1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char HASH_OID_SHA1
[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
177 static const unsigned char HASH_OID_SHA224
[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
181 static const unsigned char HASH_OID_SHA256
[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
185 static const unsigned char HASH_OID_SHA384
[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
189 static const unsigned char HASH_OID_SHA512
[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
193 static const unsigned char *HASH_OID
[] = {
202 * Check the RSA signature on the ServerKeyExchange message.
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
208 * Returned value is 0 on success, or an error code.
211 verify_SKE_sig(br_ssl_client_context
*ctx
,
212 int hash
, int use_rsa
, size_t sig_len
)
214 const br_x509_class
**xc
;
215 const br_x509_pkey
*pk
;
216 br_multihash_context mhc
;
217 unsigned char hv
[64], head
[4];
220 xc
= ctx
->eng
.x509ctx
;
221 pk
= (*xc
)->get_pkey(xc
, NULL
);
222 br_multihash_zero(&mhc
);
223 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
224 br_multihash_init(&mhc
);
225 br_multihash_update(&mhc
,
226 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
227 br_multihash_update(&mhc
,
228 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
231 head
[2] = ctx
->eng
.ecdhe_curve
;
232 head
[3] = ctx
->eng
.ecdhe_point_len
;
233 br_multihash_update(&mhc
, head
, sizeof head
);
234 br_multihash_update(&mhc
,
235 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
237 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
239 return BR_ERR_INVALID_ALGORITHM
;
242 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
243 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
245 return BR_ERR_INVALID_ALGORITHM
;
250 unsigned char tmp
[64];
251 const unsigned char *hash_oid
;
254 hash_oid
= HASH_OID
[hash
- 2];
258 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
259 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
260 || memcmp(tmp
, hv
, hv_len
) != 0)
262 return BR_ERR_BAD_SIGNATURE
;
265 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
266 ctx
->eng
.pad
, sig_len
))
268 return BR_ERR_BAD_SIGNATURE
;
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
284 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
287 unsigned char key
[66], point
[133];
288 const unsigned char *order
, *point_src
;
289 size_t glen
, olen
, point_len
;
293 curve
= ctx
->eng
.ecdhe_curve
;
294 point_src
= ctx
->eng
.ecdhe_point
;
295 point_len
= ctx
->eng
.ecdhe_point_len
;
297 const br_x509_class
**xc
;
298 const br_x509_pkey
*pk
;
300 xc
= ctx
->eng
.x509ctx
;
301 pk
= (*xc
)->get_pkey(xc
, NULL
);
302 curve
= pk
->key
.ec
.curve
;
303 point_src
= pk
->key
.ec
.q
;
304 point_len
= pk
->key
.ec
.qlen
;
306 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM
;
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
316 order
= ctx
->eng
.iec
->order(curve
, &olen
);
318 while (mask
>= order
[0]) {
321 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
323 key
[olen
- 1] |= 0x01;
326 * Compute the common ECDH point, whose X coordinate is the
329 ctx
->eng
.iec
->generator(curve
, &glen
);
330 if (glen
!= point_len
) {
331 return -BR_ERR_INVALID_ALGORITHM
;
334 memcpy(point
, point_src
, glen
);
335 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
336 return -BR_ERR_INVALID_ALGORITHM
;
340 * The pre-master secret is the X coordinate.
342 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ 1, glen
>> 1);
344 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
345 memcpy(ctx
->eng
.pad
, point
, glen
);
350 * Perform full static ECDH. This occurs only in the context of client
351 * authentication with certificates: the server uses an EC public key,
352 * the cipher suite is of type ECDH (not ECDHE), the server requested a
353 * client certificate and accepts static ECDH, the client has a
354 * certificate with an EC public key in the same curve, and accepts
355 * static ECDH as well.
357 * Returned value is 0 on success, -1 on error.
360 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
362 unsigned char point
[133];
364 const br_x509_class
**xc
;
365 const br_x509_pkey
*pk
;
367 xc
= ctx
->eng
.x509ctx
;
368 pk
= (*xc
)->get_pkey(xc
, NULL
);
369 point_len
= pk
->key
.ec
.qlen
;
370 if (point_len
> sizeof point
) {
373 memcpy(point
, pk
->key
.ec
.q
, point_len
);
374 if (!(*ctx
->client_auth_vtable
)->do_keyx(
375 ctx
->client_auth_vtable
, point
, point_len
))
379 br_ssl_engine_compute_master(&ctx
->eng
,
380 prf_id
, point
+ 1, point_len
>> 1);
385 * Compute the client-side signature. This is invoked only when a
386 * signature-based client authentication was selected. The computed
387 * signature is in the pad; its length (in bytes) is returned. On
388 * error, 0 is returned.
