Changed keyring handling - saving still does not work.

Added new cipher mode and updated cipher test program.
2025-07-02 22:46:30 +02:00 · 2000-10-10 12:58:43 +00:00 · 2000-10-10 12:58:43 +00:00 · 5a9ea8ff5c
commit 5a9ea8ff5c
parent b75f734a11
17 changed files with 322 additions and 198 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,19 @@
+2000-10-09  Werner Koch  <wk@gnupg.org>
+
+	* keygen.c (do_generate_keypair): Removed the keyblock locking.
+
+	* ringedit.c (enum_keyblocks): Replaced by ...
+	(enum_keyblocks_begin): New.
+	(enum_keyblocks_next): New.
+	(enum_keyblocks_end): New. And changed all callers.
+	
+	* import.c (import_one): Removed keyblock locking becuase this is
+	now done inside of insert_keyblock().  Removed get_keyblock_handle
+	because insert_keyblock() now decides what is the default keyring.
+	(import_secret_one): Ditto.
+	(import_revoke_cert): Ditto.
+	(import_one): Ditto.
+
 Fri Oct  6 14:29:16 CEST 2000  Werner Koch  <wk@openit.de>

        Started to rework the whole getkey/ringedit stuff to make
--- a/g10/delkey.c
+++ b/g10/delkey.c
@ -142,6 +142,7 @@ delete_key( const char *username, int secret )


    if( okay ) {
+      #warning MUST FIX THIS!!!
 	rc = delete_keyblock( &kbpos );
 	if( rc ) {
 	    log_error("delete_keyblock failed: %s\n", gpg_errstr(rc) );
--- a/g10/export.c
+++ b/g10/export.c
@ -124,10 +124,10 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
 	iobuf_push_filter( out, compress_filter, &zfx );

    if( all ) {
-	rc = enum_keyblocks( secret?5:0, &kbpos, &keyblock );
+	rc = enum_keyblocks_begin( &kbpos, secret );
 	if( rc ) {
 	    if( rc != -1 )
-		log_error("enum_keyblocks(open) failed: %s\n", gpg_errstr(rc) );
+		log_error("enum_keyblocks_begin failed: %s\n", gpg_errstr(rc));
 	    goto leave;
 	}
 	all = 2;
@ -137,11 +137,11 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
     * NULL pointers :-) */
    for( sl=strlist_last(users); sl || all ; sl=strlist_prev( users, sl )) {
 	if( all ) { /* get the next user */
-	    rc = enum_keyblocks( 1, &kbpos, &keyblock );
+	    rc = enum_keyblocks_next( kbpos, 1, &keyblock );
 	    if( rc == -1 )  /* EOF */
 		break;
 	    if( rc ) {
-		log_error("enum_keyblocks(read) failed: %s\n", gpg_errstr(rc));
+		log_error("enum_keyblocks_next failed: %s\n", gpg_errstr(rc));
 		break;
 	    }
 	}
@ -219,7 +219,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )

  leave:
    if( all == 2 )
-	enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
+	enum_keyblocks_end( kbpos );
    release_kbnode( keyblock );
    if( !*any )
 	log_info(_("WARNING: nothing exported\n"));
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -862,17 +862,13 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
        }
    }

-    if (!rc )
-       log_debug ( "pk_byname: kbpos %s %lu %p\n",
-                   ctx->kbpos.valid? "valid":"",
-                   ctx->kbpos.offset, ctx->kbpos.fp );
    release_kbnode ( help_kb );

    if( retctx ) /* caller wants the context */
 	*retctx = ctx;
    else {
 	/* Hmmm, why not get_pubkey-end here?? */
-	enum_keyblocks( 2, &ctx->kbpos, NULL ); /* close */
+	enum_keyblocks_end( ctx->kbpos ); ctx->kbpos = NULL;
 	for(n=0; n < ctx->nitems; n++ )
 	    gcry_free( ctx->items[n].namebuf );
 	gcry_free( ctx );
@ -920,7 +916,7 @@ get_pubkey_end( GETKEY_CTX ctx )
    if( ctx ) {
 	int n;

