1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, &len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *xcoor
, size_t xcoor_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
147 if (xcoor_len
> sizeof rpms
) {
148 xcoor_len
= sizeof rpms
;
153 * Make a random PMS and copy it above the decrypted value if the
154 * decryption failed. Note that we use a constant-time conditional
157 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, xcoor_len
);
158 br_ccopy(ctl
^ 1, xcoor
, rpms
, xcoor_len
);
161 * Compute master secret.
163 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, xcoor
, xcoor_len
);
166 * Clear the pre-master secret from RAM: it is normally a buffer
167 * in the context, hence potentially long-lived.
169 memset(xcoor
, 0, xcoor_len
);
173 * Do the ECDH key exchange (not ECDHE).
176 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
177 unsigned char *cpoint
, size_t cpoint_len
)
182 * Finalise the key exchange.
184 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
185 cpoint
, &cpoint_len
);
186 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
190 * Do the full static ECDH key exchange. When this function is called,
191 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
192 * and the client's public key (from its certificate) has type EC and is
193 * apt for key exchange.
196 do_static_ecdh(br_ssl_server_context
*ctx
, int prf_id
)
198 unsigned char cpoint
[133];
200 const br_x509_class
**xc
;
201 const br_x509_pkey
*pk
;
203 xc
= ctx
->eng
.x509ctx
;
204 pk
= (*xc
)->get_pkey(xc
, NULL
);
205 cpoint_len
= pk
->key
.ec
.qlen
;
206 if (cpoint_len
> sizeof cpoint
) {
208 * If the point is larger than our buffer then we need to
209 * restrict it. Length 2 is not a valid point length, so
210 * the ECDH will fail.
214 memcpy(cpoint
, pk
->key
.ec
.q
, cpoint_len
);
215 do_ecdh(ctx
, prf_id
, cpoint
, cpoint_len
);
219 hash_data(br_ssl_server_context
*ctx
,
220 void *dst
, int hash_id
, const void *src
, size_t len
)
222 const br_hash_class
*hf
;
223 br_hash_compat_context hc
;
226 unsigned char tmp
[36];
228 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, br_md5_ID
);
232 hf
->init(&hc
.vtable
);
233 hf
->update(&hc
.vtable
, src
, len
);
234 hf
->out(&hc
.vtable
, tmp
);
235 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, br_sha1_ID
);
239 hf
->init(&hc
.vtable
);
240 hf
->update(&hc
.vtable
, src
, len
);
241 hf
->out(&hc
.vtable
, tmp
+ 16);
242 memcpy(dst
, tmp
, 36);
245 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, hash_id
);
249 hf
->init(&hc
.vtable
);
250 hf
->update(&hc
.vtable
, src
, len
);
251 hf
->out(&hc
.vtable
, dst
);
252 return (hf
->desc
>> BR_HASHDESC_OUT_OFF
) & BR_HASHDESC_OUT_MASK
;
257 * Do the ECDHE key exchange (part 1: generation of transient key, and
258 * computing of the point to send to the client). Returned value is the
259 * signature length (in bytes), or -x on error (with x being an error
260 * code). The encoded point is written in the ecdhe_point[] context buffer
261 * (length in ecdhe_point_len).
264 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
268 const unsigned char *order
;
270 size_t hv_len
, sig_len
;
272 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
273 return -BR_ERR_INVALID_ALGORITHM
;
275 ctx
->eng
.ecdhe_curve
= curve
;
278 * Generate our private key. We need a non-zero random value
279 * which is lower than the curve order, in a "large enough"
280 * range. We force the top bit to 0 and bottom bit to 1, which
281 * does the trick. Note that contrary to what happens in ECDSA,
282 * this is not a problem if we do not cover the full range of
285 order
= ctx
->eng
.iec
->order(curve
, &olen
);
287 while (mask
>= order
[0]) {
290 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
291 ctx
->ecdhe_key
[0] &= mask
;
292 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
293 ctx
->ecdhe_key_len
= olen
;
296 * Compute our ECDH point.
298 glen
= ctx
->eng
.iec
->mulgen(ctx
->eng
.ecdhe_point
,
299 ctx
->ecdhe_key
, olen
, curve
);
300 ctx
->eng
.ecdhe_point_len
= glen
;
303 * Assemble the message to be signed, and possibly hash it.
305 memcpy(ctx
->eng
.pad
, ctx
->eng
.client_random
, 32);
306 memcpy(ctx
->eng
.pad
+ 32, ctx
->eng
.server_random
, 32);
307 ctx
->eng
.pad
[64 + 0] = 0x03;
308 ctx
->eng
.pad
[64 + 1] = 0x00;
309 ctx
->eng
.pad
[64 + 2] = curve
;
310 ctx
->eng
.pad
[64 + 3] = ctx
->eng
.ecdhe_point_len
;
311 memcpy(ctx
->eng
.pad
+ 64 + 4,
312 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
313 hv_len
= 64 + 4 + ctx
->eng
.ecdhe_point_len
;
314 algo_id
= ctx
->sign_hash_id
;
315 if (algo_id
>= (unsigned)0xFF00) {
316 hv_len
= hash_data(ctx
, ctx
->eng
.pad
, algo_id
& 0xFF,
317 ctx
->eng
.pad
, hv_len
);
319 return -BR_ERR_INVALID_ALGORITHM
;
323 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
324 algo_id
, ctx
->eng
.pad
, hv_len
, sizeof ctx
->eng
.pad
);
325 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
329 * Do the ECDHE key exchange (part 2: computation of the shared secret
330 * from the point sent by the client).
