Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Report generation date: 2023-09-25

Project overview: openssl

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
28.0%
4518 / 16184
Cyclomatic complexity statically reachable by fuzzers
28.0%
23939 / 84994
Runtime code coverage of functions
19.0%
3044 / 16184

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
conf_111 openssl111/fuzz/driver.c 887 5585 69 202 7206 3508 driver.c
cms_111 openssl111/fuzz/driver.c 976 5496 69 208 9107 4238 driver.c
asn1_111 openssl111/fuzz/driver.c 1563 6715 71 288 18441 8212 driver.c
server_111 openssl111/fuzz/driver.c 1570 6582 69 272 16419 7370 driver.c
pem openssl/fuzz/driver.c 1443 9851 120 262 13180 6206 driver.c
ct_30 openssl30/fuzz/driver.c 1434 9344 78 262 14182 6518 driver.c
cms_30 openssl30/fuzz/driver.c 1408 9748 75 263 13845 6372 driver.c
crl_111 openssl111/fuzz/driver.c 1081 5394 72 223 10799 4957 driver.c
decoder openssl/fuzz/driver.c 1855 9452 120 271 18275 8396 driver.c
smime openssl/fuzz/driver.c 1587 9785 118 279 15348 7093 driver.c
punycode openssl/fuzz/driver.c 1434 9860 118 264 12845 6074 driver.c
asn1parse_111 openssl111/fuzz/driver.c 973 5499 71 204 9057 4240 driver.c
cmp_30 openssl30/fuzz/driver.c 2853 8442 75 347 33793 15033 driver.c
asn1parse openssl/fuzz/driver.c 1506 9788 120 265 14412 6694 driver.c
asn1 openssl/fuzz/driver.c 2465 12340 120 362 27003 12207 driver.c
client_30 openssl30/fuzz/driver.c 2251 10299 75 296 24356 10981 driver.c
client openssl/fuzz/driver.c 2551 11720 119 328 27439 12466 driver.c
conf_30 openssl30/fuzz/driver.c 1304 9474 75 250 11856 5593 driver.c
x509_111 openssl111/fuzz/driver.c 1137 5338 72 224 11434 5245 driver.c
ct_111 openssl111/fuzz/driver.c 1022 5450 73 213 9607 4456 driver.c
conf openssl/fuzz/driver.c 1425 9869 119 262 12714 6020 driver.c
cms openssl/fuzz/driver.c 1531 10196 120 275 14712 6805 driver.c
bignum_111 openssl111/fuzz/driver.c 1006 5467 69 214 9656 4418 driver.c
asn1parse_30 openssl30/fuzz/driver.c 1383 9395 76 253 13545 6261 driver.c
asn1_30 openssl30/fuzz/driver.c 2302 10727 76 345 25736 11589 driver.c
bndiv openssl/fuzz/driver.c 1463 9834 121 267 13732 6328 driver.c
x509_30 openssl30/fuzz/driver.c 2371 8461 77 324 28001 12505 driver.c
bignum openssl/fuzz/driver.c 1545 9750 119 276 15203 6939 driver.c
bignum_30 openssl30/fuzz/driver.c 1422 9357 74 263 14309 6498 driver.c
x509 openssl/fuzz/driver.c 2501 8847 121 331 29037 13005 driver.c
client_111 openssl111/fuzz/driver.c 1442 6710 69 245 15022 6801 driver.c
bndiv_111 openssl111/fuzz/driver.c 926 5549 70 206 8194 3812 driver.c
v3name openssl/fuzz/driver.c 1507 9787 121 267 14435 6669 driver.c
crl openssl/fuzz/driver.c 1620 9677 121 286 16125 7410 driver.c
ct openssl/fuzz/driver.c 1557 9737 122 274 15049 6951 driver.c
server openssl/fuzz/driver.c 2707 11564 119 362 29212 13203 driver.c
cmp openssl/fuzz/driver.c 2987 8840 120 355 34947 15583 driver.c
bndiv_30 openssl30/fuzz/driver.c 1340 9441 75 255 12838 5887 driver.c
crl_30 openssl30/fuzz/driver.c 1493 9288 77 274 15228 6962 driver.c
server_30 openssl30/fuzz/driver.c 2409 10141 75 328 26116 11717 driver.c

Fuzzer details

Fuzzer: conf_111

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2516 88.9%
gold [1:9] 172 6.08%
yellow [10:29] 1 0.03%
greenyellow [30:49] 3 0.10%
lawngreen 50+ 135 4.77%
All colors 2827 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3454 3454 1 :

['ENGINE_register_all_complete']

3454 3459 OPENSSL_init_crypto call site: 00012 /src/openssl111/crypto/init.c:737
3452 3452 1 :

['drbg_delete_thread_state']

3452 3456 ossl_init_thread_stop call site: 00040 /src/openssl111/crypto/init.c:440
104 104 1 :

['sec_alloc_realloc']

104 3559 BUF_MEM_grow call site: 00000 /src/openssl111/crypto/buffer/buffer.c:94
104 104 1 :

['sec_alloc_realloc']

104 3559 BUF_MEM_grow_clean call site: 02236 /src/openssl111/crypto/buffer/buffer.c:132
80 80 1 :

['CRYPTO_secure_clear_free']

80 84 BUF_MEM_free call site: 00000 /src/openssl111/crypto/buffer/buffer.c:48
47 56 6 :

['lh_OBJ_NAME_doall', 'lh_OBJ_NAME_free', 'CRYPTO_THREAD_lock_free', 'lh_OBJ_NAME_get_down_load', 'sk_NAME_FUNCS_pop_free', 'lh_OBJ_NAME_set_down_load']

47 56 OBJ_NAME_cleanup call site: 00286 /src/openssl111/crypto/objects/o_names.c:393
46 46 1 :

['async_delete_thread_state']

3498 3523 ossl_init_thread_stop call site: 00017 /src/openssl111/crypto/init.c:424
45 45 3 :

['lh_ADDED_OBJ_set_down_load', 'lh_ADDED_OBJ_doall', 'lh_ADDED_OBJ_free']

45 45 obj_cleanup_int call site: 00338 /src/openssl111/crypto/objects/obj_dat.c:155
33 33 2 :

['ossl_strtouint64', 'ossl_strchr']

37 37 OPENSSL_cpuid_setup call site: 02804 /src/openssl111/crypto/cryptlib.c:108
14 14 1 :

['bio_call_callback']

14 3489 BIO_free call site: 01809 /src/openssl111/crypto/bio/bio_lib.c:125
14 14 1 :

['bio_call_callback']

14 14 BIO_gets call site: 01739 /src/openssl111/crypto/bio/bio_lib.c:465
14 14 1 :

['bio_call_callback']

14 14 BIO_ctrl call site: 01714 /src/openssl111/crypto/bio/bio_lib.c:530

Runtime coverage analysis

Covered functions
249
Functions that are reachable but not covered
708
Reachable functions
887
Percentage of reachable functions covered
20.18%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl111/fuzz/driver.c 1
openssl111/fuzz/conf.c 1
openssl111/crypto/conf/conf_lib.c 9
openssl111/crypto/conf/conf_def.c 1
openssl111/crypto/err/err.c 30
openssl111/crypto/init.c 45
openssl111/crypto/mem.c 7
openssl111/crypto/threads_pthread.c 13
openssl111/crypto/async/async.c 10
openssl111/crypto/async/async_local.h 2
openssl111/crypto/stack/stack.c 10
openssl111/crypto/async/arch/async_posix.c 2
openssl111/crypto/rand/drbg_lib.c 4
openssl111/crypto/rand/rand_lib.c 5
openssl111/crypto/mem_sec.c 18
openssl111/crypto/cryptlib.c 6
openssl111/crypto/ex_data.c 10
openssl111/crypto/comp/c_zlib.c 1
openssl111/crypto/rand/rand_unix.c 4
openssl111/crypto/engine/eng_init.c 4
openssl111/crypto/engine/eng_lib.c 23
openssl111/include/internal/refcount.h 2
openssl111/crypto/engine/tb_pkmeth.c 4
openssl111/crypto/evp/pmeth_lib.c 4
openssl111/crypto/engine/tb_asnmth.c 9
openssl111/crypto/asn1/ameth_lib.c 8
openssl111/crypto/engine/eng_list.c 10
openssl111/include/internal/cryptlib.h 7
openssl111/include/openssl/crypto.h 6
openssl111/crypto/conf/conf_mod.c 15
openssl111/include/openssl/conf.h 18
openssl111/crypto/dso/dso_lib.c 8
openssl111/crypto/engine/eng_local.h 14
openssl111/crypto/store/store_init.c 1
openssl111/crypto/store/store_register.c 1
openssl111/crypto/store/store_local.h 2
openssl111/crypto/lhash/lhash.c 11
openssl111/crypto/bio/bio_lib.c 12
openssl111/crypto/bio/b_sock.c 1
openssl111/crypto/evp/names.c 5
openssl111/crypto/objects/o_names.c 10
openssl111/crypto/objects/obj_local.h 18
openssl111/crypto/mem_dbg.c 1
openssl111/crypto/ctype.c 2
openssl111/crypto/evp/evp_pbe.c 6
openssl111/crypto/evp/evp_local.h 3
openssl111/crypto/objects/obj_xref.c 2
openssl111/crypto/objects/obj_xref.h 2
openssl111/include/crypto/evp.h 1
openssl111/crypto/objects/obj_dat.c 22
openssl111/crypto/asn1/a_object.c 6
openssl111/include/openssl/err.h 5
openssl111/crypto/err/err_all.c 1
openssl111/crypto/evp/c_allc.c 1
openssl111/crypto/evp/e_des.c 6
openssl111/crypto/evp/e_des3.c 11
openssl111/crypto/evp/e_xcbc_d.c 1
openssl111/crypto/evp/e_rc4.c 2
openssl111/crypto/evp/e_rc4_hmac_md5.c 1
openssl111/crypto/evp/e_idea.c 4
openssl111/crypto/evp/e_seed.c 4
openssl111/crypto/evp/e_sm4.c 5
openssl111/crypto/evp/e_rc2.c 6
openssl111/crypto/evp/e_bf.c 4
openssl111/crypto/evp/e_cast.c 4
openssl111/crypto/evp/e_rc5.c 4
openssl111/crypto/evp/e_aes.c 38
openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c 2
openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c 2
openssl111/crypto/evp/e_aria.c 27
openssl111/crypto/evp/e_camellia.c 21
openssl111/crypto/evp/e_chacha20_poly1305.c 2
openssl111/crypto/evp/c_alld.c 1
openssl111/crypto/evp/m_md4.c 1
openssl111/crypto/evp/m_md5.c 1
openssl111/crypto/evp/m_md5_sha1.c 1
openssl111/crypto/evp/m_sha1.c 7
openssl111/crypto/evp/m_mdc2.c 1
openssl111/crypto/evp/m_ripemd.c 1
openssl111/crypto/evp/m_wp.c 1
openssl111/crypto/sm3/m_sm3.c 1
openssl111/crypto/blake2/m_blake2b.c 1
openssl111/crypto/blake2/m_blake2s.c 1
openssl111/crypto/evp/m_sha3.c 6
openssl111/crypto/conf/conf_sap.c 2
openssl111/crypto/conf/conf_mall.c 1
openssl111/crypto/asn1/asn_moid.c 3
openssl111/crypto/o_str.c 8
openssl111/crypto/conf/conf_api.c 3
openssl111/crypto/bn/bn_lib.c 17
openssl111/crypto/bn/bn_local.h 1
openssl111/crypto/bn/bn_word.c 4
openssl111/crypto/bn/asm/x86_64-gcc.c 2
openssl111/include/internal/constant_time.h 4
openssl111/crypto/bn/bn_shift.c 2
openssl111/crypto/asn1/asn1_lib.c 11
openssl111/crypto/objects/obj_lib.c 1
openssl111/crypto/asn1/asn_mstbl.c 3
openssl111/crypto/x509v3/v3_utl.c 6
openssl111/crypto/asn1/asn1_gen.c 3
openssl111/crypto/asn1/tasn_dec.c 13
openssl111/crypto/engine/eng_openssl.c 20
openssl111/crypto/engine/eng_rdrand.c 4
openssl111/crypto/engine/tb_rand.c 4
openssl111/crypto/engine/eng_dyn.c 12
openssl111/include/openssl/safestack.h 6
openssl111/crypto/dso/dso_dlfcn.c 1
openssl111/engines/e_padlock.c 1
openssl111/engines/e_afalg.c 28
openssl111/engines/e_afalg_err.c 3
openssl111/crypto/evp/cmeth_lib.c 8
openssl111/crypto/evp/evp_lib.c 28
openssl111/crypto/evp/evp_enc.c 14
openssl111/crypto/engine/eng_fat.c 5
openssl111/crypto/engine/tb_cipher.c 7
openssl111/crypto/engine/eng_table.c 8
openssl111/crypto/engine/tb_digest.c 5
openssl111/crypto/engine/tb_rsa.c 4
openssl111/crypto/engine/tb_dsa.c 4
openssl111/crypto/engine/tb_dh.c 4
openssl111/crypto/engine/tb_eckey.c 4
openssl111/crypto/async/async_wait.c 3
openssl111/crypto/async/arch/async_posix.h 1
openssl111/crypto/rsa/rsa_ossl.c 1
openssl111/crypto/dsa/dsa_ossl.c 1
openssl111/crypto/ec/ec_kmeth.c 1
openssl111/crypto/dh/dh_key.c 1
openssl111/crypto/sha/sha_local.h 1
openssl111/include/crypto/md32_common.h 2
openssl111/crypto/engine/eng_pkey.c 1
openssl111/crypto/bio/bss_file.c 2
openssl111/crypto/o_fopen.c 1
openssl111/crypto/pem/pem_pkey.c 1
openssl111/crypto/pem/pem_lib.c 14
openssl111/crypto/bio/bss_mem.c 2
openssl111/crypto/evp/encode.c 7
openssl111/include/crypto/asn1.h 3
openssl111/crypto/evp/evp_key.c 3
openssl111/crypto/ui/ui_lib.c 11
openssl111/crypto/ui/ui_openssl.c 1
openssl111/crypto/ui/ui_null.c 1
openssl111/include/openssl/ui.h 5
openssl111/crypto/err/err_prn.c 1
openssl111/crypto/bio/b_print.c 9
openssl111/crypto/evp/digest.c 7
openssl111/crypto/evp/p_lib.c 6
openssl111/include/openssl/x509.h 1
openssl111/crypto/x509/x_attrib.c 1
openssl111/crypto/asn1/tasn_fre.c 5
openssl111/include/openssl/asn1t.h 6
openssl111/crypto/asn1/tasn_utl.c 9
openssl111/crypto/asn1/a_int.c 8
openssl111/crypto/asn1/p8_pkey.c 3
openssl111/crypto/buffer/buffer.c 2
openssl111/crypto/asn1/tasn_typ.c 6
openssl111/crypto/asn1/tasn_new.c 8
openssl111/crypto/asn1/a_type.c 1
openssl111/crypto/asn1/a_bitstr.c 1
openssl111/crypto/evp/evp_pkey.c 1
openssl111/crypto/bn/bn_print.c 1
openssl111/crypto/asn1/x_sig.c 3
openssl111/crypto/pkcs12/p12_p8d.c 1
openssl111/crypto/pkcs12/p12_decr.c 2
openssl111/crypto/asn1/d2i_pr.c 1
openssl111/crypto/asn1/a_strnid.c 6
openssl111/include/openssl/asn1.h 4
openssl111/crypto/engine/eng_cnf.c 5
openssl111/crypto/engine/eng_ctrl.c 6
openssl111/crypto/getenv.c 1
openssl111/crypto/evp/evp_cnf.c 2
openssl111/crypto/conf/conf_ssl.c 3
openssl111/crypto/engine/eng_all.c 1
openssl111/crypto/x509/x509_def.c 1
openssl111/crypto/bn/bn_err.c 1
openssl111/crypto/rsa/rsa_err.c 1
openssl111/crypto/dh/dh_err.c 1
openssl111/crypto/evp/evp_err.c 1
openssl111/crypto/buffer/buf_err.c 1
openssl111/crypto/objects/obj_err.c 1
openssl111/crypto/pem/pem_err.c 1
openssl111/crypto/dsa/dsa_err.c 1
openssl111/crypto/x509/x509_err.c 1
openssl111/crypto/asn1/asn1_err.c 1
openssl111/crypto/conf/conf_err.c 1
openssl111/crypto/cpt_err.c 1
openssl111/crypto/comp/comp_err.c 1
openssl111/crypto/ec/ec_err.c 1
openssl111/crypto/bio/bio_err.c 1
openssl111/crypto/pkcs7/pkcs7err.c 1
openssl111/crypto/x509v3/v3err.c 1
openssl111/crypto/pkcs12/pk12err.c 1
openssl111/crypto/rand/rand_err.c 1
openssl111/crypto/dso/dso_err.c 1
openssl111/crypto/ts/ts_err.c 1
openssl111/crypto/engine/eng_err.c 1
openssl111/crypto/ocsp/ocsp_err.c 1
openssl111/crypto/ui/ui_err.c 1
openssl111/crypto/cms/cms_err.c 1
openssl111/crypto/ct/ct_err.c 1
openssl111/crypto/async/async_err.c 1
openssl111/crypto/kdf/kdf_err.c 1
openssl111/crypto/store/store_err.c 1