-	enum_keyblocks( 2, &ctx->kbpos, NULL ); /* close */
+	enum_keyblocks_end( ctx->kbpos ); ctx->kbpos = NULL;
 	for(n=0; n < ctx->nitems; n++ )
 	    gcry_free( ctx->items[n].namebuf );
 	if( !ctx->not_allocated )
@ -976,7 +972,7 @@ find_kblocation_bypk( void *re_opaque, PKT_public_key *pk )
    rc = get_pubkey_byname( &ctx, dummy_pk, ufpr, NULL );
    free_public_key(dummy_pk);
    if ( !rc )
-        ringedit_copy_kbpos( re_opaque, &ctx->kbpos );
+        ringedit_copy_kbpos( re_opaque, ctx->kbpos );
    get_pubkey_end( ctx );

    return rc;
@ -2212,11 +2208,11 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
    KBNODE secblock = NULL; /* helper */

    if( !ctx->count ) /* first time */
-	rc = enum_keyblocks( secmode?5:0, &ctx->kbpos, &ctx->keyblock );
+	rc = enum_keyblocks_begin( &ctx->kbpos, secmode );
    else
 	rc = 0;
    if( !rc ) {
-	while( !(rc = enum_keyblocks( 1, &ctx->kbpos, &ctx->keyblock )) ) {
+	while( !(rc = enum_keyblocks_next( ctx->kbpos, 1, &ctx->keyblock )) ) {
 	    int n;
 	    getkey_item_t *item;

--- a/g10/import.c
+++ b/g10/import.c
@ -361,7 +361,6 @@ import_one( const char *fname, KBNODE keyblock, int fast )
    PKT_public_key *pk_orig;
    KBNODE node, uidnode;
    KBNODE keyblock_orig = NULL;
-    KBPOS kbpos;
    u32 keyid[2];
    int rc = 0;
    int new_key = 0;
@ -425,22 +424,14 @@ import_one( const char *fname, KBNODE keyblock, int fast )
 	stats.skipped_new_keys++;
    }
    else if( rc ) { /* insert this key */
-	/* get default resource */
-	if( get_keyblock_handle( NULL, 0, &kbpos ) ) {
-	    log_error(_("no default public keyring\n"));
-	    return GPGERR_GENERAL;
-	}
+#if 0 /* we don't know wehre we are going to write */
 	if( opt.verbose > 1 )
 	    log_info( _("writing to `%s'\n"),
-				keyblock_resource_name(&kbpos) );
-	if( (rc=lock_keyblock( &kbpos )) )
-	   log_error(_("can't lock keyring `%s': %s\n"),
-		       keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	else if( (rc=insert_keyblock( keyblock )) )
-	   log_error( _("error writing keyring `%s': %s\n"),
-		       keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	unlock_keyblock( &kbpos );
-	/* we are ready */
+                      keyblock_resource_name(kbpos) );
+#endif
+	if( (rc=insert_keyblock( keyblock )) )
+	   log_error( _("error writing key: %s\n"), gpg_errstr(rc) );
+        /* we are ready */
 	if( !opt.quiet )
 	    log_info( _("key %08lX: public key imported\n"), (ulong)keyid[1]);
 	if( is_status_enabled() ) {
@ -485,13 +476,8 @@ import_one( const char *fname, KBNODE keyblock, int fast )
 	if( n_uids || n_sigs || n_subk ) {
 	    mod_key = 1;
 	    /* keyblock_orig has been updated; write */
-	    if( (rc=lock_keyblock( &kbpos )) )
-	       log_error( _("can't lock keyring `%s': %s\n"),
-			  keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	    else if( (rc=update_keyblock( keyblock_orig )) )
-		log_error( _("error writing keyring `%s': %s\n"),
-			     keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	    unlock_keyblock( &kbpos );
+	    if( (rc=update_keyblock( keyblock_orig )) )
+		log_error( _("error writing key: %s\n"), gpg_errstr(rc) );
 	    /* we are ready */
 	    if( !opt.quiet ) {
 		if( n_uids == 1 )
@ -555,7 +541,6 @@ import_secret_one( const char *fname, KBNODE keyblock )
 {
    PKT_secret_key *sk;
    KBNODE node, uidnode;
-    KBPOS kbpos;
    u32 keyid[2];
    int rc = 0;

@ -588,19 +573,9 @@ import_secret_one( const char *fname, KBNODE keyblock )

    /* do we have this key already in one of our secrings ? */
    rc = seckey_available( keyid );
-    if( rc == GPGERR_NO_SECKEY && !opt.merge_only ) { /* simply insert this key */
-	/* get default resource */
-	if( get_keyblock_handle( NULL, 1, &kbpos ) ) {
-	    log_error("no default secret keyring\n");
-	    return GPGERR_GENERAL;
-	}
-	if( (rc=lock_keyblock( &kbpos )) )
-	    log_error( _("can't lock keyring `%s': %s\n"),
-			 keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	else if( (rc=insert_keyblock( keyblock )) )
-	    log_error( _("error writing keyring `%s': %s\n"),
-		      keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	unlock_keyblock( &kbpos );
+    if( rc == GPGERR_NO_SECKEY && !opt.merge_only ) { /*just insert this key*/
+	if( (rc=insert_keyblock( keyblock )) )
+	    log_error( _("error writing key: %s\n"), gpg_errstr(rc) );
 	/* we are ready */
 	if( !opt.quiet )
 	    log_info( _("key %08lX: secret key imported\n"), (ulong)keyid[1]);
@ -627,7 +602,6 @@ import_revoke_cert( const char *fname, KBNODE node )
 {
    PKT_public_key *pk=NULL;
    KBNODE onode, keyblock = NULL;
-    KBPOS kbpos;
    u32 keyid[2];
    int rc = 0;

@ -689,13 +663,8 @@ import_revoke_cert( const char *fname, KBNODE node )
    insert_kbnode( keyblock, clone_kbnode(node), 0 );

    /* and write the keyblock back */
-    if( (rc=lock_keyblock( &kbpos )) )
-	log_error( _("can't lock keyring `%s': %s\n"),
-		   keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-    else if( (rc=update_keyblock( keyblock )) )
-	log_error( _("error writing keyring `%s': %s\n"),
-		    keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-    unlock_keyblock( &kbpos );
+    if( (rc=update_keyblock( keyblock )) )
+	log_error( _("error writing key: %s\n"), gpg_errstr(rc) );
    /* we are ready */
    if( !opt.quiet )
 	log_info( _("key %08lX: revocation certificate imported\n"),
--- a/g10/kbxfile.c
+++ b/g10/kbxfile.c
@ -265,14 +265,14 @@ export_as_kbxfile(void)
    KBNODE keyblock = NULL;
    int rc=0;

-    rc = enum_keyblocks( 0, &kbpos, &keyblock );
+    rc = enum_keyblocks_begin( &kbpos, 0 );
    if( rc ) {
 	if( rc != -1 )
 	    log_error("enum_keyblocks(open) failed: %s\n", gpg_errstr(rc) );
 	goto leave;
    }

-    while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
+    while( !(rc = enum_keyblocks_next( kbpos, 1, &keyblock )) ) {
 	KBXBLOB blob;
 	const char *p;
 	size_t n;
@ -292,7 +292,7 @@ export_as_kbxfile(void)
 	log_error("enum_keyblocks(read) failed: %s\n", gpg_errstr(rc));

  leave:
-    enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
+    enum_keyblocks_end( kbpos );
    release_kbnode( keyblock );
 }

--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -192,7 +192,9 @@ int add_keyblock_resource( const char *resname, int force, int secret );
 const char *keyblock_resource_name( KBPOS kbpos );
 int get_keyblock_handle( const char *filename, int secret, KBPOS kbpos );
 char *get_writable_keyblock_file( int secret );
-int enum_keyblocks( int mode, KBPOS kbpos, KBNODE *ret_root );
+int  enum_keyblocks_begin( KBPOS *kbpos, int mode );
+int  enum_keyblocks_next( KBPOS kbpos, int mode, KBNODE *ret_root );
+void enum_keyblocks_end( KBPOS kbpos );
 int insert_keyblock( KBNODE keyblock );
 int delete_keyblock( KBNODE keyblock );
 int update_keyblock( KBNODE keyblock );
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1748,10 +1748,6 @@ do_generate_keypair( struct para_data_s *para,

