Missing data for encryption, decryption or signing operation
Data provided for public key cryptography operation is NULL or data length is zero
Description
This defect occurs when the data provided for an encryption, decryption, signing, or authentication operation is NULL or the data length is zero.
For instance, you unintentionally provide a NULL value for in
or a
zero value for in_len
in this decryption
operation:
ret = EVP_PKEY_decrypt(ctx, out, &out_len, in, in_len);
md
or sig
, or a zero
value for md_len
or sig_len
in this verification
operation:ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen);
Risk
With NULL data or zero length, the operation does not occur. The redundant operation often indicates a coding error.
Fix
Check the placement of the encryption, decryption, or signing operation. If the operation is intended to happen, make sure that the data provided is non-NULL. Set the data length to a nonzero value.
Examples
Result Information
Group: Cryptography |
Language: C | C++ |
Default: Off |
Command-Line Syntax:
CRYPTO_PKEY_NO_DATA |
Impact: Medium |
Version History
Introduced in R2018a
See Also
Context
initialized incorrectly for cryptographic operation
| Incorrect key for
cryptographic algorithm
| Missing
parameters for key generation
| Missing peer
key
| Missing private
key
| Missing public
key
| Nonsecure
parameters for key generation
| Find defects (-checkers)
Topics
- Interpret Bug Finder Results in Polyspace Desktop User Interface
- Interpret Bug Finder Results in Polyspace Access Web Interface (Polyspace Access)
- Address Results in Polyspace User Interface Through Bug Fixes or Justifications
- Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access)