Merge pull request #2 from bdrodes/signature_model_refactor_experimental

Signature model refactor experimental

cpp/ql/lib/experimental/quantum/Language.qll

@@ -14,8 +14,8 @@ module CryptoInput implements InputSig<Language::Location> {
     result = node.asExpr() or
     result = node.asParameter() or
     result = node.asVariable() or
-    result = node.asDefiningArgument()
-    // TODO: do we need asIndirectExpr()?
+    result = node.asDefiningArgument() or
+    result = node.asIndirectExpr()
   }
 
   string locationToFileBaseNameAndLineNumberString(Location location) {
@@ -93,7 +93,10 @@ module GenericDataSourceFlow = TaintTracking::Global<GenericDataSourceFlowConfig
 
 private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof OpenSslGenericSourceCandidateLiteral
 {
-  override DataFlow::Node getOutputNode() { result.asExpr() = this }
+  override DataFlow::Node getOutputNode() {
+    // A literal can be a string or an int, so handling both indirect and direct cases
+    [result.asIndirectExpr(), result.asExpr()] = this
+  }
 
   override predicate flowsTo(Crypto::FlowAwareElement other) {
     // TODO: separate config to avoid blowing up data-flow analysis

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll

@@ -14,9 +14,13 @@ private import PaddingAlgorithmInstance
  */
 module KnownOpenSslAlgorithmToAlgorithmValueConsumerConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof KnownOpenSslAlgorithmExpr and
+    (
+      source.asExpr() instanceof KnownOpenSslAlgorithmExpr or
+      source.asIndirectExpr() instanceof KnownOpenSslAlgorithmExpr
+    ) and
     // No need to flow direct operations to AVCs
-    not source.asExpr() instanceof OpenSslDirectAlgorithmOperationCall
+    not source.asExpr() instanceof OpenSslDirectAlgorithmOperationCall and
+    not source.asIndirectExpr() instanceof OpenSslDirectAlgorithmOperationCall
   }
 
   predicate isSink(DataFlow::Node sink) {

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll

@@ -53,7 +53,8 @@ class KnownOpenSslBlockModeConstantAlgorithmInstance extends OpenSslAlgorithmIns
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll

@@ -77,7 +77,8 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll

@@ -21,7 +21,8 @@ class KnownOpenSslEllipticCurveConstantAlgorithmInstance extends OpenSslAlgorith
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll

@@ -59,7 +59,8 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll

@@ -37,7 +37,8 @@ class KnownOpenSslKeyAgreementConstantAlgorithmInstance extends OpenSslAlgorithm
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll

@@ -172,11 +172,14 @@ class KnownOpenSslKeyAgreementAlgorithmExpr extends Expr instanceof KnownOpenSsl
 
 predicate knownOpenSslAlgorithmOperationCall(Call c, string normalized, string algType) {
   c.getTarget().getName() in [
-      "EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new", "RSA_sign", "RSA_verify",
-      "EVP_PKEY_get1_RSA"
+      "EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new", "RSA_sign", "RSA_verify"
     ] and
   normalized = "RSA" and
   algType = "ASYMMETRIC_ENCRYPTION"
+  or
+  c.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] and
+  normalized = "DSA" and
+  algType = "SIGNATURE"
 }
 
 /**

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll

@@ -22,7 +22,8 @@ class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance,
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll

@@ -64,7 +64,8 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) and
       isPaddingSpecificConsumer = false
@@ -82,7 +83,8 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta
       // Sink is an argument to a CipherGetterCall
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a padding-specific consumer
       RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow::flow(src, sink)
     ) and

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll

@@ -47,7 +47,8 @@ class KnownOpenSslSignatureConstantAlgorithmInstance extends OpenSslAlgorithmIns
       // Sink is an argument to a signature getter call
       sink = getterCall.getInputNode() and
       // Source is `this`
-      src.asExpr() = this and
+      // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr
+      this = [src.asExpr(), src.asIndirectExpr()] and
       // This traces to a getter
       KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll

@@ -12,15 +12,17 @@ class EvpCipherAlgorithmValueConsumer extends CipherAlgorithmValueConsumer {
   DataFlow::Node resultNode;
 
   EvpCipherAlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
+    resultNode.asIndirectExpr() = this and
     (
-      this.(Call).getTarget().getName() in [
-          "EVP_get_cipherbyname", "EVP_get_cipherbyobj", "EVP_get_cipherbynid"
-        ] and
+      this.(Call).getTarget().getName() in ["EVP_get_cipherbyname", "EVP_get_cipherbyobj"] and
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(0)
+      or
+      this.(Call).getTarget().getName() = "EVP_get_cipherbynid" and
+      // algorithm is an NID (int), use asExpr()
       valueArgNode.asExpr() = this.(Call).getArgument(0)
       or
       this.(Call).getTarget().getName() in ["EVP_CIPHER_fetch", "EVP_ASYM_CIPHER_fetch"] and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(1)
     )
   }
 

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll

@@ -23,7 +23,7 @@ class DirectAlgorithmValueConsumer extends OpenSslAlgorithmValueConsumer instanc
    */
   override DataFlow::Node getResultNode() {
     this instanceof OpenSslDirectAlgorithmFetchCall and
-    result.asExpr() = this
+    result.asIndirectExpr() = this
     // NOTE: if instanceof OpenSslDirectAlgorithmOperationCall then there is no algorithm generated
     // the algorithm is directly used
   }

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll

@@ -12,14 +12,19 @@ class EvpEllipticCurveAlgorithmConsumer extends EllipticCurveValueConsumer {
   DataFlow::Node resultNode;
 
   EvpEllipticCurveAlgorithmConsumer() {
-    resultNode.asExpr() = this.(Call) and // in all cases the result is the return
+    resultNode.asIndirectExpr() = this.(Call) and // in all cases the result is the return
     (
-      this.(Call).getTarget().getName() in ["EVP_EC_gen", "EC_KEY_new_by_curve_name"] and
+      this.(Call).getTarget().getName() = "EVP_EC_gen" and
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(0)
+      or
+      this.(Call).getTarget().getName() = "EC_KEY_new_by_curve_name" and
+      // algorithm is an NID (int), use asExpr()
       valueArgNode.asExpr() = this.(Call).getArgument(0)
       or
       this.(Call).getTarget().getName() in [
           "EC_KEY_new_by_curve_name_ex", "EVP_PKEY_CTX_set_ec_paramgen_curve_nid"
         ] and
+      // algorithm is an NID (int), use asExpr
       valueArgNode.asExpr() = this.(Call).getArgument(2)
     )
   }

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll

@@ -13,7 +13,7 @@ class Evp_Q_Digest_Algorithm_Consumer extends HashAlgorithmValueConsumer {
   Evp_Q_Digest_Algorithm_Consumer() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
 
   override Crypto::ConsumerInputDataFlowNode getInputNode() {
-    result.asExpr() = this.(Call).getArgument(1)
+    result.asIndirectExpr() = this.(Call).getArgument(1)
   }
 
   override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
@@ -42,7 +42,7 @@ class EvpPkeySetCtxALgorithmConsumer extends HashAlgorithmValueConsumer {
         "EVP_PKEY_CTX_set_rsa_mgf1_md_name", "EVP_PKEY_CTX_set_rsa_oaep_md_name",
         "EVP_PKEY_CTX_set_dsa_paramgen_md_props"
       ] and
-    valueArgNode.asExpr() = this.(Call).getArgument(1)
+    valueArgNode.asIndirectExpr() = this.(Call).getArgument(1)
   }
 
   override DataFlow::Node getResultNode() { none() }
@@ -64,18 +64,18 @@ class EvpDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer {
   DataFlow::Node resultNode;
 
   EvpDigestAlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
+    resultNode.asIndirectExpr() = this and
     (
       this.(Call).getTarget().getName() in [
           "EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"
         ] and
-      valueArgNode.asExpr() = this.(Call).getArgument(0)
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(0)
       or
       this.(Call).getTarget().getName() = "EVP_MD_fetch" and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(1)
       or
       this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and
-      valueArgNode.asExpr() = this.(Call).getArgument(2)
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(2)
     )
   }
 
@@ -93,6 +93,7 @@ class RsaSignOrVerifyHashAlgorithmValueConsumer extends HashAlgorithmValueConsum
 
   RsaSignOrVerifyHashAlgorithmValueConsumer() {
     this.(Call).getTarget().getName() in ["RSA_sign", "RSA_verify"] and
+    // arg 0 is an int, use asExpr
     valueArgNode.asExpr() = this.(Call).getArgument(0)
   }
 

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll

@@ -11,10 +11,10 @@ class EvpKemAlgorithmValueConsumer extends KemAlgorithmValueConsumer {
   DataFlow::Node resultNode;
 
   EvpKemAlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
+    resultNode.asIndirectExpr() = this and
     (
       this.(Call).getTarget().getName() = "EVP_KEM_fetch" and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(1)
     )
   }
 

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll

@@ -11,10 +11,10 @@ class EvpKeyExchangeAlgorithmValueConsumer extends KeyExchangeAlgorithmValueCons
   DataFlow::Node resultNode;
 
   EvpKeyExchangeAlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
+    resultNode.asIndirectExpr() = this and
     (
       this.(Call).getTarget().getName() = "EVP_KEYEXCH_fetch" and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(1)
     )
   }
 

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll

@@ -11,7 +11,7 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer {
   DataFlow::Node resultNode;
 
   EvpPKeyAlgorithmConsumer() {
-    resultNode.asExpr() = this.(Call) and // in all cases the result is the return
+    resultNode.asIndirectExpr() = this.(Call) and // in all cases the result is the return
     (
       // NOTE: some of these consumers are themselves key gen operations,
       // in these cases, the operation will be created separately for the same function.
@@ -19,6 +19,7 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer {
           "EVP_PKEY_CTX_new_id", "EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key",
           "EVP_PKEY_new_mac_key"
         ] and
+      // Algorithm is an int, use asExpr
       valueArgNode.asExpr() = this.(Call).getArgument(0)
       or
       this.(Call).getTarget().getName() in [
@@ -26,7 +27,8 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer {
           "EVP_PKEY_new_raw_public_key_ex", "EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_ctrl_uint64",
           "EVP_PKEY_CTX_ctrl_str", "EVP_PKEY_CTX_set_group_name"
         ] and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      // AAlgorithm is a char*, use asIndirectExpr
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(1)
       or
       // argInd 2 is 'type' which can be RSA, or EC
       // if RSA argInd 3 is the key size, else if EC argInd 3 is the curve name
@@ -38,10 +40,10 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer {
         // Elliptic curve case
         // If the argInd 3 is a derived type (pointer or array) then assume it is a curve name
         if this.(Call).getArgument(3).getType().getUnderlyingType() instanceof DerivedType
-        then valueArgNode.asExpr() = this.(Call).getArgument(3)
+        then valueArgNode.asIndirectExpr() = this.(Call).getArgument(3)
         else
           // All other cases
-          valueArgNode.asExpr() = this.(Call).getArgument(2)
+          valueArgNode.asIndirectExpr() = this.(Call).getArgument(2)
       )
     )
   }

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll

@@ -14,8 +14,9 @@ class Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorit
   DataFlow::Node resultNode;
 
   Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer() {
-    resultNode.asExpr() = this.(Call).getArgument(0) and
+    resultNode.asDefiningArgument() = this.(Call).getArgument(0) and
     this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_padding" and
+    // algorithm is an int, use asExpr
     valueArgNode.asExpr() = this.(Call).getArgument(1)
   }
 

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll

@@ -12,11 +12,11 @@ class EvpSignatureAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer
   DataFlow::Node resultNode;
 
   EvpSignatureAlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
+    resultNode.asIndirectExpr() = this and
     (
       // EVP_SIGNATURE
       this.(Call).getTarget().getName() = "EVP_SIGNATURE_fetch" and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      valueArgNode.asIndirectExpr() = this.(Call).getArgument(1)
       // EVP_PKEY_get1_DSA, EVP_PKEY_get1_RSA
       // DSA_SIG_new, DSA_SIG_get0 ?
     )

cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll

@@ -13,7 +13,9 @@ module AvcToCallArgConfig implements DataFlow::ConfigSig {
    * Trace to any call accepting the algorithm.
    * NOTE: users must restrict this set to the operations they are interested in.
    */
-  predicate isSink(DataFlow::Node sink) { exists(Call c | c.getAnArgument() = sink.asExpr()) }
+  predicate isSink(DataFlow::Node sink) {
+    exists(Call c | c.getAnArgument() = [sink.asIndirectExpr(), sink.asExpr()])
+  }
 }
 
 module AvcToCallArgFlow = DataFlow::Global<AvcToCallArgConfig>;

cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll

@@ -4,4 +4,5 @@ module OpenSslModel {
   import Operations.OpenSSLOperations
   import Random
   import GenericSourceCandidateLiteral
+  import ArtifactPassthrough
 }

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll

@@ -15,11 +15,11 @@ abstract class FinalCipherOperationStep extends OperationStep {
  */
 abstract class EvpCipherOperationFinalStep extends FinalCipherOperationStep {
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 }
 
@@ -28,19 +28,23 @@ abstract class EvpCipherOperationFinalStep extends FinalCipherOperationStep {
  */
 abstract class EvpCipherInitializer extends OperationStep {
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and
+    result.asIndirectExpr() = this.getArgument(1) and
     type = PrimaryAlgorithmIO() and
     // Constants that are not equal to zero or
     // non-constants (e.g., variable accesses, which require data-flow to determine the value)
     // A zero (null) value typically indicates use of this operation step to initialize
     // other out parameters in a multi-step initialization.
-    (exists(result.asExpr().getValue()) implies result.asExpr().getValue().toInt() != 0)
+    (
+      exists(result.asIndirectExpr().getValue())
+      implies
+      result.asIndirectExpr().getValue().toInt() != 0
+    )
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -58,11 +62,15 @@ abstract class EvpEXInitializer extends EvpCipherInitializer {
       // non-constants (e.g., variable accesses, which require data-flow to determine the value)
       // A zero (null) value typically indicates use of this operation step to initialize
       // other out parameters in a multi-step initialization.
-      result.asExpr() = this.getArgument(3) and type = KeyIO()
+      result.asIndirectExpr() = this.getArgument(3) and type = KeyIO()
       or
-      result.asExpr() = this.getArgument(4) and type = IVorNonceIO()
+      result.asIndirectExpr() = this.getArgument(4) and type = IVorNonceIO()
     ) and
-    (exists(result.asExpr().getValue()) implies result.asExpr().getValue().toInt() != 0)
+    (
+      exists(result.asIndirectExpr().getValue())
+      implies
+      result.asIndirectExpr().getValue().toInt() != 0
+    )
   }
 }
 
@@ -73,9 +81,9 @@ abstract class EvpEX2Initializer extends EvpCipherInitializer {
   override DataFlow::Node getInput(IOType type) {
     result = super.getInput(type)
     or
-    result.asExpr() = this.getArgument(2) and type = KeyIO()
+    result.asIndirectExpr() = this.getArgument(2) and type = KeyIO()
     or
-    result.asExpr() = this.getArgument(3) and type = IVorNonceIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = IVorNonceIO()
   }
 }
 
@@ -110,6 +118,7 @@ class Evp_Cipher_EX2_or_Simple_Init_Call extends EvpEX2Initializer {
     result = super.getInput(type)
     or
     this.getTarget().getName().toLowerCase().matches("%cipherinit%") and
+    // the key op subtype is an int, use asExpr
     result.asExpr() = this.getArgument(4) and
     type = KeyOperationSubtypeIO()
   }
@@ -127,13 +136,13 @@ class EvpPkeyEncryptDecryptInit extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = OsslParamIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = OsslParamIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -145,6 +154,7 @@ class EvpCipherInitSKeyCall extends EvpEX2Initializer {
   override DataFlow::Node getInput(IOType type) {
     result = super.getInput(type)
     or
+    // the key op subtype is an int, use asExpr
     result.asExpr() = this.getArgument(5) and
     type = KeyOperationSubtypeIO()
   }
@@ -161,15 +171,15 @@ class EvpCipherUpdateCall extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(3) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(1) and type = CiphertextIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = CiphertextIO()
     or
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = UpdateStep() }
@@ -184,13 +194,13 @@ class EvpCipherCall extends EvpCipherOperationFinalStep {
   override DataFlow::Node getInput(IOType type) {
     super.getInput(type) = result
     or
-    result.asExpr() = this.getArgument(2) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(2) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
     super.getOutput(type) = result
     or
-    result.asExpr() = this.getArgument(1) and type = CiphertextIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = CiphertextIO()
   }
 }
 
@@ -234,13 +244,13 @@ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep {
   override DataFlow::Node getInput(IOType type) {
     super.getInput(type) = result
     or
-    result.asExpr() = this.getArgument(3) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
     super.getOutput(type) = result
     or
-    result.asExpr() = this.getArgument(1) and
+    result.asDefiningArgument() = this.getArgument(1) and
     type = CiphertextIO() and
     this.getStepType() = FinalStep()
     // TODO: could indicate text lengths here, as well

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll

@@ -31,14 +31,16 @@ class EvpNewKeyCtx extends OperationStep instanceof Call {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = keyArg and type = KeyIO()
+    result.asIndirectExpr() = keyArg and type = KeyIO()
     or
     this.getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and
-    result.asExpr() = this.getArgument(0) and
+    result.asIndirectExpr() = this.getArgument(0) and
     type = OsslLibContextIO()
   }
 
-  override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = ContextIO() }
+  override DataFlow::Node getOutput(IOType type) {
+    result.asIndirectExpr() = this and type = ContextIO()
+  }
 
   override OperationStepType getStepType() { result = ContextCreationStep() }
 }
@@ -52,13 +54,13 @@ class EvpCtxSetEcParamgenCurveNidInitializer extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -102,20 +104,20 @@ class EvpCtxSetHashInitializer extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and
+    result.asIndirectExpr() = this.getArgument(1) and
     type = HashAlgorithmIO() and
     isOaep = false and
     isMgf1 = false
     or
-    result.asExpr() = this.getArgument(1) and type = HashAlgorithmOaepIO() and isOaep = true
+    result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmOaepIO() and isOaep = true
     or
-    result.asExpr() = this.getArgument(1) and type = HashAlgorithmMgf1IO() and isMgf1 = true
+    result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmMgf1IO() and isMgf1 = true
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -134,13 +136,13 @@ class EvpCtxSetKeySizeInitializer extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
     result.asExpr() = this.getArgument(1) and type = KeySizeIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -150,16 +152,16 @@ class EvpCtxSetMacKeyInitializer extends OperationStep {
   EvpCtxSetMacKeyInitializer() { this.getTarget().getName() = "EVP_PKEY_CTX_set_mac_key" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
     result.asExpr() = this.getArgument(2) and type = KeySizeIO()
     or
     // the raw key that is configured into the output key
-    result.asExpr() = this.getArgument(1) and type = KeyIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = KeyIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -171,13 +173,14 @@ class EvpCtxSetPaddingInitializer extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
+    // The algorithm is an int: use asExpr
     result.asExpr() = this.getArgument(1) and type = PaddingAlgorithmIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -189,37 +192,14 @@ class EvpCtxSetSaltLengthInitializer extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
     result.asExpr() = this.getArgument(1) and type = SaltLengthIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
 }
-
-/**
- * A call to `EVP_PKEY_get1_RSA` or `EVP_PKEY_get1_DSA`
- *  - RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
- *  - DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
- */
-class EvpPkeyGet1RsaOrDsa extends OperationStep {
-  EvpPkeyGet1RsaOrDsa() { this.getTarget().getName() = ["EVP_PKEY_get1_RSA", "EVP_PKEY_get1_DSA"] }
-
-  override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() }
-
-  override DataFlow::Node getInput(IOType type) {
-    // Key being loaded or created from another location
-    result.asExpr() = this.getArgument(0) and type = KeyIO()
-  }
-
-  /**
-   * Consider this to be an intialization step. A key is accepted and a different key is produced.
-   * It doesn't create a new context or new key. It isn't quite an initialiation for an operaiton
-   * either.
-   */
-  override OperationStepType getStepType() { result = InitializerStep() }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll

@@ -25,13 +25,13 @@ class EvpDigestInitVariantCalls extends OperationStep instanceof Call {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and
+    result.asDefiningArgument() = this.getArgument(0) and
     type = ContextIO()
   }
 
@@ -45,13 +45,13 @@ class EvpDigestUpdateCall extends OperationStep instanceof Call {
   EvpDigestUpdateCall() { this.getTarget().getName() = "EVP_DigestUpdate" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and
+    result.asDefiningArgument() = this.getArgument(0) and
     type = ContextIO()
   }
 
@@ -66,15 +66,15 @@ class EvpQDigestOperation extends FinalDigestOperation instanceof Call {
   EvpQDigestOperation() { this.getTarget().getName() = "EVP_Q_digest" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
     or
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(3) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and
+    result.asDefiningArgument() = this.getArgument(0) and
     type = ContextIO()
     or
     result.asDefiningArgument() = this.getArgument(5) and type = DigestIO()
@@ -85,9 +85,9 @@ class EvpDigestOperation extends FinalDigestOperation instanceof Call {
   EvpDigestOperation() { this.getTarget().getName() = "EVP_Digest" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO()
+    result.asIndirectExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO()
     or
-    result.asExpr() = this.getArgument(0) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
@@ -104,14 +104,15 @@ class EvpDigestFinalCall extends FinalDigestOperation instanceof Call {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and
+    result.asDefiningArgument() = this.getArgument(0) and
     type = ContextIO()
     or
     result.asDefiningArgument() = this.getArgument(1) and type = DigestIO()
+    //result.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = this.getArgument(1)
   }
 }
 

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll

@@ -13,10 +13,12 @@ class ECKeyGen extends OperationStep instanceof Call {
   ECKeyGen() { this.(Call).getTarget().getName() = "EC_KEY_generate_key" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.(Call).getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.(Call).getArgument(0) and type = ContextIO()
   }
 
-  override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() }
+  override DataFlow::Node getOutput(IOType type) {
+    result.asDefiningArgument() = this and type = KeyIO()
+  }
 
   override OperationStepType getStepType() { result = ContextCreationStep() }
 }
@@ -33,11 +35,11 @@ class EvpKeyGenInitialize extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -57,26 +59,26 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call {
   EvpPKeyQKeyGen() { this.getTarget().getName() = "EVP_PKEY_Q_keygen" }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this and type = KeyIO()
+    result.asDefiningArgument() = this and type = KeyIO()
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
     // When arg 3 is a derived type, it is a curve name, otherwise it is a key size for RSA if provided
     // and arg 2 is the algorithm type
     this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and
-    result.asExpr() = this.getArgument(3) and
+    result.asIndirectExpr() = this.getArgument(3) and
     type = PrimaryAlgorithmIO()
     or
     not this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and
-    result.asExpr() = this.getArgument(2) and
+    result.asIndirectExpr() = this.getArgument(2) and
     type = PrimaryAlgorithmIO()
     or
     not this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and
-    result.asExpr() = this.getArgument(3) and
+    result.asIndirectExpr() = this.getArgument(3) and
     type = KeySizeIO()
   }
 }
@@ -87,7 +89,9 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call {
 class EvpRsaGen extends KeyGenFinalOperationStep instanceof Call {
   EvpRsaGen() { this.getTarget().getName() = "EVP_RSA_gen" }
 
-  override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() }
+  override DataFlow::Node getOutput(IOType type) {
+    result.asDefiningArgument() = this and type = KeyIO()
+  }
 
   override DataFlow::Node getInput(IOType type) {
     result.asExpr() = this.getArgument(0) and type = KeySizeIO()
@@ -100,7 +104,9 @@ class EvpRsaGen extends KeyGenFinalOperationStep instanceof Call {
 class RsaGenerateKey extends KeyGenFinalOperationStep instanceof Call {
   RsaGenerateKey() { this.getTarget().getName() = "RSA_generate_key" }
 
-  override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() }
+  override DataFlow::Node getOutput(IOType type) {
+    result.asDefiningArgument() = this and type = KeyIO()
+  }
 
   override DataFlow::Node getInput(IOType type) {
     result.asExpr() = this.getArgument(0) and type = KeySizeIO()
@@ -120,7 +126,7 @@ class RsaGenerateKeyEx extends KeyGenFinalOperationStep instanceof Call {
   override DataFlow::Node getInput(IOType type) {
     // arg 0 comes in as a blank RSA key, which we consider a context,
     // on output it is considered a key
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 }
 
@@ -131,13 +137,13 @@ class EvpPkeyGen extends KeyGenFinalOperationStep instanceof Call {
   EvpPkeyGen() { this.getTarget().getName() in ["EVP_PKEY_generate", "EVP_PKEY_keygen"] }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
     result.asDefiningArgument() = this.getArgument(1) and type = KeyIO()
     or
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 }
 
@@ -150,15 +156,16 @@ class EvpNewMacKey extends KeyGenFinalOperationStep {
 
   override DataFlow::Node getInput(IOType type) {
     // the raw key that is configured into the output key
-    result.asExpr() = this.getArgument(2) and type = KeyIO()
+    result.asIndirectExpr() = this.getArgument(2) and type = KeyIO()
     or
     result.asExpr() = this.getArgument(3) and type = KeySizeIO()
   }
 
-  override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() }
+  override DataFlow::Node getOutput(IOType type) {
+    result.asIndirectExpr() = this and type = KeyIO()
+  }
 }
 
-
 /// TODO: https://docs.openssl.org/3.0/man3/EVP_PKEY_new/#synopsis
 /**
  * An `KeyGenerationOperationInstance` for the for all key gen final operation steps.

