2
0

bndiv.c 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. /*
  2. * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL licenses, (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. * https://www.openssl.org/source/license.html
  8. * or in the file LICENSE in the source distribution.
  9. */
  10. /*
  11. * Confirm that if (d, r) = a / b, then b * d + r == a, and that sign(d) ==
  12. * sign(a), and 0 <= r <= b
  13. */
  14. #include <stdio.h>
  15. #include <openssl/bn.h>
  16. #include "fuzzer.h"
  17. int FuzzerInitialize(int *argc, char ***argv) {
  18. return 1;
  19. }
  20. int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
  21. static BN_CTX *ctx;
  22. static BIGNUM *b1;
  23. static BIGNUM *b2;
  24. static BIGNUM *b3;
  25. static BIGNUM *b4;
  26. static BIGNUM *b5;
  27. int success = 0;
  28. size_t l1 = 0, l2 = 0;
  29. /* s1 and s2 will be the signs for b1 and b2. */
  30. int s1 = 0, s2 = 0;
  31. if (ctx == NULL) {
  32. b1 = BN_new();
  33. b2 = BN_new();
  34. b3 = BN_new();
  35. b4 = BN_new();
  36. b5 = BN_new();
  37. ctx = BN_CTX_new();
  38. }
  39. /* We are going to split the buffer in two, sizes l1 and l2, giving b1 and
  40. * b2.
  41. */
  42. if (len > 0) {
  43. --len;
  44. /* Use first byte to divide the remaining buffer into 3Fths. I admit
  45. * this disallows some number sizes. If it matters, better ideas are
  46. * welcome (Ben).
  47. */
  48. l1 = ((buf[0] & 0x3f) * len) / 0x3f;
  49. s1 = buf[0] & 0x40;
  50. s2 = buf[0] & 0x80;
  51. ++buf;
  52. l2 = len - l1;
  53. }
  54. OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1);
  55. BN_set_negative(b1, s1);
  56. OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2);
  57. BN_set_negative(b2, s2);
  58. /* divide by 0 is an error */
  59. if (BN_is_zero(b2)) {
  60. success = 1;
  61. goto done;
  62. }
  63. OPENSSL_assert(BN_div(b3, b4, b1, b2, ctx));
  64. if (BN_is_zero(b1))
  65. success = BN_is_zero(b3) && BN_is_zero(b4);
  66. else if (BN_is_negative(b1))
  67. success = (BN_is_negative(b3) != BN_is_negative(b2) || BN_is_zero(b3))
  68. && (BN_is_negative(b4) || BN_is_zero(b4));
  69. else
  70. success = (BN_is_negative(b3) == BN_is_negative(b2) || BN_is_zero(b3))
  71. && (!BN_is_negative(b4) || BN_is_zero(b4));
  72. OPENSSL_assert(BN_mul(b5, b3, b2, ctx));
  73. OPENSSL_assert(BN_add(b5, b5, b4));
  74. success = success && BN_cmp(b5, b1) == 0;
  75. if (!success) {
  76. BN_print_fp(stdout, b1);
  77. putchar('\n');
  78. BN_print_fp(stdout, b2);
  79. putchar('\n');
  80. BN_print_fp(stdout, b3);
  81. putchar('\n');
  82. BN_print_fp(stdout, b4);
  83. putchar('\n');
  84. BN_print_fp(stdout, b5);
  85. putchar('\n');
  86. printf("%d %d %d %d %d %d %d\n", BN_is_negative(b1),
  87. BN_is_negative(b2),
  88. BN_is_negative(b3), BN_is_negative(b4), BN_is_zero(b4),
  89. BN_is_negative(b3) != BN_is_negative(b2)
  90. && (BN_is_negative(b4) || BN_is_zero(b4)),
  91. BN_cmp(b5, b1));
  92. puts("----\n");
  93. }
  94. done:
  95. OPENSSL_assert(success);
  96. return 0;
  97. }