release_any_name_mapping.c \
release_cred.c \
release_name.c \
+ release_oid.c \
set_name_attribute.c \
set_cred_option.c \
set_sec_context_option.c \
util_cksum.c \
util_cred.c \
util_crypt.c \
+ util_mech.c \
util_name.c \
+ util_oid.c \
util_ordering.c \
util_token.c \
verify_mic.c \
/* Kerberos includes */
#include <krb5.h>
-#include "util.h"
struct gss_name_struct {
OM_uint32 flags;
enum gss_eap_token_type toktype);
+#include "util.h"
+
#endif /* _GSSAPIP_EAP_H_ */
extern "C" {
#endif /* __cplusplus */
+/* preferred mechanism */
extern const gss_OID_desc *const gss_mech_eap;
+
+/* concrete mechanisms */
extern const gss_OID_desc *const gss_mech_eap_aes128_cts_hmac_sha1_96;
extern const gss_OID_desc *const gss_mech_eap_aes256_cts_hmac_sha1_96;
gss_pseudo_random
gss_release_any_name_mapping
gss_release_cred
+gss_internal_release_oid
gss_release_name
gss_set_name_attribute
gss_store_cred
--- /dev/null
+/*
+ * Copyright (c) 2010, JANET(UK)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of JANET(UK) nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gssapiP_eap.h"
+
+OM_uint32
+gss_internal_release_oid(OM_uint32 *minor,
+ gss_OID *oid)
+{
+ OM_uint32 major;
+ gss_OID internalizedOid = GSS_C_NO_OID;
+
+ gssEapInternalizeOid(*oid, &internalizedOid);
+
+ if (*oid != internalizedOid) {
+ /* OID was internalized, so we can mark it as "freed" */
+ *oid = GSS_C_NO_OID;
+ return GSS_S_COMPLETE;
+ }
+
+ /* we don't know about this OID */
+ return GSS_S_CONTINUE_NEEDED;
+}
#ifndef _UTIL_H_
#define _UTIL_H_ 1
-/* Helper APIs */
+#define KRB_KEYTYPE(key) ((key)->enctype)
+
+int
+gssEapSign(krb5_context context,
+ krb5_cksumtype type,
+ size_t rrc,
+ krb5_keyblock *key,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
+
+int
+gssEapVerify(krb5_context context,
+ krb5_cksumtype type,
+ size_t rrc,
+ krb5_keyblock *key,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int *valid);
+
+/* util_context.c */
OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
-OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
-OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
-
+/* util_cred.c */
OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
-/* Kerberos token services */
-#define KRB_KEYTYPE(key) ((key)->enctype)
-
/* util_crypt.c */
int
gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
int
gssEapAllocIov(gss_iov_buffer_t iov, size_t size);
-/* util_cksum.c */
-int
-gssEapSign(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count);
+/* util_mech.c */
+void
+gssEapInternalizeOid(const gss_OID oid,
+ gss_OID *const pInternalizedOid);
-int
-gssEapVerify(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int *valid);
+OM_uint32
+gssEapDefaultMech(OM_uint32 *minor,
+ gss_OID *oid);
+
+OM_uint32
+gssEapIndicateMechs(OM_uint32 *minor,
+ gss_OID_set *mechs);
+
+OM_uint32
+gssEapEnctypeToOid(OM_uint32 *minor,
+ krb5_enctype enctype,
+ gss_OID *pOid);
+
+OM_uint32
+gssEapOidToEnctype(OM_uint32 *minor,
+ const gss_OID oid,
+ krb5_enctype *enctype);
+
+/* util_name.c */
+OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
+OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
