Fuzz introspector: /work/mbedtls-2.28.8/programs/fuzz/fuzz_x509crl.c
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1134 1134 10 :

['SC_Chunks_CheckSymmetricSecurityHeader', 'SOPC_Buffer_SetDataLength', 'SOPC_Remove_Padding', 'SC_Chunks_DecryptMsg', 'SC_Chunks_IsMsgSigned', 'SC_Chunks_VerifyMsgSignature', 'SC_Chunks_CheckSequenceHeaderRequestId', 'SC_Chunks_CheckSequenceHeaderSN', 'SC_Chunks_IsMsgEncrypted', 'SC_Chunks_TreatMsgMultiChunks']

1134 1746 SC_Chunks_TreatTcpPayload call site: 00000 /src/S2OPC/src/ClientServer/secure_channels/sopc_chunks_mgr.c:1957
982 982 7 :

['SOPC_Buffer_SetDataLength', 'SOPC_Remove_Padding', 'SC_Chunks_DecryptMsg', 'SC_Chunks_VerifyMsgSignature', 'SC_Chunks_CheckSequenceHeaderRequestId', 'SC_Chunks_CheckSequenceHeaderSN', 'SC_Chunks_TreatMsgMultiChunks']

982 1492 SC_Chunks_TreatTcpPayload call site: 00000 /src/S2OPC/src/ClientServer/secure_channels/sopc_chunks_mgr.c:1930
222 222 1 :

['SOPC_CryptoProvider_Create']

2217 2673 SC_Chunks_CheckAsymmetricSecurityHeader call site: 00000 /src/S2OPC/src/ClientServer/secure_channels/sopc_chunks_mgr.c:800
106 106 1 :

['SC_Chunks_TreatMsgMultiChunks']

106 106 SC_Chunks_TreatTcpPayload call site: 00000 /src/S2OPC/src/ClientServer/secure_channels/sopc_chunks_mgr.c:2068
25 27 2 :

['SOPC_Free', 'mbedtls_x509_crt_free']

25 27 SOPC_KeyManager_Certificate_Free call site: 00000 /src/S2OPC/src/Common/crypto/lib_dep/mbedtls/key_manager_mbedtls.c:871
21 47 7 :

['SOPC_NodeId_Clear', 'SOPC_Guid_Copy', 'SOPC_ByteString_Copy', 'SOPC_String_Initialize', 'SOPC_String_Copy', 'SOPC_ByteString_Initialize', 'SOPC_Malloc']

21 47 SOPC_NodeId_Copy call site: 00000 /src/S2OPC/src/Common/opcua_types/sopc_builtintypes.c:1634
19 19 1 :

['SOPC_ToolkitClient_GetSecureChannelConfig']

2300 3195 SC_Chunks_CheckAsymmetricSecurityHeader call site: 00000 /src/S2OPC/src/ClientServer/secure_channels/sopc_chunks_mgr.c:677
19 19 1 :

['SOPC_ToolkitClient_GetSecureChannelConfig']

1153 1867 SC_Chunks_TreatTcpPayload call site: 00000 /src/S2OPC/src/ClientServer/secure_channels/sopc_chunks_mgr.c:1948
7 9 2 :

['mbedtls_pk_free', 'SOPC_Free']

7 9 SOPC_KeyManager_AsymmetricKey_Free call site: 00000 /src/S2OPC/src/Common/crypto/lib_dep/mbedtls/key_manager_mbedtls.c:267
3 3 1 :

['Network_Check_ReceivedSecurityMode']

68 937 Decode_Message_V1 call site: 00000 /src/S2OPC/src/PubSub/network/sopc_network_layer.c:2012
2 2 1 :

['strlen']

2 2 SOPC_String_AttachFromCstring call site: 00000 /src/S2OPC/src/Common/opcua_types/sopc_builtintypes.c:1020
0 30 1 :

['SOPC_KeyManager_Certificate_Free']

0 30 SC_Chunks_CheckAsymmetricSecurityHeader call site: 00000 /src/S2OPC/src/ClientServer/secure_channels/sopc_chunks_mgr.c:885

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 mbedtls_x509_crl_init [function] [call site] 00001
1 mbedtls_x509_crl_parse [function] [call site] 00002
2 mbedtls_pem_init [function] [call site] 00003
2 mbedtls_pem_read_buffer [function] [call site] 00004
3 strstr [call site] 00005
3 strstr [call site] 00006
3 strlen [call site] 00007
3 strlen [call site] 00008
3 memcmp [call site] 00009
3 memcmp [call site] 00010
3 pem_get_iv [function] [call site] 00011
3 memcmp [call site] 00012
3 pem_get_iv [function] [call site] 00013
3 memcmp [call site] 00014
3 memcmp [call site] 00015
3 memcmp [call site] 00016
3 memcmp [call site] 00017
3 pem_get_iv [function] [call site] 00018
3 mbedtls_base64_decode [function] [call site] 00019
4 mbedtls_ct_base64_dec_value [function] [call site] 00020
5 mbedtls_ct_uchar_mask_of_range [function] [call site] 00021
5 mbedtls_ct_uchar_mask_of_range [function] [call site] 00022
5 mbedtls_ct_uchar_mask_of_range [function] [call site] 00023
5 mbedtls_ct_uchar_mask_of_range [function] [call site] 00024
5 mbedtls_ct_uchar_mask_of_range [function] [call site] 00025
4 mbedtls_ct_base64_dec_value [function] [call site] 00026
3 mbedtls_error_add [function] [call site] 00027
3 calloc [call site] 00028
3 mbedtls_base64_decode [function] [call site] 00029
3 mbedtls_platform_zeroize [function] [call site] 00030
3 mbedtls_error_add [function] [call site] 00031
3 mbedtls_platform_zeroize [function] [call site] 00032
3 pem_des3_decrypt [function] [call site] 00033
4 mbedtls_des3_init [function] [call site] 00034
4 pem_pbkdf1 [function] [call site] 00035
5 mbedtls_md5_init [function] [call site] 00036
5 mbedtls_md5_starts_ret [function] [call site] 00037
5 mbedtls_md5_update_ret [function] [call site] 00038
6 mbedtls_internal_md5_process [function] [call site] 00039
7 mbedtls_platform_zeroize [function] [call site] 00040
6 mbedtls_internal_md5_process [function] [call site] 00041
5 mbedtls_md5_update_ret [function] [call site] 00042
5 mbedtls_md5_finish_ret [function] [call site] 00043
6 mbedtls_internal_md5_process [function] [call site] 00044
6 mbedtls_internal_md5_process [function] [call site] 00045
5 mbedtls_md5_starts_ret [function] [call site] 00046
5 mbedtls_md5_update_ret [function] [call site] 00047
5 mbedtls_md5_update_ret [function] [call site] 00048
5 mbedtls_md5_update_ret [function] [call site] 00049
5 mbedtls_md5_finish_ret [function] [call site] 00050
5 mbedtls_md5_free [function] [call site] 00051
6 mbedtls_platform_zeroize [function] [call site] 00052
5 mbedtls_platform_zeroize [function] [call site] 00053
4 mbedtls_des3_set3key_dec [function] [call site] 00054
5 des3_set3key [function] [call site] 00055
6 mbedtls_des_setkey [function] [call site] 00056
6 mbedtls_des_setkey [function] [call site] 00057
6 mbedtls_des_setkey [function] [call site] 00058
5 mbedtls_platform_zeroize [function] [call site] 00059
4 mbedtls_des3_crypt_cbc [function] [call site] 00060
5 mbedtls_des3_crypt_ecb [function] [call site] 00061
5 mbedtls_des3_crypt_ecb [function] [call site] 00062
4 mbedtls_des3_free [function] [call site] 00063
5 mbedtls_platform_zeroize [function] [call site] 00064
4 mbedtls_platform_zeroize [function] [call site] 00065
3 pem_des_decrypt [function] [call site] 00066
4 mbedtls_des_init [function] [call site] 00067
4 pem_pbkdf1 [function] [call site] 00068
4 mbedtls_des_setkey_dec [function] [call site] 00069
5 mbedtls_des_setkey [function] [call site] 00070
4 mbedtls_des_crypt_cbc [function] [call site] 00071
5 mbedtls_des_crypt_ecb [function] [call site] 00072
5 mbedtls_des_crypt_ecb [function] [call site] 00073
