1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *cpoint
, size_t cpoint_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
155 pms_len
= cpoint_len
>> 1;
156 if (pms_len
> sizeof rpms
) {
157 pms_len
= sizeof rpms
;
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
166 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, pms_len
);
167 br_ccopy(ctl
^ 1, cpoint
+ 1, rpms
, pms_len
);
170 * Compute master secret.
172 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, cpoint
+ 1, pms_len
);
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
178 memset(cpoint
, 0, cpoint_len
);
182 * Do the ECDH key exchange (not ECDHE).
185 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
186 unsigned char *cpoint
, size_t cpoint_len
)
191 * Finalise the key exchange.
193 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
195 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
206 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
210 const unsigned char *order
, *generator
;
212 br_multihash_context mhc
;
213 unsigned char head
[4];
214 size_t hv_len
, sig_len
;
216 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM
;
219 ctx
->eng
.ecdhe_curve
= curve
;
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
229 order
= ctx
->eng
.iec
->order(curve
, &olen
);
231 while (mask
>= order
[0]) {
234 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
235 ctx
->ecdhe_key
[0] &= mask
;
236 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
237 ctx
->ecdhe_key_len
= olen
;
240 * Compute our ECDH point.
242 generator
= ctx
->eng
.iec
->generator(curve
, &glen
);
243 memcpy(ctx
->eng
.ecdhe_point
, generator
, glen
);
244 ctx
->eng
.ecdhe_point_len
= glen
;
245 if (!ctx
->eng
.iec
->mul(ctx
->eng
.ecdhe_point
, glen
,
246 ctx
->ecdhe_key
, olen
, curve
))
248 return -BR_ERR_INVALID_ALGORITHM
;
252 * Compute the signature.
254 br_multihash_zero(&mhc
);
255 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
256 br_multihash_init(&mhc
);
257 br_multihash_update(&mhc
,
258 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
259 br_multihash_update(&mhc
,
260 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
264 head
[3] = ctx
->eng
.ecdhe_point_len
;
265 br_multihash_update(&mhc
, head
, sizeof head
);
266 br_multihash_update(&mhc
,
267 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
268 hash
= ctx
->sign_hash_id
;
270 hv_len
= br_multihash_out(&mhc
, hash
, ctx
->eng
.pad
);
272 return -BR_ERR_INVALID_ALGORITHM
;
275 if (!br_multihash_out(&mhc
, br_md5_ID
, ctx
->eng
.pad
)
276 || !br_multihash_out(&mhc
,
277 br_sha1_ID
, ctx
->eng
.pad
+ 16))
279 return -BR_ERR_INVALID_ALGORITHM
;
283 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
284 hash
, hv_len
, ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
285 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
293 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
294 unsigned char *cpoint
, size_t cpoint_len
)
299 curve
= ctx
->eng
.ecdhe_curve
;
302 * Finalise the key exchange.
