if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
- header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
- assert(header != NULL);
+ header = gssEapLocateHeaderIov(iov, iov_count, toktype);
+ GSSEAP_ASSERT(header != NULL);
padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (padding != NULL && padding->buffer.length != 0) {
code = gssEapVerify(krbContext, ctx->checksumType, rrc,
KRB_CRYPTO_CONTEXT(ctx), keyUsage,
- iov, iov_count, &valid);
+ iov, iov_count, toktype, &valid);
if (code != 0 || valid == FALSE) {
major = GSS_S_BAD_SIG;
goto cleanup;
}
}
- code = sequenceCheck(minor, &ctx->seqState, seqnum);
+ major = sequenceCheck(&code, &ctx->seqState, seqnum);
+ if (GSS_ERROR(major))
+ goto cleanup;
} else if (toktype == TOK_TYPE_MIC) {
if (load_uint16_be(ptr) != toktype)
goto defective;
goto defective;
seqnum = load_uint64_be(ptr + 8);
- code = gssEapVerify(krbContext, ctx->checksumType, 0,
+ /* For MIC tokens, the GSS header and checksum are in the same buffer.
+ * Fake up an RRC so that the checksum is expected in the header. */
+ rrc = (trailer != NULL) ? 0 : header->buffer.length - 16;
+ code = gssEapVerify(krbContext, ctx->checksumType, rrc,
KRB_CRYPTO_CONTEXT(ctx), keyUsage,
- iov, iov_count, &valid);
+ iov, iov_count, toktype, &valid);
if (code != 0 || valid == FALSE) {
major = GSS_S_BAD_SIG;
goto cleanup;
}
- code = sequenceCheck(minor, &ctx->seqState, seqnum);
+ major = sequenceCheck(&code, &ctx->seqState, seqnum);
+ if (GSS_ERROR(major))
+ goto cleanup;
} else if (toktype == TOK_TYPE_DELETE_CONTEXT) {
if (load_uint16_be(ptr) != TOK_TYPE_DELETE_CONTEXT)
goto defective;
GSSEAP_KRB_INIT(&krbContext);
- assert(toktype == TOK_TYPE_WRAP);
+ GSSEAP_ASSERT(toktype == TOK_TYPE_WRAP);
if (toktype != TOK_TYPE_WRAP) {
code = GSSEAP_WRONG_TOK_ID;
}
stream = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM);
- assert(stream != NULL);
+ GSSEAP_ASSERT(stream != NULL);
if (stream->buffer.length < 16) {
major = GSS_S_DEFECTIVE_TOKEN;
tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length -
tpadding->buffer.length - theader->buffer.length;
- assert(data != NULL);
+ GSSEAP_ASSERT(data != NULL);
if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
code = gssEapAllocIov(tdata, tdata->buffer.length);
theader->buffer.length;
}
- assert(i <= iov_count + 2);
+ GSSEAP_ASSERT(i <= iov_count + 2);
major = unwrapToken(&code, ctx, KRB_CRYPTO_CONTEXT(ctx),
conf_state, qop_state, tiov, i, toktype);
return major;
}
-OM_uint32
+OM_uint32 GSSAPI_CALLCONV
gss_unwrap_iov(OM_uint32 *minor,
gss_ctx_id_t ctx,
int *conf_state,