1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <stdio.h>
17 #include <stdlib.h>
18 #include <string.h>
19 #include <sys/types.h>
20 #include <sys/stat.h>
21
22 #include <openssl/crypto.h>
23 #include <openssl/rand.h>
24 #include <openssl/bn.h>
25 #include <openssl/dsa.h>
26 #include <openssl/evp.h>
27 #include <openssl/core_names.h>
28
29 #include "testutil.h"
30 #include "internal/nelem.h"
31
32 #ifndef OPENSSL_NO_DSA
33 static int dsa_cb(int p, int n, BN_GENCB *arg);
34
35 static unsigned char out_p[] = {
36 0x8d,
37 0xf2,
38 0xa4,
39 0x94,
40 0x49,
41 0x22,
42 0x76,
43 0xaa,
44 0x3d,
45 0x25,
46 0x75,
47 0x9b,
48 0xb0,
49 0x68,
50 0x69,
51 0xcb,
52 0xea,
53 0xc0,
54 0xd8,
55 0x3a,
56 0xfb,
57 0x8d,
58 0x0c,
59 0xf7,
60 0xcb,
61 0xb8,
62 0x32,
63 0x4f,
64 0x0d,
65 0x78,
66 0x82,
67 0xe5,
68 0xd0,
69 0x76,
70 0x2f,
71 0xc5,
72 0xb7,
73 0x21,
74 0x0e,
75 0xaf,
76 0xc2,
77 0xe9,
78 0xad,
79 0xac,
80 0x32,
81 0xab,
82 0x7a,
83 0xac,
84 0x49,
85 0x69,
86 0x3d,
87 0xfb,
88 0xf8,
89 0x37,
90 0x24,
91 0xc2,
92 0xec,
93 0x07,
94 0x36,
95 0xee,
96 0x31,
97 0xc8,
98 0x02,
99 0x91,
100 };
101 static unsigned char out_q[] = {
102 0xc7,
103 0x73,
104 0x21,
105 0x8c,
106 0x73,
107 0x7e,
108 0xc8,
109 0xee,
110 0x99,
111 0x3b,
112 0x4f,
113 0x2d,
114 0xed,
115 0x30,
116 0xf4,
117 0x8e,
118 0xda,
119 0xce,
120 0x91,
121 0x5f,
122 };
123 static unsigned char out_g[] = {
124 0x62,
125 0x6d,
126 0x02,
127 0x78,
128 0x39,
129 0xea,
130 0x0a,
131 0x13,
132 0x41,
133 0x31,
134 0x63,
135 0xa5,
136 0x5b,
137 0x4c,
138 0xb5,
139 0x00,
140 0x29,
141 0x9d,
142 0x55,
143 0x22,
144 0x95,
145 0x6c,
146 0xef,
147 0xcb,
148 0x3b,
149 0xff,
150 0x10,
151 0xf3,
152 0x99,
153 0xce,
154 0x2c,
155 0x2e,
156 0x71,
157 0xcb,
158 0x9d,
159 0xe5,
160 0xfa,
161 0x24,
162 0xba,
163 0xbf,
164 0x58,
165 0xe5,
166 0xb7,
167 0x95,
168 0x21,
169 0x92,
170 0x5c,
171 0x9c,
172 0xc4,
173 0x2e,
174 0x9f,
175 0x6f,
176 0x46,
177 0x4b,
178 0x08,
179 0x8c,
180 0xc5,
181 0x72,
182 0xaf,
183 0x53,
184 0xe6,
185 0xd7,
186 0x88,
187 0x02,
188 };
189
dsa_test(void)190 static int dsa_test(void)
191 {
192 BN_GENCB *cb;
193 DSA *dsa = NULL;
194 int counter, ret = 0, i, j;
195 unsigned char buf[256];
196 unsigned long h;
197 unsigned char sig[256];
198 unsigned int siglen;
199 const BIGNUM *p = NULL, *q = NULL, *g = NULL;
200 /*
201 * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
202 * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
203 */
204 static unsigned char seed[20] = {
205 0xd5,
206 0x01,
207 0x4e,
208 0x4b,
209 0x60,
210 0xef,
211 0x2b,
212 0xa8,
213 0xb6,
214 0x21,
215 0x1b,
216 0x40,
217 0x62,
218 0xba,
219 0x32,
220 0x24,
221 0xe0,
222 0x42,
223 0x7d,
224 0xd3,
225 };
226 static const unsigned char str1[] = "12345678901234567890";
227
228 if (!TEST_ptr(cb = BN_GENCB_new()))
229 goto end;
230
231 BN_GENCB_set(cb, dsa_cb, NULL);
232 if (!TEST_ptr(dsa = DSA_new())
233 || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
234 &counter, &h, cb)))
235 goto end;
236
237 if (!TEST_int_eq(counter, 105))
238 goto end;
239 if (!TEST_int_eq(h, 2))
240 goto end;
241
242 DSA_get0_pqg(dsa, &p, &q, &g);
243 i = BN_bn2bin(q, buf);
244 j = sizeof(out_q);
245 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
246 goto end;
247
248 i = BN_bn2bin(p, buf);
249 j = sizeof(out_p);
250 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
251 goto end;
252
253 i = BN_bn2bin(g, buf);
254 j = sizeof(out_g);
255 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
256 goto end;
257
258 if (!TEST_true(DSA_generate_key(dsa)))
259 goto end;
260 if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa)))
261 goto end;
262 if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0))
263 ret = 1;
264 end:
265 DSA_free(dsa);
266 BN_GENCB_free(cb);
267 return ret;
268 }
269
dsa_cb(int p,int n,BN_GENCB * arg)270 static int dsa_cb(int p, int n, BN_GENCB *arg)
271 {
272 static int ok = 0, num = 0;
273
274 if (p == 0)
275 num++;
276 if (p == 2)
277 ok++;
278
279 if (!ok && (p == 0) && (num > 1)) {
280 TEST_error("dsa_cb error");
281 return 0;
282 }
283 return 1;
284 }
285
286 #define P 0
287 #define Q 1
288 #define G 2
289 #define SEED 3
290 #define PCOUNT 4
291 #define GINDEX 5
292 #define HCOUNT 6
293 #define GROUP 7
294
dsa_keygen_test(void)295 static int dsa_keygen_test(void)
296 {
297 int ret = 0;
298 EVP_PKEY *param_key = NULL, *key = NULL;
299 EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL;
300 BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL;
