[BearSSL] / src / ssl / ssl_hs_client.c

/* Automatically generated code; do not modify directly. */

#include <stddef.h>
#include <stdint.h>

typedef struct {
        uint32_t *dp;
        uint32_t *rp;
        const unsigned char *ip;
} t0_context;

static uint32_t
t0_parse7E_unsigned(const unsigned char **p)
{
        uint32_t x;

        x = 0;
        for (;;) {
                unsigned y;

                y = *(*p) ++;
                x = (x << 7) | (uint32_t)(y & 0x7F);
                if (y < 0x80) {
                        return x;
                }
        }
}

static int32_t
t0_parse7E_signed(const unsigned char **p)
{
        int neg;
        uint32_t x;

        neg = ((**p) >> 6) & 1;
        x = (uint32_t)-neg;
        for (;;) {
                unsigned y;

                y = *(*p) ++;
                x = (x << 7) | (uint32_t)(y & 0x7F);
                if (y < 0x80) {
                        if (neg) {
                                return -(int32_t)~x - 1;
                        } else {
                                return (int32_t)x;
                        }
                }
        }
}

#define T0_VBYTE(x, n)   (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
#define T0_FBYTE(x, n)   (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
#define T0_SBYTE(x)      (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
#define T0_INT1(x)       T0_FBYTE(x, 0)
#define T0_INT2(x)       T0_VBYTE(x, 7), T0_FBYTE(x, 0)
#define T0_INT3(x)       T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
#define T0_INT4(x)       T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
#define T0_INT5(x)       T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)

static const uint8_t t0_datablock[];


void br_ssl_hs_client_init_main(void *t0ctx);

void br_ssl_hs_client_run(void *t0ctx);



#include <stddef.h>
#include <string.h>

#include "inner.h"

/*
 * This macro evaluates to a pointer to the current engine context.
 */
#define ENG  ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))





/*
 * This macro evaluates to a pointer to the client context, under that
 * specific name. It must be noted that since the engine context is the
 * first field of the br_ssl_client_context structure ('eng'), then
 * pointers values of both types are interchangeable, modulo an
 * appropriate cast. This also means that "adresses" computed as offsets
 * within the structure work for both kinds of context.
 */
#define CTX  ((br_ssl_client_context *)ENG)

/*
 * Generate the pre-master secret for RSA key exchange, and encrypt it
 * with the server's public key. Returned value is either the encrypted
 * data length (in bytes), or -x on error, with 'x' being an error code.
 *
 * This code assumes that the public key has been already verified (it
 * was properly obtained by the X.509 engine, and it has the right type,
 * i.e. it is of type RSA and suitable for encryption).
 */
static int
make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
{
        const br_x509_class **xc;
        const br_x509_pkey *pk;
        const unsigned char *n;
        unsigned char *pms;
        size_t nlen, u;

        xc = ctx->eng.x509ctx;
        pk = (*xc)->get_pkey(xc, NULL);

        /*
         * Compute actual RSA key length, in case there are leading zeros.
         */
        n = pk->key.rsa.n;
        nlen = pk->key.rsa.nlen;
        while (nlen > 0 && *n == 0) {
                n ++;
                nlen --;
        }

        /*
         * We need at least 59 bytes (48 bytes for pre-master secret, and
         * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
         * minimal engine normally blocks RSA keys shorter than 128 bytes,
         * so this is mostly for public keys provided explicitly by the
         * caller.
         */
        if (nlen < 59) {
                return -BR_ERR_X509_WEAK_PUBLIC_KEY;
        }
        if (nlen > sizeof ctx->eng.pad) {
                return -BR_ERR_LIMIT_EXCEEDED;
        }

        /*
         * Make PMS.
         */
        pms = ctx->eng.pad + nlen - 48;
        br_enc16be(pms, ctx->eng.version_max);
        br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
        br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);

        /*
         * Apply PKCS#1 type 2 padding.
         */
        ctx->eng.pad[0] = 0x00;
        ctx->eng.pad[1] = 0x02;
        ctx->eng.pad[nlen - 49] = 0x00;
        br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
        for (u = 2; u < nlen - 49; u ++) {
                while (ctx->eng.pad[u] == 0) {
                        br_hmac_drbg_generate(&ctx->eng.rng,
                                &ctx->eng.pad[u], 1);
                }
        }

        /*
         * Compute RSA encryption.
         */
        if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
                return -BR_ERR_LIMIT_EXCEEDED;
        }
        return (int)nlen;
}

/*
 * OID for hash functions in RSA signatures.
 */
static const unsigned char HASH_OID_SHA1[] = {
        0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
};

static const unsigned char HASH_OID_SHA224[] = {
        0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
};

static const unsigned char HASH_OID_SHA256[] = {
        0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
};

static const unsigned char HASH_OID_SHA384[] = {
        0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
};

static const unsigned char HASH_OID_SHA512[] = {
        0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
};

static const unsigned char *HASH_OID[] = {
        HASH_OID_SHA1,
        HASH_OID_SHA224,
        HASH_OID_SHA256,
        HASH_OID_SHA384,
        HASH_OID_SHA512
};

/*
 * Check the RSA signature on the ServerKeyExchange message.
 *
 *   hash      hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
 *   use_rsa   non-zero for RSA signature, zero for ECDSA
 *   sig_len   signature length (in bytes); signature value is in the pad
 *
 * Returned value is 0 on success, or an error code.
 */
static int
verify_SKE_sig(br_ssl_client_context *ctx,
        int hash, int use_rsa, size_t sig_len)
{
        const br_x509_class **xc;
        const br_x509_pkey *pk;
        br_multihash_context mhc;
        unsigned char hv[64], head[4];
        size_t hv_len;

        xc = ctx->eng.x509ctx;
        pk = (*xc)->get_pkey(xc, NULL);
        br_multihash_zero(&mhc);
        br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
        br_multihash_init(&mhc);
        br_multihash_update(&mhc,
                ctx->eng.client_random, sizeof ctx->eng.client_random);
        br_multihash_update(&mhc,
                ctx->eng.server_random, sizeof ctx->eng.server_random);
        head[0] = 3;
        head[1] = 0;
        head[2] = ctx->eng.ecdhe_curve;
        head[3] = ctx->eng.ecdhe_point_len;
        br_multihash_update(&mhc, head, sizeof head);
        br_multihash_update(&mhc,
                ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
        if (hash) {
                hv_len = br_multihash_out(&mhc, hash, hv);
                if (hv_len == 0) {
                        return BR_ERR_INVALID_ALGORITHM;
                }
        } else {
                if (!br_multihash_out(&mhc, br_md5_ID, hv)
                        || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
                {
                        return BR_ERR_INVALID_ALGORITHM;
                }
                hv_len = 36;
        }
        if (use_rsa) {
                unsigned char tmp[64];
                const unsigned char *hash_oid;

                if (hash) {
                        hash_oid = HASH_OID[hash - 2];
                } else {
                        hash_oid = NULL;
                }
                if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
                        hash_oid, hv_len, &pk->key.rsa, tmp)
                        || memcmp(tmp, hv, hv_len) != 0)
                {
                        return BR_ERR_BAD_SIGNATURE;
                }
        } else {
                if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
                        ctx->eng.pad, sig_len))
                {
                        return BR_ERR_BAD_SIGNATURE;
                }
        }
        return 0;
}

