1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char HASH_OID_SHA1
[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
177 static const unsigned char HASH_OID_SHA224
[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
181 static const unsigned char HASH_OID_SHA256
[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
185 static const unsigned char HASH_OID_SHA384
[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
189 static const unsigned char HASH_OID_SHA512
[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
193 static const unsigned char *HASH_OID
[] = {
202 * Check the RSA signature on the ServerKeyExchange message.
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
208 * Returned value is 0 on success, or an error code.
211 verify_SKE_sig(br_ssl_client_context
*ctx
,
212 int hash
, int use_rsa
, size_t sig_len
)
214 const br_x509_class
**xc
;
215 const br_x509_pkey
*pk
;
216 br_multihash_context mhc
;
217 unsigned char hv
[64], head
[4];
220 xc
= ctx
->eng
.x509ctx
;
221 pk
= (*xc
)->get_pkey(xc
, NULL
);
222 br_multihash_zero(&mhc
);
223 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
224 br_multihash_init(&mhc
);
225 br_multihash_update(&mhc
,
226 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
227 br_multihash_update(&mhc
,
228 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
231 head
[2] = ctx
->eng
.ecdhe_curve
;
232 head
[3] = ctx
->eng
.ecdhe_point_len
;
233 br_multihash_update(&mhc
, head
, sizeof head
);
234 br_multihash_update(&mhc
,
235 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
237 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
239 return BR_ERR_INVALID_ALGORITHM
;
242 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
243 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
245 return BR_ERR_INVALID_ALGORITHM
;
250 unsigned char tmp
[64];
251 const unsigned char *hash_oid
;
254 hash_oid
= HASH_OID
[hash
- 2];
258 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
259 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
260 || memcmp(tmp
, hv
, hv_len
) != 0)
262 return BR_ERR_BAD_SIGNATURE
;
265 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
266 ctx
->eng
.pad
, sig_len
))
268 return BR_ERR_BAD_SIGNATURE
;
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
284 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
287 unsigned char key
[66], point
[133];
288 const unsigned char *order
, *point_src
;
289 size_t glen
, olen
, point_len
, xoff
, xlen
;
293 curve
= ctx
->eng
.ecdhe_curve
;
294 point_src
= ctx
->eng
.ecdhe_point
;
295 point_len
= ctx
->eng
.ecdhe_point_len
;
297 const br_x509_class
**xc
;
298 const br_x509_pkey
*pk
;
300 xc
= ctx
->eng
.x509ctx
;
301 pk
= (*xc
)->get_pkey(xc
, NULL
);
302 curve
= pk
->key
.ec
.curve
;
303 point_src
= pk
->key
.ec
.q
;
304 point_len
= pk
->key
.ec
.qlen
;
306 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM
;
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
316 order
= ctx
->eng
.iec
->order(curve
, &olen
);
318 while (mask
>= order
[0]) {
321 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
323 key
[olen
- 1] |= 0x01;
326 * Compute the common ECDH point, whose X coordinate is the
329 ctx
->eng
.iec
->generator(curve
, &glen
);
330 if (glen
!= point_len
) {
331 return -BR_ERR_INVALID_ALGORITHM
;
334 memcpy(point
, point_src
, glen
);
335 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
336 return -BR_ERR_INVALID_ALGORITHM
;
340 * The pre-master secret is the X coordinate.
342 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
343 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ xoff
, xlen
);
345 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
346 memcpy(ctx
->eng
.pad
, point
, glen
);
351 * Perform full static ECDH. This occurs only in the context of client
352 * authentication with certificates: the server uses an EC public key,
353 * the cipher suite is of type ECDH (not ECDHE), the server requested a
354 * client certificate and accepts static ECDH, the client has a
355 * certificate with an EC public key in the same curve, and accepts
356 * static ECDH as well.
358 * Returned value is 0 on success, -1 on error.
