1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char HASH_OID_SHA1
[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
177 static const unsigned char HASH_OID_SHA224
[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
181 static const unsigned char HASH_OID_SHA256
[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
185 static const unsigned char HASH_OID_SHA384
[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
189 static const unsigned char HASH_OID_SHA512
[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
193 static const unsigned char *HASH_OID
[] = {
202 * Check the RSA signature on the ServerKeyExchange message.
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
208 * Returned value is 0 on success, or an error code.
211 verify_SKE_sig(br_ssl_client_context
*ctx
,
212 int hash
, int use_rsa
, size_t sig_len
)
214 const br_x509_class
**xc
;
215 const br_x509_pkey
*pk
;
216 br_multihash_context mhc
;
217 unsigned char hv
[64], head
[4];
220 xc
= ctx
->eng
.x509ctx
;
221 pk
= (*xc
)->get_pkey(xc
, NULL
);
222 br_multihash_zero(&mhc
);
223 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
224 br_multihash_init(&mhc
);
225 br_multihash_update(&mhc
,
226 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
227 br_multihash_update(&mhc
,
228 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
231 head
[2] = ctx
->eng
.ecdhe_curve
;
232 head
[3] = ctx
->eng
.ecdhe_point_len
;
233 br_multihash_update(&mhc
, head
, sizeof head
);
234 br_multihash_update(&mhc
,
235 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
237 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
239 return BR_ERR_INVALID_ALGORITHM
;
242 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
243 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
245 return BR_ERR_INVALID_ALGORITHM
;
250 unsigned char tmp
[64];
251 const unsigned char *hash_oid
;
254 hash_oid
= HASH_OID
[hash
- 2];
258 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
259 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
260 || memcmp(tmp
, hv
, hv_len
) != 0)
262 return BR_ERR_BAD_SIGNATURE
;
265 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
266 ctx
->eng
.pad
, sig_len
))
268 return BR_ERR_BAD_SIGNATURE
;
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
284 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
287 unsigned char key
[66], point
[133];
288 const unsigned char *generator
, *order
, *point_src
;
289 size_t glen
, olen
, point_len
;
293 curve
= ctx
->eng
.ecdhe_curve
;
294 point_src
= ctx
->eng
.ecdhe_point
;
295 point_len
= ctx
->eng
.ecdhe_point_len
;
297 const br_x509_class
**xc
;
298 const br_x509_pkey
*pk
;
300 xc
= ctx
->eng
.x509ctx
;
301 pk
= (*xc
)->get_pkey(xc
, NULL
);
302 curve
= pk
->key
.ec
.curve
;
303 point_src
= pk
->key
.ec
.q
;
304 point_len
= pk
->key
.ec
.qlen
;
306 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM
;
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
316 order
= ctx
->eng
.iec
->order(curve
, &olen
);
318 while (mask
>= order
[0]) {
321 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
323 key
[olen
- 1] |= 0x01;
326 * Compute the common ECDH point, whose X coordinate is the
329 generator
= ctx
->eng
.iec
->generator(curve
, &glen
);
330 if (glen
!= point_len
) {
331 return -BR_ERR_INVALID_ALGORITHM
;
334 memcpy(point
, point_src
, glen
);
335 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
336 return -BR_ERR_INVALID_ALGORITHM
;
340 * The pre-master secret is the X coordinate.
342 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ 1, glen
>> 1);
344 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
345 memcpy(ctx
->eng
.pad
, point
, glen
);
350 * Perform full static ECDH. This occurs only in the context of client
351 * authentication with certificates: the server uses an EC public key,
352 * the cipher suite is of type ECDH (not ECDHE), the server requested a
353 * client certificate and accepts static ECDH, the client has a
354 * certificate with an EC public key in the same curve, and accepts
355 * static ECDH as well.
357 * Returned value is 0 on success, -1 on error.
360 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
362 unsigned char point
[133];
364 const br_x509_class
**xc
;
365 const br_x509_pkey
*pk
;
367 xc
= ctx
->eng
.x509ctx
;
368 pk
= (*xc
)->get_pkey(xc
, NULL
);
369 point_len
= pk
->key
.ec
.qlen
;
370 if (point_len
> sizeof point
) {
373 memcpy(point
, pk
->key
.ec
.q
, point_len
);
374 if (!(*ctx
->client_auth_vtable
)->do_keyx(
375 ctx
->client_auth_vtable
, point
, point_len
))
379 br_ssl_engine_compute_master(&ctx
->eng
,
380 prf_id
, point
+ 1, point_len
>> 1);
385 * Compute the client-side signature. This is invoked only when a
386 * signature-based client authentication was selected. The computed
387 * signature is in the pad; its length (in bytes) is returned. On
388 * error, 0 is returned.
391 make_client_sign(br_ssl_client_context
*ctx
)
396 * Compute hash of handshake messages so far. This "cannot" fail
397 * because the list of supported hash functions provided to the
398 * client certificate handler was trimmed to include only the
399 * hash functions that the multi-hasher supports.