/*
 * Perform client-side ECDH (or ECDHE). The point that should be sent to
 * the server is written in the pad; returned value is either the point
 * length (in bytes), or -x on error, with 'x' being an error code.
 *
 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
 * (for static ECDH).
 */
static int
make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
{
        int curve;
        unsigned char key[66], point[133];
        const unsigned char *generator, *order, *point_src;
        size_t glen, olen, point_len;
        unsigned char mask;

        if (ecdhe) {
                curve = ctx->eng.ecdhe_curve;
                point_src = ctx->eng.ecdhe_point;
                point_len = ctx->eng.ecdhe_point_len;
        } else {
                const br_x509_class **xc;
                const br_x509_pkey *pk;

                xc = ctx->eng.x509ctx;
                pk = (*xc)->get_pkey(xc, NULL);
                curve = pk->key.ec.curve;
                point_src = pk->key.ec.q;
                point_len = pk->key.ec.qlen;
        }
        if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
                return -BR_ERR_INVALID_ALGORITHM;
        }

        /*
         * We need to generate our key, as a non-zero random value which
         * is lower than the curve order, in a "large enough" range. We
         * force top bit to 0 and bottom bit to 1, which guarantees that
         * the value is in the proper range.
         */
        order = ctx->eng.iec->order(curve, &olen);
        mask = 0xFF;
        while (mask >= order[0]) {
                mask >>= 1;
        }
        br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
        key[0] &= mask;
        key[olen - 1] |= 0x01;

        /*
         * Compute the common ECDH point, whose X coordinate is the
         * pre-master secret.
         */
        generator = ctx->eng.iec->generator(curve, &glen);
        if (glen != point_len) {
                return -BR_ERR_INVALID_ALGORITHM;
        }

        memcpy(point, point_src, glen);
        if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
                return -BR_ERR_INVALID_ALGORITHM;
        }

        /*
         * The pre-master secret is the X coordinate.
         */
        br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);

        memcpy(point, generator, glen);
        if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
                return -BR_ERR_INVALID_ALGORITHM;
        }
        memcpy(ctx->eng.pad, point, glen);
        return (int)glen;
}

/*
 * Perform full static ECDH. This occurs only in the context of client
 * authentication with certificates: the server uses an EC public key,
 * the cipher suite is of type ECDH (not ECDHE), the server requested a
 * client certificate and accepts static ECDH, the client has a
 * certificate with an EC public key in the same curve, and accepts
 * static ECDH as well.
 *
 * Returned value is 0 on success, -1 on error.
 */
static int
make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
{
        unsigned char point[133];
        size_t point_len;
        const br_x509_class **xc;
        const br_x509_pkey *pk;

        xc = ctx->eng.x509ctx;
        pk = (*xc)->get_pkey(xc, NULL);
        point_len = pk->key.ec.qlen;
        if (point_len > sizeof point) {
                return -1;
        }
        memcpy(point, pk->key.ec.q, point_len);
        if (!(*ctx->client_auth_vtable)->do_keyx(
                ctx->client_auth_vtable, point, point_len))
        {
                return -1;
        }
        br_ssl_engine_compute_master(&ctx->eng,
                prf_id, point + 1, point_len >> 1);
        return 0;
}

/*
 * Compute the client-side signature. This is invoked only when a
 * signature-based client authentication was selected. The computed
 * signature is in the pad; its length (in bytes) is returned. On
 * error, 0 is returned.
 */
static size_t
make_client_sign(br_ssl_client_context *ctx)
{
        size_t hv_len;

        /*
         * Compute hash of handshake messages so far. This "cannot" fail
         * because the list of supported hash functions provided to the
         * client certificate handler was trimmed to include only the
         * hash functions that the multi-hasher supports.
         */
        if (ctx->hash_id) {
                hv_len = br_multihash_out(&ctx->eng.mhash,
                        ctx->hash_id, ctx->eng.pad);
        } else {
                br_multihash_out(&ctx->eng.mhash,
                        br_md5_ID, ctx->eng.pad);
                br_multihash_out(&ctx->eng.mhash,
                        br_sha1_ID, ctx->eng.pad + 16);
                hv_len = 36;
        }
        return (*ctx->client_auth_vtable)->do_sign(
                ctx->client_auth_vtable, ctx->hash_id, hv_len,
                ctx->eng.pad, sizeof ctx->eng.pad);
}



static const uint8_t t0_datablock[] = {
        0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
        0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
        0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
        0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
        0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
        0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
        0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
        0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
        0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
        0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
        0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
        0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
        0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
};

