1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char HASH_OID_SHA1
[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
177 static const unsigned char HASH_OID_SHA224
[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
181 static const unsigned char HASH_OID_SHA256
[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
185 static const unsigned char HASH_OID_SHA384
[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
189 static const unsigned char HASH_OID_SHA512
[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
193 static const unsigned char *HASH_OID
[] = {
202 * Check the RSA signature on the ServerKeyExchange message.
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
208 * Returned value is 0 on success, or an error code.
211 verify_SKE_sig(br_ssl_client_context
*ctx
,
212 int hash
, int use_rsa
, size_t sig_len
)
214 const br_x509_class
**xc
;
215 const br_x509_pkey
*pk
;
216 br_multihash_context mhc
;
217 unsigned char hv
[64], head
[4];
220 xc
= ctx
->eng
.x509ctx
;
221 pk
= (*xc
)->get_pkey(xc
, NULL
);
222 br_multihash_zero(&mhc
);
223 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
224 br_multihash_init(&mhc
);
225 br_multihash_update(&mhc
,
226 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
227 br_multihash_update(&mhc
,
228 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
231 head
[2] = ctx
->eng
.ecdhe_curve
;
232 head
[3] = ctx
->eng
.ecdhe_point_len
;
233 br_multihash_update(&mhc
, head
, sizeof head
);
234 br_multihash_update(&mhc
,
235 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
237 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
239 return BR_ERR_INVALID_ALGORITHM
;
242 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
243 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
245 return BR_ERR_INVALID_ALGORITHM
;
250 unsigned char tmp
[64];
251 const unsigned char *hash_oid
;
254 hash_oid
= HASH_OID
[hash
- 2];
258 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
259 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
260 || memcmp(tmp
, hv
, hv_len
) != 0)
262 return BR_ERR_BAD_SIGNATURE
;
265 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
266 ctx
->eng
.pad
, sig_len
))
268 return BR_ERR_BAD_SIGNATURE
;
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
284 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
287 unsigned char key
[66], point
[133];
288 const unsigned char *generator
, *order
, *point_src
;
289 size_t glen
, olen
, point_len
;
293 curve
= ctx
->eng
.ecdhe_curve
;
294 point_src
= ctx
->eng
.ecdhe_point
;
295 point_len
= ctx
->eng
.ecdhe_point_len
;
297 const br_x509_class
**xc
;
298 const br_x509_pkey
*pk
;
300 xc
= ctx
->eng
.x509ctx
;
301 pk
= (*xc
)->get_pkey(xc
, NULL
);
302 curve
= pk
->key
.ec
.curve
;
303 point_src
= pk
->key
.ec
.q
;
304 point_len
= pk
->key
.ec
.qlen
;
306 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM
;
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
316 order
= ctx
->eng
.iec
->order(curve
, &olen
);
318 while (mask
>= order
[0]) {
321 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
323 key
[olen
- 1] |= 0x01;
326 * Compute the common ECDH point, whose X coordinate is the
329 generator
= ctx
->eng
.iec
->generator(curve
, &glen
);
330 if (glen
!= point_len
) {
331 return -BR_ERR_INVALID_ALGORITHM
;
334 memcpy(point
, point_src
, glen
);
335 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
336 return -BR_ERR_INVALID_ALGORITHM
;
340 * The pre-master secret is the X coordinate.
342 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ 1, glen
>> 1);
344 memcpy(point
, generator
, glen
);
345 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
346 return -BR_ERR_INVALID_ALGORITHM
;
348 memcpy(ctx
->eng
.pad
, point
, glen
);
353 * Perform full static ECDH. This occurs only in the context of client
354 * authentication with certificates: the server uses an EC public key,
355 * the cipher suite is of type ECDH (not ECDHE), the server requested a
356 * client certificate and accepts static ECDH, the client has a
357 * certificate with an EC public key in the same curve, and accepts
358 * static ECDH as well.
360 * Returned value is 0 on success, -1 on error.
363 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
365 unsigned char point
[133];
367 const br_x509_class
**xc
;
368 const br_x509_pkey
*pk
;
370 xc
= ctx
->eng
.x509ctx
;
371 pk
= (*xc
)->get_pkey(xc
, NULL
);
372 point_len
= pk
->key
.ec
.qlen
;
373 if (point_len
> sizeof point
) {
376 memcpy(point
, pk
->key
.ec
.q
, point_len
);
377 if (!(*ctx
->client_auth_vtable
)->do_keyx(
378 ctx
->client_auth_vtable
, point
, point_len
))
382 br_ssl_engine_compute_master(&ctx
->eng
,
383 prf_id
, point
+ 1, point_len
>> 1);
388 * Compute the client-side signature. This is invoked only when a
389 * signature-based client authentication was selected. The computed
390 * signature is in the pad; its length (in bytes) is returned. On
391 * error, 0 is returned.
394 make_client_sign(br_ssl_client_context
*ctx
)
399 * Compute hash of handshake messages so far. This "cannot" fail
400 * because the list of supported hash functions provided to the
401 * client certificate handler was trimmed to include only the
402 * hash functions that the multi-hasher supports.
405 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
406 ctx
->hash_id
, ctx
->eng
.pad
);
408 br_multihash_out(&ctx
->eng
.mhash
,
409 br_md5_ID
, ctx
->eng
.pad
);
410 br_multihash_out(&ctx
->eng
.mhash
,
411 br_sha1_ID
, ctx
->eng
.pad
+ 16);
414 return (*ctx
->client_auth_vtable
)->do_sign(
415 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
416 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
421 static const uint8_t t0_datablock
[] = {
422 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
423 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
424 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
425 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
426 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
427 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
428 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
429 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
430 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
431 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
432 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
433 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
434 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
437 static const uint8_t t0_codeblock
[] = {
438 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
439 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
440 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
441 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
449 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
455 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
461 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
462 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
463 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
465 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
467 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
468 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
469 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
471 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
472 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
474 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
475 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
478 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
479 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
482 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
483 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
484 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
487 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
488 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
490 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
492 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
494 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
496 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
498 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
500 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
501 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
503 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
504 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
505 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
506 0x00, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x06,
507 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6E, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
508 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x96, 0x26, 0x5B, 0x43, 0x9A, 0x26,
509 0x05, 0x04, 0x5D, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9A,
510 0x00, 0x5B, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x26,
511 0x86, 0x43, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x43, 0x76, 0x2C, 0xA8, 0x1C,
512 0x81, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x43,
513 0x59, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x74, 0x3D, 0x29,
514 0x1A, 0x36, 0x06, 0x07, 0x02, 0x00, 0xCB, 0x03, 0x00, 0x04, 0x75, 0x01,
515 0x00, 0xC2, 0x02, 0x00, 0x26, 0x1A, 0x17, 0x06, 0x02, 0x6C, 0x28, 0xCB,
516 0x04, 0x76, 0x01, 0x01, 0x00, 0x74, 0x3D, 0x01, 0x16, 0x84, 0x3D, 0x01,
517 0x00, 0x87, 0x3C, 0x34, 0xD1, 0x29, 0xB1, 0x06, 0x09, 0x01, 0x7F, 0xAC,
518 0x01, 0x7F, 0xCE, 0x04, 0x80, 0x53, 0xAE, 0x76, 0x2C, 0x9E, 0x01,
519 T0_INT1(BR_KEYTYPE_SIGN
), 0x17, 0x06, 0x01, 0xB2, 0xB5, 0x26, 0x01,
520 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB4, 0xB5, 0x01, 0x7F, 0x04, 0x02, 0x01,
521 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x06, 0x02,
522 0x64, 0x28, 0x33, 0x06, 0x02, 0x6F, 0x28, 0x02, 0x00, 0x06, 0x1C, 0xCF,
523 0x7D, 0x2E, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDA,
524 0x01, 0x00, 0xD9, 0x76, 0x2C, 0xA8, 0x24, 0x04, 0x04, 0xD2, 0x06, 0x01,
525 0xD0, 0x04, 0x01, 0xD2, 0x01, 0x7F, 0xCE, 0x01, 0x7F, 0xAC, 0x01, 0x01,
526 0x74, 0x3D, 0x01, 0x17, 0x84, 0x3D, 0x00, 0x00, 0x38, 0x38, 0x00, 0x00,
527 0x97, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
