remove _gsskrb5cfx_max_wrap_length_cfx

heimdal · Dec 17, 2015 · c9ce7fb · c9ce7fb
1 parent ebc7984
commit c9ce7fb
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 14 deletions.
diff --git a/lib/gssapi/krb5/test_cfx.c b/lib/gssapi/krb5/test_cfx.c
@@ -46,6 +46,81 @@ struct range tests[] = {
     { 9980, 10010 }
 };
 
+static krb5_error_code
+wrap_length_cfx(krb5_context context,
+		krb5_crypto crypto,
+		int conf_req_flag,
+		int dce_style,
+		size_t input_length,
+		size_t *output_length,
+		size_t *cksumsize,
+		uint16_t *padlength)
+{
+    krb5_error_code ret;
+    krb5_cksumtype type;
+    krb5_enctype enctype;
+    int aead;
+
+    /* 16-byte header is always first */
+    *output_length = sizeof(gss_cfx_wrap_token_desc);
+    *padlength = 0;
+
+    ret = krb5_crypto_getenctype(context, crypto, &enctype);
+    if (ret)
+	return ret;
+
+    aead = _krb5_enctype_is_aead(context, enctype);
+    if (!aead) {
+	ret = krb5_crypto_get_checksum_type(context, crypto, &type);
+	if (ret)
+	    return ret;
+
+	ret = krb5_checksumsize(context, type, cksumsize);
+	if (ret)
+	    return ret;
+    } else {
+	ret = krb5_crypto_length(context, crypto,
+				 KRB5_CRYPTO_TYPE_TRAILER, cksumsize);
+	if (ret)
+	    return ret;
+    }
+
+    if (conf_req_flag) {
+	size_t padsize;
+
+	if (!aead)
+	    input_length += sizeof(gss_cfx_wrap_token_desc);
+
+	/* Don't propagate MS bug for AEAD modes, MS can fix it */
+	if (dce_style && !aead) {
+		ret = krb5_crypto_getblocksize(context, crypto, &padsize);
+	} else {
+		ret = krb5_crypto_getpadsize(context, crypto, &padsize);
+	}
+	if (ret) {
+	    return ret;
+	}
+	if (padsize > 1) {
+	    /* XXX check this */
+	    *padlength = padsize - (input_length % padsize);
+
+	    /* We add the pad ourselves (noted here for completeness only) */
+	    input_length += *padlength;
+	}
+
+	*output_length += krb5_get_wrapped_length(context,
+						  crypto, input_length);
+    } else {
+	/* Checksum is concatenated with data */
+	*output_length += input_length + *cksumsize;
+    }
+
+    assert(*output_length > input_length);
+
+    return 0;
+}
+
+
 static void
 test_range(const struct range *r, int integ,
 	   krb5_context context, krb5_crypto crypto)
@@ -70,18 +145,18 @@ test_range(const struct range *r, int integ,
 				    size,
 				    &max_wrap_size);
 	if (ret)
-	    krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret);
+	    krb5_errx(context, 1, "_gssapi_wrap_size_cfx: %d", ret);
 	if (max_wrap_size == 0)
 	    continue;
 
-	ret = _gsskrb5cfx_wrap_length_cfx(context,
-					  crypto,
-					  integ,
-					  0,
-					  max_wrap_size,
-					  &rsize, &cksumsize, &padsize);
+	ret = wrap_length_cfx(context,
+			      crypto,
+			      integ,
+			      0,
+			      max_wrap_size,
+			      &rsize, &cksumsize, &padsize);
 	if (ret)
-	    krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret);
+	    krb5_errx(context, 1, "wrap_length_cfx: %d", ret);
 
 	if (size < rsize)
 	    krb5_errx(context, 1,
@@ -102,6 +177,7 @@ test_special(krb5_context context, krb5_crypto crypto,
     struct gsskrb5_ctx ctx;
     OM_uint32 minor;
 
+    memset(&ctx, 0, sizeof(ctx));
     ctx.crypto = crypto;
 
     ret = _gssapi_wrap_size_cfx(&minor,

diff --git a/lib/gssapi/libgssapi-exports.def b/lib/gssapi/libgssapi-exports.def
@@ -115,9 +115,6 @@ EXPORTS
 	gsskrb5_set_time_offset
 	krb5_gss_register_acceptor_identity
 
-; _gsskrb5cfx_ are really internal symbols, but export
-; then now to make testing easier.
-	_gsskrb5cfx_wrap_length_cfx
 	_gssapi_wrap_size_cfx
 
         initialize_gk5_error_table_r    ;!

diff --git a/lib/gssapi/version-script.map b/lib/gssapi/version-script.map
@@ -120,9 +120,6 @@ HEIMDAL_GSS_2.0 {
 		gss_name_to_oid;
 		gss_oid_to_name;
 
-		# _gsskrb5cfx_ are really internal symbols, but export
-		# then now to make testing easier.
-		_gsskrb5cfx_wrap_length_cfx;
 		_gssapi_wrap_size_cfx;
 
 		__gss_krb5_copy_ccache_x_oid_desc;