#	Finding	Severity
008	getentropy succeeds with non-OS fallback entropy (AIX)	High
009	getentropy falls back to non-OS entropy (HP-UX)	High
010	getentropy succeeds after entropy sources fail (Linux)	High
011	Entropy source fails open to system-state hash (macOS)	High
012	getentropy succeeds after kernel entropy failure (Solaris)	High

X.509 path validation

#	Finding	Severity
003	IP verifier accepts trailing garbage	High
004	Delta CRL can satisfy full revocation coverage	High
006	Inherited ASID skips issuer resource absence	High
007	Wrong-purpose certificates pass verification	High
033	Embedded NUL bypasses DNS name constraints	High
034	Embedded NUL bypasses email name constraints	High
035	Invalid certificates can pass CA-purpose check	High

ASN.1 encoding and decoding

#	Finding	Severity
013	Empty CSR attribute set dereferences NULL	Medium
018	Multipart boundary accepts prefixed delimiter lines	Medium
020	Sequence length signed integer overflow	High
021	Set-of length signed integer overflow	High
024	UTF8 output length counter overflows	Medium
025	Terminator byte addition overflows allocation size	Medium

Symmetric cipher modes

#	Finding	Severity
015	Unchecked CFB state indexes past IV	High
029	CBC decrypt reads past partial trailing ciphertext	Medium
030	Zero-length GCM tag authenticates successfully	High

RSA

#	Finding	Severity
032	Copied RSA-PSS contexts drop verification restrictions	High
041	ASN.1 OCTET STRING signatures accept trailing bytes	High

CMS

#	Finding	Severity
014	PWRI unwrap reads past short stream-cipher encrypted keys	High
027	Signer info retains freed pkey context	Medium

Legacy ciphers

#	Finding	Severity
022	High-bit salt indexes past con_salt (DES)	Medium
028	Zero-bit CFB causes infinite loop (DES)	Medium
038	Negative key length writes before key schedule (RC2)	High
039	Out-of-range OFB num leaks stack byte (RC2)	Medium

Big numbers and key derivation

#	Finding	Severity
001	Constant-time modular exponentiation downgrades on even moduli	High
002	Negative PBKDF2 key length becomes huge memcpy	High

Other public-key algorithms

#	Finding	Severity
019	Ed25519 accepts non-canonical public keys	High
023	SM2 C2 length overwrites plaintext buffer	High

Key and container formats

#	Finding	Severity
016	Failed safe repack is treated as success (PKCS12)	Medium
031	Encrypted PVK key length checked after eight-byte copy	Medium

Configuration and database parsers

#	Finding	Severity
005	Unbounded config line overflows buffer offset	Medium
042	Unbounded TXT_DB line growth exhausts memory	Medium

