Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: cryptsetup
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: crypt2_load_ondisk_fuzz
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: crypt2_load_fuzz
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
tests/fuzz/crypt2_load_ondisk_fuzz.cc
Dictionary
Fuzzer function priority
tests/fuzz/crypt2_load_fuzz.cc
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Fuzz driver synthesis
New fuzzers
utils_reencrypt.c
setup.c
luks2_reencrypt.c
argon2.c
Files and Directories in report
Files in report
Directories in report
Function call coverage
Function in each files in report
Metadata section
Sink analyser for CWEs
Report generation date: 2025-11-07

Project overview: cryptsetup

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
21.0%
428 / 2038
Cyclomatic complexity statically reachable by fuzzers
22.0%
2707 / 12519
Runtime code coverage of functions
13.0%
260 / 2038

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
crypt2_load_ondisk_fuzz tests/fuzz/crypt2_load_ondisk_fuzz.cc 588 1612 35 65 2158 2711 crypt2_load_ondisk_fuzz.cc
crypt2_load_fuzz tests/fuzz/crypt2_load_fuzz.cc 588 1611 35 65 2162 2717 crypt2_load_fuzz.cc

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: crypt2_load_ondisk_fuzz

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 7134 94.5%
gold [1:9] 25 0.33%
yellow [10:29] 27 0.35%
greenyellow [30:49] 27 0.35%
lawngreen 50+ 330 4.37%
All colors 7543 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
2859 2743 isINTEGRITY call site: 02743 Luks2HeaderRestore
680 6057 _crypt_load_fvault2 call site: 06057 reencrypt_recovery_by_keyslot_context
596 1046 crypt_free_volume_key call site: 01046 LUKS_write_phdr
550 6738 crypt_log call site: 06738 reencrypt_load_by_keyslot_context
488 1737 _crypt_load_luks call site: 01737 reencrypt_metadata_repair
485 559 crypt_volume_key_get_key call site: 00559 LUKS_endec_template
217 2500 crypt_free call site: 02500 crypt_activate_by_signed_key
168 7346 crypt_load call site: 07346 _crypt_load_tcrypt
162 2322 isFVAULT2 call site: 02322 crypt_load
122 5771 BITLK_read_sb call site: 05771 parse_vmk_entry
101 5604 crypt_set_null_type call site: 05604 _crypt_load_luks
91 467 crypt_safe_free call site: 00467 LUKS_decrypt_from_storage

Runtime coverage analysis

Covered functions
1296
Functions that are reachable but not covered
482
Reachable functions
588
Percentage of reachable functions covered
18.03%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/crypt2_load_ondisk_fuzz.cc 11
lib/utils_io.c 13
lib/setup.c 259
lib/utils_device.c 55
lib/utils.c 26
lib/utils_safe_memory.c 8
lib/crypto_backend/memutils.c 1
lib/libdevmapper.c 153
lib/random.c 21
src/utils_luks.c 5
lib/crypto_backend/crypto_gcrypt.c 55
lib/luks2/luks2_disk_metadata.c 82
lib/utils_pbkdf.c 20
lib/utils_crypt.c 20
lib/crypto_backend/pbkdf_check.c 19
lib/luks1/keymanage.c 77
lib/utils_device_locking.c 41
lib/verity/verity.c 41
lib/volumekey.c 16
lib/internal.h 1
lib/luks1/keyencryption.c 35
lib/crypto_backend/crypto_storage.c 32
lib/crypto_backend/crypto_cipher_kernel.c 23
lib/crypto_backend/cipher_generic.c 4
lib/utils_loop.c 17
tests/test_utils.c 21
src/utils_blockdev.c 3
lib/utils_keyring.c 28
lib/utils_devpath.c 29
lib/utils_benchmark.c 11
lib/crypto_backend/pbkdf2_generic.c 10
lib/luks1/af.c 5
lib/luks2/luks2_json_metadata.c 178
lib/luks2/luks2_internal.h 1
lib/luks2/luks2_keyslot.c 57
tests/api-test-2.c 35
src/cryptsetup.c 15
src/utils_tools.c 20
src/utils_password.c 43
lib/luks2/luks2_reencrypt.c 243
lib/keyslot_context.c 6
lib/utils_storage_wrappers.c 36
lib/luks2/luks2_segment.c 41
lib/luks2/luks2_digest.c 43
src/veritysetup.c 26
lib/tcrypt/tcrypt.c 85
lib/loopaes/loopaes.c 29
lib/crypt_plain.c 14
lib/verity/verity_hash.c 35
lib/verity/verity_fec.c 28
lib/verity/rs_encode_char.c 6
lib/verity/rs_decode_char.c 5
lib/luks2/luks2_reencrypt_digest.c 40
lib/luks2/luks2_keyslot_reenc.c 56
lib/integrity/integrity.c 31
lib/utils_wipe.c 35
lib/luks2/luks2_json_format.c 11
lib/luks2/hw_opal/hw_opal.c 36
lib/bitlk/bitlk.c 45
lib/fvault2/fvault2.c 53
lib/crypto_backend/crc32.c 1
lib/crypto_backend/utf8.c 5
lib/crypto_backend/base64.c 7
lib/luks2/luks2_luks1_convert.c 9
lib/utils_blkid.c 14