+
+/* util_oid.c */
+OM_uint32
+composeOid(OM_uint32 *minor_status,
+ const char *prefix,
+ size_t prefix_len,
+ int suffix,
+ gss_OID_desc *oid);
+
+OM_uint32
+decomposeOid(OM_uint32 *minor_status,
+ const char *prefix,
+ size_t prefix_len,
+ gss_OID_desc *oid,
+ int *suffix) ;
+
+static inline int
+oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
+{
+ return (o1->length == o2->length &&
+ memcmp(o1->elements, o2->elements, o1->length) == 0);
+}
/* util_ordering.c */
int
size_t
tokenSize(const gss_OID_desc *mech, size_t body_size);
+void
+makeTokenHeader(const gss_OID_desc *mech,
+ size_t body_size,
+ unsigned char **buf,
+ enum gss_eap_token_type tok_type);
+
+int
+verifyTokenHeader(const gss_OID_desc * mech,
+ size_t *body_size,
+ unsigned char **buf_in,
+ size_t toksize_in,
+ enum gss_eap_token_type tok_type);
+
/* Helper macros */
#define GSSEAP_CALLOC(count, size) (calloc((count), (size)))
#define GSSEAP_FREE(ptr) (free((ptr)))
return ((uint64_t)load_uint32_be(p) << 32) | load_uint32_be(p + 4);
}
-static inline int
-oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
-{
- return (o1->length == o2->length &&
- memcmp(o1->elements, o2->elements, o1->length) == 0);
-}
-
#endif /* _UTIL_H_ */
gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
gssEapReleaseName(&tmpMinor, &ctx->acceptorName);
-
+ gss_release_oid(&tmpMinor, &ctx->mechanismUsed);
sequenceFree(ctx->seqState);
memset(ctx, 0, sizeof(*ctx));
--- /dev/null
+/*
+ * Copyright (c) 2010, JANET(UK)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of JANET(UK) nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gssapiP_eap.h"
+
+/*
+ * 1.3.6.1.4.1.5322(padl)
+ * gssEap(21)
+ * mechanisms(1)
+ * eap-aes128-cts-hmac-sha1-96(17)
+ * eap-aes256-cts-hmac-sha1-96(18)
+ * nameTypes(2)
+ * apiExtensions(3)
+ * inquireSecContextByOid(1)
+ * inquireCredByOid(2)
+ * setSecContextOption(3)
+ * setCredOption(4)
+ * mechInvoke(5)
+ */
+
+/*
+ * Prefix for GSS EAP mechanisms. A Kerberos encryption type is
+ * concatenated with this to form a concrete mechanism OID.
+ */
+static const gss_OID_desc gssEapMechPrefix = {
+ /* 1.3.6.1.4.1.5322.21.1 */
+ 11, "\x06\x09\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01"
+};
+
+const gss_OID_desc *const gss_mech_eap = &gssEapMechPrefix;
+
+static const gss_OID_desc gssEapConcreteMechs[] = {
+ /* 1.3.6.1.4.1.5322.21.1.17 */
+ { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
+ /* 1.3.6.1.4.1.5322.21.1.18 */
+ { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
+};
+
+const gss_OID_desc *const gss_mech_eap_aes128_cts_hmac_sha1_96 =
+ &gssEapConcreteMechs[0];
+const gss_OID_desc *const gss_mech_eap_aes256_cts_hmac_sha1_96 =
+ &gssEapConcreteMechs[1];
+
+OM_uint32
+gssEapOidToEnctype(OM_uint32 *minor,
+ const gss_OID oid,
+ krb5_enctype *enctype)
+{
+ OM_uint32 major;
+ int suffix;
+
+ major = decomposeOid(minor,
+ gssEapMechPrefix.elements,
+ gssEapMechPrefix.length,
+ oid,
+ &suffix);
+ if (major == GSS_S_COMPLETE)
+ *enctype = suffix;
+
+ return major;
+}
+
+OM_uint32
+gssEapEnctypeToOid(OM_uint32 *minor,
+ krb5_enctype enctype,
