gssapi/krb5: make PADDING buffer optional in GSS IOV API

RFC 4121/4757 don't require padding as they operate as stream ciphers. Make the PADDING buffer optional when using these encryption types with gss_wrap_iov() and gss_unwrap_iov().
2020-07-11 16:23:54 +10:00
parent a684e001ba
commit b73baa42ef
2 changed files with 22 additions and 12 deletions
--- a/lib/gssapi/krb5/arcfour.c
+++ b/lib/gssapi/krb5/arcfour.c
@@ -880,7 +880,8 @@ _gssapi_wrap_iov_length_arcfour(OM_uint32 *minor_status,
 	}
    }

-    major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer);
+    major_status = _gk_verify_buffers(minor_status, ctx, header,
+				      padding, trailer, FALSE);
    if (major_status != GSS_S_COMPLETE) {
 	    return major_status;
    }
@@ -937,7 +938,8 @@ _gssapi_wrap_iov_arcfour(OM_uint32 *minor_status,
    padding = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
    trailer = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);

-    major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer);
+    major_status = _gk_verify_buffers(minor_status, ctx, header,
+				      padding, trailer, FALSE);
    if (major_status != GSS_S_COMPLETE) {
 	return major_status;
    }
@@ -1181,10 +1183,11 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,

    /* Check if the packet is correct */
    major_status = _gk_verify_buffers(minor_status,
-				  ctx,
-				  header,
-				  padding,
-				  trailer);
+				      ctx,
+				      header,
+				      padding,
+				      trailer,
+				      FALSE); /* behaves as stream cipher */
    if (major_status != GSS_S_COMPLETE) {
 	return major_status;
    }