[doris] branch master updated: [Improve](mysql)ensure constant time for computing hash value (#21569)

Thu, 06 Jul 2023 23:04:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/master by this push:
     new b5f247f73f [Improve](mysql)ensure constant time for computing hash 
value (#21569)
b5f247f73f is described below

commit b5f247f73fb7e2b51ce8265f6ba0f4de0436360e
Author: Calvin Kirs <[email protected]>
AuthorDate: Fri Jul 7 14:04:11 2023 +0800

    [Improve](mysql)ensure constant time for computing hash value (#21569)
---
 .../src/main/java/org/apache/doris/mysql/MysqlPassword.java   | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java
index 9bf5b68529..91b0255f52 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java
@@ -29,7 +29,6 @@ import org.apache.logging.log4j.Logger;
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
 import java.util.Random;
 
 // this is stolen from MySQL
@@ -82,7 +81,7 @@ public class MysqlPassword {
     public static final byte PVERSION41_CHAR = '*';
     private static final byte[] DIG_VEC_UPPER = {'0', '1', '2', '3', '4', '5', 
'6', '7',
             '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
-    private static Random random = new Random(System.currentTimeMillis());
+    private static final Random random = new 
Random(System.currentTimeMillis());
 
     public static byte[] createRandomString(int len) {
         byte[] bytes = new byte[len];
@@ -141,10 +140,10 @@ public class MysqlPassword {
 
         // compute result2: SHA-1(result1)
         md.reset();
-        byte[] candidateHash2 = md.digest(hashStage1);
-
-        // compare result2 and hashStage2
-        return Arrays.equals(candidateHash2, hashStage2);
+        md.update(hashStage1);
+        byte[] candidateHash2 = md.digest();
+        // compare result2 and hashStage2 using MessageDigest.isEqual()
+        return MessageDigest.isEqual(candidateHash2, hashStage2);
     }
 
     // MySQL client use this function to form scramble password


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to