Align CRL and CSR version printing with certs

Only print specified 0-based versions and print them with the 1-based
human interpretation. Use a colon and error check the BIO_printf()
calls. (There's a lot more to clean up in here, but that's for another
day).

Notably, X509_CRL_print_ex() is missing... I guess that's better than
having one with signature and semantics differing from X509_print_ex()
und X509_REQ_print_ex().

ok beck

2 files changed, 18 insertions, 14 deletions

diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
index 39e04507ed..6449e7f199 100644
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t_crl.c,v 1.25 2024/05/02 15:33:59 tb Exp $ */
+/* $OpenBSD: t_crl.c,v 1.26 2024/05/03 02:52:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -96,9 +96,15 @@ X509_CRL_print(BIO *out, X509_CRL *x)
 
         BIO_printf(out, "Certificate Revocation List (CRL):\n");
         l = X509_CRL_get_version(x);
-        if (l < 0 || l == LONG_MAX)
-                goto err;
-        BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
+        if (l >= 0 && l <= 1) {
+                if (BIO_printf(out, "%8sVersion: %lu (0x%lx)\n",
+                    "", l + 1, l) <= 0)
+                        goto err;
+        } else {
+                if (BIO_printf(out, "%8sVersion: unknown (%ld)\n",
+                    "", l) <= 0)
+                        goto err;
+        }
         if (X509_signature_print(out, x->sig_alg, NULL) == 0)
                 goto err;
         p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index ac011705ef..1d4be9865d 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t_req.c,v 1.27 2024/04/09 13:55:02 beck Exp $ */
+/* $OpenBSD: t_req.c,v 1.28 2024/05/03 02:52:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -99,7 +99,6 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 {
         unsigned long l;
         int i;
-        const char *neg;
         X509_REQ_INFO *ri;
         EVP_PKEY *pkey;
         STACK_OF(X509_ATTRIBUTE) *sk;
@@ -124,15 +123,14 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                         goto err;
         }
         if (!(cflag & X509_FLAG_NO_VERSION)) {
-                neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : "";
-                l = 0;
-                for (i = 0; i < ri->version->length; i++) {
-                        l <<= 8;
-                        l += ri->version->data[i];
+                if ((l = X509_REQ_get_version(x)) == 0) {
+                        if (BIO_printf(bp, "%8sVersion: 1 (0x0)\n", "") <= 0)
+                                goto err;
+                } else {
+                        if (BIO_printf(bp, "%8sVersion: unknown (%ld)\n",
+                            "", l) <= 0)
+                                goto err;
                 }
-                if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg,
-                    l, neg, l) <= 0)
-                        goto err;
         }
         if (!(cflag & X509_FLAG_NO_SUBJECT)) {
                 if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)