Skip to content

Quantum: Expand OpenSSL cipher modeling and fix JCA false reporting of intermediate calls #19509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 16, 2025
Merged

Quantum: Expand OpenSSL cipher modeling and fix JCA false reporting of intermediate calls #19509

merged 2 commits into from
May 16, 2025

Conversation

bdrodes
Copy link
Contributor

@bdrodes bdrodes commented May 16, 2025

Adds modeling for EVP cipher update calls, flowing their inputs through to EVP cipher final calls.
Fixes a bug in JCA where intermediate cipher calls (updates) were being modeled as cipher operation instances.

@nicolaswill nicolaswill self-requested a review May 16, 2025 15:31
@nicolaswill nicolaswill changed the title Openssl cipher update Quantum: Expand OpenSSL cipher modeling and fix false reporting of intermediate calls May 16, 2025
nicolaswill
nicolaswill reviewed May 16, 2025
View reviewed changes
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll
this.(Call).getTarget().getName() in [
"EVP_EncryptFinal_ex", "EVP_DecryptFinal_ex", "EVP_CipherFinal_ex", "EVP_EncryptFinal",
"EVP_DecryptFinal", "EVP_CipherFinal"
]
}

EVP_Update_Call getUpdateCalls() {
CTXFlow::ctxArgFlowsToCtxArg(result.getContextArg(), this.getContextArg())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest adding a flow configuration as in the JCA for properly modelling inputs and distinguishing between intermediate and final calls.

@nicolaswill nicolaswill changed the title Quantum: Expand OpenSSL cipher modeling and fix false reporting of intermediate calls Quantum: Expand OpenSSL cipher modeling and fix JCA false reporting of intermediate calls May 16, 2025
@nicolaswill nicolaswill marked this pull request as ready for review May 16, 2025 16:46
@nicolaswill nicolaswill requested a review from a team as a code owner May 16, 2025 16:46
@nicolaswill nicolaswill self-requested a review May 16, 2025 16:46
@nicolaswill nicolaswill merged commit 30e2c44 into github:main May 16, 2025
17 checks passed
@bdrodes bdrodes deleted the openssl_cipher_update branch May 19, 2025 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolaswill nicolaswill nicolaswill approved these changes

Assignees
No one assigned
Labels
C++ Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bdrodes @nicolaswill