Fuzzer: cms_111

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2247 77.0%
gold [1:9] 178 6.10%
yellow [10:29] 34 1.16%
greenyellow [30:49] 7 0.23%
lawngreen 50+ 451 15.4%
All colors 2917 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
5391 5545 2 :

['EC_GROUP_free', 'EC_GROUP_new_from_ecpkparameters']

5391 16130 d2i_ECPKParameters call site: 00000 /src/openssl111/crypto/ec/ec_asn1.c:960
4325 11535 9 :

['ED25519_public_from_private', 'CRYPTO_secure_malloc', 'X25519_public_from_private', 'RAND_priv_bytes', 'ERR_put_error', 'CRYPTO_secure_free', 'X448_public_from_private', 'ED448_public_from_private', 'CRYPTO_free']

4325 15103 ecx_key_op call site: 00000 /src/openssl111/crypto/ec/ecx_meth.c:77
3959 7524 2 :

['rsa_mgf1_decode', 'RSA_PSS_PARAMS_free']

3959 7524 rsa_pss_decode call site: 00000 /src/openssl111/crypto/rsa/rsa_ameth.c:441
3816 3816 1 :

['BN_mod_exp_recp']

3816 3816 BN_mod_exp call site: 00000 /src/openssl111/crypto/bn/bn_exp.c:143
3729 3729 1 :

['bn_mod_inverse_no_branch']

3729 3729 int_bn_mod_inverse call site: 00000 /src/openssl111/crypto/bn/bn_gcd.c:213
3665 3665 1 :

['rsa_multip_calc_product']

3665 3665 rsa_cb call site: 00000 /src/openssl111/crypto/rsa/rsa_asn1.c:35
3594 3594 1 :

['rand_drbg_restart']

7063 27797 RAND_DRBG_generate call site: 00000 /src/openssl111/crypto/rand/drbg_lib.c:573
3505 17383 9 :

['wait_random_seeded', 'rand_pool_entropy_available', '__errno_location', 'read', 'rand_pool_bytes_needed', 'get_random_device', 'rand_pool_add_end', 'rand_pool_add_begin', 'close_random_device']

3505 17383 rand_pool_acquire_entropy call site: 00000 /src/openssl111/crypto/rand/rand_unix.c:662
3499 3499 1 :

['EVP_PKEY_asn1_find_str']

6955 17319 pkey_set_type call site: 02386 /src/openssl111/crypto/evp/p_lib.c:201
3495 3495 1 :

['EVP_DecryptUpdate']

3495 3495 EVP_CipherUpdate call site: 02480 /src/openssl111/crypto/evp/evp_enc.c:213
3484 3484 1 :

['RAND_bytes']

3484 6954 bnrand call site: 00000 /src/openssl111/crypto/bn/bn_rand.c:50
3474 3474 1 :

['ASN1_INTEGER_get']

3474 10384 asn1_do_adb call site: 02104 /src/openssl111/crypto/asn1/tasn_utl.c:219

Runtime coverage analysis

Covered functions
781
Functions that are reachable but not covered
674
Reachable functions
976
Percentage of reachable functions covered
30.94%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl111/fuzz/driver.c 1
openssl111/fuzz/cms.c 1
openssl111/crypto/bio/bss_mem.c 2
openssl111/crypto/bio/bio_lib.c 12
openssl111/crypto/mem.c 7
openssl111/crypto/err/err.c 30
openssl111/crypto/init.c 45
openssl111/crypto/threads_pthread.c 13
openssl111/crypto/async/async.c 10
openssl111/crypto/async/async_local.h 2
openssl111/crypto/stack/stack.c 10
openssl111/crypto/async/arch/async_posix.c 2
openssl111/crypto/rand/drbg_lib.c 4
openssl111/crypto/rand/rand_lib.c 5
openssl111/crypto/mem_sec.c 18
openssl111/crypto/cryptlib.c 6
openssl111/crypto/ex_data.c 10
openssl111/crypto/comp/c_zlib.c 1
openssl111/crypto/rand/rand_unix.c 4
openssl111/crypto/engine/eng_init.c 4
openssl111/crypto/engine/eng_lib.c 23
openssl111/include/internal/refcount.h 2
openssl111/crypto/engine/tb_pkmeth.c 4
openssl111/crypto/evp/pmeth_lib.c 4
openssl111/crypto/engine/tb_asnmth.c 9
openssl111/crypto/asn1/ameth_lib.c 8
openssl111/crypto/engine/eng_list.c 10
openssl111/include/internal/cryptlib.h 7
openssl111/include/openssl/crypto.h 6
openssl111/crypto/conf/conf_mod.c 15
openssl111/include/openssl/conf.h 18
openssl111/crypto/dso/dso_lib.c 8
openssl111/crypto/engine/eng_local.h 14
openssl111/crypto/store/store_init.c 1
openssl111/crypto/store/store_register.c 1
openssl111/crypto/store/store_local.h 2
openssl111/crypto/lhash/lhash.c 11
openssl111/crypto/bio/b_sock.c 1
openssl111/crypto/evp/names.c 5
openssl111/crypto/objects/o_names.c 10
openssl111/crypto/objects/obj_local.h 18
openssl111/crypto/mem_dbg.c 1
openssl111/crypto/ctype.c 2
openssl111/crypto/evp/evp_pbe.c 6
openssl111/crypto/evp/evp_local.h 3
openssl111/crypto/objects/obj_xref.c 2
openssl111/crypto/objects/obj_xref.h 2
openssl111/include/crypto/evp.h 1
openssl111/crypto/objects/obj_dat.c 22
openssl111/crypto/asn1/a_object.c 6
openssl111/include/openssl/err.h 5
openssl111/crypto/err/err_all.c 1
openssl111/crypto/evp/c_allc.c 1
openssl111/crypto/evp/e_des.c 6
openssl111/crypto/evp/e_des3.c 11
openssl111/crypto/evp/e_xcbc_d.c 1
openssl111/crypto/evp/e_rc4.c 2
openssl111/crypto/evp/e_rc4_hmac_md5.c 1
openssl111/crypto/evp/e_idea.c 4
openssl111/crypto/evp/e_seed.c 4
openssl111/crypto/evp/e_sm4.c 5
openssl111/crypto/evp/e_rc2.c 6
openssl111/crypto/evp/e_bf.c 4
openssl111/crypto/evp/e_cast.c 4
openssl111/crypto/evp/e_rc5.c 4
openssl111/crypto/evp/e_aes.c 38
openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c 2
openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c 2
openssl111/crypto/evp/e_aria.c 27
openssl111/crypto/evp/e_camellia.c 21
openssl111/crypto/evp/e_chacha20_poly1305.c 2
openssl111/crypto/evp/c_alld.c 1
openssl111/crypto/evp/m_md4.c 1
openssl111/crypto/evp/m_md5.c 1
openssl111/crypto/evp/m_md5_sha1.c 1
openssl111/crypto/evp/m_sha1.c 7
openssl111/crypto/evp/m_mdc2.c 1
openssl111/crypto/evp/m_ripemd.c 1
openssl111/crypto/evp/m_wp.c 1
openssl111/crypto/sm3/m_sm3.c 1
openssl111/crypto/blake2/m_blake2b.c 1
openssl111/crypto/blake2/m_blake2s.c 1
openssl111/crypto/evp/m_sha3.c 6
openssl111/crypto/conf/conf_sap.c 2
openssl111/crypto/conf/conf_mall.c 1
openssl111/crypto/asn1/asn_moid.c 3
openssl111/crypto/o_str.c 8
openssl111/crypto/conf/conf_lib.c 8
openssl111/crypto/conf/conf_api.c 3
openssl111/crypto/bn/bn_lib.c 17
openssl111/crypto/bn/bn_local.h 1
openssl111/crypto/bn/bn_word.c 4
openssl111/crypto/bn/asm/x86_64-gcc.c 2
openssl111/include/internal/constant_time.h 4
openssl111/crypto/bn/bn_shift.c 2
openssl111/crypto/asn1/asn1_lib.c 12
openssl111/crypto/objects/obj_lib.c 1
openssl111/crypto/asn1/asn_mstbl.c 3
openssl111/crypto/x509v3/v3_utl.c 6
openssl111/crypto/asn1/asn1_gen.c 3
openssl111/crypto/asn1/tasn_dec.c 13
openssl111/crypto/engine/eng_openssl.c 20
openssl111/crypto/engine/eng_rdrand.c 4
openssl111/crypto/engine/tb_rand.c 4
openssl111/crypto/engine/eng_dyn.c 12
openssl111/include/openssl/safestack.h 6
openssl111/crypto/dso/dso_dlfcn.c 1
openssl111/engines/e_padlock.c 1
openssl111/engines/e_afalg.c 28
openssl111/engines/e_afalg_err.c 3
openssl111/crypto/evp/cmeth_lib.c 8
openssl111/crypto/evp/evp_lib.c 28
openssl111/crypto/evp/evp_enc.c 14
openssl111/crypto/engine/eng_fat.c 5
openssl111/crypto/engine/tb_cipher.c 7
openssl111/crypto/engine/eng_table.c 8
openssl111/crypto/engine/tb_digest.c 5
openssl111/crypto/engine/tb_rsa.c 4
openssl111/crypto/engine/tb_dsa.c 4
openssl111/crypto/engine/tb_dh.c 4
openssl111/crypto/engine/tb_eckey.c 4
openssl111/crypto/async/async_wait.c 3
openssl111/crypto/async/arch/async_posix.h 1
openssl111/crypto/rsa/rsa_ossl.c 1
openssl111/crypto/dsa/dsa_ossl.c 1
openssl111/crypto/ec/ec_kmeth.c 1
openssl111/crypto/dh/dh_key.c 1
openssl111/crypto/sha/sha_local.h 1
openssl111/include/crypto/md32_common.h 2
openssl111/crypto/engine/eng_pkey.c 1
openssl111/crypto/bio/bss_file.c 2
openssl111/crypto/o_fopen.c 1
openssl111/crypto/pem/pem_pkey.c 1
openssl111/crypto/pem/pem_lib.c 14
openssl111/crypto/evp/encode.c 7
openssl111/include/crypto/asn1.h 3
openssl111/crypto/evp/evp_key.c 3
openssl111/crypto/ui/ui_lib.c 11
openssl111/crypto/ui/ui_openssl.c 1
openssl111/crypto/ui/ui_null.c 1
openssl111/include/openssl/ui.h 5
openssl111/crypto/err/err_prn.c 1
openssl111/crypto/bio/b_print.c 9
openssl111/crypto/evp/digest.c 7
openssl111/crypto/evp/p_lib.c 6
openssl111/include/openssl/x509.h 1
openssl111/crypto/x509/x_attrib.c 1
openssl111/crypto/asn1/tasn_fre.c 5
openssl111/include/openssl/asn1t.h 7
openssl111/crypto/asn1/tasn_utl.c 10
openssl111/crypto/asn1/a_int.c 10
openssl111/crypto/asn1/p8_pkey.c 3
openssl111/crypto/buffer/buffer.c 4
openssl111/crypto/asn1/tasn_typ.c 6
openssl111/crypto/asn1/tasn_new.c 8
openssl111/crypto/asn1/a_type.c 1
openssl111/crypto/asn1/a_bitstr.c 2
openssl111/crypto/evp/evp_pkey.c 1
openssl111/crypto/bn/bn_print.c 1
openssl111/crypto/asn1/x_sig.c 3
openssl111/crypto/pkcs12/p12_p8d.c 1
openssl111/crypto/pkcs12/p12_decr.c 2
openssl111/crypto/asn1/d2i_pr.c 1
openssl111/crypto/asn1/a_strnid.c 6
openssl111/include/openssl/asn1.h 4
openssl111/crypto/engine/eng_cnf.c 5
openssl111/crypto/engine/eng_ctrl.c 6
openssl111/crypto/getenv.c 1
openssl111/crypto/evp/evp_cnf.c 2
openssl111/crypto/conf/conf_ssl.c 3
openssl111/crypto/engine/eng_all.c 1
openssl111/crypto/conf/conf_def.c 1
openssl111/crypto/x509/x509_def.c 1
openssl111/crypto/bn/bn_err.c 1
openssl111/crypto/rsa/rsa_err.c 1
openssl111/crypto/dh/dh_err.c 1
openssl111/crypto/evp/evp_err.c 1
openssl111/crypto/buffer/buf_err.c 1
openssl111/crypto/objects/obj_err.c 1
openssl111/crypto/pem/pem_err.c 1
openssl111/crypto/dsa/dsa_err.c 1
openssl111/crypto/x509/x509_err.c 1
openssl111/crypto/asn1/asn1_err.c 1
openssl111/crypto/conf/conf_err.c 1
openssl111/crypto/cpt_err.c 1
openssl111/crypto/comp/comp_err.c 1
openssl111/crypto/ec/ec_err.c 1
openssl111/crypto/bio/bio_err.c 1
openssl111/crypto/pkcs7/pkcs7err.c 1
openssl111/crypto/x509v3/v3err.c 1
openssl111/crypto/pkcs12/pk12err.c 1
openssl111/crypto/rand/rand_err.c 1
openssl111/crypto/dso/dso_err.c 1
openssl111/crypto/ts/ts_err.c 1
openssl111/crypto/engine/eng_err.c 1
openssl111/crypto/ocsp/ocsp_err.c 1
openssl111/crypto/ui/ui_err.c 1
openssl111/crypto/cms/cms_err.c 1
openssl111/crypto/ct/ct_err.c 1
openssl111/crypto/async/async_err.c 1
openssl111/crypto/kdf/kdf_err.c 1
openssl111/crypto/store/store_err.c 1
openssl111/crypto/cms/cms_io.c 2
openssl111/crypto/asn1/a_d2i_fp.c 2
openssl111/crypto/bio/bss_null.c 1
openssl111/crypto/asn1/a_i2d_fp.c 1
openssl111/crypto/asn1/tasn_enc.c 8
openssl111/crypto/cms/cms_lib.c 1

