2025-10-08 –, Prague/ Technical Deep Dive & Innovation
In this talk, I will discuss my OpenSSL contributions. My first contribution involves a potentially vulnerable code pattern that is the root cause of CVE-2022-37454, a buffer overflow vulnerability in the "official" SHA-3 implementation (Mouha and Celi, CT-RSA 2023). Jaroslav Lobačevski of GitHub Security Lab found the same pattern in OpenSSL, specifically in its HKDF implementation. (HKDF, which stands for HMAC-based Key Derivation Function, is used in TLS 1.3, the protocol that keeps your browser connection secure.) My second contribution is related to OpenSSL issue #13210 ("Incorrect usage of the HMAC APIs"), which discusses an attack when HMAC_Update() is invoked after HMAC_Final() (Benmocha et al., SAC 2020). It surprised me that the attack is no longer possible since OpenSSL 3.2.0 due to a change in the HMAC API, and I proposed adding a regression test to document the new API behavior.
The attendees of this talk will learn about the journey of taking academic research and turning it into contributions to the OpenSSL project. The speaker will share their personal experience as an academic researcher in cryptography. Attendees will gain insight into turning academic papers into GitHub pull requests. The talk will cover the speaker's contributions to OpenSSL, highlighting the importance of collaboration between academic researchers and the open-source community. This talk is ideal for developers, cryptographers, and anyone interested in the real-world impact of academic research.
Dr. Nicky Mouha works as a Contractor at the Computer Security Division of NIST, specializing in the analysis, implementation and standardization of cryptographic algorithms. He discovered vulnerabilities in the cryptographic software of billions of devices: CVE-2019-8741 and CVE-2022-37454. Furthermore, he is the designer of Chaskey, which is a MAC algorithm that is internationally standardized under ISO/IEC 29192-6. He is also the inventor of the MILP and SAT-based techniques that have now become the standard tools to analyze the security of cryptographic algorithms against attacks such as differential and linear cryptanalysis.