From 5c233a91278a667b484cf9dca9a0d75726acb253 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Sat, 8 Apr 2000 07:36:03 +0000
Subject: [PATCH] 	* wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix up
 	wrap_size_limit() to deal with integrity wrap tokens properly. 	The
 rfc1964 mech always pads and confounds regardless of whether 
 confidentiality is requested.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12155 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/ChangeLog         | 7 +++++++
 src/lib/gssapi/krb5/wrap_size_limit.c | 9 ++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 06639d404..81be5ee0e 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,10 @@
+2000-04-08  Tom Yu  <tlyu@mit.edu>
+
+	* wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix up
+	wrap_size_limit() to deal with integrity wrap tokens properly.
+	The rfc1964 mech always pads and confounds regardless of whether
+	confidentiality is requested.
+
 2000-01-27  Ken Raeburn  <raeburn@raeburn.org>
 
 	* init_sec_context.c (krb5_gss_init_sec_context): Default to
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c
index f7fee73cd..d71a3f864 100644
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -157,10 +157,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
 	/* Calculate the token size and subtract that from the output size */
 	overhead = 7 + ctx->mech_used->length;
 	data_size = req_output_size;
-	if (conf_req_flag) {
-		conflen = kg_confounder_size(context, ctx->enc);
-		data_size = (conflen + data_size + 8) & (~7);
-	}
+	conflen = kg_confounder_size(context, ctx->enc);
+	data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
 	ohlen = g_token_size((gss_OID) ctx->mech_used,
 			     (unsigned int) (data_size + ctx->cksum_size + 14))
 		- req_output_size;
@@ -170,7 +168,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
 	     * Cannot have trailer length that will cause us to pad over
 	     * our length
 	     */
-	    *max_input_size = (req_output_size - ohlen - overhead) & (~7);
+	    *max_input_size = (req_output_size - ohlen - overhead)
+		& (~(OM_uint32)7);
 	else
 	    *max_input_size = 0;
     }
-- 
2.26.2