diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-17 12:34:22 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-17 12:34:22 +0100 |
| commit | a0754084f82cf1cd0c8629d61f779bb6a6c6b1a6 (patch) | |
| tree | e1287c54eeea701518d4f18c87dc2ffc106b07db | |
| parent | 79613ea8442a309b76a737eacb2a69f612cc5f06 (diff) | |
| download | openssl-a0754084f82cf1cd0c8629d61f779bb6a6c6b1a6.tar.gz | |
Corrupt signature in place.
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | apps/apps.c | 13 | ||||
| -rw-r--r-- | apps/apps.h | 2 | ||||
| -rw-r--r-- | apps/crl.c | 3 | ||||
| -rw-r--r-- | apps/ocsp.c | 5 | ||||
| -rw-r--r-- | apps/x509.c | 3 |
5 files changed, 8 insertions, 18 deletions
diff --git a/apps/apps.c b/apps/apps.c index 17a9fdc267..10ab6262c8 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2583,15 +2583,8 @@ int has_stdin_waiting(void) #endif /* Corrupt a signature by modifying final byte */ -int corrupt_signature(ASN1_STRING *signature) +void corrupt_signature(const ASN1_STRING *signature) { - unsigned char *s; - size_t slen = ASN1_STRING_length(signature); - - s = OPENSSL_memdup(ASN1_STRING_get0_data(signature), slen); - if (s == NULL) - return 0; - s[slen - 1] ^= 0x1; - ASN1_STRING_set0(signature, s, slen); - return 1; + unsigned char *s = signature->data; + s[signature->length - 1] ^= 0x1; } diff --git a/apps/apps.h b/apps/apps.h index 8fb6f44f2f..9658d5cf3d 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -71,7 +71,7 @@ void wait_for_async(SSL *s); int has_stdin_waiting(void); # endif -int corrupt_signature(ASN1_STRING *signature); +void corrupt_signature(const ASN1_STRING *signature); /* * Common verification options. diff --git a/apps/crl.c b/apps/crl.c index 0140ff749c..abcbc45cc9 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -253,8 +253,7 @@ int crl_main(int argc, char **argv) ASN1_BIT_STRING *sig; X509_CRL_get0_signature(&sig, NULL, x); - if (!corrupt_signature(sig)) - goto end; + corrupt_signature(sig); } if (num) { diff --git a/apps/ocsp.c b/apps/ocsp.c index 17668788df..5bd1acaf79 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -950,9 +950,8 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags); if (badsig) { - ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); - if (!corrupt_signature(sig)) - goto end; + const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); + corrupt_signature(sig); } *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); diff --git a/apps/x509.c b/apps/x509.c index 23265b229e..27a928c103 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -606,8 +606,7 @@ int x509_main(int argc, char **argv) if (badsig) { ASN1_BIT_STRING *signature; X509_get0_signature(&signature, NULL, x); - if (!corrupt_signature(signature)) - goto end; + corrupt_signature(signature); } if (num) { |