304 x
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
305 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
306 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
313 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
318 static const uint8_t t0_datablock
[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
334 static const uint8_t t0_codeblock
[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
352 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
354 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
357 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
360 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, flags
)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
371 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
374 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
379 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
381 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
383 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
385 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
390 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
393 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x24, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x1B, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0D, 0x06,
418 0x06, 0x01, 0x00, 0x81, 0x01, 0x04, 0x0A, 0x24, 0x16, 0x2F, 0x06, 0x05,
419 0x81, 0x25, 0x21, 0x04, 0x77, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0x44,
420 0x01, 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02,
421 0x00, 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01,
422 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03,
423 0x21, 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x15, 0x01, 0x01, 0x31,
424 0x0E, 0x06, 0x09, 0x21, 0x01, 0x00, 0x58, 0x38, 0x46, 0x00, 0x04, 0x06,
425 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28, 0x06,
426 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01, 0x01,
427 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14, 0x0D,
428 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12, 0x22,
429 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F, 0x21,
430 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23, 0x22,
431 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12, 0x01,
432 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00, 0x5B,
433 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20, 0x0F,
434 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E, 0x17,
435 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00,
436 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03, 0x05,
437 0x22, 0x06, 0x80, 0x57, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01, 0x06,
438 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x22,
439 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51, 0x23,
440 0x01, 0x7F, 0x03, 0x02, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03, 0x21, 0x04,
441 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B, 0x5D, 0x08,
442 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02, 0x04, 0x10,
443 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02, 0x05, 0x01,
444 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x25, 0x21, 0x01, 0x00, 0x03, 0x07,
445 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05, 0x04, 0x01,
446 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38, 0x01, 0x88,
447 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37, 0x22, 0x06,
448 0x80, 0x58, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x4F, 0x81, 0x17,