361 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
363 unsigned char point
[133];
365 const br_x509_class
**xc
;
366 const br_x509_pkey
*pk
;
368 xc
= ctx
->eng
.x509ctx
;
369 pk
= (*xc
)->get_pkey(xc
, NULL
);
370 point_len
= pk
->key
.ec
.qlen
;
371 if (point_len
> sizeof point
) {
374 memcpy(point
, pk
->key
.ec
.q
, point_len
);
375 if (!(*ctx
->client_auth_vtable
)->do_keyx(
376 ctx
->client_auth_vtable
, point
, &point_len
))
380 br_ssl_engine_compute_master(&ctx
->eng
,
381 prf_id
, point
, point_len
);
386 * Compute the client-side signature. This is invoked only when a
387 * signature-based client authentication was selected. The computed
388 * signature is in the pad; its length (in bytes) is returned. On
389 * error, 0 is returned.
392 make_client_sign(br_ssl_client_context
*ctx
)
397 * Compute hash of handshake messages so far. This "cannot" fail
398 * because the list of supported hash functions provided to the
399 * client certificate handler was trimmed to include only the
400 * hash functions that the multi-hasher supports.
403 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
404 ctx
->hash_id
, ctx
->eng
.pad
);
406 br_multihash_out(&ctx
->eng
.mhash
,
407 br_md5_ID
, ctx
->eng
.pad
);
408 br_multihash_out(&ctx
->eng
.mhash
,
409 br_sha1_ID
, ctx
->eng
.pad
+ 16);
412 return (*ctx
->client_auth_vtable
)->do_sign(
413 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
414 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
419 static const unsigned char t0_datablock
[] = {
420 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
421 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
422 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
423 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
424 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
425 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
426 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
427 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
428 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
429 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
430 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
431 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
432 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
435 static const unsigned char t0_codeblock
[] = {
436 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
437 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
438 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
439 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
441 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
449 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
450 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
452 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
453 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
455 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
458 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
463 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
465 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
466 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
467 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
469 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
470 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
471 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
472 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
474 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
476 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
477 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
478 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
480 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
481 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
482 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
485 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
486 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
488 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
490 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
492 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
494 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
495 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
498 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
501 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
502 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
504 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
505 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
506 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
507 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
508 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
509 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
510 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
511 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
512 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
513 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
514 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC, 0x04, 0x76, 0x01, 0x01, 0x00,
515 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD2,
516 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xCF, 0x04, 0x80,
517 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN
), 0x17,
518 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
519 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
520 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
521 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
522 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB, 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9,
523 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01, 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F,
524 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
525 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
526 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
527 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
528 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
529 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
530 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
531 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
532 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
533 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
534 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
535 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
536 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
