From 65c8002b705b30b5eefdaf2586559d8112b2a063 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Mon, 2 Jan 2017 16:55:41 +0100 Subject: [PATCH] g10: Use accessors for expiration dates of public keys. * g10/Makefile.am (common_source): Add new file. * g10/packet-functions.h: New file. * g10/packet.h (PKT_public_key): New flag 'valid_expiredate'. * g10/call-dirmngr.c: Apply the following semantic patch. * g10/free-packet.c: Likewise. * g10/getkey.c: Likewise. * g10/keyedit.c: Likewise. * g10/keygen.c: Likewise. Here with small manual fixups. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/mainproc.c: Likewise. * g10/parse-packet.c: Likewise. * g10/pubkey-enc.c: Likewise. * g10/sig-check.c: Likewise. * g10/trustdb.c: Likewise. -- @@ PKT_public_key *E; expression X; @@ -E->expiredate = X +kb_pk_set_expiredate (E, X) @@ PKT_public_key *E; @@ -E->expiredate +kb_pk_expiredate (E) Signed-off-by: Justus Winter --- g10/Makefile.am | 1 + g10/call-dirmngr.c | 2 +- g10/free-packet.c | 2 +- g10/getkey.c | 6 +++--- g10/keyedit.c | 14 ++++++------ g10/keygen.c | 15 ++++++------- g10/keyid.c | 4 ++-- g10/keylist.c | 6 +++--- g10/mainproc.c | 2 +- g10/packet-functions.h | 49 ++++++++++++++++++++++++++++++++++++++++++ g10/packet.h | 6 ++++++ g10/parse-packet.c | 2 +- g10/pubkey-enc.c | 4 ++-- g10/sig-check.c | 8 +++---- g10/trustdb.c | 12 +++++------ 15 files changed, 93 insertions(+), 40 deletions(-) create mode 100644 g10/packet-functions.h diff --git a/g10/Makefile.am b/g10/Makefile.am index 604be93d5..7a14173b7 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -112,6 +112,7 @@ common_source = \ openfile.c \ keyid.c \ packet.h \ + packet-functions.h \ parse-packet.c \ cpr.c \ plaintext.c \ diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 12838b5cd..94018beb9 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -948,7 +948,7 @@ ks_put_inq_cb (void *opaque, const char *line) record_output (fp, node->pkt->pkttype, validity, nbits_from_pk (pk), pk->pubkey_algo, - pk->keyid, pk->timestamp, pk->expiredate, + pk->keyid, pk->timestamp, kb_pk_expiredate (pk), NULL); } break; diff --git a/g10/free-packet.c b/g10/free-packet.c index 6038d262e..63349c6fd 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -455,7 +455,7 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b ) if( a->timestamp != b->timestamp ) return -1; - if( a->version < 4 && a->expiredate != b->expiredate ) + if( a->version < 4 && kb_pk_expiredate (a) != kb_pk_expiredate (b)) return -1; if( a->pubkey_algo != b->pubkey_algo ) return -1; diff --git a/g10/getkey.c b/g10/getkey.c index ed0bf0e2c..e133b9737 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2899,7 +2899,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, key_expire = pk->max_expiredate; pk->has_expired = key_expire >= curtime ? 0 : key_expire; - pk->expiredate = key_expire; + kb_pk_set_expiredate (pk, key_expire); /* Fixme: we should see how to get rid of the expiretime fields but * this needs changes at other places too. */ @@ -3037,7 +3037,7 @@ buf_to_sig (const byte * buf, size_t len) flags.backsig pubkey_usage has_expired - expired_date + expiredate On this subkey's most revent valid self-signed packet, the following field is set: @@ -3146,7 +3146,7 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode) else key_expire = 0; subpk->has_expired = key_expire >= curtime ? 0 : key_expire; - subpk->expiredate = key_expire; + kb_pk_set_expiredate (subpk, key_expire); /* Algo doesn't exist. */ if (openpgp_pk_test_algo (subpk->pubkey_algo)) diff --git a/g10/keyedit.c b/g10/keyedit.c index 88e2f4fd5..c565ee033 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1394,7 +1394,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, show_key_with_all_names (ctrl, fp, keyblock, 1, 0, 1, 0, 0, 0); tty_fprintf (fp, "\n"); - if (primary_pk->expiredate && !selfsig) + if (kb_pk_expiredate (primary_pk) && !selfsig) { /* Static analyzer note: A claim that PRIMARY_PK might be NULL is not correct because it set from the public key @@ -1406,7 +1406,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, u32 now = make_timestamp (); - if (primary_pk->expiredate <= now) + if (kb_pk_expiredate (primary_pk) <= now) { tty_fprintf (fp, _("This key has expired!")); @@ -1443,7 +1443,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, to answer the questions, enter the passphrase, etc). */ timestamp = now; - duration = primary_pk->expiredate - now; + duration = kb_pk_expiredate (primary_pk) - now; } cpr_kill_prompt (); @@ -3676,7 +3676,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock) nbits_from_pk (pk), pk->pubkey_algo, (ulong) keyid[0], (ulong) keyid[1], - (ulong) pk->timestamp, (ulong) pk->expiredate); + (ulong) pk->timestamp, (ulong) kb_pk_expiredate (pk)); if (node->pkt->pkttype == PKT_PUBLIC_KEY && !