Fuzz introspector: pkcs8
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
438 438 7 :

['ge_madd(ge_p1p1*, ge_p3 const*, ge_precomp const*)', 'ge_p2_dbl(ge_p1p1*, ge_p2 const*)', 'ge_p3_dbl(ge_p1p1*, ge_p3 const*)', 'table_select(ge_precomp*, int, signed char)', 'x25519_ge_p1p1_to_p3', 'x25519_ge_p1p1_to_p2', 'ge_p3_0(ge_p3*)']

438 438 x25519_ge_scalarmult_base call site: 00000 /src/boringssl/crypto/curve25519/curve25519.cc:796
147 147 1 :

['add_base128_integer(cbb_st*, unsigned long)']

147 400 CBB_add_asn1 call site: 00000 /src/boringssl/crypto/bytestring/cbb.cc:372
136 370 2 :

['bn_mod_lshift1_consttime', 'BN_sub_word']

136 2722 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.cc.inc:115
136 140 2 :

['BN_is_zero', 'BN_sub_word']

136 140 BN_add_word call site: 00000 /src/boringssl/crypto/fipsmodule/bn/add.cc.inc:109
105 356 2 :

['BN_one', 'BN_nnmod']

105 3730 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.cc.inc:269
105 110 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

105 110 BN_mod_exp_mont call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.cc.inc:143
105 110 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

105 110 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.cc.inc:440
76 168 5 :

['abort', 'bn_from_montgomery_in_place(unsigned long*, unsigned long, unsigned long*, unsigned long, bn_mont_ctx_st const*)', 'OPENSSL_cleanse', 'bn_sqr_small', 'bn_mul_small']

76 168 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.cc.inc:363
31 33 3 :

['sk_void_free', 'CRYPTO_get_ex_data', 'CRYPTO_atomic_load_u32']

31 33 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.cc:113
5 79 2 :

['align_pointer(void*, unsigned long)', 'OPENSSL_malloc']

19 4293 BN_mod_exp_mont_consttime call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.cc.inc:521
4 62 2 :

['ERR_put_error', 'cbb_on_error(cbb_st*)']

4 62 CBB_flush call site: 00098 /src/boringssl/crypto/bytestring/cbb.cc:258
4 4 1 :

['cbb_on_error(cbb_st*)']

4 4 cbb_add_u(cbb_st*,unsignedlong,unsignedlong) call site: 00000 /src/boringssl/crypto/bytestring/cbb.cc:441

