From 3c3872e0380aaaf7ea944119ca90761eaddc530f Mon Sep 17 00:00:00 2001
From: okada <okada>
Date: Sat, 20 Nov 1999 08:18:38 +0000
Subject: [PATCH]         * smtp.el (smtp-via-smtp): Update to delete        
 insecure sequences at plain.         * SLIM-VERION: Add
 code name.         * mime-def.el (mime-library-product):
 Up. 		* hmac-def.el (define-hmac-function): Update
 to delete         insecure sequences.

---
 ChangeLog    |   12 +++++++
 SLIM-VERSION |    3 +-
 hmac-def.el  |  107 +++++++++++++++++++++++++++-------------------------------
 mime-def.el  |    2 +-
 smtp.el      |   18 +++++++---
 5 files changed, 77 insertions(+), 65 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ef83dd0..448817b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
 1999-10-20  Kenichi OKADA <okada@opaopa.org>
 
+	* smtp.el (smtp-via-smtp): Update to delete
+	insecure sequences at plain.
+	* SLIM-VERION: Add code name.
+	* mime-def.el (mime-library-product): Up.
+
+1999-10-20  Shuhei KOBAYASHI <shuhei@aqua.ocn.ne.jp>
+
+	* hmac-def.el (define-hmac-function): Update to delete
+	insecure sequences.
+
+1999-10-20  Kenichi OKADA <okada@opaopa.org>
+
 	* SLIM: Version 1.13.0 released.
 
 1999-10-20  Kenichi OKADA <okada@opaopa.org>
diff --git a/SLIM-VERSION b/SLIM-VERSION
index c9d22cb..bc7f028 100644
--- a/SLIM-VERSION
+++ b/SLIM-VERSION
@@ -1,5 +1,6 @@
 [SLIM Version names]
 
 1.13.0 藤原紀香
------- 深田恭子
+1.13.1 深田恭子
 ------ 華原朋美
+------ 飯島直子
diff --git a/hmac-def.el b/hmac-def.el
index cdd955d..7525c89 100644
--- a/hmac-def.el
+++ b/hmac-def.el
@@ -1,4 +1,4 @@
-;;; hmac-def.el --- Functions/macros for defining HMAC functions.
+;;; hmac-def.el --- A macro for defining HMAC functions.
 
 ;; Copyright (C) 1999 Shuhei KOBAYASHI
 
@@ -24,71 +24,62 @@
 
 ;;; Commentary:
 
-;; See RFC 2104, "HMAC: Keyed-Hashing for Message Authentication"
-;; for definition of HMAC.
+;; This program is implemented from RFC 2104,
+;; "HMAC: Keyed-Hashing for Message Authentication".
 
 ;;; Code:
 
-(require 'hmac-util)
-
-(defmacro hmac-unhex-string-macro (string length)
-  (let* ((len (eval length))
-         (dst (make-string (/ len 2) 0)))
-    `(let ((str ,string)
-           (dst ,dst)
-           (idx 0)(pos 0))
-       (while (< pos ,len)
-	 (aset dst idx (+ (* (hmac-hex-to-int (aref str pos)) 16)
-			  (hmac-hex-to-int (aref str (1+ pos)))))
-	 (setq idx (1+ idx)
-	       pos (+ 2 pos)))
-       dst)))
-
-;; Note that H, B, and L will be evaluated multiple times.  They are
-;; usually constants, so I don't want to bother to bind them locally.
 (defmacro define-hmac-function (name H B L &optional bit)
-  "Define a function NAME which computes HMAC with hash function H.
+  "Define a function NAME(TEXT KEY) which computes HMAC with function H.
 
-HMAC function is H\(KEY XOR opad, H\(KEY XOR ipad, TEXT\)\):
+HMAC function is H(KEY XOR opad, H(KEY XOR ipad, TEXT)):
 
