1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *cpoint
, size_t cpoint_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
155 pms_len
= cpoint_len
>> 1;
156 if (pms_len
> sizeof rpms
) {
157 pms_len
= sizeof rpms
;
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
166 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, pms_len
);
167 br_ccopy(ctl
^ 1, cpoint
+ 1, rpms
, pms_len
);
170 * Compute master secret.
172 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, cpoint
+ 1, pms_len
);
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
178 memset(cpoint
, 0, cpoint_len
);
182 * Do the ECDH key exchange (not ECDHE).
185 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
186 unsigned char *cpoint
, size_t cpoint_len
)
191 * Finalise the key exchange.
193 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
195 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
205 do_static_ecdh(br_ssl_server_context
*ctx
, int prf_id
)
207 unsigned char cpoint
[133];
209 const br_x509_class
**xc
;
210 const br_x509_pkey
*pk
;
212 xc
= ctx
->eng
.x509ctx
;
213 pk
= (*xc
)->get_pkey(xc
, NULL
);
214 cpoint_len
= pk
->key
.ec
.qlen
;
215 if (cpoint_len
> sizeof cpoint
) {
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
223 memcpy(cpoint
, pk
->key
.ec
.q
, cpoint_len
);
224 do_ecdh(ctx
, prf_id
, cpoint
, cpoint_len
);
228 hash_data(br_ssl_server_context
*ctx
,
229 void *dst
, int hash_id
, const void *src
, size_t len
)
231 const br_hash_class
*hf
;
232 br_hash_compat_context hc
;
235 unsigned char tmp
[36];
237 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, br_md5_ID
);
241 hf
->init(&hc
.vtable
);
242 hf
->update(&hc
.vtable
, src
, len
);
243 hf
->out(&hc
.vtable
, tmp
);
244 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, br_sha1_ID
);
248 hf
->init(&hc
.vtable
);
249 hf
->update(&hc
.vtable
, src
, len
);
250 hf
->out(&hc
.vtable
, tmp
+ 16);
251 memcpy(dst
, tmp
, 36);
254 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, hash_id
);
258 hf
->init(&hc
.vtable
);
259 hf
->update(&hc
.vtable
, src
, len
);
260 hf
->out(&hc
.vtable
, dst
);
261 return (hf
->desc
>> BR_HASHDESC_OUT_OFF
) & BR_HASHDESC_OUT_MASK
;
266 * Do the ECDHE key exchange (part 1: generation of transient key, and
267 * computing of the point to send to the client). Returned value is the
268 * signature length (in bytes), or -x on error (with x being an error
269 * code). The encoded point is written in the ecdhe_point[] context buffer
270 * (length in ecdhe_point_len).
273 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
277 const unsigned char *order
;
279 size_t hv_len
, sig_len
;
281 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
282 return -BR_ERR_INVALID_ALGORITHM
;
284 ctx
->eng
.ecdhe_curve
= curve
;
287 * Generate our private key. We need a non-zero random value
288 * which is lower than the curve order, in a "large enough"
289 * range. We force the top bit to 0 and bottom bit to 1, which
290 * does the trick. Note that contrary to what happens in ECDSA,
291 * this is not a problem if we do not cover the full range of
294 order
= ctx
->eng
.iec
->order(curve
, &olen
);
296 while (mask
>= order
[0]) {
299 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
300 ctx
->ecdhe_key
[0] &= mask
;
301 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
302 ctx
->ecdhe_key_len
= olen
;
305 * Compute our ECDH point.
307 glen
= ctx
->eng
.iec
->mulgen(ctx
->eng
.ecdhe_point
,
308 ctx
->ecdhe_key
, olen
, curve
);
309 ctx
->eng
.ecdhe_point_len
= glen
;
312 * Assemble the message to be signed, and possibly hash it.
314 memcpy(ctx
->eng
.pad
, ctx
->eng
.client_random
, 32);
315 memcpy(ctx
->eng
.pad
+ 32, ctx
->eng
.server_random
, 32);
316 ctx
->eng
.pad
[64 + 0] = 0x03;
317 ctx
->eng
.pad
[64 + 1] = 0x00;
318 ctx
->eng
.pad
[64 + 2] = curve
;
319 ctx
->eng
.pad
[64 + 3] = ctx
->eng
.ecdhe_point_len
;
320 memcpy(ctx
->eng
.pad
+ 64 + 4,
321 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
322 hv_len
= 64 + 4 + ctx
->eng
.ecdhe_point_len
;
323 algo_id
= ctx
->sign_hash_id
;
324 if (algo_id
>= (unsigned)0xFF00) {
325 hv_len
= hash_data(ctx
, ctx
->eng
.pad
, algo_id
& 0xFF,
326 ctx
->eng
.pad
, hv_len
);
328 return -BR_ERR_INVALID_ALGORITHM
;
332 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
333 algo_id
, ctx
->eng
.pad
, hv_len
, sizeof ctx
->eng
.pad
);
334 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
338 * Do the ECDHE key exchange (part 2: computation of the shared secret
339 * from the point sent by the client).