Fuzzer: crypt2_load_fuzz

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 6936 91.8%
gold [1:9] 22 0.29%
yellow [10:29] 5 0.06%
greenyellow [30:49] 1 0.01%
lawngreen 50+ 585 7.74%
All colors 7549 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1160 4275 hdr_update_copy_for_rollback call site: 04275 Luks2HeaderRestore
1134 5612 crypt_set_null_type call site: 05612 reencrypt_recovery_by_keyslot_context
972 438 crypt_random_get call site: 00438 LUKS_decrypt_from_storage
499 3240 json_segment_type call site: 03240 _activate_reencrypt_device_by_vk
396 6770 validate_json_uint32 call site: 06770 reencrypt_load_by_keyslot_context
340 3821 json_object_copy call site: 03821 reencrypt_recover_segment
292 2862 device_check_size call site: 02862 _verify_reencrypt_keys
250 7298 crypt_load call site: 07298 _crypt_load_tcrypt
242 2508 crypt_free call site: 02508 crypt_activate_by_signed_key
238 1414 device_open_locked call site: 01414 LUKS_write_phdr
237 1996 LUKS2_keyslots_repair call site: 01996 tools_get_key
108 5502 LUKS2_hdr_free call site: 05502 crypt_deactivate

Runtime coverage analysis

Covered functions
1681
Functions that are reachable but not covered
411
Reachable functions
588
Percentage of reachable functions covered
30.1%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/crypt2_load_fuzz.cc 18
lib/crypto_backend/crypto_gcrypt.c 55
lib/utils_io.c 13
lib/setup.c 259
lib/utils_device.c 55
lib/utils.c 26
lib/utils_safe_memory.c 8
lib/crypto_backend/memutils.c 1
lib/libdevmapper.c 153
lib/random.c 21
src/utils_luks.c 5
lib/luks2/luks2_disk_metadata.c 82
lib/utils_pbkdf.c 20
lib/utils_crypt.c 20
lib/crypto_backend/pbkdf_check.c 19
lib/luks1/keymanage.c 77
lib/utils_device_locking.c 41
lib/verity/verity.c 41
lib/volumekey.c 16
lib/internal.h 1
lib/luks1/keyencryption.c 35
lib/crypto_backend/crypto_storage.c 32
lib/crypto_backend/crypto_cipher_kernel.c 23
lib/crypto_backend/cipher_generic.c 4
lib/utils_loop.c 17
tests/test_utils.c 21
src/utils_blockdev.c 3
lib/utils_keyring.c 28
lib/utils_devpath.c 29
lib/utils_benchmark.c 11
lib/crypto_backend/pbkdf2_generic.c 10
lib/luks1/af.c 5
lib/luks2/luks2_json_metadata.c 178
lib/luks2/luks2_internal.h 1
lib/luks2/luks2_keyslot.c 57
tests/api-test-2.c 35
src/cryptsetup.c 15
src/utils_tools.c 20
src/utils_password.c 43
lib/luks2/luks2_reencrypt.c 243
lib/keyslot_context.c 6
lib/utils_storage_wrappers.c 36
lib/luks2/luks2_segment.c 41
lib/luks2/luks2_digest.c 43
src/veritysetup.c 26
lib/tcrypt/tcrypt.c 85
lib/loopaes/loopaes.c 29
lib/crypt_plain.c 14
lib/verity/verity_hash.c 35
lib/verity/verity_fec.c 28
lib/verity/rs_encode_char.c 6
lib/verity/rs_decode_char.c 5
lib/luks2/luks2_reencrypt_digest.c 40
lib/luks2/luks2_keyslot_reenc.c 56
lib/integrity/integrity.c 31
lib/utils_wipe.c 35
lib/luks2/luks2_json_format.c 11
lib/luks2/hw_opal/hw_opal.c 36
lib/bitlk/bitlk.c 45
lib/fvault2/fvault2.c 53
lib/crypto_backend/crc32.c 1
lib/crypto_backend/utf8.c 5
lib/crypto_backend/base64.c 7
lib/luks2/luks2_luks1_convert.c 9
lib/utils_blkid.c 14

