Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: rnp
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: fuzz_sigimport
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_verify_detached
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_dump
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_verify
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_keyring_g10
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_keyring
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_keyimport
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_keyring_kbx
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
/src/rnp/src/fuzzing/sigimport.c
Dictionary
Fuzzer function priority
/src/rnp/src/fuzzing/verify_detached.c
Dictionary
Fuzzer function priority
/src/rnp/src/fuzzing/dump.c
Dictionary
Fuzzer function priority
/src/rnp/src/fuzzing/verify.c
Dictionary
Fuzzer function priority
/src/rnp/src/fuzzing/keyring_g10.cpp
Dictionary
Fuzzer function priority
/src/rnp/src/fuzzing/keyring.c
Dictionary
Fuzzer function priority
/src/rnp/src/fuzzing/keyimport.c
Dictionary
Fuzzer function priority
/src/rnp/src/fuzzing/keyring_kbx.c
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2025-07-11

Project overview: rnp

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
23.0%
502 / 2171
Cyclomatic complexity statically reachable by fuzzers
22.0%
2869 / 12826
Runtime code coverage of functions
57.9%
1270 / 2171

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
fuzz_sigimport /src/rnp/src/fuzzing/sigimport.c 7 0 1 1 3 14 sigimport.c
fuzz_verify_detached /src/rnp/src/fuzzing/verify_detached.c 8 0 1 1 3 16 verify_detached.c
fuzz_dump /src/rnp/src/fuzzing/dump.c 8 0 1 1 3 16 dump.c
fuzz_verify /src/rnp/src/fuzzing/verify.c 10 0 1 1 3 20 verify.c
fuzz_keyring_g10 /src/rnp/src/fuzzing/keyring_g10.cpp 1051 1863 15 77 5176 2960 keyring_g10.cpp
fuzz_keyring /src/rnp/src/fuzzing/keyring.c 6 0 1 1 3 12 keyring.c
fuzz_keyimport /src/rnp/src/fuzzing/keyimport.c 7 0 1 1 9 16 keyimport.c
fuzz_keyring_kbx /src/rnp/src/fuzzing/keyring_kbx.c 6 0 1 1 3 12 keyring_kbx.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_sigimport

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 7 100.%
All colors 7 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

14 23 rnp::KeyStore::KeyStore(std::__1::basic_string ,std::__1::allocator >const&,rnp::SecurityContext&,rnp::KeyFormat) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:714
8 34 7 :

['__cxa_throw', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'rnp_log_switch()', 'fwrite', 'rnp::Source::~Source()', 'fputc']

8 34 rnp::ArmoredSource::ArmoredSource(pgp_source_t&,unsignedint) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:1161
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 pgp::pkt::sigsub::Raw::create(unsignedcharconst*,unsignedlong,bool) call site: 00000 /src/rnp/src/lib/sig_subpacket.cpp:197
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 rnp::KeyStore::search(rnp::KeySearchconst&,rnp::Key*) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:678
4 4 1 :

['Botan::System_RNG::System_RNG()']

4 4 rnp::RNG::RNG(rnp::RNG::Type) call site: 00000 /src/rnp/src/lib/crypto/rng.cpp:39
0 6 4 :

['std::__1::unique_ptr >::operator->[abi:ne180100]() const', 'pgp::pkt::sigsub::Raw::raw_type() const', 'pgp::pkt::sigsub::List::size() const', 'pgp::pkt::sigsub::List::operator[](unsigned long) const']

0 6 pgp::pkt::Signature::find_subpkt(unsignedchar,bool,unsignedlong)const call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:880
0 0 None 106 814 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:262
0 0 None 100 596 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:353
0 0 None 16 443 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:365
0 0 None 16 401 pgp::pkt::Signature::parse_v4up(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:931
0 0 None 16 148 pgp_packet_body_t::read(pgp_source_t&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:881
0 0 None 11 2002 rnp::KeyStore::import_signature(pgp::pkt::Signatureconst&,pgp_sig_import_status_t*) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:549

Runtime coverage analysis

Covered functions
468
Functions that are reachable but not covered
0
Reachable functions
7
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/sigimport.c 1

Fuzzer: fuzz_verify_detached

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 10 100.%
All colors 10 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

14 23 rnp::KeyStore::KeyStore(std::__1::basic_string ,std::__1::allocator >const&,rnp::SecurityContext&,rnp::KeyFormat) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:714
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 pgp::pkt::sigsub::Raw::create(unsignedcharconst*,unsignedlong,bool) call site: 00000 /src/rnp/src/lib/sig_subpacket.cpp:197
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 rnp::KeyStore::search(rnp::KeySearchconst&,rnp::Key*) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:678
4 4 1 :

['Botan::System_RNG::System_RNG()']

4 4 rnp::RNG::RNG(rnp::RNG::Type) call site: 00000 /src/rnp/src/lib/crypto/rng.cpp:39
0 6 4 :

['std::__1::unique_ptr >::operator->[abi:ne180100]() const', 'pgp::pkt::sigsub::Raw::raw_type() const', 'pgp::pkt::sigsub::List::size() const', 'pgp::pkt::sigsub::List::operator[](unsigned long) const']

0 6 pgp::pkt::Signature::find_subpkt(unsignedchar,bool,unsignedlong)const call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:880
0 0 None 106 814 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:262
0 0 None 100 596 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:353
0 0 None 16 443 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:365
0 0 None 16 401 pgp::pkt::Signature::parse_v4up(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:931
0 0 None 16 148 pgp_packet_body_t::read(pgp_source_t&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:881
0 0 None 8 190 pgp::pkt::Signature::parse_v4up(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:942
0 0 None 4 52 pgp_sk_sesskey_t::parse(pgp_source_t&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:1050

Runtime coverage analysis

Covered functions
625
Functions that are reachable but not covered
0
Reachable functions
8
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/verify_detached.c 1

Fuzzer: fuzz_dump

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 10 100.%
All colors 10 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
121 299 4 :

['signature_hash_key(pgp_key_pkt_t const&, rnp::Hash&, pgp_version_t)', 'pgp_key_pkt_t::pgp_key_pkt_t(pgp_key_pkt_t const&, bool)', 'pgp_key_pkt_t::~pgp_key_pkt_t()', 'pgp_key_pkt_t::fill_hashed_data()']

121 299 signature_hash_key(pgp_key_pkt_tconst&,rnp::Hash&,pgp_version_t) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:54
6 6 1 :

['write_packet_len(unsigned char*, unsigned long)']