Fuzzer: asn1_111

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2112 42.7%
gold [1:9] 788 15.9%
yellow [10:29] 56 1.13%
greenyellow [30:49] 29 0.58%
lawngreen 50+ 1954 39.5%
All colors 4939 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
25826 60544 14 :

['BN_mod_mul_reciprocal', 'BN_RECP_CTX_init', 'BN_RECP_CTX_free', 'BN_is_zero', 'BN_is_bit_set', 'BN_copy', 'BN_RECP_CTX_set', 'BN_abs_is_word', 'BN_num_bits', 'BN_CTX_get', 'BN_nnmod', 'BN_CTX_end', 'BN_set_word', 'BN_CTX_start']

25826 60544 BN_mod_exp_recp call site: 04240 /src/openssl111/crypto/bn/bn_exp.c:180
7290 7290 2 :

['RAND_DRBG_get0_private', 'RAND_DRBG_bytes']

7290 7290 RAND_priv_bytes call site: 00000 /src/openssl111/crypto/rand/rand_lib.c:930
4529 4529 1 :

['TS_TST_INFO_print_bio']

4529 4529 TS_RESP_print_bio call site: 03208 /src/openssl111/crypto/ts/ts_rsp_print.c:34
3959 7524 2 :

['rsa_mgf1_decode', 'RSA_PSS_PARAMS_free']

3959 7524 rsa_pss_decode call site: 00000 /src/openssl111/crypto/rsa/rsa_ameth.c:441
3732 7206 2 :

['BIO_free', 'def_load_bio']

3732 7206 def_load call site: 00000 /src/openssl111/crypto/conf/conf_def.c:166
3729 3729 1 :

['bn_mod_inverse_no_branch']

3729 3729 int_bn_mod_inverse call site: 03681 /src/openssl111/crypto/bn/bn_gcd.c:213
3590 3590 2 :

['ecp_nistz256_point_add', 'ecp_nistz256_windowed_mul']

3590 13976 ecp_nistz256_points_mul call site: 00000 /src/openssl111/crypto/ec/ecp_nistz256.c:1142
3565 7020 2 :

['ERR_put_error', 'ECPARAMETERS_free']

3565 7020 EC_GROUP_get_ecparameters call site: 00000 /src/openssl111/crypto/ec/ec_asn1.c:517
3565 3565 1 :

['ECPARAMETERS_free']

3565 18035 EC_GROUP_get_ecpkparameters call site: 00000 /src/openssl111/crypto/ec/ec_asn1.c:538
3508 3508 1 :

['unsup_alg']

3508 3508 EVP_PKEY_print_private call site: 03397 /src/openssl111/crypto/evp/p_lib.c:654
3508 3508 1 :

['unsup_alg']

3508 3508 EVP_PKEY_print_params call site: 03425 /src/openssl111/crypto/evp/p_lib.c:663
3480 6938 5 :

['BIO_s_file', 'BIO_clear_flags', 'BIO_new', 'fclose', 'BIO_ctrl']

3480 6938 BIO_new_file call site: 01695 /src/openssl111/crypto/bio/bss_file.c:68

Runtime coverage analysis

Covered functions
1583
Functions that are reachable but not covered
503
Reachable functions
1563
Percentage of reachable functions covered
67.82%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl111/fuzz/driver.c 1
openssl111/fuzz/asn1.c 1
openssl111/crypto/asn1/tasn_dec.c 13
openssl111/crypto/err/err.c 31
openssl111/crypto/init.c 46
openssl111/crypto/mem.c 7
openssl111/crypto/threads_pthread.c 13
openssl111/crypto/async/async.c 10
openssl111/crypto/async/async_local.h 2
openssl111/crypto/stack/stack.c 12
openssl111/crypto/async/arch/async_posix.c 2
openssl111/crypto/rand/drbg_lib.c 4
openssl111/crypto/rand/rand_lib.c 7
openssl111/crypto/mem_sec.c 18
openssl111/crypto/cryptlib.c 6
openssl111/crypto/ex_data.c 10
openssl111/crypto/comp/c_zlib.c 2
openssl111/crypto/rand/rand_unix.c 4
openssl111/crypto/engine/eng_init.c 4
openssl111/crypto/engine/eng_lib.c 23
openssl111/include/internal/refcount.h 2
openssl111/crypto/engine/tb_pkmeth.c 4
openssl111/crypto/evp/pmeth_lib.c 4
openssl111/crypto/engine/tb_asnmth.c 9
openssl111/crypto/asn1/ameth_lib.c 9
openssl111/crypto/engine/eng_list.c 10
openssl111/include/internal/cryptlib.h 7
openssl111/include/openssl/crypto.h 6
openssl111/crypto/conf/conf_mod.c 15
openssl111/include/openssl/conf.h 18
openssl111/crypto/dso/dso_lib.c 8
openssl111/crypto/engine/eng_local.h 14
openssl111/crypto/store/store_init.c 1
openssl111/crypto/store/store_register.c 1
openssl111/crypto/store/store_local.h 2
openssl111/crypto/lhash/lhash.c 11
openssl111/crypto/bio/bio_lib.c 13
openssl111/crypto/bio/b_sock.c 1
openssl111/crypto/evp/names.c 5
openssl111/crypto/objects/o_names.c 10
openssl111/crypto/objects/obj_local.h 18
openssl111/crypto/mem_dbg.c 1
openssl111/crypto/ctype.c 3
openssl111/crypto/evp/evp_pbe.c 6
openssl111/crypto/evp/evp_local.h 3
openssl111/crypto/objects/obj_xref.c 2
openssl111/crypto/objects/obj_xref.h 2
openssl111/include/crypto/evp.h 1
openssl111/crypto/objects/obj_dat.c 23
openssl111/crypto/asn1/a_object.c 7
openssl111/include/openssl/err.h 5
openssl111/crypto/err/err_all.c 1
openssl111/crypto/evp/c_allc.c 1
openssl111/crypto/evp/e_des.c 6
openssl111/crypto/evp/e_des3.c 11
openssl111/crypto/evp/e_xcbc_d.c 1
openssl111/crypto/evp/e_rc4.c 2
openssl111/crypto/evp/e_rc4_hmac_md5.c 1
openssl111/crypto/evp/e_idea.c 4
openssl111/crypto/evp/e_seed.c 4
openssl111/crypto/evp/e_sm4.c 5
openssl111/crypto/evp/e_rc2.c 6
openssl111/crypto/evp/e_bf.c 4
openssl111/crypto/evp/e_cast.c 4
openssl111/crypto/evp/e_rc5.c 4
openssl111/crypto/evp/e_aes.c 38
openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c 2
openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c 2
openssl111/crypto/evp/e_aria.c 27
openssl111/crypto/evp/e_camellia.c 21
openssl111/crypto/evp/e_chacha20_poly1305.c 2
openssl111/crypto/evp/c_alld.c 1
openssl111/crypto/evp/m_md4.c 1
openssl111/crypto/evp/m_md5.c 1
openssl111/crypto/evp/m_md5_sha1.c 1
openssl111/crypto/evp/m_sha1.c 7
openssl111/crypto/evp/m_mdc2.c 1
openssl111/crypto/evp/m_ripemd.c 1
openssl111/crypto/evp/m_wp.c 1
openssl111/crypto/sm3/m_sm3.c 1
openssl111/crypto/blake2/m_blake2b.c 1
openssl111/crypto/blake2/m_blake2s.c 1
openssl111/crypto/evp/m_sha3.c 6
openssl111/crypto/conf/conf_sap.c 2
openssl111/crypto/conf/conf_mall.c 1
openssl111/crypto/asn1/asn_moid.c 3
openssl111/crypto/o_str.c 8
openssl111/crypto/conf/conf_lib.c 8
openssl111/crypto/conf/conf_api.c 3
openssl111/crypto/bn/bn_lib.c 35
openssl111/crypto/bn/bn_local.h 1
openssl111/crypto/bn/bn_word.c 4
openssl111/crypto/bn/asm/x86_64-gcc.c 10
openssl111/include/internal/constant_time.h 6
openssl111/crypto/bn/bn_shift.c 6
openssl111/crypto/asn1/asn1_lib.c 12
openssl111/crypto/objects/obj_lib.c 1
openssl111/crypto/asn1/asn_mstbl.c 3
openssl111/crypto/x509v3/v3_utl.c 9
openssl111/crypto/asn1/asn1_gen.c 3
openssl111/crypto/engine/eng_openssl.c 20
openssl111/crypto/engine/eng_rdrand.c 4
openssl111/crypto/engine/tb_rand.c 6
openssl111/crypto/engine/eng_dyn.c 12
openssl111/include/openssl/safestack.h 6
openssl111/crypto/dso/dso_dlfcn.c 1
openssl111/engines/e_padlock.c 1
openssl111/engines/e_afalg.c 28
openssl111/engines/e_afalg_err.c 3
openssl111/crypto/evp/cmeth_lib.c 8
openssl111/crypto/evp/evp_lib.c 29
openssl111/crypto/evp/evp_enc.c 14
openssl111/crypto/engine/eng_fat.c 5
openssl111/crypto/engine/tb_cipher.c 7
openssl111/crypto/engine/eng_table.c 8
openssl111/crypto/engine/tb_digest.c 5
openssl111/crypto/engine/tb_rsa.c 4
openssl111/crypto/engine/tb_dsa.c 4
openssl111/crypto/engine/tb_dh.c 6
openssl111/crypto/engine/tb_eckey.c 5
openssl111/crypto/async/async_wait.c 3
openssl111/crypto/async/arch/async_posix.h 1
openssl111/crypto/rsa/rsa_ossl.c 1
openssl111/crypto/dsa/dsa_ossl.c 1
openssl111/crypto/ec/ec_kmeth.c 3
openssl111/crypto/dh/dh_key.c 1
openssl111/crypto/sha/sha_local.h 1
openssl111/include/crypto/md32_common.h 2
openssl111/crypto/engine/eng_pkey.c 1
openssl111/crypto/bio/bss_file.c 2
openssl111/crypto/o_fopen.c 1
openssl111/crypto/pem/pem_pkey.c 1
openssl111/crypto/pem/pem_lib.c 14
openssl111/crypto/bio/bss_mem.c 1
openssl111/crypto/evp/encode.c 7
openssl111/include/crypto/asn1.h 3
openssl111/crypto/evp/evp_key.c 3
openssl111/crypto/ui/ui_lib.c 11
openssl111/crypto/ui/ui_openssl.c 1
openssl111/crypto/ui/ui_null.c 1
openssl111/include/openssl/ui.h 5
openssl111/crypto/err/err_prn.c 1
openssl111/crypto/bio/b_print.c 11
openssl111/crypto/evp/digest.c 7
openssl111/crypto/evp/p_lib.c 12
openssl111/include/openssl/x509.h 6
openssl111/crypto/x509/x_attrib.c 1
openssl111/crypto/asn1/tasn_fre.c 5
openssl111/include/openssl/asn1t.h 7
openssl111/crypto/asn1/tasn_utl.c 10
openssl111/crypto/asn1/a_int.c 12
openssl111/crypto/asn1/p8_pkey.c 5
openssl111/crypto/evp/evp_pkey.c 2
openssl111/crypto/bn/bn_print.c 2
openssl111/crypto/asn1/x_sig.c 3
openssl111/crypto/pkcs12/p12_p8d.c 1
openssl111/crypto/pkcs12/p12_decr.c 2
openssl111/crypto/asn1/d2i_pr.c 3
openssl111/crypto/asn1/a_strnid.c 6
openssl111/include/openssl/asn1.h 8
openssl111/crypto/engine/eng_cnf.c 5
openssl111/crypto/engine/eng_ctrl.c 6
openssl111/crypto/getenv.c 1
openssl111/crypto/evp/evp_cnf.c 2
openssl111/crypto/conf/conf_ssl.c 3
openssl111/crypto/engine/eng_all.c 1
openssl111/crypto/conf/conf_def.c 1
openssl111/crypto/x509/x509_def.c 1
openssl111/crypto/bn/bn_err.c 1
openssl111/crypto/rsa/rsa_err.c 1
openssl111/crypto/dh/dh_err.c 1
openssl111/crypto/evp/evp_err.c 1
openssl111/crypto/buffer/buf_err.c 1
openssl111/crypto/objects/obj_err.c 1
openssl111/crypto/pem/pem_err.c 1
openssl111/crypto/dsa/dsa_err.c 1
openssl111/crypto/x509/x509_err.c 1
openssl111/crypto/asn1/asn1_err.c 1
openssl111/crypto/conf/conf_err.c 1
openssl111/crypto/cpt_err.c 1
openssl111/crypto/comp/comp_err.c 1
openssl111/crypto/ec/ec_err.c 1
openssl111/crypto/bio/bio_err.c 1
openssl111/crypto/pkcs7/pkcs7err.c 1
openssl111/crypto/x509v3/v3err.c 1
openssl111/crypto/pkcs12/pk12err.c 1
openssl111/crypto/rand/rand_err.c 1
openssl111/crypto/dso/dso_err.c 1
openssl111/crypto/ts/ts_err.c 1
openssl111/crypto/engine/eng_err.c 1
openssl111/crypto/ocsp/ocsp_err.c 1
openssl111/crypto/ui/ui_err.c 1
openssl111/crypto/cms/cms_err.c 1
openssl111/crypto/ct/ct_err.c 1
openssl111/crypto/async/async_err.c 1
openssl111/crypto/kdf/kdf_err.c 1
openssl111/crypto/store/store_err.c 1
openssl111/crypto/buffer/buffer.c 5
openssl111/crypto/asn1/tasn_typ.c 13
openssl111/crypto/asn1/tasn_new.c 8
openssl111/crypto/asn1/a_type.c 1
openssl111/crypto/asn1/a_bitstr.c 3
openssl111/crypto/bio/bss_null.c 1
openssl111/crypto/asn1/tasn_prn.c 9
openssl111/crypto/asn1/asn1_par.c 4
openssl111/crypto/asn1/a_utctm.c 1
openssl111/crypto/asn1/a_time.c 4
openssl111/crypto/o_time.c 4
openssl111/crypto/asn1/a_gentm.c 1
openssl111/crypto/bio/b_dump.c 4
openssl111/crypto/asn1/a_strex.c 6
openssl111/crypto/asn1/tasn_enc.c 8
openssl111/crypto/asn1/a_utf8.c 2
openssl111/crypto/ts/ts_asn1.c 9
openssl111/crypto/ts/ts_req_print.c 1
openssl111/crypto/ts/ts_req_utils.c 2
openssl111/crypto/ts/ts_lib.c 5
openssl111/crypto/x509/x509_v3.c 5
openssl111/crypto/x509v3/v3_prn.c 3
openssl111/crypto/x509v3/v3_lib.c 4
openssl111/include/openssl/x509v3.h 2
openssl111/crypto/asn1/a_print.c 1
openssl111/crypto/ts/ts_rsp_print.c 5
openssl111/crypto/x509v3/v3_alt.c 1
openssl111/crypto/x509/x509_obj.c 1
openssl111/crypto/dh/dh_asn1.c 3
openssl111/crypto/dh/dh_ameth.c 2
openssl111/crypto/asn1/t_pkey.c 2
openssl111/crypto/bn/bn_intern.c 1
openssl111/crypto/dh/dh_lib.c 3
openssl111/crypto/dsa/dsa_asn1.c 4
openssl111/crypto/dsa/dsa_prn.c 2
openssl111/crypto/dsa/dsa_lib.c 2
openssl111/crypto/rsa/rsa_asn1.c 2
openssl111/crypto/rsa/rsa_prn.c 1
openssl111/crypto/rsa/rsa_lib.c 2
openssl111/crypto/rsa/rsa_local.h 1
openssl111/crypto/rsa/rsa_mp.c 2
openssl111/crypto/bn/bn_blind.c 1
openssl111/crypto/ec/ec_asn1.c 11
openssl111/crypto/ec/ec_curve.c 4
openssl111/crypto/ec/ec_lib.c 37
openssl111/crypto/bn/bn_ctx.c 13
openssl111/crypto/ec/ec_cvt.c 2
openssl111/crypto/ec/ecp_mont.c 1
openssl111/crypto/ec/ecp_nistz256.c 2
openssl111/crypto/ec/ecp_nistp224.c 2
openssl111/crypto/ec/ecp_nistp256.c 2
openssl111/crypto/ec/ecp_nistp521.c 2
openssl111/crypto/ec/ec_mult.c 2
openssl111/crypto/bn/bn_mont.c 10
openssl111/crypto/ec/ec2_smpl.c 1
openssl111/crypto/ec/ec_local.h 1
openssl111/crypto/bn/bn_add.c 4
openssl111/crypto/bn/bn_div.c 3
openssl111/crypto/bn/bn_gcd.c 3
openssl111/crypto/bn/bn_mod.c 7
openssl111/crypto/bn/bn_mul.c 6
openssl111/crypto/ec/ec_oct.c 4
openssl111/crypto/ec/ecp_oct.c 3
openssl111/crypto/bn/bn_sqr.c 4
openssl111/crypto/bn/bn_sqrt.c 1
openssl111/crypto/bn/bn_exp.c 8
openssl111/crypto/bn/rsaz_exp.c 2
openssl111/crypto/bn/rsaz_exp.h 2
openssl111/crypto/bn/bn_recp.c 6
openssl111/crypto/bn/bn_rand.c 2
openssl111/crypto/bn/bn_kron.c 1
openssl111/crypto/ec/ec2_oct.c 3
openssl111/crypto/bn/bn_gf2m.c 7
openssl111/crypto/ec/eck_prn.c 2
openssl111/crypto/ec/ec_print.c 1
openssl111/crypto/ec/ec_key.c 10
openssl111/crypto/ec/ec_ameth.c 3
openssl111/crypto/asn1/i2d_pr.c 1
openssl111/ssl/ssl_asn1.c 4
openssl111/ssl/ssl_sess.c 2
openssl111/ssl/ssl_init.c 8
openssl111/ssl/ssl_ciph.c 11
openssl111/include/openssl/ssl.h 6
openssl111/crypto/comp/comp_lib.c 2
openssl111/ssl/s3_lib.c 3
openssl111/ssl/ssl_err.c 1
openssl111/ssl/ssl_lib.c 3
openssl111/crypto/x509/x_x509.c 1
openssl111/ssl/ssl_txt.c 1
openssl111/crypto/evp/e_null.c 1
openssl111/crypto/x509/x509_txt.c 1

