Coverage Report

Created: 2020-02-14 15:38

/src/botan/src/fuzzer/barrett.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* (C) 2018 Jack Lloyd
3
*
4
* Botan is released under the Simplified BSD License (see license.txt)
5
*/
6
7
#include "fuzzers.h"
8
#include <botan/numthry.h>
9
#include <botan/reducer.h>
10
11
void fuzz(const uint8_t in[], size_t len)
12
785
   {
13
785
   static const size_t max_bits = 2048;
14
785
15
785
   if(len <= 1 || len % 3 != 1)
16
30
      return;
17
755
18
755
   const size_t part_size = len / 3;
19
755
20
755
   if(part_size * 8 > max_bits)
21
5
      return;
22
750
23
750
   uint8_t flags = in[0];
24
750
   Botan::BigInt x = Botan::BigInt::decode(in + 1, part_size * 2);
25
750
   const Botan::BigInt p = Botan::BigInt::decode(in + 1 + part_size * 2, part_size);
26
750
27
750
   if(p.is_zero())
28
2
      return;
29
748
30
748
   if(flags & 1)
31
393
      x.flip_sign();
32
748
33
748
   const Botan::BigInt ref = x % p;
34
748
35
748
   const Botan::Modular_Reducer mod_p(p);
36
748
   const Botan::BigInt z = mod_p.reduce(x);
37
748
38
748
   if(ref != z)
39
0
      {
40
0
      FUZZER_WRITE_AND_CRASH("X = " << x << "\n"
41
0
                             << "P = " << p << "\n"
42
0
                             << "Z = " << z << "\n"
43
0
                             << "R = " << ref << "\n");
44
0
      }
45
748
   }