15 files changed, 230 insertions, 187 deletions

diff --git a/agent/ChangeLog b/agent/ChangeLog
index 6f806e894..afaaf5c4b 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,14 @@
+2003-06-03  Werner Koch  <[email protected]>
+
+	Changed all error codes in all files to the new libgpg-error scheme.
+
+	* agent.h: Include gpg-error.h and errno.h
+	* Makefile.am: Link with libgpg-error
+
+	* query.c: assuan.h is now a system header.
+	* genkey.c (agent_genkey): Fixed silly use of xmalloc by
+	xtrymalloc.
+
 2003-04-29  Werner Koch  <[email protected]>
 
 	* command.c (register_commands): Adjusted for new Assuan semantics.
diff --git a/agent/Makefile.am b/agent/Makefile.am
index 323ea474f..0fa977b20 100644
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@@ -46,7 +46,7 @@ gpg_agent_SOURCES = \
 
 
 gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
-                $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS)
+                $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) -lgpg-error
 
 gpg_protect_tool_SOURCES = \
 	protect-tool.c \
@@ -55,8 +55,6 @@ gpg_protect_tool_SOURCES = \
 	simple-pwquery.c simple-pwquery.h
 
 gpg_protect_tool_LDADD = ../jnlib/libjnlib.a \
-		     ../common/libcommon.a $(LIBGCRYPT_LIBS)
-
-
+		     ../common/libcommon.a $(LIBGCRYPT_LIBS) -lgpg-error
 
 
diff --git a/agent/agent.h b/agent/agent.h
index bd7b36a5d..cc4bb7a20 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -21,10 +21,25 @@
 #ifndef AGENT_H
 #define AGENT_H
 
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT  GPG_ERR_SOURCE_GPGAGENT
+#include <gpg-error.h>
+#include <errno.h>
+
 #include <gcrypt.h>
 #include "../common/util.h"
 #include "../common/errors.h"
 
+/* Convenience function to be used instead of returning the old
+   GNUPG_Out_Of_Core. */
+static __inline__ gpg_error_t
+out_of_core (void)
+{
+  return gpg_error (gpg_err_code_from_errno (errno));
+}
+
 #define MAX_DIGEST_LEN 24 
 
 /* A large struct name "opt" to keep global flags */
diff --git a/agent/call-scd.c b/agent/call-scd.c
index a9123daca..30e7d6f00 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -38,7 +38,7 @@
 #endif
 
 #include "agent.h"
-#include "../assuan/assuan.h"
+#include <assuan.h>
 
 #ifdef _POSIX_OPEN_MAX
 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@@ -144,7 +144,7 @@ unlock_scd (int rc)
     {
       log_error ("failed to release the SCD lock\n");
       if (!rc)
-        rc = GNUPG_Internal_Error;
+        rc = gpg_error (GPG_ERR_INTERNAL);
     }
 #endif
   return rc;
@@ -165,7 +165,7 @@ start_scd (void)
   if (!pth_mutex_acquire (&scd_lock, 0, NULL))
     {
       log_error ("failed to acquire the SCD lock\n");
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
     }
 #endif
 
@@ -179,8 +179,9 @@ start_scd (void)
       
   if (fflush (NULL))
     {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
       log_error ("error flushing pending output: %s\n", strerror (errno));
-      return unlock_scd (seterr (Write_Error));
+      return unlock_scd (tmperr);
     }
 
   if (!opt.scdaemon_program || !*opt.scdaemon_program)
@@ -210,7 +211,7 @@ start_scd (void)
     {
       log_error ("can't connect to the SCdaemon: %s\n",
                  assuan_strerror (rc));
-      return unlock_scd (seterr (No_Scdaemon));
+      return unlock_scd (gpg_error (GPG_ERR_NO_SCDAEMON));
     }
   scd_ctx = ctx;
   
@@ -410,7 +411,7 @@ agent_card_pksign (const char *keyid,
     return rc;
 
   if (indatalen*2 + 50 > DIM(line))
-    return unlock_scd (seterr (General_Error));
+    return unlock_scd (gpg_error (GPG_ERR_GENERAL));
 
   sprintf (line, "SETDATA ");
   p = line + strlen (line);
@@ -443,8 +444,9 @@ agent_card_pksign (const char *keyid,
   *r_buf = xtrymalloc (*r_buflen);
   if (!*r_buf)
     {
+      gpg_error_t tmperr = out_of_core ();
       xfree (*r_buf);
-      return unlock_scd (GNUPG_Out_Of_Core);
+      return unlock_scd (tmperr);
     }
   p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" );
   sprintf (p, "%u:", (unsigned int)sigbuflen);
@@ -479,7 +481,7 @@ agent_card_pkdecrypt (const char *keyid,
 
