cryptnet: Set dwIndex in CertDllVerifyRevocation().
Signed-off-by: Zebediah Figura <zfigura@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
parent
0429df4aac
commit
18e46df9d1
|
@ -1514,33 +1514,22 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
|
|||
return ret;
|
||||
}
|
||||
|
||||
static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
|
||||
PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
|
||||
PCERT_REVOCATION_STATUS pRevStatus)
|
||||
static DWORD verify_cert_revocation_with_crl_online(const CERT_CONTEXT *cert,
|
||||
const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
|
||||
{
|
||||
DWORD error;
|
||||
PCRL_ENTRY entry = NULL;
|
||||
|
||||
CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
|
||||
if (entry)
|
||||
{
|
||||
error = CRYPT_E_REVOKED;
|
||||
pRevStatus->dwIndex = index;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Since the CRL was retrieved for the cert being checked, then it's
|
||||
* guaranteed to be fresh, and the cert is not revoked.
|
||||
*/
|
||||
error = ERROR_SUCCESS;
|
||||
}
|
||||
return error;
|
||||
return CRYPT_E_REVOKED;
|
||||
|
||||
/* Since the CRL was retrieved for the cert being checked, then it's
|
||||
* guaranteed to be fresh, and the cert is not revoked. */
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
|
||||
static DWORD verify_cert_revocation_from_dist_points_ext(
|
||||
const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
|
||||
FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
|
||||
PCERT_REVOCATION_STATUS pRevStatus)
|
||||
static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
|
||||
FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
|
||||
{
|
||||
DWORD error = ERROR_SUCCESS, cbUrlArray;
|
||||
|
||||
|
@ -1578,17 +1567,13 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
|
|||
NULL, NULL, NULL, NULL);
|
||||
if (ret)
|
||||
{
|
||||
error = verify_cert_revocation_with_crl_online(cert, crl,
|
||||
index, pTime, pRevStatus);
|
||||
error = verify_cert_revocation_with_crl_online(cert, crl, pTime, pRevStatus);
|
||||
if (!error && timeout)
|
||||
{
|
||||
DWORD time = GetTickCount();
|
||||
|
||||
if ((int)(endTime - time) <= 0)
|
||||
{
|
||||
error = ERROR_TIMEOUT;
|
||||
pRevStatus->dwIndex = index;
|
||||
}
|
||||
else
|
||||
timeout = endTime - time;
|
||||
}
|
||||
|
@ -1600,23 +1585,15 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
|
|||
CryptMemFree(urlArray);
|
||||
}
|
||||
else
|
||||
{
|
||||
error = ERROR_OUTOFMEMORY;
|
||||
pRevStatus->dwIndex = index;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
error = GetLastError();
|
||||
pRevStatus->dwIndex = index;
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
static DWORD verify_cert_revocation_from_aia_ext(
|
||||
const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
|
||||
FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
|
||||
PCERT_REVOCATION_STATUS pRevStatus)
|
||||
static DWORD verify_cert_revocation_from_aia_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
|
||||
FILETIME *pTime, DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
|
||||
{
|
||||
BOOL ret;
|
||||
DWORD error, size;
|
||||
|
@ -1650,10 +1627,9 @@ static DWORD verify_cert_revocation_from_aia_ext(
|
|||
}
|
||||
|
||||
static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
|
||||
PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
|
||||
PCERT_REVOCATION_STATUS pRevStatus)
|
||||
const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
|
||||
{
|
||||
DWORD error;
|
||||
PCRL_ENTRY entry = NULL;
|
||||
LONG valid;
|
||||
|
||||
valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
|
||||
|
@ -1663,46 +1639,38 @@ static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
|
|||
* way to know whether the certificate was revoked.
|
||||
*/
|
||||
TRACE("CRL not old enough\n");
|
||||
error = CRYPT_E_REVOCATION_OFFLINE;
|
||||
return CRYPT_E_REVOCATION_OFFLINE;
|
||||
}
|
||||
else
|
||||
{
|
||||
PCRL_ENTRY entry = NULL;
|
||||
|
||||
CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
|
||||
if (entry)
|
||||
{
|
||||
error = CRYPT_E_REVOKED;
|
||||
pRevStatus->dwIndex = index;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Since the CRL was not retrieved for the cert being checked,
|
||||
* there's no guarantee it's fresh, so the cert *might* be okay,
|
||||
* but it's safer not to guess.
|
||||
*/
|
||||
TRACE("certificate not found\n");
|
||||
error = CRYPT_E_REVOCATION_OFFLINE;
|
||||
}
|
||||
}
|
||||
return error;
|
||||
CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
|
||||
if (entry)
|
||||
return CRYPT_E_REVOKED;
|
||||
|
||||
/* Since the CRL was not retrieved for the cert being checked, there's no
|
||||
* guarantee it's fresh, so the cert *might* be okay, but it's safer not to
|
||||
* guess. */
|
||||
TRACE("certificate not found\n");
|
||||
return CRYPT_E_REVOCATION_OFFLINE;
|
||||
}
|
||||
|
||||
static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
|
||||
FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
|
||||
PCERT_REVOCATION_STATUS pRevStatus)
|
||||
static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
|
||||
DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
|
||||
{
|
||||
DWORD error = ERROR_SUCCESS;
|
||||
PCERT_EXTENSION ext;
|
||||
|
||||
if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
|
||||
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
|
||||
{
|
||||
error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
|
||||
index, pTime, dwFlags, pRevPara, pRevStatus);
|
||||
pTime, dwFlags, pRevPara, pRevStatus);
|
||||
}
|
||||
else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
|
||||
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
|
||||
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
|
||||
index, pTime, dwFlags, pRevPara, pRevStatus);
|
||||
{
|
||||
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime,
|
||||
dwFlags, pRevPara, pRevStatus);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
|
||||
|
@ -1753,15 +1721,13 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
|
|||
}
|
||||
if (crl)
|
||||
{
|
||||
error = verify_cert_revocation_with_crl_offline(cert, crl,
|
||||
index, pTime, pRevStatus);
|
||||
error = verify_cert_revocation_with_crl_offline(cert, crl, pTime, pRevStatus);
|
||||
CertFreeCRLContext(crl);
|
||||
}
|
||||
else
|
||||
{
|
||||
TRACE("no CRL found\n");
|
||||
error = CRYPT_E_NO_REVOCATION_CHECK;
|
||||
pRevStatus->dwIndex = index;
|
||||
}
|
||||
}
|
||||
else
|
||||
|
@ -1773,7 +1739,6 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
|
|||
else if (!pRevPara->pIssuerCert)
|
||||
WARN("no dist points/aia extension and no issuer\n");
|
||||
error = CRYPT_E_NO_REVOCATION_CHECK;
|
||||
pRevStatus->dwIndex = index;
|
||||
}
|
||||
}
|
||||
return error;
|
||||
|
@ -1833,9 +1798,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
|
|||
error = CRYPT_E_NO_REVOCATION_CHECK;
|
||||
else
|
||||
{
|
||||
for (i = 0; !error && i < cContext; i++)
|
||||
error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
|
||||
pRevPara, pRevStatus);
|
||||
for (i = 0; i < cContext; i++)
|
||||
{
|
||||
if ((error = verify_cert_revocation(rgpvContext[i], pTime, dwFlags, pRevPara, pRevStatus)))
|
||||
{
|
||||
pRevStatus->dwIndex = i;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (error)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue