Defectos de criptografía
Defectos relacionados con el uso incorrecto de rutinas criptográficas de OpenSSL
Estos defectos indican un uso inapropiado de las rutinas criptográficas de la biblioteca OpenSSL. Por ejemplo:
Uso de algoritmos criptográficamente débiles
Ausencia de elementos esenciales como la clave de cifrado o el vector de inicialización
Orden incorrecto de operaciones criptográficas
Resultados de Polyspace
Constant block cipher initialization vector | Initialization vector is constant instead of randomized |
Constant cipher key | Encryption or decryption key is constant instead of randomized |
Inconsistent cipher operations | You perform encryption and decryption steps in succession with the same cipher context without a reinitialization in between |
Missing block cipher initialization vector | Context used for encryption or decryption is associated with NULL initialization vector or not associated with an initialization vector |
Missing cipher algorithm | An encryption or decryption algorithm is not associated with the cipher context |
Missing cipher data to process | Final encryption or decryption step is performed without previous update steps |
Missing cipher final step | You do not perform a final step after update steps for encrypting or decrypting data |
Missing cipher key | Context used for encryption or decryption is associated with NULL key or not associated with a key |
Predictable block cipher initialization vector | Initialization vector is generated from a weak random number generator |
Predictable cipher key | Encryption or decryption key is generated from a weak random number generator |
Weak cipher algorithm | Encryption algorithm associated with the cipher context is weak |
Weak cipher mode | Encryption mode associated with the cipher context is weak |
Context initialized incorrectly for cryptographic operation | Context used for public key cryptography operation is initialized for a different operation |
Incorrect key for cryptographic algorithm | Public key cryptography operation is not supported by the algorithm used in context initialization |
Missing data for encryption, decryption or signing operation | Data provided for public key cryptography operation is NULL or data length is zero |
Missing parameters for key generation | Context used for key generation is associated with NULL parameters |
Missing peer key | Context used for shared secret derivation is associated with NULL peer key or not associated with a peer key at all |
Missing private key | Context used for cryptography operation is associated with NULL private key or not associated with a private key at all |
Missing public key | Context used for cryptography operation is associated with NULL public key or not associated with a public key at all |
Nonsecure parameters for key generation | Context used for key generation is associated with weak parameters |
Incompatible padding for RSA algorithm operation | Cryptography operation is not supported by the padding type set in context |
Missing blinding for RSA algorithm | Context used in decryption or signature verification is not blinded against timing attacks |
Missing padding for RSA algorithm | Context used in encryption or signing operation is not associated with any padding |
Nonsecure RSA public exponent | Context used in key generation is associated with low exponent value |
Weak padding for RSA algorithm | Context used in encryption or signing operation is associated with insecure padding type |
Context initialized incorrectly for digest operation | Context used for digest operation is initialized for a different digest operation |
Missing final step after hashing update operation | Hash is incomplete or non-secure |
Missing hash algorithm | Context in EVP routine is initialized without a hash algorithm |
Missing salt for hashing operation | Hashed data is vulnerable to rainbow table attack |
No data added into context | Performing hash operation on empty context might cause run-time errors |
Nonsecure hash algorithm | Context used for message digest creation is associated with weak algorithm |
Missing certification authority list | Certificate for authentication cannot be trusted |
Missing private key for X.509 certificate | Missing key might result in run-time error or non-secure encryption |
Missing X.509 certificate | Server or client cannot be authenticated |
Nonsecure SSL/TLS protocol | Context used for handling SSL/TLS connections is associated with weak protocol |
Server certificate common name not checked | Attacker might use valid certificate to impersonate trusted host |
TLS/SSL connection method not set | Program cannot determine whether to call client or server routines |
TLS/SSL connection method set incorrectly | Program calls functions that do not match role set by connection method |
X.509 peer certificate not checked | Connection might be vulnerable to man-in-the-middle attacks |
Temas
- Bug Finder Defect Groups
The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Seleccione un país/idioma
Seleccione un país/idioma para obtener contenido traducido, si está disponible, y ver eventos y ofertas de productos y servicios locales. Según su ubicación geográfica, recomendamos que seleccione: .
También puede seleccionar uno de estos países/idiomas:
Cómo obtener el mejor rendimiento
Seleccione China (en idioma chino o inglés) para obtener el mejor rendimiento. Los sitios web de otros países no están optimizados para ser accedidos desde su ubicación geográfica.
América
- América Latina (Español)
- Canada (English)
- United States (English)
Europa
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)