projects
/
mech_eap.orig
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
comment out dumping code
[mech_eap.orig]
/
wrap_iov_length.c
diff --git
a/wrap_iov_length.c
b/wrap_iov_length.c
index
e1e8ba6
..
229fec7
100644
(file)
--- a/
wrap_iov_length.c
+++ b/
wrap_iov_length.c
@@
-1,5
+1,5
@@
/*
/*
- * Copyright (c) 201
0
, JANET(UK)
+ * Copyright (c) 201
1
, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@
-53,6
+53,10
@@
* or implied warranty.
*/
* or implied warranty.
*/
+/*
+ * Message protection services: determine protected message size.
+ */
+
#include "gssapiP_eap.h"
#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \
#include "gssapiP_eap.h"
#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \
@@
-71,23
+75,30
@@
gssEapWrapIovLength(OM_uint32 *minor,
gss_iov_buffer_t header, trailer, padding;
size_t dataLength, assocDataLength;
size_t gssHeaderLen, gssPadLen, gssTrailerLen;
gss_iov_buffer_t header, trailer, padding;
size_t dataLength, assocDataLength;
size_t gssHeaderLen, gssPadLen, gssTrailerLen;
-
unsigned in
t krbHeaderLen = 0, krbTrailerLen = 0, krbPadLen = 0;
+
size_
t krbHeaderLen = 0, krbTrailerLen = 0, krbPadLen = 0;
krb5_error_code code;
krb5_context krbContext;
int dce_style;
size_t ec;
krb5_error_code code;
krb5_context krbContext;
int dce_style;
size_t ec;
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#endif
- if (qop_req != GSS_C_QOP_DEFAULT)
- return GSS_S_FAILURE;
+ if (qop_req != GSS_C_QOP_DEFAULT) {
+ *minor = GSSEAP_UNKNOWN_QOP;
+ return GSS_S_UNAVAILABLE;
+ }
- if (ctx->encryptionType == ENCTYPE_NULL)
+ if (ctx->encryptionType == ENCTYPE_NULL) {
+ *minor = GSSEAP_KEY_UNAVAILABLE;
return GSS_S_UNAVAILABLE;
return GSS_S_UNAVAILABLE;
+ }
GSSEAP_KRB_INIT(&krbContext);
header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
GSSEAP_KRB_INIT(&krbContext);
header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
- *minor =
EINVAL
;
+ *minor =
GSSEAP_MISSING_IOV
;
return GSS_S_FAILURE;
}
INIT_IOV_DATA(header);
return GSS_S_FAILURE;
}
INIT_IOV_DATA(header);
@@
-112,18
+123,24
@@
gssEapWrapIovLength(OM_uint32 *minor,
gssHeaderLen = gssPadLen = gssTrailerLen = 0;
gssHeaderLen = gssPadLen = gssTrailerLen = 0;
- code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
- conf_req_flag ?
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto);
+ if (code != 0)
+ return code;
+#endif
+
+ code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+ conf_req_flag ?
KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
-
&krbTrailerLen);
+ &krbTrailerLen);
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
}
if (conf_req_flag) {
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
}
if (conf_req_flag) {
- code = krb
5_c_crypto_length(krbContext, ctx->encryptionType
,
-
KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
+ code = krb
CryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx)
,
+ KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
@@
-135,9
+152,9
@@
gssEapWrapIovLength(OM_uint32 *minor,
gssHeaderLen += krbHeaderLen; /* Kerb-Header */
gssTrailerLen = 16 /* E(Header) */ + krbTrailerLen; /* Kerb-Trailer */
gssHeaderLen += krbHeaderLen; /* Kerb-Header */
gssTrailerLen = 16 /* E(Header) */ + krbTrailerLen; /* Kerb-Trailer */
- code = krb
5_c_padding_length(krbContext, ctx->encryptionType
,
-
dataLength - assocDataLength + 16 /* E(Header) */,
-
&krbPadLen);
+ code = krb
PaddingLength(krbContext, KRB_CRYPTO_CONTEXT(ctx)
,
+ dataLength - assocDataLength + 16 /* E(Header) */,
+ &krbPadLen);
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
@@
-145,7
+162,7
@@
gssEapWrapIovLength(OM_uint32 *minor,
if (krbPadLen == 0 && dce_style) {
/* Windows rejects AEAD tokens with non-zero EC */
if (krbPadLen == 0 && dce_style) {
/* Windows rejects AEAD tokens with non-zero EC */
- code = krb
5_c_block_size(krbContext, ctx->encryptionType
, &ec);
+ code = krb
BlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx)
, &ec);
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
@@
-190,14
+207,27
@@
gss_wrap_iov_length(OM_uint32 *minor,
{
OM_uint32 major;
{
OM_uint32 major;
- if (ctx == GSS_C_NO_CONTEXT)
- return GSS_S_NO_CONTEXT;
+ if (ctx == GSS_C_NO_CONTEXT) {
+ *minor = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+ }
+
+ *minor = 0;
GSSEAP_MUTEX_LOCK(&ctx->mutex);
GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ if (!CTX_IS_ESTABLISHED(ctx)) {
+ major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
+ goto cleanup;
+ }
+
major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req,
conf_state, iov, iov_count);
major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req,
conf_state, iov, iov_count);
+ if (GSS_ERROR(major))
+ goto cleanup;
+cleanup:
GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
return major;
GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
return major;