projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix: make static ECDH selectable with the br_ssl_client_set_single_ec() helper function.
[BearSSL] / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
204 * use_rsa non-zero for RSA signature, zero for ECDSA
205 * sig_len signature length (in bytes); signature value is in the pad
206 * Returned value is 0 on success, or an error code.
207 */
208 static int
209 verify_SKE_sig(br_ssl_client_context *ctx,
210 int hash, int use_rsa, size_t sig_len)
211 {
212 const br_x509_class **xc;
213 const br_x509_pkey *pk;
214 br_multihash_context mhc;
215 unsigned char hv[64], head[4];
216 size_t hv_len;
217
218 xc = ctx->eng.x509ctx;
219 pk = (*xc)->get_pkey(xc);
220 br_multihash_zero(&mhc);
221 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
222 br_multihash_init(&mhc);
223 br_multihash_update(&mhc,
224 ctx->eng.client_random, sizeof ctx->eng.client_random);
225 br_multihash_update(&mhc,
226 ctx->eng.server_random, sizeof ctx->eng.server_random);
227 head[0] = 3;
228 head[1] = 0;
229 head[2] = ctx->eng.ecdhe_curve;
230 head[3] = ctx->eng.ecdhe_point_len;
231 br_multihash_update(&mhc, head, sizeof head);
232 br_multihash_update(&mhc,
233 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
234 if (hash) {
235 hv_len = br_multihash_out(&mhc, hash, hv);
236 if (hv_len == 0) {
237 return BR_ERR_INVALID_ALGORITHM;
238 }
239 } else {
240 if (!br_multihash_out(&mhc, br_md5_ID, hv)
241 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
242 {
243 return BR_ERR_INVALID_ALGORITHM;
244 }
245 hv_len = 36;
246 }
247 if (use_rsa) {
248 unsigned char tmp[64];
249 const unsigned char *hash_oid;
250
251 if (hash) {
252 hash_oid = HASH_OID[hash - 2];
253 } else {
254 hash_oid = NULL;
255 }
256 if (!ctx->irsavrfy(ctx->eng.pad, sig_len,
257 hash_oid, hv_len, &pk->key.rsa, tmp)
258 || memcmp(tmp, hv, hv_len) != 0)
259 {
260 return BR_ERR_BAD_SIGNATURE;
261 }
262 } else {
263 if (!ctx->iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
264 ctx->eng.pad, sig_len))
265 {
266 return BR_ERR_BAD_SIGNATURE;
267 }
268 }
269 return 0;
270 }
271
272 /*
273 * Perform client-size ECDH (or ECDHE). The point that should be sent to
274 * the server is written in the pad; returned value is either the point
275 * length (in bytes), or -x on error, with 'x' being an error code.
276 *
277 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
278 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
279 * (for static ECDH).
280 */
281 static int
282 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
283 {
284 int curve;
285 unsigned char key[66], point[133];
286 const unsigned char *generator, *order, *point_src;
287 size_t glen, olen, point_len;
288 unsigned char mask;
289
290 if (ecdhe) {
291 curve = ctx->eng.ecdhe_curve;
292 point_src = ctx->eng.ecdhe_point;
293 point_len = ctx->eng.ecdhe_point_len;
294 } else {
295 const br_x509_class **xc;
296 const br_x509_pkey *pk;
297
298 xc = ctx->eng.x509ctx;
299 pk = (*xc)->get_pkey(xc);
300 curve = pk->key.ec.curve;
301 point_src = pk->key.ec.q;
302 point_len = pk->key.ec.qlen;
303 }
304 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
305 return -BR_ERR_INVALID_ALGORITHM;
306 }
307
308 /*
309 * We need to generate our key, as a non-zero random value which
310 * is lower than the curve order, in a "large enough" range. We
311 * force top bit to 0 and bottom bit to 1, which guarantees that
312 * the value is in the proper range.
313 */
314 order = ctx->eng.iec->order(curve, &olen);
315 mask = 0xFF;
316 while (mask >= order[0]) {
317 mask >>= 1;
318 }
319 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
320 key[0] &= mask;
321 key[olen - 1] |= 0x01;
322
323 /*
324 * Compute the common ECDH point, whose X coordinate is the
325 * pre-master secret.
326 */
327 generator = ctx->eng.iec->generator(curve, &glen);
328 if (glen != point_len) {
329 return -BR_ERR_INVALID_ALGORITHM;
330 }
331
332 memcpy(point, point_src, glen);
333 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
334 return -BR_ERR_INVALID_ALGORITHM;
335 }
336
337 /*
338 * The pre-master secret is the X coordinate.
339 */
340 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
341
342 memcpy(point, generator, glen);
343 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
344 return -BR_ERR_INVALID_ALGORITHM;
345 }
346 memcpy(ctx->eng.pad, point, glen);
347 return (int)glen;
348 }
349
350
351
352 static const uint8_t t0_datablock[] = {
353 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
354 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
355 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
356 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
357 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
358 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
359 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
360 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
361 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
362 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
