C++: Improve cpp/weak-cryptographic-algorithm#5896
Conversation
|
Re: the test failure and triple-DES: It turns out we already had an internal test for this query which I didn't find when I looked for it - though it only has a handful of test cases anyway. There's a test case using It occurs to me that, though triple-DES was not listed as a bad algorithm before, the test case was labelled as bad - so I'm not really sure what the original design intent was. My own knowledge + brief research suggests that triple-DES is old and had a few known weaknesses, but I'm not sure if I'd condemn it as entirely 'broken'. According to wikipedia "Triple DES has been deprecated by NIST in 2017". SAMATE seems to consider it broken. I am keen to hear people's thoughts about whether I should add it to the list of "bad" algorithms? |
|
Oops. Sorry for leaving a sequence of tiny reviews, @geoffw0! |
|
I just had a chat with @raulgarciamsft about 3DES - he pointed out a successful attack on it under laboratory conditions, and that it's no longer included in OpenSSL by default. Also, looking at the NIST deprecation, 3DES is disallowed in new FIPS-compliant applications. Given all of that, and that we're already flagging it, I'm comfortable continuing to do so unless we've gotten complaints from users of Relatedly, we should update the link to NIST SP 800-131A to point to the 2019 revision, or perhaps include both (since the 2019 revision doesn't discuss algorithms that were disallowed by the 2015 revision). |
|
I've made some requested changes, a couple of minor fixes, and I've added triple-DES to the insecure list. |
|
The code changes LGTM! This line in retval = do_des(rawl, rawr, &l_out, &r_out, count, data);and this line on av_des_mac(av_des, oc->sm_val, &enc_header[pos], (oc->i_size >> 3));
^ Scratch that. I should've read your initial post more carefully. Having said that, though: should the string I also notice we now flag lots of subsequent lines in the same member function on |
…ll we really need.
|
After some discussion on Slack nobody seems keen to make changes to the Macro library just for better performance on
Yes I think so. Done.
Well spotted! I think we have to be careful about getting both pieces of evidence - particularly the 'additional evidence' - from the declaring type to avoid problems like this. I've made a change which I think addresses this. Thanks for pointing this out. All concerns addressed, though I think I'll do a bit more testing... |
|
New diff run: https://lgtm.com/query/3601742662122109162/ (looks very similar to the previous diff discussed in the PR description) SAMATE run (without a few of the latest commits, but otherwise confirming the new version does just as well on the CWE-327 test cases as before): https://jenkins.internal.semmle.com/job/Security/job/SAMATE/job/SAMATE-cpp-detailed/83/ |
|
Do you know why we lose this result on DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, DESKEY(ks), DES_ENCRYPT);All other results LGTM! 👍 |
As far as I can tell those three results are still reported on the function calls, just not duplicated on those macros any more. |
Oh, you're very correct! I had missed that in the diff run you posted. Thanks for clearing up my confusion 👍 I'm very happy with all the changes now, then! I'll happily merge it as soon as the internal PR is ready (and the change-note I guess?). |
|
Internal PR: https://github.com/github/semmle-code/pull/39406 . Again we haven't actually lost a result, just a duplicate. |
Many improvements aimed at increasing the precision of this query:
Diff run on LGTM:
https://lgtm.com/query/7335937195043825500/
FFmpeg; it appears to contain a DES implementation that's used for reading "Sony OpenMG Music files". If this can only be used to read encrypted files the potential security impact is minimal (the danger posed by weak encryption is to Sony rather than a user of FFmpeg), but I think these results are valid.php/php-src; this contains a DES implementation that appears to be used as a 'fallback' encryption algorithm. That not a good choice - users of this code are likely to be fooling themselves about the security it offers.videolan/vlc; four false positives all eliminated by the changes ( "des" is short for "description").openssl/openssl; it appears to have a macroOPENSSL_NO_DESthat has not been set, we're right to flag a problem in such a build. There's also use of RC2 (not controlled by a macro).The query was previously tagged
error,medium, security`, so it is currently run but not displayed on LGTM; and is part of the security extended suite.Performance figures (locally on my laptop, cleared cache for each run):
MacroInvocation.getAGeneratedElement(), on this specific project only (as far as I can tell). It can be resolved by substituting the slightly simplerMacroInvocation.getAnExpandedElement()and inlining it, but I'm a bit reluctant to rush into making that library change. Though the query is quite a bit slower on this project, it's a long way from a timeout and is fine elsewhere. I think the right call is to leave this alone, unless we've seen problems elsewhere that this would also fix?