   /* FIXME: use secure memory where appropriate */
   if (indatalen*2 + 50 > DIM(line))
-    return unlock_scd (seterr (General_Error));
+    return unlock_scd (gpg_error (GPG_ERR_GENERAL));
 
   sprintf (line, "SETDATA ");
   p = line + strlen (line);
@@ -506,7 +508,7 @@ agent_card_pkdecrypt (const char *keyid,
     }
   *r_buf = get_membuf (&data, r_buflen);
   if (!*r_buf)
-    return unlock_scd (GNUPG_Out_Of_Core);
+    return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
 
   return unlock_scd (0);
 }
@@ -541,7 +543,7 @@ agent_card_readcert (const char *id, char **r_buf, size_t *r_buflen)
     }
   *r_buf = get_membuf (&data, r_buflen);
   if (!*r_buf)
-    return unlock_scd (GNUPG_Out_Of_Core);
+    return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
 
   return unlock_scd (0);
 }
@@ -577,12 +579,12 @@ agent_card_readkey (const char *id, unsigned char **r_buf)
     }
   *r_buf = get_membuf (&data, &buflen);
   if (!*r_buf)
-    return unlock_scd (GNUPG_Out_Of_Core);
+    return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
 
   if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
     {
       xfree (*r_buf); *r_buf = NULL;
-      return unlock_scd (GNUPG_Invalid_Value);
+      return unlock_scd (gpg_error (GPG_ERR_INV_VALUE));
     }
 
   return unlock_scd (0);
diff --git a/agent/command.c b/agent/command.c
index 00e0b1e1e..82d888e05 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -559,11 +559,11 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line)
 
   s_skey = agent_key_from_file (ctrl, grip, &shadow_info, 1);
   if (!s_skey && !shadow_info)
-    rc = seterr (No_Secret_Key);
+    rc = gpg_error (GPG_ERR_NO_SECKEY);
   else if (!s_skey)
     {
       log_error ("changing a smartcard PIN is not yet supported\n");
-      rc = seterr (Not_Implemented);
+      rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
     }
   else
     rc = agent_protect_and_store (ctrl, s_skey);
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index 38f8173c0..30b8770f9 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -48,14 +48,14 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
   *r_kid = NULL;
   s = shadow_info;
   if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   want_sn = xtrymalloc (n*2+1);
   if (!want_sn)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
   for (i=0; i < n; i++)
     sprintf (want_sn+2*i, "%02X", s[i]);
   s += n;
@@ -68,12 +68,13 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
 
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   want_kid = xtrymalloc (n+1);
   if (!want_kid)
     {
+      gpg_error_t tmperr = out_of_core ();
       xfree (want_sn);
-      return GNUPG_Out_Of_Core;
+      return tmperr;
     }
   memcpy (want_kid, s, n);
   want_kid[n] = 0;
@@ -94,7 +95,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
               return 0; /* yes, we have the correct card */
             }
         }
-      else if (rc == GNUPG_Card_Not_Present)
+      else if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
         {
           log_debug ("no card present\n");
           rc = 0;
@@ -115,7 +116,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
                     "insert the one with serial number",
                     want_sn_displen, want_sn) < 0)
             {
-              rc = GNUPG_Out_Of_Core;
+              rc = out_of_core ();
             }
           else
             {
@@ -146,12 +147,12 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
   if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
     {
       log_error ("no object identifier for algo %d\n", algo);
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
     }
 
   frame = xtrymalloc (asnlen + digestlen);
   if (!frame)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
   memcpy (frame, asn, asnlen);
   memcpy (frame+asnlen, digest, digestlen);
   if (DBG_CRYPTO)
@@ -177,7 +178,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
   CTRL ctrl = opaque;
 
   if (maxbuf < 2)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INV_VALUE);
 
 
   /* FIXME: keep PI and TRIES in OPAQUE.  Frankly this is a whole
@@ -260,32 +261,32 @@ divert_pkdecrypt (CTRL ctrl,
 
   s = cipher;
   if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "enc-val"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
   if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "rsa"))
-    return GNUPG_Unsupported_Algorithm; 
+    return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); 
   if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "a"))
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   n = snext (&s);
   if (!n)
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
   ciphertext = s;
   ciphertextlen = n;
 
diff --git a/agent/findkey.c b/agent/findkey.c
index 96a1f360c..b2ee68513 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -64,7 +64,7 @@ agent_write_private_key (const unsigned char *grip,
       {
         log_error ("secret key file `%s' already exists\n", fname);
         xfree (fname);
-        return seterr (General_Error);
+        return gpg_error (GPG_ERR_GENERAL);
       }
 
       /* We would like to create FNAME but only if it does not already
@@ -82,32 +82,39 @@ agent_write_private_key (const unsigned char *grip,
       else
 	{
 	  fp = fdopen (fd, "wb");
-	  if (! fp)
-	    close (fd);
+	  if (!fp)
+            { 
+              int save_e = errno;
+              close (fd);
+              errno = save_e;
+            }
 	}
     }
 
   if (!fp) 
     { 
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
       log_error ("can't create `%s': %s\n", fname, strerror (errno));
       xfree (fname);
-      return seterr (File_Create_Error);
+      return tmperr;
     }
 
