Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: opensc
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: fuzz_pkcs11_uri
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_scconf_parse_string
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_asn1_print
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_asn1_sig_value
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_pkcs15_tool
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_piv_tool
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_card
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_pkcs15_decode
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_pkcs15_reader
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_pkcs11
Call tree
Runtime coverage analysis
Files reached
Fuzzer: fuzz_pkcs15_crypt
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_pkcs15init
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_pkcs15_encode
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
src/tests/fuzzing/fuzz_pkcs11_uri.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_scconf_parse_string.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_asn1_print.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_asn1_sig_value.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_pkcs15_tool.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_piv_tool.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_card.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_pkcs15_decode.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_pkcs15_reader.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_pkcs11.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_pkcs15_crypt.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_pkcs15init.c
Dictionary
Fuzzer function priority
src/tests/fuzzing/fuzz_pkcs15_encode.c
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2026-05-30

Project overview: opensc

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
17.0%
611 / 3544
Cyclomatic complexity statically reachable by fuzzers
18.0%
5728 / 32146
Runtime code coverage of functions
61.0%
2167 / 3544

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
fuzz_pkcs11_uri src/tests/fuzzing/fuzz_pkcs11_uri.c 16 0 4 2 136 64 fuzz_pkcs11_uri.c
fuzz_scconf_parse_string src/tests/fuzzing/fuzz_scconf_parse_string.c 35 28 7 5 342 146 fuzz_scconf_parse_string.c
fuzz_asn1_print src/tests/fuzzing/fuzz_asn1_print.c 37 145 8 5 435 193 fuzz_asn1_print.c
fuzz_asn1_sig_value src/tests/fuzzing/fuzz_asn1_sig_value.c 162 3221 10 15 2548 1011 fuzz_asn1_sig_value.c
fuzz_pkcs15_tool src/tests/fuzzing/fuzz_pkcs15_tool.c 445 3048 13 41 8998 3494 fuzz_pkcs15_tool.c
fuzz_piv_tool src/tests/fuzzing/fuzz_piv_tool.c 261 3180 14 25 4018 1641 fuzz_piv_tool.c
fuzz_card src/tests/fuzzing/fuzz_card.c 188 3205 11 21 3106 1234 fuzz_card.c
fuzz_pkcs15_decode src/tests/fuzzing/fuzz_pkcs15_decode.c 257 3137 11 30 4680 1861 fuzz_pkcs15_decode.c
fuzz_pkcs15_reader src/tests/fuzzing/fuzz_pkcs15_reader.c 357 3049 12 38 6841 2680 fuzz_pkcs15_reader.c
fuzz_pkcs11 src/tests/fuzzing/fuzz_pkcs11.c 1 3841 0 1 6 3 fuzz_pkcs11.c
fuzz_pkcs15_crypt src/tests/fuzzing/fuzz_pkcs15_crypt.c 394 3055 13 40 7249 2884 fuzz_pkcs15_crypt.c
fuzz_pkcs15init src/tests/fuzzing/fuzz_pkcs15init.c 460 2943 21 35 10647 3911 fuzz_pkcs15init.c
fuzz_pkcs15_encode src/tests/fuzzing/fuzz_pkcs15_encode.c 319 3074 11 31 6111 2409 fuzz_pkcs15_encode.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_pkcs11_uri

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2 4.76%
gold [1:9] 8 19.0%
yellow [10:29] 6 14.2%
greenyellow [30:49] 2 4.76%
lawngreen 50+ 24 57.1%
All colors 42 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1 6 parse_pkcs11_uri call site: 00006 fprintf
1 20 parse_pkcs11_uri call site: 00020 fprintf

Runtime coverage analysis

Covered functions
7
Functions that are reachable but not covered
9
Reachable functions
16
Percentage of reachable functions covered
43.75%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs11_uri.c 1
src/tests/fuzzing/../../tools/pkcs11_uri.c 6

Fuzzer: fuzz_scconf_parse_string

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4 4.93%
gold [1:9] 1 1.23%
yellow [10:29] 4 4.93%
greenyellow [30:49] 1 1.23%
lawngreen 50+ 71 87.6%
All colors 81 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1 6 scconf_parse_string call site: 00006 buf_init
1 9 scconf_lex_engine call site: 00009 fgetc
1 53 scconf_parse_token call site: 00053 snprintf
1 71 scconf_lex_engine call site: 00071 snprintf

Runtime coverage analysis

Covered functions
27
Functions that are reachable but not covered
8
Reachable functions
35
Percentage of reachable functions covered
77.14%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_scconf_parse_string.c 1
src/scconf/scconf.c 6
src/scconf/parse.c 11
src/scconf/sclex.c 8
src/common/compat_strlcpy.c 1

Fuzzer: fuzz_asn1_print

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 3 2.70%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 108 97.2%
All colors 111 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1 0 EP call site: 00000 fclose
1 13 print_tags_recursive call site: 00013 printf
1 23 sc_hex_dump call site: 00023 strlen

Runtime coverage analysis

Covered functions
25
Functions that are reachable but not covered
12
Reachable functions
37
Percentage of reachable functions covered
67.57%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_asn1_print.c 1
src/libopensc/asn1.c 19
src/libopensc/log.c 3
src/common/compat_strlcat.c 1
src/libopensc/sc.c 1

Fuzzer: fuzz_asn1_sig_value

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 353 65.2%
gold [1:9] 102 18.8%
yellow [10:29] 3 0.55%
greenyellow [30:49] 5 0.92%
lawngreen 50+ 78 14.4%
All colors 541 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
82 334 asn1_decode call site: 00334 asn1_decode_path
71 444 asn1_encode call site: 00444 asn1_encode_path
59 8 sc_do_log call site: 00008 sc_do_log
24 238 load_card_drivers call site: 00238 load_dynamic_driver
15 266 load_card_atrs call site: 00266 scconf_get_str
12 517 asn1_encode_entry call site: 00517 asn1_write_element
8 195 scconf_get_str call site: 00195 sc_ctx_log_to_file
6 146 scconf_parse_token call site: 00146 scconf_parse_token
6 325 asn1_decode_entry call site: 00325 sc_do_log_color
5 136 scconf_parse_token call site: 00136 scconf_parse_reset_state
5 155 scconf_lex_engine call site: 00155 scconf_parse_token
4 114 scconf_item_add_internal call site: 00114 scconf_parse_reset_state

Runtime coverage analysis

Covered functions
118
Functions that are reachable but not covered
94
Reachable functions
162
Percentage of reachable functions covered
41.98%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_asn1_sig_value.c 1
src/libopensc/ctx.c 21
src/libopensc/log.c 8
src/common/simclist.c 12
src/libopensc/card.c 2
src/common/libscdl.c 4
src/libopensc/sc.c 9
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/libopensc/asn1.c 31
src/libopensc/errors.c 1
src/libopensc/pkcs15-algo.c 3

Fuzzer: fuzz_pkcs15_tool

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2508 100.%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 0 0.0%
All colors 2508 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
2507 0 EP call site: 00000 _main