528 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
530 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
531 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
532 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
533 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
534 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
535 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
536 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
537 0x43, 0x25, 0x00, 0x00, 0x7F, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
538 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3F, 0x06, 0x04, 0x01, 0x06,
539 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x85, 0x2E, 0x26, 0x06, 0x08, 0x01,
540 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
541 0x40, 0x03, 0x00, 0x25, 0x01, 0x00, 0x42, 0x06, 0x03, 0x02, 0x00, 0x08,
542 0x41, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
543 0x01, 0x06, 0x08, 0x00, 0x00, 0x88, 0x3E, 0x26, 0x06, 0x03, 0x01, 0x09,
544 0x08, 0x00, 0x01, 0x3F, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
545 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
546 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
547 0x08, 0x00, 0x00, 0x7C, 0x2D, 0x43, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
548 0x00, 0x9C, 0xCA, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
549 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9C, 0x04, 0x2D, 0x01, 0x01,
550 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x74, 0x3D, 0xB0, 0x85,
551 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA5, 0x37, 0x06, 0x0F, 0x29, 0x1A,
552 0x36, 0x06, 0x04, 0xCA, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC2, 0x04,
553 0x01, 0x9C, 0x04, 0x03, 0x6F, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
554 0x03, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x02, 0x00, 0x00,
555 0x00, 0x97, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x73, 0x2E, 0x01, 0x00, 0x38,
556 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
557 0x02, 0x73, 0x3D, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06,
558 0x15, 0x25, 0x01, 0x00, 0x73, 0x3D, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
559 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x57, 0x00, 0x04, 0x07, 0x25, 0x01,
560 0x82, 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05,
561 0x3A, 0xA9, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8C, 0x3D,
562 0x00, 0x01, 0xBC, 0xA7, 0xBC, 0xA7, 0xBE, 0x81, 0x43, 0x26, 0x03, 0x00,
563 0xB3, 0x98, 0x98, 0x02, 0x00, 0x4A, 0x26, 0x55, 0x06, 0x0A, 0x01, 0x03,
564 0xA5, 0x06, 0x02, 0x6F, 0x28, 0x25, 0x04, 0x03, 0x59, 0x87, 0x3C, 0x00,
565 0x00, 0x2F, 0x06, 0x0B, 0x83, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6F,
566 0x28, 0x04, 0x11, 0xCA, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06,
567 0x06, 0x06, 0x02, 0x6F, 0x28, 0x04, 0x70, 0x25, 0xBF, 0x01, 0x01, 0x0D,
568 0x33, 0x37, 0x06, 0x02, 0x5E, 0x28, 0x26, 0x01, 0x01, 0xC5, 0x36, 0xAF,
569 0x00, 0x01, 0xB5, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x26, 0x01,
570 0x03, 0x0E, 0x06, 0x08, 0xBD, 0x06, 0x02, 0x65, 0x28, 0x43, 0x25, 0x00,
571 0x43, 0x54, 0xBD, 0xA7, 0x26, 0x06, 0x23, 0xBD, 0xA7, 0x26, 0x53, 0x26,
572 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00,
573 0x04, 0x01, 0x26, 0x03, 0x00, 0x81, 0x02, 0x00, 0xB3, 0x02, 0x00, 0x50,
574 0x04, 0x65, 0x98, 0x51, 0x04, 0x5A, 0x98, 0x98, 0x52, 0x26, 0x06, 0x02,
575 0x35, 0x00, 0x25, 0x2B, 0x00, 0x00, 0x76, 0x2C, 0x9E, 0x01, 0x7F, 0xAD,
576 0x26, 0x55, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x6F, 0x28, 0x38,
577 0x17, 0x0D, 0x06, 0x02, 0x71, 0x28, 0x3B, 0x00, 0x00, 0x99, 0xB5, 0x01,
578 0x14, 0x0D, 0x06, 0x02, 0x6F, 0x28, 0x81, 0x01, 0x0C, 0x08, 0x01, 0x0C,
579 0xB3, 0x98, 0x81, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02,
580 0x61, 0x28, 0x00, 0x00, 0xB6, 0x06, 0x02, 0x6F, 0x28, 0x06, 0x02, 0x63,
581 0x28, 0x00, 0x0A, 0xB5, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0xBC,
582 0x03, 0x00, 0x02, 0x00, 0x92, 0x2C, 0x0A, 0x02, 0x00, 0x91, 0x2C, 0x0F,
583 0x37, 0x06, 0x02, 0x70, 0x28, 0x02, 0x00, 0x90, 0x2C, 0x0D, 0x06, 0x02,
584 0x68, 0x28, 0x02, 0x00, 0x93, 0x3C, 0x89, 0x01, 0x20, 0xB3, 0x01, 0x00,
585 0x03, 0x01, 0xBE, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02,
586 0x6D, 0x28, 0x81, 0x02, 0x02, 0xB3, 0x02, 0x02, 0x8B, 0x2E, 0x0E, 0x02,
587 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8A, 0x81, 0x02, 0x02, 0x30,
588 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8A, 0x81, 0x02, 0x02, 0x31, 0x02,
589 0x02, 0x8B, 0x3D, 0x02, 0x00, 0x8F, 0x02, 0x01, 0x95, 0xBC, 0x26, 0xC0,
590 0x55, 0x06, 0x02, 0x5F, 0x28, 0x76, 0x02, 0x01, 0x95, 0xBE, 0x06, 0x02,
591 0x60, 0x28, 0x26, 0x06, 0x81, 0x45, 0xBC, 0xA7, 0xA3, 0x03, 0x03, 0xA1,
592 0x03, 0x04, 0x9F, 0x03, 0x05, 0xA2, 0x03, 0x06, 0xA4, 0x03, 0x07, 0xA0,
593 0x03, 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBC, 0x01, 0x00,
594 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x69, 0x28, 0x01,