   if (fwrite (buffer, length, 1, fp) != 1)
     {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
       log_error ("error writing `%s': %s\n", fname, strerror (errno));
       fclose (fp);
       remove (fname);
       xfree (fname);
-      return seterr (File_Create_Error);
+      return tmperr;
     }
   if ( fclose (fp) )
     {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
       log_error ("error closing `%s': %s\n", fname, strerror (errno));
       remove (fname);
       xfree (fname);
-      return seterr (File_Create_Error);
+      return tmperr;
     }
 
   xfree (fname);
@@ -291,7 +298,7 @@ agent_key_from_file (CTRL ctrl,
               assert (n);
               *shadow_info = xtrymalloc (n);
               if (!*shadow_info)
-                rc = GNUPG_Out_Of_Core;
+                rc = out_of_core ();
               else
                 {
                   memcpy (*shadow_info, s, n);
@@ -306,7 +313,7 @@ agent_key_from_file (CTRL ctrl,
       break;
     default:
       log_error ("invalid private key format\n");
-      rc = GNUPG_Bad_Secret_Key;
+      rc = gpg_error (GPG_ERR_BAD_SECKEY);
       break;
     }
   if (rc)
diff --git a/agent/genkey.c b/agent/genkey.c
index 6def5cd8a..d6db46e05 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -40,14 +40,14 @@ store_key (GCRY_SEXP private, const char *passphrase, int force)
   if ( !gcry_pk_get_keygrip (private, grip) )
     {
       log_error ("can't calculate keygrip\n");
-      return seterr (General_Error);
+      return gpg_error (GPG_ERR_GENERAL);
     }
 
   len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0);
   assert (len);
   buf = gcry_malloc_secure (len);
   if (!buf)
-      return seterr (Out_Of_Core);
+      return out_of_core ();
   len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len);
   assert (len);
 
@@ -101,7 +101,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
   if (rc)
     {
       log_error ("failed to convert keyparam: %s\n", gcry_strerror (rc));
-      return seterr (Invalid_Data);
+      return gpg_error (GPG_ERR_INVALID_DATA);
     }
 
   /* Get the passphrase now, cause key generation may take a while. */
@@ -147,7 +147,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
       log_error ("key generation failed: invalid return value\n");
       gcry_sexp_release (s_key);
       xfree (pi);
-      return seterr (Invalid_Data);
+      return gpg_error (GPG_ERR_INVALID_DATA);
     }
   s_public = gcry_sexp_find_token (s_key, "public-key", 0);
   if (!s_public)
@@ -156,7 +156,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
       gcry_sexp_release (s_private);
       gcry_sexp_release (s_key);
       xfree (pi);
-      return seterr (Invalid_Data);
+      return gpg_error (GPG_ERR_INVALID_DATA);
     }
   gcry_sexp_release (s_key); s_key = NULL;
   
@@ -175,22 +175,24 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
   log_debug ("returning public key\n");
   len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
   assert (len);
-  buf = xmalloc (len);
+  buf = xtrymalloc (len);
   if (!buf)
     {
+      gpg_error_t tmperr = out_of_core ();
       gcry_sexp_release (s_private);
       gcry_sexp_release (s_public);
-      return seterr (Out_Of_Core);
+      return tmperr;
     }
   len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
   assert (len);
   if (fwrite (buf, len, 1, outfp) != 1)
     {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
       log_error ("error writing public key: %s\n", strerror (errno));
       gcry_sexp_release (s_private);
       gcry_sexp_release (s_public);
       xfree (buf);
-      return seterr (File_Create_Error);
+      return tmperr;
     }
   gcry_sexp_release (s_public);
   xfree (buf);
diff --git a/agent/learncard.c b/agent/learncard.c
index 93229f4cf..da4271a67 100644
--- a/agent/learncard.c
+++ b/agent/learncard.c
@@ -29,7 +29,7 @@
 #include <sys/stat.h>
 
 #include "agent.h"
-#include "../assuan/assuan.h"
+#include <assuan.h>
 
 struct keypair_info_s {
   struct keypair_info_s *next;
@@ -97,7 +97,7 @@ kpinfo_cb (void *opaque, const char *line)
   item = xtrycalloc (1, sizeof *item + strlen (line));
   if (!item)
     {
-      parm->error = GNUPG_Out_Of_Core;
+      parm->error = out_of_core ();
       return;
     }
   strcpy (item->hexgrip, line);
@@ -110,7 +110,7 @@ kpinfo_cb (void *opaque, const char *line)
     }
   else if ((p - item->hexgrip) != 40 || !spacep (p))
     { /* not a 20 byte hex keygrip or not followed by a space */
-      parm->error = GNUPG_Invalid_Response;
+      parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
       xfree (item);
       return;
     }
@@ -122,7 +122,7 @@ kpinfo_cb (void *opaque, const char *line)
     p++;
   if (p == item->id)
     { /* invalid ID string */
-      parm->error = GNUPG_Invalid_Response;
+      parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
       xfree (item);
       return;
     }
@@ -154,7 +154,7 @@ certinfo_cb (void *opaque, const char *line)
     ;
   if (p == pend || !*p)
     { 
-      parm->error = GNUPG_Invalid_Response;
+      parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
       return;
     }
   *pend = 0; /* ignore trailing stuff */
@@ -162,7 +162,7 @@ certinfo_cb (void *opaque, const char *line)
   item = xtrycalloc (1, sizeof *item + strlen (p));
   if (!item)
     {
-      parm->error = GNUPG_Out_Of_Core;
+      parm->error = out_of_core ();
       return;
     }
   item->type = type;
@@ -323,7 +323,7 @@ agent_handle_learn (void *assuan_context)
         unsigned char *shadow_info = make_shadow_info (serialno, item->id);
         if (!shadow_info)
           {
-            rc = GNUPG_Out_Of_Core;
+            rc = gpg_error (GPG_ERR_ENOMEM);
             xfree (pubkey);
             goto leave;
           }
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index 094736c69..0bc3580ce 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -47,7 +47,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
   if (!ctrl->have_keygrip)
     {
       log_error ("speculative decryption not yet supported\n");
-      rc = seterr (No_Secret_Key);
+      rc = gpg_error (GPG_ERR_NO_SECKEY);
       goto leave;
     }
 