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
reencrypt /src/cryptsetup/src/utils_reencrypt.c 2 ['int', 'char**'] 20 0 51 12 27 1293 1 7105 4404
_activate_reencrypt_device_by_vk /src/cryptsetup/lib/setup.c 5 ['struct crypt_device*', 'struct luks2_hdr*', 'char*', 'struct volume_key*', 'uint32_t'] 21 0 65 15 23 844 0 4195 523
reencrypt_init /src/cryptsetup/lib/luks2/luks2_reencrypt.c 11 ['struct crypt_device*', 'char*', 'struct luks2_hdr*', 'struct crypt_keyslot_context*', 'struct crypt_keyslot_context*', 'int', 'int', 'char*', 'char*', 'struct crypt_params_reencrypt*', 'struct volume_key**'] 15 0 158 42 79 528 0 2337 356
crypt_convert /src/cryptsetup/lib/setup.c 3 ['struct crypt_device*', 'char*', 'void*'] 18 0 19 7 8 678 3 3243 236
argon2_verify /src/cryptsetup/lib/crypto_backend/argon2/argon2.c 4 ['char*', 'void*', 'size_t', 'argon2_type'] 9 0 46 8 12 71 3 199 199
reencrypt_step /src/cryptsetup/lib/luks2/luks2_reencrypt.c 5 ['struct crypt_device*', 'struct luks2_hdr*', 'struct luks2_reencrypt*', 'uint64_t', 'bool'] 14 0 74 17 19 465 0 2046 149
_crypt_format /src/cryptsetup/lib/setup.c 9 ['struct crypt_device*', 'char*', 'char*', 'char*', 'char*', 'char*', 'size_t', 'void*', 'bool'] 17 0 33 11 11 621 2 2930 140

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
62.0%
1267 / 2038
Cyclomatic complexity statically reachable by fuzzers
70.0%
8714 / 12519

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

tests/fuzz/crypt2_load_ondisk_fuzz.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['isINTEGRITY', '_crypt_load_fvault2', 'crypt_free_volume_key', 'crypt_log', 'LLVMFuzzerTestOneInput', 'crypt_volume_key_get_key', 'crypt_free', 'isFVAULT2', 'BITLK_read_sb']