342 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
343 unsigned char *cpoint
, size_t cpoint_len
)
348 curve
= ctx
->eng
.ecdhe_curve
;
351 * Finalise the key exchange.
353 x
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
354 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
355 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
358 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
359 * as that key does not get stolen, so we'd better destroy it
360 * as soon as it ceases to be useful.
362 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
366 * Offset for hash value within the pad (when obtaining all hash values,
367 * in preparation for verification of the CertificateVerify message).
368 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
369 * is used to get the total length.
371 static const unsigned char HASH_PAD_OFF
[] = { 0, 16, 36, 64, 96, 144, 208 };
374 * OID for hash functions in RSA signatures.
376 static const unsigned char HASH_OID_SHA1
[] = {
377 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
380 static const unsigned char HASH_OID_SHA224
[] = {
381 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
384 static const unsigned char HASH_OID_SHA256
[] = {
385 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
388 static const unsigned char HASH_OID_SHA384
[] = {
389 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
392 static const unsigned char HASH_OID_SHA512
[] = {
393 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
396 static const unsigned char *HASH_OID
[] = {
405 * Verify the signature in CertificateVerify. Returned value is 0 on
406 * success, or a non-zero error code. Lack of implementation of the
407 * designated signature algorithm is reported as a "bad signature"
408 * error (because it means that the peer did not honour our advertised
409 * set of supported signature algorithms).
412 verify_CV_sig(br_ssl_server_context
*ctx
, size_t sig_len
)
414 const br_x509_class
**xc
;
415 const br_x509_pkey
*pk
;
418 id
= ctx
->hash_CV_id
;
419 xc
= ctx
->eng
.x509ctx
;
420 pk
= (*xc
)->get_pkey(xc
, NULL
);
421 if (pk
->key_type
== BR_KEYTYPE_RSA
) {
422 unsigned char tmp
[64];
423 const unsigned char *hash_oid
;
428 hash_oid
= HASH_OID
[id
- 2];
430 if (ctx
->eng
.irsavrfy
== 0) {
431 return BR_ERR_BAD_SIGNATURE
;
433 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
434 hash_oid
, ctx
->hash_CV_len
, &pk
->key
.rsa
, tmp
)
435 || memcmp(tmp
, ctx
->hash_CV
, ctx
->hash_CV_len
) != 0)
437 return BR_ERR_BAD_SIGNATURE
;
440 if (ctx
->eng
.iecdsa
== 0) {
441 return BR_ERR_BAD_SIGNATURE
;
443 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
,
444 ctx
->hash_CV
, ctx
->hash_CV_len
,
445 &pk
->key
.ec
, ctx
->eng
.pad
, sig_len
))
447 return BR_ERR_BAD_SIGNATURE
;
455 static const uint8_t t0_datablock
[] = {
456 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
457 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
458 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
459 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
460 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
461 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
462 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
463 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
464 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
465 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
466 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
467 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
468 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
471 static const uint8_t t0_codeblock
[] = {
472 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
473 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
474 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
475 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
480 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_BAD_SIGNATURE
), 0x00, 0x00, 0x01,
483 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
484 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
485 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01,
486 T0_INT1(BR_ERR_NO_CLIENT_AUTH
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
487 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
488 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
489 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
490 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
491 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
494 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
496 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
497 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
499 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
500 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
502 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
503 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
504 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
505 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
506 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)),
507 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
508 0x00, 0x00, 0x79, 0x01,
509 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
510 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
511 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
513 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
515 T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
518 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
519 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
520 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
522 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
