Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
arm_cpuinfo /src/boringssl/fuzz/arm_cpuinfo.cc 22 0 6 3 85 43 arm_cpuinfo.cc
der_roundtrip /src/boringssl/fuzz/der_roundtrip.cc 97 1980 9 17 816 386 der_roundtrip.cc
pkcs8 /src/boringssl/fuzz/pkcs8.cc 74 2013 8 13 654 328 pkcs8.cc
privkey /src/boringssl/fuzz/privkey.cc 533 1554 19 64 5109 2431 privkey.cc
pkcs8_lpm /src/fuzz_pkcs8.cc 202 2350 10 27 918 530 fuzz_pkcs8.cc
read_pem /src/boringssl/fuzz/read_pem.cc 57 2159 8 16 443 225 read_pem.cc
bn_div /src/boringssl/fuzz/bn_div.cc 106 1970 8 19 1019 516 bn_div.cc
spki /src/boringssl/fuzz/spki.cc 71 2016 8 13 610 308 spki.cc
bn_mod_exp /src/boringssl/fuzz/bn_mod_exp.cc 200 1880 11 24 2236 1053 bn_mod_exp.cc
pkcs12_lpm /src/fuzz_pkcs12.cc 411 3523 16 56 4000 1816 fuzz_pkcs12.cc
cert /src/boringssl/fuzz/cert.cc 443 3041 18 86 5576 2454 cert.cc
pkcs12 /src/boringssl/fuzz/pkcs12.cc 291 3189 15 43 3758 1644 pkcs12.cc
conf /src/boringssl/fuzz/conf.cc 391 3102 19 70 5156 2239 conf.cc
certs_lpm /src/fuzz_certs.cc 380 3548 19 62 3566 1615 fuzz_certs.cc
session /src/boringssl/fuzz/session.cc 196 5825 12 29 1749 1053 session.cc
decode_client_hello_inner /src/boringssl/fuzz/decode_client_hello_inner.cc 348 5759 11 39 1867 1073 decode_client_hello_inner.cc
server /src/boringssl/fuzz/server.cc 1943 4626 24 125 16509 8277 server.cc
dtls_server /src/boringssl/fuzz/dtls_server.cc 1943 4626 24 125 16509 8277 dtls_server.cc
dtls_client /src/boringssl/fuzz/dtls_client.cc 1943 4626 24 125 16509 8277 dtls_client.cc
client /src/boringssl/fuzz/client.cc 1943 4626 24 125 16509 8277 client.cc
ssl_ctx_api /src/boringssl/fuzz/ssl_ctx_api.cc 280 5873 10 31 1290 729 ssl_ctx_api.cc

Fuzzer details

Fuzzer: arm_cpuinfo

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 12 60.0%
gold [1:9] 7 35.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 1 5.0%
All colors 20 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
12 7 extract_cpuinfo_field(STRING_PIECE*, STRING_PIECE const*, char const*) call site: 00007 strlen

Runtime coverage analysis

Covered functions
6
Functions that are reachable but not covered
11
Reachable functions
22
Percentage of reachable functions covered
50.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/arm_cpuinfo.cc 1
/src/boringssl/fuzz/../crypto/cpu_arm_linux.h 7
/src/boringssl/fuzz/../crypto/internal.h 2

Fuzzer: der_roundtrip

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 30 15.3%
gold [1:9] 9 4.61%
yellow [10:29] 1 0.51%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 155 79.4%
All colors 195 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00067 /src/boringssl/crypto/mem.c:306
2 2 1 :

['OPENSSL_memory_alloc']

2 60 OPENSSL_malloc call site: 00030 /src/boringssl/crypto/mem.c:233
2 2 1 :

['__errno_location']

2 6 ERR_put_error call site: 00035 /src/boringssl/crypto/err/err.c:665
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00070 /src/boringssl/crypto/mem.c:276
2 2 1 :

['sdallocx']

2 2 OPENSSL_free call site: 00072 /src/boringssl/crypto/mem.c:292
0 73 1 :

['BN_new']

0 195 BN_bin2bn call site: 00142 /src/boringssl/crypto/fipsmodule/bn/bytes.c:90
0 18 1 :

['BN_free']

0 18 BN_bin2bn call site: 00143 /src/boringssl/crypto/fipsmodule/bn/bytes.c:104
0 0 None 24 26 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:176
0 0 None 24 26 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:209
0 0 None 24 26 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:215
0 0 None 24 24 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:254

Runtime coverage analysis

Covered functions
83
Functions that are reachable but not covered
18
Reachable functions
97
Percentage of reachable functions covered
81.44%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/der_roundtrip.cc 1
/src/boringssl/crypto/bytestring/cbs.c 16
/src/boringssl/include/openssl/base.h 3
/src/boringssl/crypto/bytestring/cbb.c 18
/src/boringssl/crypto/bytestring/../internal.h 3
/src/boringssl/crypto/mem.c 4
/src/boringssl/crypto/err/err.c 4
/src/boringssl/crypto/thread_pthread.c 3
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 1
/src/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c 4
/src/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c 2
/src/boringssl/crypto/fipsmodule/bn/bn.c 7
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 4
/src/boringssl/crypto/bn_extra/bn_asn1.c 2
/src/boringssl/crypto/fipsmodule/bn/bytes.c 5
/src/boringssl/crypto/bn_extra/convert.c 1

Fuzzer: pkcs8

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 28 22.0%
gold [1:9] 9 7.08%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 90 70.8%
All colors 127 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
140 356 2 :

['bn_mod_lshift1_consttime', 'BN_sub_word']

140 3069 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.c:155
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:604
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:910
84 176 4 :

['bn_from_montgomery_in_place', 'bn_mul_small', 'OPENSSL_cleanse', 'bn_sqr_small']

86 178 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:486
70 128 2 :

['ERR_add_error_dataf', 'ERR_put_error']

70 128 EVP_PKEY_set_type call site: 00071 /src/boringssl/crypto/evp/evp.c:343
63 237 2 :

['bn_sqr_recursive', 'bn_wexpand']

63 369 bn_sqr_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:694
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.c:212
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
4 74 2 :

['OPENSSL_malloc', 'align_pointer']

42 3160 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:989
2 2 1 :

['bn_sqr_comba8']

2 100 bn_sqr_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:691
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00111 /src/boringssl/crypto/mem.c:306
2 2 1 :

['OPENSSL_memory_alloc']

2 60 OPENSSL_malloc call site: 00063 /src/boringssl/crypto/mem.c:233

Runtime coverage analysis

Covered functions
474
Functions that are reachable but not covered
20
Reachable functions
74
Percentage of reachable functions covered
72.97%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/pkcs8.cc 1
/src/boringssl/crypto/bytestring/cbs.c 17
/src/boringssl/crypto/evp/evp_asn1.c 3
/src/boringssl/crypto/err/err.c 7
/src/boringssl/crypto/thread_pthread.c 3
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 3
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/crypto/evp/evp.c 5
/src/boringssl/crypto/mem.c 5
/src/boringssl/crypto/refcount.c 1
/src/boringssl/crypto/bytestring/cbb.c 9
/src/boringssl/crypto/bytestring/../internal.h 2

Fuzzer: privkey

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 574 37.5%
gold [1:9] 90 5.89%
yellow [10:29] 16 1.04%
greenyellow [30:49] 8 0.52%
lawngreen 50+ 839 54.9%
All colors 1527 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
140 356 2 :

['bn_mod_lshift1_consttime', 'BN_sub_word']

140 3069 BN_mod_sqrt call site: 00731 /src/boringssl/crypto/fipsmodule/bn/sqrt.c:155
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont call site: 00739 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:604
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:910
84 176 4 :

['bn_from_montgomery_in_place', 'bn_mul_small', 'OPENSSL_cleanse', 'bn_sqr_small']

86 178 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:486
70 128 2 :

['ERR_add_error_dataf', 'ERR_put_error']

70 128 EVP_PKEY_set_type call site: 00073 /src/boringssl/crypto/evp/evp.c:343
63 237 2 :

['bn_sqr_recursive', 'bn_wexpand']

63 369 bn_sqr_consttime call site: 00553 /src/boringssl/crypto/fipsmodule/bn/mul.c:694
38 40 6 :

['bn_mul_mont_gather5', 'OPENSSL_memcpy', 'bn_gather5', 'bn_power5', 'bn_mul_mont', 'bn_scatter5']

38 305 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:1039
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00454 /src/boringssl/crypto/ex_data.c:212
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
4 74 2 :

['OPENSSL_malloc', 'align_pointer']

42 3160 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:989
2 2 1 :

['bn_sqr_comba8']

2 100 bn_sqr_consttime call site: 00552 /src/boringssl/crypto/fipsmodule/bn/mul.c:691
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00246 /src/boringssl/crypto/mem.c:306

Runtime coverage analysis

Covered functions
431
Functions that are reachable but not covered
195
Reachable functions
533
Percentage of reachable functions covered
63.41%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/privkey.cc 1
/src/boringssl/crypto/evp/evp_asn1.c 6
/src/boringssl/crypto/err/err.c 9
/src/boringssl/crypto/thread_pthread.c 9
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 3
/src/boringssl/crypto/bytestring/cbs.c 20
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/crypto/evp/evp.c 9
/src/boringssl/crypto/mem.c 6
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/ec_extra/ec_asn1.c 5
/src/boringssl/crypto/fipsmodule/ec/ec.c 20
/src/boringssl/crypto/ec_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/bn/ctx.c 15
/src/boringssl/crypto/fipsmodule/bn/bytes.c 5
/src/boringssl/crypto/fipsmodule/bn/bn.c 22
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 24
/src/boringssl/crypto/fipsmodule/ec/felem.c 8
/src/boringssl/crypto/fipsmodule/bn/div.c 16
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c 8
/src/boringssl/crypto/fipsmodule/bn/montgomery.c 12
/src/boringssl/crypto/fipsmodule/bn/cmp.c 8
/src/boringssl/crypto/fipsmodule/bn/montgomery_inv.c 3
/src/boringssl/crypto/fipsmodule/bn/shift.c 8
/src/boringssl/crypto/stack/stack.c 3
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/fipsmodule/bn/add.c 7
/src/boringssl/crypto/fipsmodule/ec/simple.c 7
/src/boringssl/crypto/fipsmodule/ec/ec_key.c 8
/src/boringssl/crypto/engine/engine.c 4
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/include/openssl/stack.h 3
/src/boringssl/crypto/fipsmodule/ec/scalar.c 2
/src/boringssl/crypto/fipsmodule/ec/oct.c 4
/src/boringssl/crypto/fipsmodule/bn/mul.c 13
/src/boringssl/crypto/fipsmodule/bn/sqrt.c 1
/src/boringssl/crypto/fipsmodule/bn/exponentiation.c 2
/src/boringssl/crypto/fipsmodule/bn/random.c 2
/src/boringssl/crypto/fipsmodule/rand/rand.c 4
/src/boringssl/crypto/fipsmodule/rand/fork_detect.c 2
/src/boringssl/crypto/rand_extra/forkunsafe.c 1
/src/boringssl/crypto/rand_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../rand/internal.h 2
/src/boringssl/crypto/rand_extra/deterministic.c 2
/src/boringssl/crypto/rand_extra/../fipsmodule/rand/../modes/../../internal.h 2
/src/boringssl/crypto/chacha/chacha.c 1
/src/boringssl/crypto/chacha/../internal.h 3
/src/boringssl/crypto/fipsmodule/rand/ctrdrbg.c 6
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c 1
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h 2
/src/boringssl/crypto/fipsmodule/modes/gcm.c 5
/src/boringssl/crypto/fipsmodule/modes/gcm_nohw.c 5
/src/boringssl/crypto/fipsmodule/aes/aes_nohw.c 26
/src/boringssl/crypto/fipsmodule/bn/jacobi.c 1
/src/boringssl/crypto/fipsmodule/../../include/openssl/err.h 2
/src/boringssl/crypto/dsa/dsa_asn1.c 3
/src/boringssl/crypto/dsa/dsa.c 2
/src/boringssl/crypto/dsa/../internal.h 1
/src/boringssl/crypto/bn_extra/bn_asn1.c 1
/src/boringssl/crypto/rsa_extra/rsa_asn1.c 2
/src/boringssl/crypto/fipsmodule/rsa/rsa.c 6
/src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c 4
/src/boringssl/crypto/fipsmodule/rsa/blinding.c 1

Fuzzer: pkcs8_lpm

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 39 16.2%
gold [1:9] 9 3.75%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 192 80.0%
All colors 240 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
140 356 2 :

['bn_mod_lshift1_consttime', 'BN_sub_word']

140 3069 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.c:155
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:604
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:910
84 176 4 :

['bn_from_montgomery_in_place', 'bn_mul_small', 'OPENSSL_cleanse', 'bn_sqr_small']

86 178 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:486
70 128 2 :

['ERR_add_error_dataf', 'ERR_put_error']

70 128 EVP_PKEY_set_type call site: 00134 /src/boringssl/crypto/evp/evp.c:343
63 237 2 :

['bn_sqr_recursive', 'bn_wexpand']

63 369 bn_sqr_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:694
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.c:212
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
12 17 2 :

['asn1_pdu::Length::_internal_set_indefinite_form(bool)', 'asn1_pdu::Length::_internal_indefinite_form() const']

20 25 asn1_pdu::Length::MergeImpl(google::protobuf::Message&,google::protobuf::Messageconst&) call site: 00000 /work/boringssl/genfiles/asn1_pdu.pb.cc:1476
9 35 7 :

['asn1_pdu::Length::clear_types()', 'google::protobuf::internal::ArenaStringPtr::InitDefault()', 'asn1_pdu::Length::types_case() const', 'asn1_pdu::Length::set_has_length_override()', 'void google::protobuf::internal::ArenaStringPtr::Set<>(std::__1::basic_string , std::__1::allocator > const&, google::protobuf::Arena*)', 'asn1_pdu::Length::_internal_length_override() const', 'google::protobuf::MessageLite::GetArenaForAllocation() const']

17 43 asn1_pdu::Length::MergeImpl(google::protobuf::Message&,google::protobuf::Messageconst&) call site: 00000 /work/boringssl/genfiles/asn1_pdu.pb.cc:1476
8 8 1 :

['google::protobuf::internal::RepeatedPtrFieldBase::MergeFromInternal(google::protobuf::internal::RepeatedPtrFieldBase const&, void (google::protobuf::internal::RepeatedPtrFieldBase::*)(void**, void**, int, int))']

8 8 voidgoogle::protobuf::internal::RepeatedPtrFieldBase::MergeFrom ::TypeHandler>(google::protobuf::internal::RepeatedPtrFieldBaseconst&) call site: 00000 /src/LPM/external.protobuf/include/google/protobuf/repeated_ptr_field.h:300
2 2 1 :

['bn_sqr_comba8']

2 100 bn_sqr_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:691

Runtime coverage analysis

Covered functions
632
Functions that are reachable but not covered
35
Reachable functions
202
Percentage of reachable functions covered
82.67%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/fuzz_pkcs8.cc 2
/work/boringssl/genfiles/asn1_pdu.pb.h 27
/work/boringssl/genfiles/asn1_pdu.pb.cc 13
/src/LPM/external.protobuf/include/google/protobuf/message.h 1
/src/LPM/external.protobuf/include/google/protobuf/message_lite.h 3
/src/LPM/external.protobuf/include/google/protobuf/metadata_lite.h 6
/src/LPM/external.protobuf/include/google/protobuf/generated_message_util.h 1
/src/asn1_pdu_to_der.h 2
/src/asn1_pdu_to_der.cc 9
/src/common.cc 3
/usr/local/bin/../include/c++/v1/math.h 1
/src/LPM/external.protobuf/include/google/protobuf/repeated_ptr_field.h 5
/src/LPM/external.protobuf/include/google/protobuf/explicitly_constructed.h 1
/src/LPM/external.protobuf/include/google/protobuf/arenastring.h 2
/src/boringssl/crypto/bytestring/cbs.c 17
/src/boringssl/crypto/evp/evp_asn1.c 3
/src/boringssl/crypto/err/err.c 7
/src/boringssl/crypto/thread_pthread.c 3
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 3
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/crypto/evp/evp.c 5
/src/boringssl/crypto/mem.c 5
/src/boringssl/crypto/refcount.c 1
/src/boringssl/include/openssl/base.h 3
/src/boringssl/crypto/bytestring/cbb.c 9
/src/boringssl/crypto/bytestring/../internal.h 2

Fuzzer: read_pem

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 20 16.6%
gold [1:9] 9 7.5%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 0.83%
lawngreen 50+ 90 75.0%
All colors 120 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00057 /src/boringssl/crypto/mem.c:306
2 2 1 :

['OPENSSL_memory_alloc']

2 60 OPENSSL_malloc call site: 00024 /src/boringssl/crypto/mem.c:233
2 2 1 :

['__errno_location']

2 6 ERR_put_error call site: 00004 /src/boringssl/crypto/err/err.c:665
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00030 /src/boringssl/crypto/mem.c:276
2 2 1 :

['sdallocx']

2 2 OPENSSL_free call site: 00032 /src/boringssl/crypto/mem.c:292
0 58 1 :

['ERR_put_error']

0 58 BIO_gets call site: 00046 /src/boringssl/crypto/bio/bio.c:147
0 0 None 24 26 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:176
0 0 None 24 26 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:209
0 0 None 24 26 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:215
0 0 None 24 24 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:254
0 0 None 4 4 mem_read call site: 00000 /src/boringssl/crypto/bio/bio_mem.c:140

Runtime coverage analysis

Covered functions
54
Functions that are reachable but not covered
17
Reachable functions
57
Percentage of reachable functions covered
70.18%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/read_pem.cc 1
/src/boringssl/crypto/bio/bio_mem.c 1
/src/boringssl/crypto/err/err.c 5
/src/boringssl/crypto/thread_pthread.c 3
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 3
/src/boringssl/crypto/bio/bio.c 4
/src/boringssl/crypto/mem.c 4
/src/boringssl/crypto/bio/../internal.h 1
/src/boringssl/crypto/pem/pem_lib.c 1
/src/boringssl/crypto/buf/buf.c 5
/src/boringssl/crypto/buf/../internal.h 1
/src/boringssl/crypto/pem/../internal.h 1
/src/boringssl/crypto/base64/base64.c 7
/src/boringssl/crypto/base64/../internal.h 5
/src/boringssl/crypto/refcount.c 1

Fuzzer: bn_div

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 54 20.8%
gold [1:9] 2 0.77%
yellow [10:29] 0 0.0%
greenyellow [30:49] 3 1.15%
lawngreen 50+ 200 77.2%
All colors 259 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
58 58 1 :

['ERR_put_error']

58 58 BN_lshift call site: 00114 /src/boringssl/crypto/fipsmodule/bn/shift.c:72
58 58 1 :

['ERR_put_error']

58 58 BN_rshift call site: 00132 /src/boringssl/crypto/fipsmodule/bn/shift.c:157
58 58 1 :

['ERR_put_error']

58 58 sk_insert call site: 00000 /src/boringssl/crypto/stack/stack.c:166
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
2 15 2 :

['OPENSSL_memory_get_size', 'OPENSSL_free']

2 85 OPENSSL_realloc call site: 00086 /src/boringssl/crypto/mem.c:301
2 2 1 :

['OPENSSL_memory_alloc']

60 60 OPENSSL_malloc call site: 00018 /src/boringssl/crypto/mem.c:233
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00048 /src/boringssl/crypto/mem.c:276
2 2 1 :

['sdallocx']

2 2 OPENSSL_free call site: 00050 /src/boringssl/crypto/mem.c:292
0 144 1 :

['BN_CTX_get']

0 868 BN_div call site: 00109 /src/boringssl/crypto/fipsmodule/bn/div.c:226
0 18 1 :

['BN_free']

0 18 BN_bin2bn call site: 00043 /src/boringssl/crypto/fipsmodule/bn/bytes.c:104
0 4 1 :

['bn_mul_comba8']

0 57 bn_mul_part_recursive call site: 00189 /src/boringssl/crypto/fipsmodule/bn/mul.c:346
0 3 1 :

['bn_fits_in_words']

116 209 bn_usub_consttime call site: 00242 /src/boringssl/crypto/fipsmodule/bn/add.c:230

Runtime coverage analysis

Covered functions
100
Functions that are reachable but not covered
23
Reachable functions
106
Percentage of reachable functions covered
78.3%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/bn_div.cc 1
/src/boringssl/crypto/bytestring/cbs.c 9
/src/boringssl/crypto/fipsmodule/bn/bytes.c 2
/src/boringssl/crypto/fipsmodule/bn/bn.c 12
/src/boringssl/crypto/mem.c 4
/src/boringssl/crypto/err/err.c 4
/src/boringssl/crypto/thread_pthread.c 3
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 11
/src/boringssl/crypto/fipsmodule/bn/cmp.c 4
/src/boringssl/crypto/fipsmodule/bn/ctx.c 11
/src/boringssl/crypto/fipsmodule/bn/div.c 2
/src/boringssl/crypto/stack/stack.c 2
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/fipsmodule/bn/shift.c 3
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c 5
/src/boringssl/crypto/fipsmodule/bn/mul.c 7
/src/boringssl/crypto/fipsmodule/bn/add.c 5

