Project overview: cryptography

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 4 21.0%

gold [1:9] 0 0.0%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 15 78.9%

All colors 19 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	4	21.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	15	78.9%
All colors	19	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
2	5	cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key	call site: 00005	private_key.public_key
1	12	...fuzz_dsa.TestInput	call site: 00012	cryptography.hazmat.primitives.asymmetric.utils.Prehashed.__init__
1	14	cryptography.hazmat.primitives.asymmetric.utils.Prehashed.__init__	call site: 00014	private_key.sign

Runtime coverage analysis

14

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

21.43%

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...fuzz_dsa	9
cryptography.hazmat.primitives.asymmetric.dsa	3
cryptography.hazmat.primitives.asymmetric.utils	1

Fuzzer: fuzz_dh

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 4 30.7%

gold [1:9] 0 0.0%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 9 69.2%

All colors 13 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	4	30.7%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	9	69.2%
All colors	13	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
2	0	EP	call site: 00000	atheris.FuzzedDataProvider
2	5	...fuzz_dh.TestInput	call site: 00005	peer_private_key.public_key

Runtime coverage analysis

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

0.0%

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...fuzz_dh	10

Fuzzer: fuzz_aead

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 0 0.0%

gold [1:9] 0 0.0%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 14 100.%

All colors 14 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	0	0.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	14	100.%
All colors	14	100

Runtime coverage analysis

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

0.0%

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...fuzz_aead	10

Fuzzer: fuzz_sym

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 11 12.0%

gold [1:9] 0 0.0%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 80 87.9%

All colors 91 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	11	12.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	80	87.9%
All colors	91	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
2	1	...fuzz_sym.TestInput	call site: 00001	cryptography.fernet.Fernet.generate_key
2	54	cryptography.fernet.Fernet._get_unverified_token_data	call site: 00054	time.time
2	64	cryptography.hazmat.primitives.ciphers.base.Cipher.decryptor	call site: 00064	cryptography.hazmat.primitives.ciphers.algorithms.AES.__init__
1	5	cryptography.fernet.Fernet.generate_key	call site: 00005	cryptography.fernet.Fernet.__init__
1	34	cryptography.hazmat.primitives.ciphers.base.Cipher.encryptor	call site: 00034	cryptography.hazmat.primitives.ciphers.algorithms.AES.__init__
1	39	cryptography.hazmat.primitives._cipheralgorithm._verify_key_size	call site: 00039	cryptography.hazmat.primitives.ciphers.modes.CBC.__init__
1	43	cryptography.fernet.Fernet._encrypt_from_parts	call site: 00043	current_time.to_bytes
1	79	cryptography.hazmat.backends.openssl.backend.Backend.hmac_supported	call site: 00079	.isinstance

Runtime coverage analysis

31

60