 H is a cryptographic hash function, such as SHA1 and MD5, which takes
-a string and return a digest of it \(in hexadecimal form\).
-B is a byte-length of a block size of H. \(B=64 for both SHA1 and MD5.\)
-L is a byte-length of hash outputs. \(L=16 for MD5, L=20 for SHA1.\)
+a string and return a digest of it (in binary form).
+B is a byte-length of a block size of H. (B=64 for both SHA1 and MD5.)
+L is a byte-length of hash outputs. (L=16 for MD5, L=20 for SHA1.)
 If BIT is non-nil, truncate output to specified bits."
-  `(defun ,name (text key)
-     ,(concat "Compute " (upcase (symbol-name name)) " over TEXT with KEY.")
-     (let ((key-xor-ipad (make-string ,B ?\x36))
-           (key-xor-opad (make-string ,B ?\x5C))
-           (len (length key))
-           (pos 0))
-       (when (> len ,B)
-         (setq key (hmac-unhex-string-macro (,H key) ,(* L 2)))
-	 (setq len ,L))
-       (while (< pos len)
-         (aset key-xor-ipad pos (logxor (aref key pos) ?\x36))
-         (aset key-xor-opad pos (logxor (aref key pos) ?\x5C))
-         (setq pos (1+ pos)))
-       ;; If outer `hmac-unhex-string-macro' is removed, return value
-       ;; will be in hexadecimal form.  It is useful for test.
-       ,(if (and bit (< (/ bit 8) L))
-	    `(substring
-	      (hmac-unhex-string-macro
-	       (,H
-		(concat key-xor-opad
-			(hmac-unhex-string-macro
-			 (,H (concat key-xor-ipad text))
-			 ,(* L 2))))
-	       ,(* L 2))
-	      0 ,(/ bit 8))
-	  `(hmac-unhex-string-macro
-	    (,H
-	     (concat key-xor-opad
-		     (hmac-unhex-string-macro
-		      (,H (concat key-xor-ipad text))
-		      ,(* L 2))))
-	    ,(* L 2))))))
+  (` (defun (, name) (text key)
+       (, (concat "Compute "
+		  (upcase (symbol-name name))
+		  " over TEXT with KEY."))
+       (let ((key-xor-ipad (make-string (, B) ?\x36))
+	     (key-xor-opad (make-string (, B) ?\x5C))
+	     (len (length key))
+	     (pos 0))
+	 (unwind-protect
+	     (progn
+	       ;; if `key' is longer than the block size, apply hash function
+	       ;; to `key' and use the result as a real `key'.
+	       (if (> len (, B))
+		   (setq key ((, H) key)
+			 len (, L)))
+	       (while (< pos len)
+		 (aset key-xor-ipad pos (logxor (aref key pos) ?\x36))
+		 (aset key-xor-opad pos (logxor (aref key pos) ?\x5C))
+		 (setq pos (1+ pos)))
+	       (setq key-xor-ipad (unwind-protect
+				      (concat key-xor-ipad text)
+				    (fillarray key-xor-ipad 0))
+		     key-xor-ipad (unwind-protect
+				      ((, H) key-xor-ipad)
+				    (fillarray key-xor-ipad 0))
+		     key-xor-opad (unwind-protect
+				      (concat key-xor-opad key-xor-ipad)
+				    (fillarray key-xor-opad 0))
+		     key-xor-opad (unwind-protect
+				      ((, H) key-xor-opad)
+				    (fillarray key-xor-opad 0)))
+	       ;; now `key-xor-opad' contains
+	       ;; H(KEY XOR opad, H(KEY XOR ipad, TEXT)).
+	       (, (if (and bit (< (/ bit 8) L))
+		      (` (substring key-xor-opad 0 (, (/ bit 8))))
+		    ;; return a copy of `key-xor-opad'.
+		    (` (concat key-xor-opad)))))
+	   ;; cleanup.
+	   (fillarray key-xor-ipad 0)
+	   (fillarray key-xor-opad 0))))))
 
 (provide 'hmac-def)
 
-;;; hmac-def.el ends here.
+;;; hmac-def.el ends here
diff --git a/mime-def.el b/mime-def.el
index 4253ead..18f5af8 100644
--- a/mime-def.el
+++ b/mime-def.el
@@ -35,7 +35,7 @@
 (eval-when-compile (require 'cl))	; list*
 
 (eval-and-compile
-  (defconst mime-library-product ["SLIM" (1 13 0) "藤原紀香"]
+  (defconst mime-library-product ["SLIM" (1 13 1) "深田恭子"]
     "Product name, version number and code name of MIME-library package.")
   )
 
diff --git a/smtp.el b/smtp.el
index b671a4e..3063a6a 100644
--- a/smtp.el
+++ b/smtp.el
@@ -177,11 +177,19 @@ don't define this value."
 			 (throw 'done (car (cdr response)))))
 
 		    ((string= "plain" auth)
-                     (smtp-send-command
-                      process
-                      (concat "AUTH PLAIN "
-                              (base64-encode-string
-                               (plain-encode "" user passphrase))))
+		     (let ((enc-word (copy-sequence passphrase)))
+		       (smtp-send-command
+			process
+			(setq enc-word (unwind-protect
+					   (sasl-plain "" user enc-word)
+					 (fillarray enc-word 0))
+			      enc-word (unwind-protect
+					   (base64-encode-string enc-word)
+					 (fillarray enc-word 0))
+			      enc-word (unwind-protect
+					   (concat "AUTH PLAIN " enc-word)
+					 (fillarray enc-word 0))))
+		       (fillarray enc-word 0))
 		     (setq response (smtp-read-response process))
 		     (if (or (null (car response))
 			     (not (integerp (car response)))
-- 
1.7.10.4