Skip to content

picotls

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

picotls

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
001-tls-1-2-receive-path-suppresses-decryption-errors.md
001-tls-1-2-receive-path-suppresses-decryption-errors.md
 
 
001-tls-1-2-receive-path-suppresses-decryption-errors.patch
001-tls-1-2-receive-path-suppresses-decryption-errors.patch
 
 
002-unchecked-aes-gcm-resize-null-dereference-on-encrypt.md
002-unchecked-aes-gcm-resize-null-dereference-on-encrypt.md
 
 
002-unchecked-aes-gcm-resize-null-dereference-on-encrypt.patch
002-unchecked-aes-gcm-resize-null-dereference-on-encrypt.patch
 
 
003-setup-reports-success-after-aes-gcm-allocation-failure.md
003-setup-reports-success-after-aes-gcm-allocation-failure.md
 
 
003-setup-reports-success-after-aes-gcm-allocation-failure.patch
003-setup-reports-success-after-aes-gcm-allocation-failure.patch
 
 
006-rsa-key-bit-parser-reads-past-short-buffer.md
006-rsa-key-bit-parser-reads-past-short-buffer.md
 
 
006-rsa-key-bit-parser-reads-past-short-buffer.patch
006-rsa-key-bit-parser-reads-past-short-buffer.patch
 
 
007-key-generation-failure-ignored-before-ecdh.md
007-key-generation-failure-ignored-before-ecdh.md
 
 
007-key-generation-failure-ignored-before-ecdh.patch
007-key-generation-failure-ignored-before-ecdh.patch
 
 
008-one-shot-ecdh-ignores-key-generation-failure.md
008-one-shot-ecdh-ignores-key-generation-failure.md
 
 
008-one-shot-ecdh-ignores-key-generation-failure.patch
008-one-shot-ecdh-ignores-key-generation-failure.patch
 
 
009-signature-generation-failure-ignored.md
009-signature-generation-failure-ignored.md
 
 
009-signature-generation-failure-ignored.patch
009-signature-generation-failure-ignored.patch
 
 
010-aead-constructor-failure-is-reported-as-success.md
010-aead-constructor-failure-is-reported-as-success.md
 
 
010-aead-constructor-failure-is-reported-as-success.patch
010-aead-constructor-failure-is-reported-as-success.patch
 
 
012-decrypt-underflows-ciphertext-length-before-tag-split.md
012-decrypt-underflows-ciphertext-length-before-tag-split.md
 
 
012-decrypt-underflows-ciphertext-length-before-tag-split.patch
012-decrypt-underflows-ciphertext-length-before-tag-split.patch
 
 
013-assert-only-length-guard-allows-mask-index-underflow.md
013-assert-only-length-guard-allows-mask-index-underflow.md
 
 
013-assert-only-length-guard-allows-mask-index-underflow.patch
013-assert-only-length-guard-allows-mask-index-underflow.patch
 
 
014-split-input-overruns-block-buffers-for-oversized-lengths.md
014-split-input-overruns-block-buffers-for-oversized-lengths.md
 
 
014-split-input-overruns-block-buffers-for-oversized-lengths.patch
014-split-input-overruns-block-buffers-for-oversized-lengths.patch
 
 
README.md
README.md
 
 

README.md

picotls Audit Findings

Security audit of picotls, a TLS 1.3 implementation in C. Each finding includes a detailed write-up and a patch.

Summary

Total findings: 11 -- High: 7, Medium: 4

Findings

TLS 1.2 record path

# Finding Severity
001 TLS 1.2 receive path suppresses decryption errors High

AEAD / AES-GCM

# Finding Severity
002 Unchecked AES-GCM resize NULL-dereferences on encrypt High
003 Setup reports success after AES-GCM allocation failure High
010 AEAD constructor failure is reported as success High
012 Decrypt underflows ciphertext length before tag split High

Key generation & ECDH

# Finding Severity
007 Keygen failure proceeds into ECDH state Medium
008 One-shot ECDH ignores key generation failure Medium

Signature handling

# Finding Severity
009 Signature generation failure ignored Medium

RSA key parsing

# Finding Severity
006 RSA key-bit parser overreads short DER input Medium

QUIC-LB packet protection

# Finding Severity
013 Assert-only length guard allows mask index underflow High
014 Split input overruns block buffers for oversized lengths High