Fuzzer: spki

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 28 22.7%
gold [1:9] 9 7.31%
yellow [10:29] 1 0.81%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 85 69.1%
All colors 123 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1574 3276 14 :

['bn_div_consttime', 'bn_usub_consttime', 'BN_free', 'ERR_put_error', 'BN_num_bits', 'BN_init', 'BN_CTX_new', 'BN_cmp', 'BN_is_one', 'BN_value_one', 'bn_mul_consttime', 'BN_is_negative', 'BN_CTX_free', 'check_mod_inverse']

1574 3276 RSA_check_key call site: 00000 /src/boringssl/crypto/fipsmodule/rsa/rsa.c:816
185 331 4 :

['bn_mul_part_recursive', 'BN_num_bits_word', 'BN_CTX_get', 'bn_mul_recursive']

185 891 bn_mul_impl call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:455
140 356 2 :

['bn_mod_lshift1_consttime', 'BN_sub_word']

140 3069 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.c:155
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:604
84 176 4 :

['bn_from_montgomery_in_place', 'bn_mul_small', 'OPENSSL_cleanse', 'bn_sqr_small']

86 178 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:486
70 128 2 :

['ERR_add_error_dataf', 'ERR_put_error']

70 128 EVP_PKEY_set_type call site: 00066 /src/boringssl/crypto/evp/evp.c:343
63 237 2 :

['bn_sqr_recursive', 'bn_wexpand']

63 369 bn_sqr_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:694
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.c:212
28 106 3 :

['ec_felem_equal', 'BN_cmp', 'ec_GFp_simple_points_equal']

28 106 EC_GROUP_cmp call site: 00000 /src/boringssl/crypto/fipsmodule/ec/ec.c:587
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
2 2 1 :

['bn_mul_comba8']

2 187 bn_mul_impl call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:443
2 2 1 :

['bn_sqr_comba8']

2 100 bn_sqr_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:691

Runtime coverage analysis

Covered functions
359
Functions that are reachable but not covered
20
Reachable functions
71
Percentage of reachable functions covered
71.83%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/spki.cc 1
/src/boringssl/crypto/bytestring/cbs.c 14
/src/boringssl/crypto/evp/evp_asn1.c 3
/src/boringssl/crypto/err/err.c 7
/src/boringssl/crypto/thread_pthread.c 3
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 3
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/crypto/evp/evp.c 5
/src/boringssl/crypto/mem.c 5
/src/boringssl/crypto/refcount.c 1
/src/boringssl/crypto/bytestring/cbb.c 9
/src/boringssl/crypto/bytestring/../internal.h 2

Fuzzer: bn_mod_exp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 127 19.0%
gold [1:9] 3 0.45%
yellow [10:29] 3 0.45%
greenyellow [30:49] 1 0.15%
lawngreen 50+ 531 79.8%
All colors 665 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
58 61 2 :

['ERR_put_error', 'bn_fits_in_words']

58 65 bn_copy_words call site: 00630 /src/boringssl/crypto/fipsmodule/bn/bn.c:322
58 58 1 :

['ERR_put_error']

58 58 bn_resize_words call site: 00337 /src/boringssl/crypto/fipsmodule/bn/bn.c:398
58 58 1 :

['ERR_put_error']

58 58 BN_mod_exp_mont call site: 00273 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:598
58 58 1 :

['ERR_put_error']

58 58 BN_mod_exp_mont_consttime call site: 00545 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:901
58 58 1 :

['ERR_put_error']

58 58 bn_mont_ctx_set_N_and_n0 call site: 00298 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:181
58 58 1 :

['ERR_put_error']

58 58 BN_lshift call site: 00135 /src/boringssl/crypto/fipsmodule/bn/shift.c:72
58 58 1 :

['ERR_put_error']

58 58 BN_rshift call site: 00152 /src/boringssl/crypto/fipsmodule/bn/shift.c:157
58 58 1 :

['ERR_put_error']

58 58 sk_insert call site: 00000 /src/boringssl/crypto/stack/stack.c:166
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
2 2 1 :

['OPENSSL_memory_alloc']

60 60 OPENSSL_malloc call site: 00022 /src/boringssl/crypto/mem.c:233
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00108 /src/boringssl/crypto/mem.c:306
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00052 /src/boringssl/crypto/mem.c:276

Runtime coverage analysis

Covered functions
177
Functions that are reachable but not covered
37
Reachable functions
200
Percentage of reachable functions covered
81.5%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/bn_mod_exp.cc 2
/src/boringssl/crypto/bytestring/cbs.c 9
/src/boringssl/crypto/fipsmodule/bn/bytes.c 5
/src/boringssl/crypto/fipsmodule/bn/bn.c 20
/src/boringssl/crypto/mem.c 4
/src/boringssl/crypto/err/err.c 4
/src/boringssl/crypto/thread_pthread.c 3
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 18
/src/boringssl/crypto/fipsmodule/bn/cmp.c 7
/src/boringssl/crypto/fipsmodule/bn/ctx.c 15
/src/boringssl/crypto/fipsmodule/bn/div.c 11
/src/boringssl/crypto/stack/stack.c 2
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/fipsmodule/bn/shift.c 8
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c 8
/src/boringssl/crypto/fipsmodule/bn/mul.c 13
/src/boringssl/crypto/fipsmodule/bn/exponentiation.c 13
/src/boringssl/crypto/fipsmodule/bn/montgomery.c 13
/src/boringssl/crypto/fipsmodule/bn/montgomery_inv.c 3
/src/boringssl/crypto/fipsmodule/bn/add.c 4
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.h 1
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.c 1

Fuzzer: pkcs12_lpm

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 247 50.1%
gold [1:9] 13 2.63%
yellow [10:29] 1 0.20%
greenyellow [30:49] 2 0.40%
lawngreen 50+ 230 46.6%
All colors 493 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1085 1460 8 :

['CBS_get_asn1', 'PKCS12_handle_sequence', 'CBS_get_asn1_uint64', 'strlen', 'pkcs12_iterations_acceptable', 'CBS_len', 'pkcs12_check_mac', 'EVP_parse_digest_algorithm']

1417 2135 PKCS12_get_key_and_certs call site: 00223 /src/boringssl/crypto/pkcs8/pkcs8_x509.c:644
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
15 28 3 :

['CRYPTO_refcount_dec_and_test_zero', 'free_it', 'OPENSSL_free']

15 28 EVP_PKEY_free call site: 00352 /src/boringssl/crypto/evp/evp.c:107
12 17 2 :

['asn1_pdu::Length::_internal_set_indefinite_form(bool)', 'asn1_pdu::Length::_internal_indefinite_form() const']

20 25 asn1_pdu::Length::MergeImpl(google::protobuf::Message&,google::protobuf::Messageconst&) call site: 00000 /work/boringssl/genfiles/asn1_pdu.pb.cc:1476
9 35 7 :

['asn1_pdu::Length::clear_types()', 'google::protobuf::internal::ArenaStringPtr::InitDefault()', 'asn1_pdu::Length::types_case() const', 'asn1_pdu::Length::set_has_length_override()', 'void google::protobuf::internal::ArenaStringPtr::Set<>(std::__1::basic_string , std::__1::allocator > const&, google::protobuf::Arena*)', 'asn1_pdu::Length::_internal_length_override() const', 'google::protobuf::MessageLite::GetArenaForAllocation() const']

17 43 asn1_pdu::Length::MergeImpl(google::protobuf::Message&,google::protobuf::Messageconst&) call site: 00000 /work/boringssl/genfiles/asn1_pdu.pb.cc:1476
8 8 1 :

['google::protobuf::internal::RepeatedPtrFieldBase::MergeFromInternal(google::protobuf::internal::RepeatedPtrFieldBase const&, void (google::protobuf::internal::RepeatedPtrFieldBase::*)(void**, void**, int, int))']

8 8 voidgoogle::protobuf::internal::RepeatedPtrFieldBase::MergeFrom ::TypeHandler>(google::protobuf::internal::RepeatedPtrFieldBaseconst&) call site: 00000 /src/LPM/external.protobuf/include/google/protobuf/repeated_ptr_field.h:300
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00155 /src/boringssl/crypto/mem.c:306
2 2 1 :

['OPENSSL_memory_alloc']

2 60 OPENSSL_malloc call site: 00067 /src/boringssl/crypto/mem.c:233
2 2 1 :

['__errno_location']

2 6 ERR_put_error call site: 00072 /src/boringssl/crypto/err/err.c:665
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00094 /src/boringssl/crypto/mem.c:276
2 2 1 :

['sdallocx']

2 2 OPENSSL_free call site: 00096 /src/boringssl/crypto/mem.c:292
0 0 None 24 26 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:176

Runtime coverage analysis

Covered functions
244
Functions that are reachable but not covered
240
Reachable functions
411
Percentage of reachable functions covered
41.61%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/fuzz_pkcs12.cc 2
/work/boringssl/genfiles/asn1_pdu.pb.h 27
/work/boringssl/genfiles/asn1_pdu.pb.cc 13
/src/LPM/external.protobuf/include/google/protobuf/message.h 1
/src/LPM/external.protobuf/include/google/protobuf/message_lite.h 3
/src/LPM/external.protobuf/include/google/protobuf/metadata_lite.h 6
/src/LPM/external.protobuf/include/google/protobuf/generated_message_util.h 1
/src/asn1_pdu_to_der.h 2
/src/asn1_pdu_to_der.cc 9
/src/common.cc 3
/usr/local/bin/../include/c++/v1/math.h 1
/src/LPM/external.protobuf/include/google/protobuf/repeated_ptr_field.h 5
/src/LPM/external.protobuf/include/google/protobuf/explicitly_constructed.h 1
/src/LPM/external.protobuf/include/google/protobuf/arenastring.h 2
/src/boringssl/include/openssl/x509.h 3
/src/boringssl/crypto/stack/stack.c 4
/src/boringssl/crypto/mem.c 5
/src/boringssl/crypto/err/err.c 4
/src/boringssl/crypto/thread_pthread.c 6
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 3
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/bytestring/cbs.c 19
/src/boringssl/crypto/pkcs8/pkcs8_x509.c 4
/src/boringssl/crypto/bytestring/ber.c 5
/src/boringssl/crypto/bytestring/cbb.c 17
/src/boringssl/crypto/bytestring/../internal.h 3
/src/boringssl/crypto/pkcs8/../internal.h 2
/src/boringssl/crypto/digest_extra/digest_extra.c 3
/src/boringssl/crypto/digest_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/digest/digest.c 8
/src/boringssl/crypto/pkcs8/pkcs8.c 2
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 2
/src/boringssl/crypto/bytestring/unicode.c 3
/src/boringssl/crypto/fipsmodule/hmac/hmac.c 6
/src/boringssl/crypto/evp/evp.c 2
/src/boringssl/crypto/refcount.c 1
/src/boringssl/crypto/x509/x_x509.c 2
/src/boringssl/crypto/ex_data.c 2
/src/boringssl/include/openssl/stack.h 3
/src/boringssl/crypto/asn1/tasn_fre.c 4
/src/boringssl/include/openssl/asn1t.h 3
/src/boringssl/crypto/asn1/a_object.c 1
/src/boringssl/crypto/asn1/a_type.c 1
/src/boringssl/crypto/asn1/asn1_lib.c 1
/src/boringssl/crypto/asn1/tasn_utl.c 7
/src/boringssl/crypto/pool/pool.c 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/lhash/lhash.c 2
/src/boringssl/crypto/x509/x_algor.c 1
/src/boringssl/crypto/asn1/tasn_typ.c 2
/src/boringssl/crypto/x509v3/v3_akeya.c 1
/src/boringssl/crypto/x509v3/v3_crld.c 1
/src/boringssl/crypto/x509v3/v3_genn.c 1
/src/boringssl/crypto/x509v3/v3_ncons.c 1
/src/boringssl/crypto/x509/x_x509a.c 1

Fuzzer: cert

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 309 25.6%
gold [1:9] 29 2.40%
yellow [10:29] 21 1.74%
greenyellow [30:49] 21 1.74%
lawngreen 50+ 826 68.4%
All colors 1206 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2160 3276 14 :

['bn_div_consttime', 'bn_usub_consttime', 'BN_free', 'ERR_put_error', 'BN_num_bits', 'BN_init', 'BN_CTX_new', 'BN_cmp', 'BN_is_one', 'BN_value_one', 'bn_mul_consttime', 'BN_is_negative', 'BN_CTX_free', 'check_mod_inverse']

2160 3276 RSA_check_key call site: 00000 /src/boringssl/crypto/fipsmodule/rsa/rsa.c:816
84 176 4 :

['bn_from_montgomery_in_place', 'bn_mul_small', 'OPENSSL_cleanse', 'bn_sqr_small']

86 178 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:486
70 128 2 :

['ERR_add_error_dataf', 'ERR_put_error']

70 128 EVP_PKEY_set_type call site: 00614 /src/boringssl/crypto/evp/evp.c:343
70 70 1 :

['ERR_add_error_dataf']

70 128 ASN1_mbstring_ncopy call site: 00000 /src/boringssl/crypto/asn1/a_mbstr.c:173
40 40 2 :

['sk_X509V3_EXT_METHOD_value', 'sk_X509V3_EXT_METHOD_find']

40 40 X509V3_EXT_get_nid call site: 00741 /src/boringssl/crypto/x509v3/v3_lib.c:114
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00451 /src/boringssl/crypto/ex_data.c:212
28 106 3 :

['ec_felem_equal', 'BN_cmp', 'ec_GFp_simple_points_equal']

28 106 EC_GROUP_cmp call site: 00000 /src/boringssl/crypto/fipsmodule/ec/ec.c:587
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
16 34 3 :

['CRYPTO_STATIC_MUTEX_unlock_read', 'lh_ASN1_OBJECT_retrieve', 'CRYPTO_STATIC_MUTEX_lock_read']

16 92 OBJ_nid2obj call site: 00197 /src/boringssl/crypto/obj/obj.c:345
2 166 2 :

['bn_print', 'EC_KEY_get0_private_key']

2 640 do_EC_KEY_print call site: 00000 /src/boringssl/crypto/evp/print.c:270
2 2 1 :

['strlen']

166 1295 ASN1_mbstring_ncopy call site: 00000 /src/boringssl/crypto/asn1/a_mbstr.c:89
2 2 1 :

['DSA_get0_priv_key']

2 916 do_dsa_print call site: 00000 /src/boringssl/crypto/evp/print.c:196

Runtime coverage analysis

Covered functions
714
Functions that are reachable but not covered
81
Reachable functions
443
Percentage of reachable functions covered
81.72%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/cert.cc 1
/src/boringssl/crypto/x509/x_x509.c 7
/src/boringssl/crypto/err/err.c 11
/src/boringssl/crypto/thread_pthread.c 13
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/bytestring/cbs.c 27
/src/boringssl/crypto/mem.c 11
/src/boringssl/crypto/x509/../internal.h 2
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/crypto/asn1/tasn_dec.c 10
/src/boringssl/crypto/pool/pool.c 4
/src/boringssl/crypto/asn1/asn1_lib.c 10
/src/boringssl/include/openssl/asn1t.h 6
/src/boringssl/crypto/stack/stack.c 6
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/asn1/tasn_fre.c 4
/src/boringssl/crypto/asn1/a_object.c 7
/src/boringssl/crypto/asn1/a_type.c 2
/src/boringssl/crypto/asn1/tasn_utl.c 13
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/lhash/lhash.c 2
/src/boringssl/crypto/asn1/tasn_typ.c 9
/src/boringssl/crypto/asn1/tasn_new.c 7
/src/boringssl/crypto/obj/obj.c 10
/src/boringssl/crypto/asn1/../internal.h 5
/src/boringssl/crypto/obj/../internal.h 2
/src/boringssl/crypto/asn1/a_bitstr.c 3
/src/boringssl/crypto/asn1/a_int.c 11
/src/boringssl/crypto/bytestring/unicode.c 5
/src/boringssl/crypto/asn1/posix_time.c 6
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/crypto/x509/x_algor.c 3
/src/boringssl/include/openssl/stack.h 3
/src/boringssl/crypto/x509v3/v3_akeya.c 1
/src/boringssl/crypto/x509v3/v3_crld.c 2
/src/boringssl/crypto/x509v3/v3_genn.c 1
/src/boringssl/crypto/x509v3/v3_ncons.c 1
/src/boringssl/crypto/x509/x_x509a.c 1
/src/boringssl/crypto/x509/x509_cmp.c 5
/src/boringssl/crypto/x509/x_pubkey.c 2
/src/boringssl/crypto/evp/evp.c 7
/src/boringssl/crypto/asn1/tasn_enc.c 8
/src/boringssl/crypto/evp/evp_asn1.c 2
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/crypto/x509v3/v3_purp.c 6
/src/boringssl/crypto/fipsmodule/digest/digests.c 2
/src/boringssl/crypto/x509/x_all.c 1
/src/boringssl/crypto/bytestring/cbb.c 18
/src/boringssl/crypto/bytestring/../internal.h 3
/src/boringssl/crypto/bytestring/asn1_compat.c 1
/src/boringssl/crypto/fipsmodule/digest/digest.c 6
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 1
/src/boringssl/crypto/x509/x509_set.c 3
/src/boringssl/crypto/x509/x509_ext.c 3
/src/boringssl/crypto/x509v3/v3_lib.c 6
/src/boringssl/include/openssl/x509.h 5
/src/boringssl/crypto/x509/x509_v3.c 5
/src/boringssl/include/openssl/x509v3.h 7
/src/boringssl/crypto/x509v3/v3_bcons.c 1
/src/boringssl/include/openssl/asn1.h 4
/src/boringssl/crypto/asn1/a_octet.c 1
/src/boringssl/crypto/x509/x_name.c 6
/src/boringssl/crypto/asn1/a_dup.c 1
/src/boringssl/crypto/x509/x509name.c 5
/src/boringssl/crypto/bio/bio_mem.c 1
/src/boringssl/crypto/bio/bio.c 8
/src/boringssl/crypto/bio/../internal.h 1
/src/boringssl/crypto/x509/t_x509.c 4
/src/boringssl/crypto/bio/printf.c 1
/src/boringssl/crypto/x509/rsa_pss.c 5
/src/boringssl/crypto/asn1/f_int.c 1
/src/boringssl/crypto/x509/x509.c 1
/src/boringssl/crypto/x509/name_print.c 4
/src/boringssl/crypto/x509/x509_obj.c 1
/src/boringssl/crypto/buf/buf.c 4
/src/boringssl/crypto/buf/../internal.h 1
/src/boringssl/crypto/asn1/a_strex.c 12
/src/boringssl/crypto/asn1/asn1_par.c 1
/src/boringssl/crypto/evp/print.c 3
/src/boringssl/crypto/x509v3/v3_prn.c 4
/src/boringssl/crypto/bio/hexdump.c 4
/src/boringssl/include/openssl/conf.h 4
/src/boringssl/crypto/x509v3/v3_utl.c 1
/src/boringssl/crypto/x509/t_x509a.c 1

Fuzzer: pkcs12

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 71 18.3%
gold [1:9] 19 4.92%
yellow [10:29] 4 1.03%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 292 75.6%
All colors 386 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
172 176 4 :

['bn_from_montgomery_in_place', 'bn_mul_small', 'OPENSSL_cleanse', 'bn_sqr_small']

174 178 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:486
70 128 2 :

['ERR_add_error_dataf', 'ERR_put_error']

70 128 EVP_PKEY_set_type call site: 00000 /src/boringssl/crypto/evp/evp.c:343
70 70 1 :

['ERR_add_error_dataf']

70 128 ASN1_mbstring_ncopy call site: 00000 /src/boringssl/crypto/asn1/a_mbstr.c:173
48 106 2 :

['OBJ_obj2nid', 'ERR_put_error']

48 106 asn1_do_adb call site: 00000 /src/boringssl/crypto/asn1/tasn_utl.c:219
38 66 3 :

['CBS_len', 'OPENSSL_gmtime_adj', 'cbs_get_two_digits']

38 66 CBS_parse_rfc5280_time_internal call site: 00000 /src/boringssl/crypto/bytestring/cbs.c:886
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00300 /src/boringssl/crypto/ex_data.c:212
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
18 18 1 :

['ASN1_UTF8STRING_free']

18 18 X509_alias_set1 call site: 00000 /src/boringssl/crypto/x509/x_x509a.c:98
16 34 3 :

['CRYPTO_STATIC_MUTEX_unlock_read', 'lh_ASN1_OBJECT_retrieve', 'CRYPTO_STATIC_MUTEX_lock_read']

16 92 OBJ_nid2obj call site: 00000 /src/boringssl/crypto/obj/obj.c:345
13 13 2 :

['sk_ASN1_VALUE_pop', 'sk_ASN1_VALUE_num.4928']

13 2036 asn1_template_noexp_d2i call site: 00000 /src/boringssl/crypto/asn1/tasn_dec.c:597
2 2 1 :

['strlen']