static const uint8_t t0_codeblock[] = {
        0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
        0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
        0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
        0x01, 0x02, 0x09, 0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
        0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
        0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
        T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
        0x01,
        T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)),
        0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_random)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
        0x01,
        T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
        0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
        0x00, 0x00, 0x01,
        T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
        0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
        0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
        0x00, 0x00, 0x09, 0x25, 0x50, 0x06, 0x02, 0x60, 0x26, 0x00, 0x00, 0x06,
        0x08, 0x2A, 0x0E, 0x05, 0x02, 0x69, 0x26, 0x04, 0x01, 0x3A, 0x00, 0x00,
        0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x8F, 0x25, 0x56, 0x41, 0x93, 0x25,
        0x05, 0x04, 0x58, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x93,
        0x00, 0x56, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x60, 0x26, 0x00, 0x00, 0x25,
        0x80, 0x41, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x41, 0x71, 0x2A, 0xA1, 0x1C,
        0x7C, 0x01, 0x0C, 0x2F, 0x00, 0x00, 0x25, 0x1E, 0x01, 0x08, 0x0B, 0x41,
        0x54, 0x1E, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x6F, 0x3B, 0x27,
        0x1A, 0x34, 0x06, 0x07, 0x02, 0x00, 0xC3, 0x03, 0x00, 0x04, 0x75, 0x01,
        0x00, 0xBA, 0x02, 0x00, 0x25, 0x1A, 0x17, 0x06, 0x02, 0x67, 0x26, 0xC3,
        0x04, 0x76, 0x01, 0x01, 0x00, 0x6F, 0x3B, 0x01, 0x16, 0x7E, 0x3B, 0x32,
        0xC9, 0x27, 0xA9, 0x06, 0x09, 0x01, 0x7F, 0xA4, 0x01, 0x7F, 0xC6, 0x04,
        0x80, 0x53, 0xA6, 0x71, 0x2A, 0x97, 0x01, T0_INT1(BR_KEYTYPE_SIGN),
        0x17, 0x06, 0x01, 0xAA, 0xAD, 0x25, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x24,
        0xAC, 0xAD, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E,
        0x0E, 0x05, 0x02, 0x6A, 0x26, 0x06, 0x02, 0x5F, 0x26, 0x31, 0x06, 0x02,
        0x6A, 0x26, 0x02, 0x00, 0x06, 0x1C, 0xC7, 0x78, 0x2C, 0x01, 0x81, 0x7F,
        0x0E, 0x06, 0x0D, 0x24, 0x01, 0x10, 0xD2, 0x01, 0x00, 0xD1, 0x71, 0x2A,
        0xA1, 0x23, 0x04, 0x04, 0xCA, 0x06, 0x01, 0xC8, 0x04, 0x01, 0xCA, 0x01,
        0x7F, 0xC6, 0x01, 0x7F, 0xA4, 0x01, 0x01, 0x6F, 0x3B, 0x01, 0x17, 0x7E,
        0x3B, 0x00, 0x00, 0x36, 0x36, 0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x01,
        0x00, 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
        T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
        0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
        T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
        0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
        T0_INT1(BR_KEYTYPE_EC  | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
        0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
        T0_INT1(BR_KEYTYPE_EC  | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
        0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
        T0_INT1(BR_KEYTYPE_EC  | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
        0x41, 0x24, 0x00, 0x00, 0x7A, 0x2C, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
        0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3D, 0x06, 0x04, 0x01, 0x06,
        0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x7F, 0x2C, 0x25, 0x06, 0x08, 0x01,
        0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x24, 0x01, 0x05, 0x00, 0x01,
        0x3E, 0x03, 0x00, 0x24, 0x01, 0x00, 0x40, 0x06, 0x03, 0x02, 0x00, 0x08,
        0x3F, 0x06, 0x03, 0x02, 0x00, 0x08, 0x25, 0x06, 0x06, 0x01, 0x01, 0x0B,
        0x01, 0x06, 0x08, 0x00, 0x00, 0x81, 0x3C, 0x25, 0x06, 0x03, 0x01, 0x09,
        0x08, 0x00, 0x01, 0x3D, 0x25, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x25,
        0x06, 0x0E, 0x25, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
        0x01, 0x11, 0x04, 0x6F, 0x24, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
        0x08, 0x00, 0x00, 0x77, 0x2B, 0x41, 0x11, 0x01, 0x01, 0x17, 0x33, 0x00,
        0x00, 0x95, 0xC2, 0x25, 0x01, 0x07, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06,
        0x09, 0x24, 0x01, 0x10, 0x17, 0x06, 0x01, 0x95, 0x04, 0x2D, 0x01, 0x01,
        0x36, 0x0E, 0x06, 0x24, 0x24, 0x24, 0x01, 0x00, 0x6F, 0x3B, 0xA8, 0x7F,
        0x2C, 0x01, 0x01, 0x0E, 0x01, 0x01, 0x9E, 0x35, 0x06, 0x0F, 0x27, 0x1A,
        0x34, 0x06, 0x04, 0xC2, 0x24, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBA, 0x04,
        0x01, 0x95, 0x04, 0x03, 0x6A, 0x26, 0x24, 0x04, 0xFF, 0x3C, 0x01, 0x25,
        0x03, 0x00, 0x09, 0x25, 0x50, 0x06, 0x02, 0x60, 0x26, 0x02, 0x00, 0x00,
        0x00, 0x90, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x6E, 0x2C, 0x01, 0x00, 0x36,
        0x0E, 0x06, 0x10, 0x24, 0x25, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x24, 0x01,
        0x02, 0x6E, 0x3B, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x36, 0x0E, 0x06,
        0x15, 0x24, 0x01, 0x00, 0x6E, 0x3B, 0x25, 0x01, 0x80, 0x64, 0x0E, 0x06,
        0x05, 0x01, 0x82, 0x00, 0x08, 0x26, 0x52, 0x00, 0x04, 0x07, 0x24, 0x01,
        0x82, 0x00, 0x08, 0x26, 0x24, 0x00, 0x00, 0x01, 0x00, 0x2D, 0x06, 0x05,
        0x38, 0xA2, 0x35, 0x04, 0x78, 0x25, 0x06, 0x04, 0x01, 0x01, 0x85, 0x3B,
        0x00, 0x00, 0x2D, 0x06, 0x0B, 0x7D, 0x2C, 0x01, 0x14, 0x0D, 0x06, 0x02,
        0x6A, 0x26, 0x04, 0x11, 0xC2, 0x01, 0x07, 0x17, 0x25, 0x01, 0x02, 0x0D,
        0x06, 0x06, 0x06, 0x02, 0x6A, 0x26, 0x04, 0x70, 0x24, 0xB7, 0x01, 0x01,
        0x0D, 0x31, 0x35, 0x06, 0x02, 0x59, 0x26, 0x25, 0x01, 0x01, 0xBD, 0x34,
        0xA7, 0x00, 0x01, 0xAD, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6A, 0x26, 0x25,
        0x01, 0x03, 0x0E, 0x06, 0x08, 0xB5, 0x06, 0x02, 0x60, 0x26, 0x41, 0x24,
        0x00, 0x41, 0x4F, 0xB5, 0xA0, 0x25, 0x06, 0x23, 0xB5, 0xA0, 0x25, 0x4E,
        0x25, 0x06, 0x18, 0x25, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82,
        0x00, 0x04, 0x01, 0x25, 0x03, 0x00, 0x7C, 0x02, 0x00, 0xAB, 0x02, 0x00,
        0x4B, 0x04, 0x65, 0x91, 0x4C, 0x04, 0x5A, 0x91, 0x91, 0x4D, 0x25, 0x06,
        0x02, 0x33, 0x00, 0x24, 0x29, 0x00, 0x00, 0x71, 0x2A, 0x97, 0x01, 0x7F,
        0xA5, 0x25, 0x50, 0x06, 0x02, 0x33, 0x26, 0x25, 0x05, 0x02, 0x6A, 0x26,
        0x36, 0x17, 0x0D, 0x06, 0x02, 0x6C, 0x26, 0x39, 0x00, 0x00, 0x92, 0xAD,
        0x01, 0x14, 0x0D, 0x06, 0x02, 0x6A, 0x26, 0x7C, 0x01, 0x0C, 0x08, 0x01,
        0x0C, 0xAB, 0x91, 0x7C, 0x25, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x2E, 0x05,
        0x02, 0x5C, 0x26, 0x00, 0x00, 0xAE, 0x06, 0x02, 0x6A, 0x26, 0x06, 0x02,
        0x5E, 0x26, 0x00, 0x09, 0xAD, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6A, 0x26,
        0xB4, 0x03, 0x00, 0x02, 0x00, 0x8B, 0x2A, 0x0A, 0x02, 0x00, 0x8A, 0x2A,
        0x0F, 0x35, 0x06, 0x02, 0x6B, 0x26, 0x02, 0x00, 0x89, 0x2A, 0x0D, 0x06,
        0x02, 0x63, 0x26, 0x02, 0x00, 0x8C, 0x3A, 0x82, 0x01, 0x20, 0xAB, 0x01,
        0x00, 0x03, 0x01, 0xB6, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06,
        0x02, 0x68, 0x26, 0x7C, 0x02, 0x02, 0xAB, 0x02, 0x02, 0x84, 0x2C, 0x0E,
        0x02, 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x83, 0x7C, 0x02, 0x02,
        0x2E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x83, 0x7C, 0x02, 0x02, 0x2F,
        0x02, 0x02, 0x84, 0x3B, 0x02, 0x00, 0x88, 0x02, 0x01, 0x8E, 0xB4, 0x25,
        0xB8, 0x50, 0x06, 0x02, 0x5A, 0x26, 0x71, 0x02, 0x01, 0x8E, 0xB6, 0x06,
        0x02, 0x5B, 0x26, 0x25, 0x06, 0x81, 0x2D, 0xB4, 0xA0, 0x9C, 0x03, 0x03,
        0x9A, 0x03, 0x04, 0x98, 0x03, 0x05, 0x9B, 0x03, 0x06, 0x9D, 0x03, 0x07,
        0x99, 0x03, 0x08, 0x25, 0x06, 0x81, 0x03, 0xB4, 0x01, 0x00, 0x36, 0x0E,
        0x06, 0x0F, 0x24, 0x02, 0x03, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03,
        0x03, 0xB3, 0x04, 0x80, 0x6A, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x0F, 0x24,
        0x02, 0x05, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x05, 0xB1, 0x04,
        0x80, 0x55, 0x01, 0x83, 0xFE, 0x01, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02,
        0x04, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x04, 0xB2, 0x04, 0x3F,
        0x01, 0x0D, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02, 0x06, 0x05, 0x02, 0x64,
        0x26, 0x01, 0x00, 0x03, 0x06, 0xAF, 0x04, 0x2B, 0x01, 0x0A, 0x36, 0x0E,
        0x06, 0x0E, 0x24, 0x02, 0x07, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03,
        0x07, 0xAF, 0x04, 0x17, 0x01, 0x0B, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02,
        0x08, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x08, 0xAF, 0x04, 0x03,
        0x64, 0x26, 0x24, 0x04, 0xFE, 0x79, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04,
        0x01, 0x05, 0x0F, 0x06, 0x02, 0x61, 0x26, 0x01, 0x01, 0x7F, 0x3B, 0x91,
        0x91, 0x02, 0x01, 0x00, 0x04, 0xAD, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6A,
        0x26, 0xB6, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x65, 0x26, 0xB4, 0x25, 0x74,
        0x3B, 0x25, 0x01, 0x20, 0x10, 0x06, 0x02, 0x65, 0x26, 0x3D, 0x41, 0x11,
        0x01, 0x01, 0x17, 0x05, 0x02, 0x65, 0x26, 0xB6, 0x25, 0x01, 0x81, 0x05,
        0x0F, 0x06, 0x02, 0x65, 0x26, 0x25, 0x76, 0x3B, 0x75, 0x41, 0xAB, 0x88,
        0x2A, 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x71, 0x2A, 0xC0, 0x03, 0x01,
        0x01, 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xB6, 0x25, 0x25, 0x01,
        0x02, 0x0A, 0x41, 0x01, 0x06, 0x0F, 0x35, 0x06, 0x02, 0x65, 0x26, 0x03,
        0x02, 0xB6, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05,
        0x02, 0x65, 0x26, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03,
        0x02, 0xB4, 0x25, 0x03, 0x03, 0x25, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02,