402 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
403 ctx
->hash_id
, ctx
->eng
.pad
);
405 br_multihash_out(&ctx
->eng
.mhash
,
406 br_md5_ID
, ctx
->eng
.pad
);
407 br_multihash_out(&ctx
->eng
.mhash
,
408 br_sha1_ID
, ctx
->eng
.pad
+ 16);
411 return (*ctx
->client_auth_vtable
)->do_sign(
412 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
413 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
418 static const uint8_t t0_datablock
[] = {
419 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
420 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
421 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
422 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
423 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
424 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
425 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
426 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
427 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
428 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
429 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
430 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
431 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
434 static const uint8_t t0_codeblock
[] = {
435 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
436 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
437 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
438 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
439 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
441 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
449 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
455 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
457 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
458 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
460 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
462 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
464 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
465 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
468 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
469 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
470 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
471 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
472 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
475 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
477 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
479 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
481 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
482 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
484 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
487 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
489 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
491 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
493 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
494 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
495 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
497 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
498 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
500 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
501 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
502 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
503 0x00, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x06,
504 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6E, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
505 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x96, 0x26, 0x5B, 0x43, 0x9A, 0x26,
506 0x05, 0x04, 0x5D, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9A,
507 0x00, 0x5B, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x26,
508 0x86, 0x43, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x43, 0x76, 0x2C, 0xA8, 0x1C,
509 0x81, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x43,
510 0x59, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x74, 0x3D, 0x29,
511 0x1A, 0x36, 0x06, 0x07, 0x02, 0x00, 0xCB, 0x03, 0x00, 0x04, 0x75, 0x01,
512 0x00, 0xC2, 0x02, 0x00, 0x26, 0x1A, 0x17, 0x06, 0x02, 0x6C, 0x28, 0xCB,
513 0x04, 0x76, 0x01, 0x01, 0x00, 0x74, 0x3D, 0x01, 0x16, 0x84, 0x3D, 0x01,
514 0x00, 0x87, 0x3C, 0x34, 0xD1, 0x29, 0xB1, 0x06, 0x09, 0x01, 0x7F, 0xAC,
515 0x01, 0x7F, 0xCE, 0x04, 0x80, 0x53, 0xAE, 0x76, 0x2C, 0x9E, 0x01,
516 T0_INT1(BR_KEYTYPE_SIGN
), 0x17, 0x06, 0x01, 0xB2, 0xB5, 0x26, 0x01,
517 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB4, 0xB5, 0x01, 0x7F, 0x04, 0x02, 0x01,
518 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x06, 0x02,
519 0x64, 0x28, 0x33, 0x06, 0x02, 0x6F, 0x28, 0x02, 0x00, 0x06, 0x1C, 0xCF,
520 0x7D, 0x2E, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDA,
521 0x01, 0x00, 0xD9, 0x76, 0x2C, 0xA8, 0x24, 0x04, 0x04, 0xD2, 0x06, 0x01,
522 0xD0, 0x04, 0x01, 0xD2, 0x01, 0x7F, 0xCE, 0x01, 0x7F, 0xAC, 0x01, 0x01,
523 0x74, 0x3D, 0x01, 0x17, 0x84, 0x3D, 0x00, 0x00, 0x38, 0x38, 0x00, 0x00,
