1
/* -*- mode: c; indent-tabs-mode: nil -*- */
3
* Copyright 2000 by the Massachusetts Institute of Technology.
6
* Export of this software from the United States of America may
7
* require a specific license from the United States Government.
8
* It is the responsibility of any person or organization contemplating
9
* export to obtain such a license before exporting.
11
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12
* distribute this software and its documentation for any purpose and
13
* without fee is hereby granted, provided that the above copyright
14
* notice appear in all copies and that both that copyright notice and
15
* this permission notice appear in supporting documentation, and that
16
* the name of M.I.T. not be used in advertising or publicity pertaining
17
* to distribution of the software without specific, written prior
18
* permission. Furthermore if you modify this software you must label
19
* your software as modified software and not distribute it in such a
20
* fashion that it might be confused with the original M.I.T. software.
21
* M.I.T. makes no representations about the suitability of
22
* this software for any purpose. It is provided "as is" without express
23
* or implied warranty.
27
* Copyright 1993 by OpenVision Technologies, Inc.
29
* Permission to use, copy, modify, distribute, and sell this software
30
* and its documentation for any purpose is hereby granted without fee,
31
* provided that the above copyright notice appears in all copies and
32
* that both that copyright notice and this permission notice appear in
33
* supporting documentation, and that the name of OpenVision not be used
34
* in advertising or publicity pertaining to distribution of the software
35
* without specific, written prior permission. OpenVision makes no
36
* representations about the suitability of this software for any
37
* purpose. It is provided "as is" without express or implied warranty.
39
* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
40
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
41
* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
42
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
43
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
44
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
45
* PERFORMANCE OF THIS SOFTWARE.
49
* Copyright (C) 1998 by the FundsXpress, INC.
51
* All rights reserved.
53
* Export of this software from the United States of America may require
54
* a specific license from the United States Government. It is the
55
* responsibility of any person or organization contemplating export to
56
* obtain such a license before exporting.
58
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
59
* distribute this software and its documentation for any purpose and
60
* without fee is hereby granted, provided that the above copyright
61
* notice appear in all copies and that both that copyright notice and
62
* this permission notice appear in supporting documentation, and that
63
* the name of FundsXpress. not be used in advertising or publicity pertaining
64
* to distribution of the software without specific, written prior
65
* permission. FundsXpress makes no representations about the suitability of
66
* this software for any purpose. It is provided "as is" without express
67
* or implied warranty.
69
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
70
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
71
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
74
#include "gssapiP_krb5.h"
78
krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
79
qop_req, req_output_size, max_input_size)
80
OM_uint32 *minor_status;
81
gss_ctx_id_t context_handle;
84
OM_uint32 req_output_size;
85
OM_uint32 *max_input_size;
87
krb5_gss_ctx_id_rec *ctx;
88
OM_uint32 data_size, conflen;
92
/* only default qop is allowed */
93
if (qop_req != GSS_C_QOP_DEFAULT) {
94
*minor_status = (OM_uint32) G_UNKNOWN_QOP;
95
return(GSS_S_FAILURE);
98
/* validate the context handle */
99
if (! kg_validate_ctx_id(context_handle)) {
100
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
101
return(GSS_S_NO_CONTEXT);
104
ctx = (krb5_gss_ctx_id_rec *) context_handle;
105
if (! ctx->established) {
106
*minor_status = KG_CTX_INCOMPLETE;
107
return(GSS_S_NO_CONTEXT);
110
if (ctx->proto == 1) {
111
/* No pseudo-ASN.1 wrapper overhead, so no sequence length and
113
OM_uint32 sz = req_output_size;
115
/* Token header: 16 octets. */
117
krb5_enctype enctype;
119
enctype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey->enctype
120
: ctx->subkey->enctype;
122
while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size)
124
/* Allow for encrypted copy of header. */
130
/* Allow for EC padding. In the MIT implementation, only
131
added while testing. */
138
krb5_cksumtype cksumtype;
142
cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
145
err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
148
return GSS_S_FAILURE;
151
/* Allow for token header and checksum. */
152
if (sz < 16 + cksumsize)
155
sz -= (16 + cksumsize);
158
*max_input_size = sz;
160
return GSS_S_COMPLETE;
163
/* Calculate the token size and subtract that from the output size */
164
overhead = 7 + ctx->mech_used->length;
165
data_size = req_output_size;
166
conflen = kg_confounder_size(ctx->k5_context, ctx->enc);
167
data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
168
ohlen = g_token_size(ctx->mech_used,
169
(unsigned int) (data_size + ctx->cksum_size + 14))
172
if (ohlen+overhead < req_output_size)
174
* Cannot have trailer length that will cause us to pad over our
177
*max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7);
182
return(GSS_S_COMPLETE);