449 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04, 0x3F, 0x01,
450 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x34, 0x01, 0x83,
451 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04, 0x27, 0x01,
452 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x1C, 0x01, 0x0A,
453 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x11, 0x01, 0x0B, 0x31,
454 0x0E, 0x06, 0x05, 0x21, 0x81, 0x14, 0x04, 0x06, 0x21, 0x81, 0x14, 0x01,
455 0x00, 0x21, 0x04, 0xFF, 0x2D, 0x7D, 0x7D, 0x02, 0x01, 0x02, 0x03, 0x12,
456 0x03, 0x01, 0x77, 0x25, 0x22, 0x02, 0x00, 0x0F, 0x06, 0x03, 0x21, 0x02,
457 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06, 0x02, 0x52, 0x23, 0x02, 0x00,
458 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80, 0x46, 0x81, 0x03, 0x02, 0x01,
459 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C, 0x06, 0x05, 0x21, 0x75, 0x25,
460 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22, 0x75, 0x36, 0x22, 0x76, 0x36,
461 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10, 0x03, 0x08, 0x02, 0x02, 0x06,
462 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07, 0x05, 0x04, 0x01, 0x28, 0x81,
463 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07, 0x64, 0x25, 0x12, 0x22, 0x64,
464 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39, 0x12, 0x22, 0x60, 0x37, 0x05,
465 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00,
466 0x6F, 0x01, 0x20, 0x2B, 0x5D, 0x22, 0x03, 0x05, 0x22, 0x02, 0x04, 0x0A,
467 0x06, 0x80, 0x47, 0x22, 0x25, 0x22, 0x7C, 0x02, 0x09, 0x05, 0x13, 0x22,
468 0x01, 0x0C, 0x11, 0x22, 0x01, 0x01, 0x0E, 0x3B, 0x01, 0x02, 0x0E, 0x30,
469 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x02, 0x08, 0x05, 0x0E, 0x22, 0x01,
470 0x81, 0x70, 0x12, 0x01, 0x20, 0x0D, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22,
471 0x22, 0x06, 0x10, 0x02, 0x05, 0x4A, 0x36, 0x02, 0x05, 0x36, 0x02, 0x05,
472 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x4B, 0x01, 0x04, 0x08, 0x04,
473 0xFF, 0x32, 0x21, 0x02, 0x05, 0x5D, 0x09, 0x01, 0x02, 0x11, 0x22, 0x05,
474 0x04, 0x01, 0x28, 0x81, 0x03, 0x5E, 0x38, 0x15, 0x05, 0x04, 0x01, 0x28,
475 0x81, 0x03, 0x01, 0x00, 0x00, 0x04, 0x81, 0x12, 0x01, 0x10, 0x0E, 0x05,
476 0x02, 0x56, 0x23, 0x5A, 0x25, 0x81, 0x24, 0x06, 0x19, 0x81, 0x17, 0x22,
477 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x53, 0x23, 0x22, 0x03, 0x00, 0x67,
478 0x3B, 0x81, 0x0E, 0x02, 0x00, 0x5A, 0x25, 0x81, 0x07, 0x20, 0x5A, 0x25,
479 0x22, 0x81, 0x22, 0x3B, 0x81, 0x21, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01,
480 0x02, 0x02, 0x30, 0x06, 0x17, 0x81, 0x19, 0x22, 0x03, 0x03, 0x67, 0x3B,
481 0x81, 0x0E, 0x02, 0x03, 0x5A, 0x25, 0x81, 0x07, 0x02, 0x02, 0x06, 0x03,
482 0x1F, 0x04, 0x01, 0x1D, 0x7D, 0x00, 0x00, 0x7E, 0x81, 0x12, 0x01, 0x14,
483 0x0D, 0x06, 0x02, 0x56, 0x23, 0x67, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x81,
484 0x0E, 0x7D, 0x67, 0x22, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x29, 0x05, 0x02,
485 0x4D, 0x23, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x7A, 0x02,
486 0x01, 0x02, 0x00, 0x32, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00,
487 0x81, 0x27, 0x04, 0x73, 0x00, 0x81, 0x17, 0x01, 0x01, 0x0D, 0x06, 0x02,
488 0x4E, 0x23, 0x81, 0x19, 0x22, 0x22, 0x46, 0x3B, 0x01, 0x05, 0x10, 0x30,
489 0x06, 0x02, 0x4E, 0x23, 0x01, 0x08, 0x08, 0x22, 0x66, 0x27, 0x0A, 0x06,
490 0x0D, 0x22, 0x01, 0x01, 0x3B, 0x0B, 0x35, 0x22, 0x66, 0x38, 0x68, 0x38,
491 0x04, 0x01, 0x21, 0x00, 0x00, 0x81, 0x17, 0x6B, 0x27, 0x01, 0x00, 0x31,
492 0x0E, 0x06, 0x14, 0x21, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81,
