Fuzz introspector: spki
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1321 2885 15 :

['ERR_put_error', 'BN_is_one', 'BN_cmp', 'BN_free', 'bn_usub_consttime', 'BN_init', 'BN_num_bits', 'bn_div_consttime', 'bn_mul_consttime', 'check_mod_inverse(int*, bignum_st const*, bignum_st const*, bignum_st const*, unsigned int, bignum_ctx*)', 'BN_is_negative', 'constant_time_declassify_int(int)', 'BN_CTX_free', 'BN_CTX_new', 'BN_value_one']

1321 2885 RSA_check_key call site: 00000 /src/boringssl/crypto/fipsmodule/rsa/rsa.cc.inc:753
147 147 1 :

['add_base128_integer(cbb_st*, unsigned long)']

147 400 CBB_add_asn1 call site: 00000 /src/boringssl/crypto/bytestring/cbb.cc:372
136 370 2 :

['bn_mod_lshift1_consttime', 'BN_sub_word']

136 2722 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.cc.inc:115
136 140 2 :

['BN_is_zero', 'BN_sub_word']

136 140 BN_add_word call site: 00000 /src/boringssl/crypto/fipsmodule/bn/add.cc.inc:109
105 356 2 :

['BN_one', 'BN_nnmod']

105 3730 BN_mod_sqrt call site: 00000 /src/boringssl/crypto/fipsmodule/bn/sqrt.cc.inc:269
105 110 3 :

['BN_one', 'BN_zero', 'BN_abs_is_word']

105 110 BN_mod_exp_mont call site: 00000 /src/boringssl/crypto/fipsmodule/bn/exponentiation.cc.inc:143
76 168 5 :

['abort', 'bn_from_montgomery_in_place(unsigned long*, unsigned long, unsigned long*, unsigned long, bn_mont_ctx_st const*)', 'OPENSSL_cleanse', 'bn_sqr_small', 'bn_mul_small']

76 168 bn_mod_mul_montgomery_small call site: 00000 /src/boringssl/crypto/fipsmodule/bn/montgomery.cc.inc:363
31 33 3 :

['sk_void_free', 'CRYPTO_get_ex_data', 'CRYPTO_atomic_load_u32']

31 33 CRYPTO_free_ex_data call site: 00000 /src/boringssl/crypto/ex_data.cc:113
26 100 3 :

['BN_cmp', 'ec_GFp_simple_points_equal', 'ec_felem_equal']

26 100 EC_GROUP_cmp call site: 00000 /src/boringssl/crypto/fipsmodule/ec/ec.cc.inc:314
6 6 1 :

['ec_GFp_simple_point_set_to_infinity']

6 6 ec_set_to_safe_point call site: 00000 /src/boringssl/crypto/fipsmodule/ec/ec.cc.inc:939
4 62 2 :

['ERR_put_error', 'cbb_on_error(cbb_st*)']

4 62 CBB_flush call site: 00093 /src/boringssl/crypto/bytestring/cbb.cc:258
4 4 1 :

['cbb_on_error(cbb_st*)']

4 4 cbb_add_u(cbb_st*,unsignedlong,unsignedlong) call site: 00000 /src/boringssl/crypto/bytestring/cbb.cc:441

