RFC Errata
RFC 4634, "US Secure Hash Algorithms (SHA and HMAC-SHA)", July 2006
Note: This RFC has been obsoleted by RFC 6234
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 2443
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2006-08-13
Held for Document Update by: Sean Turner
Date Held: 2010-08-06
Section 8.3 says:
The code for (the message oriented) function hmac, on page 73/74, reads: int hmac(SHAversion whichSha, const unsigned char *text, int text_len, const unsigned char *key, int key_len, uint8_t digest[USHAMaxHashSize]) << page break >> { HMACContext ctx; return hmacReset(&ctx, whichSha, key, key_len) || hmacInput(&ctx, text, text_len) || hmacResult(&ctx, digest); } It should say: int hmac(SHAversion whichSha, const unsigned char *message_array, int length, const unsigned char *key, int key_len, uint8_t digest[USHAMaxHashSize]) << page break >> { HMACContext ctx; return hmacReset(&ctx, whichSha, key, key_len) || hmacInput(&ctx, message_array, length) || hmacResult(&ctx, digest); } Rationale: The argument names `message_array` and `length` are used throughout the sample code, including the Description of the function hmac, on page 73. The code shown above was not aligned with this practise and hence inconsistent with the Description. This has been resolved by the proposed update, bay changing the names of 'text' and 'text_len'. >>>>> NOTE / Caution : >>>>> >>>>> Similar (and additional) inconsistencies between the >>>>> argument names in the 'Parameters:' documentation >>>>> and the variable names used in the subsequent code >>>>> exist for all hmac* functions, on pages 74..77 ; >>>>> in particular, the described 'context' is always >>>>> named `ctx` in the code. >>>>> Also, capitalization of the leading "HMAC"/"hmac" >>>>> in the function names is totally inconsistent. >>>>> >>>>> Resolution of these issues is left as an exercise >>>>> to the reader of this note -- or the author of any >>>>> future update of the sample code. >>>>> >>>>> Furthermore, the use of "characters" as units of the >>>>> message_text in the descriptions is dangerous in the >>>>> days of Unicode and UTF-8; "characters" should better >>>>> be replaced by "octets" throughout hmac.c !