]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eeb8928)
CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE
authorDavid Woodhouse <David.Woodhouse@intel.com>
Thu, 29 Oct 2015 14:16:22 +0000 (14:16 +0000)
committerqlong <qlong@Edk2>
Thu, 29 Oct 2015 14:16:22 +0000 (14:16 +0000)
In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will
no longer get away with accessing its members directly. Use the accessor
functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type()
instead.

Also be slightly more defensive about unlikely failure modes.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524

CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c patch | blob | blame | history

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 7d269b04588f6d193ce1193f7ffd15d03f4c2f47..f01bbb243b05150d139d1c413b7b93e875380cd7 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -613,6 +613,7 @@ ImageTimestampVerify (
   UINTN                        Index;\r
   STACK_OF(X509_ATTRIBUTE)     *Sk;\r
   X509_ATTRIBUTE               *Xa;\r
+  ASN1_OBJECT                  *XaObj;\r
   ASN1_TYPE                    *Asn1Type;\r
   ASN1_OCTET_STRING            *EncDigest;\r
   UINT8                        *TSToken;\r
@@ -692,11 +693,18 @@ ImageTimestampVerify (
     // Search valid RFC3161 timestamp counterSignature based on OBJID.\r
     //\r
     Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index);\r
-    if ((Xa->object->length != sizeof (mSpcRFC3161OidValue)) ||\r
-        (CompareMem (Xa->object->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {\r
+    if (Xa == NULL) {\r
       continue;\r
     }\r
-    Asn1Type = sk_ASN1_TYPE_value (Xa->value.set, 0);\r
+    XaObj = X509_ATTRIBUTE_get0_object(Xa);\r
+    if (XaObj == NULL) {\r
+      continue;\r
+    }\r
+    if ((XaObj->length != sizeof (mSpcRFC3161OidValue)) ||\r
+        (CompareMem (XaObj->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {\r
+      continue;\r
+    }\r
+    Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0);\r
   }\r
 \r
   if (Asn1Type == NULL) {\r
EFI Development Kit II mirror for PVE