- OpenSSL: ARIA GCM ciphers memory leak after EVP_CTRL_AEAD_SET_IVLEN
- OpenSSL: HMAC with SHAKE128 via EVP interface crashes on EVP_DigestSignUpdate
- OpenSSL: BLAKE2b_Update can pass NULL to memcpy (undefined behavior)
- LibreSSL: EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1 decrypt OOB read/crash/invalid result
- OpenSSL: CHACHA20_POLY1305 different results for chunked/non-chunked updating
- OpenSSL: OpenSSL 1.0.2: BIO_read + *_WRAP ciphers copy to uninitialized pointer
- BoringSSL: AEAD AES GCM SIV NULL pointer dereference/OOB read
- LibreSSL: [BIO_read can r
Guido Vranken guidovranken
guidovranken
/ libgcrypt-1.12.0-point-corruption-poc.c
Created
January 29, 2026 14:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <gcrypt.h> | |
| int main(void) { | |
| gcry_control(GCRYCTL_DISABLE_SECMEM, 0); | |
| gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); | |
| gcry_ctx_t ctx; | |
| gcry_mpi_ec_new(&ctx, NULL, "sm2p256v1"); |
guidovranken
/ Dockerfile
Created
January 16, 2026 00:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # docker build -t cbmpc-poc . && docker run cbmpc-poc | |
| FROM ubuntu:24.04@sha256:7a398144c5a2fa7dbd9362e460779dc6659bd9b19df50f724250c62ca7812eb3 | |
| # Avoid prompts from apt | |
| ENV DEBIAN_FRONTEND=noninteractive | |
| # Update package lists and install dependencies | |
| RUN apt-get update && \ | |
| apt-get install -y \ |
guidovranken
/ bugs.md
Last active
January 20, 2026 02:27
guidovranken
/ openssl-CVE-2022-2274-poc.c
Created
July 6, 2022 14:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
| * | |
| * Licensed under the Apache License 2.0 (the "License"); | |
| * you may not use this file except in compliance with the License. | |
| * You may obtain a copy of the License at | |
| * https://www.openssl.org/source/license.html | |
| * or in the file LICENSE in the source distribution. | |
| */ |
guidovranken
/ prime-factorization-synthesis.py
Created
July 2, 2022 21:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from sympy import randprime | |
| from math import isqrt | |
| def run(i): | |
| t5=isqrt(i) | |
| t=(isqrt(isqrt(i*2065)*2)*128+3) | |
| t2=t-(isqrt(t)**2) | |
| t3=((t*16+t2)*128+t2)*8 | |
| t=t3+t5 | |
| t4=t3-(isqrt(t3)**2) |
guidovranken
/ openssl-modexp-bug-fuzzer.c
Created
June 27, 2022 04:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> | |
| #include <assert.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <openssl/bn.h> | |
| #if 1 /* Taken from OpenSSL */ | |
| #define BN_MASK2 (0xffffffffffffffffLL) | |
| BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, |
guidovranken
/ openssl-modexp-bug-poc.c
Created
June 3, 2022 08:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <openssl/bn.h> | |
| int main(void) | |
| { | |
| BIGNUM* base = BN_new(); | |
| BIGNUM* exp = BN_new(); | |
| BIGNUM* mod = BN_new(); | |
| BIGNUM* res = BN_new(); | |
| BN_CTX* ctx = BN_CTX_new(); | |
| BN_dec2bn(&base, "20602718629153394716678609007360754677019714782193251481833419525142182531659985037375070145510293237451017584368188091022126870685458069386237266432"); |
guidovranken
/ openssl-client-dos.py
Created
March 21, 2022 20:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hello = "\x16\x03\x0b\x00\x58\x02\x00\x00\x54\x03\x03\xcf\x21\xad\x74\xe5\x9a\x61\x11\xbe\x1d\x8c\x02\x1e\x65\xb8\x91\xc2\xa2\x11\x16\x7a\xbb\x8c\x5e\x07\x9e\x09\xe2\xc8\xa8\x33\x9c\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x13\x01\x00\x00\x0c\x00\x2b\x00\x02\x03\x04\x00\x33\x00\x02\x01\x03\x16\x03\x0b\x00\x58\x02\x00\x00\x54\x03\x03\xcf\x21\xad\x74\xe5\x9a\x61\x11\xbe\x1d\x8c\x02\x1e\x65\xb8\x91\xc2\xa2\x11\x16\x7a\xbb\x8c\x5e\x07\x9e\x09\xe2\xc8\xa8\x33\x9c\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x13\x01\x00\x00\x0c\x00\x2b\x00\x02\x03\x04\x00\x33\x00\x02\x01\x04" | |
| header = "\x16\x03\x0b\x00\x58\x02\x00\x00\x54\x03\x03\xcf\x21\xad\x74\xe5\x9a\x61\x11\xbe\x1d\x8c\x02\x1e\x65\xb8\x91\xc2\xa2\x11\x16\x7a\xbb\x8c\x5e\x07\x9e\x09\xe2\xc8\xa8\x33\x9c\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x1 |
guidovranken
/ gist:072be361a0aaa2b7b70dc81d5e876168
Created
April 15, 2021 23:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <fuzzing/datasource/datasource.hpp> | |
| #include <stdexcept> | |
| #include <optional> | |
| #include <string> | |
| #include <iostream> | |
| extern "C" { | |
| #include <wolfssl/options.h> | |
| #include <wolfssl/wolfcrypt/integer.h> |
guidovranken
/ symcrypt_poc.c
Created
December 18, 2020 18:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Compile: | |
| export CC=clang | |
| git clone --depth 1 https://github.com/microsoft/SymCrypt.git | |
| cd SymCrypt/ | |
| # Unittests don't build with clang and are not needed anyway | |
| sed -i "s/^add_subdirectory(unittest)$//g" CMakeLists.txt | |
| mkdir b/ | |
| cd b/ |
NewerOlder