Project overview: openssl
High level conclusions
Reachability and coverage overview
Project functions overview
The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.
For further technical details on the meaning of columns in the below table, please see the Glossary .
| Func name | Functions filename | Args | Function call depth | Reached by Fuzzers | Fuzzers runtime hit | Func lines hit % | I Count | BB Count | Cyclomatic complexity | Functions reached | Reached by functions | Accumulated cyclomatic complexity | Undiscovered complexity |
|---|
Fuzzer details
Fuzzer: conf_111
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 2516 | 88.9% |
| gold | [1:9] | 172 | 6.08% |
| yellow | [10:29] | 1 | 0.03% |
| greenyellow | [30:49] | 3 | 0.10% |
| lawngreen | 50+ | 135 | 4.77% |
| All colors | 2827 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 3454 | 3454 |
1 :
['ENGINE_register_all_complete'] |
3454 | 3459 | OPENSSL_init_crypto | call site: 00012 | /src/openssl111/crypto/init.c:737 |
| 3452 | 3452 |
1 :
['drbg_delete_thread_state'] |
3452 | 3456 | ossl_init_thread_stop | call site: 00040 | /src/openssl111/crypto/init.c:440 |
| 104 | 104 |
1 :
['sec_alloc_realloc'] |
104 | 3559 | BUF_MEM_grow | call site: 00000 | /src/openssl111/crypto/buffer/buffer.c:94 |
| 104 | 104 |
1 :
['sec_alloc_realloc'] |
104 | 3559 | BUF_MEM_grow_clean | call site: 02236 | /src/openssl111/crypto/buffer/buffer.c:132 |
| 80 | 80 |
1 :
['CRYPTO_secure_clear_free'] |
80 | 84 | BUF_MEM_free | call site: 00000 | /src/openssl111/crypto/buffer/buffer.c:48 |
| 47 | 56 |
6 :
['lh_OBJ_NAME_doall', 'lh_OBJ_NAME_free', 'CRYPTO_THREAD_lock_free', 'lh_OBJ_NAME_get_down_load', 'sk_NAME_FUNCS_pop_free', 'lh_OBJ_NAME_set_down_load'] |
47 | 56 | OBJ_NAME_cleanup | call site: 00286 | /src/openssl111/crypto/objects/o_names.c:393 |
| 46 | 46 |
1 :
['async_delete_thread_state'] |
3498 | 3523 | ossl_init_thread_stop | call site: 00017 | /src/openssl111/crypto/init.c:424 |
| 45 | 45 |
3 :
['lh_ADDED_OBJ_set_down_load', 'lh_ADDED_OBJ_doall', 'lh_ADDED_OBJ_free'] |
45 | 45 | obj_cleanup_int | call site: 00338 | /src/openssl111/crypto/objects/obj_dat.c:155 |
| 33 | 33 |
2 :
['ossl_strtouint64', 'ossl_strchr'] |
37 | 37 | OPENSSL_cpuid_setup | call site: 02804 | /src/openssl111/crypto/cryptlib.c:108 |
| 14 | 14 |
1 :
['bio_call_callback'] |
14 | 3489 | BIO_free | call site: 01809 | /src/openssl111/crypto/bio/bio_lib.c:125 |
| 14 | 14 |
1 :
['bio_call_callback'] |
14 | 14 | BIO_gets | call site: 01739 | /src/openssl111/crypto/bio/bio_lib.c:465 |
| 14 | 14 |
1 :
['bio_call_callback'] |
14 | 14 | BIO_ctrl | call site: 01714 | /src/openssl111/crypto/bio/bio_lib.c:530 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl111/fuzz/driver.c | 1 |
| openssl111/fuzz/conf.c | 1 |
| openssl111/crypto/conf/conf_lib.c | 9 |
| openssl111/crypto/conf/conf_def.c | 1 |
| openssl111/crypto/err/err.c | 30 |
| openssl111/crypto/init.c | 45 |
| openssl111/crypto/mem.c | 7 |
| openssl111/crypto/threads_pthread.c | 13 |
| openssl111/crypto/async/async.c | 10 |
| openssl111/crypto/async/async_local.h | 2 |
| openssl111/crypto/stack/stack.c | 10 |
| openssl111/crypto/async/arch/async_posix.c | 2 |
| openssl111/crypto/rand/drbg_lib.c | 4 |
| openssl111/crypto/rand/rand_lib.c | 5 |
| openssl111/crypto/mem_sec.c | 18 |
| openssl111/crypto/cryptlib.c | 6 |
| openssl111/crypto/ex_data.c | 10 |
| openssl111/crypto/comp/c_zlib.c | 1 |
| openssl111/crypto/rand/rand_unix.c | 4 |
| openssl111/crypto/engine/eng_init.c | 4 |
| openssl111/crypto/engine/eng_lib.c | 23 |
| openssl111/include/internal/refcount.h | 2 |
| openssl111/crypto/engine/tb_pkmeth.c | 4 |
| openssl111/crypto/evp/pmeth_lib.c | 4 |
| openssl111/crypto/engine/tb_asnmth.c | 9 |
| openssl111/crypto/asn1/ameth_lib.c | 8 |
| openssl111/crypto/engine/eng_list.c | 10 |
| openssl111/include/internal/cryptlib.h | 7 |
| openssl111/include/openssl/crypto.h | 6 |
| openssl111/crypto/conf/conf_mod.c | 15 |
| openssl111/include/openssl/conf.h | 18 |
| openssl111/crypto/dso/dso_lib.c | 8 |
| openssl111/crypto/engine/eng_local.h | 14 |
| openssl111/crypto/store/store_init.c | 1 |
| openssl111/crypto/store/store_register.c | 1 |
| openssl111/crypto/store/store_local.h | 2 |
| openssl111/crypto/lhash/lhash.c | 11 |
| openssl111/crypto/bio/bio_lib.c | 12 |
| openssl111/crypto/bio/b_sock.c | 1 |
| openssl111/crypto/evp/names.c | 5 |
| openssl111/crypto/objects/o_names.c | 10 |
| openssl111/crypto/objects/obj_local.h | 18 |
| openssl111/crypto/mem_dbg.c | 1 |
| openssl111/crypto/ctype.c | 2 |
| openssl111/crypto/evp/evp_pbe.c | 6 |
| openssl111/crypto/evp/evp_local.h | 3 |
| openssl111/crypto/objects/obj_xref.c | 2 |
| openssl111/crypto/objects/obj_xref.h | 2 |
| openssl111/include/crypto/evp.h | 1 |
| openssl111/crypto/objects/obj_dat.c | 22 |
| openssl111/crypto/asn1/a_object.c | 6 |
| openssl111/include/openssl/err.h | 5 |
| openssl111/crypto/err/err_all.c | 1 |
| openssl111/crypto/evp/c_allc.c | 1 |
| openssl111/crypto/evp/e_des.c | 6 |
| openssl111/crypto/evp/e_des3.c | 11 |
| openssl111/crypto/evp/e_xcbc_d.c | 1 |
| openssl111/crypto/evp/e_rc4.c | 2 |
| openssl111/crypto/evp/e_rc4_hmac_md5.c | 1 |
| openssl111/crypto/evp/e_idea.c | 4 |
| openssl111/crypto/evp/e_seed.c | 4 |
| openssl111/crypto/evp/e_sm4.c | 5 |
| openssl111/crypto/evp/e_rc2.c | 6 |
| openssl111/crypto/evp/e_bf.c | 4 |
| openssl111/crypto/evp/e_cast.c | 4 |
| openssl111/crypto/evp/e_rc5.c | 4 |
| openssl111/crypto/evp/e_aes.c | 38 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c | 2 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c | 2 |
| openssl111/crypto/evp/e_aria.c | 27 |
| openssl111/crypto/evp/e_camellia.c | 21 |
| openssl111/crypto/evp/e_chacha20_poly1305.c | 2 |
| openssl111/crypto/evp/c_alld.c | 1 |
| openssl111/crypto/evp/m_md4.c | 1 |
| openssl111/crypto/evp/m_md5.c | 1 |
| openssl111/crypto/evp/m_md5_sha1.c | 1 |
| openssl111/crypto/evp/m_sha1.c | 7 |
| openssl111/crypto/evp/m_mdc2.c | 1 |
| openssl111/crypto/evp/m_ripemd.c | 1 |
| openssl111/crypto/evp/m_wp.c | 1 |
| openssl111/crypto/sm3/m_sm3.c | 1 |
| openssl111/crypto/blake2/m_blake2b.c | 1 |
| openssl111/crypto/blake2/m_blake2s.c | 1 |
| openssl111/crypto/evp/m_sha3.c | 6 |
| openssl111/crypto/conf/conf_sap.c | 2 |
| openssl111/crypto/conf/conf_mall.c | 1 |
| openssl111/crypto/asn1/asn_moid.c | 3 |
| openssl111/crypto/o_str.c | 8 |
| openssl111/crypto/conf/conf_api.c | 3 |
| openssl111/crypto/bn/bn_lib.c | 17 |
| openssl111/crypto/bn/bn_local.h | 1 |
| openssl111/crypto/bn/bn_word.c | 4 |
| openssl111/crypto/bn/asm/x86_64-gcc.c | 2 |
| openssl111/include/internal/constant_time.h | 4 |
| openssl111/crypto/bn/bn_shift.c | 2 |
| openssl111/crypto/asn1/asn1_lib.c | 11 |
| openssl111/crypto/objects/obj_lib.c | 1 |
| openssl111/crypto/asn1/asn_mstbl.c | 3 |
| openssl111/crypto/x509v3/v3_utl.c | 6 |
| openssl111/crypto/asn1/asn1_gen.c | 3 |
| openssl111/crypto/asn1/tasn_dec.c | 13 |
| openssl111/crypto/engine/eng_openssl.c | 20 |
| openssl111/crypto/engine/eng_rdrand.c | 4 |
| openssl111/crypto/engine/tb_rand.c | 4 |
| openssl111/crypto/engine/eng_dyn.c | 12 |
| openssl111/include/openssl/safestack.h | 6 |
| openssl111/crypto/dso/dso_dlfcn.c | 1 |
| openssl111/engines/e_padlock.c | 1 |
| openssl111/engines/e_afalg.c | 28 |
| openssl111/engines/e_afalg_err.c | 3 |
| openssl111/crypto/evp/cmeth_lib.c | 8 |
| openssl111/crypto/evp/evp_lib.c | 28 |
| openssl111/crypto/evp/evp_enc.c | 14 |
| openssl111/crypto/engine/eng_fat.c | 5 |
| openssl111/crypto/engine/tb_cipher.c | 7 |
| openssl111/crypto/engine/eng_table.c | 8 |
| openssl111/crypto/engine/tb_digest.c | 5 |
| openssl111/crypto/engine/tb_rsa.c | 4 |
| openssl111/crypto/engine/tb_dsa.c | 4 |
| openssl111/crypto/engine/tb_dh.c | 4 |
| openssl111/crypto/engine/tb_eckey.c | 4 |
| openssl111/crypto/async/async_wait.c | 3 |
| openssl111/crypto/async/arch/async_posix.h | 1 |
| openssl111/crypto/rsa/rsa_ossl.c | 1 |
| openssl111/crypto/dsa/dsa_ossl.c | 1 |
| openssl111/crypto/ec/ec_kmeth.c | 1 |
| openssl111/crypto/dh/dh_key.c | 1 |
| openssl111/crypto/sha/sha_local.h | 1 |
| openssl111/include/crypto/md32_common.h | 2 |
| openssl111/crypto/engine/eng_pkey.c | 1 |
| openssl111/crypto/bio/bss_file.c | 2 |
| openssl111/crypto/o_fopen.c | 1 |
| openssl111/crypto/pem/pem_pkey.c | 1 |
| openssl111/crypto/pem/pem_lib.c | 14 |
| openssl111/crypto/bio/bss_mem.c | 2 |
| openssl111/crypto/evp/encode.c | 7 |
| openssl111/include/crypto/asn1.h | 3 |
| openssl111/crypto/evp/evp_key.c | 3 |
| openssl111/crypto/ui/ui_lib.c | 11 |
| openssl111/crypto/ui/ui_openssl.c | 1 |
| openssl111/crypto/ui/ui_null.c | 1 |
| openssl111/include/openssl/ui.h | 5 |
| openssl111/crypto/err/err_prn.c | 1 |
| openssl111/crypto/bio/b_print.c | 9 |
| openssl111/crypto/evp/digest.c | 7 |
| openssl111/crypto/evp/p_lib.c | 6 |
| openssl111/include/openssl/x509.h | 1 |
| openssl111/crypto/x509/x_attrib.c | 1 |
| openssl111/crypto/asn1/tasn_fre.c | 5 |
| openssl111/include/openssl/asn1t.h | 6 |
| openssl111/crypto/asn1/tasn_utl.c | 9 |
| openssl111/crypto/asn1/a_int.c | 8 |
| openssl111/crypto/asn1/p8_pkey.c | 3 |
| openssl111/crypto/buffer/buffer.c | 2 |
| openssl111/crypto/asn1/tasn_typ.c | 6 |
| openssl111/crypto/asn1/tasn_new.c | 8 |
| openssl111/crypto/asn1/a_type.c | 1 |
| openssl111/crypto/asn1/a_bitstr.c | 1 |
| openssl111/crypto/evp/evp_pkey.c | 1 |
| openssl111/crypto/bn/bn_print.c | 1 |
| openssl111/crypto/asn1/x_sig.c | 3 |
| openssl111/crypto/pkcs12/p12_p8d.c | 1 |
| openssl111/crypto/pkcs12/p12_decr.c | 2 |
| openssl111/crypto/asn1/d2i_pr.c | 1 |
| openssl111/crypto/asn1/a_strnid.c | 6 |
| openssl111/include/openssl/asn1.h | 4 |
| openssl111/crypto/engine/eng_cnf.c | 5 |
| openssl111/crypto/engine/eng_ctrl.c | 6 |
| openssl111/crypto/getenv.c | 1 |
| openssl111/crypto/evp/evp_cnf.c | 2 |
| openssl111/crypto/conf/conf_ssl.c | 3 |
| openssl111/crypto/engine/eng_all.c | 1 |
| openssl111/crypto/x509/x509_def.c | 1 |
| openssl111/crypto/bn/bn_err.c | 1 |
| openssl111/crypto/rsa/rsa_err.c | 1 |
| openssl111/crypto/dh/dh_err.c | 1 |
| openssl111/crypto/evp/evp_err.c | 1 |
| openssl111/crypto/buffer/buf_err.c | 1 |
| openssl111/crypto/objects/obj_err.c | 1 |
| openssl111/crypto/pem/pem_err.c | 1 |
| openssl111/crypto/dsa/dsa_err.c | 1 |
| openssl111/crypto/x509/x509_err.c | 1 |
| openssl111/crypto/asn1/asn1_err.c | 1 |
| openssl111/crypto/conf/conf_err.c | 1 |
| openssl111/crypto/cpt_err.c | 1 |
| openssl111/crypto/comp/comp_err.c | 1 |
| openssl111/crypto/ec/ec_err.c | 1 |
| openssl111/crypto/bio/bio_err.c | 1 |
| openssl111/crypto/pkcs7/pkcs7err.c | 1 |
| openssl111/crypto/x509v3/v3err.c | 1 |
| openssl111/crypto/pkcs12/pk12err.c | 1 |
| openssl111/crypto/rand/rand_err.c | 1 |
| openssl111/crypto/dso/dso_err.c | 1 |
| openssl111/crypto/ts/ts_err.c | 1 |
| openssl111/crypto/engine/eng_err.c | 1 |
| openssl111/crypto/ocsp/ocsp_err.c | 1 |
| openssl111/crypto/ui/ui_err.c | 1 |
| openssl111/crypto/cms/cms_err.c | 1 |
| openssl111/crypto/ct/ct_err.c | 1 |
| openssl111/crypto/async/async_err.c | 1 |
| openssl111/crypto/kdf/kdf_err.c | 1 |
| openssl111/crypto/store/store_err.c | 1 |
Fuzzer: cms_111
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 2247 | 77.0% |
| gold | [1:9] | 178 | 6.10% |
| yellow | [10:29] | 34 | 1.16% |
| greenyellow | [30:49] | 7 | 0.23% |
| lawngreen | 50+ | 451 | 15.4% |
| All colors | 2917 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 5391 | 5545 |
2 :
['EC_GROUP_free', 'EC_GROUP_new_from_ecpkparameters'] |
5391 | 16130 | d2i_ECPKParameters | call site: 00000 | /src/openssl111/crypto/ec/ec_asn1.c:960 |
| 4325 | 11535 |
9 :
['ED25519_public_from_private', 'CRYPTO_secure_malloc', 'X25519_public_from_private', 'RAND_priv_bytes', 'ERR_put_error', 'CRYPTO_secure_free', 'X448_public_from_private', 'ED448_public_from_private', 'CRYPTO_free'] |
4325 | 15103 | ecx_key_op | call site: 00000 | /src/openssl111/crypto/ec/ecx_meth.c:77 |
| 3959 | 7524 |
2 :
['rsa_mgf1_decode', 'RSA_PSS_PARAMS_free'] |
3959 | 7524 | rsa_pss_decode | call site: 00000 | /src/openssl111/crypto/rsa/rsa_ameth.c:441 |
| 3816 | 3816 |
1 :
['BN_mod_exp_recp'] |
3816 | 3816 | BN_mod_exp | call site: 00000 | /src/openssl111/crypto/bn/bn_exp.c:143 |
| 3729 | 3729 |
1 :
['bn_mod_inverse_no_branch'] |
3729 | 3729 | int_bn_mod_inverse | call site: 00000 | /src/openssl111/crypto/bn/bn_gcd.c:213 |
| 3665 | 3665 |
1 :
['rsa_multip_calc_product'] |
3665 | 3665 | rsa_cb | call site: 00000 | /src/openssl111/crypto/rsa/rsa_asn1.c:35 |
| 3594 | 3594 |
1 :
['rand_drbg_restart'] |
7063 | 27797 | RAND_DRBG_generate | call site: 00000 | /src/openssl111/crypto/rand/drbg_lib.c:573 |
| 3505 | 17383 |
9 :
['wait_random_seeded', 'rand_pool_entropy_available', '__errno_location', 'read', 'rand_pool_bytes_needed', 'get_random_device', 'rand_pool_add_end', 'rand_pool_add_begin', 'close_random_device'] |
3505 | 17383 | rand_pool_acquire_entropy | call site: 00000 | /src/openssl111/crypto/rand/rand_unix.c:662 |
| 3499 | 3499 |
1 :
['EVP_PKEY_asn1_find_str'] |
6955 | 17319 | pkey_set_type | call site: 02386 | /src/openssl111/crypto/evp/p_lib.c:201 |
| 3495 | 3495 |
1 :
['EVP_DecryptUpdate'] |
3495 | 3495 | EVP_CipherUpdate | call site: 02480 | /src/openssl111/crypto/evp/evp_enc.c:213 |
| 3484 | 3484 |
1 :
['RAND_bytes'] |
3484 | 6954 | bnrand | call site: 00000 | /src/openssl111/crypto/bn/bn_rand.c:50 |
| 3474 | 3474 |
1 :
['ASN1_INTEGER_get'] |
3474 | 10384 | asn1_do_adb | call site: 02104 | /src/openssl111/crypto/asn1/tasn_utl.c:219 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl111/fuzz/driver.c | 1 |
| openssl111/fuzz/cms.c | 1 |
| openssl111/crypto/bio/bss_mem.c | 2 |
| openssl111/crypto/bio/bio_lib.c | 12 |
| openssl111/crypto/mem.c | 7 |
| openssl111/crypto/err/err.c | 30 |
| openssl111/crypto/init.c | 45 |
| openssl111/crypto/threads_pthread.c | 13 |
| openssl111/crypto/async/async.c | 10 |
| openssl111/crypto/async/async_local.h | 2 |
| openssl111/crypto/stack/stack.c | 10 |
| openssl111/crypto/async/arch/async_posix.c | 2 |
| openssl111/crypto/rand/drbg_lib.c | 4 |
| openssl111/crypto/rand/rand_lib.c | 5 |
| openssl111/crypto/mem_sec.c | 18 |
| openssl111/crypto/cryptlib.c | 6 |
| openssl111/crypto/ex_data.c | 10 |
| openssl111/crypto/comp/c_zlib.c | 1 |
| openssl111/crypto/rand/rand_unix.c | 4 |
| openssl111/crypto/engine/eng_init.c | 4 |
| openssl111/crypto/engine/eng_lib.c | 23 |
| openssl111/include/internal/refcount.h | 2 |
| openssl111/crypto/engine/tb_pkmeth.c | 4 |
| openssl111/crypto/evp/pmeth_lib.c | 4 |
| openssl111/crypto/engine/tb_asnmth.c | 9 |
| openssl111/crypto/asn1/ameth_lib.c | 8 |
| openssl111/crypto/engine/eng_list.c | 10 |
| openssl111/include/internal/cryptlib.h | 7 |
| openssl111/include/openssl/crypto.h | 6 |
| openssl111/crypto/conf/conf_mod.c | 15 |
| openssl111/include/openssl/conf.h | 18 |
| openssl111/crypto/dso/dso_lib.c | 8 |
| openssl111/crypto/engine/eng_local.h | 14 |
| openssl111/crypto/store/store_init.c | 1 |
| openssl111/crypto/store/store_register.c | 1 |
| openssl111/crypto/store/store_local.h | 2 |
| openssl111/crypto/lhash/lhash.c | 11 |
| openssl111/crypto/bio/b_sock.c | 1 |
| openssl111/crypto/evp/names.c | 5 |
| openssl111/crypto/objects/o_names.c | 10 |
| openssl111/crypto/objects/obj_local.h | 18 |
| openssl111/crypto/mem_dbg.c | 1 |
| openssl111/crypto/ctype.c | 2 |
| openssl111/crypto/evp/evp_pbe.c | 6 |
| openssl111/crypto/evp/evp_local.h | 3 |
| openssl111/crypto/objects/obj_xref.c | 2 |
| openssl111/crypto/objects/obj_xref.h | 2 |
| openssl111/include/crypto/evp.h | 1 |
| openssl111/crypto/objects/obj_dat.c | 22 |
| openssl111/crypto/asn1/a_object.c | 6 |
| openssl111/include/openssl/err.h | 5 |
| openssl111/crypto/err/err_all.c | 1 |
| openssl111/crypto/evp/c_allc.c | 1 |
| openssl111/crypto/evp/e_des.c | 6 |
| openssl111/crypto/evp/e_des3.c | 11 |
| openssl111/crypto/evp/e_xcbc_d.c | 1 |
| openssl111/crypto/evp/e_rc4.c | 2 |
| openssl111/crypto/evp/e_rc4_hmac_md5.c | 1 |
| openssl111/crypto/evp/e_idea.c | 4 |
| openssl111/crypto/evp/e_seed.c | 4 |
| openssl111/crypto/evp/e_sm4.c | 5 |
| openssl111/crypto/evp/e_rc2.c | 6 |
| openssl111/crypto/evp/e_bf.c | 4 |
| openssl111/crypto/evp/e_cast.c | 4 |
| openssl111/crypto/evp/e_rc5.c | 4 |
| openssl111/crypto/evp/e_aes.c | 38 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c | 2 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c | 2 |
| openssl111/crypto/evp/e_aria.c | 27 |
| openssl111/crypto/evp/e_camellia.c | 21 |
| openssl111/crypto/evp/e_chacha20_poly1305.c | 2 |
| openssl111/crypto/evp/c_alld.c | 1 |
| openssl111/crypto/evp/m_md4.c | 1 |
| openssl111/crypto/evp/m_md5.c | 1 |
| openssl111/crypto/evp/m_md5_sha1.c | 1 |
| openssl111/crypto/evp/m_sha1.c | 7 |
| openssl111/crypto/evp/m_mdc2.c | 1 |
| openssl111/crypto/evp/m_ripemd.c | 1 |
| openssl111/crypto/evp/m_wp.c | 1 |
| openssl111/crypto/sm3/m_sm3.c | 1 |
| openssl111/crypto/blake2/m_blake2b.c | 1 |
| openssl111/crypto/blake2/m_blake2s.c | 1 |
| openssl111/crypto/evp/m_sha3.c | 6 |
| openssl111/crypto/conf/conf_sap.c | 2 |
| openssl111/crypto/conf/conf_mall.c | 1 |
| openssl111/crypto/asn1/asn_moid.c | 3 |
| openssl111/crypto/o_str.c | 8 |
| openssl111/crypto/conf/conf_lib.c | 8 |
| openssl111/crypto/conf/conf_api.c | 3 |
| openssl111/crypto/bn/bn_lib.c | 17 |
| openssl111/crypto/bn/bn_local.h | 1 |
| openssl111/crypto/bn/bn_word.c | 4 |
| openssl111/crypto/bn/asm/x86_64-gcc.c | 2 |
| openssl111/include/internal/constant_time.h | 4 |
| openssl111/crypto/bn/bn_shift.c | 2 |
| openssl111/crypto/asn1/asn1_lib.c | 12 |
| openssl111/crypto/objects/obj_lib.c | 1 |
| openssl111/crypto/asn1/asn_mstbl.c | 3 |
| openssl111/crypto/x509v3/v3_utl.c | 6 |
| openssl111/crypto/asn1/asn1_gen.c | 3 |
| openssl111/crypto/asn1/tasn_dec.c | 13 |
| openssl111/crypto/engine/eng_openssl.c | 20 |
| openssl111/crypto/engine/eng_rdrand.c | 4 |
| openssl111/crypto/engine/tb_rand.c | 4 |
| openssl111/crypto/engine/eng_dyn.c | 12 |
| openssl111/include/openssl/safestack.h | 6 |
| openssl111/crypto/dso/dso_dlfcn.c | 1 |
| openssl111/engines/e_padlock.c | 1 |
| openssl111/engines/e_afalg.c | 28 |
| openssl111/engines/e_afalg_err.c | 3 |
| openssl111/crypto/evp/cmeth_lib.c | 8 |
| openssl111/crypto/evp/evp_lib.c | 28 |
| openssl111/crypto/evp/evp_enc.c | 14 |
| openssl111/crypto/engine/eng_fat.c | 5 |
| openssl111/crypto/engine/tb_cipher.c | 7 |
| openssl111/crypto/engine/eng_table.c | 8 |
| openssl111/crypto/engine/tb_digest.c | 5 |
| openssl111/crypto/engine/tb_rsa.c | 4 |
| openssl111/crypto/engine/tb_dsa.c | 4 |
| openssl111/crypto/engine/tb_dh.c | 4 |
| openssl111/crypto/engine/tb_eckey.c | 4 |
| openssl111/crypto/async/async_wait.c | 3 |
| openssl111/crypto/async/arch/async_posix.h | 1 |
| openssl111/crypto/rsa/rsa_ossl.c | 1 |
| openssl111/crypto/dsa/dsa_ossl.c | 1 |
| openssl111/crypto/ec/ec_kmeth.c | 1 |
| openssl111/crypto/dh/dh_key.c | 1 |
| openssl111/crypto/sha/sha_local.h | 1 |
| openssl111/include/crypto/md32_common.h | 2 |
| openssl111/crypto/engine/eng_pkey.c | 1 |
| openssl111/crypto/bio/bss_file.c | 2 |
| openssl111/crypto/o_fopen.c | 1 |
| openssl111/crypto/pem/pem_pkey.c | 1 |
| openssl111/crypto/pem/pem_lib.c | 14 |
| openssl111/crypto/evp/encode.c | 7 |
| openssl111/include/crypto/asn1.h | 3 |
| openssl111/crypto/evp/evp_key.c | 3 |
| openssl111/crypto/ui/ui_lib.c | 11 |
| openssl111/crypto/ui/ui_openssl.c | 1 |
| openssl111/crypto/ui/ui_null.c | 1 |
| openssl111/include/openssl/ui.h | 5 |
| openssl111/crypto/err/err_prn.c | 1 |
| openssl111/crypto/bio/b_print.c | 9 |
| openssl111/crypto/evp/digest.c | 7 |
| openssl111/crypto/evp/p_lib.c | 6 |
| openssl111/include/openssl/x509.h | 1 |
| openssl111/crypto/x509/x_attrib.c | 1 |
| openssl111/crypto/asn1/tasn_fre.c | 5 |
| openssl111/include/openssl/asn1t.h | 7 |
| openssl111/crypto/asn1/tasn_utl.c | 10 |
| openssl111/crypto/asn1/a_int.c | 10 |
| openssl111/crypto/asn1/p8_pkey.c | 3 |
| openssl111/crypto/buffer/buffer.c | 4 |
| openssl111/crypto/asn1/tasn_typ.c | 6 |
| openssl111/crypto/asn1/tasn_new.c | 8 |
| openssl111/crypto/asn1/a_type.c | 1 |
| openssl111/crypto/asn1/a_bitstr.c | 2 |
| openssl111/crypto/evp/evp_pkey.c | 1 |
| openssl111/crypto/bn/bn_print.c | 1 |
| openssl111/crypto/asn1/x_sig.c | 3 |
| openssl111/crypto/pkcs12/p12_p8d.c | 1 |
| openssl111/crypto/pkcs12/p12_decr.c | 2 |
| openssl111/crypto/asn1/d2i_pr.c | 1 |
| openssl111/crypto/asn1/a_strnid.c | 6 |
| openssl111/include/openssl/asn1.h | 4 |
| openssl111/crypto/engine/eng_cnf.c | 5 |
| openssl111/crypto/engine/eng_ctrl.c | 6 |
| openssl111/crypto/getenv.c | 1 |
| openssl111/crypto/evp/evp_cnf.c | 2 |
| openssl111/crypto/conf/conf_ssl.c | 3 |
| openssl111/crypto/engine/eng_all.c | 1 |
| openssl111/crypto/conf/conf_def.c | 1 |
| openssl111/crypto/x509/x509_def.c | 1 |
| openssl111/crypto/bn/bn_err.c | 1 |
| openssl111/crypto/rsa/rsa_err.c | 1 |
| openssl111/crypto/dh/dh_err.c | 1 |
| openssl111/crypto/evp/evp_err.c | 1 |
| openssl111/crypto/buffer/buf_err.c | 1 |
| openssl111/crypto/objects/obj_err.c | 1 |
| openssl111/crypto/pem/pem_err.c | 1 |
| openssl111/crypto/dsa/dsa_err.c | 1 |
| openssl111/crypto/x509/x509_err.c | 1 |
| openssl111/crypto/asn1/asn1_err.c | 1 |
| openssl111/crypto/conf/conf_err.c | 1 |
| openssl111/crypto/cpt_err.c | 1 |
| openssl111/crypto/comp/comp_err.c | 1 |
| openssl111/crypto/ec/ec_err.c | 1 |
| openssl111/crypto/bio/bio_err.c | 1 |
| openssl111/crypto/pkcs7/pkcs7err.c | 1 |
| openssl111/crypto/x509v3/v3err.c | 1 |
| openssl111/crypto/pkcs12/pk12err.c | 1 |
| openssl111/crypto/rand/rand_err.c | 1 |
| openssl111/crypto/dso/dso_err.c | 1 |
| openssl111/crypto/ts/ts_err.c | 1 |
| openssl111/crypto/engine/eng_err.c | 1 |
| openssl111/crypto/ocsp/ocsp_err.c | 1 |
| openssl111/crypto/ui/ui_err.c | 1 |
| openssl111/crypto/cms/cms_err.c | 1 |
| openssl111/crypto/ct/ct_err.c | 1 |
| openssl111/crypto/async/async_err.c | 1 |
| openssl111/crypto/kdf/kdf_err.c | 1 |
| openssl111/crypto/store/store_err.c | 1 |
| openssl111/crypto/cms/cms_io.c | 2 |
| openssl111/crypto/asn1/a_d2i_fp.c | 2 |
| openssl111/crypto/bio/bss_null.c | 1 |
| openssl111/crypto/asn1/a_i2d_fp.c | 1 |
| openssl111/crypto/asn1/tasn_enc.c | 8 |
| openssl111/crypto/cms/cms_lib.c | 1 |
Fuzzer: asn1_111
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 2112 | 42.7% |
| gold | [1:9] | 788 | 15.9% |
| yellow | [10:29] | 56 | 1.13% |
| greenyellow | [30:49] | 29 | 0.58% |
| lawngreen | 50+ | 1954 | 39.5% |
| All colors | 4939 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 25826 | 60544 |
14 :
['BN_mod_mul_reciprocal', 'BN_RECP_CTX_init', 'BN_RECP_CTX_free', 'BN_is_zero', 'BN_is_bit_set', 'BN_copy', 'BN_RECP_CTX_set', 'BN_abs_is_word', 'BN_num_bits', 'BN_CTX_get', 'BN_nnmod', 'BN_CTX_end', 'BN_set_word', 'BN_CTX_start'] |
25826 | 60544 | BN_mod_exp_recp | call site: 04240 | /src/openssl111/crypto/bn/bn_exp.c:180 |
| 7290 | 7290 |
2 :
['RAND_DRBG_get0_private', 'RAND_DRBG_bytes'] |
7290 | 7290 | RAND_priv_bytes | call site: 00000 | /src/openssl111/crypto/rand/rand_lib.c:930 |
| 4529 | 4529 |
1 :
['TS_TST_INFO_print_bio'] |
4529 | 4529 | TS_RESP_print_bio | call site: 03208 | /src/openssl111/crypto/ts/ts_rsp_print.c:34 |
| 3959 | 7524 |
2 :
['rsa_mgf1_decode', 'RSA_PSS_PARAMS_free'] |
3959 | 7524 | rsa_pss_decode | call site: 00000 | /src/openssl111/crypto/rsa/rsa_ameth.c:441 |
