1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char HASH_OID_SHA1
[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
177 static const unsigned char HASH_OID_SHA224
[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
181 static const unsigned char HASH_OID_SHA256
[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
185 static const unsigned char HASH_OID_SHA384
[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
189 static const unsigned char HASH_OID_SHA512
[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
193 static const unsigned char *HASH_OID
[] = {
202 * Check the RSA signature on the ServerKeyExchange message.
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
208 * Returned value is 0 on success, or an error code.
211 verify_SKE_sig(br_ssl_client_context
*ctx
,
212 int hash
, int use_rsa
, size_t sig_len
)
214 const br_x509_class
**xc
;
215 const br_x509_pkey
*pk
;
216 br_multihash_context mhc
;
217 unsigned char hv
[64], head
[4];
220 xc
= ctx
->eng
.x509ctx
;
221 pk
= (*xc
)->get_pkey(xc
, NULL
);
222 br_multihash_zero(&mhc
);
223 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
224 br_multihash_init(&mhc
);
225 br_multihash_update(&mhc
,
226 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
227 br_multihash_update(&mhc
,
228 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
231 head
[2] = ctx
->eng
.ecdhe_curve
;
232 head
[3] = ctx
->eng
.ecdhe_point_len
;
233 br_multihash_update(&mhc
, head
, sizeof head
);
234 br_multihash_update(&mhc
,
235 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
237 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
239 return BR_ERR_INVALID_ALGORITHM
;
242 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
243 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
245 return BR_ERR_INVALID_ALGORITHM
;
250 unsigned char tmp
[64];
251 const unsigned char *hash_oid
;
254 hash_oid
= HASH_OID
[hash
- 2];
258 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
259 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
260 || memcmp(tmp
, hv
, hv_len
) != 0)
262 return BR_ERR_BAD_SIGNATURE
;
265 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
266 ctx
->eng
.pad
, sig_len
))
268 return BR_ERR_BAD_SIGNATURE
;
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
284 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
287 unsigned char key
[66], point
[133];
288 const unsigned char *order
, *point_src
;
289 size_t glen
, olen
, point_len
, xoff
, xlen
;
293 curve
= ctx
->eng
.ecdhe_curve
;
294 point_src
= ctx
->eng
.ecdhe_point
;
295 point_len
= ctx
->eng
.ecdhe_point_len
;
297 const br_x509_class
**xc
;
298 const br_x509_pkey
*pk
;
300 xc
= ctx
->eng
.x509ctx
;
301 pk
= (*xc
)->get_pkey(xc
, NULL
);
302 curve
= pk
->key
.ec
.curve
;
303 point_src
= pk
->key
.ec
.q
;
304 point_len
= pk
->key
.ec
.qlen
;
306 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM
;
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
316 order
= ctx
->eng
.iec
->order(curve
, &olen
);
318 while (mask
>= order
[0]) {
321 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
323 key
[olen
- 1] |= 0x01;
326 * Compute the common ECDH point, whose X coordinate is the
329 ctx
->eng
.iec
->generator(curve
, &glen
);
330 if (glen
!= point_len
) {
331 return -BR_ERR_INVALID_ALGORITHM
;
334 memcpy(point
, point_src
, glen
);
335 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
336 return -BR_ERR_INVALID_ALGORITHM
;
340 * The pre-master secret is the X coordinate.
342 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
343 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ xoff
, xlen
);
345 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
346 memcpy(ctx
->eng
.pad
, point
, glen
);
351 * Perform full static ECDH. This occurs only in the context of client
352 * authentication with certificates: the server uses an EC public key,
353 * the cipher suite is of type ECDH (not ECDHE), the server requested a
354 * client certificate and accepts static ECDH, the client has a
355 * certificate with an EC public key in the same curve, and accepts
356 * static ECDH as well.
358 * Returned value is 0 on success, -1 on error.
361 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
363 unsigned char point
[133];
365 const br_x509_class
**xc
;
366 const br_x509_pkey
*pk
;
368 xc
= ctx
->eng
.x509ctx
;
369 pk
= (*xc
)->get_pkey(xc
, NULL
);
370 point_len
= pk
->key
.ec
.qlen
;
371 if (point_len
> sizeof point
) {
374 memcpy(point
, pk
->key
.ec
.q
, point_len
);
375 if (!(*ctx
->client_auth_vtable
)->do_keyx(
376 ctx
->client_auth_vtable
, point
, &point_len
))
380 br_ssl_engine_compute_master(&ctx
->eng
,
381 prf_id
, point
, point_len
);
386 * Compute the client-side signature. This is invoked only when a
387 * signature-based client authentication was selected. The computed
388 * signature is in the pad; its length (in bytes) is returned. On
389 * error, 0 is returned.