166 1295 ASN1_mbstring_ncopy call site: 00000 /src/boringssl/crypto/asn1/a_mbstr.c:89
2 2 1 :

['strlen']

2 219 ASN1_STRING_set call site: 00000 /src/boringssl/crypto/asn1/asn1_lib.c:267

Runtime coverage analysis

Covered functions
727
Functions that are reachable but not covered
64
Reachable functions
291
Percentage of reachable functions covered
78.01%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/pkcs12.cc 1
/src/boringssl/include/openssl/x509.h 3
/src/boringssl/crypto/stack/stack.c 4
/src/boringssl/crypto/mem.c 5
/src/boringssl/crypto/err/err.c 4
/src/boringssl/crypto/thread_pthread.c 6
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 3
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/bytestring/cbs.c 19
/src/boringssl/crypto/pkcs8/pkcs8_x509.c 4
/src/boringssl/crypto/bytestring/ber.c 5
/src/boringssl/crypto/bytestring/cbb.c 17
/src/boringssl/crypto/bytestring/../internal.h 3
/src/boringssl/crypto/pkcs8/../internal.h 2
/src/boringssl/crypto/digest_extra/digest_extra.c 3
/src/boringssl/crypto/digest_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/digest/digest.c 8
/src/boringssl/crypto/pkcs8/pkcs8.c 2
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 2
/src/boringssl/crypto/bytestring/unicode.c 3
/src/boringssl/crypto/fipsmodule/hmac/hmac.c 6
/src/boringssl/crypto/evp/evp.c 2
/src/boringssl/crypto/refcount.c 1
/src/boringssl/crypto/x509/x_x509.c 2
/src/boringssl/crypto/ex_data.c 2
/src/boringssl/include/openssl/stack.h 3
/src/boringssl/crypto/asn1/tasn_fre.c 4
/src/boringssl/include/openssl/asn1t.h 3
/src/boringssl/crypto/asn1/a_object.c 1
/src/boringssl/crypto/asn1/a_type.c 1
/src/boringssl/crypto/asn1/asn1_lib.c 1
/src/boringssl/crypto/asn1/tasn_utl.c 7
/src/boringssl/crypto/pool/pool.c 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/lhash/lhash.c 2
/src/boringssl/crypto/x509/x_algor.c 1
/src/boringssl/crypto/asn1/tasn_typ.c 2
/src/boringssl/crypto/x509v3/v3_akeya.c 1
/src/boringssl/crypto/x509v3/v3_crld.c 1
/src/boringssl/crypto/x509v3/v3_genn.c 1
/src/boringssl/crypto/x509v3/v3_ncons.c 1
/src/boringssl/crypto/x509/x_x509a.c 1

Fuzzer: conf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 232 21.4%
gold [1:9] 43 3.97%
yellow [10:29] 25 2.31%
greenyellow [30:49] 9 0.83%
lawngreen 50+ 772 71.4%
All colors 1081 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
40 40 2 :

['sk_X509V3_EXT_METHOD_value', 'sk_X509V3_EXT_METHOD_find']

40 40 X509V3_EXT_get_nid call site: 01001 /src/boringssl/crypto/x509v3/v3_lib.c:114
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00271 /src/boringssl/crypto/ex_data.c:212
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
16 238 5 :

['CRYPTO_BUFFER_data', 'OPENSSL_memdup', 'CRYPTO_BUFFER_up_ref', 'asn1_encoding_clear', 'CRYPTO_BUFFER_len']

16 238 asn1_enc_save call site: 00868 /src/boringssl/crypto/asn1/tasn_utl.c:154
16 34 3 :

['CRYPTO_STATIC_MUTEX_unlock_read', 'lh_ASN1_OBJECT_retrieve', 'CRYPTO_STATIC_MUTEX_lock_read']

16 92 OBJ_nid2obj call site: 00178 /src/boringssl/crypto/obj/obj.c:345
13 13 2 :

['sk_ASN1_VALUE_pop', 'sk_ASN1_VALUE_num.4928']

13 2036 asn1_template_noexp_d2i call site: 00733 /src/boringssl/crypto/asn1/tasn_dec.c:597
4 28 3 :

['CRYPTO_refcount_dec_and_test_zero', 'free_it', 'OPENSSL_free']

4 28 EVP_PKEY_free call site: 00000 /src/boringssl/crypto/evp/evp.c:107
2 2 1 :

['strlen']

2 219 ASN1_STRING_set call site: 00524 /src/boringssl/crypto/asn1/asn1_lib.c:267
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00087 /src/boringssl/crypto/mem.c:306
2 2 1 :

['OPENSSL_memory_alloc']

2 60 OPENSSL_malloc call site: 00024 /src/boringssl/crypto/mem.c:233
2 2 1 :

['__errno_location']

2 6 ERR_put_error call site: 00004 /src/boringssl/crypto/err/err.c:665
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00030 /src/boringssl/crypto/mem.c:276

Runtime coverage analysis

Covered functions
558
Functions that are reachable but not covered
64
Reachable functions
391
Percentage of reachable functions covered
83.63%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/conf.cc 1
/src/boringssl/crypto/bio/bio_mem.c 1
/src/boringssl/crypto/err/err.c 8
/src/boringssl/crypto/thread_pthread.c 9
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/bio/bio.c 2
/src/boringssl/crypto/mem.c 19
/src/boringssl/crypto/bio/../internal.h 1
/src/boringssl/crypto/conf/conf.c 17
/src/boringssl/crypto/conf/internal.h 4
/src/boringssl/crypto/lhash/lhash.c 3
/src/boringssl/crypto/lhash/../internal.h 1
/src/boringssl/crypto/buf/buf.c 4
/src/boringssl/crypto/buf/../internal.h 1
/src/boringssl/include/openssl/conf.h 8
/src/boringssl/crypto/stack/stack.c 5
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/conf/../internal.h 1
/src/boringssl/crypto/x509/x_x509.c 5
/src/boringssl/crypto/x509/../internal.h 2
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/crypto/asn1/tasn_new.c 7
/src/boringssl/include/openssl/asn1t.h 6
/src/boringssl/crypto/obj/obj.c 12
/src/boringssl/crypto/asn1/asn1_lib.c 8
/src/boringssl/crypto/asn1/../internal.h 3
/src/boringssl/crypto/asn1/tasn_utl.c 13
/src/boringssl/crypto/asn1/tasn_fre.c 4
/src/boringssl/crypto/asn1/a_object.c 4
/src/boringssl/crypto/asn1/a_type.c 2
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/pool/pool.c 4
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/x509/x_algor.c 2
/src/boringssl/crypto/asn1/tasn_typ.c 10
/src/boringssl/include/openssl/stack.h 3
/src/boringssl/crypto/x509v3/v3_akeya.c 1
/src/boringssl/crypto/x509v3/v3_crld.c 1
/src/boringssl/crypto/x509v3/v3_genn.c 1
/src/boringssl/crypto/x509v3/v3_ncons.c 1
/src/boringssl/crypto/x509/x_x509a.c 1
/src/boringssl/crypto/x509v3/v3_conf.c 12
/src/boringssl/crypto/x509v3/../internal.h 2
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/crypto/bytestring/cbb.c 22
/src/boringssl/crypto/bytestring/../internal.h 4
/src/boringssl/crypto/bytestring/cbs.c 19
/src/boringssl/crypto/obj/../internal.h 2
/src/boringssl/crypto/x509v3/v3_utl.c 8
/src/boringssl/crypto/x509/asn1_gen.c 6
/src/boringssl/crypto/fipsmodule/bn/bn.c 10
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 1
/src/boringssl/crypto/bn_extra/convert.c 3
/src/boringssl/crypto/fipsmodule/bn/cmp.c 1
/src/boringssl/crypto/asn1/a_int.c 6
/src/boringssl/crypto/fipsmodule/bn/bytes.c 3
/src/boringssl/crypto/asn1/posix_time.c 6
/src/boringssl/crypto/asn1/tasn_dec.c 9
/src/boringssl/crypto/asn1/a_mbstr.c 2
/src/boringssl/crypto/bytestring/unicode.c 5
/src/boringssl/crypto/asn1/a_bitstr.c 4
/src/boringssl/crypto/asn1/tasn_enc.c 8
/src/boringssl/crypto/x509/x509_v3.c 6
/src/boringssl/crypto/x509/x_exten.c 3
/src/boringssl/crypto/asn1/a_octet.c 1
/src/boringssl/crypto/x509v3/v3_lib.c 3
/src/boringssl/include/openssl/x509v3.h 3
/src/boringssl/include/openssl/x509.h 4
/src/boringssl/crypto/asn1/a_dup.c 1

Fuzzer: certs_lpm

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 224 27.6%
gold [1:9] 20 2.47%
yellow [10:29] 11 1.35%
greenyellow [30:49] 7 0.86%
lawngreen 50+ 547 67.6%
All colors 809 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1574 3276 14 :

['bn_div_consttime', 'bn_usub_consttime', 'BN_free', 'ERR_put_error', 'BN_num_bits', 'BN_init', 'BN_CTX_new', 'BN_cmp', 'BN_is_one', 'BN_value_one', 'bn_mul_consttime', 'BN_is_negative', 'BN_CTX_free', 'check_mod_inverse']

1574 3276 RSA_check_key call site: 00000 /src/boringssl/crypto/fipsmodule/rsa/rsa.c:816
185 331 4 :

['bn_mul_part_recursive', 'BN_num_bits_word', 'BN_CTX_get', 'bn_mul_recursive']

185 891 bn_mul_impl call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:455
140 356 2 :

['bn_mod_lshift1_consttime', 'BN_sub_word']

140 3069 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.c:155
95 101 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

95 101 BN_mod_exp_mont call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:604
84 176 4 :

['bn_from_montgomery_in_place', 'bn_mul_small', 'OPENSSL_cleanse', 'bn_sqr_small']

86 178 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:486
70 128 2 :

['ERR_add_error_dataf', 'ERR_put_error']

70 128 EVP_PKEY_set_type call site: 00677 /src/boringssl/crypto/evp/evp.c:343
70 70 1 :

['ERR_add_error_dataf']

70 128 ASN1_mbstring_ncopy call site: 00000 /src/boringssl/crypto/asn1/a_mbstr.c:173
63 237 2 :

['bn_sqr_recursive', 'bn_wexpand']

63 369 bn_sqr_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:694
48 106 2 :

['OBJ_obj2nid', 'ERR_put_error']

48 106 asn1_do_adb call site: 00442 /src/boringssl/crypto/asn1/tasn_utl.c:219
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00514 /src/boringssl/crypto/ex_data.c:212
28 106 3 :

['ec_felem_equal', 'BN_cmp', 'ec_GFp_simple_points_equal']

28 106 EC_GROUP_cmp call site: 00000 /src/boringssl/crypto/fipsmodule/ec/ec.c:587
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265

Runtime coverage analysis

Covered functions
661
Functions that are reachable but not covered
79
Reachable functions
380
Percentage of reachable functions covered
79.21%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/fuzz_certs.cc 2
/work/boringssl/genfiles/asn1_pdu.pb.h 27
/work/boringssl/genfiles/asn1_pdu.pb.cc 13
/src/LPM/external.protobuf/include/google/protobuf/message.h 1
/src/LPM/external.protobuf/include/google/protobuf/message_lite.h 3
/src/LPM/external.protobuf/include/google/protobuf/metadata_lite.h 6
/src/LPM/external.protobuf/include/google/protobuf/generated_message_util.h 1
/src/asn1_pdu_to_der.h 2
/src/asn1_pdu_to_der.cc 9
/src/common.cc 3
/usr/local/bin/../include/c++/v1/math.h 1
/src/LPM/external.protobuf/include/google/protobuf/repeated_ptr_field.h 5
/src/LPM/external.protobuf/include/google/protobuf/explicitly_constructed.h 1
/src/LPM/external.protobuf/include/google/protobuf/arenastring.h 2
/src/boringssl/crypto/x509/x_x509.c 7
/src/boringssl/crypto/err/err.c 8
/src/boringssl/crypto/thread_pthread.c 11
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/bytestring/cbs.c 25
/src/boringssl/crypto/mem.c 8
/src/boringssl/crypto/x509/../internal.h 1
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/crypto/asn1/tasn_dec.c 10
/src/boringssl/crypto/pool/pool.c 4
/src/boringssl/crypto/asn1/asn1_lib.c 7
/src/boringssl/include/openssl/asn1t.h 6
/src/boringssl/crypto/stack/stack.c 3
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/asn1/tasn_fre.c 4
/src/boringssl/crypto/asn1/a_object.c 4
/src/boringssl/crypto/asn1/a_type.c 2
/src/boringssl/crypto/asn1/tasn_utl.c 13
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/lhash/lhash.c 2
/src/boringssl/crypto/asn1/tasn_typ.c 8
/src/boringssl/crypto/asn1/tasn_new.c 7
/src/boringssl/crypto/obj/obj.c 6
/src/boringssl/crypto/asn1/../internal.h 5
/src/boringssl/crypto/obj/../internal.h 2
/src/boringssl/crypto/asn1/a_bitstr.c 3
/src/boringssl/crypto/asn1/a_int.c 8
/src/boringssl/crypto/bytestring/unicode.c 4
/src/boringssl/crypto/asn1/posix_time.c 6
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/crypto/x509/x_algor.c 3
/src/boringssl/include/openssl/stack.h 3
/src/boringssl/crypto/x509v3/v3_akeya.c 1
/src/boringssl/crypto/x509v3/v3_crld.c 1
/src/boringssl/crypto/x509v3/v3_genn.c 1
/src/boringssl/crypto/x509v3/v3_ncons.c 1
/src/boringssl/crypto/x509/x_x509a.c 1
/src/boringssl/crypto/x509/x509_cmp.c 1
/src/boringssl/crypto/x509/x_pubkey.c 2
/src/boringssl/crypto/evp/evp.c 6
/src/boringssl/crypto/asn1/tasn_enc.c 8
/src/boringssl/crypto/evp/evp_asn1.c 2
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/crypto/bytestring/cbb.c 15
/src/boringssl/crypto/bytestring/../internal.h 3
/src/boringssl/crypto/bytestring/asn1_compat.c 1

Fuzzer: session

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 52 12.3%
gold [1:9] 32 7.58%
yellow [10:29] 46 10.9%
greenyellow [30:49] 22 5.21%
lawngreen 50+ 270 63.9%
All colors 422 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
147 147 4 :

['lh_CRYPTO_BUFFER_delete', 'lh_CRYPTO_BUFFER_retrieve', 'CRYPTO_MUTEX_lock_write', 'CRYPTO_MUTEX_unlock_write']

147 174 CRYPTO_BUFFER_free call site: 00000 /src/boringssl/crypto/pool/pool.c:207
142 166 6 :

['crypto_buffer_free_object', 'CRYPTO_refcount_inc', 'lh_CRYPTO_BUFFER_retrieve', 'CRYPTO_MUTEX_lock_write', 'CRYPTO_MUTEX_unlock_write', 'lh_CRYPTO_BUFFER_insert']

142 166 crypto_buffer_new call site: 00194 /src/boringssl/crypto/pool/pool.c:132
92 92 1 :

['bssl::set_version_bound(bssl::SSL_PROTOCOL_METHOD const*, unsigned short*, unsigned short)']

92 92 bssl::set_min_version(bssl::SSL_PROTOCOL_METHODconst*,unsignedshort*,unsignedshort) call site: 00000 /src/boringssl/ssl/ssl_versions.cc:144
92 92 1 :

['bssl::set_version_bound(bssl::SSL_PROTOCOL_METHOD const*, unsigned short*, unsigned short)']

92 92 bssl::set_max_version(bssl::SSL_PROTOCOL_METHODconst*,unsignedshort*,unsignedshort) call site: 00000 /src/boringssl/ssl/ssl_versions.cc:155
70 70 1 :

['ERR_add_error_dataf']

70 128 ASN1_mbstring_ncopy call site: 00000 /src/boringssl/crypto/asn1/a_mbstr.c:173
48 106 2 :

['OBJ_obj2nid', 'ERR_put_error']

48 106 asn1_do_adb call site: 00000 /src/boringssl/crypto/asn1/tasn_utl.c:219
34 34 3 :

['CRYPTO_STATIC_MUTEX_unlock_read', 'lh_ASN1_OBJECT_retrieve', 'CRYPTO_STATIC_MUTEX_lock_read']

34 92 OBJ_nid2obj call site: 00000 /src/boringssl/crypto/obj/obj.c:345
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.c:212
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
13 13 2 :

['sk_ASN1_VALUE_pop', 'sk_ASN1_VALUE_num.4928']

13 2036 asn1_template_noexp_d2i call site: 00000 /src/boringssl/crypto/asn1/tasn_dec.c:597
4 28 3 :

['CRYPTO_refcount_dec_and_test_zero', 'free_it', 'OPENSSL_free']

4 28 EVP_PKEY_free call site: 00000 /src/boringssl/crypto/evp/evp.c:107
2 2 1 :

['strlen']

166 1295 ASN1_mbstring_ncopy call site: 00000 /src/boringssl/crypto/asn1/a_mbstr.c:89

Runtime coverage analysis

Covered functions
384
Functions that are reachable but not covered
39
Reachable functions
196
Percentage of reachable functions covered
80.1%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/session.cc 1
/src/boringssl/ssl/ssl_asn1.cc 11
/src/boringssl/crypto/bytestring/cbs.c 26
/src/boringssl/ssl/ssl_session.cc 2
/src/boringssl/ssl/internal.h 11
/src/boringssl/crypto/mem.c 7
/src/boringssl/crypto/err/err.c 4
/src/boringssl/crypto/thread_pthread.c 7
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/ex_data.c 1
/src/boringssl/ssl/ssl_versions.cc 1
/src/boringssl/ssl/ssl_cipher.cc 3
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/ssl/../crypto/internal.h 1
/src/boringssl/crypto/bytestring/../internal.h 4
/src/boringssl/include/openssl/bytestring.h 1
/src/boringssl/include/openssl/span.h 4
/src/boringssl/crypto/pool/pool.c 6
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/lhash/lhash.c 2
/src/boringssl/crypto/refcount.c 1
/src/boringssl/crypto/pool/../internal.h 1
/src/boringssl/include/openssl/pool.h 3
/src/boringssl/crypto/stack/stack.c 4
/src/boringssl/crypto/stack/../internal.h 2
/src/boringssl/include/openssl/stack.h 1
/src/boringssl/include/openssl/base.h 3
/src/boringssl/crypto/bytestring/cbb.c 22

Fuzzer: decode_client_hello_inner

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 96 24.1%
gold [1:9] 98 24.6%
yellow [10:29] 18 4.52%
greenyellow [30:49] 2 0.50%
lawngreen 50+ 184 46.2%
All colors 398 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1982 2041 12 :

['CRL_DIST_POINTS_free', 'X509_CERT_AUX_free', 'ASN1_OCTET_STRING_free', 'X509_CINF_free', 'GENERAL_NAMES_free', 'X509_ALGOR_free', 'NAME_CONSTRAINTS_free', 'AUTHORITY_KEYID_free', 'ASN1_BIT_STRING_free', 'OPENSSL_free', 'CRYPTO_free_ex_data', 'CRYPTO_MUTEX_cleanup']

1982 2041 X509_free call site: 00000 /src/boringssl/crypto/x509/x_x509.c:127
110 110 6 :

['bssl::DC::Dup()', 'std::__1::unique_ptr ::operator bool() const', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::operator=(std::__1::unique_ptr &&)', 'std::__1::unique_ptr ::~unique_ptr()', 'std::__1::unique_ptr ::unique_ptr (decltype(nullptr))']

110 125 bssl::ssl_cert_dup(bssl::CERT*) call site: 00000 /src/boringssl/ssl/ssl_cert.cc:182
106 106 4 :

['std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::operator bool() const', 'std::__1::unique_ptr ::reset(stack_st_CRYPTO_BUFFER*)', 'sk_CRYPTO_BUFFER_deep_copy']

216 379 bssl::ssl_cert_dup(bssl::CERT*) call site: 00000 /src/boringssl/ssl/ssl_cert.cc:156
92 92 1 :

['bssl::set_version_bound(bssl::SSL_PROTOCOL_METHOD const*, unsigned short*, unsigned short)']

92 92 bssl::set_min_version(bssl::SSL_PROTOCOL_METHODconst*,unsignedshort*,unsignedshort) call site: 00000 /src/boringssl/ssl/ssl_versions.cc:144
92 92 1 :

['bssl::set_version_bound(bssl::SSL_PROTOCOL_METHOD const*, unsigned short*, unsigned short)']

92 92 bssl::set_max_version(bssl::SSL_PROTOCOL_METHODconst*,unsignedshort*,unsignedshort) call site: 00000 /src/boringssl/ssl/ssl_versions.cc:155
76 76 4 :

['std::__1::unique_ptr ::reset(char*)', 'std::__1::unique_ptr ::get() const', 'bool std::__1::operator== (std::__1::unique_ptr const&, decltype(nullptr))', 'OPENSSL_strdup']

76 91 SSL_new call site: 00210 /src/boringssl/ssl/ssl_lib.cc:671
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.c:212
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265
2 2 1 :