595 0x00, 0x03, 0x03, 0xBB, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06,
596 0x0F, 0x25, 0x02, 0x05, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x05,
597 0xB9, 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F,
598 0x25, 0x02, 0x04, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBA,
599 0x04, 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06,
600 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB7, 0x04, 0x3F, 0x01,
601 0x0A, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x69, 0x28,
602 0x01, 0x00, 0x03, 0x07, 0xB7, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06,
603 0x0E, 0x25, 0x02, 0x08, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x08,
604 0xB7, 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09,
605 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAB, 0x04, 0x03, 0x69,
606 0x28, 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01,
607 0x05, 0x0F, 0x06, 0x02, 0x66, 0x28, 0x01, 0x01, 0x85, 0x3D, 0x98, 0x98,
608 0x02, 0x01, 0x00, 0x04, 0xB5, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6F, 0x28,
609 0xBE, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6A, 0x28, 0xBC, 0x26, 0x79, 0x3D,
610 0x26, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6A, 0x28, 0x3F, 0x43, 0x11, 0x01,
611 0x01, 0x17, 0x05, 0x02, 0x6A, 0x28, 0xBE, 0x26, 0x01, 0x81, 0x05, 0x0F,
612 0x06, 0x02, 0x6A, 0x28, 0x26, 0x7B, 0x3D, 0x7A, 0x43, 0xB3, 0x8F, 0x2C,
613 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x76, 0x2C, 0xC8, 0x03, 0x01, 0x01,
614 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBE, 0x26, 0x26, 0x01, 0x02,
615 0x0A, 0x43, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6A, 0x28, 0x03, 0x02,
616 0xBE, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02,
617 0x6A, 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02,
618 0xBC, 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6B,
619 0x28, 0x81, 0x43, 0xB3, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4D, 0x26,
620 0x06, 0x01, 0x28, 0x25, 0x98, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02,
621 0x00, 0x94, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06,
622 0x02, 0x5D, 0x00, 0xCC, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBE,
623 0xA7, 0x26, 0x06, 0x80, 0x43, 0xBE, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06,
624 0x25, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06,
625 0x07, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38,
626 0x0E, 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80,
627 0x42, 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04,
628 0x01, 0x00, 0x43, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39,
629 0x98, 0x76, 0x2C, 0xC6, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F,
630 0x17, 0x03, 0x00, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB8,
631 0x26, 0x7E, 0x3C, 0x40, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C,
632 0x80, 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80,
633 0x00, 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01,
634 0x84, 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05,
635 0x01, 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01,
636 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBC, 0xA7, 0x26, 0x06, 0x23,
637 0xBC, 0xA7, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F,
638 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x81, 0x02,
639 0x01, 0xB3, 0x02, 0x01, 0x12, 0x04, 0x65, 0x98, 0x13, 0x04, 0x5A, 0x98,
640 0x14, 0x98, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB6, 0x26, 0x57, 0x06, 0x07,
641 0x25, 0x06, 0x02, 0x63, 0x28, 0x04, 0x74, 0x00, 0x00, 0xBF, 0x01, 0x03,
642 0xBD, 0x43, 0x25, 0x43, 0x00, 0x00, 0xBC, 0xC3, 0x00, 0x03, 0x01, 0x00,
643 0x03, 0x00, 0xBC, 0xA7, 0x26, 0x06, 0x32, 0xBE, 0x03, 0x01, 0xBE, 0x03,
644 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06, 0x0C, 0x17,
645 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E, 0x37, 0x17,
646 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5A, 0x01, 0x02, 0x0B,
647 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04, 0x4B, 0x98, 0x02, 0x00,
648 0x00, 0x00, 0xBC, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x62, 0x28, 0xBE, 0x01,
649 0x08, 0x08, 0x7F, 0x2E, 0x0E, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xBC,
650 0x85, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE,
651 0x01, 0x00, 0x0E, 0x05, 0x02, 0x66, 0x28, 0x01, 0x02, 0x85, 0x3D, 0x04,
652 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE, 0x01, 0x18, 0x0E,
653 0x05, 0x02, 0x66, 0x28, 0x81, 0x01, 0x18, 0xB3, 0x86, 0x81, 0x01, 0x18,
654 0x30, 0x05, 0x02, 0x66, 0x28, 0x00, 0x00, 0xBC, 0x06, 0x02, 0x67, 0x28,
655 0x00, 0x00, 0x01, 0x02, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x00,
656 0x00, 0x01, 0x03, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x01, 0x08,
657 0x0B, 0xBF, 0x08, 0x00, 0x00, 0x01, 0x01, 0x94, 0xBF, 0x00, 0x00, 0x3A,
