#include "gssapiP_eap.h"
OM_uint32
-gss_pseudo_random(OM_uint32 *minor,
- gss_ctx_id_t ctx,
- int prf_key,
- const gss_buffer_t prf_in,
- ssize_t desired_output_len,
- gss_buffer_t prf_out)
+gssEapPseudoRandom(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ gss_buffer_t prf_out)
{
krb5_error_code code;
int i;
krb5_data t, ns;
unsigned char *p;
krb5_context krbContext;
-
- prf_out->length = 0;
- prf_out->value = NULL;
-
- if (ctx == GSS_C_NO_CONTEXT) {
- *minor = EINVAL;
- return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
- }
+ ssize_t desired_output_len = prf_out->length;
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#endif
*minor = 0;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
-
- if (!CTX_IS_ESTABLISHED(ctx)) {
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
- *minor = GSSEAP_CONTEXT_INCOMPLETE;
- return GSS_S_NO_CONTEXT;
- }
-
GSSEAP_KRB_INIT(&krbContext);
- t.length = 0;
- t.data = NULL;
-
- ns.length = 0;
- ns.data = NULL;
+ KRB_DATA_INIT(&t);
+ KRB_DATA_INIT(&ns);
if (prf_key != GSS_C_PRF_KEY_PARTIAL &&
prf_key != GSS_C_PRF_KEY_FULL) {
goto cleanup;
}
- prf_out->value = GSSEAP_MALLOC(desired_output_len);
- if (prf_out->value == NULL) {
- code = ENOMEM;
- goto cleanup;
- }
- prf_out->length = desired_output_len;
-
- code = krb5_c_prf_length(krbContext,
- ctx->encryptionType,
- &prflen);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf_length(krbContext, ctx->encryptionType, &prflen);
+#else
+ code = krb5_c_prf_length(krbContext, ctx->encryptionType, &prflen);
+#endif
if (code != 0)
goto cleanup;
goto cleanup;
}
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, 0, &krbCrypto);
+ if (code != 0)
+ goto cleanup;
+#else
t.length = prflen;
t.data = GSSEAP_MALLOC(t.length);
if (t.data == NULL) {
code = ENOMEM;
goto cleanup;
}
+#endif
- memcpy(ns.data + 4, prf_in->value, prf_in->length);
+ memcpy((unsigned char *)ns.data + 4, prf_in->value, prf_in->length);
i = 0;
p = (unsigned char *)prf_out->value;
while (desired_output_len > 0) {
store_uint32_be(i, ns.data);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf(krbContext, krbCrypto, &ns, &t);
+#else
code = krb5_c_prf(krbContext, &ctx->rfc3961Key, &ns, &t);
+#endif
if (code != 0)
goto cleanup;
}
cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
-
if (code != 0)
gss_release_buffer(&tmpMinor, prf_out);
- krb5_free_data_contents(krbContext, &ns);
- krb5_free_data_contents(krbContext, &t);
+ if (ns.data != NULL) {
+ memset(ns.data, 0, ns.length);
+ GSSEAP_FREE(ns.data);
+ }
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto_destroy(krbContext, krbCrypto);
+ krb5_data_free(&t);
+#else
+ if (t.data != NULL) {
+ memset(t.data, 0, t.length);
+ GSSEAP_FREE(t.data);
+ }
+#endif
*minor = code;
return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
}
+
+OM_uint32 GSSAPI_CALLCONV
+gss_pseudo_random(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out)
+{
+ OM_uint32 major;
+
+ if (ctx == GSS_C_NO_CONTEXT) {
+ *minor = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+ }
+
+ prf_out->length = 0;
+ prf_out->value = NULL;
+
+ *minor = 0;
+
+ GSSEAP_MUTEX_LOCK(&ctx->mutex);
+
+ if (!CTX_IS_ESTABLISHED(ctx)) {
+ major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
+ goto cleanup;
+ }
+
+ prf_out->value = GSSEAP_MALLOC(desired_output_len);
+ if (prf_out->value == NULL) {
+ major = GSS_S_FAILURE;
+ *minor = ENOMEM;
+ goto cleanup;
+ }
+
+ prf_out->length = desired_output_len;
+
+ major = gssEapPseudoRandom(minor, ctx, prf_key,
+ prf_in, prf_out);
+
+cleanup:
+ GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+
+ return major;
+}