Runtime coverage analysis

Covered functions
0
Functions that are reachable but not covered
445
Reachable functions
445
Percentage of reachable functions covered
0.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs15_tool.c 3
src/tests/fuzzing/fuzzer_tool.c 4
src/tests/fuzzing/../../../src/tools/pkcs15-tool.c 39
src/tests/fuzzing/../../tools/util.c 4
src/libopensc/ctx.c 23
src/libopensc/log.c 10
src/common/simclist.c 14
src/libopensc/card.c 24
src/common/libscdl.c 4
src/libopensc/sc.c 25
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/libopensc/errors.c 1
src/tests/fuzzing/fuzzer_reader.c 3
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 33
src/libopensc/pkcs15-algo.c 4
src/libopensc/dir.c 3
src/libopensc/ef-atr.c 1
src/libopensc/pkcs15.c 53
src/libopensc/pkcs15-prkey.c 1
src/libopensc/aux-data.c 2
src/libopensc/pkcs15-pubkey.c 17
src/libopensc/pkcs15-cert.c 4
src/libopensc/pkcs15-skey.c 1
src/libopensc/pkcs15-data.c 3
src/libopensc/pkcs15-pin.c 10
src/libopensc/pkcs15-syn.c 3
src/libopensc/pkcs15-emulator-filter.c 3
src/libopensc/pkcs15-cache.c 3
src/tools/../pkcs11/pkcs11-display.c 2
src/libopensc/compression.c 4
src/ui/notify.c 1
src/libopensc/sec.c 1
src/libopensc/base64.c 2
src/common/compat_strlcat.c 1
src/libopensc/apdu.c 7
src/libopensc/sm.c 4

Fuzzer: fuzz_piv_tool

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 462 46.4%
gold [1:9] 46 4.62%
yellow [10:29] 30 3.01%
greenyellow [30:49] 40 4.02%
lawngreen 50+ 417 41.9%
All colors 995 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
92 412 asn1_decode call site: 00412 asn1_decode_path
61 551 sc_card_sm_check call site: 00551 sc_card_sm_load
24 277 load_card_drivers call site: 00277 load_dynamic_driver
20 840 gen_key call site: 00840 sc_do_log_openssl
18 359 sc_connect_card call site: 00359 sc_detect_escape_cmds
17 677 sc_single_transmit call site: 00677 sc_sm_single_transmit
15 305 load_card_atrs call site: 00305 scconf_get_str
14 53 is_a_tty call site: 00053 isatty
9 760 sc_unlock call site: 00760 sc_do_log
8 234 scconf_get_str call site: 00234 sc_ctx_log_to_file
8 532 sc_connect_card call site: 00532 sc_do_log
7 402 asn1_decode_entry call site: 00402 asn1_decode

Runtime coverage analysis

Covered functions
265
Functions that are reachable but not covered
114
Reachable functions
261
Percentage of reachable functions covered
56.32%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_piv_tool.c 5
src/tests/fuzzing/fuzzer_tool.c 7
src/tests/fuzzing/../../../src/tools/piv-tool.c 7
src/tests/fuzzing/../../tools/util.c 2
src/libopensc/ctx.c 22
src/libopensc/log.c 11
src/common/simclist.c 14
src/libopensc/card.c 21
src/common/libscdl.c 4
src/libopensc/sc.c 13
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/libopensc/errors.c 1
src/tests/fuzzing/fuzzer_reader.c 3
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 18
src/libopensc/pkcs15-algo.c 2
src/libopensc/dir.c 1
src/libopensc/ef-atr.c 1
src/libopensc/apdu.c 8
src/libopensc/sm.c 4
src/common/compat_strlcat.c 1

Fuzzer: fuzz_card

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 354 50.3%
gold [1:9] 1 0.14%
yellow [10:29] 0 0.0%
greenyellow [30:49] 6 0.85%
lawngreen 50+ 342 48.6%
All colors 703 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
61 505 sc_card_sm_check call site: 00505 sc_card_sm_load
39 419 sc_dump_oid call site: 00419 asn1_decode_se_info
38 379 sc_asn1_decode_object_id call site: 00379 asn1_decode_path
34 9 sc_do_log call site: 00009 sc_color_fprintf
24 239 load_card_drivers call site: 00239 load_dynamic_driver
18 313 sc_connect_card call site: 00313 sc_detect_escape_cmds
15 267 load_card_atrs call site: 00267 scconf_get_str
8 196 scconf_get_str call site: 00196 sc_ctx_log_to_file
7 356 asn1_decode_entry call site: 00356 asn1_decode
7 366 asn1_decode call site: 00366 sc_do_log
6 147 scconf_parse_token call site: 00147 scconf_parse_token
5 52 list_delete_at call site: 00052 sc_do_log

Runtime coverage analysis

Covered functions
656
Functions that are reachable but not covered
71
Reachable functions
188
Percentage of reachable functions covered
62.23%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_card.c 1
src/libopensc/ctx.c 22
src/libopensc/log.c 10
src/common/simclist.c 14
src/libopensc/card.c 22
src/common/libscdl.c 4
src/libopensc/sc.c 11
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/tests/fuzzing/fuzzer_reader.c 4
src/libopensc/errors.c 1
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 17
src/libopensc/pkcs15-algo.c 2
src/libopensc/dir.c 1
src/libopensc/ef-atr.c 1
src/libopensc/sec.c 2
src/common/compat_strlcat.c 1

Fuzzer: fuzz_pkcs15_decode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 387 31.3%
gold [1:9] 57 4.61%
yellow [10:29] 24 1.94%
greenyellow [30:49] 20 1.62%
lawngreen 50+ 746 60.4%
All colors 1234 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
61 505 sc_card_sm_check call site: 00505 sc_card_sm_load
49 661 sc_pkcs15_bind_synthetic call site: 00661 parse_emu_block
34 9 sc_do_log call site: 00009 sc_color_fprintf
24 239 load_card_drivers call site: 00239 load_dynamic_driver
18 313 sc_connect_card call site: 00313 sc_detect_escape_cmds
15 267 load_card_atrs call site: 00267 scconf_get_str
9 964 generate_cache_filename call site: 00964 sc_asn1_decode
8 196 scconf_get_str call site: 00196 sc_ctx_log_to_file
8 450 asn1_decode_entry call site: 00450 sc_do_log_color
8 917 parse_ddo call site: 00917 sc_do_log_color
7 829 parse_dir_record call site: 00829 sc_do_log
6 147 scconf_parse_token call site: 00147 scconf_parse_token

Runtime coverage analysis

Covered functions
1104
Functions that are reachable but not covered
71
Reachable functions
257
Percentage of reachable functions covered
72.37%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs15_decode.c 2
src/libopensc/ctx.c 24
src/libopensc/log.c 8
src/common/simclist.c 14
src/libopensc/card.c 22
src/common/libscdl.c 4
src/libopensc/sc.c 22
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/tests/fuzzing/fuzzer_reader.c 3
src/libopensc/errors.c 1
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 18
src/libopensc/pkcs15-algo.c 3
src/libopensc/dir.c 3
src/libopensc/ef-atr.c 1
src/libopensc/pkcs15.c 27
src/libopensc/pkcs15-prkey.c 1
src/libopensc/aux-data.c 1
src/libopensc/pkcs15-pubkey.c 8
src/libopensc/pkcs15-cert.c 1
src/libopensc/pkcs15-skey.c 1
src/libopensc/pkcs15-data.c 1
src/libopensc/pkcs15-pin.c 1
src/libopensc/pkcs15-syn.c 3
src/libopensc/pkcs15-emulator-filter.c 3
src/libopensc/pkcs15-cache.c 3