['OPENSSL_memory_get_size']

2 85 OPENSSL_realloc call site: 00304 /src/boringssl/crypto/mem.c:306
2 2 1 :

['OPENSSL_memory_alloc']

2 60 OPENSSL_malloc call site: 00026 /src/boringssl/crypto/mem.c:233
2 2 1 :

['__errno_location']

2 6 ERR_put_error call site: 00005 /src/boringssl/crypto/err/err.c:665
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00042 /src/boringssl/crypto/mem.c:276

Runtime coverage analysis

Covered functions
343
Functions that are reachable but not covered
84
Reachable functions
348
Percentage of reachable functions covered
75.86%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/decode_client_hello_inner.cc 1
/src/boringssl/ssl/tls_method.cc 1
/src/boringssl/ssl/ssl_lib.cc 5
/src/boringssl/crypto/err/err.c 4
/src/boringssl/crypto/thread_pthread.c 4
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/ssl/internal.h 34
/src/boringssl/crypto/mem.c 7
/src/boringssl/fuzz/../ssl/internal.h 7
/src/boringssl/crypto/ex_data.c 1
/src/boringssl/crypto/lhash/lhash.c 1
/src/boringssl/crypto/lhash/../internal.h 1
/src/boringssl/include/openssl/pool.h 5
/src/boringssl/crypto/stack/stack.c 2
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c 1
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 2
/src/boringssl/crypto/fipsmodule/modes/gcm.c 1
/src/boringssl/ssl/ssl_cipher.cc 16
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/ssl/../crypto/internal.h 2
/src/boringssl/include/openssl/ssl.h 3
/src/boringssl/include/openssl/span.h 16
/src/boringssl/ssl/ssl_versions.cc 9
/src/boringssl/ssl/ssl_cert.cc 2
/src/boringssl/include/openssl/evp.h 2
/src/boringssl/crypto/evp/evp.c 1
/src/boringssl/crypto/refcount.c 1
/src/boringssl/crypto/pool/pool.c 1
/src/boringssl/fuzz/../ssl/../crypto/internal.h 1
/src/boringssl/include/openssl/bytestring.h 2
/src/boringssl/crypto/bytestring/cbs.c 12
/src/boringssl/ssl/extensions.cc 4
/src/boringssl/ssl/encrypted_client_hello.cc 3
/src/boringssl/include/openssl/base.h 3
/src/boringssl/crypto/bytestring/cbb.c 15
/src/boringssl/crypto/bytestring/../internal.h 3

Fuzzer: server

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1566 33.0%
gold [1:9] 326 6.87%
yellow [10:29] 130 2.74%
greenyellow [30:49] 53 1.11%
lawngreen 50+ 2664 56.2%
All colors 4739 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3376 7424 28 :

['std::__1::unique_ptr ::operator bool() const', 'std::__1::unique_ptr ::get() const', 'X509_free', 'X509_verify_cert', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_new', 'X509_parse_from_buffer', 'std::__1::unique_ptr ::~unique_ptr()', 'std::__1::unique_ptr ::~unique_ptr()', 'X509_STORE_CTX_init', 'std::__1::unique_ptr ::unique_ptr (stack_st_X509*)', 'sk_CRYPTO_BUFFER_value', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_get1_chain', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_crypto_x509_cert_flush_cached_chain(bssl::CERT*)', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::unique_ptr (x509_st*)', 'ERR_put_error', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::unique_ptr (x509_store_ctx_st*)', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_cert_set_chain(bssl::CERT*, stack_st_X509*)', 'ERR_clear_error', 'std::__1::unique_ptr ::~unique_ptr()', 'sk_X509_shift']

3376 7424 bssl::ssl_crypto_x509_ssl_auto_chain_if_needed(bssl::SSL_HANDSHAKE*) call site: 00000 /src/boringssl/ssl/ssl_x509.cc:450
651 651 1 :

['bn_mod_inverse_secret_prime']

651 1045 freeze_private_key call site: 04077 /src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c:258
572 1179 15 :

['std::__1::unique_ptr ::get() const', 'CBS_get_asn1', 'std::__1::unique_ptr ::operator->() const', 'cbs_st::operator bssl::Span () const', 'cbs_st::cbs_st(bssl::Span )', 'CBS_get_asn1_uint64', 'std::__1::unique_ptr ::operator bool() const', 'BUF_MEM_new', 'SSL_set_accept_state', 'bssl::apply_remote_features(ssl_st*, cbs_st*)', 'std::__1::unique_ptr ::reset(buf_mem_st*)', 'CBS_len', 'CBS_data', 'BUF_MEM_append', 'bssl::SSLTranscript::Update(bssl::Span )']

572 1179 bssl::SSL_apply_handoff(ssl_st*,bssl::Span ) call site: 00000 /src/boringssl/ssl/handoff.cc:247
488 1960 3 :

['copy_from_prebuf', 'copy_to_prebuf', 'BN_mod_mul_montgomery']

488 2225 BN_mod_exp_mont_consttime call site: 04024 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:1039
485 897 4 :

['CBS_len', 'bssl::ssl_send_alert(ssl_st*, int, int)', 'ERR_put_error', 'SSL_renegotiate']

485 897 ssl_do_post_handshake(ssl_st*,bssl::SSLMessageconst&) call site: 00000 /src/boringssl/ssl/ssl_lib.cc:899
389 466 10 :

['X509_LOOKUP_free', 'X509_VERIFY_PARAM_free', 'sk_X509_LOOKUP_free', 'X509_LOOKUP_shutdown', 'sk_X509_LOOKUP_num', 'OPENSSL_free', 'CRYPTO_MUTEX_cleanup', 'sk_X509_LOOKUP_value', 'CRYPTO_refcount_dec_and_test_zero', 'sk_X509_OBJECT_pop_free']

389 466 X509_STORE_free call site: 00000 /src/boringssl/crypto/x509/x509_lu.c:230
383 383 1 :

['EVP_aead_aes_256_gcm']

383 385 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:600
358 358 1 :

['bn_mod_mul_montgomery_fallback']

358 358 BN_mod_mul_montgomery call site: 03917 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:429
312 2472 5 :

['integers_equal', 'ERR_put_error', 'parse_explicit_prime_curve', 'OPENSSL_built_in_curves', 'EC_GROUP_new_by_curve_name']

312 2472 EC_KEY_parse_parameters call site: 00000 /src/boringssl/crypto/ec_extra/ec_asn1.c:369
282 1188 15 :

['CBB_add_u8', 'bssl::CBBFinishArray(cbb_st*, bssl::Array *)', 'bssl::internal::StackAllocated ::StackAllocated()', 'bssl::Span ::size() const', 'bssl::cbb_add_hex(cbb_st*, bssl::Span )', 'bssl::internal::StackAllocated ::~StackAllocated()', 'bssl::Array ::Array()', 'strlen', 'CBB_init', 'std::__1::unique_ptr ::operator->() const', 'bssl::Array ::data()', 'bssl::Span ::Span<32ul>(unsigned char const (&) [32ul])', 'bssl::internal::StackAllocated ::get()', 'CBB_add_bytes', 'bssl::Array ::~Array()']

282 1188 bssl::ssl_log_secret(ssl_stconst*,charconst*,bssl::Span ) call site: 00000 /src/boringssl/ssl/ssl_lib.cc:300
146 1236 22 :

['bssl::CBBFinishArray(cbb_st*, bssl::Array *)', 'CBB_add_u24', 'bssl::Array ::Array()', 'bssl::Span bssl::MakeConstSpan (unsigned char const*, unsigned long)', 'CBB_data', 'bssl::Array ::data()', 'bssl::Array ::empty() const', 'CBB_len', 'bssl::Array ::CopyFrom(bssl::Span )', 'CBB_add_u24_length_prefixed', 'CBB_add_bytes', 'std::__1::unique_ptr ::get() const', 'bssl::internal::operator==(bssl::Span , bssl::Span )', 'CBB_add_u16', 'bssl::GrowableArray ::begin()', 'ERR_put_error', 'std::__1::unique_ptr ::operator->() const', 'decltype (MakeConstSpan(({parm#1}.data)(), ({parm#1}.size)())) bssl::MakeConstSpan >(bssl::Array const&)', 'bssl::Array ::~Array()', 'bssl::Array ::size() const', 'bssl::GrowableArray ::end()', 'bssl::Span ::Span , void, bssl::Array >(bssl::Array const&)']

146 1345 bssl::tls13_add_certificate(bssl::SSL_HANDSHAKE*) call site: 00000 /src/boringssl/ssl/tls13_both.cc:488
130 166 6 :

['crypto_buffer_free_object', 'CRYPTO_refcount_inc', 'lh_CRYPTO_BUFFER_retrieve', 'CRYPTO_MUTEX_lock_write', 'CRYPTO_MUTEX_unlock_write', 'lh_CRYPTO_BUFFER_insert']

130 166 crypto_buffer_new call site: 00274 /src/boringssl/crypto/pool/pool.c:132

Runtime coverage analysis

Covered functions
1976
Functions that are reachable but not covered
348
Reachable functions
1943
Percentage of reachable functions covered
82.09%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/server.cc 1
/src/boringssl/fuzz/../ssl/test/fuzzer.h 4
/src/boringssl/crypto/rand_extra/deterministic.c 3
/src/boringssl/crypto/bytestring/cbs.c 35
/src/boringssl/ssl/ssl_session.cc 32
/src/boringssl/ssl/../crypto/internal.h 21
/src/boringssl/crypto/thread_pthread.c 11
/src/boringssl/ssl/internal.h 71
/src/boringssl/crypto/lhash/lhash.c 5
/src/boringssl/crypto/mem.c 12
/src/boringssl/crypto/err/err.c 18
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/lhash/../internal.h 1
/usr/local/bin/../include/c++/v1/initializer_list 1
/src/boringssl/ssl/ssl_lib.cc 44
/src/boringssl/include/openssl/ssl.h 13
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/ssl/ssl_cert.cc 13
/src/boringssl/include/openssl/pool.h 7
/src/boringssl/crypto/stack/stack.c 7
/src/boringssl/crypto/stack/../internal.h 3
/src/boringssl/include/openssl/evp.h 2
/src/boringssl/crypto/evp/evp.c 11
/src/boringssl/include/openssl/span.h 51
/src/boringssl/crypto/pool/pool.c 8
/src/boringssl/ssl/ssl_asn1.cc 11
/src/boringssl/ssl/ssl_versions.cc 9
/src/boringssl/ssl/ssl_cipher.cc 14
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/crypto/bytestring/../internal.h 4
/src/boringssl/include/openssl/bytestring.h 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/pool/../internal.h 1
/src/boringssl/include/openssl/stack.h 7
/src/boringssl/ssl/ssl_x509.cc 2
/src/boringssl/ssl/handoff.cc 7
/src/boringssl/crypto/bio/bio.c 8
/src/boringssl/crypto/bio/../internal.h 1
/src/boringssl/crypto/bio/bio_mem.c 1
/src/boringssl/ssl/handshake.cc 15
/src/boringssl/include/openssl/err.h 2
/src/boringssl/ssl/ssl_buffer.cc 9
/src/boringssl/ssl/tls_record.cc 1
/src/boringssl/ssl/ssl_aead_ctx.cc 5
/src/boringssl/ssl/s3_pkt.cc 2
/src/boringssl/ssl/extensions.cc 35
/src/boringssl/crypto/buf/buf.c 3
/src/boringssl/crypto/buf/../internal.h 2
/src/boringssl/ssl/ssl_transcript.cc 10
/src/boringssl/include/openssl/base.h 17
/src/boringssl/crypto/fipsmodule/digest/digest.c 11
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 31
/src/boringssl/ssl/handshake_server.cc 31
/src/boringssl/ssl/encrypted_client_hello.cc 7
/src/boringssl/crypto/hpke/hpke.c 13
/src/boringssl/crypto/fipsmodule/cipher/aead.c 6
/src/boringssl/crypto/hpke/../internal.h 1
/src/boringssl/crypto/bytestring/cbb.c 34
/src/boringssl/crypto/fipsmodule/hkdf/hkdf.c 2
/src/boringssl/crypto/fipsmodule/hmac/hmac.c 8
/src/boringssl/ssl/ssl_privkey.cc 8
/src/boringssl/crypto/evp/evp_asn1.c 3
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/ssl/tls13_server.cc 23
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c 16
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h 2
/src/boringssl/crypto/fipsmodule/modes/gcm.c 5
/src/boringssl/ssl/s3_both.cc 5
/src/boringssl/crypto/fipsmodule/digest/digests.c 10
/src/boringssl/crypto/fipsmodule/cipher/cipher.c 10
/src/boringssl/crypto/fipsmodule/rand/rand.c 4
/src/boringssl/crypto/fipsmodule/rand/fork_detect.c 2
/src/boringssl/crypto/rand_extra/forkunsafe.c 1
/src/boringssl/crypto/rand_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../rand/internal.h 2
/src/boringssl/crypto/rand_extra/../fipsmodule/rand/../modes/../../internal.h 2
/src/boringssl/crypto/chacha/chacha.c 1
/src/boringssl/crypto/chacha/../internal.h 3
/src/boringssl/crypto/fipsmodule/rand/ctrdrbg.c 6
/src/boringssl/crypto/fipsmodule/modes/gcm_nohw.c 5
/src/boringssl/crypto/fipsmodule/aes/aes_nohw.c 26
/src/boringssl/crypto/fipsmodule/sha/sha256.c 5
/src/boringssl/crypto/fipsmodule/sha/../digest/md32_common.h 2
/src/boringssl/ssl/tls13_enc.cc 21
/src/boringssl/crypto/fipsmodule/tls/kdf.c 3
/src/boringssl/ssl/ssl_key_share.cc 1
/src/boringssl/crypto/cipher_extra/e_chacha20poly1305.c 1
/src/boringssl/crypto/cipher_extra/e_tls.c 7
/src/boringssl/ssl/tls13_both.cc 10
/src/boringssl/crypto/fipsmodule/ec/ec_key.c 6
/src/boringssl/crypto/fipsmodule/ec/ec.c 21
/src/boringssl/crypto/fipsmodule/digestsign/digestsign.c 12
/src/boringssl/crypto/evp/evp_ctx.c 7
/src/boringssl/crypto/evp/p_rsa.c 2
/src/boringssl/crypto/fipsmodule/bn/ctx.c 15
/src/boringssl/crypto/fipsmodule/bn/bytes.c 6
/src/boringssl/crypto/fipsmodule/bn/bn.c 20
/src/boringssl/crypto/fipsmodule/ec/felem.c 6
/src/boringssl/crypto/fipsmodule/bn/div.c 13
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c 8
/src/boringssl/crypto/fipsmodule/bn/montgomery.c 15
/src/boringssl/crypto/fipsmodule/bn/cmp.c 9
/src/boringssl/crypto/fipsmodule/bn/montgomery_inv.c 3
/src/boringssl/crypto/fipsmodule/bn/shift.c 8
/src/boringssl/crypto/fipsmodule/bn/add.c 7
/src/boringssl/crypto/fipsmodule/ec/simple.c 4
/src/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c 5
/src/boringssl/crypto/engine/engine.c 3
/src/boringssl/crypto/fipsmodule/ec/scalar.c 3
/src/boringssl/crypto/fipsmodule/bn/mul.c 13
/src/boringssl/crypto/rsa_extra/rsa_crypt.c 4
/src/boringssl/crypto/fipsmodule/rsa/rsa.c 3
/src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c 9
/src/boringssl/crypto/fipsmodule/bn/gcd.c 3
/src/boringssl/crypto/fipsmodule/bn/exponentiation.c 5
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.h 1
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.c 1
/src/boringssl/crypto/fipsmodule/rsa/blinding.c 7
/src/boringssl/crypto/fipsmodule/bn/random.c 5
/src/boringssl/crypto/rsa_extra/../internal.h 9
/src/boringssl/crypto/fipsmodule/rsa/padding.c 1
/src/boringssl/ssl/t1_enc.cc 6
/src/boringssl/ssl/tls13_client.cc 2

Fuzzer: dtls_server

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2479 52.3%
gold [1:9] 263 5.54%
yellow [10:29] 73 1.54%
greenyellow [30:49] 33 0.69%
lawngreen 50+ 1891 39.9%
All colors 4739 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3376 7424 28 :

['std::__1::unique_ptr ::operator bool() const', 'std::__1::unique_ptr ::get() const', 'X509_free', 'X509_verify_cert', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_new', 'X509_parse_from_buffer', 'std::__1::unique_ptr ::~unique_ptr()', 'std::__1::unique_ptr ::~unique_ptr()', 'X509_STORE_CTX_init', 'std::__1::unique_ptr ::unique_ptr (stack_st_X509*)', 'sk_CRYPTO_BUFFER_value', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_get1_chain', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_crypto_x509_cert_flush_cached_chain(bssl::CERT*)', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::unique_ptr (x509_st*)', 'ERR_put_error', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::unique_ptr (x509_store_ctx_st*)', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_cert_set_chain(bssl::CERT*, stack_st_X509*)', 'ERR_clear_error', 'std::__1::unique_ptr ::~unique_ptr()', 'sk_X509_shift']

3376 7424 bssl::ssl_crypto_x509_ssl_auto_chain_if_needed(bssl::SSL_HANDSHAKE*) call site: 00000 /src/boringssl/ssl/ssl_x509.cc:450
651 651 1 :

['bn_mod_inverse_secret_prime']

651 1045 freeze_private_key call site: 04077 /src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c:258
572 1179 15 :

['std::__1::unique_ptr ::get() const', 'CBS_get_asn1', 'std::__1::unique_ptr ::operator->() const', 'cbs_st::operator bssl::Span () const', 'cbs_st::cbs_st(bssl::Span )', 'CBS_get_asn1_uint64', 'std::__1::unique_ptr ::operator bool() const', 'BUF_MEM_new', 'SSL_set_accept_state', 'bssl::apply_remote_features(ssl_st*, cbs_st*)', 'std::__1::unique_ptr ::reset(buf_mem_st*)', 'CBS_len', 'CBS_data', 'BUF_MEM_append', 'bssl::SSLTranscript::Update(bssl::Span )']

572 1179 bssl::SSL_apply_handoff(ssl_st*,bssl::Span ) call site: 00000 /src/boringssl/ssl/handoff.cc:247
488 1960 3 :

['copy_from_prebuf', 'copy_to_prebuf', 'BN_mod_mul_montgomery']

488 2225 BN_mod_exp_mont_consttime call site: 04024 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:1039
390 390 1 :

['EVP_aead_aes_128_gcm_tls13']

390 392 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:591
390 390 1 :

['EVP_aead_aes_256_gcm_tls13']

390 392 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:600
389 466 10 :

['X509_LOOKUP_free', 'X509_VERIFY_PARAM_free', 'sk_X509_LOOKUP_free', 'X509_LOOKUP_shutdown', 'sk_X509_LOOKUP_num', 'OPENSSL_free', 'CRYPTO_MUTEX_cleanup', 'sk_X509_LOOKUP_value', 'CRYPTO_refcount_dec_and_test_zero', 'sk_X509_OBJECT_pop_free']

389 466 X509_STORE_free call site: 00000 /src/boringssl/crypto/x509/x509_lu.c:230
389 389 1 :

['EVP_aead_aes_128_gcm_tls12']

389 391 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:589
389 389 1 :

['EVP_aead_aes_256_gcm_tls12']

389 391 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:598
358 358 1 :

['bn_mod_mul_montgomery_fallback']

358 358 BN_mod_mul_montgomery call site: 03917 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:429
312 2472 5 :

['integers_equal', 'ERR_put_error', 'parse_explicit_prime_curve', 'OPENSSL_built_in_curves', 'EC_GROUP_new_by_curve_name']

312 2472 EC_KEY_parse_parameters call site: 00000 /src/boringssl/crypto/ec_extra/ec_asn1.c:369
282 1188 15 :

['CBB_add_u8', 'bssl::CBBFinishArray(cbb_st*, bssl::Array *)', 'bssl::internal::StackAllocated ::StackAllocated()', 'bssl::Span ::size() const', 'bssl::cbb_add_hex(cbb_st*, bssl::Span )', 'bssl::internal::StackAllocated ::~StackAllocated()', 'bssl::Array ::Array()', 'strlen', 'CBB_init', 'std::__1::unique_ptr ::operator->() const', 'bssl::Array ::data()', 'bssl::Span ::Span<32ul>(unsigned char const (&) [32ul])', 'bssl::internal::StackAllocated ::get()', 'CBB_add_bytes', 'bssl::Array ::~Array()']

282 1188 bssl::ssl_log_secret(ssl_stconst*,charconst*,bssl::Span ) call site: 00000 /src/boringssl/ssl/ssl_lib.cc:300

