confidential CFX tokens.
ticket: 2266
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107
dc483132-0cff-0310-8789-
dd5450dbe970
+2004-02-23 Ken Raeburn <raeburn@mit.edu>
+
+ * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation
+ for confidential CFX tokens.
+
2004-02-09 Ken Raeburn <raeburn@mit.edu>
* ser_sctx.c (kg_oid_externalize): Check for errors.
if (conf_req_flag) {
while (sz > 0 && krb5_encrypt_size(sz, ctx->enc->enctype) + 16 > req_output_size)
sz--;
+ /* Allow for encrypted copy of header. */
+ if (sz > 16)
+ sz -= 16;
+ else
+ sz = 0;
+#ifdef CFX_EXERCISE
+ /* Allow for EC padding. In the MIT implementation, only
+ added while testing. */
+ if (sz > 65535)
+ sz -= 65535;
+ else
+ sz = 0;
+#endif
} else {
+ /* Allow for token header and checksum. */
if (sz < 16 + ctx->cksum_size)
sz = 0;
else
sz -= (16 + ctx->cksum_size);
}
- /* While testing only! */
- if (sz < 65536)
- sz = 0;
- else
- sz -= 65535;
-
*max_input_size = sz;
*minor_status = 0;
return GSS_S_COMPLETE;
projects / krb5.git / commitdiff