khttpdigest_validate, khttpdigest_validatehashvalidate an HTTP digest request

library “libkcgi”

#include <sys/types.h>
#include <stdarg.h>
#include <stdint.h>
#include <kcgi.h>

khttpdigest_validate(struct kreq *req, const char *password);

khttpdigest_validatehash(struct kreq *req, const char *hash);

The () and () functions validate the given password (or a pre-combined hash) with the HTTP digest-authorised request req as returned by khttp_parse(3) or khttp_fcgi_parse(3). It fully implements all components of the digest: QOP, MD5 types, etc. It check that the URI component of the digest matches that of the request, as these values are known to be mutable.

The () function will compute a hash from the request and password; () operates on a pre-computed hash value.

khttpdigest_validate() and khttpdigest_validatehash() will return zero if validation failed, less than zero if the request was not properly set up for HTTP digest validation (no HTTP method, not a digest request, not already authenticated by the web server), or greater than zero if the validation succeeded.

kcgi(3), khttp_fcgi_parse(3), khttp_parse(3), khttpbasic_validate(3)

The khttpdigest_validate() and khttpdigest_validatehash() functions were written by Kristaps Dzonsons <>.

December 2, 2023 OpenBSD 7.4