You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@groovy.apache.org by "Daniel Sun (JIRA)" <ji...@apache.org> on 2019/03/23 14:43:00 UTC

[jira] [Updated] (GROOVY-9049) EncodingGroovyMethods.digest() truncates hashes over 128 bits starting with 0's

     [ https://issues.apache.org/jira/browse/GROOVY-9049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Sun updated GROOVY-9049:
-------------------------------
    Fix Version/s: 3.0.0-beta-1

> EncodingGroovyMethods.digest() truncates hashes over 128 bits starting with 0's
> -------------------------------------------------------------------------------
>
>                 Key: GROOVY-9049
>                 URL: https://issues.apache.org/jira/browse/GROOVY-9049
>             Project: Groovy
>          Issue Type: Bug
>          Components: groovy-runtime
>    Affects Versions: 3.x, 2.5.x, 2.5.4
>            Reporter: Staffan Forsell
>            Assignee: Daniel Sun
>            Priority: Major
>             Fix For: 3.0.0-beta-1
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The extension method org.codehaus.groovy.runtime.EncodingGroovyMethods#digest(byte[], java.lang.String) produces erroneous hashes for all hash functions not having 128-bits length when the resulting hash starts with 0.
> This is due to padding the resulting string with zeroes to 32 chars length. 32 chars are only valid for 128 bit hash functions like md5. The padding should applied differently depending on the length of the digest returned.
> Of the MessageDigest built-in hash functions this affects SHA-1 and SHA-256 at least. 
> Solution would be to use *[getDigestLength|https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html#getDigestLength()]*() or the length of the returned digest and add some proper unit tests. 
>  
> Example of erroneous hashes:
> {code:java}
> (1..100).each {
>   def sha1 =  it.toString().digest("SHA-1")
>   if (sha1.size() != 40) {
>     println "String '$it' length: ${sha1.size()} sha1: $sha1"
>   }
> }
> {code}
> Which produces:
> {noformat}
> String '9' length: 39 sha1: ade7c2cf97f75d009975f4d720d1fa6c19f4897
> String '17' length: 39 sha1: 716d9708d321ffb6a00818614779e779925365c
> String '28' length: 39 sha1: a57cb53ba59c46fc4b692527a38a87c78d84028
> String '43' length: 39 sha1: 286dd552c9bea9a69ecb3759e7b94777635514b
> String '93' length: 39 sha1: 8a35293e09f508494096c1c1b3819edb9df50db
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)