guidovranken / Cryptofuzz
Licence: gpl-3.0
Fuzzing cryptographic libraries. Magic bug printer go brrrr.
Stars: ✭ 262
Projects that are alternatives of or similar to Cryptofuzz
Oscrypto
Compiler-free Python crypto library backed by the OS, supporting CPython and PyPy
Stars: ✭ 257 (-1.91%)
Mutual labels: cryptography
tweedle
Generator and supporting evidence for security of the Tweedledum/Tweedledee pair of elliptic curves suitable for Halo
Stars: ✭ 16 (-93.89%)
Mutual labels: cryptography
virgil-sdk-cpp
Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more.
Stars: ✭ 18 (-93.13%)
Mutual labels: cryptography
tracehash
Compress long exception traces down to short signatures
Stars: ✭ 20 (-92.37%)
Mutual labels: fuzzing
Mcl
a portable and fast pairing-based cryptography library
Stars: ✭ 252 (-3.82%)
Mutual labels: cryptography
sidh-rs
Supersingular Isogeny Diffie-Hellman in Rust
Stars: ✭ 12 (-95.42%)
Mutual labels: cryptography
libfuzzer
Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
Stars: ✭ 39 (-85.11%)
Mutual labels: fuzzing
profuzzbench
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing
Stars: ✭ 113 (-56.87%)
Mutual labels: fuzzing
cryptography
Cryptography course slides at Harbin Institute of Technology
Stars: ✭ 86 (-67.18%)
Mutual labels: cryptography
he-toolkit
The Intel Homomorphic Encryption (HE) toolkit is the primordial vehicle for the continuous distribution of the Intel HE technological innovation to users. The toolkit has been designed with usability in mind and to make it easier for users to evaluate and deploy homomorphic encryption technology on the Intel platforms.
Stars: ✭ 40 (-84.73%)
Mutual labels: cryptography
Nfreezer
nFreezer is an encrypted-at-rest backup tool.
Stars: ✭ 259 (-1.15%)
Mutual labels: cryptography
kyber-k2so
Go implementation of the Kyber (version 3) post-quantum IND-CCA2 KEM.
Stars: ✭ 23 (-91.22%)
Mutual labels: cryptography
My Talks
List of my talks and workshops: security engineering, applied cryptography, secure software development
Stars: ✭ 261 (-0.38%)
Mutual labels: cryptography
flame
Flame is an ActionScript library that provides a number of useful UI controls, collections, cryptographic services, and utilities to work with the Flex SDK.
Stars: ✭ 18 (-93.13%)
Mutual labels: cryptography
Cryptofuzz - Differential cryptography fuzzing
Documentation
For building Cryptofuzz, please refer to docs/building.md.
For instructions on how to run Cryptofuzz, please see docs/running.md.
Bugs found by Cryptofuzz
- OpenSSL: ARIA GCM ciphers memory leak after EVP_CTRL_AEAD_SET_IVLEN
- OpenSSL: HMAC with SHAKE128 via EVP interface crashes on EVP_DigestSignUpdate
- OpenSSL: BLAKE2b_Update can pass NULL to memcpy (undefined behavior)
- LibreSSL: EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1 decrypt OOB read/crash/invalid result
- OpenSSL: CHACHA20_POLY1305 different results for chunked/non-chunked updating
- OpenSSL: OpenSSL 1.0.2: BIO_read + *_WRAP ciphers copy to uninitialized pointer
- BoringSSL: AEAD AES GCM SIV NULL pointer dereference/OOB read
- LibreSSL: BIO_read can report more bytes written than buffer can hold
- LibreSSL: Use-after-free/bad free after EVP_CIPHER_CTX_copy
- BoringSSL: Use-after-free/bad free after EVP_CIPHER_CTX_copy
- LibreSSL: GOST HMAC uses and outputs uninitialized memory
- OpenSSL: Overlong tag buffer leaves memory uninitialized in CCM mode
- OpenSSL: Buffer write overflow when passing large RC5 key
- OpenSSL: Hang after particular sequence of operations
- LibreSSL: Overlong tag buffer leaves memory uninitialized in CCM mode
- LibreSSL: AES GCM context copy crash
- LibreSSL: Streebog wrong output
- OpenSSL: EVP_EncryptUpdate, EVP_EncryptFinal_ex branching on uninitialized memory
- libgcrypt: Invalid output of MD4, MD5, RIPEMD160
- OpenSSL: RC5 signed integer overflow, TBA
- LibreSSL: AES CCM context copy crash
- LibreSSL: DES EDE3 CFB1 leaves output uninitialized
- Crypto++: Scrypt crash with blocksize 0
- EverCrypt: Illegal instruction exception on non-AVX CPUs
- OpenSSL: OpenSSL 1.0.2: RC4 OOB read
- OpenSSL: OpenSSL 1.0.2: Branch on uninitialized memory in EVP_CIPHER_CTX_copy
- Crypto++: PBKDF1 OOB read
- NSS: MD2 invalid output
- Botan: CAST5_CBC invalid output
- Botan: Streebog invalid output
- Botan: PBKDF2 hang (very long loop) if iterations == 0
