NAME
gss_wrap_size_limit() — determine a token-size limit for gss_wrap on a context
SYNOPSIS
#include <gssapi.h>
OM_uint32 gss_wrap_size_limit (
OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
OM_uint32 max_input_size)
DESCRIPTION
The
gss_wrap_size_limit()
routine allows an application to
determine the maximum message size that, if presented to
gss_wrap()
with the same
conf_req_flag
and
qop_req
parameters, will result in
an output token containing no more than the
req_output_size
bytes.
This call is intended for use by applications that communicate over
protocols that impose a maximum message size. It enables the
application to fragment messages prior to applying protection.
Input Parameters
- context_handle
Specifies the context on which the message is sent.
- conf_req_flag
Specifies the requested level of confidentiality and integrity
services, as follows:
- Non-zero
Both confidentiality and integrity services are requested.
- Zero
Only integrity services are requested.
- qop_req
Specifies the cryptographic algorithm, or quality of protection.
A mechanism-specific default may be requested by setting
qop_req
to
GSS_C_QOP_DEFAULT.
- req_output_size
The desired maximum size for tokens emitted by
gss_wrap().
Output Parameters
- max_input_size
The maximum input message size that may be presented to
gss_wrap()
in order
to guarantee that the emitted token shall be no larger than
req_output_size
bytes.
- minor_status
Returns a status code from the security mechanism.
STATUS CODES
The following status codes can be returned:
- GSS_S_COMPLETE
The routine was completed successfully.
- GSS_S_NO_CONTEXT
The context identified in the
context_handle
parameter was not valid.
- GSS_S_CONTEXT_EXPIRED
The context has already expired.
- GSS_S_BAD_QOP
The specified QOP is not supported by the mechanism.
AUTHOR
gss_wrap_size_limit()
was developed by Sun Microsystems, Inc.
SEE ALSO
gss_wrap(3).
The manpages for DCE-GSSAPI are included with the DCE-CoreTools product.
To see those manpages add
/opt/dce/share/man
to
MANPATH.