* keyedit.c (menu_expire): Don't lose key flags when changing the

expiration date of a subkey.  This is not the most optimal solution, but
it is minimal change on the stable branch.

* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.

* import.c (fix_hkp_corruption): Comment.

5 files changed, 71 insertions, 20 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 6cc110412..72fbf2d04 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,18 @@
+2002-12-01  David Shaw  <[email protected]>
+
+	* keyedit.c (menu_expire): Don't lose key flags when changing the
+	expiration date of a subkey.  This is not the most optimal
+	solution, but it is minimal change on the stable branch.
+
+	* main.h, keygen.c (do_copy_key_flags): New function to copy key
+	flags, if any, from one sig to another.
+	(do_add_key_expire): New function to add key expiration to a sig.
+	(keygen_copy_flags_add_expire): New version of
+	keygen_add_key_expire that also copies key flags.
+	(keygen_add_key_flags_and_expire): Use do_add_key_expire.
+
+	* import.c (fix_hkp_corruption): Comment.
+
 2002-11-25  Stefan Bellon  <[email protected]>
 
 	* plaintext.c (handle_plaintext) [__riscos__]: If nooutput is set,
diff --git a/g10/import.c b/g10/import.c
index d06d957c2..654310267 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -505,6 +505,10 @@ fix_hkp_corruption(KBNODE keyblock)
 	  sknode->next=node;
 	  last->next=NULL;
 
+	  /* Note we aren't checking whether this binding sig is a
+	     selfsig.  This is not necessary here as the subkey and
+	     binding sig will be rejected later if that is the
+	     case. */
 	  if(check_key_signature(keyblock,node,NULL))
 	    {
 	      /* Not a match, so undo the changes. */
diff --git a/g10/keyedit.c b/g10/keyedit.c
index b52d8f4d1..f06c91886 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2699,9 +2699,14 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
 					     sk, 0x13, 0, 0, 0, 0,
 					     keygen_add_std_prefs, main_pk );
 		else
+		  {
+		    struct flags_expire fe;
+		    fe.pk=sub_pk;
+		    fe.sig=sig;
 		    rc = make_keysig_packet( &newsig, main_pk, NULL, sub_pk,
 					     sk, 0x18, 0, 0, 0, 0,
-					     keygen_add_key_expire, sub_pk );
+					     keygen_copy_flags_add_expire,&fe);
+		  }
 		if( rc ) {
 		    log_error("make_keysig_packet failed: %s\n",
 						    g10_errstr(rc));
diff --git a/g10/keygen.c b/g10/keygen.c
index e2eb91bc5..aa30b4d6b 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -143,34 +143,56 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
     build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
 }
 
+static void
+do_copy_key_flags (PKT_signature *sig, PKT_signature *oldsig)
+{
+  const byte *f;
+  size_t n;
+ 
+  /* Note that this will make any key flags in the unhashed area
+     disappear.  This may be good or bad, depending on your point of
+     view. */
+  f=parse_sig_subpkt(oldsig->hashed,SIGSUBPKT_KEY_FLAGS,&n);
+  if(f)
+    build_sig_subpkt(sig,SIGSUBPKT_KEY_FLAGS,f,n);
+}
 
-int
-keygen_add_key_expire( PKT_signature *sig, void *opaque )
+static void
+do_add_key_expire( PKT_signature *sig, PKT_public_key *pk )
 {
-    PKT_public_key *pk = opaque;
-    byte buf[8];
-    u32  u;
+  if( pk->expiredate )
+    {
+      byte buf[4];
+      u32 u;
 
-    if( pk->expiredate ) {
-	u = pk->expiredate > pk->timestamp? pk->expiredate - pk->timestamp
-					  : pk->timestamp;
-	buf[0] = (u >> 24) & 0xff;
-	buf[1] = (u >> 16) & 0xff;
-	buf[2] = (u >>	8) & 0xff;
-	buf[3] = u & 0xff;
-	build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
+      u = pk->expiredate > pk->timestamp? pk->expiredate - pk->timestamp
+	: pk->timestamp;
+      buf[0] = (u >> 24) & 0xff;
+      buf[1] = (u >> 16) & 0xff;
+      buf[2] = (u >>  8) & 0xff;
+      buf[3] = u & 0xff;
+      build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
     }
+}
 
-    return 0;
+int
+keygen_copy_flags_add_expire( PKT_signature *sig, void *opaque )
+{
+  struct flags_expire *fe=opaque;
+  do_add_key_expire(sig,fe->pk);
+  do_copy_key_flags(sig,fe->sig);
+
+  return 0;
 }
 
 static int
 keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque)
 {
-    struct opaque_data_usage_and_pk *oduap = opaque;
+  struct opaque_data_usage_and_pk *oduap = opaque;
 
-    do_add_key_flags (sig, oduap->usage);
-    return keygen_add_key_expire (sig, oduap->pk);
+  do_add_key_flags (sig, oduap->usage);
+  do_add_key_expire(sig,oduap->pk);
+  return 0;
 }
 
 static int
@@ -489,7 +511,7 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque )
     byte buf[8];
 
     do_add_key_flags (sig, pk->pubkey_usage);
-    keygen_add_key_expire( sig, opaque );
+    do_add_key_expire (sig, pk);
     keygen_upd_std_prefs (sig, opaque);
 
     buf[0] = 0x80; /* no modify - It is reasonable that a key holder
diff --git a/g10/main.h b/g10/main.h
index 91b7182e2..2162d0cc2 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -130,7 +130,12 @@ u32 ask_expiredate(void);
 void generate_keypair( const char *fname );
 int keygen_set_std_prefs (const char *string,int personal);
 PKT_user_id *keygen_get_std_prefs (void);
-int keygen_add_key_expire( PKT_signature *sig, void *opaque );
+struct flags_expire
+{
+  PKT_public_key *pk;
+  PKT_signature *sig;
+};
+int keygen_copy_flags_add_expire( PKT_signature *sig, void *opaque );
 int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
 int keygen_upd_std_prefs( PKT_signature *sig, void *opaque );
 int keygen_add_revkey(PKT_signature *sig, void *opaque);