8 30 pgp_packet_body_t::write(pgp_dest_t&,bool) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:921
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 pgp::pkt::sigsub::Raw::create(unsignedcharconst*,unsignedlong,bool) call site: 00000 /src/rnp/src/lib/sig_subpacket.cpp:197
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 init_dst_common(pgp_dest_t*,unsignedlong) call site: 00000 /src/rnp/src/librepgp/stream-common.cpp:637
0 0 None 106 814 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:262
0 0 None 100 596 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:353
0 0 None 16 443 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:365
0 0 None 16 401 pgp::pkt::Signature::parse_v4up(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:931
0 0 None 16 148 pgp_packet_body_t::read(pgp_source_t&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:881
0 0 None 12 21 pgp::Fingerprint::Fingerprint(pgp_key_pkt_tconst&) call site: 00000 /src/rnp/src/lib/fingerprint.cpp:49
0 0 None 10 132 pgp_dilithium_exdsa_composite_public_key_t::parse_component_keys(std::__1::vector >) call site: 00000 /src/rnp/src/lib/crypto/dilithium_exdsa_composite.cpp:368
0 0 None 10 132 pgp_kyber_ecdh_composite_public_key_t::parse_component_keys(std::__1::vector >) call site: 00000 /src/rnp/src/lib/crypto/kyber_ecdh_composite.cpp:478

Runtime coverage analysis

Covered functions
742
Functions that are reachable but not covered
0
Reachable functions
8
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/dump.c 1

Fuzzer: fuzz_verify

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 10 100.%
All colors 10 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

14 23 rnp::KeyStore::KeyStore(std::__1::basic_string ,std::__1::allocator >const&,rnp::SecurityContext&,rnp::KeyFormat) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:714
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 pgp::pkt::sigsub::Raw::create(unsignedcharconst*,unsignedlong,bool) call site: 00000 /src/rnp/src/lib/sig_subpacket.cpp:197
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 rnp::KeyStore::search(rnp::KeySearchconst&,rnp::Key*) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:678
4 4 1 :

['Botan::System_RNG::System_RNG()']

4 4 rnp::RNG::RNG(rnp::RNG::Type) call site: 00000 /src/rnp/src/lib/crypto/rng.cpp:39
0 6 4 :

['std::__1::unique_ptr >::operator->[abi:ne180100]() const', 'pgp::pkt::sigsub::Raw::raw_type() const', 'pgp::pkt::sigsub::List::size() const', 'pgp::pkt::sigsub::List::operator[](unsigned long) const']

0 6 pgp::pkt::Signature::find_subpkt(unsignedchar,bool,unsignedlong)const call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:880
0 0 None 106 814 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:262
0 0 None 100 596 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:353
0 0 None 16 443 armored_src_read(pgp_source_t*,void*,unsignedlong,unsignedlong*) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:365
0 0 None 16 401 pgp::pkt::Signature::parse_v4up(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:931
0 0 None 16 148 pgp_packet_body_t::read(pgp_source_t&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:881
0 0 None 8 190 pgp::pkt::Signature::parse_v4up(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:942
0 0 None 4 52 pgp_sk_sesskey_t::parse(pgp_source_t&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:1050

Runtime coverage analysis

Covered functions
809
Functions that are reachable but not covered
0
Reachable functions
10
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/verify.c 1

Fuzzer: fuzz_keyring_g10

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1416 73.4%
gold [1:9] 48 2.49%
yellow [10:29] 47 2.43%
greenyellow [30:49] 22 1.14%
lawngreen 50+ 394 20.4%
All colors 1927 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1335 1335 1 :

['rnp::KeyStore::add_subkey(rnp::Key&, rnp::Key*)']

1335 1335 rnp::KeyStore::add_key(rnp::Key&) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:340
1010 1180 15 :

['rnp::Key::has_revoker(pgp::Fingerprint const&) const', 'rnp::SigValidity::valid() const', 'rnp::KeyStore::get_signer(pgp::pkt::Signature const&, rnp::KeyProvider const*)', 'std::__1::vector , std::__1::allocator > >::begin[abi:ne180100]()', 'rnp::Key::is_revocation(rnp::Signature const&) const', 'std::__1::__wrap_iter *>::operator*[abi:ne180100]() const', 'rnp::Key::is_signer(rnp::Signature const&) const', 'rnp::Key::validate_sig(rnp::Key const&, rnp::Signature&, rnp::SecurityContext const&) const', 'pgp::pkt::Signature::keyfp() const', 'pgp::pkt::Signature::has_keyfp() const', 'bool std::__1::operator!=[abi:ne180100] *>(std::__1::__wrap_iter *> const&, std::__1::__wrap_iter *> const&)', 'std::__1::vector , std::__1::allocator > >::end[abi:ne180100]()', 'std::__1::__wrap_iter *>::operator++[abi:ne180100]()', 'pgp::Fingerprint::~Fingerprint()', 'rnp::Key::get_sig(std::__1::array const&)']

1010 1180 rnp::Key::validate_desig_revokes(rnp::KeyStore&) call site: 00000 /src/rnp/src/lib/key.cpp:1892
966 1217 33 :

['sexp::sexp_list_t::~sexp_list_t()', 'std::__1::basic_ostringstream , std::__1::allocator >::~basic_ostringstream()', 'std::__1::vector , std::__1::allocator > >::at(unsigned long) const', 'std::__1::basic_ostringstream , std::__1::allocator >::basic_ostringstream[abi:ne180100](unsigned int)', 'parse_seckey(pgp_key_pkt_t&, sexp::sexp_list_t const*)', 'std::__1::basic_string , std::__1::allocator >::size[abi:ne180100]() const', 'std::__1::vector , std::__1::allocator > >::at(unsigned long)', 'std::__1::basic_string , std::__1::allocator >::data[abi:ne180100]()', 'std::__1::shared_ptr ::operator->[abi:ne180100]() const', 'g10_calculated_hash(pgp_key_pkt_t const&, char const*, unsigned char*)', 'std::__1::basic_string , std::__1::allocator >::length[abi:ne180100]() const', 'sexp::sexp_output_stream_t::var_put_char(int)', 'fwrite', 'std::__1::vector , std::__1::allocator > >::end[abi:ne180100]() const', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B8ne180100ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'gnupg_sexp_t::gnupg_sexp_t()', 'std::__1::basic_string , std::__1::allocator >::data[abi:ne180100]() const', 'sexp::sexp_simple_string_t::operator!=(char const*) const', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:ne180100]()', 'rnp_log_switch()', 'parse_protected_seckey(pgp_key_pkt_t&, sexp::sexp_list_t const*, char const*)::$_0 std::__1::for_each[abi:ne180100] const*>, parse_protected_seckey(pgp_key_pkt_t&, sexp::sexp_list_t const*, char const*)::$_0>(std::__1::__wrap_iter const*>, std::__1::__wrap_iter const*>, parse_protected_seckey(pgp_key_pkt_t&, sexp::sexp_list_t const*, char const*)::$_0)', 'sexp::sexp_output_stream_t::sexp_output_stream_t(std::__1::basic_ostream >*, unsigned long)', 'lookup_var_data(sexp::sexp_list_t const*, std::__1::basic_string , std::__1::allocator > const&)', 'decrypt_protected_section(sexp::sexp_simple_string_t const&, pgp_key_pkt_t const&, std::__1::basic_string , std::__1::allocator > const&, gnupg_sexp_t&, unsigned char*, unsigned long)', 'std::__1::basic_ostringstream , std::__1::allocator >::str[abi:ne180100]() const &', 'fputc', 'sexp::sexp_string_t::get_string() const', 'std::__1::vector , std::__1::allocator > >::begin[abi:ne180100]() const', 'std::__1::basic_string , std::__1::allocator >::operator=[abi:ne180100](std::__1::basic_string , std::__1::allocator >&&)', 'memcmp', 'sexp::sexp_list_t::sexp_list_at(unsigned long) const', 'std::__1::vector , std::__1::allocator > >::size[abi:ne180100]() const']

