10000 Quantum: Add base classes for OpenSSL EVP methods by GrosQuildu · Pull Request #19607 · github/codeql · GitHub
[go: up one dir, main page]
Skip to content

Quantum: Add base classes for OpenSSL EVP methods #19607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jun 3, 2025
Merged

Quantum: Add base classes for OpenSSL EVP methods #19607

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6d1b1d1
refactor EVP common classes
GrosQuildu May 23, 2025
af8702d
fix openssl outputs
GrosQuildu May 28, 2025
f103e8b
Update cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOper…
GrosQuildu May 29, 2025
328cf79
Apply docs suggestions
GrosQuildu May 29, 2025
f04fa58
rm one-shot class
GrosQuildu May 29, 2025
eff6eb3
remove redundant if/none
GrosQuildu Jun 3, 2025
60d9b6e
update docs
GrosQuildu Jun 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
rm one-shot class
  • Loading branch information
@GrosQuildu
GrosQuildu committed Jun 3, 2025
commit f04fa58c8b5d8e06e76e13fbef03bc8b4286c83e
2 changes: 1 addition & 1 deletion cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ abstract class EVP_Cipher_Operation extends EVPOperation, Crypto::KeyOperationIn
}
}

class EVP_Cipher_Call extends EVPOneShot, EVP_Cipher_Operation {
class EVP_Cipher_Call extends EVPOperation, EVP_Cipher_Operation {
EVP_Cipher_Call() { this.(Call).getTarget().getName() = "EVP_Cipher" }

override Expr getInputArg() { result = this.(Call).getArgument(2) }
Expand Down
12 changes: 6 additions & 6 deletions cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ class EVP_Digest_Update_Call extends EVPUpdate {
}

//https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
class EVP_Q_Digest_Operation extends EVPOneShot, Crypto::HashOperationInstance {
class EVP_Q_Digest_Operation extends EVPOperation, Crypto::HashOperationInstance {
EVP_Q_Digest_Operation() { this.(Call).getTarget().getName() = "EVP_Q_digest" }

override Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }
Expand All @@ -31,15 +31,15 @@ class EVP_Q_Digest_Operation extends EVPOneShot, Crypto::HashOperationInstance {
override Expr getOutputArg() { result = this.(Call).getArgument(5) }

override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() {
Copy link
Preview
Copilot AI May 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] There’s repeated boilerplate in many EVP* classes for overriding getOutputArtifact and getInputConsumer just to call the super implementation. Consider moving those common overrides into a shared intermediate base to reduce duplication.

Copilot uses AI. Check for mistakes.

result = EVPOneShot.super.getOutputArtifact()
result = EVPOperation.super.getOutputArtifact()
}

override Crypto::ConsumerInputDataFlowNode getInputConsumer() {
result = EVPOneShot.super.getInputConsumer()
result = EVPOperation.super.getInputConsumer()
}
}

class EVP_Digest_Operation extends EVPOneShot, Crypto::HashOperationInstance {
class EVP_Digest_Operation extends EVPOperation, Crypto::HashOperationInstance {
EVP_Digest_Operation() { this.(Call).getTarget().getName() = "EVP_Digest" }

// There is no context argument for this function
Expand All @@ -58,11 +58,11 @@ class EVP_Digest_Operation extends EVPOneShot, Crypto::HashOperationInstance {
override Expr getOutputArg() { result = this.(Call).getArgument(2) }

override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() {
result = EVPOneShot.super.getOutputArtifact()
result = EVPOperation.super.getOutputArtifact()
}

override Crypto::ConsumerInputDataFlowNode getInputConsumer() {
result = EVPOneShot.super.getInputConsumer()
result = EVPOperation.super.getInputConsumer()
}
}

Expand Down
7 changes: 1 addition & 6 deletions cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsu

/**
* The base class for all operations of the EVP API.
* Currently final calls and one-shot calls are implemented.
* This captures one-shot APIs (with and without an initilizer call) and final calls.
* Provides some default methods for Crypto::KeyOperationInstance class
*/
abstract class EVPOperation extends OpenSSLOperation {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in EVPOperation should be PascalCase/camelCase.
Expand Down Expand Up @@ -162,8 +162,3 @@ abstract class EVPFinal extends EVPOperation {
*/
override Expr getOutputArg() { result = this.getUpdateCalls().getOutputArg() }
}

/**
* One-shot calls of EVP API.
*/
abstract class EVPOneShot extends EVPOperation { }
0