From 7d8564cf8873c384b861f734398a404c8b276e55 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Fri, 18 Feb 2022 11:11:12 +0900 Subject: [PATCH] sm: Fix use of value NONE in gnupg_isotime_t type. * common/gettime.h (GNUPG_ISOTIME_NONE): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it. * sm/certlist.c (gpgsm_add_to_certlist): Likewise. * sm/import.c (check_and_store): Likewise. * sm/keylist.c (list_cert_colon, list_cert_raw): Likewise. (list_cert_std): Likewise. * sm/sign.c (gpgsm_sign): Likewise. -- Signed-off-by: NIIBE Yutaka (cherry picked from commit 05fdaa1737523fad72b6ffb9e7a90d5344ff64a5) --- common/gettime.h | 5 +++++ sm/call-dirmngr.c | 3 ++- sm/certlist.c | 2 +- sm/import.c | 3 ++- sm/keylist.c | 9 ++++++--- sm/sign.c | 3 ++- 6 files changed, 18 insertions(+), 7 deletions(-) diff --git a/common/gettime.h b/common/gettime.h index 73f188634..4f7199f92 100644 --- a/common/gettime.h +++ b/common/gettime.h @@ -38,6 +38,11 @@ the KSBA type ksba_isotime_t. */ typedef char gnupg_isotime_t[16]; +/* Constant string of 16-byte, which is compatible to the type + gnupg_iso_time_t. */ +#define GNUPG_ISOTIME_NONE \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + time_t gnupg_get_time (void); struct tm *gnupg_gmtime (const time_t *timep, struct tm *result); void gnupg_get_isotime (gnupg_isotime_t timebuf); diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 56710c8ae..0bd805e1b 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -605,7 +605,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, { /* Note the no_dirmngr flag: This avoids checking this certificate over and over again. */ - rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL, + rc = gpgsm_validate_chain (ctrl, rspcert, GNUPG_ISOTIME_NONE, + NULL, 0, NULL, VALIDATE_FLAG_NO_DIRMNGR, NULL); if (rc) { diff --git a/sm/certlist.c b/sm/certlist.c index 74dd10887..3cd68089b 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -468,7 +468,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, } } if (!rc) - rc = gpgsm_validate_chain (ctrl, cert, "", NULL, + rc = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL); if (!rc) { diff --git a/sm/import.c b/sm/import.c index d4ff2c1c5..8f5d273f7 100644 --- a/sm/import.c +++ b/sm/import.c @@ -192,7 +192,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats, */ rc = gpgsm_basic_cert_check (ctrl, cert); if (!rc && ctrl->with_validation) - rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL); + rc = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL); if (!rc || (!ctrl->with_validation && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT))) diff --git a/sm/keylist.c b/sm/keylist.c index 1d6c93359..9b1a95fca 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -415,7 +415,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, char *kludge_uid; if (ctrl->with_validation) - valerr = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, NULL, 0, NULL); + valerr = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 1, NULL, 0, NULL); else valerr = 0; @@ -1107,7 +1108,8 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, if (with_validation) { - err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL); + err = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); if (!err) es_fprintf (fp, " [certificate is good]\n"); else @@ -1354,7 +1356,8 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, size_t buflen; char buffer[1]; - err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL); + err = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); tmperr = ksba_cert_get_user_data (cert, "is_qualified", &buffer, sizeof (buffer), &buflen); if (!tmperr && buflen) diff --git a/sm/sign.c b/sm/sign.c index 0dfd15864..d6789fb94 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -410,7 +410,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, check that the signer's certificate is usable and valid. */ rc = gpgsm_cert_use_sign_p (cert, 0); if (!rc) - rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL); + rc = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL); if (rc) { char *tmpfpr;