Module: wine Branch: master Commit: ff57ba9d7c633c2e263f8a88392448087c1eca13 URL: http://source.winehq.org/git/wine.git/?a=commit;h=ff57ba9d7c633c2e263f8a8839...
Author: Juan Lang juan.lang@gmail.com Date: Fri Nov 20 12:09:21 2009 -0800
cryptnet: Check CRL with verify time in CertDllVerifyRevocation.
---
dlls/cryptnet/cryptnet_main.c | 46 +++++++++++++++++++++++++++++++++-------- 1 files changed, 37 insertions(+), 9 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c index 3744e68..a37c0d6 100644 --- a/dlls/cryptnet/cryptnet_main.c +++ b/dlls/cryptnet/cryptnet_main.c @@ -1441,6 +1441,15 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid, return ret; }
+typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS { + DWORD cbSize; + PCCERT_CONTEXT pIssuerCert; + DWORD cCertStore; + HCERTSTORE *rgCertStore; + HCERTSTORE hCrlStore; + LPFILETIME pftTimeToUse; +} CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS; + typedef struct _OLD_CERT_REVOCATION_STATUS { DWORD cbSize; DWORD dwIndex; @@ -1457,6 +1466,8 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, { DWORD error = 0, i; BOOL ret; + FILETIME now; + LPFILETIME pTime = NULL;
TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType, cContext, rgpvContext, dwFlags, pRevPara, pRevStatus); @@ -1472,6 +1483,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, SetLastError(E_INVALIDARG); return FALSE; } + if (pRevPara && pRevPara->cbSize >= + sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS)) + pTime = pRevPara->pftTimeToUse; + if (!pTime) + { + GetSystemTimeAsFileTime(&now); + pTime = &now; + } memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD)); if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE) { @@ -1524,18 +1543,27 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, (void **)&crl, NULL, NULL, NULL, NULL); if (ret) { - PCRL_ENTRY entry = NULL; - - CertFindCertificateInCRL( - rgpvContext[i], crl, 0, NULL, - &entry); - if (entry) + if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo)) { - error = CRYPT_E_REVOKED; - pRevStatus->dwIndex = i; + /* The CRL isn't time valid */ + error = CRYPT_E_NO_REVOCATION_CHECK; ret = FALSE; } - else if (timeout) + else + { + PCRL_ENTRY entry = NULL; + + CertFindCertificateInCRL( + rgpvContext[i], crl, 0, NULL, + &entry); + if (entry) + { + error = CRYPT_E_REVOKED; + pRevStatus->dwIndex = i; + ret = FALSE; + } + } + if (ret && timeout) { DWORD time = GetTickCount();