Fuzzer: server_111

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2158 51.4%
gold [1:9] 779 18.5%
yellow [10:29] 46 1.09%
greenyellow [30:49] 15 0.35%
lawngreen 50+ 1198 28.5%
All colors 4196 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
26168 29743 8 :

['d2i_X509_SIG', 'X509_SIG_free', 'PKCS8_decrypt', 'PEM_def_callback', 'EVP_PKEY_free', 'PKCS8_PRIV_KEY_INFO_free', 'EVP_PKCS82PKEY', 'OPENSSL_cleanse']

26168 36813 PEM_read_bio_PrivateKey call site: 02446 /src/openssl111/crypto/pem/pem_pkey.c:51
19882 19892 6 :

['verify_cb_cert', 'internal_verify', 'check_name_constraints', 'X509v3_asid_validate_path', 'X509v3_addr_validate_path', 'X509_chain_check_suiteb']

19882 19892 verify_chain call site: 00000 /src/openssl111/crypto/x509/x509_vfy.c:222
14188 24886 11 :

['ssl_security', 'DH_free', 'EVP_PKEY_security_bits', 'DH_get0_pqg', 'EVP_PKEY_new', 'ssl_dh_to_pkey', 'EVP_PKEY_assign', 'DH_get0_key', 'ssl_generate_pkey', 'ssl_get_auto_dh', 'EVP_PKEY_get0_DH']

14190 168837 tls_construct_server_key_exchange call site: 00000 /src/openssl111/ssl/statem/statem_srvr.c:2527
13447 68493 14 :

['X509_free', 'X509_up_ref', 'find_issuer', 'ERR_put_error', 'sk_X509_value.19362', 'sk_X509_delete_ptr', 'check_dane_issuer', 'sk_X509_push.19373', 'sk_X509_pop.19382', 'X509_cmp', 'ossl_assert_int.19380', 'sk_X509_set', 'get_issuer', 'cert_self_signed']

17543 82253 build_chain call site: 00000 /src/openssl111/crypto/x509/x509_vfy.c:3203
11134 14738 4 :

['SSL_CTX_remove_session', 'ssl_update_cache', 'ssl3_cleanup_key_block', 'dtls1_clear_received_buffer']

11134 14742 tls_finish_handshake call site: 00000 /src/openssl111/ssl/statem/statem_lib.c:1073
10501 13975 3 :

['ASN1_INTEGER_get', 'PROXY_CERT_INFO_EXTENSION_free', 'X509_get_ext_by_NID']

10501 72601 x509v3_cache_extensions call site: 03606 /src/openssl111/crypto/x509v3/v3_purp.c:425
7528 14935 9 :

['X509_up_ref', 'X509_OBJECT_idx_by_subject', 'X509_STORE_lock', 'X509_get_subject_name', 'X509_NAME_cmp', 'x509_check_cert_time', 'sk_X509_OBJECT_value', 'sk_X509_OBJECT_num', 'X509_STORE_unlock']

7528 22077 X509_STORE_CTX_get1_issuer call site: 00000 /src/openssl111/crypto/x509/x509_lu.c:689
7372 85955 13 :

['BN_is_zero', 'BN_copy', 'BN_mod_lshift1_quick', 'BN_mod_mul', 'BN_rshift1', 'BN_priv_rand', 'BN_is_one', 'BN_num_bits', 'BN_nnmod', 'BN_sub_word', 'BN_ucmp', 'BN_set_word', 'BN_kronecker']

7372 141079 BN_mod_sqrt call site: 00000 /src/openssl111/crypto/bn/bn_sqrt.c:85
7366 7368 5 :

['sk_X509_NAME_num.1901', 'EVP_PKEY_id', 'sk_X509_num.1896', 'sk_X509_value.1895', 'ssl_check_ca_name']

7366 7372 tls1_check_chain call site: 00000 /src/openssl111/ssl/t1_lib.c:2340
7290 7290 2 :

['RAND_DRBG_get0_private', 'RAND_DRBG_bytes']

7290 7290 RAND_priv_bytes call site: 03165 /src/openssl111/crypto/rand/rand_lib.c:930
7268 28127 10 :

['EVP_DecryptInit_ex', 'EVP_BytesToKey', 'PEM_def_callback', 'ERR_put_error', 'EVP_md5', 'EVP_CIPHER_CTX_free', 'EVP_CIPHER_CTX_new', 'EVP_DecryptUpdate', 'OPENSSL_cleanse', 'EVP_DecryptFinal_ex']

7268 28127 PEM_do_header call site: 01899 /src/openssl111/crypto/pem/pem_lib.c:427
6963 6963 2 :

['tls1_set_sigalgs_list', 'tls1_set_groups_list']