tests/fuzz/crypt2_load_fuzz.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['hdr_update_copy_for_rollback', 'crypt_set_null_type', 'crypt_random_get', 'json_segment_type', 'validate_json_uint32', 'json_object_copy', 'device_check_size', 'LLVMFuzzerTestOneInput', 'crypt_free', 'device_open_locked']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
BITLK_read_sb 322 108 33.54% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
_read_encrypted_metadata 116 61 52.58% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
crypt_load 52 25 48.07% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
crypt_free_type 40 21 52.5% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
verify_pbkdf_params 81 29 35.80% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
AES_set_encrypt_key 90 31 34.44%
OpenSSL_version 35 7 20.0%
ossl_engine_table_select 76 13 17.10%
get_error_values 60 26 43.33%
EVP_DecryptUpdate 88 21 23.86%
EVP_DecryptFinal_ex 80 21 26.25%
evp_cipher_init_internal 263 72 27.37%
ossl_ht_insert_locked 71 39 54.92%
OPENSSL_init_crypto 125 67 53.6%
init_thread_deregister 48 17 35.41%
CRYPTO_xts128_encrypt 95 34 35.78%
OSSL_PARAM_get_int32 71 18 25.35%
OSSL_PARAM_set_int32 65 14 21.53%
OSSL_PARAM_set_uint32 67 18 26.86%
OSSL_PARAM_set_uint64 73 14 19.17%
ossl_method_store_cache_set 53 29 54.71%
ossl_parse_query 53 16 30.18%
ossl_property_match_count 47 8 17.02%
ossl_property_list_to_string 51 15 29.41%
ossl_provider_new 73 34 46.57%
ossl_provider_doall_activated 78 42 53.84%
ossl_provider_query_operation 36 10 27.77%
provider_activate 50 23 46.0%
provider_init 164 58 35.36%
provider_activate_fallbacks 57 10 17.54%
internal_copy 35 19 54.28%
internal_find 51 17 33.33%
deflt_query 34 9 26.47%
ossl_cipher_generic_get_params 52 21 40.38%
ossl_cipher_common_get_ctx_params 34 10 29.41%
cipher_generic_get_ctx_params_decoder 88 30 34.09%
validate_intervals 38 14 36.84% ['crypt2_load_fuzz']
LUKS2_keyslots_validate 42 21 50.0% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
crypt_random_get 38 12 31.57% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
acquire_and_verify 33 17 51.51% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
acquire_lock_handle 38 19 50.0% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
write_lseek_blockwise 38 17 44.73% ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
json_object_get_int64 47 22 46.80%
json_object_double_to_json_string_format 71 13 18.30%
EVP_DigestUpdate 31 10 32.25%
EVP_DigestFinal_ex 43 20 46.51%
evp_md_init_internal 152 48 31.57%
probe_atari_pt 80 37 46.25%
probe_bsd_pt 93 13 13.97%
probe_dos_pt 113 41 36.28%
probe_gpt_pt 84 25 29.76%
get_gpt_header 61 22 36.06%
probe_mac_pt 76 21 27.63%
probe_minix_pt 51 14 27.45%
probe_sgi_pt 44 17 38.63%
probe_solaris_pt 57 20 35.08%
probe_sun_pt 64 19 29.68%
probe_ultrix_pt 42 18 42.85%
probe_unixware_pt 55 16 29.09%
blkid_probe_set_device 153 60 39.21%
probe_ddf 40 17 42.5%
probe_raid0 61 18 29.50%
probe_udf 232 125 53.87%

Fuzz driver synthesis

New fuzzers

The below fuzzers are templates and suggestions for how to target the set of optimal functions above

utils_reencrypt.c

Target file: /src/cryptsetup/src/utils_reencrypt.c
Target functions: reencrypt 
#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target reencrypt */
  int new_var0 = ada_safe_get_int();
  char **new_var1 = af_get_double_char_p();
  reencrypt(new_var0, new_var1);

  af_safe_gb_cleanup();
}

setup.c

Target file: /src/cryptsetup/lib/setup.c
Target functions: _activate_reencrypt_device_by_vk, crypt_convert, _crypt_format 
#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target _activate_reencrypt_device_by_vk */
  structcrypt_device* new_var2 = calloc(sizeof(structcrypt_device), 1);
  structluks2_hdr* new_var3 = calloc(sizeof(structluks2_hdr), 1);
  char *new_var4 = ada_safe_get_char_p();
  structvolume_key* new_var5 = calloc(sizeof(structvolume_key), 1);
  UNKNOWN_TYPE unknown_6;
  _activate_reencrypt_device_by_vk(new_var2, new_var3, new_var4, new_var5, unknown_6);