| 3732 | 7206 |
2 :
['BIO_free', 'def_load_bio'] |
3732 | 7206 | def_load | call site: 00000 | /src/openssl111/crypto/conf/conf_def.c:166 |
| 3729 | 3729 |
1 :
['bn_mod_inverse_no_branch'] |
3729 | 3729 | int_bn_mod_inverse | call site: 03681 | /src/openssl111/crypto/bn/bn_gcd.c:213 |
| 3590 | 3590 |
2 :
['ecp_nistz256_point_add', 'ecp_nistz256_windowed_mul'] |
3590 | 13976 | ecp_nistz256_points_mul | call site: 00000 | /src/openssl111/crypto/ec/ecp_nistz256.c:1142 |
| 3565 | 7020 |
2 :
['ERR_put_error', 'ECPARAMETERS_free'] |
3565 | 7020 | EC_GROUP_get_ecparameters | call site: 00000 | /src/openssl111/crypto/ec/ec_asn1.c:517 |
| 3565 | 3565 |
1 :
['ECPARAMETERS_free'] |
3565 | 18035 | EC_GROUP_get_ecpkparameters | call site: 00000 | /src/openssl111/crypto/ec/ec_asn1.c:538 |
| 3508 | 3508 |
1 :
['unsup_alg'] |
3508 | 3508 | EVP_PKEY_print_private | call site: 03397 | /src/openssl111/crypto/evp/p_lib.c:654 |
| 3508 | 3508 |
1 :
['unsup_alg'] |
3508 | 3508 | EVP_PKEY_print_params | call site: 03425 | /src/openssl111/crypto/evp/p_lib.c:663 |
| 3480 | 6938 |
5 :
['BIO_s_file', 'BIO_clear_flags', 'BIO_new', 'fclose', 'BIO_ctrl'] |
3480 | 6938 | BIO_new_file | call site: 01695 | /src/openssl111/crypto/bio/bss_file.c:68 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl111/fuzz/driver.c | 1 |
| openssl111/fuzz/asn1.c | 1 |
| openssl111/crypto/asn1/tasn_dec.c | 13 |
| openssl111/crypto/err/err.c | 31 |
| openssl111/crypto/init.c | 46 |
| openssl111/crypto/mem.c | 7 |
| openssl111/crypto/threads_pthread.c | 13 |
| openssl111/crypto/async/async.c | 10 |
| openssl111/crypto/async/async_local.h | 2 |
| openssl111/crypto/stack/stack.c | 12 |
| openssl111/crypto/async/arch/async_posix.c | 2 |
| openssl111/crypto/rand/drbg_lib.c | 4 |
| openssl111/crypto/rand/rand_lib.c | 7 |
| openssl111/crypto/mem_sec.c | 18 |
| openssl111/crypto/cryptlib.c | 6 |
| openssl111/crypto/ex_data.c | 10 |
| openssl111/crypto/comp/c_zlib.c | 2 |
| openssl111/crypto/rand/rand_unix.c | 4 |
| openssl111/crypto/engine/eng_init.c | 4 |
| openssl111/crypto/engine/eng_lib.c | 23 |
| openssl111/include/internal/refcount.h | 2 |
| openssl111/crypto/engine/tb_pkmeth.c | 4 |
| openssl111/crypto/evp/pmeth_lib.c | 4 |
| openssl111/crypto/engine/tb_asnmth.c | 9 |
| openssl111/crypto/asn1/ameth_lib.c | 9 |
| openssl111/crypto/engine/eng_list.c | 10 |
| openssl111/include/internal/cryptlib.h | 7 |
| openssl111/include/openssl/crypto.h | 6 |
| openssl111/crypto/conf/conf_mod.c | 15 |
| openssl111/include/openssl/conf.h | 18 |
| openssl111/crypto/dso/dso_lib.c | 8 |
| openssl111/crypto/engine/eng_local.h | 14 |
| openssl111/crypto/store/store_init.c | 1 |
| openssl111/crypto/store/store_register.c | 1 |
| openssl111/crypto/store/store_local.h | 2 |
| openssl111/crypto/lhash/lhash.c | 11 |
| openssl111/crypto/bio/bio_lib.c | 13 |
| openssl111/crypto/bio/b_sock.c | 1 |
| openssl111/crypto/evp/names.c | 5 |
| openssl111/crypto/objects/o_names.c | 10 |
| openssl111/crypto/objects/obj_local.h | 18 |
| openssl111/crypto/mem_dbg.c | 1 |
| openssl111/crypto/ctype.c | 3 |
| openssl111/crypto/evp/evp_pbe.c | 6 |
| openssl111/crypto/evp/evp_local.h | 3 |
| openssl111/crypto/objects/obj_xref.c | 2 |
| openssl111/crypto/objects/obj_xref.h | 2 |
| openssl111/include/crypto/evp.h | 1 |
| openssl111/crypto/objects/obj_dat.c | 23 |
| openssl111/crypto/asn1/a_object.c | 7 |
| openssl111/include/openssl/err.h | 5 |
| openssl111/crypto/err/err_all.c | 1 |
| openssl111/crypto/evp/c_allc.c | 1 |
| openssl111/crypto/evp/e_des.c | 6 |
| openssl111/crypto/evp/e_des3.c | 11 |
| openssl111/crypto/evp/e_xcbc_d.c | 1 |
| openssl111/crypto/evp/e_rc4.c | 2 |
| openssl111/crypto/evp/e_rc4_hmac_md5.c | 1 |
| openssl111/crypto/evp/e_idea.c | 4 |
| openssl111/crypto/evp/e_seed.c | 4 |
| openssl111/crypto/evp/e_sm4.c | 5 |
| openssl111/crypto/evp/e_rc2.c | 6 |
| openssl111/crypto/evp/e_bf.c | 4 |
| openssl111/crypto/evp/e_cast.c | 4 |
| openssl111/crypto/evp/e_rc5.c | 4 |
| openssl111/crypto/evp/e_aes.c | 38 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c | 2 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c | 2 |
| openssl111/crypto/evp/e_aria.c | 27 |
| openssl111/crypto/evp/e_camellia.c | 21 |
| openssl111/crypto/evp/e_chacha20_poly1305.c | 2 |
| openssl111/crypto/evp/c_alld.c | 1 |
| openssl111/crypto/evp/m_md4.c | 1 |
| openssl111/crypto/evp/m_md5.c | 1 |
| openssl111/crypto/evp/m_md5_sha1.c | 1 |
| openssl111/crypto/evp/m_sha1.c | 7 |
| openssl111/crypto/evp/m_mdc2.c | 1 |
| openssl111/crypto/evp/m_ripemd.c | 1 |
| openssl111/crypto/evp/m_wp.c | 1 |
| openssl111/crypto/sm3/m_sm3.c | 1 |
| openssl111/crypto/blake2/m_blake2b.c | 1 |
| openssl111/crypto/blake2/m_blake2s.c | 1 |
| openssl111/crypto/evp/m_sha3.c | 6 |
| openssl111/crypto/conf/conf_sap.c | 2 |
| openssl111/crypto/conf/conf_mall.c | 1 |
| openssl111/crypto/asn1/asn_moid.c | 3 |
| openssl111/crypto/o_str.c | 8 |
| openssl111/crypto/conf/conf_lib.c | 8 |
| openssl111/crypto/conf/conf_api.c | 3 |
| openssl111/crypto/bn/bn_lib.c | 35 |
| openssl111/crypto/bn/bn_local.h | 1 |
| openssl111/crypto/bn/bn_word.c | 4 |
| openssl111/crypto/bn/asm/x86_64-gcc.c | 10 |
| openssl111/include/internal/constant_time.h | 6 |
| openssl111/crypto/bn/bn_shift.c | 6 |
| openssl111/crypto/asn1/asn1_lib.c | 12 |
| openssl111/crypto/objects/obj_lib.c | 1 |
| openssl111/crypto/asn1/asn_mstbl.c | 3 |
| openssl111/crypto/x509v3/v3_utl.c | 9 |
| openssl111/crypto/asn1/asn1_gen.c | 3 |
| openssl111/crypto/engine/eng_openssl.c | 20 |
| openssl111/crypto/engine/eng_rdrand.c | 4 |
| openssl111/crypto/engine/tb_rand.c | 6 |
| openssl111/crypto/engine/eng_dyn.c | 12 |
| openssl111/include/openssl/safestack.h | 6 |
| openssl111/crypto/dso/dso_dlfcn.c | 1 |
| openssl111/engines/e_padlock.c | 1 |
| openssl111/engines/e_afalg.c | 28 |
| openssl111/engines/e_afalg_err.c | 3 |
| openssl111/crypto/evp/cmeth_lib.c | 8 |
| openssl111/crypto/evp/evp_lib.c | 29 |
| openssl111/crypto/evp/evp_enc.c | 14 |
| openssl111/crypto/engine/eng_fat.c | 5 |
| openssl111/crypto/engine/tb_cipher.c | 7 |
| openssl111/crypto/engine/eng_table.c | 8 |
| openssl111/crypto/engine/tb_digest.c | 5 |
| openssl111/crypto/engine/tb_rsa.c | 4 |
| openssl111/crypto/engine/tb_dsa.c | 4 |
| openssl111/crypto/engine/tb_dh.c | 6 |
| openssl111/crypto/engine/tb_eckey.c | 5 |
| openssl111/crypto/async/async_wait.c | 3 |
| openssl111/crypto/async/arch/async_posix.h | 1 |
| openssl111/crypto/rsa/rsa_ossl.c | 1 |
| openssl111/crypto/dsa/dsa_ossl.c | 1 |
| openssl111/crypto/ec/ec_kmeth.c | 3 |
| openssl111/crypto/dh/dh_key.c | 1 |
| openssl111/crypto/sha/sha_local.h | 1 |
| openssl111/include/crypto/md32_common.h | 2 |
| openssl111/crypto/engine/eng_pkey.c | 1 |
| openssl111/crypto/bio/bss_file.c | 2 |
| openssl111/crypto/o_fopen.c | 1 |
| openssl111/crypto/pem/pem_pkey.c | 1 |
| openssl111/crypto/pem/pem_lib.c | 14 |
| openssl111/crypto/bio/bss_mem.c | 1 |
| openssl111/crypto/evp/encode.c | 7 |
| openssl111/include/crypto/asn1.h | 3 |
| openssl111/crypto/evp/evp_key.c | 3 |
| openssl111/crypto/ui/ui_lib.c | 11 |
| openssl111/crypto/ui/ui_openssl.c | 1 |
| openssl111/crypto/ui/ui_null.c | 1 |
| openssl111/include/openssl/ui.h | 5 |
| openssl111/crypto/err/err_prn.c | 1 |
| openssl111/crypto/bio/b_print.c | 11 |
| openssl111/crypto/evp/digest.c | 7 |
| openssl111/crypto/evp/p_lib.c | 12 |
| openssl111/include/openssl/x509.h | 6 |
| openssl111/crypto/x509/x_attrib.c | 1 |
| openssl111/crypto/asn1/tasn_fre.c | 5 |
| openssl111/include/openssl/asn1t.h | 7 |
| openssl111/crypto/asn1/tasn_utl.c | 10 |
| openssl111/crypto/asn1/a_int.c | 12 |
| openssl111/crypto/asn1/p8_pkey.c | 5 |
| openssl111/crypto/evp/evp_pkey.c | 2 |
| openssl111/crypto/bn/bn_print.c | 2 |
| openssl111/crypto/asn1/x_sig.c | 3 |
| openssl111/crypto/pkcs12/p12_p8d.c | 1 |
| openssl111/crypto/pkcs12/p12_decr.c | 2 |
| openssl111/crypto/asn1/d2i_pr.c | 3 |
| openssl111/crypto/asn1/a_strnid.c | 6 |
| openssl111/include/openssl/asn1.h | 8 |
| openssl111/crypto/engine/eng_cnf.c | 5 |
| openssl111/crypto/engine/eng_ctrl.c | 6 |
| openssl111/crypto/getenv.c | 1 |
| openssl111/crypto/evp/evp_cnf.c | 2 |
| openssl111/crypto/conf/conf_ssl.c | 3 |
| openssl111/crypto/engine/eng_all.c | 1 |
| openssl111/crypto/conf/conf_def.c | 1 |
| openssl111/crypto/x509/x509_def.c | 1 |
| openssl111/crypto/bn/bn_err.c | 1 |
| openssl111/crypto/rsa/rsa_err.c | 1 |
| openssl111/crypto/dh/dh_err.c | 1 |
| openssl111/crypto/evp/evp_err.c | 1 |
| openssl111/crypto/buffer/buf_err.c | 1 |
| openssl111/crypto/objects/obj_err.c | 1 |
| openssl111/crypto/pem/pem_err.c | 1 |
| openssl111/crypto/dsa/dsa_err.c | 1 |
| openssl111/crypto/x509/x509_err.c | 1 |
| openssl111/crypto/asn1/asn1_err.c | 1 |
| openssl111/crypto/conf/conf_err.c | 1 |
| openssl111/crypto/cpt_err.c | 1 |
| openssl111/crypto/comp/comp_err.c | 1 |
| openssl111/crypto/ec/ec_err.c | 1 |
| openssl111/crypto/bio/bio_err.c | 1 |
| openssl111/crypto/pkcs7/pkcs7err.c | 1 |
| openssl111/crypto/x509v3/v3err.c | 1 |
| openssl111/crypto/pkcs12/pk12err.c | 1 |
| openssl111/crypto/rand/rand_err.c | 1 |
| openssl111/crypto/dso/dso_err.c | 1 |
| openssl111/crypto/ts/ts_err.c | 1 |
| openssl111/crypto/engine/eng_err.c | 1 |
| openssl111/crypto/ocsp/ocsp_err.c | 1 |
| openssl111/crypto/ui/ui_err.c | 1 |
| openssl111/crypto/cms/cms_err.c | 1 |
| openssl111/crypto/ct/ct_err.c | 1 |
| openssl111/crypto/async/async_err.c | 1 |
| openssl111/crypto/kdf/kdf_err.c | 1 |
| openssl111/crypto/store/store_err.c | 1 |
| openssl111/crypto/buffer/buffer.c | 5 |
| openssl111/crypto/asn1/tasn_typ.c | 13 |
| openssl111/crypto/asn1/tasn_new.c | 8 |
| openssl111/crypto/asn1/a_type.c | 1 |
| openssl111/crypto/asn1/a_bitstr.c | 3 |
| openssl111/crypto/bio/bss_null.c | 1 |
| openssl111/crypto/asn1/tasn_prn.c | 9 |
| openssl111/crypto/asn1/asn1_par.c | 4 |
| openssl111/crypto/asn1/a_utctm.c | 1 |
| openssl111/crypto/asn1/a_time.c | 4 |
| openssl111/crypto/o_time.c | 4 |
| openssl111/crypto/asn1/a_gentm.c | 1 |
| openssl111/crypto/bio/b_dump.c | 4 |
| openssl111/crypto/asn1/a_strex.c | 6 |
| openssl111/crypto/asn1/tasn_enc.c | 8 |
| openssl111/crypto/asn1/a_utf8.c | 2 |
| openssl111/crypto/ts/ts_asn1.c | 9 |
| openssl111/crypto/ts/ts_req_print.c | 1 |
| openssl111/crypto/ts/ts_req_utils.c | 2 |
| openssl111/crypto/ts/ts_lib.c | 5 |
| openssl111/crypto/x509/x509_v3.c | 5 |
| openssl111/crypto/x509v3/v3_prn.c | 3 |
| openssl111/crypto/x509v3/v3_lib.c | 4 |
| openssl111/include/openssl/x509v3.h | 2 |
| openssl111/crypto/asn1/a_print.c | 1 |
| openssl111/crypto/ts/ts_rsp_print.c | 5 |
| openssl111/crypto/x509v3/v3_alt.c | 1 |
| openssl111/crypto/x509/x509_obj.c | 1 |
| openssl111/crypto/dh/dh_asn1.c | 3 |
| openssl111/crypto/dh/dh_ameth.c | 2 |
| openssl111/crypto/asn1/t_pkey.c | 2 |
| openssl111/crypto/bn/bn_intern.c | 1 |
| openssl111/crypto/dh/dh_lib.c | 3 |
| openssl111/crypto/dsa/dsa_asn1.c | 4 |
| openssl111/crypto/dsa/dsa_prn.c | 2 |
| openssl111/crypto/dsa/dsa_lib.c | 2 |
| openssl111/crypto/rsa/rsa_asn1.c | 2 |
| openssl111/crypto/rsa/rsa_prn.c | 1 |
| openssl111/crypto/rsa/rsa_lib.c | 2 |
| openssl111/crypto/rsa/rsa_local.h | 1 |
| openssl111/crypto/rsa/rsa_mp.c | 2 |
| openssl111/crypto/bn/bn_blind.c | 1 |
| openssl111/crypto/ec/ec_asn1.c | 11 |
| openssl111/crypto/ec/ec_curve.c | 4 |
| openssl111/crypto/ec/ec_lib.c | 37 |
| openssl111/crypto/bn/bn_ctx.c | 13 |
| openssl111/crypto/ec/ec_cvt.c | 2 |
| openssl111/crypto/ec/ecp_mont.c | 1 |
| openssl111/crypto/ec/ecp_nistz256.c | 2 |
| openssl111/crypto/ec/ecp_nistp224.c | 2 |
| openssl111/crypto/ec/ecp_nistp256.c | 2 |
| openssl111/crypto/ec/ecp_nistp521.c | 2 |
