Juan Lang : cryptnet: Check CRL with verify time in CertDllVerifyRevocation .

Mon Nov 23 08:49:48 CST 2009

Module: wine
Branch: master
Commit: ff57ba9d7c633c2e263f8a88392448087c1eca13
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=ff57ba9d7c633c2e263f8a88392448087c1eca13

Author: Juan Lang <juan.lang at gmail.com>
Date:   Fri Nov 20 12:09:21 2009 -0800

cryptnet: Check CRL with verify time in CertDllVerifyRevocation.

---

 dlls/cryptnet/cryptnet_main.c |   46 +++++++++++++++++++++++++++++++++--------
 1 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index 3744e68..a37c0d6 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1441,6 +1441,15 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
     return ret;
 }
 
+typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
+    DWORD                     cbSize;
+    PCCERT_CONTEXT            pIssuerCert;
+    DWORD                     cCertStore;
+    HCERTSTORE               *rgCertStore;
+    HCERTSTORE                hCrlStore;
+    LPFILETIME                pftTimeToUse;
+} CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
+
 typedef struct _OLD_CERT_REVOCATION_STATUS {
     DWORD cbSize;
     DWORD dwIndex;
@@ -1457,6 +1466,8 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
 {
     DWORD error = 0, i;
     BOOL ret;
+    FILETIME now;
+    LPFILETIME pTime = NULL;
 
     TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
      cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
@@ -1472,6 +1483,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
         SetLastError(E_INVALIDARG);
         return FALSE;
     }
+    if (pRevPara && pRevPara->cbSize >=
+     sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
+        pTime = pRevPara->pftTimeToUse;
+    if (!pTime)
+    {
+        GetSystemTimeAsFileTime(&now);
+        pTime = &now;
+    }
     memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
     if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
     {
@@ -1524,18 +1543,27 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
                          (void **)&crl, NULL, NULL, NULL, NULL);
                         if (ret)
                         {
-                            PCRL_ENTRY entry = NULL;
-
-                            CertFindCertificateInCRL(
-                             rgpvContext[i], crl, 0, NULL,
-                             &entry);
-                            if (entry)
+                            if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
                             {
-                                error = CRYPT_E_REVOKED;
-                                pRevStatus->dwIndex = i;
+                                /* The CRL isn't time valid */
+                                error = CRYPT_E_NO_REVOCATION_CHECK;
                                 ret = FALSE;
                             }
-                            else if (timeout)
+                            else
+                            {
+                                PCRL_ENTRY entry = NULL;
+
+                                CertFindCertificateInCRL(
+                                 rgpvContext[i], crl, 0, NULL,
+                                 &entry);
+                                if (entry)
+                                {
+                                    error = CRYPT_E_REVOKED;
+                                    pRevStatus->dwIndex = i;
+                                    ret = FALSE;
+                                }
+                            }
+                            if (ret && timeout)
                             {
                                 DWORD time = GetTickCount();
 


