Skip to content

W
wine-winehq
Commit 4729cdd1 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard
Browse files
Options

cryptnet: Use helper function to verify a certificate's revocation.

parent 4b461bc0
Show whitespace changes
Inline Side-by-side
Showing with 82 additions and 80 deletions
dlls/cryptnet/cryptnet_main.c
View file @ 4729cdd1
...@@ -1544,75 +1544,19 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid, ...@@ -1544,75 +1544,19 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
return ret; return ret;
} }
typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS { static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
DWORD cbSize; FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
PCCERT_CONTEXT pIssuerCert; PCERT_REVOCATION_STATUS pRevStatus)
DWORD cCertStore;
HCERTSTORE *rgCertStore;
HCERTSTORE hCrlStore;
LPFILETIME pftTimeToUse;
} CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
typedef struct _OLD_CERT_REVOCATION_STATUS {
DWORD cbSize;
DWORD dwIndex;
DWORD dwError;
DWORD dwReason;
} OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
/***********************************************************************
* CertDllVerifyRevocation (CRYPTNET.@)
*/
BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
{ {
DWORD error = 0, i;
BOOL ret; BOOL ret;
FILETIME now; DWORD error = ERROR_SUCCESS, cbUrlArray;
LPFILETIME pTime = NULL;
TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) && ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT, (void *)cert,
pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS)) 0, NULL, &cbUrlArray, NULL, NULL, NULL);
{
SetLastError(E_INVALIDARG);
return FALSE;
}
if (!cContext)
{
SetLastError(E_INVALIDARG);
return FALSE;
}
if (pRevPara && pRevPara->cbSize >=
sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
pTime = pRevPara->pftTimeToUse;
if (!pTime)
{
GetSystemTimeAsFileTime(&now);
pTime = &now;
}
memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
{
error = CRYPT_E_NO_REVOCATION_CHECK;
ret = FALSE;
}
else
{
ret = TRUE;
for (i = 0; ret && i < cContext; i++)
{
DWORD cbUrlArray;
ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
rgpvContext[i], 0, NULL, &cbUrlArray, NULL, NULL, NULL);
if (!ret && GetLastError() == CRYPT_E_NOT_FOUND) if (!ret && GetLastError() == CRYPT_E_NOT_FOUND)
{ {
error = CRYPT_E_NO_REVOCATION_CHECK; error = CRYPT_E_NO_REVOCATION_CHECK;
pRevStatus->dwIndex = i; pRevStatus->dwIndex = index;
} }
else if (ret) else if (ret)
{ {
...@@ -1623,13 +1567,11 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, ...@@ -1623,13 +1567,11 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
DWORD j, retrievalFlags = 0, startTime, endTime, timeout; DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT, ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
rgpvContext[i], 0, urlArray, &cbUrlArray, NULL, NULL, (void *)cert, 0, urlArray, &cbUrlArray, NULL, NULL, NULL);
NULL);
if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION) if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL; retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
if ((dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG) && if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
pRevPara && pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
dwUrlRetrievalTimeout) + sizeof(DWORD)) dwUrlRetrievalTimeout) + sizeof(DWORD))
{ {
startTime = GetTickCount(); startTime = GetTickCount();
...@@ -1643,8 +1585,8 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, ...@@ -1643,8 +1585,8 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
PCCRL_CONTEXT crl; PCCRL_CONTEXT crl;
ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j], ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
CONTEXT_OID_CRL, retrievalFlags, timeout, CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
(void **)&crl, NULL, NULL, NULL, NULL); NULL, NULL, NULL, NULL);
if (ret) if (ret)
{ {
if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo)) if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
...@@ -1657,13 +1599,11 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, ...@@ -1657,13 +1599,11 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
{ {
PCRL_ENTRY entry = NULL; PCRL_ENTRY entry = NULL;
CertFindCertificateInCRL( CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
rgpvContext[i], crl, 0, NULL,
&entry);
if (entry) if (entry)
{ {
error = CRYPT_E_REVOKED; error = CRYPT_E_REVOKED;
pRevStatus->dwIndex = i; pRevStatus->dwIndex = index;
ret = FALSE; ret = FALSE;
} }
} }
...@@ -1674,7 +1614,7 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, ...@@ -1674,7 +1614,7 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
if ((int)(endTime - time) <= 0) if ((int)(endTime - time) <= 0)
{ {
error = ERROR_TIMEOUT; error = ERROR_TIMEOUT;
pRevStatus->dwIndex = i; pRevStatus->dwIndex = index;
ret = FALSE; ret = FALSE;
} }
else else
...@@ -1690,19 +1630,81 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, ...@@ -1690,19 +1630,81 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
else else
{ {
error = ERROR_OUTOFMEMORY; error = ERROR_OUTOFMEMORY;
pRevStatus->dwIndex = i; pRevStatus->dwIndex = index;
ret = FALSE;
} }
} }
else else
pRevStatus->dwIndex = i; {
} error = GetLastError();
pRevStatus->dwIndex = index;
} }
return error;
}
if (!ret) typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
DWORD cbSize;
PCCERT_CONTEXT pIssuerCert;
DWORD cCertStore;
HCERTSTORE *rgCertStore;
HCERTSTORE hCrlStore;
LPFILETIME pftTimeToUse;
} CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
typedef struct _OLD_CERT_REVOCATION_STATUS {
DWORD cbSize;
DWORD dwIndex;
DWORD dwError;
DWORD dwReason;
} OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
/***********************************************************************
* CertDllVerifyRevocation (CRYPTNET.@)
*/
BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
{
DWORD error = 0, i;
BOOL ret;
FILETIME now;
LPFILETIME pTime = NULL;
TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
{
SetLastError(E_INVALIDARG);
return FALSE;
}
if (!cContext)
{
SetLastError(E_INVALIDARG);
return FALSE;
}
if (pRevPara && pRevPara->cbSize >=
sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
pTime = pRevPara->pftTimeToUse;
if (!pTime)
{
GetSystemTimeAsFileTime(&now);
pTime = &now;
}
memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
error = CRYPT_E_NO_REVOCATION_CHECK;
else
{
for (i = 0; !error && i < cContext; i++)
error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
pRevPara, pRevStatus);
}
if (error)
{ {
SetLastError(error); SetLastError(error);
pRevStatus->dwError = error; pRevStatus->dwError = error;
ret = FALSE;
} }
TRACE("returning %d (%08x)\n", ret, error); TRACE("returning %d (%08x)\n", ret, error);
return ret; return ret;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment