47 	u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;  in tls_send_client_hello()  local
82 	pos = rhdr + TLS_RECORD_HEADER_LEN;  in tls_send_client_hello()
87 	hs_start = pos;  in tls_send_client_hello()
89 	*pos++ = TLS_HANDSHAKE_TYPE_CLIENT_HELLO;  in tls_send_client_hello()
91 	hs_length = pos;  in tls_send_client_hello()
92 	pos += 3;  in tls_send_client_hello()
95 	WPA_PUT_BE16(pos, tls_version);  in tls_send_client_hello()
96 	pos += 2;  in tls_send_client_hello()
98 	os_memcpy(pos, conn->client_random, TLS_RANDOM_LEN);  in tls_send_client_hello()
99 	pos += TLS_RANDOM_LEN;  in tls_send_client_hello()
101 	*pos++ = conn->session_id_len;  in tls_send_client_hello()
102 	os_memcpy(pos, conn->session_id, conn->session_id_len);  in tls_send_client_hello()
103 	pos += conn->session_id_len;  in tls_send_client_hello()
105 	WPA_PUT_BE16(pos, 2 * conn->num_cipher_suites);  in tls_send_client_hello()
106 	pos += 2;  in tls_send_client_hello()
108 		WPA_PUT_BE16(pos, conn->cipher_suites[i]);  in tls_send_client_hello()
109 		pos += 2;  in tls_send_client_hello()
112 	*pos++ = 1;  in tls_send_client_hello()
113 	*pos++ = TLS_COMPRESSION_NULL;  in tls_send_client_hello()
116 	ext_start = pos;  in tls_send_client_hello()
117 	pos += 2;  in tls_send_client_hello()
126 		WPA_PUT_BE16(pos, TLS_EXT_SIGNATURE_ALGORITHMS);  in tls_send_client_hello()
127 		pos += 2;  in tls_send_client_hello()
129 		WPA_PUT_BE16(pos, 8);  in tls_send_client_hello()
130 		pos += 2;  in tls_send_client_hello()
132 		WPA_PUT_BE16(pos, 6);  in tls_send_client_hello()
133 		pos += 2;  in tls_send_client_hello()
135 		*pos++ = TLS_HASH_ALG_SHA512;  in tls_send_client_hello()
136 		*pos++ = TLS_SIGN_ALG_RSA;  in tls_send_client_hello()
137 		*pos++ = TLS_HASH_ALG_SHA384;  in tls_send_client_hello()
138 		*pos++ = TLS_SIGN_ALG_RSA;  in tls_send_client_hello()
139 		*pos++ = TLS_HASH_ALG_SHA256;  in tls_send_client_hello()
140 		*pos++ = TLS_SIGN_ALG_RSA;  in tls_send_client_hello()
145 		os_memcpy(pos, conn->client_hello_ext,  in tls_send_client_hello()
147 		pos += conn->client_hello_ext_len;  in tls_send_client_hello()
154 		WPA_PUT_BE16(pos, TLS_EXT_STATUS_REQUEST);  in tls_send_client_hello()
155 		pos += 2;  in tls_send_client_hello()
157 		WPA_PUT_BE16(pos, 5);  in tls_send_client_hello()
158 		pos += 2;  in tls_send_client_hello()
171 		*pos++ = 1; /* status_type = ocsp(1) */  in tls_send_client_hello()
182 		WPA_PUT_BE16(pos, 0); /* responder_id_list(empty) */  in tls_send_client_hello()
183 		pos += 2;  in tls_send_client_hello()
184 		WPA_PUT_BE16(pos, 0); /* request_extensions(empty) */  in tls_send_client_hello()
185 		pos += 2;  in tls_send_client_hello()
190 		WPA_PUT_BE16(pos, TLS_EXT_STATUS_REQUEST_V2);  in tls_send_client_hello()
191 		pos += 2;  in tls_send_client_hello()
193 		WPA_PUT_BE16(pos, 7);  in tls_send_client_hello()
194 		pos += 2;  in tls_send_client_hello()
216 		WPA_PUT_BE16(pos, 5);  in tls_send_client_hello()
217 		pos += 2;  in tls_send_client_hello()
220 		*pos++ = 2; /* status_type = ocsp_multi(2) */  in tls_send_client_hello()
222 		WPA_PUT_BE16(pos, 0); /* responder_id_list(empty) */  in tls_send_client_hello()
223 		pos += 2;  in tls_send_client_hello()
224 		WPA_PUT_BE16(pos, 0); /* request_extensions(empty) */  in tls_send_client_hello()
225 		pos += 2;  in tls_send_client_hello()
228 	if (pos == ext_start + 2)  in tls_send_client_hello()
229 		pos -= 2; /* no extensions */  in tls_send_client_hello()
231 		WPA_PUT_BE16(ext_start, pos - ext_start - 2);  in tls_send_client_hello()
233 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);  in tls_send_client_hello()
234 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_send_client_hello()
237 			      rhdr, end - rhdr, hs_start, pos - hs_start,  in tls_send_client_hello()
255 	u8 *pos, *rhdr, *hs_start, *hs_length, *cert_start;  in tls_write_client_certificate()  local
259 	pos = *msgpos;  in tls_write_client_certificate()
260 	if (TLS_RECORD_HEADER_LEN + 1 + 3 + 3 > end - pos) {  in tls_write_client_certificate()
267 	rhdr = pos;  in tls_write_client_certificate()
268 	pos += TLS_RECORD_HEADER_LEN;  in tls_write_client_certificate()
273 	hs_start = pos;  in tls_write_client_certificate()
275 	*pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE;  in tls_write_client_certificate()
277 	hs_length = pos;  in tls_write_client_certificate()
278 	pos += 3;  in tls_write_client_certificate()
281 	cert_start = pos;  in tls_write_client_certificate()
282 	pos += 3;  in tls_write_client_certificate()
285 		if (3 + cert->cert_len > (size_t) (end - pos)) {  in tls_write_client_certificate()
289 				   (unsigned long) (end - pos));  in tls_write_client_certificate()
294 		WPA_PUT_BE24(pos, cert->cert_len);  in tls_write_client_certificate()
295 		pos += 3;  in tls_write_client_certificate()
296 		os_memcpy(pos, cert->cert_start, cert->cert_len);  in tls_write_client_certificate()
297 		pos += cert->cert_len;  in tls_write_client_certificate()
314 	WPA_PUT_BE24(cert_start, pos - cert_start - 3);  in tls_write_client_certificate()
316 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);  in tls_write_client_certificate()
319 			      rhdr, end - rhdr, hs_start, pos - hs_start,  in tls_write_client_certificate()
326 	pos = rhdr + rlen;  in tls_write_client_certificate()
328 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_certificate()
330 	*msgpos = pos;  in tls_write_client_certificate()
336 static int tlsv1_key_x_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)  in tlsv1_key_x_dh()  argument
396 	if (end - *pos < 2) {  in tlsv1_key_x_dh()
403 	WPA_PUT_BE16(*pos, dh_yc_len);  in tlsv1_key_x_dh()
404 	*pos += 2;  in tlsv1_key_x_dh()
405 	if (dh_yc_len > (size_t) (end - *pos)) {  in tlsv1_key_x_dh()
414 	os_memcpy(*pos, dh_yc, dh_yc_len);  in tlsv1_key_x_dh()
415 	*pos += dh_yc_len;  in tlsv1_key_x_dh()
459 static int tlsv1_key_x_rsa(struct tlsv1_client *conn, u8 **pos, u8 *end)  in tlsv1_key_x_rsa()  argument
484 	*pos += 2;  in tlsv1_key_x_rsa()
485 	clen = end - *pos;  in tlsv1_key_x_rsa()
489 		*pos, &clen);  in tlsv1_key_x_rsa()
497 	WPA_PUT_BE16(*pos - 2, clen);  in tlsv1_key_x_rsa()
499 		    *pos, clen);  in tlsv1_key_x_rsa()
500 	*pos += clen;  in tlsv1_key_x_rsa()
509 	u8 *pos, *rhdr, *hs_start, *hs_length;  in tls_write_client_key_exchange()  local
520 	pos = *msgpos;  in tls_write_client_key_exchange()
524 	rhdr = pos;  in tls_write_client_key_exchange()
525 	pos += TLS_RECORD_HEADER_LEN;  in tls_write_client_key_exchange()
530 	hs_start = pos;  in tls_write_client_key_exchange()
532 	*pos++ = TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE;  in tls_write_client_key_exchange()
534 	hs_length = pos;  in tls_write_client_key_exchange()
535 	pos += 3;  in tls_write_client_key_exchange()
538 		if (tlsv1_key_x_dh(conn, &pos, end) < 0)  in tls_write_client_key_exchange()
541 		if (tlsv1_key_x_rsa(conn, &pos, end) < 0)  in tls_write_client_key_exchange()
545 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);  in tls_write_client_key_exchange()
548 			      rhdr, end - rhdr, hs_start, pos - hs_start,  in tls_write_client_key_exchange()
555 	pos = rhdr + rlen;  in tls_write_client_key_exchange()
556 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_key_exchange()
558 	*msgpos = pos;  in tls_write_client_key_exchange()
567 	u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start;  in tls_write_client_certificate_verify()  local
571 	pos = *msgpos;  in tls_write_client_certificate_verify()
574 	rhdr = pos;  in tls_write_client_certificate_verify()
575 	pos += TLS_RECORD_HEADER_LEN;  in tls_write_client_certificate_verify()
578 	hs_start = pos;  in tls_write_client_certificate_verify()
580 	*pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY;  in tls_write_client_certificate_verify()
582 	hs_length = pos;  in tls_write_client_certificate_verify()
583 	pos += 3;  in tls_write_client_certificate_verify()
685 		*pos++ = TLS_HASH_ALG_SHA256;  in tls_write_client_certificate_verify()
686 		*pos++ = TLS_SIGN_ALG_RSA;  in tls_write_client_certificate_verify()
701 	signed_start = pos; /* length to be filled */  in tls_write_client_certificate_verify()
702 	pos += 2;  in tls_write_client_certificate_verify()
703 	clen = end - pos;  in tls_write_client_certificate_verify()
706 					  pos, &clen) < 0) {  in tls_write_client_certificate_verify()
714 	pos += clen;  in tls_write_client_certificate_verify()
716 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);  in tls_write_client_certificate_verify()
719 			      rhdr, end - rhdr, hs_start, pos - hs_start,  in tls_write_client_certificate_verify()
726 	pos = rhdr + rlen;  in tls_write_client_certificate_verify()
728 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_certificate_verify()
730 	*msgpos = pos;  in tls_write_client_certificate_verify()
772 	u8 *pos, *hs_start;  in tls_write_client_finished()  local
836 	pos = hs_start = verify_data;  in tls_write_client_finished()
838 	*pos++ = TLS_HANDSHAKE_TYPE_FINISHED;  in tls_write_client_finished()
840 	WPA_PUT_BE24(pos, TLS_VERIFY_DATA_LEN);  in tls_write_client_finished()
841 	pos += 3;  in tls_write_client_finished()
842 	pos += TLS_VERIFY_DATA_LEN; /* verify_data already in place */  in tls_write_client_finished()
843 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_finished()
846 			      *msgpos, end - *msgpos, hs_start, pos - hs_start,  in tls_write_client_finished()
863 	u8 *msg, *end, *pos;  in tls_send_client_key_exchange()  local
876 	pos = msg;  in tls_send_client_key_exchange()
880 		if (tls_write_client_certificate(conn, &pos, end) < 0) {  in tls_send_client_key_exchange()
886 	if (tls_write_client_key_exchange(conn, &pos, end) < 0 ||  in tls_send_client_key_exchange()
888 	     tls_write_client_certificate_verify(conn, &pos, end) < 0) ||  in tls_send_client_key_exchange()
889 	    tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||  in tls_send_client_key_exchange()
890 	    tls_write_client_finished(conn, &pos, end) < 0) {  in tls_send_client_key_exchange()
895 	*out_len = pos - msg;  in tls_send_client_key_exchange()
906 	u8 *msg, *end, *pos;  in tls_send_change_cipher_spec()  local
914 	pos = msg;  in tls_send_change_cipher_spec()
917 	if (tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||  in tls_send_change_cipher_spec()
918 	    tls_write_client_finished(conn, &pos, end) < 0) {  in tls_send_change_cipher_spec()
923 	*out_len = pos - msg;  in tls_send_change_cipher_spec()
964 	u8 *alert, *pos, *length;  in tlsv1_client_send_alert()  local
973 	pos = alert;  in tlsv1_client_send_alert()
977 	*pos++ = TLS_CONTENT_TYPE_ALERT;  in tlsv1_client_send_alert()
979 	WPA_PUT_BE16(pos, conn->rl.tls_version ? conn->rl.tls_version :  in tlsv1_client_send_alert()
981 	pos += 2;  in tlsv1_client_send_alert()
983 	length = pos;  in tlsv1_client_send_alert()
984 	pos += 2;  in tlsv1_client_send_alert()
989 	*pos++ = level;  in tlsv1_client_send_alert()
991 	*pos++ = description;  in tlsv1_client_send_alert()
993 	WPA_PUT_BE16(length, pos - length - 2);  in tlsv1_client_send_alert()
994 	*out_len = pos - alert;  in tlsv1_client_send_alert()