966 1217 parse_protected_seckey(pgp_key_pkt_t&,sexp::sexp_list_tconst*,charconst*) call site: 00000 /src/rnp/src/librekey/key_store_g10.cpp:679
309 320 4 :

['rnp::RawPacket::operator=(rnp::RawPacket&&)', 'pgp_key_pkt_t::pgp_key_pkt_t(pgp_key_pkt_t const&, bool)', 'rnp::RawPacket::RawPacket(pgp_key_pkt_t&)', 'pgp_key_pkt_t::operator=(pgp_key_pkt_t&&)']

321 387 rnp::Key::Key(rnp::Keyconst&,bool) call site: 00000 /src/rnp/src/lib/key.cpp:454
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

22 48 rnp::Key::Key(rnp::Keyconst&,bool) call site: 00000 /src/rnp/src/lib/key.cpp:448
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 init_dst_common(pgp_dest_t*,unsignedlong) call site: 00000 /src/rnp/src/librepgp/stream-common.cpp:637
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 mem_dest_own_memory(pgp_dest_t*) call site: 00000 /src/rnp/src/librepgp/stream-common.cpp:1100
4 13 3 :

['fwrite', 'rnp_log_switch()', 'fputc']

4 13 mem_dst_write(pgp_dest_t*,voidconst*,unsignedlong) call site: 00000 /src/rnp/src/librepgp/stream-common.cpp:987
4 4 1 :

['Botan::System_RNG::System_RNG()']

4 4 rnp::RNG::RNG(rnp::RNG::Type) call site: 00000 /src/rnp/src/lib/crypto/rng.cpp:39
2 2 1 :

['fwrite']

4 13 rnp::KeyStore::refresh_subkey_grips(rnp::Key&) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:224
0 227 2 :

['rnp::KeyStore::primary_key(rnp::Key const&)', 'rnp::Key::is_subkey() const']

8 5675 rnp::Key::revalidate(rnp::KeyStore&) call site: 00000 /src/rnp/src/lib/key.cpp:2054
0 17 6 :

['sexp::sexp_exception_t::format(std::__1::basic_string , std::__1::allocator >, std::__1::basic_string , std::__1::allocator >, sexp::sexp_exception_t::severity, int)', 'std::__1::basic_ostream >& std::__1::operator<<[abi:ne180100] >(std::__1::basic_ostream >&, char const*)', 'sexp::sexp_exception_t::is_interactive()', 'std::__1::basic_ostream >::operator<<[abi:ne180100](std::__1::basic_ostream >& (*)(std::__1::basic_ostream >&))', 'std::__1::basic_ostream >::flush()', 'std::__1::basic_ostream >& std::__1::operator<<[abi:ne180100] , std::__1::allocator >(std::__1::basic_ostream >&, std::__1::basic_string , std::__1::allocator > const&)']

0 17 ext_key_format::ext_key_error(sexp::sexp_exception_t::severity,charconst*,unsignedlong,unsignedlong,int) call site: 00000 /src/rnp/src/libsexpp/src/ext-key-format.cpp:36

Runtime coverage analysis

Covered functions
377
Functions that are reachable but not covered
651
Reachable functions
1051
Percentage of reachable functions covered
38.06%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/keyring_g10.cpp 1
/src/rnp/src/lib/sec_profile.cpp 8
/src/rnp/src/lib/sec_profile.hpp 3
/src/rnp/src/lib/crypto/rng.cpp 2
/src/rnp/src/lib/types.h 8
/usr/local/bin/../include/c++/v1/__exception/exception.h 1
/usr/include/botan-3/botan/system_rng.h 1
/usr/include/botan-3/botan/rng.h 1
/src/rnp/src/lib/crypto/backend_version.cpp 2
/src/rnp/include/rekey/rnp_key_store.h 1
/src/rnp/src/librepgp/stream-common.cpp 16
/src/rnp/src/lib/logging.cpp 1
/src/rnp/src/librekey/key_store_g10.cpp 24
/src/rnp/src/librepgp/stream-common.h 13
/src/rnp/src/lib/../librepgp/stream-key.h 1
/src/rnp/src/librekey/g23_sexp.hpp 4
/src/rnp/src/libsexpp/include/sexpp/ext-key-format.h 6
/src/rnp/src/libsexpp/include/sexpp/sexp.h 29
/src/rnp/src/libsexpp/src/sexp-input.cpp 18
/src/rnp/src/libsexpp/src/sexp-depth-manager.cpp 4
/src/rnp/src/libsexpp/src/ext-key-format.cpp 4
/src/rnp/src/libsexpp/src/sexp-object.cpp 2
/src/rnp/src/libsexpp/src/sexp-error.cpp 2
/src/rnp/src/libsexpp/include/sexpp/sexp-error.h 3
/usr/include/ctype.h 2
/src/rnp/src/lib/utils.cpp 2
/src/rnp/src/common/str-utils.cpp 1
/src/rnp/src/lib/crypto/dsa.h 5
/src/rnp/src/lib/crypto/mpi.hpp 4
/src/rnp/src/lib/crypto/mpi.cpp 5
/src/rnp/src/lib/key_material.cpp 29
/src/rnp/src/lib/key_material.hpp 9
/src/rnp/src/lib/crypto/mem.cpp 2
/src/rnp/src/lib/crypto/rsa.h 5
/src/rnp/src/lib/crypto/elgamal.h 5
/src/rnp/src/lib/crypto/ec.h 6
/usr/local/bin/../include/c++/v1/stdexcept 1
/src/rnp/src/libsexpp/src/sexp-output.cpp 5
/usr/local/bin/../include/c++/v1/sstream 3
/src/rnp/src/lib/crypto/symmetric_common.cpp 2
/src/rnp/src/lib/crypto/s2k.cpp 3
/src/rnp/src/lib/crypto/hash.cpp 3
/src/rnp/src/lib/crypto/cipher.cpp 2
/src/rnp/src/lib/crypto/cipher_botan.cpp 4
/src/rnp/src/lib/crypto/hash_common.cpp 5
/src/rnp/src/lib/crypto/hash_sha1cd.cpp 2
/src/rnp/src/lib/crypto/hash.hpp 1
/src/rnp/src/lib/crypto/sha1cd/sha1.c 1
/src/rnp/src/librepgp/stream-key.cpp 9
/src/rnp/src/lib/key.hpp 3
/src/rnp/src/lib/fingerprint.cpp 5
/src/rnp/src/lib/rawpacket.hpp 4
/src/rnp/src/lib/signature.hpp 15
/src/rnp/src/lib/fingerprint.hpp 4
/src/rnp/src/lib/key-provider.cpp 8
/src/rnp/src/lib/key-provider.h 3
/src/rnp/src/lib/key.cpp 77
/src/rnp/src/librepgp/stream-packet.cpp 18
/src/rnp/src/lib/rawpacket.cpp 2
/src/rnp/src/lib/utils.h 3
/src/rnp/src/librekey/rnp_key_store.cpp 10
/src/rnp/src/lib/../librepgp/stream-sig.h 1
/src/rnp/src/librepgp/stream-sig.cpp 27
/src/rnp/src/lib/sig_subpacket.hpp 18
/src/rnp/src/lib/crypto/mem.h 1
/src/rnp/src/lib/userid.cpp 3
/src/rnp/src/lib/signature.cpp 4
/src/rnp/src/lib/crypto/signatures.cpp 3
/src/rnp/src/lib/crypto/sm2.cpp 2
/src/rnp/src/lib/crypto/botan_utils.hpp 7
/src/rnp/src/lib/crypto/ec_curves.cpp 1
/src/rnp/src/librepgp/stream-sig.h 1
/src/rnp/src/lib/sig_material.cpp 1
/src/rnp/src/lib/sig_material.hpp 8
/src/rnp/src/lib/crypto/dilithium_exdsa_composite.h 1
/src/rnp/src/lib/crypto/sphincsplus.h 1
/src/rnp/src/lib/sig_subpacket.cpp 1

Fuzzer: fuzz_keyring

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 6 100.%
All colors 6 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
267 327 22 :

['pgp_cipher_cfb_decrypt(pgp_crypt_t*, unsigned char*, unsigned char const*, unsigned long)', 'std::__1::vector >::vector(unsigned long, unsigned char const&)', 'pgp_cipher_cfb_start(pgp_crypt_t*, pgp_symm_alg_t, unsigned char const*, unsigned char const*)', 'rnp::secure_array ::data()', 'fputs', 'rnp::secure_array ::~secure_array()', 'std::__1::vector >::~vector[abi:ne180100]()', '__cxa_end_catch', '__clang_call_terminate', 'pgp_cipher_cfb_finish(pgp_crypt_t*)', 'rnp_log_switch()', 'rnp::secure_array ::secure_array()', 'pgp_key_size(pgp_symm_alg_t)', 'pgp_s2k_derive_key(pgp_s2k_t*, char const*, unsigned char*, int)', 'std::__1::vector >::data[abi:ne180100]()', '__cxa_begin_catch', 'fputc', 'decrypt_secret_key_v3(pgp_crypt_t*, unsigned char*, unsigned char const*, unsigned long)', 'fwrite', 'std::__1::vector >::empty[abi:ne180100]() const', 'std::__1::vector >::size[abi:ne180100]() const', 'is_rsa_key_alg(pgp_pubkey_alg_t)']

267 456 decrypt_secret_key(pgp_key_pkt_t*,charconst*) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:477
78 299 4 :

['signature_hash_key(pgp_key_pkt_t const&, rnp::Hash&, pgp_version_t)', 'pgp_key_pkt_t::pgp_key_pkt_t(pgp_key_pkt_t const&, bool)', 'pgp_key_pkt_t::~pgp_key_pkt_t()', 'pgp_key_pkt_t::fill_hashed_data()']

78 299 signature_hash_key(pgp_key_pkt_tconst&,rnp::Hash&,pgp_version_t) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:54
78 78 1 :

['pgp_key_pkt_t::fill_hashed_data()']

86 345 pgp_key_pkt_t::write(pgp_dest_t&) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:842
62 62 3 :

['std::__1::vector >::data[abi:ne180100]() const', 'pgp_sphincsplus_public_key_t::verify(pgp_sphincsplus_signature_t const*, unsigned char const*, unsigned long) const', 'std::__1::vector >::size[abi:ne180100]() const']

62 62 pgp::SlhdsaKeyMaterial::verify(rnp::SecurityContextconst&,pgp::SigMaterialconst&,std::__1::vector >const&)const call site: 00000 /src/rnp/src/lib/key_material.cpp:2001
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

26 68 rnp::Key::Key(rnp::Keyconst&,bool) call site: 00000 /src/rnp/src/lib/key.cpp:447
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

14 23 rnp::KeyStore::KeyStore(std::__1::basic_string ,std::__1::allocator >const&,rnp::SecurityContext&,rnp::KeyFormat) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:714
9 9 1 :

['dst_finish(pgp_dest_t*)']

9 9 dst_close(pgp_dest_t*,bool) call site: 00000 /src/rnp/src/librepgp/stream-common.cpp:728
8 34 7 :

['__cxa_throw', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'rnp_log_switch()', 'fwrite', 'rnp::Source::~Source()', 'fputc']

8 34 rnp::ArmoredSource::ArmoredSource(pgp_source_t&,unsignedint) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:1161
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

10 23 (anonymousnamespace)::grip_hash_ec(rnp::Hash&,pgp::ec::Keyconst&) call site: 00000 /src/rnp/src/lib/key_material.cpp:111
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

8 21 (anonymousnamespace)::grip_hash_ecc_hex(rnp::Hash&,charconst*,char) call site: 00000 /src/rnp/src/lib/key_material.cpp:71
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

8 21 pgp_key_pkt_t::make_s2k_params(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:821
6 6 1 :

['pgp_s2k_encode_iterations(unsigned long)']

6 10 pgp_packet_body_t::add(pgp_s2k_tconst&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:832

Runtime coverage analysis

Covered functions
2016
Functions that are reachable but not covered
0
Reachable functions
6
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/keyring.c 1

Fuzzer: fuzz_keyimport

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 25 100.%
All colors 25 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
267 327 22 :

