* packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,

merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4 self-sig express a key expiration time that extends beyond the original v3 expiration time.
2024-07-01 02:42:44 +02:00 · 2002-05-07 04:05:03 +00:00 · 2002-05-07 04:05:03 +00:00 · 50c9a5bd25
commit 50c9a5bd25
parent 4a214fbfbb
4 changed files with 38 additions and 16 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,10 @@
+2002-05-07  David Shaw  <dshaw@jabberwocky.com>
+
+	* packet.h, parse-packet.c (parse_key), getkey.c
+	(merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
+	self-sig must never let the v4 self-sig express a key expiration
+	time that extends beyond the original v3 expiration time.
+
 2002-05-06  David Shaw  <dshaw@jabberwocky.com>

 	* keyedit.c (sign_uids): When making a self-signature via "sign"
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1048,6 +1048,12 @@ merge_keys_and_selfsig( KBNODE keyblock )
 		}
 	    }
 	}
+
+	if(pk->expiredate==0 || pk->expiredate>pk->max_expiredate)
+	  pk->expiredate=pk->max_expiredate;
+
+	if(sk->expiredate==0 || sk->expiredate>sk->max_expiredate)
+	  sk->expiredate=sk->max_expiredate;
    }
 }

@ -1176,10 +1182,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
    pk->main_keyid[1] = kid[1];

    if ( pk->version < 4 ) {
-        /* before v4 the key packet itself contains the expiration date
-         * and there was no way to change it.  So we also use only the
-         * one from the key packet */
-        key_expire = pk->expiredate;
+        /* before v4 the key packet itself contains the expiration
+         * date and there was no way to change it, so we start with
+         * the one from the key packet */
+        key_expire = pk->max_expiredate;
        key_expire_seen = 1;
    }

@ -1263,12 +1269,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                key_usage |= PUBKEY_USAGE_ENC;
        }

-        if ( pk->version > 3 ) {
-            p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
-            if ( p ) {
-                key_expire = keytimestamp + buffer_to_u32(p);
-                key_expire_seen = 1;
-            }
+	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+	if ( p ) {
+	  key_expire = keytimestamp + buffer_to_u32(p);
+	  key_expire_seen = 1;
        }

        /* mark that key as valid: one direct key signature should 
@ -1416,10 +1420,14 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
            }
      	}
    }
-   
+
+    /* Currently only v3 keys have a maximum expiration date, but I'll
+       bet v5 keys get this feature again. */
+    if(key_expire==0 || key_expire>pk->max_expiredate)
+      key_expire=pk->max_expiredate;
+
    pk->has_expired = key_expire >= curtime? 0 : key_expire;
-    if ( pk->version >= 4 ) 
-        pk->expiredate = key_expire;
+    pk->expiredate = key_expire;
    /* Fixme: we should see how to get rid of the expiretime fields  but
     * this needs changes at other places too. */

@ -1560,7 +1568,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
    subpk->pubkey_usage = key_usage;
    
    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
-
    if ( p ) 
        key_expire = keytimestamp + buffer_to_u32(p);
    else
--- a/g10/packet.h
+++ b/g10/packet.h
@ -184,6 +184,7 @@ typedef struct {
 typedef struct {
    u32     timestamp;	    /* key made */
    u32     expiredate;     /* expires at this date or 0 if not at all */
+    u32     max_expiredate; /* must not expire past this date */
    byte    hdrbytes;	    /* number of header bytes */
    byte    version;
    byte    selfsigversion; /* highest version of all of the self-sigs */
@ -210,6 +211,7 @@ typedef struct {
 typedef struct {
    u32     timestamp;	    /* key made */
    u32     expiredate;     /* expires at this date or 0 if not at all */
+    u32     max_expiredate; /* must not expire past this date */
    byte    hdrbytes;	    /* number of header bytes */
    byte    version;
    byte    pubkey_algo;    /* algorithm used for public key scheme */
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1377,7 +1377,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 {
    int i, version, algorithm;
    unsigned n;
-    unsigned long timestamp, expiredate;
+    unsigned long timestamp, expiredate, max_expiredate;
    int npkey, nskey;
    int is_v4=0;
    int rc=0;
@ -1416,8 +1416,10 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
    }

    timestamp = read_32(inp); pktlen -= 4;
-    if( is_v4 )
+    if( is_v4 ) {
 	expiredate = 0; /* have to get it from the selfsignature */
+	max_expiredate = 0;
+    }
    else {
 	unsigned short ndays;
 	ndays = read_16(inp); pktlen -= 2;
@ -1425,6 +1427,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 	    expiredate = timestamp + ndays * 86400L;
 	else
 	    expiredate = 0;
+
+	max_expiredate=expiredate;
    }
    algorithm = iobuf_get_noeof(inp); pktlen--;
    if( list_mode )
@ -1441,6 +1445,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,

 	sk->timestamp = timestamp;
 	sk->expiredate = expiredate;
+	sk->max_expiredate = max_expiredate;
 	sk->hdrbytes = hdrlen;
 	sk->version = version;
 	sk->is_primary = pkttype == PKT_SECRET_KEY;
@ -1453,6 +1458,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,

 	pk->timestamp = timestamp;
 	pk->expiredate = expiredate;
+	pk->max_expiredate = max_expiredate;
 	pk->hdrbytes	= hdrlen;
 	pk->version	= version;
 	pk->pubkey_algo = algorithm;