security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

g10: Use accessors for expiration dates of public keys. 

* g10/Makefile.am (common_source): Add new file.
* g10/packet-functions.h: New file.
* g10/packet.h (PKT_public_key): New flag 'valid_expiredate'.
* g10/call-dirmngr.c: Apply the following semantic patch.
* g10/free-packet.c: Likewise.
* g10/getkey.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keygen.c: Likewise.  Here with small manual fixups.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/trustdb.c: Likewise.
--

    @@
    PKT_public_key *E;
    expression X;
    @@
    -E->expiredate = X
    +kb_pk_set_expiredate (E, X)

    @@
    PKT_public_key *E;
    @@
    -E->expiredate
    +kb_pk_expiredate (E)

Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2017-01-02 16:55:41 +01:00
parent a1a64820c3
commit 65c8002b70
15 changed files with 93 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
g10/Makefile.am
View File

@ -112,6 +112,7 @@ common_source = \
openfile.c \
keyid.c \
packet.h \
packet-functions.h \
parse-packet.c \
cpr.c \
plaintext.c \

2
g10/call-dirmngr.c
View File

@ -948,7 +948,7 @@ ks_put_inq_cb (void *opaque, const char *line)
record_output (fp, node->pkt->pkttype, validity,
nbits_from_pk (pk), pk->pubkey_algo,
pk->keyid, pk->timestamp, pk->expiredate,
pk->keyid, pk->timestamp, kb_pk_expiredate (pk),
NULL);
}
break;

2
g10/free-packet.c
View File

@ -455,7 +455,7 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
if( a->timestamp != b->timestamp )
return -1;
if( a->version < 4 && a->expiredate != b->expiredate )
if( a->version < 4 && kb_pk_expiredate (a) != kb_pk_expiredate (b))
return -1;
if( a->pubkey_algo != b->pubkey_algo )
return -1;

6
g10/getkey.c
View File

@ -2899,7 +2899,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
key_expire = pk->max_expiredate;
pk->has_expired = key_expire >= curtime ? 0 : key_expire;
pk->expiredate = key_expire;
kb_pk_set_expiredate (pk, key_expire);
/* Fixme: we should see how to get rid of the expiretime fields but
* this needs changes at other places too. */
@ -3037,7 +3037,7 @@ buf_to_sig (const byte * buf, size_t len)
flags.backsig
pubkey_usage
has_expired
expired_date
expiredate
On this subkey's most revent valid self-signed packet, the
following field is set:
@ -3146,7 +3146,7 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
else
key_expire = 0;
subpk->has_expired = key_expire >= curtime ? 0 : key_expire;
subpk->expiredate = key_expire;
kb_pk_set_expiredate (subpk, key_expire);
/* Algo doesn't exist. */
if (openpgp_pk_test_algo (subpk->pubkey_algo))

14
g10/keyedit.c
View File

@ -1394,7 +1394,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
show_key_with_all_names (ctrl, fp, keyblock, 1, 0, 1, 0, 0, 0);
tty_fprintf (fp, "\n");
if (primary_pk->expiredate && !selfsig)
if (kb_pk_expiredate (primary_pk) && !selfsig)
{
/* Static analyzer note: A claim that PRIMARY_PK might be
NULL is not correct because it set from the public key
@ -1406,7 +1406,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
u32 now = make_timestamp ();
if (primary_pk->expiredate <= now)
if (kb_pk_expiredate (primary_pk) <= now)
{
tty_fprintf (fp, _("This key has expired!"));
@ -1443,7 +1443,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
to answer the questions, enter the
passphrase, etc). */
timestamp = now;
duration = primary_pk->expiredate - now;
duration = kb_pk_expiredate (primary_pk) - now;
}
cpr_kill_prompt ();
@ -3676,7 +3676,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
nbits_from_pk (pk),
pk->pubkey_algo,
(ulong) keyid[0], (ulong) keyid[1],
(ulong) pk->timestamp, (ulong) pk->expiredate);
(ulong) pk->timestamp, (ulong) kb_pk_expiredate (pk));
if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks))
es_putc (get_ownertrust_info (pk), fp);
@ -4309,7 +4309,7 @@ subkey_expire_warning (kbnode_t keyblock)
if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
{
latest_date = pk->timestamp;
subexpire = pk->expiredate;
subexpire = kb_pk_expiredate (pk);
}
}
@ -4872,14 +4872,14 @@ menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration)
{
main_pk = node->pkt->pkt.public_key;
keyid_from_pk (main_pk, keyid);
main_pk->expiredate = expiredate;
kb_pk_set_expiredate (main_pk, expiredate);
}
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
if ((node->flag & NODFLG_SELKEY) && !force_mainkey)
{
sub_pk = node->pkt->pkt.public_key;
sub_pk->expiredate = expiredate;
kb_pk_set_expiredate (sub_pk, expiredate);
}
else
sub_pk = NULL;

