Use secure mode and padding scheme for ECB Not Detected Consistently Across C/JAVA Languages

kirkpabk · January 25, 2022, 10:27am

Appears that the equivalent flawed algorithm for ECB in C is not detected as it is in Java for the ECB cipher init method.

Encryption algorithms should be used with secure mode and padding scheme c:S5542
#define MODE_ECB = 1
…
rc = cipherInit(&cipher, MODE_ECB, NULL); NOT DETECTED

Encryption algorithms should be used with secure mode and padding scheme java:S5542
private static final String algorithm = “AES”;
private String transformation = algorithm + “/ECB/PKCS5Padding”;
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, keySpec); DETECTED

Hendrik_Buchwald · January 25, 2022, 10:57am

Hello Brian,

Could you please provide more information on what library you are using in C? Thanks!

Pierre-Loup_Tristant · March 7, 2022, 9:02am

Hi @kirkpabk

Are you using gnulib crypto? We don’t support this library for the moment and this explains why the issue is not found.

kirkpabk · April 26, 2022, 7:08pm

Thanks–I think that might be it.

system · May 6, 2022, 12:23pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.