523 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
525 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
527 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
529 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
531 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
532 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
533 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
536 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
537 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
539 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
540 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
541 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
542 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
543 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
544 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
545 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
546 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA5, 0x1C, 0x83,
547 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
548 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x42, 0x2C, 0x19,
549 0x38, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
550 0xC4, 0x02, 0x00, 0x2A, 0x19, 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCC, 0x04,
551 0x76, 0x00, 0x01, 0x00, 0x75, 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
552 0x8A, 0x40, 0x36, 0xAE, 0x35, 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD3,
553 0x01, 0x00, 0xCF, 0x01, 0x00, 0xAA, 0x04, 0x80, 0x46, 0xD3, 0xD0, 0x29,
554 0xD5, 0x4E, 0x06, 0x01, 0xD1, 0xD4, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00,
555 0xAB, 0x2A, 0x5B, 0x06, 0x0F, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B,
556 0x29, 0xAF, 0xAD, 0x2A, 0xC5, 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B,
557 0x29, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x6E, 0x2B, 0xAF, 0x04, 0x0A, 0xB1,
558 0x2A, 0x05, 0x04, 0x29, 0xA8, 0x04, 0x02, 0xB0, 0xAC, 0x04, 0x01, 0xAF,
559 0x01, 0x00, 0xAA, 0x01, 0x00, 0xCF, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01,
560 0x17, 0x87, 0x42, 0x00, 0x00, 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C,
561 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00,
562 0xC3, 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01,
563 0x84, 0x00, 0x08, 0x2B, 0x00, 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01,
564 0x13, 0x37, 0x00, 0x00, 0x01, 0x7F, 0x9F, 0xCB, 0x2A, 0x01, 0x07, 0x13,
565 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01,
566 0xC2, 0x04, 0x2A, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88,
567 0x30, 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19,
568 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC4, 0x04,
569 0x03, 0x01, 0x00, 0x9F, 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01,
570 0x2A, 0x03, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00,
571 0x00, 0x00, 0x9A, 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00,
572 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29,
573 0x01, 0x02, 0x74, 0x42, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F,
574 0x06, 0x14, 0x29, 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F,
575 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01,
576 0x82, 0x00, 0x08, 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05,
577 0x3D, 0xA6, 0x39, 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42,
578 0x00, 0x00, 0x01, 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B,
579 0x76, 0x2E, 0x2A, 0xC7, 0x05, 0x02, 0x71, 0x2B, 0xA5, 0x28, 0x00, 0x02,
580 0x85, 0x2E, 0x05, 0x02, 0xB9, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x01, 0x7E,
581 0x03, 0x00, 0x2A, 0x06, 0x17, 0xBF, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB3,
582 0x02, 0x01, 0x4F, 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04,
583 0x01, 0x29, 0x04, 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00,
584 0x00, 0x31, 0x06, 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71,
585 0x2B, 0x04, 0x11, 0xCB, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06,
586 0x06, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC0, 0x01, 0x01, 0x0E,
587 0x35, 0x39, 0x06, 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC6, 0x38, 0xB2,
588 0x00, 0x01, 0xB7, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01,
589 0x03, 0x0F, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00,
590 0x47, 0x5A, 0xBE, 0xA4, 0x2A, 0x06, 0x23, 0xBE, 0xA4, 0x2A, 0x59, 0x2A,
591 0x06, 0x18, 0x2A, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00,
592 0x04, 0x01, 0x2A, 0x03, 0x00, 0x83, 0x02, 0x00, 0xB3, 0x02, 0x00, 0x56,
593 0x04, 0x65, 0x9B, 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02,
594 0x37, 0x00, 0x29, 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02,
595 0x72, 0x2B, 0x01, 0x0F, 0x13, 0x03, 0x00, 0xAD, 0x93, 0x2E, 0x01, 0x86,
596 0x03, 0x11, 0x06, 0x23, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01,
597 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12,
598 0x2A, 0x01, 0x02, 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C,
599 0x2B, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00,
600 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBD, 0x2A, 0x03,
601 0x01, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47,
602 0xB3, 0x02, 0x01, 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00,
603 0x1D, 0xB7, 0x01, 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB7,
604 0x01, 0x01, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0xBD, 0x2A, 0x03, 0x00, 0x77,
605 0x40, 0x78, 0x01, 0x20, 0xB3, 0xBF, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02,
606 0x70, 0x2B, 0x2A, 0x8E, 0x42, 0x8D, 0x47, 0xB3, 0x1A, 0x03, 0x01, 0xBD,
