the lifetime of the signature when a signing certificate expires or is later\r
revoked.\r
\r
-Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
@param[in] Asn1Time Pointer to the ASN.1 GeneralizedTime to be converted.\r
@param[out] SigningTime Return the corresponding EFI Time.\r
\r
- @retval TRUE The time convertion succeeds.\r
+ @retval TRUE The time conversion succeeds.\r
@retval FALSE Invalid parameters.\r
\r
**/\r
TS_MESSAGE_IMPRINT *Imprint;\r
X509_ALGOR *HashAlgo;\r
CONST EVP_MD *Md;\r
- EVP_MD_CTX MdCtx;\r
+ EVP_MD_CTX *MdCtx;\r
UINTN MdSize;\r
UINT8 *HashedMsg;\r
\r
Status = FALSE;\r
HashAlgo = NULL;\r
HashedMsg = NULL;\r
+ MdCtx = NULL;\r
\r
//\r
// -- Check version number of Timestamp:\r
if (HashedMsg == NULL) {\r
goto _Exit;\r
}\r
- EVP_DigestInit (&MdCtx, Md);\r
- EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize);\r
- EVP_DigestFinal (&MdCtx, HashedMsg, NULL);\r
+ MdCtx = EVP_MD_CTX_new ();\r
+ if (MdCtx == NULL) {\r
+ goto _Exit;\r
+ }\r
+ if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||\r
+ (EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||\r
+ (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {\r
+ goto _Exit;\r
+ }\r
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&\r
- (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) {\r
+ (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {\r
goto _Exit;\r
}\r
\r
\r
_Exit:\r
X509_ALGOR_free (HashAlgo);\r
+ EVP_MD_CTX_free (MdCtx);\r
if (HashedMsg != NULL) {\r
FreePool (HashedMsg);\r
}\r
}\r
\r
/**\r
- Verifies the validility of a TimeStamp Token as described in RFC 3161 ("Internet\r
+ Verifies the validity of a TimeStamp Token as described in RFC 3161 ("Internet\r
X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)").\r
\r
If TSToken is NULL, then return FALSE.\r
\r
//\r
// Allow partial certificate chains, terminated by a non-self-signed but\r
- // still trusted intermediate certificate.\r
+ // still trusted intermediate certificate. Also disable time checks.\r
//\r
- X509_STORE_set_flags (CertStore, X509_V_FLAG_PARTIAL_CHAIN);\r
+ X509_STORE_set_flags (CertStore,\r
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);\r
\r
X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);\r
\r
}\r
\r
/**\r
- Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
+ Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
signature.\r
\r
If AuthData is NULL, then return FALSE.\r