        0x66, 0x26, 0x7C, 0x41, 0xAB, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x48,
        0x25, 0x06, 0x01, 0x26, 0x24, 0x91, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01,
        0x02, 0x00, 0x8D, 0x02, 0x01, 0x02, 0x00, 0x37, 0x25, 0x01, 0x00, 0x0E,
        0x06, 0x02, 0x58, 0x00, 0xC4, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00,
        0xB6, 0xA0, 0x25, 0x06, 0x80, 0x43, 0xB6, 0x01, 0x01, 0x36, 0x0E, 0x06,
        0x06, 0x24, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x36, 0x0E,
        0x06, 0x07, 0x24, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41,
        0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01,
        0x80, 0x42, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x88, 0x80, 0x00, 0x04,
        0x04, 0x01, 0x00, 0x41, 0x24, 0x02, 0x00, 0x35, 0x03, 0x00, 0x04, 0xFF,
        0x39, 0x91, 0x71, 0x2A, 0xBE, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF,
        0x7F, 0x17, 0x03, 0x00, 0x88, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A,
        0xB0, 0x25, 0x79, 0x3A, 0x3E, 0x24, 0x25, 0x01, 0x08, 0x0B, 0x35, 0x01,
        0x8C, 0x80, 0x00, 0x35, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C,
        0x80, 0x00, 0x17, 0x06, 0x19, 0x25, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05,
        0x01, 0x84, 0x80, 0x00, 0x35, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06,
        0x05, 0x01, 0x88, 0x80, 0x00, 0x35, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00,
        0x01, 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xB4, 0xA0, 0x25, 0x06,
        0x23, 0xB4, 0xA0, 0x25, 0x15, 0x25, 0x06, 0x18, 0x25, 0x01, 0x82, 0x00,
        0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x25, 0x03, 0x01, 0x7C,
        0x02, 0x01, 0xAB, 0x02, 0x01, 0x12, 0x04, 0x65, 0x91, 0x13, 0x04, 0x5A,
        0x91, 0x14, 0x91, 0x02, 0x00, 0x28, 0x00, 0x00, 0xAE, 0x25, 0x52, 0x06,
        0x07, 0x24, 0x06, 0x02, 0x5E, 0x26, 0x04, 0x74, 0x00, 0x00, 0xB7, 0x01,
        0x03, 0xB5, 0x41, 0x24, 0x41, 0x00, 0x00, 0xB4, 0xBB, 0x00, 0x03, 0x01,
        0x00, 0x03, 0x00, 0xB4, 0xA0, 0x25, 0x06, 0x32, 0xB6, 0x03, 0x01, 0xB6,
        0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06, 0x0C,
        0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E, 0x35,
        0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x55, 0x01, 0x02,
        0x0B, 0x02, 0x01, 0x08, 0x0B, 0x35, 0x03, 0x00, 0x04, 0x4B, 0x91, 0x02,
        0x00, 0x00, 0x00, 0xB4, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x5D, 0x26, 0xB6,
        0x01, 0x08, 0x08, 0x7A, 0x2C, 0x0E, 0x05, 0x02, 0x5D, 0x26, 0x00, 0x00,
        0xB4, 0x7F, 0x2C, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x61, 0x26,
        0xB6, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x61, 0x26, 0x01, 0x02, 0x7F, 0x3B,
        0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x61, 0x26, 0xB6, 0x01, 0x18,
        0x0E, 0x05, 0x02, 0x61, 0x26, 0x7C, 0x01, 0x18, 0xAB, 0x80, 0x7C, 0x01,
        0x18, 0x2E, 0x05, 0x02, 0x61, 0x26, 0x00, 0x00, 0xB4, 0x06, 0x02, 0x62,
        0x26, 0x00, 0x00, 0x01, 0x02, 0x8D, 0xB7, 0x01, 0x08, 0x0B, 0xB7, 0x08,
        0x00, 0x00, 0x01, 0x03, 0x8D, 0xB7, 0x01, 0x08, 0x0B, 0xB7, 0x08, 0x01,
        0x08, 0x0B, 0xB7, 0x08, 0x00, 0x00, 0x01, 0x01, 0x8D, 0xB7, 0x00, 0x00,
        0x38, 0x25, 0x50, 0x05, 0x01, 0x00, 0x24, 0xC4, 0x04, 0x76, 0x02, 0x03,
        0x00, 0x87, 0x2C, 0x03, 0x01, 0x01, 0x00, 0x25, 0x02, 0x01, 0x0A, 0x06,
        0x10, 0x25, 0x01, 0x01, 0x0B, 0x86, 0x08, 0x2A, 0x02, 0x00, 0x0E, 0x06,
        0x01, 0x00, 0x54, 0x04, 0x6A, 0x24, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15,
        0x7E, 0x3B, 0x41, 0x4A, 0x24, 0x4A, 0x24, 0x27, 0x00, 0x00, 0x01, 0x01,
        0x41, 0xB9, 0x00, 0x00, 0x41, 0x36, 0x8D, 0x41, 0x25, 0x06, 0x05, 0xB7,
        0x24, 0x55, 0x04, 0x78, 0x24, 0x00, 0x00, 0x25, 0x01, 0x81, 0xAC, 0x00,
        0x0E, 0x06, 0x04, 0x24, 0x01, 0x7F, 0x00, 0x90, 0x51, 0x00, 0x02, 0x03,
        0x00, 0x71, 0x2A, 0x90, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02,
        0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x08, 0x11,
        0x01, 0x0F, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01, 0x00,
        0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x80,
        0x56, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01, 0x01, 0x01, 0x10,
        0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x80, 0x40, 0x01,
        0x02, 0x36, 0x0E, 0x06, 0x0F, 0x24, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00,
        0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x2B, 0x01, 0x03, 0x36, 0x0E,
        0x06, 0x0E, 0x24, 0x24, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04,
        0x01, 0x43, 0x04, 0x17, 0x01, 0x04, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x24,
        0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04, 0x01, 0x43, 0x04, 0x03,
        0x60, 0x26, 0x24, 0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F,
        0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x25, 0x53, 0x41, 0x01, 0x03, 0x0A,
        0x17, 0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00,
        0x90, 0x01, 0x0C, 0x11, 0x52, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6D, 0x2C,
        0x25, 0x06, 0x1F, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x00,
        0x94, 0x04, 0x11, 0x01, 0x02, 0x36, 0x0E, 0x06, 0x0A, 0x24, 0x6F, 0x2C,
        0x06, 0x03, 0x01, 0x10, 0x35, 0x04, 0x01, 0x24, 0x04, 0x01, 0x24, 0x73,
        0x2C, 0x05, 0x33, 0x2D, 0x06, 0x30, 0x7D, 0x2C, 0x01, 0x14, 0x36, 0x0E,
        0x06, 0x06, 0x24, 0x01, 0x02, 0x35, 0x04, 0x22, 0x01, 0x15, 0x36, 0x0E,
        0x06, 0x09, 0x24, 0xA3, 0x06, 0x03, 0x01, 0x7F, 0x94, 0x04, 0x13, 0x01,
        0x16, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x01, 0x35, 0x04, 0x07, 0x24,
        0x01, 0x04, 0x35, 0x01, 0x00, 0x24, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x35,
        0x00, 0x00, 0x1B, 0x25, 0x05, 0x0F, 0x2D, 0x06, 0x0C, 0x7D, 0x2C, 0x01,
        0x15, 0x0E, 0x06, 0x04, 0x24, 0xA3, 0x04, 0x01, 0x1F, 0x00, 0x00, 0xC2,
        0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x6A, 0x26, 0x00, 0x01,
        0x03, 0x00, 0x27, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x7E, 0x3B, 0x00, 0xC2,
        0x24, 0x04, 0x74, 0x00, 0x01, 0x14, 0xC5, 0x01, 0x01, 0xD2, 0x27, 0x25,
        0x01, 0x00, 0xBD, 0x01, 0x16, 0xC5, 0xCB, 0x27, 0x00, 0x00, 0x01, 0x0B,
        0xD2, 0x46, 0x25, 0x25, 0x01, 0x03, 0x08, 0xD1, 0xD1, 0x18, 0x25, 0x50,
        0x06, 0x02, 0x24, 0x00, 0xD1, 0x1D, 0x25, 0x06, 0x05, 0x7C, 0x41, 0xCC,
        0x04, 0x77, 0x24, 0x04, 0x6C, 0x00, 0x20, 0x01, 0x0F, 0xD2, 0x25, 0x88,
        0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01, 0x04, 0x08, 0xD1, 0x78,
        0x2C, 0xD2, 0x70, 0x2C, 0xD2, 0x04, 0x02, 0x56, 0xD1, 0x25, 0xD0, 0x7C,
        0x41, 0xCC, 0x00, 0x02, 0x9A, 0x9C, 0x08, 0x98, 0x08, 0x9B, 0x08, 0x9D,
        0x08, 0x99, 0x08, 0x03, 0x00, 0x01, 0x01, 0xD2, 0x01, 0x27, 0x84, 0x2C,
        0x08, 0x87, 0x2C, 0x01, 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x56,
        0x02, 0x00, 0x08, 0x7B, 0x2A, 0x36, 0x09, 0x25, 0x53, 0x06, 0x24, 0x02,
        0x00, 0x05, 0x04, 0x41, 0x56, 0x41, 0x57, 0x01, 0x04, 0x09, 0x25, 0x50,
        0x06, 0x03, 0x24, 0x01, 0x00, 0x25, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08,
        0x03, 0x00, 0x41, 0x01, 0x04, 0x08, 0x36, 0x08, 0x41, 0x04, 0x03, 0x24,
        0x01, 0x7F, 0x03, 0x01, 0xD1, 0x8A, 0x2A, 0xD0, 0x72, 0x01, 0x04, 0x19,
        0x72, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x30, 0x72, 0x01, 0x20, 0xCC, 0x83,
        0x84, 0x2C, 0xCE, 0x87, 0x2C, 0x25, 0x01, 0x01, 0x0B, 0xD0, 0x86, 0x41,
        0x25, 0x06, 0x0F, 0x55, 0x36, 0x2A, 0x25, 0xBC, 0x05, 0x02, 0x5A, 0x26,
        0xD0, 0x41, 0x56, 0x41, 0x04, 0x6E, 0x58, 0x01, 0x01, 0xD2, 0x01, 0x00,
        0xD2, 0x02, 0x00, 0x06, 0x81, 0x22, 0x02, 0x00, 0xD0, 0x9A, 0x06, 0x0E,
        0x01, 0x83, 0xFE, 0x01, 0xD0, 0x80, 0x9A, 0x01, 0x04, 0x09, 0x25, 0xD0,
        0x55, 0xCE, 0x9C, 0x06, 0x16, 0x01, 0x00, 0xD0, 0x81, 0x9C, 0x01, 0x04,
        0x09, 0x25, 0xD0, 0x01, 0x02, 0x09, 0x25, 0xD0, 0x01, 0x00, 0xD2, 0x01,
        0x03, 0x09, 0xCD, 0x98, 0x06, 0x0C, 0x01, 0x01, 0xD0, 0x01, 0x01, 0xD0,
        0x7A, 0x2C, 0x01, 0x08, 0x09, 0xD2, 0x9B, 0x06, 0x19, 0x01, 0x0D, 0xD0,
        0x9B, 0x01, 0x04, 0x09, 0x25, 0xD0, 0x01, 0x02, 0x09, 0xD0, 0x3F, 0x06,
        0x03, 0x01, 0x03, 0xCF, 0x40, 0x06, 0x03, 0x01, 0x01, 0xCF, 0x9D, 0x25,
        0x06, 0x22, 0x01, 0x0A, 0xD0, 0x01, 0x04, 0x09, 0x25, 0xD0, 0x57, 0xD0,
        0x3D, 0x01, 0x00, 0x25, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x96, 0x11, 0x01,
        0x01, 0x17, 0x06, 0x02, 0x25, 0xD0, 0x54, 0x04, 0x6E, 0x58, 0x04, 0x01,
        0x24, 0x99, 0x06, 0x0A, 0x01, 0x0B, 0xD0, 0x01, 0x02, 0xD0, 0x01, 0x82,
        0x00, 0xD0, 0x02, 0x01, 0x50, 0x05, 0x11, 0x01, 0x15, 0xD0, 0x02, 0x01,
        0x25, 0xD0, 0x25, 0x06, 0x06, 0x55, 0x01, 0x00, 0xD2, 0x04, 0x77, 0x24,
        0x00, 0x00, 0x01, 0x10, 0xD2, 0x71, 0x2A, 0x25, 0xC1, 0x06, 0x0C, 0xA1,
        0x22, 0x25, 0x56, 0xD1, 0x25, 0xD0, 0x7C, 0x41, 0xCC, 0x04, 0x0D, 0x25,
        0xBF, 0x41, 0xA1, 0x21, 0x25, 0x54, 0xD1, 0x25, 0xD2, 0x7C, 0x41, 0xCC,
        0x00, 0x00, 0x92, 0x01, 0x14, 0xD2, 0x01, 0x0C, 0xD1, 0x7C, 0x01, 0x0C,
        0xCC, 0x00, 0x00, 0x49, 0x25, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x58, 0x00,
        0xC2, 0x24, 0x04, 0x73, 0x00, 0x25, 0xD0, 0xCC, 0x00, 0x00, 0x25, 0xD2,
        0xCC, 0x00, 0x01, 0x03, 0x00, 0x3E, 0x24, 0x25, 0x01, 0x10, 0x17, 0x06,
        0x06, 0x01, 0x04, 0xD2, 0x02, 0x00, 0xD2, 0x25, 0x01, 0x08, 0x17, 0x06,
        0x06, 0x01, 0x03, 0xD2, 0x02, 0x00, 0xD2, 0x25, 0x01, 0x20, 0x17, 0x06,
        0x06, 0x01, 0x05, 0xD2, 0x02, 0x00, 0xD2, 0x25, 0x01, 0x80, 0x40, 0x17,
        0x06, 0x06, 0x01, 0x06, 0xD2, 0x02, 0x00, 0xD2, 0x01, 0x04, 0x17, 0x06,
        0x06, 0x01, 0x02, 0xD2, 0x02, 0x00, 0xD2, 0x00, 0x00, 0x25, 0x01, 0x08,
        0x47, 0xD2, 0xD2, 0x00, 0x00, 0x25, 0x01, 0x10, 0x47, 0xD2, 0xD0, 0x00,
        0x00, 0x25, 0x4A, 0x06, 0x02, 0x24, 0x00, 0xC2, 0x24, 0x04, 0x76
};

static const uint16_t t0_caddr[] = {
        0,
        5,
        10,
        15,
        20,
        25,
        30,
        35,
        40,
        44,
        48,
        52,
        56,
        60,
        64,
        68,
        72,
        76,
        80,
        84,
        88,
        92,
        96,
        100,
        104,
        108,
        112,
        116,
        120,
        124,
        129,
        134,
        139,
        144,
        149,
        154,
        159,
        164,
        169,
        174,
        179,
        184,
        189,
        194,
        199,
        204,
        209,
        214,
        219,
        224,
        229,
        234,
        239,
        244,
        249,
        254,
        259,
        264,
        269,
        274,
        279,
        284,
        293,
        306,
        310,
        335,
        341,
        360,
        371,
        405,
        521,
        525,
        590,
        605,
        616,
        634,
        663,
        673,
        709,
        719,
        789,
        803,
        809,
        869,
        888,
        937,
        1013,
        1040,
        1071,
        1082,
        1383,
        1530,
        1554,
        1770,
        1784,
        1793,
        1797,
        1861,
        1882,
        1938,
        1945,
        1956,
        1972,
        1978,
        1989,
        2024,
        2036,
        2042,
        2057,
        2073,
        2211,
        2220,
        2233,
        2242,
        2249,
        2352,
        2373,
        2386,
        2402,
        2420,
        2452,
        2486,
        2796,
        2832,
        2845,
        2859,
        2864,
        2869,
        2935,
        2943,
        2951
};