392 make_client_sign(br_ssl_client_context
*ctx
)
397 * Compute hash of handshake messages so far. This "cannot" fail
398 * because the list of supported hash functions provided to the
399 * client certificate handler was trimmed to include only the
400 * hash functions that the multi-hasher supports.
403 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
404 ctx
->hash_id
, ctx
->eng
.pad
);
406 br_multihash_out(&ctx
->eng
.mhash
,
407 br_md5_ID
, ctx
->eng
.pad
);
408 br_multihash_out(&ctx
->eng
.mhash
,
409 br_sha1_ID
, ctx
->eng
.pad
+ 16);
412 return (*ctx
->client_auth_vtable
)->do_sign(
413 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
414 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
419 static const unsigned char t0_datablock
[] = {
420 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
421 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
422 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
423 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
424 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
425 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
426 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
427 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
428 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
429 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
430 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
431 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
432 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
435 static const unsigned char t0_codeblock
[] = {
436 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
437 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
438 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
439 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
441 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
449 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
450 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
452 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
453 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
455 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
458 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
463 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
465 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
466 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
467 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
469 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
470 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
471 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
472 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
474 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
476 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
477 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
478 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
480 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
481 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
482 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
485 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
486 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
488 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
490 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
492 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
494 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
495 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
498 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
501 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
502 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
504 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
505 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
506 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
507 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
508 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
509 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
510 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
511 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x3E, 0x29,
512 0x1A, 0x36, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01,
513 0x00, 0xC3, 0x02, 0x00, 0x26, 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC,
514 0x04, 0x76, 0x01, 0x01, 0x00, 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01,
515 0x00, 0x88, 0x3C, 0x34, 0xD2, 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD,
516 0x01, 0x7F, 0xCF, 0x04, 0x80, 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01,
517 T0_INT1(BR_KEYTYPE_SIGN
), 0x17, 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01,
518 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5, 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01,
519 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x06, 0x02,
520 0x65, 0x28, 0x33, 0x06, 0x02, 0x70, 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0,
521 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB,
522 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9, 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01,
523 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F, 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01,
524 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E, 0x00, 0x00, 0x38, 0x38, 0x00, 0x00,
525 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
526 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
527 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
528 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
529 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
530 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
531 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
532 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
533 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
534 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
535 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
536 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
537 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
538 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
539 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
540 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
541 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
542 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
543 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
544 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
