projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
New basic implementation of Curve25519 (generic i15 code, experimental).
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
203 */
204 static void
205 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
206 {
207 unsigned char cpoint[133];
208 size_t cpoint_len;
209 const br_x509_class **xc;
210 const br_x509_pkey *pk;
211
212 xc = ctx->eng.x509ctx;
213 pk = (*xc)->get_pkey(xc, NULL);
214 cpoint_len = pk->key.ec.qlen;
215 if (cpoint_len > sizeof cpoint) {
216 /*
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
220 */
221 cpoint_len = 2;
222 }
223 memcpy(cpoint, pk->key.ec.q, cpoint_len);
224 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
225 }
226
227 static size_t
228 hash_data(br_ssl_server_context *ctx,
229 void *dst, int hash_id, const void *src, size_t len)
230 {
231 const br_hash_class *hf;
232 br_hash_compat_context hc;
233
234 if (hash_id == 0) {
235 unsigned char tmp[36];
236
237 hf = br_multihash_getimpl(&ctx->eng.mhash, br_md5_ID);
238 if (hf == NULL) {
239 return 0;
240 }
241 hf->init(&hc.vtable);
242 hf->update(&hc.vtable, src, len);
243 hf->out(&hc.vtable, tmp);
244 hf = br_multihash_getimpl(&ctx->eng.mhash, br_sha1_ID);
245 if (hf == NULL) {
246 return 0;
247 }
248 hf->init(&hc.vtable);
249 hf->update(&hc.vtable, src, len);
250 hf->out(&hc.vtable, tmp + 16);
251 memcpy(dst, tmp, 36);
252 return 36;
253 } else {
254 hf = br_multihash_getimpl(&ctx->eng.mhash, hash_id);
255 if (hf == NULL) {
256 return 0;
257 }
258 hf->init(&hc.vtable);
259 hf->update(&hc.vtable, src, len);
260 hf->out(&hc.vtable, dst);
261 return (hf->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK;
262 }
263 }
264
265 /*
266 * Do the ECDHE key exchange (part 1: generation of transient key, and
267 * computing of the point to send to the client). Returned value is the
268 * signature length (in bytes), or -x on error (with x being an error
269 * code). The encoded point is written in the ecdhe_point[] context buffer
270 * (length in ecdhe_point_len).
271 */
272 static int
273 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
274 {
275 unsigned algo_id;
276 unsigned mask;
277 const unsigned char *order;
278 size_t olen, glen;
279 size_t hv_len, sig_len;
280
281 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
282 return -BR_ERR_INVALID_ALGORITHM;
283 }
284 ctx->eng.ecdhe_curve = curve;
285
286 /*
287 * Generate our private key. We need a non-zero random value
288 * which is lower than the curve order, in a "large enough"
289 * range. We force the top bit to 0 and bottom bit to 1, which
290 * does the trick. Note that contrary to what happens in ECDSA,
291 * this is not a problem if we do not cover the full range of
292 * possible values.
293 */
294 order = ctx->eng.iec->order(curve, &olen);
295 mask = 0xFF;
296 while (mask >= order[0]) {
297 mask >>= 1;
298 }
299 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
300 ctx->ecdhe_key[0] &= mask;
301 ctx->ecdhe_key[olen - 1] |= 0x01;
302 ctx->ecdhe_key_len = olen;
303
304 /*
305 * Compute our ECDH point.
306 */
307 glen = ctx->eng.iec->mulgen(ctx->eng.ecdhe_point,
308 ctx->ecdhe_key, olen, curve);
309 ctx->eng.ecdhe_point_len = glen;
310
311 /*
312 * Assemble the message to be signed, and possibly hash it.
313 */
314 memcpy(ctx->eng.pad, ctx->eng.client_random, 32);
315 memcpy(ctx->eng.pad + 32, ctx->eng.server_random, 32);
316 ctx->eng.pad[64 + 0] = 0x03;
317 ctx->eng.pad[64 + 1] = 0x00;
318 ctx->eng.pad[64 + 2] = curve;
319 ctx->eng.pad[64 + 3] = ctx->eng.ecdhe_point_len;
320 memcpy(ctx->eng.pad + 64 + 4,
321 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
322 hv_len = 64 + 4 + ctx->eng.ecdhe_point_len;
323 algo_id = ctx->sign_hash_id;
324 if (algo_id >= (unsigned)0xFF00) {
325 hv_len = hash_data(ctx, ctx->eng.pad, algo_id & 0xFF,
326 ctx->eng.pad, hv_len);
327 if (hv_len == 0) {
328 return -BR_ERR_INVALID_ALGORITHM;
329 }
330 }
331
332 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
333 algo_id, ctx->eng.pad, hv_len, sizeof ctx->eng.pad);
334 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
335 }
336
337 /*
338 * Do the ECDHE key exchange (part 2: computation of the shared secret
339 * from the point sent by the client).
340 */
341 static void
342 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
343 unsigned char *cpoint, size_t cpoint_len)
344 {
345 int curve;
346 uint32_t x;
347
348 curve = ctx->eng.ecdhe_curve;
349
350 /*
351 * Finalise the key exchange.
352 */
353 x = ctx->eng.iec->mul(cpoint, cpoint_len,
354 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
355 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
356
357 /*
358 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
359 * as that key does not get stolen, so we'd better destroy it
360 * as soon as it ceases to be useful.
361 */
362 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
363 }
364
365 /*
366 * Offset for hash value within the pad (when obtaining all hash values,
367 * in preparation for verification of the CertificateVerify message).
368 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
369 * is used to get the total length.
370 */
371 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
372
373 /*
374 * OID for hash functions in RSA signatures.
375 */
376 static const unsigned char HASH_OID_SHA1[] = {
377 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
378 };
379
380 static const unsigned char HASH_OID_SHA224[] = {
381 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
382 };
383
384 static const unsigned char HASH_OID_SHA256[] = {
385 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
386 };
387
388 static const unsigned char HASH_OID_SHA384[] = {
389 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
390 };
391
392 static const unsigned char HASH_OID_SHA512[] = {
393 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
394 };
395
396 static const unsigned char *HASH_OID[] = {
397 HASH_OID_SHA1,
398 HASH_OID_SHA224,
399 HASH_OID_SHA256,
400 HASH_OID_SHA384,
401 HASH_OID_SHA512
402 };
403
404 /*
405 * Verify the signature in CertificateVerify. Returned value is 0 on
406 * success, or a non-zero error code. Lack of implementation of the
407 * designated signature algorithm is reported as a "bad signature"
408 * error (because it means that the peer did not honour our advertised
409 * set of supported signature algorithms).