| openssl111/crypto/ec/ec_mult.c | 2 |
| openssl111/crypto/bn/bn_mont.c | 10 |
| openssl111/crypto/ec/ec2_smpl.c | 1 |
| openssl111/crypto/ec/ec_local.h | 1 |
| openssl111/crypto/bn/bn_add.c | 4 |
| openssl111/crypto/bn/bn_div.c | 3 |
| openssl111/crypto/bn/bn_gcd.c | 3 |
| openssl111/crypto/bn/bn_mod.c | 7 |
| openssl111/crypto/bn/bn_mul.c | 6 |
| openssl111/crypto/ec/ec_oct.c | 4 |
| openssl111/crypto/ec/ecp_oct.c | 3 |
| openssl111/crypto/bn/bn_sqr.c | 4 |
| openssl111/crypto/bn/bn_sqrt.c | 1 |
| openssl111/crypto/bn/bn_exp.c | 8 |
| openssl111/crypto/bn/rsaz_exp.c | 2 |
| openssl111/crypto/bn/rsaz_exp.h | 2 |
| openssl111/crypto/bn/bn_recp.c | 6 |
| openssl111/crypto/bn/bn_rand.c | 2 |
| openssl111/crypto/bn/bn_kron.c | 1 |
| openssl111/crypto/ec/ec2_oct.c | 3 |
| openssl111/crypto/bn/bn_gf2m.c | 7 |
| openssl111/crypto/ec/eck_prn.c | 2 |
| openssl111/crypto/ec/ec_print.c | 1 |
| openssl111/crypto/ec/ec_key.c | 10 |
| openssl111/crypto/ec/ec_ameth.c | 3 |
| openssl111/crypto/asn1/i2d_pr.c | 1 |
| openssl111/ssl/ssl_asn1.c | 4 |
| openssl111/ssl/ssl_sess.c | 2 |
| openssl111/ssl/ssl_init.c | 8 |
| openssl111/ssl/ssl_ciph.c | 11 |
| openssl111/include/openssl/ssl.h | 6 |
| openssl111/crypto/comp/comp_lib.c | 2 |
| openssl111/ssl/s3_lib.c | 3 |
| openssl111/ssl/ssl_err.c | 1 |
| openssl111/ssl/ssl_lib.c | 3 |
| openssl111/crypto/x509/x_x509.c | 1 |
| openssl111/ssl/ssl_txt.c | 1 |
| openssl111/crypto/evp/e_null.c | 1 |
| openssl111/crypto/x509/x509_txt.c | 1 |
Fuzzer: server_111
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 2158 | 51.4% |
| gold | [1:9] | 779 | 18.5% |
| yellow | [10:29] | 46 | 1.09% |
| greenyellow | [30:49] | 15 | 0.35% |
| lawngreen | 50+ | 1198 | 28.5% |
| All colors | 4196 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 26168 | 29743 |
8 :
['d2i_X509_SIG', 'X509_SIG_free', 'PKCS8_decrypt', 'PEM_def_callback', 'EVP_PKEY_free', 'PKCS8_PRIV_KEY_INFO_free', 'EVP_PKCS82PKEY', 'OPENSSL_cleanse'] |
26168 | 36813 | PEM_read_bio_PrivateKey | call site: 02446 | /src/openssl111/crypto/pem/pem_pkey.c:51 |
| 19882 | 19892 |
6 :
['verify_cb_cert', 'internal_verify', 'check_name_constraints', 'X509v3_asid_validate_path', 'X509v3_addr_validate_path', 'X509_chain_check_suiteb'] |
19882 | 19892 | verify_chain | call site: 00000 | /src/openssl111/crypto/x509/x509_vfy.c:222 |
| 14188 | 24886 |
11 :
['ssl_security', 'DH_free', 'EVP_PKEY_security_bits', 'DH_get0_pqg', 'EVP_PKEY_new', 'ssl_dh_to_pkey', 'EVP_PKEY_assign', 'DH_get0_key', 'ssl_generate_pkey', 'ssl_get_auto_dh', 'EVP_PKEY_get0_DH'] |
14190 | 168837 | tls_construct_server_key_exchange | call site: 00000 | /src/openssl111/ssl/statem/statem_srvr.c:2527 |
| 13447 | 68493 |
14 :
['X509_free', 'X509_up_ref', 'find_issuer', 'ERR_put_error', 'sk_X509_value.19362', 'sk_X509_delete_ptr', 'check_dane_issuer', 'sk_X509_push.19373', 'sk_X509_pop.19382', 'X509_cmp', 'ossl_assert_int.19380', 'sk_X509_set', 'get_issuer', 'cert_self_signed'] |
17543 | 82253 | build_chain | call site: 00000 | /src/openssl111/crypto/x509/x509_vfy.c:3203 |
| 11134 | 14738 |
4 :
['SSL_CTX_remove_session', 'ssl_update_cache', 'ssl3_cleanup_key_block', 'dtls1_clear_received_buffer'] |
11134 | 14742 | tls_finish_handshake | call site: 00000 | /src/openssl111/ssl/statem/statem_lib.c:1073 |
| 10501 | 13975 |
3 :
['ASN1_INTEGER_get', 'PROXY_CERT_INFO_EXTENSION_free', 'X509_get_ext_by_NID'] |
10501 | 72601 | x509v3_cache_extensions | call site: 03606 | /src/openssl111/crypto/x509v3/v3_purp.c:425 |
| 7528 | 14935 |
9 :
['X509_up_ref', 'X509_OBJECT_idx_by_subject', 'X509_STORE_lock', 'X509_get_subject_name', 'X509_NAME_cmp', 'x509_check_cert_time', 'sk_X509_OBJECT_value', 'sk_X509_OBJECT_num', 'X509_STORE_unlock'] |
7528 | 22077 | X509_STORE_CTX_get1_issuer | call site: 00000 | /src/openssl111/crypto/x509/x509_lu.c:689 |
| 7372 | 85955 |
13 :
['BN_is_zero', 'BN_copy', 'BN_mod_lshift1_quick', 'BN_mod_mul', 'BN_rshift1', 'BN_priv_rand', 'BN_is_one', 'BN_num_bits', 'BN_nnmod', 'BN_sub_word', 'BN_ucmp', 'BN_set_word', 'BN_kronecker'] |
7372 | 141079 | BN_mod_sqrt | call site: 00000 | /src/openssl111/crypto/bn/bn_sqrt.c:85 |
| 7366 | 7368 |
5 :
['sk_X509_NAME_num.1901', 'EVP_PKEY_id', 'sk_X509_num.1896', 'sk_X509_value.1895', 'ssl_check_ca_name'] |
7366 | 7372 | tls1_check_chain | call site: 00000 | /src/openssl111/ssl/t1_lib.c:2340 |
| 7290 | 7290 |
2 :
['RAND_DRBG_get0_private', 'RAND_DRBG_bytes'] |
7290 | 7290 | RAND_priv_bytes | call site: 03165 | /src/openssl111/crypto/rand/rand_lib.c:930 |
| 7268 | 28127 |
10 :
['EVP_DecryptInit_ex', 'EVP_BytesToKey', 'PEM_def_callback', 'ERR_put_error', 'EVP_md5', 'EVP_CIPHER_CTX_free', 'EVP_CIPHER_CTX_new', 'EVP_DecryptUpdate', 'OPENSSL_cleanse', 'EVP_DecryptFinal_ex'] |
7268 | 28127 | PEM_do_header | call site: 01899 | /src/openssl111/crypto/pem/pem_lib.c:427 |
| 6963 | 6963 |
2 :
['tls1_set_sigalgs_list', 'tls1_set_groups_list'] |
6963 | 6963 | SSL_CTX_ctrl | call site: 03494 | /src/openssl111/ssl/ssl_lib.c:2313 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl111/fuzz/driver.c | 1 |
| openssl111/fuzz/server.c | 2 |
| openssl111/ssl/methods.c | 1 |
| openssl111/ssl/ssl_lib.c | 36 |
| openssl111/crypto/err/err.c | 30 |
| openssl111/crypto/init.c | 46 |
| openssl111/crypto/mem.c | 7 |
| openssl111/crypto/threads_pthread.c | 14 |
| openssl111/crypto/async/async.c | 17 |
| openssl111/crypto/async/async_local.h | 4 |
| openssl111/crypto/stack/stack.c | 12 |
| openssl111/crypto/async/arch/async_posix.c | 3 |
| openssl111/crypto/rand/drbg_lib.c | 20 |
| openssl111/crypto/rand/rand_lib.c | 17 |
| openssl111/crypto/mem_sec.c | 18 |
| openssl111/crypto/cryptlib.c | 6 |
| openssl111/crypto/ex_data.c | 10 |
| openssl111/crypto/comp/c_zlib.c | 2 |
| openssl111/crypto/rand/rand_unix.c | 6 |
| openssl111/crypto/engine/eng_init.c | 4 |
| openssl111/crypto/engine/eng_lib.c | 23 |
| openssl111/include/internal/refcount.h | 2 |
| openssl111/crypto/engine/tb_pkmeth.c | 4 |
| openssl111/crypto/evp/pmeth_lib.c | 4 |
| openssl111/crypto/engine/tb_asnmth.c | 9 |
| openssl111/crypto/asn1/ameth_lib.c | 9 |
| openssl111/crypto/engine/eng_list.c | 10 |
| openssl111/include/internal/cryptlib.h | 7 |
| openssl111/include/openssl/crypto.h | 6 |
| openssl111/crypto/conf/conf_mod.c | 15 |
| openssl111/include/openssl/conf.h | 18 |
| openssl111/crypto/dso/dso_lib.c | 8 |
| openssl111/crypto/engine/eng_local.h | 14 |
| openssl111/crypto/store/store_init.c | 1 |
| openssl111/crypto/store/store_register.c | 1 |
| openssl111/crypto/store/store_local.h | 2 |
| openssl111/crypto/lhash/lhash.c | 11 |
| openssl111/crypto/bio/bio_lib.c | 18 |
| openssl111/crypto/bio/b_sock.c | 1 |
| openssl111/crypto/evp/names.c | 5 |
| openssl111/crypto/objects/o_names.c | 10 |
| openssl111/crypto/objects/obj_local.h | 18 |
| openssl111/crypto/mem_dbg.c | 1 |
| openssl111/crypto/ctype.c | 2 |
| openssl111/crypto/evp/evp_pbe.c | 6 |
| openssl111/crypto/evp/evp_local.h | 3 |
| openssl111/crypto/objects/obj_xref.c | 5 |
| openssl111/crypto/objects/obj_xref.h | 4 |
| openssl111/include/crypto/evp.h | 1 |
| openssl111/crypto/objects/obj_dat.c | 22 |
| openssl111/crypto/asn1/a_object.c | 6 |
| openssl111/include/openssl/err.h | 5 |
| openssl111/crypto/err/err_all.c | 1 |
| openssl111/crypto/evp/c_allc.c | 1 |
| openssl111/crypto/evp/e_des.c | 6 |
| openssl111/crypto/evp/e_des3.c | 11 |
| openssl111/crypto/evp/e_xcbc_d.c | 1 |
| openssl111/crypto/evp/e_rc4.c | 2 |
| openssl111/crypto/evp/e_rc4_hmac_md5.c | 1 |
| openssl111/crypto/evp/e_idea.c | 4 |
| openssl111/crypto/evp/e_seed.c | 4 |
| openssl111/crypto/evp/e_sm4.c | 5 |
| openssl111/crypto/evp/e_rc2.c | 6 |
| openssl111/crypto/evp/e_bf.c | 4 |
| openssl111/crypto/evp/e_cast.c | 4 |
| openssl111/crypto/evp/e_rc5.c | 4 |
| openssl111/crypto/evp/e_aes.c | 38 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha1.c | 2 |
| openssl111/crypto/evp/e_aes_cbc_hmac_sha256.c | 2 |
| openssl111/crypto/evp/e_aria.c | 27 |
| openssl111/crypto/evp/e_camellia.c | 21 |
| openssl111/crypto/evp/e_chacha20_poly1305.c | 2 |
| openssl111/crypto/evp/c_alld.c | 1 |
| openssl111/crypto/evp/m_md4.c | 1 |
| openssl111/crypto/evp/m_md5.c | 1 |
| openssl111/crypto/evp/m_md5_sha1.c | 1 |
| openssl111/crypto/evp/m_sha1.c | 7 |
| openssl111/crypto/evp/m_mdc2.c | 1 |
| openssl111/crypto/evp/m_ripemd.c | 1 |
| openssl111/crypto/evp/m_wp.c | 1 |
| openssl111/crypto/sm3/m_sm3.c | 1 |
| openssl111/crypto/blake2/m_blake2b.c | 1 |
| openssl111/crypto/blake2/m_blake2s.c | 1 |
| openssl111/crypto/evp/m_sha3.c | 6 |
| openssl111/crypto/conf/conf_sap.c | 2 |
| openssl111/crypto/conf/conf_mall.c | 1 |
| openssl111/crypto/asn1/asn_moid.c | 3 |
| openssl111/crypto/o_str.c | 8 |
| openssl111/crypto/conf/conf_lib.c | 8 |
| openssl111/crypto/conf/conf_api.c | 3 |
| openssl111/crypto/bn/bn_lib.c | 18 |
| openssl111/crypto/bn/bn_local.h | 1 |
| openssl111/crypto/bn/bn_word.c | 4 |
| openssl111/crypto/bn/asm/x86_64-gcc.c | 2 |
| openssl111/include/internal/constant_time.h | 4 |
| openssl111/crypto/bn/bn_shift.c | 2 |
| openssl111/crypto/asn1/asn1_lib.c | 13 |
| openssl111/crypto/objects/obj_lib.c | 1 |
| openssl111/crypto/asn1/asn_mstbl.c | 3 |
| openssl111/crypto/x509v3/v3_utl.c | 6 |
| openssl111/crypto/asn1/asn1_gen.c | 3 |
| openssl111/crypto/asn1/tasn_dec.c | 13 |
| openssl111/crypto/engine/eng_openssl.c | 20 |
| openssl111/crypto/engine/eng_rdrand.c | 4 |
| openssl111/crypto/engine/tb_rand.c | 6 |
| openssl111/crypto/engine/eng_dyn.c | 12 |
| openssl111/include/openssl/safestack.h | 7 |
| openssl111/crypto/dso/dso_dlfcn.c | 1 |
| openssl111/engines/e_padlock.c | 1 |
| openssl111/engines/e_afalg.c | 28 |
| openssl111/engines/e_afalg_err.c | 3 |
| openssl111/crypto/evp/cmeth_lib.c | 8 |
| openssl111/crypto/evp/evp_lib.c | 29 |
| openssl111/crypto/evp/evp_enc.c | 14 |
| openssl111/crypto/engine/eng_fat.c | 5 |
| openssl111/crypto/engine/tb_cipher.c | 7 |
| openssl111/crypto/engine/eng_table.c | 8 |
| openssl111/crypto/engine/tb_digest.c | 5 |
| openssl111/crypto/engine/tb_rsa.c | 4 |
| openssl111/crypto/engine/tb_dsa.c | 4 |
| openssl111/crypto/engine/tb_dh.c | 4 |
| openssl111/crypto/engine/tb_eckey.c | 4 |
| openssl111/crypto/async/async_wait.c | 5 |
| openssl111/crypto/async/arch/async_posix.h | 1 |
| openssl111/crypto/rsa/rsa_ossl.c | 1 |
| openssl111/crypto/dsa/dsa_ossl.c | 1 |
| openssl111/crypto/ec/ec_kmeth.c | 1 |
| openssl111/crypto/dh/dh_key.c | 1 |
| openssl111/crypto/sha/sha_local.h | 1 |
| openssl111/include/crypto/md32_common.h | 2 |
| openssl111/crypto/engine/eng_pkey.c | 1 |
| openssl111/crypto/bio/bss_file.c | 3 |
| openssl111/crypto/o_fopen.c | 1 |
| openssl111/crypto/pem/pem_pkey.c | 1 |
| openssl111/crypto/pem/pem_lib.c | 15 |
| openssl111/crypto/bio/bss_mem.c | 2 |
| openssl111/crypto/evp/encode.c | 7 |
| openssl111/include/crypto/asn1.h | 3 |
| openssl111/crypto/evp/evp_key.c | 3 |
| openssl111/crypto/ui/ui_lib.c | 11 |
| openssl111/crypto/ui/ui_openssl.c | 1 |
| openssl111/crypto/ui/ui_null.c | 1 |
| openssl111/include/openssl/ui.h | 5 |
| openssl111/crypto/err/err_prn.c | 2 |
| openssl111/crypto/bio/b_print.c | 9 |
| openssl111/crypto/evp/digest.c | 8 |
| openssl111/crypto/evp/p_lib.c | 19 |
| openssl111/include/openssl/x509.h | 14 |
| openssl111/crypto/x509/x_attrib.c | 1 |
| openssl111/crypto/asn1/tasn_fre.c | 5 |
| openssl111/include/openssl/asn1t.h | 7 |
| openssl111/crypto/asn1/tasn_utl.c | 10 |
| openssl111/crypto/asn1/a_int.c | 11 |
| openssl111/crypto/asn1/p8_pkey.c | 3 |
| openssl111/crypto/buffer/buffer.c | 4 |
| openssl111/crypto/asn1/tasn_typ.c | 7 |
| openssl111/crypto/asn1/tasn_new.c | 8 |
| openssl111/crypto/asn1/a_type.c | 1 |
| openssl111/crypto/asn1/a_bitstr.c | 2 |
