 @@ -1,1151 +1,1151 @@
 /*-
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Alistair Crooks (agc@NetBSD.org)
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
  * All rights reserved.
  * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
  * their moral rights under the UK Copyright Design and Patents Act 1988 to
  * be recorded as the authors of this copyright work.
+ *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License.
+ *
  * You may obtain a copy of the License at
  *     http://www.apache.org/licenses/LICENSE-2.0
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /** \file
  */
 #include "config.h"
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.46 2010/09/01 17:25:57 agc Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.47 2010/10/31 19:45:53 stacktic Exp $");
 #endif
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include <regex.h>
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_TERMIOS_H
 #include <termios.h>
 #endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #include "types.h"
 #include "keyring.h"
 #include "packet-parse.h"
 #include "signature.h"
 #include "netpgpsdk.h"
 #include "readerwriter.h"
 #include "netpgpdefs.h"
 #include "packet.h"
 #include "crypto.h"
 #include "validate.h"
 #include "netpgpdefs.h"
 #include "netpgpdigest.h"
 /**
    \ingroup HighLevel_Keyring
    \brief Creates a new __ops_key_t struct
    \return A new __ops_key_t struct, initialised to zero.
    \note The returned __ops_key_t struct must be freed after use with __ops_keydata_free.
 */
 __ops_key_t  *
 __ops_keydata_new(void)
+{
 	return calloc(1, sizeof(__ops_key_t));
+}
 /**
  \ingroup HighLevel_Keyring
  \brief Frees keydata and its memory
  \param keydata Key to be freed.
  \note This frees the keydata itself, as well as any other memory alloc-ed by it.
 */
 void
 __ops_keydata_free(__ops_key_t *keydata)
+{
 	unsigned        n;
 	for (n = 0; n < keydata->uidc; ++n) {
 		__ops_userid_free(&keydata->uids[n]);
+	}
 	free(keydata->uids);
 	keydata->uids = NULL;
 	keydata->uidc = 0;
 	for (n = 0; n < keydata->packetc; ++n) {
 		__ops_subpacket_free(&keydata->packets[n]);
+	}
 	free(keydata->packets);
 	keydata->packets = NULL;
 	keydata->packetc = 0;
 	if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) {
 		__ops_pubkey_free(&keydata->key.pubkey);
 	} else {
 		__ops_seckey_free(&keydata->key.seckey);
+	}
 	free(keydata);
+}
 /**
  \ingroup HighLevel_KeyGeneral
  \brief Returns the public key in the given keydata.
  \param keydata
   \return Pointer to public key
   \note This is not a copy, do not free it after use.
 */
 const __ops_pubkey_t *
 __ops_get_pubkey(const __ops_key_t *keydata)
+{
 	return (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) ?
 				&keydata->key.pubkey :
 				&keydata->key.seckey.pubkey;
+}
 /**
 \ingroup HighLevel_KeyGeneral
 \brief Check whether this is a secret key or not.
 */
 unsigned
 __ops_is_key_secret(const __ops_key_t *data)
+{
 	return data->type != OPS_PTAG_CT_PUBLIC_KEY;
+}
 /**
  \ingroup HighLevel_KeyGeneral
  \brief Returns the secret key in the given keydata.
  \note This is not a copy, do not free it after use.
  \note This returns a const.  If you need to be able to write to this
  pointer, use __ops_get_writable_seckey
 */
 const __ops_seckey_t *
 __ops_get_seckey(const __ops_key_t *data)
+{
 	return (data->type == OPS_PTAG_CT_SECRET_KEY) ?
 				&data->key.seckey : NULL;
+}
 /**
  \ingroup HighLevel_KeyGeneral
   \brief Returns the secret key in the given keydata.
   \note This is not a copy, do not free it after use.
   \note If you do not need to be able to modify this key, there is an
   equivalent read-only function __ops_get_seckey.
 */
 __ops_seckey_t *
 __ops_get_writable_seckey(__ops_key_t *data)
+{
 	return (data->type == OPS_PTAG_CT_SECRET_KEY) ?
 				&data->key.seckey : NULL;
+}
 /* utility function to zero out memory */
 void
 __ops_forget(void *vp, unsigned size)
+{
 	(void) memset(vp, 0x0, size);
+}
 typedef struct {
 	FILE			*passfp;
 	const __ops_key_t	*key;
 	char			*passphrase;
 	__ops_seckey_t		*seckey;
 } decrypt_t;
 static __ops_cb_ret_t
 decrypt_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
+{
 	const __ops_contents_t	*content = &pkt->u;
 	decrypt_t		*decrypt;
 	char			 pass[MAX_PASSPHRASE_LENGTH];
 	decrypt = __ops_callback_arg(cbinfo);
 	switch (pkt->tag) {
 	case OPS_PARSER_PTAG:
 	case OPS_PTAG_CT_USER_ID:
 	case OPS_PTAG_CT_SIGNATURE:
 	case OPS_PTAG_CT_SIGNATURE_HEADER:
 	case OPS_PTAG_CT_SIGNATURE_FOOTER:
 	case OPS_PTAG_CT_TRUST:
 		break;
 	case OPS_GET_PASSPHRASE:
 		(void) __ops_getpassphrase(decrypt->passfp, pass, sizeof(pass));
 		*content->skey_passphrase.passphrase = netpgp_strdup(pass);
 		__ops_forget(pass, (unsigned)sizeof(pass));
 		return OPS_KEEP_MEMORY;
 	case OPS_PARSER_ERRCODE:
 		switch (content->errcode.errcode) {
 		case OPS_E_P_MPI_FORMAT_ERROR:
 			/* Generally this means a bad passphrase */
 			fprintf(stderr, "Bad passphrase!\n");
 			return OPS_RELEASE_MEMORY;
 		case OPS_E_P_PACKET_CONSUMED:
 			/* And this is because of an error we've accepted */
 			return OPS_RELEASE_MEMORY;
 		default:
 			break;
+		}
 		(void) fprintf(stderr, "parse error: %s\n",
 				__ops_errcode(content->errcode.errcode));
 		return OPS_FINISHED;
 	case OPS_PARSER_ERROR:
 		fprintf(stderr, "parse error: %s\n", content->error);
 		return OPS_FINISHED;
 	case OPS_PTAG_CT_SECRET_KEY:
 		if ((decrypt->seckey = calloc(1, sizeof(*decrypt->seckey))) == NULL) {
 			(void) fprintf(stderr, "decrypt_cb: bad alloc\n");
 			return OPS_FINISHED;
+		}
 		decrypt->seckey->checkhash = calloc(1, OPS_CHECKHASH_SIZE);
 		*decrypt->seckey = content->seckey;
 		return OPS_KEEP_MEMORY;
 	case OPS_PARSER_PACKET_END:
 		/* nothing to do */
 		break;
 	default:
 		fprintf(stderr, "Unexpected tag %d (0x%x)\n", pkt->tag,
 			pkt->tag);
 		return OPS_FINISHED;
+	}
 	return OPS_RELEASE_MEMORY;
+}
 /**
 \ingroup Core_Keys
 \brief Decrypts secret key from given keydata with given passphrase
 \param key Key from which to get secret key
 \param passphrase Passphrase to use to decrypt secret key
 \return secret key
 */
 __ops_seckey_t *
 __ops_decrypt_seckey(const __ops_key_t *key, void *passfp)
+{
 	__ops_stream_t	*stream;
 	const int	 printerrors = 1;
 	decrypt_t	 decrypt;
 	(void) memset(&decrypt, 0x0, sizeof(decrypt));
 	decrypt.key = key;
 	decrypt.passfp = passfp;
 	stream = __ops_new(sizeof(*stream));
 	__ops_keydata_reader_set(stream, key);
 	__ops_set_callback(stream, decrypt_cb, &decrypt);
 	stream->readinfo.accumulate = 1;
 	__ops_parse(stream, !printerrors);
 	return decrypt.seckey;
+}
 /**
 \ingroup Core_Keys
 \brief Set secret key in content
 \param content Content to be set
 \param key Keydata to get secret key from
 */
 void
 __ops_set_seckey(__ops_contents_t *cont, const __ops_key_t *key)
+{
 	*cont->get_seckey.seckey = &key->key.seckey;
+}
 /**
 \ingroup Core_Keys
 \brief Get Key ID from keydata
 \param key Keydata to get Key ID from
 \return Pointer to Key ID inside keydata
 */
 const uint8_t *
 __ops_get_key_id(const __ops_key_t *key)
+{
 	return key->sigid;
+}
 /**
 \ingroup Core_Keys
 \brief How many User IDs in this key?
 \param key Keydata to check
 \return Num of user ids
 */
 unsigned
 __ops_get_userid_count(const __ops_key_t *key)
+{
 	return key->uidc;
+}
 /**
 \ingroup Core_Keys
 \brief Get indexed user id from key
 \param key Key to get user id from
 \param index Which key to get
 \return Pointer to requested user id
 */
 const uint8_t *
 __ops_get_userid(const __ops_key_t *key, unsigned subscript)
+{
 	return key->uids[subscript];
+}
 /**
    \ingroup HighLevel_Supported
    \brief Checks whether key's algorithm and type are supported by OpenPGP::SDK
    \param keydata Key to be checked
    \return 1 if key algorithm and type are supported by OpenPGP::SDK; 0 if not
 */
 unsigned
 __ops_is_key_supported(const __ops_key_t *key)
+{
 	if (key->type == OPS_PTAG_CT_PUBLIC_KEY) {
 		switch(key->key.pubkey.alg) {
 		case OPS_PKA_RSA:
 		case OPS_PKA_DSA:
 		case OPS_PKA_ELGAMAL:
 			return 1;
 		default:
 			break;
+		}
+	}
 	return 0;
+}
 /* \todo check where userid pointers are copied */
 /**
 \ingroup Core_Keys
 \brief Copy user id, including contents
 \param dst Destination User ID
 \param src Source User ID
 \note If dst already has a userid, it will be freed.
 */
 static uint8_t *
 __ops_copy_userid(uint8_t **dst, const uint8_t *src)
+{
 	size_t          len;
 	len = strlen((const char *) src);
 	if (*dst) {
 		free(*dst);
+	}
 	if ((*dst = calloc(1, len + 1)) == NULL) {
 		(void) fprintf(stderr, "__ops_copy_userid: bad alloc\n");
 	} else {
 		(void) memcpy(*dst, src, len);
+	}
 	return *dst;
+}
 /* \todo check where pkt pointers are copied */
 /**
 \ingroup Core_Keys
 \brief Copy packet, including contents
 \param dst Destination packet
 \param src Source packet
 \note If dst already has a packet, it will be freed.
 */
 static __ops_subpacket_t *
 __ops_copy_packet(__ops_subpacket_t *dst, const __ops_subpacket_t *src)
+{
 	if (dst->raw) {
 		free(dst->raw);
+	}
 	if ((dst->raw = calloc(1, src->length)) == NULL) {
 		(void) fprintf(stderr, "__ops_copy_packet: bad alloc\n");
 	} else {
 		dst->length = src->length;
 		(void) memcpy(dst->raw, src->raw, src->length);
+	}
 	return dst;
+}
 /**
 \ingroup Core_Keys
 \brief Add User ID to key
 \param key Key to which to add User ID
 \param userid User ID to add
 \return Pointer to new User ID
 */
 uint8_t  *
 __ops_add_userid(__ops_key_t *key, const uint8_t *userid)
+{
 	uint8_t  **uidp;
 	EXPAND_ARRAY(key, uid);
 	/* initialise new entry in array */
 	uidp = &key->uids[key->uidc++];
 	*uidp = NULL;
 	/* now copy it */
 	return __ops_copy_userid(uidp, userid);
+}
 void print_packet_hex(const __ops_subpacket_t *pkt);
 /**
 \ingroup Core_Keys
 \brief Add packet to key
 \param keydata Key to which to add packet
 \param packet Packet to add
 \return Pointer to new packet
 */
 __ops_subpacket_t   *
 __ops_add_subpacket(__ops_key_t *keydata, const __ops_subpacket_t *packet)
+{
 	__ops_subpacket_t   *subpktp;
 	EXPAND_ARRAY(keydata, packet);
 	/* initialise new entry in array */
 	subpktp = &keydata->packets[keydata->packetc++];
 	subpktp->length = 0;
 	subpktp->raw = NULL;
 	/* now copy it */
 	return __ops_copy_packet(subpktp, packet);
+}
 /**
 \ingroup Core_Keys
 \brief Add selfsigned User ID to key
 \param keydata Key to which to add user ID
 \param userid Self-signed User ID to add
 \return 1 if OK; else 0
 */
 unsigned
 __ops_add_selfsigned_userid(__ops_key_t *key, uint8_t *userid)
+{
 	__ops_create_sig_t	*sig;
 	__ops_subpacket_t	 sigpacket;
 	__ops_memory_t		*mem_userid = NULL;
 	__ops_output_t		*useridoutput = NULL;
 	__ops_memory_t		*mem_sig = NULL;
 	__ops_output_t		*sigoutput = NULL;
 	/*
          * create signature packet for this userid
          */
 	/* create userid pkt */
 	__ops_setup_memory_write(&useridoutput, &mem_userid, 128);
 	__ops_write_struct_userid(useridoutput, userid);
 	/* create sig for this pkt */
 	sig = __ops_create_sig_new();
 	__ops_sig_start_key_sig(sig, &key->key.seckey.pubkey, userid, OPS_CERT_POSITIVE);
 	__ops_add_time(sig, (int64_t)time(NULL), "birth");
 	__ops_add_issuer_keyid(sig, key->sigid);
 	__ops_add_primary_userid(sig, 1);
 	__ops_end_hashed_subpkts(sig);
 	__ops_setup_memory_write(&sigoutput, &mem_sig, 128);
 	__ops_write_sig(sigoutput, sig, &key->key.seckey.pubkey, &key->key.seckey);
 	/* add this packet to key */
 	sigpacket.length = __ops_mem_len(mem_sig);
 	sigpacket.raw = __ops_mem_data(mem_sig);
 	/* add userid to key */
 	(void) __ops_add_userid(key, userid);
 	(void) __ops_add_subpacket(key, &sigpacket);
 	/* cleanup */
 	__ops_create_sig_delete(sig);
 	__ops_output_delete(useridoutput);
 	__ops_output_delete(sigoutput);
 	__ops_memory_free(mem_userid);
 	__ops_memory_free(mem_sig);
 	return 1;
+}
 /**
 \ingroup Core_Keys
 \brief Initialise __ops_key_t
 \param keydata Keydata to initialise
 \param type OPS_PTAG_CT_PUBLIC_KEY or OPS_PTAG_CT_SECRET_KEY
 */
 void
 __ops_keydata_init(__ops_key_t *keydata, const __ops_content_enum type)
+{
 	if (keydata->type != OPS_PTAG_CT_RESERVED) {
 		(void) fprintf(stderr,
 			"__ops_keydata_init: wrong keydata type\n");
 	} else if (type != OPS_PTAG_CT_PUBLIC_KEY &&
 		   type != OPS_PTAG_CT_SECRET_KEY) {
 		(void) fprintf(stderr, "__ops_keydata_init: wrong type\n");
 	} else {
 		keydata->type = type;
+	}
+}
 /* used to point to data during keyring read */
 typedef struct keyringcb_t {
 	__ops_keyring_t		*keyring;	/* the keyring we're reading */
 } keyringcb_t;
 static __ops_cb_ret_t
 cb_keyring_read(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
+{
 	__ops_keyring_t	*keyring;
 	__ops_revoke_t	*revocation;
 	__ops_key_t	*key;
 	keyringcb_t	*cb;
 	cb = __ops_callback_arg(cbinfo);
 	keyring = cb->keyring;
 	switch (pkt->tag) {
 	case OPS_PARSER_PTAG:
 	case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:
 		/* we get these because we didn't prompt */
 		break;
 	case OPS_PTAG_CT_SIGNATURE_HEADER:
 		key = &keyring->keys[keyring->keyc - 1];
 		EXPAND_ARRAY(key, subsig);
 		key->subsigs[key->subsigc].uid = key->uidc - 1;
 		(void) memcpy(&key->subsigs[key->subsigc].sig, &pkt->u.sig,
 				sizeof(pkt->u.sig));
 		key->subsigc += 1;
 		break;
 	case OPS_PTAG_CT_SIGNATURE:
 		key = &keyring->keys[keyring->keyc - 1];
 		EXPAND_ARRAY(key, subsig);
 		key->subsigs[key->subsigc].uid = key->uidc - 1;
 		(void) memcpy(&key->subsigs[key->subsigc].sig, &pkt->u.sig,
 				sizeof(pkt->u.sig));
 		key->subsigc += 1;
 		break;
 	case OPS_PTAG_CT_TRUST:
 		key = &keyring->keys[keyring->keyc - 1];
 		key->subsigs[key->subsigc - 1].trustlevel = pkt->u.ss_trust.level;
 		key->subsigs[key->subsigc - 1].trustamount = pkt->u.ss_trust.amount;
 		break;
 	case OPS_PTAG_SS_KEY_EXPIRY:
 		EXPAND_ARRAY(keyring, key);
 		if (keyring->keyc > 0) {
 			keyring->keys[keyring->keyc - 1].key.pubkey.duration = pkt->u.ss_time;
+		}
 		break;
 	case OPS_PTAG_SS_ISSUER_KEY_ID:
 		key = &keyring->keys[keyring->keyc - 1];
 		(void) memcpy(&key->subsigs[key->subsigc - 1].sig.info.signer_id,
 			      pkt->u.ss_issuer,
 			      sizeof(pkt->u.ss_issuer));
 		key->subsigs[key->subsigc - 1].sig.info.signer_id_set = 1;
 		break;
 	case OPS_PTAG_SS_CREATION_TIME:
 		key = &keyring->keys[keyring->keyc - 1];
 		key->subsigs[key->subsigc - 1].sig.info.birthtime = pkt->u.ss_time;
 		key->subsigs[key->subsigc - 1].sig.info.birthtime_set = 1;
 		break;
 	case OPS_PTAG_SS_EXPIRATION_TIME:
 		key = &keyring->keys[keyring->keyc - 1];
 		key->subsigs[key->subsigc - 1].sig.info.duration = pkt->u.ss_time;
 		key->subsigs[key->subsigc - 1].sig.info.duration_set = 1;
 		break;
 	case OPS_PTAG_SS_PRIMARY_USER_ID:
 		key = &keyring->keys[keyring->keyc - 1];
 		key->uid0 = key->uidc - 1;
 		break;
 	case OPS_PTAG_SS_REVOCATION_REASON:
 		key = &keyring->keys[keyring->keyc - 1];
 		if (key->uidc == 0) {
 			/* revoke whole key */
 			key->revoked = 1;
 			revocation = &key->revocation;
 		} else {
 			/* revoke the user id */
 			EXPAND_ARRAY(key, revoke);
 			revocation = &key->revokes[key->revokec];
 			key->revokes[key->revokec].uid = key->uidc - 1;
 			key->revokec += 1;
+		}
 		revocation->code = pkt->u.ss_revocation.code;
 		revocation->reason = netpgp_strdup(__ops_show_ss_rr_code(pkt->u.ss_revocation.code));
 		break;
 	case OPS_PTAG_CT_SIGNATURE_FOOTER:
 	case OPS_PARSER_ERRCODE:
 		break;
 	default:
 		break;
+	}
 	return OPS_RELEASE_MEMORY;
+}
 /**
    \ingroup HighLevel_KeyringRead
    \brief Reads a keyring from a file
    \param keyring Pointer to an existing __ops_keyring_t struct
    \param armour 1 if file is armoured; else 0
    \param filename Filename of keyring to be read
    \return __ops 1 if OK; 0 on error
    \note Keyring struct must already exist.
    \note Can be used with either a public or secret keyring.
    \note You must call __ops_keyring_free() after usage to free alloc-ed memory.
    \note If you call this twice on the same keyring struct, without calling
    __ops_keyring_free() between these calls, you will introduce a memory leak.
    \sa __ops_keyring_read_from_mem()
    \sa __ops_keyring_free()
 */
 unsigned
 __ops_keyring_fileread(__ops_keyring_t *keyring,
 			const unsigned armour,
 			const char *filename)
+{
 	__ops_stream_t	*stream;
 	keyringcb_t	 cb;
 	unsigned	 res = 1;
 	int		 fd;
 	(void) memset(&cb, 0x0, sizeof(cb));
 	cb.keyring = keyring;
 	stream = __ops_new(sizeof(*stream));
 	/* add this for the moment, */
 	/*
 	 * \todo need to fix the problems with reading signature subpackets
 	 * later
 	 */
 	/* __ops_parse_options(parse,OPS_PTAG_SS_ALL,OPS_PARSE_RAW); */
 	__ops_parse_options(stream, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED);
 #ifdef O_BINARY
 	fd = open(filename, O_RDONLY | O_BINARY);
 #else
 	fd = open(filename, O_RDONLY);
 #endif
 	if (fd < 0) {
 		__ops_stream_delete(stream);
 		perror(filename);
 		return 0;
+	}
 #ifdef USE_MMAP_FOR_FILES
 	__ops_reader_set_mmap(stream, fd);
 #else
 	__ops_reader_set_fd(stream, fd);
 #endif
 	__ops_set_callback(stream, cb_keyring_read, &cb);
 	if (armour) {
 		__ops_reader_push_dearmour(stream);
+	}
 	res = __ops_parse_and_accumulate(keyring, stream);
 	__ops_print_errors(__ops_stream_get_errors(stream));
 	if (armour) {
 		__ops_reader_pop_dearmour(stream);
+	}
 	(void)close(fd);
 	__ops_stream_delete(stream);
 	return res;
+}
 /**
    \ingroup HighLevel_KeyringRead
    \brief Reads a keyring from memory
    \param keyring Pointer to existing __ops_keyring_t struct
    \param armour 1 if file is armoured; else 0
    \param mem Pointer to a __ops_memory_t struct containing keyring to be read
    \return __ops 1 if OK; 0 on error
    \note Keyring struct must already exist.