410 */
411 static int
412 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
413 {
414 const br_x509_class **xc;
415 const br_x509_pkey *pk;
416 int id;
417
418 id = ctx->hash_CV_id;
419 xc = ctx->eng.x509ctx;
420 pk = (*xc)->get_pkey(xc, NULL);
421 if (pk->key_type == BR_KEYTYPE_RSA) {
422 unsigned char tmp[64];
423 const unsigned char *hash_oid;
424
425 if (id == 0) {
426 hash_oid = NULL;
427 } else {
428 hash_oid = HASH_OID[id - 2];
429 }
430 if (ctx->eng.irsavrfy == 0) {
431 return BR_ERR_BAD_SIGNATURE;
432 }
433 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
434 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
435 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
436 {
437 return BR_ERR_BAD_SIGNATURE;
438 }
439 } else {
440 if (ctx->eng.iecdsa == 0) {
441 return BR_ERR_BAD_SIGNATURE;
442 }
443 if (!ctx->eng.iecdsa(ctx->eng.iec,
444 ctx->hash_CV, ctx->hash_CV_len,
445 &pk->key.ec, ctx->eng.pad, sig_len))
446 {
447 return BR_ERR_BAD_SIGNATURE;
448 }
449 }
450 return 0;
451 }
452
453
454
455 static const uint8_t t0_datablock[] = {
456 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
457 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
458 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
459 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
460 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
461 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
462 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
463 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
464 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
465 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
466 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
467 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
468 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
469 };
470
471 static const uint8_t t0_codeblock[] = {
472 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
473 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
474 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
475 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
480 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
483 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
484 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
485 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
486 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
487 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
488 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
489 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
490 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
491 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
493 0x01,
494 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
495 0x00, 0x00, 0x01,
496 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
497 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
498 0x00, 0x00, 0x01,
499 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
500 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
501 0x00, 0x00, 0x01,
502 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
503 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
504 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
505 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
506 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
507 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
508 0x00, 0x00, 0x79, 0x01,
509 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
510 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
511 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
512 0x00, 0x01,
513 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
514 0x00, 0x01,
515 T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
517 0x00, 0x00, 0x01,
518 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
519 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
520 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
521 0x00, 0x01,
522 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
523 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
524 0x00, 0x00, 0x01,
525 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
526 0x01,
527 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
528 0x00, 0x00, 0x01,
529 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
530 0x00, 0x00, 0x01,
531 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
532 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
533 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
535 0x00, 0x01,
536 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
537 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
538 0x00, 0x00, 0x01,
539 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
540 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
541 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
542 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
543 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
544 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
545 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
546 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA5, 0x1C, 0x83,
547 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
548 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x42, 0x2C, 0x19,
549 0x38, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
550 0xC4, 0x02, 0x00, 0x2A, 0x19, 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCC, 0x04,
551 0x76, 0x00, 0x01, 0x00, 0x75, 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
552 0x8A, 0x40, 0x36, 0xAE, 0x35, 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD3,
553 0x01, 0x00, 0xCF, 0x01, 0x00, 0xAA, 0x04, 0x80, 0x46, 0xD3, 0xD0, 0x29,
554 0xD5, 0x4E, 0x06, 0x01, 0xD1, 0xD4, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00,
555 0xAB, 0x2A, 0x5B, 0x06, 0x0F, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B,
556 0x29, 0xAF, 0xAD, 0x2A, 0xC5, 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B,
557 0x29, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x6E, 0x2B, 0xAF, 0x04, 0x0A, 0xB1,
558 0x2A, 0x05, 0x04, 0x29, 0xA8, 0x04, 0x02, 0xB0, 0xAC, 0x04, 0x01, 0xAF,
559 0x01, 0x00, 0xAA, 0x01, 0x00, 0xCF, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01,
560 0x17, 0x87, 0x42, 0x00, 0x00, 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C,
561 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00,
562 0xC3, 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01,
563 0x84, 0x00, 0x08, 0x2B, 0x00, 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01,