| openssl111/crypto/evp/evp_pkey.c | 1 |
| openssl111/crypto/bn/bn_print.c | 1 |
| openssl111/crypto/asn1/x_sig.c | 3 |
| openssl111/crypto/pkcs12/p12_p8d.c | 1 |
| openssl111/crypto/pkcs12/p12_decr.c | 2 |
| openssl111/crypto/asn1/d2i_pr.c | 3 |
| openssl111/crypto/asn1/a_strnid.c | 6 |
| openssl111/include/openssl/asn1.h | 11 |
| openssl111/crypto/engine/eng_cnf.c | 5 |
| openssl111/crypto/engine/eng_ctrl.c | 6 |
| openssl111/crypto/getenv.c | 1 |
| openssl111/crypto/evp/evp_cnf.c | 2 |
| openssl111/crypto/conf/conf_ssl.c | 6 |
| openssl111/crypto/engine/eng_all.c | 1 |
| openssl111/crypto/conf/conf_def.c | 1 |
| openssl111/crypto/x509/x509_def.c | 1 |
| openssl111/crypto/bn/bn_err.c | 1 |
| openssl111/crypto/rsa/rsa_err.c | 1 |
| openssl111/crypto/dh/dh_err.c | 1 |
| openssl111/crypto/evp/evp_err.c | 1 |
| openssl111/crypto/buffer/buf_err.c | 1 |
| openssl111/crypto/objects/obj_err.c | 1 |
| openssl111/crypto/pem/pem_err.c | 1 |
| openssl111/crypto/dsa/dsa_err.c | 1 |
| openssl111/crypto/x509/x509_err.c | 1 |
| openssl111/crypto/asn1/asn1_err.c | 1 |
| openssl111/crypto/conf/conf_err.c | 1 |
| openssl111/crypto/cpt_err.c | 1 |
| openssl111/crypto/comp/comp_err.c | 1 |
| openssl111/crypto/ec/ec_err.c | 1 |
| openssl111/crypto/bio/bio_err.c | 1 |
| openssl111/crypto/pkcs7/pkcs7err.c | 1 |
| openssl111/crypto/x509v3/v3err.c | 1 |
| openssl111/crypto/pkcs12/pk12err.c | 1 |
| openssl111/crypto/rand/rand_err.c | 1 |
| openssl111/crypto/dso/dso_err.c | 1 |
| openssl111/crypto/ts/ts_err.c | 1 |
| openssl111/crypto/engine/eng_err.c | 1 |
| openssl111/crypto/ocsp/ocsp_err.c | 1 |
| openssl111/crypto/ui/ui_err.c | 1 |
| openssl111/crypto/cms/cms_err.c | 1 |
| openssl111/crypto/ct/ct_err.c | 1 |
| openssl111/crypto/async/async_err.c | 1 |
| openssl111/crypto/kdf/kdf_err.c | 1 |
| openssl111/crypto/store/store_err.c | 1 |
| openssl111/ssl/ssl_init.c | 8 |
| openssl111/ssl/ssl_ciph.c | 23 |
| openssl111/include/openssl/ssl.h | 15 |
| openssl111/crypto/comp/comp_lib.c | 3 |
| openssl111/ssl/s3_lib.c | 3 |
| openssl111/ssl/ssl_err.c | 1 |
| openssl111/ssl/ssl_cert.c | 16 |
| openssl111/ssl/ssl_local.h | 7 |
| openssl111/crypto/x509/x509_lu.c | 8 |
| openssl111/include/openssl/x509_vfy.h | 7 |
| openssl111/crypto/x509/x509_cmp.c | 9 |
| openssl111/crypto/x509/x_name.c | 5 |
| openssl111/crypto/asn1/tasn_enc.c | 8 |
| openssl111/crypto/x509/x509_vpm.c | 10 |
| openssl111/crypto/ct/ct_log.c | 3 |
| openssl111/include/openssl/ct.h | 3 |
| openssl111/crypto/rand/drbg_ctr.c | 1 |
| openssl111/ssl/tls_srp.c | 2 |
| openssl111/ssl/ssl_mcnf.c | 2 |
| openssl111/ssl/ssl_conf.c | 13 |
| openssl111/ssl/ssl_rsa.c | 7 |
| openssl111/crypto/x509/x_all.c | 2 |
| openssl111/crypto/asn1/a_d2i_fp.c | 2 |
| openssl111/crypto/x509/x_pubkey.c | 2 |
| openssl111/crypto/x509/x_x509.c | 2 |
| openssl111/ssl/ssl_sess.c | 7 |
| openssl111/crypto/x509/x_crl.c | 1 |
| openssl111/ssl/statem/extensions_cust.c | 4 |
| openssl111/ssl/t1_lib.c | 11 |
| openssl111/crypto/ec/ec_curve.c | 1 |
| openssl111/ssl/statem/statem_lib.c | 1 |
| openssl111/crypto/rsa/rsa_asn1.c | 1 |
| openssl111/crypto/x509v3/v3_purp.c | 12 |
| openssl111/crypto/asn1/a_digest.c | 1 |
| openssl111/crypto/x509/x509_set.c | 6 |
| openssl111/crypto/x509/x509_ext.c | 4 |
| openssl111/crypto/x509v3/v3_lib.c | 6 |
| openssl111/crypto/x509/x509_v3.c | 5 |
| openssl111/include/openssl/x509v3.h | 8 |
| openssl111/crypto/x509v3/v3_bcons.c | 1 |
| openssl111/crypto/x509v3/v3_pcia.c | 1 |
| openssl111/crypto/asn1/a_octet.c | 1 |
| openssl111/crypto/x509v3/v3_crld.c | 1 |
| openssl111/crypto/asn1/a_dup.c | 1 |
| openssl111/crypto/x509/x509name.c | 1 |
| openssl111/crypto/ec/ec_key.c | 3 |
| openssl111/crypto/pem/pem_all.c | 4 |
| openssl111/crypto/ec/ec_lib.c | 3 |
| openssl111/crypto/ec/ecp_nistz256.c | 1 |
| openssl111/crypto/ec/ecp_nistp224.c | 1 |
| openssl111/crypto/ec/ecp_nistp256.c | 1 |
| openssl111/crypto/ec/ecp_nistp521.c | 1 |
| openssl111/crypto/ec/ec_mult.c | 1 |
| openssl111/crypto/bn/bn_mont.c | 1 |
| openssl111/crypto/pem/pem_x509.c | 1 |
| openssl111/crypto/pem/pem_oth.c | 1 |
| openssl111/crypto/dsa/dsa_lib.c | 2 |
| openssl111/ssl/record/rec_layer_s3.c | 6 |
| openssl111/ssl/record/ssl3_record.c | 2 |
| openssl111/ssl/statem/statem.c | 5 |
| openssl111/ssl/record/ssl3_buffer.c | 3 |
| openssl111/ssl/record/rec_layer_d1.c | 1 |
| openssl111/ssl/pqueue.c | 2 |
| openssl111/include/internal/dane.h | 1 |
| openssl111/crypto/x509/x_exten.c | 1 |
| openssl111/include/openssl/ocsp.h | 1 |
| openssl111/crypto/ocsp/ocsp_asn.c | 1 |
| openssl111/crypto/ct/ct_sct.c | 2 |
Fuzzer: pem
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 4756 | 88.7% |
| gold | [1:9] | 392 | 7.31% |
| yellow | [10:29] | 33 | 0.61% |
| greenyellow | [30:49] | 8 | 0.14% |
| lawngreen | 50+ | 172 | 3.20% |
| All colors | 5361 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 5924 | 11854 |
5 :
['EVP_RAND_CTX_free', 'CRYPTO_DOWN_REF.9536', 'CRYPTO_FREE_REF.9537', 'EVP_RAND_free', 'CRYPTO_free'] |
5924 | 11854 | EVP_RAND_CTX_free | call site: 05156 | /src/openssl/crypto/evp/evp_rand.c:378 |
| 5924 | 5924 |
1 :
['ossl_rand_crng_ctx_free'] |
5924 | 5954 | context_deinit_objs | call site: 05200 | /src/openssl/crypto/context.c:310 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | bio_read_intern | call site: 02917 | /src/openssl111/crypto/bio/bio_lib.c:280 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | mem_write | call site: 00000 | /src/openssl111/crypto/bio/bss_mem.c:227 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | BUF_MEM_new | call site: 00000 | /src/openssl111/crypto/buffer/buffer.c:36 |
| 6 | 12 |
2 :
['CRYPTO_malloc', 'sk_EX_CALLBACK_value'] |
20 | 35 | ossl_crypto_new_ex_data_ex | call site: 00895 | /src/openssl/crypto/ex_data.c:239 |
| 6 | 12 |
3 :
['property_free', 'ossl_check_OPENSSL_CSTRING_sk_type.13567', 'OPENSSL_sk_pop'] |
6 | 17 | ossl_property_string | call site: 02310 | /src/openssl/crypto/property/property_string.c:181 |
| 6 | 6 |
1 :
['sk_EX_CALLBACK_value'] |
6 | 11 | ossl_crypto_free_ex_index_ex | call site: 00000 | /src/openssl/crypto/ex_data.c:127 |
| 0 | 17774 |
3 :
['ERR_set_error', 'ERR_new', 'ERR_set_debug'] |
0 | 17774 | do_init_module_list_lock | call site: 00482 | /src/openssl/crypto/conf/conf_mod.c:102 |
| 0 | 5926 |
1 :
['ossl_method_store_free'] |
0 | 5926 | ossl_method_store_new | call site: 00197 | /src/openssl/crypto/property/property.c:247 |
| 0 | 5926 |
1 :
['ossl_provider_store_free'] |
0 | 5926 | ossl_provider_store_new | call site: 05101 | /src/openssl/crypto/provider_core.c:311 |
| 0 | 44 |
1 :
['ossl_property_string_data_free'] |
0 | 44 | ossl_property_string_data_new | call site: 05114 | /src/openssl/crypto/property/property_string.c:111 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl/fuzz/driver.c | 1 |
| openssl/fuzz/pem.c | 1 |
| openssl/crypto/bio/bss_mem.c | 3 |
| openssl/crypto/bio/bio_lib.c | 16 |
| openssl/crypto/mem.c | 6 |
| openssl/crypto/err/err_blocks.c | 4 |
| openssl/crypto/err/err.c | 30 |
| openssl/crypto/init.c | 40 |
| openssl/crypto/err/err_local.h | 6 |
| openssl/crypto/threads_pthread.c | 14 |
| openssl/crypto/cpuid.c | 4 |
| openssl/crypto/ctype.c | 3 |
| openssl/crypto/initthread.c | 21 |
| openssl/crypto/stack/stack.c | 19 |
| openssl/crypto/err/err_save.c | 1 |
| openssl/crypto/comp/c_zlib.c | 1 |
| openssl/crypto/comp/c_brotli.c | 1 |
| openssl/crypto/comp/c_zstd.c | 1 |
| openssl/crypto/async/async.c | 6 |
| openssl/crypto/async/arch/async_posix.c | 2 |
| openssl/crypto/rand/rand_lib.c | 11 |
| openssl/providers/implementations/rands/seeding/rand_unix.c | 4 |
| openssl/crypto/engine/eng_init.c | 4 |
| openssl/crypto/cryptlib.c | 2 |
| openssl/crypto/engine/eng_lib.c | 21 |
| openssl/include/internal/refcount.h | 4 |
| openssl/crypto/engine/tb_pkmeth.c | 7 |
| openssl/crypto/evp/pmeth_lib.c | 31 |
| openssl/crypto/engine/tb_asnmth.c | 8 |
| openssl/crypto/asn1/ameth_lib.c | 9 |
| openssl/crypto/engine/eng_list.c | 10 |
| openssl/crypto/ex_data.c | 12 |
| openssl/crypto/context.c | 16 |
| openssl/crypto/property/property.c | 29 |
| openssl/crypto/sparse_array.c | 1 |
| openssl/crypto/provider_conf.c | 14 |
| openssl/crypto/evp/c_allc.c | 1 |
| openssl/crypto/evp/e_des.c | 6 |
| openssl/crypto/evp/names.c | 9 |
| openssl/crypto/objects/obj_dat.c | 29 |
| openssl/crypto/evp/c_alld.c | 1 |
| openssl/crypto/evp/legacy_md4.c | 1 |
| openssl/crypto/objects/o_names.c | 12 |
| openssl/crypto/objects/obj_local.h | 18 |
| openssl/crypto/lhash/lhash.c | 13 |
| openssl/crypto/evp/legacy_md5.c | 1 |
| openssl/crypto/evp/legacy_md5_sha1.c | 1 |
| openssl/crypto/evp/legacy_sha.c | 13 |
| openssl/crypto/evp/legacy_mdc2.c | 1 |
| openssl/crypto/evp/legacy_ripemd.c | 1 |
| openssl/crypto/evp/legacy_wp.c | 1 |
| openssl/crypto/sm3/legacy_sm3.c | 1 |
| openssl/crypto/evp/legacy_blake2.c | 2 |
| openssl/crypto/conf/conf_sap.c | 2 |
| openssl/crypto/conf/conf_mod.c | 33 |
| openssl/crypto/err/err_mark.c | 3 |
| openssl/crypto/getenv.c | 1 |
| openssl/crypto/o_str.c | 14 |
| openssl/crypto/x509/x509_def.c | 1 |
| openssl/crypto/bio/bio_print.c | 9 |
| openssl/include/internal/common.h | 1 |
| openssl/crypto/conf/conf_lib.c | 10 |
| openssl/crypto/conf/conf_def.c | 1 |
| openssl/include/openssl/err.h | 4 |
| openssl/crypto/conf/conf_api.c | 3 |
| openssl/include/openssl/conf.h | 3 |
| openssl/crypto/conf/conf_mall.c | 1 |
| openssl/crypto/asn1/asn_moid.c | 3 |
| openssl/crypto/bsearch.c | 1 |
| openssl/crypto/asn1/a_object.c | 6 |
| openssl/crypto/bn/bn_lib.c | 26 |
| openssl/crypto/bn/bn_local.h | 1 |
| openssl/crypto/mem_sec.c | 18 |
| openssl/crypto/bn/bn_word.c | 4 |
| openssl/crypto/bn/asm/x86_64-gcc.c | 2 |
| openssl/crypto/bn/bn_shift.c | 2 |
| openssl/crypto/asn1/asn1_lib.c | 13 |
| openssl/crypto/objects/obj_lib.c | 1 |
| openssl/crypto/asn1/asn_mstbl.c | 3 |
| openssl/crypto/x509/v3_utl.c | 6 |
| openssl/crypto/asn1/asn1_gen.c | 3 |
| openssl/crypto/asn1/tasn_dec.c | 14 |
| openssl/crypto/asn1/a_strnid.c | 6 |
| openssl/include/openssl/asn1.h | 3 |
| openssl/crypto/engine/eng_openssl.c | 20 |
| openssl/include/internal/cryptlib.h | 7 |
| openssl/include/openssl/crypto.h | 2 |
| openssl/crypto/evp/evp_lib.c | 37 |
| openssl/crypto/provider_core.c | 49 |
| openssl/crypto/engine/eng_rdrand.c | 4 |
| openssl/crypto/engine/tb_rand.c | 4 |
| openssl/crypto/engine/eng_local.h | 14 |
| openssl/crypto/engine/eng_dyn.c | 12 |
| openssl/crypto/dso/dso_lib.c | 9 |
| openssl/include/openssl/safestack.h | 4 |
| openssl/crypto/dso/dso_dlfcn.c | 1 |
| openssl/engines/e_padlock.c | 22 |
| openssl/crypto/engine/tb_cipher.c | 7 |
| openssl/crypto/evp/cmeth_lib.c | 8 |
| openssl/crypto/evp/evp_enc.c | 26 |
| openssl/crypto/params.c | 48 |
| openssl/crypto/evp/evp_utils.c | 5 |
| openssl/crypto/asn1/evp_asn1.c | 1 |
| openssl/crypto/asn1/tasn_typ.c | 9 |
| openssl/crypto/asn1/a_octet.c | 1 |
| openssl/crypto/asn1/a_type.c | 1 |
| openssl/crypto/asn1/tasn_fre.c | 5 |
| openssl/engines/e_afalg.c | 28 |
| openssl/engines/e_afalg_err.c | 3 |
| openssl/crypto/provider_local.h | 4 |
| openssl/crypto/provider_child.c | 4 |
| openssl/providers/implementations/rands/crngt.c | 2 |
| openssl/crypto/evp/digest.c | 18 |
| openssl/crypto/evp/evp_fetch.c | 16 |
| openssl/crypto/core_namemap.c | 22 |
| openssl/crypto/engine/eng_fat.c | 5 |
| openssl/crypto/engine/eng_table.c | 8 |
| openssl/crypto/engine/tb_digest.c | 7 |
| openssl/crypto/engine/tb_rsa.c | 4 |
| openssl/crypto/engine/tb_dsa.c | 4 |
| openssl/crypto/engine/tb_dh.c | 4 |
| openssl/crypto/engine/tb_eckey.c | 4 |
| openssl/include/crypto/asn1.h | 3 |
| openssl/crypto/core_fetch.c | 3 |
