search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
d3dcompiler: Don't allow semantics on void functions.
[wine/multimedia.git] / dlls / crypt32 / crl.c
blob5b5a455909ab9d53a821411e1625b3cbf27304cb
1 /*
2 * Copyright 2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #define NONAMELESSUNION
23 #include "windef.h"
24 #include "winbase.h"
25 #include "wincrypt.h"
26 #include "wine/debug.h"
27 #include "wine/unicode.h"
28 #include "crypt32_private.h"
29
30 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
31
32 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
33 const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
34 {
35 PCRL_CONTEXT crl = NULL;
36 BOOL ret;
37 PCRL_INFO crlInfo = NULL;
38 DWORD size = 0;
39
40 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
41 cbCrlEncoded);
42
43 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
44 {
45 SetLastError(E_INVALIDARG);
46 return NULL;
47 }
48 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
49 pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
50 &crlInfo, &size);
51 if (ret)
52 {
53 BYTE *data = NULL;
54
55 crl = Context_CreateDataContext(sizeof(CRL_CONTEXT));
56 if (!crl)
57 goto end;
58 data = CryptMemAlloc(cbCrlEncoded);
59 if (!data)
60 {
61 CertFreeCRLContext(crl);
62 crl = NULL;
63 goto end;
64 }
65 memcpy(data, pbCrlEncoded, cbCrlEncoded);
66 crl->dwCertEncodingType = dwCertEncodingType;
67 crl->pbCrlEncoded = data;
68 crl->cbCrlEncoded = cbCrlEncoded;
69 crl->pCrlInfo = crlInfo;
70 crl->hCertStore = 0;
71 }
72
73 end:
74 return crl;
75 }
76
77 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
78 DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
79 DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
80 {
81 PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
82 pbCrlEncoded, cbCrlEncoded);
83 BOOL ret;
84
85 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
86 pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
87
88 if (crl)
89 {
90 ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
91 ppCrlContext);
92 CertFreeCRLContext(crl);
93 }
94 else
95 ret = FALSE;
96 return ret;
97 }
98
99 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
100 DWORD dwFlags, const void *pvPara);
101
102 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
103 DWORD dwFlags, const void *pvPara)
104 {
105 return TRUE;
106 }
107
108 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
109 DWORD dwFlags, const void *pvPara)
110 {
111 BOOL ret;
112
113 if (pvPara)
114 {
115 PCCERT_CONTEXT issuer = pvPara;
116
117 ret = CertCompareCertificateName(issuer->dwCertEncodingType,
118 &issuer->pCertInfo->Subject, &pCrlContext->pCrlInfo->Issuer);
119 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_SIGNATURE_FLAG))
120 ret = CryptVerifyCertificateSignatureEx(0,
121 issuer->dwCertEncodingType,
122 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
123 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
124 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG))
125 {
126 PCERT_EXTENSION ext = CertFindExtension(
127 szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension,
128 pCrlContext->pCrlInfo->rgExtension);
129
130 if (ext)
131 {
132 CERT_AUTHORITY_KEY_ID2_INFO *info;
133 DWORD size;
134
135 if ((ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
136 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
137 CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
138 {
139 if (info->AuthorityCertIssuer.cAltEntry &&
140 info->AuthorityCertSerialNumber.cbData)
141 {
142 PCERT_ALT_NAME_ENTRY directoryName = NULL;
143 DWORD i;
144
145 for (i = 0; !directoryName &&
146 i < info->AuthorityCertIssuer.cAltEntry; i++)
147 if (info->AuthorityCertIssuer.rgAltEntry[i].
148 dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
149 directoryName =
150 &info->AuthorityCertIssuer.rgAltEntry[i];
151 if (directoryName)
152 {
153 ret = CertCompareCertificateName(
154 issuer->dwCertEncodingType,
155 &issuer->pCertInfo->Subject,
156 &directoryName->u.DirectoryName);
157 if (ret)
158 ret = CertCompareIntegerBlob(
159 &issuer->pCertInfo->SerialNumber,
160 &info->AuthorityCertSerialNumber);
161 }
162 else
163 {
164 FIXME("no supported name type in authority key id2\n");
165 ret = FALSE;
166 }
167 }
168 else if (info->KeyId.cbData)
169 {
170 DWORD size;
171
172 ret = CertGetCertificateContextProperty(issuer,
173 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
174 if (ret && size == info->KeyId.cbData)
175 {
176 LPBYTE buf = CryptMemAlloc(size);
177
178 if (buf)
179 {
180 CertGetCertificateContextProperty(issuer,
181 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
182 ret = !memcmp(buf, info->KeyId.pbData, size);
183 CryptMemFree(buf);
184 }
185 else
186 ret = FALSE;
187 }
188 else
189 ret = FALSE;
190 }
191 else
192 {
193 FIXME("unsupported value for AKI extension\n");
194 ret = FALSE;
195 }
196 LocalFree(info);
197 }
198 }
199 /* else: a CRL without an AKI matches any cert */
200 }
201 }
202 else
203 ret = TRUE;
204 return ret;
205 }
206
207 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
208 DWORD dwFlags, const void *pvPara)
209 {
210 BOOL ret;
211
212 if (pvPara)
213 {
214 PCCRL_CONTEXT crl = pvPara;
215
216 ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
217 &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
218 }
219 else
220 ret = TRUE;
221 return ret;
222 }
223
224 static BOOL compare_crl_issued_for(PCCRL_CONTEXT pCrlContext, DWORD dwType,
225 DWORD dwFlags, const void *pvPara)
226 {
227 const CRL_FIND_ISSUED_FOR_PARA *para = pvPara;
228 BOOL ret;
229
230 ret = CertCompareCertificateName(para->pIssuerCert->dwCertEncodingType,
231 &para->pIssuerCert->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
232 return ret;
233 }
234
235 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
236 DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
237 const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
238 {
239 PCCRL_CONTEXT ret;
240 CrlCompareFunc compare;
241
242 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
243 dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
244
245 switch (dwFindType)
246 {
247 case CRL_FIND_ANY:
248 compare = compare_crl_any;
249 break;
250 case CRL_FIND_ISSUED_BY:
251 compare = compare_crl_issued_by;
252 break;
253 case CRL_FIND_EXISTING:
254 compare = compare_crl_existing;
255 break;
256 case CRL_FIND_ISSUED_FOR:
257 compare = compare_crl_issued_for;
258 break;
259 default:
260 FIXME("find type %08x unimplemented\n", dwFindType);
261 compare = NULL;
262 }
263
264 if (compare)
265 {
266 BOOL matches = FALSE;
267
268 ret = pPrevCrlContext;
269 do {
270 ret = CertEnumCRLsInStore(hCertStore, ret);
271 if (ret)
272 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
273 } while (ret != NULL && !matches);
274 if (!ret)
275 SetLastError(CRYPT_E_NOT_FOUND);
276 }
277 else
278 {
279 SetLastError(CRYPT_E_NOT_FOUND);
280 ret = NULL;
281 }
282 return ret;
283 }
284
285 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
286 PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
287 {
288 static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
289 CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
290 CERT_STORE_DELTA_CRL_FLAG;
291 PCCRL_CONTEXT ret;
292
293 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
294 *pdwFlags);
295
296 if (*pdwFlags & ~supportedFlags)
297 {
298 SetLastError(E_INVALIDARG);
299 return NULL;
300 }
301 if (pIssuerContext)
302 ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
303 0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
304 else
305 ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
306 pPrevCrlContext);
307 if (ret)
308 {
309 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
310 {
311 if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
312 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
