Skip to content

Commit af8702d

Browse files
GrosQuilduGrosQuildu
committed
fix openssl outputs
1 parent 6d1b1d1 commit af8702d

File tree

4 files changed

+35
-5
lines changed

4 files changed

+35
-5
lines changed

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ class EVP_Cipher_Update_Call extends EVPUpdate {
1212
}
1313

1414
override Expr getInputArg() { result = this.(Call).getArgument(3) }
15+
16+
override Expr getOutputArg() { result = this.(Call).getArgument(1) }
1517
}
1618

1719
/**
@@ -63,4 +65,13 @@ class EVP_Cipher_Final_Call extends EVPFinal, EVP_Cipher_Operation {
6365
"EVP_DecryptFinal", "EVP_CipherFinal"
6466
]
6567
}
68+
69+
/**
70+
* Output is both from update calls and from the final call.
71+
*/
72+
override Expr getOutputArg() {
73+
result = EVPFinal.super.getOutputArg()
74+
or
75+
result = EVP_Cipher_Operation.super.getOutputArg()
76+
}
6677
}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,11 @@ abstract class EVPUpdate extends Call {
6969
* Update calls always have some input data like plaintext or message digest.
7070
*/
7171
abstract Expr getInputArg();
72+
73+
/**
74+
* Update calls sometimes have some output data like a plaintext.
75+
*/
76+
Expr getOutputArg() { none() }
7277
}
7378

7479
/**
@@ -105,8 +110,6 @@ abstract class EVPOperation extends OpenSSLOperation {
105110

106111
/**
107112
* Some output data like ciphertext or signature.
108-
* Always produced directly by this operation.
109-
* Assumption: output is provided as an argument to the call, never as return value.
110113
*/
111114
abstract Expr getOutputArg();
112115

@@ -125,13 +128,15 @@ abstract class EVPOperation extends OpenSSLOperation {
125128
}
126129

127130
Crypto::ArtifactOutputDataFlowNode getOutputArtifact() {
128-
result.asExpr() = this.getOutputArg()
131+
result = DataFlow::exprNode(this.getOutputArg())
129132
}
130133

131134
/**
132135
* Input consumer is the input argument of the call.
133136
*/
134-
Crypto::ConsumerInputDataFlowNode getInputConsumer() { result.asExpr() = this.getInputArg() }
137+
Crypto::ConsumerInputDataFlowNode getInputConsumer() {
138+
result = DataFlow::exprNode(this.getInputArg())
139+
}
135140
}
136141

137142
/**
@@ -147,8 +152,15 @@ abstract class EVPFinal extends EVPOperation {
147152

148153
/**
149154
* The input data was provided to all update calls.
155+
* If more input data was provided in the final call, override the method.
150156
*/
151157
override Expr getInputArg() { result = this.getUpdateCalls().getInputArg() }
158+
159+
/**
160+
* The output data was provided to all update calls.
161+
* If more output data was provided in the final call, override the method.
162+
*/
163+
override Expr getOutputArg() { result = this.getUpdateCalls().getOutputArg() }
152164
}
153165

154166
/**

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,3 @@ import OpenSSLOperationBase
22
import EVPCipherOperation
33
import EVPHashOperation
44
import ECKeyGenOperation
5-
import EVPSignatureOperation

cpp/ql/test/experimental/library-tests/quantum/openssl/cipher_operations.expected

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,15 @@
1+
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:35:36:35:45 | KeyOperationOutput | openssl_basic.c:23:62:23:65 | Key | openssl_basic.c:23:68:23:71 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
2+
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:35:36:35:45 | KeyOperationOutput | openssl_basic.c:23:62:23:65 | Key | openssl_basic.c:31:54:31:55 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
3+
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:35:36:35:45 | KeyOperationOutput | openssl_basic.c:31:49:31:51 | Key | openssl_basic.c:23:68:23:71 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
4+
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:35:36:35:45 | KeyOperationOutput | openssl_basic.c:31:49:31:51 | Key | openssl_basic.c:31:54:31:55 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
15
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:40:38:40:53 | KeyOperationOutput | openssl_basic.c:23:62:23:65 | Key | openssl_basic.c:23:68:23:71 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
26
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:40:38:40:53 | KeyOperationOutput | openssl_basic.c:23:62:23:65 | Key | openssl_basic.c:31:54:31:55 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
37
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:40:38:40:53 | KeyOperationOutput | openssl_basic.c:31:49:31:51 | Key | openssl_basic.c:23:68:23:71 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
48
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:40:38:40:53 | KeyOperationOutput | openssl_basic.c:31:49:31:51 | Key | openssl_basic.c:31:54:31:55 | Nonce | openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | Encrypt |
9+
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:81:49:81:58 | Message | openssl_basic.c:81:32:81:40 | KeyOperationOutput | openssl_basic.c:69:58:69:61 | Key | openssl_basic.c:69:64:69:67 | Nonce | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Decrypt |
10+
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:81:49:81:58 | Message | openssl_basic.c:81:32:81:40 | KeyOperationOutput | openssl_basic.c:69:58:69:61 | Key | openssl_basic.c:77:50:77:51 | Nonce | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Decrypt |
11+
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:81:49:81:58 | Message | openssl_basic.c:81:32:81:40 | KeyOperationOutput | openssl_basic.c:77:45:77:47 | Key | openssl_basic.c:69:64:69:67 | Nonce | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Decrypt |
12+
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:81:49:81:58 | Message | openssl_basic.c:81:32:81:40 | KeyOperationOutput | openssl_basic.c:77:45:77:47 | Key | openssl_basic.c:77:50:77:51 | Nonce | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Decrypt |
513
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:81:49:81:58 | Message | openssl_basic.c:90:36:90:50 | KeyOperationOutput | openssl_basic.c:69:58:69:61 | Key | openssl_basic.c:69:64:69:67 | Nonce | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Decrypt |
614
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:81:49:81:58 | Message | openssl_basic.c:90:36:90:50 | KeyOperationOutput | openssl_basic.c:69:58:69:61 | Key | openssl_basic.c:77:50:77:51 | Nonce | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Decrypt |
715
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:81:49:81:58 | Message | openssl_basic.c:90:36:90:50 | KeyOperationOutput | openssl_basic.c:77:45:77:47 | Key | openssl_basic.c:69:64:69:67 | Nonce | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Decrypt |

0 commit comments

Comments
 (0)