@@ -55,7 +55,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
   if (rc)
     {
       log_error ("failed to convert ciphertext: %s\n", gcry_strerror (rc));
-      rc = seterr (Invalid_Data);
+      rc = gpg_error (GPG_ERR_INV_DATA);
       goto leave;
     }
 
@@ -68,7 +68,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
   if (!s_skey && !shadow_info)
     {
       log_error ("failed to read the secret key\n");
-      rc = seterr (No_Secret_Key);
+      rc = gpg_error (GPG_ERR_NO_SECKEY);
       goto leave;
     }
 
@@ -77,7 +77,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
 
       if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL))
         {
-          rc = GNUPG_Invalid_Sexp;
+          rc = gpg_error (GPG_ERR_INVALID_SEXP);
           goto leave;
         }
 
diff --git a/agent/pksign.c b/agent/pksign.c
index 1d84d4870..25f1238df 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -45,14 +45,14 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
   if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
     {
       log_error ("no object identifier for algo %d\n", algo);
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
     }
 
   if (digestlen + asnlen + 4  > nframe )
     {
       log_error ("can't encode a %d bit MD into a %d bits frame\n",
                  (int)(digestlen*8), (int)nbits);
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
     }
   
   /* We encode the MD in this way:
@@ -63,7 +63,7 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
    */
   frame = xtrymalloc (nframe);
   if (!frame)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
   n = 0;
   frame[n++] = 0;
   frame[n++] = 1; /* block type */
@@ -96,14 +96,14 @@ agent_pksign (CTRL ctrl, FILE *outfp, int ignore_cache)
   size_t len;
 
   if (!ctrl->have_keygrip)
-    return seterr (No_Secret_Key);
+    return gpg_error (GPG_ERR_NO_SECKEY);
 
   s_skey = agent_key_from_file (ctrl,
                                 ctrl->keygrip, &shadow_info, ignore_cache);
   if (!s_skey && !shadow_info)
     {
       log_error ("failed to read the secret key\n");
-      rc = seterr (No_Secret_Key);
+      rc = gpg_error (GPG_ERR_NO_SECKEY);
       goto leave;
     }
 
diff --git a/agent/protect.c b/agent/protect.c
index 08f322bac..dba216429 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -68,20 +68,20 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
 
   s = plainkey;
   if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
   if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   hash_begin = s;
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   s += n; /* skip over the algorithm name */
 
   while (*s == '(')
@@ -89,18 +89,18 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
       s++;
       n = snext (&s);
       if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s += n;
       n = snext (&s);
       if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s += n;
       if ( *s != ')' )
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s++;
     }
   if (*s != ')')
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   s++;
   hash_end = s;
 
@@ -164,13 +164,13 @@ do_encryption (const char *protbegin, size_t protlen,
   enclen = outlen/blklen * blklen;
   outbuf = gcry_malloc_secure (outlen);
   if (!outbuf)
-    rc = GNUPG_Out_Of_Core;
+    rc = out_of_core ();
   if (!rc)
     {
       /* allocate random bytes to be used as IV, padding and s2k salt*/
       iv = gcry_random_bytes (blklen*2+8, GCRY_WEAK_RANDOM);
       if (!iv)
-        rc = GNUPG_Out_Of_Core;
+        rc = gpg_error (GPG_ERR_ENOMEM);
       else
         rc = gcry_cipher_setiv (hd, iv, blklen);
     }
@@ -181,7 +181,7 @@ do_encryption (const char *protbegin, size_t protlen,
       
       key = gcry_malloc_secure (keylen);
       if (!key)
-        rc = GNUPG_Out_Of_Core;
+        rc = out_of_core ();
       else
         {
           rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@@ -232,7 +232,7 @@ do_encryption (const char *protbegin, size_t protlen,
             blklen, &ivpos, blklen, "",
             enclen, &encpos, enclen, "");
   if (p)
-    { /* asprintf does not use out malloc system */
+    { /* asprintf does not use our malloc system */
       char *psave = p;
       p = xtrymalloc (strlen (psave)+1);
       if (p)
@@ -241,9 +241,10 @@ do_encryption (const char *protbegin, size_t protlen,
     }
   if (!p)
     {
+      gpg_error_t tmperr = out_of_core ();
       xfree (iv);
       xfree (outbuf);
-      return GNUPG_Out_Of_Core;
+      return tmperr;
     }
   *resultlen = strlen (p);
   *result = p;
@@ -277,28 +278,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
 