313 }
314 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
315 {
316 if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
317 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
318 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
319 NULL))
320 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
321 }
322 }
323 return ret;
324 }
325
326 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
327 {
328 TRACE("(%p)\n", pCrlContext);
329 if (pCrlContext)
330 Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
331 return pCrlContext;
332 }
333
334 static void CrlDataContext_Free(void *context)
335 {
336 PCRL_CONTEXT crlContext = context;
337
338 CryptMemFree(crlContext->pbCrlEncoded);
339 LocalFree(crlContext->pCrlInfo);
340 }
341
342 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
343 {
344 BOOL ret = TRUE;
345
346 TRACE("(%p)\n", pCrlContext);
347
348 if (pCrlContext)
349 ret = Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
350 CrlDataContext_Free);
351 return ret;
352 }
353
354 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
355 DWORD dwPropId)
356 {
357 PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
358 pCRLContext, sizeof(CRL_CONTEXT));
359 DWORD ret;
360
361 TRACE("(%p, %d)\n", pCRLContext, dwPropId);
362
363 if (properties)
364 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
365 else
366 ret = 0;
367 return ret;
368 }
369
370 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
371 DWORD dwFlags, const void *pvData);
372
373 static BOOL CRLContext_GetHashProp(PCCRL_CONTEXT context, DWORD dwPropId,
374 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
375 DWORD *pcbData)
376 {
377 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
378 pcbData);
379 if (ret && pvData)
380 {
381 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
382
383 ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
384 }
385 return ret;
386 }
387
388 static BOOL CRLContext_GetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
389 void *pvData, DWORD *pcbData)
390 {
391 PCONTEXT_PROPERTY_LIST properties =
392 Context_GetProperties(context, sizeof(CRL_CONTEXT));
393 BOOL ret;
394 CRYPT_DATA_BLOB blob;
395
396 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
397
398 if (properties)
399 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
400 else
401 ret = FALSE;
402 if (ret)
403 {
404 if (!pvData)
405 *pcbData = blob.cbData;
406 else if (*pcbData < blob.cbData)
407 {
408 SetLastError(ERROR_MORE_DATA);
409 *pcbData = blob.cbData;
410 ret = FALSE;
411 }
412 else
413 {
414 memcpy(pvData, blob.pbData, blob.cbData);
415 *pcbData = blob.cbData;
416 }
417 }
418 else
419 {
420 /* Implicit properties */
421 switch (dwPropId)
422 {
423 case CERT_SHA1_HASH_PROP_ID:
424 ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
425 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
426 pcbData);
427 break;
428 case CERT_MD5_HASH_PROP_ID:
429 ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
430 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
431 pcbData);
432 break;
433 default:
434 SetLastError(CRYPT_E_NOT_FOUND);
435 }
436 }
437 TRACE("returning %d\n", ret);
438 return ret;
439 }
440
441 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
442 DWORD dwPropId, void *pvData, DWORD *pcbData)
443 {
444 BOOL ret;
445
446 TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
447
448 switch (dwPropId)
449 {
450 case 0:
451 case CERT_CERT_PROP_ID:
452 case CERT_CRL_PROP_ID:
453 case CERT_CTL_PROP_ID:
454 SetLastError(E_INVALIDARG);
455 ret = FALSE;
456 break;
457 case CERT_ACCESS_STATE_PROP_ID:
458 if (!pvData)
459 {
460 *pcbData = sizeof(DWORD);
461 ret = TRUE;
462 }
463 else if (*pcbData < sizeof(DWORD))
464 {
465 SetLastError(ERROR_MORE_DATA);
466 *pcbData = sizeof(DWORD);
467 ret = FALSE;
468 }
469 else
470 {
471 if (pCRLContext->hCertStore)
472 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
473 pvData, pcbData);
474 else
475 {
476 *(DWORD *)pvData = 0;
477 ret = TRUE;
478 }
479 }
480 break;
481 default:
482 ret = CRLContext_GetProperty(pCRLContext, dwPropId, pvData,
483 pcbData);
484 }
485 return ret;
486 }
487
488 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
489 DWORD dwFlags, const void *pvData)
490 {
491 PCONTEXT_PROPERTY_LIST properties =
492 Context_GetProperties(context, sizeof(CRL_CONTEXT));
493 BOOL ret;
494
495 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
496
497 if (!properties)
498 ret = FALSE;
499 else if (!pvData)
500 {
501 ContextPropertyList_RemoveProperty(properties, dwPropId);
502 ret = TRUE;
503 }
504 else
505 {
506 switch (dwPropId)
507 {
508 case CERT_AUTO_ENROLL_PROP_ID:
509 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
510 case CERT_DESCRIPTION_PROP_ID:
511 case CERT_FRIENDLY_NAME_PROP_ID:
512 case CERT_HASH_PROP_ID:
513 case CERT_KEY_IDENTIFIER_PROP_ID:
514 case CERT_MD5_HASH_PROP_ID:
515 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
516 case CERT_PUBKEY_ALG_PARA_PROP_ID:
517 case CERT_PVK_FILE_PROP_ID:
518 case CERT_SIGNATURE_HASH_PROP_ID:
519 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
520 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
521 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
522 case CERT_ENROLLMENT_PROP_ID:
523 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
524 case CERT_RENEWAL_PROP_ID:
525 {
526 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
527
528 ret = ContextPropertyList_SetProperty(properties, dwPropId,
529 blob->pbData, blob->cbData);
530 break;
531 }
532 case CERT_DATE_STAMP_PROP_ID:
533 ret = ContextPropertyList_SetProperty(properties, dwPropId,
534 pvData, sizeof(FILETIME));
535 break;
536 default:
537 FIXME("%d: stub\n", dwPropId);
538 ret = FALSE;
539 }
540 }
541 TRACE("returning %d\n", ret);
542 return ret;
543 }
544
545 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
546 DWORD dwPropId, DWORD dwFlags, const void *pvData)
547 {
548 BOOL ret;
549
550 TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
551
552 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
553 * crashes on most of these, I'll be safer.
554 */
555 switch (dwPropId)
556 {
557 case 0:
558 case CERT_ACCESS_STATE_PROP_ID:
559 case CERT_CERT_PROP_ID:
560 case CERT_CRL_PROP_ID:
561 case CERT_CTL_PROP_ID:
562 SetLastError(E_INVALIDARG);
563 return FALSE;
564 }
565 ret = CRLContext_SetProperty(pCRLContext, dwPropId, dwFlags, pvData);
566 TRACE("returning %d\n", ret);
567 return ret;
568 }
569
570 static BOOL compare_dist_point_name(const CRL_DIST_POINT_NAME *name1,
571 const CRL_DIST_POINT_NAME *name2)
572 {
573 BOOL match;
574
575 if (name1->dwDistPointNameChoice == name2->dwDistPointNameChoice)
576 {
577 match = TRUE;
578 if (name1->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
579 {
580 if (name1->u.FullName.cAltEntry == name2->u.FullName.cAltEntry)
581 {
582 DWORD i;
583
584 for (i = 0; match && i < name1->u.FullName.cAltEntry; i++)
585 {
586 const CERT_ALT_NAME_ENTRY *entry1 =
587 &name1->u.FullName.rgAltEntry[i];
588 const CERT_ALT_NAME_ENTRY *entry2 =
589 &name2->u.FullName.rgAltEntry[i];
590
591 if (entry1->dwAltNameChoice == entry2->dwAltNameChoice)
592 {
593 switch (entry1->dwAltNameChoice)
594 {
595 case CERT_ALT_NAME_URL:
596 match = !strcmpiW(entry1->u.pwszURL,
597 entry2->u.pwszURL);
598 break;
599 case CERT_ALT_NAME_DIRECTORY_NAME:
600 match = (entry1->u.DirectoryName.cbData ==
601 entry2->u.DirectoryName.cbData) &&
602 !memcmp(entry1->u.DirectoryName.pbData,
603 entry2->u.DirectoryName.pbData,
604 entry1->u.DirectoryName.cbData);
605 break;
606 default:
607 FIXME("unimplemented for type %d\n",
608 entry1->dwAltNameChoice);
609 match = FALSE;
610 }
611 }
612 else
613 match = FALSE;
614 }
615 }
616 else
617 match = FALSE;
618 }
619 }
620 else
621 match = FALSE;
622 return match;
623 }
624
625 static BOOL match_dist_point_with_issuing_dist_point(
626 const CRL_DIST_POINT *distPoint, const CRL_ISSUING_DIST_POINT *idp)
627 {
628 BOOL match;
629
630 /* While RFC 5280, section 4.2.1.13 recommends against segmenting
631 * CRL distribution points by reasons, it doesn't preclude doing so.
632 * "This profile RECOMMENDS against segmenting CRLs by reason code."
