Olm is an implementation of the Double Ratchet cryptographic ratchet in C++.
The review covered the 1.3.0 release of the Olm library. Two consultants performed the engagement over a span of two weeks (September 19 to September 30, 2016) and consisted of 15 person-days of effort. A follow-up review of fixes was performed over the latter half of October.
NCC Group’s evaluation focused on issues specific to double ratchets used in secure messaging applications, general cryptographic concerns, and potential vulnerabilities introduced by the C programming environment.
The full audit can be found below.