8000 Quantum: OpenSSL signatures by GrosQuildu · Pull Request #19628 · github/codeql · GitHub
[go: up one dir, main page]
Skip to content

Quantum: OpenSSL signatures #19628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 23 commits into
base: main
Choose a base branch
from
Open

Quantum: OpenSSL signatures #19628

wants to merge 23 commits into from

Conversation

GrosQuildu
Copy link
Contributor
@GrosQuildu GrosQuildu commented May 29, 2025
edited
Loading
  • OpenSSL signatures (EVP): algorithm, algorithmConsumers, operations, tests
  • OpenSSL keygen (EVP)

bdrodes and others added 13 commits May 29, 2025 13:45
@bdrodes @GrosQuildu
Crypto: Adding initial openssl tests, fixing a bug in hash modeling f…
0f874e4 
…ound through tests, and updating CODEOWNERS for quantum tests
@GrosQuildu
refactor EVP common classes
10d8504 
add initial work for openssl signatures

add basic C test files for ciphers and signatures

more signature classes, comments for evp base classes

more signature tests

fix super calls for input consumers

fix getOutputArtifact for tests

formatting

delete redundant test files

move algorithm methods to OpenSSLOperation

refactor ECKeyGenOperation for new EVP classes

formatting

fix getOutputArtifact

fix cipher and digest operation test results

mv openssl signature to another PR
@GrosQuildu
fix openssl outputs
8b96ec9
@GrosQuildu @bdrodes
Update cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOper…
adb9c3b 
…ationBase.qll

Co-authored-by: Ben Rodes <benjaminrodes@gmail.com>
@GrosQuildu @bdrodes
Apply docs suggestions
408224a 
Co-authored-by: Ben Rodes <benjaminrodes@gmail.com>
@GrosQuildu
rm one-shot class
0c17cbf
@GrosQuildu
init work for openssl signatures
c3b384d
@GrosQuildu
openssl signatures - inputs, outputs and algorithms base
c14fba5
@GrosQuildu
start on openssl signature tests
b068833
@GrosQuildu
fix super/parent bug, use new SignatureOperationNode
310469a
@GrosQuildu
flows for key from contexts
804bd89
@GrosQuildu
make signature tests work for algorithms
02fb52c
@GrosQuildu
openssl keygen & tracking of keys-contexts-algorithms
16c136e
@github-actions github-actions bot added the C++ label May 29, 2025
@GrosQuildu GrosQuildu changed the title Openssl signatures Quantum: OpenSSL signatures May 29, 2025
@GrosQuildu GrosQuildu marked this pull request as ready for review May 30, 2025 15:40
@Copilot Copilot AI review requested due to automatic review settings May 30, 2025 15:40
@GrosQuildu GrosQuildu requested review from a team as code owners May 30, 2025 15:40
Copilot
Copilot AI reviewed May 30, 2025
View reviewed changes
Copy link
Contributor
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces support for OpenSSL signatures and key generation within the Quantum library while updating the associated data flows. Key changes include test updates to reflect new nonce and key source expectations, new and updated QL classes for modeling signature operations (EVPSignatureOperation.qll), and modifications to existing base classes and data flow modules (e.g. OpenSSLOperationBase.qll, CtxFlow.qll) to support these changes.

Reviewed Changes

Copilot reviewed 48 out of 48 changed files in this pull request and generated no comments.

Show a summary per file
File Description
cpp/ql/test/experimental/library-tests/quantum/openssl/cipher_nonce_sources.expected Updated expected test output for nonce sources.
cpp/ql/test/experimental/library-tests/quantum/openssl/cipher_key_sources.ql Added query to support new cipher key sources tracking.
cpp/ql/test/experimental/library-tests/quantum/openssl/cipher_key_sources.expected Updated expected test output for key sources.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll Added import for EVPSignatureOperation for signature support.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll Updated base operations including algorithm value consumer flow handling.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll New module modeling EVP signature operations, including initialization, update, and final call classes.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll New module for EVP key generation operations supporting both keygen and parameter generation.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll Updates to hash operations with changes to input/output and data flow tracking.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashInitializer.qll Changed inheritance to extend EVPInitialize.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll Updated cipher operation modeling with revised data flow implementations.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherInitializer.qll Modified to use EVPInitialize and updated key operation subtype handling.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll Simplified EC key generation operation implementation.
cpp/ql/lib/experimental/quantum/OpenSSL/CtxFlow.qll Revised CtxPointerExpr and updated context flow predicates.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/* New files for modeling signature and PKey algorithm consumers integrated into the value consumer framework.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/* New and modified files to support signature algorithm instances and update known algorithm constants.
CODEOWNERS Adjusted pattern matching for experimental quantum code ownership.

@nicolaswill nicolaswill removed the request for review from a team June 2, 2025 18:55
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 2, 2025
View reviewed changes
Copy link
@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@nicolaswill
Copy link
Contributor
nicolaswill commented Jun 3, 2025
edited
Loading

At least one file has not been auto-formatted:

Run find shared */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll would change by autoformatting.
Error: Process completed with exit code 123.

@GrosQuildu GrosQuildu requested review from a team as code owners June 4, 2025 09:35
@github-actions github-actions bot added C# JS documentation Java Python Rust Pull requests that update Rust code and removed C# JS documentation Java Python Rust Pull requests that update Rust code labels Jun 4, 2025
@GrosQuildu GrosQuildu force-pushed the openssl-signatures branch from 7aeb314 to 5dbaf1b Compare June 4, 2025 10:12
@jketema jketema removed request for a team June 4, 2025 10:23
bdrodes
bdrodes reviewed Jun 5, 2025
View reviewed changes
cpp/ql/test/experimental/library-tests/quantum/openssl/openssl_basic.c
<<<<<<< HEAD
}
=======
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh oh... merge conflicts weren't resolved.

jketema
jketema reviewed Jun 5, 2025
View reviewed changes
cpp/ql/test/experimental/library-tests/quantum/openssl/includes/rand_stubs.h
@@ -0,0 +1,3 @@
int RAND_bytes(unsigned char *buf, int num);

int RAND_pseudo_bytes(unsigned char *buf, int num);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All the OpenSSL stubs should go into cpp/ql/test/experimental/stubs/openssl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdrodes bdrodes bdrodes left review comments

@jketema jketema jketema left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C++
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@GrosQuildu @nicolaswill @bdrodes @jketema
0