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll

@@ -199,7 +199,7 @@ abstract class OperationStep extends Call {
    */
   predicate flowsToOperationStep(OperationStep sink) {
     sink = this or
-    OperationStepFlow::flow(this.getAnOutput(), sink.getAnInput())
+    OperationStepCtxFlow::flow(this.getAnOutput(), [sink.getAnInput(), sink.getAnOutput()])
   }
 
   /**
@@ -208,7 +208,7 @@ abstract class OperationStep extends Call {
    */
   predicate flowsFromOperationStep(OperationStep source) {
     source = this or
-    OperationStepFlow::flow(source.getAnOutput(), this.getAnInput())
+    OperationStepCtxFlow::flow(source.getAnOutput(), [this.getAnInput(), this.getAnOutput()])
   }
 
   /**
@@ -230,10 +230,13 @@ abstract class OperationStep extends Call {
     result.setsValue(type) and
     (
       // Do not consider a 'reset' to occur on updates
+      // but only for resets that are part of the same update/finalize
+      // progression (e.g., an update for an unrelated finalize is ignored)
       result.getStepType() = UpdateStep()
       or
       not exists(OperationStep reset |
         result != reset and
+        result != this and
         reset.setsValue(type) and
         reset.flowsToOperationStep(this) and
         result.flowsToOperationStep(reset)
@@ -269,20 +272,22 @@ abstract class OperationStep extends Call {
   Crypto::AlgorithmValueConsumer getPrimaryAlgorithmValueConsumer() {
     this instanceof Crypto::AlgorithmValueConsumer and result = this
     or
-    exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcConsumingPred |
-      (t = PrimaryAlgorithmIO() or t = ContextIO() or t = KeyIO()) and
+    exists(
+      DataFlow::Node src, DataFlow::Node sink, IOType srcIntype, OperationStep avcConsumingPred
+    |
+      (srcIntype = ContextIO() or srcIntype = PrimaryAlgorithmIO() or srcIntype = KeyIO()) and
       avcConsumingPred.flowsToOperationStep(this) and
-      src.asExpr() = result and
-      sink = avcConsumingPred.getInput(t) and
+      src.asIndirectExpr() = result and
+      sink = avcConsumingPred.getInput(srcIntype) and
       AvcToOperationStepFlow::flow(src, sink) and
       (
         // Case 1: the avcConsumingPred step is a dominating primary algorithm initialization step
         // or dominating key initialization step
-        (t = PrimaryAlgorithmIO() or t = KeyIO()) and
-        avcConsumingPred = this.getDominatingInitializersToStep(t)
+        (srcIntype = PrimaryAlgorithmIO() or srcIntype = KeyIO()) and
+        avcConsumingPred = this.getDominatingInitializersToStep(srcIntype)
         or
         // Case 2: the pred is a context input
-        t = ContextIO()
+        srcIntype = ContextIO()
       )
     )
   }
@@ -297,7 +302,7 @@ abstract class OperationStep extends Call {
     or
     exists(DataFlow::Node src, DataFlow::Node sink |
       AvcToOperationStepFlow::flow(src, sink) and
-      src.asExpr() = result and
+      src.asIndirectExpr() = result and
       sink = this.getInput(type)
     )
   }
@@ -375,7 +380,7 @@ private class CtxCopyOutArgCall extends CtxPassThroughCall {
 
   CtxCopyOutArgCall() {
     this.getTarget().getName().toLowerCase().matches("%copy%") and
-    n1.asExpr() = this.getAnArgument() and
+    n1.asIndirectExpr() = this.getAnArgument() and
     n1.getType() instanceof CtxType and
     n2.asDefiningArgument() = this.getAnArgument() and
     n2.getType() instanceof CtxType and
@@ -396,13 +401,13 @@ private class CtxCopyReturnCall extends CtxPassThroughCall, CtxPointerExpr {
 
   CtxCopyReturnCall() {
     this.getTarget().getName().toLowerCase().matches("%dup%") and
-    n1.asExpr() = this.getAnArgument() and
+    n1.asIndirectExpr() = this.getAnArgument() and
     n1.getType() instanceof CtxType
   }
 
   override DataFlow::Node getNode1() { result = n1 }
 
-  override DataFlow::Node getNode2() { result.asExpr() = this }
+  override DataFlow::Node getNode2() { result.asIndirectExpr() = this }
 }
 
 // TODO: is this still needed? It appears to be (tests fail without it) but
@@ -421,12 +426,10 @@ private class CtxParamGenCall extends CtxPassThroughCall {
 
   CtxParamGenCall() {
     this.getTarget().getName() = "EVP_PKEY_paramgen" and
-    n1.asExpr() = this.getArgument(0) and
-    (
-      n2.asExpr() = this.getArgument(1)
-      or
-      n2.asDefiningArgument() = this.getArgument(1)
-    )
+    //Arg 0 is *ctx
+    n1.asIndirectExpr() = this.getArgument(0) and
+    //Arg 1 is **pkey
+    n2.asDefiningArgument() = this.getArgument(1)
   }
 
   override DataFlow::Node getNode1() { result = n1 }
@@ -437,7 +440,7 @@ private class CtxParamGenCall extends CtxPassThroughCall {
 /**
  * A flow configuration from any non-final `OperationStep` to any other `OperationStep`.
  */
-module OperationStepFlowConfig implements DataFlow::ConfigSig {
+module OperationStepCtxFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     exists(OperationStep s |
       s.getAnOutput() = source or
@@ -453,22 +456,39 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig {
   }
 
   predicate isBarrier(DataFlow::Node node) {
-    exists(CtxClearCall c | c.getAnArgument() = node.asExpr())
+    exists(CtxClearCall c | c.getAnArgument() = [node.asExpr(), node.asIndirectExpr()])
   }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+    or
     exists(CtxPassThroughCall c | c.getNode1() = node1 and c.getNode2() = node2)
     or
-    // Flow out through all outputs from an operation step if more than one output
-    // is defined.
-    exists(OperationStep s | s.getAnInput() = node1 and s.getAnOutput() = node2)
+    // Flow only through context and key inputs and outputs
+    // keys and context generally hold unifying context that link multiple steps
+    // Flow only out of finalize operations through key outputs, otherwise stop at final operations
+    exists(OperationStep s, IOType inType, IOType outType |
+      (s.getStepType() = FinalStep() implies outType = KeyIO()) and
+      (
+        inType = ContextIO()
+        or
+        inType = KeyIO()
+      ) and
+      (
+        outType = ContextIO()
+        or
+        outType = KeyIO()
+      ) and
+      s.getInput(inType) = node1 and
+      s.getOutput(outType) = node2
+    )
     // TODO: consideration for additional alises defined as follows:
     // if an output from an operation step itself flows from the output of another operation step
     // then the source of that flow's outputs (all of them) are potential aliases
   }
 }
 
-module OperationStepFlow = DataFlow::Global<OperationStepFlowConfig>;
+module OperationStepCtxFlow = DataFlow::Global<OperationStepCtxFlowConfig>;
 
 /**
  * A flow from AVC to the first `OperationStep` the AVC reaches as an input.
@@ -481,7 +501,7 @@ module AvcToOperationStepFlowConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { exists(OperationStep s | s.getAnInput() = sink) }
 
   predicate isBarrier(DataFlow::Node node) {
-    exists(CtxClearCall c | c.getAnArgument() = node.asExpr())
+    exists(CtxClearCall c | c.getAnArgument() = [node.asExpr(), node.asIndirectExpr()])
   }
 
   /**

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll

@@ -37,36 +37,32 @@ class EvpSignatureDigestInitializer extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
     this.getTarget().getName() = "EVP_DigestSignInit_ex" and
-    result.asExpr() = this.getArgument(3) and
+    result.asIndirectExpr() = this.getArgument(3) and
     type = OsslLibContextIO()
     or
-    result.asExpr() = this.getArgument(2) and type = HashAlgorithmIO()
+    result.asIndirectExpr() = this.getArgument(2) and type = HashAlgorithmIO()
     or
     this.getTarget().getName() = "EVP_DigestSignInit" and
-    result.asExpr() = this.getArgument(4) and
+    result.asIndirectExpr() = this.getArgument(4) and
     type = KeyIO()
     or
     this.getTarget().getName() = "EVP_DigestSignInit_ex" and
-    result.asExpr() = this.getArgument(5) and
+    result.asIndirectExpr() = this.getArgument(5) and
     type = KeyIO()
     or
     this.getTarget().getName() = "EVP_DigestSignInit_ex" and
-    result.asExpr() = this.getArgument(6) and
+    result.asIndirectExpr() = this.getArgument(6) and
     type = OsslParamIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
     // EVP_PKEY_CTX
-    result.asExpr() = this.getArgument(1) and type = ContextIO()
-    or
-    this.getTarget().getName() = "EVP_DigestSignInit_ex" and
-    result.asExpr() = this.getArgument(6) and
-    type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -79,13 +75,13 @@ class EvpSignInit extends OperationStep {
   EvpSignInit() { this.getTarget().getName() in ["EVP_SignInit", "EVP_SignInit_ex"] }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = HashAlgorithmIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -107,22 +103,22 @@ class EvpPkeySignInit extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
     this.getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] and
-    result.asExpr() = this.getArgument(1) and
+    result.asIndirectExpr() = this.getArgument(1) and
     type = PrimaryAlgorithmIO()
     or
     this.getTarget().getName() = "EVP_PKEY_sign_init_ex" and
-    result.asExpr() = this.getArgument(1) and
+    result.asIndirectExpr() = this.getArgument(1) and
     type = OsslParamIO()
     or
     // Argument 2 (0 based) only exists for EVP_PKEY_sign_init_ex2 and EVP_PKEY_sign_message_init
-    result.asExpr() = this.getArgument(2) and type = OsslParamIO()
+    result.asIndirectExpr() = this.getArgument(2) and type = OsslParamIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -139,13 +135,13 @@ class EvpSignatureUpdateCall extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = UpdateStep() }
@@ -158,19 +154,21 @@ class EvpSignFinal extends SignatureFinalOperation {
   EvpSignFinal() { this.getTarget().getName() in ["EVP_SignFinal_ex", "EVP_SignFinal"] }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(3) and type = KeyIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = KeyIO()
     or
     // params above 3 (0-based) only exist for EVP_SignFinal_ex
-    result.asExpr() = this.getArgument(4) and
+    result.asIndirectExpr() = this.getArgument(4) and
     type = OsslLibContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO()
+    or
+    result.asDefiningArgument() = this.getArgument(2) and type = SignatureSizeIO()
   }
 }
 
@@ -178,18 +176,28 @@ class EvpSignFinal extends SignatureFinalOperation {
  * A call to EVP_PKEY_sign.
  */
 class EvpPkeySign extends SignatureFinalOperation {
-  EvpPkeySign() { this.getTarget().getName() = "EVP_PKEY_sign" }
+  EvpPkeySign() {
+    this.getTarget().getName() = "EVP_PKEY_sign" and
+    // Setting signature to NULL is not a final sign step but an
+    // intermediary step used to get the required buffer size.
+    // not tracking these calls.
+    (
+      exists(this.(Call).getArgument(1).getValue())
+      implies
+      this.(Call).getArgument(1).getValue().toInt() != 0
+    )
+  }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(3) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO()
   }
 }
 
@@ -201,15 +209,15 @@ class EvpDigestSign extends SignatureOrMacFinalOperation {
   EvpDigestSign() { this.getTarget().getName() = "EVP_DigestSign" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(3) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO()
   }
 }
 
@@ -217,16 +225,28 @@ class EvpDigestSign extends SignatureOrMacFinalOperation {
  * A call to EVP_PKEY_sign_message_final.
  */
 class EvpPkeySignFinal extends SignatureFinalOperation {
-  EvpPkeySignFinal() { this.getTarget().getName() = "EVP_PKEY_sign_message_final" }
+  EvpPkeySignFinal() {
+    this.getTarget().getName() = "EVP_PKEY_sign_message_final" and
+    // Setting signature to NULL is not a final sign step but an
+    // intermediary step used to get the required buffer size.
+    // not tracking these calls.
+    (
+      exists(this.(Call).getArgument(1).getValue())
+      implies
+      this.(Call).getArgument(1).getValue().toInt() != 0
+    )
+  }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO()
+    or
+    result.asExpr() = this.getArgument(2) and type = SignatureSizeIO()
   }
 }
 
@@ -235,16 +255,26 @@ class EvpPkeySignFinal extends SignatureFinalOperation {
  * This is a mac or sign operation.
  */
 class EvpDigestSignFinal extends SignatureOrMacFinalOperation {
-  EvpDigestSignFinal() { this.getTarget().getName() = "EVP_DigestSignFinal" }
+  EvpDigestSignFinal() {
+    this.getTarget().getName() = "EVP_DigestSignFinal" and
+    // Setting signature to NULL is not a final sign step but an
+    // intermediary step used to get the required buffer size.
+    // not tracking these calls.
+    (
+      exists(this.(Call).getArgument(1).getValue())
+      implies
+      this.(Call).getArgument(1).getValue().toInt() != 0
+    )
+  }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO()
   }
 
   override OperationStepType getStepType() { result = FinalStep() }
@@ -259,31 +289,31 @@ class EvpDigestVerifyInit extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(2) and type = HashAlgorithmIO()
+    result.asIndirectExpr() = this.getArgument(2) and type = HashAlgorithmIO()
     or
     this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and
-    result.asExpr() = this.getArgument(3) and
+    result.asIndirectExpr() = this.getArgument(3) and
     type = OsslLibContextIO()
     or
     this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and
-    result.asExpr() = this.getArgument(5) and
+    result.asIndirectExpr() = this.getArgument(5) and
     type = KeyIO()
     or
     this.getTarget().getName() = "EVP_DigestVerifyInit" and
-    result.asExpr() = this.getArgument(4) and
+    result.asIndirectExpr() = this.getArgument(4) and
     type = KeyIO()
     or
     this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and
-    result.asExpr() = this.getArgument(6) and
+    result.asIndirectExpr() = this.getArgument(6) and
     type = OsslParamIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(1) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -296,13 +326,13 @@ class EvpDigestVerifyUpdate extends OperationStep {
   EvpDigestVerifyUpdate() { this.getTarget().getName() = "EVP_DigestVerifyUpdate" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = UpdateStep() }
@@ -315,13 +345,13 @@ class EvpDigestVerifyFinal extends SignatureFinalOperation {
   EvpDigestVerifyFinal() { this.getTarget().getName() = "EVP_DigestVerifyFinal" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 }
 
@@ -332,15 +362,15 @@ class EvpDigestVerify extends SignatureFinalOperation {
   EvpDigestVerify() { this.getTarget().getName() = "EVP_DigestVerify" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO()
     or
-    result.asExpr() = this.getArgument(3) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 }
 
@@ -358,23 +388,23 @@ class EvpVerifyInit extends OperationStep {
   }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
     this.getTarget().getName() = "EVP_PKEY_verify_init_ex" and
-    result.asExpr() = this.getArgument(1) and
+    result.asIndirectExpr() = this.getArgument(1) and
     type = OsslParamIO()
     or
     this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and
-    result.asExpr() = this.getArgument(1) and
+    result.asIndirectExpr() = this.getArgument(1) and
     type = PrimaryAlgorithmIO()
     or
     this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and
-    result.asExpr() = this.getArgument(2) and
+    result.asIndirectExpr() = this.getArgument(2) and
     type = OsslParamIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -388,15 +418,15 @@ class EvpCtxSetSignatureInitializer extends OperationStep {
   EvpCtxSetSignatureInitializer() { this.getTarget().getName() = "EVP_PKEY_CTX_set_signature" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO()
     or
     result.asExpr() = this.getArgument(2) and type = SignatureSizeIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = InitializerStep() }
@@ -409,15 +439,15 @@ class EvpVerifyMessageUpdate extends OperationStep {
   EvpVerifyMessageUpdate() { this.getTarget().getName() = "EVP_PKEY_verify_message_update" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO()
     or
     result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 
   override OperationStepType getStepType() { result = UpdateStep() }
@@ -430,11 +460,11 @@ class EvpVerifyMessageFinal extends SignatureFinalOperation {
   EvpVerifyMessageFinal() { this.getTarget().getName() = "EVP_PKEY_verify_message_final" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 }
 
@@ -445,19 +475,19 @@ class EvpVerify extends SignatureFinalOperation {
   EvpVerify() { this.getTarget().getName() = "EVP_PKEY_verify" }
 
   override DataFlow::Node getInput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
     or
-    result.asExpr() = this.getArgument(1) and type = SignatureIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO()
     or
     result.asExpr() = this.getArgument(2) and type = SignatureSizeIO()
     or
-    result.asExpr() = this.getArgument(3) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO()
     or
     result.asExpr() = this.getArgument(4) and type = PlaintextSizeIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
   }
 }
 
@@ -465,29 +495,30 @@ class EvpVerify extends SignatureFinalOperation {
  * A call to `RSA_sign` or `RSA_verify`.
  * https://docs.openssl.org/3.0/man3/RSA_sign/
  */
-class RsaSign extends SignatureFinalOperation {
-  RsaSign() { this.getTarget().getName() in ["RSA_sign", "RSA_verify"] }
+class RsaSignorVerify extends SignatureFinalOperation {
+  RsaSignorVerify() { this.getTarget().getName() in ["RSA_sign", "RSA_verify"] }
 
   override DataFlow::Node getInput(IOType type) {
+    // Arg 0 is an NID (so asExpr not asIndirectExpr)
     result.asExpr() = this.getArgument(0) and type = HashAlgorithmIO()
     or
-    result.asExpr() = this.getArgument(1) and type = PlaintextIO()
+    result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO()
     or
     result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO()
     or
     this.getTarget().getName() = "RSA_verify" and
-    result.asExpr() = this.getArgument(3) and
+    result.asIndirectExpr() = this.getArgument(3) and
     type = SignatureIO()
     or
     this.getTarget().getName() = "RSA_verify" and
-    result.asExpr() = this.getArgument(4) and
+    result.asIndirectExpr() = this.getArgument(4) and
     type = SignatureSizeIO()
     or
-    result.asExpr() = this.getArgument(5) and type = KeyIO()
+    result.asIndirectExpr() = this.getArgument(5) and type = KeyIO()
   }
 
   override DataFlow::Node getOutput(IOType type) {
-    result.asExpr() = this.getArgument(0) and type = ContextIO()
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
     or
     this.getTarget().getName() = "RSA_sign" and
     result.asDefiningArgument() = this.getArgument(3) and
@@ -499,6 +530,111 @@ class RsaSign extends SignatureFinalOperation {
   }
 }
 
+/**
+ * A call to `DSA_do_sign` or `DSA_do_verify`
+ */
+class DSADoSignOrVerify extends SignatureFinalOperation {
+  DSADoSignOrVerify() { this.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] }
+
+  override DataFlow::Node getInput(IOType type) {
+    result.asIndirectExpr() = this.getArgument(0) and type = PlaintextIO()
+    or
+    result.asExpr() = this.getArgument(1) and type = PlaintextSizeIO()
+    or
+    this.getTarget().getName() = "DSA_do_sign" and
+    result.asIndirectExpr() = this.getArgument(2) and
+    type = KeyIO()
+    or
+    this.getTarget().getName() = "DSA_do_verify" and
+    result.asIndirectExpr() = this.getArgument(2) and
+    type = SignatureIO()
+    or
+    this.getTarget().getName() = "DSA_do_verify" and
+    result.asIndirectExpr() = this.getArgument(3) and
+    type = KeyIO()
+  }
+
+  override DataFlow::Node getOutput(IOType type) {
+    this.getTarget().getName() = "DSA_do_sign" and
+    result.asIndirectExpr() = this and
+    type = SignatureIO()
+  }
+}
+
+/**
+ * A Call to `EVP_VerifyInit` or `EVP_VerifyInit_ex`
+ * - int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ * - int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ */
+class EVP_VerifyInitCall extends OperationStep {
+  EVP_VerifyInitCall() { this.getTarget().getName() in ["EVP_VerifyInit", "EVP_VerifyInit_ex"] }
+
+  override DataFlow::Node getInput(IOType type) {
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
+    or
+    result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmIO()
+  }
+
+  override DataFlow::Node getOutput(IOType type) {
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
+  }
+
+  override OperationStepType getStepType() { result = InitializerStep() }
+}
+
+/**
+ * A call to `EVP_VerifyUpdate`
+ * - int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ */
+class EVP_VerifyUpdateCall extends OperationStep {
+  EVP_VerifyUpdateCall() { this.getTarget().getName() = "EVP_VerifyUpdate" }
+
+  override DataFlow::Node getInput(IOType type) {
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
+    or
+    result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO()
+    or
+    result.asIndirectExpr() = this.getArgument(2) and type = PlaintextSizeIO()
+  }
+
+  override DataFlow::Node getOutput(IOType type) {
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
+  }
+
+  override OperationStepType getStepType() { result = UpdateStep() }
+}
+
+/**
+ * A call to `EVP_VerifyFinal` or `EVP_VerifyFinal_ex`
+ * - int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+ *                       unsigned int siglen, EVP_PKEY *pkey,
+ *                       OSSL_LIB_CTX *libctx, const char *propq);
+ *- int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen,
+ *                    EVP_PKEY *pkey);                       *
+ */
+class EVP_VerifyFinalCall extends SignatureFinalOperation {
+  EVP_VerifyFinalCall() { this.getTarget().getName() in ["EVP_VerifyFinal", "EVP_VerifyFinal_ex"] }
+
+  override DataFlow::Node getInput(IOType type) {
+    result.asIndirectExpr() = this.getArgument(0) and type = ContextIO()
+    or
+    result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO()
+    or
+    result.asExpr() = this.getArgument(2) and type = SignatureSizeIO()
+    or
+    result.asIndirectExpr() = this.getArgument(3) and type = KeyIO()
+    or
+    result.asIndirectExpr() = this.getArgument(4) and type = OsslLibContextIO()
+    // TODO: arg 5 propq?
+  }
+
+  override DataFlow::Node getOutput(IOType type) {
+    result.asDefiningArgument() = this.getArgument(0) and type = ContextIO()
+  }
+
+  override OperationStepType getStepType() { result = FinalStep() }
+}
+
 /**
  * An instance of a signature operation.
  * This is an OpenSSL specific class that extends the base SignatureOperationInstance.

