diff options
| author | Roland Shoemaker <roland@golang.org> | 2026-03-27 08:40:08 -0700 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2026-03-27 13:05:00 -0700 |
| commit | 5a0e0838232d7aa7c82b5a33d89458c01ccd4ffc (patch) | |
| tree | c7aa332a4ec9f22087e127e704dda5049fdcee15 /src | |
| parent | 90adad7b2565d456bf5e120a59a07ff31f3ada45 (diff) | |
| download | go-5a0e0838232d7aa7c82b5a33d89458c01ccd4ffc.tar.xz | |
crypto: disallow RegisterHash with hash value 0
We already prevent registering hash values larger than the number of
hashes we actually have, but for some reason we don't prevent
registering hash value 0, which is the sentinel value we typically use
for "no hash". This change adds a check to prevent registering hash
value 0.
Fixes #60548
Change-Id: Ifd6edffb22b268ef282eae1b2ae4cc0ce748776c
Reviewed-on: https://go-review.googlesource.com/c/go/+/760280
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/crypto.go | 2 | ||||
| -rw-r--r-- | src/crypto/crypto_test.go | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/src/crypto/crypto.go b/src/crypto/crypto.go index 0bf9ec834b..51275942a6 100644 --- a/src/crypto/crypto.go +++ b/src/crypto/crypto.go @@ -143,7 +143,7 @@ func (h Hash) Available() bool { // hash function. This is intended to be called from the init function in // packages that implement hash functions. func RegisterHash(h Hash, f func() hash.Hash) { - if h >= maxHash { + if h == 0 || h >= maxHash { panic("crypto: RegisterHash of unknown hash function") } hashes[h] = f diff --git a/src/crypto/crypto_test.go b/src/crypto/crypto_test.go index 66babcc2fb..9cd62dce19 100644 --- a/src/crypto/crypto_test.go +++ b/src/crypto/crypto_test.go @@ -9,9 +9,11 @@ import ( "crypto" "crypto/rand" "crypto/rsa" + "crypto/sha256" "crypto/x509" "encoding/pem" "errors" + "fmt" "internal/testenv" "io" "io/fs" @@ -141,3 +143,18 @@ func TestDisallowedAssemblyInstructions(t *testing.T) { t.Fatal(err) } } + +func TestRegisterHashLimits(t *testing.T) { + // maxHash is not exported, so we just use its value. If maxHash ever changes + // this will need to be updated. + for _, h := range []crypto.Hash{0, 20} { + t.Run(fmt.Sprintf("h=%d", h), func(t *testing.T) { + defer func() { + if r := recover(); r == nil { + t.Errorf("RegisterHash did not panic for %v", h) + } + }() + crypto.RegisterHash(h, sha256.New) + }) + } +} |