security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

* main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.

Browse Source 
Minimal isn't always best.

* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time.  Make sure that this doesn't
cause a time warp.

* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).

* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.

* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
This commit is contained in:
David Shaw 2002-12-04 18:32:00 +00:00
parent 6d30580362
commit 2d6a766433
6 changed files with 89 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
g10/ChangeLog
View File

@ -1,5 +1,23 @@
2002-12-04 David Shaw <dshaw@jabberwocky.com> 2002-12-04 David Shaw <dshaw@jabberwocky.com>
* main.h, keyedit.c, keygen.c: Back out previous (2002-12-01)
change. Minimal isn't always best.
* sign.c (update_keysig_packet): Use the current time rather then
a modification of the original signature time. Make sure that
this doesn't cause a time warp.
* keygen.c (keygen_add_key_expire): Properly handle a key
expiration date in the past (use a duration of 0).
* keyedit.c (menu_expire): Use update_keysig_packet so any sig
subpackets are maintained during the update.
* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired
when the sig expiration subpacket is added.
(build_sig_subpkt_from_sig): Handle making an expiration subpacket
from a sig that has already expired (use a duration of 0).
* packet.h, sign.c (update_keysig_packet), keyedit.c * packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue (menu_set_primary_uid, menu_set_preferences): Add ability to issue
0x18 subkey binding sigs to update_keysig_packet and change all 0x18 subkey binding sigs to update_keysig_packet and change all

15
g10/build-packet.c
View File

@ -754,6 +754,15 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
sig->flags.revocable=0; sig->flags.revocable=0;
break; break;
/* This should never happen since we don't currently allow
creating such a subpacket, but just in case... */
case SIGSUBPKT_SIG_EXPIRE:
if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp())
sig->flags.expired=1;
else
sig->flags.expired=0;
break;
default: default:
break; break;
} }
@ -860,7 +869,11 @@ build_sig_subpkt_from_sig( PKT_signature *sig )
if(sig->expiredate) if(sig->expiredate)
{ {
u = sig->expiredate-sig->timestamp; if(sig->expiredate>sig->timestamp)
u=sig->expiredate-sig->timestamp;
else
u=0;
buf[0] = (u >> 24) & 0xff; buf[0] = (u >> 24) & 0xff;
buf[1] = (u >> 16) & 0xff; buf[1] = (u >> 16) & 0xff;
buf[2] = (u >> 8) & 0xff; buf[2] = (u >> 8) & 0xff;

16
g10/keyedit.c
View File

@ -2526,20 +2526,12 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
if( !sn ) if( !sn )
log_info(_("No corresponding signature in secret ring\n")); log_info(_("No corresponding signature in secret ring\n"));
/* create new self signature */
if( mainkey ) if( mainkey )
rc = make_keysig_packet( &newsig, main_pk, uid, NULL, rc = update_keysig_packet(&newsig, sig, main_pk, uid, NULL,
sk, 0x13, 0, 0, 0, 0, sk, keygen_add_key_expire, main_pk);
keygen_add_std_prefs, main_pk );
else else
{ rc = update_keysig_packet(&newsig, sig, main_pk, NULL, sub_pk,
struct flags_expire fe; sk, keygen_add_key_expire, sub_pk );
fe.pk=sub_pk;
fe.sig=sig;
rc = make_keysig_packet( &newsig, main_pk, NULL, sub_pk,
sk, 0x18, 0, 0, 0, 0,
keygen_copy_flags_add_expire,&fe);
}
if( rc ) { if( rc ) {
log_error("make_keysig_packet failed: %s\n", log_error("make_keysig_packet failed: %s\n",
g10_errstr(rc)); g10_errstr(rc));

