[PATCH 3/4] hash: provide generic wrappers to update hash contexts

[Patrick Steinhardt <ps@pks.im>]

The hash context is supposed to be updated via the `git_hash_algo`
structure, which contains a list of function pointers to update, clone
or finalize a hashing context. This requires the callers to track which
algorithm was used to initialize the context and continue to use the
exact same algorithm. If they fail to do that correctly, it can happen
that we start to access context state of one hash algorithm with
functions of a different hash algorithm. The result would typically be a
segfault, as could be seen e.g. in the patches part of 98422943f0 (Merge
branch 'ps/weak-sha1-for-tail-sum-fix', 2025-01-01).

The situation was significantly improved starting with 04292c3796
(hash.h: drop unsafe_ function variants, 2025-01-23) and its parent
commits. These refactorings ensure that it is not possible to mix up
safe and unsafe variants of the same hash algorithm anymore. But in
theory, it is still possible to mix up different hash algorithms with
each other, even though this is a lot less likely to happen.

But still, we can do better: instead of asking the caller to remember
the hash algorithm used to initialize a context, we can instead make the
context itself remember which algorithm it has been initialized with. If
we do so, callers can use a set of generic helpers to update the context
and don't need to be aware of the hash algorithm at all anymore.

Adapt the context initialization functions to store the hash algorithm
in the hashing context and introduce these generic helpers. Callers will
be adapted in the subsequent commit.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
 hash.h        | 21 +++++++++++++++++++++
 object-file.c |  6 ++++++
 2 files changed, 27 insertions(+)

diff --git a/hash.h b/hash.h
index 42b52c6dae..4367acfec5 100644
--- a/hash.h
+++ b/hash.h
@@ -235,6 +235,7 @@ enum get_oid_result {
 
 /* A suitably aligned type for stack allocations of hash contexts. */
 struct git_hash_ctx {
+	const struct git_hash_algo *algop;
 	union {
 		git_SHA_CTX sha1;
 		git_SHA_CTX_unsafe sha1_unsafe;
@@ -296,6 +297,26 @@ struct git_hash_algo {
 };
 extern const struct git_hash_algo hash_algos[GIT_HASH_NALGOS];
 
+static inline void git_hash_clone(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
+{
+	src->algop->clone_fn(dst, src);
+}
+
+static inline void git_hash_update(struct git_hash_ctx *ctx, const void *in, size_t len)
+{
+	ctx->algop->update_fn(ctx, in, len);
+}
+
+static inline void git_hash_final(unsigned char *hash, struct git_hash_ctx *ctx)
+{
+	ctx->algop->final_fn(hash, ctx);
+}
+
+static inline void git_hash_final_oid(struct object_id *oid, struct git_hash_ctx *ctx)
+{
+	ctx->algop->final_oid_fn(oid, ctx);
+}
+
 /*
  * Return a GIT_HASH_* constant based on the name.  Returns GIT_HASH_UNKNOWN if
  * the name doesn't match a known algorithm.
diff --git a/object-file.c b/object-file.c
index 154bcfce78..b7f2af515f 100644
--- a/object-file.c
+++ b/object-file.c
@@ -88,11 +88,13 @@ static const struct object_id null_oid_sha256 = {
 
 static void git_hash_sha1_init(struct git_hash_ctx *ctx)
 {
+	ctx->algop = &hash_algos[GIT_HASH_SHA1];
 	git_SHA1_Init(&ctx->state.sha1);
 }
 
 static void git_hash_sha1_clone(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
 {
+	dst->algop = src->algop;
 	git_SHA1_Clone(&dst->state.sha1, &src->state.sha1);
 }
 
@@ -115,11 +117,13 @@ static void git_hash_sha1_final_oid(struct object_id *oid, struct git_hash_ctx *
 
 static void git_hash_sha1_init_unsafe(struct git_hash_ctx *ctx)
 {
+	ctx->algop = unsafe_hash_algo(&hash_algos[GIT_HASH_SHA1]);
 	git_SHA1_Init_unsafe(&ctx->state.sha1_unsafe);
 }
 
 static void git_hash_sha1_clone_unsafe(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
 {
+	dst->algop = src->algop;
 	git_SHA1_Clone_unsafe(&dst->state.sha1_unsafe, &src->state.sha1_unsafe);
 }
 
@@ -143,11 +147,13 @@ static void git_hash_sha1_final_oid_unsafe(struct object_id *oid, struct git_has
 
 static void git_hash_sha256_init(struct git_hash_ctx *ctx)
 {
+	ctx->algop = unsafe_hash_algo(&hash_algos[GIT_HASH_SHA256]);
 	git_SHA256_Init(&ctx->state.sha256);
 }
 
 static void git_hash_sha256_clone(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
 {
+	dst->algop = src->algop;
 	git_SHA256_Clone(&dst->state.sha256, &src->state.sha256);
 }
 

-- 
2.48.1.502.g6dc24dfdaf.dirty