Merge pull request #19541 from bdrodes/openssl_ec_key_gen

Openssl ec key gen
2025-12-16 16:53:25 +01:00 · 2025-05-21 16:13:05 +02:00
parent f660bcdd25 efd9386d6e
commit 7ee1bd61fb
6 changed files with 82 additions and 19 deletions
--- a/shared/quantum/codeql/quantum/experimental/Model.qll
+++ b/shared/quantum/codeql/quantum/experimental/Model.qll
@@ -841,7 +841,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
     * This will be automatically inferred and applied at the node level.
     * See `fixedImplicitCipherKeySize`.
     */
-    abstract string getKeySizeFixed();
+    abstract int getKeySizeFixed();

    /**
     * Gets a consumer for the key size in bits specified for this algorithm variant.
@@ -1044,7 +1044,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
    abstract KeyArtifactType getOutputKeyType();

    // Defaults or fixed values
-    string getKeySizeFixed() { none() }
+    int getKeySizeFixed() { none() }

    // Consumer input nodes
    abstract ConsumerInputDataFlowNode getKeySizeConsumer();
@@ -1900,7 +1900,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
      or
      // [ONLY_KNOWN]
      key = "DefaultKeySize" and
-      value = kdfInstance.getKeySizeFixed() and
+      value = kdfInstance.getKeySizeFixed().toString() and
      location = this.getLocation()
      or
      // [ONLY_KNOWN] - TODO: refactor for known unknowns
@@ -2259,13 +2259,10 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
    /**
     * Gets the key size variant of this algorithm in bits, e.g., 128 for "AES-128".
     */
-    string getKeySizeFixed() {
+    int getKeySizeFixed() {
      result = instance.asAlg().getKeySizeFixed()
      or
-      exists(int size |
-        KeyOpAlg::fixedImplicitCipherKeySize(instance.asAlg().getAlgorithmType(), size) and
-        result = size.toString()
-      )
+      KeyOpAlg::fixedImplicitCipherKeySize(instance.asAlg().getAlgorithmType(), result)
    }

    /**
@@ -2333,7 +2330,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
      // [ONLY_KNOWN]
      key = "KeySize" and
      (
-        value = this.getKeySizeFixed() and
+        value = this.getKeySizeFixed().toString() and
        location = this.getLocation()
        or
        node_as_property(this.getKeySize(), value, location)