607 0xA4, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17,
608 0x3A, 0x08, 0x03, 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBD, 0x2A,
609 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04,
610 0x01, 0x7F, 0x03, 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88,
611 0x30, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81,
612 0xAC, 0x00, 0x0F, 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00,
613 0x95, 0x2E, 0x0B, 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC1, 0x2A,
614 0x5B, 0x06, 0x03, 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01,
615 0x02, 0x0C, 0x79, 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02,
616 0x05, 0x02, 0x04, 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05,
617 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29,
618 0x01, 0x00, 0x03, 0x07, 0xBF, 0xA4, 0x2A, 0x06, 0x09, 0xBF, 0x05, 0x04,
619 0x01, 0x7F, 0x03, 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01,
620 0x88, 0x04, 0x80, 0x41, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A,
621 0x06, 0x80, 0x4E, 0xBD, 0xA4, 0x2A, 0x06, 0x80, 0x47, 0xBD, 0x01, 0x00,
622 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F,
623 0x06, 0x04, 0x29, 0xB4, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F,
624 0x06, 0x04, 0x29, 0xB5, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04,
625 0x29, 0xBB, 0x04, 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBC,
626 0x04, 0x0F, 0x01, 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xA9, 0x04, 0x05,
627 0x29, 0xB9, 0x01, 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01,
628 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E,
629 0x97, 0x40, 0x01, 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10,
630 0x06, 0x03, 0x29, 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02,
631 0x6B, 0x2B, 0x02, 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46,
632 0xA1, 0x02, 0x01, 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05,
633 0x29, 0x93, 0x2E, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40,
634 0x2A, 0x94, 0x40, 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08,
635 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x88, 0x42, 0x02, 0x07, 0x05, 0x03,
636 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07, 0x01, 0xFC, 0x80,
637 0x00, 0x39, 0x80, 0x2F, 0x13, 0x2A, 0x80, 0x41, 0x2A, 0x01, 0x81, 0x7F,
638 0x13, 0x5C, 0x37, 0x47, 0x01, 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39,
639 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41,
640 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F,
641 0x00, 0x8D, 0x01, 0x20, 0x34, 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03,
642 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A,
643 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F,
644 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00,
645 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20,
646 0x0E, 0x06, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05,
647 0x61, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05,
648 0x04, 0x01, 0x63, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05,
649 0x79, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A,
650 0x42, 0x8A, 0x2E, 0x01, 0x83, 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03,
651 0xA2, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18,
652 0x05, 0x03, 0x01, 0x28, 0xA1, 0x01, 0x00, 0x00, 0x00, 0xB1, 0xB0, 0x00,
653 0x04, 0x76, 0x2E, 0xCA, 0x06, 0x16, 0xBD, 0x2A, 0x01, 0x84, 0x00, 0x10,
654 0x06, 0x02, 0x6D, 0x2B, 0x2A, 0x03, 0x00, 0x83, 0x47, 0xB3, 0x02, 0x00,
655 0x76, 0x2E, 0xA5, 0x27, 0x76, 0x2E, 0x2A, 0xC8, 0x47, 0xC7, 0x03, 0x01,
656 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39, 0x06, 0x14, 0xBF, 0x2A, 0x03,
657 0x03, 0x83, 0x47, 0xB3, 0x02, 0x03, 0x76, 0x2E, 0xA5, 0x02, 0x02, 0x06,
658 0x03, 0x26, 0x04, 0x01, 0x24, 0x9B, 0x00, 0x00, 0xB7, 0x01, 0x10, 0x0F,
659 0x05, 0x02, 0x71, 0x2B, 0x00, 0x00, 0x9C, 0xB7, 0x01, 0x14, 0x0E, 0x06,
660 0x02, 0x71, 0x2B, 0x83, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB3, 0x9B, 0x83,
661 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00,
662 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00,
663 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x04, 0x74,
664 0x00, 0xBD, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x66, 0x2B, 0xBF, 0x2A, 0x2A,
665 0x5D, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08,
666 0x08, 0x2A, 0x82, 0x30, 0x0B, 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C,
667 0x3F, 0x2A, 0x82, 0x42, 0x84, 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBD,
668 0x88, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F,
669 0x05, 0x02, 0x69, 0x2B, 0xBF, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88,
670 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D,
671 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xBF, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69,
672 0x2B, 0x83, 0x01, 0x0C, 0xB3, 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02,
673 0x69, 0x2B, 0x04, 0x03, 0x69, 0x2B, 0x29, 0x00, 0x00, 0xBD, 0xA4, 0xBD,
674 0xA4, 0x2A, 0x06, 0x1D, 0xBF, 0x06, 0x03, 0xB9, 0x04, 0x15, 0xBD, 0x2A,
675 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47,
676 0x42, 0x8B, 0x47, 0xB3, 0x04, 0x01, 0xC5, 0x04, 0x60, 0x9B, 0x9B, 0x00,
677 0x00, 0xB8, 0x2A, 0x5D, 0x06, 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04,
678 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE, 0x47, 0x29, 0x47, 0x00, 0x00,
679 0xBD, 0xC5, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xBD, 0xA4, 0x2A, 0x06,
680 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03, 0x02, 0x02, 0x01, 0x01, 0x08,
681 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0D, 0x06, 0x0D, 0x01, 0x01,
682 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02, 0x00, 0x39, 0x03, 0x00, 0x04,
683 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13,
684 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x39, 0x13,
685 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60, 0x01, 0x02, 0x0C,
686 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0xFF, 0x2C, 0x9B, 0x02,
687 0x00, 0x00, 0x00, 0xBD, 0xA4, 0xBA, 0x80, 0x41, 0x9B, 0x00, 0x00, 0xBD,
688 0xA4, 0xBD, 0xA4, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBD, 0x2A,
689 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F, 0x39,
690 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00, 0x01,
691 0x02, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03,
692 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x01, 0x08, 0x0C, 0xC0, 0x08,
693 0x00, 0x00, 0x01, 0x01, 0x98, 0xC0, 0x00, 0x00, 0x3D, 0x2A, 0x5B, 0x05,
694 0x01, 0x00, 0x29, 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x92, 0x30, 0x03,
695 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01, 0x01,
696 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F, 0x04,
697 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCB,
698 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0xDE, 0x01, 0x00,
699 0xDD, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01, 0x15, 0x87, 0x42,
700 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47, 0xC3,
701 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05, 0xC0, 0x29, 0x60,
702 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03, 0x01,
703 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F,
704 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x3A,
705 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03,
706 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F, 0x06,
707 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04,
708 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F, 0x29,
709 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B,
710 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x10,
711 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x29, 0x01, 0x04,
712 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
713 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06, 0x0C,
714 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x03,
715 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10,
716 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03, 0x0B,
717 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00,
718 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x30,
719 0x2A, 0x06, 0x1F, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x00,
720 0x9E, 0x04, 0x11, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0A, 0x29, 0x75, 0x30,
721 0x06, 0x03, 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B,
722 0x30, 0x05, 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F,
723 0x06, 0x06, 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F,
724 0x06, 0x09, 0x29, 0xA7, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01,
725 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07, 0x29,
726 0x01, 0x04, 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08, 0x39,
727 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x0F, 0x31, 0x06, 0x0C, 0x86, 0x30, 0x01,
728 0x15, 0x0F, 0x06, 0x04, 0x29, 0xA7, 0x04, 0x01, 0x23, 0x00, 0x00, 0xCB,
729 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00, 0x01,
730 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00, 0xCB,
731 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDE, 0x2C, 0x2A,
732 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD2, 0x2C, 0x00, 0x00, 0x01, 0x0B,
733 0xDE, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDD, 0xDD, 0x14, 0x2A, 0x5B,
734 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47, 0xD6,
735 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD8, 0x93, 0x2E, 0x01,
736 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xD9, 0x08, 0x4E, 0x08,
737 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDE, 0xDD, 0x01, 0x00, 0xD8, 0xDE, 0x01,
738 0x01, 0xD8, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, 0x01,
739 0x00, 0xD9, 0xDC, 0x01, 0x01, 0xD9, 0x29, 0x4E, 0xDC, 0x16, 0x15, 0x2A,
740 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDC, 0x1F, 0x2A, 0x06, 0x05, 0x83, 0x47,
741 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDE, 0x01,
742 0x0C, 0xDD, 0x83, 0x01, 0x0C, 0xD6, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02,
743 0xDE, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02,
744 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01,
745 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01,
746 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01, 0x07,
747 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
748 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDD, 0x93, 0x2E, 0xDC, 0x8C, 0x01,
749 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01, 0x20,
750 0xD6, 0x01, 0x20, 0xDE, 0x8D, 0x01, 0x20, 0xD6, 0x76, 0x2E, 0xDC, 0x01,
751 0x00, 0xDE, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A, 0x06,
752 0x80, 0x40, 0xDC, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE, 0x01,
753 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x60, 0x89, 0x47, 0xD7, 0x04, 0x01,
754 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC, 0x84,
755 0x30, 0x01, 0x08, 0x09, 0xDE, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01, 0x10,
756 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x62, 0x2A, 0xDC, 0x60, 0x83, 0x47,
757 0xD7, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E, 0xDE,
758 0x01, 0x00, 0xDD, 0x00, 0x03, 0x76, 0x2E, 0xC8, 0x05, 0x01, 0x00, 0x7C,
759 0x2F, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01, 0x13, 0x5D, 0x06, 0x03, 0x5F,
760 0x04, 0x75, 0x03, 0x00, 0x29, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06, 0x02,
761 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03, 0x02,
762 0x01, 0x0C, 0xDE, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01, 0x02,
763 0x13, 0x08, 0x01, 0x06, 0x08, 0xDD, 0x01, 0x03, 0xDE, 0x02, 0x00, 0xDC,
764 0x7D, 0x7E, 0x30, 0xD7, 0x02, 0x02, 0x06, 0x1C, 0x90, 0x2E, 0x2A, 0x01,
765 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDC, 0x04, 0x0F, 0x01, 0x81, 0x7F,
766 0x13, 0xDE, 0x76, 0x2E, 0xC9, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, 0xDE,
767 0x02, 0x01, 0xDC, 0x83, 0x02, 0x01, 0xD6, 0x00, 0x00, 0x54, 0x2A, 0x01,
768 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCB, 0x29, 0x04, 0x73, 0x00, 0x2A,
769 0xDE, 0xD6, 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC7, 0x06, 0x0C, 0x61,
770 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xDE, 0x01, 0x80, 0x42, 0xDE, 0x46,
771 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDE, 0x45, 0x06, 0x08,
772 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40, 0xDE, 0x47, 0x29, 0x00, 0x01,
773 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01, 0x01,
774 0x80, 0x7C, 0xDA, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDA, 0x02,
775 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44, 0x29,
776 0xDA, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDA, 0x02,
777 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
778 0x04, 0xDB, 0x01, 0x05, 0xDB, 0x01, 0x06, 0xDB, 0x01, 0x03, 0xDB, 0x01,
779 0x02, 0xDB, 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01, 0x02,
780 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06, 0x07,
781 0x02, 0x00, 0xDE, 0x01, 0x02, 0x3B, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x08,
782 0x52, 0xDE, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDE, 0xDC, 0x00,
783 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00, 0xCB, 0x29, 0x04, 0x76
786 static const uint16_t t0_caddr
[] = {
921 #define T0_INTERPRETED 91
923 #define T0_ENTER(ip, rp, slot) do { \
924 const unsigned char *t0_newip; \
926 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
927 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
929 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
933 #define T0_DEFENTRY(name, slot) \
937 t0_context *t0ctx = ctx; \
938 t0ctx->ip = &t0_codeblock[0]; \
939 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
942 T0_DEFENTRY(br_ssl_hs_server_init_main
, 163)
944 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
947 br_ssl_hs_server_run(void *t0ctx
)
950 const unsigned char *ip
;
952 #define T0_LOCAL(x) (*(rp - 2 - (x)))
953 #define T0_POP() (*-- dp)
954 #define T0_POPi() (*(int32_t *)(-- dp))
955 #define T0_PEEK(x) (*(dp - 1 - (x)))
956 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
957 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
958 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
959 #define T0_RPOP() (*-- rp)
960 #define T0_RPOPi() (*(int32_t *)(-- rp))
961 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
962 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
963 #define T0_ROLL(x) do { \
964 size_t t0len = (size_t)(x); \
965 uint32_t t0tmp = *(dp - 1 - t0len); \
966 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
969 #define T0_SWAP() do { \
970 uint32_t t0tmp = *(dp - 2); \
971 *(dp - 2) = *(dp - 1); \
974 #define T0_ROT() do { \
975 uint32_t t0tmp = *(dp - 3); \
976 *(dp - 3) = *(dp - 2); \
977 *(dp - 2) = *(dp - 1); \
980 #define T0_NROT() do { \
981 uint32_t t0tmp = *(dp - 1); \
982 *(dp - 1) = *(dp - 2); \
983 *(dp - 2) = *(dp - 3); \
986 #define T0_PICK(x) do { \
987 uint32_t t0depth = (x); \
988 T0_PUSH(T0_PEEK(t0depth)); \
990 #define T0_CO() do { \
993 #define T0_RET() goto t0_next
995 dp
= ((t0_context
*)t0ctx
)->dp
;
996 rp
= ((t0_context
*)t0ctx
)->rp
;
997 ip
= ((t0_context
*)t0ctx
)->ip
;
1004 if (t0x
< T0_INTERPRETED
) {
1016 ip
= &t0_codeblock
[t0x
];
1018 case 1: /* literal constant */
1019 T0_PUSHi(t0_parse7E_signed(&ip
));
1021 case 2: /* read local */
1022 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
1024 case 3: /* write local */
1025 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
1028 t0off
= t0_parse7E_signed(&ip
);
1031 case 5: /* jump if */
1032 t0off
= t0_parse7E_signed(&ip
);
1037 case 6: /* jump if not */
1038 t0off
= t0_parse7E_signed(&ip
);
1046 uint32_t b
= T0_POP();
1047 uint32_t a
= T0_POP();
1055 uint32_t b
= T0_POP();
1056 uint32_t a
= T0_POP();
1064 uint32_t b
= T0_POP();
1065 uint32_t a
= T0_POP();
1078 int32_t b
= T0_POPi();
1079 int32_t a
= T0_POPi();
1080 T0_PUSH(-(uint32_t)(a
< b
));
1087 int c
= (int)T0_POPi();
1088 uint32_t x
= T0_POP();
1096 int32_t b
= T0_POPi();
1097 int32_t a
= T0_POPi();
1098 T0_PUSH(-(uint32_t)(a
<= b
));
1105 uint32_t b
= T0_POP();
1106 uint32_t a
= T0_POP();
1107 T0_PUSH(-(uint32_t)(a
!= b
));
1114 uint32_t b
= T0_POP();
1115 uint32_t a
= T0_POP();
1116 T0_PUSH(-(uint32_t)(a
== b
));
1123 int32_t b
= T0_POPi();
1124 int32_t a
= T0_POPi();
1125 T0_PUSH(-(uint32_t)(a
> b
));
1132 int32_t b
= T0_POPi();
1133 int32_t a
= T0_POPi();
1134 T0_PUSH(-(uint32_t)(a
>= b
));
1141 int c
= (int)T0_POPi();
1142 int32_t x
= T0_POPi();
1150 uint32_t b
= T0_POP();
1151 uint32_t a
= T0_POP();
1159 if (ENG
->chain_len
== 0) {
1162 ENG
->cert_cur
= ENG
->chain
->data
;
1163 ENG
->cert_len
= ENG
->chain
->data_len
;
1166 T0_PUSH(ENG
->cert_len
);
1174 const br_x500_name
*dn
;
1175 if (CTX
->cur_dn_index
>= CTX
->num_tas
) {
1178 if (CTX
->ta_names
== NULL
) {
1179 dn
= &CTX
->tas
[CTX
->cur_dn_index
].dn
;
1181 dn
= &CTX
->ta_names
