You Really Shouldn't Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries

TL;DR

This study analyzes vulnerabilities in cryptographic libraries, revealing that system-level bugs and complexity are major security concerns, surpassing cryptographic flaws, and highlighting the risks of bloated codebases.

Contribution

First comprehensive empirical analysis of cryptographic library vulnerabilities, linking complexity and system-level bugs to security risks, with comparative insights against non-cryptographic systems.

Findings

Only 27.2% of vulnerabilities are cryptographic issues.

37.2% of vulnerabilities are memory safety issues.

Cryptographic libraries are more complex and vulnerable than similar non-cryptographic systems.

Abstract

The security of the Internet rests on a small number of open-source cryptographic libraries: a vulnerability in any one of them threatens to compromise a significant percentage of web traffic. Despite this potential for security impact, the characteristics and causes of vulnerabilities in cryptographic software are not well understood. In this work, we conduct the first comprehensive analysis of cryptographic libraries and the vulnerabilities affecting them. We collect data from the National Vulnerability Database, individual project repositories and mailing lists, and other relevant sources for eight widely used cryptographic libraries. Among our most interesting findings is that only 27.2% of vulnerabilities in cryptographic libraries are cryptographic issues while 37.2% of vulnerabilities are memory safety issues, indicating that systems-level bugs are a greater security concern than the actual cryptographic procedures. In our investigation of the causes of these vulnerabilities, we find evidence of a strong correlation between the complexity of these libraries and their (in)security, empirically demonstrating the potential risks of bloated cryptographic codebases. We further compare our findings with non-cryptographic systems, observing that these systems are, indeed, more complex than similar counterparts, and that this excess complexity appears to produce significantly more vulnerabilities in cryptographic libraries than in non-cryptographic software.