Intermediate progress towards getting hashing upgraded. Still need to handle the final and update mechanics, matching the JCA. Similarly need to update cipher to follow the JCA for update/final as well.

Author: bdrodes

cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/OpenSSLAlgorithmInstances.qll

@@ -2,3 +2,4 @@ import OpenSSLAlgorithmInstanceBase
 import CipherAlgorithmInstance
 import PaddingAlgorithmInstance
 import BlockAlgorithmInstance
+import HashAlgorithmInstance

cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumers.qll

@@ -2,3 +2,4 @@ import OpenSSLAlgorithmValueConsumerBase
 import CipherAlgorithmValueConsumer
 import DirectAlgorithmValueConsumer
 import PaddingAlgorithmValueConsumer
+import HashAlgorithmValueConsumer

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPCipherConsumers.qll

@@ -4,9 +4,7 @@ import EVPCipherInitializer
 import OpenSSLOperationBase
 import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
 
-// import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.AlgorithmValueConsumers
-// import OpenSSLOperation
-module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
+private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     exists(OpenSSLAlgorithmValueConsumer c | c.getResultNode() = source)
   }
@@ -16,8 +14,10 @@ module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
   }
 }
 
-module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
+private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
 
+// import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.AlgorithmValueConsumers
+// import OpenSSLOperation
 // class EVPCipherOutput extends CipherOutputArtifact {
 //   EVPCipherOutput() { exists(EVP_Cipher_Operation op | op.getOutputArg() = this) }
 //   override DataFlow::Node getOutputNode() { result.asDefiningArgument() = this }
@@ -81,6 +81,8 @@ class EVP_Cipher_Call extends EVP_Cipher_Operation {
   override Expr getInputArg() { result = this.(Call).getArgument(2) }
 }
 
+// ******* TODO  NEED to model UPDATE but not as the coree operation, rather a step towards final,
+// see the JCA
 // class EVP_Encrypt_Decrypt_or_Cipher_Update_Call extends EVP_Update_Call {
 //   EVP_Encrypt_Decrypt_or_Cipher_Update_Call() {
 //     this.(Call).getTarget().getName() in [

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashAlgorithmSource.qll

@@ -1 +1,3 @@
+import OpenSSLOperationBase
 import EVPCipherOperation
+import EVPHashOperation

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashConsumers.qll

@@ -386,7 +386,7 @@ module JCAModel {
 
     override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) }
 
-    override int getDigestLength() { exists(hash_name_to_type_known(hashName, result)) }
+    override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) }
   }
 
   class OAEPPaddingAlgorithmInstance extends Crypto::OAEPPaddingAlgorithmInstance,
@@ -829,7 +829,7 @@ module JCAModel {
       result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _)
     }
 
-    override int getDigestLength() {
+    override int getFixedDigestLength() {
       exists(hash_name_to_type_known(this.getRawHashAlgorithmName(), result))
     }
   }
@@ -1237,7 +1237,7 @@ module JCAModel {
       result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _)
     }
 
-    override int getDigestLength() {
+    override int getFixedDigestLength() {
       exists(hash_name_to_type_known(this.getRawHashAlgorithmName(), result))
     }