add -badsig option to corrupt CRL signatures for testing too

diff --git a/apps/crl.c b/apps/crl.c
index fc12734052138f9034a464c80757e9c3f4e1a10b..8ee88af46cf14dcb71f722ff5e6e7e10dbdf87bf 100644 (file)
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
        unsigned long nmflag = 0;
        X509_CRL *x=NULL;
        char *CAfile = NULL, *CApath = NULL;
        unsigned long nmflag = 0;
        X509_CRL *x=NULL;
        char *CAfile = NULL, *CApath = NULL;

-       int ret=1,i,num,badops=0;
+       int ret=1,i,num,badops=0,badsig=0;

        BIO *out=NULL;
        int informat,outformat;
        char *infile=NULL,*outfile=NULL;
        BIO *out=NULL;
        int informat,outformat;
        char *infile=NULL,*outfile=NULL;


@@ -208,6 +208,8 @@ int MAIN(int argc, char **argv)
                        fingerprint= ++num;
                else if (strcmp(*argv,"-crlnumber") == 0)
                        crlnumber= ++num;
                        fingerprint= ++num;
                else if (strcmp(*argv,"-crlnumber") == 0)
                        crlnumber= ++num;

+               else if (strcmp(*argv,"-badsig") == 0)
+                       badsig = 1;

                else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
                        {
                        /* ok */
                else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
                        {
                        /* ok */


@@ -377,6 +379,9 @@ bad:
                goto end;
                }
 
                goto end;
                }
 

+       if (badsig)
+               x->signature->data[x->signature->length - 1] ^= 0x1;
+

        if      (outformat == FORMAT_ASN1)
                i=(int)i2d_X509_CRL_bio(out,x);
        else if (outformat == FORMAT_PEM)
        if      (outformat == FORMAT_ASN1)
                i=(int)i2d_X509_CRL_bio(out,x);
        else if (outformat == FORMAT_PEM)