RFC 2617 erratum from Peter Saint-Andre on 2011-11-13 (ietf-http-wg@w3.org from October to December 2011)

From: Peter Saint-Andre <stpeter@stpeter.im>
Date: Sun, 13 Nov 2011 14:06:08 +0800
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <4EBF5E50.3030300@stpeter.im>

While processing errata today, I noticed again one reported erratum 
against RFC 2617...

###

Errata ID: 1649

Status: Reported
Type: Technical

Reported By: Ganga Mahesh Siddem
Date Reported: 2009-01-08
Edited by: Alexey Melnikov
Date Edited: 2010-07-07

Section 5 says:

  /* calculate H(A1) as per spec */
       void DigestCalcHA1(
           IN char * pszAlg,
           IN char * pszUserName,
           IN char * pszRealm,
           IN char * pszPassword,
           IN char * pszNonce,
           IN char * pszCNonce,
           OUT HASHHEX SessionKey
           )
       {
             MD5_CTX Md5Ctx;
             HASH HA1;

             MD5Init(&Md5Ctx);
             MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
             MD5Update(&Md5Ctx, ":", 1);
             MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
             MD5Update(&Md5Ctx, ":", 1);
             MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
             MD5Final(HA1, &Md5Ctx);
             if (stricmp(pszAlg, "md5-sess") == 0) {
                   MD5Init(&Md5Ctx);
|                 MD5Update(&Md5Ctx, HA1, HASHLEN);
                   MD5Update(&Md5Ctx, ":", 1);
                   MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
                   MD5Update(&Md5Ctx, ":", 1);
                   MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
                   MD5Final(HA1, &Md5Ctx);
             };
             CvtHex(HA1, SessionKey);
       };

It should say:

  /* calculate H(A1) as per spec */
       void DigestCalcHA1(
           IN char * pszAlg,
           IN char * pszUserName,
           IN char * pszRealm,
           IN char * pszPassword,
           IN char * pszNonce,
           IN char * pszCNonce,
           OUT HASHHEX SessionKey
           )
       {
             MD5_CTX Md5Ctx;
             HASH HA1;
|           HASHHEX HA1Hex;

             MD5Init(&Md5Ctx);
             MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
             MD5Update(&Md5Ctx, ":", 1);
             MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
             MD5Update(&Md5Ctx, ":", 1);
             MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
             MD5Final(HA1, &Md5Ctx);
             if (stricmp(pszAlg, "md5-sess") == 0) {
|                 CvtHex(HA1, HA1Hex);
                   MD5Init(&Md5Ctx);
|                 MD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN);
                   MD5Update(&Md5Ctx, ":", 1);
                   MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
                   MD5Update(&Md5Ctx, ":", 1);
                   MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
                   MD5Final(HA1, &Md5Ctx);
             };
             CvtHex(HA1, SessionKey);
       };

Notes:

DigestCalcHA1 sample implemention has to be corrected.

###

Input from HTTPbis WG participants would be appreciated. Feel free to 
contact me off-list.

Thanks!

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

Received on Sunday, 13 November 2011 06:06:40 UTC