From d35fc64987c2a3bbb8e2ec82111b0b54ab33f3d6 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 20 May 2025 11:22:53 -0400 Subject: [PATCH 1/2] Crypto: Missing openssl EVP digest consumers. --- .../HashAlgorithmValueConsumer.qll | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll index a1c0a214b9af..066f0fa1a3ae 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll @@ -30,3 +30,34 @@ class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer { none() } } + +/** + * EVP digest algorithm getters + * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis + */ +class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { + DataFlow::Node valueArgNode; + DataFlow::Node resultNode; + + EVPDigestAlgorithmValueConsumer() { + resultNode.asExpr() = this and + isPossibleOpenSSLFunction(this.(Call).getTarget()) and + ( + this.(Call).getTarget().getName() in [ + "EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj" + ] and + valueArgNode.asExpr() = this.(Call).getArgument(0) + or + this.(Call).getTarget().getName() = "EVP_MD_fetch" and + valueArgNode.asExpr() = this.(Call).getArgument(1) + ) + } + + override DataFlow::Node getResultNode() { result = resultNode } + + override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode } + + override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { + exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i) + } +} From 9f65cb8c4c9bf48ec47bd8be5cd8c0534bd42cf8 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 21 May 2025 11:51:25 -0400 Subject: [PATCH 2/2] Comment/doc cleanup --- .../AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll | 1 - .../AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll index f710ff613c2a..affb7ae6095e 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll @@ -3,7 +3,6 @@ private import experimental.quantum.Language private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase -// TODO: can self referential to itself, which is also an algorithm (Known algorithm) /** * Cases like EVP_MD5(), * there is no input, rather it directly gets an algorithm diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll index 066f0fa1a3ae..52d7949561e8 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll @@ -32,7 +32,7 @@ class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer { } /** - * EVP digest algorithm getters + * The EVP digest algorithm getters * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis */ class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {