crypto: only partial validation of Hash argument in RegisterHash #60548
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Browsing
src/crypto/crypto.go
, I've noticed thatRegisterHash
doesn't not validate theHash
argument in the same fashion as the rest of the package.What did you expect to see?
I expected
RegisterHash
to validate that theHash
argument is bigger than 0, as the smallestHash
value defined in the package isuint 1
(MD4
, which is defined with1 + iota
).I though that it might be there for a legit use ...
What did you see instead?
Digging in a bit more, and trying to find an explanation or a legit use, I failed, leading me to believe that it's not intentional.
I might be wrong, since I'm not super experienced with the package, but I expect to see a comment addressing the exceptional check if it was by design.
The text was updated successfully, but these errors were encountered: