1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

* packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,

merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
self-sig express a key expiration time that extends beyond the original v3
expiration time.
This commit is contained in:
David Shaw 2002-05-07 04:05:03 +00:00
parent 4a214fbfbb
commit 50c9a5bd25
4 changed files with 38 additions and 16 deletions

View File

@ -1,3 +1,10 @@
2002-05-07 David Shaw <dshaw@jabberwocky.com>
* packet.h, parse-packet.c (parse_key), getkey.c
(merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
self-sig must never let the v4 self-sig express a key expiration
time that extends beyond the original v3 expiration time.
2002-05-06 David Shaw <dshaw@jabberwocky.com> 2002-05-06 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (sign_uids): When making a self-signature via "sign" * keyedit.c (sign_uids): When making a self-signature via "sign"

View File

@ -1048,6 +1048,12 @@ merge_keys_and_selfsig( KBNODE keyblock )
} }
} }
} }
if(pk->expiredate==0 || pk->expiredate>pk->max_expiredate)
pk->expiredate=pk->max_expiredate;
if(sk->expiredate==0 || sk->expiredate>sk->max_expiredate)
sk->expiredate=sk->max_expiredate;
} }
} }
@ -1176,10 +1182,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
pk->main_keyid[1] = kid[1]; pk->main_keyid[1] = kid[1];
if ( pk->version < 4 ) { if ( pk->version < 4 ) {
/* before v4 the key packet itself contains the expiration date /* before v4 the key packet itself contains the expiration
* and there was no way to change it. So we also use only the * date and there was no way to change it, so we start with
* one from the key packet */ * the one from the key packet */
key_expire = pk->expiredate; key_expire = pk->max_expiredate;
key_expire_seen = 1; key_expire_seen = 1;
} }
@ -1263,13 +1269,11 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
key_usage |= PUBKEY_USAGE_ENC; key_usage |= PUBKEY_USAGE_ENC;
} }
if ( pk->version > 3 ) {
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p ) { if ( p ) {
key_expire = keytimestamp + buffer_to_u32(p); key_expire = keytimestamp + buffer_to_u32(p);
key_expire_seen = 1; key_expire_seen = 1;
} }
}
/* mark that key as valid: one direct key signature should /* mark that key as valid: one direct key signature should
* render a key as valid */ * render a key as valid */
@ -1417,8 +1421,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
} }
} }
/* Currently only v3 keys have a maximum expiration date, but I'll
bet v5 keys get this feature again. */
if(key_expire==0 || key_expire>pk->max_expiredate)
key_expire=pk->max_expiredate;
pk->has_expired = key_expire >= curtime? 0 : key_expire; pk->has_expired = key_expire >= curtime? 0 : key_expire;
if ( pk->version >= 4 )
pk->expiredate = key_expire; pk->expiredate = key_expire;
/* Fixme: we should see how to get rid of the expiretime fields but /* Fixme: we should see how to get rid of the expiretime fields but
* this needs changes at other places too. */ * this needs changes at other places too. */
@ -1560,7 +1568,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
subpk->pubkey_usage = key_usage; subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p ) if ( p )
key_expire = keytimestamp + buffer_to_u32(p); key_expire = keytimestamp + buffer_to_u32(p);
else else

View File

@ -184,6 +184,7 @@ typedef struct {
typedef struct { typedef struct {
u32 timestamp; /* key made */ u32 timestamp; /* key made */
u32 expiredate; /* expires at this date or 0 if not at all */ u32 expiredate; /* expires at this date or 0 if not at all */
u32 max_expiredate; /* must not expire past this date */
byte hdrbytes; /* number of header bytes */ byte hdrbytes; /* number of header bytes */
byte version; byte version;
byte selfsigversion; /* highest version of all of the self-sigs */ byte selfsigversion; /* highest version of all of the self-sigs */
@ -210,6 +211,7 @@ typedef struct {
typedef struct { typedef struct {
u32 timestamp; /* key made */ u32 timestamp; /* key made */
u32 expiredate; /* expires at this date or 0 if not at all */ u32 expiredate; /* expires at this date or 0 if not at all */
u32 max_expiredate; /* must not expire past this date */
byte hdrbytes; /* number of header bytes */ byte hdrbytes; /* number of header bytes */
byte version; byte version;
byte pubkey_algo; /* algorithm used for public key scheme */ byte pubkey_algo; /* algorithm used for public key scheme */

View File

@ -1377,7 +1377,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
{ {
int i, version, algorithm; int i, version, algorithm;
unsigned n; unsigned n;
unsigned long timestamp, expiredate; unsigned long timestamp, expiredate, max_expiredate;
int npkey, nskey; int npkey, nskey;
int is_v4=0; int is_v4=0;
int rc=0; int rc=0;
@ -1416,8 +1416,10 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
} }
timestamp = read_32(inp); pktlen -= 4; timestamp = read_32(inp); pktlen -= 4;
if( is_v4 ) if( is_v4 ) {
expiredate = 0; /* have to get it from the selfsignature */ expiredate = 0; /* have to get it from the selfsignature */
max_expiredate = 0;
}
else { else {
unsigned short ndays; unsigned short ndays;
ndays = read_16(inp); pktlen -= 2; ndays = read_16(inp); pktlen -= 2;
@ -1425,6 +1427,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
expiredate = timestamp + ndays * 86400L; expiredate = timestamp + ndays * 86400L;
else else
expiredate = 0; expiredate = 0;
max_expiredate=expiredate;
} }
algorithm = iobuf_get_noeof(inp); pktlen--; algorithm = iobuf_get_noeof(inp); pktlen--;
if( list_mode ) if( list_mode )
@ -1441,6 +1445,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
sk->timestamp = timestamp; sk->timestamp = timestamp;
sk->expiredate = expiredate; sk->expiredate = expiredate;
sk->max_expiredate = max_expiredate;
sk->hdrbytes = hdrlen; sk->hdrbytes = hdrlen;
sk->version = version; sk->version = version;
sk->is_primary = pkttype == PKT_SECRET_KEY; sk->is_primary = pkttype == PKT_SECRET_KEY;
@ -1453,6 +1458,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
pk->timestamp = timestamp; pk->timestamp = timestamp;
pk->expiredate = expiredate; pk->expiredate = expiredate;
pk->max_expiredate = max_expiredate;
pk->hdrbytes = hdrlen; pk->hdrbytes = hdrlen;
pk->version = version; pk->version = version;
pk->pubkey_algo = algorithm; pk->pubkey_algo = algorithm;