493 0x19, 0x06, 0x02, 0x51, 0x23, 0x01, 0x02, 0x6B, 0x38, 0x04, 0x2A, 0x01,
494 0x02, 0x31, 0x0E, 0x06, 0x21, 0x21, 0x01, 0x0D, 0x0E, 0x05, 0x02, 0x51,
495 0x23, 0x81, 0x19, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x67, 0x01,
496 0x0C, 0x81, 0x0E, 0x6C, 0x67, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x51, 0x23,
497 0x04, 0x03, 0x51, 0x23, 0x21, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81,
498 0x17, 0x81, 0x06, 0x22, 0x06, 0x22, 0x81, 0x19, 0x06, 0x04, 0x81, 0x14,
499 0x04, 0x18, 0x81, 0x17, 0x22, 0x01, 0x81, 0x7F, 0x0C, 0x06, 0x0D, 0x22,
500 0x6D, 0x08, 0x01, 0x00, 0x3B, 0x38, 0x6D, 0x3B, 0x81, 0x0E, 0x04, 0x02,
501 0x81, 0x1F, 0x04, 0x5B, 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x13, 0x22, 0x46,
502 0x06, 0x07, 0x21, 0x06, 0x02, 0x4F, 0x23, 0x04, 0x73, 0x00, 0x00, 0x81,
503 0x1A, 0x01, 0x03, 0x81, 0x18, 0x3B, 0x21, 0x3B, 0x00, 0x00, 0x81, 0x17,
504 0x81, 0x1F, 0x00, 0x02, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x64, 0x36,
505 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x34, 0x81, 0x19, 0x03, 0x00, 0x81,
506 0x19, 0x03, 0x01, 0x02, 0x00, 0x01, 0x02, 0x10, 0x02, 0x00, 0x01, 0x06,
507 0x0C, 0x12, 0x02, 0x01, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x03, 0x0E,
508 0x30, 0x12, 0x06, 0x11, 0x64, 0x25, 0x01, 0x01, 0x02, 0x01, 0x49, 0x01,
509 0x02, 0x0B, 0x02, 0x00, 0x08, 0x0B, 0x30, 0x64, 0x36, 0x04, 0x49, 0x7D,
510 0x7D, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x01,
511 0x00, 0x60, 0x37, 0x22, 0x06, 0x16, 0x81, 0x17, 0x22, 0x01, 0x20, 0x0A,
512 0x06, 0x0B, 0x01, 0x01, 0x3B, 0x0B, 0x60, 0x26, 0x30, 0x60, 0x37, 0x04,
513 0x01, 0x21, 0x04, 0x67, 0x7D, 0x7D, 0x00, 0x00, 0x01, 0x02, 0x7A, 0x81,
514 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x03, 0x7A,
515 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x01, 0x08, 0x0B, 0x81,
516 0x1A, 0x08, 0x00, 0x00, 0x01, 0x01, 0x7A, 0x81, 0x1A, 0x00, 0x00, 0x33,
517 0x22, 0x44, 0x05, 0x01, 0x00, 0x21, 0x81, 0x27, 0x04, 0x75, 0x02, 0x03,
518 0x00, 0x74, 0x27, 0x03, 0x01, 0x01, 0x00, 0x22, 0x02, 0x01, 0x0A, 0x06,
519 0x10, 0x22, 0x01, 0x01, 0x0B, 0x73, 0x08, 0x25, 0x02, 0x00, 0x0E, 0x06,
520 0x01, 0x00, 0x48, 0x04, 0x6A, 0x21, 0x01, 0x7F, 0x00, 0x00, 0x24, 0x16,
521 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x16, 0x6A, 0x38,
522 0x01, 0x00, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x24, 0x01, 0x17, 0x6A,
523 0x38, 0x00, 0x00, 0x01, 0x15, 0x6A, 0x38, 0x3B, 0x43, 0x21, 0x43, 0x21,
524 0x24, 0x00, 0x00, 0x01, 0x01, 0x3B, 0x81, 0x1D, 0x00, 0x00, 0x3B, 0x31,
525 0x7A, 0x3B, 0x22, 0x06, 0x06, 0x81, 0x1A, 0x21, 0x49, 0x04, 0x77, 0x21,
526 0x00, 0x02, 0x03, 0x00, 0x5A, 0x25, 0x7C, 0x03, 0x01, 0x02, 0x01, 0x01,
527 0x0F, 0x12, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x12, 0x02, 0x01,
528 0x01, 0x08, 0x11, 0x01, 0x0F, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x10,
529 0x21, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01,
530 0x3F, 0x04, 0x80, 0x56, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01,
531 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04,
532 0x80, 0x40, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0F, 0x21, 0x01, 0x01, 0x01,
533 0x20, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x2B, 0x01,
534 0x03, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01, 0x10, 0x02, 0x00, 0x06,
535 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x17, 0x01, 0x04, 0x31, 0x0E, 0x06,
536 0x0E, 0x21, 0x21, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01,
537 0x3D, 0x04, 0x03, 0x50, 0x23, 0x21, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11,
538 0x01, 0x02, 0x0F, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x22, 0x47, 0x3B,
539 0x01, 0x03, 0x0A, 0x12, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x01,
540 0x0E, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x46, 0x00, 0x00, 0x18, 0x01,
541 0x00, 0x57, 0x27, 0x22, 0x06, 0x20, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x07,
542 0x21, 0x01, 0x00, 0x81, 0x00, 0x04, 0x11, 0x01, 0x02, 0x31, 0x0E, 0x06,
543 0x0A, 0x21, 0x59, 0x27, 0x06, 0x03, 0x01, 0x10, 0x30, 0x04, 0x01, 0x21,
544 0x04, 0x01, 0x21, 0x5F, 0x27, 0x05, 0x35, 0x28, 0x06, 0x32, 0x69, 0x27,
545 0x01, 0x14, 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01, 0x02, 0x30, 0x04, 0x24,
546 0x01, 0x15, 0x31, 0x0E, 0x06, 0x0B, 0x21, 0x81, 0x09, 0x06, 0x04, 0x01,
547 0x7F, 0x81, 0x00, 0x04, 0x13, 0x01, 0x16, 0x31, 0x0E, 0x06, 0x06, 0x21,
548 0x01, 0x01, 0x30, 0x04, 0x07, 0x21, 0x01, 0x04, 0x30, 0x01, 0x00, 0x21,
549 0x16, 0x06, 0x03, 0x01, 0x08, 0x30, 0x00, 0x00, 0x18, 0x22, 0x05, 0x10,
550 0x28, 0x06, 0x0D, 0x69, 0x27, 0x01, 0x15, 0x0E, 0x06, 0x05, 0x21, 0x81,
551 0x09, 0x04, 0x01, 0x1C, 0x00, 0x00, 0x81, 0x25, 0x01, 0x07, 0x12, 0x01,
552 0x01, 0x0F, 0x06, 0x02, 0x56, 0x23, 0x00, 0x01, 0x03, 0x00, 0x24, 0x16,
553 0x06, 0x05, 0x02, 0x00, 0x6A, 0x38, 0x00, 0x81, 0x25, 0x21, 0x04, 0x73,
554 0x00, 0x01, 0x14, 0x81, 0x28, 0x01, 0x01, 0x81, 0x33, 0x24, 0x22, 0x01,
555 0x00, 0x81, 0x20, 0x01, 0x16, 0x81, 0x28, 0x81, 0x2B, 0x24, 0x00, 0x00,
556 0x01, 0x0B, 0x81, 0x33, 0x40, 0x22, 0x01, 0x03, 0x08, 0x81, 0x32, 0x81,
557 0x32, 0x13, 0x22, 0x44, 0x06, 0x02, 0x21, 0x00, 0x81, 0x32, 0x1A, 0x22,
558 0x06, 0x06, 0x67, 0x3B, 0x81, 0x2F, 0x04, 0x76, 0x21, 0x04, 0x6A, 0x00,
559 0x7E, 0x01, 0x14, 0x81, 0x33, 0x01, 0x0C, 0x81, 0x32, 0x67, 0x01, 0x0C,
560 0x81, 0x2F, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02, 0x81, 0x33, 0x01, 0x80,
561 0x46, 0x6B, 0x27, 0x01, 0x02, 0x0E, 0x06, 0x0C, 0x02, 0x00, 0x06, 0x04,
562 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03, 0x01,
563 0x68, 0x27, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03, 0x02,
564 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08,
565 0x81, 0x32, 0x75, 0x25, 0x81, 0x31, 0x6E, 0x01, 0x04, 0x14, 0x6E, 0x01,
566 0x04, 0x08, 0x01, 0x1C, 0x2B, 0x6E, 0x01, 0x20, 0x81, 0x2F, 0x01, 0x20,
567 0x81, 0x33, 0x6F, 0x01, 0x20, 0x81, 0x2F, 0x5A, 0x25, 0x81, 0x31, 0x01,
568 0x00, 0x81, 0x33, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x30, 0x81,
569 0x31, 0x02, 0x01, 0x22, 0x06, 0x13, 0x01, 0x83, 0xFE, 0x01, 0x81, 0x31,
570 0x01, 0x04, 0x09, 0x22, 0x81, 0x31, 0x49, 0x6C, 0x3B, 0x81, 0x30, 0x04,
571 0x01, 0x21, 0x02, 0x02, 0x06, 0x0F, 0x01, 0x01, 0x81, 0x31, 0x01, 0x01,
572 0x81, 0x31, 0x68, 0x27, 0x01, 0x08, 0x09, 0x81, 0x33, 0x04, 0x01, 0x21,
573 0x00, 0x00, 0x01, 0x0E, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x00, 0x03,
574 0x5A, 0x25, 0x81, 0x22, 0x05, 0x01, 0x00, 0x60, 0x26, 0x01, 0x00, 0x81,
575 0x02, 0x11, 0x01, 0x01, 0x12, 0x46, 0x06, 0x03, 0x48, 0x04, 0x74, 0x03,
576 0x00, 0x21, 0x02, 0x00, 0x1E, 0x22, 0x44, 0x06, 0x02, 0x2E, 0x23, 0x03,
577 0x01, 0x75, 0x25, 0x01, 0x86, 0x03, 0x10, 0x03, 0x02, 0x01, 0x0C, 0x81,
578 0x33, 0x02, 0x01, 0x62, 0x27, 0x08, 0x02, 0x02, 0x01, 0x02, 0x12, 0x08,
579 0x01, 0x06, 0x08, 0x81, 0x32, 0x01, 0x03, 0x81, 0x33, 0x02, 0x00, 0x81,
580 0x31, 0x61, 0x62, 0x27, 0x81, 0x30, 0x02, 0x02, 0x06, 0x10, 0x72, 0x27,
581 0x81, 0x33, 0x5A, 0x25, 0x81, 0x23, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08,
582 0x81, 0x33, 0x02, 0x01, 0x81, 0x31, 0x67, 0x02, 0x01, 0x81, 0x2F, 0x00,
