- allow application to determine maximum message size with resulting output token of a specified maximum size
cc [ flag... ] file... -lgss [ library... ] #include <gssapi/gssapi.h> OM_uint32 gss_process_context_token(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32 *max_input_size);
The gss_wrap_size_limit() function allows an application to determine the maximum message size that, if presented to gss_wrap() with the same conf_req_flag and qop_req parameters, results in an output token containing no more than req_output_size bytes. This call is intended for use by applications that communicate over protocols that impose a maximum message size. It enables the application to fragment messages prior to applying protection. The GSS-API detects invalid QOP values when gss_wrap_size_limit() is called. This routine guarantees only a maximum message size, not the availability of specific QOP values for message protection.
Successful completion of gss_wrap_size_limit() does not guarantee that gss_wrap() will be able to protect a message of length max_input_size bytes, since this ability might depend on the availability of system resources at the time that gss_wrap() is called.
The parameter descriptions for gss_wrap_size_limit() are as follows:
A mechanism-specific status code.
A handle that refers to the security over which the messages will be sent.
Indicates whether gss_wrap() will be asked to apply confidential protection in addition to integrity protection. See gss_wrap(3GSS) for more details.
Indicates the level of protection that gss_wrap() will be asked to provide. See gss_wrap(3GSS) for more details.
The desired maximum size for tokens emitted by gss_wrap().
The maximum input message size that can be presented to gss_wrap() to guarantee that the emitted token will be no larger than req_output_size bytes.
gss_wrap_size_limit() returns one of the following status codes:
The referenced context could not be accessed.
The context has expired.
The specified QOP is not supported by the mechanism.
The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism-specific status code reported by means of the minor_status parameter details the error condition.
See attributes(5) for descriptions of the following attributes: