Fuzz introspector: fuzz/fuzz-asn1.c
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
200 1131 14 :

['ptls__key_schedule_update_hash', 'send_certificate_verify', 'derive_secret', 'ptls_iovec_init', 'push_change_cipher_spec', 'key_schedule_extract', 'free', 'ptls_buffer__do_pushv', 'commission_handshake_secret', 'ptls_buffer__adjust_quic_blocksize', 'derive_exporter_secret', 'send_certificate', 'send_finished', 'setup_traffic_protection']

200 1131 client_handle_finished call site: 00000 /src/picotls/lib/picotls.c:3428
180 472 4 :

['ptls_buffer__adjust_quic_blocksize', 'push_signature_algorithms', 'ptls__key_schedule_update_hash', 'ptls_buffer__do_pushv']

180 857 server_handle_hello call site: 00000 /src/picotls/lib/picotls.c:4781
170 170 1 :

['commission_handshake_secret']

170 380 server_finish_handshake call site: 00000 /src/picotls/lib/picotls.c:4871
165 457 5 :

['ptls_aead_decrypt', 'decode_client_hello', 'ptls_aead_free', 'check_client_hello_constraints', 'rebuild_ch_inner']

1566 6330 server_handle_hello call site: 00000 /src/picotls/lib/picotls.c:4375
144 144 2 :

['free', 'client_ech_select_hello']

144 1117 client_handle_hello call site: 00000 /src/picotls/lib/picotls.c:2803
144 144 1 :

['client_ech_select_hello']

144 660 client_handle_hello call site: 00000 /src/picotls/lib/picotls.c:2823
66 66 3 :

['buffer_push_encrypted_records', 'free', 'malloc']

66 66 buffer_encrypt_record call site: 00000 /src/picotls/lib/picotls.c:799
60 160 5 :

['ptls_buffer__adjust_quic_blocksize', 'build_certificate_verify_signdata', 'ptls_iovec_init', 'ptls_buffer__do_pushv', 'ptls__key_schedule_update_hash']

60 160 send_certificate_verify call site: 00000 /src/picotls/lib/picotls.c:3165
8 906 8 :

['ptls_buffer_reserve', 'ptls_iovec_init', 'encode_client_hello', 'ptls_aead_encrypt', 'malloc', 'ptls__key_schedule_update_hash', 'strlen', 'outer_ech_header_size']

8 1265 send_client_hello call site: 00000 /src/picotls/lib/picotls.c:2459
7 107 7 :

['ptls_iovec_init', 'ptls_decode_quicint', 'ptls_decode16', 'ptls_decode24', 'malloc', 'ptls__key_schedule_update_hash', 'client_do_handle_certificate']

7 107 client_handle_compressed_certificate call site: 00000 /src/picotls/lib/picotls.c:3305
6 6 1 :

['key_schedule_update_ch1hash_prefix']

953 4572 server_handle_hello call site: 00000 /src/picotls/lib/picotls.c:4488
2 2 1 :

['posix_memalign']