Runtime coverage analysis

Covered functions
1794
Functions that are reachable but not covered
609
Reachable functions
1943
Percentage of reachable functions covered
68.66%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/dtls_server.cc 1
/src/boringssl/fuzz/../ssl/test/fuzzer.h 4
/src/boringssl/crypto/rand_extra/deterministic.c 3
/src/boringssl/crypto/bytestring/cbs.c 35
/src/boringssl/ssl/ssl_session.cc 32
/src/boringssl/ssl/../crypto/internal.h 21
/src/boringssl/crypto/thread_pthread.c 11
/src/boringssl/ssl/internal.h 71
/src/boringssl/crypto/lhash/lhash.c 5
/src/boringssl/crypto/mem.c 12
/src/boringssl/crypto/err/err.c 18
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/lhash/../internal.h 1
/usr/local/bin/../include/c++/v1/initializer_list 1
/src/boringssl/ssl/ssl_lib.cc 44
/src/boringssl/include/openssl/ssl.h 13
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/ssl/ssl_cert.cc 13
/src/boringssl/include/openssl/pool.h 7
/src/boringssl/crypto/stack/stack.c 7
/src/boringssl/crypto/stack/../internal.h 3
/src/boringssl/include/openssl/evp.h 2
/src/boringssl/crypto/evp/evp.c 11
/src/boringssl/include/openssl/span.h 51
/src/boringssl/crypto/pool/pool.c 8
/src/boringssl/ssl/ssl_asn1.cc 11
/src/boringssl/ssl/ssl_versions.cc 9
/src/boringssl/ssl/ssl_cipher.cc 14
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/crypto/bytestring/../internal.h 4
/src/boringssl/include/openssl/bytestring.h 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/pool/../internal.h 1
/src/boringssl/include/openssl/stack.h 7
/src/boringssl/ssl/ssl_x509.cc 2
/src/boringssl/ssl/handoff.cc 7
/src/boringssl/crypto/bio/bio.c 8
/src/boringssl/crypto/bio/../internal.h 1
/src/boringssl/crypto/bio/bio_mem.c 1
/src/boringssl/ssl/handshake.cc 15
/src/boringssl/include/openssl/err.h 2
/src/boringssl/ssl/ssl_buffer.cc 9
/src/boringssl/ssl/tls_record.cc 1
/src/boringssl/ssl/ssl_aead_ctx.cc 5
/src/boringssl/ssl/s3_pkt.cc 2
/src/boringssl/ssl/extensions.cc 35
/src/boringssl/crypto/buf/buf.c 3
/src/boringssl/crypto/buf/../internal.h 2
/src/boringssl/ssl/ssl_transcript.cc 10
/src/boringssl/include/openssl/base.h 17
/src/boringssl/crypto/fipsmodule/digest/digest.c 11
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 31
/src/boringssl/ssl/handshake_server.cc 31
/src/boringssl/ssl/encrypted_client_hello.cc 7
/src/boringssl/crypto/hpke/hpke.c 13
/src/boringssl/crypto/fipsmodule/cipher/aead.c 6
/src/boringssl/crypto/hpke/../internal.h 1
/src/boringssl/crypto/bytestring/cbb.c 34
/src/boringssl/crypto/fipsmodule/hkdf/hkdf.c 2
/src/boringssl/crypto/fipsmodule/hmac/hmac.c 8
/src/boringssl/ssl/ssl_privkey.cc 8
/src/boringssl/crypto/evp/evp_asn1.c 3
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/ssl/tls13_server.cc 23
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c 16
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h 2
/src/boringssl/crypto/fipsmodule/modes/gcm.c 5
/src/boringssl/ssl/s3_both.cc 5
/src/boringssl/crypto/fipsmodule/digest/digests.c 10
/src/boringssl/crypto/fipsmodule/cipher/cipher.c 10
/src/boringssl/crypto/fipsmodule/rand/rand.c 4
/src/boringssl/crypto/fipsmodule/rand/fork_detect.c 2
/src/boringssl/crypto/rand_extra/forkunsafe.c 1
/src/boringssl/crypto/rand_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../rand/internal.h 2
/src/boringssl/crypto/rand_extra/../fipsmodule/rand/../modes/../../internal.h 2
/src/boringssl/crypto/chacha/chacha.c 1
/src/boringssl/crypto/chacha/../internal.h 3
/src/boringssl/crypto/fipsmodule/rand/ctrdrbg.c 6
/src/boringssl/crypto/fipsmodule/modes/gcm_nohw.c 5
/src/boringssl/crypto/fipsmodule/aes/aes_nohw.c 26
/src/boringssl/crypto/fipsmodule/sha/sha256.c 5
/src/boringssl/crypto/fipsmodule/sha/../digest/md32_common.h 2
/src/boringssl/ssl/tls13_enc.cc 21
/src/boringssl/crypto/fipsmodule/tls/kdf.c 3
/src/boringssl/ssl/ssl_key_share.cc 1
/src/boringssl/crypto/cipher_extra/e_chacha20poly1305.c 1
/src/boringssl/crypto/cipher_extra/e_tls.c 7
/src/boringssl/ssl/tls13_both.cc 10
/src/boringssl/crypto/fipsmodule/ec/ec_key.c 6
/src/boringssl/crypto/fipsmodule/ec/ec.c 21
/src/boringssl/crypto/fipsmodule/digestsign/digestsign.c 12
/src/boringssl/crypto/evp/evp_ctx.c 7
/src/boringssl/crypto/evp/p_rsa.c 2
/src/boringssl/crypto/fipsmodule/bn/ctx.c 15
/src/boringssl/crypto/fipsmodule/bn/bytes.c 6
/src/boringssl/crypto/fipsmodule/bn/bn.c 20
/src/boringssl/crypto/fipsmodule/ec/felem.c 6
/src/boringssl/crypto/fipsmodule/bn/div.c 13
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c 8
/src/boringssl/crypto/fipsmodule/bn/montgomery.c 15
/src/boringssl/crypto/fipsmodule/bn/cmp.c 9
/src/boringssl/crypto/fipsmodule/bn/montgomery_inv.c 3
/src/boringssl/crypto/fipsmodule/bn/shift.c 8
/src/boringssl/crypto/fipsmodule/bn/add.c 7
/src/boringssl/crypto/fipsmodule/ec/simple.c 4
/src/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c 5
/src/boringssl/crypto/engine/engine.c 3
/src/boringssl/crypto/fipsmodule/ec/scalar.c 3
/src/boringssl/crypto/fipsmodule/bn/mul.c 13
/src/boringssl/crypto/rsa_extra/rsa_crypt.c 4
/src/boringssl/crypto/fipsmodule/rsa/rsa.c 3
/src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c 9
/src/boringssl/crypto/fipsmodule/bn/gcd.c 3
/src/boringssl/crypto/fipsmodule/bn/exponentiation.c 5
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.h 1
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.c 1
/src/boringssl/crypto/fipsmodule/rsa/blinding.c 7
/src/boringssl/crypto/fipsmodule/bn/random.c 5
/src/boringssl/crypto/rsa_extra/../internal.h 9
/src/boringssl/crypto/fipsmodule/rsa/padding.c 1
/src/boringssl/ssl/t1_enc.cc 6
/src/boringssl/ssl/tls13_client.cc 2

Fuzzer: dtls_client

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 3056 64.4%
gold [1:9] 199 4.19%
yellow [10:29] 32 0.67%
greenyellow [30:49] 16 0.33%
lawngreen 50+ 1436 30.3%
All colors 4739 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3376 7424 28 :

['std::__1::unique_ptr ::operator bool() const', 'std::__1::unique_ptr ::get() const', 'X509_free', 'X509_verify_cert', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_new', 'X509_parse_from_buffer', 'std::__1::unique_ptr ::~unique_ptr()', 'std::__1::unique_ptr ::~unique_ptr()', 'X509_STORE_CTX_init', 'std::__1::unique_ptr ::unique_ptr (stack_st_X509*)', 'sk_CRYPTO_BUFFER_value', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_get1_chain', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_crypto_x509_cert_flush_cached_chain(bssl::CERT*)', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::unique_ptr (x509_st*)', 'ERR_put_error', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::unique_ptr (x509_store_ctx_st*)', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_cert_set_chain(bssl::CERT*, stack_st_X509*)', 'ERR_clear_error', 'std::__1::unique_ptr ::~unique_ptr()', 'sk_X509_shift']

3376 7424 bssl::ssl_crypto_x509_ssl_auto_chain_if_needed(bssl::SSL_HANDSHAKE*) call site: 00000 /src/boringssl/ssl/ssl_x509.cc:450
1029 1605 33 :

['bssl::internal::StackAllocated ::StackAllocated()', 'bssl::internal::StackAllocated ::~StackAllocated()', 'CBB_init', 'EVP_has_aes_hardware', 'CBS_len', 'CBB_add_bytes', 'bssl::internal::StackAllocated ::get()', 'EVP_hpke_x25519_hkdf_sha256', 'bssl::Span ::data() const', 'bssl::parse_ech_config(cbs_st*, bssl::ECHConfig*, bool*, bool)', 'bssl::Span ::size() const', 'bssl::ECHConfig::ECHConfig()', 'bssl::Span ::size() const', 'EVP_HPKE_CTX_setup_sender', 'bssl::Array ::size() const', 'bssl::Span ::data() const', 'cbs_st::cbs_st(bssl::Span )', 'bool std::__1::operator!= (std::__1::unique_ptr const&, decltype(nullptr))', 'CBB_data', 'bssl::Array ::data()', 'bssl::Array ::empty() const', 'std::__1::unique_ptr ::operator=(std::__1::unique_ptr &&)', 'CBB_len', 'CBS_get_u16_length_prefixed', 'bssl::SSLTranscript::Init()', 'bssl::ECHConfig::~ECHConfig()', 'std::__1::unique_ptr ::operator->() const', 'bssl::select_ech_cipher_suite(evp_hpke_kdf_st const**, evp_hpke_aead_st const**, bssl::Span , bool)', 'std::__1::unique_ptr bssl::MakeUnique (bssl::ECHConfig&&)', 'decltype (MakeConstSpan(({parm#1}.data)(), ({parm#1}.size)())) bssl::MakeConstSpan >(bssl::Array const&)', 'std::__1::unique_ptr ::~unique_ptr()', 'bssl::internal::StackAllocated ::get()', 'std::__1::remove_reference ::type&& std::__1::move (bssl::ECHConfig&)']

1029 1605 bssl::ssl_select_ech_config(bssl::SSL_HANDSHAKE*,bssl::Span ,unsignedlong*) call site: 00000 /src/boringssl/ssl/encrypted_client_hello.cc:637
899 899 16 :

['bssl::internal::StackAllocated ::StackAllocated()', 'std::__1::unique_ptr ::unique_ptr (unsigned char*)', 'std::__1::unique_ptr ::~unique_ptr()', 'EVP_HPKE_KEY_init', 'SSL_ECH_KEYS_add', 'std::__1::unique_ptr ::get() const', 'SSL_CTX_set1_ech_keys', 'SSL_marshal_ech_config', 'std::__1::unique_ptr ::~unique_ptr()', 'EVP_hpke_x25519_hkdf_sha256', 'std::__1::unique_ptr ::unique_ptr (ssl_ech_keys_st*)', 'SSL_ECH_KEYS_new', 'std::__1::unique_ptr ::get() const', 'bssl::internal::StackAllocated ::get()', 'bssl::internal::StackAllocated ::~StackAllocated()', 'std::__1::unique_ptr ::operator bool() const']

899 899 (anonymousnamespace)::TLSFuzzer::Init() call site: 00000 /src/boringssl/fuzz/../ssl/test/fuzzer.h:449
824 5779 15 :

['BN_copy', 'BN_mod_mul', 'BN_nnmod', 'BN_num_bits', 'BN_rshift1', 'BN_zero', 'bn_jacobi', 'BN_pseudo_rand', 'BN_ucmp', 'BN_is_zero', 'BN_is_one', 'BN_sub_word', 'BN_one', 'bn_mod_lshift1_consttime', 'BN_set_word']

824 9554 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.c:136
651 651 1 :

['bn_mod_inverse_secret_prime']

651 1045 freeze_private_key call site: 04077 /src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c:258
612 623 3 :

['std::__1::unique_ptr ::operator->() const', 'bssl::ssl_add_tls13_cipher(cbb_st*, unsigned short, ssl_compliance_policy_t)', 'EVP_has_aes_hardware']

612 1145 bssl::ssl_write_client_cipher_list(bssl::SSL_HANDSHAKEconst*,cbb_st*,bssl::ssl_client_hello_type_t) call site: 00000 /src/boringssl/ssl/handshake_client.cc:245
526 526 1 :

['bssl::ssl_add_clienthello_tlsext_inner(bssl::SSL_HANDSHAKE*, cbb_st*, cbb_st*, bool*)']

526 526 bssl::ssl_add_clienthello_tlsext(bssl::SSL_HANDSHAKE*,cbb_st*,cbb_st*,bool*,bssl::ssl_client_hello_type_t,unsignedlong) call site: 00000 /src/boringssl/ssl/extensions.cc:3392
488 1960 3 :

['copy_from_prebuf', 'copy_to_prebuf', 'BN_mod_mul_montgomery']

488 2225 BN_mod_exp_mont_consttime call site: 04024 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:1039
390 390 1 :

['EVP_aead_aes_128_gcm_tls13']

390 392 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:591
390 390 1 :

['EVP_aead_aes_256_gcm_tls13']

390 392 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:600
389 466 10 :

['X509_LOOKUP_free', 'X509_VERIFY_PARAM_free', 'sk_X509_LOOKUP_free', 'X509_LOOKUP_shutdown', 'sk_X509_LOOKUP_num', 'OPENSSL_free', 'CRYPTO_MUTEX_cleanup', 'sk_X509_LOOKUP_value', 'CRYPTO_refcount_dec_and_test_zero', 'sk_X509_OBJECT_pop_free']

389 466 X509_STORE_free call site: 00000 /src/boringssl/crypto/x509/x509_lu.c:230
389 389 1 :

['EVP_aead_aes_128_gcm_tls12']

389 391 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:589

Runtime coverage analysis

Covered functions
1698
Functions that are reachable but not covered
790
Reachable functions
1943
Percentage of reachable functions covered
59.34%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/dtls_client.cc 1
/src/boringssl/fuzz/../ssl/test/fuzzer.h 4
/src/boringssl/crypto/rand_extra/deterministic.c 3
/src/boringssl/crypto/bytestring/cbs.c 35
/src/boringssl/ssl/ssl_session.cc 32
/src/boringssl/ssl/../crypto/internal.h 21
/src/boringssl/crypto/thread_pthread.c 11
/src/boringssl/ssl/internal.h 71
/src/boringssl/crypto/lhash/lhash.c 5
/src/boringssl/crypto/mem.c 12
/src/boringssl/crypto/err/err.c 18
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/lhash/../internal.h 1
/usr/local/bin/../include/c++/v1/initializer_list 1
/src/boringssl/ssl/ssl_lib.cc 44
/src/boringssl/include/openssl/ssl.h 13
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/ssl/ssl_cert.cc 13
/src/boringssl/include/openssl/pool.h 7
/src/boringssl/crypto/stack/stack.c 7
/src/boringssl/crypto/stack/../internal.h 3
/src/boringssl/include/openssl/evp.h 2
/src/boringssl/crypto/evp/evp.c 11
/src/boringssl/include/openssl/span.h 51
/src/boringssl/crypto/pool/pool.c 8
/src/boringssl/ssl/ssl_asn1.cc 11
/src/boringssl/ssl/ssl_versions.cc 9
/src/boringssl/ssl/ssl_cipher.cc 14
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/crypto/bytestring/../internal.h 4
/src/boringssl/include/openssl/bytestring.h 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/pool/../internal.h 1
/src/boringssl/include/openssl/stack.h 7
/src/boringssl/ssl/ssl_x509.cc 2
/src/boringssl/ssl/handoff.cc 7
/src/boringssl/crypto/bio/bio.c 8
/src/boringssl/crypto/bio/../internal.h 1
/src/boringssl/crypto/bio/bio_mem.c 1
/src/boringssl/ssl/handshake.cc 15
/src/boringssl/include/openssl/err.h 2
/src/boringssl/ssl/ssl_buffer.cc 9
/src/boringssl/ssl/tls_record.cc 1
/src/boringssl/ssl/ssl_aead_ctx.cc 5
/src/boringssl/ssl/s3_pkt.cc 2
/src/boringssl/ssl/extensions.cc 35
/src/boringssl/crypto/buf/buf.c 3
/src/boringssl/crypto/buf/../internal.h 2
/src/boringssl/ssl/ssl_transcript.cc 10
/src/boringssl/include/openssl/base.h 17
/src/boringssl/crypto/fipsmodule/digest/digest.c 11
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 31
/src/boringssl/ssl/handshake_server.cc 31
/src/boringssl/ssl/encrypted_client_hello.cc 7
/src/boringssl/crypto/hpke/hpke.c 13
/src/boringssl/crypto/fipsmodule/cipher/aead.c 6
/src/boringssl/crypto/hpke/../internal.h 1
/src/boringssl/crypto/bytestring/cbb.c 34
/src/boringssl/crypto/fipsmodule/hkdf/hkdf.c 2
/src/boringssl/crypto/fipsmodule/hmac/hmac.c 8
/src/boringssl/ssl/ssl_privkey.cc 8
/src/boringssl/crypto/evp/evp_asn1.c 3
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/ssl/tls13_server.cc 23
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c 16
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h 2
/src/boringssl/crypto/fipsmodule/modes/gcm.c 5
/src/boringssl/ssl/s3_both.cc 5
/src/boringssl/crypto/fipsmodule/digest/digests.c 10
/src/boringssl/crypto/fipsmodule/cipher/cipher.c 10
/src/boringssl/crypto/fipsmodule/rand/rand.c 4
/src/boringssl/crypto/fipsmodule/rand/fork_detect.c 2
/src/boringssl/crypto/rand_extra/forkunsafe.c 1
/src/boringssl/crypto/rand_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../rand/internal.h 2
/src/boringssl/crypto/rand_extra/../fipsmodule/rand/../modes/../../internal.h 2
/src/boringssl/crypto/chacha/chacha.c 1
/src/boringssl/crypto/chacha/../internal.h 3
/src/boringssl/crypto/fipsmodule/rand/ctrdrbg.c 6
/src/boringssl/crypto/fipsmodule/modes/gcm_nohw.c 5
/src/boringssl/crypto/fipsmodule/aes/aes_nohw.c 26
/src/boringssl/crypto/fipsmodule/sha/sha256.c 5
/src/boringssl/crypto/fipsmodule/sha/../digest/md32_common.h 2
/src/boringssl/ssl/tls13_enc.cc 21
/src/boringssl/crypto/fipsmodule/tls/kdf.c 3
/src/boringssl/ssl/ssl_key_share.cc 1
/src/boringssl/crypto/cipher_extra/e_chacha20poly1305.c 1
/src/boringssl/crypto/cipher_extra/e_tls.c 7
/src/boringssl/ssl/tls13_both.cc 10
/src/boringssl/crypto/fipsmodule/ec/ec_key.c 6
/src/boringssl/crypto/fipsmodule/ec/ec.c 21
/src/boringssl/crypto/fipsmodule/digestsign/digestsign.c 12
/src/boringssl/crypto/evp/evp_ctx.c 7
/src/boringssl/crypto/evp/p_rsa.c 2
/src/boringssl/crypto/fipsmodule/bn/ctx.c 15
/src/boringssl/crypto/fipsmodule/bn/bytes.c 6
/src/boringssl/crypto/fipsmodule/bn/bn.c 20
/src/boringssl/crypto/fipsmodule/ec/felem.c 6
/src/boringssl/crypto/fipsmodule/bn/div.c 13
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c 8
/src/boringssl/crypto/fipsmodule/bn/montgomery.c 15
/src/boringssl/crypto/fipsmodule/bn/cmp.c 9
/src/boringssl/crypto/fipsmodule/bn/montgomery_inv.c 3
/src/boringssl/crypto/fipsmodule/bn/shift.c 8
/src/boringssl/crypto/fipsmodule/bn/add.c 7
/src/boringssl/crypto/fipsmodule/ec/simple.c 4
/src/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c 5
/src/boringssl/crypto/engine/engine.c 3
/src/boringssl/crypto/fipsmodule/ec/scalar.c 3
/src/boringssl/crypto/fipsmodule/bn/mul.c 13
/src/boringssl/crypto/rsa_extra/rsa_crypt.c 4
/src/boringssl/crypto/fipsmodule/rsa/rsa.c 3
/src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c 9
/src/boringssl/crypto/fipsmodule/bn/gcd.c 3
/src/boringssl/crypto/fipsmodule/bn/exponentiation.c 5
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.h 1
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.c 1
/src/boringssl/crypto/fipsmodule/rsa/blinding.c 7
/src/boringssl/crypto/fipsmodule/bn/random.c 5
/src/boringssl/crypto/rsa_extra/../internal.h 9
/src/boringssl/crypto/fipsmodule/rsa/padding.c 1
/src/boringssl/ssl/t1_enc.cc 6
/src/boringssl/ssl/tls13_client.cc 2

Fuzzer: client

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2663 56.1%
gold [1:9] 229 4.83%
yellow [10:29] 43 0.90%
greenyellow [30:49] 14 0.29%
lawngreen 50+ 1790 37.7%
All colors 4739 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3376 7424 28 :

