ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cryptnet: Set dwIndex in CertDllVerifyRevocation(). 

Signed-off-by: Zebediah Figura <zfigura@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Zebediah Figura 2021-07-15 11:25:20 -05:00 committed by Alexandre Julliard
parent 0429df4aac
commit 18e46df9d1
1 changed files with 42 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
dlls/cryptnet/cryptnet_main.c
View File

@ -1514,33 +1514,22 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
return ret;
}
static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
PCERT_REVOCATION_STATUS pRevStatus)
static DWORD verify_cert_revocation_with_crl_online(const CERT_CONTEXT *cert,
const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
{
DWORD error;
PCRL_ENTRY entry = NULL;
CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
if (entry)
{
error = CRYPT_E_REVOKED;
pRevStatus->dwIndex = index;
}
else
{
/* Since the CRL was retrieved for the cert being checked, then it's
* guaranteed to be fresh, and the cert is not revoked.
*/
error = ERROR_SUCCESS;
}
return error;
return CRYPT_E_REVOKED;
/* Since the CRL was retrieved for the cert being checked, then it's
* guaranteed to be fresh, and the cert is not revoked. */
return ERROR_SUCCESS;
}
static DWORD verify_cert_revocation_from_dist_points_ext(
const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
PCERT_REVOCATION_STATUS pRevStatus)
static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
{
DWORD error = ERROR_SUCCESS, cbUrlArray;
@ -1578,17 +1567,13 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
NULL, NULL, NULL, NULL);
if (ret)
{
error = verify_cert_revocation_with_crl_online(cert, crl,
index, pTime, pRevStatus);
error = verify_cert_revocation_with_crl_online(cert, crl, pTime, pRevStatus);
if (!error && timeout)
{
DWORD time = GetTickCount();
if ((int)(endTime - time) <= 0)
{
error = ERROR_TIMEOUT;
pRevStatus->dwIndex = index;
}
else
timeout = endTime - time;
}
@ -1600,23 +1585,15 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
CryptMemFree(urlArray);
}
else
{
error = ERROR_OUTOFMEMORY;
pRevStatus->dwIndex = index;
}
}
else
{
error = GetLastError();
pRevStatus->dwIndex = index;
}
return error;
}
static DWORD verify_cert_revocation_from_aia_ext(
const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
PCERT_REVOCATION_STATUS pRevStatus)
static DWORD verify_cert_revocation_from_aia_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
FILETIME *pTime, DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
{
BOOL ret;
DWORD error, size;
@ -1650,10 +1627,9 @@ static DWORD verify_cert_revocation_from_aia_ext(
}
static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
PCERT_REVOCATION_STATUS pRevStatus)
const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
{
DWORD error;
PCRL_ENTRY entry = NULL;
LONG valid;
valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
@ -1663,46 +1639,38 @@ static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
* way to know whether the certificate was revoked.
*/
TRACE("CRL not old enough\n");
error = CRYPT_E_REVOCATION_OFFLINE;
return CRYPT_E_REVOCATION_OFFLINE;
}
else
{
PCRL_ENTRY entry = NULL;
CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
if (entry)
{
error = CRYPT_E_REVOKED;
pRevStatus->dwIndex = index;
}
else
{
/* Since the CRL was not retrieved for the cert being checked,
* there's no guarantee it's fresh, so the cert *might* be okay,
* but it's safer not to guess.
*/
TRACE("certificate not found\n");
error = CRYPT_E_REVOCATION_OFFLINE;
}
}
return error;
CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
if (entry)
return CRYPT_E_REVOKED;
/* Since the CRL was not retrieved for the cert being checked, there's no
* guarantee it's fresh, so the cert *might* be okay, but it's safer not to
* guess. */
TRACE("certificate not found\n");
return CRYPT_E_REVOCATION_OFFLINE;
}
static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
PCERT_REVOCATION_STATUS pRevStatus)
static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
{
DWORD error = ERROR_SUCCESS;
PCERT_EXTENSION ext;
if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
{
error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
index, pTime, dwFlags, pRevPara, pRevStatus);
pTime, dwFlags, pRevPara, pRevStatus);
}
else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
index, pTime, dwFlags, pRevPara, pRevStatus);
{
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime,
dwFlags, pRevPara, pRevStatus);
}
else
{
if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
@ -1753,15 +1721,13 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
}
if (crl)
{
error = verify_cert_revocation_with_crl_offline(cert, crl,
index, pTime, pRevStatus);
error = verify_cert_revocation_with_crl_offline(cert, crl, pTime, pRevStatus);
CertFreeCRLContext(crl);
}
else
{
TRACE("no CRL found\n");
error = CRYPT_E_NO_REVOCATION_CHECK;
pRevStatus->dwIndex = index;
}
}
else
@ -1773,7 +1739,6 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
else if (!pRevPara->pIssuerCert)
WARN("no dist points/aia extension and no issuer\n");
error = CRYPT_E_NO_REVOCATION_CHECK;
pRevStatus->dwIndex = index;
}
}
return error;
@ -1833,9 +1798,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
error = CRYPT_E_NO_REVOCATION_CHECK;
else
{
for (i = 0; !error && i < cContext; i++)
error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
pRevPara, pRevStatus);
for (i = 0; i < cContext; i++)
{
if ((error = verify_cert_revocation(rgpvContext[i], pTime, dwFlags, pRevPara, pRevStatus)))
{
pRevStatus->dwIndex = i;
break;
}
}
}
if (error)
{