6963 6963 SSL_CTX_ctrl call site: 03494 /src/openssl111/ssl/ssl_lib.c:2313

Runtime coverage analysis

Covered functions
2161
Functions that are reachable but not covered
598
Reachable functions
1570
Percentage of reachable functions covered
61.91%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl111/fuzz/driver.c 1
openssl111/fuzz/server.c 2
openssl111/ssl/methods.c 1
openssl111/ssl/ssl_lib.c 36
openssl111/crypto/err/err.c 30
openssl111/crypto/init.c 46
openssl111/crypto/mem.c 7
openssl111/crypto/threads_pthread.c 14
openssl111/crypto/async/async.c 17
openssl111/crypto/async/async_local.h 4
openssl111/crypto/stack/stack.c 12
openssl111/crypto/async/arch/async_posix.c 3
openssl111/crypto/rand/drbg_lib.c 20
openssl111/crypto/rand/rand_lib.c 17
openssl111/crypto/mem_sec.c 18
openssl111/crypto/cryptlib.c 6
openssl111/crypto/ex_data.c 10
openssl111/crypto/comp/c_zlib.c 2
openssl111/crypto/rand/rand_unix.c 6
openssl111/crypto/engine/eng_init.c 4
openssl111/crypto/engine/eng_lib.c 23
openssl111/include/internal/refcount.h 2
openssl111/crypto/engine/tb_pkmeth.c 4
openssl111/crypto/evp/pmeth_lib.c 4
openssl111/crypto/engine/tb_asnmth.c 9
openssl111/crypto/asn1/ameth_lib.c 9
openssl111/crypto/engine/eng_list.c 10
openssl111/include/internal/cryptlib.h 7
openssl111/include/openssl/crypto.h 6
openssl111/crypto/conf/conf_mod.c 15
openssl111/include/openssl/conf.h 18
openssl111/crypto/dso/dso_lib.c 8
openssl111/crypto/engine/eng_local.h 14
openssl111/crypto/store/store_init.c 1
openssl111/crypto/store/store_register.c 1
openssl111/crypto/store/store_local.h 2
openssl111/crypto/lhash/lhash.c 11
openssl111/crypto/bio/bio_lib.c 18
openssl111/crypto/bio/b_sock.c 1
openssl111/crypto/evp/names.c 5
openssl111/crypto/objects/o_names.c 10
openssl111/crypto/objects/obj_local.h 18
openssl111/crypto/mem_dbg.c 1
openssl111/crypto/ctype.c 2
openssl111/crypto/evp/evp_pbe.c 6
openssl111/crypto/evp/evp_local.h 3
openssl111/crypto/objects/obj_xref.c 5
openssl111/crypto/objects/obj_xref.h 4
openssl111/include/crypto/evp.h 1
openssl111/crypto/objects/obj_dat.c 22
openssl111/crypto/asn1/a_object.c 6
openssl111/include/openssl/err.h 5
openssl111/crypto/err/err_all.c 1
openssl111/crypto/evp/c_allc.c 1
openssl111/crypto/evp/e_des.c 6
openssl111/crypto/evp/e_des3.c 11
openssl111/crypto/evp/e_xcbc_d.c 1
openssl111/crypto/evp/e_rc4.c 2
openssl111/crypto/evp/e_rc4_hmac_md5.c 1
openssl111/crypto/evp/e_idea.c 4
openssl111/crypto/evp/e_seed.c 4
openssl111/crypto/evp/e_sm4.c 5
openssl111/crypto/evp/e_rc2.c 6
openssl111/crypto/evp/e_bf.c 4
openssl111/crypto/evp/e_cast.c 4
openssl111/crypto/evp/e_rc5.c 4
openssl111/crypto/evp/e_aes.c 38
openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c 2
openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c 2
openssl111/crypto/evp/e_aria.c 27
openssl111/crypto/evp/e_camellia.c 21
openssl111/crypto/evp/e_chacha20_poly1305.c 2
openssl111/crypto/evp/c_alld.c 1
openssl111/crypto/evp/m_md4.c 1
openssl111/crypto/evp/m_md5.c 1
openssl111/crypto/evp/m_md5_sha1.c 1
openssl111/crypto/evp/m_sha1.c 7
openssl111/crypto/evp/m_mdc2.c 1
openssl111/crypto/evp/m_ripemd.c 1
openssl111/crypto/evp/m_wp.c 1
openssl111/crypto/sm3/m_sm3.c 1
openssl111/crypto/blake2/m_blake2b.c 1
openssl111/crypto/blake2/m_blake2s.c 1
openssl111/crypto/evp/m_sha3.c 6
openssl111/crypto/conf/conf_sap.c 2
openssl111/crypto/conf/conf_mall.c 1
openssl111/crypto/asn1/asn_moid.c 3
openssl111/crypto/o_str.c 8
openssl111/crypto/conf/conf_lib.c 8
openssl111/crypto/conf/conf_api.c 3
openssl111/crypto/bn/bn_lib.c 18
openssl111/crypto/bn/bn_local.h 1
openssl111/crypto/bn/bn_word.c 4
openssl111/crypto/bn/asm/x86_64-gcc.c 2
openssl111/include/internal/constant_time.h 4
openssl111/crypto/bn/bn_shift.c 2
openssl111/crypto/asn1/asn1_lib.c 13
openssl111/crypto/objects/obj_lib.c 1
openssl111/crypto/asn1/asn_mstbl.c 3
openssl111/crypto/x509v3/v3_utl.c 6
openssl111/crypto/asn1/asn1_gen.c 3
openssl111/crypto/asn1/tasn_dec.c 13
openssl111/crypto/engine/eng_openssl.c 20
openssl111/crypto/engine/eng_rdrand.c 4
openssl111/crypto/engine/tb_rand.c 6
openssl111/crypto/engine/eng_dyn.c 12
openssl111/include/openssl/safestack.h 7
openssl111/crypto/dso/dso_dlfcn.c 1
openssl111/engines/e_padlock.c 1
openssl111/engines/e_afalg.c 28
openssl111/engines/e_afalg_err.c 3
openssl111/crypto/evp/cmeth_lib.c 8
openssl111/crypto/evp/evp_lib.c 29
openssl111/crypto/evp/evp_enc.c 14
openssl111/crypto/engine/eng_fat.c 5
openssl111/crypto/engine/tb_cipher.c 7
openssl111/crypto/engine/eng_table.c 8
openssl111/crypto/engine/tb_digest.c 5
openssl111/crypto/engine/tb_rsa.c 4
openssl111/crypto/engine/tb_dsa.c 4
openssl111/crypto/engine/tb_dh.c 4
openssl111/crypto/engine/tb_eckey.c 4
openssl111/crypto/async/async_wait.c 5
openssl111/crypto/async/arch/async_posix.h 1
openssl111/crypto/rsa/rsa_ossl.c 1
openssl111/crypto/dsa/dsa_ossl.c 1
openssl111/crypto/ec/ec_kmeth.c 1
openssl111/crypto/dh/dh_key.c 1
openssl111/crypto/sha/sha_local.h 1
openssl111/include/crypto/md32_common.h 2
openssl111/crypto/engine/eng_pkey.c 1
openssl111/crypto/bio/bss_file.c 3
openssl111/crypto/o_fopen.c 1
openssl111/crypto/pem/pem_pkey.c 1
openssl111/crypto/pem/pem_lib.c 15
openssl111/crypto/bio/bss_mem.c 2
openssl111/crypto/evp/encode.c 7
openssl111/include/crypto/asn1.h 3
openssl111/crypto/evp/evp_key.c 3
openssl111/crypto/ui/ui_lib.c 11
openssl111/crypto/ui/ui_openssl.c 1
openssl111/crypto/ui/ui_null.c 1
openssl111/include/openssl/ui.h 5
openssl111/crypto/err/err_prn.c 2
openssl111/crypto/bio/b_print.c 9
openssl111/crypto/evp/digest.c 8
openssl111/crypto/evp/p_lib.c 19
openssl111/include/openssl/x509.h 14
openssl111/crypto/x509/x_attrib.c 1
openssl111/crypto/asn1/tasn_fre.c 5
openssl111/include/openssl/asn1t.h 7
openssl111/crypto/asn1/tasn_utl.c 10
openssl111/crypto/asn1/a_int.c 11
openssl111/crypto/asn1/p8_pkey.c 3
openssl111/crypto/buffer/buffer.c 4
openssl111/crypto/asn1/tasn_typ.c 7
openssl111/crypto/asn1/tasn_new.c 8
openssl111/crypto/asn1/a_type.c 1
openssl111/crypto/asn1/a_bitstr.c 2
openssl111/crypto/evp/evp_pkey.c 1
openssl111/crypto/bn/bn_print.c 1
openssl111/crypto/asn1/x_sig.c 3
openssl111/crypto/pkcs12/p12_p8d.c 1
openssl111/crypto/pkcs12/p12_decr.c 2
openssl111/crypto/asn1/d2i_pr.c 3
openssl111/crypto/asn1/a_strnid.c 6
openssl111/include/openssl/asn1.h 11
openssl111/crypto/engine/eng_cnf.c 5
openssl111/crypto/engine/eng_ctrl.c 6
openssl111/crypto/getenv.c 1
openssl111/crypto/evp/evp_cnf.c 2
openssl111/crypto/conf/conf_ssl.c 6
openssl111/crypto/engine/eng_all.c 1
openssl111/crypto/conf/conf_def.c 1
openssl111/crypto/x509/x509_def.c 1
openssl111/crypto/bn/bn_err.c 1
openssl111/crypto/rsa/rsa_err.c 1
openssl111/crypto/dh/dh_err.c 1
openssl111/crypto/evp/evp_err.c 1
openssl111/crypto/buffer/buf_err.c 1
openssl111/crypto/objects/obj_err.c 1
openssl111/crypto/pem/pem_err.c 1
openssl111/crypto/dsa/dsa_err.c 1
openssl111/crypto/x509/x509_err.c 1
openssl111/crypto/asn1/asn1_err.c 1
openssl111/crypto/conf/conf_err.c 1
openssl111/crypto/cpt_err.c 1
openssl111/crypto/comp/comp_err.c 1
openssl111/crypto/ec/ec_err.c 1
openssl111/crypto/bio/bio_err.c 1
openssl111/crypto/pkcs7/pkcs7err.c 1
openssl111/crypto/x509v3/v3err.c 1
openssl111/crypto/pkcs12/pk12err.c 1
openssl111/crypto/rand/rand_err.c 1
openssl111/crypto/dso/dso_err.c 1
openssl111/crypto/ts/ts_err.c 1
openssl111/crypto/engine/eng_err.c 1
openssl111/crypto/ocsp/ocsp_err.c 1
openssl111/crypto/ui/ui_err.c 1
openssl111/crypto/cms/cms_err.c 1
openssl111/crypto/ct/ct_err.c 1
openssl111/crypto/async/async_err.c 1
openssl111/crypto/kdf/kdf_err.c 1
openssl111/crypto/store/store_err.c 1
openssl111/ssl/ssl_init.c 8
openssl111/ssl/ssl_ciph.c 23
openssl111/include/openssl/ssl.h 15
openssl111/crypto/comp/comp_lib.c 3
openssl111/ssl/s3_lib.c 3
openssl111/ssl/ssl_err.c 1
openssl111/ssl/ssl_cert.c 16
openssl111/ssl/ssl_local.h 7
openssl111/crypto/x509/x509_lu.c 8
openssl111/include/openssl/x509_vfy.h 7
openssl111/crypto/x509/x509_cmp.c 9
openssl111/crypto/x509/x_name.c 5
openssl111/crypto/asn1/tasn_enc.c 8
openssl111/crypto/x509/x509_vpm.c 10
openssl111/crypto/ct/ct_log.c 3
openssl111/include/openssl/ct.h 3
openssl111/crypto/rand/drbg_ctr.c 1
openssl111/ssl/tls_srp.c 2
openssl111/ssl/ssl_mcnf.c 2
openssl111/ssl/ssl_conf.c 13
openssl111/ssl/ssl_rsa.c 7
openssl111/crypto/x509/x_all.c 2
openssl111/crypto/asn1/a_d2i_fp.c 2
openssl111/crypto/x509/x_pubkey.c 2
openssl111/crypto/x509/x_x509.c 2
openssl111/ssl/ssl_sess.c 7
openssl111/crypto/x509/x_crl.c 1
openssl111/ssl/statem/extensions_cust.c 4
openssl111/ssl/t1_lib.c 11
openssl111/crypto/ec/ec_curve.c 1
openssl111/ssl/statem/statem_lib.c 1
openssl111/crypto/rsa/rsa_asn1.c 1
openssl111/crypto/x509v3/v3_purp.c 12
openssl111/crypto/asn1/a_digest.c 1
openssl111/crypto/x509/x509_set.c 6
openssl111/crypto/x509/x509_ext.c 4
openssl111/crypto/x509v3/v3_lib.c 6
openssl111/crypto/x509/x509_v3.c 5
openssl111/include/openssl/x509v3.h 8
openssl111/crypto/x509v3/v3_bcons.c 1
openssl111/crypto/x509v3/v3_pcia.c 1
openssl111/crypto/asn1/a_octet.c 1
openssl111/crypto/x509v3/v3_crld.c 1
openssl111/crypto/asn1/a_dup.c 1
openssl111/crypto/x509/x509name.c 1
openssl111/crypto/ec/ec_key.c 3
openssl111/crypto/pem/pem_all.c 4
openssl111/crypto/ec/ec_lib.c 3
openssl111/crypto/ec/ecp_nistz256.c 1
openssl111/crypto/ec/ecp_nistp224.c 1
openssl111/crypto/ec/ecp_nistp256.c 1
openssl111/crypto/ec/ecp_nistp521.c 1
openssl111/crypto/ec/ec_mult.c 1
openssl111/crypto/bn/bn_mont.c 1
openssl111/crypto/pem/pem_x509.c 1
openssl111/crypto/pem/pem_oth.c 1
openssl111/crypto/dsa/dsa_lib.c 2
openssl111/ssl/record/rec_layer_s3.c 6
openssl111/ssl/record/ssl3_record.c 2
openssl111/ssl/statem/statem.c 5
openssl111/ssl/record/ssl3_buffer.c 3
openssl111/ssl/record/rec_layer_d1.c 1
openssl111/ssl/pqueue.c 2
openssl111/include/internal/dane.h 1
openssl111/crypto/x509/x_exten.c 1
openssl111/include/openssl/ocsp.h 1
openssl111/crypto/ocsp/ocsp_asn.c 1
openssl111/crypto/ct/ct_sct.c 2

Fuzzer: pem

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4756 88.7%
gold [1:9] 392 7.31%
yellow [10:29] 33 0.61%
greenyellow [30:49] 8 0.14%
lawngreen 50+ 172 3.20%
All colors 5361 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
5924 11854 5 :

['EVP_RAND_CTX_free', 'CRYPTO_DOWN_REF.9536', 'CRYPTO_FREE_REF.9537', 'EVP_RAND_free', 'CRYPTO_free']

5924 11854 EVP_RAND_CTX_free call site: 05156 /src/openssl/crypto/evp/evp_rand.c:378
5924 5924 1 :

['ossl_rand_crng_ctx_free']

5924 5954 context_deinit_objs call site: 05200 /src/openssl/crypto/context.c:310
3455 3455 1 :

['ERR_put_error']

3455 3455 bio_read_intern call site: 02917 /src/openssl111/crypto/bio/bio_lib.c:280
3455 3455 1 :

['ERR_put_error']

3455 3455 mem_write call site: 00000 /src/openssl111/crypto/bio/bss_mem.c:227
3455 3455 1 :

['ERR_put_error']

3455 3455 BUF_MEM_new call site: 00000 /src/openssl111/crypto/buffer/buffer.c:36
6 12 2 :

['CRYPTO_malloc', 'sk_EX_CALLBACK_value']

20 35 ossl_crypto_new_ex_data_ex call site: 00895 /src/openssl/crypto/ex_data.c:239
6 12 3 :

['property_free', 'ossl_check_OPENSSL_CSTRING_sk_type.13567', 'OPENSSL_sk_pop']

6 17 ossl_property_string call site: 02310 /src/openssl/crypto/property/property_string.c:181
6 6 1 :

['sk_EX_CALLBACK_value']

6 11 ossl_crypto_free_ex_index_ex call site: 00000 /src/openssl/crypto/ex_data.c:127
0 17774 3 :

['ERR_set_error', 'ERR_new', 'ERR_set_debug']

0 17774 do_init_module_list_lock call site: 00482 /src/openssl/crypto/conf/conf_mod.c:102
0 5926 1 :

['ossl_method_store_free']

0 5926 ossl_method_store_new call site: 00197 /src/openssl/crypto/property/property.c:247
0 5926 1 :

['ossl_provider_store_free']

0 5926 ossl_provider_store_new call site: 05101 /src/openssl/crypto/provider_core.c:311
0 44 1 :

['ossl_property_string_data_free']

0 44 ossl_property_string_data_new call site: 05114 /src/openssl/crypto/property/property_string.c:111