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 CRYPTO_set_fuzzer_mode [function] [call site] 00001
2 CRYPTO_atomic_store_u32 [function] [call site] 00002
1 CBS_init [function] [call site] 00003
1 EVP_parse_private_key [function] [call site] 00004
2 CBS_get_asn1 [function] [call site] 00005
3 cbs_get_asn1(cbs_st*, cbs_st*, unsigned int, int) [function] [call site] 00006
4 CBS_get_any_asn1_element [function] [call site] 00007
5 cbs_get_any_asn1_element(cbs_st*, cbs_st*, unsigned int*, unsigned long*, int*, int*, int) [function] [call site] 00008
6 __assert_fail [call site] 00009
6 __assert_fail [call site] 00010
6 parse_asn1_tag(cbs_st*, unsigned int*) [function] [call site] 00011
7 CBS_get_u8 [function] [call site] 00012
8 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00013
7 parse_base128_integer(cbs_st*, unsigned long*) [function] [call site] 00014
8 CBS_get_u8 [function] [call site] 00015
6 CBS_get_u8 [function] [call site] 00016
6 CBS_len [function] [call site] 00017
6 CBS_get_bytes [function] [call site] 00018
7 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00019
7 CBS_init [function] [call site] 00020
6 cbs_get_u(cbs_st*, unsigned long*, unsigned long) [function] [call site] 00021
7 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00022
6 CBS_get_bytes [function] [call site] 00023
4 CBS_skip [function] [call site] 00024
5 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00025
4 __assert_fail [call site] 00026
2 CBS_get_asn1_uint64 [function] [call site] 00027
3 CBS_get_asn1_uint64_with_tag [function] [call site] 00028
4 CBS_get_asn1 [function] [call site] 00029
4 CBS_is_unsigned_asn1_integer [function] [call site] 00030
5 CBS_is_valid_asn1_integer [function] [call site] 00031
6 CBS_get_u8 [function] [call site] 00032
6 CBS_get_u8 [function] [call site] 00033
4 CBS_data [function] [call site] 00034
4 CBS_len [function] [call site] 00035
2 CBS_get_asn1 [function] [call site] 00036
2 CBS_get_asn1 [function] [call site] 00037
2 ERR_put_error [function] [call site] 00038
3 err_get_state() [function] [call site] 00039
4 CRYPTO_get_thread_local [function] [call site] 00040
5 CRYPTO_once [function] [call site] 00041
6 pthread_once [call site] 00042
6 abort [call site] 00043
5 thread_local_init() [function] [call site] 00044
6 pthread_key_create [call site] 00045
6 thread_local_destructor(void*) [function] [call site] 00046
7 pthread_mutex_lock [call site] 00047
7 OPENSSL_memcpy(void*, void const*, unsigned long) [function] [call site] 00048
7 pthread_mutex_unlock [call site] 00049
5 pthread_getspecific [call site] 00050
4 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00051
4 CRYPTO_set_thread_local [function] [call site] 00052
5 CRYPTO_once [function] [call site] 00053
5 thread_local_init() [function] [call site] 00054
5 pthread_getspecific [call site] 00055
5 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00056
5 pthread_setspecific [call site] 00057
5 pthread_mutex_lock [call site] 00058
5 pthread_mutex_unlock [call site] 00059
4 err_state_free(void*) [function] [call site] 00060
5 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00061
6 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00062
3 __errno_location [call site] 00063
3 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00064
2 parse_key_type(cbs_st*) [function] [call site] 00065
3 CBS_get_asn1 [function] [call site] 00066
3 CBS_len [function] [call site] 00067
3 CBS_data [function] [call site] 00068
3 OPENSSL_memcmp(void const*, void const*, unsigned long) [function] [call site] 00069
4 memcmp [call site] 00070
2 ERR_put_error [function] [call site] 00071
2 EVP_PKEY_new [function] [call site] 00072
3 OPENSSL_zalloc [function] [call site] 00073
4 OPENSSL_malloc [function] [call site] 00074
5 should_fail_allocation() [function] [call site] 00075
5 __assert_fail [call site] 00076
5 __assert_fail [call site] 00077
5 OPENSSL_memory_alloc [call site] 00078
5 __asan_poison_memory_region(void const*, unsigned long) [function] [call site] 00079
5 ERR_put_error [function] [call site] 00080
4 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00081
2 evp_pkey_set_method [function] [call site] 00082
3 free_it(evp_pkey_st*) [function] [call site] 00083
2 ERR_put_error [function] [call site] 00084
1 CBB_init [function] [call site] 00085
2 CBB_zero [function] [call site] 00086
3 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00087
2 OPENSSL_malloc [function] [call site] 00088
2 cbb_init(cbb_st*, unsigned char*, unsigned long, int) [function] [call site] 00089
1 EVP_marshal_private_key [function] [call site] 00090
2 ERR_put_error [function] [call site] 00091
1 CBB_finish [function] [call site] 00092
2 ERR_put_error [function] [call site] 00093
2 CBB_flush [function] [call site] 00094
3 cbb_get_base(cbb_st*) [function] [call site] 00095
3 __assert_fail [call site] 00096
3 __assert_fail [call site] 00097
3 CBB_flush [function] [call site] 00098
4 __assert_fail [call site] 00099
4 ERR_put_error [function] [call site] 00100
4 cbb_buffer_add(cbb_buffer_st*, unsigned char**, unsigned long) [function] [call site] 00101
5 cbb_buffer_reserve(cbb_buffer_st*, unsigned char**, unsigned long) [function] [call site] 00102
6 ERR_put_error [function] [call site] 00103
6 ERR_put_error [function] [call site] 00104
6 OPENSSL_realloc [function] [call site] 00105
7 OPENSSL_malloc [function] [call site] 00106
7 OPENSSL_memory_get_size [call site] 00107
7 __asan_unpoison_memory_region(void const*, unsigned long) [function] [call site] 00108
7 __asan_poison_memory_region(void const*, unsigned long) [function] [call site] 00109
7 OPENSSL_malloc [function] [call site] 00110
7 OPENSSL_free [function] [call site] 00111
8 OPENSSL_memory_free [call site] 00112
8 __asan_unpoison_memory_region(void const*, unsigned long) [function] [call site] 00113
8 OPENSSL_cleanse [function] [call site] 00114
9 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00115
4 OPENSSL_memmove(void*, void const*, unsigned long) [function] [call site] 00116
4 ERR_put_error [function] [call site] 00117
4 cbb_on_error(cbb_st*) [function] [call site] 00118
5 cbb_get_base(cbb_st*) [function] [call site] 00119
2 CBB_cleanup [function] [call site] 00120
3 __assert_fail [call site] 00121
3 OPENSSL_free [function] [call site] 00122
1 OPENSSL_free [function] [call site] 00123
1 CBB_cleanup [function] [call site] 00124
1 EVP_PKEY_free [function] [call site] 00125
2 CRYPTO_refcount_dec_and_test_zero [function] [call site] 00126
3 CRYPTO_atomic_load_u32 [function] [call site] 00127
3 abort [call site] 00128
3 CRYPTO_atomic_compare_exchange_weak_u32 [function] [call site] 00129
2 free_it(evp_pkey_st*) [function] [call site] 00130
2 OPENSSL_free [function] [call site] 00131
1 ERR_clear_error [function] [call site] 00132
2 err_get_state() [function] [call site] 00133
2 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00134