391 make_client_sign(br_ssl_client_context
*ctx
)
396 * Compute hash of handshake messages so far. This "cannot" fail
397 * because the list of supported hash functions provided to the
398 * client certificate handler was trimmed to include only the
399 * hash functions that the multi-hasher supports.
402 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
403 ctx
->hash_id
, ctx
->eng
.pad
);
405 br_multihash_out(&ctx
->eng
.mhash
,
406 br_md5_ID
, ctx
->eng
.pad
);
407 br_multihash_out(&ctx
->eng
.mhash
,
408 br_sha1_ID
, ctx
->eng
.pad
+ 16);
411 return (*ctx
->client_auth_vtable
)->do_sign(
412 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
413 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
418 static const uint8_t t0_datablock
[] = {
419 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
420 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
421 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
422 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
423 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
424 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
425 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
426 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
427 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
428 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
429 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
430 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
431 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
434 static const uint8_t t0_codeblock
[] = {
435 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
436 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
437 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
438 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
439 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
441 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
449 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
455 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
457 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
458 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
460 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
462 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
464 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
465 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
468 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
469 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
470 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
471 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
472 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
475 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
477 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
479 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
481 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
482 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
484 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
487 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
489 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
491 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
493 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
494 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
495 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
497 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
498 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
500 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
501 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
502 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
503 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
504 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
505 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
506 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
507 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
508 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
509 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
510 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x3E, 0x29,
511 0x1A, 0x36, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01,
512 0x00, 0xC3, 0x02, 0x00, 0x26, 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC,
513 0x04, 0x76, 0x01, 0x01, 0x00, 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01,
514 0x00, 0x88, 0x3C, 0x34, 0xD2, 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD,
515 0x01, 0x7F, 0xCF, 0x04, 0x80, 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01,
516 T0_INT1(BR_KEYTYPE_SIGN
), 0x17, 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01,
517 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5, 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01,
518 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x06, 0x02,
519 0x65, 0x28, 0x33, 0x06, 0x02, 0x70, 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0,
520 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB,
521 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9, 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01,
522 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F, 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01,
523 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E, 0x00, 0x00, 0x38, 0x38, 0x00, 0x00,
524 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
525 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
526 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
527 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
528 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
529 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
530 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
531 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
532 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
533 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
534 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
535 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
536 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
537 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
538 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
539 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
540 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
541 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
542 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
543 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
