[edk2] [PATCH v3 03/16] CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE

Wed, 12 Aug 2015 09:44:59 -0700 

From: David Woodhouse <david.woodho...@intel.com>

In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will
no longer get away with accessing its members directly. Use the accessor
functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type()
instead.

Also be slightly more defensive about unlikely failure modes.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <david.woodho...@intel.com>
Tested-by: Laszlo Ersek <ler...@redhat.com>
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 7d269b0..f01bbb2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -613,6 +613,7 @@ ImageTimestampVerify (
   UINTN                        Index;
   STACK_OF(X509_ATTRIBUTE)     *Sk;
   X509_ATTRIBUTE               *Xa;
+  ASN1_OBJECT                  *XaObj;
   ASN1_TYPE                    *Asn1Type;
   ASN1_OCTET_STRING            *EncDigest;
   UINT8                        *TSToken;
@@ -692,11 +693,18 @@ ImageTimestampVerify (
     // Search valid RFC3161 timestamp counterSignature based on OBJID.
     //
     Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index);
-    if ((Xa->object->length != sizeof (mSpcRFC3161OidValue)) ||
-        (CompareMem (Xa->object->data, mSpcRFC3161OidValue, sizeof 
(mSpcRFC3161OidValue)) != 0)) {
+    if (Xa == NULL) {
       continue;
     }
-    Asn1Type = sk_ASN1_TYPE_value (Xa->value.set, 0);
+    XaObj = X509_ATTRIBUTE_get0_object(Xa);
+    if (XaObj == NULL) {
+      continue;
+    }
+    if ((XaObj->length != sizeof (mSpcRFC3161OidValue)) ||
+        (CompareMem (XaObj->data, mSpcRFC3161OidValue, sizeof 
(mSpcRFC3161OidValue)) != 0)) {
+      continue;
+    }
+    Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0);
   }
 
   if (Asn1Type == NULL) {
-- 
2.4.3

-- 
David Woodhouse                            Open Source Technology Centre
david.woodho...@intel.com                              Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to