583 0x00, 0x42, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81, 0x25,
584 0x21, 0x04, 0x72, 0x00, 0x22, 0x81, 0x33, 0x81, 0x2F, 0x00, 0x00, 0x22,
585 0x01, 0x08, 0x41, 0x81, 0x33, 0x81, 0x33, 0x00, 0x00, 0x22, 0x01, 0x10,
586 0x41, 0x81, 0x33, 0x81, 0x31, 0x00, 0x00, 0x22, 0x43, 0x06, 0x02, 0x21,
587 0x00, 0x81, 0x25, 0x21, 0x04, 0x75
590 static const uint16_t t0_caddr
[] = {
705 #define T0_INTERPRETED 68
707 #define T0_ENTER(ip, rp, slot) do { \
708 const unsigned char *t0_newip; \
710 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
711 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
713 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
717 #define T0_DEFENTRY(name, slot) \
721 t0_context *t0ctx = ctx; \
722 t0ctx->ip = &t0_codeblock[0]; \
723 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
726 T0_DEFENTRY(br_ssl_hs_server_init_main
, 133)
729 br_ssl_hs_server_run(void *t0ctx
)
732 const unsigned char *ip
;
734 #define T0_LOCAL(x) (*(rp - 2 - (x)))
735 #define T0_POP() (*-- dp)
736 #define T0_POPi() (*(int32_t *)(-- dp))
737 #define T0_PEEK(x) (*(dp - 1 - (x)))
738 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
739 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
740 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
741 #define T0_RPOP() (*-- rp)
742 #define T0_RPOPi() (*(int32_t *)(-- rp))
743 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
744 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
745 #define T0_ROLL(x) do { \
746 size_t t0len = (size_t)(x); \
747 uint32_t t0tmp = *(dp - 1 - t0len); \
748 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
751 #define T0_SWAP() do { \
752 uint32_t t0tmp = *(dp - 2); \
753 *(dp - 2) = *(dp - 1); \
756 #define T0_ROT() do { \
757 uint32_t t0tmp = *(dp - 3); \
758 *(dp - 3) = *(dp - 2); \
759 *(dp - 2) = *(dp - 1); \
762 #define T0_NROT() do { \
763 uint32_t t0tmp = *(dp - 1); \
764 *(dp - 1) = *(dp - 2); \
765 *(dp - 2) = *(dp - 3); \
768 #define T0_PICK(x) do { \
769 uint32_t t0depth = (x); \
770 T0_PUSH(T0_PEEK(t0depth)); \
772 #define T0_CO() do { \
775 #define T0_RET() break
777 dp
= ((t0_context
*)t0ctx
)->dp
;
778 rp
= ((t0_context
*)t0ctx
)->rp
;
779 ip
= ((t0_context
*)t0ctx
)->ip
;
783 t0x
= t0_parse7E_unsigned(&ip
);
784 if (t0x
< T0_INTERPRETED
) {
796 ip
= &t0_codeblock
[t0x
];
798 case 1: /* literal constant */
799 T0_PUSHi(t0_parse7E_signed(&ip
));
801 case 2: /* read local */
802 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
804 case 3: /* write local */
805 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
808 t0off
= t0_parse7E_signed(&ip
);
811 case 5: /* jump if */
812 t0off
= t0_parse7E_signed(&ip
);
817 case 6: /* jump if not */
818 t0off
= t0_parse7E_signed(&ip
);
826 uint32_t b
= T0_POP();
827 uint32_t a
= T0_POP();
835 uint32_t b
= T0_POP();
836 uint32_t a
= T0_POP();
844 uint32_t b
= T0_POP();
845 uint32_t a
= T0_POP();
853 int32_t b
= T0_POPi();
854 int32_t a
= T0_POPi();
855 T0_PUSH(-(uint32_t)(a
< b
));
862 int c
= (int)T0_POPi();
863 uint32_t x
= T0_POP();
871 int32_t b
= T0_POPi();
872 int32_t a
= T0_POPi();
873 T0_PUSH(-(uint32_t)(a
<= b
));
880 uint32_t b
= T0_POP();
881 uint32_t a
= T0_POP();
882 T0_PUSH(-(uint32_t)(a
!= b
));
889 uint32_t b
= T0_POP();
890 uint32_t a
= T0_POP();
891 T0_PUSH(-(uint32_t)(a
== b
));
898 int32_t b
= T0_POPi();
899 int32_t a
= T0_POPi();
900 T0_PUSH(-(uint32_t)(a
> b
));
907 int32_t b
= T0_POPi();
908 int32_t a
= T0_POPi();
909 T0_PUSH(-(uint32_t)(a
>= b
));
916 int c
= (int)T0_POPi();
917 int32_t x
= T0_POPi();
925 uint32_t b
= T0_POP();
926 uint32_t a