363 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
364 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
365 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
366 };
367
368 static const uint8_t t0_codeblock[] = {
369 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0C, 0x00, 0x00, 0x01,
370 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01, 0x01, 0x08,
371 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
372 0x01, 0x02, 0x09, 0x00, 0x00, 0x1A, 0x1A, 0x00, 0x00, 0x01,
373 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
374 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
375 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
376 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
377 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
378 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
379 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
380 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
381 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
382 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
383 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
384 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
385 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
386 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
387 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
388 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
389 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
391 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
392 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
393 0x01,
394 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
395 0x00, 0x00, 0x01,
396 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
397 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
398 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
399 0x00, 0x00, 0x01,
400 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
401 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
402 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
403 0x00, 0x00, 0x01,
404 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
405 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
406 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00,
407 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)),
408 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)),
409 0x00, 0x00, 0x01,
410 T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00, 0x00,
411 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)), 0x00,
412 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_random)),
413 0x00, 0x00, 0x01,
414 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
415 0x00, 0x00, 0x01,
416 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
417 0x00, 0x00, 0x01,
418 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
419 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
420 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
421 0x01,
422 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
423 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
424 0x00, 0x00, 0x01,
425 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
426 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
427 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
428 0x00, 0x00, 0x09, 0x1B, 0x40, 0x06, 0x02, 0x50, 0x1C, 0x00, 0x00, 0x06,
429 0x08, 0x1E, 0x0D, 0x05, 0x02, 0x59, 0x1C, 0x04, 0x01, 0x2B, 0x00, 0x00,
430 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x7A, 0x1B, 0x46, 0x32, 0x7E, 0x1B,
431 0x05, 0x04, 0x48, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0D, 0x06, 0x02, 0x7E,
432 0x00, 0x46, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x1C, 0x00, 0x00, 0x1B,
433 0x6B, 0x32, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x32, 0x5F, 0x1E, 0x81, 0x0B,
434 0x15, 0x67, 0x01, 0x0C, 0x22, 0x00, 0x00, 0x1B, 0x16, 0x01, 0x08, 0x0B,
435 0x32, 0x44, 0x16, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x5E, 0x2C,
436 0x1D, 0x13, 0x26, 0x06, 0x08, 0x02, 0x00, 0x81, 0x2A, 0x03, 0x00, 0x04,
437 0x74, 0x01, 0x00, 0x81, 0x22, 0x02, 0x00, 0x1B, 0x13, 0x11, 0x06, 0x02,
438 0x57, 0x1C, 0x81, 0x2A, 0x04, 0x75, 0x01, 0x01, 0x00, 0x5E, 0x2C, 0x01,
439 0x16, 0x69, 0x2C, 0x25, 0x81, 0x2E, 0x1D, 0x81, 0x12, 0x06, 0x0B, 0x01,
440 0x7F, 0x81, 0x0E, 0x01, 0x7F, 0x81, 0x2D, 0x04, 0x80, 0x42, 0x81, 0x0F,
441 0x5F, 0x1E, 0x81, 0x02, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x11, 0x06,
442 0x02, 0x81, 0x13, 0x81, 0x16, 0x1B, 0x01, 0x0D, 0x0D, 0x06, 0x09, 0x1A,
443 0x81, 0x15, 0x81, 0x16, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00,
444 0x01, 0x0E, 0x0D, 0x05, 0x02, 0x5A, 0x1C, 0x06, 0x02, 0x4F, 0x1C, 0x24,
445 0x06, 0x02, 0x5A, 0x1C, 0x02, 0x00, 0x06, 0x02, 0x81, 0x34, 0x81, 0x2F,
446 0x01, 0x7F, 0x81, 0x2D, 0x01, 0x7F, 0x81, 0x0E, 0x01, 0x01, 0x5E, 0x2C,
447 0x01, 0x17, 0x69, 0x2C, 0x00, 0x00, 0x28, 0x28, 0x00, 0x00, 0x7B, 0x01,
448 0x0C, 0x10, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
449 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
450 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
451 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
452 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
453 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
454 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
455 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
456 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
457 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
458 0x32, 0x1A, 0x00, 0x00, 0x65, 0x1F, 0x01, 0x0E, 0x0D, 0x06, 0x04, 0x01,
459 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x2E, 0x06, 0x04, 0x01, 0x06,
460 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x6A, 0x1F, 0x1B, 0x06, 0x08, 0x01,
461 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x1A, 0x01, 0x05, 0x00, 0x01,
462 0x2F, 0x03, 0x00, 0x1A, 0x01, 0x00, 0x31, 0x06, 0x03, 0x02, 0x00, 0x08,
463 0x30, 0x06, 0x03, 0x02, 0x00, 0x08, 0x1B, 0x06, 0x06, 0x01, 0x01, 0x0B,
464 0x01, 0x06, 0x08, 0x00, 0x00, 0x6C, 0x2D, 0x1B, 0x06, 0x03, 0x01, 0x09,
465 0x08, 0x00, 0x01, 0x2E, 0x1B, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x1B,
466 0x06, 0x0E, 0x1B, 0x01, 0x01, 0x11, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
467 0x01, 0x10, 0x04, 0x6F, 0x1A, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
468 0x08, 0x00, 0x00, 0x81, 0x00, 0x81, 0x29, 0x1B, 0x01, 0x07, 0x11, 0x01,
469 0x00, 0x28, 0x0D, 0x06, 0x0A, 0x1A, 0x01, 0x10, 0x11, 0x06, 0x02, 0x81,
470 0x00, 0x04, 0x2D, 0x01, 0x01, 0x28, 0x0D, 0x06, 0x24, 0x1A, 0x1A, 0x01,
471 0x00, 0x5E, 0x2C, 0x81, 0x11, 0x6A, 0x1F, 0x01, 0x01, 0x0D, 0x06, 0x11,
472 0x1D, 0x13, 0x26, 0x06, 0x05, 0x81, 0x29, 0x1A, 0x04, 0x77, 0x01, 0x80,
473 0x64, 0x81, 0x22, 0x04, 0x02, 0x81, 0x00, 0x04, 0x03, 0x5A, 0x1C, 0x1A,
474 0x04, 0xFF, 0x3A, 0x01, 0x1B, 0x03, 0x00, 0x09, 0x1B, 0x40, 0x06, 0x02,
475 0x50, 0x1C, 0x02, 0x00, 0x00, 0x00, 0x7B, 0x01, 0x0F, 0x11, 0x00, 0x00,
476 0x5D, 0x1F, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x1B, 0x01, 0x01,
477 0x0C, 0x06, 0x03, 0x1A, 0x01, 0x02, 0x5D, 0x2C, 0x01, 0x00, 0x04, 0x16,
478 0x01, 0x01, 0x28, 0x0D, 0x06, 0x09, 0x1A, 0x01, 0x00, 0x5D, 0x2C, 0x42,
479 0x00, 0x04, 0x07, 0x1A, 0x01, 0x82, 0x00, 0x08, 0x1C, 0x1A, 0x00, 0x00,
480 0x01, 0x00, 0x20, 0x06, 0x06, 0x2A, 0x81, 0x0C, 0x27, 0x04, 0x77, 0x1B,
481 0x06, 0x04, 0x01, 0x01, 0x70, 0x2C, 0x00, 0x00, 0x20, 0x06, 0x0B, 0x68,
482 0x1F, 0x01, 0x14, 0x0C, 0x06, 0x02, 0x5A, 0x1C, 0x04, 0x12, 0x81, 0x29,
483 0x01, 0x07, 0x11, 0x1B, 0x01, 0x02, 0x0C, 0x06, 0x06, 0x06, 0x02, 0x5A,
484 0x1C, 0x04, 0x6F, 0x1A, 0x81, 0x1F, 0x01, 0x01, 0x0C, 0x24, 0x27, 0x06,
485 0x02, 0x49, 0x1C, 0x1B, 0x01, 0x01, 0x81, 0x25, 0x26, 0x81, 0x10, 0x00,
486 0x01, 0x81, 0x16, 0x01, 0x0B, 0x0D, 0x05, 0x02, 0x5A, 0x1C, 0x5F, 0x1E,
487 0x81, 0x02, 0x3F, 0x81, 0x1D, 0x81, 0x0A, 0x1B, 0x06, 0x26, 0x81, 0x1D,
488 0x81, 0x0A, 0x1B, 0x3E, 0x1B, 0x06, 0x19, 0x1B, 0x01, 0x82, 0x00, 0x0E,
489 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x1B, 0x03, 0x00, 0x67, 0x02,
490 0x00, 0x81, 0x14, 0x02, 0x00, 0x3B, 0x04, 0x64, 0x7C, 0x3C, 0x04, 0x57,
491 0x7C, 0x7C, 0x3D, 0x1B, 0x06, 0x01, 0x1C, 0x1A, 0x00, 0x00, 0x7D, 0x81,
492 0x16, 0x01, 0x14, 0x0C, 0x06, 0x02, 0x5A, 0x1C, 0x67, 0x01, 0x0C, 0x08,
493 0x01, 0x0C, 0x81, 0x14, 0x7C, 0x67, 0x1B, 0x01, 0x0C, 0x08, 0x01, 0x0C,
494 0x21, 0x05, 0x02, 0x4C, 0x1C, 0x00, 0x00, 0x81, 0x17, 0x06, 0x02, 0x5A,
495 0x1C, 0x06, 0x02, 0x4E, 0x1C, 0x00, 0x09, 0x81, 0x16, 0x01, 0x02, 0x0D,
496 0x05, 0x02, 0x5A, 0x1C, 0x81, 0x1C, 0x03, 0x00, 0x02, 0x00, 0x76, 0x1E,
497 0x0A, 0x02, 0x00, 0x75, 0x1E, 0x0E, 0x27, 0x06, 0x02, 0x5B, 0x1C, 0x02,
498 0x00, 0x74, 0x1E, 0x0C, 0x06, 0x02, 0x53, 0x1C, 0x02, 0x00, 0x77, 0x2B,
499 0x6D, 0x01, 0x20, 0x81, 0x14, 0x01, 0x00, 0x03, 0x01, 0x81, 0x1E, 0x03,
500 0x02, 0x02, 0x02, 0x01, 0x20, 0x0E, 0x06, 0x02, 0x58, 0x1C, 0x67, 0x02,
501 0x02, 0x81, 0x14, 0x02, 0x02, 0x6F, 0x1F, 0x0D, 0x02, 0x02, 0x01, 0x00,
502 0x0E, 0x11, 0x06, 0x0B, 0x6E, 0x67, 0x02, 0x02, 0x21, 0x06, 0x04, 0x01,
503 0x7F, 0x03, 0x01, 0x6E, 0x67, 0x02, 0x02, 0x22, 0x02, 0x02, 0x6F, 0x2C,
504 0x02, 0x00, 0x73, 0x02, 0x01, 0x79, 0x81, 0x1C, 0x1B, 0x81, 0x20, 0x40,
505 0x06, 0x02, 0x4A, 0x1C, 0x5F, 0x02, 0x01, 0x79, 0x81, 0x1E, 0x06, 0x02,
506 0x4B, 0x1C, 0x1B, 0x06, 0x81, 0x3D, 0x81, 0x1C, 0x81, 0x0A, 0x81, 0x07,
507 0x03, 0x03, 0x81, 0x05, 0x03, 0x04, 0x81, 0x03, 0x03, 0x05, 0x81, 0x06,
508 0x03, 0x06, 0x81, 0x08, 0x03, 0x07, 0x81, 0x04, 0x03, 0x08, 0x1B, 0x06,
509 0x81, 0x0B, 0x81, 0x1C, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02,
510 0x03, 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x03, 0x81, 0x1B, 0x04,
511 0x80, 0x70, 0x01, 0x01, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x05, 0x05,
512 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x05, 0x81, 0x19, 0x04, 0x80, 0x5A,
513 0x01, 0x83, 0xFE, 0x01, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x04, 0x05,
514 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x04, 0x81, 0x1A, 0x04, 0x80, 0x42,
515 0x01, 0x0D, 0x28, 0x0D, 0x06, 0x0F, 0x1A, 0x02, 0x06, 0x05, 0x02, 0x54,