658 0x26, 0x55, 0x05, 0x01, 0x00, 0x25, 0xCC, 0x04, 0x76, 0x02, 0x03, 0x00,
659 0x8E, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10,
660 0x26, 0x01, 0x01, 0x0B, 0x8D, 0x08, 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01,
661 0x00, 0x59, 0x04, 0x6A, 0x25, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, 0x84,
662 0x3D, 0x43, 0x4F, 0x25, 0x4F, 0x25, 0x29, 0x00, 0x00, 0x01, 0x01, 0x43,
663 0xC1, 0x00, 0x00, 0x43, 0x38, 0x94, 0x43, 0x26, 0x06, 0x05, 0xBF, 0x25,
664 0x5A, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E,
665 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x97, 0x56, 0x00, 0x02, 0x03, 0x00,
666 0x76, 0x2C, 0x97, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01,
667 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01,
668 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x00, 0x01,
669 0x18, 0x02, 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x68,
670 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01, 0x01, 0x10, 0x02,
671 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x52, 0x01, 0x02,
672 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06,
673 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06,
674 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01,
675 0x45, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01,
676 0x20, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x15, 0x01,
677 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x48,
678 0x04, 0x01, 0x49, 0x04, 0x03, 0x65, 0x28, 0x25, 0x00, 0x00, 0x97, 0x01,
679 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x26,
680 0x58, 0x43, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11,
681 0x01, 0x01, 0x0E, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x57, 0x00, 0x00,
682 0x1B, 0x01, 0x00, 0x72, 0x2E, 0x26, 0x06, 0x1F, 0x01, 0x01, 0x38, 0x0E,
683 0x06, 0x06, 0x25, 0x01, 0x00, 0x9B, 0x04, 0x11, 0x01, 0x02, 0x38, 0x0E,
684 0x06, 0x0A, 0x25, 0x74, 0x2E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01,
685 0x25, 0x04, 0x01, 0x25, 0x78, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x83,
686 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04,
687 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAA, 0x06, 0x03, 0x01,
688 0x7F, 0x9B, 0x04, 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
689 0x01, 0x37, 0x04, 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A,
690 0x06, 0x03, 0x01, 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x0F, 0x2F,
691 0x06, 0x0C, 0x83, 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x04, 0x25, 0xAA, 0x04,
692 0x01, 0x20, 0x00, 0x00, 0xCA, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06,
693 0x02, 0x6F, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02,
694 0x00, 0x84, 0x3D, 0x00, 0xCA, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCD,
695 0x01, 0x01, 0xDA, 0x29, 0x26, 0x01, 0x00, 0xC5, 0x01, 0x16, 0xCD, 0xD3,
696 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDA, 0x4B, 0x26, 0x26, 0x01, 0x03, 0x08,
697 0xD9, 0xD9, 0x18, 0x26, 0x55, 0x06, 0x02, 0x25, 0x00, 0xD9, 0x1D, 0x26,
698 0x06, 0x05, 0x81, 0x43, 0xD4, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21,
699 0x01, 0x0F, 0xDA, 0x26, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C,
700 0x01, 0x04, 0x08, 0xD9, 0x7D, 0x2E, 0xDA, 0x75, 0x2E, 0xDA, 0x04, 0x02,
701 0x5B, 0xD9, 0x26, 0xD8, 0x81, 0x43, 0xD4, 0x00, 0x02, 0xA1, 0xA3, 0x08,
702 0x9F, 0x08, 0xA2, 0x08, 0xA4, 0x08, 0xA0, 0x08, 0x27, 0x08, 0x03, 0x00,
703 0x01, 0x01, 0xDA, 0x01, 0x27, 0x8B, 0x2E, 0x08, 0x8E, 0x2E, 0x01, 0x01,
704 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5B, 0x02, 0x00, 0x08, 0x80, 0x2C,
705 0x38, 0x09, 0x26, 0x58, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x43, 0x5B,
706 0x43, 0x5C, 0x01, 0x04, 0x09, 0x26, 0x55, 0x06, 0x03, 0x25, 0x01, 0x00,
707 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x43, 0x01, 0x04,
708 0x08, 0x38, 0x08, 0x43, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xD9,
709 0x91, 0x2C, 0xD8, 0x77, 0x01, 0x04, 0x19, 0x77, 0x01, 0x04, 0x08, 0x01,
710 0x1C, 0x32, 0x77, 0x01, 0x20, 0xD4, 0x8A, 0x8B, 0x2E, 0xD6, 0x8E, 0x2E,
711 0x26, 0x01, 0x01, 0x0B, 0xD8, 0x8D, 0x43, 0x26, 0x06, 0x0F, 0x5A, 0x38,
712 0x2C, 0x26, 0xC4, 0x05, 0x02, 0x5F, 0x28, 0xD8, 0x43, 0x5B, 0x43, 0x04,
713 0x6E, 0x5D, 0x01, 0x01, 0xDA, 0x01, 0x00, 0xDA, 0x02, 0x00, 0x06, 0x81,
714 0x46, 0x02, 0x00, 0xD8, 0xA1, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD8,
715 0x86, 0xA1, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5A, 0xD6, 0xA3, 0x06, 0x16,
716 0x01, 0x00, 0xD8, 0x88, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x01, 0x02,
717 0x09, 0x26, 0xD8, 0x01, 0x00, 0xDA, 0x01, 0x03, 0x09, 0xD5, 0x9F, 0x06,
718 0x0C, 0x01, 0x01, 0xD8, 0x01, 0x01, 0xD8, 0x7F, 0x2E, 0x01, 0x08, 0x09,
719 0xDA, 0xA2, 0x06, 0x19, 0x01, 0x0D, 0xD8, 0xA2, 0x01, 0x04, 0x09, 0x26,
720 0xD8, 0x01, 0x02, 0x09, 0xD8, 0x41, 0x06, 0x03, 0x01, 0x03, 0xD7, 0x42,
721 0x06, 0x03, 0x01, 0x01, 0xD7, 0xA4, 0x26, 0x06, 0x22, 0x01, 0x0A, 0xD8,