544 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
545 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
546 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
547 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
548 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
549 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
550 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
551 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
552 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
553 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
554 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
555 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
556 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
557 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
558 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
559 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
560 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
561 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
562 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
563 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
564 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
565 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
566 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
567 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
568 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
569 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
570 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
571 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
572 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
573 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
574 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
575 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
576 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
577 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
578 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
579 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
580 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
581 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
582 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
583 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
584 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
585 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
586 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
587 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
588 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
589 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
590 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
591 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
592 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
593 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
594 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
595 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
596 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
597 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
598 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
599 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
600 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
601 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
602 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
603 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
604 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
605 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
606 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
607 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
608 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
609 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
610 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
611 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
612 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
613 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
614 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
615 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
616 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
617 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
618 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
619 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
620 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
621 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
622 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
623 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
624 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
625 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
626 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
627 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
628 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
629 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
630 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
631 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
632 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
633 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
634 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
635 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
636 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
637 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
638 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
639 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
640 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
641 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
642 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
643 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
644 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
645 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
646 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
647 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
648 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
649 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
650 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
651 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
652 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
653 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
654 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
655 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
656 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
657 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
658 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
659 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
660 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
661 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
662 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
663 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
664 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
665 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
666 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
667 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
668 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
669 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
670 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
671 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
672 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
673 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
674 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
675 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
676 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
677 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
678 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
679 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
680 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
681 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
682 0x06, 0x1F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
683 0x04, 0x11, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0A, 0x25, 0x75, 0x2E, 0x06,
684 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x79, 0x2E,
685 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06,
686 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06,
687 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04, 0x13, 0x01, 0x16,
688 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25, 0x01,
689 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37, 0x00,
690 0x00, 0x1B, 0x26, 0x05, 0x0F, 0x2F, 0x06, 0x0C, 0x84, 0x2E, 0x01, 0x15,
691 0x0E, 0x06, 0x04, 0x25, 0xAB, 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01,
692 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03,
693 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25,
694 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01,
695 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB,
696 0x4C, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06,
697 0x02, 0x25, 0x00, 0xDA, 0x1D, 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04,
698 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C,
699 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E,
700 0xDB, 0x76, 0x2E, 0xDB, 0x04, 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
701 0xD5, 0x00, 0x02, 0xA2, 0xA4, 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08,
702 0xA1, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C,
703 0x2E, 0x08, 0x8F, 0x2E, 0x01, 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04,
704 0x5C, 0x02, 0x00, 0x08, 0x81, 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24,
705 0x02, 0x00, 0x05, 0x04, 0x44, 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26,
706 0x56, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00,
707 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03,
708 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04,
709 0x19, 0x78, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5,
710 0x8B, 0x8C, 0x2E, 0xD7, 0x8F, 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E,
711 0x44, 0x26, 0x06, 0x0F, 0x5B, 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60,
712 0x28, 0xD9, 0x44, 0x5C, 0x44, 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01,
713 0x00, 0xDB, 0x02, 0x00, 0x06, 0x81, 0x46, 0x02, 0x00, 0xD9, 0xA2, 0x06,
714 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26,
715 0xD9, 0x5B, 0xD7, 0xA4, 0x06, 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01,
716 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB,
717 0x01, 0x03, 0x09, 0xD6, 0xA0, 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01,
718 0xD9, 0x80, 0x2E, 0x01, 0x08, 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D,
719 0xD9, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42,
720 0x06, 0x03, 0x01, 0x03, 0xD8, 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5,
721 0x26, 0x06, 0x22, 0x01, 0x0A, 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D,
722 0xD9, 0x40, 0x01, 0x00, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x9E, 0x11,
723 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04, 0x6E, 0x5E, 0x04,
724 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01, 0x02, 0xD9, 0x01,
725 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xD9, 0x01, 0x04,
726 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00, 0x9E, 0x0F, 0x06,
727 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A, 0x04, 0x72, 0x5E,
728 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01, 0x15, 0xD9, 0x02,
729 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00, 0xDB, 0x04, 0x77,
730 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26, 0xCA, 0x06, 0x0C,
731 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x04, 0x0D,
732 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26, 0xDB, 0x82, 0x44,
733 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C, 0xDA, 0x82, 0x01,
734 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E,
735 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5, 0x00, 0x00, 0x26,
736 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10, 0x17,
737 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x08, 0x17,
738 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x20, 0x17,
739 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x80, 0x40,
740 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB, 0x01, 0x04, 0x17,
741 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00, 0x00, 0x26, 0x01,
742 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4D, 0xDB, 0xD9,
743 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB, 0x25, 0x04, 0x76
746 static const uint16_t t0_caddr
[] = {
883 #define T0_INTERPRETED 86
885 #define T0_ENTER(ip, rp, slot) do { \
886 const unsigned char *t0_newip; \
888 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
