From ef5a6d046052fd8807f72b476d50e053b6b74dfc Mon Sep 17 00:00:00 2001
From: FUTATSUKI Yasuhito <futatuki@yf.bsdclub.org>
Date: Wed, 11 Sep 2024 20:32:35 +0900
Subject: [PATCH 1/3] issue #174: Fix incomplete AAR header if there is no own
 AR header

---
 openarc/openarc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openarc/openarc.c b/openarc/openarc.c
index 7e191dc1..2b67262c 100644
--- a/openarc/openarc.c
+++ b/openarc/openarc.c
@@ -3768,7 +3768,7 @@ mlfi_eom(SMFICTX *ctx)
 		                     conf->conf_keylen,
 		                     arcf_dstring_len(afc->mctx_tmpstr) > 0
 		                     ? arcf_dstring_get(afc->mctx_tmpstr)
-		                     : NULL);
+		                     : "none");
 		if (status != ARC_STAT_OK)
 		{
 			if (conf->conf_dolog)

From 4c0d4a4b35360dd73fdf9cdcc6cc9b93f8948210 Mon Sep 17 00:00:00 2001
From: Paul Arthur <paul.arthur@flowerysong.com>
Date: Wed, 2 Oct 2024 22:54:07 +0000
Subject: [PATCH 2/3] Correctly indicate no auth result in AAR

It is not valid to have no authentication results; if no message
authentication was performed the special value no-result
(`[CFWS] ";" [CFWS] "none"`) should be used.

https://github.com/trusteddomainproject/OpenARC/issues/174
---
 libopenarc/arc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libopenarc/arc.c b/libopenarc/arc.c
index 1c6c9ded..e2622427 100644
--- a/libopenarc/arc.c
+++ b/libopenarc/arc.c
@@ -3213,8 +3213,12 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid,
 	arc_dstring_printf(dstr, "ARC-Authentication-Results:i=%u; %s",
 	                   msg->arc_nsets + 1,
 	                   msg->arc_authservid);
-	if (ar != NULL)
+	if (ar == NULL) {
+		/* no-result per RFC 8601 2.2 */
+		arc_dstring_printf(dstr, "; none");
+	} else {
 		arc_dstring_printf(dstr, "; %s", (char *) ar);
+	}
 
 	status = arc_parse_header_field(msg, arc_dstring_get(dstr),
 	                                arc_dstring_len(dstr), &h);

From 98151b39600c1aa61c749542283d7c1cf2109252 Mon Sep 17 00:00:00 2001
From: FUTATSUKI Yasuhito <futatuki@yf.bsdclub.org>
Date: Thu, 3 Oct 2024 15:47:07 +0900
Subject: [PATCH 3/3] arc_getseal: Clarify that ar can be NULL in the function
 description comment.

---
 libopenarc/arc.c | 3 ++-
 libopenarc/arc.h | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/libopenarc/arc.c b/libopenarc/arc.c
index e2622427..06155459 100644
--- a/libopenarc/arc.c
+++ b/libopenarc/arc.c
@@ -3070,7 +3070,8 @@ arc_set_cv(ARC_MESSAGE *msg, ARC_CHAIN cv)
 **      domain -- domain name
 **      key -- secret key, printable
 **      keylen -- key length
-**  	ar -- Authentication-Results to be enshrined
+**  	ar -- Authentication-Results to be enshrined. It can be NULL,
+** 	      which means no results.
 **
 **  Return value:
 **  	An ARC_STAT_* constant.
diff --git a/libopenarc/arc.h b/libopenarc/arc.h
index 34cf0736..902373fd 100644
--- a/libopenarc/arc.h
+++ b/libopenarc/arc.h
@@ -480,7 +480,8 @@ extern void arc_set_cv __P((ARC_MESSAGE *, ARC_CHAIN));
 **  	domain -- domain name
 **  	key -- secret key
 **  	keylen -- key length
-**  	ar -- Authentication-Results to be enshrined
+**  	ar -- Authentication-Results to be enshrined. It can be NULL,
+** 	      which means no results.
 **
 **  Return value:
 **  	An ARC_STAT_* constant.