564 0x13, 0x37, 0x00, 0x00, 0x01, 0x7F, 0x9F, 0xCB, 0x2A, 0x01, 0x07, 0x13,
565 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01,
566 0xC2, 0x04, 0x2A, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88,
567 0x30, 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19,
568 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC4, 0x04,
569 0x03, 0x01, 0x00, 0x9F, 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01,
570 0x2A, 0x03, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00,
571 0x00, 0x00, 0x9A, 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00,
572 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29,
573 0x01, 0x02, 0x74, 0x42, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F,
574 0x06, 0x14, 0x29, 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F,
575 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01,
576 0x82, 0x00, 0x08, 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05,
577 0x3D, 0xA6, 0x39, 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42,
578 0x00, 0x00, 0x01, 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B,
579 0x76, 0x2E, 0x2A, 0xC7, 0x05, 0x02, 0x71, 0x2B, 0xA5, 0x28, 0x00, 0x02,
580 0x85, 0x2E, 0x05, 0x02, 0xB9, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x01, 0x7E,
581 0x03, 0x00, 0x2A, 0x06, 0x17, 0xBF, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB3,
582 0x02, 0x01, 0x4F, 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04,
583 0x01, 0x29, 0x04, 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00,
584 0x00, 0x31, 0x06, 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71,
585 0x2B, 0x04, 0x11, 0xCB, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06,
586 0x06, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC0, 0x01, 0x01, 0x0E,
587 0x35, 0x39, 0x06, 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC6, 0x38, 0xB2,
588 0x00, 0x01, 0xB7, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01,
589 0x03, 0x0F, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00,
590 0x47, 0x5A, 0xBE, 0xA4, 0x2A, 0x06, 0x23, 0xBE, 0xA4, 0x2A, 0x59, 0x2A,
591 0x06, 0x18, 0x2A, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00,
592 0x04, 0x01, 0x2A, 0x03, 0x00, 0x83, 0x02, 0x00, 0xB3, 0x02, 0x00, 0x56,
593 0x04, 0x65, 0x9B, 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02,
594 0x37, 0x00, 0x29, 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02,
595 0x72, 0x2B, 0x01, 0x0F, 0x13, 0x03, 0x00, 0xAD, 0x93, 0x2E, 0x01, 0x86,
596 0x03, 0x11, 0x06, 0x23, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01,
597 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12,
598 0x2A, 0x01, 0x02, 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C,
599 0x2B, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00,
600 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBD, 0x2A, 0x03,
601 0x01, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47,
602 0xB3, 0x02, 0x01, 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00,
603 0x1D, 0xB7, 0x01, 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB7,
604 0x01, 0x01, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0xBD, 0x2A, 0x03, 0x00, 0x77,
605 0x40, 0x78, 0x01, 0x20, 0xB3, 0xBF, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02,
606 0x70, 0x2B, 0x2A, 0x8E, 0x42, 0x8D, 0x47, 0xB3, 0x1A, 0x03, 0x01, 0xBD,
607 0xA4, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17,
608 0x3A, 0x08, 0x03, 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBD, 0x2A,
609 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04,
610 0x01, 0x7F, 0x03, 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88,
611 0x30, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81,
612 0xAC, 0x00, 0x0F, 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00,
613 0x95, 0x2E, 0x0B, 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC1, 0x2A,
614 0x5B, 0x06, 0x03, 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01,
615 0x02, 0x0C, 0x79, 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02,
616 0x05, 0x02, 0x04, 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05,
617 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29,
618 0x01, 0x00, 0x03, 0x07, 0xBF, 0xA4, 0x2A, 0x06, 0x09, 0xBF, 0x05, 0x04,
619 0x01, 0x7F, 0x03, 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01,
620 0x88, 0x04, 0x80, 0x41, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A,
621 0x06, 0x80, 0x4E, 0xBD, 0xA4, 0x2A, 0x06, 0x80, 0x47, 0xBD, 0x01, 0x00,
622 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F,
623 0x06, 0x04, 0x29, 0xB4, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F,
624 0x06, 0x04, 0x29, 0xB5, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04,
625 0x29, 0xBB, 0x04, 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBC,
626 0x04, 0x0F, 0x01, 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xA9, 0x04, 0x05,
627 0x29, 0xB9, 0x01, 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01,
628 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E,
629 0x97, 0x40, 0x01, 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10,
630 0x06, 0x03, 0x29, 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02,
631 0x6B, 0x2B, 0x02, 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46,
632 0xA1, 0x02, 0x01, 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05,
633 0x29, 0x93, 0x2E, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40,
634 0x2A, 0x94, 0x40, 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08,
635 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x88, 0x42, 0x02, 0x07, 0x05, 0x03,
636 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07, 0x01, 0xFC, 0x80,
637 0x00, 0x39, 0x80, 0x2F, 0x13, 0x2A, 0x80, 0x41, 0x2A, 0x01, 0x81, 0x7F,
638 0x13, 0x5C, 0x37, 0x47, 0x01, 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39,
639 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41,
640 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F,
641 0x00, 0x8D, 0x01, 0x20, 0x34, 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03,
642 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A,
643 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F,
644 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00,
645 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20,
646 0x0E, 0x06, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05,
647 0x61, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05,
648 0x04, 0x01, 0x63, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05,