4 mbedtls_des_free [function] [call site] 00074
5 mbedtls_platform_zeroize [function] [call site] 00075
4 mbedtls_platform_zeroize [function] [call site] 00076
3 pem_aes_decrypt [function] [call site] 00077
4 mbedtls_aes_init [function] [call site] 00078
4 pem_pbkdf1 [function] [call site] 00079
4 mbedtls_aes_setkey_dec [function] [call site] 00080
5 mbedtls_aes_init [function] [call site] 00081
5 mbedtls_aes_setkey_enc [function] [call site] 00082
6 aes_gen_tables [function] [call site] 00083
5 mbedtls_aes_free [function] [call site] 00084
6 mbedtls_platform_zeroize [function] [call site] 00085
4 mbedtls_aes_crypt_cbc [function] [call site] 00086
5 mbedtls_aes_crypt_ecb [function] [call site] 00087
6 mbedtls_internal_aes_encrypt [function] [call site] 00088
7 mbedtls_platform_zeroize [function] [call site] 00089
6 mbedtls_internal_aes_decrypt [function] [call site] 00090
7 mbedtls_platform_zeroize [function] [call site] 00091
5 mbedtls_aes_crypt_ecb [function] [call site] 00092
4 mbedtls_aes_free [function] [call site] 00093
4 mbedtls_platform_zeroize [function] [call site] 00094
3 pem_aes_decrypt [function] [call site] 00095
3 pem_aes_decrypt [function] [call site] 00096
3 mbedtls_platform_zeroize [function] [call site] 00097
2 mbedtls_x509_crl_parse_der [function] [call site] 00098
3 calloc [call site] 00099
3 mbedtls_x509_crl_free [function] [call site] 00100
4 mbedtls_platform_zeroize [function] [call site] 00101
4 mbedtls_platform_zeroize [function] [call site] 00102
4 mbedtls_platform_zeroize [function] [call site] 00103
4 mbedtls_platform_zeroize [function] [call site] 00104
3 mbedtls_x509_crl_init [function] [call site] 00105
3 calloc [call site] 00106
3 mbedtls_asn1_get_tag [function] [call site] 00107
4 mbedtls_asn1_get_len [function] [call site] 00108
3 mbedtls_x509_crl_free [function] [call site] 00109
3 mbedtls_x509_crl_free [function] [call site] 00110
3 mbedtls_error_add [function] [call site] 00111
3 mbedtls_asn1_get_tag [function] [call site] 00112
3 mbedtls_x509_crl_free [function] [call site] 00113
3 mbedtls_error_add [function] [call site] 00114
3 x509_crl_get_version [function] [call site] 00115
4 mbedtls_asn1_get_int [function] [call site] 00116
5 asn1_get_tagged_int [function] [call site] 00117
6 mbedtls_asn1_get_tag [function] [call site] 00118
4 mbedtls_error_add [function] [call site] 00119
3 mbedtls_x509_get_alg [function] [call site] 00120
4 mbedtls_asn1_get_alg [function] [call site] 00121
5 mbedtls_asn1_get_tag [function] [call site] 00122
5 mbedtls_asn1_get_tag [function] [call site] 00123
5 mbedtls_platform_zeroize [function] [call site] 00124
5 mbedtls_asn1_get_len [function] [call site] 00125
4 mbedtls_error_add [function] [call site] 00126
3 mbedtls_x509_crl_free [function] [call site] 00127
3 mbedtls_x509_crl_free [function] [call site] 00128
3 mbedtls_x509_get_sig_alg [function] [call site] 00129
4 mbedtls_oid_get_sig_alg [function] [call site] 00130
5 oid_sig_alg_from_asn1 [function] [call site] 00131
6 memcmp [call site] 00132
4 mbedtls_error_add [function] [call site] 00133
4 calloc [call site] 00134
4 mbedtls_x509_get_rsassa_pss_params [function] [call site] 00135
5 mbedtls_error_add [function] [call site] 00136
5 mbedtls_asn1_get_tag [function] [call site] 00137
5 mbedtls_x509_get_alg_null [function] [call site] 00138
6 mbedtls_asn1_get_alg_null [function] [call site] 00139
7 mbedtls_asn1_get_alg [function] [call site] 00140
6 mbedtls_error_add [function] [call site] 00141
5 mbedtls_oid_get_md_alg [function] [call site] 00142
6 oid_md_alg_from_asn1 [function] [call site] 00143
7 memcmp [call site] 00144
5 mbedtls_error_add [function] [call site] 00145