   s = plainkey;
   if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   depth++;
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
   if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   depth++;
   hash_begin = s;
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
 
   for (infidx=0; protect_info[infidx].algo
               && !smatch (&s, n, protect_info[infidx].algo); infidx++)
     ;
   if (!protect_info[infidx].algo)
-    return GNUPG_Unsupported_Algorithm; 
+    return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); 
 
   prot_begin = prot_end = NULL;
   for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
@@ -306,28 +307,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
       if (i == protect_info[infidx].prot_from)
         prot_begin = s;
       if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
       depth++;
       s++;
       n = snext (&s);
       if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       if (n != 1 || c != *s)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s += n;
       n = snext (&s);
       if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s +=n; /* skip value */
       if (*s != ')')
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       depth--;
       if (i == protect_info[infidx].prot_to)
         prot_end = s;
       s++;
     }
   if (*s != ')' || !prot_begin || !prot_end )
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   depth--;
   hash_end = s;
   s++;
@@ -358,8 +359,9 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
   *result = p = xtrymalloc (*resultlen);
   if (!p)
     {
+      gpg_error_t tmperr = out_of_core ();
       xfree (protected);
-      return GNUPG_Out_Of_Core;
+      return tmperr;
     }
   memcpy (p, "(21:protected-", 14);
   p += 14;
@@ -391,7 +393,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
 
   blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER);
   if (protectedlen < 4 || (protectedlen%blklen))
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
 
   hd = gcry_cipher_open (PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
                          GCRY_CIPHER_SECURE);
@@ -400,7 +402,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
 
   outbuf = gcry_malloc_secure (protectedlen);
   if (!outbuf)
-    rc = GNUPG_Out_Of_Core;
+    rc = out_of_core ();
   if (!rc)
     rc = gcry_cipher_setiv (hd, iv, ivlen);
   if (!rc)
@@ -410,7 +412,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
       
       key = gcry_malloc_secure (keylen);
       if (!key)
-        rc = GNUPG_Out_Of_Core;
+        rc = out_of_core ();
       else
         {
           rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@@ -433,14 +435,14 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
   if (*outbuf != '(' && outbuf[1] != '(')
     {
       xfree (outbuf);
-      return GNUPG_Bad_Passphrase;
+      return gpg_error (GPG_ERR_BAD_PASSPHRASE);
     }
   /* check that we have a consistent S-Exp */
   reallen = gcry_sexp_canon_len (outbuf, protectedlen, NULL, NULL);
   if (!reallen || (reallen + blklen < protectedlen) )
     {
       xfree (outbuf);
-      return GNUPG_Bad_Passphrase;
+      return gpg_error (GPG_ERR_BAD_PASSPHRASE);
     }
   *result = outbuf;
   return 0;
@@ -464,21 +466,21 @@ merge_lists (const unsigned char *protectedkey,
   int i, rc;
   
   if (replacepos < 26)
-    return GNUPG_Bug;
+    return gpg_error (GPG_ERR_BUG);
 
   /* Estimate the required size of the resulting list.  We have a large
      safety margin of >20 bytes (MIC hash from CLEARTEXT and the
      removed "protected-" */
   newlistlen = gcry_sexp_canon_len (protectedkey, 0, NULL, NULL);
   if (!newlistlen)
-    return GNUPG_Bug;
+    return gpg_error (GPG_ERR_BUG);
   n = gcry_sexp_canon_len (cleartext, 0, NULL, NULL);
   if (!n)
-    return GNUPG_Bug;
+    return gpg_error (GPG_ERR_BUG);
   newlistlen += n;
   newlist = gcry_malloc_secure (newlistlen);
   if (!newlist)
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
 
   /* Copy the initial segment */
   strcpy (newlist, "(11:private-key");
@@ -489,7 +491,7 @@ merge_lists (const unsigned char *protectedkey,
   /* copy the cleartext */
   s = cleartext;
   if (*s != '(' && s[1] != '(')
-    return GNUPG_Bug;  /*we already checked this */
+    return gpg_error (GPG_ERR_BUG);  /*we already checked this */
   s += 2;
   startpos = s;
   while ( *s == '(' )
@@ -564,7 +566,7 @@ merge_lists (const unsigned char *protectedkey,
 
  invalid_sexp:
   xfree (newlist);
-  return GNUPG_Invalid_Sexp;
+  return gpg_error (GPG_ERR_INVALID_SEXP);
 }
 
 
@@ -589,25 +591,25 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
 
   s = protectedkey;
   if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "protected-private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
   if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
 
   for (infidx=0; protect_info[infidx].algo
               && !smatch (&s, n, protect_info[infidx].algo); infidx++)
     ;
   if (!protect_info[infidx].algo)
-    return GNUPG_Unsupported_Algorithm; 
+    return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); 
 