301 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL;
302 int gindex_out = 0, pcount_out = 0, hcount_out = 0;
303 unsigned char seed_out[32];
304 char group_out[32];
305 size_t len = 0;
306 const OSSL_PARAM *settables = NULL;
307 static const unsigned char seed_data[] = {
308 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
309 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
310 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
311 0x7b, 0x2a, 0xc7, 0x29
312 };
313 static const unsigned char expected_p[] = {
314 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
315 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
316 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
317 0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
318 0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
319 0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
320 0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
321 0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
322 0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
323 0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
324 0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
325 0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
326 0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
327 0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
328 0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
329 0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
330 0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
331 0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
332 0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
333 0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
334 0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
335 0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
336 0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
337 0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
338 0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
339 0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
340 0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
341 0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
342 0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
343 0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
344 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
345 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
346 };
347 static const unsigned char expected_q[] = {
348 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
349 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
350 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
351 0xe2, 0x56, 0xae, 0xd7
352 };
353 static const unsigned char expected_g[] = {
354 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
355 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
356 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
357 0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
358 0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
359 0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
360 0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
361 0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
362 0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
363 0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
364 0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
365 0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
366 0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
367 0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
368 0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
369 0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
370 0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
371 0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
372 0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
373 0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
374 0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
375 0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
376 0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
377 0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
378 0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
379 0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
380 0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
381 0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
382 0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
383 0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
