CWE Rule 327
Description
Rule Description
The product uses a broken or risky cryptographic algorithm or protocol.
Polyspace Implementation
The rule checker checks for these issues:
- Missing padding for RSA algorithm 
- Nonsecure hash algorithm 
- Nonsecure parameters for key generation 
- Nonsecure RSA public exponent 
- Nonsecure SSL/TLS protocol 
- Unsafe standard encryption function 
- Weak cipher algorithm 
- Weak cipher mode 
- Weak padding for RSA algorithm 
Examples
This issue occurs when you perform RSA encryption or signature by using a context object without associating the object with a padding scheme.
For instance, you perform encryption by using a context object that was initially not associated with a specific padding.
ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING);
...
ret = EVP_PKEY_encrypt(ctx, out, &out_len, in, in_len)Padding schemes remove determinism from the RSA algorithm and protect RSA operations from certain kinds of attack. Padding ensures that a given message does not lead to the same ciphertext each time it is encrypted. Without padding, an attacker can launch chosen-plaintext attacks against the cryptosystem.
Before performing an RSA operation, associate the context object with a padding scheme that is compatible with the operation.
- Encryption: Use the OAEP padding scheme. - For instance, use the - EVP_PKEY_CTX_set_rsa_paddingfunction with the argument- RSA_PKCS1_OAEP_PADDINGor the- RSA_padding_add_PKCS1_OAEPfunction.You can also use the PKCS#1v1.5 or SSLv23 schemes. Be aware that these schemes are considered insecure.- ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);- You can then use functions such as - EVP_PKEY_encrypt/- EVP_PKEY_decryptor- RSA_public_encrypt/- RSA_private_decrypton the context.
- Signature: Use the RSA-PSS padding scheme. - For instance, use the - EVP_PKEY_CTX_set_rsa_paddingfunction with the argument- RSA_PKCS1_PSS_PADDING.You can also use the ANSI X9.31, PKCS#1v1.5, or SSLv23 schemes. Be aware that these schemes are considered insecure.- ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING);- You can then use functions such as the - EVP_PKEY_sign-- EVP_PKEY_verifypair or the- RSA_private_encrypt-- RSA_public_decryptpair on the context.
If you perform two kinds of operation with the same context, after the first operation, reset the padding scheme in the context before the second operation.
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
size_t out_len;
int func(unsigned char *src, size_t len){
  EVP_PKEY_CTX *ctx;
  EVP_PKEY* pkey;
  /* Key generation */
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA,NULL); 
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_keygen_init(ctx);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_keygen(ctx, &pkey);  
  if (ret <= 0) fatal_error();
  /* Encryption */
  EVP_PKEY_CTX_free(ctx);
  ctx = EVP_PKEY_CTX_new(pkey,NULL); 
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_encrypt_init(ctx);
  if (ret <= 0) fatal_error();
  return EVP_PKEY_encrypt(ctx, out_buf, &out_len, src, len);  //Noncompliant
}In this example, before encryption with EVP_PKEY_encrypt, a
                specific padding is not associated with the context object
                ctx.
One possible correction is to set the OAEP padding scheme in the context.
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
size_t out_len;
int func(unsigned char *src, size_t len){
  EVP_PKEY_CTX *ctx;
  EVP_PKEY* pkey;
  /* Key generation */
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA,NULL); 
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_keygen_init(ctx);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_keygen(ctx, &pkey);  
  if (ret <= 0) fatal_error();
  /* Encryption */
  EVP_PKEY_CTX_free(ctx);
  ctx = EVP_PKEY_CTX_new(pkey,NULL); 
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_encrypt_init(ctx);
  ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING); 
  if (ret <= 0) fatal_error();
  if (ret <= 0) fatal_error();
  return EVP_PKEY_encrypt(ctx, out_buf, &out_len, src, len); 
}This issue occurs when you use a cryptographic hash function that is proven to be weak against certain forms of attack.
The hash functions flagged by this checker include SHA-0, SHA-1, MD4, MD5, and RIPEMD-160. The checker detects the use of these hash functions in:
- Functions from the EVP API such as - EVP_DigestUpdateor- EVP_SignUpdate.
- Functions from the low level API such as - SHA1_Updateor- MD5_Update.
You use a hash function to create a message digest from input data and thereby ensure integrity of your data. The hash functions flagged by this checker use algorithms with known weaknesses that an attacker can exploit. The attacks can comprise the integrity of your data.
Use a more secure hash function. For instance, use the later SHA functions such as SHA-224, SHA-256, SHA-384, and SHA-512.
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
unsigned int out_len;
void func(unsigned char *src, size_t len, EVP_PKEY* pkey){
  EVP_MD_CTX* ctx = EVP_MD_CTX_create();
  ret = EVP_SignInit_ex(ctx, EVP_md5(), NULL);
  if (ret != 1) fatal_error();
  ret = EVP_DigestUpdate(ctx,src,len); //Noncompliant
  if (ret != 1) fatal_error();
  ret = EVP_SignFinal(ctx, out_buf, &out_len, pkey);
  if (ret != 1) fatal_error();
}In this example, during initialization with EVP_SignInit_ex,
                the context object is associated with the weak hash function MD5. The checker flags
                the usage of this context in the update step with
                    EVP_DigestUpdate.
One possible correction is to use a hash function from the SHA-2 family, such as SHA-256.
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
unsigned int out_len;
void func(unsigned char *src, size_t len, EVP_PKEY* pkey){
  EVP_MD_CTX* ctx = EVP_MD_CTX_create();
  ret = EVP_SignInit_ex(ctx, EVP_sha256(), NULL); 
  if (ret != 1) fatal_error();
  ret = EVP_SignUpdate(ctx, src, len); 
  if (ret != 1) fatal_error();
  ret = EVP_SignFinal(ctx, out_buf, &out_len, pkey);
  if (ret != 1) fatal_error();
}
This issue occurs when
            you attempt key generation by using an EVP_PKEY_CTX context object
            that is associated with weak parameters. What constitutes a weak parameter depends on
            the public key algorithm used. In the DSA algorithm, a weak parameter can be the result
            of setting an insufficient parameter length.
For instance, you set the number of bits used for DSA parameter generation to 512 bits, and then use the parameters for key generation:
EVP_PKEY_CTX *pctx,*kctx;
EVP_PKEY *params, *pkey;
/* Initializations for parameter generation */
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL);
params = EVP_PKEY_new();
/* Parameter generation */
ret = EVP_PKEY_paramgen_init(pctx);
ret = EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, KEYLEN_512BITS);
ret = EVP_PKEY_paramgen(pctx, ¶ms);
/* Initializations for key generation */
kctx = EVP_PKEY_CTX_new(params, NULL);
pkey = EVP_PKEY_new();
/* Key generation */
ret = EVP_PKEY_keygen_init(kctx);
ret = EVP_PKEY_keygen(kctx, &pkey);Weak parameters lead to keys that are not sufficiently strong for encryption and expose sensitive information to known ways of attack.
Depending on the algorithm, use these parameters:
- Diffie-Hellman (DH): Set the length of the DH prime parameter to 2048 bits. Set the DH generator to 2 or 5.- ret = EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, 2048);- ret = EVP_PKEY_CTX_set_dh_paramgen_generator(pctx, 2);
- Digital Signature Algorithm (DSA): Set the number of bits used for DSA parameter generation to 2048 bits. - ret = EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, 2048);
- RSA: Set the RSA key length to 2048 bits. - ret = EVP_PKEY_CTX_set_rsa_keygen_bits(kctx, 2048);
- Elliptic curve (EC): Avoid using curves that are known to be broken, for instance, - X9_62_prime256v1. Use, for instance,- sect239k1.- ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sect239k1);
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
int func(EVP_PKEY *pkey){
  EVP_PKEY_CTX * ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); 
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_keygen_init(ctx);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512); 
  if (ret <= 0) fatal_error();
  return EVP_PKEY_keygen(ctx, &pkey);  //Noncompliant
}In this example, the RSA key generation uses 512 bits, which makes the generated key vulnerable to attacks.
Use 2048 bits for RSA key generation.
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
int func(EVP_PKEY *pkey){
  EVP_PKEY_CTX * ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); 
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_keygen_init(ctx);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048); 
  if (ret <= 0) fatal_error();
  return EVP_PKEY_keygen(ctx, &pkey); 
}This issue occurs when you attempt RSA key generation by using a context object that is associated with a low public exponent.
For instance, you set a public exponent of 3 in the context object, and then use it for key generation.
/* Set public exponent */
ret = BN_dec2bn(&pubexp, "3");
/* Initialize context */
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); 
pkey = EVP_PKEY_new();
ret = EVP_PKEY_keygen_init(kctx);
/* Set public exponent in context */
ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
/* Generate key */
ret = EVP_PKEY_keygen(kctx, &pkey);A low RSA public exponent makes certain kinds of attacks more damaging, especially when a weak padding scheme is used or padding is not used at all.
It is recommended to use a public exponent of 65537. Using a higher public exponent can make the operations slower.
