPLE:
 	case OPS_S2KS_SALTED:
 		/* RFC4880: section 3.7.1.1 and 3.7.1.2 */
 		done = 0;
 		for (i = 0; done < CAST_KEY_LENGTH; i++) {
 @@ -329,166 +342,157 @@ write_secret_key_body(const __ops_secret
 				hash.add(&hash, &zero, 1);
+			}
 			if (key->s2k_specifier == OPS_S2KS_SALTED) {
 				hash.add(&hash, key->salt, OPS_SALT_SIZE);
+			}
 			hash.add(&hash, passphrase, pplen);
 			hash.finish(&hash, hashed);
 			/*
 			 * if more in hash than is needed by session key, use
 			 * the leftmost octets
 			 */
-			(void) memcpy(session_key + (i * SHA_DIGEST_LENGTH), hashed, (unsigned)use);
+			(void) memcpy(session_key + (i * SHA_DIGEST_LENGTH),
 					hashed, (unsigned)use);
 			done += use;
 			assert(done <= CAST_KEY_LENGTH);
+		}
 		break;
 		/*
 		 * \todo case OPS_S2KS_ITERATED_AND_SALTED: * 8-octet salt
 		 * value * 1-octet count break;
 		 */
 	default:
-		fprintf(stderr, "invalid/unsupported s2k specifier %d\n", key->s2k_specifier);
+		(void) fprintf(stderr,
 			"invalid/unsupported s2k specifier %d\n",
 			key->s2k_specifier);
 		assert( /* CONSTCOND */ 0);
+	}
 	/* use this session key to encrypt */
 	__ops_crypt_any(&crypted, key->algorithm);
 	crypted.set_iv(&crypted, key->iv);
 	crypted.set_key(&crypted, session_key);
 	__ops_encrypt_init(&crypted);
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i2 = 0;
-		fprintf(stderr, "\nWRITING:\niv=");
+		(void) fprintf(stderr, "\nWRITING:\niv=");
 		for (i2 = 0; i2 < __ops_block_size(key->algorithm); i2++) {
-			fprintf(stderr, "%02x ", key->iv[i2]);
+			(void) fprintf(stderr, "%02x ", key->iv[i2]);
+		}
-		fprintf(stderr, "\n");
+		(void) fprintf(stderr, "\n");
-		fprintf(stderr, "key=");
+		(void) fprintf(stderr, "key=");
 		for (i2 = 0; i2 < CAST_KEY_LENGTH; i2++) {
-			fprintf(stderr, "%02x ", session_key[i2]);
+			(void) fprintf(stderr, "%02x ", session_key[i2]);
+		}
-		fprintf(stderr, "\n");
+		(void) fprintf(stderr, "\n");
 		/* __ops_print_secret_key(OPS_PTAG_CT_SECRET_KEY,key); */
-		fprintf(stderr, "turning encryption on...\n");
+		(void) fprintf(stderr, "turning encryption on...\n");
+	}
 	__ops_writer_push_encrypt_crypt(info, &crypted);
-	switch (key->public_key.algorithm) {
+	switch (key->pubkey.algorithm) {
 		/* case OPS_PKA_DSA: */
 		/* return __ops_write_mpi(key->key.dsa.x,info); */
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
 		if (!__ops_write_mpi(key->key.rsa.d, info) ||
 		    !__ops_write_mpi(key->key.rsa.p, info) ||
 		    !__ops_write_mpi(key->key.rsa.q, info) ||
 		    !__ops_write_mpi(key->key.rsa.u, info)) {
 			if (__ops_get_debug_level(__FILE__)) {
 				(void) fprintf(stderr, "4 x mpi not written - problem\n");
+			}
 			return false;
+		}
 		break;
 		/* case OPS_PKA_ELGAMAL: */
 		/* return __ops_write_mpi(key->key.elgamal.x,info); */
 	default:
 		assert( /* CONSTCOND */ 0);
 		break;
+	}
-	if (!__ops_write(key->checkhash, OPS_CHECKHASH_SIZE, info))
+	if (!__ops_write(key->checkhash, OPS_CHECKHASH_SIZE, info)) {
 		return false;
+	}
 	__ops_writer_pop(info);
 	return true;
+}
 /**
    \ingroup HighLevel_KeyWrite
    \brief Writes a transferable PGP public key to the given output stream.
    \param keydata Key to be written
    \param armoured Flag is set for armoured output
    \param info Output stream
    Example code:
    \code
    void example(const __ops_keydata_t* keydata)
    bool armoured=true;
    char* filename="/tmp/testkey.asc";
    int fd;
    bool overwrite=true;
    __ops_create_info_t* cinfo;
    fd=__ops_setup_file_write(&cinfo, filename, overwrite);
    __ops_write_transferable_public_key(keydata,armoured,cinfo);
    __ops_teardown_file_write(cinfo,fd);
    \endcode
 */
 bool
 __ops_write_transferable_public_key(const __ops_keydata_t * keydata, bool armoured, __ops_create_info_t * info)
+{
 	bool   rtn;
 	unsigned int    i = 0, j = 0;
 	if (armoured) {
 		__ops_writer_push_armoured(info, OPS_PGP_PUBLIC_KEY_BLOCK);
+	}
 	/* public key */
-	rtn = __ops_write_struct_public_key(&keydata->key.skey.public_key, info);
+	rtn = __ops_write_struct_public_key(&keydata->key.skey.pubkey, info);
-	if (rtn != true)
+	if (rtn != true) {
 		return rtn;
+	}
 	/* TODO: revocation signatures go here */
 	/* user ids and corresponding signatures */
 	for (i = 0; i < keydata->nuids; i++) {
 		__ops_user_id_t  *uid = &keydata->uids[i];
 		rtn = __ops_write_struct_user_id(uid, info);
 		if (!rtn) {
 		if (!rtn)
 			return rtn;
+		}
 		/* find signature for this packet if it exists */
 		for (j = 0; j < keydata->nsigs; j++) {
 			sigpacket_t    *sig = &keydata->sigs[i];
 			if (!strcmp((char *) sig->userid->user_id, (char *) uid->user_id)) {
-				rtn = __ops_write(sig->packet->raw, sig->packet->length, info);
+			if (strcmp((char *) sig->userid->user_id,
-				if (!rtn)
+					(char *) uid->user_id) == 0) {
 				rtn = __ops_write(sig->packet->raw,
 						sig->packet->length, info);
 				if (!rtn) {
 					return !rtn;
+				}
+			}
+		}
+	}
 	/* TODO: user attributes and corresponding signatures */
 	/*
 	 * subkey packets and corresponding signatures and optional
 	 * revocation
 	 */
 	if (armoured) {
 		writer_info_finalise(&info->errors, &info->winfo);
 @@ -498,80 +502,68 @@ __ops_write_transferable_public_key(cons
+}
 /**
    \ingroup HighLevel_KeyWrite
    \brief Writes a transferable PGP secret key to the given output stream.
    \param keydata Key to be written
    \param passphrase
    \param pplen
    \param armoured Flag is set for armoured output
    \param info Output stream
    Example code:
    \code
    void example(const __ops_keydata_t* keydata)
    const unsigned char* passphrase=NULL;
    const size_t passphraselen=0;
    bool armoured=true;
    int fd;
    char* filename="/tmp/testkey.asc";
    bool overwrite=true;
    __ops_create_info_t* cinfo;
    fd=__ops_setup_file_write(&cinfo, filename, overwrite);
    __ops_write_transferable_secret_key(keydata,passphrase,pplen,armoured,cinfo);
    __ops_teardown_file_write(cinfo,fd);
    \endcode
 */
 bool
 __ops_write_transferable_secret_key(const __ops_keydata_t *keydata,
 	const unsigned char *passphrase, const size_t pplen,
 	bool armoured, __ops_create_info_t * info)
+{
 	unsigned	i = 0, j = 0;
 	bool		rtn;
 	if (armoured) {
 		__ops_writer_push_armoured(info, OPS_PGP_PRIVATE_KEY_BLOCK);
+	}
 	/* public key */
-	rtn = __ops_write_struct_secret_key(&keydata->key.skey, passphrase, pplen, info);
+	rtn = __ops_write_struct_secret_key(&keydata->key.skey, passphrase,
-	if (rtn != true)
+			pplen, info);
 	if (rtn != true) {
 		return rtn;
+	}
 	/* TODO: revocation signatures go here */
 	/* user ids and corresponding signatures */
 	for (i = 0; i < keydata->nuids; i++) {
 		__ops_user_id_t  *uid = &keydata->uids[i];
 		rtn = __ops_write_struct_user_id(uid, info);
 		if (!rtn) {
 		if (!rtn)
 			return rtn;
+		}
 		/* find signature for this packet if it exists */
 		for (j = 0; j < keydata->nsigs; j++) {
 			sigpacket_t    *sig = &keydata->sigs[i];
 			if (!strcmp((char *) sig->userid->user_id, (char *) uid->user_id)) {
-				rtn = __ops_write(sig->packet->raw, sig->packet->length, info);
+			if (strcmp((char *) sig->userid->user_id,
-				if (!rtn)
+					(char *) uid->user_id) == 0) {
 				rtn = __ops_write(sig->packet->raw,
 						sig->packet->length, info);
 				if (!rtn) {
 					return !rtn;
+				}
+			}
+		}
+	}
 	/* TODO: user attributes and corresponding signatures */
 	/*
 	 * subkey packets and corresponding signatures and optional
 	 * revocation
 	 */
 	if (armoured) {
 		writer_info_finalise(&info->errors, &info->winfo);
 @@ -583,29 +575,29 @@ __ops_write_transferable_secret_key(cons
 /**
  * \ingroup Core_WritePackets
  * \brief Writes a Public Key packet
  * \param key
  * \param info
  * \return true if OK, otherwise false
  */
 bool
 __ops_write_struct_public_key(const __ops_public_key_t * key,
 			    __ops_create_info_t * info)
+{
 	assert(key->version == 4);
-	return __ops_write_ptag(OPS_PTAG_CT_PUBLIC_KEY, info)
+	return __ops_write_ptag(OPS_PTAG_CT_PUBLIC_KEY, info) &&
-		&& __ops_write_length(1 + 4 + 1 + public_key_length(key), info)
+		__ops_write_length(1 + 4 + 1 + public_key_length(key), info) &&
-		&& write_public_key_body(key, info);
+		write_public_key_body(key, info);
+}
 /**
  * \ingroup Core_WritePackets
  * \brief Writes one RSA public key packet.
  * \param t Creation time
  * \param n RSA public modulus
  * \param e RSA public encryption exponent
  * \param info Writer settings
+ *
  * \return true if OK, otherwise false
  */
 @@ -624,35 +616,32 @@ __ops_write_rsa_public_key(time_t t, con
  * \ingroup Core_Create
  * \param out
  * \param key
  * \param make_packet
  */
 void
 __ops_build_public_key(__ops_memory_t * out, const __ops_public_key_t * key,
 		     bool make_packet)
+{
 	__ops_create_info_t *info;
 	info = __ops_create_info_new();
 	__ops_memory_init(out, 128);
 	__ops_writer_set_memory(info, out);
 	write_public_key_body(key, info);
 	if (make_packet) {
 	if (make_packet)
 		__ops_memory_make_packet(out, OPS_PTAG_CT_PUBLIC_KEY);
+	}
 	__ops_create_info_delete(info);
+}
 /**
  * \ingroup Core_Create
+ *
  * Create an RSA secret key structure. If a parameter is marked as
  * [OPTIONAL], then it can be omitted and will be calculated from
  * other parameters - or, in the case of e, will default to 0x10001.
+ *
  * Parameters are _not_ copied, so will be freed if the structure is
  * freed.
+ *
 @@ -660,27 +649,27 @@ __ops_build_public_key(__ops_memory_t *
  * \param t
  * \param d The RSA parameter d (=e^-1 mod (p-1)(q-1)) [OPTIONAL]
  * \param p The RSA parameter p
  * \param q The RSA parameter q (q > p)
  * \param u The RSA parameter u (=p^-1 mod q) [OPTIONAL]
  * \param n The RSA public parameter n (=p*q) [OPTIONAL]
  * \param e The RSA public parameter e */
 void
 __ops_fast_create_rsa_secret_key(__ops_secret_key_t * key, time_t t,
 			     BIGNUM * d, BIGNUM * p, BIGNUM * q, BIGNUM * u,
 			       BIGNUM * n, BIGNUM * e)
+{
-	__ops_fast_create_rsa_public_key(&key->public_key, t, n, e);
+	__ops_fast_create_rsa_public_key(&key->pubkey, t, n, e);
 	/* XXX: calculate optionals */
 	key->key.rsa.d = d;
 	key->key.rsa.p = p;
 	key->key.rsa.q = q;
 	key->key.rsa.u = u;
 	key->s2k_usage = OPS_S2KU_NONE;
 	/* XXX: sanity check and add errors... */
+}
 /**
 @@ -690,31 +679,31 @@ __ops_fast_create_rsa_secret_key(__ops_s
  * \param passphrase The passphrase
  * \param pplen Length of passphrase
  * \param info
  * \return true if OK; else false
  */
 bool
 __ops_write_struct_secret_key(const __ops_secret_key_t * key,
 			    const unsigned char *passphrase,
 			    const size_t pplen,
 			    __ops_create_info_t * info)
+{
 	int             length = 0;
-	assert(key->public_key.version == 4);
+	assert(key->pubkey.version == 4);
 	/* Ref: RFC4880 Section 5.5.3 */
-	/* public_key, excluding MPIs */
+	/* pubkey, excluding MPIs */
 	length += 1 + 4 + 1 + 1;
 	/* s2k usage */
 	length += 1;
 	switch (key->s2k_usage) {
 	case OPS_S2KU_NONE:
 		/* nothing to add */
 		break;
 	case OPS_S2KU_ENCRYPTED_AND_HASHED:	/* 254 */
 	case OPS_S2KU_ENCRYPTED:	/* 255 */
 @@ -790,135 +779,138 @@ __ops_create_info_new(void)
 /**
  * \ingroup Core_Create
  * \brief Delete an __ops_create_info_t strucut and associated resources.
+ *
  * Delete an __ops_create_info_t structure. If a writer is active, then
  * that is also deleted.
+ *
  * \param info the structure to be deleted.
  */
 void
 __ops_create_info_delete(__ops_create_info_t * info)
+{
 	writer_info_delete(&info->winfo);
-	free(info);
+	(void) free(info);
+}
 /**
  \ingroup Core_Create
  \brief Calculate the checksum for a session key
  \param session_key Session Key to use
  \param cs Checksum to be written
  \return true if OK; else false
 */
 bool
 __ops_calc_session_key_checksum(__ops_pk_session_key_t * session_key, unsigned char cs[2])
+{
 	unsigned int    i = 0;
 	unsigned long   checksum = 0;
-	if (!__ops_is_sa_supported(session_key->symmetric_algorithm))
+	if (!__ops_is_sa_supported(session_key->symmetric_algorithm)) {
 		return false;
+	}
 	for (i = 0; i < __ops_key_size(session_key->symmetric_algorithm); i++) {
 		checksum += session_key->key[i];
+	}
 	checksum = checksum % 65536;
 	cs[0] = (unsigned char)((checksum >> 8) & 0xff);
 	cs[1] = (unsigned char)(checksum & 0xff);
 	if (__ops_get_debug_level(__FILE__)) {
 		(void) fprintf(stderr,"\nm buf checksum: ");
 		(void) fprintf(stderr," %2x",cs[0]);
 		(void) fprintf(stderr," %2x\n",cs[1]);
+	}
 	return true;
+}
 static bool
 create_unencoded_m_buf(__ops_pk_session_key_t * session_key, unsigned char *m_buf)
+{
 	int             i = 0;
 	/* unsigned long checksum=0; */
 	/* m_buf is the buffer which will be encoded in PKCS#1 block */
 	/* encoding to form the "m" value used in the  */
 	/* Public Key Encrypted Session Key Packet */
 	/*
 	 * as defined in RFC Section 5.1 "Public-Key Encrypted Session Key
 	 * Packet"
 	 */
 	m_buf[0] = session_key->symmetric_algorithm;
 	assert(session_key->symmetric_algorithm == OPS_SA_CAST5);
 	for (i = 0; i < CAST_KEY_LENGTH; i++) {
 		m_buf[1 + i] = session_key->key[i];
+	}
-	return (__ops_calc_session_key_checksum(session_key, m_buf + 1 + CAST_KEY_LENGTH));
+	return (__ops_calc_session_key_checksum(session_key,
 				m_buf + 1 + CAST_KEY_LENGTH));
+}
 /**
 \ingroup Core_Create
 \brief implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC
 \param M
 \param mLen
 \param pkey
 \param EM
 \return true if OK; else false
 */
 bool
 encode_m_buf(const unsigned char *M, size_t mLen,
 	     const __ops_public_key_t * pkey,
-	     unsigned char *EM
+	     unsigned char *EM)
+{
 	unsigned int    k;
 	unsigned        i;
 	/* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */
 	assert(pkey->algorithm == OPS_PKA_RSA);
 	k = BN_num_bytes(pkey->key.rsa.n);
 	assert(mLen <= k - 11);
 	if (mLen > k - 11) {
 		fprintf(stderr, "message too long\n");
 		return false;
+	}
 	/* these two bytes defined by RFC */
 	EM[0] = 0x00;
 	EM[1] = 0x02;
 	/* add non-zero random bytes of length k - mLen -3 */
-	for (i = 2; i < k - mLen - 1; ++i)
+	for (i = 2; i < k - mLen - 1; ++i) {
-		do
+		do {
 			__ops_random(EM + i, 1);
-		while (EM[i] == 0);
+		} while (EM[i] == 0);
+	}
 	assert(i >= 8 + 2);
 	EM[i++] = 0;
 	(void) memcpy(EM + i, M, mLen);
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i2 = 0;
 		fprintf(stderr, "Encoded Message: \n");
-		for (i2 = 0; i2 < mLen; i2++)
+		(void) fprintf(stderr, "Encoded Message: \n");
-			fprintf(stderr, "%2x ", EM[i2]);
+		for (i2 = 0; i2 < mLen; i2++) {
-		fprintf(stderr, "\n");
+			(void) fprintf(stderr, "%2x ", EM[i2]);
+		}
 		(void) fprintf(stderr, "\n");
+	}
 	return true;
+}
 /**
  \ingroup Core_Create
 \brief Creates an __ops_pk_session_key_t struct from keydata
 \param key Keydata to use
 \return __ops_pk_session_key_t struct
 \note It is the caller's responsiblity to free the returned pointer
 \note Currently hard-coded to use CAST5
 \note Currently hard-coded to use RSA
 */
 @@ -928,77 +920,84 @@ __ops_create_pk_session_key(const __ops_
 	/*
          * Creates a random session key and encrypts it for the given key
+         *
          * Session Key is for use with a SK algo,
          * can be any, we're hardcoding CAST5 for now
+         *
          * Encryption used is PK,
          * can be any, we're hardcoding RSA for now
          */
 	const __ops_public_key_t *pub_key = __ops_get_public_key_from_data(key);
 #define SZ_UNENCODED_M_BUF CAST_KEY_LENGTH+1+2
 	unsigned char   unencoded_m_buf[SZ_UNENCODED_M_BUF];
 	const size_t    sz_encoded_m_buf = BN_num_bytes(pub_key->key.rsa.n);
 	unsigned char  *encoded_m_buf = calloc(1, sz_encoded_m_buf);
 	__ops_pk_session_key_t *session_key = calloc(1, sizeof(*session_key));
 	assert(key->type == OPS_PTAG_CT_PUBLIC_KEY);
 	session_key->version = OPS_PKSK_V3;
 	(void) memcpy(session_key->key_id, key->key_id, sizeof(session_key->key_id));
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
-		fprintf(stderr, "Encrypting for RSA key id : ");
+		(void) fprintf(stderr, "Encrypting for RSA key id : ");
-		for (i = 0; i < sizeof(session_key->key_id); i++)
+		for (i = 0; i < sizeof(session_key->key_id); i++) {
-			fprintf(stderr, "%2x ", key->key_id[i]);
+			(void) fprintf(stderr, "%2x ", key->key_id[i]);
 		fprintf(stderr, "\n");
 		(void) fprintf(stderr, "\n");
+	}
 	assert(key->key.pkey.algorithm == OPS_PKA_RSA);
 	session_key->algorithm = key->key.pkey.algorithm;
 	/* \todo allow user to specify other algorithm */
 	session_key->symmetric_algorithm = OPS_SA_CAST5;
 	__ops_random(session_key->key, CAST_KEY_LENGTH);
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
 		fprintf(stderr, "CAST5 session key created (len=%d):\n ", CAST_KEY_LENGTH);
-		for (i = 0; i < CAST_KEY_LENGTH; i++)
+		(void) fprintf(stderr,
-			fprintf(stderr, "%2x ", session_key->key[i]);
+			"CAST5 session key created (len=%d):\n ",
-		fprintf(stderr, "\n");
+			CAST_KEY_LENGTH);
 		for (i = 0; i < CAST_KEY_LENGTH; i++) {
 			(void) fprintf(stderr, "%2x ", session_key->key[i]);
+		}
 		(void) fprintf(stderr, "\n");
+	}
 	if (create_unencoded_m_buf(session_key, &unencoded_m_buf[0]) == false) {
-		free(encoded_m_buf);
+		(void) free(encoded_m_buf);
 		return NULL;
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
 		printf("unencoded m buf:\n");
-		for (i = 0; i < SZ_UNENCODED_M_BUF; i++)
+		for (i = 0; i < SZ_UNENCODED_M_BUF; i++) {
 			printf("%2x ", unencoded_m_buf[i]);
+		}
 		printf("\n");
+	}
-	encode_m_buf(&unencoded_m_buf[0], SZ_UNENCODED_M_BUF, pub_key, &encoded_m_buf[0]);
+	encode_m_buf(&unencoded_m_buf[0], SZ_UNENCODED_M_BUF, pub_key,
 			&encoded_m_buf[0]);
 	/* and encrypt it */
-	if (!__ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pub_key, &session_key->parameters)) {
+	if (!__ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pub_key,
-		free(encoded_m_buf);
+			&session_key->parameters)) {
 		(void) free(encoded_m_buf);
 		return NULL;
+	}
-	free(encoded_m_buf);
+	(void) free(encoded_m_buf);
 	return session_key;
+}
 /**
 \ingroup Core_WritePackets
 \brief Writes Public Key Session Key packet
 \param info Write settings
 \param pksk Public Key Session Key to write out
 \return true if OK; else false
 */
 bool
 __ops_write_pk_session_key(__ops_create_info_t * info,
 			 __ops_pk_session_key_t * pksk)
 @@ -1211,32 +1210,33 @@ __ops_write_file_from_buf(const char *fi
 	if (overwrite == true) {
 		flags |= O_TRUNC;
 	} else {
 		flags |= O_EXCL;
+	}
 #ifdef O_BINARY
 	flags |= O_BINARY;
 #endif
 	fd = open(filename, flags, 0600);
 	if (fd < 0) {
 		perror(NULL);
 		return 0;
+	}
-	n = write(fd, buf, len);
+	if ((n = write(fd, buf, len)) != len) {
 	if (n != len)
 		return 0;
+	}
-	if (!close(fd))
+	if (!close(fd)) {
 		return 1;
+	}
 	return 0;
+}
 /**
 \ingroup Core_WritePackets
 \brief Write Symmetrically Encrypted packet
 \param data Data to encrypt
 \param len Length of data
 \param info Write settings
 \return true if OK; else false
 \note Hard-coded to use AES256
 */
 @@ -1277,24 +1277,24 @@ __ops_write_symmetrically_encrypted_data
 \return true if OK; else false
 */
 bool
 __ops_write_one_pass_sig(const __ops_secret_key_t * skey,
 		       const __ops_hash_algorithm_t hash_alg,
 		       const __ops_sig_type_t sig_type,
 		       __ops_create_info_t * info)
+{
 	unsigned char   keyid[OPS_KEY_ID_SIZE];
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "calling __ops_keyid in write_one_pass_sig: this calls sha1_init\n");
+	}
-	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key);
+	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey);
 	return __ops_write_ptag(OPS_PTAG_CT_ONE_PASS_SIGNATURE, info) &&
 		__ops_write_length(1 + 1 + 1 + 1 + 8 + 1, info) &&
 		__ops_write_scalar(3, 1, info)	/* version */ &&
 		__ops_write_scalar((unsigned)sig_type, 1, info) &&
 		__ops_write_scalar((unsigned)hash_alg, 1, info) &&
-		__ops_write_scalar((unsigned)skey->public_key.algorithm, 1, info) &&
+		__ops_write_scalar((unsigned)skey->pubkey.algorithm, 1, info) &&
 		__ops_write(keyid, 8, info) &&
 		__ops_write_scalar(1, 1, info);
+}

