From 5755cab49dd5a0d69f69e07c0bd6bdba175308cf Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 20 Dec 2000 00:46:44 +0000
Subject: [PATCH] Fixes to OCSP print code.

Don't try to print request certificates if signature is not present.

Remove unnecessary test for certificates being NULL.

Fix typos in printed output.

Tidy up output.

Fix for typo in OCSP_SERVICELOC ASN1 template.

Also give a bit more info in CHANGES about the ASN1 revision.
---
 CHANGES                 | 12 +++++++++++-
 crypto/ocsp/ocsp_asn.c  |  2 +-
 crypto/ocsp/ocsp_prn.c  | 29 ++++++++++++++---------------
 crypto/x509v3/v3_ocsp.c |  2 +-
 crypto/x509v3/v3_prn.c  |  2 +-
 5 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/CHANGES b/CHANGES
index c63a2dfcc9..b08201245e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
   *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
      Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
      when writing a 32767 byte record.
@@ -19,6 +24,7 @@
 
   *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
      entries for variables.
+     [Steve Henson]
 
   *) Add functionality to apps/openssl.c for detecting locking
      problems: As the program is single-threaded, all we have
@@ -66,7 +72,11 @@
      [Steve Henson]
 
   *) Merge in replacement ASN1 code from the ASN1 branch. This almost
-     completely replaces the old ASN1 functionality.
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
      [Steve Henson]
 
   *) Change BN_mod_exp_recp so that negative moduli are tolerated
diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
index a84db660da..336d5e396b 100644
--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
@@ -174,7 +174,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
 
 ASN1_SEQUENCE(OCSP_SERVICELOC) = {
 	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
-	ASN1_SEQUENCE_OF(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
 } ASN1_SEQUENCE_END(OCSP_SERVICELOC);
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 649a9cec91..533d3010f2 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -158,23 +158,22 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
 		cid = one->reqCert;
 		ocsp_certid_print(bp, cid, 8);
 		if (!X509V3_extensions_print(bp,
-					"OCSP Request Single Extensions",
-					one->singleRequestExtensions, flags, 4))
+					"Request Single Extensions",
+					one->singleRequestExtensions, flags, 8))
 							goto err;
 		}
-	if (!X509V3_extensions_print(bp, "OCSP Request Extensions",
+	if (!X509V3_extensions_print(bp, "Request Extensions",
 			inf->requestExtensions, flags, 4))
 							goto err;
 	if (sig)
 	        {
 		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
-		}
-
-	for (i=0; i<sk_X509_num(sig->certs); i++)
-		if (sk_X509_value(sig->certs,i) != NULL) {
+		for (i=0; i<sk_X509_num(sig->certs); i++)
+			{
 			X509_print(bp, sk_X509_value(sig->certs,i));
 			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
-	}
+			}
+		}
 	return 1;
 err:
 	return 0;
@@ -269,20 +268,20 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 			}
 		if (!BIO_write(bp,"\n",1)) goto err;
 		if (!X509V3_extensions_print(bp,
-					"OCSP Basic Response Single Extensions",
-					single->singleExtensions, flags, 4))
+					"Response Single Extensions",
+					single->singleExtensions, flags, 8))
 							goto err;
 		}
-	if (!X509V3_extensions_print(bp, "OCSP Basic Response Extensions",
+	if (!X509V3_extensions_print(bp, "Response Extensions",
 					rd->responseExtensions, flags, 4))
 	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
 							goto err;
 
 	for (i=0; i<sk_X509_num(br->certs); i++)
-		if (sk_X509_value(br->certs,i) != NULL) {
-			X509_print(bp, sk_X509_value(br->certs,i));
-			PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
-	}
+		{
+		X509_print(bp, sk_X509_value(br->certs,i));
+		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+		}
 
 	return 1;
 err:
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index a10bfa97f4..c65dbfa9f7 100644
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -229,7 +229,7 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int
 	OCSP_SERVICELOC *a = in;
 	ACCESS_DESCRIPTION *ad;
 
-        if (BIO_printf(bp, "%*ssIissuer: ", ind, "") <= 0) goto err;
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
         if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
 	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
 	        {
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 475c48098c..62ec1f1db3 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -112,7 +112,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
 	else ext_str = method->d2i(NULL, &p, ext->value->length);
 
-	if(!ext_str) unknown_ext_print(out, ext, flag, indent, 1);
+	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
 
 	if(method->i2s) {
 		if(!(value = method->i2s(method, ext_str))) {
-- 
GitLab