['std::__1::unique_ptr ::operator bool() const', 'std::__1::unique_ptr ::get() const', 'X509_free', 'X509_verify_cert', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_new', 'X509_parse_from_buffer', 'std::__1::unique_ptr ::~unique_ptr()', 'std::__1::unique_ptr ::~unique_ptr()', 'X509_STORE_CTX_init', 'std::__1::unique_ptr ::unique_ptr (stack_st_X509*)', 'sk_CRYPTO_BUFFER_value', 'std::__1::unique_ptr ::get() const', 'X509_STORE_CTX_get1_chain', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_crypto_x509_cert_flush_cached_chain(bssl::CERT*)', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::unique_ptr (x509_st*)', 'ERR_put_error', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::get() const', 'std::__1::unique_ptr ::unique_ptr (x509_store_ctx_st*)', 'std::__1::unique_ptr ::operator bool() const', 'bssl::ssl_cert_set_chain(bssl::CERT*, stack_st_X509*)', 'ERR_clear_error', 'std::__1::unique_ptr ::~unique_ptr()', 'sk_X509_shift']

3376 7424 bssl::ssl_crypto_x509_ssl_auto_chain_if_needed(bssl::SSL_HANDSHAKE*) call site: 00000 /src/boringssl/ssl/ssl_x509.cc:450
899 899 16 :

['bssl::internal::StackAllocated ::StackAllocated()', 'std::__1::unique_ptr ::unique_ptr (unsigned char*)', 'std::__1::unique_ptr ::~unique_ptr()', 'EVP_HPKE_KEY_init', 'SSL_ECH_KEYS_add', 'std::__1::unique_ptr ::get() const', 'SSL_CTX_set1_ech_keys', 'SSL_marshal_ech_config', 'std::__1::unique_ptr ::~unique_ptr()', 'EVP_hpke_x25519_hkdf_sha256', 'std::__1::unique_ptr ::unique_ptr (ssl_ech_keys_st*)', 'SSL_ECH_KEYS_new', 'std::__1::unique_ptr ::get() const', 'bssl::internal::StackAllocated ::get()', 'bssl::internal::StackAllocated ::~StackAllocated()', 'std::__1::unique_ptr ::operator bool() const']

899 899 (anonymousnamespace)::TLSFuzzer::Init() call site: 00000 /src/boringssl/fuzz/../ssl/test/fuzzer.h:449
651 651 1 :

['bn_mod_inverse_secret_prime']

651 1045 freeze_private_key call site: 04077 /src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c:258
526 526 1 :

['bssl::ssl_add_clienthello_tlsext_inner(bssl::SSL_HANDSHAKE*, cbb_st*, cbb_st*, bool*)']

526 526 bssl::ssl_add_clienthello_tlsext(bssl::SSL_HANDSHAKE*,cbb_st*,cbb_st*,bool*,bssl::ssl_client_hello_type_t,unsignedlong) call site: 00000 /src/boringssl/ssl/extensions.cc:3392
488 1960 3 :

['copy_from_prebuf', 'copy_to_prebuf', 'BN_mod_mul_montgomery']

488 2225 BN_mod_exp_mont_consttime call site: 04024 /src/boringssl/crypto/fipsmodule/bn/exponentiation.c:1039
389 466 10 :

['X509_LOOKUP_free', 'X509_VERIFY_PARAM_free', 'sk_X509_LOOKUP_free', 'X509_LOOKUP_shutdown', 'sk_X509_LOOKUP_num', 'OPENSSL_free', 'CRYPTO_MUTEX_cleanup', 'sk_X509_LOOKUP_value', 'CRYPTO_refcount_dec_and_test_zero', 'sk_X509_OBJECT_pop_free']

389 466 X509_STORE_free call site: 00000 /src/boringssl/crypto/x509/x509_lu.c:230
383 383 1 :

['EVP_aead_aes_128_gcm']

383 385 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:591
383 383 1 :

['EVP_aead_aes_256_gcm']

383 385 bssl::ssl_cipher_get_evp_aead(evp_aead_stconst**,unsignedlong*,unsignedlong*,ssl_cipher_stconst*,unsignedshort,bool) call site: 00000 /src/boringssl/ssl/ssl_cipher.cc:600
358 358 1 :

['bn_mod_mul_montgomery_fallback']

358 358 BN_mod_mul_montgomery call site: 03917 /src/boringssl/crypto/fipsmodule/bn/montgomery.c:429
312 2472 5 :

['integers_equal', 'ERR_put_error', 'parse_explicit_prime_curve', 'OPENSSL_built_in_curves', 'EC_GROUP_new_by_curve_name']

312 2472 EC_KEY_parse_parameters call site: 00000 /src/boringssl/crypto/ec_extra/ec_asn1.c:369
298 314 5 :

['bssl::read_v2_client_hello(ssl_st*, unsigned long*, bssl::Span )', 'bssl::Span ::size() const', 'bssl::Span ::operator[](unsigned long) const', 'strncmp', 'bssl::Span ::data() const']

298 914 bssl::tls_open_handshake(ssl_st*,unsignedlong*,unsignedchar*,bssl::Span ) call site: 00000 /src/boringssl/ssl/s3_both.cc:564
282 1188 15 :

['CBB_add_u8', 'bssl::CBBFinishArray(cbb_st*, bssl::Array *)', 'bssl::internal::StackAllocated ::StackAllocated()', 'bssl::Span ::size() const', 'bssl::cbb_add_hex(cbb_st*, bssl::Span )', 'bssl::internal::StackAllocated ::~StackAllocated()', 'bssl::Array ::Array()', 'strlen', 'CBB_init', 'std::__1::unique_ptr ::operator->() const', 'bssl::Array ::data()', 'bssl::Span ::Span<32ul>(unsigned char const (&) [32ul])', 'bssl::internal::StackAllocated ::get()', 'CBB_add_bytes', 'bssl::Array ::~Array()']

282 1188 bssl::ssl_log_secret(ssl_stconst*,charconst*,bssl::Span ) call site: 00000 /src/boringssl/ssl/ssl_lib.cc:300

Runtime coverage analysis

Covered functions
1816
Functions that are reachable but not covered
654
Reachable functions
1943
Percentage of reachable functions covered
66.34%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/client.cc 1
/src/boringssl/fuzz/../ssl/test/fuzzer.h 4
/src/boringssl/crypto/rand_extra/deterministic.c 3
/src/boringssl/crypto/bytestring/cbs.c 35
/src/boringssl/ssl/ssl_session.cc 32
/src/boringssl/ssl/../crypto/internal.h 21
/src/boringssl/crypto/thread_pthread.c 11
/src/boringssl/ssl/internal.h 71
/src/boringssl/crypto/lhash/lhash.c 5
/src/boringssl/crypto/mem.c 12
/src/boringssl/crypto/err/err.c 18
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/crypto/lhash/../internal.h 1
/usr/local/bin/../include/c++/v1/initializer_list 1
/src/boringssl/ssl/ssl_lib.cc 44
/src/boringssl/include/openssl/ssl.h 13
/src/boringssl/crypto/refcount.c 2
/src/boringssl/crypto/ex_data.c 3
/src/boringssl/ssl/ssl_cert.cc 13
/src/boringssl/include/openssl/pool.h 7
/src/boringssl/crypto/stack/stack.c 7
/src/boringssl/crypto/stack/../internal.h 3
/src/boringssl/include/openssl/evp.h 2
/src/boringssl/crypto/evp/evp.c 11
/src/boringssl/include/openssl/span.h 51
/src/boringssl/crypto/pool/pool.c 8
/src/boringssl/ssl/ssl_asn1.cc 11
/src/boringssl/ssl/ssl_versions.cc 9
/src/boringssl/ssl/ssl_cipher.cc 14
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/crypto/bytestring/../internal.h 4
/src/boringssl/include/openssl/bytestring.h 2
/src/boringssl/crypto/pool/internal.h 3
/src/boringssl/crypto/pool/../internal.h 1
/src/boringssl/include/openssl/stack.h 7
/src/boringssl/ssl/ssl_x509.cc 2
/src/boringssl/ssl/handoff.cc 7
/src/boringssl/crypto/bio/bio.c 8
/src/boringssl/crypto/bio/../internal.h 1
/src/boringssl/crypto/bio/bio_mem.c 1
/src/boringssl/ssl/handshake.cc 15
/src/boringssl/include/openssl/err.h 2
/src/boringssl/ssl/ssl_buffer.cc 9
/src/boringssl/ssl/tls_record.cc 1
/src/boringssl/ssl/ssl_aead_ctx.cc 5
/src/boringssl/ssl/s3_pkt.cc 2
/src/boringssl/ssl/extensions.cc 35
/src/boringssl/crypto/buf/buf.c 3
/src/boringssl/crypto/buf/../internal.h 2
/src/boringssl/ssl/ssl_transcript.cc 10
/src/boringssl/include/openssl/base.h 17
/src/boringssl/crypto/fipsmodule/digest/digest.c 11
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 31
/src/boringssl/ssl/handshake_server.cc 31
/src/boringssl/ssl/encrypted_client_hello.cc 7
/src/boringssl/crypto/hpke/hpke.c 13
/src/boringssl/crypto/fipsmodule/cipher/aead.c 6
/src/boringssl/crypto/hpke/../internal.h 1
/src/boringssl/crypto/bytestring/cbb.c 34
/src/boringssl/crypto/fipsmodule/hkdf/hkdf.c 2
/src/boringssl/crypto/fipsmodule/hmac/hmac.c 8
/src/boringssl/ssl/ssl_privkey.cc 8
/src/boringssl/crypto/evp/evp_asn1.c 3
/src/boringssl/crypto/evp/../internal.h 2
/src/boringssl/ssl/tls13_server.cc 23
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c 16
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h 2
/src/boringssl/crypto/fipsmodule/modes/gcm.c 5
/src/boringssl/ssl/s3_both.cc 5
/src/boringssl/crypto/fipsmodule/digest/digests.c 10
/src/boringssl/crypto/fipsmodule/cipher/cipher.c 10
/src/boringssl/crypto/fipsmodule/rand/rand.c 4
/src/boringssl/crypto/fipsmodule/rand/fork_detect.c 2
/src/boringssl/crypto/rand_extra/forkunsafe.c 1
/src/boringssl/crypto/rand_extra/../internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../rand/internal.h 2
/src/boringssl/crypto/rand_extra/../fipsmodule/rand/../modes/../../internal.h 2
/src/boringssl/crypto/chacha/chacha.c 1
/src/boringssl/crypto/chacha/../internal.h 3
/src/boringssl/crypto/fipsmodule/rand/ctrdrbg.c 6
/src/boringssl/crypto/fipsmodule/modes/gcm_nohw.c 5
/src/boringssl/crypto/fipsmodule/aes/aes_nohw.c 26
/src/boringssl/crypto/fipsmodule/sha/sha256.c 5
/src/boringssl/crypto/fipsmodule/sha/../digest/md32_common.h 2
/src/boringssl/ssl/tls13_enc.cc 21
/src/boringssl/crypto/fipsmodule/tls/kdf.c 3
/src/boringssl/ssl/ssl_key_share.cc 1
/src/boringssl/crypto/cipher_extra/e_chacha20poly1305.c 1
/src/boringssl/crypto/cipher_extra/e_tls.c 7
/src/boringssl/ssl/tls13_both.cc 10
/src/boringssl/crypto/fipsmodule/ec/ec_key.c 6
/src/boringssl/crypto/fipsmodule/ec/ec.c 21
/src/boringssl/crypto/fipsmodule/digestsign/digestsign.c 12
/src/boringssl/crypto/evp/evp_ctx.c 7
/src/boringssl/crypto/evp/p_rsa.c 2
/src/boringssl/crypto/fipsmodule/bn/ctx.c 15
/src/boringssl/crypto/fipsmodule/bn/bytes.c 6
/src/boringssl/crypto/fipsmodule/bn/bn.c 20
/src/boringssl/crypto/fipsmodule/ec/felem.c 6
/src/boringssl/crypto/fipsmodule/bn/div.c 13
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c 8
/src/boringssl/crypto/fipsmodule/bn/montgomery.c 15
/src/boringssl/crypto/fipsmodule/bn/cmp.c 9
/src/boringssl/crypto/fipsmodule/bn/montgomery_inv.c 3
/src/boringssl/crypto/fipsmodule/bn/shift.c 8
/src/boringssl/crypto/fipsmodule/bn/add.c 7
/src/boringssl/crypto/fipsmodule/ec/simple.c 4
/src/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c 5
/src/boringssl/crypto/engine/engine.c 3
/src/boringssl/crypto/fipsmodule/ec/scalar.c 3
/src/boringssl/crypto/fipsmodule/bn/mul.c 13
/src/boringssl/crypto/rsa_extra/rsa_crypt.c 4
/src/boringssl/crypto/fipsmodule/rsa/rsa.c 3
/src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c 9
/src/boringssl/crypto/fipsmodule/bn/gcd.c 3
/src/boringssl/crypto/fipsmodule/bn/exponentiation.c 5
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.h 1
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.c 1
/src/boringssl/crypto/fipsmodule/rsa/blinding.c 7
/src/boringssl/crypto/fipsmodule/bn/random.c 5
/src/boringssl/crypto/rsa_extra/../internal.h 9
/src/boringssl/crypto/fipsmodule/rsa/padding.c 1
/src/boringssl/ssl/t1_enc.cc 6
/src/boringssl/ssl/tls13_client.cc 2

Fuzzer: ssl_ctx_api

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 39 18.4%
gold [1:9] 9 4.26%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 163 77.2%
All colors 211 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
168 521 3 :

['ERR_put_error', 'ERR_add_error_data', 'ASN1_item_ex_free']

168 521 asn1_item_ex_d2i call site: 00000 /src/boringssl/crypto/asn1/tasn_dec.c:269
130 166 6 :

['crypto_buffer_free_object', 'CRYPTO_refcount_inc', 'lh_CRYPTO_BUFFER_retrieve', 'CRYPTO_MUTEX_lock_write', 'CRYPTO_MUTEX_unlock_write', 'lh_CRYPTO_BUFFER_insert']

130 166 crypto_buffer_new call site: 00000 /src/boringssl/crypto/pool/pool.c:132
129 147 4 :

['lh_CRYPTO_BUFFER_delete', 'lh_CRYPTO_BUFFER_retrieve', 'CRYPTO_MUTEX_lock_write', 'CRYPTO_MUTEX_unlock_write']

129 174 CRYPTO_BUFFER_free call site: 00000 /src/boringssl/crypto/pool/pool.c:207
110 110 6 :

['bssl::DC::Dup()', 'std::__1::unique_ptr ::operator bool() const', 'std::__1::unique_ptr ::operator->() const', 'std::__1::unique_ptr ::operator=(std::__1::unique_ptr &&)', 'std::__1::unique_ptr ::~unique_ptr()', 'std::__1::unique_ptr ::unique_ptr (decltype(nullptr))']

110 125 bssl::ssl_cert_dup(bssl::CERT*) call site: 00000 /src/boringssl/ssl/ssl_cert.cc:182
106 106 1 :

['ASN1_STRING_copy']

106 106 asn1_string_canon call site: 00000 /src/boringssl/crypto/x509/x_name.c:423
89 147 2 :

['ERR_put_error', 'CBS_parse_generalized_time']

367 616 asn1_ex_c2i call site: 00000 /src/boringssl/crypto/asn1/tasn_dec.c:883
76 76 4 :

['std::__1::unique_ptr ::reset(char*)', 'std::__1::unique_ptr ::get() const', 'bool std::__1::operator== (std::__1::unique_ptr const&, decltype(nullptr))', 'OPENSSL_strdup']

76 91 SSL_new call site: 00202 /src/boringssl/ssl/ssl_lib.cc:671
48 106 2 :

['OBJ_obj2nid', 'ERR_put_error']

48 106 asn1_do_adb call site: 00000 /src/boringssl/crypto/asn1/tasn_utl.c:219
34 34 3 :

['CRYPTO_STATIC_MUTEX_unlock_read', 'lh_ASN1_OBJECT_retrieve', 'CRYPTO_STATIC_MUTEX_lock_read']

34 92 OBJ_nid2obj call site: 00000 /src/boringssl/crypto/obj/obj.c:345
32 32 3 :

['CRYPTO_atomic_load_u32.2804', 'CRYPTO_get_ex_data', 'sk_void_free']

32 32 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.c:212
32 32 1 :

['bn_mul_add_words']

32 32 bn_mul_normal call site: 00000 /src/boringssl/crypto/fipsmodule/bn/mul.c:99
22 22 2 :

['handle_cpu_env', 'strchr']

22 22 OPENSSL_cpuid_setup call site: 00000 /src/boringssl/crypto/cpu_intel.c:265

Runtime coverage analysis

Covered functions
895
Functions that are reachable but not covered
35
Reachable functions
280
Percentage of reachable functions covered
87.5%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/boringssl/fuzz/ssl_ctx_api.cc 1
/src/boringssl/ssl/tls_method.cc 1
/src/boringssl/ssl/ssl_lib.cc 4
/src/boringssl/crypto/err/err.c 5
/src/boringssl/crypto/thread_pthread.c 4
/src/boringssl/crypto/err/../internal.h 1
/src/boringssl/crypto/internal.h 4
/src/boringssl/ssl/internal.h 29
/src/boringssl/crypto/mem.c 6
/src/boringssl/crypto/ex_data.c 1
/src/boringssl/crypto/lhash/lhash.c 1
/src/boringssl/crypto/lhash/../internal.h 1
/src/boringssl/include/openssl/pool.h 5
/src/boringssl/crypto/stack/stack.c 2
/src/boringssl/crypto/stack/../internal.h 1
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c 1
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h 1
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h 2
/src/boringssl/crypto/fipsmodule/modes/gcm.c 1
/src/boringssl/ssl/ssl_cipher.cc 16
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h 1
/src/boringssl/ssl/../crypto/internal.h 2
/src/boringssl/include/openssl/ssl.h 3
/src/boringssl/include/openssl/span.h 11
/src/boringssl/ssl/ssl_versions.cc 9
/src/boringssl/crypto/bytestring/cbs.c 3
/src/boringssl/ssl/ssl_cert.cc 2
/src/boringssl/include/openssl/evp.h 2
/src/boringssl/crypto/evp/evp.c 1
/src/boringssl/crypto/refcount.c 1
/src/boringssl/crypto/pool/pool.c 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
bssl::ssl_client_handshake(bssl::SSL_HANDSHAKE*) /src/boringssl/ssl/handshake_client.cc 1 ['struct.bssl::SSL_HANDSHAKE.1781 *'] 11 0 201 38 4 1773 0 7815 1450
bssl::ssl_crypto_x509_ssl_auto_chain_if_needed(bssl::SSL_HANDSHAKE*) /src/boringssl/ssl/ssl_x509.cc 1 ['struct.bssl::SSL_HANDSHAKE.709 *'] 19 0 212 46 45 636 0 3284 1125
pkey_rsa_keygen /src/boringssl/crypto/evp/p_rsa.c 2 ['struct.evp_pkey_ctx_st.173 *', 'struct.evp_pkey_st.170 *'] 7 0 72 15 7 415 0 2108 429
by_file_ctrl /src/boringssl/crypto/x509/by_file.c 5 ['struct.x509_lookup_st *', 'int ', 'char *', 'size_t ', 'char **'] 9 0 82 15 7 513 0 2584 393
X509_CRL_diff /src/boringssl/crypto/x509/x509_vfy.c 5 ['struct.X509_crl_st *', 'struct.X509_crl_st *', 'struct.evp_pkey_st.26 *', 'struct.env_md_st *', 'int '] 15 0 308 71 31 376 0 1921 293
PKCS12_create /src/boringssl/crypto/pkcs8/pkcs8_x509.c 10 ['char *', 'char *', 'struct.evp_pkey_st *', 'struct.x509_st *', 'struct.stack_st_X509 *', 'int ', 'int ', 'int ', 'int ', 'int '] 13 0 819 165 73 298 0 1525 285
v2i_crld /src/boringssl/crypto/x509v3/v3_crld.c 3 ['struct.v3_ext_method *', 'struct.v3_ext_ctx *', 'struct.stack_st_CONF_VALUE *'] 15 0 216 43 16 365 0 2134 284

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
41.0%
2567 / 6306
Cyclomatic complexity statically reachable by fuzzers
53.0%
16351 / 31133

