add -badsig option to corrupt CRL signatures for testing too

author Dr. Stephen Henson <steve@openssl.org>

Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)
diff --git a/apps/crl.c b/apps/crl.c

index fc12734052138f9034a464c80757e9c3f4e1a10b..8ee88af46cf14dcb71f722ff5e6e7e10dbdf87bf 100644 (file)
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
         unsigned long nmflag = 0;
         X509_CRL *x=NULL;
         char *CAfile = NULL, *CApath = NULL;
-       int ret=1,i,num,badops=0;
+       int ret=1,i,num,badops=0,badsig=0;
         BIO *out=NULL;
         int informat,outformat;
         char *infile=NULL,*outfile=NULL;
@@ -208,6 +208,8 @@ int MAIN(int argc, char **argv)
                         fingerprint= ++num;
                 else if (strcmp(*argv,"-crlnumber") == 0)
                         crlnumber= ++num;
+               else if (strcmp(*argv,"-badsig") == 0)
+                       badsig = 1;
                 else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
                         {
                         /* ok */
@@ -377,6 +379,9 @@ bad:
                 goto end;
                 }
  
+       if (badsig)
+               x->signature->data[x->signature->length - 1] ^= 0x1;
+
         if      (outformat == FORMAT_ASN1)
                 i=(int)i2d_X509_CRL_bio(out,x);
         else if (outformat == FORMAT_PEM)
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)