   /* now find the list with the protected information.  Here is an
      example for such a list:
@@ -618,12 +620,12 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
   for (;;)
     {
       if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
       prot_begin = s;
       s++;
       n = snext (&s);
       if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       if (smatch (&s, n, "protected"))
         break;
       s += n;
@@ -635,47 +637,47 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
   /* found */
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"))
-    return GNUPG_Unsupported_Protection;
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
   if (*s != '(' || s[1] != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   s += 2;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "sha1"))
-    return GNUPG_Unsupported_Protection;
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
   n = snext (&s);
   if (n != 8)
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
   s2ksalt = s;
   s += n;
   n = snext (&s);
   if (!n)
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
   /* We expect a list close as next, so we can simply use strtoul()
      here.  We might want to check that we only have digits - but this
      is nothing we should worry about */
   if (s[n] != ')' )
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   s2kcount = strtoul (s, NULL, 10);
   if (!s2kcount)
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
   s += n;
   s++; /* skip list end */
 
   n = snext (&s);
   if (n != 16) /* Wrong blocksize for IV (we support ony aes-128) */
-    return GNUPG_Corrupted_Protection;
+    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
   iv = s;
   s += n;
   if (*s != ')' )
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   
   rc = do_decryption (s, n,
                       passphrase, s2ksalt, s2kcount,
@@ -692,7 +694,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
 
   rc = calculate_mic (final, sha1hash2);
   if (!rc && memcmp (sha1hash, sha1hash2, 20))
-    rc = GNUPG_Corrupted_Protection;
+    rc = gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
   if (rc)
     {
       xfree (final);
@@ -755,9 +757,9 @@ hash_passphrase (const char *passphrase, int hashalgo,
 
   if ( (s2kmode != 0 && s2kmode != 1 && s2kmode != 3)
       || !hashalgo || !keylen || !key || !passphrase)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INV_VALUE);
   if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INV_VALUE);
   
   md = gcry_md_open (hashalgo, GCRY_MD_FLAG_SECURE);
   if (!md)
@@ -834,42 +836,42 @@ agent_shadow_key (const unsigned char *pubkey,
   size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL);
 
   if (!pubkey_len || !shadow_info_len)
-    return GNUPG_Invalid_Value;
+    return gpg_error (GPG_ERR_INVALID_VALUE);
   s = pubkey;
   if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   depth++;
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "public-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
   if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   depth++;
   s++;
   n = snext (&s); 
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   s += n; /* skip over the algorithm name */
 
   while (*s != ')')
     {
       if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
       depth++;
       s++;
       n = snext (&s);
       if (!n) 
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s += n;
       n = snext (&s);
       if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s +=n; /* skip value */
       if (*s != ')')
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       depth--;
       s++;
     }
@@ -883,7 +885,7 @@ agent_shadow_key (const unsigned char *pubkey,
   n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
   *result = p = xtrymalloc (n);
   if (!p)
-      return GNUPG_Out_Of_Core;
+      return out_of_core ();
   p = stpcpy (p, "(20:shadowed-private-key");
   /* (10:public-key ...)*/
   memcpy (p, pubkey+14, point - (pubkey+14));
@@ -910,58 +912,58 @@ agent_get_shadow_info (const unsigned char *shadowkey,
 
   s = shadowkey;
   if (*s != '(')
-    return GNUPG_Invalid_Sexp;
+    return gpg_error (GPG_ERR_INVALID_SEXP);
   depth++;
   s++;
   n = snext (&s);
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (!smatch (&s, n, "shadowed-private-key"))
-    return GNUPG_Unknown_Sexp; 
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP); 
   if (*s != '(')
-    return GNUPG_Unknown_Sexp;
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   depth++;
   s++;
   n = snext (&s); 
   if (!n)
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   s += n; /* skip over the algorithm name */
 
   for (;;)
     {
       if (*s == ')')
-        return GNUPG_Unknown_Sexp;
+        return gpg_error (GPG_ERR_UNKNOWN_SEXP);
       if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
       depth++;
       s++;
       n = snext (&s);
       if (!n) 
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       if (smatch (&s, n, "shadowed"))
         break;
       s += n;
       n = snext (&s);
       if (!n)
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       s +=n; /* skip value */
       if (*s != ')')
-        return GNUPG_Invalid_Sexp; 
+        return gpg_error (GPG_ERR_INVALID_SEXP); 
       depth--;
       s++;
     }
   /* found the shadowed list, s points to the protocol */
   n = snext (&s);
   if (!n) 
-    return GNUPG_Invalid_Sexp; 
+    return gpg_error (GPG_ERR_INVALID_SEXP); 
   if (smatch (&s, n, "t1-v1"))
     {
       if (*s != '(')
-        return GNUPG_Invalid_Sexp;
+        return gpg_error (GPG_ERR_INVALID_SEXP);
       *shadow_info = s;
     }
   else
-    return GNUPG_Unsupported_Protocol;
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
   return 0;
 }
 
diff --git a/agent/query.c b/agent/query.c
index a20e4fe7b..4a051965d 100644
--- a/agent/query.c
+++ b/agent/query.c
@@ -33,7 +33,7 @@
 
