Heimdal portability fixes (except for reauth)

[mech_eap.orig] / wrap_iov.c

diff --git a/wrap_iov.c b/wrap_iov.c
index ae43ef9..19f263c 100644 (file)
--- a/wrap_iov.c
+++ b/wrap_iov.c
@@ -53,6 +53,10 @@
  * or implied warranty.
  */
 
+/*
+ * Message protection services: wrap with scatter-gather API.
+ */
+
 #include "gssapiP_eap.h"
 
 unsigned char
@@ -69,7 +73,7 @@ rfc4121Flags(gss_ctx_id_t ctx, int receiving)
     if (isAcceptor)
         flags |= TOK_FLAG_SENDER_IS_ACCEPTOR;
 
-    if ((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) &&
+    if ((ctx->flags & CTX_FLAG_KRB_REAUTH) &&
         (ctx->gssFlags & GSS_C_MUTUAL_FLAG))
         flags |= TOK_FLAG_ACCEPTOR_SUBKEY;
 
@@ -94,12 +98,17 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
     unsigned char *tbuf = NULL;
     int keyUsage;
     size_t rrc = 0;
-    unsigned int gssHeaderLen, gssTrailerLen;
+    size_t gssHeaderLen, gssTrailerLen;
     size_t dataLen, assocDataLen;
     krb5_context krbContext;
+#ifdef HAVE_HEIMDAL_VERSION
+    krb5_crypto krbCrypto = NULL;
+#endif
 
-    if (ctx->encryptionType == ENCTYPE_NULL)
+    if (ctx->encryptionType == ENCTYPE_NULL) {
+        *minor = GSSEAP_KEY_UNAVAILABLE;
         return GSS_S_UNAVAILABLE;
+    }
 
     GSSEAP_KRB_INIT(&krbContext);
 
@@ -119,7 +128,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
     header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
     if (header == NULL) {
-        *minor = EINVAL;
+        *minor = GSSEAP_MISSING_IOV;
         return GSS_S_FAILURE;
     }
 
@@ -129,32 +138,37 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
     trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
 
+#ifdef HAVE_HEIMDAL_VERSION
+    code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto);
+    if (code != 0)
+        goto cleanup;
+#endif
+
     if (toktype == TOK_TYPE_WRAP && conf_req_flag) {
-        unsigned int krbHeaderLen, krbTrailerLen, krbPadLen;
-        size_t ec = 0;
-        size_t confDataLen = dataLen - assocDataLen;
+        size_t krbHeaderLen, krbTrailerLen, krbPadLen;
+        size_t ec = 0, confDataLen = dataLen - assocDataLen;
 
-        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
-                                    KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
+        code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                               KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
         if (code != 0)
             goto cleanup;
 
-        code = krb5_c_padding_length(krbContext, ctx->encryptionType,
-                                     confDataLen + 16 /* E(Header) */,
-                                     &krbPadLen);
+        code = krbPaddingLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                                confDataLen + 16 /* E(Header) */,
+                                &krbPadLen);
         if (code != 0)
             goto cleanup;
 
         if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) {
             /* Windows rejects AEAD tokens with non-zero EC */
-            code = krb5_c_block_size(krbContext, ctx->encryptionType, &ec);
+            code = krbBlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx), &ec);
             if (code != 0)
                 goto cleanup;
         } else
             ec = krbPadLen;
 
-        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
-                                    KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
+        code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                               KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
         if (code != 0)
             goto cleanup;
 