5 mbedtls_error_add [function] [call site] 00146
5 mbedtls_error_add [function] [call site] 00147
5 mbedtls_asn1_get_tag [function] [call site] 00148
5 mbedtls_x509_get_alg [function] [call site] 00149
5 memcmp [call site] 00150
5 mbedtls_error_add [function] [call site] 00151
5 x509_get_hash_alg [function] [call site] 00152
6 mbedtls_error_add [function] [call site] 00153
6 mbedtls_error_add [function] [call site] 00154
6 mbedtls_asn1_get_tag [function] [call site] 00155
6 mbedtls_error_add [function] [call site] 00156
6 mbedtls_oid_get_md_alg [function] [call site] 00157
6 mbedtls_error_add [function] [call site] 00158
6 mbedtls_asn1_get_tag [function] [call site] 00159
6 mbedtls_error_add [function] [call site] 00160
6 mbedtls_error_add [function] [call site] 00161
5 mbedtls_error_add [function] [call site] 00162
5 mbedtls_error_add [function] [call site] 00163
5 mbedtls_asn1_get_tag [function] [call site] 00164
5 mbedtls_asn1_get_int [function] [call site] 00165
5 mbedtls_error_add [function] [call site] 00166
5 mbedtls_error_add [function] [call site] 00167
5 mbedtls_error_add [function] [call site] 00168
5 mbedtls_asn1_get_tag [function] [call site] 00169
5 mbedtls_asn1_get_int [function] [call site] 00170
5 mbedtls_error_add [function] [call site] 00171
5 mbedtls_error_add [function] [call site] 00172
5 mbedtls_error_add [function] [call site] 00173
3 mbedtls_x509_crl_free [function] [call site] 00174
3 mbedtls_asn1_get_tag [function] [call site] 00175
3 mbedtls_x509_crl_free [function] [call site] 00176
3 mbedtls_error_add [function] [call site] 00177
3 mbedtls_x509_get_name [function] [call site] 00178
4 mbedtls_asn1_get_tag [function] [call site] 00179
4 mbedtls_error_add [function] [call site] 00180
4 x509_get_attr_type_value [function] [call site] 00181
5 mbedtls_asn1_get_tag [function] [call site] 00182
5 mbedtls_error_add [function] [call site] 00183
5 mbedtls_asn1_get_tag [function] [call site] 00184
5 mbedtls_error_add [function] [call site] 00185
5 mbedtls_error_add [function] [call site] 00186
5 mbedtls_error_add [function] [call site] 00187
5 mbedtls_asn1_get_len [function] [call site] 00188
5 mbedtls_error_add [function] [call site] 00189
5 mbedtls_error_add [function] [call site] 00190
4 calloc [call site] 00191
4 calloc [call site] 00192
4 mbedtls_platform_zeroize [function] [call site] 00193
4 mbedtls_platform_zeroize [function] [call site] 00194
3 mbedtls_x509_crl_free [function] [call site] 00195
3 mbedtls_x509_get_time [function] [call site] 00196
4 mbedtls_error_add [function] [call site] 00197
4 mbedtls_error_add [function] [call site] 00198
4 mbedtls_asn1_get_len [function] [call site] 00199
4 mbedtls_error_add [function] [call site] 00200
4 x509_parse_time [function] [call site] 00201
5 x509_parse_int [function] [call site] 00202
5 x509_parse_int [function] [call site] 00203
5 x509_parse_int [function] [call site] 00204
5 x509_parse_int [function] [call site] 00205
5 x509_parse_int [function] [call site] 00206
5 x509_parse_int [function] [call site] 00207
5 x509_date_is_valid [function] [call site] 00208
3 mbedtls_x509_crl_free [function] [call site] 00209
3 mbedtls_x509_get_time [function] [call site] 00210
3 mbedtls_error_add [function] [call site] 00211
3 mbedtls_error_add [function] [call site] 00212
3 mbedtls_x509_crl_free [function] [call site] 00213
3 x509_get_entries [function] [call site] 00214
4 mbedtls_asn1_get_tag [function] [call site] 00215
4 mbedtls_asn1_get_tag [function] [call site] 00216
4 mbedtls_x509_get_serial [function] [call site] 00217
5 mbedtls_error_add [function] [call site] 00218
