* packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,

merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
self-sig express a key expiration time that extends beyond the original v3
expiration time.

4 files changed, 38 insertions, 16 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 326198194..6c750156e 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2002-05-07  David Shaw  <[email protected]>
+
+	* packet.h, parse-packet.c (parse_key), getkey.c
+	(merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
+	self-sig must never let the v4 self-sig express a key expiration
+	time that extends beyond the original v3 expiration time.
+
 2002-05-06  David Shaw  <[email protected]>
 
 	* keyedit.c (sign_uids): When making a self-signature via "sign"
diff --git a/g10/getkey.c b/g10/getkey.c
index 20bebf2ef..a113f8d13 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1048,6 +1048,12 @@ merge_keys_and_selfsig( KBNODE keyblock )
 		}
 	    }
 	}
+
+	if(pk->expiredate==0 || pk->expiredate>pk->max_expiredate)
+	  pk->expiredate=pk->max_expiredate;
+
+	if(sk->expiredate==0 || sk->expiredate>sk->max_expiredate)
+	  sk->expiredate=sk->max_expiredate;
     }
 }
 
@@ -1176,10 +1182,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
     pk->main_keyid[1] = kid[1];
 
     if ( pk->version < 4 ) {
-        /* before v4 the key packet itself contains the expiration date
-         * and there was no way to change it.  So we also use only the
-         * one from the key packet */
-        key_expire = pk->expiredate;
+        /* before v4 the key packet itself contains the expiration
+         * date and there was no way to change it, so we start with
+         * the one from the key packet */
+        key_expire = pk->max_expiredate;
         key_expire_seen = 1;
     }
 
@@ -1263,12 +1269,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                 key_usage |= PUBKEY_USAGE_ENC;
         }
 
-        if ( pk->version > 3 ) {
-            p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
-            if ( p ) {
-                key_expire = keytimestamp + buffer_to_u32(p);
-                key_expire_seen = 1;
-            }
+	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+	if ( p ) {
+	  key_expire = keytimestamp + buffer_to_u32(p);
+	  key_expire_seen = 1;
         }
 
         /* mark that key as valid: one direct key signature should 
@@ -1416,10 +1420,14 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
             }
       	}
     }
-   
+
+    /* Currently only v3 keys have a maximum expiration date, but I'll
+       bet v5 keys get this feature again. */
+    if(key_expire==0 || key_expire>pk->max_expiredate)
+      key_expire=pk->max_expiredate;
+
     pk->has_expired = key_expire >= curtime? 0 : key_expire;
-    if ( pk->version >= 4 ) 
-        pk->expiredate = key_expire;
+    pk->expiredate = key_expire;
     /* Fixme: we should see how to get rid of the expiretime fields  but
      * this needs changes at other places too. */
 
@@ -1560,7 +1568,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
     subpk->pubkey_usage = key_usage;
     
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
-
     if ( p ) 
         key_expire = keytimestamp + buffer_to_u32(p);
     else
diff --git a/g10/packet.h b/g10/packet.h
index 7ef9b3cda..7a2deddf7 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -184,6 +184,7 @@ typedef struct {
 typedef struct {
     u32     timestamp;	    /* key made */
     u32     expiredate;     /* expires at this date or 0 if not at all */
+    u32     max_expiredate; /* must not expire past this date */
     byte    hdrbytes;	    /* number of header bytes */
     byte    version;
     byte    selfsigversion; /* highest version of all of the self-sigs */
@@ -210,6 +211,7 @@ typedef struct {
 typedef struct {
     u32     timestamp;	    /* key made */
     u32     expiredate;     /* expires at this date or 0 if not at all */
+    u32     max_expiredate; /* must not expire past this date */
     byte    hdrbytes;	    /* number of header bytes */
     byte    version;
     byte    pubkey_algo;    /* algorithm used for public key scheme */
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index ff5b0bb05..027a2bb41 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1377,7 +1377,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 {
     int i, version, algorithm;
     unsigned n;
-    unsigned long timestamp, expiredate;
+    unsigned long timestamp, expiredate, max_expiredate;
     int npkey, nskey;
     int is_v4=0;
     int rc=0;
@@ -1416,8 +1416,10 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
     }
 
     timestamp = read_32(inp); pktlen -= 4;
-    if( is_v4 )
+    if( is_v4 ) {
 	expiredate = 0; /* have to get it from the selfsignature */
+	max_expiredate = 0;
+    }
     else {
 	unsigned short ndays;
 	ndays = read_16(inp); pktlen -= 2;
@@ -1425,6 +1427,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 	    expiredate = timestamp + ndays * 86400L;
 	else
 	    expiredate = 0;
+
+	max_expiredate=expiredate;
     }
     algorithm = iobuf_get_noeof(inp); pktlen--;
     if( list_mode )
@@ -1441,6 +1445,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 
 	sk->timestamp = timestamp;
 	sk->expiredate = expiredate;
+	sk->max_expiredate = max_expiredate;
 	sk->hdrbytes = hdrlen;
 	sk->version = version;
 	sk->is_primary = pkttype == PKT_SECRET_KEY;
@@ -1453,6 +1458,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 
 	pk->timestamp = timestamp;
 	pk->expiredate = expiredate;
+	pk->max_expiredate = max_expiredate;
 	pk->hdrbytes	= hdrlen;
 	pk->version	= version;
 	pk->pubkey_algo = algorithm;