['pgp_cipher_cfb_decrypt(pgp_crypt_t*, unsigned char*, unsigned char const*, unsigned long)', 'std::__1::vector >::vector(unsigned long, unsigned char const&)', 'pgp_cipher_cfb_start(pgp_crypt_t*, pgp_symm_alg_t, unsigned char const*, unsigned char const*)', 'rnp::secure_array ::data()', 'fputs', 'rnp::secure_array ::~secure_array()', 'std::__1::vector >::~vector[abi:ne180100]()', '__cxa_end_catch', '__clang_call_terminate', 'pgp_cipher_cfb_finish(pgp_crypt_t*)', 'rnp_log_switch()', 'rnp::secure_array ::secure_array()', 'pgp_key_size(pgp_symm_alg_t)', 'pgp_s2k_derive_key(pgp_s2k_t*, char const*, unsigned char*, int)', 'std::__1::vector >::data[abi:ne180100]()', '__cxa_begin_catch', 'fputc', 'decrypt_secret_key_v3(pgp_crypt_t*, unsigned char*, unsigned char const*, unsigned long)', 'fwrite', 'std::__1::vector >::empty[abi:ne180100]() const', 'std::__1::vector >::size[abi:ne180100]() const', 'is_rsa_key_alg(pgp_pubkey_alg_t)']

267 456 decrypt_secret_key(pgp_key_pkt_t*,charconst*) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:477
78 299 4 :

['signature_hash_key(pgp_key_pkt_t const&, rnp::Hash&, pgp_version_t)', 'pgp_key_pkt_t::pgp_key_pkt_t(pgp_key_pkt_t const&, bool)', 'pgp_key_pkt_t::~pgp_key_pkt_t()', 'pgp_key_pkt_t::fill_hashed_data()']

78 299 signature_hash_key(pgp_key_pkt_tconst&,rnp::Hash&,pgp_version_t) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:54
78 78 1 :

['pgp_key_pkt_t::fill_hashed_data()']

86 345 pgp_key_pkt_t::write(pgp_dest_t&) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:842
62 62 3 :

['std::__1::vector >::data[abi:ne180100]() const', 'pgp_sphincsplus_public_key_t::verify(pgp_sphincsplus_signature_t const*, unsigned char const*, unsigned long) const', 'std::__1::vector >::size[abi:ne180100]() const']

62 62 pgp::SlhdsaKeyMaterial::verify(rnp::SecurityContextconst&,pgp::SigMaterialconst&,std::__1::vector >const&)const call site: 00000 /src/rnp/src/lib/key_material.cpp:2001
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

26 68 rnp::Key::Key(rnp::Keyconst&,bool) call site: 00000 /src/rnp/src/lib/key.cpp:447
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

14 23 rnp::KeyStore::KeyStore(std::__1::basic_string ,std::__1::allocator >const&,rnp::SecurityContext&,rnp::KeyFormat) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:714
9 9 1 :

['dst_finish(pgp_dest_t*)']

9 9 dst_close(pgp_dest_t*,bool) call site: 00000 /src/rnp/src/librepgp/stream-common.cpp:728
8 34 7 :

['__cxa_throw', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'rnp_log_switch()', 'fwrite', 'rnp::Source::~Source()', 'fputc']

8 34 rnp::ArmoredSource::ArmoredSource(pgp_source_t&,unsignedint) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:1161
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

10 23 (anonymousnamespace)::grip_hash_ec(rnp::Hash&,pgp::ec::Keyconst&) call site: 00000 /src/rnp/src/lib/key_material.cpp:111
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

8 21 (anonymousnamespace)::grip_hash_ecc_hex(rnp::Hash&,charconst*,char) call site: 00000 /src/rnp/src/lib/key_material.cpp:71
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

8 21 pgp_key_pkt_t::make_s2k_params(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:821
6 6 1 :

['pgp_s2k_encode_iterations(unsigned long)']

6 10 pgp_packet_body_t::add(pgp_s2k_tconst&) call site: 00000 /src/rnp/src/librepgp/stream-packet.cpp:832

Runtime coverage analysis

Covered functions
2035
Functions that are reachable but not covered
0
Reachable functions
7
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/keyimport.c 1

Fuzzer: fuzz_keyring_kbx

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 6 100.%
All colors 6 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
267 327 22 :

['pgp_cipher_cfb_decrypt(pgp_crypt_t*, unsigned char*, unsigned char const*, unsigned long)', 'std::__1::vector >::vector(unsigned long, unsigned char const&)', 'pgp_cipher_cfb_start(pgp_crypt_t*, pgp_symm_alg_t, unsigned char const*, unsigned char const*)', 'rnp::secure_array ::data()', 'fputs', 'rnp::secure_array ::~secure_array()', 'std::__1::vector >::~vector[abi:ne180100]()', '__cxa_end_catch', '__clang_call_terminate', 'pgp_cipher_cfb_finish(pgp_crypt_t*)', 'rnp_log_switch()', 'rnp::secure_array ::secure_array()', 'pgp_key_size(pgp_symm_alg_t)', 'pgp_s2k_derive_key(pgp_s2k_t*, char const*, unsigned char*, int)', 'std::__1::vector >::data[abi:ne180100]()', '__cxa_begin_catch', 'fputc', 'decrypt_secret_key_v3(pgp_crypt_t*, unsigned char*, unsigned char const*, unsigned long)', 'fwrite', 'std::__1::vector >::empty[abi:ne180100]() const', 'std::__1::vector >::size[abi:ne180100]() const', 'is_rsa_key_alg(pgp_pubkey_alg_t)']

267 456 decrypt_secret_key(pgp_key_pkt_t*,charconst*) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:477
203 203 3 :

['std::__1::vector >::data[abi:ne180100]() const', 'pgp_dilithium_exdsa_composite_public_key_t::verify(pgp_dilithium_exdsa_signature_t const*, pgp_hash_alg_t, unsigned char const*, unsigned long) const', 'std::__1::vector >::size[abi:ne180100]() const']

203 203 pgp::DilithiumEccKeyMaterial::verify(rnp::SecurityContextconst&,pgp::SigMaterialconst&,std::__1::vector >const&)const call site: 00000 /src/rnp/src/lib/key_material.cpp:1859
78 299 4 :

['signature_hash_key(pgp_key_pkt_t const&, rnp::Hash&, pgp_version_t)', 'pgp_key_pkt_t::pgp_key_pkt_t(pgp_key_pkt_t const&, bool)', 'pgp_key_pkt_t::~pgp_key_pkt_t()', 'pgp_key_pkt_t::fill_hashed_data()']

78 299 signature_hash_key(pgp_key_pkt_tconst&,rnp::Hash&,pgp_version_t) call site: 00000 /src/rnp/src/librepgp/stream-sig.cpp:54
78 78 1 :