 	if( rc )
 	    ;
-	else if( (rc=rc1=lock_keyblock( &pub_kbpos )) )
-	    log_error("can't lock public keyring: %s\n", gpg_errstr(rc) );
-	else if( (rc=rc2=lock_keyblock( &sec_kbpos )) )
-	    log_error("can't lock secret keyring: %s\n", gpg_errstr(rc) );
 	else if( (rc=insert_keyblock( pub_root )) )
 	    log_error("can't write public key: %s\n", gpg_errstr(rc) );
 	else if( (rc=insert_keyblock( sec_root )) )
@ -1770,10 +1766,6 @@ do_generate_keypair( struct para_data_s *para,
 	    }
 	}

-	if( !rc1 )
-	    unlock_keyblock( &pub_kbpos );
-	if( !rc2 )
-	    unlock_keyblock( &sec_kbpos );
    }

    if( rc ) {
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -72,7 +72,7 @@ list_all( int secret )
    int rc=0;
    int lastresno;

-    rc = enum_keyblocks( secret? 5:0, &kbpos, &keyblock );
+    rc = enum_keyblocks_begin( &kbpos, secret );
    if( rc ) {
 	if( rc != -1 )
 	    log_error("enum_keyblocks(open) failed: %s\n", gpg_errstr(rc) );
@ -80,12 +80,12 @@ list_all( int secret )
    }

    lastresno = -1;
-    while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
-	if( lastresno != kbpos.resno ) {
-	    const char *s = keyblock_resource_name( &kbpos );
+    while( !(rc = enum_keyblocks_next( kbpos, 1, &keyblock )) ) {
+	if( 1 /*lastresno != kbpos.resno FIXME!!! */ ) {
+	    const char *s = "foo" /*keyblock_resource_name( &kbpos ) */;
 	    int i;

-	    lastresno = kbpos.resno;
+	    /* FIXME lastresno = kbpos.resno*/
 	    printf("%s\n", s );
 	    for(i=strlen(s); i; i-- )
 		putchar('-');
@ -100,7 +100,7 @@ list_all( int secret )
 	log_error("enum_keyblocks(read) failed: %s\n", gpg_errstr(rc));

  leave:
-    enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
+    enum_keyblocks_end( kbpos ); 
    release_kbnode( keyblock );
 }

--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@ -460,112 +460,152 @@ unlock_keyblock( KBPOS kbpos )
 }


-/****************
- * This functions can be used to read through a complete keyring.
- * Mode is: 0 = open
- *	    1 = read
- *	    2 = close
- *	    5 = open secret keyrings
- *	    11 = read but skip signature and comment packets.
- *	    all others are reserved!
- */
-int
-enum_keyblocks( int mode, KBPOS kbpos, KBNODE *ret_root )
+static int
+enum_keyrings_open_helper( KBPOS kbpos, int where )
 {
-    int rc = 0;
+    int i = where;
    RESTBL *rentry;

