From 5edbeca14108a9b2c3badafce0b0b3447a8280f6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 11 Sep 2005 11:19:02 +0000 Subject: r10153: This patch adds a new parameter to gensec_sig_size(), the size of the data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104) --- source4/heimdal/lib/gssapi/arcfour.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'source4/heimdal/lib/gssapi/arcfour.c') diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c index 5edcee08ec..52bb2ecf1b 100644 --- a/source4/heimdal/lib/gssapi/arcfour.c +++ b/source4/heimdal/lib/gssapi/arcfour.c @@ -325,6 +325,37 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, return GSS_S_COMPLETE; } +OM_uint32 +_gssapi_wrap_size_arcfour(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_input_size, + OM_uint32 * output_size, + OM_uint32 * padlen, + krb5_keyblock *key) +{ + size_t len, total_len, datalen; + *padlen = 0; + datalen = req_input_size; + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; + /* if GSS_C_DCE_STYLE is in use: + * - we only need to encapsulate the WRAP token + * - we should not add padding + */ + if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + datalen += 1 /* padding */; + len += datalen; + } + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + if (context_handle->flags & GSS_C_DCE_STYLE) { + total_len += datalen; + } + + *output_size = total_len; + return GSS_S_COMPLETE; +} + OM_uint32 _gssapi_wrap_arcfour(OM_uint32 * minor_status, const gss_ctx_id_t context_handle, -- cgit