Fuzzer: fuzz_pkcs15_reader

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 641 35.7%
gold [1:9] 29 1.61%
yellow [10:29] 40 2.22%
greenyellow [30:49] 29 1.61%
lawngreen 50+ 1055 58.8%
All colors 1794 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
61 504 sc_card_sm_check call site: 00504 sc_card_sm_load
54 1472 sc_do_log_openssl call site: 01472 sc_do_log_openssl
49 660 sc_pkcs15_bind_synthetic call site: 00660 parse_emu_block
43 1653 sc_pkcs1_encode call site: 01653 sc_pkcs15_decipher
34 8 sc_do_log call site: 00008 sc_color_fprintf
24 238 load_card_drivers call site: 00238 load_dynamic_driver
23 1563 sc_pkcs15_unwrap call site: 01563 use_key
22 1598 sc_pkcs15_wrap call site: 01598 use_key
18 312 sc_connect_card call site: 00312 sc_detect_escape_cmds
16 1448 sc_pkcs1_strip_02_padding_constant_time call site: 01448 sc_pkcs1_strip_oaep_padding
15 266 load_card_atrs call site: 00266 scconf_get_str
10 1354 _sc_pkcs15_verify_pin call site: 01354 sc_pkcs15_find_skey_by_id

Runtime coverage analysis

Covered functions
1223
Functions that are reachable but not covered
117
Reachable functions
357
Percentage of reachable functions covered
67.23%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs15_reader.c 1
src/libopensc/ctx.c 24
src/libopensc/log.c 11
src/common/simclist.c 14
src/libopensc/card.c 28
src/common/libscdl.c 4
src/libopensc/sc.c 26
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/tests/fuzzing/fuzzer_reader.c 4
src/libopensc/errors.c 1
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 18
src/libopensc/pkcs15-algo.c 3
src/libopensc/dir.c 3
src/libopensc/ef-atr.c 1
src/libopensc/pkcs15.c 43
src/libopensc/pkcs15-prkey.c 1
src/libopensc/aux-data.c 1
src/libopensc/pkcs15-pubkey.c 3
src/libopensc/pkcs15-cert.c 1
src/libopensc/pkcs15-skey.c 1
src/libopensc/pkcs15-data.c 1
src/libopensc/pkcs15-pin.c 10
src/libopensc/pkcs15-syn.c 3
src/libopensc/pkcs15-emulator-filter.c 3
src/libopensc/pkcs15-cache.c 3
src/common/compat_strlcat.c 1
src/libopensc/pkcs15-sec.c 10
src/libopensc/padding.c 12
src/libopensc/sec.c 6
src/libopensc/compression.c 4
src/ui/notify.c 1
src/libopensc/../../src/common/constant-time.h 8
src/libopensc/../../src/libopensc/sc-ossl-compat.h 2

Fuzzer: fuzz_pkcs11

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 1 100.%
All colors 1 100

Runtime coverage analysis

Covered functions
1483
Functions that are reachable but not covered
0
Reachable functions
1
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs11.c 1

Fuzzer: fuzz_pkcs15_crypt

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 640 34.2%
gold [1:9] 64 3.42%
yellow [10:29] 45 2.40%
greenyellow [30:49] 52 2.78%
lawngreen 50+ 1068 57.1%
All colors 1869 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
61 530 sc_card_sm_check call site: 00530 sc_card_sm_load
51 1546 sc_do_log_openssl call site: 01546 sc_do_log_openssl
49 689 sc_pkcs15_bind_synthetic call site: 00689 parse_emu_block
47 1643 sc_pkcs1_encode call site: 01643 sc_pkcs15_decipher
26 1740 asn1_encode_entry call site: 01740 asn1_encode_path
24 261 load_card_drivers call site: 00261 load_dynamic_driver
18 338 sc_connect_card call site: 00338 sc_detect_escape_cmds
16 1522 sc_pkcs1_strip_02_padding_constant_time call site: 01522 sc_pkcs1_strip_oaep_padding
15 289 load_card_atrs call site: 00289 scconf_get_str
14 37 is_a_tty call site: 00037 isatty
12 1807 asn1_encode_entry call site: 01807 asn1_write_element
11 1794 sc_asn1_encode_algorithm_id call site: 01794 asn1_encode_se_info

Runtime coverage analysis

Covered functions
1176
Functions that are reachable but not covered
123
Reachable functions
394
Percentage of reachable functions covered
68.78%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs15_crypt.c 4
src/tests/fuzzing/fuzzer_tool.c 7
src/tests/fuzzing/../../../src/tools/pkcs15-crypt.c 8
src/tests/fuzzing/../../tools/util.c 2
src/libopensc/ctx.c 23
src/libopensc/log.c 9
src/common/simclist.c 14
src/libopensc/card.c 28
src/common/libscdl.c 4
src/libopensc/sc.c 27
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/libopensc/errors.c 1
src/tests/fuzzing/fuzzer_reader.c 3
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 31
src/libopensc/pkcs15-algo.c 4
src/libopensc/dir.c 3
src/libopensc/ef-atr.c 1
src/libopensc/pkcs15.c 49
src/libopensc/pkcs15-prkey.c 1
src/libopensc/aux-data.c 1
src/libopensc/pkcs15-pubkey.c 3
src/libopensc/pkcs15-cert.c 1
src/libopensc/pkcs15-skey.c 1
src/libopensc/pkcs15-data.c 1
src/libopensc/pkcs15-pin.c 8
src/libopensc/pkcs15-syn.c 3
src/libopensc/pkcs15-emulator-filter.c 3
src/libopensc/pkcs15-cache.c 3
src/libopensc/compression.c 4
src/ui/notify.c 1
src/libopensc/sec.c 4
src/libopensc/pkcs15-sec.c 6
src/libopensc/padding.c 12
src/libopensc/../../src/common/constant-time.h 8
src/libopensc/../../src/libopensc/sc-ossl-compat.h 2

Fuzzer: fuzz_pkcs15init

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 798 26.8%
gold [1:9] 140 4.71%
yellow [10:29] 174 5.85%
greenyellow [30:49] 44 1.48%
lawngreen 50+ 1816 61.1%
All colors 2972 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
61 506 sc_card_sm_check call site: 00506 sc_card_sm_load
55 2519 _pkcd15init_set_aux_md_data call site: 02519 sc_pkcs15_get_objects
47 1848 sc_pkcs15_bind_synthetic call site: 01848 parse_emu_block
34 10 sc_do_log call site: 00010 sc_color_fprintf
26 779 sc_profile_find_file_by_path call site: 00779 sc_profile_load
25 2629 sc_pkcs15_free_certificate call site: 02629 sc_pkcs15_pubkey_from_prvkey
24 240 load_card_drivers call site: 00240 load_dynamic_driver
23 2169 sc_pkcs15init_store_pin call site: 02169 sc_pkcs15init_store_puk
18 314 sc_connect_card call site: 00314 sc_detect_escape_cmds
15 268 load_card_atrs call site: 00268 scconf_get_str
15 1680 sc_update_record call site: 01680 sc_lock
15 2860 sc_pkcs15init_init_skdf call site: 02860 sc_pkcs15init_add_object