384 0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
385 0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
386 };
387 int expected_c = 1316;
388 int expected_h = 2;
389
390 if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
391 || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
392 || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
393 goto end;
394 if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
395 || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
396 || !TEST_ptr(EVP_PKEY_CTX_gettable_params(pg_ctx))
397 || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
398 || !TEST_ptr(OSSL_PARAM_locate_const(settables,
399 OSSL_PKEY_PARAM_FFC_PBITS))
400 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4"))
401 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
402 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
403 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
404 sizeof(seed_data)))
405 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
406 ""))
407 || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, ¶m_key), 0)
408 || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
409 || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
410 || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0))
411 goto end;
412
413 if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
414 || !TEST_BN_eq(p_in, p_out)
415 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
416 || !TEST_BN_eq(q_in, q_out)
417 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
418 || !TEST_BN_eq(g_in, g_out)
419 || !TEST_true(EVP_PKEY_get_octet_string_param(
420 key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
421 sizeof(seed_out), &len))
422 || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
423 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
424 &gindex_out))
425 || !TEST_int_eq(gindex_out, -1)
426 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
427 &hcount_out))
428 || !TEST_int_eq(hcount_out, expected_h)
429 || !TEST_true(EVP_PKEY_get_int_param(key,
430 OSSL_PKEY_PARAM_FFC_PCOUNTER,
431 &pcount_out))
432 || !TEST_int_eq(pcount_out, expected_c)
433 || !TEST_false(EVP_PKEY_get_utf8_string_param(key,
434 OSSL_PKEY_PARAM_GROUP_NAME,
435 group_out,
436 sizeof(group_out), &len)))
437 goto end;
438 ret = 1;
439 end:
440 BN_free(p_in);
441 BN_free(q_in);
442 BN_free(g_in);
443 BN_free(p_out);
444 BN_free(q_out);
445 BN_free(g_out);
446 EVP_PKEY_free(param_key);
447 EVP_PKEY_free(key);
448 EVP_PKEY_CTX_free(kg_ctx);
449 EVP_PKEY_CTX_free(pg_ctx);
450 return ret;
451 }
452
test_dsa_default_paramgen_validate(int i)453 static int test_dsa_default_paramgen_validate(int i)
454 {
455 int ret;
456 EVP_PKEY_CTX *gen_ctx = NULL;
457 EVP_PKEY_CTX *check_ctx = NULL;
458 EVP_PKEY *params = NULL;
459
460 ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
461 && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
462 && (i == 0
463 || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
464 && TEST_int_gt(EVP_PKEY_generate(gen_ctx, ¶ms), 0)
465 && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
466 && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);
467
468 EVP_PKEY_free(params);
469 EVP_PKEY_CTX_free(check_ctx);
470 EVP_PKEY_CTX_free(gen_ctx);
471 return ret;
472 }
473
test_dsa_sig_infinite_loop(void)474 static int test_dsa_sig_infinite_loop(void)
475 {
476 int ret = 0;
477 DSA *dsa = NULL;
478 BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL;
479 BIGNUM *badq = NULL, *badpriv = NULL;
480 const unsigned char msg[] = { 0x00 };
481 unsigned int signature_len0;
482 unsigned int signature_len;
483 unsigned char signature[64];
484
485 static unsigned char out_priv[] = {
486 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98,
487 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4,
488 0xf8, 0x0f, 0x7f, 0x12
489 };
490 static unsigned char out_pub[] = {
491 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60,
492 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60,
493 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50,
494 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b,
495 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf,
496 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38,
497 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6,
498 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3
499 };
500 if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL))
