Crypto: Code scanning warning corrections.

bdrodes · bdrodes · commit 072765abca75 · 2025-06-25T11:16:49.000-04:00
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/CtxTypes.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/CtxTypes.qll
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll
@@ -154,8 +154,7 @@ class EvpCipherUpdateCall extends OperationStep {
 }
 
 /**
- * see: https://docs.openssl.org/master/man3/EVP_EncryptInit/#synopsis
- * Base configuration for all EVP cipher operations.
+ * A base configuration for all EVP cipher operations.
  */
 abstract class EvpCipherOperationFinalStep extends OperationStep {
   override DataFlow::Node getInput(IOType type) {
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll
@@ -56,15 +56,15 @@ class EvpDigestUpdateCall extends OperationStep {
 /**
  * A base class for final digest operations.
  */
-abstract class EVPFinalDigestOperationStep extends OperationStep {
+abstract class EvpFinalDigestOperationStep extends OperationStep {
   override OperationStepType getStepType() { result = FinalStep() }
 }
 
 /**
  * A call to `EVP_Q_digest`
  * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
  */
-class EvpQDigestOperation extends EVPFinalDigestOperationStep {
+class EvpQDigestOperation extends EvpFinalDigestOperationStep {
   EvpQDigestOperation() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
 
   override DataFlow::Node getInput(IOType type) {
@@ -83,7 +83,7 @@ class EvpQDigestOperation extends EVPFinalDigestOperationStep {
   }
 }
 
-class EvpDigestOperation extends EVPFinalDigestOperationStep {
+class EvpDigestOperation extends EvpFinalDigestOperationStep {
   EvpDigestOperation() { this.(Call).getTarget().getName() = "EVP_Digest" }
 
   override DataFlow::Node getInput(IOType type) {
@@ -100,7 +100,7 @@ class EvpDigestOperation extends EVPFinalDigestOperationStep {
 /**
  * A call to EVP_DigestFinal variants
  */
-class EvpDigestFinalCall extends EVPFinalDigestOperationStep {
+class EvpDigestFinalCall extends EvpFinalDigestOperationStep {
   EvpDigestFinalCall() {
     this.(Call).getTarget().getName() in [
         "EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"
@@ -122,7 +122,7 @@ class EvpDigestFinalCall extends EVPFinalDigestOperationStep {
 /**
  * An openssl digest final hash operation instance
  */
-class EvpDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof EVPFinalDigestOperationStep
+class EvpDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof EvpFinalDigestOperationStep
 {
   override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
     super.getPrimaryAlgorithmValueConsumer() = result
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll
@@ -6,8 +6,6 @@ import semmle.code.cpp.dataflow.new.DataFlow
 // even if only importing the operation by itself.
 import EVPPKeyCtxInitializer
 
-//TODO: this needs to just be ctx type definitions
-// private import experimental.quantum.OpenSSL.CtxTypes
 /**
  * An openSSL CTX type, which is type for which the stripped underlying type
  * matches the pattern 'evp_%ctx_%st'.
@@ -51,13 +49,6 @@ class CtxPointerArgument extends CtxPointerExpr {
   Call getCall() { result.getAnArgument() = this }
 }
 
-/**
- * A call returning a CtxPointerExpr.
- */
-private class CtxPointerReturn extends CtxPointerExpr instanceof Call {
-  Call getCall() { result = this }
-}
-
 /**
  * The type of inputs and ouputs for an `OperationStep`.
  */
@@ -330,9 +321,6 @@ abstract class OperationStep extends Call {
  *     we will use both cases as primary inputs.
  */
 class AvcContextCreationStep extends OperationStep instanceof OpenSslAlgorithmValueConsumer {
-  DataFlow::Node output;
-  DataFlow::Node input;
-
   override DataFlow::Node getOutput(IOType type) {
     type = ContextIO() and result = super.getResultNode()
   }
@@ -477,7 +465,7 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig {
     // is defined.
     exists(OperationStep s | s.getAnInput() = node1 and s.getAnOutput() = node2)
     // TODO: consideration for additional alises defined as follows:
-    // if an output from an operation step itself flows from teh output of another operation step
+    // if an output from an operation step itself flows from the output of another operation step
     // then the source of that flow's outputs (all of them) are potential aliases
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -154,8 +154,7 @@ class EvpCipherUpdateCall extends OperationStep {`
`154`	`154`	`}`
`155`	`155`
`156`	`156`	`/**`
`157`		`- * see: https://docs.openssl.org/master/man3/EVP_EncryptInit/#synopsis`
`158`		`- * Base configuration for all EVP cipher operations.`
	`157`	`+ * A base configuration for all EVP cipher operations.`
`159`	`158`	`*/`
`160`	`159`	`abstract class EvpCipherOperationFinalStep extends OperationStep {`
`161`	`160`	`override DataFlow::Node getInput(IOType type) {`