g10: Use accessors for expiration dates of public keys.

* g10/Makefile.am (common_source): Add new file.
* g10/packet-functions.h: New file.
* g10/packet.h (PKT_public_key): New flag 'valid_expiredate'.
* g10/call-dirmngr.c: Apply the following semantic patch.
* g10/free-packet.c: Likewise.
* g10/getkey.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keygen.c: Likewise.  Here with small manual fixups.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/trustdb.c: Likewise.
--

    @@
    PKT_public_key *E;
    expression X;
    @@
    -E->expiredate = X
    +kb_pk_set_expiredate (E, X)

    @@
    PKT_public_key *E;
    @@
    -E->expiredate
    +kb_pk_expiredate (E)

Signed-off-by: Justus Winter <justus@g10code.com>

g10/Makefile.am

@@ -112,6 +112,7 @@ common_source =  \
 	      openfile.c	\
 	      keyid.c		\
 	      packet.h		\
+	      packet-functions.h \
 	      parse-packet.c	\
 	      cpr.c		\
 	      plaintext.c	\

g10/call-dirmngr.c

@@ -948,7 +948,7 @@ ks_put_inq_cb (void *opaque, const char *line)
 
 		record_output (fp, node->pkt->pkttype, validity,
 			       nbits_from_pk (pk), pk->pubkey_algo,
-			       pk->keyid, pk->timestamp, pk->expiredate,
+			       pk->keyid, pk->timestamp, kb_pk_expiredate (pk),
 			       NULL);
               }
               break;

g10/free-packet.c

@@ -455,7 +455,7 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
 
     if( a->timestamp != b->timestamp )
 	return -1;
-    if( a->version < 4 && a->expiredate != b->expiredate )
+    if( a->version < 4 && kb_pk_expiredate (a) != kb_pk_expiredate (b))
 	return -1;
     if( a->pubkey_algo != b->pubkey_algo )
 	return -1;

g10/getkey.c

@@ -2899,7 +2899,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
     key_expire = pk->max_expiredate;
 
   pk->has_expired = key_expire >= curtime ? 0 : key_expire;
-  pk->expiredate = key_expire;
+  kb_pk_set_expiredate (pk, key_expire);
 
   /* Fixme: we should see how to get rid of the expiretime fields  but
    * this needs changes at other places too. */
@@ -3037,7 +3037,7 @@ buf_to_sig (const byte * buf, size_t len)
      flags.backsig
      pubkey_usage
      has_expired
-     expired_date
+     expiredate
 
    On this subkey's most revent valid self-signed packet, the
    following field is set:
@@ -3146,7 +3146,7 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
   else
     key_expire = 0;
   subpk->has_expired = key_expire >= curtime ? 0 : key_expire;
-  subpk->expiredate = key_expire;
+  kb_pk_set_expiredate (subpk, key_expire);
 
   /* Algo doesn't exist.  */
   if (openpgp_pk_test_algo (subpk->pubkey_algo))

g10/keyedit.c

@@ -1394,7 +1394,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
       show_key_with_all_names (ctrl, fp, keyblock, 1, 0, 1, 0, 0, 0);
       tty_fprintf (fp, "\n");
 
-      if (primary_pk->expiredate && !selfsig)
+      if (kb_pk_expiredate (primary_pk) && !selfsig)
 	{
           /* Static analyzer note: A claim that PRIMARY_PK might be
              NULL is not correct because it set from the public key
@@ -1406,7 +1406,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
 
 	  u32 now = make_timestamp ();
 
-	  if (primary_pk->expiredate <= now)
+	  if (kb_pk_expiredate (primary_pk) <= now)
 	    {
 	      tty_fprintf (fp, _("This key has expired!"));
 
@@ -1443,7 +1443,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
 		         to answer the questions, enter the
 		         passphrase, etc). */
 		      timestamp = now;
-		      duration = primary_pk->expiredate - now;
+		      duration = kb_pk_expiredate (primary_pk) - now;
 		    }
 
 		  cpr_kill_prompt ();
@@ -3676,7 +3676,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
                       nbits_from_pk (pk),
                       pk->pubkey_algo,
                       (ulong) keyid[0], (ulong) keyid[1],
-                      (ulong) pk->timestamp, (ulong) pk->expiredate);
+                      (ulong) pk->timestamp, (ulong) kb_pk_expiredate (pk));
 	  if (node->pkt->pkttype == PKT_PUBLIC_KEY
 	      && !(opt.fast_list_mode || opt.no_expensive_trust_checks))
 	    es_putc (get_ownertrust_info (pk), fp);
@@ -4309,7 +4309,7 @@ subkey_expire_warning (kbnode_t keyblock)
       if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
         {
           latest_date = pk->timestamp;
-          subexpire = pk->expiredate;
+          subexpire = kb_pk_expiredate (pk);
         }
     }
 