Runtime coverage analysis

Covered functions
1480
Functions that are reachable but not covered
96
Reachable functions
460
Percentage of reachable functions covered
79.13%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs15init.c 11
src/libopensc/ctx.c 24
src/libopensc/log.c 8
src/common/simclist.c 14
src/libopensc/card.c 28
src/common/libscdl.c 4
src/libopensc/sc.c 34
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/tests/fuzzing/fuzzer_reader.c 3
src/libopensc/errors.c 1
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 33
src/libopensc/pkcs15-algo.c 4
src/libopensc/dir.c 8
src/libopensc/ef-atr.c 1
src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c 59
src/tests/fuzzing/../../../src/pkcs15init/profile.c 30
src/libopensc/pkcs15.c 59
src/libopensc/pkcs15-prkey.c 2
src/libopensc/aux-data.c 4
src/libopensc/pkcs15-pubkey.c 12
src/libopensc/pkcs15-cert.c 4
src/libopensc/pkcs15-skey.c 1
src/libopensc/pkcs15-data.c 1
src/libopensc/pkcs15-pin.c 8
src/libopensc/pkcs15-cache.c 3
src/libopensc/compression.c 4
src/libopensc/sec.c 1
src/ui/notify.c 1
src/libopensc/pkcs15-syn.c 3
src/libopensc/pkcs15-emulator-filter.c 3

Fuzzer: fuzz_pkcs15_encode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 597 35.9%
gold [1:9] 43 2.58%
yellow [10:29] 35 2.10%
greenyellow [30:49] 8 0.48%
lawngreen 50+ 979 58.9%
All colors 1662 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
61 504 sc_card_sm_check call site: 00504 sc_card_sm_load
49 660 sc_pkcs15_bind_synthetic call site: 00660 parse_emu_block
37 1335 sc_pkcs15_decode_pubkey_rsa call site: 01335 sc_pkcs15_decode_pubkey_ec
34 8 sc_do_log call site: 00008 sc_color_fprintf
33 1479 sc_pkcs15_encode_dodf_entry call site: 01479 sc_pkcs15_encode_skdf_entry
24 238 load_card_drivers call site: 00238 load_dynamic_driver
24 1611 sc_pkcs15_prkey_attrs_from_cert call site: 01611 sc_do_log_openssl
18 312 sc_connect_card call site: 00312 sc_detect_escape_cmds
15 266 load_card_atrs call site: 00266 scconf_get_str
13 1373 sc_pkcs15_decode_pubkey call site: 01373 sc_pkcs15_decode_pubkey
11 1271 sc_asn1_encode_algorithm_id call site: 01271 asn1_encode_se_info
11 1285 asn1_encode_entry call site: 01285 sc_do_log_color

Runtime coverage analysis

Covered functions
1110
Functions that are reachable but not covered
102
Reachable functions
319
Percentage of reachable functions covered
68.03%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
src/tests/fuzzing/fuzz_pkcs15_encode.c 1
src/libopensc/ctx.c 24
src/libopensc/log.c 9
src/common/simclist.c 14
src/libopensc/card.c 22
src/common/libscdl.c 4
src/libopensc/sc.c 23
src/scconf/scconf.c 11
src/scconf/parse.c 12
src/scconf/sclex.c 9
src/common/compat_strlcpy.c 1
src/libopensc/reader-ctapi.c 1
src/tests/fuzzing/fuzzer_reader.c 3
src/libopensc/errors.c 1
src/libopensc/reader-tr03119.c 2
src/libopensc/asn1.c 30
src/libopensc/pkcs15-algo.c 4
src/libopensc/dir.c 3
src/libopensc/ef-atr.c 1
src/libopensc/pkcs15.c 43
src/libopensc/pkcs15-prkey.c 3
src/libopensc/aux-data.c 1
src/libopensc/pkcs15-pubkey.c 11
src/libopensc/pkcs15-cert.c 2
src/libopensc/pkcs15-skey.c 2
src/libopensc/pkcs15-data.c 2
src/libopensc/pkcs15-pin.c 2
src/libopensc/pkcs15-syn.c 3
src/libopensc/pkcs15-emulator-filter.c 3
src/libopensc/pkcs15-cache.c 3
src/libopensc/compression.c 4

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
npa_init /src/opensc/src/libopensc/card-npa.c 1 ['N/A'] 18 0 153 21 10 473 0 3089 2088
iasecc_card_ctl /src/opensc/src/libopensc/card-iasecc.c 3 ['N/A', 'size_t', 'N/A'] 21 0 157 15 16 154 0 1580 685
pkcs15_create_object /src/opensc/src/pkcs11/framework-pkcs15.c 4 ['N/A', 'N/A', 'size_t', 'N/A'] 21 0 325 42 14 412 0 3440 495
cosm_emu_update_any_df /src/opensc/src/pkcs15init/pkcs15-oberthur.c 4 ['N/A', 'N/A', 'int', 'N/A'] 27 0 108 14 2 260 0 2177 453
pgp_card_ctl /src/opensc/src/libopensc/card-openpgp.c 3 ['N/A', 'size_t', 'N/A'] 19 0 284 42 7 144 0 1373 447
dnie_sm_get_wrapped_apdu /src/opensc/src/libopensc/card-dnie.c 3 ['N/A', 'N/A', 'N/A'] 18 0 183 32 10 133 0 1042 398
piv_init /src/opensc/src/libopensc/card-piv.c 1 ['N/A'] 20 0 519 76 24 137 0 1266 369

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
28.0%
1007 / 3544
Cyclomatic complexity statically reachable by fuzzers
32.0%
10357 / 32146

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

src/tests/fuzzing/fuzz_pkcs11_uri.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['parse_pkcs11_uri']

src/tests/fuzzing/fuzz_scconf_parse_string.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['scconf_parse_string', 'scconf_lex_engine', 'scconf_parse_token']

src/tests/fuzzing/fuzz_asn1_print.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['print_tags_recursive', 'sc_hex_dump']

src/tests/fuzzing/fuzz_asn1_sig_value.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['asn1_decode', 'asn1_encode', 'sc_do_log', 'load_card_drivers', 'load_card_atrs', 'asn1_encode_entry', 'scconf_get_str', 'scconf_parse_token', 'asn1_decode_entry']

src/tests/fuzzing/fuzz_pkcs15_tool.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


src/tests/fuzzing/fuzz_piv_tool.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['asn1_decode', 'sc_card_sm_check', 'load_card_drivers', 'gen_key', 'sc_connect_card', 'sc_single_transmit', 'load_card_atrs', 'is_a_tty', 'sc_unlock', 'scconf_get_str']

src/tests/fuzzing/fuzz_card.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sc_card_sm_check', 'sc_dump_oid', 'sc_asn1_decode_object_id', 'sc_do_log', 'load_card_drivers', 'sc_connect_card', 'load_card_atrs', 'scconf_get_str', 'asn1_decode_entry', 'asn1_decode']

src/tests/fuzzing/fuzz_pkcs15_decode.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sc_card_sm_check', 'sc_pkcs15_bind_synthetic', 'sc_do_log', 'load_card_drivers', 'sc_connect_card', 'load_card_atrs', 'generate_cache_filename', 'scconf_get_str', 'asn1_decode_entry', 'parse_ddo']

src/tests/fuzzing/fuzz_pkcs15_reader.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sc_card_sm_check', 'sc_do_log_openssl', 'sc_pkcs15_bind_synthetic', 'sc_pkcs1_encode', 'sc_do_log', 'load_card_drivers', 'sc_pkcs15_unwrap', 'sc_pkcs15_wrap', 'sc_connect_card', 'sc_pkcs1_strip_02_padding_constant_time']

