[jira] [Closed] (GROOVY-9049) EncodingGroovyMethods.digest() truncates hashes over 128 bits starting with 0's

Mon, 20 May 2019 00:32:39 -0700 


     [ 
https://issues.apache.org/jira/browse/GROOVY-9049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Paul King closed GROOVY-9049.
-----------------------------

> EncodingGroovyMethods.digest() truncates hashes over 128 bits starting with 
> 0's
> -------------------------------------------------------------------------------
>
>                 Key: GROOVY-9049
>                 URL: https://issues.apache.org/jira/browse/GROOVY-9049
>             Project: Groovy
>          Issue Type: Bug
>          Components: groovy-runtime
>    Affects Versions: 3.0.0-alpha-4, 2.5.6
>            Reporter: Staffan Forsell
>            Assignee: Daniel Sun
>            Priority: Major
>             Fix For: 3.0.0-beta-1, 2.5.7
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The extension method 
> org.codehaus.groovy.runtime.EncodingGroovyMethods#digest(byte[], 
> java.lang.String) produces erroneous hashes for all hash functions not having 
> 128-bits length when the resulting hash starts with 0.
> This is due to padding the resulting string with zeroes to 32 chars length. 
> 32 chars are only valid for 128 bit hash functions like md5. The padding 
> should applied differently depending on the length of the digest returned.
> Of the MessageDigest built-in hash functions this affects SHA-1 and SHA-256 
> at least. 
> Solution would be to use 
> *[getDigestLength|https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html#getDigestLength()]*()
>  or the length of the returned digest and add some proper unit tests. 
>  
> Example of erroneous hashes:
> {code:java}
> (1..100).each {
>   def sha1 =  it.toString().digest("SHA-1")
>   if (sha1.size() != 40) {
>     println "String '$it' length: ${sha1.size()} sha1: $sha1"
>   }
> }
> {code}
> Which produces:
> {noformat}
> String '9' length: 39 sha1: ade7c2cf97f75d009975f4d720d1fa6c19f4897
> String '17' length: 39 sha1: 716d9708d321ffb6a00818614779e779925365c
> String '28' length: 39 sha1: a57cb53ba59c46fc4b692527a38a87c78d84028
> String '43' length: 39 sha1: 286dd552c9bea9a69ecb3759e7b94777635514b
> String '93' length: 39 sha1: 8a35293e09f508494096c1c1b3819edb9df50db
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to