| openssl/crypto/core_algorithm.c | 4 |
| openssl/include/openssl/core_dispatch.h | 79 |
| openssl/crypto/encode_decode/decoder_pkey.c | 27 |
| openssl/crypto/async/async_wait.c | 3 |
| openssl/crypto/async/arch/async_posix.h | 1 |
| openssl/crypto/rsa/rsa_ossl.c | 1 |
| openssl/crypto/dsa/dsa_ossl.c | 1 |
| openssl/crypto/ec/ec_kmeth.c | 1 |
| openssl/crypto/dh/dh_key.c | 1 |
| openssl/crypto/rand/rand_meth.c | 1 |
| openssl/crypto/sha/sha_local.h | 1 |
| openssl/include/crypto/md32_common.h | 2 |
| openssl/crypto/engine/eng_pkey.c | 1 |
| openssl/crypto/bio/bss_file.c | 2 |
| openssl/crypto/o_fopen.c | 1 |
| openssl/crypto/pem/pem_pkey.c | 5 |
| openssl/crypto/bio/bf_readbuff.c | 1 |
| openssl/crypto/pem/pem_lib.c | 15 |
| openssl/crypto/evp/evp_key.c | 3 |
| openssl/crypto/ui/ui_lib.c | 27 |
| openssl/crypto/ui/ui_openssl.c | 1 |
| openssl/crypto/ui/ui_null.c | 1 |
| openssl/include/openssl/ui.h | 2 |
| openssl/crypto/err/err_prn.c | 1 |
| openssl/crypto/passphrase.c | 9 |
| openssl/crypto/encode_decode/decoder_meth.c | 21 |
| openssl/crypto/encode_decode/decoder_lib.c | 27 |
| openssl/crypto/evp/keymgmt_meth.c | 19 |
| openssl/crypto/provider.c | 2 |
| openssl/crypto/property/property_query.c | 3 |
| openssl/crypto/property/property_string.c | 17 |
| openssl/crypto/property/property_parse.c | 25 |
| openssl/crypto/encode_decode/encoder_local.h | 6 |
| openssl/crypto/evp/keymgmt_lib.c | 13 |
| openssl/crypto/evp/p_lib.c | 19 |
| openssl/include/crypto/evp.h | 8 |
| openssl/include/openssl/x509.h | 1 |
| openssl/crypto/x509/x_attrib.c | 2 |
| openssl/include/openssl/asn1t.h | 2 |
| openssl/crypto/asn1/tasn_utl.c | 9 |
| openssl/crypto/asn1/a_int.c | 8 |
| openssl/crypto/bio/ossl_core_bio.c | 3 |
| openssl/crypto/ui/ui_util.c | 8 |
| openssl/crypto/evp/encode.c | 7 |
| openssl/crypto/evp/m_sigver.c | 7 |
| openssl/crypto/evp/signature.c | 9 |
| openssl/crypto/evp/exchange.c | 2 |
| openssl/crypto/evp/kem.c | 2 |
| openssl/crypto/evp/asymcipher.c | 2 |
| openssl/crypto/evp/ctrl_params_translate.c | 10 |
| openssl/crypto/params_from_text.c | 3 |
| openssl/crypto/bn/bn_conv.c | 4 |
| openssl/crypto/asn1/p8_pkey.c | 4 |
| openssl/crypto/buffer/buffer.c | 2 |
| openssl/crypto/asn1/tasn_new.c | 9 |
| openssl/crypto/asn1/a_bitstr.c | 1 |
| openssl/crypto/evp/evp_pkey.c | 1 |
| openssl/crypto/asn1/x_sig.c | 3 |
| openssl/crypto/pkcs12/p12_p8d.c | 2 |
| openssl/crypto/pkcs12/p12_decr.c | 2 |
| openssl/crypto/evp/evp_pbe.c | 6 |
| openssl/crypto/evp/evp_local.h | 4 |
| openssl/crypto/asn1/d2i_pr.c | 1 |
| openssl/crypto/x509/x_pubkey.c | 7 |
| openssl/crypto/engine/eng_cnf.c | 5 |
| openssl/crypto/engine/eng_all.c | 1 |
| openssl/crypto/engine/eng_ctrl.c | 7 |
| openssl/crypto/evp/evp_cnf.c | 2 |
| openssl/crypto/conf/conf_ssl.c | 3 |
| openssl/crypto/encode_decode/encoder_meth.c | 3 |
| openssl/crypto/store/store_meth.c | 3 |
| openssl/crypto/evp/e_des3.c | 11 |
| openssl/crypto/evp/e_xcbc_d.c | 1 |
| openssl/crypto/evp/e_rc4.c | 2 |
| openssl/crypto/evp/e_rc4_hmac_md5.c | 1 |
| openssl/crypto/evp/e_idea.c | 4 |
| openssl/crypto/evp/e_seed.c | 4 |
| openssl/crypto/evp/e_sm4.c | 5 |
| openssl/crypto/evp/e_rc2.c | 6 |
| openssl/crypto/evp/e_bf.c | 4 |
| openssl/crypto/evp/e_cast.c | 4 |
| openssl/crypto/evp/e_rc5.c | 4 |
| openssl/crypto/evp/e_aes.c | 38 |
| openssl/crypto/evp/e_aes_cbc_hmac_sha1.c | 2 |
| openssl/crypto/evp/e_aes_cbc_hmac_sha256.c | 2 |
| openssl/crypto/evp/e_aria.c | 27 |
| openssl/crypto/evp/e_camellia.c | 21 |
| openssl/crypto/evp/e_chacha20_poly1305.c | 2 |
| openssl/crypto/err/err_all.c | 1 |
| openssl/crypto/bn/bn_err.c | 1 |
| openssl/crypto/rsa/rsa_err.c | 1 |
| openssl/crypto/dh/dh_err.c | 1 |
| openssl/crypto/evp/evp_err.c | 1 |
| openssl/crypto/buffer/buf_err.c | 1 |
| openssl/crypto/objects/obj_err.c | 1 |
| openssl/crypto/pem/pem_err.c | 1 |
| openssl/crypto/dsa/dsa_err.c | 1 |
| openssl/crypto/x509/x509_err.c | 1 |
| openssl/crypto/asn1/asn1_err.c | 1 |
| openssl/crypto/conf/conf_err.c | 1 |
| openssl/crypto/cpt_err.c | 1 |
| openssl/crypto/comp/comp_err.c | 1 |
| openssl/crypto/ec/ec_err.c | 1 |
| openssl/crypto/bio/bio_err.c | 1 |
| openssl/crypto/pkcs7/pkcs7err.c | 1 |
| openssl/crypto/x509/v3err.c | 1 |
| openssl/crypto/pkcs12/pk12err.c | 1 |
| openssl/crypto/rand/rand_err.c | 1 |
| openssl/crypto/dso/dso_err.c | 1 |
| openssl/crypto/ts/ts_err.c | 1 |
| openssl/crypto/engine/eng_err.c | 1 |
| openssl/crypto/http/http_err.c | 1 |
| openssl/crypto/ocsp/ocsp_err.c | 1 |
| openssl/crypto/ui/ui_err.c | 1 |
| openssl/crypto/cms/cms_err.c | 1 |
| openssl/crypto/crmf/crmf_err.c | 1 |
| openssl/crypto/cmp/cmp_err.c | 1 |
| openssl/crypto/ct/ct_err.c | 1 |
| openssl/crypto/ess/ess_err.c | 1 |
| openssl/crypto/async/async_err.c | 1 |
| openssl/crypto/store/store_err.c | 1 |
| openssl/crypto/property/property_err.c | 1 |
| openssl/providers/common/provider_err.c | 1 |
| openssl/crypto/property/defn_cache.c | 5 |
| openssl/crypto/bio/bss_core.c | 2 |
| openssl/providers/implementations/rands/drbg.c | 2 |
| openssl/crypto/self_test_core.c | 2 |
| openssl/crypto/thread/internal.c | 2 |
| openssl/crypto/thread/arch/thread_posix.c | 4 |
| openssl/crypto/evp/evp_rand.c | 3 |
| openssl/crypto/store/store_init.c | 1 |
| openssl/crypto/store/store_register.c | 1 |
| openssl/crypto/store/store_local.h | 1 |
| openssl/crypto/bio/bio_sock.c | 1 |
| openssl/crypto/objects/obj_xref.c | 2 |
| openssl/crypto/objects/obj_xref.h | 2 |
| openssl/crypto/cmp/cmp_util.c | 1 |
| openssl/crypto/trace.c | 2 |
Fuzzer: ct_30
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 4626 | 88.0% |
| gold | [1:9] | 316 | 6.01% |
| yellow | [10:29] | 27 | 0.51% |
| greenyellow | [30:49] | 5 | 0.09% |
| lawngreen | 50+ | 281 | 5.34% |
| All colors | 5255 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 6016 | 6016 |
1 :
['ossl_asn1_template_free'] |
6016 | 6016 | ossl_asn1_item_embed_free | call site: 02267 | /src/openssl/crypto/asn1/tasn_fre.c:48 |
| 3455 | 3465 |
3 :
['ERR_put_error', 'CRYPTO_malloc', 'CRYPTO_free'] |
3455 | 3465 | i2o_SCT_signature | call site: 05180 | /src/openssl111/crypto/ct/ct_oct.c:176 |
| 3455 | 3461 |
2 :
['ERR_put_error', 'CRYPTO_malloc'] |
3455 | 6928 | i2o_SCT | call site: 05176 | /src/openssl111/crypto/ct/ct_oct.c:223 |
| 3455 | 3455 |
1 :
['ASN1_STRING_new'] |
3455 | 6928 | ossl_asn1_time_from_tm | call site: 05113 | /src/openssl/crypto/asn1/a_time.c:285 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | asn1_collect | call site: 04904 | /src/openssl111/crypto/asn1/tasn_dec.c:1052 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | BUF_MEM_grow_clean | call site: 04913 | /src/openssl111/crypto/buffer/buffer.c:136 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | i2o_SCT_LIST | call site: 05166 | /src/openssl111/crypto/ct/ct_oct.c:333 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | SCT_new | call site: 05044 | /src/openssl111/crypto/ct/ct_sct.c:26 |
| 3455 | 3455 |
1 :
['ERR_put_error'] |
3455 | 3455 | SCT_set1_signature | call site: 05052 | /src/openssl111/crypto/ct/ct_sct.c:186 |
| 3452 | 3452 |
1 :
['sk_ENGINE_CLEANUP_ITEM_new_null'] |
3452 | 3452 | int_cleanup_check | call site: 00982 | /src/openssl111/crypto/engine/eng_lib.c:118 |
| 104 | 104 |
1 :
['sec_alloc_realloc'] |
3559 | 3559 | BUF_MEM_grow_clean | call site: 04912 | /src/openssl111/crypto/buffer/buffer.c:132 |
| 16 | 16 |
1 :
['CTLOG_STORE_get0_log_by_id'] |
18 | 21134 | SCT_print | call site: 05070 | /src/openssl111/crypto/ct/ct_prn.c:75 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl30/fuzz/driver.c | 1 |
| openssl30/fuzz/ct.c | 1 |
| openssl30/crypto/ct/ct_oct.c | 8 |
| openssl30/crypto/asn1/tasn_typ.c | 14 |
| openssl30/crypto/asn1/tasn_dec.c | 14 |
| openssl30/crypto/err/err_blocks.c | 2 |
| openssl30/crypto/err/err.c | 31 |
| openssl30/crypto/init.c | 39 |
| openssl30/crypto/err/err_local.h | 5 |
| openssl30/crypto/mem.c | 7 |
| openssl30/crypto/threads_pthread.c | 13 |
| openssl30/crypto/cpuid.c | 4 |
| openssl30/crypto/ctype.c | 4 |
| openssl30/crypto/initthread.c | 21 |
| openssl30/crypto/stack/stack.c | 16 |
| openssl30/crypto/comp/c_zlib.c | 1 |
| openssl30/crypto/async/async.c | 6 |
| openssl30/crypto/rand/rand_lib.c | 10 |
| openssl30/providers/implementations/rands/seeding/rand_unix.c | 4 |
| openssl30/crypto/engine/eng_init.c | 4 |
| openssl30/crypto/cryptlib.c | 2 |
| openssl30/crypto/engine/eng_lib.c | 21 |
| openssl30/include/internal/refcount.h | 2 |
| openssl30/crypto/engine/tb_pkmeth.c | 7 |
| openssl30/crypto/evp/pmeth_lib.c | 31 |
| openssl30/crypto/engine/tb_asnmth.c | 9 |
| openssl30/crypto/asn1/ameth_lib.c | 9 |
| openssl30/crypto/engine/eng_list.c | 10 |
| openssl30/crypto/ex_data.c | 14 |
| openssl30/crypto/context.c | 17 |
| openssl30/include/internal/cryptlib.h | 8 |
| openssl30/include/openssl/crypto.h | 2 |
| openssl30/crypto/property/property_parse.c | 25 |
| openssl30/crypto/property/property_string.c | 12 |
| openssl30/crypto/lhash/lhash.c | 12 |
| openssl30/crypto/evp/evp_rand.c | 3 |
| openssl30/crypto/provider_core.c | 43 |
| openssl30/crypto/err/err_all.c | 1 |
| openssl30/include/openssl/err.h | 4 |
| openssl30/crypto/bn/bn_err.c | 1 |
| openssl30/crypto/rsa/rsa_err.c | 1 |
| openssl30/crypto/dh/dh_err.c | 1 |
| openssl30/crypto/evp/evp_err.c | 1 |
| openssl30/crypto/buffer/buf_err.c | 1 |
| openssl30/crypto/objects/obj_err.c | 1 |
| openssl30/crypto/pem/pem_err.c | 1 |
| openssl30/crypto/dsa/dsa_err.c | 1 |
| openssl30/crypto/x509/x509_err.c | 1 |
| openssl30/crypto/asn1/asn1_err.c | 1 |
| openssl30/crypto/conf/conf_err.c | 1 |
| openssl30/crypto/cpt_err.c | 1 |
| openssl30/crypto/comp/comp_err.c | 1 |
| openssl30/crypto/ec/ec_err.c | 1 |
| openssl30/crypto/bio/bio_err.c | 1 |
| openssl30/crypto/pkcs7/pkcs7err.c | 1 |
| openssl30/crypto/x509/v3err.c | 1 |
| openssl30/crypto/pkcs12/pk12err.c | 1 |
| openssl30/crypto/rand/rand_err.c | 1 |
| openssl30/crypto/dso/dso_err.c | 1 |
| openssl30/crypto/ts/ts_err.c | 1 |
| openssl30/crypto/engine/eng_err.c | 1 |
| openssl30/crypto/http/http_err.c | 1 |
| openssl30/crypto/ocsp/ocsp_err.c | 1 |
| openssl30/crypto/ui/ui_err.c | 1 |
| openssl30/crypto/cms/cms_err.c | 1 |
| openssl30/crypto/crmf/crmf_err.c | 1 |
| openssl30/crypto/cmp/cmp_err.c | 1 |
| openssl30/crypto/ct/ct_err.c | 1 |
| openssl30/crypto/ess/ess_err.c | 1 |
| openssl30/crypto/async/async_err.c | 1 |
| openssl30/crypto/store/store_err.c | 1 |
| openssl30/crypto/property/property_err.c | 1 |
| openssl30/providers/common/provider_err.c | 1 |
| openssl30/crypto/evp/c_allc.c | 1 |
| openssl30/crypto/evp/e_des.c | 6 |
| openssl30/crypto/evp/names.c | 9 |
| openssl30/crypto/objects/obj_dat.c | 23 |
| openssl30/crypto/evp/c_alld.c | 1 |
| openssl30/crypto/evp/legacy_md4.c | 1 |
| openssl30/crypto/objects/obj_local.h | 18 |
| openssl30/crypto/objects/o_names.c | 12 |
| openssl30/crypto/conf/conf_sap.c | 2 |
| openssl30/crypto/conf/conf_mod.c | 33 |
| openssl30/crypto/engine/eng_openssl.c | 20 |
| openssl30/crypto/evp/evp_lib.c | 37 |
| openssl30/crypto/dso/dso_lib.c | 9 |
| openssl30/crypto/provider_local.h | 4 |
| openssl30/crypto/provider_child.c | 2 |
| openssl30/crypto/evp/cmeth_lib.c | 8 |
| openssl30/crypto/evp/evp_enc.c | 24 |
| openssl30/crypto/rsa/rsa_ossl.c | 1 |
| openssl30/crypto/engine/tb_rsa.c | 4 |
| openssl30/crypto/dsa/dsa_ossl.c | 1 |
| openssl30/crypto/engine/tb_dsa.c | 4 |
| openssl30/crypto/ec/ec_kmeth.c | 1 |
| openssl30/crypto/engine/tb_eckey.c | 4 |
| openssl30/crypto/dh/dh_key.c | 1 |
| openssl30/crypto/engine/tb_dh.c | 4 |
| openssl30/crypto/rand/rand_meth.c | 1 |
| openssl30/crypto/engine/tb_rand.c | 4 |
| openssl30/crypto/engine/tb_cipher.c | 7 |
