Crypto: Overhaul of EVP final/init/update to now use a more general 'OperationStep' mechanic.

2026-04-30 19:26:02 +02:00 · 2025-06-24 16:03:25 -04:00
parent 9a064de86e
commit bd0efbe48c
18 changed files with 2100 additions and 1209 deletions
--- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll
+++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll
@@ -56,11 +56,13 @@ class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HMACAlgorithmIns
      // and we can simply grab that model's AVC
      exists(OpenSslAlgorithmInstance inst | inst.getAvc() = result and inst = this)
    else
-      // ASSUMPTION: If no explicit algorithm is given, then it is assumed to be configured by
-      // a signature operation
-      exists(Crypto::SignatureOperationInstance s |
-        s.getHashAlgorithmValueConsumer() = result and
-        s.getAnAlgorithmValueConsumer() = this.getAvc()
+      // ASSUMPTION: If no explicit algorithm is given, then find
+      // where the current AVC traces to a HashAlgorithmIO consuming operation step.
+      // TODO: need to consider getting reset values, tracing down to the first set for now
+      exists(OperationStep s, AvcContextCreationStep avc |
+        avc = this.getAvc() and
+        avc.flowsToOperationStep(s) and
+        s.getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result
      )
  }
 }