+ gss_OID *pOid)
+{
+ OM_uint32 major;
+ gss_OID oid;
+
+ *pOid = NULL;
+
+ oid = (gss_OID)GSSEAP_MALLOC(sizeof(*oid));
+ if (oid == NULL) {
+ *minor = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 2);
+ if (oid->elements == NULL) {
+ *minor = ENOMEM;
+ free(oid);
+ return GSS_S_FAILURE;
+ }
+
+ major = composeOid(minor,
+ gssEapMechPrefix.elements,
+ gssEapMechPrefix.length,
+ enctype,
+ oid);
+ if (major == GSS_S_COMPLETE) {
+ gssEapInternalizeOid(oid, pOid);
+ *pOid = oid;
+ } else {
+ free(oid->elements);
+ free(oid);
+ }
+
+ return major;
+}
+
+OM_uint32
+gssEapIndicateMechs(OM_uint32 *minor,
+ gss_OID_set *mechs)
+{
+ krb5_context context;
+ OM_uint32 major, tmpMinor;
+ krb5_enctype *etypes;
+ int i;
+
+ *minor = krb5_init_context(&context);
+ if (*minor != 0) {
+ return GSS_S_FAILURE;
+ }
+
+ *minor = krb5_get_permitted_enctypes(context, &etypes);
+ if (*minor != 0) {
+ krb5_free_context(context);
+ return GSS_S_FAILURE;
+ }
+
+ major = gss_create_empty_oid_set(minor, mechs);
+ if (GSS_ERROR(major)) {
+ krb5_free_context(context);
+ GSSEAP_FREE(etypes); /* XXX */
+ return major;
+ }
+
+ for (i = 0; etypes[i] != ENCTYPE_NULL; i++) {
+ gss_OID mechOid;
+
+ major = gssEapEnctypeToOid(minor, etypes[i], &mechOid);
+ if (GSS_ERROR(major))
+ break;
+
+ major = gss_add_oid_set_member(minor, mechOid, mechs);
+ if (GSS_ERROR(major))
+ break;
+
+ gss_release_oid(&tmpMinor, &mechOid);
+ }
+
+ GSSEAP_FREE(etypes); /* XXX */
+ krb5_free_context(context);
+
+ return major;
+}
+
+OM_uint32
+gssEapDefaultMech(OM_uint32 *minor,
+ gss_OID *oid)
+{
+ gss_OID_set mechs;
+ OM_uint32 major, tmpMinor;
+
+ major = gssEapIndicateMechs(minor, &mechs);
+ if (GSS_ERROR(major)) {
+ return major;
+ }
+
+ if (mechs->count == 0) {
+ gss_release_oid_set(&tmpMinor, &mechs);
+ return GSS_S_BAD_MECH;
+ }
+
+ gssEapInternalizeOid(&mechs->elements[0], oid);
+ if (*oid == &mechs->elements[0]) {
+ /* don't double-free if we didn't internalize it */
+ mechs->elements[0].length = 0;
+ mechs->elements[0].elements = NULL;
+ }
+
+ gss_release_oid_set(&tmpMinor, &mechs);
+
+ *minor = 0;
+ return GSS_S_COMPLETE;
+}
+
+void
+gssEapInternalizeOid(const gss_OID oid,
+ gss_OID *const pInternalizedOid)
+{
+ int i;
+
+ *pInternalizedOid = GSS_C_NO_OID;
+
+ if (oidEqual(oid, &gssEapMechPrefix)) {
+ *pInternalizedOid = (const gss_OID)&gssEapMechPrefix;
+ } else {
+ for (i = 0;
+ i < sizeof(gssEapConcreteMechs) / sizeof(gssEapConcreteMechs[0]);
+ i++) {
+ if (oidEqual(oid, &gssEapConcreteMechs[i])) {
+ *pInternalizedOid = (const gss_OID)&gssEapConcreteMechs[i];
+ break;
+ }
+ }
+ }
+
+ if (*pInternalizedOid == GSS_C_NO_OID) {
+ *pInternalizedOid = oid;
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2010, JANET(UK)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of JANET(UK) nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright 1995-2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "gssapiP_eap.h"
+
+#if 0
+OM_uint32
+copyOid(OM_uint32 *minor_status,
+ const gss_OID_desc * const oid,
+ gss_OID *new_oid)
+{
+ gss_OID p;
+
+ *minor_status = 0;
+
+ p = (gss_OID) malloc(sizeof(gss_OID_desc));