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
int func(EVP_PKEY *pkey){
  BIGNUM* pubexp;
  EVP_PKEY_CTX* ctx;
  pubexp = BN_new();
  if (pubexp == NULL) fatal_error();
  ret = BN_set_word(pubexp, 3);
  if (ret <= 0) fatal_error();
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_keygen_init(ctx);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
  if (ret <= 0) fatal_error();
  return EVP_PKEY_keygen(ctx, &pkey); //Noncompliant
}In this example, an RSA public exponent of 3 is associated with the context object
                    ctx. The low exponent makes operations that use the generated
                key vulnerable to certain attacks.
One possible correction is to use the recommended public exponent 65537.
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
int func(EVP_PKEY *pkey){
  BIGNUM* pubexp;
  EVP_PKEY_CTX* ctx;
  pubexp = BN_new();
  if (pubexp == NULL) fatal_error();
  ret = BN_set_word(pubexp, 65537);
  if (ret <= 0) fatal_error();
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (ctx == NULL) fatal_error();
  ret = EVP_PKEY_keygen_init(ctx);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
  if (ret <= 0) fatal_error();
  ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
  if (ret <= 0) fatal_error();
  return EVP_PKEY_keygen(ctx, &pkey);
}This issue occurs when you do not
            disable nonsecure protocols in an SSL_CTX or SSL
            context object before using the object for handling SSL/TLS connections.
For instance, you disable the protocols SSL2.0 and TLS1.0 but forget to disable the protocol SSL3.0, which is also considered weak.
/* Create and configure context */
ctx = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1);
/* Use context to handle connection */
ssl = SSL_new(ctx);
SSL_set_fd(ssl, NULL);
ret = SSL_connect(ssl);The protocols SSL2.0, SSL3.0, and TLS1.0 are considered weak in the cryptographic community. Using one of these protocols can expose your connections to cross-protocol attacks. The attacker can decrypt an RSA ciphertext without knowing the RSA private key.
Disable the nonsecure protocols in the context object before using the object to handle connections.
/* Create and configure context */
ctx = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define fatal_error() exit(-1)
int ret;
int func(){
  SSL_CTX *ctx;
  SSL *ssl;
  SSL_library_init();
  /* context configuration */
  ctx = SSL_CTX_new(SSLv23_client_method()); 
  if (ctx==NULL) fatal_error();
  ret = SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM); 
  if (ret <= 0) fatal_error();
  ret = SSL_CTX_load_verify_locations(ctx, NULL, "ca/path"); 
  if (ret <= 0) fatal_error();
  /* Handle connection */
  ssl = SSL_new(ctx);
  if (ssl==NULL) fatal_error();
  SSL_set_fd(ssl, NULL);
  return SSL_connect(ssl);  //Noncompliant
}In this example, the protocols SSL2.0, SSL3.0, and TLS1.0 are not disabled in the context object before the object is used for a new connection.
Disable nonsecure protocols before using the objects for a new connection. Use
                    the function SSL_CTX_set_options to disable the protocols
                    SSL2.0, SSL3.0, and TLS1.0.
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define fatal_error() exit(-1)
int ret;
int func(){
  SSL_CTX *ctx;
  SSL *ssl;
  SSL_library_init();
  /* context configuration */
  ctx = SSL_CTX_new(SSLv23_client_method()); 
  if (ctx==NULL) fatal_error();
  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
  ret = SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM); 
  if (ret <= 0) fatal_error();
  ret = SSL_CTX_load_verify_locations(ctx, NULL, "ca/path"); 
  if (ret <= 0) fatal_error();
  /* Handle connection */
  ssl = SSL_new(ctx);
  if (ssl==NULL) fatal_error();
  SSL_set_fd(ssl, NULL);
  return SSL_connect(ssl); 
}This issue occurs when a standard encryption function uses a broken or weak cryptographic
            algorithm. For example, crypt is not reentrant and is based on the
            risky Data Encryption Standard (DES).
The use of a broken, weak, or nonstandard algorithm can expose sensitive information to an attacker. A determined hacker can access the protected data using various techniques.
If the weak function is nonreentrant, when you use the function in concurrent programs, there is an additional race condition risk.
Avoid functions that use these encryption algorithms. Instead, use a reentrant function that uses a stronger encryption algorithm.
Note
Some implementations of crypt support additional,
possibly more secure, encryption algorithms.
#define _GNU_SOURCE
#include <pwd.h>
#include <string.h>
#include <crypt.h>
volatile int rd = 1;
const char *salt = NULL;
struct crypt_data input, output;
int verif_pwd(const char *pwd, const char *cipher_pwd, int safe)
{
    int r = 0;
    char *decrypted_pwd = NULL;
    