524 0x97, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
525 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
526 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
527 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
528 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
529 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
530 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
531 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
532 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
533 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
534 0x43, 0x25, 0x00, 0x00, 0x7F, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
535 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3F, 0x06, 0x04, 0x01, 0x06,
536 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x85, 0x2E, 0x26, 0x06, 0x08, 0x01,
537 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
538 0x40, 0x03, 0x00, 0x25, 0x01, 0x00, 0x42, 0x06, 0x03, 0x02, 0x00, 0x08,
539 0x41, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
540 0x01, 0x06, 0x08, 0x00, 0x00, 0x88, 0x3E, 0x26, 0x06, 0x03, 0x01, 0x09,
541 0x08, 0x00, 0x01, 0x3F, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
542 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
543 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
544 0x08, 0x00, 0x00, 0x7C, 0x2D, 0x43, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
545 0x00, 0x9C, 0xCA, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
546 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9C, 0x04, 0x2D, 0x01, 0x01,
547 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x74, 0x3D, 0xB0, 0x85,
548 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA5, 0x37, 0x06, 0x0F, 0x29, 0x1A,
549 0x36, 0x06, 0x04, 0xCA, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC2, 0x04,
550 0x01, 0x9C, 0x04, 0x03, 0x6F, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
551 0x03, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x02, 0x00, 0x00,
552 0x00, 0x97, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x73, 0x2E, 0x01, 0x00, 0x38,
553 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
554 0x02, 0x73, 0x3D, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06,
555 0x15, 0x25, 0x01, 0x00, 0x73, 0x3D, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
556 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x57, 0x00, 0x04, 0x07, 0x25, 0x01,
557 0x82, 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05,
558 0x3A, 0xA9, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8C, 0x3D,
559 0x00, 0x01, 0xBC, 0xA7, 0xBC, 0xA7, 0xBE, 0x81, 0x43, 0x26, 0x03, 0x00,
560 0xB3, 0x98, 0x98, 0x02, 0x00, 0x4A, 0x26, 0x55, 0x06, 0x0A, 0x01, 0x03,
561 0xA5, 0x06, 0x02, 0x6F, 0x28, 0x25, 0x04, 0x03, 0x59, 0x87, 0x3C, 0x00,
562 0x00, 0x2F, 0x06, 0x0B, 0x83, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6F,
563 0x28, 0x04, 0x11, 0xCA, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06,
564 0x06, 0x06, 0x02, 0x6F, 0x28, 0x04, 0x70, 0x25, 0xBF, 0x01, 0x01, 0x0D,
565 0x33, 0x37, 0x06, 0x02, 0x5E, 0x28, 0x26, 0x01, 0x01, 0xC5, 0x36, 0xAF,
566 0x00, 0x01, 0xB5, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x26, 0x01,
567 0x03, 0x0E, 0x06, 0x08, 0xBD, 0x06, 0x02, 0x65, 0x28, 0x43, 0x25, 0x00,
568 0x43, 0x54, 0xBD, 0xA7, 0x26, 0x06, 0x23, 0xBD, 0xA7, 0x26, 0x53, 0x26,
569 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00,
570 0x04, 0x01, 0x26, 0x03, 0x00, 0x81, 0x02, 0x00, 0xB3, 0x02, 0x00, 0x50,
571 0x04, 0x65, 0x98, 0x51, 0x04, 0x5A, 0x98, 0x98, 0x52, 0x26, 0x06, 0x02,
572 0x35, 0x00, 0x25, 0x2B, 0x00, 0x00, 0x76, 0x2C, 0x9E, 0x01, 0x7F, 0xAD,
573 0x26, 0x55, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x6F, 0x28, 0x38,
574 0x17, 0x0D, 0x06, 0x02, 0x71, 0x28, 0x3B, 0x00, 0x00, 0x99, 0xB5, 0x01,
575 0x14, 0x0D, 0x06, 0x02, 0x6F, 0x28, 0x81, 0x01, 0x0C, 0x08, 0x01, 0x0C,
576 0xB3, 0x98, 0x81, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02,
577 0x61, 0x28, 0x00, 0x00, 0xB6, 0x06, 0x02, 0x6F, 0x28, 0x06, 0x02, 0x63,
578 0x28, 0x00, 0x0A, 0xB5, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0xBC,
579 0x03, 0x00, 0x02, 0x00, 0x92, 0x2C, 0x0A, 0x02, 0x00, 0x91, 0x2C, 0x0F,
580 0x37, 0x06, 0x02, 0x70, 0x28, 0x02, 0x00, 0x90, 0x2C, 0x0D, 0x06, 0x02,
581 0x68, 0x28, 0x02, 0x00, 0x93, 0x3C, 0x89, 0x01, 0x20, 0xB3, 0x01, 0x00,
582 0x03, 0x01, 0xBE, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02,
583 0x6D, 0x28, 0x81, 0x02, 0x02, 0xB3, 0x02, 0x02, 0x8B, 0x2E, 0x0E, 0x02,
584 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8A, 0x81, 0x02, 0x02, 0x30,
585 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8A, 0x81, 0x02, 0x02, 0x31, 0x02,
586 0x02, 0x8B, 0x3D, 0x02, 0x00, 0x8F, 0x02, 0x01, 0x95, 0xBC, 0x26, 0xC0,
587 0x55, 0x06, 0x02, 0x5F, 0x28, 0x76, 0x02, 0x01, 0x95, 0xBE, 0x06, 0x02,
588 0x60, 0x28, 0x26, 0x06, 0x81, 0x45, 0xBC, 0xA7, 0xA3, 0x03, 0x03, 0xA1,
589 0x03, 0x04, 0x9F, 0x03, 0x05, 0xA2, 0x03, 0x06, 0xA4, 0x03, 0x07, 0xA0,
