CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE

In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will no longer get away with accessing its members directly. Use the accessor functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type() instead. Also be slightly more defensive about unlikely failure modes. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:16:22 +00:00 · 2015-10-29 14:16:22 +00:00 · 4ffe0facbe
parent eeb8928a26
commit 4ffe0facbe
1 changed files with 11 additions and 3 deletions
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@ -613,6 +613,7 @@ ImageTimestampVerify (
  UINTN                        Index;
  STACK_OF(X509_ATTRIBUTE)     *Sk;
  X509_ATTRIBUTE               *Xa;
  ASN1_OBJECT                  *XaObj;
  ASN1_TYPE                    *Asn1Type;
  ASN1_OCTET_STRING            *EncDigest;
  UINT8                        *TSToken;
@ -692,11 +693,18 @@ ImageTimestampVerify (
    // Search valid RFC3161 timestamp counterSignature based on OBJID.
    //
    Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index);
-    if ((Xa->object->length != sizeof (mSpcRFC3161OidValue)) ||
+    if (Xa == NULL) {
        (CompareMem (Xa->object->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
      continue;
    }
-    Asn1Type = sk_ASN1_TYPE_value (Xa->value.set, 0);
+    XaObj = X509_ATTRIBUTE_get0_object(Xa);
    if (XaObj == NULL) {
      continue;
    }
    if ((XaObj->length != sizeof (mSpcRFC3161OidValue)) ||
        (CompareMem (XaObj->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
      continue;
    }
    Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0);
  }
  if (Asn1Type == NULL) {