  /* target crypt_convert */
  structcrypt_device* new_var18 = calloc(sizeof(structcrypt_device), 1);
  char *new_var19 = ada_safe_get_char_p();
  UNKNOWN_TYPE unknown_20;
  crypt_convert(new_var18, new_var19, unknown_20);

  /* target _crypt_format */
  structcrypt_device* new_var30 = calloc(sizeof(structcrypt_device), 1);
  char *new_var31 = ada_safe_get_char_p();
  char *new_var32 = ada_safe_get_char_p();
  char *new_var33 = ada_safe_get_char_p();
  char *new_var34 = ada_safe_get_char_p();
  char *new_var35 = ada_safe_get_char_p();
  UNKNOWN_TYPE unknown_36;
  UNKNOWN_TYPE unknown_37;
  UNKNOWN_TYPE unknown_38;
  _crypt_format(new_var30, new_var31, new_var32, new_var33, new_var34, new_var35, unknown_36, unknown_37, unknown_38);

  af_safe_gb_cleanup();
}

luks2_reencrypt.c

Target file: /src/cryptsetup/lib/luks2/luks2_reencrypt.c
Target functions: reencrypt_init, reencrypt_step 
#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target reencrypt_init */
  structcrypt_device* new_var7 = calloc(sizeof(structcrypt_device), 1);
  char *new_var8 = ada_safe_get_char_p();
  structluks2_hdr* new_var9 = calloc(sizeof(structluks2_hdr), 1);
  structcrypt_keyslot_context* new_var10 = calloc(sizeof(structcrypt_keyslot_context), 1);
  structcrypt_keyslot_context* new_var11 = calloc(sizeof(structcrypt_keyslot_context), 1);
  int new_var12 = ada_safe_get_int();
  int new_var13 = ada_safe_get_int();
  char *new_var14 = ada_safe_get_char_p();
  char *new_var15 = ada_safe_get_char_p();
  structcrypt_params_reencrypt* new_var16 = calloc(sizeof(structcrypt_params_reencrypt), 1);
  UNKNOWN_TYPE unknown_17;
  reencrypt_init(new_var7, new_var8, new_var9, new_var10, new_var11, new_var12, new_var13, new_var14, new_var15, new_var16, unknown_17);

  /* target reencrypt_step */
  structcrypt_device* new_var25 = calloc(sizeof(structcrypt_device), 1);
  structluks2_hdr* new_var26 = calloc(sizeof(structluks2_hdr), 1);
  structluks2_reencrypt* new_var27 = calloc(sizeof(structluks2_reencrypt), 1);
  UNKNOWN_TYPE unknown_28;
  UNKNOWN_TYPE unknown_29;
  reencrypt_step(new_var25, new_var26, new_var27, unknown_28, unknown_29);

  af_safe_gb_cleanup();
}

argon2.c

Target file: /src/cryptsetup/lib/crypto_backend/argon2/argon2.c
Target functions: argon2_verify 
#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target argon2_verify */
  char *new_var21 = ada_safe_get_char_p();
  UNKNOWN_TYPE unknown_22;
  UNKNOWN_TYPE unknown_23;
  UNKNOWN_TYPE unknown_24;
  argon2_verify(new_var21, unknown_22, unknown_23, unknown_24);