cpp/ql/test/experimental/library-tests/quantum/node_edges.expected

@@ -13,7 +13,8 @@
 | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Padding | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm |
 | openssl_basic.c:77:45:77:47 | Key | Source | openssl_basic.c:179:43:179:76 | Constant |
 | openssl_basic.c:77:50:77:51 | Nonce | Source | openssl_basic.c:180:42:180:59 | Constant |
-| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:81:49:81:58 | Message |
+| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:35:36:35:45 | KeyOperationOutput |
+| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:40:38:40:53 | KeyOperationOutput |
 | openssl_basic.c:90:11:90:29 | DecryptOperation | Algorithm | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm |
 | openssl_basic.c:90:11:90:29 | DecryptOperation | Input | openssl_basic.c:81:49:81:58 | Message |
 | openssl_basic.c:90:11:90:29 | DecryptOperation | Key | openssl_basic.c:77:45:77:47 | Key |
@@ -75,185 +76,174 @@
 | openssl_pkey.c:64:9:64:24 | EncryptOperation | Nonce | openssl_pkey.c:64:9:64:24 | EncryptOperation |
 | openssl_pkey.c:64:9:64:24 | EncryptOperation | Output | openssl_pkey.c:64:31:64:39 | KeyOperationOutput |
 | openssl_pkey.c:64:58:64:66 | Message | Source | openssl_pkey.c:45:49:45:65 | Constant |
-| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:574:37:574:74 | Constant |
-| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:624:37:624:74 | Constant |
-| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:741:37:741:66 | Constant |
-| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:575:24:575:30 | HashAlgorithm |
-| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:625:24:625:33 | HashAlgorithm |
-| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm |
+| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:615:37:615:74 | Constant |
+| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:732:37:732:66 | Constant |
+| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:616:24:616:33 | HashAlgorithm |
+| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm |
 | openssl_signature.c:26:9:26:26 | HashOperation | Digest | openssl_signature.c:26:36:26:41 | Digest |
 | openssl_signature.c:26:9:26:26 | HashOperation | Message | openssl_signature.c:25:34:25:40 | Message |
 | openssl_signature.c:26:36:26:41 | Digest | Source | openssl_signature.c:26:36:26:41 | Digest |
-| openssl_signature.c:63:32:63:38 | Message | Source | openssl_signature.c:660:37:660:61 | Constant |
-| openssl_signature.c:68:28:68:36 | Message | Source | openssl_signature.c:68:28:68:36 | Message |
-| openssl_signature.c:73:9:73:21 | SignOperation | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm |
-| openssl_signature.c:73:9:73:21 | SignOperation | HashAlgorithm | openssl_signature.c:661:24:661:33 | HashAlgorithm |
+| openssl_signature.c:63:32:63:38 | Message | Source | openssl_signature.c:651:37:651:61 | Constant |
+| openssl_signature.c:68:28:68:36 | Message | Source | openssl_signature.c:651:37:651:61 | Constant |
+| openssl_signature.c:73:9:73:21 | SignOperation | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm |
+| openssl_signature.c:73:9:73:21 | SignOperation | HashAlgorithm | openssl_signature.c:652:24:652:33 | HashAlgorithm |
 | openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:63:32:63:38 | Message |
 | openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:68:28:68:36 | Message |
 | openssl_signature.c:73:9:73:21 | SignOperation | Key | openssl_signature.c:73:53:73:56 | Key |
 | openssl_signature.c:73:9:73:21 | SignOperation | Output | openssl_signature.c:73:31:73:40 | SignatureOutput |
-| openssl_signature.c:73:53:73:56 | Key | Source | openssl_signature.c:675:34:675:37 | Key |
-| openssl_signature.c:126:52:126:55 | Key | Source | openssl_signature.c:716:34:716:37 | Key |
-| openssl_signature.c:127:38:127:44 | Message | Source | openssl_signature.c:701:37:701:67 | Constant |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Input | openssl_signature.c:127:38:127:44 | Message |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Key | openssl_signature.c:126:52:126:55 | Key |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:128:9:128:27 | SignatureOrMACOperation |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Output | openssl_signature.c:128:37:128:40 | SignatureOutput |
-| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm |
+| openssl_signature.c:73:53:73:56 | Key | Source | openssl_signature.c:666:34:666:37 | Key |
+| openssl_signature.c:98:34:98:40 | Message | Source | openssl_signature.c:651:37:651:61 | Constant |
+| openssl_signature.c:99:34:99:42 | Message | Source | openssl_signature.c:651:37:651:61 | Constant |
+| openssl_signature.c:100:9:100:23 | VerifyOperation | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm |
+| openssl_signature.c:100:9:100:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:652:24:652:33 | HashAlgorithm |
+| openssl_signature.c:100:9:100:23 | VerifyOperation | Input | openssl_signature.c:98:34:98:40 | Message |
+| openssl_signature.c:100:9:100:23 | VerifyOperation | Input | openssl_signature.c:99:34:99:42 | Message |
+| openssl_signature.c:100:9:100:23 | VerifyOperation | Key | openssl_signature.c:100:73:100:76 | Key |
+| openssl_signature.c:100:9:100:23 | VerifyOperation | Signature | openssl_signature.c:100:33:100:41 | SignatureInput |
+| openssl_signature.c:100:33:100:41 | SignatureInput | Source | openssl_signature.c:73:31:73:40 | SignatureOutput |
+| openssl_signature.c:100:73:100:76 | Key | Source | openssl_signature.c:666:34:666:37 | Key |
+| openssl_signature.c:126:52:126:55 | Key | Source | openssl_signature.c:707:34:707:37 | Key |
+| openssl_signature.c:127:38:127:44 | Message | Source | openssl_signature.c:692:37:692:67 | Constant |
+| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm |
+| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:693:24:693:33 | HashAlgorithm |
 | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Input | openssl_signature.c:127:38:127:44 | Message |
 | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Key | openssl_signature.c:126:52:126:55 | Key |
 | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation |
 | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Output | openssl_signature.c:135:37:135:46 | SignatureOutput |
-| openssl_signature.c:158:54:158:57 | Key | Source | openssl_signature.c:716:34:716:37 | Key |
-| openssl_signature.c:159:40:159:46 | Message | Source | openssl_signature.c:701:37:701:67 | Constant |
-| openssl_signature.c:160:9:160:29 | VerifyOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:160:9:160:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm |
-| openssl_signature.c:160:9:160:29 | VerifyOperation | Input | openssl_signature.c:127:38:127:44 | Message |
+| openssl_signature.c:158:54:158:57 | Key | Source | openssl_signature.c:707:34:707:37 | Key |
+| openssl_signature.c:159:40:159:46 | Message | Source | openssl_signature.c:692:37:692:67 | Constant |
+| openssl_signature.c:160:9:160:29 | VerifyOperation | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm |
+| openssl_signature.c:160:9:160:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:693:24:693:33 | HashAlgorithm |
 | openssl_signature.c:160:9:160:29 | VerifyOperation | Input | openssl_signature.c:159:40:159:46 | Message |
-| openssl_signature.c:160:9:160:29 | VerifyOperation | Key | openssl_signature.c:126:52:126:55 | Key |
 | openssl_signature.c:160:9:160:29 | VerifyOperation | Key | openssl_signature.c:158:54:158:57 | Key |
 | openssl_signature.c:160:9:160:29 | VerifyOperation | Signature | openssl_signature.c:160:39:160:47 | SignatureInput |
 | openssl_signature.c:160:39:160:47 | SignatureInput | Source | openssl_signature.c:135:37:135:46 | SignatureOutput |
-| openssl_signature.c:182:57:182:60 | Key | Source | openssl_signature.c:800:34:800:37 | Key |
-| openssl_signature.c:187:38:187:44 | Message | Source | openssl_signature.c:786:37:786:73 | Constant |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Input | openssl_signature.c:187:38:187:44 | Message |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Key | openssl_signature.c:182:57:182:60 | Key |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:188:9:188:27 | SignatureOrMACOperation |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Output | openssl_signature.c:188:37:188:40 | SignatureOutput |
-| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm |
+| openssl_signature.c:182:57:182:60 | Key | Source | openssl_signature.c:791:34:791:37 | Key |
+| openssl_signature.c:187:38:187:44 | Message | Source | openssl_signature.c:777:37:777:73 | Constant |
+| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm |
+| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:778:24:778:31 | HashAlgorithm |
 | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Input | openssl_signature.c:187:38:187:44 | Message |
 | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Key | openssl_signature.c:182:57:182:60 | Key |
 | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation |
 | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Output | openssl_signature.c:195:37:195:46 | SignatureOutput |
-| openssl_signature.c:218:59:218:62 | Key | Source | openssl_signature.c:800:34:800:37 | Key |
-| openssl_signature.c:224:40:224:46 | Message | Source | openssl_signature.c:786:37:786:73 | Constant |
-| openssl_signature.c:225:9:225:29 | VerifyOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:225:9:225:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm |
-| openssl_signature.c:225:9:225:29 | VerifyOperation | Input | openssl_signature.c:187:38:187:44 | Message |
+| openssl_signature.c:218:59:218:62 | Key | Source | openssl_signature.c:791:34:791:37 | Key |
+| openssl_signature.c:224:40:224:46 | Message | Source | openssl_signature.c:777:37:777:73 | Constant |
+| openssl_signature.c:225:9:225:29 | VerifyOperation | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm |
+| openssl_signature.c:225:9:225:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:778:24:778:31 | HashAlgorithm |
 | openssl_signature.c:225:9:225:29 | VerifyOperation | Input | openssl_signature.c:224:40:224:46 | Message |
-| openssl_signature.c:225:9:225:29 | VerifyOperation | Key | openssl_signature.c:182:57:182:60 | Key |
 | openssl_signature.c:225:9:225:29 | VerifyOperation | Key | openssl_signature.c:218:59:218:62 | Key |
 | openssl_signature.c:225:9:225:29 | VerifyOperation | Signature | openssl_signature.c:225:39:225:47 | SignatureInput |
 | openssl_signature.c:225:39:225:47 | SignatureInput | Source | openssl_signature.c:195:37:195:46 | SignatureOutput |
-| openssl_signature.c:250:39:250:42 | Key | Source | openssl_signature.c:760:34:760:37 | Key |
-| openssl_signature.c:253:9:253:21 | SignOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:253:9:253:21 | SignOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm |
-| openssl_signature.c:253:9:253:21 | SignOperation | Input | openssl_signature.c:253:54:253:59 | Message |
-| openssl_signature.c:253:9:253:21 | SignOperation | Key | openssl_signature.c:250:39:250:42 | Key |
-| openssl_signature.c:253:9:253:21 | SignOperation | Output | openssl_signature.c:253:33:253:36 | SignatureOutput |
-| openssl_signature.c:253:54:253:59 | Message | Source | openssl_signature.c:253:54:253:59 | Message |
-| openssl_signature.c:260:9:260:21 | SignOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:260:9:260:21 | SignOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm |
+| openssl_signature.c:250:39:250:42 | Key | Source | openssl_signature.c:751:34:751:37 | Key |
+| openssl_signature.c:260:9:260:21 | SignOperation | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm |
+| openssl_signature.c:260:9:260:21 | SignOperation | HashAlgorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm |
 | openssl_signature.c:260:9:260:21 | SignOperation | Input | openssl_signature.c:260:60:260:65 | Message |
 | openssl_signature.c:260:9:260:21 | SignOperation | Key | openssl_signature.c:250:39:250:42 | Key |
 | openssl_signature.c:260:9:260:21 | SignOperation | Output | openssl_signature.c:260:33:260:42 | SignatureOutput |
-| openssl_signature.c:260:60:260:65 | Message | Source | openssl_signature.c:260:60:260:65 | Message |
-| openssl_signature.c:282:39:282:42 | Key | Source | openssl_signature.c:760:34:760:37 | Key |
-| openssl_signature.c:285:9:285:23 | VerifyOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:285:9:285:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm |
+| openssl_signature.c:260:60:260:65 | Message | Source | openssl_signature.c:26:36:26:41 | Digest |
+| openssl_signature.c:282:39:282:42 | Key | Source | openssl_signature.c:751:34:751:37 | Key |
+| openssl_signature.c:285:9:285:23 | VerifyOperation | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm |
+| openssl_signature.c:285:9:285:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm |
 | openssl_signature.c:285:9:285:23 | VerifyOperation | Input | openssl_signature.c:285:61:285:66 | Message |
-| openssl_signature.c:285:9:285:23 | VerifyOperation | Key | openssl_signature.c:250:39:250:42 | Key |
 | openssl_signature.c:285:9:285:23 | VerifyOperation | Key | openssl_signature.c:282:39:282:42 | Key |
 | openssl_signature.c:285:9:285:23 | VerifyOperation | Signature | openssl_signature.c:285:35:285:43 | SignatureInput |
 | openssl_signature.c:285:35:285:43 | SignatureInput | Source | openssl_signature.c:260:33:260:42 | SignatureOutput |
-| openssl_signature.c:285:61:285:66 | Message | Source | openssl_signature.c:285:61:285:66 | Message |
-| openssl_signature.c:311:39:311:42 | Key | Source | openssl_signature.c:838:34:838:37 | Key |
-| openssl_signature.c:316:48:316:54 | Message | Source | openssl_signature.c:826:37:826:63 | Constant |
-| openssl_signature.c:317:9:317:35 | SignOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:317:9:317:35 | SignOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm |
-| openssl_signature.c:317:9:317:35 | SignOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm |
-| openssl_signature.c:317:9:317:35 | SignOperation | Input | openssl_signature.c:316:48:316:54 | Message |
-| openssl_signature.c:317:9:317:35 | SignOperation | Key | openssl_signature.c:311:39:311:42 | Key |
-| openssl_signature.c:317:9:317:35 | SignOperation | Output | openssl_signature.c:317:47:317:50 | SignatureOutput |
-| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm |
-| openssl_signature.c:324:9:324:35 | SignOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm |
+| openssl_signature.c:285:61:285:66 | Message | Source | openssl_signature.c:26:36:26:41 | Digest |
+| openssl_signature.c:311:39:311:42 | Key | Source | openssl_signature.c:829:34:829:37 | Key |
+| openssl_signature.c:316:48:316:54 | Message | Source | openssl_signature.c:817:37:817:63 | Constant |
+| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm |
+| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm |
+| openssl_signature.c:324:9:324:35 | SignOperation | HashAlgorithm | openssl_signature.c:838:85:838:96 | HashAlgorithm |
 | openssl_signature.c:324:9:324:35 | SignOperation | Input | openssl_signature.c:316:48:316:54 | Message |
 | openssl_signature.c:324:9:324:35 | SignOperation | Key | openssl_signature.c:311:39:311:42 | Key |