516 0x1C, 0x01, 0x00, 0x03, 0x06, 0x81, 0x18, 0x04, 0x2D, 0x01, 0x0A, 0x28,
517 0x0D, 0x06, 0x0F, 0x1A, 0x02, 0x07, 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00,
518 0x03, 0x07, 0x81, 0x18, 0x04, 0x18, 0x01, 0x0B, 0x28, 0x0D, 0x06, 0x0F,
519 0x1A, 0x02, 0x08, 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x08, 0x81,
520 0x18, 0x04, 0x03, 0x54, 0x1C, 0x1A, 0x04, 0xFE, 0x71, 0x02, 0x04, 0x06,
521 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0E, 0x06, 0x02, 0x51, 0x1C, 0x01, 0x01,
522 0x6A, 0x2C, 0x7C, 0x7C, 0x02, 0x01, 0x00, 0x04, 0x81, 0x16, 0x01, 0x0C,
523 0x0D, 0x05, 0x02, 0x5A, 0x1C, 0x81, 0x1E, 0x01, 0x03, 0x0D, 0x05, 0x02,
524 0x55, 0x1C, 0x81, 0x1C, 0x1B, 0x62, 0x2C, 0x1B, 0x01, 0x20, 0x0F, 0x06,
525 0x02, 0x55, 0x1C, 0x2E, 0x32, 0x10, 0x01, 0x01, 0x11, 0x05, 0x02, 0x55,
526 0x1C, 0x81, 0x1E, 0x1B, 0x01, 0x81, 0x05, 0x0E, 0x06, 0x02, 0x55, 0x1C,
527 0x1B, 0x64, 0x2C, 0x63, 0x32, 0x81, 0x14, 0x73, 0x1E, 0x01, 0x86, 0x03,
528 0x0F, 0x03, 0x00, 0x5F, 0x1E, 0x81, 0x27, 0x03, 0x01, 0x01, 0x02, 0x03,
529 0x02, 0x02, 0x00, 0x06, 0x23, 0x81, 0x1E, 0x1B, 0x1B, 0x01, 0x02, 0x0A,
530 0x32, 0x01, 0x06, 0x0E, 0x27, 0x06, 0x02, 0x55, 0x1C, 0x03, 0x02, 0x81,
531 0x1E, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0D, 0x05, 0x02,
532 0x55, 0x1C, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02,
533 0x81, 0x1C, 0x1B, 0x03, 0x03, 0x1B, 0x01, 0x84, 0x00, 0x0E, 0x06, 0x02,
534 0x56, 0x1C, 0x67, 0x32, 0x81, 0x14, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03,
535 0x38, 0x1B, 0x06, 0x01, 0x1C, 0x1A, 0x7C, 0x00, 0x02, 0x03, 0x00, 0x03,
536 0x01, 0x02, 0x00, 0x78, 0x02, 0x01, 0x02, 0x00, 0x29, 0x1B, 0x01, 0x00,
537 0x0D, 0x06, 0x02, 0x48, 0x00, 0x81, 0x2B, 0x04, 0x73, 0x00, 0x1B, 0x06,
538 0x05, 0x81, 0x1E, 0x1A, 0x04, 0x78, 0x1A, 0x00, 0x00, 0x81, 0x17, 0x1B,
539 0x42, 0x06, 0x07, 0x1A, 0x06, 0x02, 0x4E, 0x1C, 0x04, 0x73, 0x00, 0x00,
540 0x81, 0x1F, 0x01, 0x03, 0x81, 0x1D, 0x32, 0x1A, 0x32, 0x00, 0x00, 0x81,
541 0x1C, 0x81, 0x23, 0x00, 0x00, 0x81, 0x1C, 0x01, 0x01, 0x0D, 0x05, 0x02,
542 0x4D, 0x1C, 0x81, 0x1E, 0x01, 0x08, 0x08, 0x65, 0x1F, 0x0D, 0x05, 0x02,
543 0x4D, 0x1C, 0x00, 0x00, 0x81, 0x1C, 0x6A, 0x1F, 0x05, 0x16, 0x01, 0x01,
544 0x0D, 0x05, 0x02, 0x51, 0x1C, 0x81, 0x1E, 0x01, 0x00, 0x0D, 0x05, 0x02,
545 0x51, 0x1C, 0x01, 0x02, 0x6A, 0x2C, 0x04, 0x1E, 0x01, 0x19, 0x0D, 0x05,
546 0x02, 0x51, 0x1C, 0x81, 0x1E, 0x01, 0x18, 0x0D, 0x05, 0x02, 0x51, 0x1C,
547 0x67, 0x01, 0x18, 0x81, 0x14, 0x6B, 0x67, 0x01, 0x18, 0x21, 0x05, 0x02,
548 0x51, 0x1C, 0x00, 0x00, 0x81, 0x1C, 0x06, 0x02, 0x52, 0x1C, 0x00, 0x00,
549 0x01, 0x02, 0x78, 0x81, 0x1F, 0x01, 0x08, 0x0B, 0x81, 0x1F, 0x08, 0x00,
550 0x00, 0x01, 0x03, 0x78, 0x81, 0x1F, 0x01, 0x08, 0x0B, 0x81, 0x1F, 0x08,
551 0x01, 0x08, 0x0B, 0x81, 0x1F, 0x08, 0x00, 0x00, 0x01, 0x01, 0x78, 0x81,
552 0x1F, 0x00, 0x00, 0x2A, 0x1B, 0x40, 0x05, 0x01, 0x00, 0x1A, 0x81, 0x2B,
553 0x04, 0x75, 0x02, 0x03, 0x00, 0x72, 0x1F, 0x03, 0x01, 0x01, 0x00, 0x1B,
554 0x02, 0x01, 0x0A, 0x06, 0x10, 0x1B, 0x01, 0x01, 0x0B, 0x71, 0x08, 0x1E,
555 0x02, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x44, 0x04, 0x6A, 0x1A, 0x01, 0x7F,
556 0x00, 0x00, 0x01, 0x15, 0x69, 0x2C, 0x32, 0x3A, 0x1A, 0x3A, 0x1A, 0x1D,
557 0x00, 0x00, 0x01, 0x01, 0x32, 0x81, 0x21, 0x00, 0x00, 0x32, 0x28, 0x78,
558 0x32, 0x1B, 0x06, 0x06, 0x81, 0x1F, 0x1A, 0x45, 0x04, 0x77, 0x1A, 0x00,
559 0x00, 0x1B, 0x01, 0x81, 0xAC, 0x00, 0x0D, 0x06, 0x04, 0x1A, 0x01, 0x7F,
560 0x00, 0x7B, 0x41, 0x00, 0x02, 0x03, 0x00, 0x5F, 0x1E, 0x7B, 0x03, 0x01,
561 0x02, 0x01, 0x01, 0x0F, 0x11, 0x02, 0x01, 0x01, 0x04, 0x10, 0x01, 0x0F,
562 0x11, 0x02, 0x01, 0x01, 0x08, 0x10, 0x01, 0x0F, 0x11, 0x01, 0x00, 0x28,
563 0x0D, 0x06, 0x10, 0x1A, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03,
564 0x35, 0x04, 0x01, 0x36, 0x04, 0x80, 0x56, 0x01, 0x01, 0x28, 0x0D, 0x06,
565 0x10, 0x1A, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x35, 0x04,
566 0x01, 0x36, 0x04, 0x80, 0x40, 0x01, 0x02, 0x28, 0x0D, 0x06, 0x0F, 0x1A,
567 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01, 0x36,
568 0x04, 0x2B, 0x01, 0x03, 0x28, 0x0D, 0x06, 0x0E, 0x1A, 0x1A, 0x01, 0x10,
569 0x02, 0x00, 0x06, 0x03, 0x33, 0x04, 0x01, 0x34, 0x04, 0x17, 0x01, 0x04,
570 0x28, 0x0D, 0x06, 0x0E, 0x1A, 0x1A, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
571 0x33, 0x04, 0x01, 0x34, 0x04, 0x03, 0x50, 0x1C, 0x1A, 0x00, 0x00, 0x7B,
572 0x01, 0x0C, 0x10, 0x1B, 0x43, 0x32, 0x01, 0x03, 0x0A, 0x11, 0x00, 0x00,
573 0x7B, 0x01, 0x0C, 0x10, 0x01, 0x01, 0x0D, 0x00, 0x00, 0x7B, 0x01, 0x0C,
574 0x10, 0x42, 0x00, 0x00, 0x14, 0x01, 0x00, 0x5C, 0x1F, 0x1B, 0x06, 0x1F,
575 0x01, 0x01, 0x28, 0x0D, 0x06, 0x06, 0x1A, 0x01, 0x00, 0x7F, 0x04, 0x11,
576 0x01, 0x02, 0x28, 0x0D, 0x06, 0x0A, 0x1A, 0x5E, 0x1F, 0x06, 0x03, 0x01,
577 0x10, 0x27, 0x04, 0x01, 0x1A, 0x04, 0x01, 0x1A, 0x61, 0x1F, 0x05, 0x34,
578 0x20, 0x06, 0x31, 0x68, 0x1F, 0x01, 0x14, 0x28, 0x0D, 0x06, 0x06, 0x1A,
579 0x01, 0x02, 0x27, 0x04, 0x23, 0x01, 0x15, 0x28, 0x0D, 0x06, 0x0A, 0x1A,
