diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-16 15:19:55 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-16 16:05:36 +0100 |
commit | 0f022f5a2201a591da7d373ebeeb7d29bdcaf95a (patch) | |
tree | b7c52530cafda1d0f8c558e70962cff1817c2d91 | |
parent | 34d4d74575236245c7e133d121eb2302c18b21f1 (diff) | |
download | openssl-0f022f5a2201a591da7d373ebeeb7d29bdcaf95a.tar.gz |
Corrupt signature earlier.
If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.
Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r-- | apps/crl.c | 15 | ||||
-rw-r--r-- | apps/x509.c | 14 |
2 files changed, 15 insertions, 14 deletions
diff --git a/apps/crl.c b/apps/crl.c index 6ea0b4c32b..0140ff749c 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -249,6 +249,14 @@ int crl_main(int argc, char **argv) } } + if (badsig) { + ASN1_BIT_STRING *sig; + + X509_CRL_get0_signature(&sig, NULL, x); + if (!corrupt_signature(sig)) + goto end; + } + if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { @@ -319,13 +327,6 @@ int crl_main(int argc, char **argv) goto end; } - if (badsig) { - ASN1_BIT_STRING *sig; - X509_CRL_get0_signature(&sig, NULL, x); - if (!corrupt_signature(sig)) - goto end; - } - if (outformat == FORMAT_ASN1) i = (int)i2d_X509_CRL_bio(out, x); else diff --git a/apps/x509.c b/apps/x509.c index 93b0eae852..23265b229e 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -603,6 +603,13 @@ int x509_main(int argc, char **argv) objtmp = NULL; } + if (badsig) { + ASN1_BIT_STRING *signature; + X509_get0_signature(&signature, NULL, x); + if (!corrupt_signature(signature)) + goto end; + } + if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { @@ -847,13 +854,6 @@ int x509_main(int argc, char **argv) goto end; } - if (badsig) { - ASN1_BIT_STRING *signature; - X509_get0_signature(&signature, NULL, x); - if (!corrupt_signature(signature)) - goto end; - } - if (outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x); else if (outformat == FORMAT_PEM) { |