goto defective;
seqnum = load_uint64_be(ptr + 8);
- code = gssEapVerify(krbContext, ctx->checksumType, 0,
+ /*
+ * Although MIC tokens don't have a RRC, they are similarly
+ * composed of a header and a checksum. So the verify_mic()
+ * can be implemented with a single header buffer, fake the
+ * RRC to the putative trailer length if no trailer buffer.
+ */
+ code = gssEapVerify(krbContext, ctx->checksumType,
+ trailer != NULL ? 0 : header->buffer.length - 16,
KRB_CRYPTO_CONTEXT(ctx), keyUsage,
iov, iov_count, &valid);
if (code != 0 || valid == FALSE) {
GSSEAP_ASSERT(i < 2 + (3 * tokens->buffers.count));
iov[i].type = GSS_IOV_BUFFER_TYPE_HEADER;
- iov[i].buffer.length = 16;
- iov[i].buffer.value = tokenMIC->value;
- i++;
-
- iov[i].type = GSS_IOV_BUFFER_TYPE_TRAILER;
- iov[i].buffer.length = tokenMIC->length - 16;
- iov[i].buffer.value = (unsigned char *)tokenMIC->value + 16;
+ iov[i].buffer = *tokenMIC;
i++;
major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL,
iov[0].buffer = *message_buffer;
iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER;
- iov[1].buffer.length = 16;
- iov[1].buffer.value = message_token->value;
-
- iov[2].type = GSS_IOV_BUFFER_TYPE_TRAILER;
- iov[2].buffer.length = message_token->length - 16;
- iov[2].buffer.value = (unsigned char *)message_token->value + 16;
+ iov[1].buffer = *message_token;
GSSEAP_MUTEX_LOCK(&ctx->mutex);
major = gssEapUnwrapOrVerifyMIC(minor, ctx, &conf_state, qop_state,
- iov, 3, TOK_TYPE_MIC);
+ iov, 2, TOK_TYPE_MIC);
GSSEAP_MUTEX_UNLOCK(&ctx->mutex);