cryptnet: Set dwIndex in CertDllVerifyRevocation().

dlls/cryptnet/cryptnet_main.c

@@ -1514,33 +1514,22 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
     return ret;
 }
 
-static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
- PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation_with_crl_online(const CERT_CONTEXT *cert,
+        const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
 {
-    DWORD error;
     PCRL_ENTRY entry = NULL;
 
     CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
     if (entry)
-    {
-        error = CRYPT_E_REVOKED;
-        pRevStatus->dwIndex = index;
-    }
-    else
-    {
-        /* Since the CRL was retrieved for the cert being checked, then it's
-         * guaranteed to be fresh, and the cert is not revoked.
-         */
-        error = ERROR_SUCCESS;
-    }
-    return error;
+        return CRYPT_E_REVOKED;
+
+    /* Since the CRL was retrieved for the cert being checked, then it's
+     * guaranteed to be fresh, and the cert is not revoked. */
+    return ERROR_SUCCESS;
 }
 
-static DWORD verify_cert_revocation_from_dist_points_ext(
- const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
- FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
+        FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
 {
     DWORD error = ERROR_SUCCESS, cbUrlArray;
 
@@ -1578,17 +1567,13 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
                  NULL, NULL, NULL, NULL);
                 if (ret)
                 {
-                    error = verify_cert_revocation_with_crl_online(cert, crl,
-                     index, pTime, pRevStatus);
+                    error = verify_cert_revocation_with_crl_online(cert, crl, pTime, pRevStatus);
                     if (!error && timeout)
                     {
                         DWORD time = GetTickCount();
 
                         if ((int)(endTime - time) <= 0)
-                        {
                             error = ERROR_TIMEOUT;
-                            pRevStatus->dwIndex = index;
-                        }
                         else
                             timeout = endTime - time;
                     }
@@ -1600,23 +1585,15 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
             CryptMemFree(urlArray);
         }
         else
-        {
             error = ERROR_OUTOFMEMORY;
-            pRevStatus->dwIndex = index;
-        }
     }
     else
-    {
         error = GetLastError();
-        pRevStatus->dwIndex = index;
-    }
     return error;
 }
 
-static DWORD verify_cert_revocation_from_aia_ext(
- const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
- FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation_from_aia_ext(const CRYPT_DATA_BLOB *value, const CERT_CONTEXT *cert,
+        FILETIME *pTime, DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
 {
     BOOL ret;
     DWORD error, size;
@@ -1650,10 +1627,9 @@ static DWORD verify_cert_revocation_from_aia_ext(
 }
 
 static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
- PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
- PCERT_REVOCATION_STATUS pRevStatus)
+        const CRL_CONTEXT *crl, FILETIME *pTime, CERT_REVOCATION_STATUS *pRevStatus)
 {
-    DWORD error;
+    PCRL_ENTRY entry = NULL;
     LONG valid;
 
     valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
@@ -1663,46 +1639,38 @@ static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
          * way to know whether the certificate was revoked.
          */
         TRACE("CRL not old enough\n");
-        error = CRYPT_E_REVOCATION_OFFLINE;
+        return CRYPT_E_REVOCATION_OFFLINE;
     }
-    else
-    {
-        PCRL_ENTRY entry = NULL;
 
-        CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
-        if (entry)
-        {
-            error = CRYPT_E_REVOKED;
-            pRevStatus->dwIndex = index;
-        }
-        else
-        {
-            /* Since the CRL was not retrieved for the cert being checked,
-             * there's no guarantee it's fresh, so the cert *might* be okay,
-             * but it's safer not to guess.
-             */
-            TRACE("certificate not found\n");
-            error = CRYPT_E_REVOCATION_OFFLINE;
-        }
-    }
-    return error;
+    CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
+    if (entry)
+        return CRYPT_E_REVOKED;
+
+    /* Since the CRL was not retrieved for the cert being checked, there's no
+     * guarantee it's fresh, so the cert *might* be okay, but it's safer not to
+     * guess. */
+    TRACE("certificate not found\n");
+    return CRYPT_E_REVOCATION_OFFLINE;
 }
 
-static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
- FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
- PCERT_REVOCATION_STATUS pRevStatus)
+static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
+        DWORD dwFlags, CERT_REVOCATION_PARA *pRevPara, CERT_REVOCATION_STATUS *pRevStatus)
 {
     DWORD error = ERROR_SUCCESS;
     PCERT_EXTENSION ext;
 
     if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
      cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+    {
         error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
-         index, pTime, dwFlags, pRevPara, pRevStatus);
+                pTime, dwFlags, pRevPara, pRevStatus);
+    }
     else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
      cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
-        error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
-         index, pTime, dwFlags, pRevPara, pRevStatus);
+    {
+        error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime,
+                dwFlags, pRevPara, pRevStatus);
+    }
     else
     {
         if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
@@ -1753,15 +1721,13 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
             }
             if (crl)
             {
-                error = verify_cert_revocation_with_crl_offline(cert, crl,
-                 index, pTime, pRevStatus);
+                error = verify_cert_revocation_with_crl_offline(cert, crl, pTime, pRevStatus);
                 CertFreeCRLContext(crl);
             }
             else
             {
                 TRACE("no CRL found\n");
                 error = CRYPT_E_NO_REVOCATION_CHECK;
-                pRevStatus->dwIndex = index;
             }
         }
         else
@@ -1773,7 +1739,6 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
             else if (!pRevPara->pIssuerCert)
                 WARN("no dist points/aia extension and no issuer\n");
             error = CRYPT_E_NO_REVOCATION_CHECK;
-            pRevStatus->dwIndex = index;
         }
     }
     return error;
@@ -1833,9 +1798,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
         error = CRYPT_E_NO_REVOCATION_CHECK;
     else
     {
-        for (i = 0; !error && i < cContext; i++)
-            error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
-             pRevPara, pRevStatus);
+        for (i = 0; i < cContext; i++)
+        {
+            if ((error = verify_cert_revocation(rgpvContext[i], pTime, dwFlags, pRevPara, pRevStatus)))
+            {
+                pRevStatus->dwIndex = i;
+                break;
+            }
+        }
     }
     if (error)
     {