From: Stefan Sperling <stsp@stsp.name>
Subject: abort() calls in hash.c
To: gameoftrees@openbsd.org
Date: Fri, 9 Aug 2024 21:52:49 +0200

In the spirit of commit b808e01085d775b284878dfeea5c06339a9f2ec2 shouldn't
we keep the abort() call in got_hash_final_object_id() intact even with
sha2 support in place?

I've added a few more that catch invalid hash algos in other places, too.
None of these should ever trigger, regress seems happy.

ok?

diff /home/stsp/src/got
commit - faf51db5e8152629d9c4aa4672b3f26e6acecf10
path + /home/stsp/src/got
blob - d91f248fe08f8bda24931834c38c29dfd8d08fd2
file + lib/hash.c
--- lib/hash.c
+++ lib/hash.c
@@ -198,6 +198,8 @@ got_hash_init(struct got_hash *hash, enum got_hash_alg
 		SHA1Init(&hash->sha1_ctx);
 	else if (algo == GOT_HASH_SHA256)
 		SHA256Init(&hash->sha256_ctx);
+	else
+		abort();
 }
 
 void
@@ -207,6 +209,8 @@ got_hash_update(struct got_hash *hash, const void *dat
 		SHA1Update(&hash->sha1_ctx, data, len);
 	else if (hash->algo == GOT_HASH_SHA256)
 		SHA256Update(&hash->sha256_ctx, data, len);
+	else
+		abort();
 }
 
 void
@@ -216,6 +220,8 @@ got_hash_final(struct got_hash *hash, uint8_t *out)
 		SHA1Final(out, &hash->sha1_ctx);
 	else if (hash->algo == GOT_HASH_SHA256)
 		SHA256Final(out, &hash->sha256_ctx);
+	else
+		abort();
 }
 
 void
@@ -225,8 +231,10 @@ got_hash_final_object_id(struct got_hash *hash, struct
 	id->algo = hash->algo;
 	if (hash->algo == GOT_HASH_SHA1)
 		SHA1Final(id->hash, &hash->sha1_ctx);
-	else
+	else if (hash->algo == GOT_HASH_SHA256)
 		SHA256Final(id->hash, &hash->sha256_ctx);
+	else
+		abort();
 }
 
 int
@@ -236,5 +244,7 @@ got_hash_cmp(enum got_hash_algorithm algo, uint8_t *b1
 		return memcmp(b1, b2, SHA1_DIGEST_LENGTH);
 	else if (algo == GOT_HASH_SHA256)
 		return memcmp(b1, b2, SHA256_DIGEST_LENGTH);
+	else
+		abort();
 	return -1;
 }