mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,
merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4 self-sig express a key expiration time that extends beyond the original v3 expiration time.
This commit is contained in:
parent
4a214fbfbb
commit
50c9a5bd25
@ -1,3 +1,10 @@
|
||||
2002-05-07 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* packet.h, parse-packet.c (parse_key), getkey.c
|
||||
(merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
|
||||
self-sig must never let the v4 self-sig express a key expiration
|
||||
time that extends beyond the original v3 expiration time.
|
||||
|
||||
2002-05-06 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyedit.c (sign_uids): When making a self-signature via "sign"
|
||||
|
33
g10/getkey.c
33
g10/getkey.c
@ -1048,6 +1048,12 @@ merge_keys_and_selfsig( KBNODE keyblock )
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(pk->expiredate==0 || pk->expiredate>pk->max_expiredate)
|
||||
pk->expiredate=pk->max_expiredate;
|
||||
|
||||
if(sk->expiredate==0 || sk->expiredate>sk->max_expiredate)
|
||||
sk->expiredate=sk->max_expiredate;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1176,10 +1182,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
||||
pk->main_keyid[1] = kid[1];
|
||||
|
||||
if ( pk->version < 4 ) {
|
||||
/* before v4 the key packet itself contains the expiration date
|
||||
* and there was no way to change it. So we also use only the
|
||||
* one from the key packet */
|
||||
key_expire = pk->expiredate;
|
||||
/* before v4 the key packet itself contains the expiration
|
||||
* date and there was no way to change it, so we start with
|
||||
* the one from the key packet */
|
||||
key_expire = pk->max_expiredate;
|
||||
key_expire_seen = 1;
|
||||
}
|
||||
|
||||
@ -1263,12 +1269,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
||||
key_usage |= PUBKEY_USAGE_ENC;
|
||||
}
|
||||
|
||||
if ( pk->version > 3 ) {
|
||||
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
||||
if ( p ) {
|
||||
key_expire = keytimestamp + buffer_to_u32(p);
|
||||
key_expire_seen = 1;
|
||||
}
|
||||
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
||||
if ( p ) {
|
||||
key_expire = keytimestamp + buffer_to_u32(p);
|
||||
key_expire_seen = 1;
|
||||
}
|
||||
|
||||
/* mark that key as valid: one direct key signature should
|
||||
@ -1417,9 +1421,13 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
||||
}
|
||||
}
|
||||
|
||||
/* Currently only v3 keys have a maximum expiration date, but I'll
|
||||
bet v5 keys get this feature again. */
|
||||
if(key_expire==0 || key_expire>pk->max_expiredate)
|
||||
key_expire=pk->max_expiredate;
|
||||
|
||||
pk->has_expired = key_expire >= curtime? 0 : key_expire;
|
||||
if ( pk->version >= 4 )
|
||||
pk->expiredate = key_expire;
|
||||
pk->expiredate = key_expire;
|
||||
/* Fixme: we should see how to get rid of the expiretime fields but
|
||||
* this needs changes at other places too. */
|
||||
|
||||
@ -1560,7 +1568,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
|
||||
subpk->pubkey_usage = key_usage;
|
||||
|
||||
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
||||
|
||||
if ( p )
|
||||
key_expire = keytimestamp + buffer_to_u32(p);
|
||||
else
|
||||
|
@ -184,6 +184,7 @@ typedef struct {
|
||||
typedef struct {
|
||||
u32 timestamp; /* key made */
|
||||
u32 expiredate; /* expires at this date or 0 if not at all */
|
||||
u32 max_expiredate; /* must not expire past this date */
|
||||
byte hdrbytes; /* number of header bytes */
|
||||
byte version;
|
||||
byte selfsigversion; /* highest version of all of the self-sigs */
|
||||
@ -210,6 +211,7 @@ typedef struct {
|
||||
typedef struct {
|
||||
u32 timestamp; /* key made */
|
||||
u32 expiredate; /* expires at this date or 0 if not at all */
|
||||
u32 max_expiredate; /* must not expire past this date */
|
||||
byte hdrbytes; /* number of header bytes */
|
||||
byte version;
|
||||
byte pubkey_algo; /* algorithm used for public key scheme */
|
||||
|
@ -1377,7 +1377,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
||||
{
|
||||
int i, version, algorithm;
|
||||
unsigned n;
|
||||
unsigned long timestamp, expiredate;
|
||||
unsigned long timestamp, expiredate, max_expiredate;
|
||||
int npkey, nskey;
|
||||
int is_v4=0;
|
||||
int rc=0;
|
||||
@ -1416,8 +1416,10 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
||||
}
|
||||
|
||||
timestamp = read_32(inp); pktlen -= 4;
|
||||
if( is_v4 )
|
||||
if( is_v4 ) {
|
||||
expiredate = 0; /* have to get it from the selfsignature */
|
||||
max_expiredate = 0;
|
||||
}
|
||||
else {
|
||||
unsigned short ndays;
|
||||
ndays = read_16(inp); pktlen -= 2;
|
||||
@ -1425,6 +1427,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
||||
expiredate = timestamp + ndays * 86400L;
|
||||
else
|
||||
expiredate = 0;
|
||||
|
||||
max_expiredate=expiredate;
|
||||
}
|
||||
algorithm = iobuf_get_noeof(inp); pktlen--;
|
||||
if( list_mode )
|
||||
@ -1441,6 +1445,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
||||
|
||||
sk->timestamp = timestamp;
|
||||
sk->expiredate = expiredate;
|
||||
sk->max_expiredate = max_expiredate;
|
||||
sk->hdrbytes = hdrlen;
|
||||
sk->version = version;
|
||||
sk->is_primary = pkttype == PKT_SECRET_KEY;
|
||||
@ -1453,6 +1458,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
|
||||
|
||||
pk->timestamp = timestamp;
|
||||
pk->expiredate = expiredate;
|
||||
pk->max_expiredate = max_expiredate;
|
||||
pk->hdrbytes = hdrlen;
|
||||
pk->version = version;
|
||||
pk->pubkey_algo = algorithm;
|
||||
|
Loading…
x
Reference in New Issue
Block a user