src/tests/fuzzing/fuzz_pkcs11.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


src/tests/fuzzing/fuzz_pkcs15_crypt.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sc_card_sm_check', 'sc_do_log_openssl', 'sc_pkcs15_bind_synthetic', 'sc_pkcs1_encode', 'asn1_encode_entry', 'load_card_drivers', 'sc_connect_card', 'sc_pkcs1_strip_02_padding_constant_time', 'load_card_atrs', 'is_a_tty']

src/tests/fuzzing/fuzz_pkcs15init.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sc_card_sm_check', '_pkcd15init_set_aux_md_data', 'sc_pkcs15_bind_synthetic', 'sc_do_log', 'sc_profile_find_file_by_path', 'sc_pkcs15_free_certificate', 'load_card_drivers', 'sc_pkcs15init_store_pin', 'sc_connect_card', 'load_card_atrs']

src/tests/fuzzing/fuzz_pkcs15_encode.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sc_card_sm_check', 'sc_pkcs15_bind_synthetic', 'sc_pkcs15_decode_pubkey_rsa', 'sc_do_log', 'sc_pkcs15_encode_dodf_entry', 'load_card_drivers', 'sc_pkcs15_prkey_attrs_from_cert', 'sc_connect_card', 'load_card_atrs', 'sc_pkcs15_decode_pubkey']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
load_card_atrs 54 12 22.22% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs15_tool', 'fuzz_pkcs11', 'fuzz_asn1_sig_value', 'fuzz_card', 'fuzz_pkcs15_reader', 'fuzz_piv_tool', 'fuzz_pkcs15init']
piv_read_obj_from_file 56 23 41.07% ['fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_reader']
sc_card_sm_check 51 9 17.64% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs15_tool', 'fuzz_pkcs11', 'fuzz_card', 'fuzz_pkcs15_reader', 'fuzz_piv_tool', 'fuzz_pkcs15init']
sc_color_fprintf_va 52 9 17.30% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs15_tool', 'fuzz_asn1_sig_value', 'fuzz_card', 'fuzz_pkcs15_reader', 'fuzz_piv_tool', 'fuzz_pkcs15init']
pgp_get_pubkey_pem 94 14 14.89% ['fuzz_card', 'fuzz_pkcs15init']
cwa_create_secure_channel 292 30 10.27% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_card', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
sc_apdu2bytes 69 19 27.53% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
atrust_acos_select_aid 31 17 54.83% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader']
authentic_parse_credential_data 59 32 54.23% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
dnie_pin_cmd 40 21 52.5% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader']
entersafe_pin_cmd 42 12 28.57% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
epass2003_pin_cmd 49 13 26.53% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
gids_read_binary 35 9 25.71% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
gids_card_ctl 34 13 38.23% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
gids_get_pin_status 41 13 31.70% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
iasecc_card_ctl 36 18 50.0% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
iasecc_pin_get_policy 81 40 49.38% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
sc_hsm_pin_cmd 127 48 37.79% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
iasecc_sm_initialize 44 15 34.09% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
iasecc_sm_se_mutual_authentication 34 17 50.0% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
sc_pkcs15emu_eoi_init_ex 59 25 42.37% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
sc_pkcs15emu_esteid2018_init 177 49 27.68% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_encode']
sc_pkcs15emu_gids_init 104 11 10.57% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
itacns_check_and_add_keyset 79 39 49.36% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader']
itacns_add_cert 54 23 42.59% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader']
sc_pkcs15emu_sc_hsm_init 208 52 25.0% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
sc_pkcs15_bind_synthetic 74 26 35.13% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs15_tool', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
sc_pin_cmd 57 31 54.38% ['fuzz_pkcs15_decode', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15_encode', 'fuzz_pkcs15_tool', 'fuzz_pkcs11', 'fuzz_pkcs15_reader', 'fuzz_pkcs15init']
asepcos_pin_cmd 88 9 10.22% ['fuzz_pkcs15_reader']
myeid_set_security_env 61 29 47.54% ['fuzz_pkcs15_crypt', 'fuzz_pkcs11', 'fuzz_pkcs15_reader']
auth_pin_reset_oberthur_style 82 13 15.85% ['fuzz_pkcs15_reader']
pgp_decipher 97 50 51.54% ['fuzz_pkcs15_crypt', 'fuzz_pkcs15_reader']
sc_pkcs15_unwrap 61 32 52.45% ['fuzz_pkcs15_reader']
sc_pkcs15_wrap 80 41 51.24% ['fuzz_pkcs15_reader']
rutoken_card_ctl 51 19 37.25% ['fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs11']
sc_pkcs15_get_application_by_type 34 14 41.17% ['fuzz_pkcs11']
_get_auth_object_by_name 51 13 25.49% ['fuzz_pkcs11']
pkcs15_init_pin 67 32 47.76% ['fuzz_pkcs11']
pkcs15_gen_keypair 191 42 21.98% ['fuzz_pkcs11']
pkcs15_cert_get_attribute 89 27 30.33% ['fuzz_pkcs11']
pkcs15_cert_cmp_attribute 51 16 31.37% ['fuzz_pkcs11']
pkcs15_prkey_get_attribute 185 97 52.43% ['fuzz_pkcs11']
pkcs15_prkey_can_do 39 14 35.89% ['fuzz_pkcs11']
pkcs15_prkey_init_params 58 21 36.20% ['fuzz_pkcs11']
pkcs15_pubkey_get_attribute 191 87 45.54% ['fuzz_pkcs11']
pkcs15_dobj_get_attribute 77 20 25.97% ['fuzz_pkcs11']
pkcs15_skey_get_attribute 99 40 40.40% ['fuzz_pkcs11']
pkcs15_skey_decrypt 48 20 41.66% ['fuzz_pkcs11']
sc_pkcs11_verify_init 42 22 52.38% ['fuzz_pkcs11']
push_login_state 33 6 18.18% ['fuzz_pkcs11']
load_pkcs11_parameters 56 26 46.42% ['fuzz_pkcs11']
sc_pkcs11_verify_data 329 158 48.02% ['fuzz_pkcs11']
sc_pkcs11_init_lock 33 7 21.21% ['fuzz_pkcs11']
C_UnwrapKey 52 23 44.23% ['fuzz_pkcs11']
C_DeriveKey 59 30 50.84% ['fuzz_pkcs11']
card_detect 137 15 10.94% ['fuzz_pkcs11']
card_detect_all 35 7 20.0% ['fuzz_pkcs11']
sc_pkcs15init_bind 93 50 53.76% ['fuzz_pkcs11']
sc_pkcs15init_store_certificate 79 16 20.25% ['fuzz_pkcs11']
authentic_manage_sdo_encode 65 33 50.76% ['fuzz_pkcs15init']
iasecc_create_file 41 20 48.78% ['fuzz_pkcs15init']
iasecc_get_free_reference 85 31 36.47% ['fuzz_pkcs15init']
iasecc_pin_verify 65 28 43.07% ['fuzz_pkcs15init']
isoApplet_ctl_generate_key 144 75 52.08% ['fuzz_pkcs15init']
muscle_pin_cmd 71 27 38.02% ['fuzz_pkcs15init']
myeid_loadkey 45 21 46.66% ['fuzz_pkcs15init']
auth_update_component 85 40 47.05% ['fuzz_pkcs15init']
sc_update_record 34 10 29.41% ['fuzz_pkcs15init']
iasecc_sdo_allocate_and_parse 40 19 47.5% ['fuzz_pkcs15init']
authentic_pkcs15_fix_file_access_rule 33 18 54.54% ['fuzz_pkcs15init']
authentic_pkcs15_generate_key 44 17 38.63% ['fuzz_pkcs15init']
cardos_generate_key 69 21 30.43% ['fuzz_pkcs15init']
cflex_create_dummy_chvs 41 13 31.70% ['fuzz_pkcs15init']
cflex_create_key 36 12 33.33% ['fuzz_pkcs15init']
entersafe_create_dir 82 25 30.48% ['fuzz_pkcs15init']
entersafe_sanity_check 37 16 43.24% ['fuzz_pkcs15init']
epass2003_pkcs15_init_card 37 18 48.64% ['fuzz_pkcs15init']
epass2003_pkcs15_sanity_check 44 17 38.63% ['fuzz_pkcs15init']
iasecc_pkcs15_erase_card 60 11 18.33% ['fuzz_pkcs15init']
iasecc_pkcs15_create_key 42 17 40.47% ['fuzz_pkcs15init']
iasecc_sdo_allocate_pubkey 58 23 39.65% ['fuzz_pkcs15init']
iasecc_sdo_set_key_acls_from_profile 65 16 24.61% ['fuzz_pkcs15init']
isoApplet_generate_key_ec 135 61 45.18% ['fuzz_pkcs15init']
sc_pkcs15init_generate_secret_key 42 11 26.19% ['fuzz_pkcs15init']
openpgp_store_key 50 15 30.0% ['fuzz_pkcs15init']
create_sysdf 32 10 31.25% ['fuzz_pkcs15init']
rtecp_create_pin 73 19 26.02% ['fuzz_pkcs15init']
sc_hsm_emu_update_any_df 43 16 37.20% ['fuzz_pkcs15init']
setcos_init_card 35 18 51.42% ['fuzz_pkcs15init']
setcos_create_pin 32 9 28.12% ['fuzz_pkcs15init']
starcos_write_pukey 65 20 30.76% ['fuzz_pkcs15init']
starcos_generate_key 45 19 42.22% ['fuzz_pkcs15init']
sc_pkcs15_prkey_attrs_from_cert 59 24 40.67% ['fuzz_pkcs15_encode']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/opensc/src/libopensc/card-cac.c [] []
/src/opensc/src/tests/fuzzing/../../../src/tools/piv-tool.c ['fuzz_piv_tool'] []
/src/opensc/src/libopensc/card-itacns.c [] []
/src/opensc/src/pkcs11/misc.c [] []
/src/opensc/src/tests/fuzzing/../../tools/util.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_pkcs15_crypt'] []
/src/opensc/src/libopensc/pkcs15-cac.c [] []
/src/opensc/src/pkcs11/framework-pkcs15.c [] []
/src/opensc/src/pkcs15init/pkcs15-epass2003.c [] []
/src/opensc/src/pkcs11/framework-pkcs15init.c [] []
/src/opensc/src/pkcs11/pkcs11-session.c [] []
/src/opensc/src/libopensc/card-esteid2018.c [] []
/src/opensc/src/libopensc/pkcs15-dnie.c [] []
/src/opensc/src/libopensc/card-rutoken.c [] []
/src/opensc/src/pkcs15init/pkcs15-muscle.c [] []
/src/opensc/src/libopensc/../../src/libopensc/sc-ossl-compat.h ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt'] []
/src/opensc/src/pkcs15init/pkcs15-isoApplet.c [] []
/src/opensc/src/libopensc/card-isoApplet.c [] []
/src/opensc/src/tests/fuzzing/fuzz_asn1_print.c ['fuzz_asn1_print'] ['fuzz_asn1_print']
/src/opensc/src/pkcs11/pkcs11-object.c [] []
/src/opensc/src/tests/fuzzing/fuzz_pkcs15init.c ['fuzz_pkcs15init'] ['fuzz_pkcs15init']
/src/opensc/src/pkcs15init/pkcs15-rtecp.c [] []
/src/opensc/src/libopensc/card-masktech.c [] []
/src/opensc/src/libopensc/card-asepcos.c [] []
/src/opensc/src/libopensc/pkcs15-starcos-esign.c [] []
/src/opensc/src/pkcs11/../../src/libopensc/sc-ossl-compat.h [] []
/src/opensc/openpace/src/eac.c [] []
/src/opensc/src/libopensc/card-coolkey.c [] []
/src/opensc/src/libopensc/pkcs15-pteid.c [] []
/src/opensc/src/libopensc/pkcs15-cert.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/pkcs15-oberthur.c [] []
/src/opensc/src/libopensc/pkcs15-gids.c [] []
/src/opensc/src/tests/fuzzing/fuzz_pkcs15_decode.c ['fuzz_pkcs15_decode'] ['fuzz_pkcs15_decode']
/src/opensc/src/libopensc/pkcs15-jpki.c [] []
/src/opensc/src/libopensc/pkcs15-iasecc.c [] []
/src/opensc/openpace/src/ca_lib.c [] []
/src/opensc/src/pkcs11/pkcs11-display.c [] []
/src/opensc/openpace/src/objects.c [] []
/src/opensc/src/libopensc/card-tcos.c [] []
/src/opensc/src/libopensc/sm.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool'] ['fuzz_piv_tool']
/src/opensc/src/pkcs15init/pkcs15-setcos.c [] []
/src/opensc/src/libopensc/pkcs15-algo.c ['fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/iasecc-sdo.c [] []
/src/opensc/src/libopensc/sc.c ['fuzz_asn1_print', 'fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_print', 'fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/iso7816.c [] []
/src/opensc/src/pkcs15init/profile.c [] []
/src/opensc/src/common/simclist.c ['fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/openpace/src/ri_lib.c [] []
/src/opensc/src/libopensc/pkcs15-nqApplet.c [] []
/src/opensc/src/libopensc/pkcs15-skey.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15init']
/src/opensc/src/pkcs15init/pkcs15-gids.c [] []
/src/opensc/src/common/compat_strlcat.c ['fuzz_asn1_print', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_reader'] ['fuzz_asn1_print', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_reader']
/src/opensc/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c ['fuzz_pkcs15init'] []
/src/opensc/src/libopensc/asn1.c ['fuzz_asn1_print', 'fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_print', 'fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/reader-tr03119.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] []
/src/opensc/src/pkcs15init/pkcs15-authentic.c [] []
/src/opensc/src/tools/../pkcs11/pkcs11-display.c ['fuzz_pkcs15_tool'] []
/src/opensc/src/libopensc/pkcs15-actalis.c [] []
/src/opensc/src/libopensc/pkcs15-eoi.c [] []
/src/opensc/src/common/libscdl.c ['fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] []
/src/opensc/src/libopensc/pkcs15-srbeid.c [] []
/src/opensc/openpace/src/cv_cert.c [] []
/src/opensc/src/libopensc/pkcs15-emulator-filter.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] []
/src/opensc/src/libopensc/pkcs15-tcos.c [] []
/src/opensc/src/pkcs15init/pkcs15-asepcos.c [] []
/src/opensc/openpace/src/eac_kdf.c [] []
/src/opensc/src/libopensc/card-belpic.c [] []
/src/opensc/src/libopensc/pkcs15-prkey.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/usr/include/openssl/x509.h [] []
/src/opensc/openpace/src/eac_dh.c [] []
/src/opensc/src/libopensc/compression.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/card-oberthur.c [] []
/src/opensc/src/libopensc/card-piv.c [] []
/src/opensc/openpace/src/eac_ca.c [] []
/src/opensc/src/libopensc/pkcs15-esteid2025.c [] []
/src/opensc/src/tests/fuzzing/fuzz_pkcs11_uri.c ['fuzz_pkcs11_uri'] ['fuzz_pkcs11_uri']
/src/opensc/src/tests/fuzzing/fuzz_scconf_parse_string.c ['fuzz_scconf_parse_string'] ['fuzz_scconf_parse_string']
/src/opensc/src/libopensc/pkcs15-starcert.c [] []
/src/opensc/src/tests/fuzzing/fuzz_card.c ['fuzz_card'] ['fuzz_card']
/src/opensc/src/libopensc/simpletlv.c [] []
/src/opensc/src/libopensc/pkcs15.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/openpace/src/ta.c [] []
/src/opensc/src/libopensc/card-cac1.c [] []
/usr/include/x86_64-linux-gnu/bits/uintn-identity.h [] []
/src/opensc/src/libopensc/errors.c ['fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/pkcs15-din-66291.c [] []
/src/opensc/src/libopensc/../../src/common/constant-time.h ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt'] []
/src/opensc/src/libopensc/pkcs15-skeid.c [] []
/src/opensc/src/pkcs15init/pkcs15-lib.c [] []
/src/opensc/src/libopensc/card-nqApplet.c [] []
/src/opensc/openpace/src/eac_ecdh.c [] []
/src/opensc/src/libopensc/pkcs15-esinit.c [] []
/src/opensc/src/sm/sm-iso.c [] []
/src/opensc/src/libopensc/ctbcs.c [] []
/src/opensc/src/libopensc/aux-data.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/pkcs15-sc-hsm.c [] []
/src/opensc/src/pkcs11/slot.c [] []
/src/opensc/openpace/src/pace_mappings.c [] []
/src/opensc/src/libopensc/card-rtecp.c [] []
/src/opensc/src/libopensc/card-npa.c [] []
/src/opensc/src/libopensc/pkcs15-cardos.c [] []
/src/opensc/src/libopensc/card-gids.c [] []
/src/opensc/src/libopensc/pkcs15-openpgp.c [] []
/src/opensc/src/libopensc/card-dnie.c [] []
/src/opensc/src/libopensc/pkcs15-esteid2018.c [] []
/src/opensc/src/libopensc/muscle-filesystem.c [] []
