X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=moonshot%2Fmech_eap%2Funwrap_iov.c;h=5ceefa2ab829448e74448866e74c7b3659a9138f;hb=e4b199e2a05705c453da2250b17cf3c7e4135dda;hp=2156e512dafa7f843f7044ed8340d2b0ae770306;hpb=08f864ac591b39a1afce10458dec1698c4530bbe;p=moonshot.git

diff --git a/moonshot/mech_eap/unwrap_iov.c b/moonshot/mech_eap/unwrap_iov.c
index 2156e51..5ceefa2 100644
--- a/moonshot/mech_eap/unwrap_iov.c
+++ b/moonshot/mech_eap/unwrap_iov.c
@@ -103,7 +103,7 @@ unwrapToken(OM_uint32 *minor,
         *qop_state = GSS_C_QOP_DEFAULT;
 
     header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
-    assert(header != NULL);
+    GSSEAP_ASSERT(header != NULL);
 
     padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
     if (padding != NULL && padding->buffer.length != 0) {
@@ -243,7 +243,14 @@ unwrapToken(OM_uint32 *minor,
             goto defective;
         seqnum = load_uint64_be(ptr + 8);
 
-        code = gssEapVerify(krbContext, ctx->checksumType, 0,
+        /*
+         * Although MIC tokens don't have a RRC, they are similarly
+         * composed of a header and a checksum. So the verify_mic()
+         * can be implemented with a single header buffer, fake the
+         * RRC to the putative trailer length if no trailer buffer.
+         */
+        code = gssEapVerify(krbContext, ctx->checksumType,
+                            trailer != NULL ? 0 : header->buffer.length - 16,
                             KRB_CRYPTO_CONTEXT(ctx), keyUsage,
                             iov, iov_count, &valid);
         if (code != 0 || valid == FALSE) {
@@ -330,7 +337,7 @@ unwrapStream(OM_uint32 *minor,
 
     GSSEAP_KRB_INIT(&krbContext);
 
-    assert(toktype == TOK_TYPE_WRAP);
+    GSSEAP_ASSERT(toktype == TOK_TYPE_WRAP);
 
     if (toktype != TOK_TYPE_WRAP) {
         code = GSSEAP_WRONG_TOK_ID;
@@ -338,7 +345,7 @@ unwrapStream(OM_uint32 *minor,
     }
 
     stream = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM);
-    assert(stream != NULL);
+    GSSEAP_ASSERT(stream != NULL);
 
     if (stream->buffer.length < 16) {
         major = GSS_S_DEFECTIVE_TOKEN;
@@ -458,7 +465,7 @@ unwrapStream(OM_uint32 *minor,
     tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length -
         tpadding->buffer.length - theader->buffer.length;
 
-    assert(data != NULL);
+    GSSEAP_ASSERT(data != NULL);
 
     if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
         code = gssEapAllocIov(tdata, tdata->buffer.length);
@@ -473,7 +480,7 @@ unwrapStream(OM_uint32 *minor,
                               theader->buffer.length;
     }
 
-    assert(i <= iov_count + 2);
+    GSSEAP_ASSERT(i <= iov_count + 2);
 
     major = unwrapToken(&code, ctx, KRB_CRYPTO_CONTEXT(ctx),
                         conf_state, qop_state, tiov, i, toktype);
@@ -528,7 +535,7 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor,
     return major;
 }
 
-OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 gss_unwrap_iov(OM_uint32 *minor,
                gss_ctx_id_t ctx,
                int *conf_state,