CWE Rule 353
Description
Rule Description
The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
Polyspace Implementation
The rule checker checks for these issues:
Context initialized incorrectly for digest operation
Nonsecure hash algorithm
Examples
This issue occurs when you initialize an EVP_MD_CTX context object for a
specific digest operation but use the context for a different operation.
For instance, you initialize the context for creating a message digest only.
ret = EVP_DigestInit(ctx, EVP_sha256())ret = EVP_SignFinal(&ctx, out, &out_len, pkey);EVP_DigestUpdate works identically to EVP_SignUpdate.Mixing up different operations on the same context can lead to obscure code. It is difficult to determine at a glance whether the current object is used for message digest creation, signing, or verification. The mixup can also lead to a failure in the operation or unexpected message digest.
After you set up a context for a certain family of operations, use the context for only that family of operations. For instance, use these pairs of functions for initialization and final steps.
EVP_DigestInit:EVP_DigestFinalEVP_DigestInit_ex:EVP_DigestFinal_exEVP_DigestSignInit:EVP_DigestSignFinal
If you want to reuse an existing context object for a different family of operations, reinitialize the context.
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf16;
unsigned int out_len16;
void func(unsigned char *src, size_t len){
EVP_MD_CTX* ctx = EVP_MD_CTX_create();
ret = EVP_SignInit_ex(ctx, EVP_sha256(), NULL);
if (ret != 1) fatal_error();
ret = EVP_SignUpdate(ctx, src, len);
if (ret != 1) fatal_error();
ret = EVP_DigestSignFinal(ctx, out_buf16, (size_t*) out_len16); //Noncompliant
if (ret != 1) fatal_error();
}In this example, the context object is initialized for signing only with
EVP_SignInit but the final step attempts to create a signed
digest with EVP_DigestSignFinal.
One possible correction is to use the context object for signing only. Change
the final step to EVP_SignFinal in keeping with the
initialization step.
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf16;
unsigned int out_len16;
void corrected_cryptomdbadfunction(unsigned char *src, size_t len, EVP_PKEY* pkey){
EVP_MD_CTX* ctx = EVP_MD_CTX_create();
ret = EVP_SignInit_ex(ctx, EVP_sha256(), NULL);
if (ret != 1) fatal_error();
ret = EVP_SignUpdate(ctx, src, len);
if (ret != 1) fatal_error();
ret = EVP_SignFinal(ctx, out_buf16, &out_len16, pkey);
if (ret != 1) fatal_error();
}This issue occurs when you use a cryptographic hash function that is proven to be weak against certain forms of attack.
The hash functions flagged by this checker include SHA-0, SHA-1, MD4, MD5, and RIPEMD-160. The checker detects the use of these hash functions in:
Functions from the EVP API such as
EVP_DigestUpdateorEVP_SignUpdate.Functions from the low level API such as
SHA1_UpdateorMD5_Update.
You use a hash function to create a message digest from input data and thereby ensure integrity of your data. The hash functions flagged by this checker use algorithms with known weaknesses that an attacker can exploit. The attacks can comprise the integrity of your data.
Use a more secure hash function. For instance, use the later SHA functions such as SHA-224, SHA-256, SHA-384, and SHA-512.
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
unsigned int out_len;
void func(unsigned char *src, size_t len, EVP_PKEY* pkey){
EVP_MD_CTX* ctx = EVP_MD_CTX_create();
ret = EVP_SignInit_ex(ctx, EVP_md5(), NULL);
if (ret != 1) fatal_error();
ret = EVP_DigestUpdate(ctx,src,len); //Noncompliant
if (ret != 1) fatal_error();
ret = EVP_SignFinal(ctx, out_buf, &out_len, pkey);
if (ret != 1) fatal_error();
}In this example, during initialization with EVP_SignInit_ex,
the context object is associated with the weak hash function MD5. The checker flags
the usage of this context in the update step with
EVP_DigestUpdate.
One possible correction is to use a hash function from the SHA-2 family, such as SHA-256.
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
unsigned int out_len;
void func(unsigned char *src, size_t len, EVP_PKEY* pkey){
EVP_MD_CTX* ctx = EVP_MD_CTX_create();
ret = EVP_SignInit_ex(ctx, EVP_sha256(), NULL);
if (ret != 1) fatal_error();
ret = EVP_SignUpdate(ctx, src, len);
if (ret != 1) fatal_error();
ret = EVP_SignFinal(ctx, out_buf, &out_len, pkey);
if (ret != 1) fatal_error();
}
Check Information
| Category: Data Integrity Issues |
Version History
Introduced in R2023a
See Also
External Websites
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Sélectionner un site web
Choisissez un site web pour accéder au contenu traduit dans votre langue (lorsqu'il est disponible) et voir les événements et les offres locales. D’après votre position, nous vous recommandons de sélectionner la région suivante : .
Vous pouvez également sélectionner un site web dans la liste suivante :
Comment optimiser les performances du site
Pour optimiser les performances du site, sélectionnez la région Chine (en chinois ou en anglais). Les sites de MathWorks pour les autres pays ne sont pas optimisés pour les visites provenant de votre région.
Amériques
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)