/src/opensc/src/pkcs11/openssl.c [] []
/src/opensc/src/tests/fuzzing/fuzzer_reader.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/scconf/sclex.c ['fuzz_scconf_parse_string', 'fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_scconf_parse_string', 'fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/pkcs15-data.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/pkcs15-idprime.c [] []
/src/opensc/src/libopensc/card-sc-hsm.c [] []
/src/opensc/src/libopensc/pkcs15-tccardos.c [] []
/src/opensc/openpace/src/misc.c [] []
/src/opensc/src/libopensc/cwa-dnie.c [] []
/src/opensc/src/libopensc/dir.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/sec.c ['fuzz_pkcs15_tool', 'fuzz_card', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init'] ['fuzz_card', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init']
/src/opensc/src/libopensc/pkcs15-atrust-acos.c [] []
/src/opensc/src/libopensc/pkcs15-syn.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/pkcs11/mechanism.c [] []
/src/opensc/src/pkcs15init/pkcs15-cardos.c [] []
/src/opensc/openpace/src/eac_util.c [] []
/src/opensc/src/libopensc/card-gemsafeV1.c [] []
/src/opensc/src/libopensc/card-lteid.c [] []
/src/opensc/src/libopensc/card-cardos.c [] []
/src/opensc/src/libopensc/card-srbeid.c [] []
/src/opensc/src/libopensc/card-mcrd.c [] []
/src/opensc/src/pkcs15init/pkcs15-iasecc.c [] []
/src/opensc/src/libopensc/card.c ['fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/pkcs15init/pkcs15-rutoken.c [] []
/src/opensc/src/pkcs11/debug.c [] []
/src/opensc/src/libopensc/card-eoi.c [] []
/src/opensc/src/tests/fuzzing/fuzz_pkcs15_tool.c ['fuzz_pkcs15_tool'] []
/src/opensc/src/libopensc/pkcs15-cache.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/scconf/scconf.c ['fuzz_scconf_parse_string', 'fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_scconf_parse_string', 'fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/pkcs15-pin.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/card-starcos.c [] []
/src/opensc/src/libopensc/card-atrust-acos.c [] []
/src/opensc/src/libopensc/iasecc-sm.c [] []
/src/opensc/src/libopensc/card-entersafe.c [] []
/src/opensc/src/libopensc/pkcs15-lteid.c [] []
/src/opensc/openpace/src/pace.c [] []
/src/opensc/src/libopensc/base64.c ['fuzz_pkcs15_tool'] []
/src/opensc/openpace/src/eac_lib.c [] []
/src/opensc/src/libopensc/pkcs15-sec.c ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt'] ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt']
/src/opensc/src/libopensc/card-idprime.c [] []
/src/opensc/src/tests/fuzzing/fuzz_pkcs15_reader.c ['fuzz_pkcs15_reader'] ['fuzz_pkcs15_reader']
/src/opensc/src/pkcs15init/pkcs15-myeid.c [] []
/src/opensc/src/tests/fuzzing/../../../src/tools/pkcs15-tool.c ['fuzz_pkcs15_tool'] []
/src/opensc/src/pkcs15init/pkcs15-entersafe.c [] []
/src/opensc/src/libopensc/muscle.c [] []
/src/opensc/src/pkcs11/pkcs11-global.c [] []
/src/opensc/src/tests/fuzzing/../../../src/pkcs15init/profile.c ['fuzz_pkcs15init'] []
/src/opensc/openpace/src/ssl_compat.c [] []
/src/opensc/src/libopensc/pkcs15-itacns.c [] []
/src/opensc/src/libopensc/card-cac-common.c [] []
/src/opensc/src/tests/fuzzing/../../tools/pkcs11_uri.c ['fuzz_pkcs11_uri'] []
/src/opensc/src/libopensc/./../tools/fread_to_eof.c [] []
/src/opensc/src/pkcs15init/pkcs15-oberthur.c [] []
/src/opensc/openpace/src/cvc_lookup.c [] []
/src/opensc/src/tests/fuzzing/fuzz_piv_tool.c ['fuzz_piv_tool'] ['fuzz_piv_tool']
/src/opensc/src/libopensc/card-esteid2025.c [] []
/src/opensc/src/libopensc/card-cardos-common.c [] []
/src/opensc/src/libopensc/card-edo.c [] []
/src/opensc/src/libopensc/card-authentic.c [] []
/src/opensc/src/common/compat_strlcpy.c ['fuzz_scconf_parse_string', 'fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_scconf_parse_string', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/card-myeid.c [] []
/src/opensc/src/pkcs15init/pkcs15-starcos.c [] []
/src/opensc/src/libopensc/pkcs15-pubkey.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/card-default.c [] []
/src/opensc/src/libopensc/pkcs15-piv.c [] []
/src/opensc/src/libopensc/pkcs15-coolkey.c [] []
/src/opensc/src/libopensc/pkcs15-dtrust.c [] []
/src/opensc/openpace/src/x509_lookup.c [] []
/src/opensc/src/pkcs11/../../src/common/constant-time.h [] []
/src/opensc/src/libopensc/card-flex.c [] []
/src/opensc/src/libopensc/card-openpgp.c [] []
/src/opensc/src/pkcs15init/pkcs15-oberthur-awp.c [] []
/src/opensc/src/sm/sm-eac.c [] []
/src/opensc/src/pkcs15init/pkcs15-sc-hsm.c [] []
/src/opensc/src/ui/notify.c ['fuzz_pkcs15_tool', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init'] ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init']
/src/opensc/openpace/src/pace_lib.c [] []
/src/opensc/src/libopensc/log.c ['fuzz_asn1_print', 'fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_print', 'fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/pkcs15-gemsafeV1.c [] []
/src/opensc/src/libopensc/apdu.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool'] ['fuzz_piv_tool']
/src/opensc/src/libopensc/card-iasecc.c [] []
/src/opensc/src/libopensc/card-muscle.c [] []
/src/opensc/src/libopensc/card-epass2003.c [] []
/src/opensc/openpace/src/ta_lib.c [] []
/src/opensc/src/tests/fuzzing/fuzz_pkcs15_crypt.c ['fuzz_pkcs15_crypt'] ['fuzz_pkcs15_crypt']
/src/opensc/src/pkcs15init/pkcs15-cflex.c [] []
/src/opensc/src/tests/fuzzing/../../../src/tools/pkcs15-crypt.c ['fuzz_pkcs15_crypt'] []
/src/opensc/src/libopensc/card-dtrust.c [] []
/src/opensc/src/pkcs15init/pkcs15-openpgp.c [] []
/src/opensc/src/tests/fuzzing/fuzz_pkcs11.c ['fuzz_pkcs11'] ['fuzz_pkcs11']
/src/opensc/src/tests/fuzzing/fuzz_asn1_sig_value.c ['fuzz_asn1_sig_value'] ['fuzz_asn1_sig_value']
/src/opensc/src/tests/fuzzing/fuzz_pkcs15_encode.c ['fuzz_pkcs15_encode'] ['fuzz_pkcs15_encode']
/src/opensc/src/tests/fuzzing/fuzzer_tool.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_pkcs15_crypt'] ['fuzz_piv_tool', 'fuzz_pkcs15_crypt']
/src/opensc/src/scconf/parse.c ['fuzz_scconf_parse_string', 'fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_scconf_parse_string', 'fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/card-jpki.c [] []
/src/opensc/src/libopensc/card-setcos.c [] []
/src/opensc/src/libopensc/ctx.c ['fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/ef-gdo.c [] []
/src/opensc/src/libopensc/ef-atr.c ['fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/padding.c ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt'] ['fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt']
/src/opensc/src/libopensc/card-skeid.c [] []
/src/opensc/openpace/src/eac_asn1.c [] []
/src/opensc/src/libopensc/gp.c [] []
/src/opensc/src/libopensc/reader-ctapi.c ['fuzz_asn1_sig_value', 'fuzz_pkcs15_tool', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode'] ['fuzz_asn1_sig_value', 'fuzz_piv_tool', 'fuzz_card', 'fuzz_pkcs15_decode', 'fuzz_pkcs15_reader', 'fuzz_pkcs15_crypt', 'fuzz_pkcs15init', 'fuzz_pkcs15_encode']
/src/opensc/src/libopensc/cwa14890.c [] []