722 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x3F, 0x01, 0x00, 0x26, 0x01,
723 0x20, 0x0A, 0x06, 0x0C, 0x9D, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26,
724 0xD8, 0x59, 0x04, 0x6E, 0x5D, 0x04, 0x01, 0x25, 0xA0, 0x06, 0x0A, 0x01,
725 0x0B, 0xD8, 0x01, 0x02, 0xD8, 0x01, 0x82, 0x00, 0xD8, 0x27, 0x26, 0x06,
726 0x1F, 0x01, 0x10, 0xD8, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x82,
727 0x2C, 0x01, 0x00, 0x9D, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDA, 0x81,
728 0x43, 0xD4, 0x59, 0x04, 0x72, 0x5D, 0x04, 0x01, 0x25, 0x02, 0x01, 0x55,
729 0x05, 0x11, 0x01, 0x15, 0xD8, 0x02, 0x01, 0x26, 0xD8, 0x26, 0x06, 0x06,
730 0x5A, 0x01, 0x00, 0xDA, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDA,
731 0x76, 0x2C, 0x26, 0xC9, 0x06, 0x0C, 0xA8, 0x23, 0x26, 0x5B, 0xD9, 0x26,
732 0xD8, 0x81, 0x43, 0xD4, 0x04, 0x0D, 0x26, 0xC7, 0x43, 0xA8, 0x22, 0x26,
733 0x59, 0xD9, 0x26, 0xDA, 0x81, 0x43, 0xD4, 0x00, 0x00, 0x99, 0x01, 0x14,
734 0xDA, 0x01, 0x0C, 0xD9, 0x81, 0x01, 0x0C, 0xD4, 0x00, 0x00, 0x4E, 0x26,
735 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5D, 0x00, 0xCA, 0x25, 0x04, 0x73, 0x00,
736 0x26, 0xD8, 0xD4, 0x00, 0x00, 0x26, 0xDA, 0xD4, 0x00, 0x01, 0x03, 0x00,
737 0x40, 0x25, 0x26, 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDA, 0x02,
738 0x00, 0xDA, 0x26, 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDA, 0x02,
739 0x00, 0xDA, 0x26, 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDA, 0x02,
740 0x00, 0xDA, 0x26, 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDA,
741 0x02, 0x00, 0xDA, 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDA, 0x02,
742 0x00, 0xDA, 0x00, 0x00, 0x26, 0x01, 0x08, 0x4C, 0xDA, 0xDA, 0x00, 0x00,
743 0x26, 0x01, 0x10, 0x4C, 0xDA, 0xD8, 0x00, 0x00, 0x26, 0x4F, 0x06, 0x02,
744 0x25, 0x00, 0xCA, 0x25, 0x04, 0x76
747 static const uint16_t t0_caddr
[] = {
884 #define T0_INTERPRETED 85
886 #define T0_ENTER(ip, rp, slot) do { \
887 const unsigned char *t0_newip; \
889 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
890 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
892 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
896 #define T0_DEFENTRY(name, slot) \
900 t0_context *t0ctx = ctx; \
901 t0ctx->ip = &t0_codeblock[0]; \
902 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
905 T0_DEFENTRY(br_ssl_hs_client_init_main
, 166)
907 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
910 br_ssl_hs_client_run(void *t0ctx
)
913 const unsigned char *ip
;
915 #define T0_LOCAL(x) (*(rp - 2 - (x)))
916 #define T0_POP() (*-- dp)
917 #define T0_POPi() (*(int32_t *)(-- dp))
918 #define T0_PEEK(x) (*(dp - 1 - (x)))
919 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
920 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
921 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
922 #define T0_RPOP() (*-- rp)
923 #define T0_RPOPi() (*(int32_t *)(-- rp))
924 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
925 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
926 #define T0_ROLL(x) do { \
927 size_t t0len = (size_t)(x); \
928 uint32_t t0tmp = *(dp - 1 - t0len); \
929 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
932 #define T0_SWAP() do { \
933 uint32_t t0tmp = *(dp - 2); \
934 *(dp - 2) = *(dp - 1); \
937 #define T0_ROT() do { \
938 uint32_t t0tmp = *(dp - 3); \
939 *(dp - 3) = *(dp - 2); \
940 *(dp - 2) = *(dp - 1); \
943 #define T0_NROT() do { \
944 uint32_t t0tmp = *(dp - 1); \
945 *(dp - 1) = *(dp - 2); \
946 *(dp - 2) = *(dp - 3); \
949 #define T0_PICK(x) do { \
950 uint32_t t0depth = (x); \
951 T0_PUSH(T0_PEEK(t0depth)); \
953 #define T0_CO() do { \
956 #define T0_RET() goto t0_next
958 dp
= ((t0_context
*)t0ctx
)->dp
;
959 rp
= ((t0_context
*)t0ctx
)->rp
;
960 ip
= ((t0_context
*)t0ctx
)->ip
;
967 if (t0x
< T0_INTERPRETED
) {
979 ip
= &t0_codeblock
[t0x
];
981 case 1: /* literal constant */
982 T0_PUSHi(t0_parse7E_signed(&ip
));
984 case 2: /* read local */
985 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
987 case 3: /* write local */
988 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
991 t0off
= t0_parse7E_signed(&ip
);
994 case 5: /* jump if */
995 t0off
= t0_parse7E_signed(&ip
);
1000 case 6: /* jump if not */
1001 t0off
= t0_parse7E_signed(&ip
);
1009 uint32_t b
= T0_POP();
1010 uint32_t a
= T0_POP();
1018 uint32_t b
= T0_POP();
1019 uint32_t a
= T0_POP();
1027 uint32_t b
= T0_POP();
1028 uint32_t a
= T0_POP();
1036 int32_t b
= T0_POPi();
1037 int32_t a
= T0_POPi();
1038 T0_PUSH(-(uint32_t)(a
< b
));
1045 int c
= (int)T0_POPi();
1046 uint32_t x
= T0_POP();
1054 int32_t b
= T0_POPi();
1055 int32_t a
= T0_POPi();
1056 T0_PUSH(-(uint32_t)(a
<= b
));
1063 uint32_t b
= T0_POP();
1064 uint32_t a
= T0_POP();
1065 T0_PUSH(-(uint32_t)(a
!= b
));
1072 uint32_t b
= T0_POP();
1073 uint32_t a
= T0_POP();
1074 T0_PUSH(-(uint32_t)(a
== b
));
1081 int32_t b
= T0_POPi();
1082 int32_t a
= T0_POPi();
1083 T0_PUSH(-(uint32_t)(a
