RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4634, "US Secure Hash Algorithms (SHA and HMAC-SHA)", July 2006

Note: This RFC has been obsoleted by RFC 6234

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 2443
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Alfred Hoenes
Date Reported: 2006-08-13
Held for Document Update by: Sean Turner
Date Held: 2010-08-06

Section 8.3 says:

The code for (the message oriented) function hmac,
on page 73/74, reads:

int hmac(SHAversion whichSha, const unsigned char *text, int text_len,
    const unsigned char *key, int key_len,
    uint8_t digest[USHAMaxHashSize])
<< page break >>
{
  HMACContext ctx;
  return hmacReset(&ctx, whichSha, key, key_len) ||
         hmacInput(&ctx, text, text_len) ||
         hmacResult(&ctx, digest);
}

It should say:

int hmac(SHAversion whichSha,
         const unsigned char *message_array, int length,
         const unsigned char *key, int key_len,
         uint8_t digest[USHAMaxHashSize])
<< page break >>
{
  HMACContext ctx;
  return hmacReset(&ctx, whichSha, key, key_len) ||
         hmacInput(&ctx, message_array, length) ||
         hmacResult(&ctx, digest);
}

Rationale:

The argument names `message_array` and `length` are used
throughout the sample code, including the Description of the
function hmac, on page 73.
The code shown above was not aligned with this practise and
hence inconsistent with the Description.
This has been resolved by the proposed update, bay changing
the names of 'text' and 'text_len'.

>>>>>  NOTE / Caution :
>>>>>
>>>>>  Similar (and additional) inconsistencies between the
>>>>>  argument names in the 'Parameters:' documentation
>>>>>  and the variable names used in the subsequent code
>>>>>  exist for all hmac* functions, on pages 74..77 ;
>>>>>  in particular, the described 'context' is always
>>>>>  named `ctx` in the code.
>>>>>  Also, capitalization of the leading "HMAC"/"hmac"
>>>>>  in the function names is totally inconsistent.
>>>>>
>>>>>  Resolution of these issues is left as an exercise
>>>>>  to the reader of this note -- or the author of any
>>>>>  future update of the sample code.
>>>>>
>>>>>  Furthermore, the use of "characters" as units of the
>>>>>  message_text in the descriptions is dangerous in the
>>>>>  days of Unicode and UTF-8; "characters" should better
>>>>>  be replaced by "octets" throughout hmac.c !

Report New Errata