From fcb14bbcf9018ec70d4d08807fe36886228507d3 Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Tue, 7 Feb 2023 16:03:44 +0800
Subject: [PATCH] Fix CRL ext bug

---
 src/x509_alg.c | 15 ++++++++++++---
 src/x509_cer.c |  4 ++--
 src/x509_ext.c |  2 +-
 tools/crlget.c |  2 +-
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/x509_alg.c b/src/x509_alg.c
index 61114c0c..ff5ae648 100644
--- a/src/x509_alg.c
+++ b/src/x509_alg.c
@@ -383,12 +383,21 @@ int x509_signature_algor_from_der(int *oid, const uint8_t **in, size_t *inlen)
 		if (ret < 0) error_print();
 		return ret;
 	}
-	if (asn1_oid_info_from_der(&info, x509_sign_algors, x509_sign_algors_count, &p, &len) != 1
-		|| (info->flags && asn1_null_from_der(&p, &len) < 0)
-		|| asn1_length_is_zero(len) != 1) {
+	if (asn1_oid_info_from_der(&info, x509_sign_algors, x509_sign_algors_count, &p, &len) != 1) {
 		error_print();
 		return -1;
 	}
+	if (len) {
+		if (asn1_null_from_der(&p, &len) < 0) {
+			error_print();
+			return -1;
+		}
+		// FIXME: check info->flags
+		if (len) {
+			error_print();
+			return -1;
+		}
+	}
 	*oid = info->oid;
 	return 1;
 }
diff --git a/src/x509_cer.c b/src/x509_cer.c
index 3522d72c..218ace8e 100644
--- a/src/x509_cer.c
+++ b/src/x509_cer.c
@@ -1068,8 +1068,8 @@ int x509_tbs_cert_print(FILE *fp, int fmt, int ind, const char *label, const uin
 	if (ret) format_print(fp, fmt, ind, "version: %s (%d)\n", x509_version_name(val), val);
 	if (asn1_integer_from_der(&p, &len, &d, &dlen) != 1) goto err;
 	format_bytes(fp, fmt, ind, "serialNumber", p, len);
-	if (x509_signature_algor_from_der(&val, &d, &dlen) != 1) goto err;
-	format_print(fp, fmt, ind, "siganture: %s\n", x509_signature_algor_name(val));
+	if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
+	x509_signature_algor_print(fp, fmt, ind, "signature", p, len);
 	if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
 	x509_name_print(fp, fmt, ind, "issuer", p, len);
 	if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
diff --git a/src/x509_ext.c b/src/x509_ext.c
index c6715731..e27d1f57 100644
--- a/src/x509_ext.c
+++ b/src/x509_ext.c
@@ -2623,7 +2623,7 @@ int x509_uri_as_distribution_point_name_from_der(const char **uri, size_t *urile
 		return ret;
 	}
 	if (choice == X509_full_name) {
-		if (x509_general_names_get_first(d, dlen, NULL, choice, (const uint8_t **)uri, urilen) < 0) {
+		if (x509_general_names_get_first(d, dlen, NULL, X509_gn_uniform_resource_identifier, (const uint8_t **)uri, urilen) < 0) {
 			error_print();
 			return -1;
 		}
diff --git a/tools/crlget.c b/tools/crlget.c
index 97d160a9..3b703637 100644
--- a/tools/crlget.c
+++ b/tools/crlget.c
@@ -82,7 +82,7 @@ bad:
 
 	if (!cert) {
 		fprintf(stderr, "%s: `-cert` option required\n", prog);
-		printf("usage: gmssl %s %s\n\n", prog, options);
+		printf("usage: gmssl %s %s\n\n", prog, usage);
 		goto end;
 	}