 @@ -732,29 +732,29 @@ data_free(__ops_data_t * data)
 static void
 string_free(char **str)
+{
 	free(*str);
 	*str = NULL;
+}
 /**
 \ingroup Core_Create
 \brief Free allocated memory
 */
 /* ! Free packet memory, set pointer to NULL */
 void
-__ops_packet_free(__ops_packet_t * packet)
+__ops_subpacket_free(__ops_subpacket_t *packet)
+{
-	free(packet->raw);
+	(void) free(packet->raw);
 	packet->raw = NULL;
+}
 /**
 \ingroup Core_Create
 \brief Free allocated memory
 */
 static void
 __ops_headers_free(__ops_headers_t * headers)
+{
 	unsigned        n;
 	for (n = 0; n < headers->nheaders; ++n) {
 @@ -1002,27 +1002,27 @@ ss_revocation_reason_free(__ops_ss_revoc
 static void
 ss_embedded_signature_free(__ops_ss_embedded_signature_t *ss_embedded_signature)
+{
 	data_free(&ss_embedded_signature->sig);
+}
 /**
 \ingroup Core_Create
 \brief Free allocated memory
 */
 /* ! Free any memory allocated when parsing the packet content */
 void
-__ops_parser_content_free(__ops_parser_content_t * c)
+__ops_parser_content_free(__ops_packet_t * c)
+{
 	switch (c->tag) {
 	case OPS_PARSER_PTAG:
 	case OPS_PTAG_CT_COMPRESSED:
 	case OPS_PTAG_SS_CREATION_TIME:
 	case OPS_PTAG_SS_EXPIRATION_TIME:
 	case OPS_PTAG_SS_KEY_EXPIRATION_TIME:
 	case OPS_PTAG_SS_TRUST:
 	case OPS_PTAG_SS_ISSUER_KEY_ID:
 	case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
 	case OPS_PTAG_SS_PRIMARY_USER_ID:
 	case OPS_PTAG_SS_REVOCABLE:
 	case OPS_PTAG_SS_REVOCATION_KEY:
 @@ -1052,27 +1052,27 @@ __ops_parser_content_free(__ops_parser_c
 		break;
 	case OPS_PTAG_CT_TRUST:
 		trust_free(&c->u.trust);
 		break;
 	case OPS_PTAG_CT_SIGNATURE:
 	case OPS_PTAG_CT_SIGNATURE_FOOTER:
 		signature_free(&c->u.signature);
 		break;
 	case OPS_PTAG_CT_PUBLIC_KEY:
 	case OPS_PTAG_CT_PUBLIC_SUBKEY:
-		__ops_public_key_free(&c->u.public_key);
+		__ops_public_key_free(&c->u.pubkey);
 		break;
 	case OPS_PTAG_CT_USER_ID:
 		__ops_user_id_free(&c->u.user_id);
 		break;
 	case OPS_PTAG_SS_SIGNERS_USER_ID:
 		__ops_user_id_free(&c->u.ss_signers_user_id);
 		break;
 	case OPS_PTAG_CT_USER_ATTRIBUTE:
 		__ops_user_attribute_free(&c->u.user_attribute);
 		break;
 @@ -1134,45 +1134,45 @@ __ops_parser_content_free(__ops_parser_c
 	case OPS_PTAG_SS_RESERVED:
 		ss_reserved_free(&c->u.ss_unknown);
 		break;
 	case OPS_PTAG_SS_REVOCATION_REASON:
 		ss_revocation_reason_free(&c->u.ss_revocation_reason);
 		break;
 	case OPS_PTAG_SS_EMBEDDED_SIGNATURE:
 		ss_embedded_signature_free(&c->u.ss_embedded_signature);
 		break;
 	case OPS_PARSER_PACKET_END:
-		__ops_packet_free(&c->u.packet);
+		__ops_subpacket_free(&c->u.packet);
 		break;
 	case OPS_PARSER_ERROR:
 	case OPS_PARSER_ERRCODE:
 		break;
 	case OPS_PTAG_CT_SECRET_KEY:
 	case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:
 		__ops_secret_key_free(&c->u.secret_key);
 		break;
 	case OPS_PTAG_CT_PK_SESSION_KEY:
 	case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY:
 		__ops_pk_session_key_free(&c->u.pk_session_key);
 		break;
 	case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
-		__ops_cmd_get_passphrase_free(&c->u.secret_key_passphrase);
+		__ops_cmd_get_passphrase_free(&c->u.skey_passphrase);
 		break;
 	default:
 		fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag);
 		assert( /* CONSTCOND */ 0);
+	}
+}
 /**
 \ingroup Core_Create
 \brief Free allocated memory
 */
 void
 @@ -1234,112 +1234,121 @@ __ops_public_key_free(__ops_public_key_t
 /**
    \ingroup Core_ReadPackets
 */
 static int
 parse_public_key_data(__ops_public_key_t * key, __ops_region_t * region,
 		      __ops_parse_info_t * pinfo)
+{
 	unsigned char   c[1] = "";
 	assert(region->length_read == 0);	/* We should not have read
 						 * anything so far */
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
+	}
 	key->version = c[0];
 	if (key->version < 2 || key->version > 4) {
 		OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN,
 			    "Bad public key version (0x%02x)", key->version);
 		return 0;
+	}
-	if (!limited_read_time(&key->creation_time, region, pinfo))
+	if (!limited_read_time(&key->creation_time, region, pinfo)) {
 		return 0;
+	}
 	key->days_valid = 0;
-	if ((key->version == 2 || key->version == 3)
+	if ((key->version == 2 || key->version == 3) &&
-	    && !limited_read_scalar(&key->days_valid, 2, region, pinfo))
+	    !limited_read_scalar(&key->days_valid, 2, region, pinfo)) {
 		return 0;
+	}
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
 	key->algorithm = c[0];
 	switch (key->algorithm) {
 	case OPS_PKA_DSA:
-		if (!limited_read_mpi(&key->key.dsa.p, region, pinfo)
+		if (!limited_read_mpi(&key->key.dsa.p, region, pinfo) ||
-		    || !limited_read_mpi(&key->key.dsa.q, region, pinfo)
+		    !limited_read_mpi(&key->key.dsa.q, region, pinfo) ||
-		    || !limited_read_mpi(&key->key.dsa.g, region, pinfo)
+		    !limited_read_mpi(&key->key.dsa.g, region, pinfo) ||
-		    || !limited_read_mpi(&key->key.dsa.y, region, pinfo))
+		    !limited_read_mpi(&key->key.dsa.y, region, pinfo)) {
 			return 0;
+		}
 		break;
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
-		if (!limited_read_mpi(&key->key.rsa.n, region, pinfo)
+		if (!limited_read_mpi(&key->key.rsa.n, region, pinfo) ||
-		    || !limited_read_mpi(&key->key.rsa.e, region, pinfo))
+		    !limited_read_mpi(&key->key.rsa.e, region, pinfo)) {
 			return 0;
+		}
 		break;
 	case OPS_PKA_ELGAMAL:
 	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
-		if (!limited_read_mpi(&key->key.elgamal.p, region, pinfo)
+		if (!limited_read_mpi(&key->key.elgamal.p, region, pinfo) ||
-		    || !limited_read_mpi(&key->key.elgamal.g, region, pinfo)
+		    !limited_read_mpi(&key->key.elgamal.g, region, pinfo) ||
-		    || !limited_read_mpi(&key->key.elgamal.y, region, pinfo))
+		    !limited_read_mpi(&key->key.elgamal.y, region, pinfo)) {
 			return 0;
+		}
 		break;
 	default:
-		OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, "Unsupported Public Key algorithm (%s)", __ops_show_pka(key->algorithm));
+		OPS_ERROR_1(&pinfo->errors,
 			OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
 			"Unsupported Public Key algorithm (%s)",
 			__ops_show_pka(key->algorithm));
 		return 0;
+	}
 	return 1;
+}
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse a public key packet.
+ *
  * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys.
+ *
  * Once the key has been parsed successfully, it is passed to the callback.
+ *
  * \param *ptag		Pointer to the current Packet Tag.  This function should consume the entire packet.
  * \param *reader	Our reader
  * \param *cb		The callback
  * \return		1 on success, 0 on error
+ *
  * \see RFC4880 5.5.2
  */
 static int
 parse_public_key(__ops_content_tag_t tag, __ops_region_t * region,
 		 __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
-	if (!parse_public_key_data(&content.u.public_key, region, pinfo))
+	if (!parse_public_key_data(&pkt.u.pubkey, region, pinfo))
 		return 0;
 	/* XXX: this test should be done for all packets, surely? */
 	if (region->length_read != region->length) {
 		OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA,
 			    "Unconsumed data (%d)", region->length - region->length_read);
 		return 0;
+	}
-	CALLBACK(&pinfo->cbinfo, tag, &content);
+	CALLBACK(&pinfo->cbinfo, tag, &pkt);
 	return 1;
+}
 /**
 \ingroup Core_Create
 \brief Free allocated memory
 */
 /* ! Free the memory used when parsing this packet type */
 void
 __ops_user_attribute_free(__ops_user_attribute_t * user_att)
+{
 @@ -1348,40 +1357,40 @@ __ops_user_attribute_free(__ops_user_att
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse one user attribute packet.
+ *
  * User attribute packets contain one or more attribute subpackets.
  * For now, handle the whole packet as raw data.
  */
 static int
 parse_user_attribute(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
 	/*
 	 * xxx- treat as raw data for now. Could break down further into
 	 * attribute sub-packets later - rachel
 	 */
 	assert(region->length_read == 0);	/* We should not have read
 						 * anything so far */
-	if (!read_data(&content.u.user_attribute.data, region, pinfo))
+	if (!read_data(&pkt.u.user_attribute.data, region, pinfo))
 		return 0;
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ATTRIBUTE, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ATTRIBUTE, &pkt);
 	return 1;
+}
 /**
 \ingroup Core_Create
 \brief Free allocated memory
 */
 /* ! Free the memory used when parsing this packet type */
 void
 __ops_user_id_free(__ops_user_id_t * id)
+{
 	free(id->user_id);
 @@ -1400,42 +1409,42 @@ __ops_user_id_free(__ops_user_id_t * id)
+ *
  * Once the userid has been parsed successfully, it is passed to the callback.
+ *
  * \param *ptag		Pointer to the Packet Tag.  This function should consume the entire packet.
  * \param *reader	Our reader
  * \param *cb		The callback
  * \return		1 on success, 0 on error
+ *
  * \see RFC4880 5.11
  */
 static int
 parse_user_id(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
 	assert(region->length_read == 0);	/* We should not have read
 						 * anything so far */
-	content.u.user_id.user_id = calloc(1, region->length + 1);	/* XXX should we not
+	pkt.u.user_id.user_id = calloc(1, region->length + 1);	/* XXX should we not
 							 * like check malloc's
 							 * return value? */
-	if (region->length && !limited_read(content.u.user_id.user_id, region->length, region,
+	if (region->length && !limited_read(pkt.u.user_id.user_id, region->length, region,
 					    pinfo))
 		return 0;
-	content.u.user_id.user_id[region->length] = '\0';	/* terminate the string */
+	pkt.u.user_id.user_id[region->length] = '\0';	/* terminate the string */
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ID, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ID, &pkt);
 	return 1;
+}
 static __ops_hash_t     *
 parse_hash_find(__ops_parse_info_t * pinfo,
 		    const unsigned char keyid[OPS_KEY_ID_SIZE])
+{
 	size_t          n;
 	for (n = 0; n < pinfo->nhashes; ++n) {
 		if (memcmp(pinfo->hashes[n].keyid, keyid, OPS_KEY_ID_SIZE) == 0) {
 			return &pinfo->hashes[n].hash;
 @@ -1453,101 +1462,116 @@ parse_hash_find(__ops_parse_info_t * pin
  * Once the signature has been parsed successfully, it is passed to the callback.
+ *
  * \param *ptag		Pointer to the Packet Tag.  This function should consume the entire packet.
  * \param *reader	Our reader
  * \param *cb		The callback
  * \return		1 on success, 0 on error
+ *
  * \see RFC4880 5.2.2
  */
 static int
 parse_v3_signature(__ops_region_t * region,
 		   __ops_parse_info_t * pinfo)
+{
-	unsigned char   c[1] = "";
+	__ops_packet_t	pkt;
-	__ops_parser_content_t content;
+	unsigned char		c[1] = "";
 	/* clear signature */
-	(void) memset(&content.u.signature, 0x0, sizeof(content.u.signature));
+	(void) memset(&pkt.u.signature, 0x0, sizeof(pkt.u.signature));
-	content.u.signature.info.version = OPS_V3;
+	pkt.u.signature.info.version = OPS_V3;
 	/* hash info length */
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
+	}
 	if (c[0] != 5) {
-		ERRP(&pinfo->cbinfo, content, "bad hash info length");
+		ERRP(&pinfo->cbinfo, pkt, "bad hash info length");
+	}
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
 	content.u.signature.info.type = c[0];
 	pkt.u.signature.info.type = c[0];
 	/* XXX: check signature type */
-	if (!limited_read_time(&content.u.signature.info.creation_time, region, pinfo))
+	if (!limited_read_time(&pkt.u.signature.info.creation_time,
 			region, pinfo)) {
 		return 0;
 	content.u.signature.info.creation_time_set = true;
 	pkt.u.signature.info.creation_time_set = true;
-	if (!limited_read(content.u.signature.info.signer_id, OPS_KEY_ID_SIZE, region, pinfo))
+	if (!limited_read(pkt.u.signature.info.signer_id, OPS_KEY_ID_SIZE,
 			region, pinfo)) {
 		return 0;
 	content.u.signature.info.signer_id_set = true;
 	pkt.u.signature.info.signer_id_set = true;
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
 	content.u.signature.info.key_algorithm = c[0];
 	pkt.u.signature.info.key_algorithm = c[0];
 	/* XXX: check algorithm */
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
 	content.u.signature.info.hash_algorithm = c[0];
 	pkt.u.signature.info.hash_algorithm = c[0];
 	/* XXX: check algorithm */
-	if (!limited_read(content.u.signature.hash2, 2, region, pinfo))
+	if (!limited_read(pkt.u.signature.hash2, 2, region, pinfo)) {
 		return 0;
+	}
-	switch (content.u.signature.info.key_algorithm) {
+	switch (pkt.u.signature.info.key_algorithm) {
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_SIGN_ONLY:
-		if (!limited_read_mpi(&content.u.signature.info.signature.rsa.sig, region, pinfo))
+		if (!limited_read_mpi(&pkt.u.signature.info.signature.rsa.sig, region, pinfo)) {
 			return 0;
+		}
 		break;
 	case OPS_PKA_DSA:
-		if (!limited_read_mpi(&content.u.signature.info.signature.dsa.r, region, pinfo)
+		if (!limited_read_mpi(&pkt.u.signature.info.signature.dsa.r, region, pinfo) ||
-		    || !limited_read_mpi(&content.u.signature.info.signature.dsa.s, region, pinfo))
+		    !limited_read_mpi(&pkt.u.signature.info.signature.dsa.s, region, pinfo)) {
 			return 0;
+		}
 		break;
 	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
-		if (!limited_read_mpi(&content.u.signature.info.signature.elgamal.r, region, pinfo)
+		if (!limited_read_mpi(&pkt.u.signature.info.signature.elgamal.r, region, pinfo) ||
-		    || !limited_read_mpi(&content.u.signature.info.signature.elgamal.s, region, pinfo))
+		    !limited_read_mpi(&pkt.u.signature.info.signature.elgamal.s, region, pinfo)) {
 			return 0;
+		}
 		break;
 	default:
-		OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG,
+		OPS_ERROR_1(&pinfo->errors,
-			    "Unsupported signature key algorithm (%s)",
+			OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG,
-			    __ops_show_pka(content.u.signature.info.key_algorithm));
+			"Unsupported signature key algorithm (%s)",
 			__ops_show_pka(pkt.u.signature.info.key_algorithm));
 		return 0;
+	}
 	if (region->length_read != region->length) {
 		OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, "Unconsumed data (%d)", region->length - region->length_read);
 		return 0;
+	}
-	if (content.u.signature.info.signer_id_set)
+	if (pkt.u.signature.info.signer_id_set) {
-		content.u.signature.hash = parse_hash_find(pinfo, content.u.signature.info.signer_id);
+		pkt.u.signature.hash = parse_hash_find(pinfo,
 				pkt.u.signature.info.signer_id);
+	}
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE, &pkt);
 	return 1;
+}
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse one signature sub-packet.
+ *
  * Version 4 signatures can have an arbitrary amount of (hashed and unhashed) subpackets.  Subpackets are used to hold
  * optional attributes of subpackets.
+ *
  * This function parses one such signature subpacket.
+ *
 @@ -1557,513 +1581,520 @@ parse_v3_signature(__ops_region_t * regi
  * \param *reader	Our reader
  * \param *cb		The callback
  * \return		1 on success, 0 on error
+ *
  * \see RFC4880 5.2.3
  */
 static int
 parse_one_signature_subpacket(__ops_signature_t * sig,
 			      __ops_region_t * region,
 			      __ops_parse_info_t * pinfo)
+{
 	__ops_region_t    subregion;
 	unsigned char   c[1] = "";
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
 	unsigned        t8, t7;
 	bool   doread = true;
 	unsigned char   bools[1] = "";
 	__ops_init_subregion(&subregion, region);
 	if (!limited_read_new_length(&subregion.length, region, pinfo))
 		return 0;
 	if (subregion.length > region->length)
-		ERRP(&pinfo->cbinfo, content, "Subpacket too long");
+		ERRP(&pinfo->cbinfo, pkt, "Subpacket too long");
 	if (!limited_read(c, 1, &subregion, pinfo))
 		return 0;
 	t8 = (c[0] & 0x7f) / 8;
 	t7 = 1 << (c[0] & 7);
-	content.critical = (unsigned)c[0] >> 7;
+	pkt.critical = (unsigned)c[0] >> 7;
-	content.tag = OPS_PTAG_SIGNATURE_SUBPACKET_BASE + (c[0] & 0x7f);
+	pkt.tag = OPS_PTAG_SIGNATURE_SUBPACKET_BASE + (c[0] & 0x7f);
 	/* Application wants it delivered raw */
 	if (pinfo->ss_raw[t8] & t7) {
-		content.u.ss_raw.tag = content.tag;
+		pkt.u.ss_raw.tag = pkt.tag;
-		content.u.ss_raw.length = subregion.length - 1;
+		pkt.u.ss_raw.length = subregion.length - 1;
-		content.u.ss_raw.raw = calloc(1, content.u.ss_raw.length);
+		pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length);
-		if (!limited_read(content.u.ss_raw.raw, content.u.ss_raw.length, &subregion, pinfo))
+		if (!limited_read(pkt.u.ss_raw.raw, pkt.u.ss_raw.length, &subregion, pinfo))
 			return 0;
-		CALLBACK(&pinfo->cbinfo, OPS_PTAG_RAW_SS, &content);
+		CALLBACK(&pinfo->cbinfo, OPS_PTAG_RAW_SS, &pkt);
 		return 1;
+	}
-	switch (content.tag) {
+	switch (pkt.tag) {
 	case OPS_PTAG_SS_CREATION_TIME:
 	case OPS_PTAG_SS_EXPIRATION_TIME:
 	case OPS_PTAG_SS_KEY_EXPIRATION_TIME:
-		if (!limited_read_time(&content.u.ss_time.time, &subregion, pinfo))
+		if (!limited_read_time(&pkt.u.ss_time.time, &subregion, pinfo))
 			return 0;
-		if (content.tag == OPS_PTAG_SS_CREATION_TIME) {
+		if (pkt.tag == OPS_PTAG_SS_CREATION_TIME) {
-			sig->info.creation_time = content.u.ss_time.time;
+			sig->info.creation_time = pkt.u.ss_time.time;
 			sig->info.creation_time_set = true;
+		}
 		break;
 	case OPS_PTAG_SS_TRUST:
-		if (!limited_read(&content.u.ss_trust.level, 1, &subregion, pinfo)
+		if (!limited_read(&pkt.u.ss_trust.level, 1, &subregion, pinfo)
-		 || !limited_read(&content.u.ss_trust.amount, 1, &subregion, pinfo))
+		 || !limited_read(&pkt.u.ss_trust.amount, 1, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_REVOCABLE:
 		if (!limited_read(bools, 1, &subregion, pinfo))
 			return 0;
-		content.u.ss_revocable.revocable = !!bools[0];
+		pkt.u.ss_revocable.revocable = !!bools[0];
 		break;
 	case OPS_PTAG_SS_ISSUER_KEY_ID:
-		if (!limited_read(content.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE,
+		if (!limited_read(pkt.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE,
 				  &subregion, pinfo))
 			return 0;
-		(void) memcpy(sig->info.signer_id, content.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE);
+		(void) memcpy(sig->info.signer_id, pkt.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE);
 		sig->info.signer_id_set = true;
 		break;
 	case OPS_PTAG_SS_PREFERRED_SKA:
-		if (!read_data(&content.u.ss_preferred_ska.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_preferred_ska.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_PREFERRED_HASH:
-		if (!read_data(&content.u.ss_preferred_hash.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_preferred_hash.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_PREFERRED_COMPRESSION:
-		if (!read_data(&content.u.ss_preferred_compression.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_preferred_compression.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_PRIMARY_USER_ID:
 		if (!limited_read(bools, 1, &subregion, pinfo))
 			return 0;
-		content.u.ss_primary_user_id.primary_user_id = !!bools[0];
+		pkt.u.ss_primary_user_id.primary_user_id = !!bools[0];
 		break;
 	case OPS_PTAG_SS_KEY_FLAGS:
-		if (!read_data(&content.u.ss_key_flags.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_key_flags.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_KEY_SERVER_PREFS:
-		if (!read_data(&content.u.ss_key_server_prefs.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_key_server_prefs.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_FEATURES:
-		if (!read_data(&content.u.ss_features.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_features.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_SIGNERS_USER_ID:
-		if (!read_unsigned_string(&content.u.ss_signers_user_id.user_id, &subregion, pinfo))
+		if (!read_unsigned_string(&pkt.u.ss_signers_user_id.user_id, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_EMBEDDED_SIGNATURE:
 		/* \todo should do something with this sig? */
-		if (!read_data(&content.u.ss_embedded_signature.sig, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_embedded_signature.sig, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_NOTATION_DATA:
-		if (!limited_read_data(&content.u.ss_notation_data.flags, 4, &subregion, pinfo))
+		if (!limited_read_data(&pkt.u.ss_notation_data.flags, 4, &subregion, pinfo))
 			return 0;
-		if (!limited_read_size_t_scalar(&content.u.ss_notation_data.name.len, 2,
+		if (!limited_read_size_t_scalar(&pkt.u.ss_notation_data.name.len, 2,
 						&subregion, pinfo))
 			return 0;
-		if (!limited_read_size_t_scalar(&content.u.ss_notation_data.value.len, 2,
+		if (!limited_read_size_t_scalar(&pkt.u.ss_notation_data.value.len, 2,
 						&subregion, pinfo))
 			return 0;
-		if (!limited_read_data(&content.u.ss_notation_data.name,
+		if (!limited_read_data(&pkt.u.ss_notation_data.name,
-			    content.u.ss_notation_data.name.len, &subregion, pinfo))
+			    pkt.u.ss_notation_data.name.len, &subregion, pinfo))
 			return 0;
-		if (!limited_read_data(&content.u.ss_notation_data.value,
+		if (!limited_read_data(&pkt.u.ss_notation_data.value,
-			   content.u.ss_notation_data.value.len, &subregion, pinfo))
+			   pkt.u.ss_notation_data.value.len, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_POLICY_URI:
-		if (!read_string(&content.u.ss_policy_url.text, &subregion, pinfo))
+		if (!read_string(&pkt.u.ss_policy_url.text, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_REGEXP:
-		if (!read_string(&content.u.ss_regexp.text, &subregion, pinfo))
+		if (!read_string(&pkt.u.ss_regexp.text, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_PREFERRED_KEY_SERVER:
-		if (!read_string(&content.u.ss_preferred_key_server.text, &subregion, pinfo))
+		if (!read_string(&pkt.u.ss_preferred_key_server.text, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_USERDEFINED00:
 	case OPS_PTAG_SS_USERDEFINED01:
 	case OPS_PTAG_SS_USERDEFINED02:
 	case OPS_PTAG_SS_USERDEFINED03:
 	case OPS_PTAG_SS_USERDEFINED04:
 	case OPS_PTAG_SS_USERDEFINED05:
 	case OPS_PTAG_SS_USERDEFINED06:
 	case OPS_PTAG_SS_USERDEFINED07:
 	case OPS_PTAG_SS_USERDEFINED08:
 	case OPS_PTAG_SS_USERDEFINED09:
 	case OPS_PTAG_SS_USERDEFINED10:
-		if (!read_data(&content.u.ss_userdefined.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_userdefined.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_RESERVED:
-		if (!read_data(&content.u.ss_unknown.data, &subregion, pinfo))
+		if (!read_data(&pkt.u.ss_unknown.data, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_REVOCATION_REASON:
 		/* first byte is the machine-readable code */
-		if (!limited_read(&content.u.ss_revocation_reason.code, 1, &subregion, pinfo))
+		if (!limited_read(&pkt.u.ss_revocation_reason.code, 1, &subregion, pinfo))
 			return 0;
 		/* the rest is a human-readable UTF-8 string */
-		if (!read_string(&content.u.ss_revocation_reason.text, &subregion, pinfo))
+		if (!read_string(&pkt.u.ss_revocation_reason.text, &subregion, pinfo))
 			return 0;
 		break;
 	case OPS_PTAG_SS_REVOCATION_KEY:
 		/* octet 0 = class. Bit 0x80 must be set */
-		if (!limited_read(&content.u.ss_revocation_key.class, 1, &subregion, pinfo))
+		if (!limited_read(&pkt.u.ss_revocation_key.class, 1, &subregion, pinfo))
 			return 0;
-		if (!(content.u.ss_revocation_key.class & 0x80)) {
+		if (!(pkt.u.ss_revocation_key.class & 0x80)) {
 			printf("Warning: OPS_PTAG_SS_REVOCATION_KEY class: "
 			       "Bit 0x80 should be set\n");
 			return 0;
+		}
 		/* octet 1 = algid */
-		if (!limited_read(&content.u.ss_revocation_key.algid, 1, &subregion, pinfo))
+		if (!limited_read(&pkt.u.ss_revocation_key.algid, 1, &subregion, pinfo))
 			return 0;
 		/* octets 2-21 = fingerprint */
-		if (!limited_read(&content.u.ss_revocation_key.fingerprint[0], 20, &subregion,
+		if (!limited_read(&pkt.u.ss_revocation_key.fingerprint[0], 20, &subregion,
 				  pinfo))
 			return 0;
 		break;
 	default:
 		if (pinfo->ss_parsed[t8] & t7)
 			OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_UNKNOWN_SS,
 				    "Unknown signature subpacket type (%d)", c[0] & 0x7f);
 		doread = false;
 		break;
+	}
 	/* Application doesn't want it delivered parsed */
 	if (!(pinfo->ss_parsed[t8] & t7)) {
-		if (content.critical)
+		if (pkt.critical)
 			OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_CRITICAL_SS_IGNORED,
 				"Critical signature subpacket ignored (%d)",
 				    c[0] & 0x7f);
 		if (!doread && !limited_skip(subregion.length - 1, &subregion, pinfo))
 			return 0;
 		/*
 		 * printf("skipped %d length
 		 * %d\n",c[0]&0x7f,subregion.length);
 		 */
 		if (doread)
-			__ops_parser_content_free(&content);
+			__ops_parser_content_free(&pkt);
 		return 1;
+	}
 	if (doread && subregion.length_read != subregion.length) {
 		OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA,
 			    "Unconsumed data (%d)",
 			    subregion.length - subregion.length_read);
 		return 0;
+	}
-	CALLBACK(&pinfo->cbinfo, content.tag, &content);
+	CALLBACK(&pinfo->cbinfo, pkt.tag, &pkt);
 	return 1;
+}
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse several signature subpackets.
+ *
  * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set.
  * This function parses this length and then calls parse_one_signature_subpacket() for each subpacket until the
  * entire set is consumed.
+ *
  * This function does not call the callback directly, parse_one_signature_subpacket() does for each subpacket.
+ *
  * \param *ptag		Pointer to the Packet Tag.
  * \param *reader	Our reader
  * \param *cb		The callback
  * \return		1 on success, 0 on error
+ *
  * \see RFC4880 5.2.3
  */
 static int
 parse_signature_subpackets(__ops_signature_t * sig,
 			   __ops_region_t * region,
 			   __ops_parse_info_t * pinfo)
+{
-	__ops_region_t    subregion;
+	__ops_packet_t	pkt;
-	__ops_parser_content_t content;
+	__ops_region_t		subregion;
 	__ops_init_subregion(&subregion, region);
-	if (!limited_read_scalar(&subregion.length, 2, region, pinfo))
+	if (!limited_read_scalar(&subregion.length, 2, region, pinfo)) {
 		return 0;
+	}
-	if (subregion.length > region->length)
+	if (subregion.length > region->length) {
-		ERRP(&pinfo->cbinfo, content, "Subpacket set too long");
+		ERRP(&pinfo->cbinfo, pkt, "Subpacket set too long");
+	}
-	while (subregion.length_read < subregion.length)
+	while (subregion.length_read < subregion.length) {
-		if (!parse_one_signature_subpacket(sig, &subregion, pinfo))
+		if (!parse_one_signature_subpacket(sig, &subregion, pinfo)) {
 			return 0;
+		}
+	}
 	if (subregion.length_read != subregion.length) {
-		if (!limited_skip(subregion.length - subregion.length_read, &subregion,
+		if (!limited_skip(subregion.length - subregion.length_read,
-				  pinfo))
+				&subregion, pinfo)) {
-			ERRP(&pinfo->cbinfo, content, "Read failed while recovering from subpacket length mismatch");
+			ERRP(&pinfo->cbinfo, pkt,
-		ERRP(&pinfo->cbinfo, content, "Subpacket length mismatch");
+				"Read failed while recovering from subpacket length mismatch");
+		}
 		ERRP(&pinfo->cbinfo, pkt, "Subpacket length mismatch");
+	}
 	return 1;
+}
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse a version 4 signature.
+ *
  * This function parses a version 4 signature including all its hashed and unhashed subpackets.
+ *
  * Once the signature packet has been parsed successfully, it is passed to the callback.
+ *
  * \param *ptag		Pointer to the Packet Tag.
  * \param *reader	Our reader
  * \param *cb		The callback
  * \return		1 on success, 0 on error
+ *
  * \see RFC4880 5.2.3
  */
 static int
 parse_v4_signature(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
 	unsigned char   c[1] = "";
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
 	/* debug=1; */
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "\nparse_v4_signature\n");
+	}
 	/* clear signature */
-	(void) memset(&content.u.signature, 0x0, sizeof(content.u.signature));
+	(void) memset(&pkt.u.signature, 0x0, sizeof(pkt.u.signature));
 	/*
 	 * We need to hash the packet data from version through the hashed
 	 * subpacket data
 	 */
-	content.u.signature.v4_hashed_data_start = pinfo->rinfo.alength - 1;
+	pkt.u.signature.v4_hashed_data_start = pinfo->rinfo.alength - 1;
 	/* Set version,type,algorithms */
-	content.u.signature.info.version = OPS_V4;
+	pkt.u.signature.info.version = OPS_V4;
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.signature.info.type = c[0];
+	pkt.u.signature.info.type = c[0];
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "signature type=%d (%s)\n",
-			content.u.signature.info.type,
+			pkt.u.signature.info.type,
-			__ops_show_sig_type(content.u.signature.info.type));
+			__ops_show_sig_type(pkt.u.signature.info.type));
+	}
 	/* XXX: check signature type */
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.signature.info.key_algorithm = c[0];
+	pkt.u.signature.info.key_algorithm = c[0];
 	/* XXX: check algorithm */
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "key_algorithm=%d (%s)\n",
-			content.u.signature.info.key_algorithm,
+			pkt.u.signature.info.key_algorithm,
-			__ops_show_pka(content.u.signature.info.key_algorithm));
+			__ops_show_pka(pkt.u.signature.info.key_algorithm));
+	}
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.signature.info.hash_algorithm = c[0];
+	pkt.u.signature.info.hash_algorithm = c[0];
 	/* XXX: check algorithm */
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "hash_algorithm=%d %s\n",
-			content.u.signature.info.hash_algorithm,
+			pkt.u.signature.info.hash_algorithm,
-		  __ops_show_hash_algorithm(content.u.signature.info.hash_algorithm));
+		  __ops_show_hash_algorithm(pkt.u.signature.info.hash_algorithm));
+	}
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_HEADER, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_HEADER, &pkt);
-	if (!parse_signature_subpackets(&content.u.signature, region, pinfo))
+	if (!parse_signature_subpackets(&pkt.u.signature, region, pinfo))
 		return 0;
-	content.u.signature.info.v4_hashed_data_length = pinfo->rinfo.alength
+	pkt.u.signature.info.v4_hashed_data_length = pinfo->rinfo.alength
-		- content.u.signature.v4_hashed_data_start;
+		- pkt.u.signature.v4_hashed_data_start;
 	/* copy hashed subpackets */
-	if (content.u.signature.info.v4_hashed_data)
+	if (pkt.u.signature.info.v4_hashed_data)
-		free(content.u.signature.info.v4_hashed_data);
+		free(pkt.u.signature.info.v4_hashed_data);
-	content.u.signature.info.v4_hashed_data = calloc(1, content.u.signature.info.v4_hashed_data_length);
+	pkt.u.signature.info.v4_hashed_data = calloc(1, pkt.u.signature.info.v4_hashed_data_length);
 	if (!pinfo->rinfo.accumulate) {
 		/* We must accumulate, else we can't check the signature */
 		fprintf(stderr, "*** ERROR: must set accumulate to true\n");
 		assert( /* CONSTCOND */ 0);
+	}
-	(void) memcpy(content.u.signature.info.v4_hashed_data,
+	(void) memcpy(pkt.u.signature.info.v4_hashed_data,
-	       pinfo->rinfo.accumulated + content.u.signature.v4_hashed_data_start,
+	       pinfo->rinfo.accumulated + pkt.u.signature.v4_hashed_data_start,
-	       content.u.signature.info.v4_hashed_data_length);
+	       pkt.u.signature.info.v4_hashed_data_length);
-	if (!parse_signature_subpackets(&content.u.signature, region, pinfo))
+	if (!parse_signature_subpackets(&pkt.u.signature, region, pinfo))
 		return 0;
-	if (!limited_read(content.u.signature.hash2, 2, region, pinfo))
+	if (!limited_read(pkt.u.signature.hash2, 2, region, pinfo))
 		return 0;
-	switch (content.u.signature.info.key_algorithm) {
+	switch (pkt.u.signature.info.key_algorithm) {
 	case OPS_PKA_RSA:
-		if (!limited_read_mpi(&content.u.signature.info.signature.rsa.sig, region, pinfo))
+		if (!limited_read_mpi(&pkt.u.signature.info.signature.rsa.sig, region, pinfo))
 			return 0;
 		break;
 	case OPS_PKA_DSA:
-		if (!limited_read_mpi(&content.u.signature.info.signature.dsa.r, region, pinfo)) {
+		if (!limited_read_mpi(&pkt.u.signature.info.signature.dsa.r, region, pinfo)) {
 			/*
 			 * usually if this fails, it just means we've reached
 			 * the end of the keyring
 			 */
 			if (__ops_get_debug_level(__FILE__)) {
 				(void) fprintf(stderr, "Error reading DSA r field in signature");
+			}
 			return 0;
+		}
-		if (!limited_read_mpi(&content.u.signature.info.signature.dsa.s, region, pinfo))
+		if (!limited_read_mpi(&pkt.u.signature.info.signature.dsa.s, region, pinfo))
-			ERRP(&pinfo->cbinfo, content, "Error reading DSA s field in signature");
+			ERRP(&pinfo->cbinfo, pkt, "Error reading DSA s field in signature");
 		break;
 	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
-		if (!limited_read_mpi(&content.u.signature.info.signature.elgamal.r, region, pinfo)
+		if (!limited_read_mpi(&pkt.u.signature.info.signature.elgamal.r, region, pinfo)
-		    || !limited_read_mpi(&content.u.signature.info.signature.elgamal.s, region, pinfo))
+		    || !limited_read_mpi(&pkt.u.signature.info.signature.elgamal.s, region, pinfo))
 			return 0;
 		break;
 	case OPS_PKA_PRIVATE00:
 	case OPS_PKA_PRIVATE01:
 	case OPS_PKA_PRIVATE02:
 	case OPS_PKA_PRIVATE03:
 	case OPS_PKA_PRIVATE04:
 	case OPS_PKA_PRIVATE05:
 	case OPS_PKA_PRIVATE06:
 	case OPS_PKA_PRIVATE07:
 	case OPS_PKA_PRIVATE08:
 	case OPS_PKA_PRIVATE09:
 	case OPS_PKA_PRIVATE10:
-		if (!read_data(&content.u.signature.info.signature.unknown.data, region, pinfo))
+		if (!read_data(&pkt.u.signature.info.signature.unknown.data, region, pinfo))
 			return 0;
 		break;
 	default:
 		OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG,
 			    "Bad v4 signature key algorithm (%s)",
-			    __ops_show_pka(content.u.signature.info.key_algorithm));
+			    __ops_show_pka(pkt.u.signature.info.key_algorithm));
 		return 0;
+	}
 	if (region->length_read != region->length) {
 		OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA,
 			    "Unconsumed data (%d)",
 			    region->length - region->length_read);
 		return 0;
+	}
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_FOOTER, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_FOOTER, &pkt);
 	return 1;
+}
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse a signature subpacket.
+ *
  * This function calls the appropriate function to handle v3 or v4 signatures.
+ *
  * Once the signature packet has been parsed successfully, it is passed to the callback.
+ *
  * \param *ptag		Pointer to the Packet Tag.
  * \param *reader	Our reader
  * \param *cb		The callback
  * \return		1 on success, 0 on error
  */
 static int
 parse_signature(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
 	unsigned char   c[1] = "";
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
 	assert(region->length_read == 0);	/* We should not have read
 						 * anything so far */
-	(void) memset(&content, 0x0, sizeof(content));
+	(void) memset(&pkt, 0x0, sizeof(pkt));
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
 	if (c[0] == 2 || c[0] == 3)
 		return parse_v3_signature(region, pinfo);
 	else if (c[0] == 4)
 		return parse_v4_signature(region, pinfo);
 	OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_SIGNATURE_VRSN,
 		    "Bad signature version (%d)", c[0]);
 	return 0;
+}
 /**
  \ingroup Core_ReadPackets
  \brief Parse Compressed packet
 */
 static int
 parse_compressed(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	unsigned char   c[1] = "";
+	__ops_packet_t	pkt;
-	__ops_parser_content_t content;
+	unsigned char		c[1] = "";
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
+	}
-	content.u.compressed.type = c[0];
+	pkt.u.compressed.type = c[0];
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_COMPRESSED, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_COMPRESSED, &pkt);
 	/*
 	 * The content of a compressed data packet is more OpenPGP packets
 	 * once decompressed, so recursively handle them
 	 */
-	return __ops_decompress(region, pinfo, content.u.compressed.type);
+	return __ops_decompress(region, pinfo, pkt.u.compressed.type);
+}
 /* XXX: this could be improved by sharing all hashes that are the */
 /* same, then duping them just before checking the signature. */
 static void
 parse_hash_init(__ops_parse_info_t * pinfo, __ops_hash_algorithm_t type,
 		    const unsigned char *keyid)
+{
 	__ops_parse_hash_info_t *hash;
 	pinfo->hashes = realloc(pinfo->hashes,
 			      (pinfo->nhashes + 1) * sizeof(*pinfo->hashes));
 	hash = &pinfo->hashes[pinfo->nhashes++];
 @@ -2071,895 +2102,961 @@ parse_hash_init(__ops_parse_info_t * pin
 	__ops_hash_any(&hash->hash, type);
 	hash->hash.init(&hash->hash);
 	(void) memcpy(hash->keyid, keyid, sizeof(hash->keyid));
+}
 /**
    \ingroup Core_ReadPackets
    \brief Parse a One Pass Signature packet
 */
 static int
 parse_one_pass(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
 	unsigned char   c[1] = "";
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
-	if (!limited_read(&content.u.one_pass_signature.version, 1, region, pinfo))
+	if (!limited_read(&pkt.u.one_pass_signature.version, 1, region, pinfo))
 		return 0;
-	if (content.u.one_pass_signature.version != 3) {
+	if (pkt.u.one_pass_signature.version != 3) {
 		OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN,
 			    "Bad one-pass signature version (%d)",
-			    content.u.one_pass_signature.version);
+			    pkt.u.one_pass_signature.version);
 		return 0;
+	}
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.one_pass_signature.sig_type = c[0];
+	pkt.u.one_pass_signature.sig_type = c[0];
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.one_pass_signature.hash_algorithm = c[0];
+	pkt.u.one_pass_signature.hash_algorithm = c[0];
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.one_pass_signature.key_algorithm = c[0];
+	pkt.u.one_pass_signature.key_algorithm = c[0];
-	if (!limited_read(content.u.one_pass_signature.keyid,
+	if (!limited_read(pkt.u.one_pass_signature.keyid,
-			  sizeof(content.u.one_pass_signature.keyid), region, pinfo))
+			  sizeof(pkt.u.one_pass_signature.keyid), region, pinfo))
 		return 0;
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.one_pass_signature.nested = !!c[0];
+	pkt.u.one_pass_signature.nested = !!c[0];
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ONE_PASS_SIGNATURE, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ONE_PASS_SIGNATURE, &pkt);
 	/* XXX: we should, perhaps, let the app choose whether to hash or not */
-	parse_hash_init(pinfo, content.u.one_pass_signature.hash_algorithm,
+	parse_hash_init(pinfo, pkt.u.one_pass_signature.hash_algorithm,
-			    content.u.one_pass_signature.keyid);
+			    pkt.u.one_pass_signature.keyid);
 	return 1;
+}
 /**
  \ingroup Core_ReadPackets
  \brief Parse a Trust packet
 */
 static int
 parse_trust(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
-	if (!read_data(&content.u.trust.data, region, pinfo))
+	if (!read_data(&pkt.u.trust.data, region, pinfo))
 		return 0;
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_TRUST, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_TRUST, &pkt);
 	return 1;
+}
 static void
 parse_hash_data(__ops_parse_info_t * pinfo, const void *data,
 		    size_t length)
+{
 	size_t          n;
 	for (n = 0; n < pinfo->nhashes; ++n) {
 		pinfo->hashes[n].hash.add(&pinfo->hashes[n].hash, data, length);
+	}
+}
 /**
    \ingroup Core_ReadPackets
    \brief Parse a Literal Data packet
 */
 static int
 parse_literal_data(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t	 pkt;
 	__ops_memory_t		*mem;
-	unsigned char   c[1] = "";
+	unsigned char		 c[1] = "";
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
 	content.u.literal_data_header.format = c[0];
 	pkt.u.literal_data_header.format = c[0];
-	if (!limited_read(c, 1, region, pinfo))
+	if (!limited_read(c, 1, region, pinfo)) {
 		return 0;
 	if (!limited_read((unsigned char *) content.u.literal_data_header.filename,
-			(unsigned)c[0], region, pinfo))
+	if (!limited_read((unsigned char *)pkt.u.literal_data_header.filename,
 			(unsigned)c[0], region, pinfo)) {
 		return 0;
 	content.u.literal_data_header.filename[c[0]] = '\0';
 	pkt.u.literal_data_header.filename[c[0]] = '\0';
-	if (!limited_read_time(&content.u.literal_data_header.modification_time, region, pinfo))
+	if (!limited_read_time(&pkt.u.literal_data_header.modification_time,
 			region, pinfo)) {
 		return 0;
+	}
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_HEADER, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_HEADER, &pkt);
-	mem = content.u.literal_data_body.mem = __ops_memory_new();
+	mem = pkt.u.literal_data_body.mem = __ops_memory_new();
-	__ops_memory_init(content.u.literal_data_body.mem, (unsigned)(region->length * 1.01) + 12);
+	__ops_memory_init(pkt.u.literal_data_body.mem,
-	content.u.literal_data_body.data = mem->buf;
+			(unsigned)(region->length * 1.01) + 12);
 	pkt.u.literal_data_body.data = mem->buf;
 	while (region->length_read < region->length) {
 		unsigned        readc = region->length - region->length_read;
 		if (!limited_read(mem->buf, readc, region, pinfo)) {
 			return 0;
+		}
-		content.u.literal_data_body.length = readc;
+		pkt.u.literal_data_body.length = readc;
-		parse_hash_data(pinfo, content.u.literal_data_body.data, region->length);
+		parse_hash_data(pinfo, pkt.u.literal_data_body.data,
-		CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_BODY, &content);
+			region->length);
 		CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_BODY,
 			&pkt);
+	}
 	/* XXX - get rid of mem here? */
 	return 1;
+}
 /**
  * \ingroup Core_Create
+ *
  * __ops_secret_key_free() frees the memory associated with "key". Note that
  * the key itself is not freed.
+ *
  * \param key
  */
 void
 __ops_secret_key_free(__ops_secret_key_t * key)
+{
-	switch (key->public_key.algorithm) {
+	switch (key->pubkey.algorithm) {
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
 		free_BN(&key->key.rsa.d);
 		free_BN(&key->key.rsa.p);
 		free_BN(&key->key.rsa.q);
 		free_BN(&key->key.rsa.u);
 		break;
 	case OPS_PKA_DSA:
 		free_BN(&key->key.dsa.x);
 		break;
 	default:
-		fprintf(stderr, "__ops_secret_key_free: Unknown algorithm: %d (%s)\n", key->public_key.algorithm, __ops_show_pka(key->public_key.algorithm));
+		(void) fprintf(stderr,
-		/* assert(0); */
+			"__ops_secret_key_free: Unknown algorithm: %d (%s)\n",
 			key->pubkey.algorithm,
 			__ops_show_pka(key->pubkey.algorithm));
+	}
-	__ops_public_key_free(&key->public_key);
+	__ops_public_key_free(&key->pubkey);
+}
 static int
 consume_packet(__ops_region_t * region, __ops_parse_info_t * pinfo,
 	       bool warn)
+{
-	__ops_data_t      remainder;
+	__ops_packet_t	pkt;
-	__ops_parser_content_t content;
+	__ops_data_t		remainder;
-	if (region->indeterminate)
+	if (region->indeterminate) {
-		ERRP(&pinfo->cbinfo, content, "Can't consume indeterminate packets");
+		ERRP(&pinfo->cbinfo, pkt, "Can't consume indeterminate packets");
+	}
 #if 0
 	if (read_data(&remainder, region, pinfo)) {
 		/* now throw it away */
 		data_free(&remainder);
-		if (warn)
+		if (warn) {
-			OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_CONSUMED, "Warning: packet consumer");
+			OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_CONSUMED,
-	} else if (warn)
+				"Warning: packet consumer");
 		OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED, "Warning: Packet was not consumed");
-	else {
+	} else if (warn) {
-		OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED, "Packet was not consumed");
+		OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED,
 			"Warning: Packet was not consumed");
 	} else {
 		OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED,
 			"Packet was not consumed");
 		return 0;
+	}
 	return 1;
 #else
 	if (read_data(&remainder, region, pinfo)) {
 		/* now throw it away */
 		data_free(&remainder);
 		if (warn) {
 			OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_CONSUMED,
 				"Warning: packet consumer");
+		}
 		return 1;
+	}
 	OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED,
 			(warn) ? "Warning: Packet was not consumed" :
 				"Packet was not consumed");
 	return warn;
 #endif
+}
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse a secret key
  */
 static int
 parse_secret_key(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t	content;
+	__ops_packet_t	pkt;
 	__ops_region_t		encregion;
 	__ops_region_t	       *saved_region = NULL;
 	unsigned char		c[1] = "";
 	__ops_crypt_t		decrypt;
 	__ops_hash_t		checkhash;
 	unsigned		blocksize;
 #if 0
 	size_t			checksum_length = 2;
 #endif
 	bool			crypted;
 	int			ret = 1;
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "\n---------\nparse_secret_key:\n");
 		fprintf(stderr, "region length=%d, length_read=%d, remainder=%d\n", region->length, region->length_read, region->length - region->length_read);
+	}
-	(void) memset(&content, 0x0, sizeof(content));
+	(void) memset(&pkt, 0x0, sizeof(pkt));
-	if (!parse_public_key_data(&content.u.secret_key.public_key, region, pinfo))
+	if (!parse_public_key_data(&pkt.u.secret_key.pubkey, region, pinfo))
 		return 0;
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "parse_secret_key: public key parsed\n");
-		__ops_print_public_key(&content.u.secret_key.public_key);
+		__ops_print_public_key(&pkt.u.secret_key.pubkey);
+	}
-	pinfo->reading_v3_secret = content.u.secret_key.public_key.version != OPS_V4;
+	pinfo->reading_v3_secret = pkt.u.secret_key.pubkey.version != OPS_V4;
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.secret_key.s2k_usage = c[0];
+	pkt.u.secret_key.s2k_usage = c[0];
 #if 0
-	if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
+	if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
 		checksum_length = 20;
 #endif
-	if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED
+	if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED ||
-	    || content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) {
+	    pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) {
-		if (!limited_read(c, 1, region, pinfo))
+		if (!limited_read(c, 1, region, pinfo)) {
 			return 0;
 		content.u.secret_key.algorithm = c[0];
 		pkt.u.secret_key.algorithm = c[0];
-		if (!limited_read(c, 1, region, pinfo))
+		if (!limited_read(c, 1, region, pinfo)) {
 			return 0;
 		content.u.secret_key.s2k_specifier = c[0];
 		pkt.u.secret_key.s2k_specifier = c[0];
-		assert(content.u.secret_key.s2k_specifier == OPS_S2KS_SIMPLE
+		assert(pkt.u.secret_key.s2k_specifier == OPS_S2KS_SIMPLE ||
-		       || content.u.secret_key.s2k_specifier == OPS_S2KS_SALTED
+		       pkt.u.secret_key.s2k_specifier == OPS_S2KS_SALTED ||
-		       || content.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED);
+		       pkt.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED);
-		if (!limited_read(c, 1, region, pinfo))
+		if (!limited_read(c, 1, region, pinfo)) {
 			return 0;
 		content.u.secret_key.hash_algorithm = c[0];
 		pkt.u.secret_key.hash_algorithm = c[0];
-		if (content.u.secret_key.s2k_specifier != OPS_S2KS_SIMPLE
+		if (pkt.u.secret_key.s2k_specifier != OPS_S2KS_SIMPLE &&
-		    && !limited_read(content.u.secret_key.salt, 8, region, pinfo)) {
+		    !limited_read(pkt.u.secret_key.salt, 8, region,
 		    		pinfo)) {
 			return 0;
+		}
-		if (content.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED) {
+		if (pkt.u.secret_key.s2k_specifier ==
-			if (!limited_read(c, 1, region, pinfo))
+					OPS_S2KS_ITERATED_AND_SALTED) {
 			if (!limited_read(c, 1, region, pinfo)) {
 				return 0;
 			content.u.secret_key.octet_count = (16 + ((unsigned)c[0] & 15)) << (((unsigned)c[0] >> 4) + 6);
 			pkt.u.secret_key.octet_count =
 				(16 + ((unsigned)c[0] & 15)) <<
 						(((unsigned)c[0] >> 4) + 6);
+		}
-	} else if (content.u.secret_key.s2k_usage != OPS_S2KU_NONE) {
+	} else if (pkt.u.secret_key.s2k_usage != OPS_S2KU_NONE) {
 		/* this is V3 style, looks just like a V4 simple hash */
-#if 0
+		pkt.u.secret_key.algorithm = c[0];
-		content.u.secret_key.algorithm = content.u.secret_key.s2k_usage;
+		pkt.u.secret_key.s2k_usage = OPS_S2KU_ENCRYPTED;
-#else
+		pkt.u.secret_key.s2k_specifier = OPS_S2KS_SIMPLE;
-		/* XXX - if we get problems, this may be the source - agc */
+		pkt.u.secret_key.hash_algorithm = OPS_HASH_MD5;
 		content.u.secret_key.algorithm = c[0];
 #endif
 		content.u.secret_key.s2k_usage = OPS_S2KU_ENCRYPTED;
 		content.u.secret_key.s2k_specifier = OPS_S2KS_SIMPLE;
 		content.u.secret_key.hash_algorithm = OPS_HASH_MD5;
+	}
-	crypted = content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED
+	crypted = pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED ||
-		|| content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED;
+		pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED;
 	if (crypted) {
 		int             n;
-		__ops_parser_content_t seckey;
+		__ops_packet_t seckey;
 		char           *passphrase;
 		unsigned char   key[OPS_MAX_KEY_SIZE + OPS_MAX_HASH_SIZE];
 		__ops_hash_t	hashes[(OPS_MAX_KEY_SIZE + OPS_MIN_HASH_SIZE - 1) / OPS_MIN_HASH_SIZE];
 		size_t          passlen;
 		int             keysize;
 		int             hashsize;
 		size_t          len;
-		blocksize = __ops_block_size(content.u.secret_key.algorithm);
+		blocksize = __ops_block_size(pkt.u.secret_key.algorithm);
 		assert(blocksize > 0 && blocksize <= OPS_MAX_BLOCK_SIZE);
-		if (!limited_read(content.u.secret_key.iv, blocksize, region, pinfo))
+		if (!limited_read(pkt.u.secret_key.iv, blocksize, region,
 				pinfo)) {
 			return 0;
+		}
 		(void) memset(&seckey, 0x0, sizeof(seckey));
 		passphrase = NULL;
-		seckey.u.secret_key_passphrase.passphrase = &passphrase;
+		seckey.u.skey_passphrase.passphrase = &passphrase;
-		seckey.u.secret_key_passphrase.secret_key = &content.u.secret_key;
+		seckey.u.skey_passphrase.secret_key =
-		CALLBACK(&pinfo->cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, &seckey);
+				&pkt.u.secret_key;
 		CALLBACK(&pinfo->cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE,
 				&seckey);
 		if (!passphrase) {
 			if (__ops_get_debug_level(__FILE__)) {
 				/* \todo make into proper error */
-				fprintf(stderr, "parse_secret_key: can't get passphrase\n");
+				(void) fprintf(stderr,
 				"parse_secret_key: can't get passphrase\n");
+			}
-			if (!consume_packet(region, pinfo, false))
+			if (!consume_packet(region, pinfo, false)) {
 				return 0;
+			}
-			CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, &content);
+			CALLBACK(&pinfo->cbinfo,
 				OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, &pkt);
 			return 1;
+		}
-		keysize = __ops_key_size(content.u.secret_key.algorithm);
+		keysize = __ops_key_size(pkt.u.secret_key.algorithm);
 		assert(keysize > 0 && keysize <= OPS_MAX_KEY_SIZE);
-		hashsize = __ops_hash_size(content.u.secret_key.hash_algorithm);
+		hashsize = __ops_hash_size(pkt.u.secret_key.hash_algorithm);
 		assert(hashsize > 0 && hashsize <= OPS_MAX_HASH_SIZE);
 		for (n = 0; n * hashsize < keysize; ++n) {
 			int             i;
-			__ops_hash_any(&hashes[n], content.u.secret_key.hash_algorithm);
+			__ops_hash_any(&hashes[n],
 				pkt.u.secret_key.hash_algorithm);
 			hashes[n].init(&hashes[n]);
 			/* preload hashes with zeroes... */
-			for (i = 0; i < n; ++i)
+			for (i = 0; i < n; ++i) {
-				hashes[n].add(&hashes[n], (const unsigned char *) "", 1);
+				hashes[n].add(&hashes[n],
 					(const unsigned char *) "", 1);
+			}
+		}
-		len = strlen(passphrase);
+		passlen = strlen(passphrase);
 		for (n = 0; n * hashsize < keysize; ++n) {
 			unsigned        i;
-			switch (content.u.secret_key.s2k_specifier) {
+			switch (pkt.u.secret_key.s2k_specifier) {
 			case OPS_S2KS_SALTED:
-				hashes[n].add(&hashes[n], content.u.secret_key.salt, OPS_SALT_SIZE);
+				hashes[n].add(&hashes[n],
 					pkt.u.secret_key.salt,
 					OPS_SALT_SIZE);
 				/* FALLTHROUGH */
 			case OPS_S2KS_SIMPLE:
-				hashes[n].add(&hashes[n], (unsigned char *) passphrase, len);
+				hashes[n].add(&hashes[n],
 					(unsigned char *) passphrase, passlen);
 				break;
 			case OPS_S2KS_ITERATED_AND_SALTED:
-				for (i = 0; i < content.u.secret_key.octet_count; i += len + OPS_SALT_SIZE) {
+				for (i = 0; i < pkt.u.secret_key.octet_count; i += passlen + OPS_SALT_SIZE) {
-					unsigned	j = len + OPS_SALT_SIZE;
+					unsigned	j = passlen + OPS_SALT_SIZE;
 					if (i + j > content.u.secret_key.octet_count && i != 0)
 						j = content.u.secret_key.octet_count - i;
 					if (i + j > pkt.u.secret_key.octet_count && i != 0) {
 						j = pkt.u.secret_key.octet_count - i;
+					}
 					hashes[n].add(&hashes[n],
-						content.u.secret_key.salt,
+						pkt.u.secret_key.salt,
 						(unsigned)(j > OPS_SALT_SIZE) ?
 							OPS_SALT_SIZE : j);
-					if (j > OPS_SALT_SIZE)
+					if (j > OPS_SALT_SIZE) {
-						hashes[n].add(&hashes[n], (unsigned char *) passphrase, j - OPS_SALT_SIZE);
+						hashes[n].add(&hashes[n],
 						(unsigned char *) passphrase,
 						j - OPS_SALT_SIZE);
+					}
+				}
+			}
+		}
 		for (n = 0; n * hashsize < keysize; ++n) {
-			int             r = hashes[n].finish(&hashes[n], key + n * hashsize);
+			int	r;
 			r = hashes[n].finish(&hashes[n], key + n * hashsize);
 			assert(r == hashsize);
+		}
-		free(passphrase);
+		(void) memset(passphrase, 0x0, passlen);
 		(void) free(passphrase);
-		__ops_crypt_any(&decrypt, content.u.secret_key.algorithm);
+		__ops_crypt_any(&decrypt, pkt.u.secret_key.algorithm);
 		if (__ops_get_debug_level(__FILE__)) {
 			unsigned int    i = 0;
 			fprintf(stderr, "\nREADING:\niv=");
-			for (i = 0; i < __ops_block_size(content.u.secret_key.algorithm); i++) {
+			for (i = 0; i < __ops_block_size(pkt.u.secret_key.algorithm); i++) {
-				fprintf(stderr, "%02x ", content.u.secret_key.iv[i]);
+				fprintf(stderr, "%02x ", pkt.u.secret_key.iv[i]);
+			}
 			fprintf(stderr, "\n");
 			fprintf(stderr, "key=");
 			for (i = 0; i < CAST_KEY_LENGTH; i++) {
 				fprintf(stderr, "%02x ", key[i]);
+			}
 			fprintf(stderr, "\n");
+		}
-		decrypt.set_iv(&decrypt, content.u.secret_key.iv);
+		decrypt.set_iv(&decrypt, pkt.u.secret_key.iv);
 		decrypt.set_key(&decrypt, key);
 		/* now read encrypted data */
 		__ops_reader_push_decrypt(pinfo, &decrypt, region);
 		/*
 		 * Since all known encryption for PGP doesn't compress, we
 		 * can limit to the same length as the current region (for
 		 * now).
 		 */
 		__ops_init_subregion(&encregion, NULL);
 		encregion.length = region->length - region->length_read;
-		if (content.u.secret_key.public_key.version != OPS_V4) {
+		if (pkt.u.secret_key.pubkey.version != OPS_V4) {
 			encregion.length -= 2;
+		}
 		saved_region = region;
 		region = &encregion;
+	}
-	if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) {
+	if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) {
 		__ops_hash_sha1(&checkhash);
 		__ops_reader_push_hash(pinfo, &checkhash);
 	} else {
 		__ops_reader_push_sum16(pinfo);
+	}
-	switch (content.u.secret_key.public_key.algorithm) {
+	switch (pkt.u.secret_key.pubkey.algorithm) {
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
-		if (!limited_read_mpi(&content.u.secret_key.key.rsa.d, region, pinfo)
+		if (!limited_read_mpi(&pkt.u.secret_key.key.rsa.d, region,
-		|| !limited_read_mpi(&content.u.secret_key.key.rsa.p, region, pinfo)
+					pinfo) ||
-		|| !limited_read_mpi(&content.u.secret_key.key.rsa.q, region, pinfo)
+		    !limited_read_mpi(&pkt.u.secret_key.key.rsa.p, region,
-		|| !limited_read_mpi(&content.u.secret_key.key.rsa.u, region, pinfo))
+		    			pinfo) ||
 		    !limited_read_mpi(&pkt.u.secret_key.key.rsa.q, region,
 		    			pinfo) ||
 		    !limited_read_mpi(&pkt.u.secret_key.key.rsa.u, region,
 		    			pinfo)) {
 			ret = 0;
+		}
 		break;
 	case OPS_PKA_DSA:
-		if (!limited_read_mpi(&content.u.secret_key.key.dsa.x, region, pinfo))
+		if (!limited_read_mpi(&pkt.u.secret_key.key.dsa.x, region,
 				pinfo)) {
 			ret = 0;
+		}
 		break;
 	default:
-		OPS_ERROR_2(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, "Unsupported Public Key algorithm %d (%s)", content.u.secret_key.public_key.algorithm, __ops_show_pka(content.u.secret_key.public_key.algorithm));
+		OPS_ERROR_2(&pinfo->errors,
 			OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
 			"Unsupported Public Key algorithm %d (%s)",
 			pkt.u.secret_key.pubkey.algorithm,
 			__ops_show_pka(pkt.u.secret_key.pubkey.algorithm));
 		ret = 0;
 		/* assert(0); */
+	}
 	if (__ops_get_debug_level(__FILE__)) {
-		fprintf(stderr, "4 MPIs read\n");
+		(void) fprintf(stderr, "4 MPIs read\n");
 		/*
 		 * __ops_print_secret_key_verbose(OPS_PTAG_CT_SECRET_KEY,
 		 * &content.u.secret_key);
 		 */
+	}
 	pinfo->reading_v3_secret = false;
-	if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) {
+	if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) {
 		unsigned char   hash[20];
 		__ops_reader_pop_hash(pinfo);
 		checkhash.finish(&checkhash, hash);
-		if (crypted && content.u.secret_key.public_key.version != OPS_V4) {
+		if (crypted &&
 		    pkt.u.secret_key.pubkey.version != OPS_V4) {
 			__ops_reader_pop_decrypt(pinfo);
 			region = saved_region;
+		}
 		if (ret) {
-			if (!limited_read(content.u.secret_key.checkhash, 20, region, pinfo))
+			if (!limited_read(pkt.u.secret_key.checkhash,
 , region, pinfo)) {
 				return 0;
+			}
-			if (memcmp(hash, content.u.secret_key.checkhash, 20))
+			if (memcmp(hash, pkt.u.secret_key.checkhash, 20)) {
-				ERRP(&pinfo->cbinfo, content, "Hash mismatch in secret key");
+				ERRP(&pinfo->cbinfo, pkt,
 					"Hash mismatch in secret key");
+			}
+		}
 	} else {
 		unsigned short  sum;
 		sum = __ops_reader_pop_sum16(pinfo);
 		if (crypted &&
-		if (crypted && content.u.secret_key.public_key.version != OPS_V4) {
+		    pkt.u.secret_key.pubkey.version != OPS_V4) {
 			__ops_reader_pop_decrypt(pinfo);
 			region = saved_region;
+		}
 		if (ret) {
-			if (!limited_read_scalar(&content.u.secret_key.checksum, 2, region,
+			if (!limited_read_scalar(&pkt.u.secret_key.checksum, 2, region,
 						 pinfo))
 				return 0;
-			if (sum != content.u.secret_key.checksum)
+			if (sum != pkt.u.secret_key.checksum)
-				ERRP(&pinfo->cbinfo, content, "Checksum mismatch in secret key");
+				ERRP(&pinfo->cbinfo, pkt, "Checksum mismatch in secret key");
+		}
+	}
-	if (crypted && content.u.secret_key.public_key.version == OPS_V4) {
+	if (crypted && pkt.u.secret_key.pubkey.version == OPS_V4) {
 		__ops_reader_pop_decrypt(pinfo);
+	}
 	assert(!ret || region->length_read == region->length);
 	if (!ret)
 		return 0;
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SECRET_KEY, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SECRET_KEY, &pkt);
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "--- end of parse_secret_key\n\n");
+	}
 	return 1;
+}
 /**
    \ingroup Core_ReadPackets
    \brief Parse a Public Key Session Key packet
 */
 static int
 parse_pk_session_key(__ops_region_t * region,
 		     __ops_parse_info_t * pinfo)
+{
-	unsigned char   c[1] = "";
+	const __ops_secret_key_t	*secret;
-	__ops_parser_content_t content;
+	__ops_packet_t		 sesskey;
-	__ops_parser_content_t sesskey;
+	__ops_packet_t		 pkt;
 	unsigned char			*iv;
-	int             n;
+	unsigned char		   	 c[1] = "";
-	BIGNUM         *enc_m;
+	unsigned char			 cs[2];
-	unsigned        k;
+	unsigned			 k;
-	const __ops_secret_key_t *secret;
+	BIGNUM				*enc_m;
-	unsigned char   cs[2];
+	int				 n;
 	unsigned char  *iv;
 	/* Can't rely on it being CAST5 */
 	/* \todo FIXME RW */
 	/* const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2; */
 	unsigned char   unencoded_m_buf[1024];
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.pk_session_key.version = c[0];
+	pkt.u.pk_session_key.version = c[0];
-	if (content.u.pk_session_key.version != OPS_PKSK_V3) {
+	if (pkt.u.pk_session_key.version != OPS_PKSK_V3) {
 		OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_PKSK_VRSN,
 			"Bad public-key encrypted session key version (%d)",
-			    content.u.pk_session_key.version);
+			    pkt.u.pk_session_key.version);
 		return 0;
+	}
-	if (!limited_read(content.u.pk_session_key.key_id,
+	if (!limited_read(pkt.u.pk_session_key.key_id,
-			  sizeof(content.u.pk_session_key.key_id), region, pinfo)) {
+			  sizeof(pkt.u.pk_session_key.key_id), region, pinfo)) {
 		return 0;
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		int             i;
-		int             x = sizeof(content.u.pk_session_key.key_id);
+		int             x = sizeof(pkt.u.pk_session_key.key_id);
 		printf("session key: public key id: x=%d\n", x);
 		for (i = 0; i < x; i++)
-			printf("%2x ", content.u.pk_session_key.key_id[i]);
+			printf("%2x ", pkt.u.pk_session_key.key_id[i]);
 		printf("\n");
+	}
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.pk_session_key.algorithm = c[0];
+	pkt.u.pk_session_key.algorithm = c[0];
-	switch (content.u.pk_session_key.algorithm) {
+	switch (pkt.u.pk_session_key.algorithm) {
 	case OPS_PKA_RSA:
-		if (!limited_read_mpi(&content.u.pk_session_key.parameters.rsa.encrypted_m,
+		if (!limited_read_mpi(&pkt.u.pk_session_key.parameters.rsa.encrypted_m,
 				      region, pinfo)) {
 			return 0;
+		}
-		enc_m = content.u.pk_session_key.parameters.rsa.encrypted_m;
+		enc_m = pkt.u.pk_session_key.parameters.rsa.encrypted_m;
 		break;
 	case OPS_PKA_ELGAMAL:
-		if (!limited_read_mpi(&content.u.pk_session_key.parameters.elgamal.g_to_k,
+		if (!limited_read_mpi(&pkt.u.pk_session_key.parameters.elgamal.g_to_k,
 				      region, pinfo)
-		    || !limited_read_mpi(&content.u.pk_session_key.parameters.elgamal.encrypted_m,
+		    || !limited_read_mpi(&pkt.u.pk_session_key.parameters.elgamal.encrypted_m,
 					 region, pinfo)) {
 			return 0;
+		}
-		enc_m = content.u.pk_session_key.parameters.elgamal.encrypted_m;
+		enc_m = pkt.u.pk_session_key.parameters.elgamal.encrypted_m;
 		break;
 	default:
 		OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
 			 "Unknown public key algorithm in session key (%s)",
-			    __ops_show_pka(content.u.pk_session_key.algorithm));
+			    __ops_show_pka(pkt.u.pk_session_key.algorithm));
 		return 0;
+	}
 	(void) memset(&sesskey, 0x0, sizeof(sesskey));
 	secret = NULL;
 	sesskey.u.get_secret_key.secret_key = &secret;
-	sesskey.u.get_secret_key.pk_session_key = &content.u.pk_session_key;
+	sesskey.u.get_secret_key.pk_session_key = &pkt.u.pk_session_key;
 	CALLBACK(&pinfo->cbinfo, OPS_PARSER_CMD_GET_SECRET_KEY, &sesskey);
 	if (!secret) {
-		CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &content);
+		CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &pkt);
 		return 1;
+	}
 	/* n=__ops_decrypt_mpi(buf,sizeof(buf),enc_m,secret); */
 	n = __ops_decrypt_and_unencode_mpi(unencoded_m_buf,
 		sizeof(unencoded_m_buf), enc_m, secret);
 	if (n < 1) {
-		ERRP(&pinfo->cbinfo, content, "decrypted message too short");
+		ERRP(&pinfo->cbinfo, pkt, "decrypted message too short");
 		return 0;
+	}
 	/* PKA */
-	content.u.pk_session_key.symmetric_algorithm = unencoded_m_buf[0];
+	pkt.u.pk_session_key.symmetric_algorithm = unencoded_m_buf[0];
-	if (!__ops_is_sa_supported(content.u.pk_session_key.symmetric_algorithm)) {
+	if (!__ops_is_sa_supported(pkt.u.pk_session_key.symmetric_algorithm)) {
 		/* ERR1P */
 		OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG,
 			    "Symmetric algorithm %s not supported",
-			    __ops_show_symmetric_algorithm(content.u.pk_session_key.symmetric_algorithm));
+			    __ops_show_symmetric_algorithm(pkt.u.pk_session_key.symmetric_algorithm));
 		return 0;
+	}
-	k = __ops_key_size(content.u.pk_session_key.symmetric_algorithm);
+	k = __ops_key_size(pkt.u.pk_session_key.symmetric_algorithm);
 	if ((unsigned) n != k + 3) {
 		OPS_ERROR_2(&pinfo->errors, OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN,
 		      "decrypted message wrong length (got %d expected %d)",
 			    n, k + 3);
 		return 0;
+	}
-	assert(k <= sizeof(content.u.pk_session_key.key));
+	assert(k <= sizeof(pkt.u.pk_session_key.key));
-	(void) memcpy(content.u.pk_session_key.key, unencoded_m_buf + 1, k);
+	(void) memcpy(pkt.u.pk_session_key.key, unencoded_m_buf + 1, k);
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    j;
 		printf("session key recovered (len=%d):\n", k);
 		for (j = 0; j < k; j++)
-			printf("%2x ", content.u.pk_session_key.key[j]);
+			printf("%2x ", pkt.u.pk_session_key.key[j]);
 		printf("\n");
+	}
-	content.u.pk_session_key.checksum = unencoded_m_buf[k + 1] + (unencoded_m_buf[k + 2] << 8);
+	pkt.u.pk_session_key.checksum = unencoded_m_buf[k + 1] + (unencoded_m_buf[k + 2] << 8);
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("session key checksum: %2x %2x\n", unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]);
+	}
 	/* Check checksum */
-	__ops_calc_session_key_checksum(&content.u.pk_session_key, &cs[0]);
+	__ops_calc_session_key_checksum(&pkt.u.pk_session_key, &cs[0]);
 	if (unencoded_m_buf[k + 1] != cs[0] || unencoded_m_buf[k + 2] != cs[1]) {
 		OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SK_CHECKSUM,
 		"Session key checksum wrong: expected %2x %2x, got %2x %2x",
 			    cs[0], cs[1], unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]);
 		return 0;
+	}
 	/* all is well */
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_PK_SESSION_KEY, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_PK_SESSION_KEY, &pkt);
-	__ops_crypt_any(&pinfo->decrypt, content.u.pk_session_key.symmetric_algorithm);
+	__ops_crypt_any(&pinfo->decrypt, pkt.u.pk_session_key.symmetric_algorithm);
 	iv = calloc(1, pinfo->decrypt.blocksize);
 	pinfo->decrypt.set_iv(&pinfo->decrypt, iv);
-	pinfo->decrypt.set_key(&pinfo->decrypt, content.u.pk_session_key.key);
+	pinfo->decrypt.set_key(&pinfo->decrypt, pkt.u.pk_session_key.key);
 	__ops_encrypt_init(&pinfo->decrypt);
 	(void) free(iv);
 	return 1;
+}
 static int
 __ops_decrypt_se_data(__ops_content_tag_t tag, __ops_region_t * region,
 		    __ops_parse_info_t * pinfo)
+{
 	int             r = 1;
 	__ops_crypt_t    *decrypt = __ops_parse_get_decrypt(pinfo);
 	if (decrypt) {
 		unsigned char   buf[OPS_MAX_BLOCK_SIZE + 2] = "";
 		size_t          b = decrypt->blocksize;
-		/* __ops_parser_content_t content; */
+		/* __ops_packet_t pkt; */
 		__ops_region_t    encregion;
 		__ops_reader_push_decrypt(pinfo, decrypt, region);
 		__ops_init_subregion(&encregion, NULL);
 		encregion.length = b + 2;
 		if (!exact_limited_read(buf, b + 2, &encregion, pinfo))
 			return 0;
 		if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) {
 			__ops_reader_pop_decrypt(pinfo);
 			OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT,
 			     "Bad symmetric decrypt (%02x%02x vs %02x%02x)",
 				buf[b - 2], buf[b - 1], buf[b], buf[b + 1]);
 			return 0;
+		}
 		if (tag == OPS_PTAG_CT_SE_DATA_BODY) {
 			decrypt->decrypt_resync(decrypt);
 			decrypt->block_encrypt(decrypt, decrypt->civ, decrypt->civ);
+		}
-		r = __ops_parse(pinfo);
+		r = __ops_parse(pinfo, 0);
 		__ops_reader_pop_decrypt(pinfo);
 	} else {
-		__ops_parser_content_t content;
+		__ops_packet_t pkt;
 		while (region->length_read < region->length) {
 			unsigned        len = region->length - region->length_read;
-			if (len > sizeof(content.u.se_data_body.data))
+			if (len > sizeof(pkt.u.se_data_body.data))
-				len = sizeof(content.u.se_data_body.data);
+				len = sizeof(pkt.u.se_data_body.data);
-			if (!limited_read(content.u.se_data_body.data, len, region, pinfo))
+			if (!limited_read(pkt.u.se_data_body.data, len, region, pinfo))
 				return 0;
-			content.u.se_data_body.length = len;
+			pkt.u.se_data_body.length = len;
-			CALLBACK(&pinfo->cbinfo, tag, &content);
+			CALLBACK(&pinfo->cbinfo, tag, &pkt);
+		}
+	}
 	return r;
+}
 static int
 __ops_decrypt_se_ip_data(__ops_content_tag_t tag, __ops_region_t * region,
 		       __ops_parse_info_t * pinfo)
+{
 	int             r = 1;
 	__ops_crypt_t    *decrypt = __ops_parse_get_decrypt(pinfo);
 	if (decrypt) {
 		__ops_reader_push_decrypt(pinfo, decrypt, region);
 		__ops_reader_push_se_ip_data(pinfo, decrypt, region);
-		r = __ops_parse(pinfo);
+		r = __ops_parse(pinfo, 0);
 		/* assert(0); */
 		__ops_reader_pop_se_ip_data(pinfo);
 		__ops_reader_pop_decrypt(pinfo);
 	} else {
-		__ops_parser_content_t content;
+		__ops_packet_t pkt;
 		while (region->length_read < region->length) {
 			unsigned        len = region->length - region->length_read;
-			if (len > sizeof(content.u.se_data_body.data))
+			if (len > sizeof(pkt.u.se_data_body.data)) {
-				len = sizeof(content.u.se_data_body.data);
+				len = sizeof(pkt.u.se_data_body.data);
+			}
-			if (!limited_read(content.u.se_data_body.data, len, region, pinfo))
+			if (!limited_read(pkt.u.se_data_body.data,
 					len, region, pinfo)) {
 				return 0;
+			}
-			content.u.se_data_body.length = len;
+			pkt.u.se_data_body.length = len;
-			CALLBACK(&pinfo->cbinfo, tag, &content);
+			CALLBACK(&pinfo->cbinfo, tag, &pkt);
+		}
+	}
 	return r;
+}
 /**
    \ingroup Core_ReadPackets
    \brief Read a Symmetrically Encrypted packet
 */
 static int
 parse_se_data(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
 	/* there's no info to go with this, so just announce it */
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SE_DATA_HEADER, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SE_DATA_HEADER, &pkt);
 	/*
 	 * The content of an encrypted data packet is more OpenPGP packets
 	 * once decrypted, so recursively handle them
 	 */
 	return __ops_decrypt_se_data(OPS_PTAG_CT_SE_DATA_BODY, region, pinfo);
+}
 /**
    \ingroup Core_ReadPackets
    \brief Read a Symmetrically Encrypted Integrity Protected packet
 */
 static int
 parse_se_ip_data(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
 	unsigned char   c[1] = "";
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
 	if (!limited_read(c, 1, region, pinfo))
 		return 0;
-	content.u.se_ip_data_header.version = c[0];
+	pkt.u.se_ip_data_header.version = c[0];
-	assert(content.u.se_ip_data_header.version == OPS_SE_IP_V1);
+	assert(pkt.u.se_ip_data_header.version == OPS_SE_IP_V1);
 	/*
 	 * The content of an encrypted data packet is more OpenPGP packets
 	 * once decrypted, so recursively handle them
 	 */
 	return __ops_decrypt_se_ip_data(OPS_PTAG_CT_SE_IP_DATA_BODY, region, pinfo);
+}
 /**
    \ingroup Core_ReadPackets
    \brief Read a MDC packet
 */
 static int
 parse_mdc(__ops_region_t * region, __ops_parse_info_t * pinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t pkt;
-	if (!limited_read((unsigned char *)(void *)&content.u.mdc,
+	if (!limited_read((unsigned char *)(void *)&pkt.u.mdc,
 			OPS_SHA1_HASH_SIZE, region, pinfo))
 		return 0;
-	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_MDC, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_MDC, &pkt);
 	return 1;
+}
 /**
  * \ingroup Core_ReadPackets
  * \brief Parse one packet.
+ *
  * This function parses the packet tag.  It computes the value of the
  * content tag and then calls the appropriate function to handle the
  * content.
+ *
  * \param *pinfo	How to parse
  * \param *pktlen	On return, will contain number of bytes in packet
  * \return 1 on success, 0 on error, -1 on EOF */
 static int
 __ops_parse_packet(__ops_parse_info_t * pinfo, unsigned long *pktlen)
+{
-	__ops_parser_content_t	content;
+	__ops_packet_t	pkt;
 	unsigned char		ptag[1];
 	__ops_region_t		region;
 	unsigned char		ptag[1];
 	bool			indeterminate = false;
 	int			ret;
-	content.u.ptag.position = pinfo->rinfo.position;
+	pkt.u.ptag.position = pinfo->rinfo.position;
 	ret = base_read(ptag, 1, pinfo);
 	if (__ops_get_debug_level(__FILE__)) {
-		(void) fprintf(stderr, "__ops_parse_packet: base_read returned %d\n",
+		(void) fprintf(stderr,
-			       ret);
+			"__ops_parse_packet: base_read returned %d\n",
 			ret);
+	}
 	/* errors in the base read are effectively EOF. */
 	if (ret <= 0) {
 		return -1;
+	}
 	*pktlen = 0;
 	if (!(*ptag & OPS_PTAG_ALWAYS_SET)) {
-		content.u.error.error = "Format error (ptag bit not set)";
+		pkt.u.error.error = "Format error (ptag bit not set)";
-		CALLBACK(&pinfo->cbinfo, OPS_PARSER_ERROR, &content);
+		CALLBACK(&pinfo->cbinfo, OPS_PARSER_ERROR, &pkt);
 		return 0;
+	}
-	content.u.ptag.new_format = !!(*ptag & OPS_PTAG_NEW_FORMAT);
+	pkt.u.ptag.new_format = !!(*ptag & OPS_PTAG_NEW_FORMAT);
-	if (content.u.ptag.new_format) {
+	if (pkt.u.ptag.new_format) {
-		content.u.ptag.content_tag = *ptag & OPS_PTAG_NF_CONTENT_TAG_MASK;
+		pkt.u.ptag.content_tag =
-		content.u.ptag.length_type = 0;
+			*ptag & OPS_PTAG_NF_CONTENT_TAG_MASK;
-		if (!read_new_length(&content.u.ptag.length, pinfo)) {
+		pkt.u.ptag.length_type = 0;
 		if (!read_new_length(&pkt.u.ptag.length, pinfo)) {
 			return 0;
+		}
 	} else {
 		bool   rb;
 		rb = false;
-		content.u.ptag.content_tag = ((unsigned)*ptag &
+		pkt.u.ptag.content_tag = ((unsigned)*ptag &
 				OPS_PTAG_OF_CONTENT_TAG_MASK)
 			>> OPS_PTAG_OF_CONTENT_TAG_SHIFT;
-		content.u.ptag.length_type = *ptag & OPS_PTAG_OF_LENGTH_TYPE_MASK;
+		pkt.u.ptag.length_type =
-		switch (content.u.ptag.length_type) {
+			*ptag & OPS_PTAG_OF_LENGTH_TYPE_MASK;
 		switch (pkt.u.ptag.length_type) {
 		case OPS_PTAG_OLD_LEN_1:
-			rb = _read_scalar(&content.u.ptag.length, 1, pinfo);
+			rb = _read_scalar(&pkt.u.ptag.length, 1, pinfo);
 			break;
 		case OPS_PTAG_OLD_LEN_2:
-			rb = _read_scalar(&content.u.ptag.length, 2, pinfo);
+			rb = _read_scalar(&pkt.u.ptag.length, 2, pinfo);
 			break;
 		case OPS_PTAG_OLD_LEN_4:
-			rb = _read_scalar(&content.u.ptag.length, 4, pinfo);
+			rb = _read_scalar(&pkt.u.ptag.length, 4, pinfo);
 			break;
 		case OPS_PTAG_OLD_LEN_INDETERMINATE:
-			content.u.ptag.length = 0;
+			pkt.u.ptag.length = 0;
 			indeterminate = true;
 			rb = true;
 			break;
+		}
 		if (!rb) {
 			return 0;
+		}
+	}
-	CALLBACK(&pinfo->cbinfo, OPS_PARSER_PTAG, &content);
+	CALLBACK(&pinfo->cbinfo, OPS_PARSER_PTAG, &pkt);
 	__ops_init_subregion(&region, NULL);
-	region.length = content.u.ptag.length;
+	region.length = pkt.u.ptag.length;
 	region.indeterminate = indeterminate;
 	if (__ops_get_debug_level(__FILE__)) {
 		(void) fprintf(stderr, "__ops_parse_packet: content_tag %d\n",
-			       content.u.ptag.content_tag);
+			       pkt.u.ptag.content_tag);
+	}
-	switch (content.u.ptag.content_tag) {
+	switch (pkt.u.ptag.content_tag) {
 	case OPS_PTAG_CT_SIGNATURE:
 		ret = parse_signature(&region, pinfo);
 		break;
 	case OPS_PTAG_CT_PUBLIC_KEY:
 	case OPS_PTAG_CT_PUBLIC_SUBKEY:
-		ret = parse_public_key(content.u.ptag.content_tag, &region, pinfo);
+		ret = parse_public_key(pkt.u.ptag.content_tag, &region,
 				pinfo);
 		break;
 	case OPS_PTAG_CT_TRUST:
 		ret = parse_trust(&region, pinfo);
 		break;
 	case OPS_PTAG_CT_USER_ID:
 		ret = parse_user_id(&region, pinfo);
 		break;
 	case OPS_PTAG_CT_COMPRESSED:
 		ret = parse_compressed(&region, pinfo);
 		break;
 @@ -2992,140 +3089,112 @@ __ops_parse_packet(__ops_parse_info_t *
 		ret = parse_se_data(&region, pinfo);
 		break;
 	case OPS_PTAG_CT_SE_IP_DATA:
 		ret = parse_se_ip_data(&region, pinfo);
 		break;
 	case OPS_PTAG_CT_MDC:
 		ret = parse_mdc(&region, pinfo);
 		break;
 	default:
 		OPS_ERROR_1(&pinfo->errors, OPS_E_P_UNKNOWN_TAG,
-			    "Unknown content tag 0x%x", content.u.ptag.content_tag);
+			    "Unknown content tag 0x%x",
 			    pkt.u.ptag.content_tag);
 		ret = 0;
+	}
 	/* Ensure that the entire packet has been consumed */
-	if (region.length != region.length_read && !region.indeterminate)
+	if (region.length != region.length_read && !region.indeterminate) {
-		if (!consume_packet(&region, pinfo, false))
+		if (!consume_packet(&region, pinfo, false)) {
 			ret = -1;
+		}
+	}
 	/* also consume it if there's been an error? */
 	/* \todo decide what to do about an error on an */
 	/* indeterminate packet */
 	if (ret == 0) {
-		if (!consume_packet(&region, pinfo, false))
+		if (!consume_packet(&region, pinfo, false)) {
 			ret = -1;
+		}
+	}
 	/* set pktlen */
 	*pktlen = pinfo->rinfo.alength;
 	/* do callback on entire packet, if desired and there was no error */
 	if (ret > 0 && pinfo->rinfo.accumulate) {
-		content.u.packet.length = pinfo->rinfo.alength;
+		pkt.u.packet.length = pinfo->rinfo.alength;
-		content.u.packet.raw = pinfo->rinfo.accumulated;
+		pkt.u.packet.raw = pinfo->rinfo.accumulated;
 		pinfo->rinfo.accumulated = NULL;
 		pinfo->rinfo.asize = 0;
-		CALLBACK(&pinfo->cbinfo, OPS_PARSER_PACKET_END, &content);
+		CALLBACK(&pinfo->cbinfo, OPS_PARSER_PACKET_END, &pkt);
+	}
 	pinfo->rinfo.alength = 0;
-	if (ret < 0) {
+	return (ret < 0) ? -1 : (ret) ? 1 : 0;
 		return -1;
 	return (ret) ? 1 : 0;
+}
 /**
  * \ingroup Core_ReadPackets
+ *
  * \brief Parse packets from an input stream until EOF or error.
+ *
- * \details Setup the necessary parsing configuration in "pinfo" before calling __ops_parse().
+ * \details Setup the necessary parsing configuration in "pinfo"
  * before calling __ops_parse().
+ *
  * That information includes :
+ *
  * - a "reader" function to be used to get the data to be parsed
+ *
  * - a "callback" function to be called when this library has identified
  * a parseable object within the data
+ *
- * - whether the calling function wants the signature subpackets returned raw, parsed or not at all.
+ * - whether the calling function wants the signature subpackets
  * returned raw, parsed or not at all.
+ *
  * After returning, pinfo->errors holds any errors encountered while parsing.
+ *
  * \param pinfo	Parsing configuration
  * \return		1 on success in all packets, 0 on error in any packet
+ *
  * \sa CoreAPI Overview
+ *
- * \sa __ops_print_errors(), __ops_parse_and_print_errors()
+ * \sa __ops_print_errors()
+ *
  * Example code
  * \code
 __ops_parse_cb_t* example_callback();
 void example()
  int fd=0;
  __ops_parse_info_t *pinfo=NULL;
  char *filename="pubring.gpg";
  // setup pinfo to read from file with example callback
  fd=__ops_setup_file_read(&pinfo, filename, NULL, example_callback, false);
  // specify how we handle signature subpackets
  __ops_parse_options(pinfo, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED);
  if (!__ops_parse(pinfo))
    __ops_print_errors(pinfo->errors);
  __ops_teardown_file_read(pinfo,fd);
  * \endcode
  */
 int
-__ops_parse(__ops_parse_info_t * pinfo)
+__ops_parse(__ops_parse_info_t *pinfo, int perrors)
+{
 	int             r;
 	unsigned long   pktlen;
 	int             r;
 	if (pinfo->synthlit) {
 #if 0
 		r = __ops_parse_packet(pinfo->synthsig, &pktlen);
 		r = __ops_parse_packet(pinfo->synthlit, &pktlen);
 #endif
+	}
 	do {
 		r = __ops_parse_packet(pinfo, &pktlen);
 	} while (r != -1);
 	if (perrors) {
-	return pinfo->errors ? 0 : 1;
+		__ops_print_errors(pinfo->errors);
+	}
 /**
 \ingroup Core_ReadPackets
 \brief Parse packets and print any errors
  * \param pinfo	Parsing configuration
  * \return		1 on success in all packets, 0 on error in any packet
  * \sa CoreAPI Overview
  * \sa __ops_parse()
 */
 int
 __ops_parse_and_print_errors(__ops_parse_info_t * pinfo)
 	__ops_parse(pinfo);
 	__ops_print_errors(pinfo->errors);
 	return (pinfo->errors == NULL);
+}
 /**
  * \ingroup Core_ReadPackets
+ *
  * \brief Specifies whether one or more signature
  * subpacket types should be returned parsed; or raw; or ignored.
+ *
  * \param	pinfo	Pointer to previously allocated structure
  * \param	tag	Packet tag. OPS_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag
  * \param	type	Parse type
  * \todo Make all packet types optional, not just subpackets */
 @@ -3256,45 +3325,45 @@ __ops_parse_cb_get_arg(__ops_parse_cb_in
 */
 void           *
 __ops_parse_cb_get_errors(__ops_parse_cb_info_t * cbinfo)
+{
 	return cbinfo->errors;
+}
 /**
 \ingroup Core_ReadPackets
 \brief Calls the parse_cb_info's callback if present
 \return Return value from callback, if present; else OPS_FINISHED
 */
 __ops_parse_cb_return_t
-__ops_parse_cb(const __ops_parser_content_t * content,
+__ops_parse_cb(const __ops_packet_t * pkt,
 	     __ops_parse_cb_info_t * cbinfo)
+{
 	if (cbinfo->cb)
-		return cbinfo->cb(content, cbinfo);
+		return cbinfo->cb(pkt, cbinfo);
 	else
 		return OPS_FINISHED;
+}
 /**
 \ingroup Core_ReadPackets
 \brief Calls the next callback  in the stack
 \return Return value from callback
 */
 __ops_parse_cb_return_t
-__ops_parse_stacked_cb(const __ops_parser_content_t * content,
+__ops_parse_stacked_cb(const __ops_packet_t * pkt,
 		     __ops_parse_cb_info_t * cbinfo)
+{
-	return __ops_parse_cb(content, cbinfo->next);
+	return __ops_parse_cb(pkt, cbinfo->next);
+}
 /**
 \ingroup Core_ReadPackets
 \brief Returns the parse_info's errors
 \return parse_info's errors
 */
 __ops_error_t    *
 __ops_parse_info_get_errors(__ops_parse_info_t * pinfo)
+{
 	return pinfo->errors;
+}

