Corrupt signature in place.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/apps/apps.c b/apps/apps.c
index 17a9fdc2671f4fe28cf631d2bea8f2c20325f99f..10ab6262c828f81c5ca9689e9fa6be3ea6d18ce1 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2583,15 +2583,8 @@ int has_stdin_waiting(void)
 #endif
 
 /* Corrupt a signature by modifying final byte */
-int corrupt_signature(ASN1_STRING *signature)
+void corrupt_signature(const ASN1_STRING *signature)
 {
-        unsigned char *s;
-        size_t slen = ASN1_STRING_length(signature);
-
-        s = OPENSSL_memdup(ASN1_STRING_get0_data(signature), slen);
-        if (s == NULL)
-            return 0;
-        s[slen - 1] ^= 0x1;
-        ASN1_STRING_set0(signature, s, slen);
-        return 1;
+        unsigned char *s = signature->data;
+        s[signature->length - 1] ^= 0x1;
 }

diff --git a/apps/apps.h b/apps/apps.h
index 8fb6f44f2f7debc7832daa8937d1336d100dd805..9658d5cf3d3a2f9d57ca48438fa405e282d5c5cd 100644 (file)
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -71,7 +71,7 @@ void wait_for_async(SSL *s);
 int has_stdin_waiting(void);
 # endif
 
-int corrupt_signature(ASN1_STRING *signature);
+void corrupt_signature(const ASN1_STRING *signature);
 
 /*
  * Common verification options.

diff --git a/apps/crl.c b/apps/crl.c
index 0140ff749cd5ecf0e5f6dbc7ba10f9f43c2e18da..abcbc45cc9273057ad9f040ea9d790ec80d7884a 100644 (file)
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -253,8 +253,7 @@ int crl_main(int argc, char **argv)
         ASN1_BIT_STRING *sig;
 
         X509_CRL_get0_signature(&sig, NULL, x);
-        if (!corrupt_signature(sig))
-            goto end;
+        corrupt_signature(sig);
     }
 
     if (num) {

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 17668788df0c04d4226352db9a37c08f2c53fd9a..5bd1acaf79609aaff17ba9043720b5a62fa6070a 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -950,9 +950,8 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
     OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags);
 
     if (badsig) {
-        ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
-        if (!corrupt_signature(sig))
-            goto end;
+        const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
+        corrupt_signature(sig);
     }
 
     *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);

diff --git a/apps/x509.c b/apps/x509.c
index 23265b229eac8e510e4f9c8c361615540171dd87..27a928c10316f31be2492f51c53cbbe70aea0126 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -606,8 +606,7 @@ int x509_main(int argc, char **argv)
     if (badsig) {
         ASN1_BIT_STRING *signature;
         X509_get0_signature(&signature, NULL, x);
-        if (!corrupt_signature(signature))
-            goto end;
+        corrupt_signature(signature);
     }
 
     if (num) {