Skip to content

Commit 41c6bc1

Browse files
feggefegge
committed
Removed RSA and Camellia from list of legacy algorithms
1 parent 8ef1dd7 commit 41c6bc1

File tree

2 files changed

+7
-5
lines changed

2 files changed

+7
-5
lines changed

cpp/src/crypto/MissingZeroization.ql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,14 @@ import cpp
1313
import crypto.libraries
1414
import semmle.code.cpp.dataflow.new.DataFlow
1515

16+
// TODO: Handle `BN_clear_free` as well.
1617
predicate isCleared(Expr bignum) {
1718
exists(BN_clear clear |
1819
DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(clear.getArgument(0)))
1920
)
2021
}
2122

23+
// TODO: Add support for remaining OpenSSL PRNG functions.
2224
predicate isRandom(Expr bignum) {
2325
exists(BN_rand rand |
2426
DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(rand.getArgument(0)))

cpp/src/crypto/UseOfLegacyAlgorithm.ql

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,12 @@ where
1919
.matches([
2020
// Hash functions
2121
"%md2%", "%md4%", "%md5%", "%ripemd%", "%sha1%", "%whirlpool%", "%streebog%",
22+
// KDFs
23+
"%pbkdf1%",
2224
// Symmetric ciphers
23-
"%arcfour%", "%blowfish%", "%cast%", "%camellia%", "%des%", "%idea%", "%kasumi%",
24-
"%magma%", "%rc2%", "%rc4%", "%tdea%",
25-
// Asymmetric ciphers
26-
"%rsa%"
27-
])
25+
"%arcfour%", "%blowfish%", "%cast%", "%des%", "%idea%", "%kasumi%",
26+
"%magma%", "%rc2%", "%rc4%", "%tdea%"
27+
])
2828
select call.getLocation(),
2929
"Potential use of legacy cryptographic algorithm " + call.getTarget().getQualifiedName() +
3030
" detected"

0 commit comments

Comments
 (0)