545 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
546 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
547 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
548 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
549 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
550 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
551 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
552 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
553 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
554 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
555 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
556 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
557 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
558 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
559 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
560 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
561 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
562 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
563 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
564 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
565 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
566 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
567 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
568 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
569 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
570 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
571 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
572 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
573 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
574 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
575 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
576 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
577 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
578 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
579 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
580 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
581 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
582 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
583 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
584 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
585 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
586 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
587 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
588 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
589 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
590 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
591 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
592 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
593 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
594 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
595 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
596 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
597 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
598 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
599 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
600 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
601 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
602 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
603 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
604 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
605 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
606 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
607 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
608 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
609 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
610 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
611 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
612 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
613 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
614 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
615 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
616 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
617 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
618 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
619 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
620 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
621 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
622 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
623 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
624 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
625 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
626 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
627 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
628 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
629 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
630 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
631 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
632 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
633 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
634 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
635 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
636 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
637 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
638 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
639 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
640 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
641 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
642 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
643 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
644 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
645 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
646 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
647 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
648 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
649 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
650 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
651 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
652 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
653 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
654 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
655 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
656 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
657 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
658 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
659 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
660 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
661 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
662 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
663 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
664 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
665 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
666 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
667 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
668 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
669 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
670 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
671 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
672 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
673 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
674 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
675 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
676 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
677 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
678 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
679 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
680 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
681 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
682 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
683 0x06, 0x1F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
684 0x04, 0x11, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0A, 0x25, 0x75, 0x2E, 0x06,
685 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x79, 0x2E,
686 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06,
687 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06,
688 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04, 0x13, 0x01, 0x16,
689 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25, 0x01,
690 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37, 0x00,
691 0x00, 0x1B, 0x26, 0x05, 0x0F, 0x2F, 0x06, 0x0C, 0x84, 0x2E, 0x01, 0x15,
692 0x0E, 0x06, 0x04, 0x25, 0xAB, 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01,
693 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03,
694 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25,
695 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01,
696 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB,
697 0x4C, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06,
698 0x02, 0x25, 0x00, 0xDA, 0x1D, 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04,
699 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C,
700 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E,
701 0xDB, 0x76, 0x2E, 0xDB, 0x04, 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
702 0xD5, 0x00, 0x02, 0xA2, 0xA4, 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08,
703 0xA1, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C,
704 0x2E, 0x08, 0x8F, 0x2E, 0x01, 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04,
705 0x5C, 0x02, 0x00, 0x08, 0x81, 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24,
706 0x02, 0x00, 0x05, 0x04, 0x44, 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26,
707 0x56, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00,
708 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03,
709 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04,
710 0x19, 0x78, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5,
711 0x8B, 0x8C, 0x2E, 0xD7, 0x8F, 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E,
712 0x44, 0x26, 0x06, 0x0F, 0x5B, 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60,
713 0x28, 0xD9, 0x44, 0x5C, 0x44, 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01,
714 0x00, 0xDB, 0x02, 0x00, 0x06, 0x81, 0x5A, 0x02, 0x00, 0xD9, 0xA2, 0x06,
715 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26,
716 0xD9, 0x5B, 0xD7, 0xA4, 0x06, 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01,
717 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB,
718 0x01, 0x03, 0x09, 0xD6, 0xA0, 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01,
719 0xD9, 0x80, 0x2E, 0x01, 0x08, 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D,
720 0xD9, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42,
721 0x06, 0x03, 0x01, 0x03, 0xD8, 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5,
722 0x26, 0x06, 0x36, 0x01, 0x0A, 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D,
723 0xD9, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x17,
724 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF, 0x7F, 0x17, 0x01, 0x1D, 0xD9,
725 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x9E, 0x11, 0x01, 0x01, 0x17, 0x06,
726 0x02, 0x26, 0xD9, 0x5A, 0x04, 0x6E, 0x5E, 0x04, 0x01, 0x25, 0xA1, 0x06,
727 0x0A, 0x01, 0x0B, 0xD9, 0x01, 0x02, 0xD9, 0x01, 0x82, 0x00, 0xD9, 0x27,
728 0x26, 0x06, 0x1F, 0x01, 0x10, 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D,
729 0xD9, 0x83, 0x2C, 0x01, 0x00, 0x9E, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26,
730 0xDB, 0x82, 0x44, 0xD5, 0x5A, 0x04, 0x72, 0x5E, 0x04, 0x01, 0x25, 0x02,
731 0x01, 0x56, 0x05, 0x11, 0x01, 0x15, 0xD9, 0x02, 0x01, 0x26, 0xD9, 0x26,
732 0x06, 0x06, 0x5B, 0x01, 0x00, 0xDB, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01,
733 0x10, 0xDB, 0x77, 0x2C, 0x26, 0xCA, 0x06, 0x0C, 0xA9, 0x23, 0x26, 0x5C,
734 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x04, 0x0D, 0x26, 0xC8, 0x44, 0xA9,
735 0x22, 0x26, 0x5A, 0xDA, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x00, 0x00, 0x9A,
736 0x01, 0x14, 0xDB, 0x01, 0x0C, 0xDA, 0x82, 0x01, 0x0C, 0xD5, 0x00, 0x00,
737 0x4F, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E, 0x00, 0xCB, 0x25, 0x04,
738 0x73, 0x00, 0x26, 0xD9, 0xD5, 0x00, 0x00, 0x26, 0xDB, 0xD5, 0x00, 0x01,
739 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04,
740 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03,
741 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05,
742 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01,
743 0x06, 0xDB, 0x02, 0x00, 0xDB, 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02,
744 0xDB, 0x02, 0x00, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x08, 0x4D, 0xDB, 0xDB,
745 0x00, 0x00, 0x26, 0x01, 0x10, 0x4D, 0xDB, 0xD9, 0x00, 0x00, 0x26, 0x50,
746 0x06, 0x02, 0x25, 0x00, 0xCB, 0x25, 0x04, 0x76
749 static const uint16_t t0_caddr
[] = {
886 #define T0_INTERPRETED 86
888 #define T0_ENTER(ip, rp, slot) do { \
