cryptnet: Check CRL with verify time in CertDllVerifyRevocation.

ff57ba9d · Juan Lang · Alexandre Julliard · eee17920 · ff57ba9d
Commit ff57ba9d authored Nov 20, 2009 by Juan Lang Committed by Alexandre Julliard Nov 21, 2009
Show whitespace changes
Inline Side-by-side

Showing with 29 additions and 1 deletion

cryptnet_main.c dlls/cryptnet/cryptnet_main.c +29 -1

No files found.
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1441,6 +1441,15 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
    return ret;
 }
+typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
+    DWORD                     cbSize;
+    PCCERT_CONTEXT            pIssuerCert;
+    DWORD                     cCertStore;
+    HCERTSTORE               *rgCertStore;
+    HCERTSTORE                hCrlStore;
+    LPFILETIME                pftTimeToUse;
+} CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
 typedef struct _OLD_CERT_REVOCATION_STATUS {
    DWORD cbSize;
    DWORD dwIndex;
@@ -1457,6 +1466,8 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
 {
    DWORD error = 0, i;
    BOOL ret;
+    FILETIME now;
+    LPFILETIME pTime = NULL;
    TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
     cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
@@ -1472,6 +1483,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
        SetLastError(E_INVALIDARG);
        return FALSE;
    }
+    if (pRevPara && pRevPara->cbSize >=
+     sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
+        pTime = pRevPara->pftTimeToUse;
+    if (!pTime)
+    {
+        GetSystemTimeAsFileTime(&now);
+        pTime = &now;
+    }
    memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
    if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
    {
@@ -1524,6 +1543,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
                         (void **)&crl, NULL, NULL, NULL, NULL);
                        if (ret)
                        {
+                            if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
+                            {
+                                /* The CRL isn't time valid */
+                                error = CRYPT_E_NO_REVOCATION_CHECK;
+                                ret = FALSE;
+                            }
+                            else
+                            {
                                PCRL_ENTRY entry = NULL;
                                CertFindCertificateInCRL(
@@ -1535,7 +1562,8 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
                                    pRevStatus->dwIndex = i;
                                    ret = FALSE;
                                }
-                            else if (timeout)
+                            }
+                            if (ret && timeout)
                            {
                                DWORD time = GetTickCount();