 | openssl_signature.c:324:9:324:35 | SignOperation | Output | openssl_signature.c:324:47:324:56 | SignatureOutput |
-| openssl_signature.c:347:39:347:42 | Key | Source | openssl_signature.c:838:34:838:37 | Key |
+| openssl_signature.c:347:39:347:42 | Key | Source | openssl_signature.c:829:34:829:37 | Key |
 | openssl_signature.c:353:42:353:50 | SignatureInput | Source | openssl_signature.c:324:47:324:56 | SignatureOutput |
-| openssl_signature.c:355:50:355:56 | Message | Source | openssl_signature.c:826:37:826:63 | Constant |
-| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm |
-| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm |
-| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm |
-| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:848:87:848:98 | HashAlgorithm |
-| openssl_signature.c:356:9:356:37 | VerifyOperation | Input | openssl_signature.c:316:48:316:54 | Message |
+| openssl_signature.c:355:50:355:56 | Message | Source | openssl_signature.c:817:37:817:63 | Constant |
+| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm |
+| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm |
+| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:839:87:839:98 | HashAlgorithm |
 | openssl_signature.c:356:9:356:37 | VerifyOperation | Input | openssl_signature.c:355:50:355:56 | Message |
-| openssl_signature.c:356:9:356:37 | VerifyOperation | Key | openssl_signature.c:311:39:311:42 | Key |
 | openssl_signature.c:356:9:356:37 | VerifyOperation | Key | openssl_signature.c:347:39:347:42 | Key |
 | openssl_signature.c:356:9:356:37 | VerifyOperation | Signature | openssl_signature.c:353:42:353:50 | SignatureInput |
-| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Mode | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm |
-| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Padding | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm |
-| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm |
-| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm |
-| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm |
-| openssl_signature.c:388:9:388:16 | SignOperation | HashAlgorithm | openssl_signature.c:604:37:604:46 | HashAlgorithm |
-| openssl_signature.c:388:9:388:16 | SignOperation | Input | openssl_signature.c:388:28:388:33 | Message |
-| openssl_signature.c:388:9:388:16 | SignOperation | Key | openssl_signature.c:389:48:389:54 | Key |
-| openssl_signature.c:388:9:388:16 | SignOperation | Output | openssl_signature.c:388:48:388:57 | SignatureOutput |
-| openssl_signature.c:388:28:388:33 | Message | Source | openssl_signature.c:388:28:388:33 | Message |
-| openssl_signature.c:389:48:389:54 | Key | Source | openssl_signature.c:389:48:389:54 | Key |
-| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Mode | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm |
-| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Padding | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | HashAlgorithm | openssl_signature.c:606:41:606:50 | HashAlgorithm |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | Input | openssl_signature.c:411:33:411:38 | Message |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | Key | openssl_signature.c:412:51:412:57 | Key |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | Signature | openssl_signature.c:411:53:411:61 | SignatureInput |
-| openssl_signature.c:411:33:411:38 | Message | Source | openssl_signature.c:411:33:411:38 | Message |
-| openssl_signature.c:411:53:411:61 | SignatureInput | Source | openssl_signature.c:411:53:411:61 | SignatureInput |
-| openssl_signature.c:412:51:412:57 | Key | Source | openssl_signature.c:412:51:412:57 | Key |
-| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm |
-| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm |
-| openssl_signature.c:524:9:524:23 | KeyGeneration | Algorithm | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm |
-| openssl_signature.c:524:9:524:23 | KeyGeneration | Output | openssl_signature.c:524:34:524:37 | Key |
-| openssl_signature.c:524:34:524:37 | Key | Algorithm | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm |
-| openssl_signature.c:551:32:551:37 | Key | Source | openssl_signature.c:551:32:551:37 | Key |
-| openssl_signature.c:554:9:554:23 | KeyGeneration | Algorithm | openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm |
-| openssl_signature.c:554:9:554:23 | KeyGeneration | KeyInput | openssl_signature.c:551:32:551:37 | Key |
-| openssl_signature.c:554:9:554:23 | KeyGeneration | Output | openssl_signature.c:554:34:554:37 | Key |
-| openssl_signature.c:554:34:554:37 | Key | Algorithm | openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm |
-| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm |
-| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm |
-| openssl_signature.c:588:9:588:23 | KeyGeneration | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm |
-| openssl_signature.c:588:9:588:23 | KeyGeneration | Output | openssl_signature.c:588:34:588:37 | Key |
-| openssl_signature.c:588:34:588:37 | Key | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm |
-| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Mode | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm |
-| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Padding | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm |
-| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm |
-| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm |
-| openssl_signature.c:675:9:675:23 | KeyGeneration | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm |
-| openssl_signature.c:675:9:675:23 | KeyGeneration | Output | openssl_signature.c:675:34:675:37 | Key |
-| openssl_signature.c:675:34:675:37 | Key | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm |
-| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:716:9:716:23 | KeyGeneration | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:716:9:716:23 | KeyGeneration | Output | openssl_signature.c:716:34:716:37 | Key |
-| openssl_signature.c:716:34:716:37 | Key | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:760:9:760:23 | KeyGeneration | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:760:9:760:23 | KeyGeneration | Output | openssl_signature.c:760:34:760:37 | Key |
-| openssl_signature.c:760:34:760:37 | Key | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:800:9:800:23 | KeyGeneration | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:800:9:800:23 | KeyGeneration | Output | openssl_signature.c:800:34:800:37 | Key |
-| openssl_signature.c:800:34:800:37 | Key | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:838:9:838:23 | KeyGeneration | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:838:9:838:23 | KeyGeneration | Output | openssl_signature.c:838:34:838:37 | Key |
-| openssl_signature.c:838:34:838:37 | Key | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | Padding | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm |
-| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | Padding | openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm |
+| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Mode | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm |
+| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Padding | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm |
+| openssl_signature.c:384:9:384:16 | SignOperation | Algorithm | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm |
+| openssl_signature.c:384:9:384:16 | SignOperation | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm |
+| openssl_signature.c:384:9:384:16 | SignOperation | HashAlgorithm | openssl_signature.c:595:37:595:46 | HashAlgorithm |
+| openssl_signature.c:384:9:384:16 | SignOperation | Input | openssl_signature.c:384:28:384:34 | Message |
+| openssl_signature.c:384:9:384:16 | SignOperation | Key | openssl_signature.c:385:48:385:54 | Key |
+| openssl_signature.c:384:9:384:16 | SignOperation | Output | openssl_signature.c:384:50:384:59 | SignatureOutput |
+| openssl_signature.c:384:28:384:34 | Message | Source | openssl_signature.c:566:37:566:74 | Constant |
+| openssl_signature.c:385:48:385:54 | Key | Source | openssl_signature.c:579:34:579:37 | Key |
+| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Mode | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm |
+| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Padding | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm |
+| openssl_signature.c:403:12:403:21 | VerifyOperation | Algorithm | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm |
+| openssl_signature.c:403:12:403:21 | VerifyOperation | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm |
+| openssl_signature.c:403:12:403:21 | VerifyOperation | HashAlgorithm | openssl_signature.c:597:41:597:50 | HashAlgorithm |
+| openssl_signature.c:403:12:403:21 | VerifyOperation | Input | openssl_signature.c:403:33:403:39 | Message |
+| openssl_signature.c:403:12:403:21 | VerifyOperation | Key | openssl_signature.c:404:51:404:57 | Key |
+| openssl_signature.c:403:12:403:21 | VerifyOperation | Signature | openssl_signature.c:403:55:403:63 | SignatureInput |
+| openssl_signature.c:403:33:403:39 | Message | Source | openssl_signature.c:566:37:566:74 | Constant |
+| openssl_signature.c:403:55:403:63 | SignatureInput | Source | openssl_signature.c:384:50:384:59 | SignatureOutput |
+| openssl_signature.c:404:51:404:57 | Key | Source | openssl_signature.c:579:34:579:37 | Key |
+| openssl_signature.c:428:11:428:21 | SignOperation | Algorithm | openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm |
+| openssl_signature.c:428:11:428:21 | SignOperation | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm |
+| openssl_signature.c:428:11:428:21 | SignOperation | HashAlgorithm | openssl_signature.c:428:11:428:21 | SignOperation |
+| openssl_signature.c:428:11:428:21 | SignOperation | Input | openssl_signature.c:428:23:428:28 | Message |
+| openssl_signature.c:428:11:428:21 | SignOperation | Key | openssl_signature.c:428:43:428:49 | Key |
+| openssl_signature.c:428:11:428:21 | SignOperation | Output | openssl_signature.c:428:11:428:21 | SignatureOutput |
+| openssl_signature.c:428:23:428:28 | Message | Source | openssl_signature.c:26:36:26:41 | Digest |
+| openssl_signature.c:428:43:428:49 | Key | Source | openssl_signature.c:546:34:546:37 | Key |
+| openssl_signature.c:484:15:484:27 | VerifyOperation | Algorithm | openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm |
+| openssl_signature.c:484:15:484:27 | VerifyOperation | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm |
+| openssl_signature.c:484:15:484:27 | VerifyOperation | HashAlgorithm | openssl_signature.c:484:15:484:27 | VerifyOperation |
+| openssl_signature.c:484:15:484:27 | VerifyOperation | Input | openssl_signature.c:484:29:484:34 | Message |
+| openssl_signature.c:484:15:484:27 | VerifyOperation | Key | openssl_signature.c:484:54:484:60 | Key |
+| openssl_signature.c:484:15:484:27 | VerifyOperation | Signature | openssl_signature.c:484:49:484:51 | SignatureInput |
+| openssl_signature.c:484:29:484:34 | Message | Source | openssl_signature.c:26:36:26:41 | Digest |
+| openssl_signature.c:484:49:484:51 | SignatureInput | Source | openssl_signature.c:428:11:428:21 | SignatureOutput |
+| openssl_signature.c:484:54:484:60 | Key | Source | openssl_signature.c:546:34:546:37 | Key |
+| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm |
+| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm |
+| openssl_signature.c:516:9:516:23 | KeyGeneration | Algorithm | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm |
+| openssl_signature.c:516:9:516:23 | KeyGeneration | Output | openssl_signature.c:516:34:516:37 | Key |
+| openssl_signature.c:516:34:516:37 | Key | Algorithm | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm |
+| openssl_signature.c:543:32:543:37 | Key | Source | openssl_signature.c:543:32:543:37 | Key |
+| openssl_signature.c:546:9:546:23 | KeyGeneration | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm |
+| openssl_signature.c:546:9:546:23 | KeyGeneration | KeyInput | openssl_signature.c:543:32:543:37 | Key |
+| openssl_signature.c:546:9:546:23 | KeyGeneration | Output | openssl_signature.c:546:34:546:37 | Key |
+| openssl_signature.c:546:34:546:37 | Key | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm |
+| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm |
+| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm |
+| openssl_signature.c:579:9:579:23 | KeyGeneration | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm |
+| openssl_signature.c:579:9:579:23 | KeyGeneration | Output | openssl_signature.c:579:34:579:37 | Key |
+| openssl_signature.c:579:34:579:37 | Key | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm |
+| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm |
+| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm |
+| openssl_signature.c:666:9:666:23 | KeyGeneration | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm |
+| openssl_signature.c:666:9:666:23 | KeyGeneration | Output | openssl_signature.c:666:34:666:37 | Key |
+| openssl_signature.c:666:34:666:37 | Key | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm |
+| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm |
+| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm |
+| openssl_signature.c:707:9:707:23 | KeyGeneration | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm |
+| openssl_signature.c:707:9:707:23 | KeyGeneration | Output | openssl_signature.c:707:34:707:37 | Key |
+| openssl_signature.c:707:34:707:37 | Key | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm |
+| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm |
+| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm |
+| openssl_signature.c:751:9:751:23 | KeyGeneration | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm |
+| openssl_signature.c:751:9:751:23 | KeyGeneration | Output | openssl_signature.c:751:34:751:37 | Key |
+| openssl_signature.c:751:34:751:37 | Key | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm |
+| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm |
+| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:185:44:185:64 | PaddingAlgorithm |
+| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:222:44:222:64 | PaddingAlgorithm |
+| openssl_signature.c:791:9:791:23 | KeyGeneration | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm |
+| openssl_signature.c:791:9:791:23 | KeyGeneration | Output | openssl_signature.c:791:34:791:37 | Key |
+| openssl_signature.c:791:34:791:37 | Key | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm |
+| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm |
+| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm |
+| openssl_signature.c:829:9:829:23 | KeyGeneration | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm |
+| openssl_signature.c:829:9:829:23 | KeyGeneration | Output | openssl_signature.c:829:34:829:37 | Key |
+| openssl_signature.c:829:34:829:37 | Key | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm |
+| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | Padding | openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm |
+| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | Padding | openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm |

cpp/ql/test/experimental/library-tests/quantum/node_properties.expected

@@ -61,9 +61,9 @@
 | openssl_pkey.c:64:9:64:24 | EncryptOperation | KeyOperationSubtype | Encrypt | openssl_pkey.c:64:9:64:24 | openssl_pkey.c:64:9:64:24 |
 | openssl_signature.c:73:9:73:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:73:9:73:21 | openssl_signature.c:73:9:73:21 |
 | openssl_signature.c:73:53:73:56 | Key | KeyType | Unknown | openssl_signature.c:73:53:73:56 | openssl_signature.c:73:53:73:56 |
+| openssl_signature.c:100:9:100:23 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:100:9:100:23 | openssl_signature.c:100:9:100:23 |
+| openssl_signature.c:100:73:100:76 | Key | KeyType | Unknown | openssl_signature.c:100:73:100:76 | openssl_signature.c:100:73:100:76 |
 | openssl_signature.c:126:52:126:55 | Key | KeyType | Unknown | openssl_signature.c:126:52:126:55 | openssl_signature.c:126:52:126:55 |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:128:9:128:27 | openssl_signature.c:128:9:128:27 |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:128:9:128:27 | openssl_signature.c:128:9:128:27 |
 | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 |
 | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 |
 | openssl_signature.c:158:54:158:57 | Key | KeyType | Unknown | openssl_signature.c:158:54:158:57 | openssl_signature.c:158:54:158:57 |
@@ -71,8 +71,6 @@
 | openssl_signature.c:182:57:182:60 | Key | KeyType | Unknown | openssl_signature.c:182:57:182:60 | openssl_signature.c:182:57:182:60 |
 | openssl_signature.c:185:44:185:64 | PaddingAlgorithm | Name | PSS | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 |
 | openssl_signature.c:185:44:185:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:188:9:188:27 | openssl_signature.c:188:9:188:27 |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:188:9:188:27 | openssl_signature.c:188:9:188:27 |
 | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 |
 | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 |
 | openssl_signature.c:218:59:218:62 | Key | KeyType | Unknown | openssl_signature.c:218:59:218:62 | openssl_signature.c:218:59:218:62 |
@@ -80,96 +78,97 @@
 | openssl_signature.c:222:44:222:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:222:44:222:64 | openssl_signature.c:222:44:222:64 |
 | openssl_signature.c:225:9:225:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:225:9:225:29 | openssl_signature.c:225:9:225:29 |
 | openssl_signature.c:250:39:250:42 | Key | KeyType | Unknown | openssl_signature.c:250:39:250:42 | openssl_signature.c:250:39:250:42 |
-| openssl_signature.c:253:9:253:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:253:9:253:21 | openssl_signature.c:253:9:253:21 |
 | openssl_signature.c:260:9:260:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:260:9:260:21 | openssl_signature.c:260:9:260:21 |
 | openssl_signature.c:282:39:282:42 | Key | KeyType | Unknown | openssl_signature.c:282:39:282:42 | openssl_signature.c:282:39:282:42 |
 | openssl_signature.c:285:9:285:23 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:285:9:285:23 | openssl_signature.c:285:9:285:23 |
 | openssl_signature.c:311:39:311:42 | Key | KeyType | Unknown | openssl_signature.c:311:39:311:42 | openssl_signature.c:311:39:311:42 |
-| openssl_signature.c:317:9:317:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:317:9:317:35 | openssl_signature.c:317:9:317:35 |
 | openssl_signature.c:324:9:324:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:324:9:324:35 | openssl_signature.c:324:9:324:35 |
 | openssl_signature.c:347:39:347:42 | Key | KeyType | Unknown | openssl_signature.c:347:39:347:42 | openssl_signature.c:347:39:347:42 |
 | openssl_signature.c:356:9:356:37 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:356:9:356:37 | openssl_signature.c:356:9:356:37 |
-| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 |
-| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | RawName | RSA_sign | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 |
-| openssl_signature.c:388:9:388:16 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 |
-| openssl_signature.c:389:48:389:54 | Key | KeyType | Unknown | openssl_signature.c:389:48:389:54 | openssl_signature.c:389:48:389:54 |
-| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 |
-| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | RawName | RSA_verify | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 |
-| openssl_signature.c:411:12:411:21 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 |
-| openssl_signature.c:412:51:412:57 | Key | KeyType | Unknown | openssl_signature.c:412:51:412:57 | openssl_signature.c:412:51:412:57 |
-| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:519:35:519:46 | openssl_signature.c:519:35:519:46 |
-| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:519:35:519:46 | openssl_signature.c:519:35:519:46 |
-| openssl_signature.c:523:51:523:54 | Constant | Description | 2048 | openssl_signature.c:523:51:523:54 | openssl_signature.c:523:51:523:54 |
-| openssl_signature.c:524:34:524:37 | Key | KeyType | Asymmetric | openssl_signature.c:524:34:524:37 | openssl_signature.c:524:34:524:37 |
-| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:541:50:541:54 | openssl_signature.c:541:50:541:54 |
-| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:541:50:541:54 | openssl_signature.c:541:50:541:54 |
-| openssl_signature.c:545:55:545:58 | Constant | Description | 2048 | openssl_signature.c:545:55:545:58 | openssl_signature.c:545:55:545:58 |
-| openssl_signature.c:551:32:551:37 | Key | KeyType | Unknown | openssl_signature.c:551:32:551:37 | openssl_signature.c:551:32:551:37 |
-| openssl_signature.c:554:34:554:37 | Key | KeyType | Asymmetric | openssl_signature.c:554:34:554:37 | openssl_signature.c:554:34:554:37 |
-| openssl_signature.c:574:37:574:74 | Constant | Description | testLowLevelRSASignAndVerify message | openssl_signature.c:574:37:574:74 | openssl_signature.c:574:37:574:74 |
-| openssl_signature.c:575:24:575:30 | HashAlgorithm | DigestSize | 128 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 |
-| openssl_signature.c:575:24:575:30 | HashAlgorithm | Name | MD5 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 |
-| openssl_signature.c:575:24:575:30 | HashAlgorithm | RawName | EVP_md5 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 |
-| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:583:35:583:46 | openssl_signature.c:583:35:583:46 |
-| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:583:35:583:46 | openssl_signature.c:583:35:583:46 |
-| openssl_signature.c:587:51:587:54 | Constant | Description | 2048 | openssl_signature.c:587:51:587:54 | openssl_signature.c:587:51:587:54 |
-| openssl_signature.c:588:34:588:37 | Key | KeyType | Asymmetric | openssl_signature.c:588:34:588:37 | openssl_signature.c:588:34:588:37 |
-| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:596:15:596:31 | openssl_signature.c:596:15:596:31 |
-| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | RawName | EVP_PKEY_get1_RSA | openssl_signature.c:596:15:596:31 | openssl_signature.c:596:15:596:31 |
-| openssl_signature.c:604:37:604:46 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 |
-| openssl_signature.c:604:37:604:46 | HashAlgorithm | Name | SHA2 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 |
-| openssl_signature.c:604:37:604:46 | HashAlgorithm | RawName | 672 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 |
-| openssl_signature.c:606:41:606:50 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 |
-| openssl_signature.c:606:41:606:50 | HashAlgorithm | Name | SHA2 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 |
-| openssl_signature.c:606:41:606:50 | HashAlgorithm | RawName | 672 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 |
-| openssl_signature.c:624:37:624:74 | Constant | Description | testLowLevelDSASignAndVerify message | openssl_signature.c:624:37:624:74 | openssl_signature.c:624:37:624:74 |
-| openssl_signature.c:625:24:625:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 |
-| openssl_signature.c:625:24:625:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 |
-| openssl_signature.c:625:24:625:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 |
-| openssl_signature.c:660:37:660:61 | Constant | Description | testEVP_SignAPI message | openssl_signature.c:660:37:660:61 | openssl_signature.c:660:37:660:61 |
-| openssl_signature.c:661:24:661:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 |
-| openssl_signature.c:661:24:661:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 |
-| openssl_signature.c:661:24:661:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 |
-| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:670:35:670:46 | openssl_signature.c:670:35:670:46 |
-| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:670:35:670:46 | openssl_signature.c:670:35:670:46 |
-| openssl_signature.c:674:51:674:54 | Constant | Description | 2048 | openssl_signature.c:674:51:674:54 | openssl_signature.c:674:51:674:54 |
-| openssl_signature.c:675:34:675:37 | Key | KeyType | Asymmetric | openssl_signature.c:675:34:675:37 | openssl_signature.c:675:34:675:37 |
-| openssl_signature.c:701:37:701:67 | Constant | Description | testEVP_DigestSignAPI message | openssl_signature.c:701:37:701:67 | openssl_signature.c:701:37:701:67 |
-| openssl_signature.c:702:24:702:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 |
-| openssl_signature.c:702:24:702:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 |
-| openssl_signature.c:702:24:702:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 |
-| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:711:35:711:46 | openssl_signature.c:711:35:711:46 |
-| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:711:35:711:46 | openssl_signature.c:711:35:711:46 |
-| openssl_signature.c:715:51:715:54 | Constant | Description | 2048 | openssl_signature.c:715:51:715:54 | openssl_signature.c:715:51:715:54 |
-| openssl_signature.c:716:34:716:37 | Key | KeyType | Asymmetric | openssl_signature.c:716:34:716:37 | openssl_signature.c:716:34:716:37 |
-| openssl_signature.c:741:37:741:66 | Constant | Description | testEVP_PKEY_signAPI message | openssl_signature.c:741:37:741:66 | openssl_signature.c:741:37:741:66 |
-| openssl_signature.c:742:24:742:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 |
-| openssl_signature.c:742:24:742:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 |
-| openssl_signature.c:742:24:742:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 |
-| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:755:35:755:46 | openssl_signature.c:755:35:755:46 |
-| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:755:35:755:46 | openssl_signature.c:755:35:755:46 |
-| openssl_signature.c:759:51:759:54 | Constant | Description | 2048 | openssl_signature.c:759:51:759:54 | openssl_signature.c:759:51:759:54 |
-| openssl_signature.c:760:34:760:37 | Key | KeyType | Asymmetric | openssl_signature.c:760:34:760:37 | openssl_signature.c:760:34:760:37 |
-| openssl_signature.c:786:37:786:73 | Constant | Description | testEVP_DigestSign_with_ctx message | openssl_signature.c:786:37:786:73 | openssl_signature.c:786:37:786:73 |
-| openssl_signature.c:787:24:787:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 |
-| openssl_signature.c:787:24:787:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 |
-| openssl_signature.c:787:24:787:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 |
-| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:795:35:795:46 | openssl_signature.c:795:35:795:46 |
-| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:795:35:795:46 | openssl_signature.c:795:35:795:46 |
-| openssl_signature.c:799:51:799:54 | Constant | Description | 2048 | openssl_signature.c:799:51:799:54 | openssl_signature.c:799:51:799:54 |
-| openssl_signature.c:800:34:800:37 | Key | KeyType | Asymmetric | openssl_signature.c:800:34:800:37 | openssl_signature.c:800:34:800:37 |
-| openssl_signature.c:826:37:826:63 | Constant | Description | testEVP_PKEY_sign_message | openssl_signature.c:826:37:826:63 | openssl_signature.c:826:37:826:63 |
-| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:833:35:833:46 | openssl_signature.c:833:35:833:46 |
-| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:833:35:833:46 | openssl_signature.c:833:35:833:46 |
-| openssl_signature.c:837:51:837:54 | Constant | Description | 2048 | openssl_signature.c:837:51:837:54 | openssl_signature.c:837:51:837:54 |
-| openssl_signature.c:838:34:838:37 | Key | KeyType | Asymmetric | openssl_signature.c:838:34:838:37 | openssl_signature.c:838:34:838:37 |
-| openssl_signature.c:847:85:847:96 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 |
-| openssl_signature.c:847:85:847:96 | HashAlgorithm | Name | SHA2 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 |
-| openssl_signature.c:847:85:847:96 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 |
-| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 |
-| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 |
-| openssl_signature.c:848:87:848:98 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 |
-| openssl_signature.c:848:87:848:98 | HashAlgorithm | Name | SHA2 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 |
-| openssl_signature.c:848:87:848:98 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 |
-| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 |
-| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 |
+| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 |
+| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | RawName | RSA_sign | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 |
+| openssl_signature.c:384:9:384:16 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 |
+| openssl_signature.c:385:48:385:54 | Key | KeyType | Unknown | openssl_signature.c:385:48:385:54 | openssl_signature.c:385:48:385:54 |
+| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 |
+| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | RawName | RSA_verify | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 |
+| openssl_signature.c:403:12:403:21 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 |
+| openssl_signature.c:404:51:404:57 | Key | KeyType | Unknown | openssl_signature.c:404:51:404:57 | openssl_signature.c:404:51:404:57 |
+| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 |
+| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | RawName | DSA_do_sign | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 |
+| openssl_signature.c:428:11:428:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 |
+| openssl_signature.c:428:43:428:49 | Key | KeyType | Unknown | openssl_signature.c:428:43:428:49 | openssl_signature.c:428:43:428:49 |
+| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 |
+| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | RawName | DSA_do_verify | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 |
+| openssl_signature.c:484:15:484:27 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 |
+| openssl_signature.c:484:54:484:60 | Key | KeyType | Unknown | openssl_signature.c:484:54:484:60 | openssl_signature.c:484:54:484:60 |
+| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:511:35:511:46 | openssl_signature.c:511:35:511:46 |
+| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:511:35:511:46 | openssl_signature.c:511:35:511:46 |
+| openssl_signature.c:515:51:515:54 | Constant | Description | 2048 | openssl_signature.c:515:51:515:54 | openssl_signature.c:515:51:515:54 |
+| openssl_signature.c:516:34:516:37 | Key | KeyType | Asymmetric | openssl_signature.c:516:34:516:37 | openssl_signature.c:516:34:516:37 |
+| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:533:50:533:54 | openssl_signature.c:533:50:533:54 |
+| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:533:50:533:54 | openssl_signature.c:533:50:533:54 |
+| openssl_signature.c:537:55:537:58 | Constant | Description | 2048 | openssl_signature.c:537:55:537:58 | openssl_signature.c:537:55:537:58 |
+| openssl_signature.c:543:32:543:37 | Key | KeyType | Unknown | openssl_signature.c:543:32:543:37 | openssl_signature.c:543:32:543:37 |
+| openssl_signature.c:546:34:546:37 | Key | KeyType | Asymmetric | openssl_signature.c:546:34:546:37 | openssl_signature.c:546:34:546:37 |
+| openssl_signature.c:566:37:566:74 | Constant | Description | testLowLevelRSASignAndVerify message | openssl_signature.c:566:37:566:74 | openssl_signature.c:566:37:566:74 |
+| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:574:35:574:46 | openssl_signature.c:574:35:574:46 |
+| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:574:35:574:46 | openssl_signature.c:574:35:574:46 |
+| openssl_signature.c:578:51:578:54 | Constant | Description | 2048 | openssl_signature.c:578:51:578:54 | openssl_signature.c:578:51:578:54 |
+| openssl_signature.c:579:34:579:37 | Key | KeyType | Asymmetric | openssl_signature.c:579:34:579:37 | openssl_signature.c:579:34:579:37 |
+| openssl_signature.c:595:37:595:46 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 |
+| openssl_signature.c:595:37:595:46 | HashAlgorithm | Name | SHA2 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 |
+| openssl_signature.c:595:37:595:46 | HashAlgorithm | RawName | 672 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 |
+| openssl_signature.c:597:41:597:50 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 |
+| openssl_signature.c:597:41:597:50 | HashAlgorithm | Name | SHA2 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 |
+| openssl_signature.c:597:41:597:50 | HashAlgorithm | RawName | 672 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 |
+| openssl_signature.c:615:37:615:74 | Constant | Description | testLowLevelDSASignAndVerify message | openssl_signature.c:615:37:615:74 | openssl_signature.c:615:37:615:74 |
+| openssl_signature.c:616:24:616:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 |
+| openssl_signature.c:616:24:616:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 |
+| openssl_signature.c:616:24:616:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 |
+| openssl_signature.c:651:37:651:61 | Constant | Description | testEVP_SignAPI message | openssl_signature.c:651:37:651:61 | openssl_signature.c:651:37:651:61 |
+| openssl_signature.c:652:24:652:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 |
+| openssl_signature.c:652:24:652:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 |
+| openssl_signature.c:652:24:652:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 |
+| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:661:35:661:46 | openssl_signature.c:661:35:661:46 |
+| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:661:35:661:46 | openssl_signature.c:661:35:661:46 |
+| openssl_signature.c:665:51:665:54 | Constant | Description | 2048 | openssl_signature.c:665:51:665:54 | openssl_signature.c:665:51:665:54 |
+| openssl_signature.c:666:34:666:37 | Key | KeyType | Asymmetric | openssl_signature.c:666:34:666:37 | openssl_signature.c:666:34:666:37 |
+| openssl_signature.c:692:37:692:67 | Constant | Description | testEVP_DigestSignAPI message | openssl_signature.c:692:37:692:67 | openssl_signature.c:692:37:692:67 |
+| openssl_signature.c:693:24:693:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 |
+| openssl_signature.c:693:24:693:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 |
+| openssl_signature.c:693:24:693:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 |
+| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:702:35:702:46 | openssl_signature.c:702:35:702:46 |
+| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:702:35:702:46 | openssl_signature.c:702:35:702:46 |
+| openssl_signature.c:706:51:706:54 | Constant | Description | 2048 | openssl_signature.c:706:51:706:54 | openssl_signature.c:706:51:706:54 |
+| openssl_signature.c:707:34:707:37 | Key | KeyType | Asymmetric | openssl_signature.c:707:34:707:37 | openssl_signature.c:707:34:707:37 |
+| openssl_signature.c:732:37:732:66 | Constant | Description | testEVP_PKEY_signAPI message | openssl_signature.c:732:37:732:66 | openssl_signature.c:732:37:732:66 |
+| openssl_signature.c:733:24:733:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 |
+| openssl_signature.c:733:24:733:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 |
+| openssl_signature.c:733:24:733:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 |
+| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:746:35:746:46 | openssl_signature.c:746:35:746:46 |
+| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:746:35:746:46 | openssl_signature.c:746:35:746:46 |
+| openssl_signature.c:750:51:750:54 | Constant | Description | 2048 | openssl_signature.c:750:51:750:54 | openssl_signature.c:750:51:750:54 |
+| openssl_signature.c:751:34:751:37 | Key | KeyType | Asymmetric | openssl_signature.c:751:34:751:37 | openssl_signature.c:751:34:751:37 |
+| openssl_signature.c:777:37:777:73 | Constant | Description | testEVP_DigestSign_with_ctx message | openssl_signature.c:777:37:777:73 | openssl_signature.c:777:37:777:73 |
+| openssl_signature.c:778:24:778:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 |
+| openssl_signature.c:778:24:778:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 |
+| openssl_signature.c:778:24:778:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 |
+| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:786:35:786:46 | openssl_signature.c:786:35:786:46 |
+| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:786:35:786:46 | openssl_signature.c:786:35:786:46 |
+| openssl_signature.c:790:51:790:54 | Constant | Description | 2048 | openssl_signature.c:790:51:790:54 | openssl_signature.c:790:51:790:54 |
+| openssl_signature.c:791:34:791:37 | Key | KeyType | Asymmetric | openssl_signature.c:791:34:791:37 | openssl_signature.c:791:34:791:37 |
+| openssl_signature.c:817:37:817:63 | Constant | Description | testEVP_PKEY_sign_message | openssl_signature.c:817:37:817:63 | openssl_signature.c:817:37:817:63 |
+| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:824:35:824:46 | openssl_signature.c:824:35:824:46 |
+| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:824:35:824:46 | openssl_signature.c:824:35:824:46 |
+| openssl_signature.c:828:51:828:54 | Constant | Description | 2048 | openssl_signature.c:828:51:828:54 | openssl_signature.c:828:51:828:54 |
+| openssl_signature.c:829:34:829:37 | Key | KeyType | Asymmetric | openssl_signature.c:829:34:829:37 | openssl_signature.c:829:34:829:37 |
+| openssl_signature.c:838:85:838:96 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 |
+| openssl_signature.c:838:85:838:96 | HashAlgorithm | Name | SHA2 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 |
+| openssl_signature.c:838:85:838:96 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 |
+| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 |
+| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 |
+| openssl_signature.c:839:87:839:98 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 |
+| openssl_signature.c:839:87:839:98 | HashAlgorithm | Name | SHA2 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 |
+| openssl_signature.c:839:87:839:98 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 |
+| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 |
+| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 |

