From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 18 Oct 2024 13:26:12 +0000 (+0300)
Subject: Forgotten UTC conversion
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=69857891ec547d0360812fc337b87f6bc1ca0f43be65609e6c63eb9007833833;p=keks.git

Forgotten UTC conversion
---

diff --git a/cyac/cmd/cer-verify/cer-verify.c b/cyac/cmd/cer-verify/cer-verify.c
index 07ac5d0..50c9cc1 100644
--- a/cyac/cmd/cer-verify/cer-verify.c
+++ b/cyac/cmd/cer-verify/cer-verify.c
@@ -44,6 +44,7 @@ main(int argc, char **argv)
         unsigned char *buf = NULL;
         size_t len = 0;
         if (!Mmap(&buf, &len, argv[i])) {
+            fprintf(stderr, "%s: %s\n", argv[i], strerror(errno));
             exit(EXIT_FAILURE);
         }
         fputs(argv[i], stdout);
@@ -51,7 +52,7 @@ main(int argc, char **argv)
         size_t off = 0;
         enum YACErr err = YACCerParse(&(cers[i - 1]), &off, &failReason, buf, len);
         if (err != YACErrNo) {
-            fprintf(stderr, "%s\n", failReason);
+            fprintf(stderr, "%s: %s\n", argv[i], failReason);
             return EXIT_FAILURE;
         }
         fputs("cid:", stdout);
@@ -73,9 +74,9 @@ main(int argc, char **argv)
     struct YACCerSigVerifier sigVerifiers[] = {
         {.algo = "gost3410-256A", .func = gost3410SignatureVerifier},
         {.algo = "gost3410-512C", .func = gost3410SignatureVerifier},
+        {.algo = NULL},
     };
-    struct YACCerVerifyOpts opts = {
-        .t = now, .sigVerifiers = sigVerifiers, .sigVerifiersLen = 2};
+    struct YACCerVerifyOpts opts = {.t = now, .sigVerifiers = sigVerifiers};
 
     struct YACCer *toVerify = &(cers[0]);
     struct YACCer *verifier = NULL;
diff --git a/cyac/lib/pki/cer.c b/cyac/lib/pki/cer.c
index 9929bf0..0807e83 100644
--- a/cyac/lib/pki/cer.c
+++ b/cyac/lib/pki/cer.c
@@ -195,6 +195,11 @@ YACCerParse(
                     (*failReason) = "bad /sigs/./tbs/exp/since value";
                     return YACErrUnsatisfiedSchema;
                 }
+                err = YACTimespecToUTC(&(cer->since));
+                if (err != YACErrNo) {
+                    (*failReason) = "bad /sigs/./tbs/exp/since UTC value";
+                    return YACErrUnsatisfiedSchema;
+                }
                 err = YACTAI64ToTimespec(
                     &(cer->till),
                     items->list[idx + 2].atom.v.str.ptr,
@@ -203,6 +208,11 @@ YACCerParse(
                     (*failReason) = "bad /sigs/./tbs/exp/till value";
                     return YACErrUnsatisfiedSchema;
                 }
+                err = YACTimespecToUTC(&(cer->till));
+                if (err != YACErrNo) {
+                    (*failReason) = "bad /sigs/./tbs/exp/till UTC value";
+                    return YACErrUnsatisfiedSchema;
+                }
             }
             sigIdx = items->list[sigIdx].next;
         }
@@ -262,7 +272,8 @@ YACCerVerify(
         const size_t items = 5;
         struct YACItem tbsItems[5];
         memset(&tbsItems, 0, sizeof tbsItems);
-        struct YACItems tbs = {.list = tbsItems, .offsets=NULL, .len=items, .cap=-1};
+        struct YACItems tbs = {
+            .list = tbsItems, .offsets = NULL, .len = items, .cap = -1};
         tbsItems[0].atom.typ = YACItemMap;
         tbsItems[0].atom.v.list.head = 1;
 
@@ -320,7 +331,7 @@ YACCerVerify(
         }
         off += got;
     }
-    for (size_t i = 0; i < opts.sigVerifiersLen; i++) {
+    for (size_t i = 0; opts.sigVerifiers[i].algo != NULL; i++) {
         if (!YACStrEqual(&(pubA->atom), opts.sigVerifiers[i].algo)) {
             continue;
         }
diff --git a/cyac/lib/pki/cer.h b/cyac/lib/pki/cer.h
index e72b709..e8ba251 100644
--- a/cyac/lib/pki/cer.h
+++ b/cyac/lib/pki/cer.h
@@ -48,7 +48,6 @@ struct YACCerSigVerifier {
 struct YACCerVerifyOpts {
     struct timespec t;
     struct YACCerSigVerifier *sigVerifiers;
-    size_t sigVerifiersLen;
 };
 
 bool