1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

* packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,

merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
self-sig express a key expiration time that extends beyond the original v3
expiration time.
This commit is contained in:
David Shaw 2002-05-07 04:05:03 +00:00
parent 4a214fbfbb
commit 50c9a5bd25
4 changed files with 38 additions and 16 deletions

View File

@ -1,3 +1,10 @@
2002-05-07 David Shaw <dshaw@jabberwocky.com>
* packet.h, parse-packet.c (parse_key), getkey.c
(merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
self-sig must never let the v4 self-sig express a key expiration
time that extends beyond the original v3 expiration time.
2002-05-06 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (sign_uids): When making a self-signature via "sign"

View File

@ -1048,6 +1048,12 @@ merge_keys_and_selfsig( KBNODE keyblock )
}
}
}
if(pk->expiredate==0 || pk->expiredate>pk->max_expiredate)
pk->expiredate=pk->max_expiredate;
if(sk->expiredate==0 || sk->expiredate>sk->max_expiredate)
sk->expiredate=sk->max_expiredate;
}
}
@ -1176,10 +1182,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
pk->main_keyid[1] = kid[1];
if ( pk->version < 4 ) {
/* before v4 the key packet itself contains the expiration date
* and there was no way to change it. So we also use only the
* one from the key packet */
key_expire = pk->expiredate;
/* before v4 the key packet itself contains the expiration
* date and there was no way to change it, so we start with
* the one from the key packet */
key_expire = pk->max_expiredate;
key_expire_seen = 1;
}
@ -1263,12 +1269,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
key_usage |= PUBKEY_USAGE_ENC;
}
if ( pk->version > 3 ) {
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p ) {
key_expire = keytimestamp + buffer_to_u32(p);
key_expire_seen = 1;
}
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p ) {
key_expire = keytimestamp + buffer_to_u32(p);
key_expire_seen = 1;
}
/* mark that key as valid: one direct key signature should
@ -1417,9 +1421,13 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
}
}
/* Currently only v3 keys have a maximum expiration date, but I'll
bet v5 keys get this feature again. */
if(key_expire==0 || key_expire>pk->max_expiredate)
key_expire=pk->max_expiredate;
pk->has_expired = key_expire >= curtime? 0 : key_expire;
if ( pk->version >= 4 )
pk->expiredate = key_expire;
pk->expiredate = key_expire;
/* Fixme: we should see how to get rid of the expiretime fields but
* this needs changes at other places too. */
@ -1560,7 +1568,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p )
key_expire = keytimestamp + buffer_to_u32(p);
else

View File

@ -184,6 +184,7 @@ typedef struct {
typedef struct {
u32 timestamp; /* key made */
u32 expiredate; /* expires at this date or 0 if not at all */
u32 max_expiredate; /* must not expire past this date */
byte hdrbytes; /* number of header bytes */
byte version;
byte selfsigversion; /* highest version of all of the self-sigs */
@ -210,6 +211,7 @@ typedef struct {
typedef struct {
u32 timestamp; /* key made */
u32 expiredate; /* expires at this date or 0 if not at all */
u32 max_expiredate; /* must not expire past this date */
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */

View File

@ -1377,7 +1377,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
{
int i, version, algorithm;
unsigned n;
unsigned long timestamp, expiredate;
unsigned long timestamp, expiredate, max_expiredate;
int npkey, nskey;
int is_v4=0;
int rc=0;
@ -1416,8 +1416,10 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
}
timestamp = read_32(inp); pktlen -= 4;
if( is_v4 )
if( is_v4 ) {
expiredate = 0; /* have to get it from the selfsignature */
max_expiredate = 0;
}
else {
unsigned short ndays;
ndays = read_16(inp); pktlen -= 2;
@ -1425,6 +1427,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
expiredate = timestamp + ndays * 86400L;
else
expiredate = 0;
max_expiredate=expiredate;
}
algorithm = iobuf_get_noeof(inp); pktlen--;
if( list_mode )
@ -1441,6 +1445,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
sk->timestamp = timestamp;
sk->expiredate = expiredate;
sk->max_expiredate = max_expiredate;
sk->hdrbytes = hdrlen;
sk->version = version;
sk->is_primary = pkttype == PKT_SECRET_KEY;
@ -1453,6 +1458,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
pk->timestamp = timestamp;
pk->expiredate = expiredate;
pk->max_expiredate = max_expiredate;
pk->hdrbytes = hdrlen;
pk->version = version;
pk->pubkey_algo = algorithm;