RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
Weijun Wang
weijun at openjdk.java.net
Mon Mar 7 14:45:04 UTC 2022
On Mon, 7 Mar 2022 14:22:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Okay, I'll double check that. I haven't found any server implementations of this feature to test with yet,
>
> 2nd test of https://datatracker.ietf.org/doc/html/rfc7616#section-3.9 is on this algorithm, but it requires UTF-8 charset support and a way to provide a predefined cnonce. If it's not worth modifying our implementation to create a regression test, I think at least we can temporarily hack our own JDK and try on it. And I think it's most likely true that this algorithm is using a different initialization vector as Bernd pointed out.
As https://www.rfc-editor.org/errata_search.php?rfc=7616&rec_status=0 shows, that 2nd test in rfc7616 was wrong in the initial version as it used a truncated version of SHA-512. The real SHA-512/256 algorithm should be used.
$ jshell
jshell> import java.security.MessageDigest
jshell> HexFormat.of().formatHex(MessageDigest.getInstance("SHA-512").digest("J\u00e4s\u00f8n Doe:api at example.org".getBytes("UTF-8")))
$2 ==> "488869477bf257147b804c45308cd62ac4e25eb717b12b298c79e62dcea254ec5211a6631b181289b4dd8c14890f38f04bff8a388106dabb900c6984ba592b6a"
jshell> HexFormat.of().formatHex(MessageDigest.getInstance("SHA-512/256").digest("J\u00e4s\u00f8n Doe:api at example.org".getBytes("UTF-8")))
$3 ==> "793263caabb707a56211940d90411ea4a575adeccb7e360aeb624ed06ece9b0b"
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list