mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-24 10:39:57 +01:00
* packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,
merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4 self-sig express a key expiration time that extends beyond the original v3 expiration time.
This commit is contained in:
parent
4a214fbfbb
commit
50c9a5bd25
@ -1,3 +1,10 @@
|
|||||||
|
2002-05-07 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* packet.h, parse-packet.c (parse_key), getkey.c
|
||||||
|
(merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
|
||||||
|
self-sig must never let the v4 self-sig express a key expiration
|
||||||
|
time that extends beyond the original v3 expiration time.
|
||||||
|
|
||||||
2002-05-06 David Shaw <dshaw@jabberwocky.com>
|
2002-05-06 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* keyedit.c (sign_uids): When making a self-signature via "sign"
|
* keyedit.c (sign_uids): When making a self-signature via "sign"
|
||||||
|
23
g10/getkey.c
23
g10/getkey.c
@ -1048,6 +1048,12 @@ merge_keys_and_selfsig( KBNODE keyblock )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(pk->expiredate==0 || pk->expiredate>pk->max_expiredate)
|
||||||
|
pk->expiredate=pk->max_expiredate;
|
||||||
|
|
||||||
|
if(sk->expiredate==0 || sk->expiredate>sk->max_expiredate)
|
||||||
|
sk->expiredate=sk->max_expiredate;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1176,10 +1182,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
|||||||
pk->main_keyid[1] = kid[1];
|
pk->main_keyid[1] = kid[1];
|
||||||
|
|
||||||
if ( pk->version < 4 ) {
|
if ( pk->version < 4 ) {
|
||||||
/* before v4 the key packet itself contains the expiration date
|
/* before v4 the key packet itself contains the expiration
|
||||||
* and there was no way to change it. So we also use only the
|
* date and there was no way to change it, so we start with
|
||||||
* one from the key packet */
|
* the one from the key packet */
|
||||||
key_expire = pk->expiredate;
|
key_expire = pk->max_expiredate;
|
||||||
key_expire_seen = 1;
|
key_expire_seen = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1263,13 +1269,11 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
|||||||
key_usage |= PUBKEY_USAGE_ENC;
|
key_usage |= PUBKEY_USAGE_ENC;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( pk->version > 3 ) {
|
|
||||||
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
||||||
if ( p ) {
|
if ( p ) {
|
||||||
key_expire = keytimestamp + buffer_to_u32(p);
|
key_expire = keytimestamp + buffer_to_u32(p);
|
||||||
key_expire_seen = 1;
|
key_expire_seen = 1;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* mark that key as valid: one direct key signature should
|
/* mark that key as valid: one direct key signature should
|
||||||
* render a key as valid */
|
* render a key as valid */
|
||||||
@ -1417,8 +1421,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Currently only v3 keys have a maximum expiration date, but I'll
|
||||||
|
bet v5 keys get this feature again. */
|
||||||
|
if(key_expire==0 || key_expire>pk->max_expiredate)
|
||||||
|
key_expire=pk->max_expiredate;
|
||||||
|
|
||||||
pk->has_expired = key_expire >= curtime? 0 : key_expire;
|
pk->has_expired = key_expire >= curtime? 0 : key_expire;
|
||||||
if ( pk->version >= 4 )
|
|
||||||
pk->expiredate = key_expire;
|
pk->expiredate = key_expire;
|
||||||
/* Fixme: we should see how to get rid of the expiretime fields but
|
/* Fixme: we should see how to get rid of the expiretime fields but
|
||||||
* this needs changes at other places too. */
|
* this needs changes at other places too. */
|
||||||
@ -1560,7 +1568,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
|
|||||||
subpk->pubkey_usage = key_usage;
|
subpk->pubkey_usage = key_usage;
|
||||||
|
|
||||||
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