15
g10/keygen.c
View File

@ -259,10 +259,10 @@ keygen_add_key_expire (PKT_signature *sig, void *opaque)
byte buf[8];
u32 u;
if (pk->expiredate)
if (kb_pk_expiredate (pk))
{
if (pk->expiredate > pk->timestamp)
u = pk->expiredate - pk->timestamp;
if (kb_pk_expiredate (pk) > pk->timestamp)
u = kb_pk_expiredate (pk) - pk->timestamp;
else
u = 1;
@ -1290,8 +1290,7 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
pk->timestamp = timestamp;
pk->version = 4;
if (expireval)
pk->expiredate = pk->timestamp + expireval;
kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0);
pk->pubkey_algo = algo;
if (algo == PUBKEY_ALGO_ECDSA
@ -1357,8 +1356,7 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
pk->timestamp = timestamp;
pk->version = 4;
if (expireval)
pk->expiredate = pk->timestamp + expireval;
kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0);
pk->pubkey_algo = algo;
if (algo == PUBKEY_ALGO_ECDSA
@ -5276,8 +5274,7 @@ gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
pk->timestamp = *timestamp;
pk->version = 4;
if (expireval)
pk->expiredate = pk->timestamp + expireval;
kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0);
pk->pubkey_algo = algo;
pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;

4
g10/keyid.c
View File

@ -660,9 +660,9 @@ expirestr_from_pk (PKT_public_key *pk)
static char buffer[11+5];
time_t atime;
if (!pk->expiredate)
if (!kb_pk_expiredate (pk))
return _("never ");
atime = pk->expiredate;
atime = kb_pk_expiredate (pk);
return mk_datestr (buffer, atime);
}

6
g10/keylist.c
View File

@ -1245,7 +1245,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
nbits_from_pk (pk),
pk->pubkey_algo,
(ulong) keyid[0], (ulong) keyid[1],
colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
colon_datestr_from_pk (pk), colon_strtime (kb_pk_expiredate (pk)));
if (ownertrust_print)
es_putc (ownertrust_print, es_stdout);
@ -1383,7 +1383,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
nbits_from_pk (pk2),
pk2->pubkey_algo,
(ulong) keyid2[0], (ulong) keyid2[1],
colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
colon_datestr_from_pk (pk2), colon_strtime (kb_pk_expiredate (pk2))
/* fixme: add LID and ownertrust here */
);
print_capabilities (pk2, NULL);
@ -1857,7 +1857,7 @@ print_key_line (estream_t fp, PKT_public_key *pk, int secret)
tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
tty_fprintf (fp, "]");
}
else if (pk->expiredate)
else if (kb_pk_expiredate (pk))
{
tty_fprintf (fp, " [");
tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));

2
g10/mainproc.c
View File

@ -1030,7 +1030,7 @@ list_node (CTX c, kbnode_t node)
pk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
colon_datestr_from_pk( pk ),
colon_strtime (pk->expiredate) );
colon_strtime (kb_pk_expiredate (pk)) );
if (pk->flags.primary && !opt.fast_list_mode)
es_putc (get_ownertrust_info (pk), es_stdout);
es_putc (':', es_stdout);