    \note Can be used with either a public or secret keyring.
    \note You must call __ops_keyring_free() after usage to free alloc-ed memory.
    \note If you call this twice on the same keyring struct, without calling
    __ops_keyring_free() between these calls, you will introduce a memory leak.
    \sa __ops_keyring_fileread
    \sa __ops_keyring_free
 */
 unsigned
 __ops_keyring_read_from_mem(__ops_io_t *io,
 				__ops_keyring_t *keyring,
 				const unsigned armour,
 				__ops_memory_t *mem)
+{
 	__ops_stream_t	*stream;
 	const unsigned	 noaccum = 0;
 	keyringcb_t	 cb;
 	unsigned	 res;
 	(void) memset(&cb, 0x0, sizeof(cb));
 	cb.keyring = keyring;
 	stream = __ops_new(sizeof(*stream));
 	__ops_parse_options(stream, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED);
 	__ops_setup_memory_read(io, &stream, mem, &cb, cb_keyring_read,
 					noaccum);
 	if (armour) {
 		__ops_reader_push_dearmour(stream);
+	}
 	res = (unsigned)__ops_parse_and_accumulate(keyring, stream);
 	__ops_print_errors(__ops_stream_get_errors(stream));
 	if (armour) {
 		__ops_reader_pop_dearmour(stream);
+	}
 	/* don't call teardown_memory_read because memory was passed in */
 	__ops_stream_delete(stream);
 	return res;
+}
 /**
    \ingroup HighLevel_KeyringRead
    \brief Frees keyring's contents (but not keyring itself)
    \param keyring Keyring whose data is to be freed
    \note This does not free keyring itself, just the memory alloc-ed in it.
  */
 void
 __ops_keyring_free(__ops_keyring_t *keyring)
+{
 	(void)free(keyring->keys);
 	keyring->keys = NULL;
 	keyring->keyc = keyring->keyvsize = 0;
+}
 /**
    \ingroup HighLevel_KeyringFind
    \brief Finds key in keyring from its Key ID
    \param keyring Keyring to be searched
    \param keyid ID of required key
    \return Pointer to key, if found; NULL, if not found
    \note This returns a pointer to the key inside the given keyring,
    not a copy.  Do not free it after use.
 */
 const __ops_key_t *
 __ops_getkeybyid(__ops_io_t *io, const __ops_keyring_t *keyring,
 			   const uint8_t *keyid, unsigned *from, __ops_pubkey_t **pubkey)
+{
 	uint8_t	nullid[OPS_KEY_ID_SIZE];
 	(void) memset(nullid, 0x0, sizeof(nullid));
 	for ( ; keyring && *from < keyring->keyc; *from += 1) {
 		if (__ops_get_debug_level(__FILE__)) {
 			hexdump(io->errs, "keyring keyid", keyring->keys[*from].sigid, OPS_KEY_ID_SIZE);
 			hexdump(io->errs, "keyid", keyid, OPS_KEY_ID_SIZE);
+		}
 		if (memcmp(keyring->keys[*from].sigid, keyid, OPS_KEY_ID_SIZE) == 0 ||
 		    memcmp(&keyring->keys[*from].sigid[OPS_KEY_ID_SIZE / 2],
 				keyid, OPS_KEY_ID_SIZE / 2) == 0) {
 			if (pubkey) {
 				*pubkey = &keyring->keys[*from].key.pubkey;
+			}
 			return &keyring->keys[*from];
+		}
 		if (memcmp(&keyring->keys[*from].encid, nullid, sizeof(nullid)) == 0) {
 			continue;
+		}
 		if (memcmp(&keyring->keys[*from].encid, keyid, OPS_KEY_ID_SIZE) == 0 ||
 		    memcmp(&keyring->keys[*from].encid[OPS_KEY_ID_SIZE / 2], keyid, OPS_KEY_ID_SIZE / 2) == 0) {
 			if (pubkey) {
 				*pubkey = &keyring->keys[*from].enckey;
+			}
 			return &keyring->keys[*from];
+		}
+	}
 	return NULL;
+}
 /* convert a string keyid into a binary keyid */
 static void
 str2keyid(const char *userid, uint8_t *keyid, size_t len)
+{
 	static const char	*uppers = "0123456789ABCDEF";
 	static const char	*lowers = "0123456789abcdef";
 	const char		*hi;
 	const char		*lo;
 	uint8_t			 hichar;
 	uint8_t			 lochar;
 	size_t			 j;
 	int			 i;
 	for (i = 0, j = 0 ; j < len && userid[i] && userid[i + 1] ; i += 2, j++) {
 		if ((hi = strchr(uppers, userid[i])) == NULL) {
 			if ((hi = strchr(lowers, userid[i])) == NULL) {
 				break;
+			}
 			hichar = (uint8_t)(hi - lowers);
 		} else {
 			hichar = (uint8_t)(hi - uppers);
+		}
 		if ((lo = strchr(uppers, userid[i + 1])) == NULL) {
 			if ((lo = strchr(lowers, userid[i + 1])) == NULL) {
 				break;
+			}
 			lochar = (uint8_t)(lo - lowers);
 		} else {
 			lochar = (uint8_t)(lo - uppers);
+		}
 		keyid[j] = (hichar << 4) | (lochar);
+	}
 	keyid[j] = 0x0;
+}
 /* return the next key which matches, starting searching at *from */
 static const __ops_key_t *
 getkeybyname(__ops_io_t *io,
 			const __ops_keyring_t *keyring,
 			const char *name,
 			unsigned *from)
+{
 	const __ops_key_t	*kp;
 	uint8_t			**uidp;
 	unsigned    	 	 i = 0;
 	__ops_key_t		*keyp;
 	unsigned		 savedstart;
 	regex_t			 r;
 	uint8_t		 	 keyid[OPS_KEY_ID_SIZE + 1];
 	size_t          	 len;
-	if (!keyring) {
+	if (!keyring || !name || !from) {
 		return NULL;
+	}
 	len = strlen(name);
 	if (__ops_get_debug_level(__FILE__)) {
 		(void) fprintf(io->outs, "[%u] name '%s', len %zu\n",
 			*from, name, len);
+	}
 	/* first try name as a keyid */
 	(void) memset(keyid, 0x0, sizeof(keyid));
 	str2keyid(name, keyid, sizeof(keyid));
 	if (__ops_get_debug_level(__FILE__)) {
 		hexdump(io->outs, "keyid", keyid, 4);
+	}
 	savedstart = *from;
 	if ((kp = __ops_getkeybyid(io, keyring, keyid, from, NULL)) != NULL) {
 		return kp;
+	}
 	*from = savedstart;
 	if (__ops_get_debug_level(__FILE__)) {
 		(void) fprintf(io->outs, "regex match '%s' from %u\n",
 			name, *from);
+	}
 	/* match on full name or email address as a NOSUB, ICASE regexp */
 	(void) regcomp(&r, name, REG_EXTENDED | REG_ICASE);
 	for (keyp = &keyring->keys[*from]; *from < keyring->keyc; *from += 1, keyp++) {
 		uidp = keyp->uids;
 		for (i = 0 ; i < keyp->uidc; i++, uidp++) {
 			if (regexec(&r, (char *)*uidp, 0, NULL, 0) == 0) {
 				if (__ops_get_debug_level(__FILE__)) {
 					(void) fprintf(io->outs,
 						"MATCHED keyid \"%s\" len %" PRIsize "u\n",
 					       (char *) *uidp, len);
+				}
 				regfree(&r);
 				return keyp;
+			}
+		}
+	}
 	regfree(&r);
 	return NULL;
+}
 /**
    \ingroup HighLevel_KeyringFind
    \brief Finds key from its User ID
    \param keyring Keyring to be searched
    \param userid User ID of required key
    \return Pointer to Key, if found; NULL, if not found
    \note This returns a pointer to the key inside the keyring, not a
    copy.  Do not free it.
 */
 const __ops_key_t *
 __ops_getkeybyname(__ops_io_t *io,
 			const __ops_keyring_t *keyring,
 			const char *name)
+{
 	unsigned	from;
 	from = 0;
 	return getkeybyname(io, keyring, name, &from);
+}
 const __ops_key_t *
 __ops_getnextkeybyname(__ops_io_t *io,
 			const __ops_keyring_t *keyring,
 			const char *name,
 			unsigned *n)
+{
 	return getkeybyname(io, keyring, name, n);
+}
 /**
    \ingroup HighLevel_KeyringList
    \brief Prints all keys in keyring to stdout.
