Merge pull request opencontainers#97 from thaJeztah/remove_SHA384_default

AkihiroSuda · web-flow · commit 8f8f897fe800 · 2025-01-16T09:00:47.000+09:00
do not register sha384 by default
diff --git a/algorithm.go b/algorithm.go
@@ -34,10 +34,6 @@ func init() {
 	// by implementations.
 	RegisterAlgorithm(SHA256, crypto.SHA256)
 	RegisterAlgorithm(SHA512, crypto.SHA512)
-	// SHA384 is registered by default but is not part of the OCI image
-	// specification, and its use should be discouraged for reasons other
-	// than backward-compatibility.
-	RegisterAlgorithm(SHA384, crypto.SHA384)
 }
 
 // Algorithm identifies and implementation of a digester by an identifier.
@@ -83,9 +79,16 @@ const (
 
 	// SHA384 is the SHA-384 ([RFC 6234]) digest algorithm  with hex encoding
 	// (lower case only). Use of the SHA384 digest algorithm is not recommended,
-	// and the [Canonical] algorithm is preferred.
+	// for reasons other than backward-compatibility, and the [Canonical]
+	// algorithm is preferred.
+	//
+	// SHA384 is not part of the [OCI image specification], and not registered
+	// by default. Implementers must register it if needed;
+	//
+	//	RegisterAlgorithm(SHA384, crypto.SHA384)
 	//
 	// [RFC 6234]: https://datatracker.ietf.org/doc/html/rfc6234
+	// [OCI image specification]: https://github.com/opencontainers/image-spec/blob/v1.0.2/descriptor.md#registered-algorithms
 	SHA384 Algorithm = "sha384" // sha384 with hex encoding (lower case only)
 
 	// BLAKE3 is the [BLAKE3 algorithm] with the default 256-bit output size.
diff --git a/digest_test.go b/digest_test.go
@@ -15,6 +15,7 @@
 package digest_test
 
 import (
+	"crypto"
 	"crypto/sha256"
 	"testing"
 
@@ -23,6 +24,9 @@ import (
 )
 
 func TestParseDigest(t *testing.T) {
+	// SHA-384 is not registered by default, but used in this test.
+	digest.RegisterAlgorithm(digest.SHA384, crypto.SHA384)
+
 	tests := []testdigest.TestCase{
 		{
 			Input:     "sha256:e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b",
diff --git a/digestset/set_test.go b/digestset/set_test.go
@@ -16,6 +16,7 @@
 package digestset
 
 import (
+	"crypto"
 	"crypto/sha256"
 	"encoding/binary"
 	"math/rand"
@@ -135,6 +136,8 @@ func TestAddDuplication(t *testing.T) {
 		t.Fatal("Duplicate digest insert should not increase entries size")
 	}
 
+	// SHA-384 is not registered by default, but used in this test.
+	digest.RegisterAlgorithm(digest.SHA384, crypto.SHA384)
 	if err := dset.Add(digest.Digest("sha384:123451111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")); err != nil {
 		t.Fatal(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@`
`15`	`15`	`package digest_test`
`16`	`16`
`17`	`17`	`import (`
	`18`	`+ "crypto"`
`18`	`19`	`"crypto/sha256"`
`19`	`20`	`"testing"`
`20`	`21`
`@@ -23,6 +24,9 @@ import (`
`23`	`24`	`)`
`24`	`25`
`25`	`26`	`func TestParseDigest(t *testing.T) {`
	`27`	`+ // SHA-384 is not registered by default, but used in this test.`
	`28`	`+ digest.RegisterAlgorithm(digest.SHA384, crypto.SHA384)`
	`29`	`+`
`26`	`30`	`tests := []testdigest.TestCase{`
`27`	`31`	`{`
`28`	`32`	`Input: "sha256:e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b",`
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`	`package digestset`
`17`	`17`
`18`	`18`	`import (`
	`19`	`+ "crypto"`
`19`	`20`	`"crypto/sha256"`
`20`	`21`	`"encoding/binary"`
`21`	`22`	`"math/rand"`
`@@ -135,6 +136,8 @@ func TestAddDuplication(t *testing.T) {`
`135`	`136`	`t.Fatal("Duplicate digest insert should not increase entries size")`
`136`	`137`	`}`
`137`	`138`
	`139`	`+ // SHA-384 is not registered by default, but used in this test.`
	`140`	`+ digest.RegisterAlgorithm(digest.SHA384, crypto.SHA384)`
`138`	`141`	`if err := dset.Add(digest.Digest("sha384:123451111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")); err != nil {`
`139`	`142`	`t.Fatal(err)`
`140`	`143`	`}`