Zebediah Figura : cryptnet: Set dwIndex in CertDllVerifyRevocation().
Alexandre Julliard
julliard at winehq.org
Wed Jul 21 16:04:31 CDT 2021
Module: wine
Branch: master
Commit: 18e46df9d1097983b7f769c3d49c70207e33f9ac
URL: https://source.winehq.org/git/wine.git/?a=commit;h=18e46df9d1097983b7f769c3d49c70207e33f9ac
Author: Zebediah Figura <zfigura at codeweavers.com>
Date: Thu Jul 15 11:25:20 2021 -0500
cryptnet: Set dwIndex in CertDllVerifyRevocation().
Signed-off-by: Zebediah Figura <zfigura at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/cryptnet/cryptnet_main.c | 114 ++++++++++++++++--------------------------
1 file changed, 42 insertions(+), 72 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index f667c655e46..06c468bd655 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1514,33 +1514,22 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
return ret;
}
-static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
- PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation_with_crl_online(const CERT_CONTEXT *cert,
+ const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
{
- DWORD error;
PCRL_ENTRY entry = NULL;
CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
if (entry)
- {
- error = CRYPT_E_REVOKED;
- pRevStatus->dwIndex = index;
- }
- else
- {
- /* Since the CRL was retrieved for the cert being checked, then it's
- * guaranteed to be fresh, and the cert is not revoked.
- */
- error = ERROR_SUCCESS;
- }
- return error;
+ return CRYPT_E_REVOKED;
+
+ /* Since the CRL was retrieved for the cert being checked, then it's
+ * guaranteed to be fresh, and the cert is not revoked. */
+ return ERROR_SUCCESS;
}
-static DWORD verify_cert_revocation_from_dist_points_ext(
- const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
- FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
+ FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
{
DWORD error = ERROR_SUCCESS, cbUrlArray;
@@ -1578,17 +1567,13 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
NULL, NULL, NULL, NULL);
if (ret)
{
- error = verify_cert_revocation_with_crl_online(cert, crl,
- index, pTime, pRevStatus);
+ error = verify_cert_revocation_with_crl_online(cert, crl, pTime, pRevStatus);
if (!error && timeout)
{
DWORD time = GetTickCount();
if ((int)(endTime - time) <= 0)
- {
error = ERROR_TIMEOUT;
- pRevStatus->dwIndex = index;
- }
else
timeout = endTime - time;
}
@@ -1600,23 +1585,15 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
CryptMemFree(urlArray);
}
else
- {
error = ERROR_OUTOFMEMORY;
- pRevStatus->dwIndex = index;
- }
}
else
- {
error = GetLastError();
- pRevStatus->dwIndex = index;
- }
return error;
}
-static DWORD verify_cert_revocation_from_aia_ext(
- const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
- FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation_from_aia_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
+ FILETIME *pTime, DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
{
BOOL ret;
DWORD error, size;
@@ -1650,10 +1627,9 @@ static DWORD verify_cert_revocation_from_aia_ext(
}
static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
- PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
- PCERT_REVOCATION_STATUS pRevStatus)
+ const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
{
- DWORD error;
+ PCRL_ENTRY entry = NULL;
LONG valid;
valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
@@ -1663,46 +1639,38 @@ static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
* way to know whether the certificate was revoked.
*/
TRACE("CRL not old enough\n");
- error = CRYPT_E_REVOCATION_OFFLINE;
+ return CRYPT_E_REVOCATION_OFFLINE;
}
- else
- {
- PCRL_ENTRY entry = NULL;
- CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
- if (entry)
- {
- error = CRYPT_E_REVOKED;
- pRevStatus->dwIndex = index;
- }
- else
- {
- /* Since the CRL was not retrieved for the cert being checked,
- * there's no guarantee it's fresh, so the cert *might* be okay,
- * but it's safer not to guess.
- */
- TRACE("certificate not found\n");
- error = CRYPT_E_REVOCATION_OFFLINE;
- }
- }
- return error;
+ CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
+ if (entry)
+ return CRYPT_E_REVOKED;
+
+ /* Since the CRL was not retrieved for the cert being checked, there's no
+ * guarantee it's fresh, so the cert *might* be okay, but it's safer not to
+ * guess. */
+ TRACE("certificate not found\n");
+ return CRYPT_E_REVOCATION_OFFLINE;
}
-static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
- FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
+ DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
{
DWORD error = ERROR_SUCCESS;
PCERT_EXTENSION ext;
if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+ {
error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
- index, pTime, dwFlags, pRevPara, pRevStatus);
+ pTime, dwFlags, pRevPara, pRevStatus);
+ }
else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
- error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
- index, pTime, dwFlags, pRevPara, pRevStatus);
+ {
+ error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime,
+ dwFlags, pRevPara, pRevStatus);
+ }
else
{
if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
@@ -1753,15 +1721,13 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
}
if (crl)
{
- error = verify_cert_revocation_with_crl_offline(cert, crl,
- index, pTime, pRevStatus);
+ error = verify_cert_revocation_with_crl_offline(cert, crl, pTime, pRevStatus);
CertFreeCRLContext(crl);
}
else
{
TRACE("no CRL found\n");
error = CRYPT_E_NO_REVOCATION_CHECK;
- pRevStatus->dwIndex = index;
}
}
else
@@ -1773,7 +1739,6 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
else if (!pRevPara->pIssuerCert)
WARN("no dist points/aia extension and no issuer\n");
error = CRYPT_E_NO_REVOCATION_CHECK;
- pRevStatus->dwIndex = index;
}
}
return error;
@@ -1833,9 +1798,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
error = CRYPT_E_NO_REVOCATION_CHECK;
else
{
- for (i = 0; !error && i < cContext; i++)
- error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
- pRevPara, pRevStatus);
+ for (i = 0; i < cContext; i++)
+ {
+ if ((error = verify_cert_revocation(rgpvContext[i], pTime, dwFlags, pRevPara, pRevStatus)))
+ {
+ pRevStatus->dwIndex = i;
+ break;
+ }
+ }
}
if (error)
{
More information about the wine-cvs
mailing list