||||||
|
|
||||||
if ( p )
|
if ( p )
|
||||||
key_expire = keytimestamp + buffer_to_u32(p);
|
key_expire = keytimestamp + buffer_to_u32(p);
|
||||||
else
|
else
|
||||||
|
@ -184,6 +184,7 @@ typedef struct {
|
|||||||
typedef struct {
|
typedef struct {
|
||||||
u32 timestamp; /* key made */
|
u32 timestamp; /* key made */
|
||||||
u32 expiredate; /* expires at this date or 0 if not at all */
|
u32 expiredate; /* expires at this date or 0 if not at all */
|
||||||
|
u32 max_expiredate; /* must not expire past this date */
|
||||||
byte hdrbytes; /* number of header bytes */
|
byte hdrbytes; /* number of header bytes */
|
||||||
byte version;
|
byte version;
|
||||||
byte selfsigversion; /* highest version of all of the self-sigs */
|
byte selfsigversion; /* highest version of all of the self-sigs */
|
||||||
@ -210,6 +211,7 @@ typedef struct {
|
|||||||
typedef struct {
|
typedef struct {
|
||||||
u32 timestamp; /* key made */
|
u32 timestamp; /* key made */
|
||||||
u32 expiredate; /* expires at this date or 0 if not at all */
|
u32 expiredate; /* expires at this date or 0 if not at all */
|
||||||
|
u32 max_expiredate; /* must not expire past this date */
|
||||||
byte hdrbytes; /* number of header bytes */
|
byte hdrbytes; /* number of header bytes */
|
||||||
byte version;
|
byte version;
|
||||||
byte pubkey_algo; /* algorithm used for public key scheme */
|
byte pubkey_algo; /* algorithm used for public key scheme */
|
||||||
|
@ -1377,7 +1377,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
|||||||
{
|
{
|
||||||
int i, version, algorithm;
|
int i, version, algorithm;
|
||||||
unsigned n;
|
unsigned n;
|
||||||
unsigned long timestamp, expiredate;
|
unsigned long timestamp, expiredate, max_expiredate;
|
||||||
int npkey, nskey;
|
int npkey, nskey;
|
||||||
int is_v4=0;
|
int is_v4=0;
|
||||||
int rc=0;
|
int rc=0;
|
||||||
@ -1416,8 +1416,10 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
timestamp = read_32(inp); pktlen -= 4;
|
timestamp = read_32(inp); pktlen -= 4;
|
||||||
if( is_v4 )
|
if( is_v4 ) {
|
||||||
expiredate = 0; /* have to get it from the selfsignature */
|
expiredate = 0; /* have to get it from the selfsignature */
|
||||||
|
max_expiredate = 0;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
unsigned short ndays;
|
unsigned short ndays;
|
||||||
ndays = read_16(inp); pktlen -= 2;
|
ndays = read_16(inp); pktlen -= 2;
|
||||||
@ -1425,6 +1427,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
|||||||
expiredate = timestamp + ndays * 86400L;
|
expiredate = timestamp + ndays * 86400L;
|
||||||
else
|
else
|
||||||
expiredate = 0;
|
expiredate = 0;
|
||||||
|
|
||||||
|
max_expiredate=expiredate;
|
||||||
}
|
}
|
||||||
algorithm = iobuf_get_noeof(inp); pktlen--;
|
algorithm = iobuf_get_noeof(inp); pktlen--;
|
||||||
if( list_mode )
|
if( list_mode )
|
||||||
@ -1441,6 +1445,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
|||||||
|
|
||||||
sk->timestamp = timestamp;
|
sk->timestamp = timestamp;
|
||||||
sk->expiredate = expiredate;
|
sk->expiredate = expiredate;
|
||||||
|
sk->max_expiredate = max_expiredate;
|
||||||
sk->hdrbytes = hdrlen;
|
sk->hdrbytes = hdrlen;
|
||||||
sk->version = version;
|
sk->version = version;
|
||||||
sk->is_primary = pkttype == PKT_SECRET_KEY;
|
sk->is_primary = pkttype == PKT_SECRET_KEY;
|
||||||
@ -1453,6 +1458,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
|||||||
|
|
||||||
pk->timestamp = timestamp;
|
pk->timestamp = timestamp;
|
||||||
pk->expiredate = expiredate;
|
pk->expiredate = expiredate;
|
||||||
|
pk->max_expiredate = max_expiredate;
|
||||||
pk->hdrbytes = hdrlen;
|
pk->hdrbytes = hdrlen;
|
||||||
pk->version = version;
|
pk->version = version;
|
||||||
pk->pubkey_algo = algorithm;
|
pk->pubkey_algo = algorithm;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user