    \param keyring Keyring to use
    \return none
 */
 int
 __ops_keyring_list(__ops_io_t *io, const __ops_keyring_t *keyring, const int psigs)
+{
 	__ops_key_t		*key;
 	unsigned		 n;
 	(void) fprintf(io->res, "%u key%s\n", keyring->keyc,
 		(keyring->keyc == 1) ? "" : "s");
 	for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) {
 		if (__ops_is_key_secret(key)) {
 			__ops_print_keydata(io, keyring, key, "sec",
 				&key->key.seckey.pubkey, 0);
 		} else {
 			__ops_print_keydata(io, keyring, key, "signature ", &key->key.pubkey, psigs);
+		}
 		(void) fputc('\n', io->res);
+	}
 	return 1;
+}
 int
 __ops_keyring_json(__ops_io_t *io, const __ops_keyring_t *keyring, mj_t *obj, const int psigs)
+{
 	__ops_key_t		*key;
 	unsigned		 n;
 	(void) memset(obj, 0x0, sizeof(*obj));
 	mj_create(obj, "array");
 	obj->size = keyring->keyvsize;
 	if (__ops_get_debug_level(__FILE__)) {
 		(void) fprintf(io->errs, "__ops_keyring_json: vsize %u\n", obj->size);
+	}
 	if ((obj->value.v = calloc(sizeof(*obj->value.v), obj->size)) == NULL) {
 		(void) fprintf(io->errs, "calloc failure\n");
 		return 0;
+	}
 	for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) {
 		if (__ops_is_key_secret(key)) {
 			__ops_sprint_mj(io, keyring, key, &obj->value.v[obj->c],
 				"sec", &key->key.seckey.pubkey, psigs);
 		} else {
 			__ops_sprint_mj(io, keyring, key, &obj->value.v[obj->c],
 				"signature ", &key->key.pubkey, psigs);
+		}
 		if (obj->value.v[obj->c].type != 0) {
 			obj->c += 1;
+		}
+	}
 	if (__ops_get_debug_level(__FILE__)) {
 		char	*s;
 		mj_asprint(&s, obj);
 		(void) fprintf(stderr, "__ops_keyring_json: '%s'\n", s);
 		free(s);
+	}
 	return 1;
+}
 /* this interface isn't right - hook into callback for getting passphrase */
 char *
 __ops_export_key(__ops_io_t *io, const __ops_key_t *keydata, uint8_t *passphrase)
+{
 	__ops_output_t	*output;
 	__ops_memory_t	*mem;
 	char		*cp;
 	__OPS_USED(io);
 	__ops_setup_memory_write(&output, &mem, 128);
 	if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) {
 		__ops_write_xfer_pubkey(output, keydata, 1);
 	} else {
 		__ops_write_xfer_seckey(output, keydata, passphrase,
 					strlen((char *)passphrase), 1);
+	}
 	cp = netpgp_strdup(__ops_mem_data(mem));
 	__ops_teardown_memory_write(output, mem);
 	return cp;
+}
 /* add a key to a public keyring */
 int
 __ops_add_to_pubring(__ops_keyring_t *keyring, const __ops_pubkey_t *pubkey, __ops_content_enum tag)
+{
 	__ops_key_t	*key;
 	time_t		 duration;
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "__ops_add_to_pubring (type %u)\n", tag);
+	}
 	switch(tag) {
 	case OPS_PTAG_CT_PUBLIC_KEY:
 		EXPAND_ARRAY(keyring, key);
 		key = &keyring->keys[keyring->keyc++];
 		duration = key->key.pubkey.duration;
 		(void) memset(key, 0x0, sizeof(*key));
 		key->type = tag;
 		__ops_keyid(key->sigid, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype);
 		__ops_fingerprint(&key->sigfingerprint, pubkey, keyring->hashtype);
 		key->key.pubkey = *pubkey;
 		key->key.pubkey.duration = duration;
 		return 1;
 	case OPS_PTAG_CT_PUBLIC_SUBKEY:
 		/* subkey is not the first */
 		key = &keyring->keys[keyring->keyc - 1];
 		__ops_keyid(key->encid, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype);
 		duration = key->key.pubkey.duration;
 		(void) memcpy(&key->enckey, pubkey, sizeof(key->enckey));
 		key->enckey.duration = duration;
 		return 1;
 	default:
 		return 0;
+	}
+}
 /* add a key to a secret keyring */
 int
 __ops_add_to_secring(__ops_keyring_t *keyring, const __ops_seckey_t *seckey)
+{
 	const __ops_pubkey_t	*pubkey;
 	__ops_key_t		*key;
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "__ops_add_to_secring\n");
+	}
 	if (keyring->keyc > 0) {
 		key = &keyring->keys[keyring->keyc - 1];
 		if (__ops_get_debug_level(__FILE__) &&
 		    key->key.pubkey.alg == OPS_PKA_DSA &&
 		    seckey->pubkey.alg == OPS_PKA_ELGAMAL) {
 			fprintf(stderr, "__ops_add_to_secring: found elgamal seckey\n");
+		}
+	}
 	EXPAND_ARRAY(keyring, key);
 	key = &keyring->keys[keyring->keyc++];
 	(void) memset(key, 0x0, sizeof(*key));
 	pubkey = &seckey->pubkey;
 	__ops_keyid(key->sigid, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype);
 	__ops_fingerprint(&key->sigfingerprint, pubkey, keyring->hashtype);
 	key->type = OPS_PTAG_CT_SECRET_KEY;
 	key->key.seckey = *seckey;
 	if (__ops_get_debug_level(__FILE__)) {
 		fprintf(stderr, "__ops_add_to_secring: keyc %u\n", keyring->keyc);
+	}
 	return 1;
+}
 /* append one keyring to another */
 int
 __ops_append_keyring(__ops_keyring_t *keyring, __ops_keyring_t *newring)
+{
 	unsigned	i;
 	for (i = 0 ; i < newring->keyc ; i++) {
 		EXPAND_ARRAY(keyring, key);
 		(void) memcpy(&keyring->keys[keyring->keyc], &newring->keys[i],
 				sizeof(newring->keys[i]));
 		keyring->keyc += 1;
+	}
 	return 1;
+}

 @@ -1,1424 +1,1426 @@
 /*-
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Alistair Crooks (agc@NetBSD.org)
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include "config.h"
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.77 2010/10/19 00:00:00 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.78 2010/10/31 19:45:53 stacktic Exp $");
 #endif
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/param.h>
 #include <sys/mman.h>
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
 #endif
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include <errno.h>
 #include <regex.h>
 #include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #include <errno.h>
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
 #endif
 #include <netpgp.h>
 #include "packet.h"
 #include "packet-parse.h"
 #include "keyring.h"
 #include "errors.h"
 #include "packet-show.h"
 #include "create.h"
 #include "netpgpsdk.h"
 #include "memory.h"
 #include "validate.h"
 #include "readerwriter.h"
 #include "netpgpdefs.h"
 #include "crypto.h"
 #include "ops-ssh.h"
 #include "defs.h"
 /* read any gpg config file */
 static int
 conffile(netpgp_t *netpgp, char *homedir, char *userid, size_t length)
+{
 	regmatch_t	 matchv[10];
 	regex_t		 keyre;
 	char		 buf[BUFSIZ];
 	FILE		*fp;
 	__OPS_USED(netpgp);
 	(void) snprintf(buf, sizeof(buf), "%s/gpg.conf", homedir);
 	if ((fp = fopen(buf, "r")) == NULL) {
 		return 0;
+	}
 	(void) memset(&keyre, 0x0, sizeof(keyre));
 	(void) regcomp(&keyre, "^[ \t]*default-key[ \t]+([0-9a-zA-F]+)",
 		REG_EXTENDED);
 	while (fgets(buf, (int)sizeof(buf), fp) != NULL) {
 		if (regexec(&keyre, buf, 10, matchv, 0) == 0) {
 			(void) memcpy(userid, &buf[(int)matchv[1].rm_so],
 				MIN((unsigned)(matchv[1].rm_eo -
 						matchv[1].rm_so), length));
 			if (netpgp->passfp == NULL) {
 				(void) fprintf(stderr,
 				"netpgp: default key set to \"%.*s\"\n",
 				(int)(matchv[1].rm_eo - matchv[1].rm_so),
 				&buf[(int)matchv[1].rm_so]);
+			}
+		}
+	}
 	(void) fclose(fp);
 	regfree(&keyre);
 	return 1;
+}
 /* small function to pretty print an 8-character raw userid */
 static char    *
 userid_to_id(const uint8_t *userid, char *id)
+{
 	static const char *hexes = "0123456789abcdef";
 	int		   i;
 	for (i = 0; i < 8 ; i++) {
 		id[i * 2] = hexes[(unsigned)(userid[i] & 0xf0) >> 4];
 		id[(i * 2) + 1] = hexes[userid[i] & 0xf];
+	}
 	id[8 * 2] = 0x0;
 	return id;
+}
 /* print out the successful signature information */
 static void
 resultp(__ops_io_t *io,
 	const char *f,
 	__ops_validation_t *res,
 	__ops_keyring_t *ring)
+{
 	const __ops_key_t	*key;
 	__ops_pubkey_t		*sigkey;
 	unsigned		 from;
 	unsigned		 i;
 	time_t			 t;
 	char			 id[MAX_ID_LENGTH + 1];
 	for (i = 0; i < res->validc; i++) {
 		(void) fprintf(io->res,
 			"Good signature for %s made %s",
 			(f) ? f : "<stdin>",
 			ctime(&res->valid_sigs[i].birthtime));
 		if (res->duration > 0) {
 			t = res->birthtime + res->duration;
 			(void) fprintf(io->res, "Valid until %s", ctime(&t));
+		}
 		(void) fprintf(io->res,
 			"using %s key %s\n",
 			__ops_show_pka(res->valid_sigs[i].key_alg),
 			userid_to_id(res->valid_sigs[i].signer_id, id));
 		from = 0;
 		key = __ops_getkeybyid(io, ring,
 			(const uint8_t *) res->valid_sigs[i].signer_id,
 			&from, &sigkey);
 		if (sigkey == &key->enckey) {
 			(void) fprintf(io->res,
 				"WARNING: signature for %s made with encryption key\n",
 				(f) ? f : "<stdin>");