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 CBS_init [function] [call site] 00001
1 EVP_parse_public_key [function] [call site] 00002
2 CBS_get_asn1 [function] [call site] 00003
3 cbs_get_asn1(cbs_st*, cbs_st*, unsigned int, int) [function] [call site] 00004
4 CBS_get_any_asn1_element [function] [call site] 00005
5 cbs_get_any_asn1_element(cbs_st*, cbs_st*, unsigned int*, unsigned long*, int*, int*, int) [function] [call site] 00006
6 __assert_fail [call site] 00007
6 __assert_fail [call site] 00008
6 parse_asn1_tag(cbs_st*, unsigned int*) [function] [call site] 00009
7 CBS_get_u8 [function] [call site] 00010
8 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00011
7 parse_base128_integer(cbs_st*, unsigned long*) [function] [call site] 00012
8 CBS_get_u8 [function] [call site] 00013
6 CBS_get_u8 [function] [call site] 00014
6 CBS_len [function] [call site] 00015
6 CBS_get_bytes [function] [call site] 00016
7 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00017
7 CBS_init [function] [call site] 00018
6 cbs_get_u(cbs_st*, unsigned long*, unsigned long) [function] [call site] 00019
7 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00020
6 CBS_get_bytes [function] [call site] 00021
4 CBS_skip [function] [call site] 00022
5 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00023
4 __assert_fail [call site] 00024
2 CBS_get_asn1 [function] [call site] 00025
2 CBS_get_asn1 [function] [call site] 00026
2 CBS_len [function] [call site] 00027
2 ERR_put_error [function] [call site] 00028
3 err_get_state() [function] [call site] 00029
4 CRYPTO_get_thread_local [function] [call site] 00030
5 CRYPTO_once [function] [call site] 00031
6 pthread_once [call site] 00032
6 abort [call site] 00033
5 thread_local_init() [function] [call site] 00034
6 pthread_key_create [call site] 00035
6 thread_local_destructor(void*) [function] [call site] 00036
7 pthread_mutex_lock [call site] 00037
7 OPENSSL_memcpy(void*, void const*, unsigned long) [function] [call site] 00038
7 pthread_mutex_unlock [call site] 00039
5 pthread_getspecific [call site] 00040
4 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00041
4 CRYPTO_set_thread_local [function] [call site] 00042
5 CRYPTO_once [function] [call site] 00043
5 thread_local_init() [function] [call site] 00044
5 pthread_getspecific [call site] 00045
5 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00046
5 pthread_setspecific [call site] 00047
5 pthread_mutex_lock [call site] 00048
5 pthread_mutex_unlock [call site] 00049
4 err_state_free(void*) [function] [call site] 00050
5 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00051
6 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00052
3 __errno_location [call site] 00053
3 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00054
2 parse_key_type(cbs_st*) [function] [call site] 00055
3 CBS_get_asn1 [function] [call site] 00056
3 CBS_len [function] [call site] 00057
3 CBS_data [function] [call site] 00058
3 OPENSSL_memcmp(void const*, void const*, unsigned long) [function] [call site] 00059
4 memcmp [call site] 00060
2 ERR_put_error [function] [call site] 00061
2 CBS_get_u8 [function] [call site] 00062
2 ERR_put_error [function] [call site] 00063
2 EVP_PKEY_new [function] [call site] 00064
3 OPENSSL_zalloc [function] [call site] 00065
4 OPENSSL_malloc [function] [call site] 00066
5 should_fail_allocation() [function] [call site] 00067
5 __assert_fail [call site] 00068
5 __assert_fail [call site] 00069
5 OPENSSL_memory_alloc [call site] 00070
5 __asan_poison_memory_region(void const*, unsigned long) [function] [call site] 00071
5 ERR_put_error [function] [call site] 00072
4 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00073
2 evp_pkey_set_method [function] [call site] 00074
3 free_it(evp_pkey_st*) [function] [call site] 00075
2 ERR_put_error [function] [call site] 00076
1 ERR_clear_error [function] [call site] 00077
2 err_get_state() [function] [call site] 00078
2 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00079
1 CBB_init [function] [call site] 00080
2 CBB_zero [function] [call site] 00081
3 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00082
2 OPENSSL_malloc [function] [call site] 00083
2 cbb_init(cbb_st*, unsigned char*, unsigned long, int) [function] [call site] 00084
1 EVP_marshal_public_key [function] [call site] 00085
2 ERR_put_error [function] [call site] 00086
1 CBB_finish [function] [call site] 00087
2 ERR_put_error [function] [call site] 00088
2 CBB_flush [function] [call site] 00089
3 cbb_get_base(cbb_st*) [function] [call site] 00090
3 __assert_fail [call site] 00091
3 __assert_fail [call site] 00092
3 CBB_flush [function] [call site] 00093
4 __assert_fail [call site] 00094
4 ERR_put_error [function] [call site] 00095
4 cbb_buffer_add(cbb_buffer_st*, unsigned char**, unsigned long) [function] [call site] 00096
5 cbb_buffer_reserve(cbb_buffer_st*, unsigned char**, unsigned long) [function] [call site] 00097
6 ERR_put_error [function] [call site] 00098
6 ERR_put_error [function] [call site] 00099
6 OPENSSL_realloc [function] [call site] 00100
7 OPENSSL_malloc [function] [call site] 00101
7 OPENSSL_memory_get_size [call site] 00102
7 __asan_unpoison_memory_region(void const*, unsigned long) [function] [call site] 00103
7 __asan_poison_memory_region(void const*, unsigned long) [function] [call site] 00104
7 OPENSSL_malloc [function] [call site] 00105
7 OPENSSL_free [function] [call site] 00106
8 OPENSSL_memory_free [call site] 00107
8 __asan_unpoison_memory_region(void const*, unsigned long) [function] [call site] 00108
8 OPENSSL_cleanse [function] [call site] 00109
9 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00110
4 OPENSSL_memmove(void*, void const*, unsigned long) [function] [call site] 00111
4 ERR_put_error [function] [call site] 00112
4 cbb_on_error(cbb_st*) [function] [call site] 00113
5 cbb_get_base(cbb_st*) [function] [call site] 00114
2 CBB_cleanup [function] [call site] 00115
3 __assert_fail [call site] 00116
3 OPENSSL_free [function] [call site] 00117
1 OPENSSL_free [function] [call site] 00118
1 CBB_cleanup [function] [call site] 00119
1 EVP_PKEY_free [function] [call site] 00120
2 CRYPTO_refcount_dec_and_test_zero [function] [call site] 00121
3 CRYPTO_atomic_load_u32 [function] [call site] 00122
3 abort [call site] 00123
3 CRYPTO_atomic_compare_exchange_weak_u32 [function] [call site] 00124
2 free_it(evp_pkey_st*) [function] [call site] 00125
2 OPENSSL_free [function] [call site] 00126
1 ERR_clear_error [function] [call site] 00127