889 const unsigned char *t0_newip; \
891 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
892 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
894 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
898 #define T0_DEFENTRY(name, slot) \
902 t0_context *t0ctx = ctx; \
903 t0ctx->ip = &t0_codeblock[0]; \
904 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
907 T0_DEFENTRY(br_ssl_hs_client_init_main
, 167)
909 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
912 br_ssl_hs_client_run(void *t0ctx
)
915 const unsigned char *ip
;
917 #define T0_LOCAL(x) (*(rp - 2 - (x)))
918 #define T0_POP() (*-- dp)
919 #define T0_POPi() (*(int32_t *)(-- dp))
920 #define T0_PEEK(x) (*(dp - 1 - (x)))
921 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
922 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
923 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
924 #define T0_RPOP() (*-- rp)
925 #define T0_RPOPi() (*(int32_t *)(-- rp))
926 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
927 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
928 #define T0_ROLL(x) do { \
929 size_t t0len = (size_t)(x); \
930 uint32_t t0tmp = *(dp - 1 - t0len); \
931 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
934 #define T0_SWAP() do { \
935 uint32_t t0tmp = *(dp - 2); \
936 *(dp - 2) = *(dp - 1); \
939 #define T0_ROT() do { \
940 uint32_t t0tmp = *(dp - 3); \
941 *(dp - 3) = *(dp - 2); \
942 *(dp - 2) = *(dp - 1); \
945 #define T0_NROT() do { \
946 uint32_t t0tmp = *(dp - 1); \
947 *(dp - 1) = *(dp - 2); \
948 *(dp - 2) = *(dp - 3); \
951 #define T0_PICK(x) do { \
952 uint32_t t0depth = (x); \
953 T0_PUSH(T0_PEEK(t0depth)); \
955 #define T0_CO() do { \
958 #define T0_RET() goto t0_next
960 dp
= ((t0_context
*)t0ctx
)->dp
;
961 rp
= ((t0_context
*)t0ctx
)->rp
;
962 ip
= ((t0_context
*)t0ctx
)->ip
;
969 if (t0x
< T0_INTERPRETED
) {
981 ip
= &t0_codeblock
[t0x
];
983 case 1: /* literal constant */
984 T0_PUSHi(t0_parse7E_signed(&ip
));
986 case 2: /* read local */
987 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
989 case 3: /* write local */
990 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
993 t0off
= t0_parse7E_signed(&ip
);
996 case 5: /* jump if */
997 t0off
= t0_parse7E_signed(&ip
);
1002 case 6: /* jump if not */
1003 t0off
= t0_parse7E_signed(&ip
);
1011 uint32_t b
= T0_POP();
1012 uint32_t a
= T0_POP();
1020 uint32_t b
= T0_POP();
1021 uint32_t a
= T0_POP();
1029 uint32_t b
= T0_POP();
1030 uint32_t a
= T0_POP();
1038 int32_t b
= T0_POPi();
1039 int32_t a
= T0_POPi();
1040 T0_PUSH(-(uint32_t)(a
< b
));
1047 int c
= (int)T0_POPi();
1048 uint32_t x
= T0_POP();
1056 int32_t b
= T0_POPi();
1057 int32_t a
= T0_POPi();
1058 T0_PUSH(-(uint32_t)(a
<= b
));
1065 uint32_t b
= T0_POP();
1066 uint32_t a
= T0_POP();
1067 T0_PUSH(-(uint32_t)(a
!= b
));
1074 uint32_t b
= T0_POP();
1075 uint32_t a
= T0_POP();
1076 T0_PUSH(-(uint32_t)(a
== b
));
1083 int32_t b
= T0_POPi();
1084 int32_t a
= T0_POPi();
1085 T0_PUSH(-(uint32_t)(a
> b
));
1092 int32_t b
= T0_POPi();
1093 int32_t a
= T0_POPi();
1094 T0_PUSH(-(uint32_t)(a
>= b
));
1101 int c
= (int)T0_POPi();
1102 int32_t x
= T0_POPi();
1108 /* anchor-dn-append-name */
1113 if (CTX
->client_auth_vtable
!= NULL
) {
1114 (*CTX
->client_auth_vtable
)->append_name(
1115 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1121 /* anchor-dn-end-name */
1123 if (CTX
->client_auth_vtable
!= NULL
) {
1124 (*CTX
->client_auth_vtable
)->end_name(
1125 CTX
->client_auth_vtable
);
1131 /* anchor-dn-end-name-list */
1133 if (CTX
->client_auth_vtable
!= NULL
) {
1134 (*CTX
->client_auth_vtable
)->end_name_list(
1135 CTX
->client_auth_vtable
);
1141 /* anchor-dn-start-name */
1146 if (CTX
->client_auth_vtable
!= NULL
) {
1147 (*CTX
->client_auth_vtable
)->start_name(
1148 CTX
->client_auth_vtable
, len
);
1154 /* anchor-dn-start-name-list */
1156 if (CTX
->client_auth_vtable
!= NULL
) {
1157 (*CTX
->client_auth_vtable
)->start_name_list(
1158 CTX
->client_auth_vtable
);
1166 uint32_t b
= T0_POP();
1167 uint32_t a
= T0_POP();
1175 if (ENG
->chain_len
== 0) {
1178 ENG
->cert_cur
= ENG
->chain
->data
;
1179 ENG
->cert_len
= ENG
->chain
->data_len
;
1182 T0_PUSH(ENG
->cert_len
);
1190 size_t len
= (size_t)T0_POP();
1191 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1192 memset(addr
, 0, len
);
1199 T0_PUSHi(-(ENG
->hlen_out
> 0));
1209 /* compute-Finished-inner */
1211 int prf_id
= T0_POP();
1212 int from_client
= T0_POPi();
1213 unsigned char seed
[48];
1216 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1217 if (ENG
->session
.version
>= BR_TLS12
) {
1218 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1220 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1221 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1224 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1225 sizeof ENG
->session
.master_secret
,
1226 from_client
? "client finished" : "server finished",
1232 /* copy-cert-chunk */
1236 clen
= ENG
->cert_len
;
1237 if (clen
> sizeof ENG
->pad
) {
1238 clen
= sizeof ENG
->pad
;
1240 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1241 ENG
->cert_cur
+= clen
;
1242 ENG
->cert_len
-= clen
;
1248 /* copy-protocol-name */
1250 size_t idx
= T0_POP();
1251 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1252 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1260 size_t addr
= T0_POP();
1261 T0_PUSH(t0_datablock
[addr
]);
1273 /* do-client-sign */
1277 sig_len
= make_client_sign(CTX
);
1279 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1289 unsigned prf_id
= T0_POP();
1290 unsigned ecdhe
= T0_POP();
1293 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1295 br_ssl_engine_fail(ENG
, -x
);
1304 /* do-rsa-encrypt */
1308 x
= make_pms_rsa(CTX
, T0_POP());
1310 br_ssl_engine_fail(ENG
, -x
);
1319 /* do-static-ecdh */
1321 unsigned prf_id
= T0_POP();
1323 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1324 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1337 T0_PUSH(T0_PEEK(0));
1341 /* ext-ALPN-length */
1345 if (ENG
->protocol_names_num
== 0) {
1350 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1351 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1360 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1368 br_ssl_engine_flush_record(ENG
);
1373 /* get-client-chain */
1375 uint32_t auth_types
;
1377 auth_types
= T0_POP();
1378 if (CTX
->client_auth_vtable
!= NULL
) {
1379 br_ssl_client_certificate ux
;
1381 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1382 CTX
, auth_types