    switch(safe)
    {
      case 1: 
        decrypted_pwd = crypt_r(pwd, cipher_pwd, &output);
        break;
        
      case 2: 
        decrypted_pwd = crypt_r(pwd, cipher_pwd, &output);
        break;
        
      default:
        decrypted_pwd = crypt(pwd, cipher_pwd);  //Noncompliant
        break;
    }
    
    r = (strcmp(cipher_pwd, decrypted_pwd) == 0); 
    
    return r;
}In this example, crypt_r and crypt decrypt
a password. However, crypt is nonreentrant and
uses the unsafe Data Encryption Standard
algorithm.
crypt_rOne possible correction is to replace crypt with crypt_r.
#define _GNU_SOURCE
#include <pwd.h>
#include <string.h>
#include <crypt.h>
volatile int rd = 1;
const char *salt = NULL;
struct crypt_data input, output;
int verif_pwd(const char *pwd, const char *cipher_pwd, int safe)
{
    int r = 0;
    char *decrypted_pwd = NULL;
    
    switch(safe)
    {
      case 1: 
        decrypted_pwd = crypt_r(pwd, cipher_pwd, &output);
        break;
        
      case 2: 
        decrypted_pwd = crypt_r(pwd, cipher_pwd, &output);
        break;
        
      default:
        decrypted_pwd = crypt_r(pwd, cipher_pwd, &output);  
        break;
    }
    
    r = (strcmp(cipher_pwd, decrypted_pwd) == 0);
    