+ if (!p) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ p->length = oid->length;
+ p->elements = malloc(p->length);
+ if (!p->elements) {
+ free(p);
+ return GSS_S_FAILURE;
+ }
+ memcpy(p->elements, oid->elements, p->length);
+ *new_oid = p;
+ return(GSS_S_COMPLETE);
+}
+#endif
+
+/* Compose an OID of a prefix and an integer suffix */
+OM_uint32
+composeOid(OM_uint32 *minor_status,
+ const char *prefix,
+ size_t prefix_len,
+ int suffix,
+ gss_OID_desc *oid)
+{
+ int osuffix, i;
+ size_t nbytes;
+ unsigned char *op;
+
+ if (oid == GSS_C_NO_OID) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ if (oid->length < prefix_len) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(oid->elements, prefix, prefix_len);
+
+ nbytes = 0;
+ osuffix = suffix;
+ while (suffix) {
+ nbytes++;
+ suffix >>= 7;
+ }
+ suffix = osuffix;
+
+ if (oid->length < prefix_len + nbytes) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ op = (unsigned char *) oid->elements + prefix_len + nbytes;
+ i = -1;
+ while (suffix) {
+ op[i] = (unsigned char)suffix & 0x7f;
+ if (i != -1)
+ op[i] |= 0x80;
+ i--;
+ suffix >>= 7;
+ }
+
+ oid->length = prefix_len + nbytes;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+decomposeOid(OM_uint32 *minor_status,
+ const char *prefix,
+ size_t prefix_len,
+ gss_OID_desc *oid,
+ int *suffix)
+{
+ size_t i, slen;
+ unsigned char *op;
+
+ if (oid->length < prefix_len ||
+ memcmp(oid->elements, prefix, prefix_len) != 0) {
+ return GSS_S_BAD_MECH;
+ }
+
+ op = (unsigned char *) oid->elements + prefix_len;
+
+ *suffix = 0;
+
+ slen = oid->length - prefix_len;
+
+ for (i = 0; i < slen; i++) {
+ *suffix = (*suffix << 7) | (op[i] & 0x7f);
+ if (i + 1 != slen && (op[i] & 0x80) == 0) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ return GSS_S_COMPLETE;
+}
+
+#if 0
+OM_uint32
+gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid)
+{
+ OM_uint32 major;
+
+ major = gss_internal_release_oid(minor, oid);
+ if (major == GSS_S_CONTINUE_NEEDED) {
+ GSSEAP_FREE(oid->elements);
+ GSSEAP_FREE(oid);
+ *oid = GSS_C_NO_OID;
+ major = GSS_S_COMPLETE;
+ }
+
+ return major;
+}
+#endif
der_length_size(size_t length)
{
if (length < (1<<7))
- return(1);
+ return 1;
else if (length < (1<<8))
- return(2);
+ return 2;
#if INT_MAX == 0x7fff
else
- return(3);
+ return 3;
#else
else if (length < (1<<16))
- return(3);
+ return 3;
else if (length < (1<<24))
- return(4);
+ return 4;
else
- return(5);
+ return 5;
#endif
}
(*bufsize)--;
if (sf & 0x80) {
if ((sf &= 0x7f) > ((*bufsize)-1))
- return(-1);
+ return -1;
if (sf > sizeof(int))
- return (-1);
+ return -1;
ret = 0;
for (; sf; sf--) {
ret = (ret<<8) + (*(*buf)++);
{
/* set body_size to sequence contents size */
body_size += 4 + (size_t) mech->length; /* NEED overflow check */
- return (1 + der_length_size(body_size) + body_size);
+ return 1 + der_length_size(body_size) + body_size;
}
/* fills in a buffer with the token header. The buffer is assumed to
if (toksize -= 2 < 0)
return EINVAL;
- if ((*buf++ != ((tok_type>>8) & 0xff)) ||
+ if ((*buf++ != ((tok_type >> 8) & 0xff)) ||
(*buf++ != (tok_type & 0xff)))
return EINVAL;
}