Quantum: Add OpenSSL PKEY algorithm value consumers.

[bdrodes]

Value consumer modeling for PKEY alg consumers in openssl.

[Copilot]

Pull Request Overview

Adds modeling of PKEY algorithm value consumers for OpenSSL in CodeQL, enabling data-flow analysis for EVP_PKEY_* operations.

• Introduces a new PKeyAlgorithmValueConsumer subclass (EVPPKeyAlgorithmConsumer) to capture algorithm arguments for various EVP_PKEY functions.
• Registers the new consumer in OpenSSLAlgorithmValueConsumers.qll.
• Updates Language.qll to use the new taint-tracking API (TaintTracking) and adds a ConstantDataSource for literals.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll	New consumer class capturing algorithm arguments for EVP_PKEY calls
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumers.qll	Imports the new PKey algorithm value consumer
cpp/ql/lib/experimental/quantum/Language.qll	Switches to TaintTracking API and adds ConstantDataSource

Comments suppressed due to low confidence (2)

cpp/ql/lib/experimental/quantum/Language.qll:110

• The DataFlow::ConfigSig interface is referenced but DataFlow is no longer imported; add back import semmle.code.cpp.dataflow.new.DataFlow or update this to use TaintTracking.

module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll:10

• No unit tests have been added for this new consumer; consider adding tests that cover each EVP_PKEY_* function case to validate correct data-flow modeling.

class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {

[nicolaswill]

Can you test this with MRVA or DCA before merging? I worry the performance impact will be severe from this.