= T0_POP();
934 if (CTX
->chain_len
== 0) {
937 CTX
->cert_cur
= CTX
->chain
->data
;
938 CTX
->cert_len
= CTX
->chain
->data_len
;
941 T0_PUSH(CTX
->cert_len
);
949 size_t len
= (size_t)T0_POP();
950 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
951 memset(addr
, 0, len
);
956 /* call-policy-handler */
959 br_ssl_server_choices choices
;
961 x
= (*CTX
->policy_vtable
)->choose(
962 CTX
->policy_vtable
, CTX
, &choices
);
963 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
964 CTX
->sign_hash_id
= choices
.hash_id
;
965 CTX
->chain
= choices
.chain
;
966 CTX
->chain_len
= choices
.chain_len
;
974 T0_PUSHi(-(ENG
->hlen_out
> 0));
981 if (ENG
->session
.session_id_len
== 32
982 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
983 CTX
->cache_vtable
, CTX
, &ENG
->session
))
998 /* compute-Finished-inner */
1000 int prf_id
= T0_POP();
1001 int from_client
= T0_POPi();
1002 unsigned char seed
[48];
1005 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1006 if (ENG
->session
.version
>= BR_TLS12
) {
1007 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1009 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1010 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1013 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1014 sizeof ENG
->session
.master_secret
,
1015 from_client
? "client finished" : "server finished",
1021 /* copy-cert-chunk */
1025 clen
= CTX
->cert_len
;
1026 if (clen
> sizeof ENG
->pad
) {
1027 clen
= sizeof ENG
->pad
;
1029 memcpy(ENG
->pad
, CTX
->cert_cur
, clen
);
1030 CTX
->cert_cur
+= clen
;
1031 CTX
->cert_len
-= clen
;
1039 size_t addr
= T0_POP();
1040 T0_PUSH(t0_datablock
[addr
]);
1054 int prf_id
= T0_POPi();
1055 size_t len
= T0_POP();
1056 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1061 /* do-ecdhe-part1 */
1063 int curve
= T0_POPi();
1064 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1069 /* do-ecdhe-part2 */
1071 int prf_id
= T0_POPi();
1072 size_t len
= T0_POP();
1073 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1078 /* do-rsa-decrypt */
1080 int prf_id
= T0_POPi();
1081 size_t len
= T0_POP();
1082 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1093 T0_PUSH(T0_PEEK(0));
1099 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1107 br_ssl_engine_flush_record(ENG
);
1114 size_t addr
= (size_t)T0_POP();
1115 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1122 size_t addr
= (size_t)T0_POP();
1123 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1130 size_t addr
= (size_t)T0_POP();
1131 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1138 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1145 size_t len
= (size_t)T0_POP();
1146 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1147 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1148 int x
= memcmp(addr1
, addr2
, len
);
1149 T0_PUSH((uint32_t)-(x
== 0));
1156 size_t len
= (size_t)T0_POP();
1157 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1158 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1159 memcpy(dst
, src
, len
);
1166 size_t len
= (size_t)T0_POP();
1167 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1168 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1173 /* more-incoming-bytes? */
1175 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1180 /* multihash-init */
1182 br_multihash_init(&ENG
->mhash
);
1189 uint32_t a
= T0_POP();
1197 uint32_t a
= T0_POP();
1205 uint32_t b
= T0_POP();
1206 uint32_t a
= T0_POP();
1213 T0_PUSH(T0_PEEK(1));
1217 /* read-chunk-native */
1219 size_t clen
= ENG
->hlen_in
;
