Use AD-KDCIssued to protect RADIUS authdata. Cleanup.

[mech_eap.orig] / unwrap.c

diff --git a/unwrap.c b/unwrap.c
index 64acb13..844c762 100644 (file)
--- a/unwrap.c
+++ b/unwrap.c
@@ -43,6 +43,9 @@ gss_unwrap(OM_uint32 *minor,
     OM_uint32 major, tmpMinor;
     gss_iov_buffer_desc iov[2];
 
+    if (!CTX_IS_ESTABLISHED(ctx))
+        return GSS_S_NO_CONTEXT;
+
     iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
     iov[0].buffer = *input_message_buffer;
 
@@ -50,7 +53,8 @@ gss_unwrap(OM_uint32 *minor,
     iov[1].buffer.value = NULL;
     iov[1].buffer.length = 0;
 
-    major = gss_unwrap_iov(minor, ctx, conf_state, qop_state, iov, 2);
+    major = gssEapUnwrapOrVerifyMIC(minor, ctx, conf_state, qop_state,
+                                    iov, 2, TOK_TYPE_WRAP);
     if (major == GSS_S_COMPLETE) {
         *output_message_buffer = iov[1].buffer;
     } else {