[CTX
->cur_dn_index
];
1183 CTX
->cur_dn_index
++;
1184 CTX
->cur_dn
= dn
->data
;
1185 CTX
->cur_dn_len
= dn
->len
;
1186 T0_PUSH(CTX
->cur_dn_len
);
1192 /* begin-ta-name-list */
1194 CTX
->cur_dn_index
= 0;
1201 size_t len
= (size_t)T0_POP();
1202 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1203 memset(addr
, 0, len
);
1208 /* call-policy-handler */
1211 br_ssl_server_choices choices
;
1213 x
= (*CTX
->policy_vtable
)->choose(
1214 CTX
->policy_vtable
, CTX
, &choices
);
1215 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
1216 CTX
->sign_hash_id
= choices
.algo_id
;
1217 ENG
->chain
= choices
.chain
;
1218 ENG
->chain_len
= choices
.chain_len
;
1219 T0_PUSHi(-(x
!= 0));
1226 T0_PUSHi(-(ENG
->hlen_out
> 0));
1233 if (ENG
->session
.session_id_len
== 32
1234 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
1235 CTX
->cache_vtable
, CTX
, &ENG
->session
))
1250 /* compute-Finished-inner */
1252 int prf_id
= T0_POP();
1253 int from_client
= T0_POPi();
1254 unsigned char seed
[48];
1257 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1258 if (ENG
->session
.version
>= BR_TLS12
) {
1259 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1261 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1262 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1265 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1266 sizeof ENG
->session
.master_secret
,
1267 from_client
? "client finished" : "server finished",
1273 /* compute-hash-CV */
1277 for (i
= 1; i
<= 6; i
++) {
1278 br_multihash_out(&ENG
->mhash
, i
,
1279 ENG
->pad
+ HASH_PAD_OFF
[i
- 1]);
1285 /* copy-cert-chunk */
1289 clen
= ENG
->cert_len
;
1290 if (clen
> sizeof ENG
->pad
) {
1291 clen
= sizeof ENG
->pad
;
1293 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1294 ENG
->cert_cur
+= clen
;
1295 ENG
->cert_len
-= clen
;
1305 clen
= CTX
->cur_dn_len
;
1306 if (clen
> sizeof ENG
->pad
) {
1307 clen
= sizeof ENG
->pad
;
1309 memcpy(ENG
->pad
, CTX
->cur_dn
, clen
);
1310 CTX
->cur_dn
+= clen
;
1311 CTX
->cur_dn_len
-= clen
;
1326 if (br_multihash_getimpl(&ENG
->mhash
, id
) == 0) {
1330 off
= HASH_PAD_OFF
[id
- 1];
1331 len
= HASH_PAD_OFF
[id
] - off
;
1333 memcpy(CTX
->hash_CV
, ENG
->pad
+ off
, len
);
1334 CTX
->hash_CV_len
= len
;
1335 CTX
->hash_CV_id
= id
;
1341 /* copy-protocol-name */
1343 size_t idx
= T0_POP();
1344 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1345 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1353 size_t addr
= T0_POP();
1354 T0_PUSH(t0_datablock
[addr
]);
1368 int prf_id
= T0_POPi();
1369 size_t len
= T0_POP();
1370 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1375 /* do-ecdhe-part1 */
1377 int curve
= T0_POPi();
1378 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1383 /* do-ecdhe-part2 */
1385 int prf_id
= T0_POPi();
1386 size_t len
= T0_POP();
1387 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1392 /* do-rsa-decrypt */
1394 int prf_id
= T0_POPi();
1395 size_t len
= T0_POP();
1396 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1401 /* do-static-ecdh */
1403 do_static_ecdh(CTX
, T0_POP());
1414 T0_PUSH(T0_PEEK(0));
1420 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1428 br_ssl_engine_flush_record(ENG
);
1433 /* get-key-type-usages */
1435 const br_x509_class
*xc
;
1436 const br_x509_pkey
*pk
;
1439 xc
= *(ENG
->x509ctx
);
1440 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1444 T0_PUSH(pk
->key_type
| usages
);
1452 size_t addr
= (size_t)T0_POP();
1453 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1460 size_t addr
= (size_t)T0_POP();
1461 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1468 size_t addr
= (size_t)T0_POP();
1469 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1476 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1483 size_t len
= (size_t)T0_POP();
1484 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1485 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1486 int x
= memcmp(addr1
, addr2
, len
);
1487 T0_PUSH((uint32_t)-(x
== 0));
1494 size_t len
= (size_t)T0_POP();
1495 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1496 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1497 memcpy(dst
, src
, len
);
1504 size_t len
= (size_t)T0_POP();
1505 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1506 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1511 /* more-incoming-bytes? */
1513 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1518 /* multihash-init */
1520 br_multihash_init(&ENG
->mhash
);
1527 uint32_t a
= T0_POP();
1535 uint32_t a
= T0_POP();
1543 uint32_t b
= T0_POP();
1544 uint32_t a
= T0_POP();
1551 T0_PUSH(T0_PEEK(1));
1560 /* read-chunk-native */
1562 size_t clen
= ENG
->hlen_in
;
1568 if ((size_t)len
< clen
) {
1571 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1572 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1573 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1575 T0_PUSH(addr
+ (uint32_t)clen
);
1576 T0_PUSH(len
- (uint32_t)clen
);
1577 ENG
->hbuf_in
+= clen
;
1578 ENG
->hlen_in
-= clen
;
1586 if (ENG
->hlen_in
> 0) {
1589 x
= *ENG
->hbuf_in
++;
1590 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1591 br_multihash_update(&ENG
->mhash
, &x
, 1);
1604 if (CTX
->cache_vtable
!= NULL
) {
1605 (*CTX
->cache_vtable
)->save(
1606 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1612 /* set-max-frag-len */
1614 size_t max_frag_len
= T0_POP();
1616 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1619 * We must adjust our own output limit. Since we call this only
1620 * after receiving a ClientHello and before beginning to send
1621 * the ServerHello, the next output record should be empty at
1622 * that point, so we can use max_frag_len as a limit.
