X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=wrap_iov.c;h=19f263cf4d862ad6435e77be764e7f3174ffc3cb;hb=163856b1a70d7773c46d4ea5495b85c4dce0f089;hp=0b4fcd5f5608a411cf78dbf405649f4376e7d500;hpb=33daff72882ff7c024c5490d67db6d0f8ab54228;p=mech_eap.orig

diff --git a/wrap_iov.c b/wrap_iov.c
index 0b4fcd5..19f263c 100644
--- a/wrap_iov.c
+++ b/wrap_iov.c
@@ -53,6 +53,10 @@
  * or implied warranty.
  */
 
+/*
+ * Message protection services: wrap with scatter-gather API.
+ */
+
 #include "gssapiP_eap.h"
 
 unsigned char
@@ -69,7 +73,7 @@ rfc4121Flags(gss_ctx_id_t ctx, int receiving)
     if (isAcceptor)
         flags |= TOK_FLAG_SENDER_IS_ACCEPTOR;
 
-    if ((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) &&
+    if ((ctx->flags & CTX_FLAG_KRB_REAUTH) &&
         (ctx->gssFlags & GSS_C_MUTUAL_FLAG))
         flags |= TOK_FLAG_ACCEPTOR_SUBKEY;
 
@@ -94,9 +98,12 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
     unsigned char *tbuf = NULL;
     int keyUsage;
     size_t rrc = 0;
-    unsigned int gssHeaderLen, gssTrailerLen;
+    size_t gssHeaderLen, gssTrailerLen;
     size_t dataLen, assocDataLen;
     krb5_context krbContext;
+#ifdef HAVE_HEIMDAL_VERSION
+    krb5_crypto krbCrypto = NULL;
+#endif
 
     if (ctx->encryptionType == ENCTYPE_NULL) {
         *minor = GSSEAP_KEY_UNAVAILABLE;
@@ -131,32 +138,37 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
     trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
 
+#ifdef HAVE_HEIMDAL_VERSION
+    code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto);
+    if (code != 0)
+        goto cleanup;
+#endif
+
     if (toktype == TOK_TYPE_WRAP && conf_req_flag) {
-        unsigned int krbHeaderLen, krbTrailerLen, krbPadLen;
-        size_t ec = 0;
-        size_t confDataLen = dataLen - assocDataLen;
+        size_t krbHeaderLen, krbTrailerLen, krbPadLen;
+        size_t ec = 0, confDataLen = dataLen - assocDataLen;
 
-        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
-                                    KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
+        code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                               KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
         if (code != 0)
             goto cleanup;
 
-        code = krb5_c_padding_length(krbContext, ctx->encryptionType,
-                                     confDataLen + 16 /* E(Header) */,
-                                     &krbPadLen);
+        code = krbPaddingLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                                confDataLen + 16 /* E(Header) */,
+                                &krbPadLen);
         if (code != 0)
             goto cleanup;
 
         if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) {
             /* Windows rejects AEAD tokens with non-zero EC */
-            code = krb5_c_block_size(krbContext, ctx->encryptionType, &ec);
+            code = krbBlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx), &ec);
             if (code != 0)
                 goto cleanup;
         } else
             ec = krbPadLen;
 
-        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
-                                    KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
+        code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                               KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
         if (code != 0)
             goto cleanup;
 
@@ -217,8 +229,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
         code = gssEapEncrypt(krbContext,
                              ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0),
-                             ec, rrc, &ctx->rfc3961Key,
-                             keyUsage, 0, iov, iov_count);
+                             ec, rrc, KRB_CRYPTO_CONTEXT(ctx),
+                             keyUsage, iov, iov_count);
         if (code != 0)
             goto cleanup;
 
@@ -231,9 +243,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
         gssHeaderLen = 16;
 
-        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
-                                    KRB5_CRYPTO_TYPE_CHECKSUM,
-                                    &gssTrailerLen);
+        code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                               KRB5_CRYPTO_TYPE_CHECKSUM, &gssTrailerLen);
         if (code != 0)
             goto cleanup;
 
@@ -284,8 +295,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         }
         store_uint64_be(ctx->sendSeq, outbuf + 8);
 
-        code = gssEapSign(krbContext, ctx->checksumType,
-                          rrc, &ctx->rfc3961Key, keyUsage,
+        code = gssEapSign(krbContext, ctx->checksumType, rrc,
+                          KRB_CRYPTO_CONTEXT(ctx), keyUsage,
                           iov, iov_count);
         if (code != 0)
             goto cleanup;
@@ -309,10 +320,16 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
     }
 
     code = 0;
+    if (conf_state != NULL)
+        *conf_state = conf_req_flag;
 
 cleanup:
     if (code != 0)
         gssEapReleaseIov(iov, iov_count);
+#ifdef HAVE_HEIMDAL_VERSION
+    if (krbCrypto != NULL)
+        krb5_crypto_destroy(krbContext, krbCrypto);
+#endif
 
     *minor = code;
 
@@ -332,7 +349,12 @@ gss_wrap_iov(OM_uint32 *minor,
 
     if (ctx == GSS_C_NO_CONTEXT) {
         *minor = EINVAL;
-        return GSS_S_NO_CONTEXT;
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+    }
+
+    if (qop_req != GSS_C_QOP_DEFAULT) {
+        *minor = GSSEAP_UNKNOWN_QOP;
+        return GSS_S_UNAVAILABLE;
     }
 
     *minor = 0;
@@ -340,8 +362,8 @@ gss_wrap_iov(OM_uint32 *minor,
     GSSEAP_MUTEX_LOCK(&ctx->mutex);
 
     if (!CTX_IS_ESTABLISHED(ctx)) {
-        *minor = GSSEAP_CONTEXT_INCOMPLETE;
         major = GSS_S_NO_CONTEXT;
+        *minor = GSSEAP_CONTEXT_INCOMPLETE;
         goto cleanup;
     }