649 0x79, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A,
650 0x42, 0x8A, 0x2E, 0x01, 0x83, 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03,
651 0xA2, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18,
652 0x05, 0x03, 0x01, 0x28, 0xA1, 0x01, 0x00, 0x00, 0x00, 0xB1, 0xB0, 0x00,
653 0x04, 0x76, 0x2E, 0xCA, 0x06, 0x16, 0xBD, 0x2A, 0x01, 0x84, 0x00, 0x10,
654 0x06, 0x02, 0x6D, 0x2B, 0x2A, 0x03, 0x00, 0x83, 0x47, 0xB3, 0x02, 0x00,
655 0x76, 0x2E, 0xA5, 0x27, 0x76, 0x2E, 0x2A, 0xC8, 0x47, 0xC7, 0x03, 0x01,
656 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39, 0x06, 0x14, 0xBF, 0x2A, 0x03,
657 0x03, 0x83, 0x47, 0xB3, 0x02, 0x03, 0x76, 0x2E, 0xA5, 0x02, 0x02, 0x06,
658 0x03, 0x26, 0x04, 0x01, 0x24, 0x9B, 0x00, 0x00, 0xB7, 0x01, 0x10, 0x0F,
659 0x05, 0x02, 0x71, 0x2B, 0x00, 0x00, 0x9C, 0xB7, 0x01, 0x14, 0x0E, 0x06,
660 0x02, 0x71, 0x2B, 0x83, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB3, 0x9B, 0x83,
661 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00,
662 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00,
663 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x04, 0x74,
664 0x00, 0xBD, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x66, 0x2B, 0xBF, 0x2A, 0x2A,
665 0x5D, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08,
666 0x08, 0x2A, 0x82, 0x30, 0x0B, 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C,
667 0x3F, 0x2A, 0x82, 0x42, 0x84, 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBD,
668 0x88, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F,
669 0x05, 0x02, 0x69, 0x2B, 0xBF, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88,
670 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D,
671 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xBF, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69,
672 0x2B, 0x83, 0x01, 0x0C, 0xB3, 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02,
673 0x69, 0x2B, 0x04, 0x03, 0x69, 0x2B, 0x29, 0x00, 0x00, 0xBD, 0xA4, 0xBD,
674 0xA4, 0x2A, 0x06, 0x1D, 0xBF, 0x06, 0x03, 0xB9, 0x04, 0x15, 0xBD, 0x2A,
675 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47,
676 0x42, 0x8B, 0x47, 0xB3, 0x04, 0x01, 0xC5, 0x04, 0x60, 0x9B, 0x9B, 0x00,
677 0x00, 0xB8, 0x2A, 0x5D, 0x06, 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04,
678 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE, 0x47, 0x29, 0x47, 0x00, 0x00,
679 0xBD, 0xC5, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xBD, 0xA4, 0x2A, 0x06,
680 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03, 0x02, 0x02, 0x01, 0x01, 0x08,
681 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0D, 0x06, 0x0D, 0x01, 0x01,
682 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02, 0x00, 0x39, 0x03, 0x00, 0x04,
683 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13,
684 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x39, 0x13,
685 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60, 0x01, 0x02, 0x0C,
686 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0xFF, 0x2C, 0x9B, 0x02,
687 0x00, 0x00, 0x00, 0xBD, 0xA4, 0xBA, 0x80, 0x41, 0x9B, 0x00, 0x00, 0xBD,
688 0xA4, 0xBD, 0xA4, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBD, 0x2A,
689 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F, 0x39,
690 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00, 0x01,
691 0x02, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03,
692 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x01, 0x08, 0x0C, 0xC0, 0x08,
693 0x00, 0x00, 0x01, 0x01, 0x98, 0xC0, 0x00, 0x00, 0x3D, 0x2A, 0x5B, 0x05,
694 0x01, 0x00, 0x29, 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x92, 0x30, 0x03,
695 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01, 0x01,
696 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F, 0x04,
697 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCB,
698 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0xDE, 0x01, 0x00,
699 0xDD, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01, 0x15, 0x87, 0x42,
700 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47, 0xC3,
701 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05, 0xC0, 0x29, 0x60,
702 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03, 0x01,
703 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F,
704 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x3A,
705 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03,
706 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F, 0x06,
707 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04,
708 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F, 0x29,
709 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B,
710 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x10,
711 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x29, 0x01, 0x04,
712 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
713 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06, 0x0C,
714 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x03,
715 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10,
716 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03, 0x0B,
717 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00,
718 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x30,
719 0x2A, 0x06, 0x1F, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x00,
720 0x9E, 0x04, 0x11, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0A, 0x29, 0x75, 0x30,
721 0x06, 0x03, 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B,
722 0x30, 0x05, 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F,
723 0x06, 0x06, 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F,
724 0x06, 0x09, 0x29, 0xA7, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01,
725 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07, 0x29,
726 0x01, 0x04, 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08, 0x39,
727 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x0F, 0x31, 0x06, 0x0C, 0x86, 0x30, 0x01,
728 0x15, 0x0F, 0x06, 0x04, 0x29, 0xA7, 0x04, 0x01, 0x23, 0x00, 0x00, 0xCB,
729 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00, 0x01,
730 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00, 0xCB,
731 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDE, 0x2C, 0x2A,
732 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD2, 0x2C, 0x00, 0x00, 0x01, 0x0B,
733 0xDE, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDD, 0xDD, 0x14, 0x2A, 0x5B,
734 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47, 0xD6,
735 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD8, 0x93, 0x2E, 0x01,
