Skip to content

Crypto: Model OpenSSL intermediate digest operations #19521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 19, 2025
Merged

Crypto: Model OpenSSL intermediate digest operations #19521

merged 3 commits into from
May 19, 2025

Conversation

bdrodes
Copy link
Contributor

@bdrodes bdrodes commented May 19, 2025

Adds digest modeling for 'update' and 'final' calls in openssl.

bdrodes added 2 commits May 19, 2025 10:43
@bdrodes
Quantum/Crypto:Adding interemediate hashing to the openssl (e.g., mod…
9712474 
…eling final and update digest separately).
@bdrodes
Quantum/Crypto: To avoid ambiguity, altered OpenSSL EVP_Update_Call a…
74271e4 
…nd EVP_Final_Call used for ciphers to explicitly say "Cipher", e.g., EVP_Cipher_Update_Call. This is also consistent with the new analogous digest operations.
@Copilot Copilot AI review requested due to automatic review settings May 19, 2025 14:46
@bdrodes bdrodes requested a review from a team as a code owner May 19, 2025 14:46
@github-actions github-actions bot added the C++ label May 19, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems May 19, 2025
View reviewed changes
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll

// NOTE: not modeled as hash operations, these are intermediate calls
class EVP_Digest_Update_Call extends Call {
EVP_Digest_Update_Call() { this.(Call).getTarget().getName() in ["EVP_DigestUpdate"] }

Check warning

Code scanning / CodeQL

Singleton set literal Warning

Singleton set literal can be replaced by its member.
Copilot
Copilot AI reviewed May 19, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the OpenSSL quantum library by adding intermediate modeling for EVP digest update/final calls and improving the algorithm-value flow in hash operations.

  • Override getAnAlgorithmValueConsumer in EVP_Hash_Operation to propagate the algorithm from the init call.
  • Introduce EVP_Digest_Update_Call and EVP_Digest_Final_Call classes for intermediate digest calls.
  • Rename intermediate cipher call classes in EVPCipherOperation.qll to EVP_Cipher_Update_Call and EVP_Cipher_Final_Call for naming consistency.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll Added algorithm-value override and new digest intermediate call classes.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll Renamed intermediate cipher call classes to include Cipher prefix.
Comments suppressed due to low confidence (2)

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll:31

  • [nitpick] Remove the large commented-out code blocks and TODO comments (lines 31-101) or move them to issue trackers/documentation to improve readability.
// // override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll:103

  • Introduce unit tests for the new EVP_Digest_Update_Call and EVP_Digest_Final_Call classes to verify their data‐flow modeling.
class EVP_Digest_Update_Call extends Call {

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll
// }
// }

// NOTE: not modeled as hash operations, these are intermediate calls
Copy link
Preview

Copilot AI May 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Add a concise doc comment above the EVP_Digest_Update_Call and EVP_Digest_Final_Call classes to explain their intended data‐flow role.

Suggested change
// NOTE: not modeled as hash operations, these are intermediate calls
/**
* Represents an intermediate call to `EVP_DigestUpdate`, which processes
* additional input data for a digest operation. This class models the
* data flow of the input and context arguments used in the update step.
*/

Copilot uses AI. Check for mistakes.

@nicolaswill nicolaswill requested review from nicolaswill and removed request for a team May 19, 2025 16:13
@nicolaswill nicolaswill changed the title Quantum/Crypto: Openssl intermediate digest operations Crypto: Model OpenSSL intermediate digest operations May 19, 2025
@nicolaswill nicolaswill merged commit 8780399 into github:main May 19, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@nicolaswill nicolaswill nicolaswill approved these changes

Assignees
No one assigned
Labels
C++
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bdrodes @nicolaswill