['pgp_key_pkt_t::fill_hashed_data()']

86 345 pgp_key_pkt_t::write(pgp_dest_t&) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:842
62 62 3 :

['std::__1::vector >::data[abi:ne180100]() const', 'pgp_sphincsplus_public_key_t::verify(pgp_sphincsplus_signature_t const*, unsigned char const*, unsigned long) const', 'std::__1::vector >::size[abi:ne180100]() const']

62 62 pgp::SlhdsaKeyMaterial::verify(rnp::SecurityContextconst&,pgp::SigMaterialconst&,std::__1::vector >const&)const call site: 00000 /src/rnp/src/lib/key_material.cpp:2001
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

26 68 rnp::Key::Key(rnp::Keyconst&,bool) call site: 00000 /src/rnp/src/lib/key.cpp:447
14 23 7 :

['__cxa_throw', 'fputc', 'std::invalid_argument::invalid_argument[abi:ne180100](char const*)', '__cxa_allocate_exception', '__cxa_free_exception', 'fwrite', 'rnp_log_switch()']

14 23 rnp::KeyStore::KeyStore(std::__1::basic_string ,std::__1::allocator >const&,rnp::SecurityContext&,rnp::KeyFormat) call site: 00000 /src/rnp/src/librekey/rnp_key_store.cpp:714
8 34 7 :

['__cxa_throw', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'rnp_log_switch()', 'fwrite', 'rnp::Source::~Source()', 'fputc']

8 34 rnp::ArmoredSource::ArmoredSource(pgp_source_t&,unsignedint) call site: 00000 /src/rnp/src/librepgp/stream-armor.cpp:1161
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

10 23 (anonymousnamespace)::grip_hash_ec(rnp::Hash&,pgp::ec::Keyconst&) call site: 00000 /src/rnp/src/lib/key_material.cpp:111
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

8 21 (anonymousnamespace)::grip_hash_ecc_hex(rnp::Hash&,charconst*,char) call site: 00000 /src/rnp/src/lib/key_material.cpp:71
8 21 6 :

['__cxa_throw', 'fputc', '__cxa_allocate_exception', 'rnp::rnp_exception::rnp_exception(unsigned int)', 'fwrite', 'rnp_log_switch()']

8 21 pgp_key_pkt_t::make_s2k_params(pgp_packet_body_t&) call site: 00000 /src/rnp/src/librepgp/stream-key.cpp:821
8 12 8 :

['pgp_dilithium_private_key_t::~pgp_dilithium_private_key_t()', 'std::__1::unique_ptr >::~unique_ptr[abi:ne180100]()', 'pgp_dilithium_private_key_t::get_encoded() const', 'std::__1::unique_ptr >::operator->[abi:ne180100]() const', 'std::__1::unique_ptr >::operator=[abi:ne180100](std::__1::unique_ptr >&&)', 'pgp_dilithium_private_key_t::param() const', 'std::__1::__unique_if ::__unique_single std::__1::make_unique[abi:ne180100] (pgp_dilithium_private_key_t&&)', 'pgp_dilithium_private_key_t::pgp_dilithium_private_key_t(std::__1::vector > const&, dilithium_parameter_e)']

16 28 pgp_dilithium_exdsa_composite_private_key_t::operator=(pgp_dilithium_exdsa_composite_private_key_tconst&) call site: 00000 /src/rnp/src/lib/crypto/dilithium_exdsa_composite.cpp:234

Runtime coverage analysis

Covered functions
2020
Functions that are reachable but not covered
0
Reachable functions
6
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/rnp/src/fuzzing/keyring_kbx.c 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
rnp::KeyStore::load(rnp::KeyProviderconst*) /src/rnp/src/librekey/rnp_key_store.cpp 2 ['N/A', 'N/A'] 16 0 189 39 4 1442 0 4371 1486
rnp::KeygenParams::generate(rnp::BindingParams&,rnp::Key&,rnp::Key&,rnp::Key&,rnp::Key&,pgp_password_provider_tconst&,rnp::KeyFormat) /src/rnp/src/lib/keygen.cpp 8 ['N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'int'] 15 0 315 76 72 1371 0 4217 890
pgp::DilithiumEccKeyMaterial::generate(rnp::SecurityContext&,pgp::KeyParamsconst&) /src/rnp/src/lib/key_material.cpp 3 ['N/A', 'N/A', 'N/A'] 9 0 45 8 4 231 0 439 401
rnp::KeyStore::write() /src/rnp/src/librekey/rnp_key_store.cpp 1 ['N/A'] 8 0 308 59 13 201 0 664 392
rnp::KeygenParams::generate(rnp::CertParams&,rnp::Key&,rnp::Key&,rnp::KeyFormat) /src/rnp/src/lib/keygen.cpp 5 ['N/A', 'N/A', 'N/A', 'N/A', 'int'] 15 0 245 58 47 1383 0 4143 266
pgp::MlkemEcdhKeyMaterial::generate(rnp::SecurityContext&,pgp::KeyParamsconst&) /src/rnp/src/lib/key_material.cpp 3 ['N/A', 'N/A', 'N/A'] 9 0 45 8 4 233 0 438 238
pgp::MlkemEcdhKeyMaterial::decrypt(rnp::SecurityContext&,std::__1::vector >&,pgp::EncMaterialconst&)const /src/rnp/src/lib/key_material.cpp 4 ['N/A', 'N/A', 'N/A', 'N/A'] 8 0 53 9 4 195 0 395 212

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
47.0%
1010 / 2171
Cyclomatic complexity statically reachable by fuzzers
52.0%
6656 / 12826

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

/src/rnp/src/fuzzing/sigimport.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


/src/rnp/src/fuzzing/verify_detached.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


/src/rnp/src/fuzzing/dump.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


/src/rnp/src/fuzzing/verify.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


/src/rnp/src/fuzzing/keyring_g10.cpp

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['rnp::Key::is_primary() const', 'rnp::SecurityContext::time() const', 'parse_seckey(pgp_key_pkt_t&, sexp::sexp_list_t const*)', 'rnp::Key::Key()', 'parse_protected_seckey(pgp_key_pkt_t&, sexp::sexp_list_t const*, char const*)', 'rnp::Key::refresh_data(rnp::SecurityContext const&)', 'rnp::Key::operator=(rnp::Key&&)', 'rnp::KeyStore::refresh_subkey_grips(rnp::Key&)', 'sexp::sexp_list_t::~sexp_list_t()', 'rnp::Key::validate_primary(rnp::KeyStore&)']

/src/rnp/src/fuzzing/keyring.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


/src/rnp/src/fuzzing/keyimport.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