736 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xD9, 0x08, 0x4E, 0x08,
737 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDE, 0xDD, 0x01, 0x00, 0xD8, 0xDE, 0x01,
738 0x01, 0xD8, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, 0x01,
739 0x00, 0xD9, 0xDC, 0x01, 0x01, 0xD9, 0x29, 0x4E, 0xDC, 0x16, 0x15, 0x2A,
740 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDC, 0x1F, 0x2A, 0x06, 0x05, 0x83, 0x47,
741 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDE, 0x01,
742 0x0C, 0xDD, 0x83, 0x01, 0x0C, 0xD6, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02,
743 0xDE, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02,
744 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01,
745 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01,
746 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01, 0x07,
747 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
748 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDD, 0x93, 0x2E, 0xDC, 0x8C, 0x01,
749 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01, 0x20,
750 0xD6, 0x01, 0x20, 0xDE, 0x8D, 0x01, 0x20, 0xD6, 0x76, 0x2E, 0xDC, 0x01,
751 0x00, 0xDE, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A, 0x06,
752 0x80, 0x40, 0xDC, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE, 0x01,
753 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x60, 0x89, 0x47, 0xD7, 0x04, 0x01,
754 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC, 0x84,
755 0x30, 0x01, 0x08, 0x09, 0xDE, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01, 0x10,
756 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x62, 0x2A, 0xDC, 0x60, 0x83, 0x47,
757 0xD7, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E, 0xDE,
758 0x01, 0x00, 0xDD, 0x00, 0x03, 0x76, 0x2E, 0xC8, 0x05, 0x01, 0x00, 0x7C,
759 0x2F, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01, 0x13, 0x5D, 0x06, 0x03, 0x5F,
760 0x04, 0x75, 0x03, 0x00, 0x29, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06, 0x02,
761 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03, 0x02,
762 0x01, 0x0C, 0xDE, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01, 0x02,
763 0x13, 0x08, 0x01, 0x06, 0x08, 0xDD, 0x01, 0x03, 0xDE, 0x02, 0x00, 0xDC,
764 0x7D, 0x7E, 0x30, 0xD7, 0x02, 0x02, 0x06, 0x1C, 0x90, 0x2E, 0x2A, 0x01,
765 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDC, 0x04, 0x0F, 0x01, 0x81, 0x7F,
766 0x13, 0xDE, 0x76, 0x2E, 0xC9, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, 0xDE,
767 0x02, 0x01, 0xDC, 0x83, 0x02, 0x01, 0xD6, 0x00, 0x00, 0x54, 0x2A, 0x01,
768 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCB, 0x29, 0x04, 0x73, 0x00, 0x2A,
769 0xDE, 0xD6, 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC7, 0x06, 0x0C, 0x61,
770 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xDE, 0x01, 0x80, 0x42, 0xDE, 0x46,
771 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDE, 0x45, 0x06, 0x08,
772 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40, 0xDE, 0x47, 0x29, 0x00, 0x01,
773 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01, 0x01,
774 0x80, 0x7C, 0xDA, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDA, 0x02,
775 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44, 0x29,
776 0xDA, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDA, 0x02,
777 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
778 0x04, 0xDB, 0x01, 0x05, 0xDB, 0x01, 0x06, 0xDB, 0x01, 0x03, 0xDB, 0x01,
779 0x02, 0xDB, 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01, 0x02,
780 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06, 0x07,
781 0x02, 0x00, 0xDE, 0x01, 0x02, 0x3B, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x08,
782 0x52, 0xDE, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDE, 0xDC, 0x00,
783 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00, 0xCB, 0x29, 0x04, 0x76
784 };
785
786 static const uint16_t t0_caddr[] = {
787 0,
788 5,
789 10,
790 15,
791 20,
792 25,
793 30,
794 35,
795 40,
796 44,
797 48,
798 52,
799 56,
800 60,
801 64,
802 68,
803 72,
804 76,
805 80,
806 84,
807 88,
808 92,
809 96,
810 100,
811 104,
812 109,
813 114,
814 119,
815 124,
816 129,
817 134,
818 139,
819 144,
820 149,
821 154,
822 159,
823 164,
824 169,
825 174,
826 180,
827 185,
828 190,
829 195,
830 200,
831 205,
832 210,
833 215,
834 220,
835 225,
836 230,
837 235,
838 240,
839 245,
840 250,
841 255,
842 260,
843 265,
844 270,
845 275,
846 280,
847 285,
848 290,
849 299,
850 303,
851 328,
852 334,
853 353,
854 364,
855 398,
856 509,
857 513,
858 546,
859 556,
860 624,
861 638,
862 644,
863 703,
864 722,
865 744,
866 793,
867 842,
868 918,
869 1020,
870 1031,
871 1617,
872 1621,
873 1688,
874 1698,
875 1729,
876 1753,
877 1799,
878 1869,
879 1909,
880 1923,
881 1932,
882 1936,
883 2031,
884 2039,
885 2075,
886 2086,
887 2102,
888 2108,
889 2119,
890 2154,
891 2180,
892 2192,
893 2198,
894 2213,
895 2369,
896 2378,
897 2391,
898 2400,
899 2407,
900 2510,
901 2531,
902 2544,
903 2560,
904 2578,
905 2610,
906 2683,
907 2696,
908 2877,
909 2885,
910 2997,
911 3011,
912 3016,
913 3060,
914 3117,
915 3138,
916 3165,
917 3173,
918 3181
919 };
920
921 #define T0_INTERPRETED 91
922
923 #define T0_ENTER(ip, rp, slot) do { \
924 const unsigned char *t0_newip; \
925 uint32_t t0_lnum; \
926 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
927 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
928 (rp) += t0_lnum; \
929 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
930 (ip) = t0_newip; \
931 } while (0)
932
933 #define T0_DEFENTRY(name, slot) \
934 void \
935 name(void *ctx) \
936 { \
937 t0_context *t0ctx = ctx; \
938 t0ctx->ip = &t0_codeblock[0]; \
939 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
940 }
941
942 T0_DEFENTRY(br_ssl_hs_server_init_main, 163)
943
944 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
945
946 void
947 br_ssl_hs_server_run(void *t0ctx)
948 {
949 uint32_t *dp, *rp;
950 const unsigned char *ip;
951
952 #define T0_LOCAL(x) (*(rp - 2 - (x)))
953 #define T0_POP() (*-- dp)
954 #define T0_POPi() (*(int32_t *)(-- dp))
955 #define T0_PEEK(x) (*(dp - 1 - (x)))
956 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
957 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
958 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
959 #define T0_RPOP() (*-- rp)
960 #define T0_RPOPi() (*(int32_t *)(-- rp))
961 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
962 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
963 #define T0_ROLL(x) do { \
964 size_t t0len = (size_t)(x); \
965 uint32_t t0tmp = *(dp - 1 - t0len); \
