Google Git
Sign in
apache/commons-codec/refs/heads/codec-182^!/.
commit
394cde5ec5a1994abeff457ff36685e8dca3c88f
[log]
author
Sebb <sebb@apache.org>
Fri Aug 02 17:14:14 2024 +0100
committer
Sebb <sebb@apache.org>
Fri Aug 02 17:14:14 2024 +0100
tree
e4d75fe67f30b718f51dd52d9c403ce158a09d79
parent
e2f8ea48d81d7c96d5ee631995b58d894de259bf [diff]
Must use correct prefix for algorithm

diff --git a/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java b/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java
index 2bfe62b..f9277b5 100644
--- a/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java
+++ b/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java

@@ -67,7 +67,10 @@
     /** The prefixes that can be used to identify this crypt() variant (SHA-512). */
     static final String SHA512_PREFIX = "$6$";
 
-    /** The pattern to match valid salt values. */
+    /**
+     * The pattern to match valid salt values.
+     * <code> $[56]$(rounds=nn$)?[./a-zA-Z0-9]{1,16}.* </code>
+    */
     private static final Pattern SALT_PATTERN = Pattern
             .compile("^(\\$[56]\\$)(rounds=(\\d+)\\$)?([\\.\\/a-zA-Z0-9]{1,16}).*");
 
@@ -98,7 +101,7 @@
      * @param keyBytes
      *            plaintext to hash. Each array element is set to {@code 0} before returning.
      * @param salt
-     *            salt value including prefix ($5$ or $6$) and optionally "rounds=".
+     *            salt value including prefix ($5$) and optionally "rounds=".
      *            The salt may be null, in which case a salt is generated for you using {@link SecureRandom}.
      *            Or you can pass your own {@link Random} in {@link #sha256Crypt(byte[], String, Random)}.
      * @return complete hash value including salt
@@ -122,7 +125,7 @@
      * @param keyBytes
      *            plaintext to hash. Each array element is set to {@code 0} before returning.
      * @param salt
-     *            salt value including prefix ($5$ or $6$) and optionally "rounds=".
+     *            salt value including prefix ($5$) and optionally "rounds=".
      *            The salt may be null, in which case a salt is generated for you using the provided random generator
      * @param random
      *            the instance of {@link Random} to use for generating the salt.
@@ -575,7 +578,7 @@
      * @param keyBytes
      *            plaintext to hash. Each array element is set to {@code 0} before returning.
      * @param salt
-     *            salt value including prefix ($5$ or $6$) and optionally "rounds=".
+     *            salt value including prefix ($6$) and optionally "rounds=".
      *            The salt may be null, in which case a salt is generated for you using {@link SecureRandom}.
      *            Or you can pass your own {@link Random} to {@link #sha512Crypt(byte[], String, Random)}.
      * @return complete hash value including salt
@@ -599,7 +602,7 @@
      * @param keyBytes
      *            plaintext to hash. Each array element is set to {@code 0} before returning.
      * @param salt
-     *            salt value including prefix ($5$ or $6$) and optionally "rounds=".
+     *            salt value including prefix ($6$) and optionally "rounds=".
      *            The salt may be null, in which case a salt is generated for you using the provided random generator
      * @param random
      *            the instance of {@link Random} to use for generating the salt.