The Swiss-based p≡p foundation that intends to encrypt all digital written communication fully automatically ("Privacy by Default", cf. White Paper [1]) releases the first independent code audit [2] (signature of the report [3]) of its core component, the p≡p engine today.

That means, all source code gets systematically analyzed by specialists. p≡p's main focus with this approach is to discover programming errors in the p≡p engine, which are critical from a security standpoint. This approach also uncovers other errors and issues, which can influence the program's stability and performance. These will subsequently be fixed. The p≡p engine is the most critical component of p≡p and is interface to the cryptographic libraries used. It coordinates the automatic key management, encryption and decryption, signatures and transport of the text messages for every p≡p-based software. All of the source code is publicly available under the Free Software license GNU GPL v3 [4] and can thus be read, commented and used. [5][6]

p≡p engaged German-based SektionEins GmbH as the specialist organization to carry out the code audit. The auditing process of the almost 10'000 lines of C code already started in August 2015, even though the intensive work took place over the summer of 2016. At last v0.8.0 of the p≡p engine [7] (signature of the code by SektionEins [8]) was audited. The specialists read the source code line by line and report any issues they encounter. These remarks are then shared with the p≡p developers, who rework the issues found and present their fixes to the specialists for another review. This process is repeated until all the findings are remedied in an acceptable fashion. "This does not provide a 100% guarantee for error-free code, but it means the independent specialists and ourselves did whatever is humanly possible to achieve that goal", says Hernâni Marques, member of the council and spokesperson of the foundation.

Seven errors with severity level "medium", four with severity level "high" and some other errors were reported by SektionEins. In summary, Krista Grothoff, member of the p≡p developer team, comments: "Most of the issues were garden-variety errors - memory allocation/deallocation, error handling, etc. These kinds of errors are small and easy to fix when detected, but left alone, they can create much larger security issues. But the audit also addressed design choices which were not errors per se; rather, they were potential sources of confusion or future problems in the development process."

Hernâni Marques adds to that: "Of course it was the case that the critical errors were processed immediately, promptly providing an update of the software to our existing users." He also makes clear that this is not a unique event, but a process: "p≡p foundation contracted SektionEins to re-audit the code changes upon every release." So everyone has the chance to verify the quality of the code.

This code audit is just the beginning of a recurring code audit process. After the completion of the just published p≡p engine code audit, SektionEins started auditing the p≡p adapters. Code audits of p≡p's apps and add-ons will follow next.

Update 2016-10-18: The report linked (with new signature) is now version 0.2e instead of 0.2d for the following reason and change: "Clarified pEp legal entities on the front page and appended a notes section with all addresses."

Contact: Hernâni Marques
(GPG Key hernani.marques@pep.foundation_pubkey.asc: 3173 3E0C 598D 3A1C F709 55D6 CB57 3865 2768 F7E9)
tel: +41 79 945 48 85 (ENG, FRA, GER, ITA, POR)

[1] (PDF)
[5] / (CAcert cert)
[6] / (Let's Encrypt cert)