| openssl30/crypto/params.c | 47 |
| openssl30/crypto/evp/evp_utils.c | 5 |
| openssl30/crypto/engine/tb_digest.c | 7 |
| openssl30/crypto/evp/digest.c | 17 |
| openssl30/crypto/sha/sha_local.h | 1 |
| openssl30/include/crypto/md32_common.h | 2 |
| openssl30/crypto/engine/eng_pkey.c | 1 |
| openssl30/crypto/bio/bss_file.c | 2 |
| openssl30/crypto/o_fopen.c | 1 |
| openssl30/crypto/bio/bio_lib.c | 16 |
| openssl30/crypto/pem/pem_pkey.c | 5 |
| openssl30/crypto/bio/bf_readbuff.c | 1 |
| openssl30/crypto/pem/pem_lib.c | 15 |
| openssl30/crypto/evp/evp_key.c | 3 |
| openssl30/crypto/ui/ui_lib.c | 27 |
| openssl30/crypto/ui/ui_openssl.c | 1 |
| openssl30/crypto/ui/ui_null.c | 1 |
| openssl30/include/openssl/ui.h | 2 |
| openssl30/crypto/err/err_prn.c | 1 |
| openssl30/crypto/o_str.c | 12 |
| openssl30/crypto/bio/bio_print.c | 11 |
| openssl30/crypto/passphrase.c | 9 |
| openssl30/crypto/encode_decode/decoder_pkey.c | 13 |
| openssl30/crypto/encode_decode/decoder_meth.c | 16 |
| openssl30/crypto/encode_decode/decoder_lib.c | 23 |
| openssl30/crypto/evp/keymgmt_meth.c | 21 |
| openssl30/crypto/evp/evp_fetch.c | 16 |
| openssl30/crypto/core_namemap.c | 19 |
| openssl30/crypto/engine/eng_rdrand.c | 4 |
| openssl30/crypto/engine/eng_local.h | 14 |
| openssl30/crypto/engine/eng_dyn.c | 12 |
| openssl30/include/openssl/safestack.h | 4 |
| openssl30/crypto/dso/dso_dlfcn.c | 1 |
| openssl30/engines/e_padlock.c | 22 |
| openssl30/crypto/asn1/evp_asn1.c | 1 |
| openssl30/crypto/asn1/asn1_lib.c | 14 |
| openssl30/crypto/asn1/a_octet.c | 1 |
| openssl30/crypto/asn1/a_type.c | 1 |
| openssl30/crypto/asn1/tasn_fre.c | 5 |
| openssl30/crypto/asn1/a_object.c | 6 |
| openssl30/engines/e_afalg.c | 27 |
| openssl30/engines/e_afalg_err.c | 3 |
| openssl30/crypto/engine/eng_fat.c | 5 |
| openssl30/crypto/engine/eng_table.c | 8 |
| openssl30/crypto/async/async_wait.c | 3 |
| openssl30/crypto/async/arch/async_posix.h | 1 |
| openssl30/crypto/bsearch.c | 1 |
| openssl30/crypto/bn/bn_word.c | 4 |
| openssl30/crypto/bn/bn_lib.c | 23 |
| openssl30/crypto/bn/bn_local.h | 1 |
| openssl30/crypto/mem_sec.c | 18 |
| openssl30/crypto/bn/bn_shift.c | 2 |
| openssl30/crypto/bn/bn_conv.c | 4 |
| openssl30/include/internal/constant_time.h | 4 |
| openssl30/crypto/bn/asm/x86_64-gcc.c | 2 |
| openssl30/include/crypto/asn1.h | 3 |
| openssl30/crypto/property/property.c | 25 |
| openssl30/crypto/sparse_array.c | 1 |
| openssl30/crypto/core_fetch.c | 3 |
| openssl30/crypto/core_algorithm.c | 4 |
| openssl30/crypto/getenv.c | 1 |
| openssl30/include/openssl/core_dispatch.h | 81 |
| openssl30/crypto/provider.c | 2 |
| openssl30/crypto/property/property_query.c | 3 |
| openssl30/crypto/encode_decode/encoder_local.h | 5 |
| openssl30/crypto/evp/keymgmt_lib.c | 14 |
| openssl30/crypto/evp/p_lib.c | 19 |
| openssl30/include/crypto/evp.h | 8 |
| openssl30/include/openssl/x509.h | 1 |
| openssl30/crypto/x509/x_attrib.c | 2 |
| openssl30/include/openssl/asn1t.h | 2 |
| openssl30/crypto/asn1/tasn_utl.c | 13 |
| openssl30/crypto/asn1/a_int.c | 10 |
| openssl30/crypto/bio/bss_mem.c | 3 |
| openssl30/crypto/bio/ossl_core_bio.c | 3 |
| openssl30/crypto/ui/ui_util.c | 8 |
| openssl30/crypto/evp/encode.c | 7 |
| openssl30/crypto/evp/legacy_md5.c | 1 |
| openssl30/crypto/evp/m_sigver.c | 7 |
| openssl30/crypto/evp/signature.c | 9 |
| openssl30/crypto/evp/exchange.c | 2 |
| openssl30/crypto/evp/kem.c | 2 |
| openssl30/crypto/evp/asymcipher.c | 2 |
| openssl30/crypto/evp/ctrl_params_translate.c | 10 |
| openssl30/crypto/params_from_text.c | 3 |
| openssl30/crypto/asn1/p8_pkey.c | 4 |
| openssl30/crypto/evp/evp_pkey.c | 1 |
| openssl30/crypto/asn1/x_sig.c | 3 |
| openssl30/crypto/pkcs12/p12_p8d.c | 2 |
| openssl30/crypto/pkcs12/p12_decr.c | 2 |
| openssl30/crypto/evp/evp_pbe.c | 6 |
| openssl30/crypto/evp/evp_local.h | 3 |
| openssl30/crypto/asn1/d2i_pr.c | 1 |
| openssl30/crypto/x509/x_pubkey.c | 7 |
| openssl30/crypto/x509/x509_def.c | 1 |
| openssl30/crypto/conf/conf_lib.c | 10 |
| openssl30/crypto/conf/conf_def.c | 1 |
| openssl30/crypto/conf/conf_api.c | 3 |
| openssl30/include/openssl/conf.h | 3 |
| openssl30/crypto/conf/conf_mall.c | 1 |
| openssl30/crypto/asn1/asn_moid.c | 3 |
| openssl30/crypto/objects/obj_lib.c | 1 |
| openssl30/crypto/asn1/asn_mstbl.c | 3 |
| openssl30/crypto/x509/v3_utl.c | 6 |
| openssl30/crypto/asn1/asn1_gen.c | 3 |
| openssl30/crypto/asn1/a_strnid.c | 6 |
| openssl30/include/openssl/asn1.h | 3 |
| openssl30/crypto/engine/eng_cnf.c | 5 |
| openssl30/crypto/engine/eng_all.c | 1 |
| openssl30/crypto/engine/eng_ctrl.c | 7 |
| openssl30/crypto/evp/evp_cnf.c | 2 |
| openssl30/crypto/conf/conf_ssl.c | 3 |
| openssl30/crypto/provider_conf.c | 10 |
| openssl30/crypto/encode_decode/encoder_meth.c | 3 |
| openssl30/crypto/store/store_meth.c | 3 |
| openssl30/crypto/evp/legacy_md5_sha1.c | 1 |
| openssl30/crypto/evp/legacy_sha.c | 13 |
| openssl30/crypto/evp/legacy_mdc2.c | 1 |
| openssl30/crypto/evp/legacy_ripemd.c | 1 |
| openssl30/crypto/evp/legacy_wp.c | 1 |
| openssl30/crypto/sm3/legacy_sm3.c | 1 |
| openssl30/crypto/evp/legacy_blake2.c | 2 |
| openssl30/crypto/evp/e_des3.c | 11 |
| openssl30/crypto/evp/e_xcbc_d.c | 1 |
| openssl30/crypto/evp/e_rc4.c | 2 |
| openssl30/crypto/evp/e_rc4_hmac_md5.c | 1 |
| openssl30/crypto/evp/e_idea.c | 4 |
| openssl30/crypto/evp/e_seed.c | 4 |
| openssl30/crypto/evp/e_sm4.c | 5 |
| openssl30/crypto/evp/e_rc2.c | 6 |
| openssl30/crypto/evp/e_bf.c | 4 |
| openssl30/crypto/evp/e_cast.c | 4 |
| openssl30/crypto/evp/e_rc5.c | 4 |
| openssl30/crypto/evp/e_aes.c | 38 |
| openssl30/crypto/evp/e_aes_cbc_hmac_sha1.c | 2 |
| openssl30/crypto/evp/e_aes_cbc_hmac_sha256.c | 2 |
| openssl30/crypto/evp/e_aria.c | 27 |
| openssl30/crypto/evp/e_camellia.c | 21 |
| openssl30/crypto/evp/e_chacha20_poly1305.c | 2 |
| openssl30/crypto/store/store_init.c | 1 |
| openssl30/crypto/store/store_register.c | 1 |
| openssl30/crypto/store/store_local.h | 1 |
| openssl30/crypto/bio/bio_sock.c | 1 |
| openssl30/crypto/objects/obj_xref.c | 2 |
| openssl30/crypto/objects/obj_xref.h | 2 |
| openssl30/crypto/cmp/cmp_util.c | 1 |
| openssl30/crypto/trace.c | 2 |
| openssl30/crypto/buffer/buffer.c | 2 |
| openssl30/crypto/asn1/tasn_new.c | 9 |
| openssl30/crypto/asn1/a_bitstr.c | 2 |
| openssl30/include/openssl/ct.h | 3 |
| openssl30/crypto/ct/ct_sct.c | 7 |
| openssl30/crypto/bio/bss_null.c | 1 |
| openssl30/crypto/ct/ct_prn.c | 4 |
| openssl30/crypto/ct/ct_log.c | 2 |
| openssl30/crypto/bio/bio_dump.c | 1 |
| openssl30/crypto/asn1/a_gentm.c | 5 |
| openssl30/crypto/o_time.c | 5 |
| openssl30/crypto/asn1/a_time.c | 8 |
| openssl30/crypto/asn1/tasn_enc.c | 8 |
| openssl30/crypto/asn1/asn1_local.h | 3 |
Fuzzer: cms_30
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 3141 | 60.6% |
| gold | [1:9] | 853 | 16.4% |
| yellow | [10:29] | 82 | 1.58% |
| greenyellow | [30:49] | 18 | 0.34% |
| lawngreen | 50+ | 1089 | 21.0% |
| All colors | 5183 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 9914 | 9914 |
2 :
['ec_GF2m_simple_oct2point', 'ec_GFp_simple_oct2point'] |
9914 | 9914 | EC_POINT_oct2point | call site: 00000 | /src/openssl111/crypto/ec/ec_oct.c:113 |
| 9386 | 9386 |
2 :
['conf_diagnostics', 'CONF_modules_load'] |
9386 | 16308 | CONF_modules_load_file_ex | call site: 03829 | /src/openssl/crypto/conf/conf_mod.c:206 |
| 8805 | 8805 |
2 :
['ec_GF2m_simple_set_compressed_coordinates', 'ec_GFp_simple_set_compressed_coordinates'] |
8805 | 8805 | EC_POINT_set_compressed_coordinates | call site: 00000 | /src/openssl111/crypto/ec/ec_oct.c:32 |
| 6157 | 6161 |
2 :
['ossl_cipher_tlsunpadblock', 'CRYPTO_free'] |
6157 | 112805 | ossl_cipher_generic_block_update | call site: 00000 | /src/openssl/providers/implementations/ciphers/ciphercommon.c:252 |
| 5960 | 5960 |
1 :
['ossl_dh_key2buf'] |
5960 | 18059 | dh_get_params | call site: 00000 | /src/openssl/providers/implementations/keymgmt/dh_kmgmt.c:328 |
| 5947 | 5947 |
1 :
['OSSL_PARAM_set_long'] |
5947 | 5947 | ossl_param_build_set_long | call site: 00000 | /src/openssl/crypto/param_build_set.c:39 |
| 5942 | 118642 |
6 :
['ERR_set_error', 'ERR_new', 'OSSL_PARAM_get_size_t', 'OSSL_PARAM_locate_const', 'ERR_set_debug', 'OSSL_PARAM_get_uint'] |
5942 | 118642 | ossl_cipher_generic_set_ctx_params | call site: 00000 | /src/openssl/providers/implementations/ciphers/ciphercommon.c:596 |
| 5937 | 5937 |
1 :
['OSSL_PARAM_BLD_push_int'] |
5937 | 5937 | ossl_param_build_set_int | call site: 00000 | /src/openssl/crypto/param_build_set.c:25 |
| 5937 | 5937 |
1 :
['OSSL_PARAM_BLD_push_long'] |
5937 | 5937 | ossl_param_build_set_long | call site: 00000 | /src/openssl/crypto/param_build_set.c:36 |
| 5936 | 5936 |
1 :
['OSSL_PARAM_BLD_push_utf8_string'] |
5936 | 5936 | ossl_param_build_set_utf8_string | call site: 00000 | /src/openssl/crypto/param_build_set.c:47 |
| 5935 | 5935 |
1 :
['OSSL_PARAM_BLD_push_octet_string'] |
5935 | 5935 | ossl_param_build_set_octet_string | call site: 00000 | /src/openssl/crypto/param_build_set.c:60 |
| 5933 | 5933 |
1 :
['ossl_property_merge'] |
5933 | 6001 | ossl_method_store_fetch | call site: 00000 | /src/openssl/crypto/property/property.c:526 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl30/fuzz/driver.c | 1 |
| openssl30/fuzz/cms.c | 1 |
| openssl30/crypto/bio/bss_mem.c | 3 |
| openssl30/crypto/bio/bio_lib.c | 16 |
| openssl30/crypto/mem.c | 7 |
| openssl30/crypto/err/err_blocks.c | 2 |
| openssl30/crypto/err/err.c | 31 |
| openssl30/crypto/init.c | 39 |
| openssl30/crypto/err/err_local.h | 5 |
| openssl30/crypto/threads_pthread.c | 13 |
| openssl30/crypto/cpuid.c | 4 |
| openssl30/crypto/ctype.c | 3 |
| openssl30/crypto/initthread.c | 21 |
| openssl30/crypto/stack/stack.c | 16 |
| openssl30/crypto/comp/c_zlib.c | 1 |
| openssl30/crypto/async/async.c | 6 |
| openssl30/crypto/rand/rand_lib.c | 10 |
| openssl30/providers/implementations/rands/seeding/rand_unix.c | 4 |
| openssl30/crypto/engine/eng_init.c | 4 |
| openssl30/crypto/cryptlib.c | 2 |
| openssl30/crypto/engine/eng_lib.c | 21 |
| openssl30/include/internal/refcount.h | 2 |
| openssl30/crypto/engine/tb_pkmeth.c | 7 |
| openssl30/crypto/evp/pmeth_lib.c | 31 |
| openssl30/crypto/engine/tb_asnmth.c | 9 |
| openssl30/crypto/asn1/ameth_lib.c | 9 |
| openssl30/crypto/engine/eng_list.c | 10 |
| openssl30/crypto/ex_data.c | 14 |
| openssl30/crypto/context.c | 17 |
| openssl30/include/internal/cryptlib.h | 8 |
| openssl30/include/openssl/crypto.h | 2 |
| openssl30/crypto/property/property_parse.c | 25 |
| openssl30/crypto/property/property_string.c | 12 |
| openssl30/crypto/lhash/lhash.c | 12 |
| openssl30/crypto/evp/evp_rand.c | 3 |
| openssl30/crypto/provider_core.c | 43 |
| openssl30/crypto/err/err_all.c | 1 |
| openssl30/include/openssl/err.h | 4 |
| openssl30/crypto/bn/bn_err.c | 1 |
| openssl30/crypto/rsa/rsa_err.c | 1 |
| openssl30/crypto/dh/dh_err.c | 1 |
| openssl30/crypto/evp/evp_err.c | 1 |
| openssl30/crypto/buffer/buf_err.c | 1 |
| openssl30/crypto/objects/obj_err.c | 1 |
| openssl30/crypto/pem/pem_err.c | 1 |
| openssl30/crypto/dsa/dsa_err.c | 1 |
| openssl30/crypto/x509/x509_err.c | 1 |
| openssl30/crypto/asn1/asn1_err.c | 1 |
| openssl30/crypto/conf/conf_err.c | 1 |
| openssl30/crypto/cpt_err.c | 1 |
| openssl30/crypto/comp/comp_err.c | 1 |
| openssl30/crypto/ec/ec_err.c | 1 |
| openssl30/crypto/bio/bio_err.c | 1 |
| openssl30/crypto/pkcs7/pkcs7err.c | 1 |
| openssl30/crypto/x509/v3err.c | 1 |
| openssl30/crypto/pkcs12/pk12err.c | 1 |
| openssl30/crypto/rand/rand_err.c | 1 |
| openssl30/crypto/dso/dso_err.c | 1 |
| openssl30/crypto/ts/ts_err.c | 1 |
| openssl30/crypto/engine/eng_err.c | 1 |
| openssl30/crypto/http/http_err.c | 1 |
