X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=wrap_iov_length.c;h=134ecc89d071837be891586103154fa71292ab2b;hb=163856b1a70d7773c46d4ea5495b85c4dce0f089;hp=e1e8ba609c02246c212278b60132ee143cd150d9;hpb=024a153bbd6c24d0f1c76ea442018bfca568a793;p=mech_eap.orig diff --git a/wrap_iov_length.c b/wrap_iov_length.c index e1e8ba6..134ecc8 100644 --- a/wrap_iov_length.c +++ b/wrap_iov_length.c @@ -53,6 +53,10 @@ * or implied warranty. */ +/* + * Message protection services: determine protected message size. + */ + #include "gssapiP_eap.h" #define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \ @@ -71,23 +75,30 @@ gssEapWrapIovLength(OM_uint32 *minor, gss_iov_buffer_t header, trailer, padding; size_t dataLength, assocDataLength; size_t gssHeaderLen, gssPadLen, gssTrailerLen; - unsigned int krbHeaderLen = 0, krbTrailerLen = 0, krbPadLen = 0; + size_t krbHeaderLen = 0, krbTrailerLen = 0, krbPadLen = 0; krb5_error_code code; krb5_context krbContext; int dce_style; size_t ec; +#ifdef HAVE_HEIMDAL_VERSION + krb5_crypto krbCrypto = NULL; +#endif - if (qop_req != GSS_C_QOP_DEFAULT) - return GSS_S_FAILURE; + if (qop_req != GSS_C_QOP_DEFAULT) { + *minor = GSSEAP_UNKNOWN_QOP; + return GSS_S_UNAVAILABLE; + } - if (ctx->encryptionType == ENCTYPE_NULL) + if (ctx->encryptionType == ENCTYPE_NULL) { + *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; + } GSSEAP_KRB_INIT(&krbContext); header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); if (header == NULL) { - *minor = EINVAL; + *minor = GSSEAP_MISSING_IOV; return GSS_S_FAILURE; } INIT_IOV_DATA(header); @@ -112,18 +123,24 @@ gssEapWrapIovLength(OM_uint32 *minor, gssHeaderLen = gssPadLen = gssTrailerLen = 0; - code = krb5_c_crypto_length(krbContext, ctx->encryptionType, - conf_req_flag ? +#ifdef HAVE_HEIMDAL_VERSION + code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto); + if (code != 0) + return code; +#endif + + code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), + conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM, - &krbTrailerLen); + &krbTrailerLen); if (code != 0) { *minor = code; return GSS_S_FAILURE; } if (conf_req_flag) { - code = krb5_c_crypto_length(krbContext, ctx->encryptionType, - KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen); + code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), + KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen); if (code != 0) { *minor = code; return GSS_S_FAILURE; @@ -135,9 +152,9 @@ gssEapWrapIovLength(OM_uint32 *minor, gssHeaderLen += krbHeaderLen; /* Kerb-Header */ gssTrailerLen = 16 /* E(Header) */ + krbTrailerLen; /* Kerb-Trailer */ - code = krb5_c_padding_length(krbContext, ctx->encryptionType, - dataLength - assocDataLength + 16 /* E(Header) */, - &krbPadLen); + code = krbPaddingLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), + dataLength - assocDataLength + 16 /* E(Header) */, + &krbPadLen); if (code != 0) { *minor = code; return GSS_S_FAILURE; @@ -145,7 +162,7 @@ gssEapWrapIovLength(OM_uint32 *minor, if (krbPadLen == 0 && dce_style) { /* Windows rejects AEAD tokens with non-zero EC */ - code = krb5_c_block_size(krbContext, ctx->encryptionType, &ec); + code = krbBlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx), &ec); if (code != 0) { *minor = code; return GSS_S_FAILURE; @@ -190,14 +207,27 @@ gss_wrap_iov_length(OM_uint32 *minor, { OM_uint32 major; - if (ctx == GSS_C_NO_CONTEXT) - return GSS_S_NO_CONTEXT; + if (ctx == GSS_C_NO_CONTEXT) { + *minor = EINVAL; + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; + } + + *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); + if (!CTX_IS_ESTABLISHED(ctx)) { + major = GSS_S_NO_CONTEXT; + *minor = GSSEAP_CONTEXT_INCOMPLETE; + goto cleanup; + } + major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req, conf_state, iov, iov_count); + if (GSS_ERROR(major)) + goto cleanup; +cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major;