590 0x03, 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBC, 0x01, 0x00,
591 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x69, 0x28, 0x01,
592 0x00, 0x03, 0x03, 0xBB, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06,
593 0x0F, 0x25, 0x02, 0x05, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x05,
594 0xB9, 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F,
595 0x25, 0x02, 0x04, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBA,
596 0x04, 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06,
597 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB7, 0x04, 0x3F, 0x01,
598 0x0A, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x69, 0x28,
599 0x01, 0x00, 0x03, 0x07, 0xB7, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06,
600 0x0E, 0x25, 0x02, 0x08, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x08,
601 0xB7, 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09,
602 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAB, 0x04, 0x03, 0x69,
603 0x28, 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01,
604 0x05, 0x0F, 0x06, 0x02, 0x66, 0x28, 0x01, 0x01, 0x85, 0x3D, 0x98, 0x98,
605 0x02, 0x01, 0x00, 0x04, 0xB5, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6F, 0x28,
606 0xBE, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6A, 0x28, 0xBC, 0x26, 0x79, 0x3D,
607 0x26, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6A, 0x28, 0x3F, 0x43, 0x11, 0x01,
608 0x01, 0x17, 0x05, 0x02, 0x6A, 0x28, 0xBE, 0x26, 0x01, 0x81, 0x05, 0x0F,
609 0x06, 0x02, 0x6A, 0x28, 0x26, 0x7B, 0x3D, 0x7A, 0x43, 0xB3, 0x8F, 0x2C,
610 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x76, 0x2C, 0xC8, 0x03, 0x01, 0x01,
611 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBE, 0x26, 0x26, 0x01, 0x02,
612 0x0A, 0x43, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6A, 0x28, 0x03, 0x02,
613 0xBE, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02,
614 0x6A, 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02,
615 0xBC, 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6B,
616 0x28, 0x81, 0x43, 0xB3, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4D, 0x26,
617 0x06, 0x01, 0x28, 0x25, 0x98, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02,
618 0x00, 0x94, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06,
619 0x02, 0x5D, 0x00, 0xCC, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBE,
620 0xA7, 0x26, 0x06, 0x80, 0x43, 0xBE, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06,
621 0x25, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06,
622 0x07, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38,
623 0x0E, 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80,
624 0x42, 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04,
625 0x01, 0x00, 0x43, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39,
626 0x98, 0x76, 0x2C, 0xC6, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F,
627 0x17, 0x03, 0x00, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB8,
628 0x26, 0x7E, 0x3C, 0x40, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C,
629 0x80, 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80,
630 0x00, 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01,
631 0x84, 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05,
632 0x01, 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01,
633 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBC, 0xA7, 0x26, 0x06, 0x23,
634 0xBC, 0xA7, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F,
635 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x81, 0x02,
636 0x01, 0xB3, 0x02, 0x01, 0x12, 0x04, 0x65, 0x98, 0x13, 0x04, 0x5A, 0x98,
637 0x14, 0x98, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB6, 0x26, 0x57, 0x06, 0x07,
638 0x25, 0x06, 0x02, 0x63, 0x28, 0x04, 0x74, 0x00, 0x00, 0xBF, 0x01, 0x03,
639 0xBD, 0x43, 0x25, 0x43, 0x00, 0x00, 0xBC, 0xC3, 0x00, 0x03, 0x01, 0x00,
640 0x03, 0x00, 0xBC, 0xA7, 0x26, 0x06, 0x32, 0xBE, 0x03, 0x01, 0xBE, 0x03,
641 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06, 0x0C, 0x17,
642 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E, 0x37, 0x17,
643 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5A, 0x01, 0x02, 0x0B,
644 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04, 0x4B, 0x98, 0x02, 0x00,
645 0x00, 0x00, 0xBC, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x62, 0x28, 0xBE, 0x01,
646 0x08, 0x08, 0x7F, 0x2E, 0x0E, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xBC,
647 0x85, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE,
648 0x01, 0x00, 0x0E, 0x05, 0x02, 0x66, 0x28, 0x01, 0x02, 0x85, 0x3D, 0x04,
649 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE, 0x01, 0x18, 0x0E,
650 0x05, 0x02, 0x66, 0x28, 0x81, 0x01, 0x18, 0xB3, 0x86, 0x81, 0x01, 0x18,
651 0x30, 0x05, 0x02, 0x66, 0x28, 0x00, 0x00, 0xBC, 0x06, 0x02, 0x67, 0x28,
652 0x00, 0x00, 0x01, 0x02, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x00,
653 0x00, 0x01, 0x03, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x01, 0x08,