537 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
538 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
539 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
540 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
541 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
542 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
543 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
544 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
545 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
546 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
547 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
548 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
549 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
550 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
551 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
552 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
553 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
554 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
555 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
556 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
557 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
558 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
559 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
560 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
561 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
562 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
563 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
564 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
565 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
566 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
567 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
568 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
569 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
570 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
571 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
572 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
573 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
574 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
575 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
576 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
577 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
578 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
579 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
580 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
581 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
582 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
583 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
584 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
585 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
586 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
587 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
588 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
589 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
590 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
591 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
592 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
593 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
594 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
595 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
596 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
597 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
598 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
599 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
600 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
601 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
602 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
603 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
604 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
605 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
606 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
607 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
608 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
609 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
610 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
611 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
612 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
613 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
614 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
615 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
616 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
617 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
618 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
619 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
620 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
621 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
622 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
623 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
624 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
625 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
626 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
627 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
628 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
629 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
630 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
631 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
632 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
633 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
634 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
635 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
636 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
637 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
638 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
639 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
640 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
641 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
642 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
643 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
644 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
645 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
646 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
647 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
648 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
649 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
650 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
651 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
652 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
653 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
654 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
655 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
656 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
657 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
658 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
659 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
660 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
661 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
662 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
663 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
664 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
665 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
666 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
667 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
668 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
669 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
670 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
671 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
672 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
673 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
674 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
675 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
676 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
677 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
678 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
679 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
680 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
681 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
682 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
683 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
684 0x06, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
685 0x04, 0x14, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01,
686 0x01, 0x0E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01,
687 0x25, 0x79, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14,
688 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15,
689 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04,
690 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04,
691 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01,
692 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84,
693 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E,
694 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F,
695 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05,
696 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14,
697 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE,
698 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB, 0x4C, 0x26, 0x26, 0x01, 0x03,
699 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDA, 0x1D,
700 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00,
701 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06,
702 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E, 0xDB, 0x76, 0x2E, 0xDB, 0x04,
703 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x00, 0x02, 0xA2, 0xA4,
704 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03,
705 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01,
706 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81,
707 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44,
708 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01,
709 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01,
710 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01,
711 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08,
712 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5, 0x8B, 0x8C, 0x2E, 0xD7, 0x8F,
713 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B,
714 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60, 0x28, 0xD9, 0x44, 0x5C, 0x44,
715 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01, 0x00, 0xDB, 0x02, 0x00, 0x06,
716 0x81, 0x5A, 0x02, 0x00, 0xD9, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01,
717 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5B, 0xD7, 0xA4, 0x06,
718 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01,
719 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB, 0x01, 0x03, 0x09, 0xD6, 0xA0,
720 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01, 0xD9, 0x80, 0x2E, 0x01, 0x08,
721 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D, 0xD9, 0xA3, 0x01, 0x04, 0x09,
722 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD8,
723 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A,
724 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x40, 0x01, 0x00, 0x26,
725 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF,
726 0xFF, 0xFF, 0x7F, 0x17, 0x01, 0x1D, 0xD9, 0x26, 0x01, 0x20, 0x0A, 0x06,
727 0x0C, 0x9E, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04,
728 0x6E, 0x5E, 0x04, 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01,
729 0x02, 0xD9, 0x01, 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10,
730 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00,
731 0x9E, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A,
732 0x04, 0x72, 0x5E, 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01,
733 0x15, 0xD9, 0x02, 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00,
734 0xDB, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26,
735 0xCA, 0x06, 0x0C, 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
736 0xD5, 0x04, 0x0D, 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26,
737 0xDB, 0x82, 0x44, 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C,
738 0xDA, 0x82, 0x01, 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E,
739 0x06, 0x02, 0x5E, 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5,
740 0x00, 0x00, 0x26, 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26,
741 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26,
742 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26,
743 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26,
744 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB,
745 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00,
746 0x00, 0x26, 0x01, 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10,
747 0x4D, 0xDB, 0xD9, 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB,
751 static const uint16_t t0_caddr
[] = {
888 #define T0_INTERPRETED 86
