From 4ffe0facbe89df0f1856f747cf887f5efcbca955 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 29 Oct 2015 14:16:22 +0000 Subject: [PATCH] CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will no longer get away with accessing its members directly. Use the accessor functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type() instead. Also be slightly more defensive about unlikely failure modes. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse Tested-by: Laszlo Ersek Reviewed-by: Qin Long git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c index 7d269b0458..f01bbb243b 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c @@ -613,6 +613,7 @@ ImageTimestampVerify ( UINTN Index; STACK_OF(X509_ATTRIBUTE) *Sk; X509_ATTRIBUTE *Xa; + ASN1_OBJECT *XaObj; ASN1_TYPE *Asn1Type; ASN1_OCTET_STRING *EncDigest; UINT8 *TSToken; @@ -692,11 +693,18 @@ ImageTimestampVerify ( // Search valid RFC3161 timestamp counterSignature based on OBJID. // Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index); - if ((Xa->object->length != sizeof (mSpcRFC3161OidValue)) || - (CompareMem (Xa->object->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) { + if (Xa == NULL) { continue; } - Asn1Type = sk_ASN1_TYPE_value (Xa->value.set, 0); + XaObj = X509_ATTRIBUTE_get0_object(Xa); + if (XaObj == NULL) { + continue; + } + if ((XaObj->length != sizeof (mSpcRFC3161OidValue)) || + (CompareMem (XaObj->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) { + continue; + } + Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0); } if (Asn1Type == NULL) { -- 2.39.2