654 0x0B, 0xBF, 0x08, 0x00, 0x00, 0x01, 0x01, 0x94, 0xBF, 0x00, 0x00, 0x3A,
655 0x26, 0x55, 0x05, 0x01, 0x00, 0x25, 0xCC, 0x04, 0x76, 0x02, 0x03, 0x00,
656 0x8E, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10,
657 0x26, 0x01, 0x01, 0x0B, 0x8D, 0x08, 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01,
658 0x00, 0x59, 0x04, 0x6A, 0x25, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, 0x84,
659 0x3D, 0x43, 0x4F, 0x25, 0x4F, 0x25, 0x29, 0x00, 0x00, 0x01, 0x01, 0x43,
660 0xC1, 0x00, 0x00, 0x43, 0x38, 0x94, 0x43, 0x26, 0x06, 0x05, 0xBF, 0x25,
661 0x5A, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E,
662 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x97, 0x56, 0x00, 0x02, 0x03, 0x00,
663 0x76, 0x2C, 0x97, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01,
664 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01,
665 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x00, 0x01,
666 0x18, 0x02, 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x68,
667 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01, 0x01, 0x10, 0x02,
668 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x52, 0x01, 0x02,
669 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06,
670 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06,
671 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01,
672 0x45, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01,
673 0x20, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x15, 0x01,
674 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x48,
675 0x04, 0x01, 0x49, 0x04, 0x03, 0x65, 0x28, 0x25, 0x00, 0x00, 0x97, 0x01,
676 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x26,
677 0x58, 0x43, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11,
678 0x01, 0x01, 0x0E, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x57, 0x00, 0x00,
679 0x1B, 0x01, 0x00, 0x72, 0x2E, 0x26, 0x06, 0x1F, 0x01, 0x01, 0x38, 0x0E,
680 0x06, 0x06, 0x25, 0x01, 0x00, 0x9B, 0x04, 0x11, 0x01, 0x02, 0x38, 0x0E,
681 0x06, 0x0A, 0x25, 0x74, 0x2E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01,
682 0x25, 0x04, 0x01, 0x25, 0x78, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x83,
683 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04,
684 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAA, 0x06, 0x03, 0x01,
685 0x7F, 0x9B, 0x04, 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
686 0x01, 0x37, 0x04, 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A,
687 0x06, 0x03, 0x01, 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x0F, 0x2F,
688 0x06, 0x0C, 0x83, 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x04, 0x25, 0xAA, 0x04,
689 0x01, 0x20, 0x00, 0x00, 0xCA, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06,
690 0x02, 0x6F, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02,
691 0x00, 0x84, 0x3D, 0x00, 0xCA, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCD,
692 0x01, 0x01, 0xDA, 0x29, 0x26, 0x01, 0x00, 0xC5, 0x01, 0x16, 0xCD, 0xD3,
693 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDA, 0x4B, 0x26, 0x26, 0x01, 0x03, 0x08,
694 0xD9, 0xD9, 0x18, 0x26, 0x55, 0x06, 0x02, 0x25, 0x00, 0xD9, 0x1D, 0x26,
695 0x06, 0x05, 0x81, 0x43, 0xD4, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21,
696 0x01, 0x0F, 0xDA, 0x26, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C,
697 0x01, 0x04, 0x08, 0xD9, 0x7D, 0x2E, 0xDA, 0x75, 0x2E, 0xDA, 0x04, 0x02,
698 0x5B, 0xD9, 0x26, 0xD8, 0x81, 0x43, 0xD4, 0x00, 0x02, 0xA1, 0xA3, 0x08,
699 0x9F, 0x08, 0xA2, 0x08, 0xA4, 0x08, 0xA0, 0x08, 0x27, 0x08, 0x03, 0x00,
700 0x01, 0x01, 0xDA, 0x01, 0x27, 0x8B, 0x2E, 0x08, 0x8E, 0x2E, 0x01, 0x01,
701 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5B, 0x02, 0x00, 0x08, 0x80, 0x2C,
702 0x38, 0x09, 0x26, 0x58, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x43, 0x5B,
703 0x43, 0x5C, 0x01, 0x04, 0x09, 0x26, 0x55, 0x06, 0x03, 0x25, 0x01, 0x00,
704 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x43, 0x01, 0x04,
705 0x08, 0x38, 0x08, 0x43, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xD9,
706 0x91, 0x2C, 0xD8, 0x77, 0x01, 0x04, 0x19, 0x77, 0x01, 0x04, 0x08, 0x01,
707 0x1C, 0x32, 0x77, 0x01, 0x20, 0xD4, 0x8A, 0x8B, 0x2E, 0xD6, 0x8E, 0x2E,
708 0x26, 0x01, 0x01, 0x0B, 0xD8, 0x8D, 0x43, 0x26, 0x06, 0x0F, 0x5A, 0x38,
709 0x2C, 0x26, 0xC4, 0x05, 0x02, 0x5F, 0x28, 0xD8, 0x43, 0x5B, 0x43, 0x04,
710 0x6E, 0x5D, 0x01, 0x01, 0xDA, 0x01, 0x00, 0xDA, 0x02, 0x00, 0x06, 0x81,
711 0x46, 0x02, 0x00, 0xD8, 0xA1, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD8,
712 0x86, 0xA1, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5A, 0xD6, 0xA3, 0x06, 0x16,
713 0x01, 0x00, 0xD8, 0x88, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x01, 0x02,
714 0x09, 0x26, 0xD8, 0x01, 0x00, 0xDA, 0x01, 0x03, 0x09, 0xD5, 0x9F, 0x06,
715 0x0C, 0x01, 0x01, 0xD8, 0x01, 0x01, 0xD8, 0x7F, 0x2E, 0x01, 0x08, 0x09,
716 0xDA, 0xA2, 0x06, 0x19, 0x01, 0x0D, 0xD8, 0xA2, 0x01, 0x04, 0x09, 0x26,
717 0xD8, 0x01, 0x02, 0x09, 0xD8, 0x41, 0x06, 0x03, 0x01, 0x03, 0xD7, 0x42,