+		}
 		__ops_print_keydata(io, ring, key, "signature ", &key->key.pubkey, 0);
+	}
+}
 /* check there's enough space in the arrays */
 static int
 size_arrays(netpgp_t *netpgp, unsigned needed)
+{
 	char	**temp;
 	if (netpgp->size == 0) {
 		/* only get here first time around */
 		netpgp->size = needed;
 		if ((netpgp->name = calloc(sizeof(char *), needed)) == NULL) {
 			(void) fprintf(stderr, "size_arrays: bad alloc\n");
 			return 0;
+		}
 		if ((netpgp->value = calloc(sizeof(char *), needed)) == NULL) {
 			free(netpgp->name);
 			(void) fprintf(stderr, "size_arrays: bad alloc\n");
 			return 0;
+		}
 	} else if (netpgp->c == netpgp->size) {
 		/* only uses 'needed' when filled array */
 		netpgp->size += needed;
 		temp = realloc(netpgp->name, sizeof(char *) * needed);
 		if (temp == NULL) {
 			(void) fprintf(stderr, "size_arrays: bad alloc\n");
 			return 0;
+		}
 		netpgp->name = temp;
 		temp = realloc(netpgp->value, sizeof(char *) * needed);
 		if (temp == NULL) {
 			(void) fprintf(stderr, "size_arrays: bad alloc\n");
 			return 0;
+		}
 		netpgp->value = temp;
+	}
 	return 1;
+}
 /* find the name in the array */
 static int
 findvar(netpgp_t *netpgp, const char *name)
+{
 	unsigned	i;
 	for (i = 0 ; i < netpgp->c && strcmp(netpgp->name[i], name) != 0; i++) {
+	}
 	return (i == netpgp->c) ? -1 : (int)i;
+}
 /* read a keyring and return it */
 static void *
 readkeyring(netpgp_t *netpgp, const char *name)
+{
 	__ops_keyring_t	*keyring;
 	const unsigned	 noarmor = 0;
 	char		 f[MAXPATHLEN];
 	char		*filename;
 	char		*homedir;
 	homedir = netpgp_getvar(netpgp, "homedir");
 	if ((filename = netpgp_getvar(netpgp, name)) == NULL) {
 		(void) snprintf(f, sizeof(f), "%s/%s.gpg", homedir, name);
 		filename = f;
+	}
 	if ((keyring = calloc(1, sizeof(*keyring))) == NULL) {
 		(void) fprintf(stderr, "readkeyring: bad alloc\n");
 		return NULL;
+	}
 	if (!__ops_keyring_fileread(keyring, noarmor, filename)) {
 		free(keyring);
 		(void) fprintf(stderr, "Can't read %s %s\n", name, filename);
 		return NULL;
+	}
 	netpgp_setvar(netpgp, name, filename);
 	return keyring;
+}
 /* read keys from ssh key files */
 static int
 readsshkeys(netpgp_t *netpgp, char *homedir, const char *needseckey)
+{
 	__ops_keyring_t	*pubring;
 	__ops_keyring_t	*secring;
 	struct stat	 st;
 	unsigned	 hashtype;
 	char		*hash;
 	char		 f[MAXPATHLEN];
 	char		*filename;
 	if ((filename = netpgp_getvar(netpgp, "sshkeyfile")) == NULL) {
 		/* set reasonable default for RSA key */
 		(void) snprintf(f, sizeof(f), "%s/id_rsa.pub", homedir);
 		filename = f;
 	} else if (strcmp(&filename[strlen(filename) - 4], ".pub") != 0) {
 		/* got ssh keys, check for pub file name */
 		(void) snprintf(f, sizeof(f), "%s.pub", filename);
 		filename = f;
+	}
 	/* check the pub file exists */
 	if (stat(filename, &st) != 0) {
 		(void) fprintf(stderr, "readsshkeys: bad pubkey filename '%s'\n", filename);
 		return 0;
+	}
 	if ((pubring = calloc(1, sizeof(*pubring))) == NULL) {
 		(void) fprintf(stderr, "readsshkeys: bad alloc\n");
 		return 0;
+	}
 	/* openssh2 keys use md5 by default */
 	hashtype = OPS_HASH_MD5;
 	if ((hash = netpgp_getvar(netpgp, "hash")) != NULL) {
 		/* openssh 2 hasn't really caught up to anything else yet */
 		if (netpgp_strcasecmp(hash, "md5") == 0) {
 			hashtype = OPS_HASH_MD5;
 		} else if (netpgp_strcasecmp(hash, "sha1") == 0) {
 			hashtype = OPS_HASH_SHA1;
 		} else if (netpgp_strcasecmp(hash, "sha256") == 0) {
 			hashtype = OPS_HASH_SHA256;
+		}
+	}
 	if (!__ops_ssh2_readkeys(netpgp->io, pubring, NULL, filename, NULL, hashtype)) {
 		free(pubring);
 		(void) fprintf(stderr, "readsshkeys: can't read %s\n",
 				filename);
 		return 0;
+	}
 	if (netpgp->pubring == NULL) {
 		netpgp->pubring = pubring;
 	} else {
 		__ops_append_keyring(netpgp->pubring, pubring);
+	}
 	if (needseckey) {
 		netpgp_setvar(netpgp, "sshpubfile", filename);
 		/* try to take the ".pub" off the end */
 		if (filename == f) {
 			f[strlen(f) - 4] = 0x0;
 		} else {
 			(void) snprintf(f, sizeof(f), "%.*s",
 					(int)strlen(filename) - 4, filename);
 			filename = f;
+		}
 		if ((secring = calloc(1, sizeof(*secring))) == NULL) {
 			(void) fprintf(stderr, "readsshkeys: bad alloc\n");
 			return 0;
+		}
 		if (!__ops_ssh2_readkeys(netpgp->io, pubring, secring, NULL, filename, hashtype)) {
 			(void) fprintf(stderr, "readsshkeys: can't read sec %s\n", filename);
 			return 0;
+		}
 		netpgp->secring = secring;
 		netpgp_setvar(netpgp, "sshsecfile", filename);
+	}
 	return 1;
+}
 /* set ssh uid to first one in pubring */
 static void
 set_first_pubring(__ops_keyring_t *pubring, char *id, size_t len, int last)
+{
 	uint8_t	*src;
 	int	 i;
 	int	 n;
 	(void) memset(id, 0x0, len);
 	src = pubring->keys[(last) ? pubring->keyc - 1 : 0].sigid;
 	for (i = 0, n = 0 ; i < OPS_KEY_ID_SIZE ; i += 2) {
 		n += snprintf(&id[n], len - n, "%02x%02x", src[i], src[i + 1]);
+	}
 	id[n] = 0x0;
+}
 /* find the time - in a specific %Y-%m-%d format - using a regexp */
 static int
 grabdate(char *s, int64_t *t)
+{
 	static regex_t	r;
 	static int	compiled;
 	regmatch_t	matches[10];
 	struct tm	tm;
 	if (!compiled) {
 		compiled = 1;
 		(void) regcomp(&r, "([0-9][0-9][0-9][0-9])[-/]([0-9][0-9])[-/]([0-9][0-9])", REG_EXTENDED);
+	}
 	if (regexec(&r, s, 10, matches, 0) == 0) {
 		(void) memset(&tm, 0x0, sizeof(tm));
 		tm.tm_year = (int)strtol(&s[(int)matches[1].rm_so], NULL, 10);
 		tm.tm_mon = (int)strtol(&s[(int)matches[2].rm_so], NULL, 10) - 1;
 		tm.tm_mday = (int)strtol(&s[(int)matches[3].rm_so], NULL, 10);
 		*t = mktime(&tm);
 		return 1;
+	}
 	return 0;
+}
 /* get expiration in seconds */
 static uint64_t
 get_duration(char *s)
+{
 	uint64_t	 now;
 	int64_t	 	 t;
 	char		*mult;
 	if (s == NULL) {
 		return 0;
+	}
 	now = (uint64_t)strtoull(s, NULL, 10);
 	if ((mult = strchr("hdwmy", s[strlen(s) - 1])) != NULL) {
 		switch(*mult) {
 		case 'h':
 			return now * 60 * 60;
 		case 'd':
 			return now * 60 * 60 * 24;
 		case 'w':
 			return now * 60 * 60 * 24 * 7;
 		case 'm':
 			return now * 60 * 60 * 24 * 31;
 		case 'y':
 			return now * 60 * 60 * 24 * 365;
+		}
+	}
 	if (grabdate(s, &t)) {
 		return t;
+	}
 	return (uint64_t)strtoll(s, NULL, 10);
+}
 /* get birthtime in seconds */
 static int64_t
 get_birthtime(char *s)
+{
 	int64_t	t;
 	if (s == NULL) {
 		return time(NULL);
+	}
 	if (grabdate(s, &t)) {
 		return t;
+	}
 	return (uint64_t)strtoll(s, NULL, 10);
+}
 /* resolve the userid */
 static const __ops_key_t *
 resolve_userid(netpgp_t *netpgp, const __ops_keyring_t *keyring, const char *userid)
+{
 	const __ops_key_t	*key;
 	__ops_io_t		*io;
 	if (userid == NULL) {
 		userid = netpgp_getvar(netpgp, "userid");
 		if (userid == NULL)
 			return NULL;
 	} else if (userid[0] == '0' && userid[1] == 'x') {
 		userid += 2;
+	}
 	io = netpgp->io;
 	if ((key = __ops_getkeybyname(io, keyring, userid)) == NULL) {
 		(void) fprintf(io->errs, "Can't find key '%s'\n", userid);
+	}
 	return key;
+}
 /* append a key to a keyring */
 static int
 appendkey(__ops_io_t *io, __ops_key_t *key, char *ringfile)
+{
 	__ops_output_t	*create;
 	const unsigned	 noarmor = 0;
 	int		 fd;
 	if ((fd = __ops_setup_file_append(&create, ringfile)) < 0) {
 		fd = __ops_setup_file_write(&create, ringfile, 0);
+	}
 	if (fd < 0) {
 		(void) fprintf(io->errs, "can't open pubring '%s'\n", ringfile);
 		return 0;
+	}
 	if (!__ops_write_xfer_pubkey(create, key, noarmor)) {
 		(void) fprintf(io->errs, "Cannot write pubkey\n");
 		return 0;
+	}
 	__ops_teardown_file_write(create, fd);
 	return 1;
+}
 /* return 1 if the file contains ascii-armoured text */
 static unsigned
 isarmoured(__ops_io_t *io, const char *f, const void *memory, const char *text)
+{
 	unsigned	 armoured;
 	FILE		*fp;
 	char	 	 buf[BUFSIZ];
 	armoured = 0;
 	if (f) {
 		if ((fp = fopen(f, "r")) == NULL) {
 			(void) fprintf(io->errs, "isarmoured: can't open '%s'\n", f);
 			return 0;
+		}
 		if (fgets(buf, (int)sizeof(buf), fp) != NULL) {
 			armoured = (strncmp(buf, text, strlen(text)) == 0);
+		}
 		(void) fclose(fp);
 	} else {
 		armoured = (strncmp(memory, text, strlen(text)) == 0);
+	}
 	return armoured;
+}
 /* vararg print function */
 static void
 p(FILE *fp, const char *s, ...)