63
g10/keygen.c
View File

@ -143,56 +143,37 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
} }
static void
do_copy_key_flags (PKT_signature *sig, PKT_signature *oldsig)
{
const byte *f;
size_t n;
/* Note that this will make any key flags in the unhashed area
disappear. This may be good or bad, depending on your point of
view. */
f=parse_sig_subpkt(oldsig->hashed,SIGSUBPKT_KEY_FLAGS,&n);
if(f)
build_sig_subpkt(sig,SIGSUBPKT_KEY_FLAGS,f,n);
}
static void
do_add_key_expire( PKT_signature *sig, PKT_public_key *pk )
{
if( pk->expiredate )
{
byte buf[4];
u32 u;
u = pk->expiredate > pk->timestamp? pk->expiredate - pk->timestamp
: pk->timestamp;
buf[0] = (u >> 24) & 0xff;
buf[1] = (u >> 16) & 0xff;
buf[2] = (u >> 8) & 0xff;
buf[3] = u & 0xff;
build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
}
}
int int
keygen_copy_flags_add_expire( PKT_signature *sig, void *opaque ) keygen_add_key_expire( PKT_signature *sig, void *opaque )
{ {
struct flags_expire *fe=opaque; PKT_public_key *pk = opaque;
do_add_key_expire(sig,fe->pk); byte buf[8];
do_copy_key_flags(sig,fe->sig); u32 u;
return 0; if( pk->expiredate ) {
if(pk->expiredate > pk->timestamp)
u= pk->expiredate - pk->timestamp;
else
u= 0;
buf[0] = (u >> 24) & 0xff;
buf[1] = (u >> 16) & 0xff;
buf[2] = (u >> 8) & 0xff;
buf[3] = u & 0xff;
build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
}
return 0;
} }
static int static int
keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque) keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque)
{ {
struct opaque_data_usage_and_pk *oduap = opaque; struct opaque_data_usage_and_pk *oduap = opaque;
do_add_key_flags (sig, oduap->usage); do_add_key_flags (sig, oduap->usage);
do_add_key_expire(sig,oduap->pk); return keygen_add_key_expire (sig, oduap->pk);
return 0;
} }
static int static int
@ -496,7 +477,7 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque )
byte buf[8]; byte buf[8];
do_add_key_flags (sig, pk->pubkey_usage); do_add_key_flags (sig, pk->pubkey_usage);
do_add_key_expire (sig, pk); keygen_add_key_expire( sig, opaque );
keygen_upd_std_prefs (sig, opaque); keygen_upd_std_prefs (sig, opaque);
buf[0] = 0x80; /* no modify - It is reasonable that a key holder buf[0] = 0x80; /* no modify - It is reasonable that a key holder

7
g10/main.h
View File

@ -127,12 +127,7 @@ u32 ask_expiredate(void);
void generate_keypair( const char *fname ); void generate_keypair( const char *fname );
int keygen_set_std_prefs (const char *string,int personal); int keygen_set_std_prefs (const char *string,int personal);
char *keygen_get_std_prefs (void); char *keygen_get_std_prefs (void);
struct flags_expire int keygen_add_key_expire( PKT_signature *sig, void *opaque );
{
PKT_public_key *pk;
PKT_signature *sig;
};
int keygen_copy_flags_add_expire( PKT_signature *sig, void *opaque );
int keygen_add_std_prefs( PKT_signature *sig, void *opaque ); int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
int keygen_upd_std_prefs( PKT_signature *sig, void *opaque ); int keygen_upd_std_prefs( PKT_signature *sig, void *opaque );
int keygen_add_revkey(PKT_signature *sig, void *opaque); int keygen_add_revkey(PKT_signature *sig, void *opaque);

40
g10/sign.c
View File

@ -1268,23 +1268,43 @@ update_keysig_packet( PKT_signature **ret_sig,
/* hash the public key certificate and the user id */ /* hash the public key certificate and the user id */
hash_public_key( md, pk ); hash_public_key( md, pk );
hash_uid (md, orig_sig->version, uid);
if( orig_sig->sig_class == 0x18 )
hash_public_key( md, subpk );
else
hash_uid (md, orig_sig->version, uid);
/* create a new signature packet */ /* create a new signature packet */
sig = copy_signature (NULL, orig_sig); sig = copy_signature (NULL, orig_sig);
if ( sig->version >= 4 && mksubpkt)
rc = (*mksubpkt)(sig, opaque);
/* we increase the timestamp by one second so that a future import /* We need to create a new timestamp so that new sig expiration
of this key will replace the existing one. We also make sure that calculations are done correctly... */
we don't create a timestamp in the future */ sig->timestamp=make_timestamp();
sig->timestamp++;
while (sig->timestamp >= make_timestamp()) /* ... but we won't make a timestamp earlier than the existing
sleep (1); one. */
/* put the updated timestamp back into the data */ while(sig->timestamp<=orig_sig->timestamp)
{
sleep(1);
sig->timestamp=make_timestamp();
}
/* Note that already expired sigs will remain expired (with a
duration of 0) since build-packet.c:build_sig_subpkt_from_sig
detects this case. */
if( sig->version >= 4 ) if( sig->version >= 4 )
{
/* Put the updated timestamp into the sig. Note that this
will automagically lower any sig expiration dates to
correctly correspond to the differences in the timestamps
(i.e. the duration will shrink). */
build_sig_subpkt_from_sig( sig ); build_sig_subpkt_from_sig( sig );
if (mksubpkt)
rc = (*mksubpkt)(sig, opaque);
}
if (!rc) { if (!rc) {
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
md_final(md); md_final(md);