45 	u8 *pos, *rhdr, *hs_start, *hs_length;
49 	pos = *msgpos;
52 	rhdr = pos;
53 	pos += TLS_RECORD_HEADER_LEN;
77 	hs_start = pos;
79 	*pos++ = TLS_HANDSHAKE_TYPE_SERVER_HELLO;
81 	hs_length = pos;
82 	pos += 3;
85 	WPA_PUT_BE16(pos, conn->rl.tls_version);
86 	pos += 2;
88 	os_memcpy(pos, conn->server_random, TLS_RANDOM_LEN);
89 	pos += TLS_RANDOM_LEN;
91 	*pos++ = conn->session_id_len;
92 	os_memcpy(pos, conn->session_id, conn->session_id_len);
93 	pos += conn->session_id_len;
95 	WPA_PUT_BE16(pos, conn->cipher_suite);
96 	pos += 2;
98 	*pos++ = TLS_COMPRESSION_NULL;
136 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
137 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
140 			      rhdr, end - rhdr, hs_start, pos - hs_start,
147 	pos = rhdr + rlen;
149 	*msgpos = pos;
158 	u8 *pos, *rhdr, *hs_start, *hs_length, *cert_start;
170 	pos = *msgpos;
173 	rhdr = pos;
174 	pos += TLS_RECORD_HEADER_LEN;
179 	hs_start = pos;
181 	*pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE;
183 	hs_length = pos;
184 	pos += 3;
187 	cert_start = pos;
188 	pos += 3;
191 		if (pos + 3 + cert->cert_len > end) {
195 				   (unsigned long) (end - pos));
200 		WPA_PUT_BE24(pos, cert->cert_len);
201 		pos += 3;
202 		os_memcpy(pos, cert->cert_start, cert->cert_len);
203 		pos += cert->cert_len;
220 	WPA_PUT_BE24(cert_start, pos - cert_start - 3);
222 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
225 			      rhdr, end - rhdr, hs_start, pos - hs_start,
232 	pos = rhdr + rlen;
234 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
236 	*msgpos = pos;
247 	u8 *pos, *rhdr, *hs_start, *hs_length, *server_params;
303 	pos = conn->dh_secret;
304 	while (pos + 1 < conn->dh_secret + conn->dh_secret_len && *pos == 0)
305 		pos++;
306 	if (pos != conn->dh_secret) {
307 		os_memmove(conn->dh_secret, pos,
308 			   conn->dh_secret_len - (pos - conn->dh_secret));
309 		conn->dh_secret_len -= pos - conn->dh_secret;
355 	pos = *msgpos;
358 	rhdr = pos;
359 	pos += TLS_RECORD_HEADER_LEN;
364 	hs_start = pos;
366 	*pos++ = TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE;
368 	hs_length = pos;
369 	pos += 3;
372 	server_params = pos;
374 	if (pos + 2 + dh_p_len > end) {
382 	WPA_PUT_BE16(pos, dh_p_len);
383 	pos += 2;
384 	os_memcpy(pos, dh_p, dh_p_len);
385 	pos += dh_p_len;
388 	if (pos + 2 + conn->cred->dh_g_len > end) {
396 	WPA_PUT_BE16(pos, conn->cred->dh_g_len);
397 	pos += 2;
398 	os_memcpy(pos, conn->cred->dh_g, conn->cred->dh_g_len);
399 	pos += conn->cred->dh_g_len;
402 	if (pos + 2 + dh_ys_len > end) {
410 	WPA_PUT_BE16(pos, dh_ys_len);
411 	pos += 2;
412 	os_memcpy(pos, dh_ys, dh_ys_len);
413 	pos += dh_ys_len;
448 				pos - server_params, hash + 19);
460 			if (hlen < 0 || pos + 2 > end) {
465 			*pos++ = TLS_HASH_ALG_SHA256;
466 			*pos++ = TLS_SIGN_ALG_RSA;
496 				pos - server_params, hash);
526 		signed_start = pos; /* length to be filled */
527 		pos += 2;
528 		clen = end - pos;
531 						  pos, &clen) < 0) {
541 			pos[clen - 1] ^= 0x80;
545 		pos += clen;
548 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
551 			      rhdr, end - rhdr, hs_start, pos - hs_start,
558 	pos = rhdr + rlen;
560 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
562 	*msgpos = pos;
571 	u8 *pos, *rhdr, *hs_start, *hs_length;
579 	pos = *msgpos;
582 	rhdr = pos;
583 	pos += TLS_RECORD_HEADER_LEN;
588 	hs_start = pos;
590 	*pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST;
592 	hs_length = pos;
593 	pos += 3;
603 	*pos++ = 1;
604 	*pos++ = 1; /* rsa_sign */
611 	WPA_PUT_BE16(pos, 0);
612 	pos += 2;
614 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
617 			      rhdr, end - rhdr, hs_start, pos - hs_start,
624 	pos = rhdr + rlen;
626 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
628 	*msgpos = pos;
637 	u8 *pos;
646 	pos = payload;
648 	*pos++ = TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE;
650 	WPA_PUT_BE24(pos, 0);
651 	pos += 3;
655 			      *msgpos, end - *msgpos, payload, pos - payload,
663 	tls_verify_hash_add(&conn->verify, payload, pos - payload);
707 	u8 *pos, *hs_start;
712 	pos = *msgpos;
779 	pos = hs_start = verify_data;
781 	*pos++ = TLS_HANDSHAKE_TYPE_FINISHED;
783 	WPA_PUT_BE24(pos, TLS_VERIFY_DATA_LEN);
784 	pos += 3;
785 	pos += TLS_VERIFY_DATA_LEN;
786 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
789 			      *msgpos, end - *msgpos, hs_start, pos - hs_start,
805 	u8 *msg, *end, *pos;
816 	pos = msg;
819 	if (tls_write_server_hello(conn, &pos, end) < 0) {
826 		if (tls_write_server_change_cipher_spec(conn, &pos, end) < 0 ||
827 		    tls_write_server_finished(conn, &pos, end) < 0) {
832 		*out_len = pos - msg;
840 	if (tls_write_server_certificate(conn, &pos, end) < 0 ||
841 	    tls_write_server_key_exchange(conn, &pos, end) < 0 ||
842 	    tls_write_server_certificate_request(conn, &pos, end) < 0 ||
843 	    tls_write_server_hello_done(conn, &pos, end) < 0) {
848 	*out_len = pos - msg;
859 	u8 *msg, *end, *pos;
867 	pos = msg;
870 	if (tls_write_server_change_cipher_spec(conn, &pos, end) < 0 ||
871 	    tls_write_server_finished(conn, &pos, end) < 0) {
876 	*out_len = pos - msg;
907 	u8 *alert, *pos, *length;
916 	pos = alert;
920 	*pos++ = TLS_CONTENT_TYPE_ALERT;
922 	WPA_PUT_BE16(pos, conn->rl.tls_version ? conn->rl.tls_version :
924 	pos += 2;
926 	length = pos;
927 	pos += 2;
932 	*pos++ = level;
934 	*pos++ = description;
936 	WPA_PUT_BE16(length, pos - length - 2);
937 	*out_len = pos - alert;

Indexes created Thu Nov 06 06:13:30 CET 2014