summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/gssapi/decapsulate.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/gssapi/decapsulate.c')
-rw-r--r--crypto/heimdal/lib/gssapi/decapsulate.c81
1 files changed, 80 insertions, 1 deletions
diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c
index 29c1f5b..2425453 100644
--- a/crypto/heimdal/lib/gssapi/decapsulate.c
+++ b/crypto/heimdal/lib/gssapi/decapsulate.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: decapsulate.c,v 1.7 2001/08/23 04:35:54 assar Exp $");
+RCSID("$Id: decapsulate.c,v 1.7.6.1 2003/09/18 22:00:41 lha Exp $");
OM_uint32
gssapi_krb5_verify_header(u_char **str,
@@ -73,6 +73,56 @@ gssapi_krb5_verify_header(u_char **str,
return GSS_S_COMPLETE;
}
+static ssize_t
+gssapi_krb5_get_mech (const u_char *ptr,
+ size_t total_len,
+ const u_char **mech_ret)
+{
+ size_t len, len_len, mech_len, foo;
+ const u_char *p = ptr;
+ int e;
+
+ if (total_len < 1)
+ return -1;
+ if (*p++ != 0x60)
+ return -1;
+ e = der_get_length (p, total_len - 1, &len, &len_len);
+ if (e || 1 + len_len + len != total_len)
+ return -1;
+ p += len_len;
+ if (*p++ != 0x06)
+ return -1;
+ e = der_get_length (p, total_len - 1 - len_len - 1,
+ &mech_len, &foo);
+ if (e)
+ return -1;
+ p += foo;
+ *mech_ret = p;
+ return mech_len;
+}
+
+OM_uint32
+_gssapi_verify_mech_header(u_char **str,
+ size_t total_len)
+{
+ const u_char *p;
+ ssize_t mech_len;
+
+ mech_len = gssapi_krb5_get_mech (*str, total_len, &p);
+ if (mech_len < 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ if (mech_len != GSS_KRB5_MECHANISM->length)
+ return GSS_S_BAD_MECH;
+ if (memcmp(p,
+ GSS_KRB5_MECHANISM->elements,
+ GSS_KRB5_MECHANISM->length) != 0)
+ return GSS_S_BAD_MECH;
+ p += mech_len;
+ *str = (char *)p;
+ return GSS_S_COMPLETE;
+}
+
/*
* Remove the GSS-API wrapping from `in_token' giving `out_data.
* Does not copy data, so just free `in_token'.
@@ -103,3 +153,32 @@ gssapi_krb5_decapsulate(
out_data->data = p;
return GSS_S_COMPLETE;
}
+
+/*
+ * Verify padding of a gss wrapped message and return its length.
+ */
+
+OM_uint32
+_gssapi_verify_pad(gss_buffer_t wrapped_token,
+ size_t datalen,
+ size_t *padlen)
+{
+ u_char *pad;
+ size_t padlength;
+ int i;
+
+ pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
+ padlength = *pad;
+
+ if (padlength > datalen)
+ return GSS_S_BAD_MECH;
+
+ for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
+ ;
+ if (i != 0)
+ return GSS_S_BAD_MIC;
+
+ *padlen = padlength;
+
+ return 0;
+}
OpenPOWER on IntegriCloud