From 6b267479beaf9aa8dbf79376278adf9dbe04ce2b Mon Sep 17 00:00:00 2001
From: "REDMOND\\brodes" <brodes@microsoft.com>
Date: Fri, 30 May 2025 09:35:33 -0400
Subject: [PATCH] Crypto: Update crypto stubs location under 'crypto' and
 associate codeowners on any `test/stubs/crypto`. Minor fix to
 HashAlgorithmValueConsumer (remove library detector logic).

---
 CODEOWNERS                                            |  1 +
 .../HashAlgorithmValueConsumer.qll                    | 11 +++--------
 .../library-tests/quantum/openssl/options             |  2 +-
 .../test/stubs/{ => crypto}/openssl/alg_macro_stubs.h |  0
 cpp/ql/test/stubs/{ => crypto}/openssl/evp_stubs.h    |  0
 cpp/ql/test/stubs/{ => crypto}/openssl/license.txt    |  0
 cpp/ql/test/stubs/{ => crypto}/openssl/rand_stubs.h   |  0
 7 files changed, 5 insertions(+), 9 deletions(-)
 rename cpp/ql/test/stubs/{ => crypto}/openssl/alg_macro_stubs.h (100%)
 rename cpp/ql/test/stubs/{ => crypto}/openssl/evp_stubs.h (100%)
 rename cpp/ql/test/stubs/{ => crypto}/openssl/license.txt (100%)
 rename cpp/ql/test/stubs/{ => crypto}/openssl/rand_stubs.h (100%)

diff --git a/CODEOWNERS b/CODEOWNERS
index 7233623d452..612a5e8a22a 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -18,6 +18,7 @@
 # Experimental CodeQL cryptography
 **/experimental/**/quantum/ @github/ps-codeql
 /shared/quantum/ @github/ps-codeql
+**/test/stubs/crypto/ @github/ps-codeql
 
 # CodeQL tools and associated docs
 /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll
index 52d7949561e..6c4a9c9bd6c 100644
--- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll
+++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll
@@ -3,18 +3,14 @@ private import experimental.quantum.Language
 private import semmle.code.cpp.dataflow.new.DataFlow
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
 private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
-private import experimental.quantum.OpenSSL.LibraryDetector
 
 abstract class HashAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
 
 /**
  * EVP_Q_Digest directly consumes algorithm constant values
  */
-class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer {
-  EVP_Q_Digest_Algorithm_Consumer() {
-    isPossibleOpenSSLFunction(this.(Call).getTarget()) and
-    this.(Call).getTarget().getName() = "EVP_Q_digest"
-  }
+class EVP_Q_Digest_Algorithm_Consumer extends HashAlgorithmValueConsumer {
+  EVP_Q_Digest_Algorithm_Consumer() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
 
   override Crypto::ConsumerInputDataFlowNode getInputNode() {
     result.asExpr() = this.(Call).getArgument(1)
@@ -35,13 +31,12 @@ class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer {
  * The EVP digest algorithm getters
  * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
  */
-class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
+class EVPDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer {
   DataFlow::Node valueArgNode;
   DataFlow::Node resultNode;
 
   EVPDigestAlgorithmValueConsumer() {
     resultNode.asExpr() = this and
-    isPossibleOpenSSLFunction(this.(Call).getTarget()) and
     (
       this.(Call).getTarget().getName() in [
           "EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"
diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl/options b/cpp/ql/test/experimental/library-tests/quantum/openssl/options
index 06306a3a46a..7ea00eb0bfb 100644
--- a/cpp/ql/test/experimental/library-tests/quantum/openssl/options
+++ b/cpp/ql/test/experimental/library-tests/quantum/openssl/options
@@ -1 +1 @@
-semmle-extractor-options: -I ../../../../stubs
\ No newline at end of file
+semmle-extractor-options: -I ../../../../stubs/crypto
\ No newline at end of file
diff --git a/cpp/ql/test/stubs/openssl/alg_macro_stubs.h b/cpp/ql/test/stubs/crypto/openssl/alg_macro_stubs.h
similarity index 100%
rename from cpp/ql/test/stubs/openssl/alg_macro_stubs.h
rename to cpp/ql/test/stubs/crypto/openssl/alg_macro_stubs.h
diff --git a/cpp/ql/test/stubs/openssl/evp_stubs.h b/cpp/ql/test/stubs/crypto/openssl/evp_stubs.h
similarity index 100%
rename from cpp/ql/test/stubs/openssl/evp_stubs.h
rename to cpp/ql/test/stubs/crypto/openssl/evp_stubs.h
diff --git a/cpp/ql/test/stubs/openssl/license.txt b/cpp/ql/test/stubs/crypto/openssl/license.txt
similarity index 100%
rename from cpp/ql/test/stubs/openssl/license.txt
rename to cpp/ql/test/stubs/crypto/openssl/license.txt
diff --git a/cpp/ql/test/stubs/openssl/rand_stubs.h b/cpp/ql/test/stubs/crypto/openssl/rand_stubs.h
similarity index 100%
rename from cpp/ql/test/stubs/openssl/rand_stubs.h
rename to cpp/ql/test/stubs/crypto/openssl/rand_stubs.h