Adding modeling for OpenSSL random number generation.

bdrodes · bdrodes · commit 036035b6a224 · 2025-03-10T15:04:19.000-04:00
diff --git a/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSL.qll b/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSL.qll
@@ -7,6 +7,7 @@ module OpenSSLModel {
   import experimental.Quantum.OpenSSL.EVPHashOperation
   import experimental.Quantum.OpenSSL.EVPCipherAlgorithmSource
   import experimental.Quantum.OpenSSL.EVPHashAlgorithmSource
+  import experimental.Quantum.OpenSSL.Random
 
 
 //   // TODO: trace CTX from init variants to the context arg of EVP update calls
diff --git a/cpp/ql/lib/experimental/Quantum/OpenSSL/Random.qll b/cpp/ql/lib/experimental/Quantum/OpenSSL/Random.qll
@@ -0,0 +1,21 @@
+import cpp
+private import experimental.Quantum.Language
+private import codeql.cryptography.Model
+private import LibraryDetector
+private import semmle.code.cpp.dataflow.new.DataFlow
+
+class OpenSSLRandomNumberGeneratorInstance extends Crypto::RandomNumberGenerationInstance instanceof Call
+{
+  OpenSSLRandomNumberGeneratorInstance() {
+    this.(Call).getTarget().getName() in ["RAND_bytes", "RAND_pseudo_bytes"] and
+    isPossibleOpenSSLFunction(this.(Call).getTarget())
+  }
+
+  override Crypto::DataFlowNode getOutputNode() {
+    result.asDefiningArgument() = this.(Call).getArgument(0)
+  }
+
+  override predicate flowsTo(Crypto::FlowAwareElement other) {
+    ArtifactUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+  }
+}
