Merge pull request #19880 from bdrodes/operation_step_refactor

Crypto: Refactor OpenSSL operation step data-flow logic

Author: nicolaswill

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll

@@ -54,13 +54,15 @@ class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HmacAlgorithmIns
     then
       // ASSUMPTION: if there is an explicit hash algorithm, it is already modeled
       // and we can simply grab that model's AVC
-      exists(OpenSslAlgorithmInstance inst | inst.getAvc() = result and inst = this)
+      this.(OpenSslAlgorithmInstance).getAvc() = result
     else
-      // ASSUMPTION: If no explicit algorithm is given, then it is assumed to be configured by
-      // a signature operation
-      exists(Crypto::SignatureOperationInstance s |
-        s.getHashAlgorithmValueConsumer() = result and
-        s.getAnAlgorithmValueConsumer() = this.getAvc()
+      // ASSUMPTION: If no explicit algorithm is given, then find
+      // where the current AVC traces to a HashAlgorithmIO consuming operation step.
+      // TODO: need to consider getting reset values, tracing down to the first set for now
+      exists(OperationStep s, AvcContextCreationStep avc |
+        avc = this.getAvc() and
+        avc.flowsToOperationStep(s) and
+        s.getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result
       )
   }
 }