, &ux
);
1383 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1384 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1385 ENG
->chain
= ux
.chain
;
1386 ENG
->chain_len
= ux
.chain_len
;
1395 /* get-key-type-usages */
1397 const br_x509_class
*xc
;
1398 const br_x509_pkey
*pk
;
1401 xc
= *(ENG
->x509ctx
);
1402 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1406 T0_PUSH(pk
->key_type
| usages
);
1414 size_t addr
= (size_t)T0_POP();
1415 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1422 size_t addr
= (size_t)T0_POP();
1423 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1430 size_t addr
= (size_t)T0_POP();
1431 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1438 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1445 size_t len
= (size_t)T0_POP();
1446 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1447 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1448 int x
= memcmp(addr1
, addr2
, len
);
1449 T0_PUSH((uint32_t)-(x
== 0));
1456 size_t len
= (size_t)T0_POP();
1457 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1458 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1459 memcpy(dst
, src
, len
);
1466 size_t len
= (size_t)T0_POP();
1467 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1468 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1473 /* more-incoming-bytes? */
1475 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1480 /* multihash-init */
1482 br_multihash_init(&ENG
->mhash
);
1489 uint32_t a
= T0_POP();
1497 uint32_t a
= T0_POP();
1505 uint32_t b
= T0_POP();
1506 uint32_t a
= T0_POP();
1513 T0_PUSH(T0_PEEK(1));
1517 /* read-chunk-native */
1519 size_t clen
= ENG
->hlen_in
;
1525 if ((size_t)len
< clen
) {
1528 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1529 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1530 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1532 T0_PUSH(addr
+ (uint32_t)clen
);
1533 T0_PUSH(len
- (uint32_t)clen
);
1534 ENG
->hbuf_in
+= clen
;
1535 ENG
->hlen_in
-= clen
;
1543 if (ENG
->hlen_in
> 0) {
1546 x
= *ENG
->hbuf_in
++;
1547 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1548 br_multihash_update(&ENG
->mhash
, &x
, 1);
1559 /* set-server-curve */
1561 const br_x509_class
*xc
;
1562 const br_x509_pkey
*pk
;
1564 xc
= *(ENG
->x509ctx
);
1565 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1567 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1574 size_t addr
= (size_t)T0_POP();
1575 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1582 size_t addr
= (size_t)T0_POP();
1583 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1590 size_t addr
= (size_t)T0_POP();
1591 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1598 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1599 T0_PUSH((uint32_t)strlen(str
));
1604 /* supported-curves */
1606 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1612 /* supported-hash-functions */
1619 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1620 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1631 /* supports-ecdsa? */
1633 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1638 /* supports-rsa-sign? */
1640 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1650 /* switch-aesgcm-in */
1652 int is_client
, prf_id
;
1653 unsigned cipher_key_len
;
1655 cipher_key_len
= T0_POP();
1657 is_client
= T0_POP();
1658 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1659 ENG
->iaes_ctr
, cipher_key_len
);
1664 /* switch-aesgcm-out */
1666 int is_client
, prf_id
;
1667 unsigned cipher_key_len
;
1669 cipher_key_len
= T0_POP();
1671 is_client
= T0_POP();
1672 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1673 ENG
->iaes_ctr
, cipher_key_len
);
1680 int is_client
, prf_id
, mac_id
, aes
;
1681 unsigned cipher_key_len
;
1683 cipher_key_len
= T0_POP();
1687 is_client
= T0_POP();
1688 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1689 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1694 /* switch-cbc-out */
1696 int is_client
, prf_id
, mac_id
, aes
;
1697 unsigned cipher_key_len
;
1699 cipher_key_len
= T0_POP();
1703 is_client
= T0_POP();
1704 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1705 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1710 /* switch-chapol-in */
1712 int is_client
, prf_id
;
1715 is_client
= T0_POP();
1716 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1721 /* switch-chapol-out */
1723 int is_client
, prf_id
;
1726 is_client
= T0_POP();
1727 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1732 /* test-protocol-name */
1734 size_t len
= T0_POP();
1737 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1740 name
= ENG
->protocol_names
[u
];
1741 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1751 /* total-chain-length */
1757 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1758 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1767 int c
= (int)T0_POPi();
1768 uint32_t x
= T0_POP();
1774 /* verify-SKE-sig */
1776 size_t sig_len
= T0_POP();
1777 int use_rsa
= T0_POPi();
1778 int hash
= T0_POPi();
1780 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1785 /* write-blob-chunk */
1787 size_t clen
= ENG
->hlen_out
;
1793 if ((size_t)len
< clen
) {
1796 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1797 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1798 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1800 T0_PUSH(addr
+ (uint32_t)clen
);
1801 T0_PUSH(len
- (uint32_t)clen
);
1802 ENG
->hbuf_out
+= clen
;
1803 ENG
->hlen_out
-= clen
;
1813 x
= (unsigned char)T0_POP();
1814 if (ENG
->hlen_out
> 0) {
1815 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1816 br_multihash_update(&ENG
->mhash
, &x
, 1);
1818 *ENG
->hbuf_out
++ = x
;
1830 const br_x509_class
*xc
;
1833 xc
= *(ENG
->x509ctx
);
1835 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1842 const br_x509_class
*xc
;
1844 xc
= *(ENG
->x509ctx
);
1845 xc
->end_cert(ENG
->x509ctx
);
1850 /* x509-end-chain */
1852 const br_x509_class
*xc
;
1854 xc
= *(ENG
->x509ctx
);
1855 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1860 /* x509-start-cert */
1862 const br_x509_class
*xc
;
1864 xc
= *(ENG
->x509ctx
);
1865 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1870 /* x509-start-chain */
1872 const br_x509_class
*xc
;
1876 xc
= *(ENG
->x509ctx
);
1877 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1884 T0_ENTER(ip
, rp
, t0x
);
1888 ((t0_context
*)t0ctx
)->dp
= dp
;
1889 ((t0_context
*)t0ctx
)->rp
= rp
;
1890 ((t0_context
*)t0ctx
)->ip
= ip
;