diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/apps.c | 16 | ||||
| -rw-r--r-- | apps/apps.h | 2 | ||||
| -rw-r--r-- | apps/ca.c | 2 | ||||
| -rw-r--r-- | apps/cms.c | 4 | ||||
| -rw-r--r-- | apps/crl.c | 5 | ||||
| -rw-r--r-- | apps/ocsp.c | 4 | ||||
| -rw-r--r-- | apps/x509.c | 5 |
7 files changed, 26 insertions, 12 deletions
diff --git a/apps/apps.c b/apps/apps.c index 746f565a90..17a9fdc267 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1938,7 +1938,7 @@ static const char *get_dp_url(DIST_POINT *dp) gen = sk_GENERAL_NAME_value(gens, i); uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { - char *uptr = (char *)ASN1_STRING_data(uri); + const char *uptr = (const char *)ASN1_STRING_get0_data(uri); if (strncmp(uptr, "http://", 7) == 0) return uptr; } @@ -2581,3 +2581,17 @@ int has_stdin_waiting(void) return _kbhit(); } #endif + +/* Corrupt a signature by modifying final byte */ +int corrupt_signature(ASN1_STRING *signature) +{ + unsigned char *s; + size_t slen = ASN1_STRING_length(signature); + + s = OPENSSL_memdup(ASN1_STRING_get0_data(signature), slen); + if (s == NULL) + return 0; + s[slen - 1] ^= 0x1; + ASN1_STRING_set0(signature, s, slen); + return 1; +} diff --git a/apps/apps.h b/apps/apps.h index 33a2f683fa..8fb6f44f2f 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -71,6 +71,8 @@ void wait_for_async(SSL *s); int has_stdin_waiting(void); # endif +int corrupt_signature(ASN1_STRING *signature); + /* * Common verification options. */ @@ -988,7 +988,7 @@ end_of_options: x = sk_X509_value(cert_sk, i); j = ASN1_STRING_length(serialNumber); - p = (const char *)ASN1_STRING_data(serialNumber); + p = (const char *)ASN1_STRING_get0_data(serialNumber); if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) { BIO_printf(bio_err, "certificate file name too long\n"); diff --git a/apps/cms.c b/apps/cms.c index 5899760a90..b5ae97090f 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1177,13 +1177,13 @@ static void receipt_request_print(CMS_ContentInfo *cms) BIO_puts(bio_err, " Receipt Request Parse Error\n"); ERR_print_errors(bio_err); } else { - char *id; + const char *id; int idlen; CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, &rlist, &rto); BIO_puts(bio_err, " Signed Content ID:\n"); idlen = ASN1_STRING_length(scid); - id = (char *)ASN1_STRING_data(scid); + id = (const char *)ASN1_STRING_get0_data(scid); BIO_dump_indent(bio_err, id, idlen, 4); BIO_puts(bio_err, " Receipts From"); if (rlist) { diff --git a/apps/crl.c b/apps/crl.c index 3e30bdc59c..6ea0b4c32b 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -321,10 +321,9 @@ int crl_main(int argc, char **argv) if (badsig) { ASN1_BIT_STRING *sig; - unsigned char *psig; X509_CRL_get0_signature(&sig, NULL, x); - psig = ASN1_STRING_data(sig); - psig[ASN1_STRING_length(sig) - 1] ^= 0x1; + if (!corrupt_signature(sig)) + goto end; } if (outformat == FORMAT_ASN1) diff --git a/apps/ocsp.c b/apps/ocsp.c index 1cb11b289b..17668788df 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -951,8 +951,8 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, if (badsig) { ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); - unsigned char *sigptr = ASN1_STRING_data(sig); - sigptr[ASN1_STRING_length(sig) - 1] ^= 0x1; + if (!corrupt_signature(sig)) + goto end; } *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); diff --git a/apps/x509.c b/apps/x509.c index ed49c4e8fb..93b0eae852 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -849,10 +849,9 @@ int x509_main(int argc, char **argv) if (badsig) { ASN1_BIT_STRING *signature; - unsigned char *s; X509_get0_signature(&signature, NULL, x); - s = ASN1_STRING_data(signature); - s[ASN1_STRING_length(signature) - 1] ^= 0x1; + if (!corrupt_signature(signature)) + goto end; } if (outformat == FORMAT_ASN1) |