Directories in report

Directory
/src/opensc/src/tests/fuzzing/../../../src/tools/
/src/opensc/src/tests/fuzzing/
/src/opensc/src/pkcs11/
/src/opensc/src/common/
/src/opensc/src/tests/fuzzing/../../../src/pkcs15init/
/src/opensc/src/scconf/
/src/opensc/src/pkcs15init/
/src/opensc/src/libopensc/../../src/common/
/src/opensc/src/libopensc/./../tools/
/src/opensc/openpace/src/
/src/opensc/src/pkcs11/../../src/libopensc/
/usr/include/openssl/
/src/opensc/src/ui/
/src/opensc/src/libopensc/
/src/opensc/src/tools/../pkcs11/
/src/opensc/src/libopensc/../../src/libopensc/
/src/opensc/src/pkcs11/../../src/common/
/usr/include/x86_64-linux-gnu/bits/
/src/opensc/src/sm/
/src/opensc/src/tests/fuzzing/../../tools/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
fuzz_pkcs11_uri fuzzerLogFile-0-89uZLvMLxp.data fuzzerLogFile-0-89uZLvMLxp.data.yaml fuzz_pkcs11_uri.covreport
fuzz_scconf_parse_string fuzzerLogFile-0-nJuIKw1YwV.data fuzzerLogFile-0-nJuIKw1YwV.data.yaml fuzz_scconf_parse_string.covreport
fuzz_asn1_print fuzzerLogFile-0-LplUJ1ZvX0.data fuzzerLogFile-0-LplUJ1ZvX0.data.yaml fuzz_asn1_print.covreport
fuzz_asn1_sig_value fuzzerLogFile-0-HWGQi1V6Zf.data fuzzerLogFile-0-HWGQi1V6Zf.data.yaml fuzz_asn1_sig_value.covreport
fuzz_pkcs15_tool fuzzerLogFile-0-YYKWszqA07.data fuzzerLogFile-0-YYKWszqA07.data.yaml fuzz_pkcs15_tool.covreport
fuzz_piv_tool fuzzerLogFile-0-Ql3lhF4AbB.data fuzzerLogFile-0-Ql3lhF4AbB.data.yaml fuzz_piv_tool.covreport
fuzz_card fuzzerLogFile-0-wgLvdmmSiq.data fuzzerLogFile-0-wgLvdmmSiq.data.yaml fuzz_card.covreport
fuzz_pkcs15_decode fuzzerLogFile-0-f78XWEhkYQ.data fuzzerLogFile-0-f78XWEhkYQ.data.yaml fuzz_pkcs15_decode.covreport
fuzz_pkcs15_reader fuzzerLogFile-0-r7UCtdGJr9.data fuzzerLogFile-0-r7UCtdGJr9.data.yaml fuzz_pkcs15_reader.covreport
fuzz_pkcs11 fuzzerLogFile-0-mjuK9ldNjN.data fuzzerLogFile-0-mjuK9ldNjN.data.yaml fuzz_pkcs11.covreport
fuzz_pkcs15_crypt fuzzerLogFile-0-FiZTQkXs3m.data fuzzerLogFile-0-FiZTQkXs3m.data.yaml fuzz_pkcs15_crypt.covreport
fuzz_pkcs15init fuzzerLogFile-0-wDQpV2ek1E.data fuzzerLogFile-0-wDQpV2ek1E.data.yaml fuzz_pkcs15init.covreport
fuzz_pkcs15_encode fuzzerLogFile-0-1co0o5JWLM.data fuzzerLogFile-0-1co0o5JWLM.data.yaml fuzz_pkcs15_encode.covreport