Corrupt signature earlier.

If -badsig is selected corrupt the signature before printing out any details so the output reflects the modified signature. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 15:19:55 +01:00 · 2016-08-16 15:19:55 +01:00 · 0f022f5a22
commit 0f022f5a22
parent 34d4d74575
2 changed files with 15 additions and 14 deletions
--- a/apps/crl.c
+++ b/apps/crl.c
@ -249,6 +249,14 @@ int crl_main(int argc, char **argv)
        }
    }

+    if (badsig) {
+        ASN1_BIT_STRING *sig;
+
+        X509_CRL_get0_signature(&sig, NULL, x);
+        if (!corrupt_signature(sig))
+            goto end;
+    }
+
    if (num) {
        for (i = 1; i <= num; i++) {
            if (issuer == i) {
@ -319,13 +327,6 @@ int crl_main(int argc, char **argv)
        goto end;
    }

-    if (badsig) {
-        ASN1_BIT_STRING *sig;
-        X509_CRL_get0_signature(&sig, NULL, x);
-        if (!corrupt_signature(sig))
-            goto end;
-    }
-
    if (outformat == FORMAT_ASN1)
        i = (int)i2d_X509_CRL_bio(out, x);
    else
--- a/apps/x509.c
+++ b/apps/x509.c
@ -603,6 +603,13 @@ int x509_main(int argc, char **argv)
        objtmp = NULL;
    }

+    if (badsig) {
+        ASN1_BIT_STRING *signature;
+        X509_get0_signature(&signature, NULL, x);
+        if (!corrupt_signature(signature))
+            goto end;
+    }
+
    if (num) {
        for (i = 1; i <= num; i++) {
            if (issuer == i) {
@ -847,13 +854,6 @@ int x509_main(int argc, char **argv)
        goto end;
    }

-    if (badsig) {
-        ASN1_BIT_STRING *signature;
-        X509_get0_signature(&signature, NULL, x);
-        if (!corrupt_signature(signature))
-            goto end;
-    }
-
    if (outformat == FORMAT_ASN1)
        i = i2d_X509_bio(out, x);
    else if (outformat == FORMAT_PEM) {