#define T0_INTERPRETED   80

#define T0_ENTER(ip, rp, slot)   do { \
                const unsigned char *t0_newip; \
                uint32_t t0_lnum; \
                t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
                t0_lnum = t0_parse7E_unsigned(&t0_newip); \
                (rp) += t0_lnum; \
                *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
                (ip) = t0_newip; \
        } while (0)

#define T0_DEFENTRY(name, slot) \
void \
name(void *ctx) \
{ \
        t0_context *t0ctx = ctx; \
        t0ctx->ip = &t0_codeblock[0]; \
        T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
}

T0_DEFENTRY(br_ssl_hs_client_init_main, 159)

#define T0_NEXT(t0ipp)   (*(*(t0ipp)) ++)

void
br_ssl_hs_client_run(void *t0ctx)
{
        uint32_t *dp, *rp;
        const unsigned char *ip;

#define T0_LOCAL(x)    (*(rp - 2 - (x)))
#define T0_POP()       (*-- dp)
#define T0_POPi()      (*(int32_t *)(-- dp))
#define T0_PEEK(x)     (*(dp - 1 - (x)))
#define T0_PEEKi(x)    (*(int32_t *)(dp - 1 - (x)))
#define T0_PUSH(v)     do { *dp = (v); dp ++; } while (0)
#define T0_PUSHi(v)    do { *(int32_t *)dp = (v); dp ++; } while (0)
#define T0_RPOP()      (*-- rp)
#define T0_RPOPi()     (*(int32_t *)(-- rp))
#define T0_RPUSH(v)    do { *rp = (v); rp ++; } while (0)
#define T0_RPUSHi(v)   do { *(int32_t *)rp = (v); rp ++; } while (0)
#define T0_ROLL(x)     do { \
        size_t t0len = (size_t)(x); \
        uint32_t t0tmp = *(dp - 1 - t0len); \
        memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
        *(dp - 1) = t0tmp; \
} while (0)
#define T0_SWAP()      do { \
        uint32_t t0tmp = *(dp - 2); \
        *(dp - 2) = *(dp - 1); \
        *(dp - 1) = t0tmp; \
} while (0)
#define T0_ROT()       do { \
        uint32_t t0tmp = *(dp - 3); \
        *(dp - 3) = *(dp - 2); \
        *(dp - 2) = *(dp - 1); \
        *(dp - 1) = t0tmp; \
} while (0)
#define T0_NROT()       do { \
        uint32_t t0tmp = *(dp - 1); \
        *(dp - 1) = *(dp - 2); \
        *(dp - 2) = *(dp - 3); \
        *(dp - 3) = t0tmp; \
} while (0)
#define T0_PICK(x)      do { \
        uint32_t t0depth = (x); \
        T0_PUSH(T0_PEEK(t0depth)); \
} while (0)
#define T0_CO()         do { \
        goto t0_exit; \
} while (0)
#define T0_RET()        goto t0_next

        dp = ((t0_context *)t0ctx)->dp;
        rp = ((t0_context *)t0ctx)->rp;
        ip = ((t0_context *)t0ctx)->ip;
        goto t0_next;
        for (;;) {
                uint32_t t0x;

        t0_next:
                t0x = T0_NEXT(&ip);
                if (t0x < T0_INTERPRETED) {
                        switch (t0x) {
                                int32_t t0off;

                        case 0: /* ret */
                                t0x = T0_RPOP();
                                rp -= (t0x >> 16);
                                t0x &= 0xFFFF;
                                if (t0x == 0) {
                                        ip = NULL;
                                        goto t0_exit;
                                }
                                ip = &t0_codeblock[t0x];
                                break;
                        case 1: /* literal constant */
                                T0_PUSHi(t0_parse7E_signed(&ip));
                                break;
                        case 2: /* read local */
                                T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
                                break;
                        case 3: /* write local */
                                T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
                                break;
                        case 4: /* jump */
                                t0off = t0_parse7E_signed(&ip);
                                ip += t0off;
                                break;
                        case 5: /* jump if */
                                t0off = t0_parse7E_signed(&ip);
                                if (T0_POP()) {
                                        ip += t0off;
                                }
                                break;
                        case 6: /* jump if not */
                                t0off = t0_parse7E_signed(&ip);
                                if (!T0_POP()) {
                                        ip += t0off;
                                }
                                break;
                        case 7: {
                                /* * */

        uint32_t b = T0_POP();
        uint32_t a = T0_POP();
        T0_PUSH(a * b);

                                }
                                break;
                        case 8: {
                                /* + */

        uint32_t b = T0_POP();
        uint32_t a = T0_POP();
        T0_PUSH(a + b);

                                }
                                break;
                        case 9: {
                                /* - */

        uint32_t b = T0_POP();
        uint32_t a = T0_POP();
        T0_PUSH(a - b);

                                }
                                break;
                        case 10: {
                                /* < */

        int32_t b = T0_POPi();
        int32_t a = T0_POPi();
        T0_PUSH(-(uint32_t)(a < b));

                                }
                                break;
                        case 11: {
                                /* << */

        int c = (int)T0_POPi();
        uint32_t x = T0_POP();
        T0_PUSH(x << c);

                                }
                                break;
                        case 12: {
                                /* <= */

        int32_t b = T0_POPi();
        int32_t a = T0_POPi();
        T0_PUSH(-(uint32_t)(a <= b));

                                }
                                break;
                        case 13: {
                                /* <> */

        uint32_t b = T0_POP();
        uint32_t a = T0_POP();
        T0_PUSH(-(uint32_t)(a != b));

                                }
                                break;
                        case 14: {
                                /* = */

        uint32_t b = T0_POP();
        uint32_t a = T0_POP();
        T0_PUSH(-(uint32_t)(a == b));

                                }
                                break;
                        case 15: {
                                /* > */

        int32_t b = T0_POPi();
        int32_t a = T0_POPi();
        T0_PUSH(-(uint32_t)(a > b));

