all InfoSec news
Catching OpenSSL misuse using CodeQL
Malware Analysis, News and Indicators - Latest topics malware.news
By Damien Santiago
I’ve created five CodeQL queries that catch potentially potent bugs in the OpenSSL libcrypto API, a widely adopted but often unforgiving API that can be misused to cause memory leaks, authentication bypasses, and other subtle cryptographic issues in implementations. These queries—which I developed during my internship with my mentors, Fredrik Dahlgren and Filipe Casal—help prevent misuse by ensuring proper key handling and entropy initialization and checking if bignums are cleared.
To run our queries on …
api authentication bugs catch codeql cryptographic dahlgren leaks memory memory leaks openssl