966 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
967 *(dp - 1) = t0tmp; \
968 } while (0)
969 #define T0_SWAP() do { \
970 uint32_t t0tmp = *(dp - 2); \
971 *(dp - 2) = *(dp - 1); \
972 *(dp - 1) = t0tmp; \
973 } while (0)
974 #define T0_ROT() do { \
975 uint32_t t0tmp = *(dp - 3); \
976 *(dp - 3) = *(dp - 2); \
977 *(dp - 2) = *(dp - 1); \
978 *(dp - 1) = t0tmp; \
979 } while (0)
980 #define T0_NROT() do { \
981 uint32_t t0tmp = *(dp - 1); \
982 *(dp - 1) = *(dp - 2); \
983 *(dp - 2) = *(dp - 3); \
984 *(dp - 3) = t0tmp; \
985 } while (0)
986 #define T0_PICK(x) do { \
987 uint32_t t0depth = (x); \
988 T0_PUSH(T0_PEEK(t0depth)); \
989 } while (0)
990 #define T0_CO() do { \
991 goto t0_exit; \
992 } while (0)
993 #define T0_RET() goto t0_next
994
995 dp = ((t0_context *)t0ctx)->dp;
996 rp = ((t0_context *)t0ctx)->rp;
997 ip = ((t0_context *)t0ctx)->ip;
998 goto t0_next;
999 for (;;) {
1000 uint32_t t0x;
1001
1002 t0_next:
1003 t0x = T0_NEXT(&ip);
1004 if (t0x < T0_INTERPRETED) {
1005 switch (t0x) {
1006 int32_t t0off;
1007
1008 case 0: /* ret */
1009 t0x = T0_RPOP();
1010 rp -= (t0x >> 16);
1011 t0x &= 0xFFFF;
1012 if (t0x == 0) {
1013 ip = NULL;
1014 goto t0_exit;
1015 }
1016 ip = &t0_codeblock[t0x];
1017 break;
1018 case 1: /* literal constant */
1019 T0_PUSHi(t0_parse7E_signed(&ip));
1020 break;
1021 case 2: /* read local */
1022 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
1023 break;
1024 case 3: /* write local */
1025 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1026 break;
1027 case 4: /* jump */
1028 t0off = t0_parse7E_signed(&ip);
1029 ip += t0off;
1030 break;
1031 case 5: /* jump if */
1032 t0off = t0_parse7E_signed(&ip);
1033 if (T0_POP()) {
1034 ip += t0off;
1035 }
1036 break;
1037 case 6: /* jump if not */
1038 t0off = t0_parse7E_signed(&ip);
1039 if (!T0_POP()) {
1040 ip += t0off;
1041 }
1042 break;
1043 case 7: {
1044 /* * */
1045
1046 uint32_t b = T0_POP();
1047 uint32_t a = T0_POP();
1048 T0_PUSH(a * b);
1049
1050 }
1051 break;
1052 case 8: {
1053 /* + */
1054
1055 uint32_t b = T0_POP();
1056 uint32_t a = T0_POP();
1057 T0_PUSH(a + b);
1058
1059 }
1060 break;
1061 case 9: {
1062 /* - */
1063
1064 uint32_t b = T0_POP();
1065 uint32_t a = T0_POP();
1066 T0_PUSH(a - b);
1067
1068 }
1069 break;
1070 case 10: {
1071 /* -rot */
1072 T0_NROT();
1073 }
1074 break;
1075 case 11: {
1076 /* < */
1077
1078 int32_t b = T0_POPi();
1079 int32_t a = T0_POPi();
1080 T0_PUSH(-(uint32_t)(a < b));
1081
1082 }
1083 break;
1084 case 12: {
1085 /* << */
1086
1087 int c = (int)T0_POPi();
1088 uint32_t x = T0_POP();
1089 T0_PUSH(x << c);
1090
1091 }
1092 break;
1093 case 13: {
1094 /* <= */
1095
1096 int32_t b = T0_POPi();
1097 int32_t a = T0_POPi();
1098 T0_PUSH(-(uint32_t)(a <= b));
1099
1100 }
1101 break;
1102 case 14: {
1103 /* <> */
1104
1105 uint32_t b = T0_POP();
1106 uint32_t a = T0_POP();
1107 T0_PUSH(-(uint32_t)(a != b));
1108
1109 }
1110 break;
1111 case 15: {
1112 /* = */
1113
1114 uint32_t b = T0_POP();
1115 uint32_t a = T0_POP();
1116 T0_PUSH(-(uint32_t)(a == b));
1117
1118 }
1119 break;
1120 case 16: {
1121 /* > */
1122
1123 int32_t b = T0_POPi();
1124 int32_t a = T0_POPi();
1125 T0_PUSH(-(uint32_t)(a > b));
1126
1127 }
1128 break;
1129 case 17: {
1130 /* >= */
1131
1132 int32_t b = T0_POPi();
1133 int32_t a = T0_POPi();
1134 T0_PUSH(-(uint32_t)(a >= b));
1135
1136 }
1137 break;
1138 case 18: {
1139 /* >> */
1140
1141 int c = (int)T0_POPi();
1142 int32_t x = T0_POPi();
1143 T0_PUSHi(x >> c);
1144
1145 }
1146 break;
1147 case 19: {
1148 /* and */
1149
1150 uint32_t b = T0_POP();
1151 uint32_t a = T0_POP();
1152 T0_PUSH(a & b);
1153
1154 }
1155 break;
1156 case 20: {
1157 /* begin-cert */
1158
1159 if (ENG->chain_len == 0) {
1160 T0_PUSHi(-1);
1161 } else {
1162 ENG->cert_cur = ENG->chain->data;
1163 ENG->cert_len = ENG->chain->data_len;
1164 ENG->chain ++;
1165 ENG->chain_len --;
1166 T0_PUSH(ENG->cert_len);
1167 }
1168
1169 }
1170 break;
1171 case 21: {
1172 /* begin-ta-name */
1173
1174 const br_x500_name *dn;
1175 if (CTX->cur_dn_index >= CTX->num_tas) {
1176 T0_PUSHi(-1);
1177 } else {
1178 if (CTX->ta_names == NULL) {
1179 dn = &CTX->tas[CTX->cur_dn_index].dn;
1180 } else {
1181 dn = &CTX->ta_names[CTX->cur_dn_index];
1182 }
1183 CTX->cur_dn_index ++;
1184 CTX->cur_dn = dn->data;
1185 CTX->cur_dn_len = dn->len;
1186 T0_PUSH(CTX->cur_dn_len);
1187 }
1188
1189 }
1190 break;
1191 case 22: {
1192 /* begin-ta-name-list */
1193
1194 CTX->cur_dn_index = 0;
1195
1196 }
1197 break;
1198 case 23: {
1199 /* bzero */
1200
1201 size_t len = (size_t)T0_POP();
1202 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1203 memset(addr, 0, len);
1204
1205 }
1206 break;
1207 case 24: {
1208 /* call-policy-handler */
1209
1210 int x;
1211 br_ssl_server_choices choices;
1212
1213 x = (*CTX->policy_vtable)->choose(
1214 CTX->policy_vtable, CTX, &choices);
1215 ENG->session.cipher_suite = choices.cipher_suite;
1216 CTX->sign_hash_id = choices.algo_id;
1217 ENG->chain = choices.chain;
1218 ENG->chain_len = choices.chain_len;
1219 T0_PUSHi(-(x != 0));
1220
1221 }
1222 break;
1223 case 25: {
1224 /* can-output? */
1225
1226 T0_PUSHi(-(ENG->hlen_out > 0));
1227
1228 }
1229 break;
1230 case 26: {
1231 /* check-resume */
1232
1233 if (ENG->session.session_id_len == 32
1234 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1235 CTX->cache_vtable, CTX, &ENG->session))
1236 {
1237 T0_PUSHi(-1);
1238 } else {
1239 T0_PUSH(0);
1240 }
1241
1242 }
1243 break;
1244 case 27: {
1245 /* co */
1246 T0_CO();
1247 }
1248 break;
1249 case 28: {
1250 /* compute-Finished-inner */
1251
1252 int prf_id = T0_POP();
1253 int from_client = T0_POPi();
1254 unsigned char seed[48];
1255 size_t seed_len;
1256
1257 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1258 if (ENG->session.version >= BR_TLS12) {
1259 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1260 } else {
1261 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1262 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1263 seed_len = 36;
1264 }
1265 prf(ENG->pad, 12, ENG->session.master_secret,
1266 sizeof ENG->session.master_secret,
1267 from_client ? "client finished" : "server finished",
1268 seed, seed_len);
1269
1270 }
1271 break;
1272 case 29: {
1273 /* compute-hash-CV */
1274
1275 int i;
1276
1277 for (i = 1; i <= 6; i ++) {
1278 br_multihash_out(&ENG->mhash, i,
1279 ENG->pad + HASH_PAD_OFF[i - 1]);
1280 }
1281
1282 }
1283 break;
1284 case 30: {
1285 /* copy-cert-chunk */
1286
1287 size_t clen;
1288
1289 clen = ENG->cert_len;