/src/rnp/src/fuzzing/keyring_kbx.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
Botan::MessageAuthenticationCode::create(std::__1::basic_string_view >,std::__1::basic_string_view >) 44 10 22.72%
rnp_input_from_memory 32 16 50.0% ['fuzz_sigimport', 'fuzz_keyimport', 'fuzz_verify_detached', 'fuzz_verify', 'fuzz_keyring', 'fuzz_dump', 'fuzz_keyring_kbx']
signed_validate_signature(pgp_source_signed_param_t&,rnp::SignatureInfo&) 38 19 50.0%
rnp::DumpContextJson::dump_signature_subpackets(pgp::pkt::Signatureconst&) 34 17 50.0%
rnp::DumpContextJson::dump_signature_pkt(pgp::pkt::Signatureconst&,json_object*) 102 55 53.92%
rnp::DumpContextJson::dump_key(json_object*) 69 32 46.37%
parse_protected_seckey(pgp_key_pkt_t&,sexp::sexp_list_tconst*,charconst*) 145 54 37.24% ['fuzz_keyring_g10']
mem_dest_own_memory(pgp_dest_t*) 32 15 46.87% ['fuzz_keyring_g10', 'fuzz_keyring_kbx']
botan_ffi_supports_api 33 10 30.30% ['fuzz_keyring', 'fuzz_keyimport', 'fuzz_keyring_kbx']
Botan_FFI::(anonymousnamespace)::ffi_map_error_type(Botan::ErrorType) 45 9 20.0%
Botan::EMSA::create(std::__1::basic_string_view >) 59 9 15.25%
Botan::EC_Group::EC_group_info(Botan::OIDconst&) 273 102 37.36%
decrypt_secret_key(pgp_key_pkt_t*,charconst*) 71 7 9.859% ['fuzz_keyring', 'fuzz_keyimport', 'fuzz_keyring_kbx']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/usr/include/botan-3/botan/dilithium.h [] []
/src/rnp/src/lib/crypto/dilithium_exdsa_composite.cpp [] []
/src/rnp/src/lib/crypto/elgamal.cpp [] []
/src/rnp/src/lib/crypto/cipher_botan.cpp ['fuzz_keyring_g10'] []
/usr/include/botan-3/botan/ec_point.h [] []
/src/rnp/src/lib/crypto/cipher.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/rsa.cpp [] []
/src/rnp/src/librepgp/stream-key.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/common/file-utils.cpp [] []
/src/rnp/src/lib/crypto/sm2.h [] []
/src/rnp/src/libsexpp/src/ext-key-format.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/kdf.h [] []
/src/rnp/src/lib/crypto/dilithium.cpp [] []
/src/rnp/src/lib/crypto/kyber_common.cpp [] []
/src/rnp/src/lib/crypto/ec.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/librekey/key_store_kbx.cpp [] []
/src/rnp/src/lib/crypto/hash_sha1cd.cpp ['fuzz_keyring_g10'] []
/usr/include/botan-3/botan/sym_algo.h [] []
/src/rnp/src/fuzzing/keyring_g10.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/librepgp/stream-sig.h ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/s2k.cpp ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/sm2.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/libsexpp/src/sexp-input.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/ed25519.cpp [] []
/src/rnp/src/lib/crypto/sphincsplus.cpp [] []
/src/rnp/src/lib/crypto/symmetric_common.cpp ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/sphincsplus.h ['fuzz_keyring_g10'] []
/src/rnp/src/lib/pass-provider.h [] []
/src/rnp/src/lib/key-provider.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/exdsa_ecdhkem.cpp [] []
/src/rnp/src/lib/crypto/exdsa_ecdhkem.h [] []
/usr/local/bin/../include/c++/v1/__iterator/move_iterator.h [] []
/src/rnp/src/lib/key_material.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/hkdf_botan.cpp [] []
/src/rnp/src/lib/keygen.cpp [] []
/src/rnp/src/lib/keygen.hpp [] []
/src/rnp/src/lib/crypto/sha1cd/sha1.c ['fuzz_keyring_g10'] []
/src/rnp/src/librekey/rnp_key_store.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/ecdh_utils.cpp [] []
/src/rnp/src/librepgp/stream-sig.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/../librepgp/stream-packet.h [] []
/src/rnp/src/lib/crypto/elgamal.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/fuzzing/sigimport.c ['fuzz_sigimport'] ['fuzz_sigimport']
/src/rnp/src/lib/utils.h ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/dsa.cpp [] []
/src/rnp/src/librekey/g23_sexp.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/hkdf.hpp [] []
/usr/include/botan-3/botan/rng.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/signature.cpp ['fuzz_keyring_g10'] []
/src/rnp/src/libsexpp/src/sexp-object.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/kyber.h [] []
/src/rnp/src/lib/crypto/ecdh.h [] []
/usr/include/botan-3/botan/symkey.h [] []
/src/rnp/src/fuzzing/dump.c ['fuzz_dump'] ['fuzz_dump']
/src/rnp/src/lib/../librepgp/stream-sig.h ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/x25519.cpp [] []
/src/rnp/src/lib/rawpacket.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/libsexpp/src/sexp-depth-manager.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/include/rekey/rnp_key_store.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/fingerprint.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/libsexpp/include/sexpp/sexp.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/ecdh.cpp [] []
/src/rnp/src/lib/crypto/hash_common.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/reducer.h [] []
/src/rnp/src/librepgp/stream-common.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/fuzzing/keyring.c ['fuzz_keyring'] ['fuzz_keyring']
/src/rnp/src/lib/sig_subpacket.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/librekey/kbx_blob.hpp [] []
/src/rnp/src/lib/enc_material.cpp [] []
/src/rnp/src/lib/pass-provider.cpp [] []
/src/rnp/src/common/time-utils.cpp [] []
/usr/include/botan-3/botan/pk_keys.h [] []
/src/rnp/src/libsexpp/include/sexpp/ext-key-format.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/cipher_mode.h [] []
/src/rnp/src/lib/key.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/botan_utils.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/curve_gfp.h [] []
/usr/include/botan-3/botan/bigint.h [] []
/src/rnp/src/lib/crypto/kyber_ecdh_composite.h [] []
/src/rnp/src/lib/crypto/dsa.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/common/str-utils.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/system_rng.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/ecc_key.h [] []
/src/rnp/src/lib/crypto/dilithium_common.cpp [] []
/src/rnp/src/lib/key-provider.h ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/ec.cpp [] []
/src/rnp/src/lib/crypto/rng.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/mpi.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/libsexpp/src/sexp-simple-string.cpp [] []
/src/rnp/src/fuzzing/verify.c ['fuzz_verify'] ['fuzz_verify']
/src/rnp/src/librekey/key_store_pgp.cpp [] []
/src/rnp/src/lib/crypto/rsa.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/mac.h [] []
/usr/include/botan-3/botan/ecdsa.h [] []
/usr/include/botan-3/botan/pubkey.h [] []
/src/rnp/src/lib/key_material.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/librepgp/stream-packet.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/kyber.cpp [] []
/src/rnp/src/lib/crypto/dilithium_exdsa_composite.h ['fuzz_keyring_g10'] []
/usr/local/bin/../include/c++/v1/sstream ['fuzz_keyring_g10'] []
/usr/local/bin/../include/c++/v1/string [] []
/src/rnp/src/librepgp/stream-packet.h [] []
/src/rnp/src/lib/crypto/mpi.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/ec_curves.cpp ['fuzz_keyring_g10'] []
/src/rnp/src/fuzzing/keyimport.c ['fuzz_keyimport'] ['fuzz_keyimport']
/src/rnp/src/lib/utils.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/libsexpp/src/sexp-error.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/buf_comp.h [] []
/src/rnp/src/lib/crypto/signatures.cpp ['fuzz_keyring_g10'] []
/usr/include/botan-3/botan/curve25519.h [] []
/src/rnp/src/fuzzing/keyring_kbx.c ['fuzz_keyring_kbx'] ['fuzz_keyring_kbx']
/usr/include/botan-3/botan/aead.h [] []
/usr/include/x86_64-linux-gnu/sys/stat.h [] []
/src/rnp/src/lib/sec_profile.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/signature.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/fuzzing/verify_detached.c ['fuzz_verify_detached'] ['fuzz_verify_detached']
/src/rnp/src/lib/sig_material.cpp ['fuzz_keyring_g10'] []
/usr/include/ctype.h ['fuzz_keyring_g10'] []
/usr/include/stdlib.h [] []
/src/rnp/src/lib/crypto/hash.hpp ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/mem.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/ecdsa.cpp [] []
/usr/include/botan-3/botan/ecdh.h [] []
/src/rnp/src/lib/crypto/eddsa.cpp [] []
/src/rnp/src/librepgp/stream-armor.h [] []
/usr/local/bin/../include/c++/v1/__exception/exception.h ['fuzz_keyring_g10'] []
/src/rnp/src/lib/fingerprint.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/libsexpp/include/sexpp/sexp-error.h ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/dsa_common.cpp [] []
/usr/include/botan-3/botan/ed25519.h [] []
/src/rnp/src/lib/../librepgp/stream-common.h [] ['fuzz_keyring_g10']
/src/rnp/src/librepgp/stream-armor.cpp [] []
/src/rnp/src/lib/crypto/kyber_ecdh_composite.cpp [] []
/src/rnp/src/lib/userid.hpp [] []
/src/rnp/src/librepgp/stream-key.h [] []
/src/rnp/src/lib/crypto/backend_version.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/libsexpp/src/sexp-output.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/kmac_botan.cpp [] []
/src/rnp/src/lib/sig_subpacket.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/usr/include/botan-3/botan/secmem.h [] []
/src/rnp/src/lib/types.h ['fuzz_keyring_g10'] []
/src/rnp/src/lib/crypto/hash.cpp ['fuzz_keyring_g10'] []
/src/rnp/src/librekey/key_store_g10.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/enc_material.hpp [] []
/src/rnp/src/lib/sec_profile.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/sha1cd/ubc_check.c [] []
/src/rnp/src/lib/crypto/kmac.cpp [] []
/src/rnp/src/lib/crypto/kmac.hpp [] []
/usr/local/bin/../include/c++/v1/stdexcept ['fuzz_keyring_g10'] []
/src/rnp/src/lib/rawpacket.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/logging.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/librepgp/stream-common.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/symmetric.cpp [] []
/src/rnp/src/lib/crypto/dilithium.h [] []
/src/rnp/src/libsexpp/src/sexp-char-defs.cpp [] []
/src/rnp/src/lib/crypto/mem.cpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/crypto/hkdf.cpp [] []
/usr/include/botan-3/botan/kyber.h [] []
/src/rnp/src/lib/sig_material.hpp ['fuzz_keyring_g10'] []
/src/rnp/src/lib/userid.cpp ['fuzz_keyring_g10'] []
/src/rnp/src/lib/key.hpp ['fuzz_keyring_g10'] ['fuzz_keyring_g10']
/src/rnp/src/lib/../librepgp/stream-key.h ['fuzz_keyring_g10'] []

