HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 5 GSSAPI (Generic Security Services Application Programming Interface)

gss_wrap_size_limit — Check expected size of wrapped output

  Table of Contents

  Glossary

  Index

C Prototype

OM_uint32 gss_wrap_size_limit(
OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
OM_uint32 * max_input_size );

Arguments

minor_status (output) 

An implementation-specific status code.

context_handle (input) 

A handle that refers to the security over which the messages will be sent..

conf_req_flag (input) 

A Boolean value indicating whether gss_wrap will be asked to apply confidentiality protection in addition to integrity protection.

TRUE — Both confidentiality and integrity services are requested.FALSE — Only integrity service is requested.

qop_req (input) 

Specifies the requested quality of protection that gss_wrap will be asked to provide. Callers are encouraged, on portability grounds, to accept the default quality of protection offered by the chosen mechanism, which may be requested by specifying GSS_C_QOP_DEFAULT for this argument.

req_output_size (input)  

The desired maximum size for tokens emitted by gss_wrap.

max_input_size (output) 

The maximum input message size that may be presented to gss_wrap in order to guarantee that the emitted token shall be no larger than req_output_size bytes.

Description

This routine allows an application to determine the maximum message size that, if presented to gss_wrap with the same conf_req_flag and qop_req arguments, will result in an output token containing no more than req_output_size bytes.

This call is intended for use by applications that communicate over protocols that impose a maximum message size. It enables the application to fragment messages prior to applying protection.

This call is intended for use by applications that communicate over protocols that impose a maximum message size. It enables the application to fragment messages prior to applying protection.

Successful completion of this call does not guarantee that gss_wrap will be able to protect a message of length max_input_size bytes, since this ability may depend on the availability of system resources at the time that gss_wrap is called.

Return Values

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE

Indicates a successful token size determination: an input message with a length in octets equal to the returned max_input_size value will, when passed to gss_wrap for processing on the context identified by the context_handle argument with the confidentiality request state as provided in conf_req_flag and with the quality of protection specifier provided in the qop_req argument, yield an output token no larger than the value of the provided req_output_size argument.
GSS_S_CONTEXT_EXPIREDIndicates that the provided input context_handle is recognized, but that the referenced context has expired. Return values other than minor_status are undefined.

GSS_S_NO_CONTEXT

Indicates that no valid context was recognized for the input context_handle provided. Return values other than minor_status are undefined.
GSS_S_BAD_QOPIndicates that the provided QOP value is not recognized or supported for the context.