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
EC_KEY_marshal_private_key 42 22 52.38% []
BN_sub 38 17 44.73% ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
bn_mont_ctx_set_N_and_n0 32 17 53.12% ['privkey', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
BN_mod_sqrt 240 102 42.5% ['privkey']
ec_GFp_mont_dbl 59 28 47.45% ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
ERR_error_string_n 38 14 36.84% ['cert', 'server', 'dtls_server', 'dtls_client', 'client']
err_reason_error_string 31 11 35.48% ['cert', 'server', 'dtls_server', 'dtls_client', 'client']
do_rsa_print 38 18 47.36% []
OBJ_dup 51 28 54.90% ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm']
X509_CERT_AUX_print 54 8 14.81% ['cert']
RC2_cbc_encrypt 70 29 41.42% []
DES_ede3_cbc_encrypt 80 35 43.75% []
EVP_EncryptUpdate 77 33 42.85% ['pkcs12_lpm', 'pkcs12']
EVP_DecryptUpdate 49 24 48.97% ['pkcs12_lpm', 'pkcs12']
aes_init_key 83 25 30.12% ['server', 'dtls_server', 'dtls_client', 'client']
OPENSSL_vasprintf_internal 37 18 48.64% ['pkcs8', 'privkey', 'pkcs8_lpm', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'server', 'dtls_server', 'dtls_client', 'client']
copy_email 44 22 50.0% []
crypto_buffer_new 59 15 25.42% ['session', 'server', 'dtls_server', 'dtls_client', 'client']
X509_STORE_new 38 15 39.47% []
x509_verify_param_zero 34 15 44.11% []
aes_ctr_set_key 31 12 38.70% ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
X509_VERIFY_PARAM_inherit 66 32 48.48% []
mem_ctrl 61 14 22.95% []
pkey_ec_ctrl 34 14 41.17% []
pkey_rsa_ctrl 111 28 25.22% []
sk_find 54 13 24.07% ['cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client']
bssl::ssl_negotiate_alps(bssl::SSL_HANDSHAKE*,unsignedchar*,ssl_early_callback_ctxconst*) 43 13 30.23% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::ssl_decrypt_ticket_with_ticket_keys(bssl::SSL_HANDSHAKE*,bssl::Array *,bssl::Span ) 32 17 53.12% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::SSL_apply_handoff(ssl_st*,bssl::Span ) 33 4 12.12% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::do_select_certificate(bssl::SSL_HANDSHAKE*) 54 26 48.14% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::do_read_client_key_exchange(bssl::SSL_HANDSHAKE*) 160 82 51.24% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::tls_flush_flight(ssl_st*) 56 22 39.28% []
bssl::SSLAEADContext::Open(bssl::Span *,unsignedchar,unsignedshort,unsignedlong,bssl::Span ,bssl::Span ) 53 5 9.433% []
bssl::SSLAEADContext::SealScatter(unsignedchar*,unsignedchar*,unsignedchar*,unsignedchar,unsignedshort,unsignedlong,bssl::Span ,unsignedcharconst*,unsignedlong,unsignedcharconst*,unsignedlong) 62 12 19.35% []
SSL_get_error 62 31 50.0% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::ssl_private_key_sign(bssl::SSL_HANDSHAKE*,unsignedchar*,unsignedlong*,unsignedlong,unsignedshort,bssl::Span ) 63 30 47.61% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::ssl_crypto_x509_ssl_auto_chain_if_needed(bssl::SSL_HANDSHAKE*) 31 6 19.35% []
bssl::tls13_add_certificate(bssl::SSL_HANDSHAKE*) 146 47 32.19% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::do_read_client_encrypted_extensions(bssl::SSL_HANDSHAKE*) 41 7 17.07% ['server', 'dtls_server', 'dtls_client', 'client']
bssl::tls_seal_scatter_record(ssl_st*,unsignedchar*,unsignedchar*,unsignedchar*,unsignedchar,unsignedcharconst*,unsignedlong) 34 5 14.70% []
bssl::send_flight(ssl_st*) 35 17 48.57% []
RSA_encrypt 71 37 52.11% []
bssl::ssl_select_ech_config(bssl::SSL_HANDSHAKE*,bssl::Span ,unsignedlong*) 52 8 15.38% []
bssl::ssl_encrypt_client_hello(bssl::SSL_HANDSHAKE*,bssl::Span ) 92 5 5.434% []
bssl::setup_ech_grease(bssl::SSL_HANDSHAKE*) 36 5 13.88% []
bssl::ssl_add_clienthello_tlsext(bssl::SSL_HANDSHAKE*,cbb_st*,cbb_st*,bool*,bssl::ssl_client_hello_type_t,unsignedlong) 82 41 50.0% []
bssl::ext_srtp_parse_serverhello(bssl::SSL_HANDSHAKE*,unsignedchar*,cbs_st*) 31 5 16.12% []
bssl::do_send_client_key_exchange(bssl::SSL_HANDSHAKE*) 133 64 48.12% []
bssl::check_ech_confirmation(bssl::SSL_HANDSHAKEconst*,bool*,unsignedchar*,bssl::ParsedServerHelloconst&) 37 18 48.64% []

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/boringssl/include/openssl/ssl.h ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/kyber/kyber.c [] []
/src/boringssl/crypto/fipsmodule/sha/sha512.c [] []
/src/boringssl/crypto/asn1/a_strnid.c [] []
/src/boringssl/fuzz/session.cc ['session'] ['session']
/src/boringssl/crypto/x509/rsa_pss.c ['cert'] ['cert']
/src/boringssl/crypto/blake2/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/pkcs8/pkcs8.c ['pkcs12_lpm', 'pkcs12'] ['pkcs12']
/src/boringssl/crypto/x509/by_dir.c [] []
/src/boringssl/crypto/curve25519/../../third_party/fiat/curve25519_64.h [] []
/src/boringssl/crypto/des/des.c [] []
/src/boringssl/crypto/fipsmodule/ec/ec_montgomery.c [] []
/src/boringssl/crypto/fipsmodule/bn/jacobi.c ['privkey'] ['privkey']
/src/boringssl/crypto/evp/p_ec.c [] []
/src/boringssl/ssl/ssl_privkey.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/ssl/ssl_cipher.cc ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/x509/x509_trs.c [] []
/src/boringssl/crypto/x509v3/v3_utl.c ['cert', 'conf'] ['cert', 'conf']
/src/boringssl/crypto/asn1/../internal.h ['cert', 'conf', 'certs_lpm'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/ecdh/../ec/p256-nistz.h [] []
/src/boringssl/crypto/evp/print.c ['cert'] ['cert']
/src/boringssl/crypto/x509/policy.c [] []
/src/boringssl/crypto/pkcs7/pkcs7.c [] []
/src/boringssl/crypto/fipsmodule/bn/gcd.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/digest/digest.c ['pkcs12_lpm', 'cert', 'pkcs12', 'server', 'dtls_server', 'dtls_client', 'client'] ['cert', 'pkcs12', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/cipher_extra/e_rc2.c [] []
/src/boringssl/crypto/asn1/tasn_typ.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/bn_extra/convert.c ['der_roundtrip', 'conf'] ['der_roundtrip', 'conf']
/src/boringssl/crypto/x509v3/v3_pcons.c [] []
/src/boringssl/crypto/fipsmodule/ecdh/../ec/../../../third_party/fiat/p256_64.h [] []
/src/boringssl/crypto/curve25519/../../third_party/fiat/curve25519_64_adx.h [] []
/src/boringssl/crypto/fipsmodule/ec/ec.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/asn1/a_dup.c ['cert', 'conf'] ['conf']
/src/boringssl/crypto/fipsmodule/rand/fork_detect.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/obj/obj_xref.c [] []
/src/boringssl/crypto/bn_extra/bn_asn1.c ['der_roundtrip', 'privkey'] ['der_roundtrip', 'privkey']
/src/boringssl/crypto/evp/p_hkdf.c [] []
/src/boringssl/crypto/pool/pool.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['session', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/refcount.c ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/bytestring/../internal.h ['der_roundtrip', 'pkcs8', 'pkcs8_lpm', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/fuzz/../ssl/internal.h ['decode_client_hello_inner'] ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/evp/p_rsa_asn1.c [] []
/src/boringssl/crypto/bio/../internal.h ['read_pem', 'cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/x509/t_x509a.c ['cert'] ['cert']
/src/boringssl/ssl/s3_lib.cc [] []
/src/boringssl/crypto/pkcs8/pkcs8_x509.c ['pkcs12_lpm', 'pkcs12'] ['pkcs12_lpm', 'pkcs12']
/src/boringssl/crypto/fipsmodule/modes/polyval.c [] []
/src/common.cc ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/include/openssl/base.h ['der_roundtrip', 'pkcs8_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client'] ['der_roundtrip', 'pkcs8_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c ['der_roundtrip'] ['der_roundtrip']
/src/boringssl/crypto/evp/evp.c ['pkcs8', 'privkey', 'pkcs8_lpm', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'certs_lpm', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'certs_lpm', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/asn1/a_int.c ['cert', 'conf', 'certs_lpm'] ['cert', 'conf', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/digestsign/digestsign.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509v3/v3_bitst.c [] []
/src/boringssl/ssl/ssl_cert.cc ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/rsa_extra/rsa_crypt.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/ssl/tls13_both.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'client']
/src/boringssl/ssl/ssl_aead_ctx.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/fuzz_pkcs8.cc ['pkcs8_lpm'] ['pkcs8_lpm']
/src/boringssl/crypto/x509/x_algor.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/bn/shift.c ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/asn1/a_strex.c ['cert'] ['cert']
/src/boringssl/fuzz/../crypto/cpu_arm_linux.h ['arm_cpuinfo'] []
/src/boringssl/fuzz/dtls_server.cc ['dtls_server'] ['dtls_server']
/src/LPM/external.protobuf/include/google/protobuf/explicitly_constructed.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] []
/src/boringssl/crypto/x509/x509_v3.c ['cert', 'conf'] ['cert', 'conf']
/src/boringssl/crypto/bytestring/cbs.c ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'bn_div', 'spki', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'bn_div', 'spki', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/bn/div_extra.c [] []
/src/boringssl/crypto/cipher_extra/../fipsmodule/cipher/../modes/../../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/include/openssl/rsa.h [] []
/src/boringssl/ssl/tls13_enc.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'client']
/src/boringssl/crypto/pem/pem_oth.c [] []
/src/boringssl/crypto/bio/fd.c [] []
/src/boringssl/crypto/stack/../internal.h ['privkey', 'bn_div', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/conf/conf.c ['conf'] ['conf']
/src/boringssl/crypto/blake2/blake2.c [] []
/src/LPM/external.protobuf/include/google/protobuf/generated_message_util.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/self_check/fips.c [] []
/src/boringssl/ssl/tls13_client.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['dtls_client', 'client']
/src/boringssl/crypto/evp/../internal.h ['pkcs8', 'privkey', 'pkcs8_lpm', 'spki', 'cert', 'certs_lpm', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/bn/gcd_extra.c [] []
/src/boringssl/fuzz/pkcs12.cc ['pkcs12'] ['pkcs12']
/src/boringssl/crypto/fipsmodule/ec/simple_mul.c [] []
/src/boringssl/crypto/fipsmodule/cipher/e_aesccm.c [] []
/src/boringssl/crypto/x509v3/v3_int.c [] []
/src/boringssl/crypto/rand_extra/../internal.h ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/evp/p_x25519_asn1.c [] []
/src/boringssl/fuzz/arm_cpuinfo.cc ['arm_cpuinfo'] ['arm_cpuinfo']
/src/boringssl/crypto/lhash/../internal.h ['conf', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/bn/cmp.c ['privkey', 'bn_div', 'bn_mod_exp', 'conf', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_div', 'bn_mod_exp', 'conf', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/ssl/tls_method.cc ['decode_client_hello_inner', 'ssl_ctx_api'] ['decode_client_hello_inner', 'ssl_ctx_api']
/src/fuzz_certs.cc ['certs_lpm'] ['certs_lpm']
/src/boringssl/include/openssl/pool.h ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/x509/a_verify.c [] []
/src/boringssl/crypto/x509/asn1_gen.c ['conf'] ['conf']
/src/boringssl/crypto/dh_extra/dh_asn1.c [] []
/src/LPM/external.protobuf/include/absl/numeric/bits.h [] []
/src/boringssl/crypto/fipsmodule/ec/simple.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/a_sign.c [] []
/src/boringssl/crypto/fipsmodule/bn/montgomery_inv.c ['privkey', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/asn1/a_mbstr.c ['conf'] ['conf']
/src/boringssl/crypto/x509/x509_obj.c ['cert'] ['cert']
/src/boringssl/crypto/fipsmodule/aes/mode_wrappers.c [] []
/src/boringssl/crypto/ec_extra/ec_asn1.c ['privkey'] ['privkey']
/src/boringssl/crypto/fipsmodule/rsa/padding.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/siphash/siphash.c [] []
/src/boringssl/crypto/x509v3/v3_skey.c [] []
/usr/local/bin/../include/c++/v1/math.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] []
/src/boringssl/crypto/thread_pthread.c ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'bn_div', 'spki', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/LPM/external.protobuf/include/google/protobuf/unknown_field_set.h [] []
/src/boringssl/fuzz/ssl_ctx_api.cc ['ssl_ctx_api'] ['ssl_ctx_api']
/src/boringssl/include/openssl/stack.h ['privkey', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs12_lpm', 'pkcs12', 'session', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509v3/v3_extku.c [] []
/src/boringssl/crypto/cpu_intel.c [] []
/src/boringssl/ssl/dtls_record.cc [] []
/src/boringssl/crypto/base64/base64.c ['read_pem'] ['read_pem']
/src/boringssl/crypto/pkcs8/p5_pbev2.c [] []
/src/boringssl/crypto/x509/x509cset.c [] []
/src/boringssl/include/openssl/asn1t.h ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/LPM/external.protobuf/include/google/protobuf/io/coded_stream.h [] []
/src/boringssl/crypto/internal.h ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'bn_div', 'spki', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/poly1305/poly1305_vec.c [] []
/src/boringssl/crypto/ec_extra/../internal.h ['privkey'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/LPM/external.protobuf/include/google/protobuf/wire_format_lite.h [] []
/src/boringssl/include/openssl/bio.h [] []
/src/boringssl/ssl/ssl_buffer.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/include/openssl/buf.h [] []
/src/boringssl/crypto/x509v3/v3_akeya.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/asn1/asn1_lib.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/x509/x509name.c ['cert'] ['cert']
/src/boringssl/crypto/x509/x_spki.c [] []
/src/boringssl/ssl/handshake.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/cipher/aead.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/engine/engine.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/cipher_extra/e_tls.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c ['der_roundtrip', 'server', 'dtls_server', 'dtls_client', 'client'] ['der_roundtrip', 'server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/x_info.c [] []
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.h ['bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/digest_extra/digest_extra.c ['pkcs12_lpm', 'pkcs12'] ['pkcs12']
/src/boringssl/crypto/bio/socket.c [] []
/usr/local/bin/../include/c++/v1/initializer_list ['server', 'dtls_server', 'dtls_client', 'client'] []
/src/boringssl/ssl/tls_record.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/evp/p_dsa_asn1.c [] []
/src/boringssl/crypto/buf/buf.c ['read_pem', 'cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client'] ['read_pem', 'cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/../../include/openssl/err.h ['privkey'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/bio/hexdump.c ['cert'] []
/src/boringssl/crypto/dsa/dsa_asn1.c ['privkey'] ['privkey']
/src/boringssl/crypto/ex_data.c ['privkey', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['privkey', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/include/openssl/ecdsa.h [] []
/src/boringssl/crypto/fipsmodule/bn/montgomery.c ['privkey', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/modes/cfb.c [] []
/src/boringssl/crypto/fipsmodule/rand/ctrdrbg.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/ssl/handshake_client.cc [] []
/src/boringssl/fuzz/client.cc ['client'] ['client']
/src/boringssl/crypto/x509v3/v3_alt.c [] []
/src/boringssl/crypto/x509/x_x509a.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/LPM/external.protobuf/include/google/protobuf/message_lite.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/crypto/asn1/asn_pack.c [] []
/src/boringssl/crypto/cipher_extra/internal.h [] []
/src/boringssl/crypto/evp/p_ed25519_asn1.c [] []
/src/boringssl/crypto/x509/../internal.h ['cert', 'conf', 'certs_lpm'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/x509/x_req.c [] []
/src/boringssl/crypto/pool/internal.h ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'server', 'dtls_server', 'dtls_client', 'client'] []
/src/boringssl/crypto/evp/p_ec_asn1.c [] []
/usr/include/x86_64-linux-gnu/sys/stat.h [] []
/src/boringssl/crypto/chacha/../internal.h ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/conf/internal.h ['conf'] ['conf']
/src/boringssl/crypto/fipsmodule/cipher/../modes/internal.h [] []
/src/boringssl/crypto/cipher_extra/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/sha/../digest/md32_common.h ['server', 'dtls_server', 'dtls_client', 'client'] []
/src/LPM/external.protobuf/include/google/protobuf/arena.h [] []
/src/boringssl/include/openssl/x509.h ['pkcs12_lpm', 'cert', 'pkcs12', 'conf'] ['pkcs12_lpm', 'cert', 'pkcs12', 'conf']
/src/boringssl/crypto/fipsmodule/aes/aes_nohw.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] []
/src/boringssl/crypto/x509v3/v3_genn.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/bn/prime.c [] []
/src/boringssl/crypto/x509v3/v3_prn.c ['cert'] ['cert']
/src/boringssl/crypto/rand_extra/forkunsafe.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/evp/evp_ctx.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/fuzz/bn_mod_exp.cc ['bn_mod_exp'] ['bn_mod_exp']
/src/boringssl/crypto/fipsmodule/service_indicator/service_indicator.c [] []
/src/boringssl/crypto/x509/x_exten.c ['conf'] ['conf']
/src/boringssl/crypto/rsa_extra/../internal.h ['server', 'dtls_server', 'dtls_client', 'client'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/x509/x_pkey.c [] []
/src/boringssl/crypto/pem/pem_lib.c ['read_pem'] ['read_pem']
/src/boringssl/ssl/ssl_lib.cc ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/ec/p256.c [] []
/src/boringssl/crypto/fipsmodule/rsa/rsa_impl.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/md5/md5.c [] []
/src/boringssl/crypto/evp/evp_asn1.c ['pkcs8', 'privkey', 'pkcs8_lpm', 'spki', 'cert', 'certs_lpm', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'spki', 'cert', 'certs_lpm', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/ssl/ssl_versions.cc ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/bn/rsaz_exp.c ['bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] []
/src/boringssl/crypto/fipsmodule/bn/exponentiation.c ['privkey', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/ec/wnaf.c [] []
/src/boringssl/crypto/evp/p_x25519.c [] []
/src/boringssl/ssl/encrypted_client_hello.cc ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/cipher/e_aes.c ['privkey', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/asn1/a_type.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/ssl/t1_enc.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/LPM/external.protobuf/include/google/protobuf/arena_align.h [] []
/src/boringssl/ssl/d1_srtp.cc [] []
/src/boringssl/crypto/bytestring/asn1_compat.c ['cert', 'certs_lpm'] ['cert', 'certs_lpm']
/src/boringssl/ssl/tls13_server.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server']
/src/boringssl/crypto/pem/pem_pkey.c [] []
/src/boringssl/crypto/fipsmodule/modes/cbc.c [] []
/src/boringssl/crypto/fipsmodule/sha/sha1.c [] []
/src/boringssl/crypto/asn1/tasn_new.c ['cert', 'conf', 'certs_lpm'] ['cert', 'conf', 'certs_lpm']
/src/boringssl/crypto/x509/x509_d2.c [] []
/src/boringssl/crypto/fipsmodule/bn/mul.c ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/bn/div.c ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/ssl/ssl_session.cc ['session', 'server', 'dtls_server', 'dtls_client', 'client'] ['session', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/include/openssl/span.h ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/ecdh/ecdh.c [] []
/src/boringssl/ssl/ssl_x509.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/pkcs8/../internal.h ['pkcs12_lpm', 'pkcs12'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/asn1/posix_time.c ['cert', 'conf', 'certs_lpm'] []
/src/boringssl/fuzz/der_roundtrip.cc ['der_roundtrip'] ['der_roundtrip']
/src/boringssl/crypto/fipsmodule/ec/util.c [] []
/src/LPM/external.protobuf/include/google/protobuf/repeated_ptr_field.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/crypto/bio/bio_mem.c ['read_pem', 'cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client'] ['read_pem', 'cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/include/openssl/conf.h ['cert', 'conf'] ['cert', 'conf']
/src/boringssl/crypto/asn1/a_d2i_fp.c [] []
/src/boringssl/ssl/dtls_method.cc [] []
/src/boringssl/crypto/x509v3/v3_ia5.c [] []
/src/boringssl/ssl/ssl_key_share.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/LPM/external.protobuf/include/google/protobuf/message.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/ssl/d1_pkt.cc [] []
/work/boringssl/genfiles/asn1_pdu.pb.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/crypto/asn1/asn1_par.c ['cert'] []
/src/boringssl/fuzz/pkcs8.cc ['pkcs8'] ['pkcs8']
/src/boringssl/crypto/asn1/a_i2d_fp.c [] []
/src/boringssl/crypto/x509v3/v3_ocsp.c [] []
/src/boringssl/crypto/ecdh_extra/ecdh_extra.c [] []
/src/LPM/external.protobuf/include/google/protobuf/metadata_lite.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/ssl/d1_both.cc [] []
/src/boringssl/crypto/fipsmodule/self_check/../rand/internal.h ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] []
/src/boringssl/crypto/x509v3/v3_cpols.c [] []
/src/boringssl/crypto/fipsmodule/rsa/blinding.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/dh/dh.c [] []
/src/boringssl/crypto/x509/a_digest.c [] []
/src/boringssl/crypto/bytestring/cbb.c ['der_roundtrip', 'pkcs8', 'pkcs8_lpm', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client'] ['der_roundtrip', 'pkcs8', 'pkcs8_lpm', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/x_sig.c [] []
/src/boringssl/crypto/poly1305/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/siphash/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/self_check/self_check.c [] []
/src/asn1_pdu_to_der.cc ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/modes/gcm_nohw.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] []
/src/boringssl/crypto/fipsmodule/cmac/cmac.c [] []
/src/boringssl/crypto/cipher_extra/derive_key.c [] []
/src/boringssl/crypto/chacha/chacha.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/stack/stack.c ['privkey', 'bn_div', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['privkey', 'bn_div', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/ssl/ssl_asn1.cc ['session', 'server', 'dtls_server', 'dtls_client', 'client'] ['session', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/x509_vfy.c [] []
/src/boringssl/crypto/obj/obj.c ['cert', 'conf', 'certs_lpm'] ['cert', 'conf', 'certs_lpm']
/src/boringssl/crypto/x509/x_x509.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/LPM/external.protobuf/include/google/protobuf/has_bits.h [] []
/src/boringssl/crypto/x509/x_name.c ['cert'] ['cert']
/src/boringssl/include/openssl/mem.h [] []
/src/boringssl/crypto/x509/by_file.c [] []
/src/boringssl/crypto/bytestring/unicode.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/x509/x509_ext.c ['cert'] ['cert']
/src/boringssl/crypto/mem.c ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'bn_div', 'spki', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'bn_div', 'spki', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/x509/x509_set.c ['cert'] ['cert']
/usr/local/bin/../include/c++/v1/exception [] []
/src/boringssl/crypto/asn1/a_bitstr.c ['cert', 'conf', 'certs_lpm'] ['cert', 'conf', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/bn/add.c ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/modes/ofb.c [] []
/src/boringssl/crypto/fipsmodule/cipher/cipher.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h ['der_roundtrip', 'privkey', 'bn_div', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/ssl/internal.h ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/cipher_extra/e_rc4.c [] []
/src/boringssl/crypto/fipsmodule/bn/bytes.c ['der_roundtrip', 'privkey', 'bn_div', 'bn_mod_exp', 'conf', 'server', 'dtls_server', 'dtls_client', 'client'] ['der_roundtrip', 'privkey', 'bn_div', 'bn_mod_exp', 'conf', 'server', 'dtls_server', 'dtls_client', 'client']
/src/LPM/external.protobuf/include/google/protobuf/arena_cleanup.h [] []
/src/boringssl/crypto/x509/x509_req.c [] []
/src/boringssl/crypto/digest_extra/../internal.h ['pkcs12_lpm', 'pkcs12'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/ssl/ssl_transcript.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/ec/felem.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/x509_att.c [] []
/src/boringssl/fuzz/../ssl/test/fuzzer.h ['server', 'dtls_server', 'dtls_client', 'client'] []
/work/boringssl/genfiles/asn1_pdu.pb.cc ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/crypto/pem/pem_all.c [] []
/src/boringssl/crypto/asn1/a_gentm.c [] []
/src/boringssl/include/openssl/ec_key.h [] []
/src/boringssl/crypto/asn1/a_object.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/fuzz/read_pem.cc ['read_pem'] ['read_pem']
/src/boringssl/ssl/s3_both.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'client']
/src/boringssl/crypto/pem/pem_info.c [] []
/src/boringssl/crypto/cipher_extra/e_chacha20poly1305.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/bn/random.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/evp/p_rsa.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/pem/pem_xaux.c [] []
/src/boringssl/crypto/x509v3/v3_lib.c ['cert', 'conf'] ['cert', 'conf']
/src/boringssl/fuzz/privkey.cc ['privkey'] ['privkey']
/src/boringssl/crypto/x509/x509_def.c [] []
/src/LPM/external.protobuf/include/google/protobuf/parse_context.h [] []
/src/boringssl/crypto/fipsmodule/modes/ctr.c [] []
/src/boringssl/crypto/rand_extra/deterministic.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509v3/v3_ncons.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/fuzz/conf.cc ['conf'] ['conf']
/src/boringssl/crypto/bio/file.c [] []
/src/boringssl/crypto/x509/x_crl.c [] []
/src/boringssl/fuzz/cert.cc ['cert'] ['cert']
/src/boringssl/include/openssl/err.h ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/asn1/a_utctm.c [] []
/src/boringssl/crypto/lhash/lhash.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['conf', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/include/openssl/x509v3.h ['cert', 'conf'] ['cert', 'conf']
/src/boringssl/ssl/../crypto/internal.h ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/include/openssl/bn.h [] []
/src/boringssl/crypto/fipsmodule/hkdf/hkdf.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'client']
/src/boringssl/include/openssl/asn1.h ['cert'] ['cert']
/src/boringssl/crypto/fipsmodule/tls/kdf.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/fuzz/../crypto/internal.h ['arm_cpuinfo'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/x509/x_pubkey.c ['cert', 'certs_lpm'] ['cert', 'certs_lpm']
/src/boringssl/ssl/extensions.cc ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client']
/src/LPM/external.protobuf/include/google/protobuf/repeated_field.h [] []
/src/boringssl/crypto/x509v3/v3_akey.c [] []
/src/boringssl/crypto/x509v3/v3_info.c [] []
/src/boringssl/crypto/x509v3/v3_bcons.c ['cert'] ['cert']
/src/boringssl/crypto/curve25519/curve25519.c [] []
/src/boringssl/crypto/fipsmodule/digest/digests.c ['cert', 'server', 'dtls_server', 'dtls_client', 'client'] ['cert', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/asn1/tasn_fre.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/x509v3/v3_pmaps.c [] []
/src/boringssl/crypto/x509v3/../internal.h ['conf'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/err/err.c ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'bn_div', 'spki', 'bn_mod_exp', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['der_roundtrip', 'pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/asn1/a_octet.c ['cert', 'conf'] ['cert', 'conf']
/src/boringssl/crypto/x509v3/v3_enum.c [] []
/src/boringssl/crypto/evp/p_ed25519.c [] []
/src/boringssl/crypto/x509v3/v3_conf.c ['conf'] ['conf']
/src/boringssl/fuzz/server.cc ['server'] ['server']
/src/boringssl/crypto/evp/pbkdf.c [] []
/src/boringssl/crypto/x509v3/v3_purp.c ['cert'] ['cert']
/src/boringssl/crypto/bytestring/ber.c ['pkcs12_lpm', 'pkcs12'] ['pkcs12_lpm', 'pkcs12']
/src/boringssl/include/openssl/ec.h [] []
/src/boringssl/crypto/x509v3/v3_crld.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/ec/oct.c ['privkey'] ['privkey']
/src/boringssl/crypto/kyber/keccak.c [] []
/src/boringssl/ssl/handshake_server.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/bn/ctx.c ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/ec/p224-64.c [] []
/src/boringssl/ssl/handoff.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/bio/socket_helper.c [] []
/src/boringssl/crypto/base64/../internal.h ['read_pem'] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/ec/p256-nistz.c [] []
/src/boringssl/crypto/fipsmodule/hmac/hmac.c ['pkcs12_lpm', 'pkcs12', 'server', 'dtls_server', 'dtls_client', 'client'] ['pkcs12', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/kyber/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/asn1/tasn_enc.c ['cert', 'conf', 'certs_lpm'] ['cert', 'conf', 'certs_lpm']
/src/boringssl/ssl/s3_pkt.cc ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/rand/rand.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/rc4/rc4.c [] []
/src/boringssl/ssl/d1_lib.cc [] []
/src/boringssl/include/openssl/evp.h ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/dsa/dsa.c ['privkey'] ['privkey']
/src/boringssl/crypto/fipsmodule/bn/sqrt.c ['privkey'] ['privkey']
/src/boringssl/fuzz/dtls_client.cc ['dtls_client'] ['dtls_client']
/src/boringssl/ssl/../crypto/err/internal.h [] []
/src/boringssl/fuzz/bn_div.cc ['bn_div'] ['bn_div']
/src/boringssl/include/openssl/bytestring.h ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client'] ['session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/curve25519/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/fipsmodule/ec/ec_key.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/i2d_pr.c [] []
/src/fuzz_pkcs12.cc ['pkcs12_lpm'] ['pkcs12_lpm']
/src/boringssl/crypto/asn1/f_int.c ['cert'] ['cert']
/src/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'bn_div', 'bn_mod_exp', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/x509_cmp.c ['cert', 'certs_lpm'] ['cert', 'certs_lpm']
/src/boringssl/crypto/asn1/a_time.c [] []
/src/boringssl/crypto/x509/x509_vpm.c [] []
/src/boringssl/crypto/asn1/tasn_utl.c ['pkcs12_lpm', 'cert', 'pkcs12', 'conf', 'certs_lpm'] ['cert', 'pkcs12', 'conf', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/sha/sha256.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/cipher_extra/tls_cbc.c [] []
/src/boringssl/crypto/fipsmodule/aes/aes.c [] []
/src/boringssl/fuzz/spki.cc ['spki'] ['spki']
/src/boringssl/crypto/fipsmodule/bn/bn.c ['der_roundtrip', 'privkey', 'bn_div', 'bn_mod_exp', 'conf', 'server', 'dtls_server', 'dtls_client', 'client'] ['der_roundtrip', 'privkey', 'bn_div', 'bn_mod_exp', 'conf', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/x509/algorithm.c [] []
/src/boringssl/crypto/fipsmodule/aes/key_wrap.c [] []
/src/boringssl/crypto/fipsmodule/modes/gcm.c ['privkey', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] ['decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/crypto.c [] []
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h ['cert', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] []
/src/boringssl/crypto/x509/x_all.c ['cert'] ['cert']
/src/boringssl/crypto/x509/t_x509.c ['cert'] ['cert']
/src/boringssl/crypto/x509/x_attrib.c [] []
/src/boringssl/crypto/x509/x509.c ['cert'] ['cert']
/src/boringssl/crypto/x509/x509_lu.c [] []
/src/boringssl/crypto/rsa_extra/rsa_asn1.c ['privkey'] ['privkey']
/src/boringssl/fuzz/decode_client_hello_inner.cc ['decode_client_hello_inner'] ['decode_client_hello_inner']
/src/boringssl/crypto/fipsmodule/cipher/../aes/internal.h ['privkey', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api'] []
/src/boringssl/crypto/x509/x_val.c [] []
/src/boringssl/crypto/bio/printf.c ['cert'] ['cert']
/src/boringssl/crypto/ecdh_extra/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/des/../internal.h [] ['pkcs8', 'privkey', 'pkcs8_lpm', 'read_pem', 'spki', 'cert', 'pkcs12', 'conf', 'certs_lpm', 'session', 'decode_client_hello_inner', 'server', 'dtls_server', 'dtls_client', 'client', 'ssl_ctx_api']
/src/boringssl/crypto/pem/pem_pk8.c [] []
/src/boringssl/crypto/fipsmodule/ec/scalar.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/cipher_extra/e_des.c [] []
/src/boringssl/crypto/pkcs7/pkcs7_x509.c [] []
/src/boringssl/crypto/bio/bio.c ['read_pem', 'cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client'] ['read_pem', 'cert', 'conf', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/rsa/rsa.c ['privkey', 'server', 'dtls_server', 'dtls_client', 'client'] ['privkey', 'server', 'dtls_server', 'dtls_client', 'client']
/src/boringssl/crypto/fipsmodule/md4/md4.c [] []
/src/boringssl/crypto/hpke/hpke.c ['server', 'dtls_server', 'dtls_client', 'client'] ['server', 'dtls_server', 'dtls_client', 'client']
/usr/local/bin/../include/c++/v1/stdexcept [] []
/src/boringssl/crypto/asn1/tasn_dec.c ['cert', 'conf', 'certs_lpm'] ['cert', 'conf', 'certs_lpm']
/src/boringssl/crypto/fipsmodule/dh/check.c [] []
/src/asn1_pdu_to_der.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] []
/src/LPM/external.protobuf/include/google/protobuf/arenastring.h ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm'] ['pkcs8_lpm', 'pkcs12_lpm', 'certs_lpm']
/src/boringssl/crypto/x509/name_print.c ['cert'] ['cert']