(opt.fast_list_mode || opt.no_expensive_trust_checks)) es_putc (get_ownertrust_info (pk), fp); @@ -4309,7 +4309,7 @@ subkey_expire_warning (kbnode_t keyblock) if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date)) { latest_date = pk->timestamp; - subexpire = pk->expiredate; + subexpire = kb_pk_expiredate (pk); } } @@ -4872,14 +4872,14 @@ menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration) { main_pk = node->pkt->pkt.public_key; keyid_from_pk (main_pk, keyid); - main_pk->expiredate = expiredate; + kb_pk_set_expiredate (main_pk, expiredate); } else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { if ((node->flag & NODFLG_SELKEY) && !force_mainkey) { sub_pk = node->pkt->pkt.public_key; - sub_pk->expiredate = expiredate; + kb_pk_set_expiredate (sub_pk, expiredate); } else sub_pk = NULL; diff --git a/g10/keygen.c b/g10/keygen.c index b4fddba00..f54bfa8d7 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -259,10 +259,10 @@ keygen_add_key_expire (PKT_signature *sig, void *opaque) byte buf[8]; u32 u; - if (pk->expiredate) + if (kb_pk_expiredate (pk)) { - if (pk->expiredate > pk->timestamp) - u = pk->expiredate - pk->timestamp; + if (kb_pk_expiredate (pk) > pk->timestamp) + u = kb_pk_expiredate (pk) - pk->timestamp; else u = 1; @@ -1290,8 +1290,7 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip, pk->timestamp = timestamp; pk->version = 4; - if (expireval) - pk->expiredate = pk->timestamp + expireval; + kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0); pk->pubkey_algo = algo; if (algo == PUBKEY_ALGO_ECDSA @@ -1357,8 +1356,7 @@ common_gen (const char *keyparms, int algo, const char *algoelem, pk->timestamp = timestamp; pk->version = 4; - if (expireval) - pk->expiredate = pk->timestamp + expireval; + kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0); pk->pubkey_algo = algo; if (algo == PUBKEY_ALGO_ECDSA @@ -5276,8 +5274,7 @@ gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root, pk->timestamp = *timestamp; pk->version = 4; - if (expireval) - pk->expiredate = pk->timestamp + expireval; + kb_pk_set_expiredate (pk, expireval ? pk->timestamp + expireval : 0); pk->pubkey_algo = algo; pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY; diff --git a/g10/keyid.c b/g10/keyid.c index dd098fd19..a2e5412a7 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -660,9 +660,9 @@ expirestr_from_pk (PKT_public_key *pk) static char buffer[11+5]; time_t atime; - if (!pk->expiredate) + if (!kb_pk_expiredate (pk)) return _("never "); - atime = pk->expiredate; + atime = kb_pk_expiredate (pk); return mk_datestr (buffer, atime); } diff --git a/g10/keylist.c b/g10/keylist.c index fe4ce22e1..0394020e1 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1245,7 +1245,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, nbits_from_pk (pk), pk->pubkey_algo, (ulong) keyid[0], (ulong) keyid[1], - colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); + colon_datestr_from_pk (pk), colon_strtime (kb_pk_expiredate (pk))); if (ownertrust_print) es_putc (ownertrust_print, es_stdout); @@ -1383,7 +1383,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, nbits_from_pk (pk2), pk2->pubkey_algo, (ulong) keyid2[0], (ulong) keyid2[1], - colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate) + colon_datestr_from_pk (pk2), colon_strtime (kb_pk_expiredate (pk2)) /* fixme: add LID and ownertrust here */ ); print_capabilities (pk2, NULL); @@ -1857,7 +1857,7 @@ print_key_line (estream_t fp, PKT_public_key *pk, int secret) tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk)); tty_fprintf (fp, "]"); } - else if (pk->expiredate) + else if (kb_pk_expiredate (pk)) { tty_fprintf (fp, " ["); tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); diff --git a/g10/mainproc.c b/g10/mainproc.c index 8e3974de1..2245879d9 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1030,7 +1030,7 @@ list_node (CTX c, kbnode_t node) pk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], colon_datestr_from_pk( pk ), - colon_strtime (pk->expiredate) ); + colon_strtime (kb_pk_expiredate (pk)) ); if (pk->flags.primary && !opt.fast_list_mode) es_putc (get_ownertrust_info (pk), es_stdout); es_putc (':', es_stdout); diff --git a/g10/packet-functions.h b/g10/packet-functions.h new file mode 100644 index 000000000..0372f4ea6 --- /dev/null +++ b/g10/packet-functions.h @@ -0,0 +1,49 @@ +/* packet-functions.h - Accessor functions