Added key expiration time sig subpacket. Fixed segfault on fileread filter in case of failure in opening file.

8 years ago · de1b28475c
parent bf97027d73
commit de1b28475c
6 changed files with 49 additions and 23 deletions
--- a/dist/src/lib/keyring.c
+++ b/dist/src/lib/keyring.c
@ -825,7 +825,7 @@ void print_packet_hex(const pgp_subpacket_t *pkt);
 \return 1 if OK; else 0
 */
 unsigned 
-pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid)
+pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid, uint64_t duration)
 {
 	pgp_create_sig_t	*sig;
 	pgp_subpacket_t	 sigpacket;
@ -839,7 +839,8 @@ pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid)
 	/* create sig for this pkt */
 	sig = pgp_create_sig_new();
 	pgp_sig_start_key_sig(sig, &skey->key.seckey.pubkey, userid, PGP_CERT_POSITIVE);
-	pgp_add_time(sig, (int64_t)time(NULL), "birth");
+	pgp_add_creation_time(sig, (uint64_t)time(NULL));
+	pgp_add_key_expiration_time(sig, (uint64_t)duration);
 	pgp_add_issuer_keyid(sig, skey->pubkeyid);
 	pgp_add_primary_userid(sig, 1);
 	pgp_end_hashed_subpkts(sig);
@ -877,7 +878,7 @@ pgp_key_revoke(pgp_key_t *skey, pgp_key_t *pkey, uint8_t code, const char *reaso
            sig, &skey->key.seckey.pubkey,
            PGP_SIG_REV_KEY);

-	pgp_add_time(sig, (int64_t)time(NULL), "birth");
+	pgp_add_creation_time(sig, (int64_t)time(NULL));
 	pgp_add_issuer_keyid(sig, skey->pubkeyid);
    pgp_add_revocation_reason(sig, code, reason);
 	pgp_end_hashed_subpkts(sig);
--- a/dist/src/lib/keyring.h
+++ b/dist/src/lib/keyring.h
@ -143,7 +143,7 @@ unsigned pgp_update_userid(
 //                                        const pgp_subpacket_t *,
 //                                        unsigned );

-unsigned pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid);
+unsigned pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid, uint64_t duration);

 pgp_key_t  *pgp_keydata_new(void);
 void pgp_keydata_init(pgp_key_t *, const pgp_content_enum);
--- a/dist/src/lib/openssl_crypto.c
+++ b/dist/src/lib/openssl_crypto.c
@ -808,7 +808,7 @@ pgp_rsa_new_selfsign_key(const int numbits,
 	keydata = pgp_keydata_new();
 	if (!pgp_rsa_generate_keypair(keydata, numbits, e, hashalg, cipher,
                                  (const uint8_t *) "", (const size_t) 0) ||
-	    !pgp_add_selfsigned_userid(keydata, NULL, userid)) {
+	    !pgp_add_selfsigned_userid(keydata, NULL, userid, 0 /*never expire*/)) {
 		pgp_keydata_free(keydata);
 		return NULL;
 	}
--- a/dist/src/lib/signature.c
+++ b/dist/src/lib/signature.c
@ -843,17 +843,37 @@ pgp_write_sig(pgp_output_t *output,
 	return ret;
 }

-/* add a time stamp to the output */
 unsigned 
-pgp_add_time(pgp_create_sig_t *sig, int64_t when, const char *type)
+pgp_add_creation_time(pgp_create_sig_t *sig, uint64_t when)
 {
 	pgp_content_enum	tag;

-	tag = (strcmp(type, "birth") == 0) ?
-		PGP_PTAG_SS_CREATION_TIME : PGP_PTAG_SS_EXPIRATION_TIME;
-	/* just do 32-bit timestamps for just now - it's in the protocol */
+	tag = PGP_PTAG_SS_CREATION_TIME;
+
+	return pgp_write_ss_header(sig->output, 5, tag) &&
+		pgp_write_scalar(sig->output, when, 4/*sizeof(when)*/);
+}
+
+unsigned 
+pgp_add_sig_expiration_time(pgp_create_sig_t *sig, uint64_t duration)
+{
+	pgp_content_enum	tag;
+
+	tag = PGP_PTAG_SS_EXPIRATION_TIME;
+
+	return pgp_write_ss_header(sig->output, 5, tag) &&
+		pgp_write_scalar(sig->output, duration, 4/*sizeof(duration)*/);
+}
+
+unsigned 
+pgp_add_key_expiration_time(pgp_create_sig_t *sig, uint64_t duration)
+{
+	pgp_content_enum	tag;
+
+	tag = PGP_PTAG_SS_KEY_EXPIRY;
+
 	return pgp_write_ss_header(sig->output, 5, tag) &&
-		pgp_write_scalar(sig->output, (uint32_t)when, (unsigned)sizeof(uint32_t));
+		pgp_write_scalar(sig->output, duration, 4/*sizeof(duration)*/);
 }

