Fixes to OCSP print code. Don't try to print request certificates if signature is not present. Remove unnecessary test for certificates being NULL. Fix typos in printed output. Tidy up output. Fix for typo in OCSP_SERVICELOC ASN1 template. Also give a bit more info in CHANGES about the ASN1 revision.

5755cab4 · Dr. Stephen Henson · 975842f9 · 5755cab4 · 5755cab4 · 5755cab4
5 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
     when writing a 32767 byte record.
@@ -19,6 +24,7 @@

  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
     entries for variables.
+     [Steve Henson]

  *) Add functionality to apps/openssl.c for detecting locking
     problems: As the program is single-threaded, all we have
@@ -66,7 +72,11 @@
     [Steve Henson]

  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
-     completely replaces the old ASN1 functionality.
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
     [Steve Henson]

  *) Change BN_mod_exp_recp so that negative moduli are tolerated

--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
@@ -174,7 +174,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)

 ASN1_SEQUENCE(OCSP_SERVICELOC) = {
 	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
-	ASN1_SEQUENCE_OF(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
 } ASN1_SEQUENCE_END(OCSP_SERVICELOC);

 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -158,23 +158,22 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
 		cid = one->reqCert;
 		ocsp_certid_print(bp, cid, 8);
 		if (!X509V3_extensions_print(bp,
-					"OCSP Request Single Extensions",
-					one->singleRequestExtensions, flags, 4))
+					"Request Single Extensions",
+					one->singleRequestExtensions, flags, 8))
 							goto err;
 		}
-	if (!X509V3_extensions_print(bp, "OCSP Request Extensions",
+	if (!X509V3_extensions_print(bp, "Request Extensions",
 			inf->requestExtensions, flags, 4))
 							goto err;
 	if (sig)
 	        {
 		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
-		}
-
-	for (i=0; i<sk_X509_num(sig->certs); i++)
-		if (sk_X509_value(sig->certs,i) != NULL) {
+		for (i=0; i<sk_X509_num(sig->certs); i++)
+			{
 			X509_print(bp, sk_X509_value(sig->certs,i));
 			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
-	}
+			}
+		}
 	return 1;
 err:
 	return 0;
@@ -269,20 +268,20 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 			}
 		if (!BIO_write(bp,"\n",1)) goto err;
 		if (!X509V3_extensions_print(bp,
-					"OCSP Basic Response Single Extensions",
-					single->singleExtensions, flags, 4))
+					"Response Single Extensions",
+					single->singleExtensions, flags, 8))
 							goto err;
 		}
-	if (!X509V3_extensions_print(bp, "OCSP Basic Response Extensions",
+	if (!X509V3_extensions_print(bp, "Response Extensions",
 					rd->responseExtensions, flags, 4))
 	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
 							goto err;

 	for (i=0; i<sk_X509_num(br->certs); i++)
-		if (sk_X509_value(br->certs,i) != NULL) {
-			X509_print(bp, sk_X509_value(br->certs,i));
-			PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
-	}
+		{
+		X509_print(bp, sk_X509_value(br->certs,i));
+		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+		}

 	return 1;
 err:

--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -229,7 +229,7 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int
 	OCSP_SERVICELOC *a = in;
 	ACCESS_DESCRIPTION *ad;

-        if (BIO_printf(bp, "%*ssIissuer: ", ind, "") <= 0) goto err;
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
 	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
 	        {

--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -112,7 +112,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
 	else ext_str = method->d2i(NULL, &p, ext->value->length);

-	if(!ext_str) unknown_ext_print(out, ext, flag, indent, 1);
+	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);

 	if(method->i2s) {
 		if(!(value = method->i2s(method, ext_str))) {