X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=mech_eap%2Funwrap_iov.c;h=ba220794603ef24677d096ba40d4cb7223ec1c24;hp=19bafc6bbd8c3a5b7c715a36e8fa8569e4ffd7c8;hb=HEAD;hpb=ccf542544c4add8d720da2e5c9e048bab695732d diff --git a/mech_eap/unwrap_iov.c b/mech_eap/unwrap_iov.c index 19bafc6..ba22079 100644 --- a/mech_eap/unwrap_iov.c +++ b/mech_eap/unwrap_iov.c @@ -102,8 +102,8 @@ unwrapToken(OM_uint32 *minor, if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; - header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); - assert(header != NULL); + header = gssEapLocateHeaderIov(iov, iov_count, toktype); + GSSEAP_ASSERT(header != NULL); padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); if (padding != NULL && padding->buffer.length != 0) { @@ -226,14 +226,16 @@ unwrapToken(OM_uint32 *minor, code = gssEapVerify(krbContext, ctx->checksumType, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, - iov, iov_count, &valid); + iov, iov_count, toktype, &valid); if (code != 0 || valid == FALSE) { major = GSS_S_BAD_SIG; goto cleanup; } } - code = sequenceCheck(minor, &ctx->seqState, seqnum); + major = sequenceCheck(&code, &ctx->seqState, seqnum); + if (GSS_ERROR(major)) + goto cleanup; } else if (toktype == TOK_TYPE_MIC) { if (load_uint16_be(ptr) != toktype) goto defective; @@ -243,14 +245,19 @@ unwrapToken(OM_uint32 *minor, goto defective; seqnum = load_uint64_be(ptr + 8); - code = gssEapVerify(krbContext, ctx->checksumType, 0, + /* For MIC tokens, the GSS header and checksum are in the same buffer. + * Fake up an RRC so that the checksum is expected in the header. */ + rrc = (trailer != NULL) ? 0 : header->buffer.length - 16; + code = gssEapVerify(krbContext, ctx->checksumType, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, - iov, iov_count, &valid); + iov, iov_count, toktype, &valid); if (code != 0 || valid == FALSE) { major = GSS_S_BAD_SIG; goto cleanup; } - code = sequenceCheck(minor, &ctx->seqState, seqnum); + major = sequenceCheck(&code, &ctx->seqState, seqnum); + if (GSS_ERROR(major)) + goto cleanup; } else if (toktype == TOK_TYPE_DELETE_CONTEXT) { if (load_uint16_be(ptr) != TOK_TYPE_DELETE_CONTEXT) goto defective; @@ -319,7 +326,7 @@ unwrapStream(OM_uint32 *minor, unsigned char *ptr; OM_uint32 code = 0, major = GSS_S_FAILURE; krb5_context krbContext; - int conf_req_flag, toktype2; + int conf_req_flag; int i = 0, j; gss_iov_buffer_desc *tiov = NULL; gss_iov_buffer_t stream, data = NULL; @@ -330,7 +337,7 @@ unwrapStream(OM_uint32 *minor, GSSEAP_KRB_INIT(&krbContext); - assert(toktype == TOK_TYPE_WRAP); + GSSEAP_ASSERT(toktype == TOK_TYPE_WRAP); if (toktype != TOK_TYPE_WRAP) { code = GSSEAP_WRONG_TOK_ID; @@ -338,7 +345,7 @@ unwrapStream(OM_uint32 *minor, } stream = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM); - assert(stream != NULL); + GSSEAP_ASSERT(stream != NULL); if (stream->buffer.length < 16) { major = GSS_S_DEFECTIVE_TOKEN; @@ -346,8 +353,7 @@ unwrapStream(OM_uint32 *minor, } ptr = (unsigned char *)stream->buffer.value; - toktype2 = load_uint16_be(ptr); - ptr += 2; + ptr += 2; /* skip token type */ tiov = (gss_iov_buffer_desc *)GSSEAP_CALLOC((size_t)iov_count + 2, sizeof(gss_iov_buffer_desc)); @@ -459,7 +465,7 @@ unwrapStream(OM_uint32 *minor, tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length - tpadding->buffer.length - theader->buffer.length; - assert(data != NULL); + GSSEAP_ASSERT(data != NULL); if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { code = gssEapAllocIov(tdata, tdata->buffer.length); @@ -474,7 +480,7 @@ unwrapStream(OM_uint32 *minor, theader->buffer.length; } - assert(i <= iov_count + 2); + GSSEAP_ASSERT(i <= iov_count + 2); major = unwrapToken(&code, ctx, KRB_CRYPTO_CONTEXT(ctx), conf_state, qop_state, tiov, i, toktype); @@ -529,7 +535,7 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor, return major; } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV gss_unwrap_iov(OM_uint32 *minor, gss_ctx_id_t ctx, int *conf_state,