> b
));
1090 int32_t b
= T0_POPi();
1091 int32_t a
= T0_POPi();
1092 T0_PUSH(-(uint32_t)(a
>= b
));
1099 int c
= (int)T0_POPi();
1100 int32_t x
= T0_POPi();
1106 /* anchor-dn-append-name */
1111 if (CTX
->client_auth_vtable
!= NULL
) {
1112 (*CTX
->client_auth_vtable
)->append_name(
1113 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1119 /* anchor-dn-end-name */
1121 if (CTX
->client_auth_vtable
!= NULL
) {
1122 (*CTX
->client_auth_vtable
)->end_name(
1123 CTX
->client_auth_vtable
);
1129 /* anchor-dn-end-name-list */
1131 if (CTX
->client_auth_vtable
!= NULL
) {
1132 (*CTX
->client_auth_vtable
)->end_name_list(
1133 CTX
->client_auth_vtable
);
1139 /* anchor-dn-start-name */
1144 if (CTX
->client_auth_vtable
!= NULL
) {
1145 (*CTX
->client_auth_vtable
)->start_name(
1146 CTX
->client_auth_vtable
, len
);
1152 /* anchor-dn-start-name-list */
1154 if (CTX
->client_auth_vtable
!= NULL
) {
1155 (*CTX
->client_auth_vtable
)->start_name_list(
1156 CTX
->client_auth_vtable
);
1164 uint32_t b
= T0_POP();
1165 uint32_t a
= T0_POP();
1173 if (ENG
->chain_len
== 0) {
1176 ENG
->cert_cur
= ENG
->chain
->data
;
1177 ENG
->cert_len
= ENG
->chain
->data_len
;
1180 T0_PUSH(ENG
->cert_len
);
1188 size_t len
= (size_t)T0_POP();
1189 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1190 memset(addr
, 0, len
);
1197 T0_PUSHi(-(ENG
->hlen_out
> 0));
1207 /* compute-Finished-inner */
1209 int prf_id
= T0_POP();
1210 int from_client
= T0_POPi();
1211 unsigned char seed
[48];
1214 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1215 if (ENG
->session
.version
>= BR_TLS12
) {
1216 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1218 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1219 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1222 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1223 sizeof ENG
->session
.master_secret
,
1224 from_client
? "client finished" : "server finished",
1230 /* copy-cert-chunk */
1234 clen
= ENG
->cert_len
;
1235 if (clen
> sizeof ENG
->pad
) {
1236 clen
= sizeof ENG
->pad
;
1238 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1239 ENG
->cert_cur
+= clen
;
1240 ENG
->cert_len
-= clen
;
1246 /* copy-protocol-name */
1248 size_t idx
= T0_POP();
1249 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1250 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1258 size_t addr
= T0_POP();
1259 T0_PUSH(t0_datablock
[addr
]);
1271 /* do-client-sign */
1275 sig_len
= make_client_sign(CTX
);
1277 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1287 unsigned prf_id
= T0_POP();
1288 unsigned ecdhe
= T0_POP();
1291 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1293 br_ssl_engine_fail(ENG
, -x
);
1302 /* do-rsa-encrypt */
1306 x
= make_pms_rsa(CTX
, T0_POP());
1308 br_ssl_engine_fail(ENG
, -x
);
1317 /* do-static-ecdh */
1319 unsigned prf_id
= T0_POP();
1321 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1322 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1335 T0_PUSH(T0_PEEK(0));
1339 /* ext-ALPN-length */
1343 if (ENG
->protocol_names_num
== 0) {
1348 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1349 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1358 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1366 br_ssl_engine_flush_record(ENG
);
1371 /* get-client-chain */
1373 uint32_t auth_types
;
1375 auth_types
= T0_POP();
1376 if (CTX
->client_auth_vtable
!= NULL
) {
1377 br_ssl_client_certificate ux
;
1379 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1380 CTX
, auth_types
, &ux
);
1381 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1382 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1383 ENG
->chain
= ux
.chain
;
1384 ENG
->chain_len
= ux
.chain_len
;
1393 /* get-key-type-usages */
1395 const br_x509_class
*xc
;
1396 const br_x509_pkey
*pk
;
1399 xc
= *(ENG
->x509ctx
);
1400 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1404 T0_PUSH(pk
->key_type
| usages
);
1412 size_t addr
= (size_t)T0_POP();
1413 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1420 size_t addr
= (size_t)T0_POP();
1421 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1428 size_t addr
= (size_t)T0_POP();
1429 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1436 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1443 size_t len
= (size_t)T0_POP();
1444 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1445 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1446 int x
= memcmp(addr1
, addr2
, len
);
1447 T0_PUSH((uint32_t)-(x
== 0));
1454 size_t len
= (size_t)T0_POP();
1455 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1456 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1457 memcpy(dst
, src
, len
);
1464 size_t len
= (size_t)T0_POP();
1465 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1466 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1471 /* more-incoming-bytes? */
1473 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1478 /* multihash-init */