  af_safe_gb_cleanup();
}

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
/src/cryptsetup/lib/crypto_backend/crypto_openssl.c [] []
/src/cryptsetup/lib/crypto_backend/argon2/blake2/blamka-round-opt.h [] []
/src/cryptsetup/tokens/ssh/cryptsetup-ssh.c [] []
/src/cryptsetup/lib/luks1/keymanage.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz']
/src/cryptsetup/tests/differ.c [] []
/src/cryptsetup/lib/utils_dm.h [] []
/src/cryptsetup/src/utils_luks.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/src/utils_keyslot_check.c [] []
/src/cryptsetup/lib/crypto_backend/argon2/encoding.c [] []
/src/cryptsetup/lib/luks2/luks2_keyslot_luks2.c [] []
/src/cryptsetup/lib/luks2/luks2_internal.h ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/misc/keyslot_checker/chk_luks_keyslots.c [] []
/src/cryptsetup/lib/verity/rs_decode_char.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/crypto_nss.c [] []
/src/cryptsetup/lib/luks2/luks2_luks1_convert.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/utils.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/nls.h [] []
/src/cryptsetup/lib/utils_safe_memory.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/src/utils_reencrypt.c [] []
/src/cryptsetup/tests/fake_systemd_tpm_path.c [] []
/src/cryptsetup/misc/dict_search/crypt_dict.c [] []
/src/cryptsetup/lib/utils_pbkdf.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/src/utils_blockdev.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/crypto_storage.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/argon2/blake2/blamka-round-ref.h [] []
/src/cryptsetup/lib/crypto_backend/crypto_nettle.c [] []
/src/cryptsetup/lib/internal.h ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz']
/src/cryptsetup/lib/crypto_backend/crypto_kernel.c [] []
/src/cryptsetup/lib/crypto_backend/argon2/core.c [] []
/src/cryptsetup/lib/crypto_backend/argon2/argon2.h [] []
/src/cryptsetup/lib/utils_device_locking.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/src/utils_password.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/luks2/luks2_digest_pbkdf2.c [] []
/src/cryptsetup/lib/libcryptsetup_symver.h [] []
/src/cryptsetup/lib/crypto_backend/memutils.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/luks2/luks2_digest.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/crypto_mbedtls.c [] []
/src/cryptsetup/tests/test_utils.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/src/utils_args.c [] []
/src/cryptsetup/lib/luks2/luks2_segment.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/utils_loop.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/bitops.h [] []
/src/cryptsetup/lib/verity/verity_hash.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/argon2/thread.c [] []
/src/cryptsetup/tests/crypto-check.c [] []
/src/cryptsetup/lib/libcryptsetup_macros.h [] []
/src/cryptsetup/tests/api-test.c [] []
/src/cryptsetup/lib/crypto_backend/crypto_cipher_kernel.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/luks2/luks2_reencrypt.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/luks2/luks2_reencrypt_digest.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/luks2/luks2_token.c [] []
/src/cryptsetup/lib/integrity/integrity.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/utils_device.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/crypto_backend/crypto_gcrypt.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/utils_io.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/utils_benchmark.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/luks2/luks2_keyslot.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/verity/rs_encode_char.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/tests/fuzz/plain_json_proto_to_luks2_converter.cc [] []
/src/cryptsetup/tests/fuzz/crypt2_load_ondisk_fuzz.cc ['crypt2_load_ondisk_fuzz'] ['crypt2_load_ondisk_fuzz']
/src/cryptsetup/src/utils_progress.c [] []
/src/cryptsetup/lib/utils_storage_wrappers.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/tests/fuzz/crypt2_load_fuzz.cc ['crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/utils_keyring.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/tests/api_test.h [] []
/src/cryptsetup/tests/fuzz/crypt2_load_proto_fuzz.cc [] []
/src/cryptsetup/tests/fuzz/json_proto_converter.cc [] []
/src/cryptsetup/lib/utils_blkid.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/crypto_backend/cipher_generic.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/argon2/blake2/blake2b.c [] []
/src/cryptsetup/lib/fvault2/fvault2.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz']
/src/cryptsetup/src/utils_arg_macros.h [] []
/src/cryptsetup/lib/crypto_backend/pbkdf2_generic.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/pbkdf_check.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/volumekey.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/tests/unit-utils-crypt.c [] []
/src/cryptsetup/lib/crypto_backend/utf8.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/docs/examples/crypt_log_usage.c [] []
/src/cryptsetup/lib/luks1/af.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz']
/src/cryptsetup/lib/verity/rs.h [] []
/src/cryptsetup/lib/loopaes/loopaes.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/cipher_check.c [] []
/src/cryptsetup/lib/crypto_backend/argon2/argon2.c [] []
/src/cryptsetup/lib/crypt_plain.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/random.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/utils_devpath.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/verity/verity.h [] []
/src/cryptsetup/lib/luks2/luks2_json_metadata.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/luks2/luks2_keyslot_reenc.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/tokens/ssh/libcryptsetup-token-ssh.c [] []
/src/cryptsetup/src/cryptsetup.h [] []
/src/cryptsetup/src/utils_key_description.c [] []
/src/cryptsetup/lib/crypto_backend/argon2/opt.c [] []
/src/cryptsetup/tests/unit-wipe.c [] []
/src/cryptsetup/tests/unit-utils-io.c [] []
/src/cryptsetup/lib/luks2/luks2_json_format.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_fuzz']
/src/cryptsetup/lib/bitlk/bitlk.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz']
/src/cryptsetup/src/utils_reencrypt_luks1.c [] []
/src/cryptsetup/lib/crypto_backend/base64.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/tests/all-symbols-test.c [] []
/src/cryptsetup/tests/crypto-vectors.c [] []
/src/cryptsetup/lib/utils_wipe.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/utils_crypt.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/tokens/ssh/ssh-utils.c [] []
/src/cryptsetup/lib/libdevmapper.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/luks2/hw_opal/hw_opal.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/src/cryptsetup.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/luks2/luks2_disk_metadata.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/crypto_backend/argon2/core.h [] []
/src/cryptsetup/lib/keyslot_context.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/tests/fuzz/proto_to_luks2_converter.cc [] []
/src/cryptsetup/lib/crypto_backend/crc32.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz']
/src/cryptsetup/src/veritysetup.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/luks1/keyencryption.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/tcrypt/tcrypt.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/verity/verity_fec.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/tests/api-test-2.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/setup.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz']
/src/cryptsetup/lib/verity/verity.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/docs/examples/crypt_luks_usage.c [] []
/src/cryptsetup/src/utils_tools.c ['crypt2_load_ondisk_fuzz', 'crypt2_load_fuzz'] []
/src/cryptsetup/lib/crypto_backend/argon2/blake2/blake2-impl.h [] []
/src/cryptsetup/lib/luks2/luks2_token_keyring.c [] []
/src/cryptsetup/src/integritysetup.c [] []