1290 if (clen > sizeof ENG->pad) {
1291 clen = sizeof ENG->pad;
1292 }
1293 memcpy(ENG->pad, ENG->cert_cur, clen);
1294 ENG->cert_cur += clen;
1295 ENG->cert_len -= clen;
1296 T0_PUSH(clen);
1297
1298 }
1299 break;
1300 case 31: {
1301 /* copy-dn-chunk */
1302
1303 size_t clen;
1304
1305 clen = CTX->cur_dn_len;
1306 if (clen > sizeof ENG->pad) {
1307 clen = sizeof ENG->pad;
1308 }
1309 memcpy(ENG->pad, CTX->cur_dn, clen);
1310 CTX->cur_dn += clen;
1311 CTX->cur_dn_len -= clen;
1312 T0_PUSH(clen);
1313
1314 }
1315 break;
1316 case 32: {
1317 /* copy-hash-CV */
1318
1319 int id = T0_POP();
1320 size_t off, len;
1321
1322 if (id == 0) {
1323 off = 0;
1324 len = 36;
1325 } else {
1326 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1327 T0_PUSH(0);
1328 T0_RET();
1329 }
1330 off = HASH_PAD_OFF[id - 1];
1331 len = HASH_PAD_OFF[id] - off;
1332 }
1333 memcpy(CTX->hash_CV, ENG->pad + off, len);
1334 CTX->hash_CV_len = len;
1335 CTX->hash_CV_id = id;
1336 T0_PUSHi(-1);
1337
1338 }
1339 break;
1340 case 33: {
1341 /* copy-protocol-name */
1342
1343 size_t idx = T0_POP();
1344 size_t len = strlen(ENG->protocol_names[idx]);
1345 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1346 T0_PUSH(len);
1347
1348 }
1349 break;
1350 case 34: {
1351 /* data-get8 */
1352
1353 size_t addr = T0_POP();
1354 T0_PUSH(t0_datablock[addr]);
1355
1356 }
1357 break;
1358 case 35: {
1359 /* discard-input */
1360
1361 ENG->hlen_in = 0;
1362
1363 }
1364 break;
1365 case 36: {
1366 /* do-ecdh */
1367
1368 int prf_id = T0_POPi();
1369 size_t len = T0_POP();
1370 do_ecdh(CTX, prf_id, ENG->pad, len);
1371
1372 }
1373 break;
1374 case 37: {
1375 /* do-ecdhe-part1 */
1376
1377 int curve = T0_POPi();
1378 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1379
1380 }
1381 break;
1382 case 38: {
1383 /* do-ecdhe-part2 */
1384
1385 int prf_id = T0_POPi();
1386 size_t len = T0_POP();
1387 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1388
1389 }
1390 break;
1391 case 39: {
1392 /* do-rsa-decrypt */
1393
1394 int prf_id = T0_POPi();
1395 size_t len = T0_POP();
1396 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1397
1398 }
1399 break;
1400 case 40: {
1401 /* do-static-ecdh */
1402
1403 do_static_ecdh(CTX, T0_POP());
1404
1405 }
1406 break;
1407 case 41: {
1408 /* drop */
1409 (void)T0_POP();
1410 }
1411 break;
1412 case 42: {
1413 /* dup */
1414 T0_PUSH(T0_PEEK(0));
1415 }
1416 break;
1417 case 43: {
1418 /* fail */
1419
1420 br_ssl_engine_fail(ENG, (int)T0_POPi());
1421 T0_CO();
1422
1423 }
1424 break;
1425 case 44: {
1426 /* flush-record */
1427
1428 br_ssl_engine_flush_record(ENG);
1429
1430 }
1431 break;
1432 case 45: {
1433 /* get-key-type-usages */
1434
1435 const br_x509_class *xc;
1436 const br_x509_pkey *pk;
1437 unsigned usages;
1438
1439 xc = *(ENG->x509ctx);
1440 pk = xc->get_pkey(ENG->x509ctx, &usages);
1441 if (pk == NULL) {
1442 T0_PUSH(0);
1443 } else {
1444 T0_PUSH(pk->key_type | usages);
1445 }
1446
1447 }
1448 break;
1449 case 46: {
1450 /* get16 */
1451
1452 size_t addr = (size_t)T0_POP();
1453 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1454
1455 }
1456 break;
1457 case 47: {
1458 /* get32 */
1459
1460 size_t addr = (size_t)T0_POP();
1461 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1462
1463 }
1464 break;
1465 case 48: {
1466 /* get8 */
1467
1468 size_t addr = (size_t)T0_POP();
1469 T0_PUSH(*((unsigned char *)ENG + addr));
1470
1471 }
1472 break;
1473 case 49: {
1474 /* has-input? */
1475
1476 T0_PUSHi(-(ENG->hlen_in != 0));
1477
1478 }
1479 break;
1480 case 50: {
1481 /* memcmp */
1482
1483 size_t len = (size_t)T0_POP();
1484 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1485 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1486 int x = memcmp(addr1, addr2, len);
1487 T0_PUSH((uint32_t)-(x == 0));
1488
1489 }
1490 break;
1491 case 51: {
1492 /* memcpy */
1493
1494 size_t len = (size_t)T0_POP();
1495 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1496 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1497 memcpy(dst, src, len);
1498
1499 }
1500 break;
1501 case 52: {
1502 /* mkrand */
1503
1504 size_t len = (size_t)T0_POP();
1505 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1506 br_hmac_drbg_generate(&ENG->rng, addr, len);
1507
1508 }
1509 break;
1510 case 53: {
1511 /* more-incoming-bytes? */
1512
1513 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1514
1515 }
1516 break;
1517 case 54: {
1518 /* multihash-init */
1519
1520 br_multihash_init(&ENG->mhash);
1521
1522 }
1523 break;
1524 case 55: {
1525 /* neg */
1526
1527 uint32_t a = T0_POP();
1528 T0_PUSH(-a);
1529
1530 }
1531 break;
1532 case 56: {
1533 /* not */
1534
1535 uint32_t a = T0_POP();
1536 T0_PUSH(~a);
1537
1538 }
1539 break;
1540 case 57: {
1541 /* or */
1542
1543 uint32_t b = T0_POP();
1544 uint32_t a = T0_POP();
1545 T0_PUSH(a | b);
1546
1547 }
1548 break;
1549 case 58: {
1550 /* over */
1551 T0_PUSH(T0_PEEK(1));
1552 }
1553 break;
1554 case 59: {
1555 /* pick */
1556 T0_PICK(T0_POP());
1557 }
1558 break;
1559 case 60: {
1560 /* read-chunk-native */
1561
1562 size_t clen = ENG->hlen_in;
1563 if (clen > 0) {
1564 uint32_t addr, len;
1565
1566 len = T0_POP();
1567 addr = T0_POP();
1568 if ((size_t)len < clen) {
1569 clen = (size_t)len;
1570 }
1571 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1572 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1573 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1574 }
1575 T0_PUSH(addr + (uint32_t)clen);
1576 T0_PUSH(len - (uint32_t)clen);
1577 ENG->hbuf_in += clen;
1578 ENG->hlen_in -= clen;
1579 }
1580
1581 }
1582 break;
1583 case 61: {
1584 /* read8-native */
1585
1586 if (ENG->hlen_in > 0) {
1587 unsigned char x;
1588
1589 x = *ENG->hbuf_in ++;
1590 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1591 br_multihash_update(&ENG->mhash, &x, 1);
1592 }
1593 T0_PUSH(x);
1594 ENG->hlen_in --;
1595 } else {
1596 T0_PUSHi(-1);
1597 }
1598
1599 }
1600 break;
1601 case 62: {
1602 /* save-session */
1603
1604 if (CTX->cache_vtable != NULL) {
1605 (*CTX->cache_vtable)->save(
1606 CTX->cache_vtable, CTX, &ENG->session);
1607 }
1608
1609 }
1610 break;
1611 case 63: {
1612 /* set-max-frag-len */
1613
1614 size_t max_frag_len = T0_POP();
1615
1616 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1617
1618 /*
1619 * We must adjust our own output limit. Since we call this only
1620 * after receiving a ClientHello and before beginning to send
1621 * the ServerHello, the next output record should be empty at
1622 * that point, so we can use max_frag_len as a limit.