 @@ -397,27 +397,27 @@ read_and_eat_whitespace(dearmour_t * dea
+{
 	int             c;
 	do {
 		c = read_char(dearmour, errors, rinfo, cbinfo, skip);
 	} while (c == ' ' || c == '\t');
 	return c;
+}
 static void
 flush(dearmour_t * dearmour, __ops_parse_cb_info_t * cbinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t content;
 	if (dearmour->num_unarmoured == 0)
 		return;
 	content.u.unarmoured_text.data = dearmour->unarmoured;
 	content.u.unarmoured_text.length = dearmour->num_unarmoured;
 	CALLBACK(cbinfo, OPS_PTAG_CT_UNARMOURED_TEXT, &content);
 	dearmour->num_unarmoured = 0;
+}
 static int
 unarmoured_read_char(dearmour_t * dearmour, __ops_error_t ** errors,
 		     __ops_reader_info_t * rinfo,
 @@ -476,28 +476,28 @@ __ops_dup_headers(__ops_headers_t * dest
 		dest->headers[n].value = strdup(src->headers[n].value);
+	}
+}
 /*
  * Note that this skips CRs so implementations always see just straight LFs
  * as line terminators
  */
 static int
 process_dash_escaped(dearmour_t * dearmour, __ops_error_t ** errors,
 		     __ops_reader_info_t * rinfo,
 		     __ops_parse_cb_info_t * cbinfo)
+{
-	__ops_parser_content_t content;
+	__ops_packet_t content;
-	__ops_parser_content_t content2;
+	__ops_packet_t content2;
 	__ops_signed_cleartext_body_t *body = &content.u.signed_cleartext_body;
 	__ops_signed_cleartext_trailer_t *trailer
 	= &content2.u.signed_cleartext_trailer;
 	const char     *hashstr;
 	__ops_hash_t     *hash;
 	int             total;
 	hash = calloc(1, sizeof(*hash));
 	hashstr = __ops_find_header(&dearmour->headers, "Hash");
 	if (hashstr) {
 		__ops_hash_algorithm_t alg;
 		alg = __ops_hash_algorithm_from_text(hashstr);
 @@ -868,27 +868,27 @@ base64(dearmour_t * dearmour)
 	dearmour->buffered = 0;
+}
 /* This reader is rather strange in that it can generate callbacks for */
 /* content - this is because plaintext is not encapsulated in PGP */
 /* packets... it also calls back for the text between the blocks. */
 static int
 armoured_data_reader(void *dest_, size_t length, __ops_error_t ** errors,
 		     __ops_reader_info_t * rinfo,
 		     __ops_parse_cb_info_t * cbinfo)
+{
 	dearmour_t *dearmour = __ops_reader_get_arg(rinfo);
-	__ops_parser_content_t content;
+	__ops_packet_t content;
 	int             ret;
 	bool   first;
 	unsigned char  *dest = dest_;
 	int             saved = length;
 	if (dearmour->eof64 && !dearmour->buffered)
 		assert(dearmour->state == OUTSIDE_BLOCK || dearmour->state == AT_TRAILER_NAME);
 	while (length > 0) {
 		unsigned        count;
 		unsigned        n;
 		char            buf[1024];
 		int             c;
 @@ -1675,27 +1675,27 @@ __ops_teardown_memory_write(__ops_create
    \ingroup Core_Readers
    \brief Create parse_info and sets to read from memory
    \param pinfo Address where new parse_info will be set
    \param mem Memory to read from
    \param arg Reader-specific arg
    \param callback Callback to use with reader
    \param accumulate Set if we need to accumulate as we read. (Usually false unless doing signature verification)
    \note It is the caller's responsiblity to free parse_info
    \sa __ops_teardown_memory_read()
 */
 void
 __ops_setup_memory_read(__ops_parse_info_t ** pinfo, __ops_memory_t * mem,
 		      void *vp,
-		      __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *),
+		      __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *),
 		      bool accumulate)
+{
 	/*
          * initialise needed structures for reading
          */
 	*pinfo = __ops_parse_info_new();
 	__ops_parse_cb_set(*pinfo, callback, vp);
 	__ops_reader_set_memory(*pinfo,
 			      __ops_memory_get_data(mem),
 			      __ops_memory_get_length(mem));
 	if (accumulate)
 @@ -1815,27 +1815,27 @@ __ops_teardown_file_append(__ops_create_
    \brief Creates parse_info, opens file, and sets to read from file
    \param pinfo Address where new parse_info will be set
    \param filename Name of file to read
    \param vp Reader-specific arg
    \param callback Callback to use when reading
    \param accumulate Set if we need to accumulate as we read. (Usually false unless doing signature verification)
    \note It is the caller's responsiblity to free parse_info and to close fd
    \sa __ops_teardown_file_read()
 */
 int
 __ops_setup_file_read(__ops_parse_info_t ** pinfo, const char *filename,
 		    void *vp,
-		    __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *),
+		    __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *),
 		    bool accumulate)
+{
 	int             fd = 0;
 	/*
          * initialise needed structures for reading
          */
 #ifdef O_BINARY
 	fd = open(filename, O_RDONLY | O_BINARY);
 #else
 	fd = open(filename, O_RDONLY);
 #endif
 	if (fd < 0) {
 @@ -1865,27 +1865,27 @@ __ops_setup_file_read(__ops_parse_info_t
    \brief Frees pinfo and closes fd
    \param pinfo
    \param fd
    \sa __ops_setup_file_read()
 */
 void
 __ops_teardown_file_read(__ops_parse_info_t * pinfo, int fd)
+{
 	close(fd);
 	__ops_parse_info_delete(pinfo);
+}
 __ops_parse_cb_return_t
-literal_data_cb(const __ops_parser_content_t *contents, __ops_parse_cb_info_t *cbinfo)
+literal_data_cb(const __ops_packet_t *contents, __ops_parse_cb_info_t *cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	OPS_USED(cbinfo);
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("literal_data_cb: ");
 		__ops_print_packet(contents);
+	}
 	/* Read data from packet into static buffer */
 	switch (contents->tag) {
 	case OPS_PTAG_CT_LITERAL_DATA_BODY:
 		/* if writer enabled, use it */
 @@ -1902,27 +1902,27 @@ literal_data_cb(const __ops_parser_conte
 	case OPS_PTAG_CT_LITERAL_DATA_HEADER:
 		/* ignore */
 		break;
 	default:
 		break;
+	}
 	return OPS_RELEASE_MEMORY;
+}
 __ops_parse_cb_return_t
-pk_session_key_cb(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo)
+pk_session_key_cb(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	OPS_USED(cbinfo);
 	if (__ops_get_debug_level(__FILE__)) {
 		__ops_print_packet(contents);
+	}
 	/* Read data from packet into static buffer */
 	switch (contents->tag) {
 	case OPS_PTAG_CT_PK_SESSION_KEY:
 		if (__ops_get_debug_level(__FILE__)) {
 			printf("OPS_PTAG_CT_PK_SESSION_KEY\n");
 @@ -1947,49 +1947,49 @@ pk_session_key_cb(const __ops_parser_con
 \brief Callback to get secret key, decrypting if necessary.
 @verbatim
  This callback does the following:
  * finds the session key in the keyring
  * gets a passphrase if required
  * decrypts the secret key, if necessary
  * sets the secret_key in the content struct
 @endverbatim
 */
 __ops_parse_cb_return_t
-get_secret_key_cb(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo)
+get_secret_key_cb(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	const __ops_secret_key_t *secret;
-	__ops_parser_content_t seckey;
+	__ops_packet_t seckey;
 	OPS_USED(cbinfo);
 	if (__ops_get_debug_level(__FILE__)) {
 		__ops_print_packet(contents);
+	}
 	switch (contents->tag) {
 	case OPS_PARSER_CMD_GET_SECRET_KEY:
 		cbinfo->cryptinfo.keydata = __ops_keyring_find_key_by_id(cbinfo->cryptinfo.keyring, content->get_secret_key.pk_session_key->key_id);
 		if (!cbinfo->cryptinfo.keydata || !__ops_is_key_secret(cbinfo->cryptinfo.keydata))
 			return 0;
 		/* now get the key from the data */
 		secret = __ops_get_secret_key_from_data(cbinfo->cryptinfo.keydata);
 		while (!secret) {
 			if (!cbinfo->cryptinfo.passphrase) {
 				(void) memset(&seckey, 0x0, sizeof(seckey));
-				seckey.u.secret_key_passphrase.passphrase = &cbinfo->cryptinfo.passphrase;
+				seckey.u.skey_passphrase.passphrase = &cbinfo->cryptinfo.passphrase;
 				CALLBACK(cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, &seckey);
 				if (!cbinfo->cryptinfo.passphrase) {
 					fprintf(stderr, "can't get passphrase\n");
 					assert(/*CONSTCOND*/0);
+				}
+			}
 			/* then it must be encrypted */
 			secret = __ops_decrypt_secret_key_from_data(cbinfo->cryptinfo.keydata, cbinfo->cryptinfo.passphrase);
+		}
 		*content->get_secret_key.secret_key = secret;
 		break;
 @@ -2012,37 +2012,37 @@ __ops_malloc_passphrase(char *pp)
 		(void) memcpy(passphrase, pp, n);
 		passphrase[n] = 0x0;
+	}
 	return passphrase;
+}
 /**
  \ingroup HighLevel_Callbacks
  \brief Callback to use when you need to prompt user for passphrase
  \param contents
  \param cbinfo
 */
 __ops_parse_cb_return_t
-get_passphrase_cb(const __ops_parser_content_t *contents, __ops_parse_cb_info_t *cbinfo)
+get_passphrase_cb(const __ops_packet_t *contents, __ops_parse_cb_info_t *cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	OPS_USED(cbinfo);
 	if (__ops_get_debug_level(__FILE__)) {
 		__ops_print_packet(contents);
+	}
 	switch (contents->tag) {
 	case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
-		*(content->secret_key_passphrase.passphrase) =
+		*(content->skey_passphrase.passphrase) =
 			__ops_malloc_passphrase(getpass("netpgp passphrase: "));
 		return OPS_KEEP_MEMORY;
 	default:
 		/* return callback_general(contents,cbinfo); */
 		break;
+	}
 	return OPS_RELEASE_MEMORY;
+}
 bool
 __ops_reader_set_accumulate(__ops_parse_info_t * pinfo, bool state)

 @@ -80,52 +80,51 @@ __ops_create_signature_new()
    \ingroup Core_Signature
    Free signature and memory associated with it
    \param sig struct to free
    \sa __ops_create_signature_new()
 */
 void
 __ops_create_signature_delete(__ops_create_signature_t * sig)
+{
 	__ops_create_info_delete(sig->info);
 	sig->info = NULL;
 	free(sig);
+}
-static unsigned char prefix_md5[] = {0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86,
+static unsigned char prefix_md5[] = {0x30, 0x20, 0x30, 0x0C, 0x06,
-x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00,
+x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, 0x05,
-x04, 0x10};
+x00, 0x04, 0x10};
-static unsigned char prefix_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0E,
+static unsigned char prefix_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06,
-x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14};
+x05, 0x2b, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14};
-static unsigned char prefix_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+static unsigned char prefix_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06,
-x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
-x00, 0x04, 0x20};
+x05, 0x00, 0x04, 0x20};
 #if 0
 /**
    \ingroup Core_Create
    implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC
    \param M
    \param mLen
    \param hash_alg Hash algorithm to use
    \param EM
    \return true if OK; else false
 */
 static bool
 encode_hash_buf(const unsigned char *M, size_t mLen,
 		const __ops_hash_algorithm_t hash_alg,
-		unsigned char *EM
+		unsigned char *EM)
+{
 	/* implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC */
 	unsigned        i;
 	int             n = 0;
 	__ops_hash_t      hash;
 	int             hash_sz = 0;
 	int             encoded_hash_sz = 0;
 	int             prefix_sz = 0;
 	unsigned        padding_sz = 0;
 	unsigned        encoded_msg_sz = 0;
 	unsigned char  *prefix = NULL;
 @@ -154,49 +153,50 @@ encode_hash_buf(const unsigned char *M,
 		break;
 	default:
 		assert(0);
+	}
 	/* \todo 3. Test for len being too short */
 	/* 4 and 5. Generate PS and EM */
 	EM[0] = 0x00;
 	EM[1] = 0x01;
-	for (i = 0; i < padding_sz; i++)
+	for (i = 0; i < padding_sz; i++) {
 		EM[2 + i] = 0xFF;
+	}
 	i += 2;
 	EM[i++] = 0x00;
 	(void) memcpy(&EM[i], prefix, prefix_sz);
 	i += prefix_sz;
 	/* finally, write out hashed result */
 	n = hash.finish(&hash, &EM[i]);
 	encoded_msg_sz = i + hash_sz - 1;
 	/* \todo test n for OK response? */
 	if (__ops_get_debug_level(__FILE__)) {
-		fprintf(stderr, "Encoded Message: \n");
+		(void) fprintf(stderr, "Encoded Message: \n");
 		for (i = 0; i < encoded_msg_sz; i++)
-			fprintf(stderr, "%2x ", EM[i]);
+			(void) fprintf(stderr, "%2x ", EM[i]);
-		fprintf(stderr, "\n");
+		(void) fprintf(stderr, "\n");
+	}
 	return true;
+}
 #endif
 /* XXX: both this and verify would be clearer if the signature were */
 /* treated as an MPI. */
 static void
 rsa_sign(__ops_hash_t * hash, const __ops_rsa_public_key_t * rsa,
 	 const __ops_rsa_secret_key_t * srsa,
 	 __ops_create_info_t * opt)
+{
 	unsigned char   hashbuf[NETPGP_BUFSIZ];
 @@ -209,28 +209,29 @@ rsa_sign(__ops_hash_t * hash, const __op
 	/* XXX: we assume hash is sha-1 for now */
 	hashsize = 20 + sizeof(prefix_sha1);
 	keysize = (BN_num_bits(rsa->n) + 7) / 8;
 	assert(keysize <= sizeof(hashbuf));
 	assert(10 + hashsize <= keysize);
 	hashbuf[0] = 0;
 	hashbuf[1] = 1;
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("rsa_sign: PS is %d\n", keysize - hashsize - 1 - 2);
+	}
-	for (n = 2; n < keysize - hashsize - 1; ++n)
+	for (n = 2; n < keysize - hashsize - 1; ++n) {
 		hashbuf[n] = 0xff;
+	}
 	hashbuf[n++] = 0;
 	(void) memcpy(&hashbuf[n], prefix_sha1, sizeof(prefix_sha1));
 	n += sizeof(prefix_sha1);
 	t = hash->finish(hash, &hashbuf[n]);
 	assert(t == 20);
 	__ops_write(&hashbuf[n], 2, opt);
 	n += t;
 	assert(n == keysize);
 @@ -294,56 +295,61 @@ rsa_verify(__ops_hash_algorithm_t type,
 	assert(keysize <= sizeof(hashbuf_from_sig));
 	assert((unsigned) BN_num_bits(sig->sig) <= 8 * sizeof(sigbuf));
 	BN_bn2bin(sig->sig, sigbuf);
 	n = __ops_rsa_public_decrypt(hashbuf_from_sig, sigbuf,
 		(unsigned)(BN_num_bits(sig->sig) + 7) / 8, rsa);
 	debug_len_decrypted = n;
 	if (n != keysize)	/* obviously, this includes error returns */
 		return false;
 	/* XXX: why is there a leading 0? The first byte should be 1... */
 	/* XXX: because the decrypt should use keysize and not sigsize? */
-	if (hashbuf_from_sig[0] != 0 || hashbuf_from_sig[1] != 1)
+	if (hashbuf_from_sig[0] != 0 || hashbuf_from_sig[1] != 1) {
 		return false;
+	}
 	switch (type) {
 	case OPS_HASH_MD5:
 		prefix = prefix_md5;
 		plen = sizeof(prefix_md5);
 		break;
 	case OPS_HASH_SHA1:
 		prefix = prefix_sha1;
 		plen = sizeof(prefix_sha1);
 		break;
 	case OPS_HASH_SHA256:
 		prefix = prefix_sha256;
 		plen = sizeof(prefix_sha256);
 		break;
 	default:
 		(void) fprintf(stderr, "Unknown hash algorithm: %d\n", type);
 		return false;
+	}
-	if (keysize - plen - hash_length < 10)
+	if (keysize - plen - hash_length < 10) {
 		return false;
+	}
-	for (n = 2; n < keysize - plen - hash_length - 1; ++n)
+	for (n = 2; n < keysize - plen - hash_length - 1; ++n) {
-		if (hashbuf_from_sig[n] != 0xff)
+		if (hashbuf_from_sig[n] != 0xff) {
 			return false;
+		}
+	}
-	if (hashbuf_from_sig[n++] != 0)
+	if (hashbuf_from_sig[n++] != 0) {
 		return false;
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned	zz;
 		unsigned	uu;
 		printf("\n");
 		printf("hashbuf_from_sig\n");
 		for (zz = 0; zz < debug_len_decrypted; zz++) {
 			printf("%02x ", hashbuf_from_sig[n + zz]);
+		}
 		printf("\n");
 		printf("prefix\n");
 		for (zz = 0; zz < plen; zz++) {
 @@ -353,38 +359,38 @@ rsa_verify(__ops_hash_algorithm_t type,
 		printf("\n");
 		printf("hash from sig\n");
 		for (uu = 0; uu < hash_length; uu++) {
 			printf("%02x ", hashbuf_from_sig[n + plen + uu]);
+		}
 		printf("\n");
 		printf("hash passed in (should match hash from sig)\n");
 		for (uu = 0; uu < hash_length; uu++) {
 			printf("%02x ", hash[uu]);
+		}
 		printf("\n");
+	}
-	if (memcmp(&hashbuf_from_sig[n], prefix, plen) != 0
+	if (memcmp(&hashbuf_from_sig[n], prefix, plen) != 0 ||
-	    || memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) != 0)
+	    memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) != 0) {
 		return false;
+	}
 	return true;
+}
 static void
 hash_add_key(__ops_hash_t * hash, const __ops_public_key_t * key)
+{
-	__ops_memory_t   *mem = __ops_memory_new();
+	__ops_memory_t	*mem = __ops_memory_new();
-	size_t          l;
+	size_t		 l;
 	__ops_build_public_key(mem, key, false);
 	l = __ops_memory_get_length(mem);
 	__ops_hash_add_int(hash, 0x99, 1);
 	__ops_hash_add_int(hash, l, 2);
 	hash->add(hash, __ops_memory_get_data(mem), l);
 	__ops_memory_free(mem);
+}
 static void
 initialise_hash(__ops_hash_t * hash, const __ops_signature_t * sig)
 @@ -396,29 +402,30 @@ initialise_hash(__ops_hash_t * hash, con
 static void
 init_key_signature(__ops_hash_t * hash, const __ops_signature_t * sig,
 		   const __ops_public_key_t * key)
+{
 	initialise_hash(hash, sig);
 	hash_add_key(hash, key);
+}
 static void
 hash_add_trailer(__ops_hash_t * hash, const __ops_signature_t * sig,
 		 const unsigned char *raw_packet)
+{
 	if (sig->info.version == OPS_V4) {
-		if (raw_packet)
+		if (raw_packet) {
 			hash->add(hash, raw_packet + sig->v4_hashed_data_start,
 				  sig->info.v4_hashed_data_length);
+		}
 		__ops_hash_add_int(hash, (unsigned)sig->info.version, 1);
 		__ops_hash_add_int(hash, 0xff, 1);
 		__ops_hash_add_int(hash, sig->info.v4_hashed_data_length, 4);
 	} else {
 		__ops_hash_add_int(hash, (unsigned)sig->info.type, 1);
 		__ops_hash_add_int(hash, (unsigned)sig->info.creation_time, 4);
+	}
+}
 /**
    \ingroup Core_Signature
    \brief Checks a signature
    \param hash Signature Hash to be checked
 @@ -432,115 +439,116 @@ __ops_check_signature(const unsigned cha
 		    const __ops_signature_t * sig,
 		    const __ops_public_key_t * signer)
+{
 	bool   ret;
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("__ops_check_signature: (length %d) hash=", length);
 		/* hashout[0]=0; */
 		hexdump(hash, length, "");
+	}
 	ret = 0;
 	switch (sig->info.key_algorithm) {
 	case OPS_PKA_DSA:
-		ret = __ops_dsa_verify(hash, length, &sig->info.signature.dsa, &signer->key.dsa);
+		ret = __ops_dsa_verify(hash, length, &sig->info.signature.dsa,
 				&signer->key.dsa);
 		break;
 	case OPS_PKA_RSA:
-		ret = rsa_verify(sig->info.hash_algorithm, hash, length, &sig->info.signature.rsa,
+		ret = rsa_verify(sig->info.hash_algorithm, hash, length,
-				 &signer->key.rsa);
+				&sig->info.signature.rsa,
 				&signer->key.rsa);
 		break;
 	default:
 		assert(/*CONSTCOND*/0);
+	}
 	return ret;
+}
 static bool
 hash_and_check_signature(__ops_hash_t * hash,
 			 const __ops_signature_t * sig,
 			 const __ops_public_key_t * signer)
+{
 	unsigned char   hashout[OPS_MAX_HASH_SIZE];
 	unsigned	n;
 	n = hash->finish(hash, hashout);
 	return __ops_check_signature(hashout, n, sig, signer);
+}
 static bool
 finalise_signature(__ops_hash_t * hash,
 		   const __ops_signature_t * sig,
 		   const __ops_public_key_t * signer,
 		   const unsigned char *raw_packet)
+{
 	hash_add_trailer(hash, sig, raw_packet);
 	return hash_and_check_signature(hash, sig, signer);
+}
 /**
  * \ingroup Core_Signature
+ *
  * \brief Verify a certification signature.
+ *
  * \param key The public key that was signed.
  * \param id The user ID that was signed
  * \param sig The signature.
  * \param signer The public key of the signer.
  * \param raw_packet The raw signature packet.
  * \return true if OK; else false
  */
 bool
-__ops_check_user_id_certification_signature(const __ops_public_key_t * key,
+__ops_check_useridcert_sig(const __ops_public_key_t * key,
 					  const __ops_user_id_t * id,
 					  const __ops_signature_t * sig,
 					  const __ops_public_key_t * signer,
 					  const unsigned char *raw_packet)
+{
-	__ops_hash_t      hash;
+	__ops_hash_t	hash;
 	size_t          user_id_len = strlen((char *) id->user_id);
 	init_key_signature(&hash, sig, key);
 	if (sig->info.version == OPS_V4) {
 		__ops_hash_add_int(&hash, 0xb4, 1);
 		__ops_hash_add_int(&hash, user_id_len, 4);
+	}
 	hash.add(&hash, id->user_id, user_id_len);
 	return finalise_signature(&hash, sig, signer, raw_packet);
+}
 /**
  * \ingroup Core_Signature
+ *
  * Verify a certification signature.
+ *
  * \param key The public key that was signed.
  * \param attribute The user attribute that was signed
  * \param sig The signature.
  * \param signer The public key of the signer.
  * \param raw_packet The raw signature packet.
  * \return true if OK; else false
  */
 bool
-__ops_check_user_attribute_certification_signature(const __ops_public_key_t * key,
+__ops_check_userattrcert_sig(const __ops_public_key_t * key,
-				     const __ops_user_attribute_t * attribute,
+				const __ops_user_attribute_t *attribute,
-						 const __ops_signature_t * sig,
+				const __ops_signature_t *sig,
-					    const __ops_public_key_t * signer,
+				const __ops_public_key_t *signer,
-					    const unsigned char *raw_packet)
+				const unsigned char *raw_packet)
+{
 	__ops_hash_t      hash;
 	init_key_signature(&hash, sig, key);
 	if (sig->info.version == OPS_V4) {
 		__ops_hash_add_int(&hash, 0xd1, 1);
 		__ops_hash_add_int(&hash, attribute->data.len, 4);
+	}
 	hash.add(&hash, attribute->data.contents, attribute->data.len);
 	return finalise_signature(&hash, sig, signer, raw_packet);
+}
 @@ -602,30 +610,29 @@ __ops_check_direct_signature(const __ops
  * the material that was being signed, for example signed cleartext).
+ *
  * \param hash A hash structure of appropriate type that has been fed
  * the material to be signed. This MUST NOT have been finalised.
  * \param sig The signature to be verified.
  * \param signer The public key of the signer.
  * \return true if OK; else false
  */
 bool
 __ops_check_hash_signature(__ops_hash_t * hash,
 			 const __ops_signature_t * sig,
 			 const __ops_public_key_t * signer)
+{
-	if (sig->info.hash_algorithm != hash->algorithm)
+	return (sig->info.hash_algorithm == hash->algorithm) ?
-		return false;
+		finalise_signature(hash, sig, signer, NULL) :
 		false;
 	return finalise_signature(hash, sig, signer, NULL);
+}
 static void
 start_signature_in_mem(__ops_create_signature_t * sig)
+{
 	/* since this has subpackets and stuff, we have to buffer the whole */
 	/* thing to get counts before writing. */
 	sig->mem = __ops_memory_new();
 	__ops_memory_init(sig->mem, 100);
 	__ops_writer_set_memory(sig->info, sig->mem);
 	/* write nearly up to the first subpacket */
 	__ops_write_scalar((unsigned)sig->sig.info.version, 1, sig->info);
 @@ -691,27 +698,27 @@ __ops_signature_start_signature(__ops_cr
 			      const __ops_secret_key_t * key,
 			      const __ops_hash_algorithm_t hash,
 			      const __ops_sig_type_t type)
+{
 	sig->info = __ops_create_info_new();
 	/* XXX: refactor with check (in several ways - check should probably */
 	/*
 	 * use the buffered writer to construct packets (done), and also
 	 * should
 	 */
 	/* share code for hash calculation) */
 	sig->sig.info.version = OPS_V4;
-	sig->sig.info.key_algorithm = key->public_key.algorithm;
+	sig->sig.info.key_algorithm = key->pubkey.algorithm;
 	sig->sig.info.hash_algorithm = hash;
 	sig->sig.info.type = type;
 	sig->hashed_data_length = (unsigned)-1;
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "initialising hash for sig in mem\n");
+	}
 	initialise_hash(&sig->hash, &sig->sig);
 	start_signature_in_mem(sig);
+}
 /**
 @@ -744,27 +751,28 @@ __ops_signature_start_message_signature(
  * \ingroup Core_Signature
+ *
  * Add plaintext data to a signature-to-be.
+ *
  * \param sig The signature-to-be.
  * \param buf The plaintext data.
  * \param length The amount of plaintext data.
  */
 void
 __ops_signature_add_data(__ops_create_signature_t * sig, const void *buf,
 		       size_t length)
+{
 	if (__ops_get_debug_level(__FILE__)) {
-		fprintf(stderr, "__ops_signature_add_data adds to hash\n");
+		(void) fprintf(stderr,
 			"__ops_signature_add_data adds to hash\n");
+	}
 	sig->hash.add(&sig->hash, buf, length);
+}
 /**
  * \ingroup Core_Signature
+ *
  * Mark the end of the hashed subpackets in the signature
+ *
  * \param sig
  */
 bool
 @@ -782,96 +790,99 @@ __ops_signature_hashed_subpackets_end(__
 /**
  * \ingroup Core_Signature
+ *
  * Write out a signature
+ *
  * \param sig
  * \param key
  * \param skey
  * \param info
+ *
  */
 bool
-__ops_write_signature(__ops_create_signature_t * sig, const __ops_public_key_t * key,
+__ops_write_signature(__ops_create_signature_t * sig,
-		    const __ops_secret_key_t * skey, __ops_create_info_t * info)
+			const __ops_public_key_t *key,
 			const __ops_secret_key_t *skey,
 			__ops_create_info_t *info)
+{
-	bool   rtn = false;
+	size_t	l = __ops_memory_get_length(sig->mem);
-	size_t          l = __ops_memory_get_length(sig->mem);
+	bool	rtn = false;
 	/* check key not decrypted */
-	switch (skey->public_key.algorithm) {
+	switch (skey->pubkey.algorithm) {
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
 		assert(skey->key.rsa.d);
 		break;
 	case OPS_PKA_DSA:
 		assert(skey->key.dsa.x);
 		break;
 	default:
-		fprintf(stderr, "Unsupported algorithm %d\n", skey->public_key.algorithm);
+		(void) fprintf(stderr, "Unsupported algorithm %d\n",
 				skey->pubkey.algorithm);
 		assert(/* CONSTCOND */0);
+	}
 	assert(sig->hashed_data_length != (unsigned) -1);
 	__ops_memory_place_int(sig->mem, sig->unhashed_count_offset,
 			     l - sig->unhashed_count_offset - 2, 2);
 	/* add the packet from version number to end of hashed subpackets */
 	if (__ops_get_debug_level(__FILE__)) {
-		fprintf(stderr, "--- Adding packet to hash from version number to hashed subpkts\n");
+		(void) fprintf(stderr,
 "--- Adding packet to hash from version number to hashed subpkts\n");
+	}
 	sig->hash.add(&sig->hash, __ops_memory_get_data(sig->mem),
 		      sig->unhashed_count_offset);
 	/* add final trailer */
 	__ops_hash_add_int(&sig->hash, (unsigned)sig->sig.info.version, 1);
 	__ops_hash_add_int(&sig->hash, 0xff, 1);
 	/* +6 for version, type, pk alg, hash alg, hashed subpacket length */
 	__ops_hash_add_int(&sig->hash, sig->hashed_data_length + 6, 4);
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "--- Finished adding packet to hash from version number to hashed subpkts\n");
+	}
 	/* XXX: technically, we could figure out how big the signature is */
 	/* and write it directly to the output instead of via memory. */
-	switch (skey->public_key.algorithm) {
+	switch (skey->pubkey.algorithm) {
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
 		rsa_sign(&sig->hash, &key->key.rsa, &skey->key.rsa, sig->info);
 		break;
 	case OPS_PKA_DSA:
 		dsa_sign(&sig->hash, &key->key.dsa, &skey->key.dsa, sig->info);
 		break;
 	default:
-		fprintf(stderr, "Unsupported algorithm %d\n", skey->public_key.algorithm);
+		(void) fprintf(stderr, "Unsupported algorithm %d\n",
 					skey->pubkey.algorithm);
 		assert(/*CONSTCOND*/0);
+	}
 	rtn = __ops_write_ptag(OPS_PTAG_CT_SIGNATURE, info);
 	if (rtn != false) {
 		l = __ops_memory_get_length(sig->mem);
-		rtn = __ops_write_length(l, info)
+		rtn = __ops_write_length(l, info) &&
-			&& __ops_write(__ops_memory_get_data(sig->mem), l, info);
+			__ops_write(__ops_memory_get_data(sig->mem), l, info);
+	}
 	__ops_memory_free(sig->mem);
 	if (rtn == false) {
 		OPS_ERROR(&info->errors, OPS_E_W, "Cannot write signature");
+	}
 	return rtn;
+}
 /**
  * \ingroup Core_Signature
+ *
  * __ops_signature_add_creation_time() adds a creation time to the signature.
 @@ -889,28 +900,29 @@ __ops_signature_add_creation_time(__ops_
 /**
  * \ingroup Core_Signature
+ *
  * Adds issuer's key ID to the signature
+ *
  * \param sig
  * \param keyid
  */
 bool
 __ops_signature_add_issuer_key_id(__ops_create_signature_t * sig,
 				const unsigned char keyid[OPS_KEY_ID_SIZE])
+{
-	return __ops_write_ss_header(OPS_KEY_ID_SIZE + 1, OPS_PTAG_SS_ISSUER_KEY_ID, sig->info)
+	return __ops_write_ss_header(OPS_KEY_ID_SIZE + 1,
-	&& __ops_write(keyid, OPS_KEY_ID_SIZE, sig->info);
+				OPS_PTAG_SS_ISSUER_KEY_ID, sig->info) &&
 		__ops_write(keyid, OPS_KEY_ID_SIZE, sig->info);
+}
 /**
  * \ingroup Core_Signature
+ *
  * Adds primary user ID to the signature
+ *
  * \param sig
  * \param primary
  */
 void
 __ops_signature_add_primary_user_id(__ops_create_signature_t * sig,
 				  bool primary)
 @@ -924,71 +936,73 @@ __ops_signature_add_primary_user_id(__op
+ *
  * Get the hash structure in use for the signature.
+ *
  * \param sig The signature structure.
  * \return The hash structure.
  */
 __ops_hash_t     *
 __ops_signature_get_hash(__ops_create_signature_t * sig)
+{
 	return &sig->hash;
+}
 static int
-open_output_file(__ops_create_info_t ** cinfo, const char *input_filename, const char *output_filename, const bool use_armour, const bool overwrite)
+open_output_file(__ops_create_info_t ** cinfo,
 			const char *input_filename,
 			const char *output_filename,
 			const bool use_armour,
 			const bool overwrite)
+{
 	int             fd_out;
 	/* setup output file */
 	if (output_filename) {
-		fd_out = __ops_setup_file_write(cinfo, output_filename, overwrite);
+		fd_out = __ops_setup_file_write(cinfo, output_filename,
 					overwrite);
 	} else {
 		char           *myfilename = NULL;
 		unsigned        filenamelen = strlen(input_filename) + 4 + 1;
 		myfilename = calloc(1, filenamelen);
-		if (use_armour)
+		if (use_armour) {
-			snprintf(myfilename, filenamelen, "%s.asc", input_filename);
+			(void) snprintf(myfilename, filenamelen, "%s.asc",
-		else
+					input_filename);
-			snprintf(myfilename, filenamelen, "%s.gpg", input_filename);
+		} else {
 			(void) snprintf(myfilename, filenamelen, "%s.gpg",
 					input_filename);
+		}
 		fd_out = __ops_setup_file_write(cinfo, myfilename, overwrite);
 		free(myfilename);
+	}
 	return fd_out;
+}
 /**
    \ingroup HighLevel_Sign
    \brief Sign a file with a Cleartext Signature
    \param input_filename Name of file to be signed
    \param output_filename Filename to be created. If NULL, filename will be constructed from the input_filename.
    \param skey Secret Key to sign with
    \param overwrite Allow output file to be overwritten, if set
    \return true if OK, else false
    Example code:
    \code
    void example(const __ops_secret_key_t *skey, bool overwrite)
    if (__ops_sign_file_as_cleartext("mytestfile.txt",NULL,skey,overwrite)==true)
        printf("OK");
    else
        printf("ERR");
    \endcode
 */
 bool
-__ops_sign_file_as_cleartext(const char *input_filename, const char *output_filename, const __ops_secret_key_t * skey, const bool overwrite)
+__ops_sign_file_as_cleartext(const char *input_filename,
 			const char *output_filename,
 			const __ops_secret_key_t *skey,
 			const bool overwrite)
+{
 	/* \todo allow choice of hash algorithams */
 	/* enforce use of SHA1 for now */
 	unsigned char   keyid[OPS_KEY_ID_SIZE];
 	__ops_create_signature_t *sig = NULL;
 	int             fd_in = 0;
 	int             fd_out = 0;
 	__ops_create_info_t *cinfo = NULL;
 	unsigned char   buf[MAXBUF];
 	/* int flags=0; */
 	bool   rtn = false;
 @@ -1009,326 +1023,282 @@ __ops_sign_file_as_cleartext(const char
 	if (fd_out < 0) {
 		close(fd_in);
 		return false;
+	}
 	/* set up signature */
 	sig = __ops_create_signature_new();
 	if (!sig) {
 		close(fd_in);
 		__ops_teardown_file_write(cinfo, fd_out);
 		return false;
+	}
 	/* \todo could add more error detection here */
-	__ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1, OPS_SIG_BINARY);
+	__ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1,
 		OPS_SIG_BINARY);
 	if (__ops_writer_push_clearsigned(cinfo, sig) != true) {
 		return false;
+	}
 	/* Do the signing */
 	for (;;) {
 		int             n = 0;
 		n = read(fd_in, buf, sizeof(buf));
 		if (!n)
 			break;
 		assert(n >= 0);
 		__ops_write(buf, (unsigned)n, cinfo);
+	}
 	close(fd_in);
 	/* add signature with subpackets: */
 	/* - creation time */
 	/* - key id */
 	rtn = __ops_writer_switch_to_armoured_signature(cinfo)
 		&& __ops_signature_add_creation_time(sig, time(NULL));
 	if (rtn == false) {
 		__ops_teardown_file_write(cinfo, fd_out);
 		return false;
+	}
-	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key);
+	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey);
-	rtn = __ops_signature_add_issuer_key_id(sig, keyid)
+	rtn = __ops_signature_add_issuer_key_id(sig, keyid) &&
-		&& __ops_signature_hashed_subpackets_end(sig)
+		__ops_signature_hashed_subpackets_end(sig) &&
-		&& __ops_write_signature(sig, &skey->public_key, skey, cinfo);
+		__ops_write_signature(sig, &skey->pubkey, skey, cinfo);
 	__ops_teardown_file_write(cinfo, fd_out);
 	if (rtn == false) {
-		OPS_ERROR(&cinfo->errors, OPS_E_W, "Cannot sign file as cleartext");
+		OPS_ERROR(&cinfo->errors, OPS_E_W,
 				"Cannot sign file as cleartext");
+	}
 	return rtn;
+}
 #if 0
 /* XXX commented out until I work out what header file to put this one in */
 /**
  * \ingroup HighLevel_Sign
  * \brief Sign a buffer with a Cleartext signature
  * \param cleartext Text to be signed
  * \param len Length of text
  * \param signed_cleartext __ops_memory_t struct in which to write the signed cleartext
  * \param skey Secret key with which to sign the cleartext
  * \return true if OK; else false
  * \note It is the calling function's responsibility to free signed_cleartext
  * \note signed_cleartext should be a NULL pointer when passed in
  Example code:
  \code
  void example(const __ops_secret_key_t *skey)
    __ops_memory_t* mem=NULL;
    const char* buf="Some example text";
    size_t len=strlen(buf);
    if (__ops_sign_buf_as_cleartext(buf,len, &mem, skey)==true)
      printf("OK");
    else
      printf("ERR");
    // free signed cleartext after use
    __ops_memory_free(mem);
  \endcode
  */
 bool
-__ops_sign_buf_as_cleartext(const char *cleartext, const size_t len, __ops_memory_t ** signed_cleartext, const __ops_secret_key_t * skey)
+__ops_sign_buf_as_cleartext(const char *cleartext,
 				const size_t len,
 				__ops_memory_t **signed_cleartext,
 				const __ops_secret_key_t *skey)
+{
 	bool   rtn = false;
 	/* \todo allow choice of hash algorithams */
 	/* enforce use of SHA1 for now */
 	unsigned char   keyid[OPS_KEY_ID_SIZE];
 	__ops_create_signature_t *sig = NULL;
 	__ops_create_info_t *cinfo = NULL;
 	assert(*signed_cleartext == NULL);
 	/* set up signature */
 	sig = __ops_create_signature_new();
 	if (!sig) {
 		return false;
+	}
 	/* \todo could add more error detection here */
-	__ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1, OPS_SIG_BINARY);
+	__ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1,
 			OPS_SIG_BINARY);
 	/* set up output file */
 	__ops_setup_memory_write(&cinfo, signed_cleartext, len);
 	/* Do the signing */
 	/* add signature with subpackets: */
 	/* - creation time */
 	/* - key id */
-	rtn = __ops_writer_push_clearsigned(cinfo, sig)
+	rtn = __ops_writer_push_clearsigned(cinfo, sig) &&
-		&& __ops_write(cleartext, len, cinfo)
+		__ops_write(cleartext, len, cinfo) &&
-		&& __ops_writer_switch_to_armoured_signature(cinfo)
+		__ops_writer_switch_to_armoured_signature(cinfo) &&
-		&& __ops_signature_add_creation_time(sig, time(NULL));
+		__ops_signature_add_creation_time(sig, time(NULL));
 	if (rtn == false) {
 		return false;
+	}
-	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key);
+	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey);
-	rtn = __ops_signature_add_issuer_key_id(sig, keyid)
+	rtn = __ops_signature_add_issuer_key_id(sig, keyid) &&
-		&& __ops_signature_hashed_subpackets_end(sig)
+		__ops_signature_hashed_subpackets_end(sig) &&
-		&& __ops_write_signature(sig, &skey->public_key, skey, cinfo)
+		__ops_write_signature(sig, &skey->pubkey, skey, cinfo) &&
-		&& __ops_writer_close(cinfo);
+		__ops_writer_close(cinfo);
 	/* Note: the calling function must free signed_cleartext */
 	__ops_create_info_delete(cinfo);
 	return rtn;
+}
 #endif
 /**
 \ingroup HighLevel_Sign
 \brief Sign a file
 \param input_filename Input filename
 \param output_filename Output filename. If NULL, a name is constructed from the input filename.
 \param skey Secret Key to use for signing
 \param use_armour Write armoured text, if set.
 \param overwrite May overwrite existing file, if set.
 \return true if OK; else false;
 Example code:
 \code
 void example(const __ops_secret_key_t *skey)
   const char* filename="mytestfile";
   const bool use_armour=false;
   const bool overwrite=false;
   if (__ops_sign_file(filename, NULL, skey, use_armour, overwrite)==true)
     printf("OK");
   else
     printf("ERR");
 \endcode
 */
 bool
 __ops_sign_file(const char *input_filename, const char *output_filename, const __ops_secret_key_t * skey, const bool use_armour, const bool overwrite)
+{
 	/* \todo allow choice of hash algorithams */
 	/* enforce use of SHA1 for now */
 	unsigned char   keyid[OPS_KEY_ID_SIZE];
 	__ops_create_signature_t *sig = NULL;
 	int             fd_out = 0;
 	__ops_create_info_t *cinfo = NULL;
 	__ops_hash_algorithm_t hash_alg = OPS_HASH_SHA1;
 	__ops_sig_type_t  sig_type = OPS_SIG_BINARY;
 	__ops_memory_t   *mem_buf = NULL;
 	__ops_hash_t     *hash = NULL;
 	int             errnum;
 	/* read input file into buf */
 	int             errnum;
 	mem_buf = __ops_write_mem_from_file(input_filename, &errnum);
-	if (errnum)
+	if (errnum) {
 		return false;
+	}
 	/* setup output file */
 	fd_out = open_output_file(&cinfo, input_filename, output_filename,
-	fd_out = open_output_file(&cinfo, input_filename, output_filename, use_armour, overwrite);
+			use_armour, overwrite);
 	if (fd_out < 0) {
 		__ops_memory_free(mem_buf);
 		return false;
+	}
 	/* set up signature */
 	sig = __ops_create_signature_new();
 	__ops_signature_start_message_signature(sig, skey, hash_alg, sig_type);
 	/* set armoured/not armoured here */
-	if (use_armour)
+	if (use_armour) {
 		__ops_writer_push_armoured_message(cinfo);
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "** Writing out one pass sig\n");
+	}
 	/* write one_pass_sig */
 	__ops_write_one_pass_sig(skey, hash_alg, sig_type, cinfo);
 	/* hash file contents */
 	hash = __ops_signature_get_hash(sig);
-	hash->add(hash, __ops_memory_get_data(mem_buf), __ops_memory_get_length(mem_buf));
+	hash->add(hash, __ops_memory_get_data(mem_buf),
 			__ops_memory_get_length(mem_buf));
 	/* output file contents as Literal Data packet */
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "** Writing out data now\n");
+	}
 	__ops_write_literal_data_from_buf(__ops_memory_get_data(mem_buf),
 		(const int)__ops_memory_get_length(mem_buf),
 		OPS_LDT_BINARY, cinfo);
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "** After Writing out data now\n");
+	}
 	/* add subpackets to signature */
 	/* - creation time */
 	/* - key id */
 	__ops_signature_add_creation_time(sig, time(NULL));
-	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key);
+	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey);
 	__ops_signature_add_issuer_key_id(sig, keyid);
 	__ops_signature_hashed_subpackets_end(sig);
 	/* write out sig */
-	__ops_write_signature(sig, &skey->public_key, skey, cinfo);
+	__ops_write_signature(sig, &skey->pubkey, skey, cinfo);
 	__ops_teardown_file_write(cinfo, fd_out);
 	/* tidy up */
 	__ops_create_signature_delete(sig);
 	__ops_memory_free(mem_buf);
 	return true;
+}
 #if 0
 /* XXX commented out until I work out what header file to put this one in */
 /**
 \ingroup HighLevel_Sign
 \brief Signs a buffer
 \param input Input text to be signed
 \param input_len Length of input text
 \param sig_type Signature type
 \param skey Secret Key
 \param use_armour Write armoured text, if set
 \return New __ops_memory_t struct containing signed text
 \note It is the caller's responsibility to call __ops_memory_free(me)
 Example Code:
 \code
 void example(const __ops_secret_key_t *skey)
   const char* buf="Some example text";
   const size_t len=strlen(buf);
   const bool use_armour=true;
   __ops_memory_t* mem=NULL;
   mem=__ops_sign_buf(buf,len,OPS_SIG_BINARY,skey,use_armour);
   if (mem)
     printf ("OK");
     __ops_memory_free(mem);
   else
     printf("ERR");
 \endcode
 */
 __ops_memory_t   *
-__ops_sign_buf(const void *input, const size_t input_len, const __ops_sig_type_t sig_type, const __ops_secret_key_t * skey, const bool use_armour)
+__ops_sign_buf(const void *input,
 		const size_t input_len,
 		const __ops_sig_type_t sig_type,
 		const __ops_secret_key_t * skey,
 		const bool use_armour)
+{
 	/* \todo allow choice of hash algorithams */
 	/* enforce use of SHA1 for now */
 	unsigned char   keyid[OPS_KEY_ID_SIZE];
 	__ops_create_signature_t *sig = NULL;
 	__ops_create_info_t *cinfo = NULL;
 	__ops_memory_t   *mem = __ops_memory_new();
 	__ops_hash_algorithm_t hash_alg = OPS_HASH_SHA1;
 	__ops_literal_data_type_t ld_type;
 	__ops_hash_t     *hash = NULL;
 	/* setup literal data packet type */
-	if (sig_type == OPS_SIG_BINARY)
+	ld_type = (sig_type == OPS_SIG_BINARY) ? OPS_LDT_BINARY : OPS_LDT_TEXT;
 		ld_type = OPS_LDT_BINARY;
 	else
 		ld_type = OPS_LDT_TEXT;
 	/* set up signature */
 	sig = __ops_create_signature_new();
 	__ops_signature_start_message_signature(sig, skey, hash_alg, sig_type);
 	/* setup writer */
 	__ops_setup_memory_write(&cinfo, &mem, input_len);
 	/* set armoured/not armoured here */
-	if (use_armour)
+	if (use_armour) {
 		__ops_writer_push_armoured_message(cinfo);
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "** Writing out one pass sig\n");
+	}
 	/* write one_pass_sig */
 	__ops_write_one_pass_sig(skey, hash_alg, sig_type, cinfo);
 	/* hash file contents */
 	hash = __ops_signature_get_hash(sig);
 	hash->add(hash, input, input_len);
 	/* output file contents as Literal Data packet */
 @@ -1336,28 +1306,28 @@ __ops_sign_buf(const void *input, const
 		fprintf(stderr, "** Writing out data now\n");
+	}
 	__ops_write_literal_data_from_buf(input, input_len, ld_type, cinfo);
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "** After Writing out data now\n");
+	}
 	/* add subpackets to signature */
 	/* - creation time */
 	/* - key id */
 	__ops_signature_add_creation_time(sig, time(NULL));
-	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key);
+	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey);
 	__ops_signature_add_issuer_key_id(sig, keyid);
 	__ops_signature_hashed_subpackets_end(sig);
 	/* write out sig */
-	__ops_write_signature(sig, &skey->public_key, skey, cinfo);
+	__ops_write_signature(sig, &skey->pubkey, skey, cinfo);
 	/* tidy up */
 	__ops_writer_close(cinfo);
 	__ops_create_signature_delete(sig);
 	return mem;
+}
 #endif

 @@ -10,221 +10,252 @@
+ *
  * You may obtain a copy of the License at
  *     http://www.apache.org/licenses/LICENSE-2.0
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 #include "config.h"
-#include "crypto.h"
+#ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #include "readerwriter.h"
 #include "memory.h"
 #include "parse_local.h"
 #include "netpgpdefs.h"
 #include "signature.h"
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #include <string.h>
 #include <fcntl.h>
 #include "crypto.h"
 #include "readerwriter.h"
 #include "memory.h"
 #include "parse_local.h"
 #include "netpgpdefs.h"
 #include "signature.h"
 /**
 \ingroup Core_MPI
 \brief Decrypt and unencode MPI
 \param buf Buffer in which to write decrypted unencoded MPI
 \param buflen Length of buffer
 \param encmpi
 \param skey
 \return length of MPI
 \note only RSA at present
 */
 int
-__ops_decrypt_and_unencode_mpi(unsigned char *buf, unsigned buflen, const BIGNUM * encmpi,
+__ops_decrypt_and_unencode_mpi(unsigned char *buf,
-			     const __ops_secret_key_t * skey)
+				unsigned buflen,
 				const BIGNUM * encmpi,
 				const __ops_secret_key_t *skey)
+{
 	unsigned char   encmpibuf[NETPGP_BUFSIZ];
 	unsigned char   mpibuf[NETPGP_BUFSIZ];
 	unsigned        mpisize;
 	int             n;
 	int             i;
 	mpisize = BN_num_bytes(encmpi);
 	/* MPI can't be more than 65,536 */
-	assert(mpisize <= sizeof(encmpibuf));
+	if (mpisize > sizeof(encmpibuf)) {
 		(void) fprintf(stderr, "mpisize too big %u\n", mpisize);
 		return -1;
+	}
 	BN_bn2bin(encmpi, encmpibuf);
-	assert(skey->public_key.algorithm == OPS_PKA_RSA);
+	if (skey->pubkey.algorithm != OPS_PKA_RSA) {
 		(void) fprintf(stderr, "pubkey algorithm wrong\n");
 		return -1;
+	}
 	if (__ops_get_debug_level(__FILE__)) {
-		fprintf(stderr, "\nDECRYPTING\n");
+		(void) fprintf(stderr, "\nDECRYPTING\n");
-		fprintf(stderr, "encrypted data     : ");
+		(void) fprintf(stderr, "encrypted data     : ");
 		for (i = 0; i < 16; i++) {
-			fprintf(stderr, "%2x ", encmpibuf[i]);
+			(void) fprintf(stderr, "%2x ", encmpibuf[i]);
+		}
-		fprintf(stderr, "\n");
+		(void) fprintf(stderr, "\n");
+	}
 	n = __ops_rsa_private_decrypt(mpibuf, encmpibuf,
 				(unsigned)(BN_num_bits(encmpi) + 7) / 8,
 				&skey->key.rsa, &skey->pubkey.key.rsa);
 	if (n == -1) {
 		(void) fprintf(stderr, "ops_rsa_private_decrypt failure\n");
 		return -1;
+	}
 	n = __ops_rsa_private_decrypt(mpibuf, encmpibuf, (unsigned)(BN_num_bits(encmpi) + 7) / 8,
 				 &skey->key.rsa, &skey->public_key.key.rsa);
 	assert(n != -1);
 	if (__ops_get_debug_level(__FILE__)) {
-		fprintf(stderr, "decrypted encoded m buf     : ");
+		(void) fprintf(stderr, "decrypted encoded m buf     : ");
-		for (i = 0; i < 16; i++)
+		for (i = 0; i < 16; i++) {
-			fprintf(stderr, "%2x ", mpibuf[i]);
+			(void) fprintf(stderr, "%2x ", mpibuf[i]);
 		fprintf(stderr, "\n");
 		(void) fprintf(stderr, "\n");
+	}
-	if (n <= 0)
+	if (n <= 0) {
 		return -1;
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		printf(" decrypted=%d ", n);
 		hexdump(mpibuf, (unsigned)n, "");
 		printf("\n");
+	}
 	/* Decode EME-PKCS1_V1_5 (RFC 2437). */
-	if (mpibuf[0] != 0 || mpibuf[1] != 2)
+	if (mpibuf[0] != 0 || mpibuf[1] != 2) {
-		return false;
+		return -1;
+	}
 	/* Skip the random bytes. */
-	for (i = 2; i < n && mpibuf[i]; ++i);
+	for (i = 2; i < n && mpibuf[i]; ++i) {
+	}
-	if (i == n || i < 10)
+	if (i == n || i < 10) {
-		return false;
+		return -1;
+	}
 	/* Skip the zero */
 	++i;
 	/* this is the unencoded m buf */
-	if ((unsigned) (n - i) <= buflen)
+	if ((unsigned) (n - i) <= buflen) {
 		(void) memcpy(buf, mpibuf + i, (unsigned)(n - i));
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		int             j;
 		printf("decoded m buf:\n");
 		for (j = 0; j < n - i; j++)
 			printf("%2x ", buf[j]);
 		printf("\n");
+	}
 	return n - i;
+}
 /**
 \ingroup Core_MPI
 \brief RSA-encrypt an MPI
 */
 bool
 __ops_rsa_encrypt_mpi(const unsigned char *encoded_m_buf,
 		    const size_t sz_encoded_m_buf,
 		    const __ops_public_key_t * pkey,
 		    __ops_pk_session_key_parameters_t * skp)
+{
 	unsigned char   encmpibuf[NETPGP_BUFSIZ];
 	int             n = 0;
-	assert(sz_encoded_m_buf == (size_t) BN_num_bytes(pkey->key.rsa.n));
+	if (sz_encoded_m_buf != (size_t) BN_num_bytes(pkey->key.rsa.n)) {
 		(void) fprintf(stderr, "sz_encoded_m_buf wrong\n");
 		return false;
+	}
-	n = __ops_rsa_public_encrypt(encmpibuf, encoded_m_buf, sz_encoded_m_buf, &pkey->key.rsa);
+	n = __ops_rsa_public_encrypt(encmpibuf, encoded_m_buf,
-	assert(n != -1);
+				sz_encoded_m_buf, &pkey->key.rsa);
 	if (n == -1) {
 		(void) fprintf(stderr, "__ops_rsa_public_encrypt failure\n");
 		return false;
+	}
 	if (n <= 0)
 		return false;
 	skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL);
 	if (__ops_get_debug_level(__FILE__)) {
 		int             i;
 		fprintf(stderr, "encrypted mpi buf     : ");
 		for (i = 0; i < 16; i++) {
 			fprintf(stderr, "%2x ", encmpibuf[i]);
+		}
 		fprintf(stderr, "\n");
+	}
 	return true;
+}
 static          __ops_parse_cb_return_t
-callback_write_parsed(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo);
+callback_write_parsed(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo);
 /**
 \ingroup HighLevel_Crypto
 Encrypt a file
 \param input_filename Name of file to be encrypted
 \param output_filename Name of file to write to. If NULL, name is constructed from input_filename
 \param pub_key Public Key to encrypt file for
 \param use_armour Write armoured text, if set
 \param allow_overwrite Allow output file to be overwrwritten if it exists
 \return true if OK; else false
 */
 bool
-__ops_encrypt_file(const char *input_filename, const char *output_filename, const __ops_keydata_t * pub_key, const bool use_armour, const bool allow_overwrite)
+__ops_encrypt_file(const char *input_filename,
 			const char *output_filename,
 			const __ops_keydata_t * pub_key,
 			const bool use_armour,
 			const bool allow_overwrite)
+{
 	int             fd_in = 0;
 	int             fd_out = 0;
 	__ops_create_info_t *create;
 	unsigned char  *buf;
 	size_t          bufsz;
 	size_t		done;
 	int             fd_in = 0;
 	int             fd_out = 0;
 #ifdef O_BINARY
 	fd_in = open(input_filename, O_RDONLY | O_BINARY);
 #else
 	fd_in = open(input_filename, O_RDONLY);
 #endif
 	if (fd_in < 0) {
 		perror(input_filename);
 		return false;
+	}
-	fd_out = __ops_setup_file_write(&create, output_filename, allow_overwrite);
+	fd_out = __ops_setup_file_write(&create, output_filename,
-	if (fd_out < 0)
+				allow_overwrite);
 	if (fd_out < 0) {
 		return false;
+	}
 	/* set armoured/not armoured here */
-	if (use_armour)
+	if (use_armour) {
 		__ops_writer_push_armoured_message(create);
+	}
 	/* Push the encrypted writer */
 	__ops_writer_push_encrypt_se_ip(create, pub_key);
 	/* Do the writing */
 	buf = NULL;
 	bufsz = 16;
 	done = 0;
 	for (;;) {
 		int             n = 0;
 		buf = realloc(buf, done + bufsz);
-		n = read(fd_in, buf + done, bufsz);
+		if ((n = read(fd_in, buf + done, bufsz)) == 0) {
 		if (!n)
 			break;
 		assert(n >= 0);
 		if (n < 0) {
 			(void) fprintf(stderr, "Problem in read\n");
 			return false;
+		}
 		done += n;
+	}
 	/* This does the writing */
 	__ops_write(buf, done, create);
 	/* tidy up */
 	close(fd_in);
 	free(buf);
 	__ops_teardown_file_write(create, fd_out);
 	return true;
+}
 @@ -298,42 +329,42 @@ __ops_decrypt_file(const char *input_fil
 	/* setup for writing decrypted contents to given output file */
 	/* setup keyring and passphrase callback */
 	parse->cbinfo.cryptinfo.keyring = keyring;
 	parse->cbinfo.cryptinfo.cb_get_passphrase = cb_get_passphrase;
 	/* Set up armour/passphrase options */
 	if (use_armour)
 		__ops_reader_push_dearmour(parse);
 	/* Do it */
-	__ops_parse_and_print_errors(parse);
+	__ops_parse(parse, 1);
 	/* Unsetup */
 	if (use_armour)
 		__ops_reader_pop_dearmour(parse);
 	__ops_teardown_file_write(parse->cbinfo.cinfo, fd_out);
 	__ops_teardown_file_read(parse, fd_in);
 	/* \todo cleardown crypt */
 	return true;
+}
 static          __ops_parse_cb_return_t
-callback_write_parsed(const __ops_parser_content_t *contents, __ops_parse_cb_info_t * cbinfo)
+callback_write_parsed(const __ops_packet_t *contents, __ops_parse_cb_info_t * cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	static bool skipping;
 	OPS_USED(cbinfo);
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("callback_write_parsed: ");
 		__ops_print_packet(contents);
+	}
 	if (contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT && skipping) {
 		puts("...end of skip");
 		skipping = false;

 @@ -13,179 +13,176 @@
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /** \file
  */
 #include "config.h"
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #include <openssl/rand.h>
 #include "errors.h"
 #include "packet.h"
 #include "crypto.h"
 #include "create.h"
 #include "packet-parse.h"
 #include "packet-show.h"
 #include "signature.h"
 #include "netpgpsdk.h"
 #include "netpgpdefs.h"
 #include "memory.h"
 #include "keyring_local.h"
 #include "parse_local.h"
 #include "readerwriter.h"
 #include "loccreate.h"
 #include "version.h"
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #ifdef WIN32
 #define vsnprintf _vsnprintf
 #endif
 typedef struct {
 	__ops_keyring_t  *keyring;
 }               accumulate_t;
 /**
  * \ingroup Core_Callbacks
  */
 static          __ops_parse_cb_return_t
-accumulate_cb(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo)
+accumulate_cb(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo)
+{
 	accumulate_t *accumulate = __ops_parse_cb_get_arg(cbinfo);
 	const __ops_parser_content_union_t *content = &contents->u;
 	__ops_keyring_t  *keyring = accumulate->keyring;
 	__ops_keydata_t  *cur = NULL;
 	const __ops_public_key_t *pkey;
 	if (keyring->nkeys >= 0)
 		cur = &keyring->keys[keyring->nkeys];
 	switch (contents->tag) {
 	case OPS_PTAG_CT_PUBLIC_KEY:
 	case OPS_PTAG_CT_SECRET_KEY:
 	case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:
 		if (__ops_get_debug_level(__FILE__)) {
 			(void) fprintf(stderr, "New key - tag %d\n", contents->tag);
+		}
 		++keyring->nkeys;
 		EXPAND_ARRAY(keyring, keys);
 		if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY)
-			pkey = &content->public_key;
+			pkey = &content->pubkey;
 		else
-			pkey = &content->secret_key.public_key;
+			pkey = &content->secret_key.pubkey;
 		(void) memset(&keyring->keys[keyring->nkeys], 0x0,
 		       sizeof(keyring->keys[keyring->nkeys]));
 		__ops_keyid(keyring->keys[keyring->nkeys].key_id,
 			OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, pkey);
 		__ops_fingerprint(&keyring->keys[keyring->nkeys].fingerprint, pkey);
 		keyring->keys[keyring->nkeys].type = contents->tag;
 		if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY)
 			keyring->keys[keyring->nkeys].key.pkey = *pkey;
 		else
 			keyring->keys[keyring->nkeys].key.skey = content->secret_key;
 		return OPS_KEEP_MEMORY;
 	case OPS_PTAG_CT_USER_ID:
 		if (__ops_get_debug_level(__FILE__)) {
 			(void) fprintf(stderr, "User ID: %s\n", content->user_id.user_id);
+		}
 		if (!cur) {
 			OPS_ERROR(cbinfo->errors, OPS_E_P_NO_USERID, "No user id found");
 			return OPS_KEEP_MEMORY;
+		}
 		/* assert(cur); */
 		__ops_add_userid_to_keydata(cur, &content->user_id);
 		return OPS_KEEP_MEMORY;
 	case OPS_PARSER_PACKET_END:
 		if (!cur)
 			return OPS_RELEASE_MEMORY;
 		__ops_add_packet_to_keydata(cur, &content->packet);
 		return OPS_KEEP_MEMORY;
 	case OPS_PARSER_ERROR:
-		fprintf(stderr, "Error: %s\n", content->error.error);
+		(void) fprintf(stderr, "Error: %s\n", content->error.error);
-		assert( /* CONSTCOND */ 0);
+		return OPS_FINISHED;
 		break;
 	case OPS_PARSER_ERRCODE:
 		switch (content->errcode.errcode) {
 		default:
 			fprintf(stderr, "parse error: %s\n",
 				__ops_errcode(content->errcode.errcode));
 			/* assert(0); */
+		}
 		break;
 	default:
 		break;
+	}
 	/* XXX: we now exclude so many things, we should either drop this or */
 	/* do something to pass on copies of the stuff we keep */
 	return __ops_parse_stacked_cb(contents, cbinfo);
+}
 /**
  * \ingroup Core_Parse
+ *
  * Parse packets from an input stream until EOF or error.
+ *
  * Key data found in the parsed data is added to #keyring.
+ *
  * \param keyring Pointer to an existing keyring
  * \param parse Options to use when parsing
 */
 int
-__ops_parse_and_accumulate(__ops_keyring_t * keyring, __ops_parse_info_t *parse)
+__ops_parse_and_accumulate(__ops_keyring_t *keyring, __ops_parse_info_t *parse)
+{
 	accumulate_t	accumulate;
 	int             rtn;
 	accumulate_t accumulate;
-	assert(!parse->rinfo.accumulate);
+	if (parse->rinfo.accumulate) {
 		(void) fprintf(stderr,
 			"__ops_parse_and_accumulate: already init\n");
 		return 0;
+	}
 	(void) memset(&accumulate, 0x0, sizeof(accumulate));
 	accumulate.keyring = keyring;
 	/* Kinda weird, but to do with counting, and we put it back after */
 	keyring->nkeys -= 1;
 	__ops_parse_cb_push(parse, accumulate_cb, &accumulate);
 	parse->rinfo.accumulate = true;
-	rtn = __ops_parse(parse);
+	rtn = __ops_parse(parse, 0);
 	keyring->nkeys += 1;
 	return rtn;
+}
 static void
 dump_one_keydata(const __ops_keydata_t * key)
+{
 	unsigned        n;
 	printf("Key ID: ");
 	hexdump(key->key_id, OPS_KEY_ID_SIZE, "");
 @@ -297,37 +294,41 @@ __ops_errcode(const __ops_errcode_t errc
+ *
  */
 void
 __ops_push_error(__ops_error_t ** errstack, __ops_errcode_t errcode, int sys_errno,
 	       const char *file, int line, const char *fmt,...)
+{
 	/* first get the varargs and generate the comment */
 	__ops_error_t  *err;
 	unsigned	maxbuf = 128;
 	va_list		args;
 	char           *comment;
-	comment = calloc(1, maxbuf + 1);
+	if ((comment = calloc(1, maxbuf + 1)) == NULL) {
-	assert(comment);
+		(void) fprintf(stderr, "calloc comment failure\n");
 		return;
+	}
 	va_start(args, fmt);
 	vsnprintf(comment, maxbuf + 1, fmt, args);
 	va_end(args);
 	/* alloc a new error and add it to the top of the stack */
-	err = calloc(1, sizeof(__ops_error_t));
+	if ((err = calloc(1, sizeof(__ops_error_t))) == NULL) {
-	assert(err);
+		(void) fprintf(stderr, "calloc comment failure\n");
 		return;
+	}
 	err->next = *errstack;
 	*errstack = err;
 	/* fill in the details */
 	err->errcode = errcode;
 	err->sys_errno = sys_errno;
 	err->file = file;
 	err->line = line;
 	err->comment = comment;
+}
 @@ -404,29 +405,33 @@ __ops_free_errors(__ops_error_t * errsta
  * \brief Calculate a public key fingerprint.
  * \param fp Where to put the calculated fingerprint
  * \param key The key for which the fingerprint is calculated
  */
 void
 __ops_fingerprint(__ops_fingerprint_t * fp, const __ops_public_key_t * key)
+{
 	if (key->version == 2 || key->version == 3) {
 		unsigned char  *bn;
 		size_t		n;
 		__ops_hash_t	md5;
-		assert(key->algorithm == OPS_PKA_RSA
+		if (key->algorithm != OPS_PKA_RSA &&
-		       || key->algorithm == OPS_PKA_RSA_ENCRYPT_ONLY
+		    key->algorithm != OPS_PKA_RSA_ENCRYPT_ONLY &&
-		       || key->algorithm == OPS_PKA_RSA_SIGN_ONLY);
+		    key->algorithm != OPS_PKA_RSA_SIGN_ONLY) {
 			(void) fprintf(stderr,
 				"__ops_fingerprint: bad algorithm\n");
 			return;
+		}
 		__ops_hash_md5(&md5);
 		md5.init(&md5);
 		n = BN_num_bytes(key->key.rsa.n);
 		bn = calloc(1, n);
 		BN_bn2bin(key->key.rsa.n, bn);
 		md5.add(&md5, bn, n);
 		(void) free(bn);
 		n = BN_num_bytes(key->key.rsa.e);
 		bn = calloc(1, n);
 		BN_bn2bin(key->key.rsa.e, bn);
 @@ -469,30 +474,36 @@ __ops_fingerprint(__ops_fingerprint_t *
  * \brief Calculate the Key ID from the public key.
  * \param keyid Space for the calculated ID to be stored
  * \param key The key for which the ID is calculated
  */
 void
 __ops_keyid(unsigned char *keyid, const size_t idlen, const int last,
 	const __ops_public_key_t *key)
+{
 	if (key->version == 2 || key->version == 3) {
 		unsigned char   bn[NETPGP_BUFSIZ];
 		unsigned        n = BN_num_bytes(key->key.rsa.n);
-		assert(n <= sizeof(bn));
+		if (n > sizeof(bn)) {
-		assert(key->algorithm == OPS_PKA_RSA
+			(void) fprintf(stderr, "__ops_keyid: bad num bytes\n");
-		       || key->algorithm == OPS_PKA_RSA_ENCRYPT_ONLY
+			return;
 		       || key->algorithm == OPS_PKA_RSA_SIGN_ONLY);
 		if (key->algorithm != OPS_PKA_RSA &&
 		    key->algorithm != OPS_PKA_RSA_ENCRYPT_ONLY &&
 		    key->algorithm != OPS_PKA_RSA_SIGN_ONLY) {
 			(void) fprintf(stderr, "__ops_keyid: bad algorithm\n");
 			return;
+		}
 		BN_bn2bin(key->key.rsa.n, bn);
 		(void) memcpy(keyid, (last == 0) ? bn : bn + n - idlen, idlen);
 	} else {
 		__ops_fingerprint_t finger;
 		__ops_fingerprint(&finger, key);
 		(void) memcpy(keyid,
 			(last == 0) ? finger.fingerprint :
 				finger.fingerprint + finger.length - idlen,
 			idlen);
+	}
+}
 @@ -539,27 +550,27 @@ __ops_hash_any(__ops_hash_t * hash, __op
 	case OPS_HASH_SHA384:
 		__ops_hash_sha384(hash);
 		break;
 	case OPS_HASH_SHA512:
 		__ops_hash_sha512(hash);
 		break;
 	case OPS_HASH_SHA224:
 		__ops_hash_sha224(hash);
 		break;
 	default:
-		assert( /* CONSTCOND */ 0);
+		(void) fprintf(stderr, "__ops_hash_any: bad algorithm\n");
+	}
+}
 /**
 \ingroup Core_Hashes
 \brief Returns size of hash for given hash algorithm
 \param alg Hash algorithm to use
 \return Size of hash algorithm in bytes
 */
 unsigned
 __ops_hash_size(__ops_hash_algorithm_t alg)
+{
 	switch (alg) {
 @@ -572,27 +583,27 @@ __ops_hash_size(__ops_hash_algorithm_t a
 	case OPS_HASH_SHA256:
 		return 32;
 	case OPS_HASH_SHA224:
 		return 28;
 	case OPS_HASH_SHA512:
 		return 64;
 	case OPS_HASH_SHA384:
 		return 48;
 	default:
-		assert( /* CONSTCOND */ 0);
+		(void) fprintf(stderr, "__ops_hash_size: bad algorithm\n");
+	}
 	return 0;
+}
 /**
 \ingroup Core_Hashes
 \brief Returns hash enum corresponding to given string
 \param hash Text name of hash algorithm i.e. "SHA1"
 \returns Corresponding enum i.e. OPS_HASH_SHA1
 */
 __ops_hash_algorithm_t
 __ops_hash_algorithm_from_text(const char *hash)
 @@ -738,59 +749,68 @@ __ops_memory_init(__ops_memory_t * mem,
 	mem->buf = calloc(1, needed);
 	mem->allocated = needed;
+}
 /**
 \ingroup HighLevel_Memory
 \brief Pad memory to required length
 \param mem Memory to use
 \param length New size
 */
 void
 __ops_memory_pad(__ops_memory_t * mem, size_t length)
+{
-	assert(mem->allocated >= mem->length);
+	if (mem->allocated < mem->length) {
 		(void) fprintf(stderr, "__ops_memory_pad: bad alloc in\n");
 		return;
+	}
 	if (mem->allocated < mem->length + length) {
 		mem->allocated = mem->allocated * 2 + length;
 		mem->buf = realloc(mem->buf, mem->allocated);
+	}
-	assert(mem->allocated >= mem->length + length);
+	if (mem->allocated < mem->length + length) {
 		(void) fprintf(stderr, "__ops_memory_pad: bad alloc out\n");
+	}
+}
 /**
 \ingroup HighLevel_Memory
 \brief Add data to memory
 \param mem Memory to which to add
 \param src Data to add
 \param length Length of data to add
 */
 void
 __ops_memory_add(__ops_memory_t * mem, const unsigned char *src, size_t length)
+{
 	__ops_memory_pad(mem, length);
 	(void) memcpy(mem->buf + mem->length, src, length);
 	mem->length += length;
+}
 /* XXX: this could be refactored via the writer, but an awful lot of */
 /* hoops to jump through for 2 lines of code! */
 void
 __ops_memory_place_int(__ops_memory_t * mem, unsigned offset, unsigned n,
 		     size_t length)
+{
-	assert(mem->allocated >= offset + length);
+	if (mem->allocated < offset + length) {
 		(void) fprintf(stderr,
-	while (length--)
+			"__ops_memory_place_int: bad alloc\n");
-		mem->buf[offset++] = n >> (length * 8);
+	} else {
 		while (length--) {
 			mem->buf[offset++] = n >> (length * 8);
+		}
+	}
+}
 /**
  * \ingroup HighLevel_Memory
  * \brief Retains allocated memory and set length of stored data to zero.
  * \param mem Memory to clear
  * \sa __ops_memory_release()
  * \sa __ops_memory_free()
  */
 void
 __ops_memory_clear(__ops_memory_t * mem)
+{
 	mem->length = 0;

