CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE

In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will
no longer get away with accessing its members directly. Use the accessor
functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type()
instead.

Also be slightly more defensive about unlikely failure modes.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524

CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c

@@ -613,6 +613,7 @@ ImageTimestampVerify (
   UINTN                        Index;
   STACK_OF(X509_ATTRIBUTE)     *Sk;
   X509_ATTRIBUTE               *Xa;
+  ASN1_OBJECT                  *XaObj;
   ASN1_TYPE                    *Asn1Type;
   ASN1_OCTET_STRING            *EncDigest;
   UINT8                        *TSToken;
@@ -692,11 +693,18 @@ ImageTimestampVerify (
     // Search valid RFC3161 timestamp counterSignature based on OBJID.
     //
     Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index);
-    if ((Xa->object->length != sizeof (mSpcRFC3161OidValue)) ||
-        (CompareMem (Xa->object->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
+    if (Xa == NULL) {
       continue;
     }
-    Asn1Type = sk_ASN1_TYPE_value (Xa->value.set, 0);
+    XaObj = X509_ATTRIBUTE_get0_object(Xa);
+    if (XaObj == NULL) {
+      continue;
+    }
+    if ((XaObj->length != sizeof (mSpcRFC3161OidValue)) ||
+        (CompareMem (XaObj->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
+      continue;
+    }
+    Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0);
   }
 
   if (Asn1Type == NULL) {