CryptoPkg: Fix various typos

[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptTs.c

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 449a08db2c6391599e5d42ffbd2961adec4cc496..540c5715cb8ad996f5d3924174bb308613ca79be 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -5,7 +5,7 @@
   the lifetime of the signature when a signing certificate expires or is later\r
   revoked.\r
 \r
-Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -142,7 +142,7 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
   @param[in]  Asn1Time         Pointer to the ASN.1 GeneralizedTime to be converted.\r
   @param[out] SigningTime      Return the corresponding EFI Time.\r
 \r
-  @retval  TRUE   The time convertion succeeds.\r
+  @retval  TRUE   The time conversion succeeds.\r
   @retval  FALSE  Invalid parameters.\r
 \r
 **/\r
@@ -239,7 +239,7 @@ CheckTSTInfo (
   TS_MESSAGE_IMPRINT  *Imprint;\r
   X509_ALGOR          *HashAlgo;\r
   CONST EVP_MD        *Md;\r
-  EVP_MD_CTX          MdCtx;\r
+  EVP_MD_CTX          *MdCtx;\r
   UINTN               MdSize;\r
   UINT8               *HashedMsg;\r
 \r
@@ -249,6 +249,7 @@ CheckTSTInfo (
   Status    = FALSE;\r
   HashAlgo  = NULL;\r
   HashedMsg = NULL;\r
+  MdCtx     = NULL;\r
 \r
   //\r
   // -- Check version number of Timestamp:\r
@@ -285,11 +286,17 @@ CheckTSTInfo (
   if (HashedMsg == NULL) {\r
     goto _Exit;\r
   }\r
-  EVP_DigestInit (&MdCtx, Md);\r
-  EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize);\r
-  EVP_DigestFinal (&MdCtx, HashedMsg, NULL);\r
+  MdCtx = EVP_MD_CTX_new ();\r
+  if (MdCtx == NULL) {\r
+    goto _Exit;\r
+  }\r
+  if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||\r
+      (EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||\r
+      (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {\r
+    goto _Exit;\r
+  }\r
   if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&\r
-      (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) {\r
+      (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {\r
     goto _Exit;\r
   }\r
 \r
@@ -315,6 +322,7 @@ CheckTSTInfo (
 \r
 _Exit:\r
   X509_ALGOR_free (HashAlgo);\r
+  EVP_MD_CTX_free (MdCtx);\r
   if (HashedMsg != NULL) {\r
     FreePool (HashedMsg);\r
   }\r
@@ -323,7 +331,7 @@ _Exit:
 }\r
 \r
 /**\r
-  Verifies the validility of a TimeStamp Token as described in RFC 3161 ("Internet\r
+  Verifies the validity of a TimeStamp Token as described in RFC 3161 ("Internet\r
   X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)").\r
 \r
   If TSToken is NULL, then return FALSE.\r
@@ -426,9 +434,10 @@ TimestampTokenVerify (
 \r
   //\r
   // Allow partial certificate chains, terminated by a non-self-signed but\r
-  // still trusted intermediate certificate.\r
+  // still trusted intermediate certificate. Also disable time checks.\r
   //\r
-  X509_STORE_set_flags (CertStore, X509_V_FLAG_PARTIAL_CHAIN);\r
+  X509_STORE_set_flags (CertStore,\r
+                        X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);\r
 \r
   X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);\r
 \r
@@ -496,7 +505,7 @@ _Exit:
 }\r
 \r
 /**\r
-  Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
+  Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
   signature.\r
 \r
   If AuthData is NULL, then return FALSE.\r