add -badsig option to corrupt CRL signatures for testing too
authorDr. Stephen Henson <steve@openssl.org>
Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)
apps/crl.c

index fc12734..8ee88af 100644 (file)
@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
        unsigned long nmflag = 0;
        X509_CRL *x=NULL;
        char *CAfile = NULL, *CApath = NULL;
-       int ret=1,i,num,badops=0;
+       int ret=1,i,num,badops=0,badsig=0;
        BIO *out=NULL;
        int informat,outformat;
        char *infile=NULL,*outfile=NULL;
@@ -208,6 +208,8 @@ int MAIN(int argc, char **argv)
                        fingerprint= ++num;
                else if (strcmp(*argv,"-crlnumber") == 0)
                        crlnumber= ++num;
+               else if (strcmp(*argv,"-badsig") == 0)
+                       badsig = 1;
                else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
                        {
                        /* ok */
@@ -377,6 +379,9 @@ bad:
                goto end;
                }
 
+       if (badsig)
+               x->signature->data[x->signature->length - 1] ^= 0x1;
+
        if      (outformat == FORMAT_ASN1)
                i=(int)i2d_X509_CRL_bio(out,x);
        else if (outformat == FORMAT_PEM)