1225 if ((size_t)len
< clen
) {
1228 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1229 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1230 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1232 T0_PUSH(addr
+ (uint32_t)clen
);
1233 T0_PUSH(len
- (uint32_t)clen
);
1234 ENG
->hbuf_in
+= clen
;
1235 ENG
->hlen_in
-= clen
;
1243 if (ENG
->hlen_in
> 0) {
1246 x
= *ENG
->hbuf_in
++;
1247 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1248 br_multihash_update(&ENG
->mhash
, &x
, 1);
1261 if (CTX
->cache_vtable
!= NULL
) {
1262 (*CTX
->cache_vtable
)->save(
1263 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1269 /* set-max-frag-len */
1271 size_t max_frag_len
= T0_POP();
1273 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1276 * We must adjust our own output limit. Since we call this only
1277 * after receiving a ClientHello and before beginning to send
1278 * the ServerHello, the next output record should be empty at
1279 * that point, so we can use max_frag_len as a limit.
1281 if (ENG
->hlen_out
> max_frag_len
) {
1282 ENG
->hlen_out
= max_frag_len
;
1290 size_t addr
= (size_t)T0_POP();
1291 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1298 size_t addr
= (size_t)T0_POP();
1299 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1306 size_t addr
= (size_t)T0_POP();
1307 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1312 /* supported-curves */
1314 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1320 /* supported-hash-functions */
1327 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1328 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1344 /* switch-aesgcm-in */
1346 int is_client
, prf_id
;
1347 unsigned cipher_key_len
;
1349 cipher_key_len
= T0_POP();
1351 is_client
= T0_POP();
1352 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1353 ENG
->iaes_ctr
, cipher_key_len
);
1358 /* switch-aesgcm-out */
1360 int is_client
, prf_id
;
1361 unsigned cipher_key_len
;
1363 cipher_key_len
= T0_POP();
1365 is_client
= T0_POP();
1366 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1367 ENG
->iaes_ctr
, cipher_key_len
);
1374 int is_client
, prf_id
, mac_id
, aes
;
1375 unsigned cipher_key_len
;
1377 cipher_key_len
= T0_POP();
1381 is_client
= T0_POP();
1382 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1383 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1388 /* switch-cbc-out */
1390 int is_client
, prf_id
, mac_id
, aes
;
1391 unsigned cipher_key_len
;
1393 cipher_key_len
= T0_POP();
1397 is_client
= T0_POP();
1398 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1399 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1404 /* total-chain-length */
1410 for (u
= 0; u
< CTX
->chain_len
; u
++) {
1411 total
+= 3 + (uint32_t)CTX
->chain
[u
].data_len
;
1420 int c
= (int)T0_POPi();
1421 uint32_t x
= T0_POP();
1427 /* write-blob-chunk */
1429 size_t clen
= ENG
->hlen_out
;
1435 if ((size_t)len
< clen
) {
1438 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1439 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1440 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1442 T0_PUSH(addr
+ (uint32_t)clen
);
1443 T0_PUSH(len
- (uint32_t)clen
);
1444 ENG
->hbuf_out
+= clen
;
1445 ENG
->hlen_out
-= clen
;
1455 x
= (unsigned char)T0_POP();
1456 if (ENG
->hlen_out
> 0) {
1457 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1458 br_multihash_update(&ENG
->mhash
, &x
, 1);
1460 *ENG
->hbuf_out
++ = x
;
1472 T0_ENTER(ip
, rp
, t0x
);
1476 ((t0_context
*)t0ctx
)->dp
= dp
;
1477 ((t0_context
*)t0ctx
)->rp
= rp
;
1478 ((t0_context
*)t0ctx
)->ip
= ip
;