Runtime coverage analysis

Covered functions
331
Functions that are reachable but not covered
1136
Reachable functions
1443
Percentage of reachable functions covered
21.28%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl/fuzz/driver.c 1
openssl/fuzz/pem.c 1
openssl/crypto/bio/bss_mem.c 3
openssl/crypto/bio/bio_lib.c 16
openssl/crypto/mem.c 6
openssl/crypto/err/err_blocks.c 4
openssl/crypto/err/err.c 30
openssl/crypto/init.c 40
openssl/crypto/err/err_local.h 6
openssl/crypto/threads_pthread.c 14
openssl/crypto/cpuid.c 4
openssl/crypto/ctype.c 3
openssl/crypto/initthread.c 21
openssl/crypto/stack/stack.c 19
openssl/crypto/err/err_save.c 1
openssl/crypto/comp/c_zlib.c 1
openssl/crypto/comp/c_brotli.c 1
openssl/crypto/comp/c_zstd.c 1
openssl/crypto/async/async.c 6
openssl/crypto/async/arch/async_posix.c 2
openssl/crypto/rand/rand_lib.c 11
openssl/providers/implementations/rands/seeding/rand_unix.c 4
openssl/crypto/engine/eng_init.c 4
openssl/crypto/cryptlib.c 2
openssl/crypto/engine/eng_lib.c 21
openssl/include/internal/refcount.h 4
openssl/crypto/engine/tb_pkmeth.c 7
openssl/crypto/evp/pmeth_lib.c 31
openssl/crypto/engine/tb_asnmth.c 8
openssl/crypto/asn1/ameth_lib.c 9
openssl/crypto/engine/eng_list.c 10
openssl/crypto/ex_data.c 12
openssl/crypto/context.c 16
openssl/crypto/property/property.c 29
openssl/crypto/sparse_array.c 1
openssl/crypto/provider_conf.c 14
openssl/crypto/evp/c_allc.c 1
openssl/crypto/evp/e_des.c 6
openssl/crypto/evp/names.c 9
openssl/crypto/objects/obj_dat.c 29
openssl/crypto/evp/c_alld.c 1
openssl/crypto/evp/legacy_md4.c 1
openssl/crypto/objects/o_names.c 12
openssl/crypto/objects/obj_local.h 18
openssl/crypto/lhash/lhash.c 13
openssl/crypto/evp/legacy_md5.c 1
openssl/crypto/evp/legacy_md5_sha1.c 1
openssl/crypto/evp/legacy_sha.c 13
openssl/crypto/evp/legacy_mdc2.c 1
openssl/crypto/evp/legacy_ripemd.c 1
openssl/crypto/evp/legacy_wp.c 1
openssl/crypto/sm3/legacy_sm3.c 1
openssl/crypto/evp/legacy_blake2.c 2
openssl/crypto/conf/conf_sap.c 2
openssl/crypto/conf/conf_mod.c 33
openssl/crypto/err/err_mark.c 3
openssl/crypto/getenv.c 1
openssl/crypto/o_str.c 14
openssl/crypto/x509/x509_def.c 1
openssl/crypto/bio/bio_print.c 9
openssl/include/internal/common.h 1
openssl/crypto/conf/conf_lib.c 10
openssl/crypto/conf/conf_def.c 1
openssl/include/openssl/err.h 4
openssl/crypto/conf/conf_api.c 3
openssl/include/openssl/conf.h 3
openssl/crypto/conf/conf_mall.c 1
openssl/crypto/asn1/asn_moid.c 3
openssl/crypto/bsearch.c 1
openssl/crypto/asn1/a_object.c 6
openssl/crypto/bn/bn_lib.c 26
openssl/crypto/bn/bn_local.h 1
openssl/crypto/mem_sec.c 18
openssl/crypto/bn/bn_word.c 4
openssl/crypto/bn/asm/x86_64-gcc.c 2
openssl/crypto/bn/bn_shift.c 2
openssl/crypto/asn1/asn1_lib.c 13
openssl/crypto/objects/obj_lib.c 1
openssl/crypto/asn1/asn_mstbl.c 3
openssl/crypto/x509/v3_utl.c 6
openssl/crypto/asn1/asn1_gen.c 3
openssl/crypto/asn1/tasn_dec.c 14
openssl/crypto/asn1/a_strnid.c 6
openssl/include/openssl/asn1.h 3
openssl/crypto/engine/eng_openssl.c 20
openssl/include/internal/cryptlib.h 7
openssl/include/openssl/crypto.h 2
openssl/crypto/evp/evp_lib.c 37
openssl/crypto/provider_core.c 49
openssl/crypto/engine/eng_rdrand.c 4
openssl/crypto/engine/tb_rand.c 4
openssl/crypto/engine/eng_local.h 14
openssl/crypto/engine/eng_dyn.c 12
openssl/crypto/dso/dso_lib.c 9
openssl/include/openssl/safestack.h 4
openssl/crypto/dso/dso_dlfcn.c 1
openssl/engines/e_padlock.c 22
openssl/crypto/engine/tb_cipher.c 7
openssl/crypto/evp/cmeth_lib.c 8
openssl/crypto/evp/evp_enc.c 26
openssl/crypto/params.c 48
openssl/crypto/evp/evp_utils.c 5
openssl/crypto/asn1/evp_asn1.c 1
openssl/crypto/asn1/tasn_typ.c 9
openssl/crypto/asn1/a_octet.c 1
openssl/crypto/asn1/a_type.c 1
openssl/crypto/asn1/tasn_fre.c 5
openssl/engines/e_afalg.c 28
openssl/engines/e_afalg_err.c 3
openssl/crypto/provider_local.h 4
openssl/crypto/provider_child.c 4
openssl/providers/implementations/rands/crngt.c 2
openssl/crypto/evp/digest.c 18
openssl/crypto/evp/evp_fetch.c 16
openssl/crypto/core_namemap.c 22
openssl/crypto/engine/eng_fat.c 5
openssl/crypto/engine/eng_table.c 8
openssl/crypto/engine/tb_digest.c 7
openssl/crypto/engine/tb_rsa.c 4
openssl/crypto/engine/tb_dsa.c 4
openssl/crypto/engine/tb_dh.c 4
openssl/crypto/engine/tb_eckey.c 4
openssl/include/crypto/asn1.h 3
openssl/crypto/core_fetch.c 3
openssl/crypto/core_algorithm.c 4
openssl/include/openssl/core_dispatch.h 79
openssl/crypto/encode_decode/decoder_pkey.c 27
openssl/crypto/async/async_wait.c 3
openssl/crypto/async/arch/async_posix.h 1
openssl/crypto/rsa/rsa_ossl.c 1
openssl/crypto/dsa/dsa_ossl.c 1
openssl/crypto/ec/ec_kmeth.c 1
openssl/crypto/dh/dh_key.c 1
openssl/crypto/rand/rand_meth.c 1
openssl/crypto/sha/sha_local.h 1
openssl/include/crypto/md32_common.h 2
openssl/crypto/engine/eng_pkey.c 1
openssl/crypto/bio/bss_file.c 2
openssl/crypto/o_fopen.c 1
openssl/crypto/pem/pem_pkey.c 5
openssl/crypto/bio/bf_readbuff.c 1
openssl/crypto/pem/pem_lib.c 15
openssl/crypto/evp/evp_key.c 3
openssl/crypto/ui/ui_lib.c 27
openssl/crypto/ui/ui_openssl.c 1
openssl/crypto/ui/ui_null.c 1
openssl/include/openssl/ui.h 2
openssl/crypto/err/err_prn.c 1
openssl/crypto/passphrase.c 9
openssl/crypto/encode_decode/decoder_meth.c 21
openssl/crypto/encode_decode/decoder_lib.c 27
openssl/crypto/evp/keymgmt_meth.c 19
openssl/crypto/provider.c 2
openssl/crypto/property/property_query.c 3
openssl/crypto/property/property_string.c 17
openssl/crypto/property/property_parse.c 25
openssl/crypto/encode_decode/encoder_local.h 6
openssl/crypto/evp/keymgmt_lib.c 13
openssl/crypto/evp/p_lib.c 19
openssl/include/crypto/evp.h 8
openssl/include/openssl/x509.h 1
openssl/crypto/x509/x_attrib.c 2
openssl/include/openssl/asn1t.h 2
openssl/crypto/asn1/tasn_utl.c 9
openssl/crypto/asn1/a_int.c 8
openssl/crypto/bio/ossl_core_bio.c 3
openssl/crypto/ui/ui_util.c 8
openssl/crypto/evp/encode.c 7
openssl/crypto/evp/m_sigver.c 7
openssl/crypto/evp/signature.c 9
openssl/crypto/evp/exchange.c 2
openssl/crypto/evp/kem.c 2
openssl/crypto/evp/asymcipher.c 2
openssl/crypto/evp/ctrl_params_translate.c 10
openssl/crypto/params_from_text.c 3
openssl/crypto/bn/bn_conv.c 4
openssl/crypto/asn1/p8_pkey.c 4
openssl/crypto/buffer/buffer.c 2
openssl/crypto/asn1/tasn_new.c 9
openssl/crypto/asn1/a_bitstr.c 1
openssl/crypto/evp/evp_pkey.c 1
openssl/crypto/asn1/x_sig.c 3
openssl/crypto/pkcs12/p12_p8d.c 2
openssl/crypto/pkcs12/p12_decr.c 2
openssl/crypto/evp/evp_pbe.c 6
openssl/crypto/evp/evp_local.h 4
openssl/crypto/asn1/d2i_pr.c 1
openssl/crypto/x509/x_pubkey.c 7
openssl/crypto/engine/eng_cnf.c 5
openssl/crypto/engine/eng_all.c 1
openssl/crypto/engine/eng_ctrl.c 7
openssl/crypto/evp/evp_cnf.c 2
openssl/crypto/conf/conf_ssl.c 3
openssl/crypto/encode_decode/encoder_meth.c 3
openssl/crypto/store/store_meth.c 3
openssl/crypto/evp/e_des3.c 11
openssl/crypto/evp/e_xcbc_d.c 1
openssl/crypto/evp/e_rc4.c 2
openssl/crypto/evp/e_rc4_hmac_md5.c 1
openssl/crypto/evp/e_idea.c 4
openssl/crypto/evp/e_seed.c 4
openssl/crypto/evp/e_sm4.c 5
openssl/crypto/evp/e_rc2.c 6
openssl/crypto/evp/e_bf.c 4
openssl/crypto/evp/e_cast.c 4
openssl/crypto/evp/e_rc5.c 4
openssl/crypto/evp/e_aes.c 38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c 2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c 2
openssl/crypto/evp/e_aria.c 27
openssl/crypto/evp/e_camellia.c 21
openssl/crypto/evp/e_chacha20_poly1305.c 2
openssl/crypto/err/err_all.c 1
openssl/crypto/bn/bn_err.c 1
openssl/crypto/rsa/rsa_err.c 1
openssl/crypto/dh/dh_err.c 1
openssl/crypto/evp/evp_err.c 1
openssl/crypto/buffer/buf_err.c 1
openssl/crypto/objects/obj_err.c 1
openssl/crypto/pem/pem_err.c 1
openssl/crypto/dsa/dsa_err.c 1
openssl/crypto/x509/x509_err.c 1
openssl/crypto/asn1/asn1_err.c 1
openssl/crypto/conf/conf_err.c 1
openssl/crypto/cpt_err.c 1
openssl/crypto/comp/comp_err.c 1
openssl/crypto/ec/ec_err.c 1
openssl/crypto/bio/bio_err.c 1
openssl/crypto/pkcs7/pkcs7err.c 1
openssl/crypto/x509/v3err.c 1
openssl/crypto/pkcs12/pk12err.c 1
openssl/crypto/rand/rand_err.c 1
openssl/crypto/dso/dso_err.c 1
openssl/crypto/ts/ts_err.c 1
openssl/crypto/engine/eng_err.c 1
openssl/crypto/http/http_err.c 1
openssl/crypto/ocsp/ocsp_err.c 1
openssl/crypto/ui/ui_err.c 1
openssl/crypto/cms/cms_err.c 1
openssl/crypto/crmf/crmf_err.c 1
openssl/crypto/cmp/cmp_err.c 1
openssl/crypto/ct/ct_err.c 1
openssl/crypto/ess/ess_err.c 1
openssl/crypto/async/async_err.c 1
openssl/crypto/store/store_err.c 1
openssl/crypto/property/property_err.c 1
openssl/providers/common/provider_err.c 1
openssl/crypto/property/defn_cache.c 5
openssl/crypto/bio/bss_core.c 2
openssl/providers/implementations/rands/drbg.c 2
openssl/crypto/self_test_core.c 2
openssl/crypto/thread/internal.c 2
openssl/crypto/thread/arch/thread_posix.c 4
openssl/crypto/evp/evp_rand.c 3
openssl/crypto/store/store_init.c 1
openssl/crypto/store/store_register.c 1
openssl/crypto/store/store_local.h 1
openssl/crypto/bio/bio_sock.c 1
openssl/crypto/objects/obj_xref.c 2
openssl/crypto/objects/obj_xref.h 2
openssl/crypto/cmp/cmp_util.c 1
openssl/crypto/trace.c 2

Fuzzer: ct_30

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4626 88.0%
gold [1:9] 316 6.01%
yellow [10:29] 27 0.51%
greenyellow [30:49] 5 0.09%
lawngreen 50+ 281 5.34%
All colors 5255 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
6016 6016 1 :

['ossl_asn1_template_free']

6016 6016 ossl_asn1_item_embed_free call site: 02267 /src/openssl/crypto/asn1/tasn_fre.c:48
3455 3465 3 :

['ERR_put_error', 'CRYPTO_malloc', 'CRYPTO_free']

3455 3465 i2o_SCT_signature call site: 05180 /src/openssl111/crypto/ct/ct_oct.c:176
3455 3461 2 :

['ERR_put_error', 'CRYPTO_malloc']

3455 6928 i2o_SCT call site: 05176 /src/openssl111/crypto/ct/ct_oct.c:223
3455 3455 1 :

['ASN1_STRING_new']

3455 6928 ossl_asn1_time_from_tm call site: 05113 /src/openssl/crypto/asn1/a_time.c:285
3455 3455 1 :

['ERR_put_error']

3455 3455 asn1_collect call site: 04904 /src/openssl111/crypto/asn1/tasn_dec.c:1052
3455 3455 1 :

['ERR_put_error']

3455 3455 BUF_MEM_grow_clean call site: 04913 /src/openssl111/crypto/buffer/buffer.c:136
3455 3455 1 :

['ERR_put_error']

3455 3455 i2o_SCT_LIST call site: 05166 /src/openssl111/crypto/ct/ct_oct.c:333
3455 3455 1 :

['ERR_put_error']

3455 3455 SCT_new call site: 05044 /src/openssl111/crypto/ct/ct_sct.c:26
3455 3455 1 :

['ERR_put_error']

3455 3455 SCT_set1_signature call site: 05052 /src/openssl111/crypto/ct/ct_sct.c:186
3452 3452 1 :

['sk_ENGINE_CLEANUP_ITEM_new_null']

3452 3452 int_cleanup_check call site: 00982 /src/openssl111/crypto/engine/eng_lib.c:118
104 104 1 :

['sec_alloc_realloc']

3559 3559 BUF_MEM_grow_clean call site: 04912 /src/openssl111/crypto/buffer/buffer.c:132
16 16 1 :

['CTLOG_STORE_get0_log_by_id']