@@ -4872,14 +4872,14 @@ menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration)
 	{
 	  main_pk = node->pkt->pkt.public_key;
 	  keyid_from_pk (main_pk, keyid);
-	  main_pk->expiredate = expiredate;
+	  kb_pk_set_expiredate (main_pk, expiredate);
 	}
       else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
 	{
           if ((node->flag & NODFLG_SELKEY) && !force_mainkey)
             {
               sub_pk = node->pkt->pkt.public_key;
-              sub_pk->expiredate = expiredate;
+              kb_pk_set_expiredate (sub_pk, expiredate);
             }
           else
             sub_pk = NULL;

g10/keygen.c

@@ -259,10 +259,10 @@ keygen_add_key_expire (PKT_signature *sig, void *opaque)
   byte buf[8];
   u32  u;
 
-  if (pk->expiredate)
+  if (kb_pk_expiredate (pk))
     {
-      if (pk->expiredate > pk->timestamp)
-        u = pk->expiredate - pk->timestamp;
+      if (kb_pk_expiredate (pk) > pk->timestamp)
+        u = kb_pk_expiredate (pk) - pk->timestamp;
       else
         u = 1;
 
@@ -1290,8 +1290,7 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
 
   pk->timestamp = timestamp;
   pk->version = 4;
-  if (expireval)
-    pk->expiredate = pk->timestamp + expireval;
+  kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0);
   pk->pubkey_algo = algo;
 
   if (algo == PUBKEY_ALGO_ECDSA
@@ -1357,8 +1356,7 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
 
   pk->timestamp = timestamp;
   pk->version = 4;
-  if (expireval)
-    pk->expiredate = pk->timestamp + expireval;
+  kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0);
   pk->pubkey_algo = algo;
 
   if (algo == PUBKEY_ALGO_ECDSA
@@ -5276,8 +5274,7 @@ gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
 
   pk->timestamp = *timestamp;
   pk->version = 4;
-  if (expireval)
-    pk->expiredate = pk->timestamp + expireval;
+  kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0);
   pk->pubkey_algo = algo;
 
   pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;

g10/keyid.c

@@ -660,9 +660,9 @@ expirestr_from_pk (PKT_public_key *pk)
   static char buffer[11+5];
   time_t atime;
 
-  if (!pk->expiredate)
+  if (!kb_pk_expiredate (pk))
     return _("never     ");
-  atime = pk->expiredate;
+  atime = kb_pk_expiredate (pk);
   return mk_datestr (buffer, atime);
 }
 

g10/keylist.c

@@ -1245,7 +1245,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
           nbits_from_pk (pk),
           pk->pubkey_algo,
           (ulong) keyid[0], (ulong) keyid[1],
-          colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
+          colon_datestr_from_pk (pk), colon_strtime (kb_pk_expiredate (pk)));
 
   if (ownertrust_print)
     es_putc (ownertrust_print, es_stdout);
@@ -1383,7 +1383,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
 		  nbits_from_pk (pk2),
 		  pk2->pubkey_algo,
 		  (ulong) keyid2[0], (ulong) keyid2[1],
-		  colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
+		  colon_datestr_from_pk (pk2), colon_strtime (kb_pk_expiredate (pk2))
 		  /* fixme: add LID and ownertrust here */
 	    );
 	  print_capabilities (pk2, NULL);
@@ -1857,7 +1857,7 @@ print_key_line (estream_t fp, PKT_public_key *pk, int secret)
       tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
       tty_fprintf (fp, "]");
     }
-  else if (pk->expiredate)
+  else if (kb_pk_expiredate (pk))
     {
       tty_fprintf (fp, " [");
       tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));

g10/mainproc.c

@@ -1030,7 +1030,7 @@ list_node (CTX c, kbnode_t node)
                      pk->pubkey_algo,
                      (ulong)keyid[0],(ulong)keyid[1],
                      colon_datestr_from_pk( pk ),
-                     colon_strtime (pk->expiredate) );
+                     colon_strtime (kb_pk_expiredate (pk)) );
           if (pk->flags.primary && !opt.fast_list_mode)
             es_putc (get_ownertrust_info (pk), es_stdout);
           es_putc (':', es_stdout);