@@ -172,7 +186,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
             code = gssEapAllocIov(header, (size_t)gssHeaderLen);
         } else if (header->buffer.length < gssHeaderLen)
-            code = KRB5_BAD_MSIZE;
+            code = GSSEAP_WRONG_SIZE;
         if (code != 0)
             goto cleanup;
         outbuf = (unsigned char *)header->buffer.value;
@@ -182,7 +196,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
             if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
                 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
             else if (trailer->buffer.length < gssTrailerLen)
-                code = KRB5_BAD_MSIZE;
+                code = GSSEAP_WRONG_SIZE;
             if (code != 0)
                 goto cleanup;
             trailer->buffer.length = (size_t)gssTrailerLen;
@@ -215,8 +229,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
         code = gssEapEncrypt(krbContext,
                              ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0),
-                             ec, rrc, &ctx->rfc3961Key,
-                             keyUsage, 0, iov, iov_count);
+                             ec, rrc, KRB_CRYPTO_CONTEXT(ctx),
+                             keyUsage, iov, iov_count);
         if (code != 0)
             goto cleanup;
 
@@ -229,9 +243,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
         gssHeaderLen = 16;
 
-        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
-                                    KRB5_CRYPTO_TYPE_CHECKSUM,
-                                    &gssTrailerLen);
+        code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
+                               KRB5_CRYPTO_TYPE_CHECKSUM, &gssTrailerLen);
         if (code != 0)
             goto cleanup;
 
@@ -245,7 +258,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
             code = gssEapAllocIov(header, (size_t)gssHeaderLen);
         else if (header->buffer.length < gssHeaderLen)
-            code = KRB5_BAD_MSIZE;
+            code = GSSEAP_WRONG_SIZE;
         if (code != 0)
             goto cleanup;
         outbuf = (unsigned char *)header->buffer.value;
@@ -255,7 +268,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
             if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
                 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
             else if (trailer->buffer.length < gssTrailerLen)
-                code = KRB5_BAD_MSIZE;
+                code = GSSEAP_WRONG_SIZE;
             if (code != 0)
                 goto cleanup;
             trailer->buffer.length = (size_t)gssTrailerLen;
@@ -282,8 +295,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         }
         store_uint64_be(ctx->sendSeq, outbuf + 8);
 
-        code = gssEapSign(krbContext, ctx->checksumType,
-                          rrc, &ctx->rfc3961Key, keyUsage,
+        code = gssEapSign(krbContext, ctx->checksumType, rrc,
+                          KRB_CRYPTO_CONTEXT(ctx), keyUsage,
                           iov, iov_count);
         if (code != 0)
             goto cleanup;
@@ -307,10 +320,16 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
     }
 
     code = 0;
+    if (conf_state != NULL)
+        *conf_state = conf_req_flag;
 
 cleanup:
     if (code != 0)
         gssEapReleaseIov(iov, iov_count);
+#ifdef HAVE_HEIMDAL_VERSION
+    if (krbCrypto != NULL)
+        krb5_crypto_destroy(krbContext, krbCrypto);
+#endif
 
     *minor = code;
 
@@ -326,9 +345,35 @@ gss_wrap_iov(OM_uint32 *minor,
              gss_iov_buffer_desc *iov,
              int iov_count)
 {
-    if (!CTX_IS_ESTABLISHED(ctx))
-        return GSS_S_NO_CONTEXT;
+    OM_uint32 major;
+
+    if (ctx == GSS_C_NO_CONTEXT) {
+        *minor = EINVAL;
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+    }
+
+    if (qop_req != GSS_C_QOP_DEFAULT) {
+        *minor = GSSEAP_UNKNOWN_QOP;
+        return GSS_S_UNAVAILABLE;
+    }
+
+    *minor = 0;
+
+    GSSEAP_MUTEX_LOCK(&ctx->mutex);
+
+    if (!CTX_IS_ESTABLISHED(ctx)) {
+        major = GSS_S_NO_CONTEXT;
+        *minor = GSSEAP_CONTEXT_INCOMPLETE;
+        goto cleanup;
+    }
+
+    major = gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state,
+                               iov, iov_count, TOK_TYPE_WRAP);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+cleanup:
+    GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
 
-    return gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state,
-                              iov, iov_count, TOK_TYPE_WRAP);
+    return major;
 }