From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/66874
Path: news.gmane.org!not-for-mail
From: Simon Josefsson <simon@josefsson.org>
Newsgroups: gmane.emacs.gnus.general,gmane.emacs.devel
Subject: rfc2104 change on 2008-02-01
Date: Fri, 25 Apr 2008 12:42:36 +0200
Message-ID: <87iqy6cj1f.fsf@mocca.josefsson.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1209120182 8437 80.91.229.12 (25 Apr 2008 10:43:02 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 25 Apr 2008 10:43:02 +0000 (UTC)
To: emacs-devel@gnu.org, ding@gnus.org, Kenichi Handa  <handa@m17n.org>
Original-X-From: ding-owner+M15356@lists.math.uh.edu Fri Apr 25 12:43:37 2008
connect(): Connection refused
Return-path: <ding-owner+M15356@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1JpLOx-0004Cr-VB
	for ding-account@gmane.org; Fri, 25 Apr 2008 12:43:36 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M15356@lists.math.uh.edu>)
	id 1JpLOG-0002Gn-M6; Fri, 25 Apr 2008 05:42:52 -0500
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <simon@josefsson.org>)
	id 1JpLOF-0002GX-5y
	for ding@lists.math.uh.edu; Fri, 25 Apr 2008 05:42:51 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtp (Exim 4.67)
	(envelope-from <simon@josefsson.org>)
	id 1JpLO8-0005xD-Tw
	for ding@lists.math.uh.edu; Fri, 25 Apr 2008 05:42:51 -0500
Original-Received: from yxa-v.extundo.com ([83.241.177.39] ident=Debian-exim)
	by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian))
	id 1JpLOK-00028r-00
	for <ding@gnus.org>; Fri, 25 Apr 2008 12:42:56 +0200
Original-Received: from yxa.extundo.com ([83.241.177.38] helo=mocca.josefsson.org)
	by yxa-v.extundo.com with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.63)
	(envelope-from <simon@josefsson.org>)
	id 1JpLO0-0005Fu-I0; Fri, 25 Apr 2008 12:42:37 +0200
X-Hashcash: 1:22:080425:emacs-devel@gnu.org::0PzkBOegv8Ij7zrw:MUsB
X-Hashcash: 1:22:080425:ding@gnus.org::QCnpccHqKbLc3JPO:Fzpi
X-Hashcash: 1:22:080425:handa@m17n.org::xCgON8bULcIv7H2K:Ehza
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Mail-Copies-To: nobody
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux)
X-Spam-Status: No, score=-0.7 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham version=3.2.3 (2007-08-08) host=yxa-v.extundo.com
X-Spam-Score: -2.5 (--)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:66874 gmane.emacs.devel:95935
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/66874>

Hi.

I have tracked down a problem sending authenticated e-mail that resulted
in randomly failed CRAM-MD5 authentication (it sometimes work, usually
after 2-3 retries).  The cause is:

2008-02-01  Kenichi Handa  <handa@m17n.org>

        * rfc2104.el (rfc2104-hexstring-to-byte-list): Renamed from
        rfc2104-hexstring-to-bitstring and changed to return a byte list.
        (rfc2104-hash): Convert the result of concat to unibyte string.

The significant patch is:

-    (funcall hash (concat k_opad (rfc2104-hexstring-to-bitstring
-				  ;; perform inner hash
-				  (funcall hash (concat k_ipad text)))))))
+    (funcall hash
+	     (encode-coding-string
+	      (concat k_opad (rfc2104-hexstring-to-byte-list
+			      ;; perform inner hash
+			      (funcall hash (concat k_ipad text))))
+	      'iso-latin-1))))

The data to be hashed contains binary data, printed it just looks like
garbage.  Presumably, the reason the operation fails is because it can't
be encoded into latin-1 which as far as I recall have some reserved
parts.  This would be consistent with only happening sometimes, since it
may happen that a string doesn't contain any reserved characters.

I have experimented with fixes, and changed the 'iso-latin-1 to 'binary
and that appears to work.

There is nothing iso-latin-1 specific about CRAM-MD5 so if that is the
right thing, I think there should be a comment to explain why.

Handa, could you explain the motivation for this change?

To resolve it, we can chose:

1) Revert the patch.

2) Change 'iso-latin-1 to 'binary.

There may be other options too.

I propose to change it to 'binary if I don't hear anything.

If there were mailing list discussions about this, I'd appreciate a
pointer to that.  I don't think I was cc'ed, and I couldn't find any
discussion now that I search for it.

Thoughts?

Thanks,
Simon