GH-49752: Fix potential buffer overrun in gandiva ssl function.

[lriggs]

Rationale for this change

Fixes security related problems found in gdv_hash_using_openssl. Those problems were not deemed to be a security risk.

What changes are included in this PR?

[hash_utils.h:41, hash_utils.cc:66] Removed GANDIVA_EXPORT from gdv_hash_using_openssl — it's an internal helper, not part of the public API.

[hash_utils.cc:105] Changed && → || in the validation condition. The original only errored when both checks failed; now it errors when either result_length != hash_digest_size or result_buf_size != (2 * hash_digest_size).

[hash_utils.cc:135] Fixed snprintf buffer size, so it correctly accounts for the already-written bytes and prevents potential out-of-bounds writes. Allocate result_buf_size + 1 bytes — the extra byte absorbs the final null terminator. Pass result_buf_size - result_buff_index + 1 to snprintf — reflects the actual remaining space (2 hex chars + 1 null = 3 bytes on the last call), preventing any potential overflow if the format ever changed.

Are these changes tested?

Yes, unit tests.

Are there any user-facing changes?

No.

• GitHub Issue: [C++][Gandiva] gdv_hash_using_openssl() has some problems #49752

[dmitry-chirkov-dremio]

We now accessing gdv_hash_using_openssl() in a roundabout way.
I'd be fine in this case to proceed without the test.
There's a way to make gdv_hash_using_openssl() "internal" for the sake of this test bug is it worth it?

[dmitry-chirkov-dremio]

p.s. rest looks good so once we have a call on test vs no test I can approve.

[lriggs]

None of the changes are because of the test. I removed GANDIVA_EXPORT since that wasn't needed and was identified as potential risk.

[lriggs]

The test actually does cause a problem on Windows when linking against the ssl function for some reason. It works on other OSs. Im going to just remove it since it wasn't a highly valuable test, it only tested the input check.