+{
 	va_list	args;
 	va_start(args, s);
 	while (s != NULL) {
 		(void) fprintf(fp, "%s", s);
 		s = va_arg(args, char *);
+	}
 	va_end(args);
+}
 /* print a JSON object to the FILE stream */
 static void
 pobj(FILE *fp, mj_t *obj, int depth)
+{
 	unsigned	i;
 	if (obj == NULL) {
 		(void) fprintf(stderr, "No object found\n");
 		return;
+	}
 	for (i = 0 ; i < (unsigned)depth ; i++) {
 		p(fp, " ", NULL);
+	}
 	switch(obj->type) {
 	case MJ_NULL:
 	case MJ_FALSE:
 	case MJ_TRUE:
 		p(fp, (obj->type == MJ_NULL) ? "null" : (obj->type == MJ_FALSE) ? "false" : "true", NULL);
 		break;
 	case MJ_NUMBER:
 		p(fp, obj->value.s, NULL);
 		break;
 	case MJ_STRING:
 		(void) fprintf(fp, "%.*s", (int)(obj->c), obj->value.s);
 		break;
 	case MJ_ARRAY:
 		for (i = 0 ; i < obj->c ; i++) {
 			pobj(fp, &obj->value.v[i], depth + 1);
 			if (i < obj->c - 1) {
 				(void) fprintf(fp, ", ");
+			}
+		}
 		(void) fprintf(fp, "\n");
 		break;
 	case MJ_OBJECT:
 		for (i = 0 ; i < obj->c ; i += 2) {
 			pobj(fp, &obj->value.v[i], depth + 1);
 			p(fp, ": ", NULL);
 			pobj(fp, &obj->value.v[i + 1], 0);
 			if (i < obj->c - 1) {
 				p(fp, ", ", NULL);
+			}
+		}
 		p(fp, "\n", NULL);
 		break;
 	default:
 		break;
+	}
+}
 /* return the time as a string */
 static char *
 ptimestr(char *dest, size_t size, time_t t)
+{
 	struct tm      *tm;
 	tm = gmtime(&t);
 	(void) snprintf(dest, size, "%04d-%02d-%02d",
 		tm->tm_year + 1900,
 		tm->tm_mon + 1,
 		tm->tm_mday);
 	return dest;
+}
 /* format a JSON object */
 static void
 format_json_key(FILE *fp, mj_t *obj, const int psigs)
+{
 	int64_t	 birthtime;
 	int64_t	 duration;
 	time_t	 now;
 	char	 tbuf[32];
 	char	*s;
 	mj_t	*sub;
 	int	 i;
 	if (__ops_get_debug_level(__FILE__)) {
 		mj_asprint(&s, obj);
 		(void) fprintf(stderr, "formatobj: json is '%s'\n", s);
 		free(s);
+	}
 	if (obj->c == 2 && obj->value.v[1].type == MJ_STRING &&
 	    strcmp(obj->value.v[1].value.s, "[REVOKED]") == 0) {
 		/* whole key has been rovoked - just return */
 		return;
+	}
 	pobj(fp, &obj->value.v[mj_object_find(obj, "header", 0, 2) + 1], 0);
 	p(fp, " ", NULL);
 	pobj(fp, &obj->value.v[mj_object_find(obj, "key bits", 0, 2) + 1], 0);
 	p(fp, "/", NULL);
 	pobj(fp, &obj->value.v[mj_object_find(obj, "pka", 0, 2) + 1], 0);
 	p(fp, " ", NULL);
 	pobj(fp, &obj->value.v[mj_object_find(obj, "key id", 0, 2) + 1], 0);
 	birthtime = strtoll(obj->value.v[mj_object_find(obj, "birthtime", 0, 2) + 1].value.s, NULL, 10);
 	p(fp, " ", ptimestr(tbuf, sizeof(tbuf), birthtime), NULL);
 	duration = strtoll(obj->value.v[mj_object_find(obj, "duration", 0, 2) + 1].value.s, NULL, 10);
 	if (duration > 0) {
 		now = time(NULL);
 		p(fp, " ", (birthtime + duration < now) ? "[EXPIRED " : "[EXPIRES ",
 			ptimestr(tbuf, sizeof(tbuf), birthtime + duration), "]", NULL);
+	}
 	p(fp, "\n", "Key fingerprint: ", NULL);
 	pobj(fp, &obj->value.v[mj_object_find(obj, "fingerprint", 0, 2) + 1], 0);
 	p(fp, "\n", NULL);
 	/* go to field after \"duration\" */
 	for (i = mj_object_find(obj, "duration", 0, 2) + 2; i < mj_arraycount(obj) ; i += 2) {
 		if (strcmp(obj->value.v[i].value.s, "uid") == 0) {
 			sub = &obj->value.v[i + 1];
 			p(fp, "uid", NULL);
 			pobj(fp, &sub->value.v[0], (psigs) ? 4 : 14); /* human name */
 			pobj(fp, &sub->value.v[1], 1); /* any revocation */
 			p(fp, "\n", NULL);
 		} else if (strcmp(obj->value.v[i].value.s, "encryption") == 0) {
 			sub = &obj->value.v[i + 1];
 			p(fp, "encryption", NULL);
 			pobj(fp, &sub->value.v[0], 1);	/* size */
 			p(fp, "/", NULL);
 			pobj(fp, &sub->value.v[1], 0); /* alg */
 			p(fp, " ", NULL);
 			pobj(fp, &sub->value.v[2], 0); /* id */
 			p(fp, " ", ptimestr(tbuf, sizeof(tbuf), strtoll(sub->value.v[3].value.s, NULL, 10)),
 				"\n", NULL);
 		} else if (strcmp(obj->value.v[i].value.s, "sig") == 0) {
 			sub = &obj->value.v[i + 1];
 			p(fp, "sig", NULL);
 			pobj(fp, &sub->value.v[0], 8);	/* size */
 			p(fp, "  ", ptimestr(tbuf, sizeof(tbuf), strtoll(sub->value.v[1].value.s, NULL, 10)),
 				" ", NULL); /* time */
 			pobj(fp, &sub->value.v[2], 0); /* human name */
 			p(fp, "\n", NULL);
 		} else {
 			fprintf(stderr, "weird '%s'\n", obj->value.v[i].value.s);
 			pobj(fp, &obj->value.v[i], 0); /* human name */
+		}
+	}
 	p(fp, "\n", NULL);
+}
 /* save a pgp pubkey to a temp file */
 static int
 savepubkey(char *res, char *f, size_t size)
+{
 	size_t	len;
 	int	cc;
 	int	wc;
 	int	fd;
 	(void) snprintf(f, size, "/tmp/pgp2ssh.XXXXXXX");
 	if ((fd = mkstemp(f)) < 0) {
 		(void) fprintf(stderr, "can't create temp file '%s'\n", f);
 		return 0;
+	}
 	len = strlen(res);
 	for (cc = 0 ; (wc = write(fd, &res[cc], len - cc)) > 0 ; cc += wc) {
+	}
 	(void) close(fd);
 	return 1;
+}
 /* format a uint32_t */
 static int
 formatu32(uint8_t *buffer, uint32_t value)
+{
 	buffer[0] = (uint8_t)(value >> 24) & 0xff;
 	buffer[1] = (uint8_t)(value >> 16) & 0xff;
 	buffer[2] = (uint8_t)(value >> 8) & 0xff;
 	buffer[3] = (uint8_t)value & 0xff;
 	return sizeof(uint32_t);
+}
 /* format a string as (len, string) */
 static int
 formatstring(char *buffer, const uint8_t *s, size_t len)
+{
 	int	cc;
 	cc = formatu32((uint8_t *)buffer, len);
 	(void) memcpy(&buffer[cc], s, len);
 	return cc + len;
+}
 /* format a bignum, checking for "interesting" high bit values */
 static int
 formatbignum(char *buffer, BIGNUM *bn)
+{
 	size_t	 len;
 	uint8_t	*cp;
 	int	 cc;
 	len = (size_t) BN_num_bytes(bn);
 	if ((cp = calloc(1, len + 1)) == NULL) {
 		(void) fprintf(stderr, "calloc failure in formatbignum\n");
 		return 0;
+	}
 	(void) BN_bn2bin(bn, cp + 1);
 	cp[0] = 0x0;
 	cc = (cp[1] & 0x80) ? formatstring(buffer, cp, len + 1) : formatstring(buffer, &cp[1], len);
 	free(cp);
 	return cc;
+}
 /***************************************************************************/
 /* exported functions start here */
 /***************************************************************************/
 /* initialise a netpgp_t structure */
 int
 netpgp_init(netpgp_t *netpgp)
+{
 	__ops_io_t	*io;
 	char		 id[MAX_ID_LENGTH];
 	char		*homedir;
 	char		*userid;
 	char		*stream;
 	char		*passfd;
 	char		*results;
 	int		 coredumps;
 	int		 last;
 #ifdef HAVE_SYS_RESOURCE_H
 	struct rlimit	limit;
 	coredumps = netpgp_getvar(netpgp, "coredumps") != NULL;
 	if (!coredumps) {
 		(void) memset(&limit, 0x0, sizeof(limit));
 		if (setrlimit(RLIMIT_CORE, &limit) != 0) {
 			(void) fprintf(stderr,
 			"netpgp: warning - can't turn off core dumps\n");
 			coredumps = 1;
+		}
+	}
 #else
 	coredumps = 1;
 #endif
 	if ((io = calloc(1, sizeof(*io))) == NULL) {
 		(void) fprintf(stderr, "netpgp_init: bad alloc\n");
 		return 0;
+	}
 	io->outs = stdout;
 	if ((stream = netpgp_getvar(netpgp, "outs")) != NULL &&
 	    strcmp(stream, "<stderr>") == 0) {
 		io->outs = stderr;
+	}
 	io->errs = stderr;
 	if ((stream = netpgp_getvar(netpgp, "errs")) != NULL &&
 	    strcmp(stream, "<stdout>") == 0) {
 		io->errs = stdout;
+	}
 	if ((results = netpgp_getvar(netpgp, "res")) == NULL) {
 		io->res = io->errs;
 	} else if (strcmp(results, "<stdout>") == 0) {
 		io->res = stdout;
 	} else if (strcmp(results, "<stderr>") == 0) {
 		io->res = stderr;
 	} else {
 		if ((io->res = fopen(results, "w")) == NULL) {
 			(void) fprintf(io->errs, "Can't open results %s for writing\n",
 				results);
 			free(io);
 			return 0;
+		}
+	}
 	netpgp->io = io;
 	if ((passfd = netpgp_getvar(netpgp, "pass-fd")) != NULL &&
 	    (netpgp->passfp = fdopen(atoi(passfd), "r")) == NULL) {
 		(void) fprintf(io->errs, "Can't open fd %s for reading\n",
 			passfd);
 		return 0;
+	}
 	if (coredumps) {
 		(void) fprintf(io->errs,
 			"netpgp: warning: core dumps enabled\n");
+	}
 	if ((homedir = netpgp_getvar(netpgp, "homedir")) == NULL) {
 		(void) fprintf(io->errs, "netpgp: bad homedir\n");
 		return 0;
+	}
 	/* read from either gpg files or ssh keys */
 	if (netpgp_getvar(netpgp, "ssh keys") == NULL) {
 		if ((userid = netpgp_getvar(netpgp, "userid")) == NULL) {
 			(void) memset(id, 0x0, sizeof(id));
 			(void) conffile(netpgp, homedir, id, sizeof(id));
 			if (id[0] != 0x0) {
 				netpgp_setvar(netpgp, "userid", userid = id);
+			}
+		}
 		if (userid == NULL) {
 			if (netpgp_getvar(netpgp, "need userid") != NULL) {
 				(void) fprintf(io->errs,
 						"Cannot find user id\n");
 				return 0;
+			}
 		} else {
 			(void) netpgp_setvar(netpgp, "userid", userid);
+		}