633 * If the issuing distribution point for this CRL is only valid for
634 * some reasons, only match if the reasons covered also match the
635 * reasons in the CRL distribution point.
636 */
637 if (idp->OnlySomeReasonFlags.cbData)
638 {
639 if (idp->OnlySomeReasonFlags.cbData == distPoint->ReasonFlags.cbData)
640 {
641 DWORD i;
642
643 match = TRUE;
644 for (i = 0; match && i < distPoint->ReasonFlags.cbData; i++)
645 if (idp->OnlySomeReasonFlags.pbData[i] !=
646 distPoint->ReasonFlags.pbData[i])
647 match = FALSE;
648 }
649 else
650 match = FALSE;
651 }
652 else
653 match = TRUE;
654 if (match)
655 match = compare_dist_point_name(&idp->DistPointName,
656 &distPoint->DistPointName);
657 return match;
658 }
659
660 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
661 PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
662 {
663 PCERT_EXTENSION ext;
664 BOOL ret;
665
666 TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
667
668 if (!pCert)
669 return TRUE;
670
671 if ((ext = CertFindExtension(szOID_ISSUING_DIST_POINT,
672 pCrl->pCrlInfo->cExtension, pCrl->pCrlInfo->rgExtension)))
673 {
674 CRL_ISSUING_DIST_POINT *idp;
675 DWORD size;
676
677 if ((ret = CryptDecodeObjectEx(pCrl->dwCertEncodingType,
678 X509_ISSUING_DIST_POINT, ext->Value.pbData, ext->Value.cbData,
679 CRYPT_DECODE_ALLOC_FLAG, NULL, &idp, &size)))
680 {
681 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
682 pCert->pCertInfo->cExtension, pCert->pCertInfo->rgExtension)))
683 {
684 CRL_DIST_POINTS_INFO *distPoints;
685
686 if ((ret = CryptDecodeObjectEx(pCert->dwCertEncodingType,
687 X509_CRL_DIST_POINTS, ext->Value.pbData, ext->Value.cbData,
688 CRYPT_DECODE_ALLOC_FLAG, NULL, &distPoints, &size)))
689 {
690 DWORD i;
691
692 ret = FALSE;
693 for (i = 0; !ret && i < distPoints->cDistPoint; i++)
694 ret = match_dist_point_with_issuing_dist_point(
695 &distPoints->rgDistPoint[i], idp);
696 if (!ret)
697 SetLastError(CRYPT_E_NO_MATCH);
698 LocalFree(distPoints);
699 }
700 }
701 else
702 {
703 /* no CRL dist points extension in cert, can't match the CRL
704 * (which has an issuing dist point extension)
705 */
706 ret = FALSE;
707 SetLastError(CRYPT_E_NO_MATCH);
708 }
709 LocalFree(idp);
710 }
711 }
712 else
713 ret = TRUE;
714 return ret;
715 }
716
717 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
718 {
719 DWORD i;
720 PCRL_ENTRY entry = NULL;
721
722 for (i = 0; !entry && i < crl->cCRLEntry; i++)
723 if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
724 &cert->SerialNumber))
725 entry = &crl->rgCRLEntry[i];
726 return entry;
727 }
728
729 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
730 PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
731 PCRL_ENTRY *ppCrlEntry)
732 {
733 TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
734 ppCrlEntry);
735
736 *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
737 pCrlContext->pCrlInfo);
738 return TRUE;
739 }
740
741 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
742 PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
743 {
744 DWORD i;
745 PCRL_ENTRY entry = NULL;
746
747 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
748 rgpCrlInfo);
749
750 for (i = 0; !entry && i < cCrlInfo; i++)
751 entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
752 return entry == NULL;
753 }
754
755 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
756 PCRL_INFO pCrlInfo)
757 {
758 FILETIME fileTime;
759 LONG ret;
760
761 if (!pTimeToVerify)
762 {
763 GetSystemTimeAsFileTime(&fileTime);
764 pTimeToVerify = &fileTime;
765 }
766 if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
767 {
768 ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
769 if (ret < 0)
770 ret = 0;
771 }
772 return ret;
773 }
Maarten's multimedia branch