| openssl30/crypto/ocsp/ocsp_err.c | 1 |
| openssl30/crypto/ui/ui_err.c | 1 |
| openssl30/crypto/cms/cms_err.c | 1 |
| openssl30/crypto/crmf/crmf_err.c | 1 |
| openssl30/crypto/cmp/cmp_err.c | 1 |
| openssl30/crypto/ct/ct_err.c | 1 |
| openssl30/crypto/ess/ess_err.c | 1 |
| openssl30/crypto/async/async_err.c | 1 |
| openssl30/crypto/store/store_err.c | 1 |
| openssl30/crypto/property/property_err.c | 1 |
| openssl30/providers/common/provider_err.c | 1 |
| openssl30/crypto/evp/c_allc.c | 1 |
| openssl30/crypto/evp/e_des.c | 6 |
| openssl30/crypto/evp/names.c | 9 |
| openssl30/crypto/objects/obj_dat.c | 23 |
| openssl30/crypto/evp/c_alld.c | 1 |
| openssl30/crypto/evp/legacy_md4.c | 1 |
| openssl30/crypto/objects/obj_local.h | 18 |
| openssl30/crypto/objects/o_names.c | 12 |
| openssl30/crypto/conf/conf_sap.c | 2 |
| openssl30/crypto/conf/conf_mod.c | 33 |
| openssl30/crypto/engine/eng_openssl.c | 20 |
| openssl30/crypto/evp/evp_lib.c | 37 |
| openssl30/crypto/dso/dso_lib.c | 9 |
| openssl30/crypto/provider_local.h | 4 |
| openssl30/crypto/provider_child.c | 2 |
| openssl30/crypto/evp/cmeth_lib.c | 8 |
| openssl30/crypto/evp/evp_enc.c | 24 |
| openssl30/crypto/rsa/rsa_ossl.c | 1 |
| openssl30/crypto/engine/tb_rsa.c | 4 |
| openssl30/crypto/dsa/dsa_ossl.c | 1 |
| openssl30/crypto/engine/tb_dsa.c | 4 |
| openssl30/crypto/ec/ec_kmeth.c | 1 |
| openssl30/crypto/engine/tb_eckey.c | 4 |
| openssl30/crypto/dh/dh_key.c | 1 |
| openssl30/crypto/engine/tb_dh.c | 4 |
| openssl30/crypto/rand/rand_meth.c | 1 |
| openssl30/crypto/engine/tb_rand.c | 4 |
| openssl30/crypto/engine/tb_cipher.c | 7 |
| openssl30/crypto/params.c | 47 |
| openssl30/crypto/evp/evp_utils.c | 5 |
| openssl30/crypto/engine/tb_digest.c | 7 |
| openssl30/crypto/evp/digest.c | 17 |
| openssl30/crypto/sha/sha_local.h | 1 |
| openssl30/include/crypto/md32_common.h | 2 |
| openssl30/crypto/engine/eng_pkey.c | 1 |
| openssl30/crypto/bio/bss_file.c | 2 |
| openssl30/crypto/o_fopen.c | 1 |
| openssl30/crypto/pem/pem_pkey.c | 5 |
| openssl30/crypto/bio/bf_readbuff.c | 1 |
| openssl30/crypto/pem/pem_lib.c | 15 |
| openssl30/crypto/evp/evp_key.c | 3 |
| openssl30/crypto/ui/ui_lib.c | 27 |
| openssl30/crypto/ui/ui_openssl.c | 1 |
| openssl30/crypto/ui/ui_null.c | 1 |
| openssl30/include/openssl/ui.h | 2 |
| openssl30/crypto/err/err_prn.c | 1 |
| openssl30/crypto/o_str.c | 12 |
| openssl30/crypto/bio/bio_print.c | 9 |
| openssl30/crypto/passphrase.c | 9 |
| openssl30/crypto/encode_decode/decoder_pkey.c | 13 |
| openssl30/crypto/encode_decode/decoder_meth.c | 16 |
| openssl30/crypto/encode_decode/decoder_lib.c | 23 |
| openssl30/crypto/evp/keymgmt_meth.c | 21 |
| openssl30/crypto/evp/evp_fetch.c | 16 |
| openssl30/crypto/core_namemap.c | 19 |
| openssl30/crypto/engine/eng_rdrand.c | 4 |
| openssl30/crypto/engine/eng_local.h | 14 |
| openssl30/crypto/engine/eng_dyn.c | 12 |
| openssl30/include/openssl/safestack.h | 4 |
| openssl30/crypto/dso/dso_dlfcn.c | 1 |
| openssl30/engines/e_padlock.c | 22 |
| openssl30/crypto/asn1/evp_asn1.c | 1 |
| openssl30/crypto/asn1/tasn_typ.c | 9 |
| openssl30/crypto/asn1/asn1_lib.c | 12 |
| openssl30/crypto/asn1/a_octet.c | 1 |
| openssl30/crypto/asn1/a_type.c | 1 |
| openssl30/crypto/asn1/tasn_fre.c | 5 |
| openssl30/crypto/asn1/a_object.c | 6 |
| openssl30/engines/e_afalg.c | 27 |
| openssl30/engines/e_afalg_err.c | 3 |
| openssl30/crypto/engine/eng_fat.c | 5 |
| openssl30/crypto/engine/eng_table.c | 8 |
| openssl30/crypto/async/async_wait.c | 3 |
| openssl30/crypto/async/arch/async_posix.h | 1 |
| openssl30/crypto/bsearch.c | 1 |
| openssl30/crypto/bn/bn_word.c | 4 |
| openssl30/crypto/bn/bn_lib.c | 23 |
| openssl30/crypto/bn/bn_local.h | 1 |
| openssl30/crypto/mem_sec.c | 18 |
| openssl30/crypto/bn/bn_shift.c | 2 |
| openssl30/crypto/bn/bn_conv.c | 4 |
| openssl30/include/internal/constant_time.h | 4 |
| openssl30/crypto/bn/asm/x86_64-gcc.c | 2 |
| openssl30/include/crypto/asn1.h | 3 |
| openssl30/crypto/property/property.c | 25 |
| openssl30/crypto/sparse_array.c | 1 |
| openssl30/crypto/core_fetch.c | 3 |
| openssl30/crypto/core_algorithm.c | 4 |
| openssl30/crypto/getenv.c | 1 |
| openssl30/include/openssl/core_dispatch.h | 81 |
| openssl30/crypto/provider.c | 2 |
| openssl30/crypto/property/property_query.c | 3 |
| openssl30/crypto/encode_decode/encoder_local.h | 5 |
| openssl30/crypto/evp/keymgmt_lib.c | 14 |
| openssl30/crypto/evp/p_lib.c | 19 |
| openssl30/include/crypto/evp.h | 8 |
| openssl30/include/openssl/x509.h | 1 |
| openssl30/crypto/x509/x_attrib.c | 2 |
| openssl30/include/openssl/asn1t.h | 2 |
| openssl30/crypto/asn1/tasn_utl.c | 13 |
| openssl30/crypto/asn1/a_int.c | 10 |
| openssl30/crypto/bio/ossl_core_bio.c | 3 |
| openssl30/crypto/ui/ui_util.c | 8 |
| openssl30/crypto/evp/encode.c | 7 |
| openssl30/crypto/evp/legacy_md5.c | 1 |
| openssl30/crypto/evp/m_sigver.c | 7 |
| openssl30/crypto/evp/signature.c | 9 |
| openssl30/crypto/evp/exchange.c | 2 |
| openssl30/crypto/evp/kem.c | 2 |
| openssl30/crypto/evp/asymcipher.c | 2 |
| openssl30/crypto/evp/ctrl_params_translate.c | 10 |
| openssl30/crypto/params_from_text.c | 3 |
| openssl30/crypto/asn1/p8_pkey.c | 4 |
| openssl30/crypto/asn1/tasn_dec.c | 14 |
| openssl30/crypto/buffer/buffer.c | 4 |
| openssl30/crypto/asn1/tasn_new.c | 9 |
| openssl30/crypto/asn1/a_bitstr.c | 2 |
| openssl30/crypto/evp/evp_pkey.c | 1 |
| openssl30/crypto/asn1/x_sig.c | 3 |
| openssl30/crypto/pkcs12/p12_p8d.c | 2 |
| openssl30/crypto/pkcs12/p12_decr.c | 2 |
| openssl30/crypto/evp/evp_pbe.c | 6 |
| openssl30/crypto/evp/evp_local.h | 3 |
| openssl30/crypto/asn1/d2i_pr.c | 1 |
| openssl30/crypto/x509/x_pubkey.c | 7 |
| openssl30/crypto/x509/x509_def.c | 1 |
| openssl30/crypto/conf/conf_lib.c | 10 |
| openssl30/crypto/conf/conf_def.c | 1 |
| openssl30/crypto/conf/conf_api.c | 3 |
| openssl30/include/openssl/conf.h | 3 |
| openssl30/crypto/conf/conf_mall.c | 1 |
| openssl30/crypto/asn1/asn_moid.c | 3 |
| openssl30/crypto/objects/obj_lib.c | 1 |
| openssl30/crypto/asn1/asn_mstbl.c | 3 |
| openssl30/crypto/x509/v3_utl.c | 6 |
| openssl30/crypto/asn1/asn1_gen.c | 3 |
| openssl30/crypto/asn1/a_strnid.c | 6 |
| openssl30/include/openssl/asn1.h | 3 |
| openssl30/crypto/engine/eng_cnf.c | 5 |
| openssl30/crypto/engine/eng_all.c | 1 |
| openssl30/crypto/engine/eng_ctrl.c | 7 |
| openssl30/crypto/evp/evp_cnf.c | 2 |
| openssl30/crypto/conf/conf_ssl.c | 3 |
| openssl30/crypto/provider_conf.c | 10 |
| openssl30/crypto/encode_decode/encoder_meth.c | 3 |
| openssl30/crypto/store/store_meth.c | 3 |
| openssl30/crypto/evp/legacy_md5_sha1.c | 1 |
| openssl30/crypto/evp/legacy_sha.c | 13 |
| openssl30/crypto/evp/legacy_mdc2.c | 1 |
| openssl30/crypto/evp/legacy_ripemd.c | 1 |
| openssl30/crypto/evp/legacy_wp.c | 1 |
| openssl30/crypto/sm3/legacy_sm3.c | 1 |
| openssl30/crypto/evp/legacy_blake2.c | 2 |
| openssl30/crypto/evp/e_des3.c | 11 |
| openssl30/crypto/evp/e_xcbc_d.c | 1 |
| openssl30/crypto/evp/e_rc4.c | 2 |
| openssl30/crypto/evp/e_rc4_hmac_md5.c | 1 |
| openssl30/crypto/evp/e_idea.c | 4 |
| openssl30/crypto/evp/e_seed.c | 4 |
| openssl30/crypto/evp/e_sm4.c | 5 |
| openssl30/crypto/evp/e_rc2.c | 6 |
| openssl30/crypto/evp/e_bf.c | 4 |
| openssl30/crypto/evp/e_cast.c | 4 |
| openssl30/crypto/evp/e_rc5.c | 4 |
| openssl30/crypto/evp/e_aes.c | 38 |
| openssl30/crypto/evp/e_aes_cbc_hmac_sha1.c | 2 |
| openssl30/crypto/evp/e_aes_cbc_hmac_sha256.c | 2 |
| openssl30/crypto/evp/e_aria.c | 27 |
| openssl30/crypto/evp/e_camellia.c | 21 |
| openssl30/crypto/evp/e_chacha20_poly1305.c | 2 |
| openssl30/crypto/store/store_init.c | 1 |
| openssl30/crypto/store/store_register.c | 1 |
| openssl30/crypto/store/store_local.h | 1 |
| openssl30/crypto/bio/bio_sock.c | 1 |
| openssl30/crypto/objects/obj_xref.c | 2 |
| openssl30/crypto/objects/obj_xref.h | 2 |
| openssl30/crypto/cmp/cmp_util.c | 1 |
| openssl30/crypto/trace.c | 2 |
| openssl30/crypto/cms/cms_io.c | 2 |
| openssl30/crypto/cms/cms_lib.c | 6 |
| openssl30/crypto/cms/cms_asn1.c | 1 |
| openssl30/crypto/asn1/a_d2i_fp.c | 2 |
| openssl30/crypto/cms/cms_sd.c | 3 |
| openssl30/include/openssl/cms.h | 2 |
| openssl30/crypto/cms/cms_env.c | 6 |
| openssl30/crypto/x509/x_x509.c | 1 |
| openssl30/crypto/cms/cms_local.h | 2 |
| openssl30/crypto/bio/bss_null.c | 1 |
| openssl30/crypto/asn1/a_i2d_fp.c | 1 |
| openssl30/crypto/asn1/tasn_enc.c | 8 |
| openssl30/crypto/asn1/asn1_local.h | 3 |
Fuzzer: crl_111
Call tree
The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview
Call tree overview bitmap:
The distribution of callsites in terms of coloring is
| Color | Runtime hitcount | Callsite count | Percentage |
|---|---|---|---|
| red | 0 | 2335 | 73.7% |
| gold | [1:9] | 144 | 4.55% |
| yellow | [10:29] | 36 | 1.13% |
| greenyellow | [30:49] | 4 | 0.12% |
| lawngreen | 50+ | 645 | 20.3% |
| All colors | 3164 | 100 |
Fuzz blockers
The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 7150 | 10608 |
3 :
['ENGINE_finish', 'EVP_PKEY_free', 'CRYPTO_free'] |
7150 | 10608 | EVP_PKEY_CTX_free | call site: 02069 | /src/openssl111/crypto/evp/pmeth_lib.c:354 |
| 6926 | 6926 |
2 :
['ENGINE_get_pkey_asn1_meth_engine', 'ENGINE_get_pkey_asn1_meth'] |
6926 | 6926 | EVP_PKEY_asn1_find | call site: 02207 | /src/openssl111/crypto/asn1/ameth_lib.c:88 |
| 3462 | 3462 |
1 :
['EVP_PKEY_CTX_ctrl'] |
3462 | 3462 | EVP_DigestInit_ex | call site: 02048 | /src/openssl111/crypto/evp/digest.c:149 |
| 3458 | 6923 |
4 :
['engine_unlocked_finish', 'CRYPTO_THREAD_unlock', 'ERR_put_error', 'CRYPTO_THREAD_write_lock'] |
3458 | 6923 | ENGINE_finish | call site: 00167 | /src/openssl111/crypto/engine/eng_init.c:99 |
| 3456 | 6910 |
2 :
['ENGINE_finish', 'ENGINE_get_digest'] |
6918 | 17312 | EVP_DigestInit_ex | call site: 02031 | /src/openssl111/crypto/evp/digest.c:107 |
| 3456 | 3456 |
1 :
['ENGINE_init'] |
10374 | 24223 | EVP_DigestInit_ex | call site: 02029 | /src/openssl111/crypto/evp/digest.c:98 |
| 3455 | 3455 |
1 :
['ASN1_STRING_new'] |
3455 | 6928 | asn1_time_from_tm | call site: 00000 | /src/openssl111/crypto/asn1/a_time.c:283 |
| 3454 | 3454 |
1 :
['ENGINE_register_all_complete'] |
3454 | 3459 | OPENSSL_init_crypto | call site: 00014 | /src/openssl111/crypto/init.c:737 |
| 3452 | 3452 |
1 :
['drbg_delete_thread_state'] |
3452 | 3456 | ossl_init_thread_stop | call site: 00042 | /src/openssl111/crypto/init.c:440 |
| 104 | 104 |
1 :
['sec_alloc_realloc'] |
104 | 3559 | BUF_MEM_grow | call site: 02874 | /src/openssl111/crypto/buffer/buffer.c:94 |
| 104 | 104 |
1 :
['sec_alloc_realloc'] |
104 | 3559 | BUF_MEM_grow_clean | call site: 02690 | /src/openssl111/crypto/buffer/buffer.c:132 |
| 76 | 76 |
1 :
['CRYPTO_secure_malloc'] |
76 | 76 | CRYPTO_secure_zalloc | call site: 00881 | /src/openssl111/crypto/mem_sec.c:143 |
Runtime coverage analysis
| Function name | source code lines | source lines hit | percentage hit |
|---|
Files reached
| filename | functions hit |
|---|---|
| openssl111/fuzz/driver.c | 1 |
| openssl111/fuzz/crl.c | 1 |
| openssl111/crypto/x509/x_crl.c | 3 |
| openssl111/crypto/asn1/tasn_dec.c | 13 |
| openssl111/crypto/err/err.c | 31 |
| openssl111/crypto/init.c | 45 |
| openssl111/crypto/mem.c | 7 |
| openssl111/crypto/threads_pthread.c | 13 |
| openssl111/crypto/async/async.c | 10 |
| openssl111/crypto/async/async_local.h | 2 |
| openssl111/crypto/stack/stack.c | 12 |
| openssl111/crypto/async/arch/async_posix.c | 2 |
| openssl111/crypto/rand/drbg_lib.c | 4 |
| openssl111/crypto/rand/rand_lib.c | 5 |
| openssl111/crypto/mem_sec.c | 18 |
| openssl111/crypto/cryptlib.c | 6 |
| openssl111/crypto/ex_data.c | 10 |
| openssl111/crypto/comp/c_zlib.c | 1 |
| openssl111/crypto/ |