for in-core representations. + * Copyright (C) 2017 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef G10_PACKET_FUNCTIONS_H +#define G10_PACKET_FUNCTIONS_H + +#include "../common/logging.h" + +static inline u32 +kb_pk_set_expiredate (PKT_public_key *pk, u32 value) +{ + pk->expiredate = value; + pk->flags.valid_expiredate = 1; + return value; +} + +static inline void +kb_pk_invalidate_expiredate (PKT_public_key *pk) +{ + pk->expiredate = 0; + pk->flags.valid_expiredate = 0; +} + +static inline int +kb_pk_valid_expiredate (PKT_public_key *pk) +{ + return pk->flags.valid_expiredate; +} + +#define kb_pk_expiredate(PK) \ + (log_assert ((PK)->flags.valid_expiredate), (PK)->expiredate) + +#endif /*G10_PACKET_FUNCTIONS_H*/ diff --git a/g10/packet.h b/g10/packet.h index 71079c3be..aa1a221c0 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -396,6 +396,10 @@ typedef struct unsigned int backsig:2; /* 0=none, 1=bad, 2=good. */ unsigned int serialno_valid:1;/* SERIALNO below is valid. */ unsigned int exact:1; /* Found via exact (!) search. */ + + /* The following flags track the validity of fields. Should not + be accessed directly. */ + unsigned int valid_expiredate:1; } flags; PKT_user_id *user_id; /* If != NULL: found by that uid. */ struct revocation_key *revkey; @@ -852,4 +856,6 @@ gpg_error_t update_keysig_packet (PKT_signature **ret_sig, /*-- keygen.c --*/ PKT_user_id *generate_user_id (kbnode_t keyblock, const char *uidstr); +#include "packet-functions.h" + #endif /*G10_PACKET_H*/ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 7f44ce532..f4427f0ab 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2205,7 +2205,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, version, algorithm, timestamp, expiredate); pk->timestamp = timestamp; - pk->expiredate = expiredate; + kb_pk_invalidate_expiredate (pk); pk->max_expiredate = max_expiredate; pk->hdrbytes = hdrlen; pk->version = version; diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index bd257dc60..1adea5fbf 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -372,10 +372,10 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) } if (!pk) BUG (); - if (pk->expiredate && pk->expiredate <= make_timestamp ()) + if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) <= make_timestamp ()) { log_info (_("Note: secret key %s expired at %s\n"), - keystr (keyid), asctimestamp (pk->expiredate)); + keystr (keyid), asctimestamp (kb_pk_expiredate (pk))); } } diff --git a/g10/sig-check.c b/g10/sig-check.c index 4df29af7f..a73550042 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -132,7 +132,7 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, else { if(r_expiredate) - *r_expiredate = pk->expiredate; + *r_expiredate = kb_pk_expiredate (pk); rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL); @@ -324,12 +324,12 @@ check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig, flag which is set after a full evaluation of the key (getkey.c) as well as a simple compare to the current time in case the merge has for whatever reasons not been done. */ - if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) { + if( pk->has_expired || (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) < cur_time)) { char buf[11]; if (opt.verbose) log_info(_("Note: signature key %s expired %s\n"), - keystr_from_pk(pk), asctimestamp( pk->expiredate ) ); - sprintf(buf,"%lu",(ulong)pk->expiredate); + keystr_from_pk(pk), asctimestamp(kb_pk_expiredate (pk)) ); + sprintf(buf,"%lu",(ulong)kb_pk_expiredate (pk)); write_status_text(STATUS_KEYEXPIRED,buf); if(r_expired) *r_expired = 1; diff --git a/g10/trustdb.c b/g10/trustdb.c index 3dfff9ecf..304d280ee 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1829,9 +1829,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, { KBNODE node; - if (pk->expiredate && pk->expiredate >= curtime - && pk->expiredate < *next_expire) - *next_expire = pk->expiredate; + if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) >= curtime + && kb_pk_expiredate (pk) < *next_expire) + *next_expire = kb_pk_expiredate (pk); if (nkeys == maxkeys) { maxkeys += 1000; @@ -2007,9 +2007,9 @@ validate_keys (ctrl_t ctrl, int interactive) if (node->pkt->pkttype == PKT_USER_ID) update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE); } - if ( pk->expiredate && pk->expiredate >= start_time - && pk->expiredate < next_expire) - next_expire = pk->expiredate; + if (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) >= start_time + && kb_pk_expiredate (pk) < next_expire) + next_expire = kb_pk_expiredate (pk); release_kbnode (keyblock); do_sync ();