1480 br_multihash_init(&ENG
->mhash
);
1487 uint32_t a
= T0_POP();
1495 uint32_t a
= T0_POP();
1503 uint32_t b
= T0_POP();
1504 uint32_t a
= T0_POP();
1511 T0_PUSH(T0_PEEK(1));
1515 /* read-chunk-native */
1517 size_t clen
= ENG
->hlen_in
;
1523 if ((size_t)len
< clen
) {
1526 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1527 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1528 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1530 T0_PUSH(addr
+ (uint32_t)clen
);
1531 T0_PUSH(len
- (uint32_t)clen
);
1532 ENG
->hbuf_in
+= clen
;
1533 ENG
->hlen_in
-= clen
;
1541 if (ENG
->hlen_in
> 0) {
1544 x
= *ENG
->hbuf_in
++;
1545 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1546 br_multihash_update(&ENG
->mhash
, &x
, 1);
1557 /* set-server-curve */
1559 const br_x509_class
*xc
;
1560 const br_x509_pkey
*pk
;
1562 xc
= *(ENG
->x509ctx
);
1563 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1565 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1572 size_t addr
= (size_t)T0_POP();
1573 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1580 size_t addr
= (size_t)T0_POP();
1581 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1588 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1589 T0_PUSH((uint32_t)strlen(str
));
1594 /* supported-curves */
1596 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1602 /* supported-hash-functions */
1609 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1610 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1621 /* supports-ecdsa? */
1623 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1628 /* supports-rsa-sign? */
1630 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1640 /* switch-aesgcm-in */
1642 int is_client
, prf_id
;
1643 unsigned cipher_key_len
;
1645 cipher_key_len
= T0_POP();
1647 is_client
= T0_POP();
1648 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1649 ENG
->iaes_ctr
, cipher_key_len
);
1654 /* switch-aesgcm-out */
1656 int is_client
, prf_id
;
1657 unsigned cipher_key_len
;
1659 cipher_key_len
= T0_POP();
1661 is_client
= T0_POP();
1662 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1663 ENG
->iaes_ctr
, cipher_key_len
);
1670 int is_client
, prf_id
, mac_id
, aes
;
1671 unsigned cipher_key_len
;
1673 cipher_key_len
= T0_POP();
1677 is_client
= T0_POP();
1678 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1679 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1684 /* switch-cbc-out */
1686 int is_client
, prf_id
, mac_id
, aes
;
1687 unsigned cipher_key_len
;
1689 cipher_key_len
= T0_POP();
1693 is_client
= T0_POP();
1694 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1695 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1700 /* switch-chapol-in */
1702 int is_client
, prf_id
;
1705 is_client
= T0_POP();
1706 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1711 /* switch-chapol-out */
1713 int is_client
, prf_id
;
1716 is_client
= T0_POP();
1717 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1722 /* test-protocol-name */
1724 size_t len
= T0_POP();
1727 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1730 name
= ENG
->protocol_names
[u
];
1731 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1741 /* total-chain-length */
1747 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1748 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1757 int c
= (int)T0_POPi();
1758 uint32_t x
= T0_POP();
1764 /* verify-SKE-sig */
1766 size_t sig_len
= T0_POP();
1767 int use_rsa
= T0_POPi();
1768 int hash
= T0_POPi();
1770 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1775 /* write-blob-chunk */
1777 size_t clen
= ENG
->hlen_out
;
1783 if ((size_t)len
< clen
) {
1786 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1787 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1788 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1790 T0_PUSH(addr
+ (uint32_t)clen
);
1791 T0_PUSH(len
- (uint32_t)clen
);
1792 ENG
->hbuf_out
+= clen
;
1793 ENG
->hlen_out
-= clen
;
1803 x
= (unsigned char)T0_POP();
1804 if (ENG
->hlen_out
> 0) {
1805 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1806 br_multihash_update(&ENG
->mhash
, &x
, 1);
1808 *ENG
->hbuf_out
++ = x
;
1820 const br_x509_class
*xc
;
1823 xc
= *(ENG
->x509ctx
);
1825 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1832 const br_x509_class
*xc
;
1834 xc
= *(ENG
->x509ctx
);
1835 xc
->end_cert(ENG
->x509ctx
);
1840 /* x509-end-chain */
1842 const br_x509_class
*xc
;
1844 xc
= *(ENG
->x509ctx
);
1845 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1850 /* x509-start-cert */
1852 const br_x509_class
*xc
;
1854 xc
= *(ENG
->x509ctx
);
1855 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1860 /* x509-start-chain */
1862 const br_x509_class
*xc
;
1866 xc
= *(ENG
->x509ctx
);
1867 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1874 T0_ENTER(ip
, rp
, t0x
);
1878 ((t0_context
*)t0ctx
)->dp
= dp
;
1879 ((t0_context
*)t0ctx
)->rp
= rp
;
1880 ((t0_context
*)t0ctx
)->ip
= ip
;