On Fri, Aug 09, 2024 at 09:52:49PM +0200, Stefan Sperling wrote:
> In the spirit of commit b808e01085d775b284878dfeea5c06339a9f2ec2 shouldn't
> we keep the abort() call in got_hash_final_object_id() intact even with
> sha2 support in place?
> 
> I've added a few more that catch invalid hash algos in other places, too.
> None of these should ever trigger, regress seems happy.
> 
> ok?

ping

> 
> diff /home/stsp/src/got
> commit - faf51db5e8152629d9c4aa4672b3f26e6acecf10
> path + /home/stsp/src/got
> blob - d91f248fe08f8bda24931834c38c29dfd8d08fd2
> file + lib/hash.c
> --- lib/hash.c
> +++ lib/hash.c
> @@ -198,6 +198,8 @@ got_hash_init(struct got_hash *hash, enum got_hash_alg
>  		SHA1Init(&hash->sha1_ctx);
>  	else if (algo == GOT_HASH_SHA256)
>  		SHA256Init(&hash->sha256_ctx);
> +	else
> +		abort();
>  }
>  
>  void
> @@ -207,6 +209,8 @@ got_hash_update(struct got_hash *hash, const void *dat
>  		SHA1Update(&hash->sha1_ctx, data, len);
>  	else if (hash->algo == GOT_HASH_SHA256)
>  		SHA256Update(&hash->sha256_ctx, data, len);
> +	else
> +		abort();
>  }
>  
>  void
> @@ -216,6 +220,8 @@ got_hash_final(struct got_hash *hash, uint8_t *out)
>  		SHA1Final(out, &hash->sha1_ctx);
>  	else if (hash->algo == GOT_HASH_SHA256)
>  		SHA256Final(out, &hash->sha256_ctx);
> +	else
> +		abort();
>  }
>  
>  void
> @@ -225,8 +231,10 @@ got_hash_final_object_id(struct got_hash *hash, struct
>  	id->algo = hash->algo;
>  	if (hash->algo == GOT_HASH_SHA1)
>  		SHA1Final(id->hash, &hash->sha1_ctx);
> -	else
> +	else if (hash->algo == GOT_HASH_SHA256)
>  		SHA256Final(id->hash, &hash->sha256_ctx);
> +	else
> +		abort();
>  }
>  
>  int
> @@ -236,5 +244,7 @@ got_hash_cmp(enum got_hash_algorithm algo, uint8_t *b1
>  		return memcmp(b1, b2, SHA1_DIGEST_LENGTH);
>  	else if (algo == GOT_HASH_SHA256)
>  		return memcmp(b1, b2, SHA256_DIGEST_LENGTH);
> +	else
> +		abort();
>  	return -1;
>  }
> 
>