 /**
@ -1031,8 +1051,8 @@ pgp_sign_file(pgp_io_t *io,
 		/* - creation time */
 		/* - key id */
 		ret = pgp_writer_use_armored_sig(output) &&
-				pgp_add_time(sig, (int64_t)from, "birth") &&
-				pgp_add_time(sig, (int64_t)duration, "expiration");
+				pgp_add_creation_time(sig, (uint64_t)from) &&
+				pgp_add_sig_expiration_time(sig, (uint64_t)duration);
 		if (ret == 0) {
 			pgp_teardown_file_write(output, fd_out);
 			return 0;
@ -1078,8 +1098,8 @@ pgp_sign_file(pgp_io_t *io,
 #endif

 		/* add creation time to signature */
-		pgp_add_time(sig, (int64_t)from, "birth");
-		pgp_add_time(sig, (int64_t)duration, "expiration");
+		pgp_add_creation_time(sig, (uint64_t)from);
+		pgp_add_sig_expiration_time(sig, (uint64_t)duration);
 		/* add key id to signature */
 		pgp_keyid(keyid, PGP_KEY_ID_SIZE, &seckey->pubkey, hash_alg);
 		pgp_add_issuer_keyid(sig, keyid);
@ -1172,8 +1192,8 @@ pgp_sign_buf(pgp_io_t *io,
 		ret = pgp_writer_push_clearsigned(output, sig) &&
 			pgp_write(output, input, (unsigned)insize) &&
 			pgp_writer_use_armored_sig(output) &&
-			pgp_add_time(sig, from, "birth") &&
-			pgp_add_time(sig, (int64_t)duration, "expiration");
+			pgp_add_creation_time(sig, from) &&
+			pgp_add_sig_expiration_time(sig, (uint64_t)duration);
 		if (ret == 0) {
 			return NULL;
 		}
@ -1203,8 +1223,8 @@ pgp_sign_buf(pgp_io_t *io,
 		}

 		/* add creation time to signature */
-		pgp_add_time(sig, from, "birth");
-		pgp_add_time(sig, (int64_t)duration, "expiration");
+		pgp_add_creation_time(sig, from);
+		pgp_add_sig_expiration_time(sig, (uint64_t)duration);
 		/* add key id to signature */
 		pgp_keyid(keyid, PGP_KEY_ID_SIZE, &seckey->pubkey, hash_alg);
 		pgp_add_issuer_keyid(sig, keyid);
@ -1271,8 +1291,8 @@ pgp_sign_detached(pgp_io_t *io,
 	pgp_memory_free(mem);

 	/* calculate the signature */
-	pgp_add_time(sig, from, "birth");
-	pgp_add_time(sig, (int64_t)duration, "expiration");
+	pgp_add_creation_time(sig, from);
+	pgp_add_sig_expiration_time(sig, (uint64_t)duration);
 	pgp_keyid(keyid, sizeof(keyid), &seckey->pubkey, hash_alg);
 	pgp_add_issuer_keyid(sig, keyid);
 	pgp_end_hashed_subpkts(sig);
--- a/dist/src/lib/signature.h
+++ b/dist/src/lib/signature.h
@ -98,11 +98,17 @@ pgp_hash_t *pgp_sig_get_hash(pgp_create_sig_t *);
 unsigned   pgp_end_hashed_subpkts(pgp_create_sig_t *);
 unsigned pgp_write_sig(pgp_output_t *, pgp_create_sig_t *,
 			const pgp_pubkey_t *, const pgp_seckey_t *);
-unsigned   pgp_add_time(pgp_create_sig_t *, int64_t, const char *);
 unsigned pgp_add_issuer_keyid(pgp_create_sig_t *,
 			const uint8_t *);
 void pgp_add_primary_userid(pgp_create_sig_t *, unsigned);

+unsigned 
+pgp_add_creation_time(pgp_create_sig_t *sig, uint64_t when);
+unsigned 
+pgp_add_sig_expiration_time(pgp_create_sig_t *sig, uint64_t duration);
+unsigned 
+pgp_add_key_expiration_time(pgp_create_sig_t *sig, uint64_t duration);
+
 /* Standard Interface */
 unsigned   pgp_sign_file(pgp_io_t *,
 			const char *,
--- a/dist/src/lib/validate.c
+++ b/dist/src/lib/validate.c
@ -865,7 +865,6 @@ pgp_filter_keys_fileread(
 			1);

 	if (fd < 0) {
-		pgp_stream_delete(stream);
 		perror(filename);
 		return 0;
 	}