                                }
                                break;
                        case 16: {
                                /* >= */

        int32_t b = T0_POPi();
        int32_t a = T0_POPi();
        T0_PUSH(-(uint32_t)(a >= b));

                                }
                                break;
                        case 17: {
                                /* >> */

        int c = (int)T0_POPi();
        int32_t x = T0_POPi();
        T0_PUSHi(x >> c);

                                }
                                break;
                        case 18: {
                                /* anchor-dn-append-name */

        size_t len;

        len = T0_POP();
        if (CTX->client_auth_vtable != NULL) {
                (*CTX->client_auth_vtable)->append_name(
                        CTX->client_auth_vtable, ENG->pad, len);
        }

                                }
                                break;
                        case 19: {
                                /* anchor-dn-end-name */

        if (CTX->client_auth_vtable != NULL) {
                (*CTX->client_auth_vtable)->end_name(
                        CTX->client_auth_vtable);
        }

                                }
                                break;
                        case 20: {
                                /* anchor-dn-end-name-list */

        if (CTX->client_auth_vtable != NULL) {
                (*CTX->client_auth_vtable)->end_name_list(
                        CTX->client_auth_vtable);
        }

                                }
                                break;
                        case 21: {
                                /* anchor-dn-start-name */

        size_t len;

        len = T0_POP();
        if (CTX->client_auth_vtable != NULL) {
                (*CTX->client_auth_vtable)->start_name(
                        CTX->client_auth_vtable, len);
        }

                                }
                                break;
                        case 22: {
                                /* anchor-dn-start-name-list */

        if (CTX->client_auth_vtable != NULL) {
                (*CTX->client_auth_vtable)->start_name_list(
                        CTX->client_auth_vtable);
        }

                                }
                                break;
                        case 23: {
                                /* and */

        uint32_t b = T0_POP();
        uint32_t a = T0_POP();
        T0_PUSH(a & b);

                                }
                                break;
                        case 24: {
                                /* begin-cert */

        if (ENG->chain_len == 0) {
                T0_PUSHi(-1);
        } else {
                ENG->cert_cur = ENG->chain->data;
                ENG->cert_len = ENG->chain->data_len;
                ENG->chain ++;
                ENG->chain_len --;
                T0_PUSH(ENG->cert_len);
        }

                                }
                                break;
                        case 25: {
                                /* bzero */

        size_t len = (size_t)T0_POP();
        void *addr = (unsigned char *)ENG + (size_t)T0_POP();
        memset(addr, 0, len);

                                }
                                break;
                        case 26: {
                                /* can-output? */

        T0_PUSHi(-(ENG->hlen_out > 0));

                                }
                                break;
                        case 27: {
                                /* co */
 T0_CO(); 
                                }
                                break;
                        case 28: {
                                /* compute-Finished-inner */

        int prf_id = T0_POP();
        int from_client = T0_POPi();
        unsigned char seed[48];
        size_t seed_len;

        br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
        if (ENG->session.version >= BR_TLS12) {
                seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
        } else {
                br_multihash_out(&ENG->mhash, br_md5_ID, seed);
                br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
                seed_len = 36;
        }
        prf(ENG->pad, 12, ENG->session.master_secret,
                sizeof ENG->session.master_secret,
                from_client ? "client finished" : "server finished",
                seed, seed_len);

                                }
                                break;
                        case 29: {
                                /* copy-cert-chunk */

        size_t clen;

        clen = ENG->cert_len;
        if (clen > sizeof ENG->pad) {
                clen = sizeof ENG->pad;
        }
        memcpy(ENG->pad, ENG->cert_cur, clen);
        ENG->cert_cur += clen;
        ENG->cert_len -= clen;
        T0_PUSH(clen);

                                }
                                break;
                        case 30: {
                                /* data-get8 */

        size_t addr = T0_POP();
        T0_PUSH(t0_datablock[addr]);

                                }
                                break;
                        case 31: {
                                /* discard-input */

        ENG->hlen_in = 0;

                                }
                                break;
                        case 32: {
                                /* do-client-sign */

        size_t sig_len;

        sig_len = make_client_sign(CTX);
        if (sig_len == 0) {
                br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
                T0_CO();
        }
        T0_PUSH(sig_len);

                                }
                                break;
                        case 33: {
                                /* do-ecdh */

        unsigned prf_id = T0_POP();
        unsigned ecdhe = T0_POP();
        int x;

        x = make_pms_ecdh(CTX, ecdhe, prf_id);
        if (x < 0) {
                br_ssl_engine_fail(ENG, -x);
                T0_CO();
        } else {
                T0_PUSH(x);
        }

                                }
                                break;
                        case 34: {
                                /* do-rsa-encrypt */

        int x;

        x = make_pms_rsa(CTX, T0_POP());
        if (x < 0) {
                br_ssl_engine_fail(ENG, -x);
                T0_CO();
        } else {
                T0_PUSH(x);
        }

                                }
                                break;
                        case 35: {
                                /* do-static-ecdh */

        unsigned prf_id = T0_POP();

        if (make_pms_static_ecdh(CTX, prf_id) < 0) {
                br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
                T0_CO();
        }

                                }
                                break;
                        case 36: {
                                /* drop */
 (void)T0_POP(); 
                                }
                                break;
                        case 37: {
                                /* dup */
 T0_PUSH(T0_PEEK(0)); 
                                }
                                break;
                        case 38: {
                                /* fail */

        br_ssl_engine_fail(ENG, (int)T0_POPi());
        T0_CO();

                                }
                                break;
                        case 39: {
                                /* flush-record */

        br_ssl_engine_flush_record(ENG);

                                }
                                break;
                        case 40: {
                                /* get-client-chain */

        uint32_t auth_types;

        auth_types = T0_POP();
        if (CTX->client_auth_vtable != NULL) {
                br_ssl_client_certificate ux;

                (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
                        CTX, auth_types, &ux);
                CTX->auth_type = (unsigned char)ux.auth_type;
                CTX->hash_id = (unsigned char)ux.hash_id;
                ENG->chain = ux.chain;
                ENG->chain_len = ux.chain_len;
        } else {
                CTX->hash_id = 0;
                ENG->chain_len = 0;
        }

                                }
                                break;
                        case 41: {
                                /* get-key-type-usages */

        const br_x509_class *xc;
        const br_x509_pkey *pk;
        unsigned usages;

        xc = *(ENG->x509ctx);
        pk = xc->get_pkey(ENG->x509ctx, &usages);
        if (pk == NULL) {
                T0_PUSH(0);
        } else {
                T0_PUSH(pk->key_type | usages);
        }

                                }
                                break;
                        case 42: {
                                /* get16 */

        size_t addr = (size_t)T0_POP();
        T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));

                                }
                                break;
                        case 43: {
                                /* get32 */

        size_t addr = (size_t)T0_POP();
        T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));

                                }
                                break;
                        case 44: {
                                /* get8 */

        size_t addr = (size_t)T0_POP();
        T0_PUSH(*((unsigned char *)ENG + addr));

                                }
                                break;
                        case 45: {
                                /* has-input? */

        T0_PUSHi(-(ENG->hlen_in != 0));

                                }
                                break;
                        case 46: {
                                /* memcmp */

        size_t len = (size_t)T0_POP();
        void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
        void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
        int x = memcmp(addr1, addr2, len);
        T0_PUSH((uint32_t)-(x == 0));

                                }
                                break;
                        case 47: {
                                /* memcpy */

        size_t len = (size_t)T0_POP();
        void *src = (unsigned char *)ENG + (size_t)T0_POP();
        void *dst = (unsigned char *)ENG + (size_t)T0_POP();
        memcpy(dst, src, len);

                                }
                                break;
                        case 48: {
                                /* mkrand */

        size_t len = (size_t)T0_POP();
        void *addr = (unsigned char *)ENG + (size_t)T0_POP();
        br_hmac_drbg_generate(&ENG->rng, addr, len);

