1 /* 2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * DSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <stdio.h> 17 #include <stdlib.h> 18 #include <string.h> 19 #include <sys/types.h> 20 #include <sys/stat.h> 21 22 #include <openssl/crypto.h> 23 #include <openssl/rand.h> 24 #include <openssl/bn.h> 25 #include <openssl/dsa.h> 26 #include <openssl/evp.h> 27 #include <openssl/core_names.h> 28 29 #include "testutil.h" 30 #include "internal/nelem.h" 31 32 #ifndef OPENSSL_NO_DSA 33 static int dsa_cb(int p, int n, BN_GENCB *arg); 34 35 static unsigned char out_p[] = { 36 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, 37 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, 38 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, 39 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, 40 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, 41 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, 42 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, 43 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, 44 }; 45 static unsigned char out_q[] = { 46 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, 47 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, 48 0xda, 0xce, 0x91, 0x5f, 49 }; 50 static unsigned char out_g[] = { 51 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, 52 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, 53 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, 54 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, 55 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, 56 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, 57 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, 58 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, 59 }; 60 61 static int dsa_test(void) 62 { 63 BN_GENCB *cb; 64 DSA *dsa = NULL; 65 int counter, ret = 0, i, j; 66 unsigned char buf[256]; 67 unsigned long h; 68 unsigned char sig[256]; 69 unsigned int siglen; 70 const BIGNUM *p = NULL, *q = NULL, *g = NULL; 71 /* 72 * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS 73 * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 74 */ 75 static unsigned char seed[20] = { 76 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 77 0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24, 78 0xe0, 0x42, 0x7d, 0xd3, 79 }; 80 static const unsigned char str1[] = "12345678901234567890"; 81 82 if (!TEST_ptr(cb = BN_GENCB_new())) 83 goto end; 84 85 BN_GENCB_set(cb, dsa_cb, NULL); 86 if (!TEST_ptr(dsa = DSA_new()) 87 || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, 88 &counter, &h, cb))) 89 goto end; 90 91 if (!TEST_int_eq(counter, 105)) 92 goto end; 93 if (!TEST_int_eq(h, 2)) 94 goto end; 95 96 DSA_get0_pqg(dsa, &p, &q, &g); 97 i = BN_bn2bin(q, buf); 98 j = sizeof(out_q); 99 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i)) 100 goto end; 101 102 i = BN_bn2bin(p, buf); 103 j = sizeof(out_p); 104 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i)) 105 goto end; 106 107 i = BN_bn2bin(g, buf); 108 j = sizeof(out_g); 109 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) 110 goto end; 111 112 if (!TEST_true(DSA_generate_key(dsa))) 113 goto end; 114 if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa))) 115 goto end; 116 if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) 117 ret = 1; 118 end: 119 DSA_free(dsa); 120 BN_GENCB_free(cb); 121 return ret; 122 } 123 124 static int dsa_cb(int p, int n, BN_GENCB *arg) 125 { 126 static int ok = 0, num = 0; 127 128 if (p == 0) 129 num++; 130 if (p == 2) 131 ok++; 132 133 if (!ok && (p == 0) && (num > 1)) { 134 TEST_error("dsa_cb error"); 135 return 0; 136 } 137 return 1; 138 } 139 140 # define P 0 141 # define Q 1 142 # define G 2 143 # define SEED 3 144 # define PCOUNT 4 145 # define GINDEX 5 146 # define HCOUNT 6 147 # define GROUP 7 148 149 static int dsa_keygen_test(void) 150 { 151 int ret = 0; 152 EVP_PKEY *param_key = NULL, *key = NULL; 153 EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL; 154 BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL; 155 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL; 156 int gindex_out = 0, pcount_out = 0, hcount_out = 0; 157 unsigned char seed_out[32]; 158 char group_out[32]; 159 size_t len = 0; 160 const OSSL_PARAM *settables = NULL; 161 static const unsigned char seed_data[] = { 162 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68, 163 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35, 164 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44, 165 0x7b, 0x2a, 0xc7, 0x29 166 }; 167 static const unsigned char expected_p[]= { 168 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55, 169 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc, 170 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8, 171 0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd, 172 0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8, 173 0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4, 174 0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea, 175 0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53, 176 0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b, 177 0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd, 178 0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88, 179 0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3, 180 0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95, 181 0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14, 182 0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd, 183 0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15, 184 0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb, 185 0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23, 186 0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b, 187 0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77, 