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

LibreSSL libcrypto Audit Findings

Summary

Findings

Entropy and CSPRNG seeding

X.509 path validation

ASN.1 encoding and decoding

Symmetric cipher modes

RSA

CMS

Legacy ciphers

Big numbers and key derivation

Other public-key algorithms

Key and container formats

Configuration and database parsers

Name		Name	Last commit message	Last commit date
parent directory ..
001-constant-time-modular-exponentiation-downgrades-on-even-modu.md		001-constant-time-modular-exponentiation-downgrades-on-even-modu.md
001-constant-time-modular-exponentiation-downgrades-on-even-modu.patch		001-constant-time-modular-exponentiation-downgrades-on-even-modu.patch
002-negative-pbkdf2-key-length-becomes-huge-memcpy.md		002-negative-pbkdf2-key-length-becomes-huge-memcpy.md
002-negative-pbkdf2-key-length-becomes-huge-memcpy.patch		002-negative-pbkdf2-key-length-becomes-huge-memcpy.patch
003-ip-verifier-accepts-trailing-garbage.md		003-ip-verifier-accepts-trailing-garbage.md
003-ip-verifier-accepts-trailing-garbage.patch		003-ip-verifier-accepts-trailing-garbage.patch
004-delta-crl-can-satisfy-full-revocation-coverage.md		004-delta-crl-can-satisfy-full-revocation-coverage.md
004-delta-crl-can-satisfy-full-revocation-coverage.patch		004-delta-crl-can-satisfy-full-revocation-coverage.patch
005-unbounded-config-line-overflows-buffer-offset.md		005-unbounded-config-line-overflows-buffer-offset.md
005-unbounded-config-line-overflows-buffer-offset.patch		005-unbounded-config-line-overflows-buffer-offset.patch
006-inherited-asid-skips-issuer-resource-absence.md		006-inherited-asid-skips-issuer-resource-absence.md
006-inherited-asid-skips-issuer-resource-absence.patch		006-inherited-asid-skips-issuer-resource-absence.patch
007-wrong-purpose-certificates-pass-verification.md		007-wrong-purpose-certificates-pass-verification.md
007-wrong-purpose-certificates-pass-verification.patch		007-wrong-purpose-certificates-pass-verification.patch
008-getentropy-succeeds-with-non-os-fallback-entropy.md		008-getentropy-succeeds-with-non-os-fallback-entropy.md
008-getentropy-succeeds-with-non-os-fallback-entropy.patch		008-getentropy-succeeds-with-non-os-fallback-entropy.patch
009-getentropy-falls-back-to-non-os-entropy.md		009-getentropy-falls-back-to-non-os-entropy.md
009-getentropy-falls-back-to-non-os-entropy.patch		009-getentropy-falls-back-to-non-os-entropy.patch
010-getentropy-succeeds-after-entropy-sources-fail.md		010-getentropy-succeeds-after-entropy-sources-fail.md
010-getentropy-succeeds-after-entropy-sources-fail.patch		010-getentropy-succeeds-after-entropy-sources-fail.patch
011-entropy-source-fails-open-to-system-state-hash.md		011-entropy-source-fails-open-to-system-state-hash.md
011-entropy-source-fails-open-to-system-state-hash.patch		011-entropy-source-fails-open-to-system-state-hash.patch
012-getentropy-succeeds-after-kernel-entropy-failure.md		012-getentropy-succeeds-after-kernel-entropy-failure.md
012-getentropy-succeeds-after-kernel-entropy-failure.patch		012-getentropy-succeeds-after-kernel-entropy-failure.patch
013-empty-csr-attribute-set-dereferences-null.md		013-empty-csr-attribute-set-dereferences-null.md
013-empty-csr-attribute-set-dereferences-null.patch		013-empty-csr-attribute-set-dereferences-null.patch
014-pwri-unwrap-reads-past-short-stream-cipher-encrypted-keys.md		014-pwri-unwrap-reads-past-short-stream-cipher-encrypted-keys.md
014-pwri-unwrap-reads-past-short-stream-cipher-encrypted-keys.patch		014-pwri-unwrap-reads-past-short-stream-cipher-encrypted-keys.patch
015-unchecked-cfb-state-indexes-past-iv.md		015-unchecked-cfb-state-indexes-past-iv.md
015-unchecked-cfb-state-indexes-past-iv.patch		015-unchecked-cfb-state-indexes-past-iv.patch
016-failed-safe-repack-is-treated-as-success.md		016-failed-safe-repack-is-treated-as-success.md
016-failed-safe-repack-is-treated-as-success.patch		016-failed-safe-repack-is-treated-as-success.patch
018-multipart-boundary-accepts-prefixed-delimiter-lines.md		018-multipart-boundary-accepts-prefixed-delimiter-lines.md
018-multipart-boundary-accepts-prefixed-delimiter-lines.patch		018-multipart-boundary-accepts-prefixed-delimiter-lines.patch
019-ed25519-accepts-non-canonical-public-keys.md		019-ed25519-accepts-non-canonical-public-keys.md
019-ed25519-accepts-non-canonical-public-keys.patch		019-ed25519-accepts-non-canonical-public-keys.patch
020-sequence-length-signed-integer-overflow.md		020-sequence-length-signed-integer-overflow.md
