1 /* 2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * DSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <stdio.h> 17 #include <stdlib.h> 18 #include <string.h> 19 #include <sys/types.h> 20 #include <sys/stat.h> 21 22 #include <openssl/crypto.h> 23 #include <openssl/rand.h> 24 #include <openssl/bn.h> 25 #include <openssl/dsa.h> 26 #include <openssl/evp.h> 27 #include <openssl/core_names.h> 28 29 #include "testutil.h" 30 #include "internal/nelem.h" 31 32 #ifndef OPENSSL_NO_DSA 33 static int dsa_cb(int p, int n, BN_GENCB *arg); 34 35 static unsigned char out_p[] = { 36 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, 37 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, 38 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, 39 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, 40 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, 41 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, 42 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, 43 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, 44 }; 45 static unsigned char out_q[] = { 46 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, 47 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, 48 0xda, 0xce, 0x91, 0x5f, 49 }; 50 static unsigned char out_g[] = { 51 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, 52 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, 53 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, 54 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, 55 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, 56 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, 57 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, 58 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, 59 }; 60 61 static int dsa_test(void) 62 { 63 BN_GENCB *cb; 64 DSA *dsa = NULL; 65 int counter, ret = 0, i, j; 66 unsigned char buf[256]; 67 unsigned long h; 68 unsigned char sig[256]; 69 unsigned int siglen; 70 const BIGNUM *p = NULL, *q = NULL, *g = NULL; 71 /* 72 * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS 73 * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 74 */ 75 static unsigned char seed[20] = { 76 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 77 0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24, 78 0xe0, 0x42, 0x7d, 0xd3, 79 }; 80 static const unsigned char str1[] = "12345678901234567890"; 81 82 if (!TEST_ptr(cb = BN_GENCB_new())) 83 goto end; 84 85 BN_GENCB_set(cb, dsa_cb, NULL); 86 if (!TEST_ptr(dsa = DSA_new()) 87 || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, 88 &counter, &h, cb))) 89 goto end; 90 91 if (!TEST_int_eq(counter, 105)) 92 goto end; 93 if (!TEST_int_eq(h, 2)) 94 goto end; 95 96 DSA_get0_pqg(dsa, &p, &q, &g); 97 i = BN_bn2bin(q, buf); 98 j = sizeof(out_q); 99 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i)) 100 goto end; 101 102 i = BN_bn2bin(p, buf); 103 j = sizeof(out_p); 104 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i)) 105 goto end; 106 107 i = BN_bn2bin(g, buf); 108 j = sizeof(out_g); 109 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) 110 goto end; 111 112 if (!TEST_true(DSA_generate_key(dsa))) 113 goto end; 114 if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa))) 115 goto end; 116 if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) 117 ret = 1; 118 end: 119 DSA_free(dsa); 120 BN_GENCB_free(cb); 121 return ret; 122 } 123 124 static int dsa_cb(int p, int n, BN_GENCB *arg) 125 { 126 static int ok = 0, num = 0; 127 128 if (p == 0) 129 num++; 130 if (p == 2) 131 ok++; 132 133 if (!ok && (p == 0) && (num > 1)) { 134 TEST_error("dsa_cb error"); 135 return 0; 136 } 137 return 1; 138 } 139 140 # define P 0 141 # define Q 1 142 # define G 2 143 # define SEED 3 144 # define PCOUNT 4 145 # define GINDEX 5 146 # define HCOUNT 6 147 # define GROUP 7 148 149 static int dsa_keygen_test(void) 150 { 151 int ret = 0; 152 EVP_PKEY *param_key = NULL, *key = NULL; 153 EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL; 154 BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL; 155 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL; 156 int gindex_out = 0, pcount_out = 0, hcount_out = 0; 157 unsigned char seed_out[32]; 158 char group_out[32]; 159 size_t len = 0; 160 const OSSL_PARAM *settables = NULL; 161 static const unsigned char seed_data[] = { 162 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68, 163 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35, 164 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44, 165 0x7b, 0x2a, 0xc7, 0x29 166 }; 167 static const unsigned char expected_p[]= { 168 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55, 169 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc, 170 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8, 171 0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd, 172 0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8, 173 0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4, 174 0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea, 175 0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53, 176 0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b, 177 0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd, 178 0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88, 179 0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3, 180 0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95, 181 0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14, 182 0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd, 183 0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15, 184 0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb, 185 0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23, 186 0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b, 187 0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77, 188 0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16, 