718 0x06, 0x03, 0x01, 0x01, 0xD7, 0xA4, 0x26, 0x06, 0x22, 0x01, 0x0A, 0xD8,
719 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x3F, 0x01, 0x00, 0x26, 0x01,
720 0x20, 0x0A, 0x06, 0x0C, 0x9D, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26,
721 0xD8, 0x59, 0x04, 0x6E, 0x5D, 0x04, 0x01, 0x25, 0xA0, 0x06, 0x0A, 0x01,
722 0x0B, 0xD8, 0x01, 0x02, 0xD8, 0x01, 0x82, 0x00, 0xD8, 0x27, 0x26, 0x06,
723 0x1F, 0x01, 0x10, 0xD8, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x82,
724 0x2C, 0x01, 0x00, 0x9D, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDA, 0x81,
725 0x43, 0xD4, 0x59, 0x04, 0x72, 0x5D, 0x04, 0x01, 0x25, 0x02, 0x01, 0x55,
726 0x05, 0x11, 0x01, 0x15, 0xD8, 0x02, 0x01, 0x26, 0xD8, 0x26, 0x06, 0x06,
727 0x5A, 0x01, 0x00, 0xDA, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDA,
728 0x76, 0x2C, 0x26, 0xC9, 0x06, 0x0C, 0xA8, 0x23, 0x26, 0x5B, 0xD9, 0x26,
729 0xD8, 0x81, 0x43, 0xD4, 0x04, 0x0D, 0x26, 0xC7, 0x43, 0xA8, 0x22, 0x26,
730 0x59, 0xD9, 0x26, 0xDA, 0x81, 0x43, 0xD4, 0x00, 0x00, 0x99, 0x01, 0x14,
731 0xDA, 0x01, 0x0C, 0xD9, 0x81, 0x01, 0x0C, 0xD4, 0x00, 0x00, 0x4E, 0x26,
732 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5D, 0x00, 0xCA, 0x25, 0x04, 0x73, 0x00,
733 0x26, 0xD8, 0xD4, 0x00, 0x00, 0x26, 0xDA, 0xD4, 0x00, 0x01, 0x03, 0x00,
734 0x40, 0x25, 0x26, 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDA, 0x02,
735 0x00, 0xDA, 0x26, 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDA, 0x02,
736 0x00, 0xDA, 0x26, 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDA, 0x02,
737 0x00, 0xDA, 0x26, 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDA,
738 0x02, 0x00, 0xDA, 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDA, 0x02,
739 0x00, 0xDA, 0x00, 0x00, 0x26, 0x01, 0x08, 0x4C, 0xDA, 0xDA, 0x00, 0x00,
740 0x26, 0x01, 0x10, 0x4C, 0xDA, 0xD8, 0x00, 0x00, 0x26, 0x4F, 0x06, 0x02,
741 0x25, 0x00, 0xCA, 0x25, 0x04, 0x76
744 static const uint16_t t0_caddr
[] = {
881 #define T0_INTERPRETED 85
883 #define T0_ENTER(ip, rp, slot) do { \
884 const unsigned char *t0_newip; \
886 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
887 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
889 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
893 #define T0_DEFENTRY(name, slot) \
897 t0_context *t0ctx = ctx; \
898 t0ctx->ip = &t0_codeblock[0]; \
899 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
902 T0_DEFENTRY(br_ssl_hs_client_init_main
, 166)
904 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
907 br_ssl_hs_client_run(void *t0ctx
)
910 const unsigned char *ip
;
912 #define T0_LOCAL(x) (*(rp - 2 - (x)))
913 #define T0_POP() (*-- dp)
914 #define T0_POPi() (*(int32_t *)(-- dp))
915 #define T0_PEEK(x) (*(dp - 1 - (x)))
916 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
917 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
918 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
919 #define T0_RPOP() (*-- rp)
920 #define T0_RPOPi() (*(int32_t *)(-- rp))
921 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
922 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
923 #define T0_ROLL(x) do { \
924 size_t t0len = (size_t)(x); \
925 uint32_t t0tmp = *(dp - 1 - t0len); \
926 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
929 #define T0_SWAP() do { \
930 uint32_t t0tmp = *(dp - 2); \
931 *(dp - 2) = *(dp - 1); \
934 #define T0_ROT() do { \
935 uint32_t t0tmp = *(dp - 3); \
936 *(dp - 3) = *(dp - 2); \
937 *(dp - 2) = *(dp - 1); \
940 #define T0_NROT() do { \
941 uint32_t t0tmp = *(dp - 1); \
942 *(dp - 1) = *(dp - 2); \
943 *(dp - 2) = *(dp - 3); \
946 #define T0_PICK(x) do { \
947 uint32_t t0depth = (x); \
948 T0_PUSH(T0_PEEK(t0depth)); \
950 #define T0_CO() do { \
953 #define T0_RET() goto t0_next
955 dp
= ((t0_context
*)t0ctx
)->dp
;
956 rp
= ((t0_context
*)t0ctx
)->rp
;
957 ip
= ((t0_context
*)t0ctx
)->ip
;
964 if (t0x
< T0_INTERPRETED
) {
976 ip
= &t0_codeblock
[t0x
];
978 case 1: /* literal constant */
979 T0_PUSHi(t0_parse7E_signed(&ip
));
981 case 2: /* read local */
982 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
984 case 3: /* write local */
985 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
988 t0off
= t0_parse7E_signed(&ip
);
991 case 5: /* jump if */
992 t0off
= t0_parse7E_signed(&ip
);
997 case 6: /* jump if not */
998 t0off
= t0_parse7E_signed(&ip
);
1006 uint32_t b
= T0_POP();
1007 uint32_t a
= T0_POP();
1015 uint32_t b
= T0_POP();
1016 uint32_t a
= T0_POP();
1024 uint32_t b
= T0_POP();
1025 uint32_t a
= T0_POP();
1033 int32_t b
= T0_POPi();
1034 int32_t a
= T0_POPi();
1035 T0_PUSH(-(uint32_t)(a
< b
));
1042 int c
= (int)T0_POPi();
1043 uint32_t x
= T0_POP();
1051 int32_t b
= T0_POPi();
1052 int32_t a
= T0_POPi();
1053 T0_PUSH(-(uint32_t)(a
<= b
));
1060 uint32_t b
= T0_POP();
1061 uint32_t a
= T0_POP();
1062 T0_PUSH(-(uint32_t)(a
!= b
));
1069 uint32_t b
= T0_POP();
1070 uint32_t a
= T0_POP();
1071 T0_PUSH(-(uint32_t)(a
== b
));
1078 int32_t b
= T0_POPi();