580 0x81, 0x0D, 0x06, 0x03, 0x01, 0x7F, 0x7F, 0x04, 0x13, 0x01, 0x16, 0x28,
581 0x0D, 0x06, 0x06, 0x1A, 0x01, 0x01, 0x27, 0x04, 0x07, 0x1A, 0x01, 0x04,
582 0x27, 0x01, 0x00, 0x1A, 0x13, 0x06, 0x03, 0x01, 0x08, 0x27, 0x00, 0x00,
583 0x14, 0x1B, 0x05, 0x10, 0x20, 0x06, 0x0D, 0x68, 0x1F, 0x01, 0x15, 0x0D,
584 0x06, 0x05, 0x1A, 0x81, 0x0D, 0x04, 0x01, 0x17, 0x00, 0x00, 0x81, 0x29,
585 0x01, 0x07, 0x11, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x5A, 0x1C, 0x00, 0x01,
586 0x03, 0x00, 0x1D, 0x13, 0x06, 0x05, 0x02, 0x00, 0x69, 0x2C, 0x00, 0x81,
587 0x29, 0x1A, 0x04, 0x73, 0x00, 0x01, 0x14, 0x81, 0x2C, 0x01, 0x01, 0x81,
588 0x38, 0x1D, 0x1B, 0x01, 0x00, 0x81, 0x25, 0x01, 0x16, 0x81, 0x2C, 0x81,
589 0x30, 0x1D, 0x00, 0x02, 0x81, 0x05, 0x81, 0x07, 0x08, 0x81, 0x03, 0x08,
590 0x81, 0x06, 0x08, 0x81, 0x08, 0x08, 0x81, 0x04, 0x08, 0x03, 0x00, 0x01,
591 0x01, 0x81, 0x38, 0x01, 0x27, 0x6F, 0x1F, 0x08, 0x72, 0x1F, 0x01, 0x01,
592 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x46, 0x02, 0x00, 0x08, 0x66, 0x1E,
593 0x28, 0x09, 0x1B, 0x43, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x32, 0x46,
594 0x32, 0x47, 0x01, 0x04, 0x09, 0x1B, 0x40, 0x06, 0x03, 0x1A, 0x01, 0x00,
595 0x1B, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x32, 0x01, 0x04,
596 0x08, 0x28, 0x08, 0x32, 0x04, 0x03, 0x1A, 0x01, 0x7F, 0x03, 0x01, 0x81,
597 0x37, 0x75, 0x1E, 0x81, 0x36, 0x60, 0x01, 0x04, 0x12, 0x60, 0x01, 0x04,
598 0x08, 0x01, 0x1C, 0x23, 0x60, 0x01, 0x20, 0x81, 0x31, 0x6E, 0x6F, 0x1F,
599 0x81, 0x33, 0x72, 0x1F, 0x1B, 0x01, 0x01, 0x0B, 0x81, 0x36, 0x71, 0x32,
600 0x1B, 0x06, 0x11, 0x45, 0x28, 0x1E, 0x1B, 0x81, 0x24, 0x05, 0x02, 0x4A,
601 0x1C, 0x81, 0x36, 0x32, 0x46, 0x32, 0x04, 0x6C, 0x48, 0x01, 0x01, 0x81,
602 0x38, 0x01, 0x00, 0x81, 0x38, 0x02, 0x00, 0x06, 0x81, 0x47, 0x02, 0x00,
603 0x81, 0x36, 0x81, 0x05, 0x06, 0x12, 0x01, 0x83, 0xFE, 0x01, 0x81, 0x36,
604 0x6B, 0x81, 0x05, 0x01, 0x04, 0x09, 0x1B, 0x81, 0x36, 0x45, 0x81, 0x33,
605 0x81, 0x07, 0x06, 0x1C, 0x01, 0x00, 0x81, 0x36, 0x6C, 0x81, 0x07, 0x01,
606 0x04, 0x09, 0x1B, 0x81, 0x36, 0x01, 0x02, 0x09, 0x1B, 0x81, 0x36, 0x01,
607 0x00, 0x81, 0x38, 0x01, 0x03, 0x09, 0x81, 0x32, 0x81, 0x03, 0x06, 0x0F,
608 0x01, 0x01, 0x81, 0x36, 0x01, 0x01, 0x81, 0x36, 0x65, 0x1F, 0x01, 0x08,
609 0x09, 0x81, 0x38, 0x81, 0x06, 0x06, 0x1F, 0x01, 0x0D, 0x81, 0x36, 0x81,
610 0x06, 0x01, 0x04, 0x09, 0x1B, 0x81, 0x36, 0x01, 0x02, 0x09, 0x81, 0x36,
611 0x30, 0x06, 0x04, 0x01, 0x03, 0x81, 0x35, 0x31, 0x06, 0x04, 0x01, 0x01,
612 0x81, 0x35, 0x81, 0x08, 0x1B, 0x06, 0x27, 0x01, 0x0A, 0x81, 0x36, 0x01,
613 0x04, 0x09, 0x1B, 0x81, 0x36, 0x47, 0x81, 0x36, 0x2E, 0x01, 0x00, 0x1B,
614 0x01, 0x20, 0x0A, 0x06, 0x0E, 0x81, 0x01, 0x10, 0x01, 0x01, 0x11, 0x06,
615 0x03, 0x1B, 0x81, 0x36, 0x44, 0x04, 0x6C, 0x48, 0x04, 0x01, 0x1A, 0x81,
616 0x04, 0x06, 0x0D, 0x01, 0x0B, 0x81, 0x36, 0x01, 0x02, 0x81, 0x36, 0x01,
617 0x82, 0x00, 0x81, 0x36, 0x02, 0x01, 0x40, 0x05, 0x14, 0x01, 0x15, 0x81,
618 0x36, 0x02, 0x01, 0x1B, 0x81, 0x36, 0x1B, 0x06, 0x07, 0x45, 0x01, 0x00,
619 0x81, 0x38, 0x04, 0x76, 0x1A, 0x00, 0x00, 0x01, 0x10, 0x81, 0x38, 0x5F,
620 0x1E, 0x1B, 0x81, 0x28, 0x06, 0x10, 0x81, 0x0B, 0x19, 0x1B, 0x46, 0x81,
621 0x37, 0x1B, 0x81, 0x36, 0x67, 0x32, 0x81, 0x31, 0x04, 0x12, 0x1B, 0x81,
622 0x26, 0x32, 0x81, 0x0B, 0x18, 0x1B, 0x44, 0x81, 0x37, 0x1B, 0x81, 0x38,
623 0x67, 0x32, 0x81, 0x31, 0x00, 0x00, 0x7D, 0x01, 0x14, 0x81, 0x38, 0x01,
624 0x0C, 0x81, 0x37, 0x67, 0x01, 0x0C, 0x81, 0x31, 0x00, 0x00, 0x39, 0x1B,
625 0x01, 0x00, 0x0D, 0x06, 0x02, 0x48, 0x00, 0x81, 0x29, 0x1A, 0x04, 0x72,
626 0x00, 0x1B, 0x81, 0x36, 0x81, 0x31, 0x00, 0x00, 0x1B, 0x81, 0x38, 0x81,
627 0x31, 0x00, 0x00, 0x01, 0x0B, 0x81, 0x38, 0x01, 0x03, 0x81, 0x37, 0x01,
628 0x00, 0x81, 0x37, 0x00, 0x01, 0x03, 0x00, 0x2F, 0x1A, 0x1B, 0x01, 0x10,
629 0x11, 0x06, 0x08, 0x01, 0x04, 0x81, 0x38, 0x02, 0x00, 0x81, 0x38, 0x1B,
630 0x01, 0x08, 0x11, 0x06, 0x08, 0x01, 0x03, 0x81, 0x38, 0x02, 0x00, 0x81,
631 0x38, 0x1B, 0x01, 0x20, 0x11, 0x06, 0x08, 0x01, 0x05, 0x81, 0x38, 0x02,
632 0x00, 0x81, 0x38, 0x1B, 0x01, 0x80, 0x40, 0x11, 0x06, 0x08, 0x01, 0x06,
633 0x81, 0x38, 0x02, 0x00, 0x81, 0x38, 0x01, 0x04, 0x11, 0x06, 0x08, 0x01,
634 0x02, 0x81, 0x38, 0x02, 0x00, 0x81, 0x38, 0x00, 0x00, 0x1B, 0x01, 0x08,
635 0x37, 0x81, 0x38, 0x81, 0x38, 0x00, 0x00, 0x1B, 0x01, 0x10, 0x37, 0x81,
636 0x38, 0x81, 0x36, 0x00, 0x00, 0x1B, 0x3A, 0x06, 0x02, 0x1A, 0x00, 0x81,
637 0x29, 0x1A, 0x04, 0x75
638 };
639
640 static const uint16_t t0_caddr[] = {
641 0,
642 5,
643 10,
644 15,
645 20,
646 25,
647 30,
648 35,
649 40,
650 44,
651 48,
652 52,
653 56,
654 60,
655 64,
656 68,
657 72,
658 76,
659 80,
660 84,
661 88,
662 92,
663 96,
664 100,
665 104,
666 108,
667 112,
668 116,
669 120,
670 125,
671 130,
672 135,
673 140,
674 145,
675 150,
676 155,
677 160,
678 165,
679 170,
680 175,
681 180,
682 185,
683 190,
684 195,
685 200,
686 205,
687 210,
688 215,
689 220,
690 225,
691 230,
692 235,
693 240,
694 245,
695 250,
696 255,
697 260,
698 269,
699 282,
700 286,
701 311,
702 317,
703 337,
704 348,
705 385,
706 488,
707 492,
708 557,
709 572,
710 583,
711 601,
712 630,
713 640,
714 676,
715 749,
716 763,
717 769,
718 817,
719 837,
720 890,
721 959,
722 992,
723 1004,
724 1329,
725 1486,
726 1511,
727 1522,
728 1537,
729 1548,
730 1554,
731 1577,
732 1637,
733 1645,
734 1658,
735 1677,
736 1684,
737 1696,
738 1731,
739 1743,
740 1750,
741 1766,
742 1782,
743 1920,
744 1933,
745 1942,
746 1949,
747 2053,
748 2075,
749 2089,
750 2106,
751 2129,
752 2492,
753 2539,
754 2555,
755 2570,
756 2577,
757 2584,
758 2598,
759 2674,
760 2684,
761 2694
762 };
763
764 #define T0_INTERPRETED 64
765
766 #define T0_ENTER(ip, rp, slot) do { \
767 const unsigned char *t0_newip; \
768 uint32_t t0_lnum; \
769 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
770 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
771 (rp) += t0_lnum; \
772 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
773 (ip) = t0_newip; \
774 } while (0)
775
776 #define T0_DEFENTRY(name, slot) \
777 void \
778 name(void *ctx) \
779 { \
780 t0_context *t0ctx = ctx; \
781 t0ctx->ip = &t0_codeblock[0]; \
782 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
783 }
784
785 T0_DEFENTRY(br_ssl_hs_client_init_main, 137)
786
787 void
788 br_ssl_hs_client_run(void *t0ctx)
789 {
790 uint32_t *dp, *rp;
791 const unsigned char *ip;
792
793 #define T0_LOCAL(x) (*(rp - 2 - (x)))
794 #define T0_POP() (*-- dp)
795 #define T0_POPi() (*(int32_t *)(-- dp))
796 #define T0_PEEK(x) (*(dp - 1 - (x)))
797 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
798 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
799 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
800 #define T0_RPOP() (*-- rp)
801 #define T0_RPOPi() (*(int32_t *)(-- rp))
802 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
803 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
804 #define T0_ROLL(x) do { \
805 size_t t0len = (size_t)(x); \
806 uint32_t t0tmp = *(dp - 1 - t0len); \
807 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
808 *(dp - 1) = t0tmp; \
809 } while (0)
810 #define T0_SWAP() do { \
811 uint32_t t0tmp = *(dp - 2); \
812 *(dp - 2) = *(dp - 1); \
813 *(dp - 1) = t0tmp; \
814 } while (0)
815 #define T0_ROT() do { \
816 uint32_t t0tmp = *(dp - 3); \
817 *(dp - 3) = *(dp - 2); \
818 *(dp - 2) = *(dp - 1); \
819 *(dp - 1) = t0tmp; \
820 } while (0)
821 #define T0_NROT() do { \
822 uint32_t t0tmp = *(dp - 1); \
823 *(dp - 1) = *(dp - 2); \
824 *(dp - 2) = *(dp - 3); \
825 *(dp - 3) = t0tmp; \
826 } while (0)
827 #define T0_PICK(x) do { \
828 uint32_t t0depth = (x); \
829 T0_PUSH(T0_PEEK(t0depth)); \
830 } while (0)
831 #define T0_CO() do { \
832 goto t0_exit; \
833 } while (0)
834 #define T0_RET() break
835
836 dp = ((t0_context *)t0ctx)->dp;
837 rp = ((t0_context *)t0ctx)->rp;
838 ip = ((t0_context *)t0ctx)->ip;
839 for (;;) {
840 uint32_t t0x;
841
842 t0x = t0_parse7E_unsigned(&ip);
843 if (t0x < T0_INTERPRETED) {
844 switch (t0x) {
845 int32_t t0off;
846
847 case 0: /* ret */
848 t0x = T0_RPOP();
849 rp -= (t0x >> 16);
850 t0x &= 0xFFFF;
851 if (t0x == 0) {
852 ip = NULL;
853 goto t0_exit;
854 }
855 ip = &t0_codeblock[t0x];
856 break;
857 case 1: /* literal constant */
858 T0_PUSHi(t0_parse7E_signed(&ip));
859 break;
860 case 2: /* read local */
861 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
862 break;
863 case 3: /* write local */
864 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
865 break;
866 case 4: /* jump */
867 t0off = t0_parse7E_signed(&ip);
868 ip += t0off;
869 break;
870 case 5: /* jump if */
871 t0off = t0_parse7E_signed(&ip);
872 if (T0_POP()) {
873 ip += t0off;
874 }
875 break;
876 case 6: /* jump if not */
877 t0off = t0_parse7E_signed(&ip);
878 if (!T0_POP()) {
879 ip += t0off;
880 }
881 break;
882 case 7: {
883 /* * */
884
885 uint32_t b = T0_POP();
886 uint32_t a = T0_POP();
887 T0_PUSH(a * b);
888
889 }
890 break;
891 case 8: {
892 /* + */
893
894 uint32_t b = T0_POP();
895 uint32_t a = T0_POP();
896 T0_PUSH(a + b);
897
898 }
899 break;
900 case 9: {
901 /* - */
902
903 uint32_t b = T0_POP();
904 uint32_t a = T0_POP();
905 T0_PUSH(a - b);
906
907 }
908 break;
909 case 10: {
910 /* < */
911
912 int32_t b = T0_POPi();
913 int32_t a = T0_POPi();
914 T0_PUSH(-(uint32_t)(a < b));
915
916 }
917 break;
918 case 11: {
919 /* << */
920
921 int c = (int)T0_POPi();
922 uint32_t x = T0_POP();
923 T0_PUSH(x << c);
924
925 }
926 break;
927 case 12: {
928 /* <> */
929
930 uint32_t b = T0_POP();
931 uint32_t a = T0_POP();
932 T0_PUSH(-(uint32_t)(a != b));
933
934 }
935 break;
936 case 13: {
937 /* = */
938
939 uint32_t b = T0_POP();
940 uint32_t a = T0_POP();
941 T0_PUSH(-(uint32_t)(a == b));
942
943 }
944 break;
945 case 14: {
946 /* > */
947
948 int32_t b = T0_POPi();
949 int32_t a = T0_POPi();
950 T0_PUSH(-(uint32_t)(a > b));
951
952 }
953 break;
954 case 15: {
955 /* >= */
956
957 int32_t b = T0_POPi();
958 int32_t a = T0_POPi();
959 T0_PUSH(-(uint32_t)(a >= b));
960
961 }
962 break;
963 case 16: {
964 /* >> */
965
966 int c = (int)T0_POPi();
967 int32_t x = T0_POPi();
968 T0_PUSHi(x >> c);
969
970 }