18 21134 SCT_print call site: 05070 /src/openssl111/crypto/ct/ct_prn.c:75

Runtime coverage analysis

Covered functions
330
Functions that are reachable but not covered
1117
Reachable functions
1434
Percentage of reachable functions covered
22.11%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl30/fuzz/driver.c 1
openssl30/fuzz/ct.c 1
openssl30/crypto/ct/ct_oct.c 8
openssl30/crypto/asn1/tasn_typ.c 14
openssl30/crypto/asn1/tasn_dec.c 14
openssl30/crypto/err/err_blocks.c 2
openssl30/crypto/err/err.c 31
openssl30/crypto/init.c 39
openssl30/crypto/err/err_local.h 5
openssl30/crypto/mem.c 7
openssl30/crypto/threads_pthread.c 13
openssl30/crypto/cpuid.c 4
openssl30/crypto/ctype.c 4
openssl30/crypto/initthread.c 21
openssl30/crypto/stack/stack.c 16
openssl30/crypto/comp/c_zlib.c 1
openssl30/crypto/async/async.c 6
openssl30/crypto/rand/rand_lib.c 10
openssl30/providers/implementations/rands/seeding/rand_unix.c 4
openssl30/crypto/engine/eng_init.c 4
openssl30/crypto/cryptlib.c 2
openssl30/crypto/engine/eng_lib.c 21
openssl30/include/internal/refcount.h 2
openssl30/crypto/engine/tb_pkmeth.c 7
openssl30/crypto/evp/pmeth_lib.c 31
openssl30/crypto/engine/tb_asnmth.c 9
openssl30/crypto/asn1/ameth_lib.c 9
openssl30/crypto/engine/eng_list.c 10
openssl30/crypto/ex_data.c 14
openssl30/crypto/context.c 17
openssl30/include/internal/cryptlib.h 8
openssl30/include/openssl/crypto.h 2
openssl30/crypto/property/property_parse.c 25
openssl30/crypto/property/property_string.c 12
openssl30/crypto/lhash/lhash.c 12
openssl30/crypto/evp/evp_rand.c 3
openssl30/crypto/provider_core.c 43
openssl30/crypto/err/err_all.c 1
openssl30/include/openssl/err.h 4
openssl30/crypto/bn/bn_err.c 1
openssl30/crypto/rsa/rsa_err.c 1
openssl30/crypto/dh/dh_err.c 1
openssl30/crypto/evp/evp_err.c 1
openssl30/crypto/buffer/buf_err.c 1
openssl30/crypto/objects/obj_err.c 1
openssl30/crypto/pem/pem_err.c 1
openssl30/crypto/dsa/dsa_err.c 1
openssl30/crypto/x509/x509_err.c 1
openssl30/crypto/asn1/asn1_err.c 1
openssl30/crypto/conf/conf_err.c 1
openssl30/crypto/cpt_err.c 1
openssl30/crypto/comp/comp_err.c 1
openssl30/crypto/ec/ec_err.c 1
openssl30/crypto/bio/bio_err.c 1
openssl30/crypto/pkcs7/pkcs7err.c 1
openssl30/crypto/x509/v3err.c 1
openssl30/crypto/pkcs12/pk12err.c 1
openssl30/crypto/rand/rand_err.c 1
openssl30/crypto/dso/dso_err.c 1
openssl30/crypto/ts/ts_err.c 1
openssl30/crypto/engine/eng_err.c 1
openssl30/crypto/http/http_err.c 1
openssl30/crypto/ocsp/ocsp_err.c 1
openssl30/crypto/ui/ui_err.c 1
openssl30/crypto/cms/cms_err.c 1
openssl30/crypto/crmf/crmf_err.c 1
openssl30/crypto/cmp/cmp_err.c 1
openssl30/crypto/ct/ct_err.c 1
openssl30/crypto/ess/ess_err.c 1
openssl30/crypto/async/async_err.c 1
openssl30/crypto/store/store_err.c 1
openssl30/crypto/property/property_err.c 1
openssl30/providers/common/provider_err.c 1
openssl30/crypto/evp/c_allc.c 1
openssl30/crypto/evp/e_des.c 6
openssl30/crypto/evp/names.c 9
openssl30/crypto/objects/obj_dat.c 23
openssl30/crypto/evp/c_alld.c 1
openssl30/crypto/evp/legacy_md4.c 1
openssl30/crypto/objects/obj_local.h 18
openssl30/crypto/objects/o_names.c 12
openssl30/crypto/conf/conf_sap.c 2
openssl30/crypto/conf/conf_mod.c 33
openssl30/crypto/engine/eng_openssl.c 20
openssl30/crypto/evp/evp_lib.c 37
openssl30/crypto/dso/dso_lib.c 9
openssl30/crypto/provider_local.h 4
openssl30/crypto/provider_child.c 2
openssl30/crypto/evp/cmeth_lib.c 8
openssl30/crypto/evp/evp_enc.c 24
openssl30/crypto/rsa/rsa_ossl.c 1
openssl30/crypto/engine/tb_rsa.c 4
openssl30/crypto/dsa/dsa_ossl.c 1
openssl30/crypto/engine/tb_dsa.c 4
openssl30/crypto/ec/ec_kmeth.c 1
openssl30/crypto/engine/tb_eckey.c 4
openssl30/crypto/dh/dh_key.c 1
openssl30/crypto/engine/tb_dh.c 4
openssl30/crypto/rand/rand_meth.c 1
openssl30/crypto/engine/tb_rand.c 4
openssl30/crypto/engine/tb_cipher.c 7
openssl30/crypto/params.c 47
openssl30/crypto/evp/evp_utils.c 5
openssl30/crypto/engine/tb_digest.c 7
openssl30/crypto/evp/digest.c 17
openssl30/crypto/sha/sha_local.h 1
openssl30/include/crypto/md32_common.h 2
openssl30/crypto/engine/eng_pkey.c 1
openssl30/crypto/bio/bss_file.c 2
openssl30/crypto/o_fopen.c 1
openssl30/crypto/bio/bio_lib.c 16
openssl30/crypto/pem/pem_pkey.c 5
openssl30/crypto/bio/bf_readbuff.c 1
openssl30/crypto/pem/pem_lib.c 15
openssl30/crypto/evp/evp_key.c 3
openssl30/crypto/ui/ui_lib.c 27
openssl30/crypto/ui/ui_openssl.c 1
openssl30/crypto/ui/ui_null.c 1
openssl30/include/openssl/ui.h 2
openssl30/crypto/err/err_prn.c 1
openssl30/crypto/o_str.c 12
openssl30/crypto/bio/bio_print.c 11
openssl30/crypto/passphrase.c 9
openssl30/crypto/encode_decode/decoder_pkey.c 13
openssl30/crypto/encode_decode/decoder_meth.c 16
openssl30/crypto/encode_decode/decoder_lib.c 23
openssl30/crypto/evp/keymgmt_meth.c 21
openssl30/crypto/evp/evp_fetch.c 16
openssl30/crypto/core_namemap.c 19
openssl30/crypto/engine/eng_rdrand.c 4
openssl30/crypto/engine/eng_local.h 14
openssl30/crypto/engine/eng_dyn.c 12
openssl30/include/openssl/safestack.h 4
openssl30/crypto/dso/dso_dlfcn.c 1
openssl30/engines/e_padlock.c 22
openssl30/crypto/asn1/evp_asn1.c 1
openssl30/crypto/asn1/asn1_lib.c 14
openssl30/crypto/asn1/a_octet.c 1
openssl30/crypto/asn1/a_type.c 1
openssl30/crypto/asn1/tasn_fre.c 5
openssl30/crypto/asn1/a_object.c 6
openssl30/engines/e_afalg.c 27
openssl30/engines/e_afalg_err.c 3
openssl30/crypto/engine/eng_fat.c 5
openssl30/crypto/engine/eng_table.c 8
openssl30/crypto/async/async_wait.c 3
openssl30/crypto/async/arch/async_posix.h 1
openssl30/crypto/bsearch.c 1
openssl30/crypto/bn/bn_word.c 4
openssl30/crypto/bn/bn_lib.c 23
openssl30/crypto/bn/bn_local.h 1
openssl30/crypto/mem_sec.c 18
openssl30/crypto/bn/bn_shift.c 2
openssl30/crypto/bn/bn_conv.c 4
openssl30/include/internal/constant_time.h 4
openssl30/crypto/bn/asm/x86_64-gcc.c 2
openssl30/include/crypto/asn1.h 3
openssl30/crypto/property/property.c 25
openssl30/crypto/sparse_array.c 1
openssl30/crypto/core_fetch.c 3
openssl30/crypto/core_algorithm.c 4
openssl30/crypto/getenv.c 1
openssl30/include/openssl/core_dispatch.h 81
openssl30/crypto/provider.c 2
openssl30/crypto/property/property_query.c 3
openssl30/crypto/encode_decode/encoder_local.h 5
openssl30/crypto/evp/keymgmt_lib.c 14
openssl30/crypto/evp/p_lib.c 19
openssl30/include/crypto/evp.h 8
openssl30/include/openssl/x509.h 1
openssl30/crypto/x509/x_attrib.c 2
openssl30/include/openssl/asn1t.h 2
openssl30/crypto/asn1/tasn_utl.c 13
openssl30/crypto/asn1/a_int.c 10
openssl30/crypto/bio/bss_mem.c 3
openssl30/crypto/bio/ossl_core_bio.c 3
openssl30/crypto/ui/ui_util.c 8
openssl30/crypto/evp/encode.c 7
openssl30/crypto/evp/legacy_md5.c 1
openssl30/crypto/evp/m_sigver.c 7
openssl30/crypto/evp/signature.c 9
openssl30/crypto/evp/exchange.c 2
openssl30/crypto/evp/kem.c 2
openssl30/crypto/evp/asymcipher.c 2
openssl30/crypto/evp/ctrl_params_translate.c 10
openssl30/crypto/params_from_text.c 3
openssl30/crypto/asn1/p8_pkey.c 4
openssl30/crypto/evp/evp_pkey.c 1
openssl30/crypto/asn1/x_sig.c 3
openssl30/crypto/pkcs12/p12_p8d.c 2
openssl30/crypto/pkcs12/p12_decr.c 2
openssl30/crypto/evp/evp_pbe.c 6
openssl30/crypto/evp/evp_local.h 3
openssl30/crypto/asn1/d2i_pr.c 1
openssl30/crypto/x509/x_pubkey.c 7
openssl30/crypto/x509/x509_def.c 1
openssl30/crypto/conf/conf_lib.c 10
openssl30/crypto/conf/conf_def.c 1
openssl30/crypto/conf/conf_api.c 3
openssl30/include/openssl/conf.h 3
openssl30/crypto/conf/conf_mall.c 1
openssl30/crypto/asn1/asn_moid.c 3
openssl30/crypto/objects/obj_lib.c 1
openssl30/crypto/asn1/asn_mstbl.c 3
openssl30/crypto/x509/v3_utl.c 6
openssl30/crypto/asn1/asn1_gen.c 3
openssl30/crypto/asn1/a_strnid.c 6
openssl30/include/openssl/asn1.h 3
openssl30/crypto/engine/eng_cnf.c 5
openssl30/crypto/engine/eng_all.c 1
openssl30/crypto/engine/eng_ctrl.c 7
openssl30/crypto/evp/evp_cnf.c 2
openssl30/crypto/conf/conf_ssl.c 3
openssl30/crypto/provider_conf.c 10
openssl30/crypto/encode_decode/encoder_meth.c 3
openssl30/crypto/store/store_meth.c 3
openssl30/crypto/evp/legacy_md5_sha1.c 1
openssl30/crypto/evp/legacy_sha.c 13
openssl30/crypto/evp/legacy_mdc2.c 1
openssl30/crypto/evp/legacy_ripemd.c 1
openssl30/crypto/evp/legacy_wp.c 1
openssl30/crypto/sm3/legacy_sm3.c 1
openssl30/crypto/evp/legacy_blake2.c 2
openssl30/crypto/evp/e_des3.c 11
openssl30/crypto/evp/e_xcbc_d.c 1
openssl30/crypto/evp/e_rc4.c 2
openssl30/crypto/evp/e_rc4_hmac_md5.c 1
openssl30/crypto/evp/e_idea.c 4
openssl30/crypto/evp/e_seed.c 4
openssl30/crypto/evp/e_sm4.c 5
openssl30/crypto/evp/e_rc2.c 6
openssl30/crypto/evp/e_bf.c 4
openssl30/crypto/evp/e_cast.c 4
openssl30/crypto/evp/e_rc5.c 4
openssl30/crypto/evp/e_aes.c 38
openssl30/crypto/evp/e_aes_cbc_hmac_sha1.c 2
openssl30/crypto/evp/e_aes_cbc_hmac_sha256.c 2
openssl30/crypto/evp/e_aria.c 27
openssl30/crypto/evp/e_camellia.c 21
openssl30/crypto/evp/e_chacha20_poly1305.c 2
openssl30/crypto/store/store_init.c 1
openssl30/crypto/store/store_register.c 1
openssl30/crypto/store/store_local.h 1
openssl30/crypto/bio/bio_sock.c 1
openssl30/crypto/objects/obj_xref.c 2
openssl30/crypto/objects/obj_xref.h 2
openssl30/crypto/cmp/cmp_util.c 1
openssl30/crypto/trace.c 2
openssl30/crypto/buffer/buffer.c 2
openssl30/crypto/asn1/tasn_new.c 9
openssl30/crypto/asn1/a_bitstr.c 2
openssl30/include/openssl/ct.h 3
openssl30/crypto/ct/ct_sct.c 7
openssl30/crypto/bio/bss_null.c 1
openssl30/crypto/ct/ct_prn.c 4
openssl30/crypto/ct/ct_log.c 2
openssl30/crypto/bio/bio_dump.c 1
openssl30/crypto/asn1/a_gentm.c 5
openssl30/crypto/o_time.c 5
openssl30/crypto/asn1/a_time.c 8
openssl30/crypto/asn1/tasn_enc.c 8
openssl30/crypto/asn1/asn1_local.h 3

Fuzzer: cms_30

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 3141 60.6%
gold [1:9] 853 16.4%
yellow [10:29] 82 1.58%
greenyellow [30:49] 18 0.34%
lawngreen 50+ 1089 21.0%
All colors 5183 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
9914 9914 2 :

['ec_GF2m_simple_oct2point', 'ec_GFp_simple_oct2point']

9914 9914 EC_POINT_oct2point call site: 00000 /src/openssl111/crypto/ec/ec_oct.c:113
9386 9386 2 :

['conf_diagnostics', 'CONF_modules_load']

9386 16308 CONF_modules_load_file_ex call site: 03829 /src/openssl/crypto/conf/conf_mod.c:206
8805 8805 2 :

['ec_GF2m_simple_set_compressed_coordinates', 'ec_GFp_simple_set_compressed_coordinates']

8805 8805 EC_POINT_set_compressed_coordinates call site: 00000 /src/openssl111/crypto/ec/ec_oct.c:32
6157 6161 2 :

['ossl_cipher_tlsunpadblock', 'CRYPTO_free']

6157 112805 ossl_cipher_generic_block_update call site: 00000 /src/openssl/providers/implementations/ciphers/ciphercommon.c:252
5960 5960 1 :

['ossl_dh_key2buf']

5960 18059 dh_get_params call site: 00000 /src/openssl/providers/implementations/keymgmt/dh_kmgmt.c:328
5947 5947 1 :

['OSSL_PARAM_set_long']

5947 5947 ossl_param_build_set_long call site: 00000 /src/openssl/crypto/param_build_set.c:39
5942 118642 6 :

['ERR_set_error', 'ERR_new', 'OSSL_PARAM_get_size_t', 'OSSL_PARAM_locate_const', 'ERR_set_debug', 'OSSL_PARAM_get_uint']

5942 118642 ossl_cipher_generic_set_ctx_params call site: 00000 /src/openssl/providers/implementations/ciphers/ciphercommon.c:596
5937 5937 1 :

['OSSL_PARAM_BLD_push_int']

5937 5937 ossl_param_build_set_int call site: 00000 /src/openssl/crypto/param_build_set.c:25
5937 5937 1 :

['OSSL_PARAM_BLD_push_long']

5937 5937 ossl_param_build_set_long call site: 00000 /src/openssl/crypto/param_build_set.c:36
5936 5936 1 :

['OSSL_PARAM_BLD_push_utf8_string']

5936 5936 ossl_param_build_set_utf8_string call site: 00000 /src/openssl/crypto/param_build_set.c:47
5935 5935 1 :

['OSSL_PARAM_BLD_push_octet_string']

5935 5935 ossl_param_build_set_octet_string call site: 00000 /src/openssl/crypto/param_build_set.c:60
5933 5933 1 :

['ossl_property_merge']

5933 6001 ossl_method_store_fetch call site: 00000 /src/openssl/crypto/property/property.c:526