189 0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73, 190 0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91, 191 0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70, 192 0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f, 193 0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f, 194 0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3, 195 0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d, 196 0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71, 197 0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79, 198 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2, 199 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb 200 }; 201 static const unsigned char expected_q[]= { 202 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a, 203 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b, 204 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69, 205 0xe2, 0x56, 0xae, 0xd7 206 }; 207 static const unsigned char expected_g[]= { 208 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f, 209 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f, 210 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2, 211 0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76, 212 0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e, 213 0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6, 214 0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda, 215 0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7, 216 0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff, 217 0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3, 218 0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90, 219 0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e, 220 0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31, 221 0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd, 222 0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65, 223 0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62, 224 0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec, 225 0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0, 226 0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1, 227 0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39, 228 0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64, 229 0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69, 230 0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb, 231 0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab, 232 0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00, 233 0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe, 234 0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70, 235 0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08, 236 0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3, 237 0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89, 238 0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c, 239 0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46 240 }; 241 int expected_c = 1316; 242 int expected_h = 2; 243 244 if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL)) 245 || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL)) 246 || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL))) 247 goto end; 248 if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) 249 || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0) 250 || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx)) 251 || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx)) 252 || !TEST_ptr(OSSL_PARAM_locate_const(settables, 253 OSSL_PKEY_PARAM_FFC_PBITS)) 254 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4")) 255 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048)) 256 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224)) 257 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data, 258 sizeof(seed_data))) 259 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256", 260 "")) 261 || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, ¶m_key), 0) 262 || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL)) 263 || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0) 264 || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0)) 265 goto end; 266 267 if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out)) 268 || !TEST_BN_eq(p_in, p_out) 269 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out)) 270 || !TEST_BN_eq(q_in, q_out) 271 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out)) 272 || !TEST_BN_eq(g_in, g_out) 273 || !TEST_true(EVP_PKEY_get_octet_string_param( 274 key, OSSL_PKEY_PARAM_FFC_SEED, seed_out, 275 sizeof(seed_out), &len)) 276 || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data)) 277 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX, 278 &gindex_out)) 279 || !TEST_int_eq(gindex_out, -1) 280 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H, 281 &hcount_out)) 282 || !TEST_int_eq(hcount_out, expected_h) 283 || !TEST_true(EVP_PKEY_get_int_param(key, 284 OSSL_PKEY_PARAM_FFC_PCOUNTER, 285 &pcount_out)) 286 || !TEST_int_eq(pcount_out, expected_c) 287 || !TEST_false(EVP_PKEY_get_utf8_string_param(key, 288 OSSL_PKEY_PARAM_GROUP_NAME, 289 group_out, 290 sizeof(group_out), &len))) 291 goto end; 292 ret = 1; 293 end: 294 BN_free(p_in); 295 BN_free(q_in); 296 BN_free(g_in); 297 BN_free(p_out); 298 BN_free(q_out); 299 BN_free(g_out); 300 EVP_PKEY_free(param_key); 301 EVP_PKEY_free(key); 302 EVP_PKEY_CTX_free(kg_ctx); 303 EVP_PKEY_CTX_free(pg_ctx); 304 return ret; 305 } 306 307 static int test_dsa_default_paramgen_validate(int i) 308 { 309 int ret; 310 EVP_PKEY_CTX *gen_ctx = NULL; 311 EVP_PKEY_CTX *check_ctx = NULL; 312 EVP_PKEY *params = NULL; 313 314 ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) 315 && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0) 316 && (i == 0 317 || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512))) 318 && TEST_int_gt(EVP_PKEY_generate(gen_ctx, ¶ms), 0) 319 && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL)) 320 && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0); 321 322 EVP_PKEY_free(params); 323 EVP_PKEY_CTX_free(check_ctx); 324 EVP_PKEY_CTX_free(gen_ctx); 325 return ret; 326 } 327 328 static int test_dsa_sig_infinite_loop(void) 329 { 330 int ret = 0; 331 DSA *dsa = NULL; 332 BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL; 333 BIGNUM *badq = NULL, *badpriv = NULL; 334 const unsigned char msg[] = { 0x00 }; 335 unsigned int signature_len0; 336 unsigned int signature_len; 337 unsigned char signature[64]; 338 339 static unsigned char out_priv[] = { 340 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98, 341 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4, 342 0xf8, 0x0f, 0x7f, 0x12 343 }; 344 static unsigned char out_pub[] = { 345 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60, 346 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60, 347 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50, 348 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b, 349 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf, 350 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38, 351 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6, 352 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3 353 }; 354 if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL)) 355 || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL)) 356 || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL)) 357 || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL)) 358 || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL)) 359 || !TEST_ptr(priv2 = BN_dup(priv)) 360 || !TEST_ptr(badq = BN_new()) 361 || !TEST_true(BN_set_word(badq, 1)) 362 || !TEST_ptr(badpriv = BN_new()) 363 || !TEST_true(BN_set_word(badpriv, 0)) 364 || !TEST_ptr(dsa = DSA_new())) 365 goto err; 366 367 if (!TEST_true(DSA_set0_pqg(dsa, p, q, g))) 368 goto err; 369 p = q = g = NULL; 370 371 if (!TEST_true(DSA_set0_key(dsa, pub, priv))) 372 goto err; 373 pub = priv = NULL; 374 375 if (!TEST_int_le(DSA_size(dsa), sizeof(signature))) 376 goto err; 377 378 /* Test passing signature as NULL */ 379 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa)) 380 || !TEST_int_gt(signature_len0, 0)) 381 goto err; 382 383 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)) 384 || !TEST_int_gt(signature_len, 0) 385 || !TEST_int_le(signature_len, signature_len0)) 386 goto err; 387 388 /* Test using a private key of zero fails - this causes an infinite loop without the retry test */ 389 if (!TEST_true(DSA_set0_key(dsa, NULL, badpriv))) 390 goto err; 391 badpriv = NULL; 392 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 393 goto err; 394 395 /* Restore private and set a bad q - this caused an infinite loop in the setup */ 396 if (!TEST_true(DSA_set0_key(dsa, NULL, priv2))) 397 goto err; 398 priv2 = NULL; 399 if (!TEST_true(DSA_set0_pqg(dsa, NULL, badq, NULL))) 400 goto err; 401 badq = NULL; 402 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 403 goto err; 404 405 ret = 1; 406 err: 407 BN_free(badq); 408 BN_free(badpriv); 409 BN_free(pub); 410 BN_free(priv); 411 BN_free(priv2); 412 BN_free(g); 413 BN_free(q); 414 BN_free(p); 415 DSA_free(dsa); 416 return ret; 417 } 418 419 static int test_dsa_sig_neg_param(void) 420 { 421 int ret = 0, setpqg = 0; 422 DSA *dsa = NULL; 423 BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL; 424 const unsigned char msg[] = { 0x00 }; 425 unsigned int signature_len; 426 unsigned char signature[64]; 427 428 static unsigned char out_priv[] = { 429 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98, 430 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4, 431 0xf8, 0x0f, 0x7f, 0x12 432 }; 433 static unsigned char out_pub[] = { 434 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60, 435 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60, 436 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50, 437 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b, 438 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf, 439 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38, 440 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6, 441 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3 442 }; 443 if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL)) 444 || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL)) 445 || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL)) 446 || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL)) 447 || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL)) 448 || !TEST_ptr(dsa = DSA_new())) 449 goto err; 450 451 if (!TEST_true(DSA_set0_pqg(dsa, p, q, g))) 452 goto err; 453 setpqg = 1; 454 455 if (!TEST_true(DSA_set0_key(dsa, pub, priv))) 456 goto err; 457 pub = priv = NULL; 458 459 BN_set_negative(p, 1); 460 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 461 goto err; 462 463 BN_set_negative(p, 0); 464 BN_set_negative(q, 1); 465 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 466 goto err; 467 468 BN_set_negative(q, 0); 469 BN_set_negative(g, 1); 470 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 471 goto err; 472 473 BN_set_negative(p, 1); 474 BN_set_negative(q, 1); 475 BN_set_negative(g, 1); 476 if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 477 goto err; 478 479 ret = 1; 480 err: 481 BN_free(pub); 482 BN_free(priv); 483 484 if (setpqg == 0) { 485 BN_free(g); 486 BN_free(q); 487 BN_free(p); 488 } 489 DSA_free(dsa); 490 return ret; 491 } 492 493 #endif /* OPENSSL_NO_DSA */ 494 495 int setup_tests(void) 496 { 497 #ifndef OPENSSL_NO_DSA 498 ADD_TEST(dsa_test); 499 ADD_TEST(dsa_keygen_test); 500 ADD_TEST(test_dsa_sig_infinite_loop); 501 ADD_TEST(test_dsa_sig_neg_param); 502 ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2); 503 #endif 504 return 1; 505 } 506