 @@ -15,30 +15,26 @@
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 #include "config.h"
 #include "crypto.h"
 #include "packet-show.h"
 #include <string.h>
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #ifdef HAVE_OPENSSL_CAST_H
 #include <openssl/cast.h>
 #endif
 #ifdef HAVE_OPENSSL_IDEA_H
 #include <openssl/idea.h>
 #endif
 #ifdef HAVE_OPENSSL_AES_H
 #include <openssl/aes.h>
 #endif
 #ifdef HAVE_OPENSSL_DES_H
 @@ -140,37 +136,42 @@ static __ops_crypt_t cast5 =
 	std_resync,
 	cast5_block_encrypt,
 	cast5_block_decrypt,
 	cast5_cfb_encrypt,
 	cast5_cfb_decrypt,
 	std_finish,
 	TRAILER
 };
 #ifndef OPENSSL_NO_IDEA
 static void
 idea_init(__ops_crypt_t * crypt)
+{
-	assert(crypt->keysize == IDEA_KEY_LENGTH);
+	if (crypt->keysize != IDEA_KEY_LENGTH) {
 		(void) fprintf(stderr, "idea_init: keysize wrong\n");
 		return;
+	}
-	if (crypt->encrypt_key)
+	if (crypt->encrypt_key) {
-		free(crypt->encrypt_key);
+		(void) free(crypt->encrypt_key);
+	}
 	crypt->encrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE));
 	/* note that we don't invert the key when decrypting for CFB mode */
 	idea_set_encrypt_key(crypt->key, crypt->encrypt_key);
-	if (crypt->decrypt_key)
+	if (crypt->decrypt_key) {
-		free(crypt->decrypt_key);
+		(void) free(crypt->decrypt_key);
+	}
 	crypt->decrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE));
 	idea_set_decrypt_key(crypt->encrypt_key, crypt->decrypt_key);
+}
 static void
 idea_block_encrypt(__ops_crypt_t * crypt, void *out, const void *in)
+{
 	idea_ecb_encrypt(in, out, crypt->encrypt_key);
+}
 static void
 idea_block_decrypt(__ops_crypt_t * crypt, void *out, const void *in)
 @@ -398,101 +399,99 @@ get_proto(__ops_symmetric_algorithm_t al
 		return &idea;
 #endif				/* OPENSSL_NO_IDEA */
 	case OPS_SA_AES_128:
 		return &aes128;
 	case OPS_SA_AES_256:
 		return &aes256;
 	case OPS_SA_TRIPLEDES:
 		return &tripledes;
 	default:
-		fprintf(stderr, "Unknown algorithm: %d (%s)\n", alg, __ops_show_symmetric_algorithm(alg));
+		(void) fprintf(stderr, "Unknown algorithm: %d (%s)\n",
-		/* assert(0); */
+			alg, __ops_show_symmetric_algorithm(alg));
+	}
 	return NULL;
+}
 int
 __ops_crypt_any(__ops_crypt_t * crypt, __ops_symmetric_algorithm_t alg)
+{
 	const __ops_crypt_t *ptr = get_proto(alg);
 	if (ptr) {
 		*crypt = *ptr;
 		return 1;
 	} else {
 		(void) memset(crypt, 0x0, sizeof(*crypt));
 		return 0;
+	}
+}
 unsigned
 __ops_block_size(__ops_symmetric_algorithm_t alg)
+{
 	const __ops_crypt_t *p = get_proto(alg);
-	if (!p)
+	return (p == NULL) ? 0 : p->blocksize;
 		return 0;
 	return p->blocksize;
+}
 unsigned
 __ops_key_size(__ops_symmetric_algorithm_t alg)
+{
 	const __ops_crypt_t *p = get_proto(alg);
-	if (!p)
+	return (p == NULL) ? 0 : p->keysize;
 		return 0;
 	return p->keysize;
+}
 void
 __ops_encrypt_init(__ops_crypt_t * encrypt)
+{
 	/* \todo should there be a separate __ops_encrypt_init? */
 	__ops_decrypt_init(encrypt);
+}
 void
 __ops_decrypt_init(__ops_crypt_t * decrypt)
+{
 	decrypt->base_init(decrypt);
 	decrypt->block_encrypt(decrypt, decrypt->siv, decrypt->iv);
 	(void) memcpy(decrypt->civ, decrypt->siv, decrypt->blocksize);
 	decrypt->num = 0;
+}
 size_t
-__ops_decrypt_se(__ops_crypt_t * decrypt, void *outvoid, const void *invoid, size_t count)
+__ops_decrypt_se(__ops_crypt_t * decrypt, void *outvoid, const void *invoid,
 		size_t count)
+{
 	unsigned char  *out = outvoid;
 	const unsigned char *in = invoid;
 	int             saved = count;
 	/*
 	 * in order to support v3's weird resyncing we have to implement CFB
 	 * mode ourselves
 	 */
 	while (count-- > 0) {
 		unsigned char   t;
 		if ((size_t) decrypt->num == decrypt->blocksize) {
-			(void) memcpy(decrypt->siv, decrypt->civ, decrypt->blocksize);
+			(void) memcpy(decrypt->siv, decrypt->civ,
-			decrypt->block_decrypt(decrypt, decrypt->civ, decrypt->civ);
+					decrypt->blocksize);
 			decrypt->block_decrypt(decrypt, decrypt->civ,
 					decrypt->civ);
 			decrypt->num = 0;
+		}
 		t = decrypt->civ[decrypt->num];
 		*out++ = t ^ (decrypt->civ[decrypt->num++] = *in++);
+	}
 	return saved;
+}
 size_t
 __ops_encrypt_se(__ops_crypt_t * encrypt, void *outvoid, const void *invoid,
 	       size_t count)
+{

 @@ -20,60 +20,54 @@
  */
 /** \file
  * This file contains the base functions used by the writers.
  */
 #include "config.h"
 #include <sys/types.h>
 #ifdef HAVE_SYS_UIO_H
 #include <sys/uio.h>
 #endif
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #ifdef HAVE_OPENSSL_CAST_H
 #include <openssl/cast.h>
 #endif
 #include "create.h"
 #include "writer.h"
 #include "keyring.h"
 #include "signature.h"
 #include "packet.h"
 #include "packet-parse.h"
 #include "readerwriter.h"
 #include "memory.h"
 #include "netpgpdefs.h"
 #include "keyring_local.h"
 #include "version.h"
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #ifdef HAVE_OPENSSL_CAST_H
 #include <openssl/cast.h>
 #endif
 /*
  * return true if OK, otherwise false
  */
 static bool
 base_write(const void *src, unsigned length, __ops_create_info_t * info)
+{
 	return info->winfo.writer(src, length, &info->errors, &info->winfo);
+}
 /**
  * \ingroup Core_WritePackets
+ *
 @@ -114,27 +108,30 @@ __ops_write_scalar(unsigned n, unsigned
 /**
  * \ingroup Core_WritePackets
  * \param bn
  * \param info
  * \return 1 if OK, otherwise 0
  */
 bool
 __ops_write_mpi(const BIGNUM * bn, __ops_create_info_t * info)
+{
 	unsigned char   buf[NETPGP_BUFSIZ];
 	unsigned	bits = (unsigned)BN_num_bits(bn);
-	assert(bits <= 65535);
+	if (bits > 65535) {
 		(void) fprintf(stderr, "__ops_write_mpi: too large %u\n", bits);
 		return false;
+	}
 	BN_bn2bin(bn, buf);
 	return __ops_write_scalar(bits, 2, info) &&
 		__ops_write(buf, (bits + 7) / 8, info);
+}
 /**
  * \ingroup Core_WritePackets
  * \param tag
  * \param info
  * \return 1 if OK, otherwise 0
  */
 bool
 @@ -184,27 +181,30 @@ writer_info_finalise(__ops_error_t ** er
 		winfo->finaliser = NULL;
+	}
 	if (winfo->next && !writer_info_finalise(errors, winfo->next)) {
 		winfo->finaliser = NULL;
 		return false;
+	}
 	return ret;
+}
 void
 writer_info_delete(__ops_writer_info_t * winfo)
+{
 	/* we should have finalised before deleting */
-	assert(!winfo->finaliser);
+	if (winfo->finaliser) {
 		(void) fprintf(stderr, "writer_info_delete: not finalised\n");
 		return;
+	}
 	if (winfo->next) {
 		writer_info_delete(winfo->next);
 		free(winfo->next);
 		winfo->next = NULL;
+	}
 	if (winfo->destroyer) {
 		winfo->destroyer(winfo);
 		winfo->destroyer = NULL;
+	}
 	winfo->writer = NULL;
+}
 /**
 @@ -215,80 +215,89 @@ writer_info_delete(__ops_writer_info_t *
  * \param info The info structure
  * \param writer
  * \param finaliser
  * \param destroyer
  * \param arg The argument for the writer and destroyer
  */
 void
 __ops_writer_set(__ops_create_info_t * info,
 	       __ops_writer_t * writer,
 	       __ops_writer_finaliser_t * finaliser,
 	       __ops_writer_destroyer_t * destroyer,
 	       void *arg)
+{
-	assert(!info->winfo.writer);
+	if (info->winfo.writer) {
-	info->winfo.writer = writer;
+		(void) fprintf(stderr, "__ops_writer_set: already set\n");
-	info->winfo.finaliser = finaliser;
+	} else {
-	info->winfo.destroyer = destroyer;
+		info->winfo.writer = writer;
-	info->winfo.arg = arg;
+		info->winfo.finaliser = finaliser;
 		info->winfo.destroyer = destroyer;
 		info->winfo.arg = arg;
+	}
+}
 /**
  * \ingroup Core_Writers
+ *
  * Push a writer in info. There must already be another writer set.
+ *
  * \param info The info structure
  * \param writer
  * \param finaliser
  * \param destroyer
  * \param arg The argument for the writer and destroyer
  */
 void
 __ops_writer_push(__ops_create_info_t * info,
 		__ops_writer_t * writer,
 		__ops_writer_finaliser_t * finaliser,
 		__ops_writer_destroyer_t * destroyer,
 		void *arg)
+{
 	__ops_writer_info_t *copy = calloc(1, sizeof(*copy));
-	assert(info->winfo.writer);
+	if (info->winfo.writer == NULL) {
-	*copy = info->winfo;
+		(void) fprintf(stderr, "__ops_writer_push: no orig writer\n");
-	info->winfo.next = copy;
+	} else {
 		*copy = info->winfo;
-	info->winfo.writer = writer;
+		info->winfo.next = copy;
 	info->winfo.finaliser = finaliser;
-	info->winfo.destroyer = destroyer;
+		info->winfo.writer = writer;
-	info->winfo.arg = arg;
+		info->winfo.finaliser = finaliser;
 		info->winfo.destroyer = destroyer;
 		info->winfo.arg = arg;
+	}
+}
 void
 __ops_writer_pop(__ops_create_info_t * info)
+{
 	__ops_writer_info_t *next;
 	/* Make sure the finaliser has been called. */
-	assert(!info->winfo.finaliser);
+	if (info->winfo.finaliser) {
-	/* Make sure this is a stacked writer */
+		(void) fprintf(stderr,
-	assert(info->winfo.next);
+			"__ops_writer_pop: finaliser not called\n");
-	if (info->winfo.destroyer) {
+	} else if (info->winfo.next == NULL) {
-		info->winfo.destroyer(&info->winfo);
+		(void) fprintf(stderr,
 			"__ops_writer_pop: not a stacked writer\n");
 	} else {
 		if (info->winfo.destroyer) {
 			info->winfo.destroyer(&info->winfo);
+		}
 		next = info->winfo.next;
 		info->winfo = *next;
 		free(next);
+	}
 	next = info->winfo.next;
 	info->winfo = *next;
 	free(next);
+}
 /**
  * \ingroup Core_Writers
+ *
  * Close the writer currently set in info.
+ *
  * \param info The info structure
  */
 bool
 __ops_writer_close(__ops_create_info_t * info)
+{
 	bool   ret = writer_info_finalise(&info->errors, &info->winfo);
 @@ -717,27 +726,28 @@ armoured_finaliser(__ops_armor_type_t ty
 	switch (type) {
 	case OPS_PGP_PUBLIC_KEY_BLOCK:
 		tail = tail_public_key;
 		sz_tail = sizeof(tail_public_key) - 1;
 		break;
 	case OPS_PGP_PRIVATE_KEY_BLOCK:
 		tail = tail_private_key;
 		sz_tail = sizeof(tail_private_key) - 1;
 		break;
 	default:
-		assert(/* CONSTCOND */0);
+		(void) fprintf(stderr, "armoured_finaliser: unusual type\n");
 		return false;
+	}
 	base64 = __ops_writer_get_arg(winfo);
 	if (base64->pos) {
 		if (!__ops_stacked_write(&b64map[base64->t], 1, errors, winfo)) {
 			return false;
+		}
 		if (base64->pos == 1 && !__ops_stacked_write("==", 2, errors, winfo)) {
 			return false;
+		}
 		if (base64->pos == 2 && !__ops_stacked_write("=", 1, errors, winfo)) {
 			return false;
 @@ -798,37 +808,41 @@ __ops_writer_push_armoured(__ops_create_
 	case OPS_PGP_PUBLIC_KEY_BLOCK:
 		header = hdr_public_key;
 		sz_hdr = sizeof(hdr_public_key) - 1;
 		finaliser = armoured_public_key_finaliser;
 		break;
 	case OPS_PGP_PRIVATE_KEY_BLOCK:
 		header = hdr_private_key;
 		sz_hdr = sizeof(hdr_private_key) - 1;
 		finaliser = armoured_private_key_finaliser;
 		break;
 	default:
-		assert(/* CONSTCOND */0);
+		(void) fprintf(stderr,
 			"__ops_writer_push_armoured: unusual type\n");
 		return;
+	}
 	__ops_write(header, sz_hdr, info);
-	__ops_writer_push(info, linebreak_writer, NULL, __ops_writer_generic_destroyer,
+	__ops_writer_push(info, linebreak_writer, NULL,
 			__ops_writer_generic_destroyer,
 			calloc(1, sizeof(linebreak_t)));
 	base64 = calloc(1, sizeof(*base64));
 	base64->checksum = CRC24_INIT;
-	__ops_writer_push(info, base64_writer, finaliser, __ops_writer_generic_destroyer, base64);
+	__ops_writer_push(info, base64_writer, finaliser,
 			__ops_writer_generic_destroyer, base64);
+}
 /**************************************************************************/
 typedef struct {
 	__ops_crypt_t    *crypt;
 	int             free_crypt;
 }               crypt_t;
 /*
  * This writer simply takes plaintext as input,
  * encrypts it with the given key
  * and outputs the resulting encrypted text
 @@ -838,27 +852,28 @@ encrypt_writer(const unsigned char *src,
 	       unsigned length,
 	       __ops_error_t ** errors,
 	       __ops_writer_info_t * winfo)
+{
 #define BUFSZ 1024		/* arbitrary number */
 	unsigned char   encbuf[BUFSZ];
 	unsigned        remaining = length;
 	unsigned        done = 0;
 	crypt_t    *pgp_encrypt = (crypt_t *) __ops_writer_get_arg(winfo);
 	if (!__ops_is_sa_supported(pgp_encrypt->crypt->algorithm)) {
-		assert(/* CONSTCOND */0);/* \todo proper error handling */
+		(void) fprintf(stderr, "encrypt_writer: not supported\n");
 		return false;
+	}
 	while (remaining) {
 		unsigned        len = remaining < BUFSZ ? remaining : BUFSZ;
 		/* memcpy(buf,src,len); // \todo copy needed here? */
 		pgp_encrypt->crypt->cfb_encrypt(pgp_encrypt->crypt, encbuf, src + done, len);
 		if (__ops_get_debug_level(__FILE__)) {
 			int             i = 0;
 			fprintf(stderr, "WRITING:\nunencrypted: ");
 			for (i = 0; i < 16; i++) {
 @@ -981,59 +996,68 @@ encrypt_se_ip_writer(const unsigned char
 	__ops_create_info_t *cinfo_literal;
 	__ops_memory_t   *mem_compressed;
 	__ops_create_info_t *cinfo_compressed;
 	__ops_memory_t   *my_mem;
 	__ops_create_info_t *my_cinfo;
 	const unsigned int bufsz = 128;	/* initial value; gets expanded as
 					 * necessary */
 	__ops_setup_memory_write(&cinfo_literal, &mem_literal, bufsz);
 	__ops_setup_memory_write(&cinfo_compressed, &mem_compressed, bufsz);
 	__ops_setup_memory_write(&my_cinfo, &my_mem, bufsz);
 	/* create literal data packet from source data */
-	__ops_write_literal_data_from_buf(src, (const int)length, OPS_LDT_BINARY, cinfo_literal);
+	__ops_write_literal_data_from_buf(src, (const int)length,
-	assert(__ops_memory_get_length(mem_literal) > length);
+			OPS_LDT_BINARY, cinfo_literal);
 	if (__ops_memory_get_length(mem_literal) <= length) {
 		(void) fprintf(stderr, "encrypt_se_ip_writer: bad length\n");
 		return false;
+	}
 	/* create compressed packet from literal data packet */
 	__ops_write_compressed(__ops_memory_get_data(mem_literal),
 			     __ops_memory_get_length(mem_literal),
 			     cinfo_compressed);
 	/* create SE IP packet set from this compressed literal data */
 	__ops_write_se_ip_pktset(__ops_memory_get_data(mem_compressed),
 			       __ops_memory_get_length(mem_compressed),
 			       se_ip->crypt, my_cinfo);
-	assert(__ops_memory_get_length(my_mem) > __ops_memory_get_length(mem_compressed));
+	if (__ops_memory_get_length(my_mem) <=
 			__ops_memory_get_length(mem_compressed)) {
 		(void) fprintf(stderr,
 				"encrypt_se_ip_writer: bad comp length\n");
 		return false;
+	}
 	/* now write memory to next writer */
 	rtn = __ops_stacked_write(__ops_memory_get_data(my_mem),
 				__ops_memory_get_length(my_mem),
 				errors, winfo);
 	__ops_memory_free(my_mem);
 	__ops_memory_free(mem_compressed);
 	__ops_memory_free(mem_literal);
 	return rtn;
+}
 static void
 encrypt_se_ip_destroyer(__ops_writer_info_t * winfo)
+{
 	encrypt_se_ip_t *se_ip = __ops_writer_get_arg(winfo);
-	free(se_ip->crypt);
+	(void) free(se_ip->crypt);
-	free(se_ip);
+	(void) free(se_ip);
+}
 bool
 __ops_write_se_ip_pktset(const unsigned char *data,
 		       const unsigned int len,
 		       __ops_crypt_t * crypted,
 		       __ops_create_info_t * cinfo)
+{
 	unsigned char   hashed[SHA_DIGEST_LENGTH];
 	const size_t    sz_mdc = 1 + 1 + SHA_DIGEST_LENGTH;
 	size_t          sz_preamble = crypted->blocksize + 2;
 	unsigned char  *preamble = calloc(1, sz_preamble);
 	size_t          sz_buf = sz_preamble + len + sz_mdc;
 @@ -1336,27 +1360,30 @@ __ops_writer_push_stream_encrypt_se_ip(_
 			stream_encrypt_se_ip_destroyer, se_ip);
 	/* tidy up */
 	free(encrypted_pk_session_key);
 	free(iv);
+}
 static unsigned int
 __ops_calc_partial_data_length(unsigned int len)
+{
 	int             i;
 	unsigned int    mask = MAX_PARTIAL_DATA_LENGTH;
-	assert(len > 0);
+	if (len == 0) {
 		(void) fprintf(stderr, "__ops_calc_partial_data_length: 0 len\n");
 		return 0;
+	}
 	if (len > MAX_PARTIAL_DATA_LENGTH) {
 		return MAX_PARTIAL_DATA_LENGTH;
+	}
 	for (i = 0; i <= 30; i++) {
 		if (mask & len) {
 			break;
+		}
 		mask >>= 1;
+	}
 	return mask;
+}
 @@ -1397,27 +1424,32 @@ __ops_stream_write_literal_data(const un
 static          bool
 __ops_stream_write_literal_data_first(const unsigned char *data,
 				    unsigned int len,
 				    const __ops_literal_data_type_t type,
 				    __ops_create_info_t * info)
+{
 	/* \todo add filename  */
 	/* \todo add date */
 	/* \todo do we need to check text data for <cr><lf> line endings ? */
 	size_t          sz_towrite = 1 + 1 + 4 + len;
 	size_t          sz_pd = __ops_calc_partial_data_length(sz_towrite);
-	assert(sz_pd >= 512);
+	if (sz_pd < 512) {
 		(void) fprintf(stderr,
 			"__ops_stream_write_literal_data_first: bad sz_pd\n");
 		return false;
+	}
 	__ops_write_ptag(OPS_PTAG_CT_LITERAL_DATA, info);
 	__ops_write_partial_data_length(sz_pd, info);
 	__ops_write_scalar((unsigned)type, 1, info);
 	__ops_write_scalar(0, 1, info);
 	__ops_write_scalar(0, 4, info);
 	__ops_write(data, sz_pd - 6, info);
 	data += (sz_pd - 6);
 	sz_towrite -= sz_pd;
 	__ops_stream_write_literal_data(data, sz_towrite, info);
 	return true;
+}
 @@ -1457,27 +1489,31 @@ __ops_stream_write_se_ip(const unsigned
+}
 static          bool
 __ops_stream_write_se_ip_first(const unsigned char *data,
 			     unsigned int len,
 			     stream_encrypt_se_ip_t * se_ip,
 			     __ops_create_info_t * cinfo)
+{
 	size_t          sz_preamble = se_ip->crypt->blocksize + 2;
 	size_t          sz_towrite = sz_preamble + 1 + len;
 	unsigned char  *preamble = calloc(1, sz_preamble);
 	size_t          sz_pd = __ops_calc_partial_data_length(sz_towrite);
-	assert(sz_pd >= 512);
+	if (sz_pd < 512) {
 		(void) fprintf(stderr,
 			"__ops_stream_write_se_ip_first: bad sz_pd\n");
 		return false;
+	}
 	__ops_write_ptag(OPS_PTAG_CT_SE_IP_DATA, cinfo);
 	__ops_write_partial_data_length(sz_pd, cinfo);
 	__ops_write_scalar(SE_IP_DATA_VERSION, 1, cinfo);
 	__ops_writer_push_encrypt_crypt(cinfo, se_ip->crypt);
 	__ops_random(preamble, se_ip->crypt->blocksize);
 	preamble[se_ip->crypt->blocksize] = preamble[se_ip->crypt->blocksize - 2];
 	preamble[se_ip->crypt->blocksize + 1] = preamble[se_ip->crypt->blocksize - 1];
 	__ops_hash_any(&se_ip->hash, OPS_HASH_SHA1);
 	se_ip->hash.init(&se_ip->hash);

 @@ -13,53 +13,51 @@
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /** \file
  */
 #include "config.h"
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_TERMIOS_H
 #include <termios.h>
 #endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #include "keyring.h"
 #include "packet-parse.h"
 #include "signature.h"
 #include "netpgpsdk.h"
 #include "readerwriter.h"
 #include "netpgpdefs.h"
 #include "keyring_local.h"
 #include "parse_local.h"
 #include "validate.h"
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #ifdef HAVE_TERMIOS_H
 #include <termios.h>
 #endif
 #include <fcntl.h>
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 /**
    \ingroup HighLevel_Keyring
    \brief Creates a new __ops_keydata_t struct
    \return A new __ops_keydata_t struct, initialised to zero.
    \note The returned __ops_keydata_t struct must be freed after use with __ops_keydata_free.
 */
 __ops_keydata_t  *
 @@ -69,67 +67,69 @@ __ops_keydata_new(void)
+}
 /**
  \ingroup HighLevel_Keyring
  \brief Frees keydata and its memory
  \param keydata Key to be freed.
  \note This frees the keydata itself, as well as any other memory alloc-ed by it.
 */
 void
-__ops_keydata_free(__ops_keydata_t * keydata)
+__ops_keydata_free(__ops_keydata_t *keydata)
+{
 	unsigned        n;
-	for (n = 0; n < keydata->nuids; ++n)
+	for (n = 0; n < keydata->nuids; ++n) {
 		__ops_user_id_free(&keydata->uids[n]);
 	free(keydata->uids);
 	(void) free(keydata->uids);
 	keydata->uids = NULL;
 	keydata->nuids = 0;
-	for (n = 0; n < keydata->npackets; ++n)
+	for (n = 0; n < keydata->npackets; ++n) {
-		__ops_packet_free(&keydata->packets[n]);
+		__ops_subpacket_free(&keydata->packets[n]);
 	free(keydata->packets);
 	(void) free(keydata->packets);
 	keydata->packets = NULL;
 	keydata->npackets = 0;
-	if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY)
+	if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) {
 		__ops_public_key_free(&keydata->key.pkey);
-	else
+	} else {
 		__ops_secret_key_free(&keydata->key.skey);
+	}
-	free(keydata);
+	(void) free(keydata);
+}
 /**
  \ingroup HighLevel_KeyGeneral
  \brief Returns the public key in the given keydata.
  \param keydata
   \return Pointer to public key
   \note This is not a copy, do not free it after use.
 */
 const __ops_public_key_t *
 __ops_get_public_key_from_data(const __ops_keydata_t * keydata)
+{
-	if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY)
+	return (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) ? &keydata->key.pkey :
-		return &keydata->key.pkey;
+		&keydata->key.skey.pubkey;
 	return &keydata->key.skey.public_key;
+}
 /**
 \ingroup HighLevel_KeyGeneral
 \brief Check whether this is a secret key or not.
 */
 bool
 __ops_is_key_secret(const __ops_keydata_t * data)
+{
 	return data->type != OPS_PTAG_CT_PUBLIC_KEY;
+}
 @@ -137,120 +137,111 @@ __ops_is_key_secret(const __ops_keydata_
 /**
  \ingroup HighLevel_KeyGeneral
  \brief Returns the secret key in the given keydata.
  \note This is not a copy, do not free it after use.
  \note This returns a const. If you need to be able to write to this pointer, use __ops_get_writable_secret_key_from_data
 */
 const __ops_secret_key_t *
 __ops_get_secret_key_from_data(const __ops_keydata_t * data)
+{
-	if (data->type != OPS_PTAG_CT_SECRET_KEY)
+	return (data->type == OPS_PTAG_CT_SECRET_KEY) ? &data->key.skey : NULL;
 		return NULL;
 	return &data->key.skey;
+}
 /**
  \ingroup HighLevel_KeyGeneral
   \brief Returns the secret key in the given keydata.
   \note This is not a copy, do not free it after use.
   \note If you do not need to be able to modify this key, there is an equivalent read-only function __ops_get_secret_key_from_data.
 */
 __ops_secret_key_t *
 __ops_get_writable_secret_key_from_data(__ops_keydata_t * data)
+{
-	if (data->type != OPS_PTAG_CT_SECRET_KEY)
+	return (data->type == OPS_PTAG_CT_SECRET_KEY) ? &data->key.skey : NULL;
 		return NULL;
 	return &data->key.skey;
+}
 typedef struct {
 	const __ops_keydata_t *key;
 	char           *pphrase;
 	__ops_secret_key_t *skey;
 }               decrypt_t;
 static __ops_parse_cb_return_t
-decrypt_cb(const __ops_parser_content_t * contents,
+decrypt_cb(const __ops_packet_t * contents,
 	   __ops_parse_cb_info_t * cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	decrypt_t  *decrypt = __ops_parse_cb_get_arg(cbinfo);
 	OPS_USED(cbinfo);
 	switch (contents->tag) {
 	case OPS_PARSER_PTAG:
 	case OPS_PTAG_CT_USER_ID:
 	case OPS_PTAG_CT_SIGNATURE:
 	case OPS_PTAG_CT_SIGNATURE_HEADER:
 	case OPS_PTAG_CT_SIGNATURE_FOOTER:
 	case OPS_PTAG_CT_TRUST:
 		break;
 	case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
-		*content->secret_key_passphrase.passphrase = decrypt->pphrase;
+		*content->skey_passphrase.passphrase = decrypt->pphrase;
 		return OPS_KEEP_MEMORY;
 	case OPS_PARSER_ERRCODE:
 		switch (content->errcode.errcode) {
 		case OPS_E_P_MPI_FORMAT_ERROR:
 			/* Generally this means a bad passphrase */
 			fprintf(stderr, "Bad passphrase!\n");
-			goto done;
+			return OPS_RELEASE_MEMORY;
 		case OPS_E_P_PACKET_CONSUMED:
 			/* And this is because of an error we've accepted */
-			goto done;
+			return OPS_RELEASE_MEMORY;
 		default:
 			fprintf(stderr, "parse error: %s\n",
 				__ops_errcode(content->errcode.errcode));
-			assert( /* CONSTCOND */ 0);
+			return OPS_FINISHED;
 			break;
+		}
 		break;
 	case OPS_PARSER_ERROR:
 		fprintf(stderr, "parse error: %s\n", content->error.error);
-		assert( /* CONSTCOND */ 0);
+		return OPS_FINISHED;
 		break;
 	case OPS_PTAG_CT_SECRET_KEY:
 		decrypt->skey = calloc(1, sizeof(*decrypt->skey));
 		*decrypt->skey = content->secret_key;
 		return OPS_KEEP_MEMORY;
 	case OPS_PARSER_PACKET_END:
 		/* nothing to do */
 		break;
 	default:
 		fprintf(stderr, "Unexpected tag %d (0x%x)\n", contents->tag,
 			contents->tag);
-		assert( /* CONSTCOND */ 0);
+		return OPS_FINISHED;
+	}
 done:
 	return OPS_RELEASE_MEMORY;
+}
 /**
 \ingroup Core_Keys
 \brief Decrypts secret key from given keydata with given passphrase
 \param key Key from which to get secret key
 \param pphrase Passphrase to use to decrypt secret key
 \return secret key
 */
 __ops_secret_key_t *
 __ops_decrypt_secret_key_from_data(const __ops_keydata_t * key,
 				 const char *pphrase)
 @@ -258,27 +249,27 @@ __ops_decrypt_secret_key_from_data(const
 	__ops_parse_info_t *pinfo;
 	decrypt_t   decrypt;
 	(void) memset(&decrypt, 0x0, sizeof(decrypt));
 	decrypt.key = key;
 	decrypt.pphrase = strdup(pphrase);
 	pinfo = __ops_parse_info_new();
 	__ops_keydata_reader_set(pinfo, key);
 	__ops_parse_cb_set(pinfo, decrypt_cb, &decrypt);
 	pinfo->rinfo.accumulate = true;
-	__ops_parse(pinfo);
+	__ops_parse(pinfo, 0);
 	return decrypt.skey;
+}
 /**
 \ingroup Core_Keys
 \brief Set secret key in content
 \param content Content to be set
 \param key Keydata to get secret key from
 */
 void
 __ops_set_secret_key(__ops_parser_content_union_t * content, const __ops_keydata_t * key)
+{
 @@ -396,32 +387,32 @@ __ops_copy_userid(__ops_user_id_t * dst,
 	(void) memcpy(dst->user_id, src->user_id, len);
+}
 /* \todo check where pkt pointers are copied */
 /**
 \ingroup Core_Keys
 \brief Copy packet, including contents
 \param dst Destination packet
 \param src Source packet
 \note If dst already has a packet, it will be freed.
 */
 void
-__ops_copy_packet(__ops_packet_t * dst, const __ops_packet_t * src)
+__ops_copy_packet(__ops_subpacket_t * dst, const __ops_subpacket_t * src)
+{
-	if (dst->raw)
+	if (dst->raw) {
-		free(dst->raw);
+		(void) free(dst->raw);
+	}
 	dst->raw = calloc(1, src->length);
 	dst->length = src->length;
 	(void) memcpy(dst->raw, src->raw, src->length);
+}
 /**
 \ingroup Core_Keys
 \brief Add User ID to keydata
 \param keydata Key to which to add User ID
 \param userid User ID to add
 \return Pointer to new User ID
 */
 __ops_user_id_t  *
 __ops_add_userid_to_keydata(__ops_keydata_t * keydata, const __ops_user_id_t * userid)
 @@ -439,116 +430,112 @@ __ops_add_userid_to_keydata(__ops_keydat
 	__ops_copy_userid(new_uid, userid);
 	keydata->nuids++;
 	return new_uid;
+}
 /**
 \ingroup Core_Keys
 \brief Add packet to key
 \param keydata Key to which to add packet
 \param packet Packet to add
 \return Pointer to new packet
 */
-__ops_packet_t   *
+__ops_subpacket_t   *
-__ops_add_packet_to_keydata(__ops_keydata_t * keydata, const __ops_packet_t * packet)
+__ops_add_packet_to_keydata(__ops_keydata_t * keydata, const __ops_subpacket_t * packet)
+{
-	__ops_packet_t   *new_pkt = NULL;
+	__ops_subpacket_t   *new_pkt = NULL;
 	EXPAND_ARRAY(keydata, packets);
 	/* initialise new entry in array */
 	new_pkt = &keydata->packets[keydata->npackets];
 	new_pkt->length = 0;
 	new_pkt->raw = NULL;
 	/* now copy it */
 	__ops_copy_packet(new_pkt, packet);
 	keydata->npackets++;
 	return new_pkt;
+}
 /**
 \ingroup Core_Keys
 \brief Add signed User ID to key
 \param keydata Key to which to add signed User ID
 \param user_id User ID to add
 \param sigpacket Packet to add
 */
 void
-__ops_add_signed_userid_to_keydata(__ops_keydata_t * keydata, const __ops_user_id_t * user_id, const __ops_packet_t * sigpacket)
+__ops_add_signed_userid_to_keydata(__ops_keydata_t * keydata, const __ops_user_id_t * user_id, const __ops_subpacket_t * sigpacket)
+{
-	/* int i=0; */
+	__ops_subpacket_t	*pkt = NULL;
-	__ops_user_id_t  *uid = NULL;
+	__ops_user_id_t		*uid = NULL;
 	__ops_packet_t   *pkt = NULL;
 	uid = __ops_add_userid_to_keydata(keydata, user_id);
 	pkt = __ops_add_packet_to_keydata(keydata, sigpacket);
 	/*
          * add entry in sigs array to link the userid and sigpacket
-         */
+	 * and add ptr to it from the sigs array */
 	/* and add ptr to it from the sigs array */
 	EXPAND_ARRAY(keydata, sigs);
 	/**setup new entry in array */
 	keydata->sigs[keydata->nsigs].userid = uid;
 	keydata->sigs[keydata->nsigs].packet = pkt;
 	keydata->nsigs++;
+}
 /**
 \ingroup Core_Keys
 \brief Add selfsigned User ID to key
 \param keydata Key to which to add user ID
 \param userid Self-signed User ID to add
 \return true if OK; else false
 */
 bool
 __ops_add_selfsigned_userid_to_keydata(__ops_keydata_t * keydata, __ops_user_id_t * userid)
+{
-	__ops_packet_t    sigpacket;
+	__ops_subpacket_t    sigpacket;
 	__ops_memory_t   *mem_userid = NULL;
 	__ops_create_info_t *cinfo_userid = NULL;
 	__ops_memory_t   *mem_sig = NULL;
 	__ops_create_info_t *cinfo_sig = NULL;
 	__ops_create_signature_t *sig = NULL;
 	/*
          * create signature packet for this userid
          */
 	/* create userid pkt */
 	__ops_setup_memory_write(&cinfo_userid, &mem_userid, 128);
 	__ops_write_struct_user_id(userid, cinfo_userid);
 	/* create sig for this pkt */
 	sig = __ops_create_signature_new();
-	__ops_signature_start_key_signature(sig, &keydata->key.skey.public_key, userid, OPS_CERT_POSITIVE);
+	__ops_signature_start_key_signature(sig, &keydata->key.skey.pubkey, userid, OPS_CERT_POSITIVE);
 	__ops_signature_add_creation_time(sig, time(NULL));
 	__ops_signature_add_issuer_key_id(sig, keydata->key_id);
 	__ops_signature_add_primary_user_id(sig, true);
 	__ops_signature_hashed_subpackets_end(sig);
 	__ops_setup_memory_write(&cinfo_sig, &mem_sig, 128);
-	__ops_write_signature(sig, &keydata->key.skey.public_key, &keydata->key.skey, cinfo_sig);
+	__ops_write_signature(sig, &keydata->key.skey.pubkey, &keydata->key.skey, cinfo_sig);
 	/* add this packet to keydata */
 	sigpacket.length = __ops_memory_get_length(mem_sig);
 	sigpacket.raw = __ops_memory_get_data(mem_sig);
 	/* add userid to keydata */
 	__ops_add_signed_userid_to_keydata(keydata, userid, &sigpacket);
 	/* cleanup */
 	__ops_create_signature_delete(sig);
 	__ops_create_info_delete(cinfo_userid);
 	__ops_create_info_delete(cinfo_sig);
 @@ -557,54 +544,59 @@ __ops_add_selfsigned_userid_to_keydata(_
 	return true;
+}
 /**
 \ingroup Core_Keys
 \brief Initialise __ops_keydata_t
 \param keydata Keydata to initialise
 \param type OPS_PTAG_CT_PUBLIC_KEY or OPS_PTAG_CT_SECRET_KEY
 */
 void
 __ops_keydata_init(__ops_keydata_t * keydata, const __ops_content_tag_t type)
+{
-	assert(keydata->type == OPS_PTAG_CT_RESERVED);
+	if (keydata->type != OPS_PTAG_CT_RESERVED) {
-	assert(type == OPS_PTAG_CT_PUBLIC_KEY || type == OPS_PTAG_CT_SECRET_KEY);
+		(void) fprintf(stderr,
 			"__ops_keydata_init: wrong keydata type\n");
-	keydata->type = type;
+	} else if (type != OPS_PTAG_CT_PUBLIC_KEY &&
 		   type != OPS_PTAG_CT_SECRET_KEY) {
 		(void) fprintf(stderr, "__ops_keydata_init: wrong type\n");
 	} else {
 		keydata->type = type;
+	}
+}
 /**
     Example Usage:
     \code
     // definition of variables
     __ops_keyring_t keyring;
     char* filename="~/.gnupg/pubring.gpg";
     // Read keyring from file
     __ops_keyring_read_from_file(&keyring,filename);
     // do actions using keyring
     ...
     // Free memory alloc-ed in __ops_keyring_read_from_file()
     __ops_keyring_free(keyring);
     \endcode
 */
 static          __ops_parse_cb_return_t
-cb_keyring_read(const __ops_parser_content_t * contents,
+cb_keyring_read(const __ops_packet_t * contents,
 		__ops_parse_cb_info_t * cbinfo)
+{
 	OPS_USED(cbinfo);
 	switch (contents->tag) {
 	case OPS_PARSER_PTAG:
 	case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:	/* we get these because we
 						 * didn't prompt */
 	case OPS_PTAG_CT_SIGNATURE_HEADER:
 	case OPS_PTAG_CT_SIGNATURE_FOOTER:
 	case OPS_PTAG_CT_SIGNATURE:
 	case OPS_PTAG_CT_TRUST:
 	case OPS_PARSER_ERRCODE:

 @@ -34,68 +34,68 @@
 #ifdef HAVE_OPENSSL_DSA_H
 #include <openssl/dsa.h>
 #endif
 #ifdef HAVE_OPENSSL_RSA_H
 #include <openssl/rsa.h>
 #endif
 #ifdef HAVE_OPENSSL_ERR_H
 #include <openssl/err.h>
 #endif
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #include <stdlib.h>
 /* Apple */
 #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
 #undef MD5_DIGEST_LENGTH
 #undef SHA_DIGEST_LENGTH
 #define COMMON_DIGEST_FOR_OPENSSL	1
 #include <CommonCrypto/CommonDigest.h>
 #endif
 #include "crypto.h"
 #include "keyring.h"
 #include "readerwriter.h"
 #include "netpgpdefs.h"
 #include "keyring_local.h"
 static void
 test_secret_key(const __ops_secret_key_t * skey)
+{
 	RSA            *test = RSA_new();
-	test->n = BN_dup(skey->public_key.key.rsa.n);
+	test->n = BN_dup(skey->pubkey.key.rsa.n);
-	test->e = BN_dup(skey->public_key.key.rsa.e);
+	test->e = BN_dup(skey->pubkey.key.rsa.e);
 	test->d = BN_dup(skey->key.rsa.d);
 	test->p = BN_dup(skey->key.rsa.p);
 	test->q = BN_dup(skey->key.rsa.q);
-	assert(RSA_check_key(test) == 1);
+	if (RSA_check_key(test) != 1) {
 		(void) fprintf(stderr,
 			"test_secret_key: RSA_check_key failed\n");
+	}
 	RSA_free(test);
+}
 static void
 md5_init(__ops_hash_t * hash)
+{
-	assert(!hash->data);
+	if (hash->data) {
 		(void) fprintf(stderr, "md5_init: hash data non-null\n");
+	}
 	hash->data = calloc(1, sizeof(MD5_CTX));
 	MD5_Init(hash->data);
+}
 static void
 md5_add(__ops_hash_t * hash, const unsigned char *data, unsigned length)
+{
 	MD5_Update(hash->data, data, length);
+}
 static unsigned
 md5_finish(__ops_hash_t * hash, unsigned char *out)
+{
 @@ -115,27 +115,29 @@ md5_finish, NULL};
 */
 void
 __ops_hash_md5(__ops_hash_t * hash)
+{
 	*hash = md5;
+}
 static void
 sha1_init(__ops_hash_t * hash)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "***\n***\nsha1_init\n***\n");
+	}
-	assert(!hash->data);
+	if (hash->data) {
 		(void) fprintf(stderr, "sha1_init: hash data non-null\n");
+	}
 	hash->data = calloc(1, sizeof(SHA_CTX));
 	SHA1_Init(hash->data);
+}
 static void
 sha1_add(__ops_hash_t * hash, const unsigned char *data,
 	 unsigned length)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
 		fprintf(stderr, "adding %d to hash:\n ", length);
 		for (i = 0; i < length; i++) {
 			fprintf(stderr, "0x%02x ", data[i]);
 @@ -175,27 +177,29 @@ sha1_add, sha1_finish, NULL};
 */
 void
 __ops_hash_sha1(__ops_hash_t * hash)
+{
 	*hash = sha1;
+}
 static void
 sha256_init(__ops_hash_t * hash)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "***\n***\nsha256_init\n***\n");
+	}
-	assert(!hash->data);
+	if (hash->data) {
 		(void) fprintf(stderr, "sha256_init: hash data non-null\n");
+	}
 	hash->data = calloc(1, sizeof(SHA256_CTX));
 	SHA256_Init(hash->data);
+}
 static void
 sha256_add(__ops_hash_t * hash, const unsigned char *data,
 	   unsigned length)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
 		fprintf(stderr, "adding %d to hash:\n ", length);
 		for (i = 0; i < length; i++) {
 			fprintf(stderr, "0x%02x ", data[i]);
 @@ -234,27 +238,29 @@ __ops_hash_sha256(__ops_hash_t * hash)
 	*hash = sha256;
+}
 /*
  * SHA384
  */
 static void
 sha384_init(__ops_hash_t * hash)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "***\n***\nsha384_init\n***\n");
+	}
-	assert(!hash->data);
+	if (hash->data) {
 		(void) fprintf(stderr, "sha384_init: hash data non-null\n");
+	}
 	hash->data = calloc(1, sizeof(SHA512_CTX));
 	SHA384_Init(hash->data);
+}
 static void
 sha384_add(__ops_hash_t * hash, const unsigned char *data,
 	   unsigned length)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
 		fprintf(stderr, "adding %d to hash:\n ", length);
 		for (i = 0; i < length; i++) {
 			fprintf(stderr, "0x%02x ", data[i]);
 @@ -293,27 +299,29 @@ __ops_hash_sha384(__ops_hash_t * hash)
 	*hash = sha384;
+}
 /*
  * SHA512
  */
 static void
 sha512_init(__ops_hash_t * hash)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "***\n***\nsha512_init\n***\n");
+	}
-	assert(!hash->data);
+	if (hash->data) {
 		(void) fprintf(stderr, "sha512_init: hash data non-null\n");
+	}
 	hash->data = calloc(1, sizeof(SHA512_CTX));
 	SHA512_Init(hash->data);
+}
 static void
 sha512_add(__ops_hash_t * hash, const unsigned char *data,
 	   unsigned length)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
 		fprintf(stderr, "adding %d to hash:\n ", length);
 		for (i = 0; i < length; i++) {
 			fprintf(stderr, "0x%02x ", data[i]);
 @@ -352,27 +360,29 @@ __ops_hash_sha512(__ops_hash_t * hash)
 	*hash = sha512;
+}
 /*
  * SHA224
  */
 static void
 sha224_init(__ops_hash_t * hash)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "***\n***\nsha1_init\n***\n");
+	}
-	assert(!hash->data);
+	if (hash->data) {
 		(void) fprintf(stderr, "sha224_init: hash data non-null\n");
+	}
 	hash->data = calloc(1, sizeof(SHA256_CTX));
 	SHA224_Init(hash->data);
+}
 static void
 sha224_add(__ops_hash_t * hash, const unsigned char *data,
 	   unsigned length)
+{
 	if (__ops_get_debug_level(__FILE__)) {
 		unsigned int    i = 0;
 		fprintf(stderr, "adding %d to hash:\n ", length);
 		for (i = 0; i < length; i++) {
 			fprintf(stderr, "0x%02x ", data[i]);
 @@ -439,27 +449,31 @@ __ops_dsa_verify(const unsigned char *ha
+		}
 		fprintf(stderr, "\n");
+	}
 	/* printf("hash_length=%ld\n", hash_length); */
 	/* printf("Q=%d\n", BN_num_bytes(odsa->q)); */
 	qlen = BN_num_bytes(odsa->q);
 	if (qlen < hash_length)
 		hash_length = qlen;
 	/* ret=DSA_do_verify(hash,hash_length,osig,odsa); */
 	ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "ret=%d\n", ret);
+	}
-	assert(ret >= 0);
+	if (ret < 0) {
 		(void) fprintf(stderr,
 			"__ops_do_verify: DSA_do_verify failed\n");
 		return 0;
+	}
 	odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;
 	DSA_free(odsa);
 	osig->r = osig->s = NULL;
 	DSA_SIG_free(osig);
 	return ret != 0;
+}
 /**
    \ingroup Core_Crypto
    \brief Recovers message digest from the signature
 @@ -507,28 +521,34 @@ __ops_rsa_private_encrypt(unsigned char
 	int             n;
 	orsa = RSA_new();
 	orsa->n = rsa->n;	/* XXX: do we need n? */
 	orsa->d = srsa->d;
 	orsa->p = srsa->q;
 	orsa->q = srsa->p;
 	/* debug */
 	orsa->e = rsa->e;
 	/* If this isn't set, it's very likely that the programmer hasn't */
 	/* decrypted the secret key. RSA_check_key segfaults in that case. */
 	/* Use __ops_decrypt_secret_key_from_data() to do that. */
-	assert(orsa->d);
+	if (orsa->d == NULL) {
-	assert(RSA_check_key(orsa) == 1);
+		(void) fprintf(stderr, "orsa is not set\n");
 		return 0;
+	}
 	if (RSA_check_key(orsa) != 1) {
 		(void) fprintf(stderr, "RSA_check_key is not set\n");
 		return 0;
+	}
 	/* end debug */
 	n = RSA_private_encrypt((int)length, in, out, orsa, RSA_NO_PADDING);
 	orsa->n = orsa->d = orsa->p = orsa->q = NULL;
 	RSA_free(orsa);
 	return n;
+}
 /**
 \ingroup Core_Crypto
 \brief Decrypts RSA-encrypted data
 @@ -546,27 +566,30 @@ __ops_rsa_private_decrypt(unsigned char
+{
 	RSA            *orsa;
 	int             n;
 	char            errbuf[1024];
 	orsa = RSA_new();
 	orsa->n = rsa->n;	/* XXX: do we need n? */
 	orsa->d = srsa->d;
 	orsa->p = srsa->q;
 	orsa->q = srsa->p;
 	/* debug */
 	orsa->e = rsa->e;
-	assert(RSA_check_key(orsa) == 1);
+	if (RSA_check_key(orsa) != 1) {
 		(void) fprintf(stderr, "RSA_check_key is not set\n");
 		return 0;
+	}
 	/* end debug */
 	n = RSA_private_decrypt((int)length, in, out, orsa, RSA_NO_PADDING);
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("__ops_rsa_private_decrypt: n=%d\n",n);
+	}
 	errbuf[0] = '\0';
 	if (n == -1) {
 		unsigned long   err = ERR_get_error();
 		ERR_error_string(err, &errbuf[0]);
 		fprintf(stderr, "openssl error : %s\n", errbuf);
 @@ -675,84 +698,87 @@ __ops_rsa_generate_keypair(const int num
 	BN_CTX         *ctx = BN_CTX_new();
 	__ops_create_info_t *cinfo;
 	__ops_memory_t   *mem;
 	__ops_keydata_init(keydata, OPS_PTAG_CT_SECRET_KEY);
 	skey = __ops_get_writable_secret_key_from_data(keydata);
 	/* generate the key pair */
 	rsa = RSA_generate_key(numbits, e, NULL, NULL);
 	/* populate __ops key from ssl key */
-	skey->public_key.version = 4;
+	skey->pubkey.version = 4;
-	skey->public_key.creation_time = time(NULL);
+	skey->pubkey.creation_time = time(NULL);
-	skey->public_key.days_valid = 0;
+	skey->pubkey.days_valid = 0;
-	skey->public_key.algorithm = OPS_PKA_RSA;
+	skey->pubkey.algorithm = OPS_PKA_RSA;
-	skey->public_key.key.rsa.n = BN_dup(rsa->n);
+	skey->pubkey.key.rsa.n = BN_dup(rsa->n);
-	skey->public_key.key.rsa.e = BN_dup(rsa->e);
+	skey->pubkey.key.rsa.e = BN_dup(rsa->e);
 	skey->s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED;
 	skey->s2k_specifier = OPS_S2KS_SALTED;
 	/* skey->s2k_specifier=OPS_S2KS_SIMPLE; */
 	skey->algorithm = OPS_SA_CAST5;	/* \todo make param */
 	skey->hash_algorithm = OPS_HASH_SHA1;	/* \todo make param */
 	skey->octet_count = 0;
 	skey->checksum = 0;
 	skey->key.rsa.d = BN_dup(rsa->d);
 	skey->key.rsa.p = BN_dup(rsa->p);
 	skey->key.rsa.q = BN_dup(rsa->q);
 	skey->key.rsa.u = BN_mod_inverse(NULL, rsa->p, rsa->q, ctx);
-	assert(skey->key.rsa.u);
+	if (skey->key.rsa.u == NULL) {
 		(void) fprintf(stderr, "skey->key.rsa.u is NULL\n");
 		return 0;
+	}
 	BN_CTX_free(ctx);
 	RSA_free(rsa);
 	__ops_keyid(keydata->key_id, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE,
-			&keydata->key.skey.public_key);
+			&keydata->key.skey.pubkey);
-	__ops_fingerprint(&keydata->fingerprint, &keydata->key.skey.public_key);
+	__ops_fingerprint(&keydata->fingerprint, &keydata->key.skey.pubkey);
 	/* Generate checksum */
 	cinfo = NULL;
 	mem = NULL;
 	__ops_setup_memory_write(&cinfo, &mem, 128);
 	__ops_push_skey_checksum_writer(cinfo, skey);
-	switch (skey->public_key.algorithm) {
+	switch (skey->pubkey.algorithm) {
 		/* case OPS_PKA_DSA: */
 		/* return __ops_write_mpi(key->key.dsa.x,info); */
 	case OPS_PKA_RSA:
 	case OPS_PKA_RSA_ENCRYPT_ONLY:
 	case OPS_PKA_RSA_SIGN_ONLY:
 		if (!__ops_write_mpi(skey->key.rsa.d, cinfo)
 		    || !__ops_write_mpi(skey->key.rsa.p, cinfo)
 		    || !__ops_write_mpi(skey->key.rsa.q, cinfo)
 		    || !__ops_write_mpi(skey->key.rsa.u, cinfo))
 			return false;
 		break;
 		/* case OPS_PKA_ELGAMAL: */
 		/* return __ops_write_mpi(key->key.elgamal.x,info); */
 	default:
-		assert( /* CONSTCOND */ 0);
+		(void) fprintf(stderr, "Bad skey->pubkey.algorithm\n");
-		break;
+		return false;
+	}
 	/* close rather than pop, since its the only one on the stack */
 	__ops_writer_close(cinfo);
 	__ops_teardown_memory_write(cinfo, mem);
 	/* should now have checksum in skey struct */
 	/* test */
 	if (__ops_get_debug_level(__FILE__))
 		test_secret_key(skey);
 	return true;

 @@ -14,37 +14,33 @@
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /*
  * ! \file \brief Standard API print functions
  */
 #include "config.h"
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #include <string.h>
 #include <stdio.h>
 #include "crypto.h"
 #include "keyring.h"
 #include "packet-show.h"
 #include "signature.h"
 #include "readerwriter.h"
 #include "netpgpdefs.h"
 #include "keyring_local.h"
 #include "parse_local.h"
 static int      indent = 0;
 static void print_bn(const char *, const BIGNUM *);
 static void print_hex(const unsigned char *, size_t);
 static void print_hexdump(const char *, const unsigned char *, unsigned int);
 static void print_hexdump_data(const char *, const unsigned char *, unsigned int);
 static void     print_indent(void);
 static void     print_name(const char *);
 @@ -112,27 +108,28 @@ __ops_print_public_key(const __ops_publi
 	case OPS_PKA_RSA_SIGN_ONLY:
 		print_bn("n", pkey->key.rsa.n);
 		print_bn("e", pkey->key.rsa.e);
 		break;
 	case OPS_PKA_ELGAMAL:
 	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
 		print_bn("p", pkey->key.elgamal.p);
 		print_bn("g", pkey->key.elgamal.g);
 		print_bn("y", pkey->key.elgamal.y);
 		break;
 	default:
-		assert( /* CONSTCOND */ 0);
+		(void) fprintf(stderr,
 			"__ops_print_public_key: Unusual algorithm\n");
+	}
 	printf("------- end of PUBLIC KEY ------\n");
+}
 /**
    \ingroup Core_Print
    Prints a secret key
    \param key Ptr to public key
 */
 @@ -147,88 +144,91 @@ __ops_print_secret_keydata(const __ops_k
 	printf(" ");
 	print_time_short(key->key.pkey.creation_time);
 	printf(" ");
 	if (key->nuids == 1) {
 		/* print on same line as other info */
 		printf("%s\n", key->uids[0].user_id);
 	} else {
 		/* print all uids on separate line  */
 		unsigned int    i;
 		printf("\n");
 		for (i = 0; i < key->nuids; i++) {
-			printf("uid                              %s\n", key->uids[i].user_id);
+			printf("uid                              %s\n",
 				key->uids[i].user_id);
+		}
+	}
+}
 /*
 void
 __ops_print_secret_key_verbose(const __ops_secret_key_t* skey)
+    {
     if(key->type == OPS_PTAG_CT_SECRET_KEY)
 	print_tagname("SECRET_KEY");
     else
 	print_tagname("ENCRYPTED_SECRET_KEY");
     __ops_print_secret_key(key->type,skey);
+	}
 */
 /**
 \ingroup Core_Print
 \param type
 \param skey
 */
 static void
-__ops_print_secret_key_verbose(const __ops_content_tag_t type, const __ops_secret_key_t * skey)
+__ops_print_secret_key_verbose(const __ops_content_tag_t type,
 				const __ops_secret_key_t * skey)
+{
 	printf("------- SECRET KEY or ENCRYPTED SECRET KEY ------\n");
 	if (type == OPS_PTAG_CT_SECRET_KEY)
 		print_tagname("SECRET_KEY");
 	else
 		print_tagname("ENCRYPTED_SECRET_KEY");
 	/* __ops_print_public_key(key); */
 	printf("S2K Usage: %d\n", skey->s2k_usage);
 	if (skey->s2k_usage != OPS_S2KU_NONE) {
 		printf("S2K Specifier: %d\n", skey->s2k_specifier);
 		printf("Symmetric algorithm: %d (%s)\n", skey->algorithm,
 		       __ops_show_symmetric_algorithm(skey->algorithm));
 		printf("Hash algorithm: %d (%s)\n", skey->hash_algorithm,
 		       __ops_show_hash_algorithm(skey->hash_algorithm));
 		if (skey->s2k_specifier != OPS_S2KS_SIMPLE)
 			print_hexdump("Salt", skey->salt, sizeof(skey->salt));
 		if (skey->s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED)
 			printf("Octet count: %d\n", skey->octet_count);
 		print_hexdump("IV", skey->iv, __ops_block_size(skey->algorithm));
+	}
 	/* no more set if encrypted */
 	if (type == OPS_PTAG_CT_ENCRYPTED_SECRET_KEY)
 		return;
-	switch (skey->public_key.algorithm) {
+	switch (skey->pubkey.algorithm) {
 	case OPS_PKA_RSA:
 		print_bn("d", skey->key.rsa.d);
 		print_bn("p", skey->key.rsa.p);
 		print_bn("q", skey->key.rsa.q);
 		print_bn("u", skey->key.rsa.u);
 		break;
 	case OPS_PKA_DSA:
 		print_bn("x", skey->key.dsa.x);
 		break;
 	default:
-		assert( /* CONSTCOND */ 0);
+		(void) fprintf(stderr,
 			"__ops_print_secret_key_verbose: unusual algorithm\n");
+	}
 	if (skey->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
 		print_hexdump("Checkhash", skey->checkhash, OPS_CHECKHASH_SIZE);
 	else
 		printf("Checksum: %04x\n", skey->checksum);
 	printf("------- end of SECRET KEY or ENCRYPTED SECRET KEY ------\n");
+}
 /* static functions */
 @@ -353,27 +353,27 @@ showtime_short(time_t t)
         const int maxbuf=512;
         char buf[maxbuf+1];
         buf[maxbuf]='\0';
         // this needs to be tm struct
         strftime(buf,maxbuf,"%F",&t);
         printf(buf);
         */
 	tm = gmtime(&t);
 	printf("%04d-%02d-%02d", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
+}
 static void
-print_packet_hex(const __ops_packet_t * packet)
+print_packet_hex(const __ops_subpacket_t * packet)
+{
 	unsigned char  *cur;
 	unsigned	rem;
 	unsigned	blksz = 4;
 	int             i;
 	printf("\nhexdump of packet contents follows:\n");
 	for (i = 1, cur = packet->raw; cur < (packet->raw + packet->length); cur += blksz, i++) {
 		rem = packet->raw + packet->length - cur;
 		hexdump(cur, (rem <= blksz) ? rem : blksz, "");
 		printf(" ");
 		if (i % 8 == 0) {
 			printf("\n");
 @@ -533,27 +533,28 @@ __ops_print_pk_session_key(__ops_content
 	printf("Algorithm: %d (%s)\n", key->algorithm,
 	       __ops_show_pka(key->algorithm));
 	switch (key->algorithm) {
 	case OPS_PKA_RSA:
 		print_bn("encrypted_m", key->parameters.rsa.encrypted_m);
 		break;
 	case OPS_PKA_ELGAMAL:
 		print_bn("g_to_k", key->parameters.elgamal.g_to_k);
 		print_bn("encrypted_m", key->parameters.elgamal.encrypted_m);
 		break;
 	default:
-		assert( /* CONSTCOND */ 0);
+		(void) fprintf(stderr,
 			"__ops_print_pk_session_key: unusual algorithm\n");
+	}
 	if (tag != OPS_PTAG_CT_PK_SESSION_KEY)
 		return;
 	printf("Symmetric algorithm: %d (%s)\n", key->symmetric_algorithm,
 	       __ops_show_symmetric_algorithm(key->symmetric_algorithm));
 	print_hexdump("Key", key->key, __ops_key_size(key->symmetric_algorithm));
 	printf("Checksum: %04x\n", key->checksum);
+}
 static void
 start_subpacket(int type)
 @@ -566,27 +567,27 @@ start_subpacket(int type)
+}
 static void
 end_subpacket(void)
+{
 	indent--;
+}
 /**
 \ingroup Core_Print
 \param contents
 */
 int
-__ops_print_packet(const __ops_parser_content_t * contents)
+__ops_print_packet(const __ops_packet_t * contents)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	__ops_text_t     *text;
 	const char     *str;
 	static bool unarmoured;
 	if (unarmoured && contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT) {
 		unarmoured = false;
 		puts("UNARMOURED TEXT ends");
+	}
 	if (contents->tag == OPS_PARSER_PTAG) {
 		printf("=> OPS_PARSER_PTAG: %s\n", __ops_show_packet_tag(content->ptag.content_tag));
 	} else {
 @@ -637,27 +638,27 @@ __ops_print_packet(const __ops_parser_co
 		       content->se_data_body.length);
 		printf("    data=");
 		hexdump(content->se_data_body.data,
 			content->se_data_body.length, "");
 		printf("\n");
 		break;
 	case OPS_PTAG_CT_PUBLIC_KEY:
 	case OPS_PTAG_CT_PUBLIC_SUBKEY:
 		if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY)
 			print_tagname("PUBLIC KEY");
 		else
 			print_tagname("PUBLIC SUBKEY");
-		__ops_print_public_key(&content->public_key);
+		__ops_print_public_key(&content->pubkey);
 		break;
 	case OPS_PTAG_CT_TRUST:
 		print_tagname("TRUST");
 		print_data("Trust", &content->trust.data);
 		break;
 	case OPS_PTAG_CT_USER_ID:
 		/* XXX: how do we print UTF-8? */
 		print_tagname("USER ID");
 		print_utf8_string("user_id", content->user_id.user_id);
 		break;
 @@ -698,27 +699,29 @@ __ops_print_packet(const __ops_parser_co
 			break;
 		case OPS_PKA_DSA:
 			print_bn("r", content->signature.info.signature.dsa.r);
 			print_bn("s", content->signature.info.signature.dsa.s);
 			break;
 		case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
 			print_bn("r", content->signature.info.signature.elgamal.r);
 			print_bn("s", content->signature.info.signature.elgamal.s);
 			break;
 		default:
-			assert( /* CONSTCOND */ 0);
+			(void) fprintf(stderr,
 				"__ops_print_packet: Unusual algorithm\n");
 			return 0;
+		}
 		if (content->signature.hash)
 			printf("data hash is set\n");
 		break;
 	case OPS_PTAG_CT_COMPRESSED:
 		print_tagname("COMPRESSED");
 		print_unsigned_int("Compressed Data Type",
 			(unsigned)content->compressed.type);
 		break;
 @@ -742,27 +745,30 @@ __ops_print_packet(const __ops_parser_co
 		print_unsigned_int("Nested",
 				   content->one_pass_signature.nested);
 		break;
 	case OPS_PTAG_CT_USER_ATTRIBUTE:
 		print_tagname("USER ATTRIBUTE");
 		print_hexdump("User Attribute",
 			      content->user_attribute.data.contents,
 			      content->user_attribute.data.len);
 		break;
 	case OPS_PTAG_RAW_SS:
-		assert(!contents->critical);
+		if (contents->critical) {
 			(void) fprintf(stderr, "contents are critical\n");
 			return 0;
+		}
 		start_subpacket(contents->tag);
 		print_unsigned_int("Raw Signature Subpacket: tag",
 			(unsigned)(content->ss_raw.tag -
 		   	OPS_PTAG_SIGNATURE_SUBPACKET_BASE));
 		print_hexdump("Raw Data",
 			      content->ss_raw.raw,
 			      content->ss_raw.length);
 		break;
 	case OPS_PTAG_SS_CREATION_TIME:
 		start_subpacket(contents->tag);
 		print_time("Signature Creation Time", content->ss_time.time);
 		end_subpacket();
 @@ -1063,27 +1069,29 @@ __ops_print_packet(const __ops_parser_co
 		case OPS_PKA_PRIVATE03:
 		case OPS_PKA_PRIVATE04:
 		case OPS_PKA_PRIVATE05:
 		case OPS_PKA_PRIVATE06:
 		case OPS_PKA_PRIVATE07:
 		case OPS_PKA_PRIVATE08:
 		case OPS_PKA_PRIVATE09:
 		case OPS_PKA_PRIVATE10:
 			print_data("Private/Experimental",
 			   &content->signature.info.signature.unknown.data);
 			break;
 		default:
-			assert( /* CONSTCOND */ 0);
+			(void) fprintf(stderr,
 				"__ops_print_packet: Unusual key algorithm\n");
 			return 0;
+		}
 		break;
 	case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
 		print_tagname("OPS_PARSER_CMD_GET_SK_PASSPHRASE");
 		break;
 	case OPS_PTAG_CT_SECRET_KEY:
 		print_tagname("OPS_PTAG_CT_SECRET_KEY");
 		__ops_print_secret_key_verbose(contents->tag, &content->secret_key);
 		break;
 	case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:
 @@ -1140,27 +1148,27 @@ __ops_print_packet(const __ops_parser_co
 				    content->get_secret_key.pk_session_key);
 		break;
 	default:
 		print_tagname("UNKNOWN PACKET TYPE");
 		fprintf(stderr, "__ops_print_packet: unknown tag=%d (0x%x)\n", contents->tag,
 			contents->tag);
 		exit(1);
+	}
 	return 1;
+}
 static __ops_parse_cb_return_t
-cb_list_packets(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo)
+cb_list_packets(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo)
+{
 	OPS_USED(cbinfo);
 	__ops_print_packet(contents);
 #ifdef XXX
 	if (unarmoured && contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT) {
 		unarmoured = false;
 		puts("UNARMOURED TEXT ends");
+	}
 	switch (contents->tag) {
 	case OPS_PARSER_ERROR:
 		printf("parse error: %s\n", content->error.error);
 		break;
 @@ -1205,27 +1213,27 @@ cb_list_packets(const __ops_parser_conte
 		printf("    data=");
 		hexdump(content->se_data_body.data,
 			content->se_data_body.length, "");
 		printf("\n");
 		break;
 	case OPS_PTAG_CT_PUBLIC_KEY:
 	case OPS_PTAG_CT_PUBLIC_SUBKEY:
 		if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY)
 			print_tagname("PUBLIC KEY");
 		else
 			print_tagname("PUBLIC SUBKEY");
-		__ops_print_public_key(&content->public_key);
+		__ops_print_public_key(&content->pubkey);
 		break;
 	case OPS_PTAG_CT_TRUST:
 		print_tagname("TRUST");
 		print_data("Trust", &content->trust.data);
 		break;
 	case OPS_PTAG_CT_USER_ID:
 		/* XXX: how do we print UTF-8? */
 		print_tagname("USER ID");
 		print_utf8_string("user_id", content->user_id.user_id);
 		break;
 @@ -1265,32 +1273,34 @@ cb_list_packets(const __ops_parser_conte
 			break;
 		case OPS_PKA_DSA:
 			print_bn("r", content->signature.info.signature.dsa.r);
 			print_bn("s", content->signature.info.signature.dsa.s);
 			break;
 		case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
 			print_bn("r", content->signature.info.signature.elgamal.r);
 			print_bn("s", content->signature.info.signature.elgamal.s);
 			break;
 		default:
-			assert(0);
+			(void) fprintf(stderr,
 "__ops_print_packet: Unusual sig key algorithm\n");
 			return;
+		}
-		if (content->signature.hash)
+		if (content->signature.hash) {
 			printf("data hash is set\n");
+		}
 		break;
 	case OPS_PTAG_CT_COMPRESSED:
 		print_tagname("COMPRESSED");
 		print_unsigned_int("Compressed Data Type", content->compressed.type);
 		break;
 	case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
 		print_tagname("ONE PASS SIGNATURE");
 		print_unsigned_int("Version", content->one_pass_signature.version);
 		print_string_and_value("Signature Type",
 		    __ops_show_sig_type(content->one_pass_signature.sig_type),
 @@ -1307,27 +1317,31 @@ cb_list_packets(const __ops_parser_conte
 		print_unsigned_int("Nested",
 				   content->one_pass_signature.nested);
 		break;
 	case OPS_PTAG_CT_USER_ATTRIBUTE:
 		print_tagname("USER ATTRIBUTE");
 		print_hexdump("User Attribute",
 			      content->user_attribute.data.contents,
 			      content->user_attribute.data.len);
 		break;
 	case OPS_PTAG_RAW_SS:
-		assert(!contents->critical);
+		if (contents->critical) {
 			(void) fprintf(stderr,
 				"PTAG_RAW_SS contents are critical\n");
 			return;
+		}
 		start_subpacket(contents->tag);
 		print_unsigned_int("Raw Signature Subpacket: tag",
 		   content->ss_raw.tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE);
 		print_hexdump("Raw Data",
 			      content->ss_raw.raw,
 			      content->ss_raw.length);
 		break;
 	case OPS_PTAG_SS_CREATION_TIME:
 		start_subpacket(contents->tag);
 		print_time("Signature Creation Time", content->ss_time.time);
 		end_subpacket();
 		break;
 @@ -1621,27 +1635,29 @@ cb_list_packets(const __ops_parser_conte
 		case OPS_PKA_PRIVATE03:
 		case OPS_PKA_PRIVATE04:
 		case OPS_PKA_PRIVATE05:
 		case OPS_PKA_PRIVATE06:
 		case OPS_PKA_PRIVATE07:
 		case OPS_PKA_PRIVATE08:
 		case OPS_PKA_PRIVATE09:
 		case OPS_PKA_PRIVATE10:
 			print_data("Private/Experimental",
 			   &content->signature.info.signature.unknown.data);
 			break;
 		default:
-			assert(0);
+			(void) fprintf(stderr,
 				"signature footer - bad algorithm\n");
 			return;
+		}
 		break;
 	case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
 		if (cbinfo->cryptinfo.cb_get_passphrase) {
 			return cbinfo->cryptinfo.cb_get_passphrase(contents, cbinfo);
+		}
 		break;
 	case OPS_PTAG_CT_SECRET_KEY:
 	case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:
 		__ops_print_secret_key_verbose(contents->tag, &content->secret_key);
 		break;
 @@ -1717,17 +1733,17 @@ __ops_list_packets(char *filename, bool
+{
 	int             fd = 0;
 	__ops_parse_info_t *pinfo = NULL;
 	const bool accumulate = true;
 	fd = __ops_setup_file_read(&pinfo, filename, NULL, cb_list_packets, accumulate);
 	__ops_parse_options(pinfo, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED);
 	pinfo->cryptinfo.keyring = keyring;
 	pinfo->cryptinfo.cb_get_passphrase = cb_get_passphrase;
 	if (armour)
 		__ops_reader_push_dearmour(pinfo);
-	__ops_parse_and_print_errors(pinfo);
+	__ops_parse(pinfo, 1);
 	__ops_teardown_file_read(pinfo, fd);
+}

 @@ -23,31 +23,36 @@
 #include "packet-parse.h"
 #include "packet-show.h"
 #include "keyring.h"
 #include "signature.h"
 #include "netpgpsdk.h"
 #include "readerwriter.h"
 #include "netpgpdefs.h"
 #include "memory.h"
 #include "keyring_local.h"
 #include "parse_local.h"
 #include "validate.h"
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #include <string.h>
 #include <stdio.h>
 /* Does the signed hash match the given hash? */
 static          bool
 check_binary_signature(const unsigned len,
 		       const unsigned char *data,
 		       const __ops_signature_t * sig,
 		    const __ops_public_key_t * signer __attribute__((unused)))
+{
 	unsigned char   hashout[OPS_MAX_HASH_SIZE];
 	unsigned char   trailer[6];
 	unsigned int    hashedlen;
 	__ops_hash_t	hash;
 @@ -93,52 +98,56 @@ check_binary_signature(const unsigned le
 	return __ops_check_signature(hashout, n, sig, signer);
+}
 static int
 keydata_reader(void *dest, size_t length, __ops_error_t ** errors,
 	       __ops_reader_info_t * rinfo,
 	       __ops_parse_cb_info_t * cbinfo)
+{
 	validate_reader_t *reader = __ops_reader_get_arg(rinfo);
 	OPS_USED(errors);
 	OPS_USED(cbinfo);
 	if (reader->offset == reader->key->packets[reader->packet].length) {
-		++reader->packet;
+		reader->packet += 1;
 		reader->offset = 0;
+	}
-	if (reader->packet == reader->key->npackets)
+	if (reader->packet == reader->key->npackets) {
 		return 0;
+	}
 	/*
 	 * we should never be asked to cross a packet boundary in a single
 	 * read
 	 */
-	assert(reader->key->packets[reader->packet].length >=
+	if (reader->key->packets[reader->packet].length <
-			reader->offset + length);
+			reader->offset + length) {
 		(void) fprintf(stderr, "keydata_reader: weird length\n");
 		return 0;
+	}
 	(void) memcpy(dest,
 		&reader->key->packets[reader->packet].raw[reader->offset],
 		length);
 	reader->offset += length;
 	return length;
+}
 static void
 free_signature_info(__ops_signature_info_t * sig)
+{
-	free(sig->v4_hashed_data);
+	(void) free(sig->v4_hashed_data);
-	free(sig);
+	(void) free(sig);
+}
 static void
 copy_signature_info(__ops_signature_info_t * dst,
 			const __ops_signature_info_t * src)
+{
 	(void) memcpy(dst, src, sizeof(*src));
 	dst->v4_hashed_data = calloc(1, src->v4_hashed_data_length);
 	(void) memcpy(dst->v4_hashed_data, src->v4_hashed_data,
 		src->v4_hashed_data_length);
+}
 static void
 @@ -148,98 +157,106 @@ add_sig_to_list(const __ops_signature_in
+{
 	if (*count == 0) {
 		*sigs = calloc(*count + 1, sizeof(__ops_signature_info_t));
 	} else {
 		*sigs = realloc(*sigs,
 				(*count + 1) * sizeof(__ops_signature_info_t));
+	}
 	copy_signature_info(&(*sigs)[*count], sig);
 	*count += 1;
+}
 __ops_parse_cb_return_t
-__ops_validate_key_cb(const __ops_parser_content_t * contents,
+__ops_validate_key_cb(const __ops_packet_t * contents,
 			__ops_parse_cb_info_t * cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	const __ops_keydata_t	*signer;
 	validate_key_cb_t	*key = __ops_parse_cb_get_arg(cbinfo);
 	__ops_error_t		**errors = __ops_parse_cb_get_errors(cbinfo);
 	bool			 valid = false;
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("%s\n", __ops_show_packet_tag(contents->tag));
+	}
 	switch (contents->tag) {
 	case OPS_PTAG_CT_PUBLIC_KEY:
-		assert(key->pkey.version == 0);
+		if (key->pkey.version != 0) {
-		key->pkey = content->public_key;
+			(void) fprintf(stderr,
 				"__ops_validate_key_cb: version bad\n");
 			return OPS_FINISHED;
+		}
 		key->pkey = content->pubkey;
 		return OPS_KEEP_MEMORY;
 	case OPS_PTAG_CT_PUBLIC_SUBKEY:
 		if (key->subkey.version)
 			__ops_public_key_free(&key->subkey);
-		key->subkey = content->public_key;
+		key->subkey = content->pubkey;
 		return OPS_KEEP_MEMORY;
 	case OPS_PTAG_CT_SECRET_KEY:
 		key->skey = content->secret_key;
-		key->pkey = key->skey.public_key;
+		key->pkey = key->skey.pubkey;
 		return OPS_KEEP_MEMORY;
 	case OPS_PTAG_CT_USER_ID:
 		if (key->user_id.user_id)
 			__ops_user_id_free(&key->user_id);
 		key->user_id = content->user_id;
 		key->last_seen = ID;
 		return OPS_KEEP_MEMORY;
 	case OPS_PTAG_CT_USER_ATTRIBUTE:
-		assert(content->user_attribute.data.len);
+		if (content->user_attribute.data.len == 0) {
 			(void) fprintf(stderr,
 "__ops_validate_key_cb: user attribute length 0");
 			return OPS_FINISHED;
+		}
 		printf("user attribute, length=%d\n",
 			(int) content->user_attribute.data.len);
 		if (key->user_attribute.data.len)
 			__ops_user_attribute_free(&key->user_attribute);
 		key->user_attribute = content->user_attribute;
 		key->last_seen = ATTRIBUTE;
 		return OPS_KEEP_MEMORY;
 	case OPS_PTAG_CT_SIGNATURE:	/* V3 sigs */
 	case OPS_PTAG_CT_SIGNATURE_FOOTER:	/* V4 sigs */
 		signer = __ops_keyring_find_key_by_id(key->keyring,
 					 content->signature.info.signer_id);
 		if (!signer) {
 			add_sig_to_list(&content->signature.info,
 					&key->result->unknown_sigs,
 					&key->result->unknownc);
 			break;
+		}
 		switch (content->signature.info.type) {
 		case OPS_CERT_GENERIC:
 		case OPS_CERT_PERSONA:
 		case OPS_CERT_CASUAL:
 		case OPS_CERT_POSITIVE:
 		case OPS_SIG_REV_CERT:
 			if (key->last_seen == ID)
-				valid = __ops_check_user_id_certification_signature(&key->pkey,
+				valid = __ops_check_useridcert_sig(&key->pkey,
 							      &key->user_id,
 							&content->signature,
 				       __ops_get_public_key_from_data(signer),
 					key->rarg->key->packets[key->rarg->packet].raw);
 			else
-				valid = __ops_check_user_attribute_certification_signature(&key->pkey,
+				valid = __ops_check_userattrcert_sig(&key->pkey,
 						       &key->user_attribute,
 							&content->signature,
 				       __ops_get_public_key_from_data(signer),
 					key->rarg->key->packets[key->rarg->packet].raw);
 			break;
 		case OPS_SIG_SUBKEY:
 			/*
 			 * XXX: we should also check that the signer is the
 			 * key we are validating, I think.
 			 */
 			valid = __ops_check_subkey_signature(&key->pkey, &key->subkey,
 @@ -251,27 +268,28 @@ __ops_validate_key_cb(const __ops_parser
 		case OPS_SIG_DIRECT:
 			valid = __ops_check_direct_signature(&key->pkey, &content->signature,
 				       __ops_get_public_key_from_data(signer),
 			    key->rarg->key->packets[key->rarg->packet].raw);
 			break;
 		case OPS_SIG_STANDALONE:
 		case OPS_SIG_PRIMARY:
 		case OPS_SIG_REV_KEY:
 		case OPS_SIG_REV_SUBKEY:
 		case OPS_SIG_TIMESTAMP:
 		case OPS_SIG_3RD_PARTY:
 			OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED,
-				    "Verification of signature type 0x%02x not yet implemented\n", content->signature.info.type);
+				"Sig Verification type 0x%02x not done yet\n",
 				content->signature.info.type);
 			break;
 		default:
 			OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED,
 				    "Unexpected signature type 0x%02x\n",
 				    	content->signature.info.type);
+		}
 		if (valid) {
 			add_sig_to_list(&content->signature.info,
 				&key->result->valid_sigs,
 				&key->result->validc);
 		} else {
 @@ -285,35 +303,34 @@ __ops_validate_key_cb(const __ops_parser
 		/* ignore these */
 	case OPS_PARSER_PTAG:
 	case OPS_PTAG_CT_SIGNATURE_HEADER:
 	case OPS_PARSER_PACKET_END:
 		break;
 	case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
 		if (key->cb_get_passphrase) {
 			return key->cb_get_passphrase(contents, cbinfo);
+		}
 		break;
 	default:
-		fprintf(stderr, "unexpected tag=0x%x\n", contents->tag);
+		(void) fprintf(stderr, "unexpected tag=0x%x\n", contents->tag);
-		assert(/* CONSTCOND */0);
+		return OPS_FINISHED;
 		break;
+	}
 	return OPS_RELEASE_MEMORY;
+}
 __ops_parse_cb_return_t
-validate_data_cb(const __ops_parser_content_t * contents,
+validate_data_cb(const __ops_packet_t * contents,
 			__ops_parse_cb_info_t * cbinfo)
+{
 	const __ops_parser_content_union_t *content = &contents->u;
 	const __ops_keydata_t	*signer;
 	validate_data_cb_t	*data = __ops_parse_cb_get_arg(cbinfo);
 	__ops_error_t		**errors = __ops_parse_cb_get_errors(cbinfo);
 	bool			 valid = false;
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("validate_data_cb: %s\n",
 			__ops_show_packet_tag(contents->tag));
+	}
 	switch (contents->tag) {
 @@ -461,77 +478,77 @@ validate_result_status(__ops_validation_
  * \brief Validate all signatures on a single key against the given keyring
  * \param result Where to put the result
  * \param key Key to validate
  * \param keyring Keyring to use for validation
  * \param cb_get_passphrase Callback to use to get passphrase
  * \return true if all signatures OK; else false
  * \note It is the caller's responsiblity to free result after use.
  * \sa __ops_validate_result_free()
  */
 bool
 __ops_validate_key_signatures(__ops_validation_t * result,
 				const __ops_keydata_t * key,
 			    const __ops_keyring_t * keyring,
-			    __ops_parse_cb_return_t cb_get_passphrase(const __ops_parser_content_t *, __ops_parse_cb_info_t *)
+			    __ops_parse_cb_return_t cb_get_passphrase(const __ops_packet_t *, __ops_parse_cb_info_t *)
+)
+{
 	__ops_parse_info_t *pinfo;
 	validate_key_cb_t carg;
 	(void) memset(&carg, 0x0, sizeof(carg));
 	carg.result = result;
 	carg.cb_get_passphrase = cb_get_passphrase;
 	pinfo = __ops_parse_info_new();
 	/* __ops_parse_options(&opt,OPS_PTAG_CT_SIGNATURE,OPS_PARSE_PARSED); */
 	carg.keyring = keyring;
 	__ops_parse_cb_set(pinfo, __ops_validate_key_cb, &carg);
 	pinfo->rinfo.accumulate = true;
 	__ops_keydata_reader_set(pinfo, key);
 	/* Note: Coverity incorrectly reports an error that carg.rarg */
 	/* is never used. */
 	carg.rarg = pinfo->rinfo.arg;
-	__ops_parse(pinfo);
+	__ops_parse(pinfo, 0);
 	__ops_public_key_free(&carg.pkey);
 	if (carg.subkey.version)
 		__ops_public_key_free(&carg.subkey);
 	__ops_user_id_free(&carg.user_id);
 	__ops_user_attribute_free(&carg.user_attribute);
 	__ops_parse_info_delete(pinfo);
 	if (result->invalidc || result->unknownc || !result->validc)
 		return false;
 	else
 		return true;
+}
 /**
    \ingroup HighLevel_Verify
    \param result Where to put the result
    \param ring Keyring to use
    \param cb_get_passphrase Callback to use to get passphrase
    \note It is the caller's responsibility to free result after use.
    \sa __ops_validate_result_free()
 */
 bool
 __ops_validate_all_signatures(__ops_validation_t * result,
 			    const __ops_keyring_t * ring,
-			    __ops_parse_cb_return_t cb_get_passphrase(const __ops_parser_content_t *, __ops_parse_cb_info_t *)
+			    __ops_parse_cb_return_t cb_get_passphrase(const __ops_packet_t *, __ops_parse_cb_info_t *)
+)
+{
 	int             n;
 	(void) memset(result, 0x0, sizeof(*result));
 	for (n = 0; n < ring->nkeys; ++n) {
 		__ops_validate_key_signatures(result, &ring->keys[n], ring,
 				cb_get_passphrase);
+	}
 	return validate_result_status(result);
+}
 /**
 @@ -568,52 +585,74 @@ __ops_validate_result_free(__ops_validat
    \return true if signatures validate successfully;
    	false if signatures fail or there are no signatures
    \note After verification, result holds the details of all keys which
    have passed, failed and not been recognised.
    \note It is the caller's responsiblity to call
    	__ops_validate_result_free(result) after use.
 */
 bool
 __ops_validate_file(__ops_validation_t *result,
 			const char *filename,
 			const int armoured,
 			const __ops_keyring_t *keyring)
+{
-	__ops_parse_info_t *pinfo = NULL;
+	__ops_parse_info_t	*pinfo = NULL;
-	validate_data_cb_t validation;
+	validate_data_cb_t	 validation;
-	int             fd = 0;
+	struct stat		 st;
 	int64_t		 	 origsize;
 	char			 origfile[MAXPATHLEN];
 	int			 fd;
 	int			 cc;
 #define SIG_OVERHEAD	284 /* depends on sig size */
 	if (stat(filename, &st) < 0) {
 		(void) fprintf(stderr, "can't validate \"%s\"\n", filename);
 		return false;
+	}
 	origsize = st.st_size;
 	cc = snprintf(origfile, sizeof(origfile), "%s", filename);
 	if (strcmp(&origfile[cc - 4], ".sig") == 0) {
 		origfile[cc - 4] = 0x0;
 		if (stat(origfile, &st) == 0 &&
 		    st.st_size - SIG_OVERHEAD < origsize) {
 			/* XXX - agc */
 			pinfo->synthlit = __UNCONST(filename);
+		}
+	}
 	fd = __ops_setup_file_read(&pinfo, filename, &validation,
 				validate_data_cb, true);
 	if (fd < 0) {
 		return false;
+	}
 	/* Set verification reader and handling options */
 	(void) memset(&validation, 0x0, sizeof(validation));
 	validation.result = result;
 	validation.keyring = keyring;
 	validation.mem = __ops_memory_new();
 	__ops_memory_init(validation.mem, 128);
 	/* Note: Coverity incorrectly reports an error that carg.rarg */
 	/* is never used. */
 	validation.rarg = pinfo->rinfo.arg;
 	if (armoured) {
 		__ops_reader_push_dearmour(pinfo);
+	}
 	/* Do the verification */
-	__ops_parse(pinfo);
+	__ops_parse(pinfo, 0);
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("valid=%d, invalid=%d, unknown=%d\n",
 		       result->validc,
 		       result->invalidc,
 		       result->unknownc);
+	}
 	/* Tidy up */
 	if (armoured) {
 		__ops_reader_pop_dearmour(pinfo);
+	}
 	__ops_teardown_file_read(pinfo, fd);
 @@ -649,27 +688,27 @@ __ops_validate_mem(__ops_validation_t *r
 	validation.result = result;
 	validation.keyring = keyring;
 	validation.mem = __ops_memory_new();
 	__ops_memory_init(validation.mem, 128);
 	/* Note: Coverity incorrectly reports an error that carg.rarg */
 	/* is never used. */
 	validation.rarg = pinfo->rinfo.arg;
 	if (armoured) {
 		__ops_reader_push_dearmour(pinfo);
+	}
 	/* Do the verification */
-	__ops_parse(pinfo);
+	__ops_parse(pinfo, 0);
 	if (__ops_get_debug_level(__FILE__)) {
 		printf("valid=%d, invalid=%d, unknown=%d\n",
 		       result->validc,
 		       result->invalidc,
 		       result->unknownc);
+	}
 	/* Tidy up */
 	if (armoured) {
 		__ops_reader_pop_dearmour(pinfo);
+	}
 	__ops_teardown_memory_read(pinfo, mem);