g10/packet-functions.h

@@ -0,0 +1,49 @@
+/* packet-functions.h - Accessor functions for in-core representations.
+ * Copyright (C) 2017 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef G10_PACKET_FUNCTIONS_H
+#define G10_PACKET_FUNCTIONS_H
+
+#include "../common/logging.h"
+
+static inline u32
+kb_pk_set_expiredate (PKT_public_key *pk, u32 value)
+{
+  pk->expiredate = value;
+  pk->flags.valid_expiredate = 1;
+  return value;
+}
+
+static inline void
+kb_pk_invalidate_expiredate (PKT_public_key *pk)
+{
+  pk->expiredate = 0;
+  pk->flags.valid_expiredate = 0;
+}
+
+static inline int
+kb_pk_valid_expiredate (PKT_public_key *pk)
+{
+  return pk->flags.valid_expiredate;
+}
+
+#define kb_pk_expiredate(PK)					\
+  (log_assert ((PK)->flags.valid_expiredate), (PK)->expiredate)
+
+#endif /*G10_PACKET_FUNCTIONS_H*/

g10/packet.h

@@ -396,6 +396,10 @@ typedef struct
     unsigned int backsig:2;       /* 0=none, 1=bad, 2=good.  */
     unsigned int serialno_valid:1;/* SERIALNO below is valid.  */
     unsigned int exact:1;         /* Found via exact (!) search.  */
+
+    /* The following flags track the validity of fields.  Should not
+       be accessed directly.  */
+    unsigned int valid_expiredate:1;
   } flags;
   PKT_user_id *user_id;   /* If != NULL: found by that uid. */
   struct revocation_key *revkey;
@@ -852,4 +856,6 @@ gpg_error_t update_keysig_packet (PKT_signature **ret_sig,
 /*-- keygen.c --*/
 PKT_user_id *generate_user_id (kbnode_t keyblock, const char *uidstr);
 
+#include "packet-functions.h"
+
 #endif /*G10_PACKET_H*/

g10/parse-packet.c

@@ -2205,7 +2205,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
                 version, algorithm, timestamp, expiredate);
 
   pk->timestamp = timestamp;
-  pk->expiredate = expiredate;
+  kb_pk_invalidate_expiredate (pk);
   pk->max_expiredate = max_expiredate;
   pk->hdrbytes = hdrlen;
   pk->version = version;

g10/pubkey-enc.c

@@ -372,10 +372,10 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
           }
         if (!pk)
           BUG ();
-        if (pk->expiredate && pk->expiredate <= make_timestamp ())
+        if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) <= make_timestamp ())
           {
             log_info (_("Note: secret key %s expired at %s\n"),
-                      keystr (keyid), asctimestamp (pk->expiredate));
+                      keystr (keyid), asctimestamp (kb_pk_expiredate (pk)));
           }
       }
 

g10/sig-check.c

@@ -132,7 +132,7 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
     else
       {
         if(r_expiredate)
-	  *r_expiredate = pk->expiredate;
+	  *r_expiredate = kb_pk_expiredate (pk);
 
 	rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL);
 
@@ -324,12 +324,12 @@ check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig,
        flag which is set after a full evaluation of the key (getkey.c)
        as well as a simple compare to the current time in case the
        merge has for whatever reasons not been done.  */
-    if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) {
+    if( pk->has_expired || (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) < cur_time)) {
         char buf[11];
         if (opt.verbose)
 	  log_info(_("Note: signature key %s expired %s\n"),
-		   keystr_from_pk(pk), asctimestamp( pk->expiredate ) );
-	sprintf(buf,"%lu",(ulong)pk->expiredate);
+		   keystr_from_pk(pk), asctimestamp(kb_pk_expiredate (pk)) );
+	sprintf(buf,"%lu",(ulong)kb_pk_expiredate (pk));
 	write_status_text(STATUS_KEYEXPIRED,buf);
 	if(r_expired)
 	  *r_expired = 1;

g10/trustdb.c

@@ -1829,9 +1829,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
         {
 	  KBNODE node;
 
-          if (pk->expiredate && pk->expiredate >= curtime
-              && pk->expiredate < *next_expire)
-            *next_expire = pk->expiredate;
+          if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) >= curtime
+              && kb_pk_expiredate (pk) < *next_expire)
+            *next_expire = kb_pk_expiredate (pk);
 
           if (nkeys == maxkeys) {
             maxkeys += 1000;
@@ -2007,9 +2007,9 @@ validate_keys (ctrl_t ctrl, int interactive)
           if (node->pkt->pkttype == PKT_USER_ID)
 	    update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE);
         }
-      if ( pk->expiredate && pk->expiredate >= start_time
-           && pk->expiredate < next_expire)
-        next_expire = pk->expiredate;
+      if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) >= start_time
+           && kb_pk_expiredate (pk) < next_expire)
+        next_expire = kb_pk_expiredate (pk);
 
       release_kbnode (keyblock);
       do_sync ();