LibreSSL libcrypto Audit Findings Security audit of LibreSSL's libcrypto, the cryptography library underneath libssl. Each finding includes a detailed write-up and a patch.
Total findings: 37 -- High: 24, Medium: 13
Entropy and CSPRNG seeding
#
Finding
Severity
008 getentropy succeeds with non-OS fallback entropy (AIX)
High
009 getentropy falls back to non-OS entropy (HP-UX)
High
010 getentropy succeeds after entropy sources fail (Linux)
High
011 Entropy source fails open to system-state hash (macOS)
High
012 getentropy succeeds after kernel entropy failure (Solaris)
High
#
Finding
Severity
003 IP verifier accepts trailing garbage
High
004 Delta CRL can satisfy full revocation coverage
High
006 Inherited ASID skips issuer resource absence
High
007 Wrong-purpose certificates pass verification
High
033 Embedded NUL bypasses DNS name constraints
High
034 Embedded NUL bypasses email name constraints
High
035 Invalid certificates can pass CA-purpose check
High
ASN.1 encoding and decoding
#
Finding
Severity
013 Empty CSR attribute set dereferences NULL
Medium
018 Multipart boundary accepts prefixed delimiter lines
Medium
020 Sequence length signed integer overflow
High
021 Set-of length signed integer overflow
High
024 UTF8 output length counter overflows
Medium
025 Terminator byte addition overflows allocation size
Medium
#
Finding
Severity
015 Unchecked CFB state indexes past IV
High
029 CBC decrypt reads past partial trailing ciphertext
Medium
030 Zero-length GCM tag authenticates successfully
High
#
Finding
Severity
032 Copied RSA-PSS contexts drop verification restrictions
High
041 ASN.1 OCTET STRING signatures accept trailing bytes
High
#
Finding
Severity
014 PWRI unwrap reads past short stream-cipher encrypted keys
High
027 Signer info retains freed pkey context
Medium
#
Finding
Severity
022 High-bit salt indexes past con_salt (DES)
Medium
028 Zero-bit CFB causes infinite loop (DES)
Medium
038 Negative key length writes before key schedule (RC2)
High
039 Out-of-range OFB num leaks stack byte (RC2)
Medium
Big numbers and key derivation
#
Finding
Severity
001 Constant-time modular exponentiation downgrades on even moduli
High
002 Negative PBKDF2 key length becomes huge memcpy
High
Other public-key algorithms
#
Finding
Severity
019 Ed25519 accepts non-canonical public keys
High
023 SM2 C2 length overwrites plaintext buffer
High
Key and container formats
#
Finding
Severity
016 Failed safe repack is treated as success (PKCS12)
Medium
031 Encrypted PVK key length checked after eight-byte copy
Medium
Configuration and database parsers
#
Finding
Severity
005 Unbounded config line overflows buffer offset
Medium
042 Unbounded TXT_DB line growth exhausts memory
Medium