GSS_WRAP_SIZE_LIMIT(3GSS) Generic Security Services API Library Functions


NAME


gss_wrap_size_limit - allow application to determine maximum message size
with resulting output token of a specified maximum size

SYNOPSIS


cc [ flag... ] file... -lgss [ library... ]
#include <gssapi/gssapi.h>

OM_uint32 gss_process_context_token(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle, int conf_req_flag,
gss_qop_t qop_req, OM_uint32 req_output_size,
OM_uint32 *max_input_size);


DESCRIPTION


The gss_wrap_size_limit() function allows an application to determine the
maximum message size that, if presented to gss_wrap() with the same
conf_req_flag and qop_req parameters, results in an output token
containing no more than req_output_size bytes. This call is intended for
use by applications that communicate over protocols that impose a maximum
message size. It enables the application to fragment messages prior to
applying protection. The GSS-API detects invalid QOP values when
gss_wrap_size_limit() is called. This routine guarantees only a maximum
message size, not the availability of specific QOP values for message
protection.


Successful completion of gss_wrap_size_limit() does not guarantee that
gss_wrap() will be able to protect a message of length max_input_size
bytes, since this ability might depend on the availability of system
resources at the time that gss_wrap() is called.

PARAMETERS


The parameter descriptions for gss_wrap_size_limit() are as follows:

minor_status
A mechanism-specific status code.


context_handle
A handle that refers to the security over which the
messages will be sent.


conf_req_flag
Indicates whether gss_wrap() will be asked to apply
confidential protection in addition to integrity
protection. See gss_wrap(3GSS) for more details.


qop_req
Indicates the level of protection that gss_wrap() will
be asked to provide. See gss_wrap(3GSS) for more
details.


req_output_size
The desired maximum size for tokens emitted by
gss_wrap().


max_input_size
The maximum input message size that can be presented
to gss_wrap() to guarantee that the emitted token will
be no larger than req_output_size bytes.


ERRORS


gss_wrap_size_limit() returns one of the following status codes:

GSS_S_COMPLETE
Successful completion.


GSS_S_NO_CONTEXT
The referenced context could not be accessed.


GSS_S_CONTEXT_EXPIRED
The context has expired.


GSS_S_BAD_QOP
The specified QOP is not supported by the
mechanism.


GSS_S_FAILURE
The underlying mechanism detected an error for
which no specific GSS status code is defined.
The mechanism-specific status code reported by
means of the minor_status parameter details the
error condition.


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT Level | Safe |
+---------------+-----------------+

SEE ALSO


gss_wrap(3GSS), attributes(5)


Solaris Security for Developers Guide


January 15, 2003 GSS_WRAP_SIZE_LIMIT(3GSS)