188 0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16, 189 0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73, 190 0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91, 191 0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70, 192 0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f, 193 0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f, 194 0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3, 195 0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d, 196 0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71, 197 0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79, 198 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2, 199 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb 200 }; 201 static const unsigned char expected_q[]= { 202 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a, 203 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b, 204 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69, 205 0xe2, 0x56, 0xae, 0xd7 206 }; 207 static const unsigned char expected_g[]= { 208 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f, 209 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f, 210 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2, 211 0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76, 212 0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e, 213 0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6, 214 0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda, 215 0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7, 216 0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff, 217 0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3, 218 0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90, 219 0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e, 220 0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31, 221 0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd, 222 0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65, 223 0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62, 224 0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec, 225 0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0, 226 0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1, 227 0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39, 228 0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64, 229 0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69, 230 0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb, 231 0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab, 232 0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00, 233 0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe, 234 0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70, 235 0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08, 236 0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3, 237 0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89, 238 0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c, 239 0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46 240 }; 241 int expected_c = 1316; 242 int expected_h = 2; 243 244 if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL)) 245 || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL)) 246 || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL))) 247 goto end; 248 if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) 249 || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0) 250 || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx)) 251 || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx)) 252 || !TEST_ptr(OSSL_PARAM_locate_const(settables, 253 OSSL_PKEY_PARAM_FFC_PBITS)) 254 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4")) 255 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048)) 256 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224)) 257 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data, 258 sizeof(seed_data))) 259 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256", 260 "")) 261 || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, ¶m_key), 0) 262 || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL)) 263 || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0) 264 || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0)) 265 goto end; 266 267 if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out)) 268 || !TEST_BN_eq(p_in, p_out) 269 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out)) 270 || !TEST_BN_eq(q_in, q_out) 271 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out)) 272 || !TEST_BN_eq(g_in, g_out) 273 || !TEST_true(EVP_PKEY_get_octet_string_param( 274 key, OSSL_PKEY_PARAM_FFC_SEED, seed_out, 275 sizeof(seed_out), &len)) 276 || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data)) 277 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX, 278 &gindex_out)) 279 || !TEST_int_eq(gindex_out, -1) 280 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H, 281 &hcount_out)) 282 || !TEST_int_eq(hcount_out, expected_h) 283 || !TEST_true(EVP_PKEY_get_int_param(key, 284 OSSL_PKEY_PARAM_FFC_PCOUNTER, 285 &pcount_out)) 286 || !TEST_int_eq(pcount_out, expected_c) 287 || !TEST_false(EVP_PKEY_get_utf8_string_param(key, 288 OSSL_PKEY_PARAM_GROUP_NAME, 289 group_out, 290 sizeof(group_out), &len))) 291 goto end; 292 ret = 1; 293 end: 294 BN_free(p_in); 295 BN_free(q_in); 296 BN_free(g_in); 297 BN_free(p_out); 298 BN_free(q_out); 299 BN_free(g_out); 300 EVP_PKEY_free(param_key); 301 EVP_PKEY_free(key); 302 EVP_PKEY_CTX_free(kg_ctx); 303 EVP_PKEY_CTX_free(pg_ctx); 304 return ret; 305 } 306 307 static int test_dsa_default_paramgen_validate(int i) 308 { 309 int ret; 310 EVP_PKEY_CTX *gen_ctx = NULL; 311 EVP_PKEY_CTX *check_ctx = NULL; 312 EVP_PKEY *params = NULL; 313 314 ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) 315 && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0) 