Corrupt signature earlier.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 16 Aug 2016 14:19:55 +0000 (15:19 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 16 Aug 2016 15:05:36 +0000 (16:05 +0100)
If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.

Reviewed-by: Rich Salz <rsalz@openssl.org>
apps/crl.c
apps/x509.c

index 6ea0b4c..0140ff7 100644 (file)
@@ -249,6 +249,14 @@ int crl_main(int argc, char **argv)
         }
     }
 
+    if (badsig) {
+        ASN1_BIT_STRING *sig;
+
+        X509_CRL_get0_signature(&sig, NULL, x);
+        if (!corrupt_signature(sig))
+            goto end;
+    }
+
     if (num) {
         for (i = 1; i <= num; i++) {
             if (issuer == i) {
@@ -319,13 +327,6 @@ int crl_main(int argc, char **argv)
         goto end;
     }
 
-    if (badsig) {
-        ASN1_BIT_STRING *sig;
-        X509_CRL_get0_signature(&sig, NULL, x);
-        if (!corrupt_signature(sig))
-            goto end;
-    }
-
     if (outformat == FORMAT_ASN1)
         i = (int)i2d_X509_CRL_bio(out, x);
     else
index 93b0eae..23265b2 100644 (file)
@@ -603,6 +603,13 @@ int x509_main(int argc, char **argv)
         objtmp = NULL;
     }
 
+    if (badsig) {
+        ASN1_BIT_STRING *signature;
+        X509_get0_signature(&signature, NULL, x);
+        if (!corrupt_signature(signature))
+            goto end;
+    }
+
     if (num) {
         for (i = 1; i <= num; i++) {
             if (issuer == i) {
@@ -847,13 +854,6 @@ int x509_main(int argc, char **argv)
         goto end;
     }
 
-    if (badsig) {
-        ASN1_BIT_STRING *signature;
-        X509_get0_signature(&signature, NULL, x);
-        if (!corrupt_signature(signature))
-            goto end;
-    }
-
     if (outformat == FORMAT_ASN1)
         i = i2d_X509_bio(out, x);
     else if (outformat == FORMAT_PEM) {