From: David Woodhouse <david.woodho...@intel.com> In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will no longer get away with accessing its members directly. Use the accessor functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type() instead.
Also be slightly more defensive about unlikely failure modes. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <david.woodho...@intel.com> Tested-by: Laszlo Ersek <ler...@redhat.com> --- CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c index 7d269b0..f01bbb2 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c @@ -613,6 +613,7 @@ ImageTimestampVerify ( UINTN Index; STACK_OF(X509_ATTRIBUTE) *Sk; X509_ATTRIBUTE *Xa; + ASN1_OBJECT *XaObj; ASN1_TYPE *Asn1Type; ASN1_OCTET_STRING *EncDigest; UINT8 *TSToken; @@ -692,11 +693,18 @@ ImageTimestampVerify ( // Search valid RFC3161 timestamp counterSignature based on OBJID. // Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index); - if ((Xa->object->length != sizeof (mSpcRFC3161OidValue)) || - (CompareMem (Xa->object->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) { + if (Xa == NULL) { continue; } - Asn1Type = sk_ASN1_TYPE_value (Xa->value.set, 0); + XaObj = X509_ATTRIBUTE_get0_object(Xa); + if (XaObj == NULL) { + continue; + } + if ((XaObj->length != sizeof (mSpcRFC3161OidValue)) || + (CompareMem (XaObj->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) { + continue; + } + Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0); } if (Asn1Type == NULL) { -- 2.4.3 -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel