Scroll to navigation

gss_wrap_size_limit(3) gss gss_wrap_size_limit(3)


gss_wrap_size_limit - API function


#include <gss.h>

OM_uint32 gss_wrap_size_limit(OM_uint32 * minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32 * max_input_size);


(Integer, modify) Mechanism specific status code.
(gss_ctx_id_t, read) A handle that refers to the
security over which the messages will be sent.
(Boolean, read) Indicates whether gss_wrap will be
asked to apply confidentiality protection in addition to
integrity protection. See the routine description for gss_wrap
for more details.
(gss_qop_t, read) Indicates the level of protection that
gss_wrap will be asked to provide. See the routine description
for gss_wrap for more details.
(Integer, read) The desired maximum size for
tokens emitted by gss_wrap.
(Integer, modify) The maximum input message size
that may be presented to gss_wrap in order to guarantee that the
emitted token shall be no larger than req_output_size bytes.


Allows an application to determine the maximum message size that, if presented to gss_wrap with the same conf_req_flag and qop_req parameters, will result in an output token containing no more than req_output_size bytes.

This call is intended for use by applications that communicate over protocols that impose a maximum message size. It enables the application to fragment messages prior to applying protection.

GSS-API implementations are recommended but not required to detect invalid QOP values when gss_wrap_size_limit() is called. This routine guarantees only a maximum message size, not the availability of specific QOP values for message protection.

Successful completion of this call does not guarantee that gss_wrap will be able to protect a message of length max_input_size bytes, since this ability may depend on the availability of system resources at the time that gss_wrap is called. However, if the implementation itself imposes an upper limit on the length of messages that may be processed by gss_wrap, the implementation should not return a value via max_input_bytes that is greater than this length.


`GSS_S_COMPLETE`: Successful completion.

`GSS_S_NO_CONTEXT`: The referenced context could not be accessed.

`GSS_S_CONTEXT_EXPIRED`: The context has expired.

`GSS_S_BAD_QOP`: The specified QOP is not supported by the mechanism.


Report bugs to <>. GNU Generic Security Service home page: General help using GNU software:


Copyright © 2003-2022 Simon Josefsson.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.


The full documentation for gss is maintained as a Texinfo manual. If the info and gss programs are properly installed at your site, the command

info gss

should give you access to the complete manual.

1.0.4 gss