890 #define T0_ENTER(ip, rp, slot) do { \
891 const unsigned char *t0_newip; \
893 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
894 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
896 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
900 #define T0_DEFENTRY(name, slot) \
904 t0_context *t0ctx = ctx; \
905 t0ctx->ip = &t0_codeblock[0]; \
906 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
909 T0_DEFENTRY(br_ssl_hs_client_init_main
, 167)
911 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
914 br_ssl_hs_client_run(void *t0ctx
)
917 const unsigned char *ip
;
919 #define T0_LOCAL(x) (*(rp - 2 - (x)))
920 #define T0_POP() (*-- dp)
921 #define T0_POPi() (*(int32_t *)(-- dp))
922 #define T0_PEEK(x) (*(dp - 1 - (x)))
923 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
924 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
925 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
926 #define T0_RPOP() (*-- rp)
927 #define T0_RPOPi() (*(int32_t *)(-- rp))
928 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
929 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
930 #define T0_ROLL(x) do { \
931 size_t t0len = (size_t)(x); \
932 uint32_t t0tmp = *(dp - 1 - t0len); \
933 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
936 #define T0_SWAP() do { \
937 uint32_t t0tmp = *(dp - 2); \
938 *(dp - 2) = *(dp - 1); \
941 #define T0_ROT() do { \
942 uint32_t t0tmp = *(dp - 3); \
943 *(dp - 3) = *(dp - 2); \
944 *(dp - 2) = *(dp - 1); \
947 #define T0_NROT() do { \
948 uint32_t t0tmp = *(dp - 1); \
949 *(dp - 1) = *(dp - 2); \
950 *(dp - 2) = *(dp - 3); \
953 #define T0_PICK(x) do { \
954 uint32_t t0depth = (x); \
955 T0_PUSH(T0_PEEK(t0depth)); \
957 #define T0_CO() do { \
960 #define T0_RET() goto t0_next
962 dp
= ((t0_context
*)t0ctx
)->dp
;
963 rp
= ((t0_context
*)t0ctx
)->rp
;
964 ip
= ((t0_context
*)t0ctx
)->ip
;
971 if (t0x
< T0_INTERPRETED
) {
983 ip
= &t0_codeblock
[t0x
];
985 case 1: /* literal constant */
986 T0_PUSHi(t0_parse7E_signed(&ip
));
988 case 2: /* read local */
989 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
991 case 3: /* write local */
992 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
995 t0off
= t0_parse7E_signed(&ip
);
998 case 5: /* jump if */
999 t0off
= t0_parse7E_signed(&ip
);
1004 case 6: /* jump if not */
1005 t0off
= t0_parse7E_signed(&ip
);
1013 uint32_t b
= T0_POP();
1014 uint32_t a
= T0_POP();
1022 uint32_t b
= T0_POP();
1023 uint32_t a
= T0_POP();
1031 uint32_t b
= T0_POP();
1032 uint32_t a
= T0_POP();
1040 int32_t b
= T0_POPi();
1041 int32_t a
= T0_POPi();
1042 T0_PUSH(-(uint32_t)(a
< b
));
1049 int c
= (int)T0_POPi();
1050 uint32_t x
= T0_POP();
1058 int32_t b
= T0_POPi();
1059 int32_t a
= T0_POPi();
1060 T0_PUSH(-(uint32_t)(a
<= b
));
1067 uint32_t b
= T0_POP();
1068 uint32_t a
= T0_POP();
1069 T0_PUSH(-(uint32_t)(a
!= b
));
1076 uint32_t b
= T0_POP();
1077 uint32_t a
= T0_POP();
1078 T0_PUSH(-(uint32_t)(a
== b
));
1085 int32_t b
= T0_POPi();
1086 int32_t a
= T0_POPi();
1087 T0_PUSH(-(uint32_t)(a
> b
));
1094 int32_t b
= T0_POPi();
1095 int32_t a
= T0_POPi();
1096 T0_PUSH(-(uint32_t)(a
>= b
));
1103 int c
= (int)T0_POPi();
1104 int32_t x
= T0_POPi();
1110 /* anchor-dn-append-name */
1115 if (CTX
->client_auth_vtable
!= NULL
) {
1116 (*CTX
->client_auth_vtable
)->append_name(
1117 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1123 /* anchor-dn-end-name */
1125 if (CTX
->client_auth_vtable
!= NULL
) {
1126 (*CTX
->client_auth_vtable
)->end_name(
1127 CTX
->client_auth_vtable
);
1133 /* anchor-dn-end-name-list */
1135 if (CTX
->client_auth_vtable
!= NULL
) {
1136 (*CTX
->client_auth_vtable
)->end_name_list(
1137 CTX
->client_auth_vtable
);
1143 /* anchor-dn-start-name */
1148 if (CTX
->client_auth_vtable
!= NULL
) {
1149 (*CTX
->client_auth_vtable
)->start_name(
1150 CTX
->client_auth_vtable
, len
);
1156 /* anchor-dn-start-name-list */
1158 if (CTX
->client_auth_vtable
!= NULL
) {
1159 (*CTX
->client_auth_vtable
)->start_name_list(
1160 CTX
->client_auth_vtable
);
1168 uint32_t b
= T0_POP();
1169 uint32_t a
= T0_POP();
1177 if (ENG
->chain_len
== 0) {
1180 ENG
->cert_cur
= ENG
->chain
->data
;
1181 ENG
->cert_len
= ENG
->chain
->data_len
;
1184 T0_PUSH(ENG
->cert_len
);
1192 size_t len
= (size_t)T0_POP();
1193 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1194 memset(addr
, 0, len
);
1201 T0_PUSHi(-(ENG
->hlen_out
> 0));
1211 /* compute-Finished-inner */
1213 int prf_id
= T0_POP();
1214 int from_client
= T0_POPi();
1215 unsigned char seed
[48];
1218 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1219 if (ENG
->session
.version
>= BR_TLS12
) {
1220 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1222 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1223 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1226 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1227 sizeof ENG
->session
.master_secret
,
1228 from_client
? "client finished" : "server finished",
1234 /* copy-cert-chunk */
1238 clen
= ENG
->cert_len
;
1239 if (clen
> sizeof ENG
->pad
) {
1240 clen
= sizeof ENG
->pad
;
1242 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1243 ENG
->cert_cur
+= clen
;
1244 ENG
->cert_len
-= clen
;
1250 /* copy-protocol-name */
1252 size_t idx
= T0_POP();
1253 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1254 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1262 size_t addr
= T0_POP();
1263 T0_PUSH(t0_datablock
[addr
]);
1275 /* do-client-sign */
1279 sig_len
= make_client_sign(CTX
);
1281 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1291 unsigned prf_id
= T0_POP();
1292 unsigned ecdhe
= T0_POP();
1295 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1297 br_ssl_engine_fail(ENG
, -x
);
1306 /* do-rsa-encrypt */
1310 x
= make_pms_rsa(CTX
, T0_POP());
1312 br_ssl_engine_fail(ENG
, -x
);
1321 /* do-static-ecdh */
1323 unsigned prf_id
= T0_POP();
1325 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1326 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1339 T0_PUSH(T0_PEEK(0));
1343 /* ext-ALPN-length */
1347 if (ENG
->protocol_names_num
== 0) {
1352 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1353 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1362 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1370 br_ssl_engine_flush_record(ENG
);
1375 /* get-client-chain */
1377 uint32_t auth_types
;
1379 auth_types
= T0_POP();
1380 if (CTX
->client_auth_vtable
!= NULL
) {
1381 br_ssl_client_certificate ux
;
1383 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1384 CTX