1623 */
1624 if (ENG->hlen_out > max_frag_len) {
1625 ENG->hlen_out = max_frag_len;
1626 }
1627
1628 }
1629 break;
1630 case 64: {
1631 /* set16 */
1632
1633 size_t addr = (size_t)T0_POP();
1634 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1635
1636 }
1637 break;
1638 case 65: {
1639 /* set32 */
1640
1641 size_t addr = (size_t)T0_POP();
1642 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1643
1644 }
1645 break;
1646 case 66: {
1647 /* set8 */
1648
1649 size_t addr = (size_t)T0_POP();
1650 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1651
1652 }
1653 break;
1654 case 67: {
1655 /* supported-curves */
1656
1657 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1658 T0_PUSH(x);
1659
1660 }
1661 break;
1662 case 68: {
1663 /* supported-hash-functions */
1664
1665 int i;
1666 unsigned x, num;
1667
1668 x = 0;
1669 num = 0;
1670 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1671 if (br_multihash_getimpl(&ENG->mhash, i)) {
1672 x |= 1U << i;
1673 num ++;
1674 }
1675 }
1676 T0_PUSH(x);
1677 T0_PUSH(num);
1678
1679 }
1680 break;
1681 case 69: {
1682 /* supports-ecdsa? */
1683
1684 T0_PUSHi(-(ENG->iecdsa != 0));
1685
1686 }
1687 break;
1688 case 70: {
1689 /* supports-rsa-sign? */
1690
1691 T0_PUSHi(-(ENG->irsavrfy != 0));
1692
1693 }
1694 break;
1695 case 71: {
1696 /* swap */
1697 T0_SWAP();
1698 }
1699 break;
1700 case 72: {
1701 /* switch-aesgcm-in */
1702
1703 int is_client, prf_id;
1704 unsigned cipher_key_len;
1705
1706 cipher_key_len = T0_POP();
1707 prf_id = T0_POP();
1708 is_client = T0_POP();
1709 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1710 ENG->iaes_ctr, cipher_key_len);
1711
1712 }
1713 break;
1714 case 73: {
1715 /* switch-aesgcm-out */
1716
1717 int is_client, prf_id;
1718 unsigned cipher_key_len;
1719
1720 cipher_key_len = T0_POP();
1721 prf_id = T0_POP();
1722 is_client = T0_POP();
1723 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1724 ENG->iaes_ctr, cipher_key_len);
1725
1726 }
1727 break;
1728 case 74: {
1729 /* switch-cbc-in */
1730
1731 int is_client, prf_id, mac_id, aes;
1732 unsigned cipher_key_len;
1733
1734 cipher_key_len = T0_POP();
1735 aes = T0_POP();
1736 mac_id = T0_POP();
1737 prf_id = T0_POP();
1738 is_client = T0_POP();
1739 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1740 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1741
1742 }
1743 break;
1744 case 75: {
1745 /* switch-cbc-out */
1746
1747 int is_client, prf_id, mac_id, aes;
1748 unsigned cipher_key_len;
1749
1750 cipher_key_len = T0_POP();
1751 aes = T0_POP();
1752 mac_id = T0_POP();
1753 prf_id = T0_POP();
1754 is_client = T0_POP();
1755 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1756 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1757
1758 }
1759 break;
1760 case 76: {
1761 /* switch-chapol-in */
1762
1763 int is_client, prf_id;
1764
1765 prf_id = T0_POP();
1766 is_client = T0_POP();
1767 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1768
1769 }
1770 break;
1771 case 77: {
1772 /* switch-chapol-out */
1773
1774 int is_client, prf_id;
1775
1776 prf_id = T0_POP();
1777 is_client = T0_POP();
1778 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1779
1780 }
1781 break;
1782 case 78: {
1783 /* ta-names-total-length */
1784
1785 size_t u, len;
1786
1787 len = 0;
1788 if (CTX->ta_names != NULL) {
1789 for (u = 0; u < CTX->num_tas; u ++) {
1790 len += CTX->ta_names[u].len + 2;
1791 }
1792 } else if (CTX->tas != NULL) {
1793 for (u = 0; u < CTX->num_tas; u ++) {
1794 len += CTX->tas[u].dn.len + 2;
1795 }
1796 }
1797 T0_PUSH(len);
1798
1799 }
1800 break;
1801 case 79: {
1802 /* test-protocol-name */
1803
1804 size_t len = T0_POP();
1805 size_t u;
1806
1807 for (u = 0; u < ENG->protocol_names_num; u ++) {
1808 const char *name;
1809
1810 name = ENG->protocol_names[u];
1811 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1812 T0_PUSH(u);
1813 T0_RET();
1814 }
1815 }
1816 T0_PUSHi(-1);
1817
1818 }
1819 break;
1820 case 80: {
1821 /* total-chain-length */
1822
1823 size_t u;
1824 uint32_t total;
1825
1826 total = 0;
1827 for (u = 0; u < ENG->chain_len; u ++) {
1828 total += 3 + (uint32_t)ENG->chain[u].data_len;
1829 }
1830 T0_PUSH(total);
1831
1832 }
1833 break;
1834 case 81: {
1835 /* u< */
1836
1837 uint32_t b = T0_POP();
1838 uint32_t a = T0_POP();
1839 T0_PUSH(-(uint32_t)(a < b));
1840
1841 }
1842 break;
1843 case 82: {
1844 /* u>> */
1845
1846 int c = (int)T0_POPi();
1847 uint32_t x = T0_POP();
1848 T0_PUSH(x >> c);
1849
1850 }
1851 break;
1852 case 83: {
1853 /* verify-CV-sig */
1854
1855 int err;
1856
1857 err = verify_CV_sig(CTX, T0_POP());
1858 T0_PUSHi(err);
1859
1860 }
1861 break;
1862 case 84: {
1863 /* write-blob-chunk */
1864
1865 size_t clen = ENG->hlen_out;
1866 if (clen > 0) {
1867 uint32_t addr, len;
1868
1869 len = T0_POP();
1870 addr = T0_POP();
1871 if ((size_t)len < clen) {
1872 clen = (size_t)len;
1873 }
1874 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1875 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1876 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1877 }
1878 T0_PUSH(addr + (uint32_t)clen);
1879 T0_PUSH(len - (uint32_t)clen);
1880 ENG->hbuf_out += clen;
1881 ENG->hlen_out -= clen;
1882 }
1883
1884 }
1885 break;
1886 case 85: {
1887 /* write8-native */
1888
1889 unsigned char x;
1890
1891 x = (unsigned char)T0_POP();
1892 if (ENG->hlen_out > 0) {
1893 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1894 br_multihash_update(&ENG->mhash, &x, 1);
1895 }
1896 *ENG->hbuf_out ++ = x;
1897 ENG->hlen_out --;
1898 T0_PUSHi(-1);
1899 } else {
1900 T0_PUSHi(0);
1901 }
1902
1903 }
1904 break;
1905 case 86: {
1906 /* x509-append */
1907
1908 const br_x509_class *xc;
1909 size_t len;
1910
1911 xc = *(ENG->x509ctx);
1912 len = T0_POP();
1913 xc->append(ENG->x509ctx, ENG->pad, len);
1914
1915 }
1916 break;
1917 case 87: {
1918 /* x509-end-cert */
1919
1920 const br_x509_class *xc;
1921
1922 xc = *(ENG->x509ctx);
1923 xc->end_cert(ENG->x509ctx);
1924
1925 }
1926 break;
1927 case 88: {
1928 /* x509-end-chain */
1929
1930 const br_x509_class *xc;
1931
1932 xc = *(ENG->x509ctx);
1933 T0_PUSH(xc->end_chain(ENG->x509ctx));
1934
1935 }
1936 break;
1937 case 89: {
1938 /* x509-start-cert */
1939
1940 const br_x509_class *xc;
1941
1942 xc = *(ENG->x509ctx);
1943 xc->start_cert(ENG->x509ctx, T0_POP());
1944
1945 }
1946 break;
1947 case 90: {
1948 /* x509-start-chain */
1949
1950 const br_x509_class *xc;
1951 uint32_t bc;
1952
1953 bc = T0_POP();
1954 xc = *(ENG->x509ctx);
1955 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1956
1957 }
1958 break;
1959 }
1960
1961 } else {
1962 T0_ENTER(ip, rp, t0x);
1963 }
1964 }
1965 t0_exit:
1966 ((t0_context *)t0ctx)->dp = dp;
1967 ((t0_context *)t0ctx)->rp = rp;
1968 ((t0_context *)t0ctx)->ip = ip;
1969 }
The BearSSL library and tools.