Cryptography Defects
Defects related to incorrect use of OpenSSL cryptography routines
These defects are related to incorrect use of cryptography routines from the OpenSSL library. For instance:
Use of cryptographically weak algorithms
Absence of essential elements such as cipher key or initialization vector
Wrong order of cryptographic operations
Polyspace 결과
Constant block cipher initialization vector | Initialization vector is constant instead of randomized |
Constant cipher key | Encryption or decryption key is constant instead of randomized |
Inconsistent cipher operations | You perform encryption and decryption steps in succession with the same cipher context without a reinitialization in between |
Missing block cipher initialization vector | Context used for encryption or decryption is associated with NULL initialization vector or not associated with an initialization vector |
Missing cipher algorithm | An encryption or decryption algorithm is not associated with the cipher context |
Missing cipher data to process | Final encryption or decryption step is performed without previous update steps |
Missing cipher final step | You do not perform a final step after update steps for encrypting or decrypting data |
Missing cipher key | Context used for encryption or decryption is associated with NULL key or not associated with a key |
Predictable block cipher initialization vector | Initialization vector is generated from a weak random number generator |
Predictable cipher key | Encryption or decryption key is generated from a weak random number generator |
Weak cipher algorithm | Encryption algorithm associated with the cipher context is weak |
Weak cipher mode | Encryption mode associated with the cipher context is weak |
Context initialized incorrectly for cryptographic operation | Context used for public key cryptography operation is initialized for a different operation |
Incorrect key for cryptographic algorithm | Public key cryptography operation is not supported by the algorithm used in context initialization |
Missing data for encryption, decryption or signing operation | Data provided for public key cryptography operation is NULL or data length is zero |
Missing parameters for key generation | Context used for key generation is associated with NULL parameters |
Missing peer key | Context used for shared secret derivation is associated with NULL peer key or not associated with a peer key at all |
Missing private key | Context used for cryptography operation is associated with NULL private key or not associated with a private key at all |
Missing public key | Context used for cryptography operation is associated with NULL public key or not associated with a public key at all |
Nonsecure parameters for key generation | Context used for key generation is associated with weak parameters |
Incompatible padding for RSA algorithm operation | Cryptography operation is not supported by the padding type set in context |
Missing blinding for RSA algorithm | Context used in decryption or signature verification is not blinded against timing attacks |
Missing padding for RSA algorithm | Context used in encryption or signing operation is not associated with any padding |
Nonsecure RSA public exponent | Context used in key generation is associated with low exponent value |
Weak padding for RSA algorithm | Context used in encryption or signing operation is associated with insecure padding type |
Context initialized incorrectly for digest operation | Context used for digest operation is initialized for a different digest operation |
Missing final step after hashing update operation | Hash is incomplete or non-secure |
Missing hash algorithm | Context in EVP routine is initialized without a hash algorithm |
Missing salt for hashing operation | Hashed data is vulnerable to rainbow table attack |
No data added into context | Performing hash operation on empty context might cause run-time errors |
Nonsecure hash algorithm | Context used for message digest creation is associated with weak algorithm |
Missing certification authority list | Certificate for authentication cannot be trusted |
Missing private key for X.509 certificate | Missing key might result in run-time error or non-secure encryption |
Missing X.509 certificate | Server or client cannot be authenticated |
Nonsecure SSL/TLS protocol | Context used for handling SSL/TLS connections is associated with weak protocol |
Server certificate common name not checked | Attacker might use valid certificate to impersonate trusted host |
TLS/SSL connection method not set | Program cannot determine whether to call client or server routines |
TLS/SSL connection method set incorrectly | Program calls functions that do not match role set by connection method |
X.509 peer certificate not checked | Connection might be vulnerable to man-in-the-middle attacks |
도움말 항목
- Bug Finder Defect Groups
The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
웹사이트 선택
번역된 콘텐츠를 보고 지역별 이벤트와 혜택을 살펴보려면 웹사이트를 선택하십시오. 현재 계신 지역에 따라 다음 웹사이트를 권장합니다:
또한 다음 목록에서 웹사이트를 선택하실 수도 있습니다.
사이트 성능 최적화 방법
최고의 사이트 성능을 위해 중국 사이트(중국어 또는 영어)를 선택하십시오. 현재 계신 지역에서는 다른 국가의 MathWorks 사이트 방문이 최적화되지 않았습니다.
미주
- América Latina (Español)
- Canada (English)
- United States (English)
유럽
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)