    return r;
}This issue occurs when you associate a weak encryption algorithm with the cipher context.
Some encryption algorithms have known flaws. Though the OpenSSL library still supports the algorithms, you must avoid using them.
If your cipher algorithm is weak, an attacker can decrypt your data by exploiting a known flaw or brute force attacks.
Use algorithms that are well-studied and widely acknowledged as secure.
For instance, the Advanced Encryption Standard (AES) is a widely accepted cipher algorithm.
#include <openssl/evp.h>
#include <stdlib.h>
void func(unsigned char *key, unsigned char *iv) {
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX_init(ctx);
    const EVP_CIPHER * ciph = EVP_des_cbc();        
    EVP_EncryptInit_ex(ctx, ciph, NULL, key, iv);    //Noncompliant
}In this example, the routine EVP_des_cbc() invokes
the Data Encryption Standard (DES) algorithm, which is now considered
as non-secure and relatively slow.
One possible correction is to use the faster and more secure Advanced Encryption Standard (AES) algorithm instead.
#include <openssl/evp.h>
#include <stdlib.h>
void func(unsigned char *key, unsigned char *iv) {
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX_init(ctx);
    const EVP_CIPHER * ciph = EVP_aes_128_cbc();        
    EVP_EncryptInit_ex(ctx, ciph, NULL, key, iv);   
}This issue occurs when you associate a weak block cipher mode with the cipher context.
The cipher mode that is especially flagged by this defect is the Electronic Code Book (ECB) mode.
The ECB mode does not support protection against dictionary attacks.
An attacker can decrypt your data even using brute force attacks.
Use a cipher mode more secure than ECB.
For instance, the Cipher Block Chaining (CBC) mode protects against dictionary attacks by:
- XOR-ing each block of data with the encrypted output from the previous block. 
- XOR-ing the first block of data with a random initialization vector (IV). 
#include <openssl/evp.h>
#include <stdlib.h>
void func(unsigned char *key, unsigned char *iv) {
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX_init(ctx);
    const EVP_CIPHER * ciph = EVP_aes_128_ecb();        
    EVP_EncryptInit_ex(ctx, ciph, NULL, key, iv);    //Noncompliant
}In this example, the routine EVP_aes_128_ecb() invokes
the Advanced Encryption Standard (AES) algorithm in the Electronic
Code Book (ECB) mode. The ECB mode does not support protection against
dictionary attacks.
One possible correction is to use the Cipher Block Chaining (CBC) mode instead.
#include <openssl/evp.h>
#include <stdlib.h>
void func(unsigned char *key, unsigned char *iv) {
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX_init(ctx);
    const EVP_CIPHER * ciph = EVP_aes_128_cbc();        
    EVP_EncryptInit_ex(ctx, ciph, NULL, key, iv);   
}This issue occurs when you perform RSA encryption or signature by using a context object that was previously associated with a weak padding scheme.
For instance, you perform encryption by using a context object that is associated with the PKCS#1v1.5 padding scheme. The scheme is considered insecure and has already been broken.
ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
...
ret = EVP_PKEY_encrypt(ctx, out, &out_len, in, in_len)Padding schemes remove determinism from the RSA algorithm and protect RSA operations from certain kinds of attacks. Padding schemes such as PKCS#1v1.5, ANSI X9.31, and SSLv23 are known to be vulnerable. Do not use these padding schemes for encryption or signature operations.
Before performing an RSA operation, associate the context object with a strong padding scheme.
- Encryption: Use the OAEP padding scheme. - For instance, use the - EVP_PKEY_CTX_set_rsa_paddingfunction with the argument- RSA_PKCS1_OAEP_PADDINGor the- RSA_padding_add_PKCS1_OAEPfunction.- ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);- You can then use functions such as - EVP_PKEY_encrypt/- EVP_PKEY_decryptor- RSA_public_encrypt/- RSA_private_decrypton the context.
- Signature: Use the RSA-PSS padding scheme. - For instance, use the - EVP_PKEY_CTX_set_rsa_paddingfunction with the argument- RSA_PKCS1_PSS_PADDING.- ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING);- You can then use functions such as the - EVP_PKEY_sign-- EVP_PKEY_verifypair or the- RSA_private_encrypt-- RSA_public_decryptpair on the context.
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
int func(unsigned char *src, size_t len, RSA* rsa){
  if (rsa == NULL) fatal_error(); 
  return RSA_public_encrypt(len, src, out_buf, rsa, RSA_PKCS1_PADDING);  //Noncompliant
}In this example, the PKCS#1v1.5 padding scheme is used in the encryption step.
Use the OAEP padding scheme for stronger encryption.
#include <stddef.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#define fatal_error() exit(-1)
int ret;
unsigned char *out_buf;
int func(unsigned char *src, size_t len, RSA* rsa){
  if (rsa == NULL) fatal_error(); 
  return RSA_public_encrypt(len, src, out_buf, rsa, RSA_PKCS1_OAEP_PADDING); 
}Check Information
| Category: Others | 
Version History
Introduced in R2024a
See Also
External Websites
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Web サイトの選択
Web サイトを選択すると、翻訳されたコンテンツにアクセスし、地域のイベントやサービスを確認できます。現在の位置情報に基づき、次のサイトの選択を推奨します:
また、以下のリストから Web サイトを選択することもできます。
最適なサイトパフォーマンスの取得方法
中国のサイト (中国語または英語) を選択することで、最適なサイトパフォーマンスが得られます。その他の国の MathWorks のサイトは、お客様の地域からのアクセスが最適化されていません。
南北アメリカ
- América Latina (Español)
- Canada (English)
- United States (English)
ヨーロッパ
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)