-    if( !mode || mode == 5 || mode == 100 ) {
-	int i;
-
-	kbpos->fp = NULL;
-	kbpos->rt = rt_UNKNOWN;
-	if( !mode ) {
-	    kbpos->secret = 0;
-	    i = 0;
-	}
-	else if( mode == 5 ) {
-	    kbpos->secret = 1;
-	    mode = 0;
-	    i = 0;
-	}
-	else
-	    i = kbpos->resno+1;
-	for(; i < MAX_RESOURCES; i++ )
-	    if( resource_table[i].used
-		&& !resource_table[i].secret == !kbpos->secret )
-		break;
-	if( i == MAX_RESOURCES )
-	    return -1; /* no resources */
-	kbpos->resno = i;
-	rentry = check_pos( kbpos );
-	kbpos->rt = resource_table[i].rt;
-	kbpos->valid = 0;
-	switch( kbpos->rt ) {
-	  case rt_RING:
-	  case rt_KBXF:
-	    kbpos->fp = iobuf_open( rentry->fname );
-	    if( !kbpos->fp ) {
-		log_error("can't open `%s'\n", rentry->fname );
-		return GPGERR_OPEN_FILE;
-	    }
-	    break;
-
-	  default: BUG();
-	}
-	kbpos->pkt = NULL;
+    for(; i < MAX_RESOURCES; i++ )
+        if( resource_table[i].used
+            && !resource_table[i].secret == !kbpos->secret )
+            break;
+    if( i == MAX_RESOURCES ) 
+        return -1; /* no resources */
+    kbpos->resno = i;
+    rentry = check_pos( kbpos );
+    kbpos->rt = resource_table[i].rt;
+    kbpos->valid = 0;
+    switch( kbpos->rt ) {
+      case rt_RING:
+      case rt_KBXF:
+        kbpos->fp = iobuf_open( rentry->fname );
+        if ( !kbpos->fp ) {
+            log_error("can't open `%s'\n", rentry->fname );
+            return GPGERR_OPEN_FILE;
+        }
+        break;
+    
+       default: BUG();
    }
-    else if( mode == 1 || mode == 11 ) {
-	int cont;
-	do {
-	    cont = 0;
-	    switch( kbpos->rt ) {
-	      case rt_RING:
-		if( !kbpos->fp )
-		    return GPGERR_GENERAL;
-		rc = keyring_enum( kbpos, ret_root, mode == 11 );
-		break;
-	      case rt_KBXF:
-		if( !kbpos->fp )
-		    return GPGERR_GENERAL;
-		rc = do_kbxf_enum( kbpos, ret_root, mode == 11 );
-		break;
-	      default: BUG();
-	    }
+    kbpos->pkt = NULL;
+    return 0;
+}

-	    if( rc == -1 ) {
-		assert( !kbpos->pkt );
-		rentry = check_pos( kbpos );
-		assert(rentry);
-		/* close */
-		enum_keyblocks(2, kbpos, ret_root );
-		/* and open the next one */
-		rc = enum_keyblocks(100, kbpos, ret_root );
-		if( !rc )
-		    cont = 1;
-	    }
-	} while(cont);
+
+/****************
+ * This set of functions is used to scan over all keyrings.
+ * The mode in enum_keyblocks_next() is used liek this:
+ * Mode is: 1 = read
+ *	    11 = read but skip signature and comment packets.
+ */
+int
+enum_keyblocks_begin( KBPOS *rkbpos, int use_secret )
+{
+    int rc, i;
+    KBPOS kbpos;
+    
+    *rkbpos = NULL;
+
+    kbpos = gcry_xcalloc( 1, sizeof *kbpos );
+    kbpos->fp = NULL;
+    kbpos->rt = rt_UNKNOWN;
+    if( !use_secret ) {
+        kbpos->secret = 0;
+        i = 0;
    }
    else {
-	switch( kbpos->rt ) {
-	  case rt_RING:
-	  case rt_KBXF:
-	    if( kbpos->fp ) {
-		iobuf_close( kbpos->fp );
-		kbpos->fp = NULL;
-	    }
-	    break;
-	  case rt_UNKNOWN:
-	    /* this happens when we have no keyring at all */
-	    return rc;
-
-	  default:
-	    BUG();
-	}
-	/* release pending packet */
-	free_packet( kbpos->pkt );
-	gcry_free( kbpos->pkt );
+        kbpos->secret = 1;
+        i = 0;
    }
+    
+    rc = enum_keyrings_open_helper( kbpos, i );
+    if ( rc ) {
+        gcry_free( kbpos );
+        return rc;
+    }
+    /* return the handle */
+    *rkbpos = kbpos;
+    return 0;
+}
+
+void
+enum_keyblocks_end( KBPOS kbpos )
+{
+    if ( !kbpos )
+        return;
+    switch( kbpos->rt ) {
+     case rt_RING:
+     case rt_KBXF:
+       if( kbpos->fp ) {
+           iobuf_close( kbpos->fp );
+           kbpos->fp = NULL;
+       }
+       break;
+     case rt_UNKNOWN:
+       /* this happens when we have no keyring at all */
+       gcry_free( kbpos );
+       return;
+
+     default:
+       BUG();
+    }
+    /* release pending packet */
+    free_packet( kbpos->pkt );
+    gcry_free( kbpos->pkt );
+    gcry_free( kbpos );
+}
+
+int
+enum_keyblocks_next( KBPOS kbpos, int mode, KBNODE *ret_root )
+{
+    int cont, rc = 0;
+    RESTBL *rentry;
+
+    if( mode != 1 && mode != 11 ) 
+        return GPGERR_INV_ARG;
+
+    do {
+        cont = 0;
+        switch( kbpos->rt ) {
+          case rt_RING:
+            if( !kbpos->fp )
+                return GPGERR_GENERAL;
+            rc = keyring_enum( kbpos, ret_root, mode == 11 );
+            break;
+          case rt_KBXF:
+            if( !kbpos->fp )
+                return GPGERR_GENERAL;
+            rc = do_kbxf_enum( kbpos, ret_root, mode == 11 );
+            break;
+          default: BUG();
+        }
+
+        if( rc == -1 ) {
+            RESTBL *rentry;
+            int i;
+
+            assert( !kbpos->pkt );
+            rentry = check_pos( kbpos );
+            assert(rentry);
+            i = kbpos->resno+1;
+            /* first close */
+            if( kbpos->fp ) {
+                iobuf_close( kbpos->fp );
+                kbpos->fp = NULL;
+            }
+            free_packet( kbpos->pkt );
+            gcry_free( kbpos->pkt );
+            kbpos->pkt = NULL;
+            /* and then open the next one */
+            rc = enum_keyrings_open_helper( kbpos, i );
+            if ( !rc ) 
+                cont = 1;
+            /* hmm, that is not really correct: if we got an error kbpos
+             * might be not well anymore */
+        }
+    } while(cont);
+
    return rc;
 }