cpp/ql/test/experimental/library-tests/quantum/nodes.expected

@@ -67,10 +67,13 @@
 | openssl_signature.c:73:9:73:21 | SignOperation |
 | openssl_signature.c:73:31:73:40 | SignatureOutput |
 | openssl_signature.c:73:53:73:56 | Key |
+| openssl_signature.c:98:34:98:40 | Message |
+| openssl_signature.c:99:34:99:42 | Message |
+| openssl_signature.c:100:9:100:23 | VerifyOperation |
+| openssl_signature.c:100:33:100:41 | SignatureInput |
+| openssl_signature.c:100:73:100:76 | Key |
 | openssl_signature.c:126:52:126:55 | Key |
 | openssl_signature.c:127:38:127:44 | Message |
-| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation |
-| openssl_signature.c:128:37:128:40 | SignatureOutput |
 | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation |
 | openssl_signature.c:135:37:135:46 | SignatureOutput |
 | openssl_signature.c:158:54:158:57 | Key |
@@ -80,8 +83,6 @@
 | openssl_signature.c:182:57:182:60 | Key |
 | openssl_signature.c:185:44:185:64 | PaddingAlgorithm |
 | openssl_signature.c:187:38:187:44 | Message |
-| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation |
-| openssl_signature.c:188:37:188:40 | SignatureOutput |
 | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation |
 | openssl_signature.c:195:37:195:46 | SignatureOutput |
 | openssl_signature.c:218:59:218:62 | Key |
@@ -90,9 +91,6 @@
 | openssl_signature.c:225:9:225:29 | VerifyOperation |
 | openssl_signature.c:225:39:225:47 | SignatureInput |
 | openssl_signature.c:250:39:250:42 | Key |
-| openssl_signature.c:253:9:253:21 | SignOperation |
-| openssl_signature.c:253:33:253:36 | SignatureOutput |
-| openssl_signature.c:253:54:253:59 | Message |
 | openssl_signature.c:260:9:260:21 | SignOperation |
 | openssl_signature.c:260:33:260:42 | SignatureOutput |
 | openssl_signature.c:260:60:260:65 | Message |
@@ -102,74 +100,80 @@
 | openssl_signature.c:285:61:285:66 | Message |
 | openssl_signature.c:311:39:311:42 | Key |
 | openssl_signature.c:316:48:316:54 | Message |
-| openssl_signature.c:317:9:317:35 | SignOperation |
-| openssl_signature.c:317:47:317:50 | SignatureOutput |
 | openssl_signature.c:324:9:324:35 | SignOperation |
 | openssl_signature.c:324:47:324:56 | SignatureOutput |
 | openssl_signature.c:347:39:347:42 | Key |
 | openssl_signature.c:353:42:353:50 | SignatureInput |
 | openssl_signature.c:355:50:355:56 | Message |
 | openssl_signature.c:356:9:356:37 | VerifyOperation |
-| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm |
-| openssl_signature.c:388:9:388:16 | SignOperation |
-| openssl_signature.c:388:28:388:33 | Message |
-| openssl_signature.c:388:48:388:57 | SignatureOutput |
-| openssl_signature.c:389:48:389:54 | Key |
-| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm |
-| openssl_signature.c:411:12:411:21 | VerifyOperation |
-| openssl_signature.c:411:33:411:38 | Message |
-| openssl_signature.c:411:53:411:61 | SignatureInput |
-| openssl_signature.c:412:51:412:57 | Key |
-| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm |
-| openssl_signature.c:523:51:523:54 | Constant |
-| openssl_signature.c:524:9:524:23 | KeyGeneration |
-| openssl_signature.c:524:34:524:37 | Key |
-| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm |
-| openssl_signature.c:545:55:545:58 | Constant |
-| openssl_signature.c:551:32:551:37 | Key |
-| openssl_signature.c:554:9:554:23 | KeyGeneration |
-| openssl_signature.c:554:34:554:37 | Key |
-| openssl_signature.c:574:37:574:74 | Constant |
-| openssl_signature.c:575:24:575:30 | HashAlgorithm |
-| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm |
-| openssl_signature.c:587:51:587:54 | Constant |
-| openssl_signature.c:588:9:588:23 | KeyGeneration |
-| openssl_signature.c:588:34:588:37 | Key |
-| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm |
-| openssl_signature.c:604:37:604:46 | HashAlgorithm |
-| openssl_signature.c:606:41:606:50 | HashAlgorithm |
-| openssl_signature.c:624:37:624:74 | Constant |
-| openssl_signature.c:625:24:625:33 | HashAlgorithm |
-| openssl_signature.c:660:37:660:61 | Constant |
-| openssl_signature.c:661:24:661:33 | HashAlgorithm |
-| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm |
-| openssl_signature.c:674:51:674:54 | Constant |
-| openssl_signature.c:675:9:675:23 | KeyGeneration |
-| openssl_signature.c:675:34:675:37 | Key |
-| openssl_signature.c:701:37:701:67 | Constant |
-| openssl_signature.c:702:24:702:33 | HashAlgorithm |
-| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm |
-| openssl_signature.c:715:51:715:54 | Constant |
-| openssl_signature.c:716:9:716:23 | KeyGeneration |
-| openssl_signature.c:716:34:716:37 | Key |
-| openssl_signature.c:741:37:741:66 | Constant |
-| openssl_signature.c:742:24:742:31 | HashAlgorithm |
-| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm |
-| openssl_signature.c:759:51:759:54 | Constant |
-| openssl_signature.c:760:9:760:23 | KeyGeneration |
-| openssl_signature.c:760:34:760:37 | Key |
-| openssl_signature.c:786:37:786:73 | Constant |
-| openssl_signature.c:787:24:787:31 | HashAlgorithm |
-| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm |
-| openssl_signature.c:799:51:799:54 | Constant |
-| openssl_signature.c:800:9:800:23 | KeyGeneration |
-| openssl_signature.c:800:34:800:37 | Key |
-| openssl_signature.c:826:37:826:63 | Constant |
-| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm |
-| openssl_signature.c:837:51:837:54 | Constant |
-| openssl_signature.c:838:9:838:23 | KeyGeneration |
-| openssl_signature.c:838:34:838:37 | Key |
-| openssl_signature.c:847:85:847:96 | HashAlgorithm |
-| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm |
-| openssl_signature.c:848:87:848:98 | HashAlgorithm |
-| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm |
+| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm |
+| openssl_signature.c:384:9:384:16 | SignOperation |
+| openssl_signature.c:384:28:384:34 | Message |
+| openssl_signature.c:384:50:384:59 | SignatureOutput |
+| openssl_signature.c:385:48:385:54 | Key |
+| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm |
+| openssl_signature.c:403:12:403:21 | VerifyOperation |
+| openssl_signature.c:403:33:403:39 | Message |
+| openssl_signature.c:403:55:403:63 | SignatureInput |
+| openssl_signature.c:404:51:404:57 | Key |
+| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm |
+| openssl_signature.c:428:11:428:21 | SignOperation |
+| openssl_signature.c:428:11:428:21 | SignatureOutput |
+| openssl_signature.c:428:23:428:28 | Message |
+| openssl_signature.c:428:43:428:49 | Key |
+| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm |
+| openssl_signature.c:484:15:484:27 | VerifyOperation |
+| openssl_signature.c:484:29:484:34 | Message |
+| openssl_signature.c:484:49:484:51 | SignatureInput |
+| openssl_signature.c:484:54:484:60 | Key |
+| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm |
+| openssl_signature.c:515:51:515:54 | Constant |
+| openssl_signature.c:516:9:516:23 | KeyGeneration |
+| openssl_signature.c:516:34:516:37 | Key |
+| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm |
+| openssl_signature.c:537:55:537:58 | Constant |
+| openssl_signature.c:543:32:543:37 | Key |
+| openssl_signature.c:546:9:546:23 | KeyGeneration |
+| openssl_signature.c:546:34:546:37 | Key |
+| openssl_signature.c:566:37:566:74 | Constant |
+| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm |
+| openssl_signature.c:578:51:578:54 | Constant |
+| openssl_signature.c:579:9:579:23 | KeyGeneration |
+| openssl_signature.c:579:34:579:37 | Key |
+| openssl_signature.c:595:37:595:46 | HashAlgorithm |
+| openssl_signature.c:597:41:597:50 | HashAlgorithm |
+| openssl_signature.c:615:37:615:74 | Constant |
+| openssl_signature.c:616:24:616:33 | HashAlgorithm |
+| openssl_signature.c:651:37:651:61 | Constant |
+| openssl_signature.c:652:24:652:33 | HashAlgorithm |
+| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm |
+| openssl_signature.c:665:51:665:54 | Constant |
+| openssl_signature.c:666:9:666:23 | KeyGeneration |
+| openssl_signature.c:666:34:666:37 | Key |
+| openssl_signature.c:692:37:692:67 | Constant |
+| openssl_signature.c:693:24:693:33 | HashAlgorithm |
+| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm |
+| openssl_signature.c:706:51:706:54 | Constant |
+| openssl_signature.c:707:9:707:23 | KeyGeneration |
+| openssl_signature.c:707:34:707:37 | Key |
+| openssl_signature.c:732:37:732:66 | Constant |
+| openssl_signature.c:733:24:733:31 | HashAlgorithm |
+| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm |
+| openssl_signature.c:750:51:750:54 | Constant |
+| openssl_signature.c:751:9:751:23 | KeyGeneration |
+| openssl_signature.c:751:34:751:37 | Key |
+| openssl_signature.c:777:37:777:73 | Constant |
+| openssl_signature.c:778:24:778:31 | HashAlgorithm |
+| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm |
+| openssl_signature.c:790:51:790:54 | Constant |
+| openssl_signature.c:791:9:791:23 | KeyGeneration |
+| openssl_signature.c:791:34:791:37 | Key |
+| openssl_signature.c:817:37:817:63 | Constant |
+| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm |
+| openssl_signature.c:828:51:828:54 | Constant |
+| openssl_signature.c:829:9:829:23 | KeyGeneration |
+| openssl_signature.c:829:34:829:37 | Key |
+| openssl_signature.c:838:85:838:96 | HashAlgorithm |
+| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm |
+| openssl_signature.c:839:87:839:98 | HashAlgorithm |
+| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm |

cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c

@@ -363,10 +363,10 @@ cleanup:
     return ret;
 }
 
-/* =============================================================================
- * LOW-LEVEL RSA API - Algorithm-specific functions (deprecated)
- * =============================================================================
- */
+// /* =============================================================================
+//  * LOW-LEVEL RSA API - Algorithm-specific functions (deprecated)
+//  * =============================================================================
+//  */
 
 /**
  * Sign using low-level RSA_sign API (deprecated, RSA-only)
@@ -374,18 +374,14 @@ cleanup:
  */
 int sign_using_rsa_sign(const unsigned char *message, size_t message_len,
                        unsigned char **signature, size_t *signature_len,
-                       RSA *rsa_key, int hash_nid, const EVP_MD *md) {
-    unsigned char digest[EVP_MAX_MD_SIZE];
-    unsigned int digest_len;
+                       RSA *rsa_key, int hash_nid) {
     int ret = 0;
     
-    if (!create_digest(message, message_len, md, digest, &digest_len)) return 0;
-    
     *signature_len = RSA_size(rsa_key);
     *signature = OPENSSL_malloc(*signature_len);
     if (!*signature) return 0;
-    
-    if (RSA_sign(hash_nid, digest, digest_len, *signature, 
+
+    if (RSA_sign(hash_nid, message, message_len, *signature,
                  (unsigned int*)signature_len, rsa_key) == 1) {
         ret = 1;
     } else {
@@ -402,20 +398,16 @@ int sign_using_rsa_sign(const unsigned char *message, size_t message_len,
  */
 int verify_using_rsa_verify(const unsigned char *message, size_t message_len,
                            const unsigned char *signature, size_t signature_len,
-                           RSA *rsa_key, int hash_nid, const EVP_MD *md) {
-    unsigned char digest[EVP_MAX_MD_SIZE];
-    unsigned int digest_len;
-    
-    if (!create_digest(message, message_len, md, digest, &digest_len)) return 0;
-    
-    return RSA_verify(hash_nid, digest, digest_len, signature, 
+                           RSA *rsa_key, int hash_nid) {
+
+    return RSA_verify(hash_nid, message, message_len, signature,
                      (unsigned int)signature_len, rsa_key);
 }
 
-/* =============================================================================
- * LOW-LEVEL DSA API - Algorithm-specific functions (deprecated)
- * =============================================================================
- */
+// /* =============================================================================
+//  * LOW-LEVEL DSA API - Algorithm-specific functions (deprecated)
+//  * =============================================================================
+//  */
 
 /**
  * Sign using low-level DSA_do_sign API (deprecated, DSA-only)
@@ -572,7 +564,6 @@ int testLowLevelRSASignAndVerify(){
     EVP_PKEY *key = NULL;
     RSA *rsa_key = NULL;
     const unsigned char message[] = "testLowLevelRSASignAndVerify message";
-    const EVP_MD *md = EVP_md5();
     const size_t message_len = strlen((char *)message);
     unsigned char *sig = NULL;
     size_t sig_len = 0;
@@ -601,9 +592,9 @@ int testLowLevelRSASignAndVerify(){
     }
 
     if (sign_using_rsa_sign(message, message_len, &sig, &sig_len, 
-                           rsa_key, NID_sha256, md) &&
+                           rsa_key, NID_sha256) &&
         verify_using_rsa_verify(message, message_len, sig, sig_len, 
-                               rsa_key, NID_sha256, md)) {
+                               rsa_key, NID_sha256)) {
         printf("PASS\n");
     } else {
         printf("FAIL\n");