971 break;
972 case 17: {
973 /* and */
974
975 uint32_t b = T0_POP();
976 uint32_t a = T0_POP();
977 T0_PUSH(a & b);
978
979 }
980 break;
981 case 18: {
982 /* bzero */
983
984 size_t len = (size_t)T0_POP();
985 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
986 memset(addr, 0, len);
987
988 }
989 break;
990 case 19: {
991 /* can-output? */
992
993 T0_PUSHi(-(ENG->hlen_out > 0));
994
995 }
996 break;
997 case 20: {
998 /* co */
999 T0_CO();
1000 }
1001 break;
1002 case 21: {
1003 /* compute-Finished-inner */
1004
1005 int prf_id = T0_POP();
1006 int from_client = T0_POPi();
1007 unsigned char seed[48];
1008 size_t seed_len;
1009
1010 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1011 if (ENG->session.version >= BR_TLS12) {
1012 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1013 } else {
1014 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1015 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1016 seed_len = 36;
1017 }
1018 prf(ENG->pad, 12, ENG->session.master_secret,
1019 sizeof ENG->session.master_secret,
1020 from_client ? "client finished" : "server finished",
1021 seed, seed_len);
1022
1023 }
1024 break;
1025 case 22: {
1026 /* data-get8 */
1027
1028 size_t addr = T0_POP();
1029 T0_PUSH(t0_datablock[addr]);
1030
1031 }
1032 break;
1033 case 23: {
1034 /* discard-input */
1035
1036 ENG->hlen_in = 0;
1037
1038 }
1039 break;
1040 case 24: {
1041 /* do-ecdh */
1042
1043 unsigned prf_id = T0_POP();
1044 unsigned ecdhe = T0_POP();
1045 int x;
1046
1047 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1048 if (x < 0) {
1049 br_ssl_engine_fail(ENG, -x);
1050 T0_CO();
1051 } else {
1052 T0_PUSH(x);
1053 }
1054
1055 }
1056 break;
1057 case 25: {
1058 /* do-rsa-encrypt */
1059
1060 int x;
1061
1062 x = make_pms_rsa(CTX, T0_POP());
1063 if (x < 0) {
1064 br_ssl_engine_fail(ENG, -x);
1065 T0_CO();
1066 } else {
1067 T0_PUSH(x);
1068 }
1069
1070 }
1071 break;
1072 case 26: {
1073 /* drop */
1074 (void)T0_POP();
1075 }
1076 break;
1077 case 27: {
1078 /* dup */
1079 T0_PUSH(T0_PEEK(0));
1080 }
1081 break;
1082 case 28: {
1083 /* fail */
1084
1085 br_ssl_engine_fail(ENG, (int)T0_POPi());
1086 T0_CO();
1087
1088 }
1089 break;
1090 case 29: {
1091 /* flush-record */
1092
1093 br_ssl_engine_flush_record(ENG);
1094
1095 }
1096 break;
1097 case 30: {
1098 /* get16 */
1099
1100 size_t addr = (size_t)T0_POP();
1101 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1102
1103 }
1104 break;
1105 case 31: {
1106 /* get8 */
1107
1108 size_t addr = (size_t)T0_POP();
1109 T0_PUSH(*((unsigned char *)ENG + addr));
1110
1111 }
1112 break;
1113 case 32: {
1114 /* has-input? */
1115
1116 T0_PUSHi(-(ENG->hlen_in != 0));
1117
1118 }
1119 break;
1120 case 33: {
1121 /* memcmp */
1122
1123 size_t len = (size_t)T0_POP();
1124 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1125 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1126 int x = memcmp(addr1, addr2, len);
1127 T0_PUSH((uint32_t)-(x == 0));
1128
1129 }
1130 break;
1131 case 34: {
1132 /* memcpy */
1133
1134 size_t len = (size_t)T0_POP();
1135 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1136 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1137 memcpy(dst, src, len);
1138
1139 }
1140 break;
1141 case 35: {
1142 /* mkrand */
1143
1144 size_t len = (size_t)T0_POP();
1145 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1146 br_hmac_drbg_generate(&ENG->rng, addr, len);
1147
1148 }
1149 break;
1150 case 36: {
1151 /* more-incoming-bytes? */
1152
1153 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1154
1155 }
1156 break;
1157 case 37: {
1158 /* multihash-init */
1159
1160 br_multihash_init(&ENG->mhash);
1161
1162 }
1163 break;
1164 case 38: {
1165 /* not */
1166
1167 uint32_t a = T0_POP();
1168 T0_PUSH(~a);
1169
1170 }
1171 break;
1172 case 39: {
1173 /* or */
1174
1175 uint32_t b = T0_POP();
1176 uint32_t a = T0_POP();
1177 T0_PUSH(a | b);
1178
1179 }
1180 break;
1181 case 40: {
1182 /* over */
1183 T0_PUSH(T0_PEEK(1));
1184 }
1185 break;
1186 case 41: {
1187 /* read-chunk-native */
1188
1189 size_t clen = ENG->hlen_in;
1190 if (clen > 0) {
1191 uint32_t addr, len;
1192
1193 len = T0_POP();
1194 addr = T0_POP();
1195 if ((size_t)len < clen) {
1196 clen = (size_t)len;
1197 }
1198 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1199 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1200 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1201 }
1202 T0_PUSH(addr + (uint32_t)clen);
1203 T0_PUSH(len - (uint32_t)clen);
1204 ENG->hbuf_in += clen;
1205 ENG->hlen_in -= clen;
1206 }
1207
1208 }
1209 break;
1210 case 42: {
1211 /* read8-native */
1212
1213 if (ENG->hlen_in > 0) {
1214 unsigned char x;
1215
1216 x = *ENG->hbuf_in ++;
1217 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1218 br_multihash_update(&ENG->mhash, &x, 1);
1219 }
1220 T0_PUSH(x);
1221 ENG->hlen_in --;
1222 } else {
1223 T0_PUSHi(-1);
1224 }
1225
1226 }
1227 break;
1228 case 43: {
1229 /* set16 */
1230
1231 size_t addr = (size_t)T0_POP();
1232 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1233
1234 }
1235 break;
1236 case 44: {
1237 /* set8 */
1238
1239 size_t addr = (size_t)T0_POP();
1240 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1241
1242 }
1243 break;
1244 case 45: {
1245 /* strlen */
1246
1247 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1248 T0_PUSH((uint32_t)strlen(str));
1249
1250 }
1251 break;
1252 case 46: {
1253 /* supported-curves */
1254
1255 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1256 T0_PUSH(x);
1257
1258 }
1259 break;
1260 case 47: {
1261 /* supported-hash-functions */
1262
1263 int i;
1264 unsigned x, num;
1265
1266 x = 0;
1267 num = 0;
1268 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1269 if (br_multihash_getimpl(&ENG->mhash, i)) {
1270 x |= 1U << i;
1271 num ++;
1272 }
1273 }
1274 T0_PUSH(x);
1275 T0_PUSH(num);
1276
1277 }
1278 break;
1279 case 48: {
1280 /* supports-ecdsa? */
1281
1282 T0_PUSHi(-(CTX->iecdsa != 0));
1283
1284 }
1285 break;
1286 case 49: {
1287 /* supports-rsa-sign? */
1288
1289 T0_PUSHi(-(CTX->irsavrfy != 0));
1290
1291 }
1292 break;
1293 case 50: {
1294 /* swap */
1295 T0_SWAP();
1296 }
1297 break;
1298 case 51: {
1299 /* switch-aesgcm-in */
1300
1301 int is_client, prf_id;
1302 unsigned cipher_key_len;
1303
1304 cipher_key_len = T0_POP();
1305 prf_id = T0_POP();
1306 is_client = T0_POP();
1307 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1308 ENG->iaes_ctr, cipher_key_len);
1309
1310 }
1311 break;
1312 case 52: {
1313 /* switch-aesgcm-out */
1314
1315 int is_client, prf_id;
1316 unsigned cipher_key_len;
1317
1318 cipher_key_len = T0_POP();
1319 prf_id = T0_POP();
1320 is_client = T0_POP();
1321 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1322 ENG->iaes_ctr, cipher_key_len);
1323
1324 }
1325 break;
1326 case 53: {
1327 /* switch-cbc-in */
1328
1329 int is_client, prf_id, mac_id, aes;
1330 unsigned cipher_key_len;
1331
1332 cipher_key_len = T0_POP();
1333 aes = T0_POP();
1334 mac_id = T0_POP();
1335 prf_id = T0_POP();
1336 is_client = T0_POP();
1337 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1338 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1339
1340 }
1341 break;
1342 case 54: {
1343 /* switch-cbc-out */
1344
1345 int is_client, prf_id, mac_id, aes;
1346 unsigned cipher_key_len;
1347
1348 cipher_key_len = T0_POP();
1349 aes = T0_POP();
1350 mac_id = T0_POP();
1351 prf_id = T0_POP();
1352 is_client = T0_POP();
1353 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1354 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1355
1356 }
1357 break;
1358 case 55: {
1359 /* u>> */
1360
1361 int c = (int)T0_POPi();
1362 uint32_t x = T0_POP();
1363 T0_PUSH(x >> c);
1364
1365 }
1366 break;
1367 case 56: {
1368 /* verify-SKE-sig */
1369
1370 size_t sig_len = T0_POP();
1371 int use_rsa = T0_POPi();
1372 int hash = T0_POPi();
1373
1374 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1375
1376 }
1377 break;
1378 case 57: {
1379 /* write-blob-chunk */
1380
1381 size_t clen = ENG->hlen_out;
1382 if (clen > 0) {
1383 uint32_t addr, len;
1384
1385 len = T0_POP();
1386 addr = T0_POP();
1387 if ((size_t)len < clen) {
1388 clen = (size_t)len;
1389 }
1390 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1391 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1392 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1393 }
1394 T0_PUSH(addr + (uint32_t)clen);
1395 T0_PUSH(len - (uint32_t)clen);
1396 ENG->hbuf_out += clen;
1397 ENG->hlen_out -= clen;
1398 }
1399
1400 }
1401 break;
1402 case 58: {
1403 /* write8-native */
1404
1405 unsigned char x;
1406
1407 x = (unsigned char)T0_POP();
1408 if (ENG->hlen_out > 0) {
1409 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1410 br_multihash_update(&ENG->mhash, &x, 1);
1411 }
1412 *ENG->hbuf_out ++ = x;
1413 ENG->hlen_out --;
1414 T0_PUSHi(-1);
1415 } else {
1416 T0_PUSHi(0);
1417 }
1418
1419 }
1420 break;
1421 case 59: {
1422 /* x509-append */
1423
1424 const br_x509_class *xc;
1425 size_t len;
1426
1427 xc = *(ENG->x509ctx);
1428 len = T0_POP();
1429 xc->append(ENG->x509ctx, ENG->pad, len);
1430
1431 }
1432 break;
1433 case 60: {
1434 /* x509-end-cert */
1435
1436 const br_x509_class *xc;
1437
1438 xc = *(ENG->x509ctx);
1439 xc->end_cert(ENG->x509ctx);
1440
1441 }
1442 break;
1443 case 61: {
1444 /* x509-end-chain */
1445
1446 const br_x509_class *xc;
1447
1448 xc = *(ENG->x509ctx);
1449 T0_PUSH(xc->end_chain(ENG->x509ctx));
1450
1451 }
1452 break;
1453 case 62: {
1454 /* x509-start-cert */
1455
1456 const br_x509_class *xc;
1457
1458 xc = *(ENG->x509ctx);
1459 xc->start_cert(ENG->x509ctx, T0_POP());
1460
1461 }
1462 break;
1463 case 63: {
1464 /* x509-start-chain */
1465
1466 const br_x509_class *xc;
1467
1468 xc = *(ENG->x509ctx);
1469 xc->start_chain(ENG->x509ctx, T0_POP(), ENG->server_name);
1470
1471 }
1472 break;
1473 }
1474
1475 } else {
1476 T0_ENTER(ip, rp, t0x);
1477 }
1478 }
1479 t0_exit:
1480 ((t0_context *)t0ctx)->dp = dp;
1481 ((t0_context *)t0ctx)->rp = rp;
1482 ((t0_context *)t0ctx)->ip = ip;
1483 }
The BearSSL library and tools.