501 || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL))
502 || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL))
503 || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL))
504 || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL))
505 || !TEST_ptr(priv2 = BN_dup(priv))
506 || !TEST_ptr(badq = BN_new())
507 || !TEST_true(BN_set_word(badq, 1))
508 || !TEST_ptr(badpriv = BN_new())
509 || !TEST_true(BN_set_word(badpriv, 0))
510 || !TEST_ptr(dsa = DSA_new()))
511 goto err;
512
513 if (!TEST_true(DSA_set0_pqg(dsa, p, q, g)))
514 goto err;
515 p = q = g = NULL;
516
517 if (!TEST_true(DSA_set0_key(dsa, pub, priv)))
518 goto err;
519 pub = priv = NULL;
520
521 if (!TEST_int_le(DSA_size(dsa), sizeof(signature)))
522 goto err;
523
524 /* Test passing signature as NULL */
525 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa))
526 || !TEST_int_gt(signature_len0, 0))
527 goto err;
528
529 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))
530 || !TEST_int_gt(signature_len, 0)
531 || !TEST_int_le(signature_len, signature_len0))
532 goto err;
533
534 /* Test using a private key of zero fails - this causes an infinite loop without the retry test */
535 if (!TEST_true(DSA_set0_key(dsa, NULL, badpriv)))
536 goto err;
537 badpriv = NULL;
538 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
539 goto err;
540
541 /* Restore private and set a bad q - this caused an infinite loop in the setup */
542 if (!TEST_true(DSA_set0_key(dsa, NULL, priv2)))
543 goto err;
544 priv2 = NULL;
545 if (!TEST_true(DSA_set0_pqg(dsa, NULL, badq, NULL)))
546 goto err;
547 badq = NULL;
548 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
549 goto err;
550
551 ret = 1;
552 err:
553 BN_free(badq);
554 BN_free(badpriv);
555 BN_free(pub);
556 BN_free(priv);
557 BN_free(priv2);
558 BN_free(g);
559 BN_free(q);
560 BN_free(p);
561 DSA_free(dsa);
562 return ret;
563 }
564
test_dsa_sig_neg_param(void)565 static int test_dsa_sig_neg_param(void)
566 {
567 int ret = 0, setpqg = 0;
568 DSA *dsa = NULL;
569 BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL;
570 const unsigned char msg[] = { 0x00 };
571 unsigned int signature_len;
572 unsigned char signature[64];
573
574 static unsigned char out_priv[] = {
575 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98,
576 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4,
577 0xf8, 0x0f, 0x7f, 0x12
578 };
579 static unsigned char out_pub[] = {
580 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60,
581 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60,
582 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50,
583 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b,
584 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf,
585 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38,
586 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6,
587 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3
588 };
589 if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL))
590 || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL))
591 || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL))
592 || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL))
593 || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL))
594 || !TEST_ptr(dsa = DSA_new()))
595 goto err;
596
597 if (!TEST_true(DSA_set0_pqg(dsa, p, q, g)))
598 goto err;
599 setpqg = 1;
600
601 if (!TEST_true(DSA_set0_key(dsa, pub, priv)))
602 goto err;
603 pub = priv = NULL;
604
605 BN_set_negative(p, 1);
606 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
607 goto err;
608
609 BN_set_negative(p, 0);
610 BN_set_negative(q, 1);
611 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
612 goto err;
613
614 BN_set_negative(q, 0);
615 BN_set_negative(g, 1);
616 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
617 goto err;
618
619 BN_set_negative(p, 1);
620 BN_set_negative(q, 1);
621 BN_set_negative(g, 1);
622 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
623 goto err;
624
625 ret = 1;
626 err:
627 BN_free(pub);
628 BN_free(priv);
629
630 if (setpqg == 0) {
631 BN_free(g);
632 BN_free(q);
633 BN_free(p);
634 }
635 DSA_free(dsa);
636 return ret;
637 }
638
639 #endif /* OPENSSL_NO_DSA */
640
setup_tests(void)641 int setup_tests(void)
642 {
643 #ifndef OPENSSL_NO_DSA
644 ADD_TEST(dsa_test);
645 ADD_TEST(dsa_keygen_test);
646 ADD_TEST(test_dsa_sig_infinite_loop);
647 ADD_TEST(test_dsa_sig_neg_param);
648 ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2);
649 #endif
650 return 1;
651 }
652