 		netpgp->pubring = readkeyring(netpgp, "pubring");
 		if (netpgp->pubring == NULL) {
 			(void) fprintf(io->errs, "Can't read pub keyring\n");
 			return 0;
+		}
 		netpgp->secring = readkeyring(netpgp, "secring");
 		if (netpgp->secring == NULL) {
 			(void) fprintf(io->errs, "Can't read sec keyring\n");
 			return 0;
+		}
 	} else {
 		last = (netpgp->pubring != NULL);
 		if (!readsshkeys(netpgp, homedir, netpgp_getvar(netpgp, "need seckey"))) {
 			(void) fprintf(io->errs, "Can't read ssh keys\n");
 			return 0;
+		}
 		if ((userid = netpgp_getvar(netpgp, "userid")) == NULL) {
 			set_first_pubring(netpgp->pubring, id, sizeof(id), last);
 			netpgp_setvar(netpgp, "userid", userid = id);
+		}
 		if (userid == NULL) {
 			if (netpgp_getvar(netpgp, "need userid") != NULL) {
 				(void) fprintf(io->errs,
 						"Cannot find user id\n");
 				return 0;
+			}
 		} else {
 			(void) netpgp_setvar(netpgp, "userid", userid);
+		}
+	}
 	return 1;
+}
 /* finish off with the netpgp_t struct */
 int
 netpgp_end(netpgp_t *netpgp)
+{
 	unsigned	i;
 	for (i = 0 ; i < netpgp->c ; i++) {
 		if (netpgp->name[i] != NULL) {
 			free(netpgp->name[i]);
+		}
 		if (netpgp->value[i] != NULL) {
 			free(netpgp->value[i]);
+		}
+	}
 	if (netpgp->name != NULL) {
 		free(netpgp->name);
+	}
 	if (netpgp->value != NULL) {
 		free(netpgp->value);
+	}
 	if (netpgp->pubring != NULL) {
 		__ops_keyring_free(netpgp->pubring);
+	}
 	if (netpgp->secring != NULL) {
 		__ops_keyring_free(netpgp->secring);
+	}
 	free(netpgp->io);
 	return 1;
+}
 /* list the keys in a keyring */
 int
 netpgp_list_keys(netpgp_t *netpgp, const int psigs)
+{
 	if (netpgp->pubring == NULL) {
 		(void) fprintf(stderr, "No keyring\n");
 		return 0;
+	}
 	return __ops_keyring_list(netpgp->io, netpgp->pubring, psigs);
+}
 /* list the keys in a keyring, returning a JSON string */
 int
 netpgp_list_keys_json(netpgp_t *netpgp, char **json, const int psigs)
+{
 	mj_t	obj;
 	int	ret;
 	if (netpgp->pubring == NULL) {
 		(void) fprintf(stderr, "No keyring\n");
 		return 0;
+	}
 	(void) memset(&obj, 0x0, sizeof(obj));
 	if (!__ops_keyring_json(netpgp->io, netpgp->pubring, &obj, psigs)) {
 		(void) fprintf(stderr, "No keys in keyring\n");
 		return 0;
+	}
 	ret = mj_asprint(json, &obj);
 	mj_delete(&obj);
 	return ret;
+}
 DEFINE_ARRAY(strings_t, char *);
 #ifndef HKP_VERSION
 #define HKP_VERSION	1
 #endif
 /* find and list some keys in a keyring */
 int
 netpgp_match_keys(netpgp_t *netpgp, char *name, const char *fmt, void *vp, const int psigs)
+{
 	const __ops_key_t	*key;
 	unsigned		 k;
 	strings_t		 pubs;
 	FILE			*fp = (FILE *)vp;
 	if (name[0] == '0' && name[1] == 'x') {
 		name += 2;
+	}
 	(void) memset(&pubs, 0x0, sizeof(pubs));
 	k = 0;
 	do {
 		key = __ops_getnextkeybyname(netpgp->io, netpgp->pubring,
 						name, &k);
 		if (key != NULL) {
 			ALLOC(char *, pubs.v, pubs.size, pubs.c, 10, 10,
 					"netpgp_match_keys", return 0);
 			if (strcmp(fmt, "mr") == 0) {
 				__ops_hkp_sprint_keydata(netpgp->io, netpgp->pubring,
 						key, &pubs.v[pubs.c],
 						&key->key.pubkey, psigs);
 			} else {
 				__ops_sprint_keydata(netpgp->io, netpgp->pubring,
 						key, &pubs.v[pubs.c],
 						"signature ",
 						&key->key.pubkey, psigs);
+			}
 			if (pubs.v[pubs.c] != NULL) {
 				pubs.c += 1;
+			}
 			k += 1;
+		}
 	} while (key != NULL);
 	if (strcmp(fmt, "mr") == 0) {
 		(void) fprintf(fp, "info:%d:%d\n", HKP_VERSION, pubs.c);
 	} else {
 		(void) fprintf(fp, "%d key%s found\n", pubs.c,
 			(pubs.c == 1) ? "" : "s");
+	}
 	for (k = 0 ; k < pubs.c ; k++) {
 		(void) fprintf(fp, "%s%s", pubs.v[k], (k < pubs.c - 1) ? "\n" : "");
 		free(pubs.v[k]);
+	}
 	free(pubs.v);
 	return pubs.c;
+}
 /* find and list some keys in a keyring - return JSON string */
 int
 netpgp_match_keys_json(netpgp_t *netpgp, char **json, char *name, const char *fmt, const int psigs)
+{
 	const __ops_key_t	*key;
 	unsigned		 k;
 	mj_t			 id_array;
 	int			 ret;
 	if (name[0] == '0' && name[1] == 'x') {
 		name += 2;
+	}
 	(void) memset(&id_array, 0x0, sizeof(id_array));
 	k = 0;
 	*json = NULL;
 	mj_create(&id_array, "array");
 	do {
 		key = __ops_getnextkeybyname(netpgp->io, netpgp->pubring,
 						name, &k);
 		if (key != NULL) {
 			if (strcmp(fmt, "mr") == 0) {
 #if 0
 				__ops_hkp_sprint_keydata(netpgp->io, netpgp->pubring,
 						key, &pubs.v[pubs.c],
 						&key->key.pubkey, psigs);
 #endif
 			} else {
 				ALLOC(mj_t, id_array.value.v, id_array.size,
 					id_array.c, 10, 10, "netpgp_match_keys_json", return 0);
 				__ops_sprint_mj(netpgp->io, netpgp->pubring,
 						key, &id_array.value.v[id_array.c++],
 						"signature ",
 						&key->key.pubkey, psigs);
+			}
 			k += 1;
+		}
 	} while (key != NULL);
 	ret = mj_asprint(json, &id_array);
 	mj_delete(&id_array);
 	return ret;
+}
 /* find and list some public keys in a keyring */
 int
 netpgp_match_pubkeys(netpgp_t *netpgp, char *name, void *vp)
+{
 	const __ops_key_t	*key;
 	unsigned		 k;
 	strings_t		 pubs;
 	FILE			*fp = (FILE *)vp;
 	(void) memset(&pubs, 0x0, sizeof(pubs));
 	do {
 		key = __ops_getnextkeybyname(netpgp->io, netpgp->pubring,
 						name, &k);
 		if (key != NULL) {
 			char	out[1024 * 64];
 			ALLOC(char *, pubs.v, pubs.size, pubs.c, 10, 10,
 					"netpgp_match_pubkeys", return 0);
 			(void) __ops_sprint_pubkey(key, out, sizeof(out));
 			pubs.v[pubs.c++] = netpgp_strdup(out);
 			k += 1;
+		}
 	} while (key != NULL);
 	(void) fprintf(fp, "info:%d:%d\n", HKP_VERSION, pubs.c);
 	for (k = 0 ; k < pubs.c ; k++) {
 		(void) fprintf(fp, "%s", pubs.v[k]);
 		free(pubs.v[k]);
+	}
 	free(pubs.v);
 	return pubs.c;
+}
 /* find a key in a keyring */
 int
 netpgp_find_key(netpgp_t *netpgp, char *id)
+{
 	__ops_io_t	*io;
 	io = netpgp->io;
 	if (id == NULL) {
 		(void) fprintf(io->errs, "NULL id to search for\n");
 		return 0;
+	}
 	return __ops_getkeybyname(netpgp->io, netpgp->pubring, id) != NULL;
+}
 /* get a key in a keyring */
 char *
 netpgp_get_key(netpgp_t *netpgp, const char *name, const char *fmt)
+{
 	const __ops_key_t	*key;
 	char			*newkey;
 	if ((key = resolve_userid(netpgp, netpgp->pubring, name)) == NULL) {
 		return NULL;
+	}
 	if (strcmp(fmt, "mr") == 0) {
 		return (__ops_hkp_sprint_keydata(netpgp->io, netpgp->pubring,
 				key, &newkey,
 				&key->key.pubkey,
 				netpgp_getvar(netpgp, "subkey sigs") != NULL) > 0) ? newkey : NULL;
+	}
 	return (__ops_sprint_keydata(netpgp->io, netpgp->pubring,
 				key, &newkey, "signature",
 				&key->key.pubkey,
 				netpgp_getvar(netpgp, "subkey sigs") != NULL) > 0) ? newkey : NULL;
+}
 /* export a given key */
 char *
 netpgp_export_key(netpgp_t *netpgp, char *name)
+{
 	const __ops_key_t	*key;
 	__ops_io_t		*io;
 	io = netpgp->io;
 	if ((key = resolve_userid(netpgp, netpgp->pubring, name)) == NULL) {
 		return NULL;
+	}
 	return __ops_export_key(io, key, NULL);
+}
 #define IMPORT_ARMOR_HEAD	"-----BEGIN PGP PUBLIC KEY BLOCK-----"
 /* import a key into our keyring */
 int
 netpgp_import_key(netpgp_t *netpgp, char *f)
+{
 	__ops_io_t	*io;
 	unsigned	 realarmor;
 	int		 done;
 	io = netpgp->io;
 	realarmor = isarmoured(io, f, NULL, IMPORT_ARMOR_HEAD);
 	done = __ops_keyring_fileread(netpgp->pubring, realarmor, f);
 	if (!done) {
 		(void) fprintf(io->errs, "Cannot import key from file %s\n", f);
 		return 0;
+	}
 	return __ops_keyring_list(io, netpgp->pubring, 0);
+}
 /* generate a new key */
 int
 netpgp_generate_key(netpgp_t *netpgp, char *id, int numbits)
+{
 	__ops_output_t		*create;
 	const unsigned		 noarmor = 0;
 	__ops_key_t		*key;
 	__ops_io_t		*io;
 	uint8_t			*uid;
 	char			 newid[1024];
 	char			 filename[MAXPATHLEN];
 	char			 dir[MAXPATHLEN];
 	char			*cp;
 	char			*ringfile;
 	int             	 fd;
 	uid = NULL;
 	io = netpgp->io;
 	/* generate a new key */
 	if (id) {
 		(void) snprintf(newid, sizeof(newid), "%s", id);
 	} else {
 		(void) snprintf(newid, sizeof(newid), "RSA %d-bit key <%s@localhost>", numbits, getenv("LOGNAME"));
+	}
 	uid = (uint8_t *)newid;
 	key = __ops_rsa_new_selfsign_key(numbits, 65537UL, uid, netpgp_getvar(netpgp, "hash"));
 	if (key == NULL) {
 		(void) fprintf(io->errs, "Cannot generate key\n");
 		return 0;
+	}
 	cp = NULL;
 	__ops_sprint_keydata(netpgp->io, NULL, key, &cp, "signature ", &key->key.seckey.pubkey, 0);
 	(void) fprintf(stdout, "%s", cp);
 	/* write public key */
 	(void) snprintf(dir, sizeof(dir), "%s/%.16s", netpgp_getvar(netpgp, "homedir"), &cp[38]);