, auth_types
, &ux
);
1385 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1386 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1387 ENG
->chain
= ux
.chain
;
1388 ENG
->chain_len
= ux
.chain_len
;
1397 /* get-key-type-usages */
1399 const br_x509_class
*xc
;
1400 const br_x509_pkey
*pk
;
1403 xc
= *(ENG
->x509ctx
);
1404 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1408 T0_PUSH(pk
->key_type
| usages
);
1416 size_t addr
= (size_t)T0_POP();
1417 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1424 size_t addr
= (size_t)T0_POP();
1425 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1432 size_t addr
= (size_t)T0_POP();
1433 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1440 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1447 size_t len
= (size_t)T0_POP();
1448 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1449 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1450 int x
= memcmp(addr1
, addr2
, len
);
1451 T0_PUSH((uint32_t)-(x
== 0));
1458 size_t len
= (size_t)T0_POP();
1459 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1460 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1461 memcpy(dst
, src
, len
);
1468 size_t len
= (size_t)T0_POP();
1469 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1470 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1475 /* more-incoming-bytes? */
1477 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1482 /* multihash-init */
1484 br_multihash_init(&ENG
->mhash
);
1491 uint32_t a
= T0_POP();
1499 uint32_t a
= T0_POP();
1507 uint32_t b
= T0_POP();
1508 uint32_t a
= T0_POP();
1515 T0_PUSH(T0_PEEK(1));
1519 /* read-chunk-native */
1521 size_t clen
= ENG
->hlen_in
;
1527 if ((size_t)len
< clen
) {
1530 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1531 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1532 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1534 T0_PUSH(addr
+ (uint32_t)clen
);
1535 T0_PUSH(len
- (uint32_t)clen
);
1536 ENG
->hbuf_in
+= clen
;
1537 ENG
->hlen_in
-= clen
;
1545 if (ENG
->hlen_in
> 0) {
1548 x
= *ENG
->hbuf_in
++;
1549 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1550 br_multihash_update(&ENG
->mhash
, &x
, 1);
1561 /* set-server-curve */
1563 const br_x509_class
*xc
;
1564 const br_x509_pkey
*pk
;
1566 xc
= *(ENG
->x509ctx
);
1567 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1569 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1576 size_t addr
= (size_t)T0_POP();
1577 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1584 size_t addr
= (size_t)T0_POP();
1585 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1592 size_t addr
= (size_t)T0_POP();
1593 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1600 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1601 T0_PUSH((uint32_t)strlen(str
));
1606 /* supported-curves */
1608 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1614 /* supported-hash-functions */
1621 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1622 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1633 /* supports-ecdsa? */
1635 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1640 /* supports-rsa-sign? */
1642 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1652 /* switch-aesgcm-in */
1654 int is_client
, prf_id
;
1655 unsigned cipher_key_len
;
1657 cipher_key_len
= T0_POP();
1659 is_client
= T0_POP();
1660 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1661 ENG
->iaes_ctr
, cipher_key_len
);
1666 /* switch-aesgcm-out */
1668 int is_client
, prf_id
;
1669 unsigned cipher_key_len
;
1671 cipher_key_len
= T0_POP();
1673 is_client
= T0_POP();
1674 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1675 ENG
->iaes_ctr
, cipher_key_len
);
1682 int is_client
, prf_id
, mac_id
, aes
;
1683 unsigned cipher_key_len
;
1685 cipher_key_len
= T0_POP();
1689 is_client
= T0_POP();
1690 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1691 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1696 /* switch-cbc-out */
1698 int is_client
, prf_id
, mac_id
, aes
;
1699 unsigned cipher_key_len
;
1701 cipher_key_len
= T0_POP();
1705 is_client
= T0_POP();
1706 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1707 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1712 /* switch-chapol-in */
1714 int is_client
, prf_id
;
1717 is_client
= T0_POP();
1718 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1723 /* switch-chapol-out */
1725 int is_client
, prf_id
;
1728 is_client
= T0_POP();
1729 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1734 /* test-protocol-name */
1736 size_t len
= T0_POP();
1739 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1742 name
= ENG
->protocol_names
[u
];
1743 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1753 /* total-chain-length */
1759 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1760 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1769 int c
= (int)T0_POPi();
1770 uint32_t x
= T0_POP();
1776 /* verify-SKE-sig */
1778 size_t sig_len
= T0_POP();
1779 int use_rsa
= T0_POPi();
1780 int hash
= T0_POPi();
1782 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1787 /* write-blob-chunk */
1789 size_t clen
= ENG
->hlen_out
;
1795 if ((size_t)len
< clen
) {
1798 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1799 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1800 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1802 T0_PUSH(addr
+ (uint32_t)clen
);
1803 T0_PUSH(len
- (uint32_t)clen
);
1804 ENG
->hbuf_out
+= clen
;
1805 ENG
->hlen_out
-= clen
;
1815 x
= (unsigned char)T0_POP();
1816 if (ENG
->hlen_out
> 0) {
1817 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1818 br_multihash_update(&ENG
->mhash
, &x
, 1);
1820 *ENG
->hbuf_out
++ = x
;
1832 const br_x509_class
*xc
;
1835 xc
= *(ENG
->x509ctx
);
1837 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1844 const br_x509_class
*xc
;
1846 xc
= *(ENG
->x509ctx
);
1847 xc
->end_cert(ENG
->x509ctx
);
1852 /* x509-end-chain */
1854 const br_x509_class
*xc
;
1856 xc
= *(ENG
->x509ctx
);
1857 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1862 /* x509-start-cert */
1864 const br_x509_class
*xc
;
1866 xc
= *(ENG
->x509ctx
);
1867 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1872 /* x509-start-chain */
1874 const br_x509_class
*xc
;
1878 xc
= *(ENG
->x509ctx
);
1879 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1886 T0_ENTER(ip
, rp
, t0x
);
1890 ((t0_context
*)t0ctx
)->dp
= dp
;
1891 ((t0_context
*)t0ctx
)->rp
= rp
;
1892 ((t0_context
*)t0ctx
)->ip
= ip
;