 #include "agent.h"
 #include "i18n.h"
-#include "../assuan/assuan.h"
+#include <assuan.h>
 
 #ifdef _POSIX_OPEN_MAX
 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@@ -70,7 +70,7 @@ unlock_pinentry (int rc)
     {
       log_error ("failed to release the entry lock\n");
       if (!rc)
-        rc = GNUPG_Internal_Error;
+        rc = gpg_error (GPG_ERR_INTERNAL);
     }
 #endif
   entry_ctx = NULL;
@@ -96,7 +96,7 @@ start_pinentry (CTRL ctrl)
   if (!pth_mutex_acquire (&entry_lock, 0, NULL))
     {
       log_error ("failed to acquire the entry lock\n");
-      return GNUPG_Internal_Error;
+      return gpg_error (GPG_ERR_INTERNAL);
     }
 #endif
 
@@ -108,8 +108,9 @@ start_pinentry (CTRL ctrl)
       
   if (fflush (NULL))
     {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
       log_error ("error flushing pending output: %s\n", strerror (errno));
-      return unlock_pinentry (seterr (Write_Error));
+      return unlock_pinentry (tmperr);
     }
 
   if (!opt.pinentry_program || !*opt.pinentry_program)
@@ -145,7 +146,7 @@ start_pinentry (CTRL ctrl)
     {
       log_error ("can't connect to the PIN entry module: %s\n",
                  assuan_strerror (rc));
-      return unlock_pinentry (seterr (No_PIN_Entry));
+      return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
     }
   entry_ctx = ctx;
 
@@ -161,7 +162,7 @@ start_pinentry (CTRL ctrl)
     {
       char *optstr;
       if (asprintf (&optstr, "OPTION ttyname=%s", ctrl->ttyname) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
       free (optstr);
@@ -172,7 +173,7 @@ start_pinentry (CTRL ctrl)
     {
       char *optstr;
       if (asprintf (&optstr, "OPTION ttytype=%s", ctrl->ttytype) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
       if (rc)
@@ -182,7 +183,7 @@ start_pinentry (CTRL ctrl)
     {
       char *optstr;
       if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
       if (rc)
@@ -192,7 +193,7 @@ start_pinentry (CTRL ctrl)
     {
       char *optstr;
       if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 )
-	return unlock_pinentry (GNUPG_Out_Of_Core);
+	return unlock_pinentry (out_of_core ());
       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
 			    NULL);
       if (rc)
@@ -250,7 +251,7 @@ agent_askpin (CTRL ctrl,
     return 0; /* fixme: we should return BAD PIN */
 
   if (!pininfo || pininfo->max_length < 1)
-    return seterr (Invalid_Value);
+    return gpg_error (GPG_ERR_INV_VALUE);
   if (!desc_text && pininfo->min_digits)
     desc_text = _("Please enter your PIN, so that the secret key "
                   "can be unlocked for this session");
@@ -322,7 +323,8 @@ agent_askpin (CTRL ctrl,
           rc = pininfo->check_cb (pininfo);
           if (rc == -1 && pininfo->cb_errtext)
             errtext = pininfo->cb_errtext;
-          else if (rc == GNUPG_Bad_Passphrase || rc == GNUPG_Bad_PIN)
+          else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+                   || gpg_err_code (rc) == GPG_ERR_BAD_PIN)
             errtext = (is_pin? _("Bad PIN")
                        : _("Bad Passphrase"));
           else if (rc)
@@ -333,8 +335,8 @@ agent_askpin (CTRL ctrl,
         return unlock_pinentry (0); /* okay, got a PIN or passphrase */
     }
 
-  return unlock_pinentry (pininfo->min_digits? GNUPG_Bad_PIN
-                          : GNUPG_Bad_Passphrase);
+  return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
+                          : GPG_ERR_BAD_PASSPHRASE));
 }
 
 
@@ -356,7 +358,7 @@ agent_get_passphrase (CTRL ctrl,
 
   *retpass = NULL;
   if (opt.batch)
-    return GNUPG_Bad_Passphrase; 
+    return gpg_error (GPG_ERR_BAD_PASSPHRASE); 
 
   rc = start_pinentry (ctrl);
   if (rc)
@@ -394,7 +396,7 @@ agent_get_passphrase (CTRL ctrl,
   parm.size = ASSUAN_LINELENGTH/2 - 5;
   parm.buffer = gcry_malloc_secure (parm.size+10);
   if (!parm.buffer)
-    return unlock_pinentry (seterr (Out_Of_Core));
+    return unlock_pinentry (out_of_core ());
 
   assuan_begin_confidential (entry_ctx);
   rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL);
@@ -407,8 +409,9 @@ agent_get_passphrase (CTRL ctrl,
   hexstring = gcry_malloc_secure (strlen (parm.buffer)*2+1);
   if (!hexstring)
     {
+      gpg_error_t tmperr = out_of_core ();
       xfree (parm.buffer);
-      return unlock_pinentry (seterr (Out_Of_Core));
+      return unlock_pinentry (tmperr);
     }
 
   for (i=0, p=parm.buffer; *p; p++, i += 2)
@@ -423,7 +426,7 @@ agent_get_passphrase (CTRL ctrl,
 