 @@ -57,36 +57,36 @@ bool   __ops_keyring_read_from_file(__op
 char           *__ops_malloc_passphrase(char *);
 void            __ops_keyring_list(const __ops_keyring_t *);
 void            __ops_set_secret_key(__ops_parser_content_union_t *, const __ops_keydata_t *);
 const unsigned char *__ops_get_key_id(const __ops_keydata_t *);
 unsigned        __ops_get_user_id_count(const __ops_keydata_t *);
 const unsigned char *__ops_get_user_id(const __ops_keydata_t *, unsigned);
 bool   __ops_is_key_supported(const __ops_keydata_t *);
 const __ops_keydata_t *__ops_keyring_get_key_by_index(const __ops_keyring_t *, int);
 __ops_user_id_t  *__ops_add_userid_to_keydata(__ops_keydata_t *, const __ops_user_id_t *);
-__ops_packet_t   *__ops_add_packet_to_keydata(__ops_keydata_t *, const __ops_packet_t *);
+__ops_subpacket_t   *__ops_add_packet_to_keydata(__ops_keydata_t *, const __ops_subpacket_t *);
-void            __ops_add_signed_userid_to_keydata(__ops_keydata_t *, const __ops_user_id_t *, const __ops_packet_t *);
+void            __ops_add_signed_userid_to_keydata(__ops_keydata_t *, const __ops_user_id_t *, const __ops_subpacket_t *);
 bool   __ops_add_selfsigned_userid_to_keydata(__ops_keydata_t *, __ops_user_id_t *);
 __ops_keydata_t  *__ops_keydata_new(void);
 void            __ops_keydata_init(__ops_keydata_t *, const __ops_content_tag_t);
 void            __ops_copy_userid(__ops_user_id_t *, const __ops_user_id_t *);
-void            __ops_copy_packet(__ops_packet_t *, const __ops_packet_t *);
+void            __ops_copy_packet(__ops_subpacket_t *, const __ops_subpacket_t *);
 unsigned        __ops_get_keydata_content_type(const __ops_keydata_t *);
 int		__ops_parse_and_accumulate(__ops_keyring_t *, __ops_parse_info_t *);
 void            __ops_print_public_keydata(const __ops_keydata_t *);
 void            __ops_print_public_key(const __ops_public_key_t *);
 void            __ops_print_secret_keydata(const __ops_keydata_t *);
 void            __ops_list_packets(char *, bool, __ops_keyring_t *, __ops_parse_cb_t *);
 int		__ops_export_key(const __ops_keydata_t *, unsigned char *);
 #endif /* OPS_KEYRING_H */

 @@ -35,30 +35,30 @@
 	}								\
 } while(/*CONSTCOND*/0)
 /** __ops_keydata_key_t
  */
 typedef union {
 	__ops_public_key_t pkey;
 	__ops_secret_key_t skey;
 }               __ops_keydata_key_t;
 /** sigpacket_t */
 typedef struct {
-	__ops_user_id_t  *userid;
+	__ops_user_id_t		*userid;
-	__ops_packet_t   *packet;
+	__ops_subpacket_t	*packet;
 }               sigpacket_t;
 /* XXX: gonna have to expand this to hold onto subkeys, too... */
 /** \struct __ops_keydata
  * \todo expand to hold onto subkeys
  */
 struct __ops_keydata {
 	DECLARE_ARRAY(__ops_user_id_t, uids);
-	DECLARE_ARRAY(__ops_packet_t, packets);
+	DECLARE_ARRAY(__ops_subpacket_t, packets);
 	DECLARE_ARRAY(sigpacket_t, sigs);
 	unsigned char   key_id[8];
 	__ops_fingerprint_t fingerprint;
 	__ops_content_tag_t type;
 	__ops_keydata_key_t key;
 };

 @@ -45,25 +45,25 @@ typedef struct __ops_validation_t {
 	__ops_signature_info_t	*valid_sigs;
 	unsigned int		 invalidc;
 	__ops_signature_info_t	*invalid_sigs;
 	unsigned int		 unknownc;
 	__ops_signature_info_t	*unknown_sigs;
 } __ops_validation_t;
 void            __ops_validate_result_free(__ops_validation_t *);
 bool
 __ops_validate_key_signatures(__ops_validation_t *,
 			    const __ops_keydata_t *,
 			    const __ops_keyring_t *,
-			    __ops_parse_cb_return_t cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *));
+			    __ops_parse_cb_return_t cb(const __ops_packet_t *, __ops_parse_cb_info_t *));
 bool
 __ops_validate_all_signatures(__ops_validation_t *,
 			    const __ops_keyring_t *,
-			    __ops_parse_cb_return_t cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *));
+			    __ops_parse_cb_return_t cb(const __ops_packet_t *, __ops_parse_cb_info_t *));
 bool   __ops_check_signature(const unsigned char *, unsigned, const __ops_signature_t *, const __ops_public_key_t *);
 const char     *__ops_get_info(const char *type);
 #endif

 @@ -40,30 +40,30 @@ typedef struct __ops_region_t {
 }               __ops_region_t;
 void            __ops_init_subregion(__ops_region_t * subregion, __ops_region_t * region);
 /** __ops_parse_callback_return_t */
 typedef enum {
 	OPS_RELEASE_MEMORY,
 	OPS_KEEP_MEMORY,
 	OPS_FINISHED
 }               __ops_parse_cb_return_t;
 typedef struct __ops_parse_cb_info __ops_parse_cb_info_t;
-typedef         __ops_parse_cb_return_t __ops_parse_cb_t(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+typedef         __ops_parse_cb_return_t __ops_parse_cb_t(const __ops_packet_t *, __ops_parse_cb_info_t *);
 __ops_parse_cb_return_t
-get_passphrase_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+get_passphrase_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
 typedef struct __ops_parse_info __ops_parse_info_t;
 typedef struct __ops_reader_info __ops_reader_info_t;
 typedef struct __ops_crypt_info __ops_crypt_info_t;
 /*
    A reader MUST read at least one byte if it can, and should read up
    to the number asked for. Whether it reads more for efficiency is
    its own decision, but if it is a stacked reader it should never
    read more than the length of the region it operates in (which it
    would have to be given when it is stacked).
    If a read is short because of EOF, then it should return the short
 @@ -88,32 +88,31 @@ void            __ops_parse_info_delete(
 __ops_error_t    *__ops_parse_info_get_errors(__ops_parse_info_t *);
 __ops_crypt_t    *__ops_parse_get_decrypt(__ops_parse_info_t *);
 void            __ops_parse_cb_set(__ops_parse_info_t *, __ops_parse_cb_t *, void *);
 void            __ops_parse_cb_push(__ops_parse_info_t *, __ops_parse_cb_t *, void *);
 void           *__ops_parse_cb_get_arg(__ops_parse_cb_info_t *);
 void           *__ops_parse_cb_get_errors(__ops_parse_cb_info_t *);
 void            __ops_reader_set(__ops_parse_info_t *, __ops_reader_t *, __ops_reader_destroyer_t *, void *);
 void            __ops_reader_push(__ops_parse_info_t *, __ops_reader_t *, __ops_reader_destroyer_t *, void *);
 void            __ops_reader_pop(__ops_parse_info_t *);
 void           *__ops_reader_get_arg(__ops_reader_info_t *);
-__ops_parse_cb_return_t __ops_parse_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+__ops_parse_cb_return_t __ops_parse_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
-__ops_parse_cb_return_t __ops_parse_stacked_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+__ops_parse_cb_return_t __ops_parse_stacked_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
 __ops_reader_info_t *__ops_parse_get_rinfo(__ops_parse_info_t *);
-int             __ops_parse(__ops_parse_info_t *);
+int             __ops_parse(__ops_parse_info_t *, int);
 int             __ops_parse_and_print_errors(__ops_parse_info_t *);
 void            __ops_parse_and_validate(__ops_parse_info_t *);
 /** Used to specify whether subpackets should be returned raw, parsed or ignored.
  */
 typedef enum {
 	OPS_PARSE_RAW,		/* !< Callback Raw */
 	OPS_PARSE_PARSED,	/* !< Callback Parsed */
 	OPS_PARSE_IGNORE	/* !< Don't callback */
 }               __ops_parse_type_t;
 void
 __ops_parse_options(__ops_parse_info_t *, __ops_content_tag_t, __ops_parse_type_t);

 @@ -484,27 +484,27 @@ bool   __ops_is_hash_alg_supported(const
 /* Hash size for secret key check */
 #define OPS_CHECKHASH_SIZE	20
 /* SHA1 Hash Size \todo is this the same as OPS_CHECKHASH_SIZE?? */
 #define OPS_SHA1_HASH_SIZE 		SHA_DIGEST_LENGTH
 #define OPS_SHA256_HASH_SIZE	SHA256_DIGEST_LENGTH
 /* Max hash size */
 #define OPS_MAX_HASH_SIZE	64
 /** __ops_secret_key_t
  */
 typedef struct {
-	__ops_public_key_t public_key;
+	__ops_public_key_t pubkey;
 	__ops_s2k_usage_t s2k_usage;
 	__ops_s2k_specifier_t s2k_specifier;
 	__ops_symmetric_algorithm_t algorithm;
 	__ops_hash_algorithm_t hash_algorithm;
 	unsigned char   salt[OPS_SALT_SIZE];
 	unsigned        octet_count;
 	unsigned char   iv[OPS_MAX_BLOCK_SIZE];
 	__ops_secret_key_union_t key;
 	unsigned        checksum;
 	unsigned char   checkhash[OPS_CHECKHASH_SIZE];
 }               __ops_secret_key_t;
 /** Structure to hold one trust packet's data */
 @@ -711,30 +711,30 @@ typedef struct {
 typedef struct {
 	__ops_public_key_algorithm_t pka_alg;
 	__ops_hash_algorithm_t hash_alg;
 	__ops_data_t      hash;
 }               __ops_ss_signature_target_t;
 /** Signature Subpacket : Embedded Signature */
 typedef struct {
 	__ops_data_t      sig;
 }               __ops_ss_embedded_signature_t;
 /** __ops_packet_t */
-typedef struct {
+typedef struct __ops_subpacket_t {
 	size_t          length;
 	unsigned char  *raw;
-}               __ops_packet_t;
+}               __ops_subpacket_t;
 /** Types of Compression */
 typedef enum {
 	OPS_C_NONE = 0,
 	OPS_C_ZIP = 1,
 	OPS_C_ZLIB = 2,
 	OPS_C_BZIP2 = 3
 } __ops_compression_type_t;
 /*
  * unlike most structures, this will feed its data as a stream to the
  * application instead of directly including it
  */
 @@ -929,38 +929,38 @@ typedef struct {
 }               __ops_se_data_body_t;
 /** __ops_get_secret_key_t */
 typedef struct {
 	const __ops_secret_key_t **secret_key;
 	const __ops_pk_session_key_t *pk_session_key;
 }               __ops_get_secret_key_t;
 /** __ops_parser_union_content_t */
 typedef union {
 	__ops_parser_error_t error;
 	__ops_parser_errcode_t errcode;
 	__ops_ptag_t      ptag;
-	__ops_public_key_t public_key;
+	__ops_public_key_t pubkey;
 	__ops_trust_t     trust;
 	__ops_user_id_t   user_id;
 	__ops_user_attribute_t user_attribute;
 	__ops_signature_t signature;
 	__ops_ss_raw_t    ss_raw;
 	__ops_ss_trust_t  ss_trust;
 	__ops_ss_revocable_t ss_revocable;
 	__ops_ss_time_t   ss_time;
 	__ops_ss_key_id_t ss_issuer_key_id;
 	__ops_ss_notation_data_t ss_notation_data;
-	__ops_packet_t    packet;
+	__ops_subpacket_t    packet;
 	__ops_compressed_t compressed;
 	__ops_one_pass_signature_t one_pass_signature;
 	__ops_ss_preferred_ska_t ss_preferred_ska;
 	__ops_ss_preferred_hash_t ss_preferred_hash;
 	__ops_ss_preferred_compression_t ss_preferred_compression;
 	__ops_ss_key_flags_t ss_key_flags;
 	__ops_ss_key_server_prefs_t ss_key_server_prefs;
 	__ops_ss_primary_user_id_t ss_primary_user_id;
 	__ops_ss_regexp_t ss_regexp;
 	__ops_ss_policy_url_t ss_policy_url;
 	__ops_ss_preferred_key_server_t ss_preferred_key_server;
 	__ops_ss_revocation_key_t ss_revocation_key;
 	__ops_ss_userdefined_t ss_userdefined;
 @@ -971,35 +971,35 @@ typedef union {
 	__ops_ss_features_t ss_features;
 	__ops_ss_signature_target_t ss_signature_target;
 	__ops_ss_embedded_signature_t ss_embedded_signature;
 	__ops_ss_revocation_reason_t ss_revocation_reason;
 	__ops_secret_key_t secret_key;
 	__ops_user_id_t   ss_signers_user_id;
 	__ops_armour_header_t armour_header;
 	__ops_armour_trailer_t armour_trailer;
 	__ops_signed_cleartext_header_t signed_cleartext_header;
 	__ops_signed_cleartext_body_t signed_cleartext_body;
 	__ops_signed_cleartext_trailer_t signed_cleartext_trailer;
 	__ops_unarmoured_text_t unarmoured_text;
 	__ops_pk_session_key_t pk_session_key;
-	__ops_secret_key_passphrase_t secret_key_passphrase;
+	__ops_secret_key_passphrase_t skey_passphrase;
 	__ops_se_ip_data_header_t se_ip_data_header;
 	__ops_se_ip_data_body_t se_ip_data_body;
 	__ops_se_data_body_t se_data_body;
 	__ops_get_secret_key_t get_secret_key;
 }               __ops_parser_content_union_t;
-/** __ops_parser_content_t */
+/** __ops_packet_t */
-struct __ops_parser_content_t {
+struct __ops_packet_t {
 	__ops_content_tag_t		tag;		/* type of contents */
 	unsigned char			critical;	/* for signature subpackets */
 	__ops_parser_content_union_t	u;		/* union for contents */
 };
 /** __ops_fingerprint_t */
 typedef struct {
 	unsigned char   fingerprint[20];
 	unsigned        length;
 }               __ops_fingerprint_t;
 void            __ops_init(void);
 void            __ops_finish(void);
 @@ -1017,21 +1017,21 @@ void            __ops_ss_preferred_compr
 void            __ops_ss_key_flags_free(__ops_ss_key_flags_t *);
 void            __ops_ss_key_server_prefs_free(__ops_ss_key_server_prefs_t *);
 void            __ops_ss_features_free(__ops_ss_features_t *);
 void            __ops_ss_notation_data_free(__ops_ss_notation_data_t *);
 void            __ops_ss_policy_url_free(__ops_ss_policy_url_t *);
 void            __ops_ss_preferred_key_server_free(__ops_ss_preferred_key_server_t *);
 void            __ops_ss_regexp_free(__ops_ss_regexp_t *);
 void            __ops_ss_userdefined_free(__ops_ss_userdefined_t *);
 void            __ops_ss_reserved_free(__ops_ss_unknown_t *);
 void            __ops_ss_revocation_reason_free(__ops_ss_revocation_reason_t *);
 void            __ops_ss_signature_target_free(__ops_ss_signature_target_t *);
 void            __ops_ss_embedded_signature_free(__ops_ss_embedded_signature_t *);
-void            __ops_packet_free(__ops_packet_t *);
+void            __ops_subpacket_free(__ops_subpacket_t *);
-void            __ops_parser_content_free(__ops_parser_content_t *);
+void            __ops_parser_content_free(__ops_packet_t *);
 void            __ops_secret_key_free(__ops_secret_key_t *);
 void            __ops_pk_session_key_free(__ops_pk_session_key_t *);
-int             __ops_print_packet(const __ops_parser_content_t *);
+int             __ops_print_packet(const __ops_packet_t *);
 #endif

 @@ -16,31 +16,30 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /** \file */
 #include "types.h"
 #include "crypto.h"
 /** __ops_reader_info */
 struct __ops_reader_info {
-	__ops_reader_t   *reader;	/* !< the reader function to use to get the
+	__ops_reader_t   *reader;/* !< the reader function to use to get the
 				 * data to be parsed */
 	__ops_reader_destroyer_t *destroyer;
 	void           *arg;	/* !< the args to pass to the reader function */
 	unsigned   accumulate:1;	/* !< set to accumulate packet data */
 	unsigned char  *accumulated;	/* !< the accumulated data */
 	unsigned        asize;	/* !< size of the buffer */
 	unsigned        alength;/* !< used buffer */
 	/* XXX: what do we do about offsets into compressed packets? */
 	unsigned        position;	/* !< the offset from the beginning
 					 * (with this reader) */
 	__ops_reader_info_t *next;
 	__ops_parse_info_t *pinfo;/* !< A pointer back to the parent parse_info
 				 * structure */
 };
 @@ -97,25 +96,26 @@ typedef struct {
  *  - the accumulated data, if any
  *  - the size of the buffer, and how much has been used
+ *
  *  It has a linked list of errors.
  */
 struct __ops_parse_info {
 	unsigned char   ss_raw[NTAGS / 8];	/* !< one bit per
 						 * signature-subpacket type;
 						 * set to get raw data */
 	unsigned char   ss_parsed[NTAGS / 8];	/* !< one bit per
 						 * signature-subpacket type;
 						 * set to get parsed data */
 	__ops_reader_info_t	 rinfo;
-	__ops_reader_info_t rinfo;
+	__ops_parse_cb_info_t	 cbinfo;
-	__ops_parse_cb_info_t cbinfo;
+	__ops_error_t		*errors;
-	__ops_error_t    *errors;
+	__ops_crypt_t		 decrypt;
-	__ops_crypt_t     decrypt;
+	__ops_crypt_info_t	 cryptinfo;
-	__ops_crypt_info_t cryptinfo;
+	size_t			 nhashes;
 	size_t          nhashes;
 	__ops_parse_hash_info_t *hashes;
-	unsigned   reading_v3_secret:1;
+	unsigned		 reading_v3_secret:1;
-	unsigned   reading_mpi_length:1;
+	unsigned		 reading_mpi_length:1;
-	unsigned   exact_read:1;
+	unsigned		 exact_read:1;
 	void			*synthsig;	/* synthetic sig */
 	void			*synthlit;	/* synthetic literal data */
 };

 @@ -56,43 +56,43 @@ void __ops_writer_push_encrypt_se_ip(__o
 void            __ops_push_skey_checksum_writer(__ops_create_info_t *, __ops_secret_key_t *);
 bool   __ops_pop_skey_checksum_writer(__ops_create_info_t *);
 /* memory writing */
 void            __ops_setup_memory_write(__ops_create_info_t **, __ops_memory_t **, size_t);
 void            __ops_teardown_memory_write(__ops_create_info_t *, __ops_memory_t *);
 /* memory reading */
 void
 __ops_setup_memory_read(__ops_parse_info_t **, __ops_memory_t *,
 		      void *,
-		      __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *), bool);
+		      __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *), bool);
 void            __ops_teardown_memory_read(__ops_parse_info_t *, __ops_memory_t *);
 /* file writing */
 int             __ops_setup_file_write(__ops_create_info_t **, const char *, bool);
 void            __ops_teardown_file_write(__ops_create_info_t *, int);
 /* file appending */
 int             __ops_setup_file_append(__ops_create_info_t **, const char *);
 void            __ops_teardown_file_append(__ops_create_info_t *, int);
 /* file reading */
 int             __ops_setup_file_read(__ops_parse_info_t **, const char *, void *,
-		    __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *), bool);
+		    __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *), bool);
 void            __ops_teardown_file_read(__ops_parse_info_t *, int);
 bool   __ops_reader_set_accumulate(__ops_parse_info_t *, bool);
 /* useful callbacks */
 __ops_parse_cb_return_t
-literal_data_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+literal_data_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
 __ops_parse_cb_return_t
-pk_session_key_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+pk_session_key_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
 __ops_parse_cb_return_t
-get_secret_key_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+get_secret_key_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
 /* from reader_fd.c */
 void            __ops_reader_set_fd(__ops_parse_info_t *, int);
 #endif				/* OPS_READERWRITER_H__ */

 @@ -24,33 +24,33 @@
 #ifndef OPS_SIGNATURE_H
 #define OPS_SIGNATURE_H
 #include "packet.h"
 #include "create.h"
 typedef struct __ops_create_signature __ops_create_signature_t;
 __ops_create_signature_t *__ops_create_signature_new(void);
 void            __ops_create_signature_delete(__ops_create_signature_t *);
 bool
-__ops_check_user_id_certification_signature(const __ops_public_key_t *,
+__ops_check_useridcert_sig(const __ops_public_key_t *,
 					  const __ops_user_id_t *,
 					  const __ops_signature_t *,
 					  const __ops_public_key_t *,
 					  const unsigned char *);
 bool
-__ops_check_user_attribute_certification_signature(const __ops_public_key_t *,
+__ops_check_userattrcert_sig(const __ops_public_key_t *,
 				     const __ops_user_attribute_t *,
 						 const __ops_signature_t *,
 					    const __ops_public_key_t *,
 					   const unsigned char *);
 bool
 __ops_check_subkey_signature(const __ops_public_key_t *,
 			   const __ops_public_key_t *,
 			   const __ops_signature_t *,
 			   const __ops_public_key_t *,
 			   const unsigned char *);
 bool
 __ops_check_direct_signature(const __ops_public_key_t *,
 			   const __ops_signature_t *,

 @@ -47,28 +47,28 @@ typedef struct {
 }               __ops_map_t;
 /** __ops_errcode_name_map_t */
 typedef __ops_map_t __ops_errcode_name_map_t;
 typedef struct _ops_crypt_t __ops_crypt_t;
 /** __ops_hash_t */
 typedef struct _ops_hash_t __ops_hash_t;
 /** Revocation Reason type */
 typedef unsigned char __ops_ss_rr_code_t;
-/** __ops_parser_content_t */
+/** __ops_packet_t */
-typedef struct __ops_parser_content_t __ops_parser_content_t;
+typedef struct __ops_packet_t __ops_packet_t;
 /** Writer flags */
 typedef enum {
 	OPS_WF_DUMMY
 }               __ops_writer_flags_t;
 /**
  * \ingroup Create
  * Contains the required information about how to write
  */
 typedef struct __ops_create_info __ops_create_info_t;
 #endif

 @@ -32,47 +32,47 @@ typedef struct {
 	__ops_public_key_t pkey;
 	__ops_public_key_t subkey;
 	__ops_secret_key_t skey;
 	enum {
 		ATTRIBUTE = 1,
 		ID
 	}               last_seen;
 	__ops_user_id_t   user_id;
 	__ops_user_attribute_t user_attribute;
 	unsigned char   hash[OPS_MAX_HASH_SIZE];
 	const __ops_keyring_t *keyring;
 	validate_reader_t *rarg;
 	__ops_validation_t *result;
-	__ops_parse_cb_return_t(*cb_get_passphrase) (const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+	__ops_parse_cb_return_t(*cb_get_passphrase) (const __ops_packet_t *, __ops_parse_cb_info_t *);
 }               validate_key_cb_t;
 /** Struct use with the validate_data_cb callback */
 typedef struct {
 	enum {
 		LITERAL_DATA,
 		SIGNED_CLEARTEXT
 	}               use;	/* <! this is set to indicate what
 				 * kind of data we have */
 	union {
 		__ops_literal_data_body_t literal_data_body;	/* <! Used to hold
 								 * Literal Data */
 		__ops_signed_cleartext_body_t signed_cleartext_body;	/* <! Used to hold
 									 * Signed Cleartext */
 	}               data;	/* <! the data itself */
 	unsigned char   hash[OPS_MAX_HASH_SIZE];	/* <! the hash */
 	__ops_memory_t   *mem;
 	const __ops_keyring_t *keyring;	/* <! keyring to use */
 	validate_reader_t *rarg;	/* <! reader-specific arg */
 	__ops_validation_t *result;	/* <! where to put the result */
 }               validate_data_cb_t;	/* <! used with
 					 * validate_data_cb callback */
 void            __ops_keydata_reader_set(__ops_parse_info_t *, const __ops_keydata_t *);
-__ops_parse_cb_return_t __ops_validate_key_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+__ops_parse_cb_return_t __ops_validate_key_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
 bool   __ops_validate_file(__ops_validation_t *, const char *, const int, const __ops_keyring_t *);
 bool   __ops_validate_mem(__ops_validation_t *, __ops_memory_t *, const int, const __ops_keyring_t *);
-__ops_parse_cb_return_t validate_data_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *);
+__ops_parse_cb_return_t validate_data_cb(const __ops_packet_t *, __ops_parse_cb_info_t *);
 #endif /* !VALIDATE_H_ */

 @@ -1,14 +1,14 @@
-.\" $NetBSD: libnetpgp.3,v 1.5 2009/05/02 09:40:01 wiz Exp $
+.\" $NetBSD: libnetpgp.3,v 1.6 2009/05/05 01:28:15 agc Exp $
 .\"
 .\" Copyright (c) 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This manual page is derived from software contributed to The
 .\" NetBSD Foundation by Alistair Crooks (agc@NetBSD.org)
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 @@ -17,27 +17,27 @@
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 2, 2009
+.Dd May 4, 2009
 .Dt LIBNETPGP 3
 .Os
 .Sh NAME
 .Nm libnetpgp
 .Nd digital signing and verification, encryption and decryption
 .Sh LIBRARY
 .Lb libnetpgp
 .Sh SYNOPSIS
 .In netpgp.h
 .Ft int
 .Fo netpgp_init
 .Fa "netpgp_t *netpgp" "char *userid" "char *pubringfile" "char *secringfile"
 .Fc
 @@ -85,26 +85,30 @@
 .Fc
 .Ft int
 .Fo netpgp_set_debug
 .Fa "const char *filename"
 .Fc
 .Ft int
 .Fo netpgp_get_debug
 .Fa "const char *filename"
 .Fc
 .Ft int
 .Fo netpgp_get_info
 .Fa "const char *type"
 .Fc
 .Ft int
 .Fo netpgp_list_packets
 .Fa "netpgp_t *netpgp" "char *filename" "int armour" "char *pubringname"
 .Fc
 .Sh DESCRIPTION
 .Nm
 is a library interface to enable digital signatures to be created and
 verified, and also for files and memory to be encrypted and decrypted.
 Functions are also provided for management of user keys.
 .Pp
 The library uses functions from the openssl library for multi-precision
 integer arithmetic, and for RSA and DSA key signing and verification,
 encryption and decryption.
 .Pp
 Normal operation sees the
 .Nm
 process be initialised using the
 @@ -158,26 +162,36 @@ files are the lifeblood of the
 library.
 To encrypt a file, the
 .Fn netpgp_encrypt_file
 and the
 .Fn netpgp_decrypt_file
 is used to decrypt the results of the encryption.
 To sign a file, the
 .Fn netpgp_sign_file
 is used, and the resulting signed file can be verified
 using the
 .Fn netpgp_verify_file
 function.
 .Pp
 Internally, an encrypted or signed file
 is made up of
 .Dq packets
 which hold information pertaining to the signature,
 encryption method, and the data which is being protected.
 This information can be displayed in a verbose manner using
 the
 .Fn netpgp_list_packets
 function.
 .Pp
 In
 .Nm
 files are encrypted using the public key of the userid.
 The secret key is used to decrypt the results of that encryption.
 Files are signed using the secret key of the userid.
 The public key is used to verify that the file was signed,
 who signed the file, and the date and time at which it was signed.
 .Pp
 Some utility functions are also provided for debugging, and for
 finding out version and maintainer information from calling programs.
 These are the
 .Fn netpgp_set_debug
 and the

 @@ -215,45 +215,45 @@ sign_detached(char *f, char *sigfile, __
+			}
 			__ops_signature_add_data(sig, buf, (unsigned)n);
+		}
 	} else {
 		__ops_signature_add_data(sig, mmapped, (unsigned)st.st_size);
 		(void) munmap(mmapped, (unsigned)st.st_size);
+	}
 	(void) close(fd);
 	/* calculate the signature */
 	t = time(NULL);
 	__ops_signature_add_creation_time(sig, t);
 	__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE,
-		&seckey->public_key);
+		&seckey->pubkey);
 	__ops_signature_add_issuer_key_id(sig, keyid);
 	__ops_signature_hashed_subpackets_end(sig);
 	/* write the signature to the detached file */
 	if (sigfile == NULL) {
 		(void) snprintf(fname, sizeof(fname), "%s.sig", f);
 		sigfile = fname;
+	}
 	fd = open(sigfile, O_CREAT|O_TRUNC|O_WRONLY, 0666);
 	if (fd < 0) {
 		(void) fprintf(stderr, "can't write signature to \"%s\"\n",
 				sigfile);
 		return 0;
+	}
 	info = __ops_create_info_new();
 	__ops_writer_set_fd(info, fd);
-	__ops_write_signature(sig, &seckey->public_key, seckey, info);
+	__ops_write_signature(sig, &seckey->pubkey, seckey, info);
 	__ops_secret_key_free(seckey);
 	(void) close(fd);
 	return 1;
+}
 /***************************************************************************/
 /* exported functions start here */
 /***************************************************************************/
 /* initialise a netpgp_t structure */
 int
 netpgp_init(netpgp_t *netpgp, char *userid, char *pubring, char *secring)
 @@ -520,13 +520,38 @@ netpgp_set_debug(const char *f)
 /* get the debugging level per filename */
 int
 netpgp_get_debug(const char *f)
+{
 	return __ops_get_debug_level(f);
+}
 /* return the version for the library */
 const char *
 netpgp_get_info(const char *type)
+{
 	return __ops_get_info(type);
+}
 int
 netpgp_list_packets(netpgp_t *netpgp, char *f, int armour, char *pubringname)
+{
 	__ops_keyring_t	*keyring;
 	char		 ringname[MAXPATHLEN];
 	char		*homedir;
 	homedir = getenv("HOME");
 	if (pubringname == NULL) {
 		(void) snprintf(ringname, sizeof(ringname),
 			"%s/.gnupg/pubring.gpg", homedir);
 		pubringname = ringname;
+	}
 	keyring = calloc(1, sizeof(*keyring));
 	if (!__ops_keyring_read_from_file(keyring, false, pubringname)) {
 		(void) fprintf(stderr, "Cannot read pub keyring %s\n",
 			pubringname);
 		return 0;
+	}
 	netpgp->pubring = keyring;
 	netpgp->pubringfile = strdup(pubringname);
 	__ops_list_packets(f, armour, keyring, get_passphrase_cb);
 	return 1;
+}