- NSS: HKDF SHA1 stack buffer overflow, CVE-2019-11759
- NSS: RC2 CBC OOB read with undersized IV
- NSS: SEED_CBC encryption out-of-bounds write
- NSS: CKM_AES_GCM succeeds with invalid tag sizes, risk of memory corruption
- NSS: PBKDF2 memory leak if key size > 256
- NSS: DES IV buffer overread if IV is undersized
- wolfCrypt: RC4 may dereference empty key
- wolfCrypt: SCRYPT leaves output buffer uninitialized
- wolfCrypt: wc_HKDF + BLAKE2B leaves output buffer uninitialized
- wolfCrypt: PKCS12 PBKDF + SHA3 buffer overflow
- NSS: mp_toradix buffer overflow (write) TBA
- BLAKE3: memcpy undefined behavior in C impl
- sjcl: scrypt wrong result with certain parameters
- sjcl: RIPEMD160 HMAC wrong result
- sjcl: bignum subtraction incorrect result
- NSS: SEEK ECB leaves output buffer uninitialized when encrypting more than 1 block
- libgcrypt: gcry_mpi_invm indicates multiplicative inverse exists when it does not
- wolfCrypt: AES GCM allows IV of size 0
- wolfCrypt: AES CCM allows invalid tag sizes
- LibreSSL: AES GCM allows IV of size 0
- OpenSSL: CAST5 invalid output
- Crypto++: SPECK64 different output if input is passed in chunks
- Crypto++: Undersized SipHash key leads to buffer out-of-bounds read
- libkcapi: PBKDF2 with iteration count = 0 zeroes output buffer
- wolfCrypt: HKDF allows key sizes > 255 * digest size TBA
- Botan: HKDF clamps output to 255 * requested key size
- SymCrypt: Signed overshift and other undefined behavior
- NSS: ChaCha20, ChaCha20/Poly1305 OOB read, OOB write, incorrect output with multi-part updating or small AEAD tag, CVE-2020-12403
- OpenSSL: AES key wrap ciphers out-of-bounds write
- LibreSSL: AES key wrap ciphers use-after-free
- OpenSSL: AES key wrap ciphers use-after-free
- Crypto++: AES GCM encryption with large tag size results in incorrect output, out-of-bounds reads
- mbed TLS: mbedtls_md_setup memory leak if allocation fails
- OpenSSL: EVP_CIPHER_CTX re-initialisation bugs
- OpenSSL: KBKDF NULL ptr dereference
- Botan: PointGFp_Multi_Point_Precompute gives wrong result when an infinity point occurs in the precomputation (credit to @andrewkozlik)
- Botan: ECDSA hash truncation discrepancy
- mbed TLS: mbedtls_cipher_auth_encrypt with AES key wrap OOB write
- bignumber.js: squareRoot() produces incorrect result
- elliptic: Curves p384 and p521 produce incorrect results
- Nettle: Blowfish signed integer overshift
- Golang: crypto/ecdsa: signature verification succeeds when it should fail
- SymCrypt: Elliptic curve private-to-public incorrect result on Linux 32 bit
- libtomcrypt: PKBDF1 hang if iterations is 0
- libtomcrypt: TEA cipher incorrect result
- SymCrypt: NULL pointer access in struct offset resolution
- BearSSL: Carry propagation bug in ECC code. Commit: b2ec2030e40acf5e9e4cd0f2669aacb27eadb540
- Trezor firmware: ECDSA verification fails if hash is curve order
- Botan: ECDSA verification succeeds with invalid public key
- Botan: KDF + BLAKE incorrect result
- Crypto++: ECDSA verification succeeds with invalid signature
- micro-ecc: ECDSA verification fails when it should succeed
- Parity libsecp256k1: RFC6979 signature discrepancy if input is curve order
- LibreSSL: ECDSA verification succeeds with invalid public key
- SymCrypt: Uninitialized memory used as array index in ECDSA verification if hash is 0
- TBA: TBA
- NSS/ecckiila: ECDSA verification fails for all-zero hash
- mbed TLS: mbedtls_mpi_sub_abs memory corruption
- relic: Out-of-bounds read via bn_sqr_basic
- relic: Wrong square root computation
- relic: ECDSA verification discrepancies
- relic: bn_write_str buffer overflow
- Nettle: ECDSA verification fails for all-zero hash
- relic: Buffer overflow via bn_mxp_slide
- relic: bn_mxp_monty incorrect result
- relic: Several other memory and correctness bugs
- libgcrypt: ECDSA verification succeeds with invalid public key
- libgcrypt: Out-of-bounds read in SHA256
- SymCrypt: Invalid ECDSA signature and public key for private key that is curve order
- SymCrypt: ECDSA signing branches on uninitialized memory
- TBA: TBA
- TBA: TBA
- TBA: TBA
- Botan: Incorrect comparison of negative values
- TBA: TBA
- Nettle: TBA
- relic: Modular exponentiation returns 1 if exponent is 0 and modulo is 1
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].