1079 int32_t a
= T0_POPi();
1080 T0_PUSH(-(uint32_t)(a
> b
));
1087 int32_t b
= T0_POPi();
1088 int32_t a
= T0_POPi();
1089 T0_PUSH(-(uint32_t)(a
>= b
));
1096 int c
= (int)T0_POPi();
1097 int32_t x
= T0_POPi();
1103 /* anchor-dn-append-name */
1108 if (CTX
->client_auth_vtable
!= NULL
) {
1109 (*CTX
->client_auth_vtable
)->append_name(
1110 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1116 /* anchor-dn-end-name */
1118 if (CTX
->client_auth_vtable
!= NULL
) {
1119 (*CTX
->client_auth_vtable
)->end_name(
1120 CTX
->client_auth_vtable
);
1126 /* anchor-dn-end-name-list */
1128 if (CTX
->client_auth_vtable
!= NULL
) {
1129 (*CTX
->client_auth_vtable
)->end_name_list(
1130 CTX
->client_auth_vtable
);
1136 /* anchor-dn-start-name */
1141 if (CTX
->client_auth_vtable
!= NULL
) {
1142 (*CTX
->client_auth_vtable
)->start_name(
1143 CTX
->client_auth_vtable
, len
);
1149 /* anchor-dn-start-name-list */
1151 if (CTX
->client_auth_vtable
!= NULL
) {
1152 (*CTX
->client_auth_vtable
)->start_name_list(
1153 CTX
->client_auth_vtable
);
1161 uint32_t b
= T0_POP();
1162 uint32_t a
= T0_POP();
1170 if (ENG
->chain_len
== 0) {
1173 ENG
->cert_cur
= ENG
->chain
->data
;
1174 ENG
->cert_len
= ENG
->chain
->data_len
;
1177 T0_PUSH(ENG
->cert_len
);
1185 size_t len
= (size_t)T0_POP();
1186 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1187 memset(addr
, 0, len
);
1194 T0_PUSHi(-(ENG
->hlen_out
> 0));
1204 /* compute-Finished-inner */
1206 int prf_id
= T0_POP();
1207 int from_client
= T0_POPi();
1208 unsigned char seed
[48];
1211 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1212 if (ENG
->session
.version
>= BR_TLS12
) {
1213 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1215 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1216 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1219 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1220 sizeof ENG
->session
.master_secret
,
1221 from_client
? "client finished" : "server finished",
1227 /* copy-cert-chunk */
1231 clen
= ENG
->cert_len
;
1232 if (clen
> sizeof ENG
->pad
) {
1233 clen
= sizeof ENG
->pad
;
1235 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1236 ENG
->cert_cur
+= clen
;
1237 ENG
->cert_len
-= clen
;
1243 /* copy-protocol-name */
1245 size_t idx
= T0_POP();
1246 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1247 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1255 size_t addr
= T0_POP();
1256 T0_PUSH(t0_datablock
[addr
]);
1268 /* do-client-sign */
1272 sig_len
= make_client_sign(CTX
);
1274 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1284 unsigned prf_id
= T0_POP();
1285 unsigned ecdhe
= T0_POP();
1288 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1290 br_ssl_engine_fail(ENG
, -x
);
1299 /* do-rsa-encrypt */
1303 x
= make_pms_rsa(CTX
, T0_POP());
1305 br_ssl_engine_fail(ENG
, -x
);
1314 /* do-static-ecdh */
1316 unsigned prf_id
= T0_POP();
1318 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1319 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1332 T0_PUSH(T0_PEEK(0));
1336 /* ext-ALPN-length */
1340 if (ENG
->protocol_names_num
== 0) {
1345 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1346 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1355 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1363 br_ssl_engine_flush_record(ENG
);
1368 /* get-client-chain */
1370 uint32_t auth_types
;
1372 auth_types
= T0_POP();
1373 if (CTX
->client_auth_vtable
!= NULL
) {
1374 br_ssl_client_certificate ux
;
1376 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1377 CTX
, auth_types
, &ux
);
1378 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1379 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1380 ENG
->chain
= ux
.chain
;
1381 ENG
->chain_len
= ux
.chain_len
;
1390 /* get-key-type-usages */
1392 const br_x509_class
*xc
;
1393 const br_x509_pkey
*pk
;
1396 xc
= *(ENG
->x509ctx
);
1397 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1401 T0_PUSH(pk
->key_type
| usages
);
1409 size_t addr
= (size_t)T0_POP();
1410 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1417 size_t addr
= (size_t)T0_POP();
1418 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1425 size_t addr
= (size_t)T0_POP();
1426 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1433 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1440 size_t len
= (size_t)T0_POP();
1441 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1442 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1443 int x
= memcmp(addr1
, addr2
, len
);
1444 T0_PUSH((uint32_t)-(x
== 0));
1451 size_t len
= (size_t)T0_POP();
1452 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1453 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1454 memcpy(dst
, src
, len
);
1461 size_t len
= (size_t)T0_POP();
1462 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1463 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1468 /* more-incoming-bytes? */
1470 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1475 /* multihash-init */