1624 if (ENG
->hlen_out
> max_frag_len
) {
1625 ENG
->hlen_out
= max_frag_len
;
1633 size_t addr
= (size_t)T0_POP();
1634 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1641 size_t addr
= (size_t)T0_POP();
1642 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1649 size_t addr
= (size_t)T0_POP();
1650 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1655 /* supported-curves */
1657 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1663 /* supported-hash-functions */
1670 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1671 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1682 /* supports-ecdsa? */
1684 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1689 /* supports-rsa-sign? */
1691 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1701 /* switch-aesgcm-in */
1703 int is_client
, prf_id
;
1704 unsigned cipher_key_len
;
1706 cipher_key_len
= T0_POP();
1708 is_client
= T0_POP();
1709 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1710 ENG
->iaes_ctr
, cipher_key_len
);
1715 /* switch-aesgcm-out */
1717 int is_client
, prf_id
;
1718 unsigned cipher_key_len
;
1720 cipher_key_len
= T0_POP();
1722 is_client
= T0_POP();
1723 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1724 ENG
->iaes_ctr
, cipher_key_len
);
1731 int is_client
, prf_id
, mac_id
, aes
;
1732 unsigned cipher_key_len
;
1734 cipher_key_len
= T0_POP();
1738 is_client
= T0_POP();
1739 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1740 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1745 /* switch-cbc-out */
1747 int is_client
, prf_id
, mac_id
, aes
;
1748 unsigned cipher_key_len
;
1750 cipher_key_len
= T0_POP();
1754 is_client
= T0_POP();
1755 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1756 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1761 /* switch-chapol-in */
1763 int is_client
, prf_id
;
1766 is_client
= T0_POP();
1767 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1772 /* switch-chapol-out */
1774 int is_client
, prf_id
;
1777 is_client
= T0_POP();
1778 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1783 /* ta-names-total-length */
1788 if (CTX
->ta_names
!= NULL
) {
1789 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1790 len
+= CTX
->ta_names
[u
].len
+ 2;
1792 } else if (CTX
->tas
!= NULL
) {
1793 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1794 len
+= CTX
->tas
[u
].dn
.len
+ 2;
1802 /* test-protocol-name */
1804 size_t len
= T0_POP();
1807 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1810 name
= ENG
->protocol_names
[u
];
1811 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1821 /* total-chain-length */
1827 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1828 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1837 uint32_t b
= T0_POP();
1838 uint32_t a
= T0_POP();
1839 T0_PUSH(-(uint32_t)(a
< b
));
1846 int c
= (int)T0_POPi();
1847 uint32_t x
= T0_POP();
1857 err
= verify_CV_sig(CTX
, T0_POP());
1863 /* write-blob-chunk */
1865 size_t clen
= ENG
->hlen_out
;
1871 if ((size_t)len
< clen
) {
1874 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1875 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1876 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1878 T0_PUSH(addr
+ (uint32_t)clen
);
1879 T0_PUSH(len
- (uint32_t)clen
);
1880 ENG
->hbuf_out
+= clen
;
1881 ENG
->hlen_out
-= clen
;
1891 x
= (unsigned char)T0_POP();
1892 if (ENG
->hlen_out
> 0) {
1893 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1894 br_multihash_update(&ENG
->mhash
, &x
, 1);
1896 *ENG
->hbuf_out
++ = x
;
1908 const br_x509_class
*xc
;
1911 xc
= *(ENG
->x509ctx
);
1913 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1920 const br_x509_class
*xc
;
1922 xc
= *(ENG
->x509ctx
);
1923 xc
->end_cert(ENG
->x509ctx
);
1928 /* x509-end-chain */
1930 const br_x509_class
*xc
;
1932 xc
= *(ENG
->x509ctx
);
1933 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1938 /* x509-start-cert */
1940 const br_x509_class
*xc
;
1942 xc
= *(ENG
->x509ctx
);
1943 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1948 /* x509-start-chain */
1950 const br_x509_class
*xc
;
1954 xc
= *(ENG
->x509ctx
);
1955 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1962 T0_ENTER(ip
, rp
, t0x
);
1966 ((t0_context
*)t0ctx
)->dp
= dp
;
1967 ((t0_context
*)t0ctx
)->rp
= rp
;
1968 ((t0_context
*)t0ctx
)->ip
= ip
;