X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=mech_eap%2Funwrap_iov.c;h=ba220794603ef24677d096ba40d4cb7223ec1c24;hp=2156e512dafa7f843f7044ed8340d2b0ae770306;hb=HEAD;hpb=aa9b759792c0f213df24c935e90ac3e3d7592ff6 diff --git a/mech_eap/unwrap_iov.c b/mech_eap/unwrap_iov.c index 2156e51..ba22079 100644 --- a/mech_eap/unwrap_iov.c +++ b/mech_eap/unwrap_iov.c @@ -102,8 +102,8 @@ unwrapToken(OM_uint32 *minor, if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; - header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); - assert(header != NULL); + header = gssEapLocateHeaderIov(iov, iov_count, toktype); + GSSEAP_ASSERT(header != NULL); padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); if (padding != NULL && padding->buffer.length != 0) { @@ -226,14 +226,16 @@ unwrapToken(OM_uint32 *minor, code = gssEapVerify(krbContext, ctx->checksumType, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, - iov, iov_count, &valid); + iov, iov_count, toktype, &valid); if (code != 0 || valid == FALSE) { major = GSS_S_BAD_SIG; goto cleanup; } } - code = sequenceCheck(minor, &ctx->seqState, seqnum); + major = sequenceCheck(&code, &ctx->seqState, seqnum); + if (GSS_ERROR(major)) + goto cleanup; } else if (toktype == TOK_TYPE_MIC) { if (load_uint16_be(ptr) != toktype) goto defective; @@ -243,14 +245,19 @@ unwrapToken(OM_uint32 *minor, goto defective; seqnum = load_uint64_be(ptr + 8); - code = gssEapVerify(krbContext, ctx->checksumType, 0, + /* For MIC tokens, the GSS header and checksum are in the same buffer. + * Fake up an RRC so that the checksum is expected in the header. */ + rrc = (trailer != NULL) ? 0 : header->buffer.length - 16; + code = gssEapVerify(krbContext, ctx->checksumType, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, - iov, iov_count, &valid); + iov, iov_count, toktype, &valid); if (code != 0 || valid == FALSE) { major = GSS_S_BAD_SIG; goto cleanup; } - code = sequenceCheck(minor, &ctx->seqState, seqnum); + major = sequenceCheck(&code, &ctx->seqState, seqnum); + if (GSS_ERROR(major)) + goto cleanup; } else if (toktype == TOK_TYPE_DELETE_CONTEXT) { if (load_uint16_be(ptr) != TOK_TYPE_DELETE_CONTEXT) goto defective; @@ -330,7 +337,7 @@ unwrapStream(OM_uint32 *minor, GSSEAP_KRB_INIT(&krbContext); - assert(toktype == TOK_TYPE_WRAP); + GSSEAP_ASSERT(toktype == TOK_TYPE_WRAP); if (toktype != TOK_TYPE_WRAP) { code = GSSEAP_WRONG_TOK_ID; @@ -338,7 +345,7 @@ unwrapStream(OM_uint32 *minor, } stream = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM); - assert(stream != NULL); + GSSEAP_ASSERT(stream != NULL); if (stream->buffer.length < 16) { major = GSS_S_DEFECTIVE_TOKEN; @@ -458,7 +465,7 @@ unwrapStream(OM_uint32 *minor, tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length - tpadding->buffer.length - theader->buffer.length; - assert(data != NULL); + GSSEAP_ASSERT(data != NULL); if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { code = gssEapAllocIov(tdata, tdata->buffer.length); @@ -473,7 +480,7 @@ unwrapStream(OM_uint32 *minor, theader->buffer.length; } - assert(i <= iov_count + 2); + GSSEAP_ASSERT(i <= iov_count + 2); major = unwrapToken(&code, ctx, KRB_CRYPTO_CONTEXT(ctx), conf_state, qop_state, tiov, i, toktype); @@ -528,7 +535,7 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor, return major; } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV gss_unwrap_iov(OM_uint32 *minor, gss_ctx_id_t ctx, int *conf_state,