 /* Pop up the PIN-entry, display the text and the prompt and ask the
    user to confirm this.  We return 0 for success, ie. the used
-   confirmed it, GNUPG_Not_Confirmed for what the text says or an
+   confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
    other error. */
 int 
 agent_get_confirmation (CTRL ctrl,
diff --git a/agent/sexp-parse.h b/agent/sexp-parse.h
index 6baca08cf..0bbc1d76a 100644
--- a/agent/sexp-parse.h
+++ b/agent/sexp-parse.h
@@ -68,10 +68,10 @@ sskip (unsigned char const **buf, int *depth)
       else
         {
           if (!d)
-            return GNUPG_Invalid_Sexp;
+            return gpg_error (GPG_ERR_INVALID_SEXP);
           n = snext (&s);
           if (!n)
-            return GNUPG_Invalid_Sexp; 
+            return gpg_error (GPG_ERR_INVALID_SEXP); 
           s += n;
         }
     }
diff --git a/agent/trustlist.c b/agent/trustlist.c
index 9fc4623c6..8575aedb0 100644
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -29,8 +29,7 @@
 #include <sys/stat.h>
 
 #include "agent.h"
-#include "../assuan/assuan.h" /* fixme: need a way to avoid assuan
-                                 calls here */
+#include <assuan.h> /* fixme: need a way to avoid assuan calls here */
 
 static const char headerblurb[] =
 "# This is the list of trusted keys.  Comments like this one and empty\n"
@@ -60,9 +59,10 @@ open_list (int append)
       trustfp = fopen (fname, "wx");
       if (!trustfp)
         {
+          gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
           log_error ("can't create `%s': %s\n", fname, strerror (errno));
           xfree (fname);
-          return seterr (File_Create_Error);
+          return tmperr;
         }
       fputs (headerblurb, trustfp);
       fclose (trustfp);
@@ -71,9 +71,10 @@ open_list (int append)
 
   if (!trustfp)
     {
+      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
       log_error ("can't open `%s': %s\n", fname, strerror (errno));
       xfree (fname);
-      return seterr (File_Open_Error);
+      return tmperr;
     }
 
   /*FIXME: check the MAC */
@@ -109,7 +110,7 @@ read_list (char *key, int *keyflag)
         {
           if (feof (trustfp))
             return -1;
-          return GNUPG_Read_Error;
+          return gpg_error (gpg_err_code_from_errno (errno));
         }
       
       if (!*line || line[strlen(line)-1] != '\n')
@@ -117,7 +118,8 @@ read_list (char *key, int *keyflag)
           /* eat until end of line */
           while ( (c=getc (trustfp)) != EOF && c != '\n')
             ;
-          return *line? GNUPG_Line_Too_Long: GNUPG_Incomplete_Line;
+          return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+                                 : GPG_ERR_INCOMPLETE_LINE);
         }
       
       /* Allow for emty lines and spaces */
@@ -132,7 +134,7 @@ read_list (char *key, int *keyflag)
   if (i!=40 || !(spacep (p+i) || p[i] == '\n'))
     {
       log_error ("invalid formatted fingerprint in trustlist\n");
-      return GNUPG_Bad_Data;
+      return gpg_error (GPG_ERR_BAD_DATA);
     }
   assert (p[i]);
   if (p[i] == '\n')
@@ -149,13 +151,13 @@ read_list (char *key, int *keyflag)
       else
         {
           log_error ("invalid keyflag in trustlist\n");
-          return GNUPG_Bad_Data;
+          return gpg_error (GPG_ERR_BAD_DATA);
         }
       i++;
       if ( !(spacep (p+i) || p[i] == '\n'))
         {
           log_error ("invalid keyflag in trustlist\n");
-          return GNUPG_Bad_Data;
+          return gpg_error (GPG_ERR_BAD_DATA);
         }
     }
 
@@ -253,7 +255,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
                 "  \"%s\"%%0A"
                 "has the fingerprint:%%0A"
                 "  %s", name, fpr) < 0 )
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
   rc = agent_get_confirmation (ctrl, desc, "Correct", "No");
   free (desc);
   if (rc)
@@ -264,7 +266,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
                 "  \"%s\"%%0A"
                 "to correctly certify user certificates?",
                 name) < 0 )
-    return GNUPG_Out_Of_Core;
+    return out_of_core ();
   rc = agent_get_confirmation (ctrl, desc, "Yes", "No");
   free (desc);
   if (rc)
@@ -294,11 +296,11 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
   print_sanitized_string (trustfp, name, 0);
   fprintf (trustfp, "\n%s %c\n", fpr, flag);
   if (ferror (trustfp))
-    rc = GNUPG_Write_Error;
+    rc = gpg_error (gpg_err_code_from_errno (errno));
   
   /* close because we are in append mode */
   if (fclose (trustfp))
-    rc = GNUPG_File_Error;
+    rc = gpg_error (gpg_err_code_from_errno (errno));
   trustfp = NULL;
   return rc;
 }