 	if (mkdir(dir, 0700) < 0) {
 		(void) fprintf(io->errs, "can't mkdir '%s'\n", dir);
 		return 0;
+	}
 	(void) fprintf(io->errs, "netpgp: generated keys in directory %s\n", dir);
 	(void) snprintf(ringfile = filename, sizeof(filename), "%s/pubring.gpg", dir);
 	if (!appendkey(io, key, ringfile)) {
 		(void) fprintf(io->errs, "Cannot write pubkey to '%s'\n", ringfile);
 		return 0;
+	}
 	if (netpgp->pubring != NULL) {
 		__ops_keyring_free(netpgp->pubring);
+	}
 	/* write secret key */
 	(void) snprintf(ringfile = filename, sizeof(filename), "%s/secring.gpg", dir);
 	if ((fd = __ops_setup_file_append(&create, ringfile)) < 0) {
 		fd = __ops_setup_file_write(&create, ringfile, 0);
+	}
 	if (fd < 0) {
 		(void) fprintf(io->errs, "can't append secring '%s'\n", ringfile);
 		return 0;
+	}
 	if (!__ops_write_xfer_seckey(create, key, NULL, 0, noarmor)) {
 		(void) fprintf(io->errs, "Cannot write seckey\n");
 		return 0;
+	}
 	__ops_teardown_file_write(create, fd);
 	if (netpgp->secring != NULL) {
 		__ops_keyring_free(netpgp->secring);
+	}
 	__ops_keydata_free(key);
 	free(cp);
 	return 1;
+}
 /* encrypt a file */
 int
 netpgp_encrypt_file(netpgp_t *netpgp,
 			const char *userid,
 			const char *f,
 			char *out,
 			int armored)
+{
 	const __ops_key_t	*key;
 	const unsigned		 overwrite = 1;
 	const char		*suffix;
 	__ops_io_t		*io;
 	char			 outname[MAXPATHLEN];
 	io = netpgp->io;
 	if (f == NULL) {
 		(void) fprintf(io->errs,
 			"netpgp_encrypt_file: no filename specified\n");
 		return 0;
+	}
 	suffix = (armored) ? ".asc" : ".gpg";
 	/* get key with which to sign */
 	if ((key = resolve_userid(netpgp, netpgp->pubring, userid)) == NULL) {
 		return 0;
+	}
 	if (out == NULL) {
 		(void) snprintf(outname, sizeof(outname), "%s%s", f, suffix);
 		out = outname;
+	}
 	return (int)__ops_encrypt_file(io, f, out, key, (unsigned)armored,
 					overwrite);
+}
 #define ARMOR_HEAD	"-----BEGIN PGP MESSAGE-----"
 /* decrypt a file */
 int
 netpgp_decrypt_file(netpgp_t *netpgp, const char *f, char *out, int armored)
+{
 	const unsigned	 overwrite = 1;
 	__ops_io_t	*io;
 	unsigned	 realarmor;
 	unsigned	 sshkeys;
 	__OPS_USED(armored);
 	io = netpgp->io;
 	if (f == NULL) {
 		(void) fprintf(io->errs,
 			"netpgp_decrypt_file: no filename specified\n");
 		return 0;
+	}
 	realarmor = isarmoured(io, f, NULL, ARMOR_HEAD);
 	sshkeys = (unsigned)(netpgp_getvar(netpgp, "ssh keys") != NULL);
 	return __ops_decrypt_file(netpgp->io, f, out, netpgp->secring,
 				netpgp->pubring,
 				realarmor, overwrite, sshkeys,
 				netpgp->passfp, get_passphrase_cb);
+}
 /* sign a file */
 int
 netpgp_sign_file(netpgp_t *netpgp,
 		const char *userid,
 		const char *f,
 		char *out,
 		int armored,
 		int cleartext,
 		int detached)
+{
 	const __ops_key_t	*keypair;
 	const __ops_key_t	*pubkey;
 	__ops_seckey_t		*seckey;
 	const unsigned		 overwrite = 1;
 	__ops_io_t		*io;
 	const char		*hashalg;
 	int			 ret;
 	io = netpgp->io;
 	if (f == NULL) {
 		(void) fprintf(io->errs,
 			"netpgp_sign_file: no filename specified\n");
 		return 0;
+	}
 	/* get key with which to sign */
 	if ((keypair = resolve_userid(netpgp, netpgp->secring, userid)) == NULL) {
 		return 0;
+	}
 	ret = 1;
 	do {
 		if (netpgp->passfp == NULL) {
 			/* print out the user id */
 			pubkey = __ops_getkeybyname(io, netpgp->pubring, userid);
 			if (pubkey == NULL) {
 				(void) fprintf(io->errs,
 					"netpgp: warning - using pubkey from secring\n");
 				__ops_print_keydata(io, netpgp->pubring, keypair, "signature ",
 					&keypair->key.seckey.pubkey, 0);
 			} else {
 				__ops_print_keydata(io, netpgp->pubring, pubkey, "signature ",
 					&pubkey->key.pubkey, 0);
+			}
+		}
 		if (netpgp_getvar(netpgp, "ssh keys") == NULL) {
 			/* now decrypt key */
 			seckey = __ops_decrypt_seckey(keypair, netpgp->passfp);
 			if (seckey == NULL) {
 				(void) fprintf(io->errs, "Bad passphrase\n");
+			}
 		} else {
 			__ops_keyring_t	*secring;
 			secring = netpgp->secring;
 			seckey = &secring->keys[0].key.seckey;
+		}
 	} while (seckey == NULL);
 	/* sign file */
 	hashalg = netpgp_getvar(netpgp, "hash");
 	if (seckey->pubkey.alg == OPS_PKA_DSA) {
 		hashalg = "sha1";
+	}
 	if (detached) {
 		ret = __ops_sign_detached(io, f, out, seckey, hashalg,
 				get_birthtime(netpgp_getvar(netpgp, "birthtime")),
 				get_duration(netpgp_getvar(netpgp, "duration")),
 				(unsigned)armored,
 				overwrite);
 	} else {
 		ret = __ops_sign_file(io, f, out, seckey, hashalg,
 				get_birthtime(netpgp_getvar(netpgp, "birthtime")),
 				get_duration(netpgp_getvar(netpgp, "duration")),
 				(unsigned)armored, (unsigned)cleartext,
 				overwrite);
+	}
 	__ops_forget(seckey, (unsigned)sizeof(*seckey));
 	return ret;
+}
 #define ARMOR_SIG_HEAD	"-----BEGIN PGP SIGNATURE-----\r\n"
 /* verify a file */
 int
 netpgp_verify_file(netpgp_t *netpgp, const char *in, const char *out, int armored)
+{
 	__ops_validation_t	 result;
 	__ops_io_t		*io;
 	unsigned		 realarmor;
 	__OPS_USED(armored);
 	(void) memset(&result, 0x0, sizeof(result));
 	io = netpgp->io;
 	if (in == NULL) {
 		(void) fprintf(io->errs,
 			"netpgp_verify_file: no filename specified\n");
 		return 0;
+	}
 	realarmor = isarmoured(io, in, NULL, ARMOR_SIG_HEAD);
 	if (__ops_validate_file(io, &result, in, out, (const int)realarmor, netpgp->pubring)) {
 		resultp(io, in, &result, netpgp->pubring);
 		return 1;
+	}
 	if (result.validc + result.invalidc + result.unknownc == 0) {
 		(void) fprintf(io->errs,
 		"\"%s\": No signatures found - is this a signed file?\n",
 			in);
 	} else if (result.invalidc == 0 && result.unknownc == 0) {
 		(void) fprintf(io->errs,
 			"\"%s\": file verification failure: invalid signature time\n", in);
 	} else {
 		(void) fprintf(io->errs,
 "\"%s\": verification failure: %u invalid signatures, %u unknown signatures\n",
 			in, result.invalidc, result.unknownc);
+	}
 	return 0;
+}
 /* sign some memory */
 int
 netpgp_sign_memory(netpgp_t *netpgp,
 		const char *userid,
 		char *mem,
 		size_t size,
 		char *out,
 		size_t outsize,
 		const unsigned armored,
 		const unsigned cleartext)
+{
 	const __ops_key_t	*keypair;
 	const __ops_key_t	*pubkey;
 	__ops_seckey_t		*seckey;
 	__ops_memory_t		*signedmem;
 	__ops_io_t		*io;
 	const char		*hashalg;
 	int			 ret;
 	io = netpgp->io;
 	if (mem == NULL) {
 		(void) fprintf(io->errs,
 			"netpgp_sign_memory: no memory to sign\n");
 		return 0;
+	}
 	if ((keypair = resolve_userid(netpgp, netpgp->secring, userid)) == NULL) {
 		return 0;
+	}
 	ret = 1;
 	do {
 		if (netpgp->passfp == NULL) {
 			/* print out the user id */
 			pubkey = __ops_getkeybyname(io, netpgp->pubring, userid);
 			if (pubkey == NULL) {
 				(void) fprintf(io->errs,
 					"netpgp: warning - using pubkey from secring\n");
 				__ops_print_keydata(io, netpgp->pubring, keypair, "signature ",
 					&keypair->key.seckey.pubkey, 0);
 			} else {
 				__ops_print_keydata(io, netpgp->pubring, pubkey, "signature ",
 					&pubkey->key.pubkey, 0);
+			}
+		}
 		/* now decrypt key */
 		seckey = __ops_decrypt_seckey(keypair, netpgp->passfp);
 		if (seckey == NULL) {
 			(void) fprintf(io->errs, "Bad passphrase\n");
+		}
 	} while (seckey == NULL);
 	/* sign file */
 	(void) memset(out, 0x0, outsize);
 	hashalg = netpgp_getvar(netpgp, "hash");
 	if (seckey->pubkey.alg == OPS_PKA_DSA) {
 		hashalg = "sha1";
+	}
 	signedmem = __ops_sign_buf(io, mem, size, seckey,
 				get_birthtime(netpgp_getvar(netpgp, "birthtime")),
 				get_duration(netpgp_getvar(netpgp, "duration")),
 				hashalg, armored, cleartext);
 	if (signedmem) {
 		size_t	m;
 		m = MIN(__ops_mem_len(signedmem), outsize);
 		(void) memcpy(out, __ops_mem_data(signedmem), m);
 		__ops_memory_free(signedmem);
 		ret = (int)m;
 	} else {
 		ret = 0;
+	}
 	__ops_forget(seckey, (unsigned)sizeof(*seckey));
 	return ret;
+}
 /* verify memory */
 int
 netpgp_verify_memory(netpgp_t *netpgp, const void *in, const size_t size,
 			void *out, size_t outsize, const int armored)
+{
 	__ops_validation_t	 result;
 	__ops_memory_t		*signedmem;
 	__ops_memory_t		*cat;
 	__ops_io_t		*io;
 	size_t			 m;
 	int			 ret;
 	(void) memset(&result, 0x0, sizeof(result));
 	io = netpgp->io;
 	if (in == NULL) {
 		(void) fprintf(io->errs,
 			"netpgp_verify_memory: no memory to verify\n");
 		return 0;
+	}
 	signedmem = __ops_memory_new();