889 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
891 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
895 #define T0_DEFENTRY(name, slot) \
899 t0_context *t0ctx = ctx; \
900 t0ctx->ip = &t0_codeblock[0]; \
901 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
904 T0_DEFENTRY(br_ssl_hs_client_init_main
, 167)
906 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
909 br_ssl_hs_client_run(void *t0ctx
)
912 const unsigned char *ip
;
914 #define T0_LOCAL(x) (*(rp - 2 - (x)))
915 #define T0_POP() (*-- dp)
916 #define T0_POPi() (*(int32_t *)(-- dp))
917 #define T0_PEEK(x) (*(dp - 1 - (x)))
918 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
919 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
920 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
921 #define T0_RPOP() (*-- rp)
922 #define T0_RPOPi() (*(int32_t *)(-- rp))
923 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
924 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
925 #define T0_ROLL(x) do { \
926 size_t t0len = (size_t)(x); \
927 uint32_t t0tmp = *(dp - 1 - t0len); \
928 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
931 #define T0_SWAP() do { \
932 uint32_t t0tmp = *(dp - 2); \
933 *(dp - 2) = *(dp - 1); \
936 #define T0_ROT() do { \
937 uint32_t t0tmp = *(dp - 3); \
938 *(dp - 3) = *(dp - 2); \
939 *(dp - 2) = *(dp - 1); \
942 #define T0_NROT() do { \
943 uint32_t t0tmp = *(dp - 1); \
944 *(dp - 1) = *(dp - 2); \
945 *(dp - 2) = *(dp - 3); \
948 #define T0_PICK(x) do { \
949 uint32_t t0depth = (x); \
950 T0_PUSH(T0_PEEK(t0depth)); \
952 #define T0_CO() do { \
955 #define T0_RET() goto t0_next
957 dp
= ((t0_context
*)t0ctx
)->dp
;
958 rp
= ((t0_context
*)t0ctx
)->rp
;
959 ip
= ((t0_context
*)t0ctx
)->ip
;
966 if (t0x
< T0_INTERPRETED
) {
978 ip
= &t0_codeblock
[t0x
];
980 case 1: /* literal constant */
981 T0_PUSHi(t0_parse7E_signed(&ip
));
983 case 2: /* read local */
984 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
986 case 3: /* write local */
987 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
990 t0off
= t0_parse7E_signed(&ip
);
993 case 5: /* jump if */
994 t0off
= t0_parse7E_signed(&ip
);
999 case 6: /* jump if not */
1000 t0off
= t0_parse7E_signed(&ip
);
1008 uint32_t b
= T0_POP();
1009 uint32_t a
= T0_POP();
1017 uint32_t b
= T0_POP();
1018 uint32_t a
= T0_POP();
1026 uint32_t b
= T0_POP();
1027 uint32_t a
= T0_POP();
1035 int32_t b
= T0_POPi();
1036 int32_t a
= T0_POPi();
1037 T0_PUSH(-(uint32_t)(a
< b
));
1044 int c
= (int)T0_POPi();
1045 uint32_t x
= T0_POP();
1053 int32_t b
= T0_POPi();
1054 int32_t a
= T0_POPi();
1055 T0_PUSH(-(uint32_t)(a
<= b
));
1062 uint32_t b
= T0_POP();
1063 uint32_t a
= T0_POP();
1064 T0_PUSH(-(uint32_t)(a
!= b
));
1071 uint32_t b
= T0_POP();
1072 uint32_t a
= T0_POP();
1073 T0_PUSH(-(uint32_t)(a
== b
));
1080 int32_t b
= T0_POPi();
1081 int32_t a
= T0_POPi();
1082 T0_PUSH(-(uint32_t)(a
> b
));
1089 int32_t b
= T0_POPi();
1090 int32_t a
= T0_POPi();
1091 T0_PUSH(-(uint32_t)(a
>= b
));
1098 int c
= (int)T0_POPi();
1099 int32_t x
= T0_POPi();
1105 /* anchor-dn-append-name */
1110 if (CTX
->client_auth_vtable
!= NULL
) {
1111 (*CTX
->client_auth_vtable
)->append_name(
1112 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1118 /* anchor-dn-end-name */
1120 if (CTX
->client_auth_vtable
!= NULL
) {
1121 (*CTX
->client_auth_vtable
)->end_name(
1122 CTX
->client_auth_vtable
);
1128 /* anchor-dn-end-name-list */
1130 if (CTX
->client_auth_vtable
!= NULL
) {
1131 (*CTX
->client_auth_vtable
)->end_name_list(
1132 CTX
->client_auth_vtable
);
1138 /* anchor-dn-start-name */
1143 if (CTX
->client_auth_vtable
!= NULL
) {
1144 (*CTX
->client_auth_vtable
)->start_name(
1145 CTX
->client_auth_vtable
, len
);
1151 /* anchor-dn-start-name-list */
1153 if (CTX
->client_auth_vtable
!= NULL
) {
1154 (*CTX
->client_auth_vtable
)->start_name_list(
1155 CTX
->client_auth_vtable
);
1163 uint32_t b
= T0_POP();
1164 uint32_t a
= T0_POP();
1172 if (ENG
->chain_len
== 0) {
1175 ENG
->cert_cur
= ENG
->chain
->data
;
1176 ENG
->cert_len
= ENG
->chain
->data_len
;
1179 T0_PUSH(ENG
->cert_len
);
1187 size_t len
= (size_t)T0_POP();
1188 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1189 memset(addr
, 0, len
);
1196 T0_PUSHi(-(ENG
->hlen_out
> 0));
1206 /* compute-Finished-inner */
1208 int prf_id
= T0_POP();
1209 int from_client
= T0_POPi();
1210 unsigned char seed
[48];
1213 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1214 if (ENG
->session
.version
>= BR_TLS12
) {
1215 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1217 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1218 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1221 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1222 sizeof ENG
->session
.master_secret
,
1223 from_client
? "client finished" : "server finished",
1229 /* copy-cert-chunk */
1233 clen
= ENG
->cert_len
;
1234 if (clen
> sizeof ENG
->pad
) {
1235 clen
= sizeof ENG
->pad
;
1237 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1238 ENG
->cert_cur
+= clen
;
1239 ENG
->cert_len
-= clen
;
1245 /* copy-protocol-name */
1247 size_t idx
= T0_POP();
1248 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1249 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1257 size_t addr
= T0_POP();
1258 T0_PUSH(t0_datablock
[addr
]);
1270 /* do-client-sign */
1274 sig_len
= make_client_sign(CTX
);
1276 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1286 unsigned prf_id
= T0_POP();
1287 unsigned ecdhe
= T0_POP();
1290 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1292 br_ssl_engine_fail(ENG
, -x
);
1301 /* do-rsa-encrypt */
1305 x
= make_pms_rsa(CTX
, T0_POP());
1307 br_ssl_engine_fail(ENG
, -x
);
1316 /* do-static-ecdh */
1318 unsigned prf_id
= T0_POP();
1320 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1321 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1334 T0_PUSH(T0_PEEK(0));
1338 /* ext-ALPN-length */
1342 if (ENG
->protocol_names_num
== 0) {
1347 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1348 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1357 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1365 br_ssl_engine_flush_record(ENG
);
1370 /* get-client-chain */
1372 uint32_t auth_types
;
1374 auth_types
= T0_POP();
1375 if (CTX
->client_auth_vtable
!= NULL
) {
1376 br_ssl_client_certificate ux
;
1378 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1379 CTX
, auth_types
, &ux
);