                                }
                                break;
                        case 49: {
                                /* more-incoming-bytes? */

        T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));

                                }
                                break;
                        case 50: {
                                /* multihash-init */

        br_multihash_init(&ENG->mhash);

                                }
                                break;
                        case 51: {
                                /* neg */

        uint32_t a = T0_POP();
        T0_PUSH(-a);

                                }
                                break;
                        case 52: {
                                /* not */

        uint32_t a = T0_POP();
        T0_PUSH(~a);

                                }
                                break;
                        case 53: {
                                /* or */

        uint32_t b = T0_POP();
        uint32_t a = T0_POP();
        T0_PUSH(a | b);

                                }
                                break;
                        case 54: {
                                /* over */
 T0_PUSH(T0_PEEK(1)); 
                                }
                                break;
                        case 55: {
                                /* read-chunk-native */

        size_t clen = ENG->hlen_in;
        if (clen > 0) {
                uint32_t addr, len;

                len = T0_POP();
                addr = T0_POP();
                if ((size_t)len < clen) {
                        clen = (size_t)len;
                }
                memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
                if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
                        br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
                }
                T0_PUSH(addr + (uint32_t)clen);
                T0_PUSH(len - (uint32_t)clen);
                ENG->hbuf_in += clen;
                ENG->hlen_in -= clen;
        }

                                }
                                break;
                        case 56: {
                                /* read8-native */

        if (ENG->hlen_in > 0) {
                unsigned char x;

                x = *ENG->hbuf_in ++;
                if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
                        br_multihash_update(&ENG->mhash, &x, 1);
                }
                T0_PUSH(x);
                ENG->hlen_in --;
        } else {
                T0_PUSHi(-1);
        }

                                }
                                break;
                        case 57: {
                                /* set-server-curve */

        const br_x509_class *xc;
        const br_x509_pkey *pk;

        xc = *(ENG->x509ctx);
        pk = xc->get_pkey(ENG->x509ctx, NULL);
        CTX->server_curve =
                (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;

                                }
                                break;
                        case 58: {
                                /* set16 */

        size_t addr = (size_t)T0_POP();
        *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();

                                }
                                break;
                        case 59: {
                                /* set8 */

        size_t addr = (size_t)T0_POP();
        *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();

                                }
                                break;
                        case 60: {
                                /* strlen */

        void *str = (unsigned char *)ENG + (size_t)T0_POP();
        T0_PUSH((uint32_t)strlen(str));

                                }
                                break;
                        case 61: {
                                /* supported-curves */

        uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
        T0_PUSH(x);

                                }
                                break;
                        case 62: {
                                /* supported-hash-functions */

        int i;
        unsigned x, num;

        x = 0;
        num = 0;
        for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
                if (br_multihash_getimpl(&ENG->mhash, i)) {
                        x |= 1U << i;
                        num ++;
                }
        }
        T0_PUSH(x);
        T0_PUSH(num);

                                }
                                break;
                        case 63: {
                                /* supports-ecdsa? */

        T0_PUSHi(-(ENG->iecdsa != 0));

                                }
                                break;
                        case 64: {
                                /* supports-rsa-sign? */

        T0_PUSHi(-(ENG->irsavrfy != 0));

                                }
                                break;
                        case 65: {
                                /* swap */
 T0_SWAP(); 
                                }
                                break;
                        case 66: {
                                /* switch-aesgcm-in */

        int is_client, prf_id;
        unsigned cipher_key_len;

        cipher_key_len = T0_POP();
        prf_id = T0_POP();
        is_client = T0_POP();
        br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
                ENG->iaes_ctr, cipher_key_len);

                                }
                                break;
                        case 67: {
                                /* switch-aesgcm-out */

        int is_client, prf_id;
        unsigned cipher_key_len;

        cipher_key_len = T0_POP();
        prf_id = T0_POP();
        is_client = T0_POP();
        br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
                ENG->iaes_ctr, cipher_key_len);

                                }
                                break;
                        case 68: {
                                /* switch-cbc-in */

        int is_client, prf_id, mac_id, aes;
        unsigned cipher_key_len;

        cipher_key_len = T0_POP();
        aes = T0_POP();
        mac_id = T0_POP();
        prf_id = T0_POP();
        is_client = T0_POP();
        br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
                aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);

                                }
                                break;
                        case 69: {
                                /* switch-cbc-out */

        int is_client, prf_id, mac_id, aes;
        unsigned cipher_key_len;

        cipher_key_len = T0_POP();
        aes = T0_POP();
        mac_id = T0_POP();
        prf_id = T0_POP();
        is_client = T0_POP();
        br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
                aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);

                                }
                                break;
                        case 70: {
                                /* total-chain-length */

        size_t u;
        uint32_t total;

        total = 0;
        for (u = 0; u < ENG->chain_len; u ++) {
                total += 3 + (uint32_t)ENG->chain[u].data_len;
        }
        T0_PUSH(total);

                                }
                                break;
                        case 71: {
                                /* u>> */

        int c = (int)T0_POPi();
        uint32_t x = T0_POP();
        T0_PUSH(x >> c);

                                }
                                break;
                        case 72: {
                                /* verify-SKE-sig */

        size_t sig_len = T0_POP();
        int use_rsa = T0_POPi();
        int hash = T0_POPi();

        T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));

                                }
                                break;
                        case 73: {
                                /* write-blob-chunk */

        size_t clen = ENG->hlen_out;
        if (clen > 0) {
                uint32_t addr, len;

                len = T0_POP();
                addr = T0_POP();
                if ((size_t)len < clen) {
                        clen = (size_t)len;
                }
                memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
                if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
                        br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
                }
                T0_PUSH(addr + (uint32_t)clen);
                T0_PUSH(len - (uint32_t)clen);
                ENG->hbuf_out += clen;
                ENG->hlen_out -= clen;
        }

                                }
                                break;
                        case 74: {
                                /* write8-native */

        unsigned char x;

        x = (unsigned char)T0_POP();
        if (ENG->hlen_out > 0) {
                if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
                        br_multihash_update(&ENG->mhash, &x, 1);
                }
                *ENG->hbuf_out ++ = x;
                ENG->hlen_out --;
                T0_PUSHi(-1);
        } else {
                T0_PUSHi(0);
        }

                                }
                                break;
                        case 75: {
                                /* x509-append */

        const br_x509_class *xc;
        size_t len;

        xc = *(ENG->x509ctx);
        len = T0_POP();
        xc->append(ENG->x509ctx, ENG->pad, len);

                                }
                                break;
                        case 76: {
                                /* x509-end-cert */

        const br_x509_class *xc;

        xc = *(ENG->x509ctx);
        xc->end_cert(ENG->x509ctx);

                                }
                                break;
                        case 77: {
                                /* x509-end-chain */

        const br_x509_class *xc;

        xc = *(ENG->x509ctx);
        T0_PUSH(xc->end_chain(ENG->x509ctx));

                                }
                                break;
                        case 78: {
                                /* x509-start-cert */

        const br_x509_class *xc;

        xc = *(ENG->x509ctx);
        xc->start_cert(ENG->x509ctx, T0_POP());

                                }
                                break;
                        case 79: {
                                /* x509-start-chain */

        const br_x509_class *xc;
        uint32_t bc;

        bc = T0_POP();
        xc = *(ENG->x509ctx);
        xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);

                                }
                                break;
                        }

                } else {
                        T0_ENTER(ip, rp, t0x);
                }
        }
t0_exit:
        ((t0_context *)t0ctx)->dp = dp;
        ((t0_context *)t0ctx)->rp = rp;
        ((t0_context *)t0ctx)->ip = ip;
}