020-sequence-length-signed-integer-overflow.patch		020-sequence-length-signed-integer-overflow.patch
021-set-of-length-signed-integer-overflow.md		021-set-of-length-signed-integer-overflow.md
021-set-of-length-signed-integer-overflow.patch		021-set-of-length-signed-integer-overflow.patch
022-high-bit-salt-indexes-past-con-salt.md		022-high-bit-salt-indexes-past-con-salt.md
022-high-bit-salt-indexes-past-con-salt.patch		022-high-bit-salt-indexes-past-con-salt.patch
023-sm2-c2-length-overwrites-plaintext-buffer.md		023-sm2-c2-length-overwrites-plaintext-buffer.md
023-sm2-c2-length-overwrites-plaintext-buffer.patch		023-sm2-c2-length-overwrites-plaintext-buffer.patch
024-utf8-output-length-counter-overflows.md		024-utf8-output-length-counter-overflows.md
024-utf8-output-length-counter-overflows.patch		024-utf8-output-length-counter-overflows.patch
025-terminator-byte-addition-overflows-allocation-size.md		025-terminator-byte-addition-overflows-allocation-size.md
025-terminator-byte-addition-overflows-allocation-size.patch		025-terminator-byte-addition-overflows-allocation-size.patch
027-signer-info-retains-freed-pkey-context.md		027-signer-info-retains-freed-pkey-context.md
027-signer-info-retains-freed-pkey-context.patch		027-signer-info-retains-freed-pkey-context.patch
028-zero-bit-cfb-causes-infinite-loop.md		028-zero-bit-cfb-causes-infinite-loop.md
028-zero-bit-cfb-causes-infinite-loop.patch		028-zero-bit-cfb-causes-infinite-loop.patch
029-cbc-decrypt-reads-past-partial-trailing-ciphertext.md		029-cbc-decrypt-reads-past-partial-trailing-ciphertext.md
029-cbc-decrypt-reads-past-partial-trailing-ciphertext.patch		029-cbc-decrypt-reads-past-partial-trailing-ciphertext.patch
030-zero-length-gcm-tag-authenticates-successfully.md		030-zero-length-gcm-tag-authenticates-successfully.md
030-zero-length-gcm-tag-authenticates-successfully.patch		030-zero-length-gcm-tag-authenticates-successfully.patch
031-encrypted-pvk-key-length-checked-after-eight-byte-copy.md		031-encrypted-pvk-key-length-checked-after-eight-byte-copy.md
031-encrypted-pvk-key-length-checked-after-eight-byte-copy.patch		031-encrypted-pvk-key-length-checked-after-eight-byte-copy.patch
032-copied-rsa-pss-contexts-drop-verification-restrictions.md		032-copied-rsa-pss-contexts-drop-verification-restrictions.md
032-copied-rsa-pss-contexts-drop-verification-restrictions.patch		032-copied-rsa-pss-contexts-drop-verification-restrictions.patch
033-embedded-nul-bypasses-dns-name-constraints.md		033-embedded-nul-bypasses-dns-name-constraints.md
033-embedded-nul-bypasses-dns-name-constraints.patch		033-embedded-nul-bypasses-dns-name-constraints.patch
034-embedded-nul-bypasses-email-name-constraints.md		034-embedded-nul-bypasses-email-name-constraints.md
034-embedded-nul-bypasses-email-name-constraints.patch		034-embedded-nul-bypasses-email-name-constraints.patch
035-invalid-certificates-can-pass-ca-purpose-check.md		035-invalid-certificates-can-pass-ca-purpose-check.md
035-invalid-certificates-can-pass-ca-purpose-check.patch		035-invalid-certificates-can-pass-ca-purpose-check.patch
038-negative-key-length-writes-before-key-schedule.md		038-negative-key-length-writes-before-key-schedule.md
038-negative-key-length-writes-before-key-schedule.patch		038-negative-key-length-writes-before-key-schedule.patch
039-out-of-range-ofb-num-leaks-stack-byte.md		039-out-of-range-ofb-num-leaks-stack-byte.md
039-out-of-range-ofb-num-leaks-stack-byte.patch		039-out-of-range-ofb-num-leaks-stack-byte.patch
041-asn-1-octet-string-signatures-accept-trailing-bytes.md		041-asn-1-octet-string-signatures-accept-trailing-bytes.md
041-asn-1-octet-string-signatures-accept-trailing-bytes.patch		041-asn-1-octet-string-signatures-accept-trailing-bytes.patch
042-unbounded-txt-db-line-growth-exhausts-memory.md		042-unbounded-txt-db-line-growth-exhausts-memory.md
042-unbounded-txt-db-line-growth-exhausts-memory.patch		042-unbounded-txt-db-line-growth-exhausts-memory.patch
README.md		README.md

FilesExpand file tree

crypto

Directory actions

More options

Directory actions

More options

Latest commit

History

crypto

Folders and files

parent directory

README.md

LibreSSL libcrypto Audit Findings

Summary

Findings

Entropy and CSPRNG seeding

X.509 path validation

ASN.1 encoding and decoding

Symmetric cipher modes

RSA

CMS

Legacy ciphers

Big numbers and key derivation

Other public-key algorithms

Key and container formats

Configuration and database parsers