@ -632,7 +672,7 @@ int
 update_keyblock( KBNODE root )
 {
    int rc;
-    struct WORK WORK WORK KBPOS kbpos;
+    struct keyblock_pos_struct kbpos;
    
    /* We need to get the file position of original keyblock first */
    if ( root->pkt->pkttype == PKT_PUBLIC_KEY )
@ -668,7 +708,7 @@ update_keyblock( KBNODE root )
 ****************************************************************/

 static int
-keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
+keyring_enum( KBPOS kbpos, KBNODE *ret_root, int skipsigs )
 {
    PACKET *pkt;
    int rc;
@ -767,7 +807,7 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
 *	3 = update
 */
 static int
-keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
+keyring_copy( KBPOS kbpos, int mode, KBNODE root )
 {
    RESTBL *rentry;
    IOBUF fp, newfp;
@ -1003,7 +1043,7 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
 ****************************************************************/

 static int
-do_kbxf_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
+do_kbxf_enum( KBPOS kbpos, KBNODE *ret_root, int skipsigs )
 {
    PACKET *pkt;
    int rc;
@ -1092,7 +1132,7 @@ do_kbxf_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
 *	3 = update
 */
 static int
-do_kbxf_copy( KBPOS *kbpos, int mode, KBNODE root )
+do_kbxf_copy( KBPOS kbpos, int mode, KBNODE root )
 {
    RESTBL *rentry;
    IOBUF fp, newfp;
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -1778,11 +1778,11 @@ update_trustdb()
 	return;

    init_trustdb();
-    rc = enum_keyblocks( 0, &kbpos, &keyblock );
+    rc = enum_keyblocks_begin( &kbpos, 0 );
    if( !rc ) {
 	ulong count=0, err_count=0, new_count=0;

-	while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
+	while( !(rc = enum_keyblocks_next( kbpos, 1, &keyblock )) ) {
 	    /*int modified;*/
 	    TRUSTREC drec;
 	    PKT_public_key *pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )
@ -1825,7 +1825,7 @@ update_trustdb()
    if( rc && rc != -1 )
 	log_error(_("enumerate keyblocks failed: %s\n"), gpg_errstr(rc));

-    enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
+    enum_keyblocks_end( kbpos ); 
    release_kbnode( keyblock );
 }