Directories in report

Directory
/src/cryptsetup/lib/luks2/
/src/cryptsetup/lib/tcrypt/
/src/cryptsetup/lib/integrity/
/src/cryptsetup/lib/bitlk/
/src/cryptsetup/lib/crypto_backend/
/src/cryptsetup/lib/crypto_backend/argon2/blake2/
/src/cryptsetup/lib/luks2/hw_opal/
/src/cryptsetup/lib/verity/
/src/cryptsetup/docs/examples/
/src/cryptsetup/misc/dict_search/
/src/cryptsetup/tests/
/src/cryptsetup/misc/keyslot_checker/
/src/cryptsetup/src/
/src/cryptsetup/lib/crypto_backend/argon2/
/src/cryptsetup/tests/fuzz/
/src/cryptsetup/tokens/ssh/
/src/cryptsetup/lib/fvault2/
/src/cryptsetup/lib/
/src/cryptsetup/lib/loopaes/
/src/cryptsetup/lib/luks1/

Function call coverage

This section shows a list of 3rd party function calls and their relative coverage information. By static analysis of the target project code, all of the 3rd party function call and their caller information, including the source file and line number that initiate the call are captured. The caller source code file and line number are shown in column 2 while column 1 is the function name of the 3rd party function call. Each occurrent of the 3rd party function call will occuply a separate row. Column 3 of each row indicate if the 3rd party call in the source file line is unreachable. Column 4 lists all fuzzers that have covered that particular system call in that specific location (source file and line)during their dynamic fuzzing.

Function in each files in report

Target sink Callsite location Reached by fuzzer Covered by Fuzzers

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
crypt2_load_ondisk_fuzz fuzzerLogFile-crypt2_load_ondisk_fuzz.data fuzzerLogFile-crypt2_load_ondisk_fuzz.data.yaml crypt2_load_ondisk_fuzz.covreport
crypt2_load_fuzz fuzzerLogFile-crypt2_load_fuzz.data fuzzerLogFile-crypt2_load_fuzz.data.yaml crypt2_load_fuzz.covreport

Sink analyser for CWEs

No sink functions/methods found in the target project.