Directories in report

Directory
/src/rnp/src/libsexpp/include/sexpp/
/usr/include/botan-3/botan/
/src/rnp/src/libsexpp/src/
/src/rnp/src/lib/crypto/
/src/rnp/src/fuzzing/
/src/rnp/src/lib/crypto/sha1cd/
/src/rnp/src/lib/
/src/rnp/src/lib/../librepgp/
/usr/local/bin/../include/c++/v1/
/usr/include/
/src/rnp/include/rekey/
/usr/include/x86_64-linux-gnu/sys/
/usr/local/bin/../include/c++/v1/__exception/
/src/rnp/src/common/
/src/rnp/src/librepgp/
/usr/local/bin/../include/c++/v1/__iterator/
/src/rnp/src/librekey/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
fuzz_sigimport fuzzerLogFile-0-gS6BGfbZAu.data fuzzerLogFile-0-gS6BGfbZAu.data.yaml fuzz_sigimport.covreport
fuzz_verify_detached fuzzerLogFile-0-7Bh7gxOpu7.data fuzzerLogFile-0-7Bh7gxOpu7.data.yaml fuzz_verify_detached.covreport
fuzz_dump fuzzerLogFile-0-ZGeL5TxCVY.data fuzzerLogFile-0-ZGeL5TxCVY.data.yaml fuzz_dump.covreport
fuzz_verify fuzzerLogFile-0-eOANR47GNY.data fuzzerLogFile-0-eOANR47GNY.data.yaml fuzz_verify.covreport
fuzz_keyring_g10 fuzzerLogFile-0-6p2RbhgQlq.data fuzzerLogFile-0-6p2RbhgQlq.data.yaml fuzz_keyring_g10.covreport
fuzz_keyring fuzzerLogFile-0-D739y8Of88.data fuzzerLogFile-0-D739y8Of88.data.yaml fuzz_keyring.covreport
fuzz_keyimport fuzzerLogFile-0-30FiwQSpLm.data fuzzerLogFile-0-30FiwQSpLm.data.yaml fuzz_keyimport.covreport
fuzz_keyring_kbx fuzzerLogFile-0-rfWuS7Eu0Q.data fuzzerLogFile-0-rfWuS7Eu0Q.data.yaml fuzz_keyring_kbx.covreport