1477 br_multihash_init(&ENG
->mhash
);
1484 uint32_t a
= T0_POP();
1492 uint32_t a
= T0_POP();
1500 uint32_t b
= T0_POP();
1501 uint32_t a
= T0_POP();
1508 T0_PUSH(T0_PEEK(1));
1512 /* read-chunk-native */
1514 size_t clen
= ENG
->hlen_in
;
1520 if ((size_t)len
< clen
) {
1523 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1524 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1525 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1527 T0_PUSH(addr
+ (uint32_t)clen
);
1528 T0_PUSH(len
- (uint32_t)clen
);
1529 ENG
->hbuf_in
+= clen
;
1530 ENG
->hlen_in
-= clen
;
1538 if (ENG
->hlen_in
> 0) {
1541 x
= *ENG
->hbuf_in
++;
1542 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1543 br_multihash_update(&ENG
->mhash
, &x
, 1);
1554 /* set-server-curve */
1556 const br_x509_class
*xc
;
1557 const br_x509_pkey
*pk
;
1559 xc
= *(ENG
->x509ctx
);
1560 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1562 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1569 size_t addr
= (size_t)T0_POP();
1570 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1577 size_t addr
= (size_t)T0_POP();
1578 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1585 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1586 T0_PUSH((uint32_t)strlen(str
));
1591 /* supported-curves */
1593 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1599 /* supported-hash-functions */
1606 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1607 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1618 /* supports-ecdsa? */
1620 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1625 /* supports-rsa-sign? */
1627 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1637 /* switch-aesgcm-in */
1639 int is_client
, prf_id
;
1640 unsigned cipher_key_len
;
1642 cipher_key_len
= T0_POP();
1644 is_client
= T0_POP();
1645 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1646 ENG
->iaes_ctr
, cipher_key_len
);
1651 /* switch-aesgcm-out */
1653 int is_client
, prf_id
;
1654 unsigned cipher_key_len
;
1656 cipher_key_len
= T0_POP();
1658 is_client
= T0_POP();
1659 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1660 ENG
->iaes_ctr
, cipher_key_len
);
1667 int is_client
, prf_id
, mac_id
, aes
;
1668 unsigned cipher_key_len
;
1670 cipher_key_len
= T0_POP();
1674 is_client
= T0_POP();
1675 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1676 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1681 /* switch-cbc-out */
1683 int is_client
, prf_id
, mac_id
, aes
;
1684 unsigned cipher_key_len
;
1686 cipher_key_len
= T0_POP();
1690 is_client
= T0_POP();
1691 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1692 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1697 /* switch-chapol-in */
1699 int is_client
, prf_id
;
1702 is_client
= T0_POP();
1703 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1708 /* switch-chapol-out */
1710 int is_client
, prf_id
;
1713 is_client
= T0_POP();
1714 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1719 /* test-protocol-name */
1721 size_t len
= T0_POP();
1724 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1727 name
= ENG
->protocol_names
[u
];
1728 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1738 /* total-chain-length */
1744 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1745 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1754 int c
= (int)T0_POPi();
1755 uint32_t x
= T0_POP();
1761 /* verify-SKE-sig */
1763 size_t sig_len
= T0_POP();
1764 int use_rsa
= T0_POPi();
1765 int hash
= T0_POPi();
1767 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1772 /* write-blob-chunk */
1774 size_t clen
= ENG
->hlen_out
;
1780 if ((size_t)len
< clen
) {
1783 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1784 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1785 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1787 T0_PUSH(addr
+ (uint32_t)clen
);
1788 T0_PUSH(len
- (uint32_t)clen
);
1789 ENG
->hbuf_out
+= clen
;
1790 ENG
->hlen_out
-= clen
;
1800 x
= (unsigned char)T0_POP();
1801 if (ENG
->hlen_out
> 0) {
1802 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1803 br_multihash_update(&ENG
->mhash
, &x
, 1);
1805 *ENG
->hbuf_out
++ = x
;
1817 const br_x509_class
*xc
;
1820 xc
= *(ENG
->x509ctx
);
1822 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1829 const br_x509_class
*xc
;
1831 xc
= *(ENG
->x509ctx
);
1832 xc
->end_cert(ENG
->x509ctx
);
1837 /* x509-end-chain */
1839 const br_x509_class
*xc
;
1841 xc
= *(ENG
->x509ctx
);
1842 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1847 /* x509-start-cert */
1849 const br_x509_class
*xc
;
1851 xc
= *(ENG
->x509ctx
);
1852 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1857 /* x509-start-chain */
1859 const br_x509_class
*xc
;
1863 xc
= *(ENG
->x509ctx
);
1864 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1871 T0_ENTER(ip
, rp
, t0x
);
1875 ((t0_context
*)t0ctx
)->dp
= dp
;
1876 ((t0_context
*)t0ctx
)->rp
= rp
;
1877 ((t0_context
*)t0ctx
)->ip
= ip
;