316 && (i == 0 317 || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512))) 318 && TEST_int_gt(EVP_PKEY_generate(gen_ctx, ¶ms), 0) 319 && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL)) 320 && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0); 321 322 EVP_PKEY_free(params); 323 EVP_PKEY_CTX_free(check_ctx); 324 EVP_PKEY_CTX_free(gen_ctx); 325 return ret; 326 } 327 328 static int test_dsa_sig_infinite_loop(void) 329 { 330 int ret = 0; 331 DSA *dsa = NULL; 332 BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL; 333 BIGNUM *badq = NULL, *badpriv = NULL; 334 const unsigned char msg[] = { 0x00 }; 335 unsigned int signature_len; 336 unsigned char signature[64]; 337 338 static unsigned char out_priv[] = { 339 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98, 340 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4, 341 0xf8, 0x0f, 0x7f, 0x12 342 }; 343 static unsigned char out_pub[] = { 344 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60, 345 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60, 346 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50, 347 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b, 348 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf, 349 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38, 350 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6, 351 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3 352 }; 353 if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL)) 354 || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL)) 355 || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL)) 356 || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL)) 357 || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL)) 358 || !TEST_ptr(priv2 = BN_dup(priv)) 359 || !TEST_ptr(badq = BN_new()) 360 || !TEST_true(BN_set_word(badq, 1)) 361 || !TEST_ptr(badpriv = BN_new()) 362 || !TEST_true(BN_set_word(badpriv, 0)) 363 || !TEST_ptr(dsa = DSA_new())) 364 goto err; 365 366 if (!TEST_true(DSA_set0_pqg(dsa, p, q, g))) 367 goto err; 368 p = q = g = NULL; 369 370 if (!TEST_true(DSA_set0_key(dsa, pub, priv))) 371 goto err; 372 pub = priv = NULL; 373 374 if (!TEST_int_le(DSA_size(dsa), sizeof(signature))) 375 goto err; 376 377 /* Test passing signature as NULL */ 378 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len, dsa))) 379 goto err; 380 381 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 382 goto err; 383 384 /* Test using a private key of zero fails - this causes an infinite loop without the retry test */ 385 if (!TEST_true(DSA_set0_key(dsa, NULL, badpriv))) 386 goto err; 387 badpriv = NULL; 388 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 389 goto err; 390 391 /* Restore private and set a bad q - this caused an infinite loop in the setup */ 392 if (!TEST_true(DSA_set0_key(dsa, NULL, priv2))) 393 goto err; 394 priv2 = NULL; 395 if (!TEST_true(DSA_set0_pqg(dsa, NULL, badq, NULL))) 396 goto err; 397 badq = NULL; 398 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 399 goto err; 400 401 ret = 1; 402 err: 403 BN_free(badq); 404 BN_free(badpriv); 405 BN_free(pub); 406 BN_free(priv); 407 BN_free(priv2); 408 BN_free(g); 409 BN_free(q); 410 BN_free(p); 411 DSA_free(dsa); 412 return ret; 413 } 414 415 static int test_dsa_sig_neg_param(void) 416 { 417 int ret = 0, setpqg = 0; 418 DSA *dsa = NULL; 419 BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL; 420 const unsigned char msg[] = { 0x00 }; 421 unsigned int signature_len; 422 unsigned char signature[64]; 423 424 static unsigned char out_priv[] = { 425 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98, 426 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4, 427 0xf8, 0x0f, 0x7f, 0x12 428 }; 429 static unsigned char out_pub[] = { 430 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60, 431 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60, 432 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50, 433 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b, 434 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf, 435 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38, 436 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6, 437 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3 438 }; 439 if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL)) 440 || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL)) 441 || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL)) 442 || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL)) 443 || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL)) 444 || !TEST_ptr(dsa = DSA_new())) 445 goto err; 446 447 if (!TEST_true(DSA_set0_pqg(dsa, p, q, g))) 448 goto err; 449 setpqg = 1; 450 451 if (!TEST_true(DSA_set0_key(dsa, pub, priv))) 452 goto err; 453 pub = priv = NULL; 454 455 BN_set_negative(p, 1); 456 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 457 goto err; 458 459 BN_set_negative(p, 0); 460 BN_set_negative(q, 1); 461 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 462 goto err; 463 464 BN_set_negative(q, 0); 465 BN_set_negative(g, 1); 466 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 467 goto err; 468 469 BN_set_negative(p, 1); 470 BN_set_negative(q, 1); 471 BN_set_negative(g, 1); 472 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 473 goto err; 474 475 ret = 1; 476 err: 477 BN_free(pub); 478 BN_free(priv); 479 480 if (setpqg == 0) { 481 BN_free(g); 482 BN_free(q); 483 BN_free(p); 484 } 485 DSA_free(dsa); 486 return ret; 487 } 488 489 #endif /* OPENSSL_NO_DSA */ 490 491 int setup_tests(void) 492 { 493 #ifndef OPENSSL_NO_DSA 494 ADD_TEST(dsa_test); 495 ADD_TEST(dsa_keygen_test); 496 ADD_TEST(test_dsa_sig_infinite_loop); 497 ADD_TEST(test_dsa_sig_neg_param); 498 ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2); 499 #endif 500 return 1; 501 } 502