5 mbedtls_error_add [function] [call site] 00219
5 mbedtls_asn1_get_len [function] [call site] 00220
5 mbedtls_error_add [function] [call site] 00221
4 mbedtls_x509_get_time [function] [call site] 00222
4 x509_get_crl_entry_ext [function] [call site] 00223
5 mbedtls_asn1_get_tag [function] [call site] 00224
5 mbedtls_error_add [function] [call site] 00225
5 mbedtls_asn1_get_tag [function] [call site] 00226
5 mbedtls_error_add [function] [call site] 00227
5 mbedtls_error_add [function] [call site] 00228
4 calloc [call site] 00229
3 mbedtls_x509_crl_free [function] [call site] 00230
3 x509_get_crl_ext [function] [call site] 00231
4 mbedtls_x509_get_ext [function] [call site] 00232
5 mbedtls_asn1_get_tag [function] [call site] 00233
5 mbedtls_error_add [function] [call site] 00234
5 mbedtls_asn1_get_tag [function] [call site] 00235
5 mbedtls_error_add [function] [call site] 00236
5 mbedtls_error_add [function] [call site] 00237
4 mbedtls_asn1_get_tag [function] [call site] 00238
4 mbedtls_asn1_get_tag [function] [call site] 00239
4 mbedtls_asn1_get_bool [function] [call site] 00240
5 mbedtls_asn1_get_tag [function] [call site] 00241
4 mbedtls_asn1_get_tag [function] [call site] 00242
4 mbedtls_error_add [function] [call site] 00243
3 mbedtls_x509_crl_free [function] [call site] 00244
3 mbedtls_x509_crl_free [function] [call site] 00245
3 mbedtls_error_add [function] [call site] 00246
3 mbedtls_x509_get_alg [function] [call site] 00247
3 mbedtls_x509_crl_free [function] [call site] 00248
3 memcmp [call site] 00249
3 memcmp [call site] 00250
3 mbedtls_x509_crl_free [function] [call site] 00251
3 mbedtls_x509_get_sig [function] [call site] 00252
4 mbedtls_error_add [function] [call site] 00253
4 mbedtls_asn1_get_bitstring_null [function] [call site] 00254
5 mbedtls_asn1_get_tag [function] [call site] 00255
4 mbedtls_error_add [function] [call site] 00256
3 mbedtls_x509_crl_free [function] [call site] 00257
3 mbedtls_x509_crl_free [function] [call site] 00258
3 mbedtls_error_add [function] [call site] 00259
2 mbedtls_pem_free [function] [call site] 00260
3 mbedtls_platform_zeroize [function] [call site] 00261
3 mbedtls_platform_zeroize [function] [call site] 00262
2 mbedtls_pem_free [function] [call site] 00263
2 mbedtls_pem_free [function] [call site] 00264
2 mbedtls_x509_crl_parse_der [function] [call site] 00265
1 mbedtls_x509_crl_info [function] [call site] 00266
2 snprintf [call site] 00267
2 snprintf [call site] 00268
2 mbedtls_x509_dn_gets [function] [call site] 00269
3 snprintf [call site] 00270
3 mbedtls_oid_get_attr_short_name [function] [call site] 00271
4 oid_x520_attr_from_asn1 [function] [call site] 00272
5 memcmp [call site] 00273
3 snprintf [call site] 00274
3 snprintf [call site] 00275
3 memchr [call site] 00276
3 snprintf [call site] 00277
2 snprintf [call site] 00278
2 snprintf [call site] 00279
2 snprintf [call site] 00280
2 snprintf [call site] 00281
2 mbedtls_x509_serial_gets [function] [call site] 00282
3 snprintf [call site] 00283
3 snprintf [call site] 00284
2 snprintf [call site] 00285
2 snprintf [call site] 00286
2 mbedtls_x509_sig_alg_gets [function] [call site] 00287
3 mbedtls_oid_get_sig_alg_desc [function] [call site] 00288
4 oid_sig_alg_from_asn1 [function] [call site] 00289
3 snprintf [call site] 00290
3 snprintf [call site] 00291
3 mbedtls_md_info_from_type [function] [call site] 00292
3 mbedtls_md_info_from_type [function] [call site] 00293
3 mbedtls_md_get_name [function] [call site] 00294
3 mbedtls_md_get_name [function] [call site] 00295
3 snprintf [call site] 00296
2 snprintf [call site] 00297
1 mbedtls_x509_crl_free [function] [call site] 00298