49
g10/packet-functions.h Normal file
View File

@ -0,0 +1,49 @@
/* packet-functions.h - Accessor functions for in-core representations.
* Copyright (C) 2017 g10 Code GmbH
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#ifndef G10_PACKET_FUNCTIONS_H
#define G10_PACKET_FUNCTIONS_H
#include "../common/logging.h"
static inline u32
kb_pk_set_expiredate (PKT_public_key *pk, u32 value)
{
pk->expiredate = value;
pk->flags.valid_expiredate = 1;
return value;
}
static inline void
kb_pk_invalidate_expiredate (PKT_public_key *pk)
{
pk->expiredate = 0;
pk->flags.valid_expiredate = 0;
}
static inline int
kb_pk_valid_expiredate (PKT_public_key *pk)
{
return pk->flags.valid_expiredate;
}
#define kb_pk_expiredate(PK) \
(log_assert ((PK)->flags.valid_expiredate), (PK)->expiredate)
#endif /*G10_PACKET_FUNCTIONS_H*/

6
g10/packet.h
View File

@ -396,6 +396,10 @@ typedef struct
unsigned int backsig:2; /* 0=none, 1=bad, 2=good. */
unsigned int serialno_valid:1;/* SERIALNO below is valid. */
unsigned int exact:1; /* Found via exact (!) search. */
/* The following flags track the validity of fields. Should not
be accessed directly. */
unsigned int valid_expiredate:1;
} flags;
PKT_user_id *user_id; /* If != NULL: found by that uid. */
struct revocation_key *revkey;
@ -852,4 +856,6 @@ gpg_error_t update_keysig_packet (PKT_signature **ret_sig,
/*-- keygen.c --*/
PKT_user_id *generate_user_id (kbnode_t keyblock, const char *uidstr);
#include "packet-functions.h"
#endif /*G10_PACKET_H*/

2
g10/parse-packet.c
View File

@ -2205,7 +2205,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
version, algorithm, timestamp, expiredate);
pk->timestamp = timestamp;
pk->expiredate = expiredate;
kb_pk_invalidate_expiredate (pk);
pk->max_expiredate = max_expiredate;
pk->hdrbytes = hdrlen;
pk->version = version;

4
g10/pubkey-enc.c
View File

@ -372,10 +372,10 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
}
if (!pk)
BUG ();
if (pk->expiredate && pk->expiredate <= make_timestamp ())
if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) <= make_timestamp ())
{
log_info (_("Note: secret key %s expired at %s\n"),
keystr (keyid), asctimestamp (pk->expiredate));
keystr (keyid), asctimestamp (kb_pk_expiredate (pk)));
}
}

8
g10/sig-check.c
View File

@ -132,7 +132,7 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
else
{
if(r_expiredate)
*r_expiredate = pk->expiredate;
*r_expiredate = kb_pk_expiredate (pk);
rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL);
@ -324,12 +324,12 @@ check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig,
flag which is set after a full evaluation of the key (getkey.c)
as well as a simple compare to the current time in case the
merge has for whatever reasons not been done. */
if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) {
if( pk->has_expired || (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) < cur_time)) {
char buf[11];
if (opt.verbose)
log_info(_("Note: signature key %s expired %s\n"),
keystr_from_pk(pk), asctimestamp( pk->expiredate ) );
sprintf(buf,"%lu",(ulong)pk->expiredate);
keystr_from_pk(pk), asctimestamp(kb_pk_expiredate (pk)) );
sprintf(buf,"%lu",(ulong)kb_pk_expiredate (pk));
write_status_text(STATUS_KEYEXPIRED,buf);
if(r_expired)
*r_expired = 1;

12
g10/trustdb.c
View File

@ -1829,9 +1829,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
{
KBNODE node;
if (pk->expiredate && pk->expiredate >= curtime
&& pk->expiredate < *next_expire)
*next_expire = pk->expiredate;
if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) >= curtime
&& kb_pk_expiredate (pk) < *next_expire)
*next_expire = kb_pk_expiredate (pk);
if (nkeys == maxkeys) {
maxkeys += 1000;
@ -2007,9 +2007,9 @@ validate_keys (ctrl_t ctrl, int interactive)
if (node->pkt->pkttype == PKT_USER_ID)
update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE);
}
if ( pk->expiredate && pk->expiredate >= start_time
&& pk->expiredate < next_expire)
next_expire = pk->expiredate;
if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) >= start_time
&& kb_pk_expiredate (pk) < next_expire)
next_expire = kb_pk_expiredate (pk);
release_kbnode (keyblock);
do_sync ();