Directories in report

Directory
/src/boringssl/crypto/fipsmodule/self_check/
/src/boringssl/crypto/curve25519/
/src/boringssl/ssl/
/src/boringssl/crypto/hpke/
/src/boringssl/ssl/../crypto/
/src/boringssl/crypto/asn1/
/src/boringssl/crypto/x509/../
/src/boringssl/crypto/siphash/../
/src/boringssl/crypto/blake2/../
/src/boringssl/crypto/stack/../
/src/boringssl/crypto/asn1/../
/src/boringssl/crypto/x509v3/
/src/boringssl/crypto/bytestring/
/src/boringssl/crypto/rand_extra/../
/src/boringssl/crypto/lhash/
/src/boringssl/crypto/fipsmodule/hkdf/
/src/boringssl/crypto/rand_extra/
/src/boringssl/ssl/../crypto/err/
/src/boringssl/crypto/bn_extra/
/src/boringssl/crypto/fipsmodule/bn/asm/
/src/boringssl/crypto/rc4/
/src/boringssl/crypto/kyber/
/src/boringssl/crypto/bio/
/src/boringssl/crypto/fipsmodule/ecdh/../ec/../../../third_party/fiat/
/src/boringssl/crypto/buf/
/src/boringssl/fuzz/../ssl/
/src/boringssl/crypto/fipsmodule/rand/
/src/LPM/external.protobuf/include/google/protobuf/
/src/boringssl/crypto/fipsmodule/digest/
/src/boringssl/crypto/lhash/../
/src/boringssl/crypto/fipsmodule/rsa/
/src/boringssl/crypto/des/
/src/boringssl/crypto/blake2/
/src/boringssl/crypto/fipsmodule/dh/
/src/boringssl/crypto/fipsmodule/bn/
/src/boringssl/crypto/bio/../
/src/boringssl/crypto/fipsmodule/cipher/
/src/boringssl/crypto/x509/
/src/boringssl/crypto/kyber/../
/src/boringssl/crypto/poly1305/../
/src/boringssl/crypto/cipher_extra/../fipsmodule/cipher/../modes/../../
/src/boringssl/crypto/pkcs8/
/src/boringssl/crypto/curve25519/../../third_party/fiat/
/src/boringssl/crypto/fipsmodule/modes/
/src/boringssl/crypto/rsa_extra/
/src/boringssl/crypto/x509v3/../
/src/boringssl/crypto/bytestring/../
/src/boringssl/crypto/chacha/../
/src/boringssl/crypto/fipsmodule/service_indicator/
/src/boringssl/crypto/curve25519/../
/src/boringssl/crypto/dh_extra/
/src/boringssl/fuzz/../ssl/test/
/src/boringssl/crypto/ecdh_extra/
/src/boringssl/crypto/poly1305/
/src/boringssl/crypto/engine/
/usr/include/x86_64-linux-gnu/bits/
/src/boringssl/crypto/fipsmodule/digestsign/
/src/LPM/external.protobuf/include/absl/numeric/
/src/boringssl/crypto/ecdsa_extra/
/src/boringssl/crypto/fipsmodule/sha/
/src/boringssl/crypto/fipsmodule/ec/
/src/boringssl/fuzz/../crypto/
/src/boringssl/crypto/cipher_extra/../
/src/boringssl/crypto/base64/
/src/boringssl/crypto/ec_extra/../
/src/boringssl/crypto/dsa/
/src/boringssl/crypto/base64/../
/src/boringssl/crypto/fipsmodule/md5/
/src/boringssl/crypto/fipsmodule/ecdh/
/src/boringssl/crypto/ecdh_extra/../
/src/boringssl/fuzz/
/src/boringssl/crypto/fipsmodule/cmac/
/src/boringssl/crypto/stack/
/src/boringssl/crypto/fipsmodule/tls/
/src/boringssl/crypto/pem/
/src/boringssl/crypto/fipsmodule/hmac/
/src/boringssl/crypto/ec_extra/
/src/boringssl/crypto/pkcs7/
/src/boringssl/crypto/obj/
/src/boringssl/crypto/digest_extra/
/src/boringssl/crypto/err/
/src/boringssl/crypto/fipsmodule/self_check/../rand/
/src/boringssl/crypto/evp/../
/src/boringssl/crypto/pkcs8/../
/src/boringssl/crypto/fipsmodule/cipher/../modes/
/src/boringssl/crypto/conf/
/src/boringssl/crypto/siphash/
/src/LPM/external.protobuf/include/google/protobuf/io/
/src/boringssl/crypto/rsa_extra/../
/usr/include/x86_64-linux-gnu/sys/
/src/boringssl/crypto/fipsmodule/ecdh/../ec/
/usr/local/bin/../include/c++/v1/
/src/
/src/boringssl/crypto/chacha/
/src/boringssl/crypto/fipsmodule/self_check/../tls/../../
/src/boringssl/crypto/pool/
/src/boringssl/crypto/des/../
/src/boringssl/crypto/
/src/boringssl/crypto/cipher_extra/
/src/boringssl/crypto/fipsmodule/../../include/openssl/
/src/boringssl/crypto/digest_extra/../
/src/boringssl/crypto/fipsmodule/sha/../digest/
/src/boringssl/crypto/fipsmodule/md4/
/src/boringssl/include/openssl/
/src/boringssl/crypto/fipsmodule/cipher/../aes/
/work/boringssl/genfiles/
/src/boringssl/crypto/evp/
/src/boringssl/crypto/fipsmodule/aes/
/src/boringssl/crypto/fipsmodule/ecdsa/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
arm_cpuinfo fuzzerLogFile-0-Xm5nZhzRv6.data fuzzerLogFile-0-Xm5nZhzRv6.data.yaml arm_cpuinfo.covreport
der_roundtrip fuzzerLogFile-0-dSaO2O8oG1.data fuzzerLogFile-0-dSaO2O8oG1.data.yaml der_roundtrip.covreport
pkcs8 fuzzerLogFile-0-bn49IJbpPv.data fuzzerLogFile-0-bn49IJbpPv.data.yaml pkcs8.covreport
privkey fuzzerLogFile-0-Rvgaa3WOvq.data fuzzerLogFile-0-Rvgaa3WOvq.data.yaml privkey.covreport
pkcs8_lpm fuzzerLogFile-0-gPgTzadgpR.data fuzzerLogFile-0-gPgTzadgpR.data.yaml pkcs8_lpm.covreport
read_pem fuzzerLogFile-0-U0cujHO4Za.data fuzzerLogFile-0-U0cujHO4Za.data.yaml read_pem.covreport
bn_div fuzzerLogFile-0-6T3w7XCFU6.data fuzzerLogFile-0-6T3w7XCFU6.data.yaml bn_div.covreport
spki fuzzerLogFile-0-q3idoWOvM6.data fuzzerLogFile-0-q3idoWOvM6.data.yaml spki.covreport
bn_mod_exp fuzzerLogFile-0-Lp87QPUfNX.data fuzzerLogFile-0-Lp87QPUfNX.data.yaml bn_mod_exp.covreport
pkcs12_lpm fuzzerLogFile-0-XKLBGhZeky.data fuzzerLogFile-0-XKLBGhZeky.data.yaml pkcs12_lpm.covreport
cert fuzzerLogFile-0-jjrHny7ivu.data fuzzerLogFile-0-jjrHny7ivu.data.yaml cert.covreport
pkcs12 fuzzerLogFile-0-PVFEDU7ng3.data fuzzerLogFile-0-PVFEDU7ng3.data.yaml pkcs12.covreport
conf fuzzerLogFile-0-PABkEUGjuW.data fuzzerLogFile-0-PABkEUGjuW.data.yaml conf.covreport
certs_lpm fuzzerLogFile-0-vdT8S2KHaK.data fuzzerLogFile-0-vdT8S2KHaK.data.yaml certs_lpm.covreport
session fuzzerLogFile-0-7lzOOwKHwJ.data fuzzerLogFile-0-7lzOOwKHwJ.data.yaml session.covreport
decode_client_hello_inner fuzzerLogFile-0-h5g9b4kaMZ.data fuzzerLogFile-0-h5g9b4kaMZ.data.yaml decode_client_hello_inner.covreport
server fuzzerLogFile-0-44wVgRvDAP.data fuzzerLogFile-0-44wVgRvDAP.data.yaml server.covreport
dtls_server fuzzerLogFile-0-8byYXq9Wt9.data fuzzerLogFile-0-8byYXq9Wt9.data.yaml dtls_server.covreport
dtls_client fuzzerLogFile-0-YL0sgZao2H.data fuzzerLogFile-0-YL0sgZao2H.data.yaml dtls_client.covreport
client fuzzerLogFile-0-3GPBnMZY0n.data fuzzerLogFile-0-3GPBnMZY0n.data.yaml client.covreport
ssl_ctx_api fuzzerLogFile-0-oE9plMqJVD.data fuzzerLogFile-0-oE9plMqJVD.data.yaml ssl_ctx_api.covreport