1380 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1381 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1382 ENG
->chain
= ux
.chain
;
1383 ENG
->chain_len
= ux
.chain_len
;
1392 /* get-key-type-usages */
1394 const br_x509_class
*xc
;
1395 const br_x509_pkey
*pk
;
1398 xc
= *(ENG
->x509ctx
);
1399 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1403 T0_PUSH(pk
->key_type
| usages
);
1411 size_t addr
= (size_t)T0_POP();
1412 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1419 size_t addr
= (size_t)T0_POP();
1420 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1427 size_t addr
= (size_t)T0_POP();
1428 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1435 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1442 size_t len
= (size_t)T0_POP();
1443 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1444 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1445 int x
= memcmp(addr1
, addr2
, len
);
1446 T0_PUSH((uint32_t)-(x
== 0));
1453 size_t len
= (size_t)T0_POP();
1454 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1455 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1456 memcpy(dst
, src
, len
);
1463 size_t len
= (size_t)T0_POP();
1464 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1465 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1470 /* more-incoming-bytes? */
1472 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1477 /* multihash-init */
1479 br_multihash_init(&ENG
->mhash
);
1486 uint32_t a
= T0_POP();
1494 uint32_t a
= T0_POP();
1502 uint32_t b
= T0_POP();
1503 uint32_t a
= T0_POP();
1510 T0_PUSH(T0_PEEK(1));
1514 /* read-chunk-native */
1516 size_t clen
= ENG
->hlen_in
;
1522 if ((size_t)len
< clen
) {
1525 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1526 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1527 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1529 T0_PUSH(addr
+ (uint32_t)clen
);
1530 T0_PUSH(len
- (uint32_t)clen
);
1531 ENG
->hbuf_in
+= clen
;
1532 ENG
->hlen_in
-= clen
;
1540 if (ENG
->hlen_in
> 0) {
1543 x
= *ENG
->hbuf_in
++;
1544 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1545 br_multihash_update(&ENG
->mhash
, &x
, 1);
1556 /* set-server-curve */
1558 const br_x509_class
*xc
;
1559 const br_x509_pkey
*pk
;
1561 xc
= *(ENG
->x509ctx
);
1562 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1564 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1571 size_t addr
= (size_t)T0_POP();
1572 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1579 size_t addr
= (size_t)T0_POP();
1580 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1587 size_t addr
= (size_t)T0_POP();
1588 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1595 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1596 T0_PUSH((uint32_t)strlen(str
));
1601 /* supported-curves */
1603 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1609 /* supported-hash-functions */
1616 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1617 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1628 /* supports-ecdsa? */
1630 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1635 /* supports-rsa-sign? */
1637 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1647 /* switch-aesgcm-in */
1649 int is_client
, prf_id
;
1650 unsigned cipher_key_len
;
1652 cipher_key_len
= T0_POP();
1654 is_client
= T0_POP();
1655 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1656 ENG
->iaes_ctr
, cipher_key_len
);
1661 /* switch-aesgcm-out */
1663 int is_client
, prf_id
;
1664 unsigned cipher_key_len
;
1666 cipher_key_len
= T0_POP();
1668 is_client
= T0_POP();
1669 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1670 ENG
->iaes_ctr
, cipher_key_len
);
1677 int is_client
, prf_id
, mac_id
, aes
;
1678 unsigned cipher_key_len
;
1680 cipher_key_len
= T0_POP();
1684 is_client
= T0_POP();
1685 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1686 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1691 /* switch-cbc-out */
1693 int is_client
, prf_id
, mac_id
, aes
;
1694 unsigned cipher_key_len
;
1696 cipher_key_len
= T0_POP();
1700 is_client
= T0_POP();
1701 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1702 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1707 /* switch-chapol-in */
1709 int is_client
, prf_id
;
1712 is_client
= T0_POP();
1713 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1718 /* switch-chapol-out */
1720 int is_client
, prf_id
;
1723 is_client
= T0_POP();
1724 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1729 /* test-protocol-name */
1731 size_t len
= T0_POP();
1734 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1737 name
= ENG
->protocol_names
[u
];
1738 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1748 /* total-chain-length */
1754 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1755 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1764 int c
= (int)T0_POPi();
1765 uint32_t x
= T0_POP();
1771 /* verify-SKE-sig */
1773 size_t sig_len
= T0_POP();
1774 int use_rsa
= T0_POPi();
1775 int hash
= T0_POPi();
1777 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1782 /* write-blob-chunk */
1784 size_t clen
= ENG
->hlen_out
;
1790 if ((size_t)len
< clen
) {
1793 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1794 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1795 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1797 T0_PUSH(addr
+ (uint32_t)clen
);
1798 T0_PUSH(len
- (uint32_t)clen
);
1799 ENG
->hbuf_out
+= clen
;
1800 ENG
->hlen_out
-= clen
;
1810 x
= (unsigned char)T0_POP();
1811 if (ENG
->hlen_out
> 0) {
1812 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1813 br_multihash_update(&ENG
->mhash
, &x
, 1);
1815 *ENG
->hbuf_out
++ = x
;
1827 const br_x509_class
*xc
;
1830 xc
= *(ENG
->x509ctx
);
1832 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1839 const br_x509_class
*xc
;
1841 xc
= *(ENG
->x509ctx
);
1842 xc
->end_cert(ENG
->x509ctx
);
1847 /* x509-end-chain */
1849 const br_x509_class
*xc
;
1851 xc
= *(ENG
->x509ctx
);
1852 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1857 /* x509-start-cert */
1859 const br_x509_class
*xc
;
1861 xc
= *(ENG
->x509ctx
);
1862 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1867 /* x509-start-chain */
1869 const br_x509_class
*xc
;
1873 xc
= *(ENG
->x509ctx
);
1874 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1881 T0_ENTER(ip
, rp
, t0x
);
1885 ((t0_context
*)t0ctx
)->dp
= dp
;
1886 ((t0_context
*)t0ctx
)->rp
= rp
;
1887 ((t0_context
*)t0ctx
)->ip
= ip
;