Runtime coverage analysis

Covered functions
2210
Functions that are reachable but not covered
574
Reachable functions
1408
Percentage of reachable functions covered
59.23%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl30/fuzz/driver.c 1
openssl30/fuzz/cms.c 1
openssl30/crypto/bio/bss_mem.c 3
openssl30/crypto/bio/bio_lib.c 16
openssl30/crypto/mem.c 7
openssl30/crypto/err/err_blocks.c 2
openssl30/crypto/err/err.c 31
openssl30/crypto/init.c 39
openssl30/crypto/err/err_local.h 5
openssl30/crypto/threads_pthread.c 13
openssl30/crypto/cpuid.c 4
openssl30/crypto/ctype.c 3
openssl30/crypto/initthread.c 21
openssl30/crypto/stack/stack.c 16
openssl30/crypto/comp/c_zlib.c 1
openssl30/crypto/async/async.c 6
openssl30/crypto/rand/rand_lib.c 10
openssl30/providers/implementations/rands/seeding/rand_unix.c 4
openssl30/crypto/engine/eng_init.c 4
openssl30/crypto/cryptlib.c 2
openssl30/crypto/engine/eng_lib.c 21
openssl30/include/internal/refcount.h 2
openssl30/crypto/engine/tb_pkmeth.c 7
openssl30/crypto/evp/pmeth_lib.c 31
openssl30/crypto/engine/tb_asnmth.c 9
openssl30/crypto/asn1/ameth_lib.c 9
openssl30/crypto/engine/eng_list.c 10
openssl30/crypto/ex_data.c 14
openssl30/crypto/context.c 17
openssl30/include/internal/cryptlib.h 8
openssl30/include/openssl/crypto.h 2
openssl30/crypto/property/property_parse.c 25
openssl30/crypto/property/property_string.c 12
openssl30/crypto/lhash/lhash.c 12
openssl30/crypto/evp/evp_rand.c 3
openssl30/crypto/provider_core.c 43
openssl30/crypto/err/err_all.c 1
openssl30/include/openssl/err.h 4
openssl30/crypto/bn/bn_err.c 1
openssl30/crypto/rsa/rsa_err.c 1
openssl30/crypto/dh/dh_err.c 1
openssl30/crypto/evp/evp_err.c 1
openssl30/crypto/buffer/buf_err.c 1
openssl30/crypto/objects/obj_err.c 1
openssl30/crypto/pem/pem_err.c 1
openssl30/crypto/dsa/dsa_err.c 1
openssl30/crypto/x509/x509_err.c 1
openssl30/crypto/asn1/asn1_err.c 1
openssl30/crypto/conf/conf_err.c 1
openssl30/crypto/cpt_err.c 1
openssl30/crypto/comp/comp_err.c 1
openssl30/crypto/ec/ec_err.c 1
openssl30/crypto/bio/bio_err.c 1
openssl30/crypto/pkcs7/pkcs7err.c 1
openssl30/crypto/x509/v3err.c 1
openssl30/crypto/pkcs12/pk12err.c 1
openssl30/crypto/rand/rand_err.c 1
openssl30/crypto/dso/dso_err.c 1
openssl30/crypto/ts/ts_err.c 1
openssl30/crypto/engine/eng_err.c 1
openssl30/crypto/http/http_err.c 1
openssl30/crypto/ocsp/ocsp_err.c 1
openssl30/crypto/ui/ui_err.c 1
openssl30/crypto/cms/cms_err.c 1
openssl30/crypto/crmf/crmf_err.c 1
openssl30/crypto/cmp/cmp_err.c 1
openssl30/crypto/ct/ct_err.c 1
openssl30/crypto/ess/ess_err.c 1
openssl30/crypto/async/async_err.c 1
openssl30/crypto/store/store_err.c 1
openssl30/crypto/property/property_err.c 1
openssl30/providers/common/provider_err.c 1
openssl30/crypto/evp/c_allc.c 1
openssl30/crypto/evp/e_des.c 6
openssl30/crypto/evp/names.c 9
openssl30/crypto/objects/obj_dat.c 23
openssl30/crypto/evp/c_alld.c 1
openssl30/crypto/evp/legacy_md4.c 1
openssl30/crypto/objects/obj_local.h 18
openssl30/crypto/objects/o_names.c 12
openssl30/crypto/conf/conf_sap.c 2
openssl30/crypto/conf/conf_mod.c 33
openssl30/crypto/engine/eng_openssl.c 20
openssl30/crypto/evp/evp_lib.c 37
openssl30/crypto/dso/dso_lib.c 9
openssl30/crypto/provider_local.h 4
openssl30/crypto/provider_child.c 2
openssl30/crypto/evp/cmeth_lib.c 8
openssl30/crypto/evp/evp_enc.c 24
openssl30/crypto/rsa/rsa_ossl.c 1
openssl30/crypto/engine/tb_rsa.c 4
openssl30/crypto/dsa/dsa_ossl.c 1
openssl30/crypto/engine/tb_dsa.c 4
openssl30/crypto/ec/ec_kmeth.c 1
openssl30/crypto/engine/tb_eckey.c 4
openssl30/crypto/dh/dh_key.c 1
openssl30/crypto/engine/tb_dh.c 4
openssl30/crypto/rand/rand_meth.c 1
openssl30/crypto/engine/tb_rand.c 4
openssl30/crypto/engine/tb_cipher.c 7
openssl30/crypto/params.c 47
openssl30/crypto/evp/evp_utils.c 5
openssl30/crypto/engine/tb_digest.c 7
openssl30/crypto/evp/digest.c 17
openssl30/crypto/sha/sha_local.h 1
openssl30/include/crypto/md32_common.h 2
openssl30/crypto/engine/eng_pkey.c 1
openssl30/crypto/bio/bss_file.c 2
openssl30/crypto/o_fopen.c 1
openssl30/crypto/pem/pem_pkey.c 5
openssl30/crypto/bio/bf_readbuff.c 1
openssl30/crypto/pem/pem_lib.c 15
openssl30/crypto/evp/evp_key.c 3
openssl30/crypto/ui/ui_lib.c 27
openssl30/crypto/ui/ui_openssl.c 1
openssl30/crypto/ui/ui_null.c 1
openssl30/include/openssl/ui.h 2
openssl30/crypto/err/err_prn.c 1
openssl30/crypto/o_str.c 12
openssl30/crypto/bio/bio_print.c 9
openssl30/crypto/passphrase.c 9
openssl30/crypto/encode_decode/decoder_pkey.c 13
openssl30/crypto/encode_decode/decoder_meth.c 16
openssl30/crypto/encode_decode/decoder_lib.c 23
openssl30/crypto/evp/keymgmt_meth.c 21
openssl30/crypto/evp/evp_fetch.c 16
openssl30/crypto/core_namemap.c 19
openssl30/crypto/engine/eng_rdrand.c 4
openssl30/crypto/engine/eng_local.h 14
openssl30/crypto/engine/eng_dyn.c 12
openssl30/include/openssl/safestack.h 4
openssl30/crypto/dso/dso_dlfcn.c 1
openssl30/engines/e_padlock.c 22
openssl30/crypto/asn1/evp_asn1.c 1
openssl30/crypto/asn1/tasn_typ.c 9
openssl30/crypto/asn1/asn1_lib.c 12
openssl30/crypto/asn1/a_octet.c 1
openssl30/crypto/asn1/a_type.c 1
openssl30/crypto/asn1/tasn_fre.c 5
openssl30/crypto/asn1/a_object.c 6
openssl30/engines/e_afalg.c 27
openssl30/engines/e_afalg_err.c 3
openssl30/crypto/engine/eng_fat.c 5
openssl30/crypto/engine/eng_table.c 8
openssl30/crypto/async/async_wait.c 3
openssl30/crypto/async/arch/async_posix.h 1
openssl30/crypto/bsearch.c 1
openssl30/crypto/bn/bn_word.c 4
openssl30/crypto/bn/bn_lib.c 23
openssl30/crypto/bn/bn_local.h 1
openssl30/crypto/mem_sec.c 18
openssl30/crypto/bn/bn_shift.c 2
openssl30/crypto/bn/bn_conv.c 4
openssl30/include/internal/constant_time.h 4
openssl30/crypto/bn/asm/x86_64-gcc.c 2
openssl30/include/crypto/asn1.h 3
openssl30/crypto/property/property.c 25
openssl30/crypto/sparse_array.c 1
openssl30/crypto/core_fetch.c 3
openssl30/crypto/core_algorithm.c 4
openssl30/crypto/getenv.c 1
openssl30/include/openssl/core_dispatch.h 81
openssl30/crypto/provider.c 2
openssl30/crypto/property/property_query.c 3
openssl30/crypto/encode_decode/encoder_local.h 5
openssl30/crypto/evp/keymgmt_lib.c 14
openssl30/crypto/evp/p_lib.c 19
openssl30/include/crypto/evp.h 8
openssl30/include/openssl/x509.h 1
openssl30/crypto/x509/x_attrib.c 2
openssl30/include/openssl/asn1t.h 2
openssl30/crypto/asn1/tasn_utl.c 13
openssl30/crypto/asn1/a_int.c 10
openssl30/crypto/bio/ossl_core_bio.c 3
openssl30/crypto/ui/ui_util.c 8
openssl30/crypto/evp/encode.c 7
openssl30/crypto/evp/legacy_md5.c 1
openssl30/crypto/evp/m_sigver.c 7
openssl30/crypto/evp/signature.c 9
openssl30/crypto/evp/exchange.c 2
openssl30/crypto/evp/kem.c 2
openssl30/crypto/evp/asymcipher.c 2
openssl30/crypto/evp/ctrl_params_translate.c 10
openssl30/crypto/params_from_text.c 3
openssl30/crypto/asn1/p8_pkey.c 4
openssl30/crypto/asn1/tasn_dec.c 14
openssl30/crypto/buffer/buffer.c 4
openssl30/crypto/asn1/tasn_new.c 9
openssl30/crypto/asn1/a_bitstr.c 2
openssl30/crypto/evp/evp_pkey.c 1
openssl30/crypto/asn1/x_sig.c 3
openssl30/crypto/pkcs12/p12_p8d.c 2
openssl30/crypto/pkcs12/p12_decr.c 2
openssl30/crypto/evp/evp_pbe.c 6
openssl30/crypto/evp/evp_local.h 3
openssl30/crypto/asn1/d2i_pr.c 1
openssl30/crypto/x509/x_pubkey.c 7
openssl30/crypto/x509/x509_def.c 1
openssl30/crypto/conf/conf_lib.c 10
openssl30/crypto/conf/conf_def.c 1
openssl30/crypto/conf/conf_api.c 3
openssl30/include/openssl/conf.h 3
openssl30/crypto/conf/conf_mall.c 1
openssl30/crypto/asn1/asn_moid.c 3
openssl30/crypto/objects/obj_lib.c 1
openssl30/crypto/asn1/asn_mstbl.c 3
openssl30/crypto/x509/v3_utl.c 6
openssl30/crypto/asn1/asn1_gen.c 3
openssl30/crypto/asn1/a_strnid.c 6
openssl30/include/openssl/asn1.h 3
openssl30/crypto/engine/eng_cnf.c 5
openssl30/crypto/engine/eng_all.c 1
openssl30/crypto/engine/eng_ctrl.c 7
openssl30/crypto/evp/evp_cnf.c 2
openssl30/crypto/conf/conf_ssl.c 3
openssl30/crypto/provider_conf.c 10
openssl30/crypto/encode_decode/encoder_meth.c 3
openssl30/crypto/store/store_meth.c 3
openssl30/crypto/evp/legacy_md5_sha1.c 1
openssl30/crypto/evp/legacy_sha.c 13
openssl30/crypto/evp/legacy_mdc2.c 1
openssl30/crypto/evp/legacy_ripemd.c 1
openssl30/crypto/evp/legacy_wp.c 1
openssl30/crypto/sm3/legacy_sm3.c 1
openssl30/crypto/evp/legacy_blake2.c 2
openssl30/crypto/evp/e_des3.c 11
openssl30/crypto/evp/e_xcbc_d.c 1
openssl30/crypto/evp/e_rc4.c 2
openssl30/crypto/evp/e_rc4_hmac_md5.c 1
openssl30/crypto/evp/e_idea.c 4
openssl30/crypto/evp/e_seed.c 4
openssl30/crypto/evp/e_sm4.c 5
openssl30/crypto/evp/e_rc2.c 6
openssl30/crypto/evp/e_bf.c 4
openssl30/crypto/evp/e_cast.c 4
openssl30/crypto/evp/e_rc5.c 4
openssl30/crypto/evp/e_aes.c 38
openssl30/crypto/evp/e_aes_cbc_hmac_sha1.c 2
openssl30/crypto/evp/e_aes_cbc_hmac_sha256.c 2
openssl30/crypto/evp/e_aria.c 27
openssl30/crypto/evp/e_camellia.c 21
openssl30/crypto/evp/e_chacha20_poly1305.c 2
openssl30/crypto/store/store_init.c 1
openssl30/crypto/store/store_register.c 1
openssl30/crypto/store/store_local.h 1
openssl30/crypto/bio/bio_sock.c 1
openssl30/crypto/objects/obj_xref.c 2
openssl30/crypto/objects/obj_xref.h 2
openssl30/crypto/cmp/cmp_util.c 1
openssl30/crypto/trace.c 2
openssl30/crypto/cms/cms_io.c 2
openssl30/crypto/cms/cms_lib.c 6
openssl30/crypto/cms/cms_asn1.c 1
openssl30/crypto/asn1/a_d2i_fp.c 2
openssl30/crypto/cms/cms_sd.c 3
openssl30/include/openssl/cms.h 2
openssl30/crypto/cms/cms_env.c 6
openssl30/crypto/x509/x_x509.c 1
openssl30/crypto/cms/cms_local.h 2
openssl30/crypto/bio/bss_null.c 1
openssl30/crypto/asn1/a_i2d_fp.c 1
openssl30/crypto/asn1/tasn_enc.c 8
openssl30/crypto/asn1/asn1_local.h 3

Fuzzer: crl_111

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2335 73.7%
gold [1:9] 144 4.55%
yellow [10:29] 36 1.13%
greenyellow [30:49] 4 0.12%
lawngreen 50+ 645 20.3%
All colors 3164 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
7150 10608 3 :

['ENGINE_finish', 'EVP_PKEY_free', 'CRYPTO_free']

7150 10608 EVP_PKEY_CTX_free call site: 02069 /src/openssl111/crypto/evp/pmeth_lib.c:354
6926 6926 2 :

['ENGINE_get_pkey_asn1_meth_engine', 'ENGINE_get_pkey_asn1_meth']

6926 6926 EVP_PKEY_asn1_find call site: 02207 /src/openssl111/crypto/asn1/ameth_lib.c:88
3462 3462 1 :

['EVP_PKEY_CTX_ctrl']

3462 3462 EVP_DigestInit_ex call site: 02048 /src/openssl111/crypto/evp/digest.c:149
3458 6923 4 :

['engine_unlocked_finish', 'CRYPTO_THREAD_unlock', 'ERR_put_error', 'CRYPTO_THREAD_write_lock']

3458 6923 ENGINE_finish call site: 00167 /src/openssl111/crypto/engine/eng_init.c:99
3456 6910 2 :

['ENGINE_finish', 'ENGINE_get_digest']

6918 17312 EVP_DigestInit_ex call site: 02031 /src/openssl111/crypto/evp/digest.c:107
3456 3456 1 :

['ENGINE_init']

10374 24223 EVP_DigestInit_ex call site: 02029 /src/openssl111/crypto/evp/digest.c:98
3455 3455 1 :

['ASN1_STRING_new']

3455 6928 asn1_time_from_tm call site: 00000 /src/openssl111/crypto/asn1/a_time.c:283
3454 3454 1 :

['ENGINE_register_all_complete']

3454 3459 OPENSSL_init_crypto call site: 00014 /src/openssl111/crypto/init.c:737
3452 3452 1 :

['drbg_delete_thread_state']

3452 3456 ossl_init_thread_stop call site: 00042 /src/openssl111/crypto/init.c:440
104 104 1 :

['sec_alloc_realloc']

104 3559 BUF_MEM_grow call site: 02874 /src/openssl111/crypto/buffer/buffer.c:94
104 104 1 :

['sec_alloc_realloc']

104 3559 BUF_MEM_grow_clean call site: 02690 /src/openssl111/crypto/buffer/buffer.c:132
76 76 1 :

['CRYPTO_secure_malloc']

76 76 CRYPTO_secure_zalloc call site: 00881 /src/openssl111/crypto/mem_sec.c:143

Runtime coverage analysis

Covered functions
630
Functions that are reachable but not covered
688
Reachable functions
1081
Percentage of reachable functions covered
36.36%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
openssl111/fuzz/driver.c 1
openssl111/fuzz/crl.c 1
openssl111/crypto/x509/x_crl.c 3
openssl111/crypto/asn1/tasn_dec.c 13
openssl111/crypto/err/err.c 31
openssl111/crypto/init.c 45
openssl111/crypto/mem.c 7
openssl111/crypto/threads_pthread.c 13
openssl111/crypto/async/async.c 10
openssl111/crypto/async/async_local.h 2
openssl111/crypto/stack/stack.c 12
openssl111/crypto/async/arch/async_posix.c 2
openssl111/crypto/rand/drbg_lib.c 4
openssl111/crypto/rand/rand_lib.c 5
openssl111/crypto/mem_sec.c 18
openssl111/crypto/cryptlib.c 6
openssl111/crypto/ex_data.c 10
openssl111/crypto/comp/c_zlib.c 1
openssl111/crypto/