2 5 ptls_buffer_reserve_aligned call site: 00048 /src/picotls/lib/picotls.c:580

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 feeder_init [function] [call site] 00001
1 feeder_next_byte [function] [call site] 00002
1 feeder_next_byte [function] [call site] 00003
1 feeder_next_byte [function] [call site] 00004
1 ptls_asn1_validation [function] [call site] 00005
2 ptls_asn1_validation_recursive [function] [call site] 00006
3 ptls_asn1_read_type [function] [call site] 00007
4 ptls_asn1_error_message [function] [call site] 00008
5 ptls_asn1_print_indent [function] [call site] 00009
3 ptls_asn1_print_type [function] [call site] 00010
4 ptls_asn1_print_indent [function] [call site] 00011
3 ptls_asn1_read_length [function] [call site] 00012
4 ptls_asn1_error_message [function] [call site] 00013
4 ptls_asn1_error_message [function] [call site] 00014
3 ptls_asn1_error_message [function] [call site] 00015
3 ptls_asn1_print_indent [function] [call site] 00016
3 ptls_asn1_validation_recursive [function] [call site] 00017
4 ptls_asn1_print_indent [function] [call site] 00018
4 ptls_asn1_dump_content [function] [call site] 00019
1 feeder_next_byte [function] [call site] 00020
1 feeder_next_byte [function] [call site] 00021
1 ptls_asn1_get_expected_type_and_length [function] [call site] 00022
2 ptls_asn1_error_message [function] [call site] 00023
2 ptls_asn1_read_length [function] [call site] 00024
2 ptls_asn1_error_message [function] [call site] 00025
1 mkstemp [call site] 00026
1 write [call site] 00027
1 ptls_load_certificates [function] [call site] 00028
2 ptls_load_pem_objects [function] [call site] 00029
3 fopen [call site] 00030
3 ptls_buffer_init [function] [call site] 00031
4 __assert_fail [call site] 00032
3 ptls_get_pem_object [function] [call site] 00033
4 fgets [call site] 00034
4 ptls_compare_separator_line [function] [call site] 00035
5 strncmp [call site] 00036
5 strlen [call site] 00037
5 strncmp [call site] 00038
5 strlen [call site] 00039
5 strncmp [call site] 00040
5 strncmp [call site] 00041
4 ptls_base64_decode_init [function] [call site] 00042
4 fgets [call site] 00043
4 ptls_compare_separator_line [function] [call site] 00044
4 ptls_base64_decode [function] [call site] 00045
5 ptls_buffer__do_pushv [function] [call site] 00046
6 ptls_buffer_reserve [function] [call site] 00047
7 ptls_buffer_reserve_aligned [function] [call site] 00048
8 posix_memalign [call site] 00049
8 ptls_buffer__release_memory [function] [call site] 00050
3 ptls_buffer_dispose [function] [call site] 00051
4 ptls_buffer__release_memory [function] [call site] 00052
3 ptls_buffer_dispose [function] [call site] 00053
3 fclose [call site] 00054
1 ptls_minicrypto_load_private_key [function] [call site] 00055
2 ptls_pem_parse_private_key [function] [call site] 00056
3 ptls_load_pem_objects [function] [call site] 00057
3 ptls_minicrypto_asn1_decode_private_key [function] [call site] 00058
4 ptls_asn1_get_expected_type_and_length [function] [call site] 00059
4 ptls_asn1_error_message [function] [call site] 00060
4 ptls_asn1_error_message [function] [call site] 00061
4 ptls_asn1_get_expected_type_and_length [function] [call site] 00062
4 ptls_asn1_get_expected_type_and_length [function] [call site] 00063
4 ptls_asn1_dump_content [function] [call site] 00064
4 ptls_asn1_error_message [function] [call site] 00065
4 ptls_asn1_get_expected_type_and_length [function] [call site] 00066
4 ptls_asn1_validation_recursive [function] [call site] 00067
4 ptls_asn1_error_message [function] [call site] 00068
2 memcmp [call site] 00069
2 ptls_set_ecdsa_private_key [function] [call site] 00070
3 ptls_asn1_get_expected_type_and_length [function] [call site] 00071
3 ptls_asn1_error_message [function] [call site] 00072
3 ptls_asn1_dump_content [function] [call site] 00073
3 ptls_asn1_get_expected_type_and_length [function] [call site] 00074
3 ptls_asn1_error_message [function] [call site] 00075
3 ptls_asn1_error_message [function] [call site] 00076
3 ptls_asn1_error_message [function] [call site] 00077
3 ptls_asn1_get_expected_type_and_length [function] [call site] 00078
3 memcmp [call site] 00079
3 ptls_iovec_init [function] [call site] 00080
3 ptls_minicrypto_init_secp256r1sha256_sign_certificate [function] [call site] 00081
1 close [call site] 00082
1 unlink [call site] 00083