333 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
334 unsigned char *cpoint
, size_t cpoint_len
)
340 curve
= ctx
->eng
.ecdhe_curve
;
343 * Finalise the key exchange.
345 ctl
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
346 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
347 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
348 ecdh_common(ctx
, prf_id
, cpoint
+ xoff
, xlen
, ctl
);
351 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
352 * as that key does not get stolen, so we'd better destroy it
353 * as soon as it ceases to be useful.
355 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
359 * Offset for hash value within the pad (when obtaining all hash values,
360 * in preparation for verification of the CertificateVerify message).
361 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
362 * is used to get the total length.
364 static const unsigned char HASH_PAD_OFF
[] = { 0, 16, 36, 64, 96, 144, 208 };
367 * OID for hash functions in RSA signatures.
369 static const unsigned char HASH_OID_SHA1
[] = {
370 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
373 static const unsigned char HASH_OID_SHA224
[] = {
374 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
377 static const unsigned char HASH_OID_SHA256
[] = {
378 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
381 static const unsigned char HASH_OID_SHA384
[] = {
382 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
385 static const unsigned char HASH_OID_SHA512
[] = {
386 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
389 static const unsigned char *HASH_OID
[] = {
398 * Verify the signature in CertificateVerify. Returned value is 0 on
399 * success, or a non-zero error code. Lack of implementation of the
400 * designated signature algorithm is reported as a "bad signature"
401 * error (because it means that the peer did not honour our advertised
402 * set of supported signature algorithms).
405 verify_CV_sig(br_ssl_server_context
*ctx
, size_t sig_len
)
407 const br_x509_class
**xc
;
408 const br_x509_pkey
*pk
;
411 id
= ctx
->hash_CV_id
;
412 xc
= ctx
->eng
.x509ctx
;
413 pk
= (*xc
)->get_pkey(xc
, NULL
);
414 if (pk
->key_type
== BR_KEYTYPE_RSA
) {
415 unsigned char tmp
[64];
416 const unsigned char *hash_oid
;
421 hash_oid
= HASH_OID
[id
- 2];
423 if (ctx
->eng
.irsavrfy
== 0) {
424 return BR_ERR_BAD_SIGNATURE
;
426 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
427 hash_oid
, ctx
->hash_CV_len
, &pk
->key
.rsa
, tmp
)
428 || memcmp(tmp
, ctx
->hash_CV
, ctx
->hash_CV_len
) != 0)
430 return BR_ERR_BAD_SIGNATURE
;
433 if (ctx
->eng
.iecdsa
== 0) {
434 return BR_ERR_BAD_SIGNATURE
;
436 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
,
437 ctx
->hash_CV
, ctx
->hash_CV_len
,
438 &pk
->key
.ec
, ctx
->eng
.pad
, sig_len
))
440 return BR_ERR_BAD_SIGNATURE
;
448 static const unsigned char t0_datablock
[] = {
449 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
450 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
451 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
452 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
453 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
454 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
455 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
456 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
457 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
458 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
459 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
460 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
461 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
464 static const unsigned char t0_codeblock
[] = {
465 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
466 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
467 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
468 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_BAD_SIGNATURE
), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_NO_CLIENT_AUTH
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
480 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
483 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
487 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
489 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
492 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
495 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)),
500 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
501 0x00, 0x00, 0x79, 0x01,
502 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
504 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
506 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
508 T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
511 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
513 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
515 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
518 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
520 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
522 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
524 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
525 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
526 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
529 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
530 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
532 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
533 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
535 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
536 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
537 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
538 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
539 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA6, 0x1C, 0x83,
540 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
541 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x30, 0x02, 0x00, 0x38, 0x13,
542 0x01, 0x01, 0x0C, 0x75, 0x42, 0x2C, 0x19, 0x38, 0x06, 0x07, 0x02, 0x00,
543 0xCD, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x2A, 0x19,
544 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCD, 0x04, 0x76, 0x00, 0x01, 0x00, 0x75,
545 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0x8A, 0x40, 0x36, 0xAF, 0x35,
546 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD4, 0x01, 0x00, 0xD0, 0x01, 0x00,
547 0xAB, 0x04, 0x80, 0x46, 0xD4, 0xD1, 0x29, 0xD6, 0x4E, 0x06, 0x01, 0xD2,
548 0xD5, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00, 0xAC, 0x2A, 0x5B, 0x06, 0x0F,
549 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B, 0x29, 0xB0, 0xAE, 0x2A, 0xC6,
550 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B, 0x29, 0x01, 0x02, 0xA2, 0x05,
551 0x02, 0x6E, 0x2B, 0xB0, 0x04, 0x0A, 0xB2, 0x2A, 0x05, 0x04, 0x29, 0xA9,
552 0x04, 0x02, 0xB1, 0xAD, 0x04, 0x01, 0xB0, 0x01, 0x00, 0xAB, 0x01, 0x00,
553 0xD0, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00,
554 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC,
555 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xC4, 0x19, 0x38, 0x06, 0x04,
556 0xCC, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2B, 0x00,
557 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01, 0x13, 0x37, 0x00, 0x00, 0x2A,
558 0x05, 0x04, 0x29, 0x01, 0x7F, 0x00, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01,
559 0x13, 0x5D, 0x06, 0x03, 0x5F, 0x04, 0x75, 0x47, 0x29, 0x00, 0x00, 0x01,
560 0x7F, 0x9F, 0xCC, 0x2A, 0x01, 0x07, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06,
561 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01, 0xC3, 0x04, 0x2A, 0x01, 0x01,
562 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88, 0x30, 0x01, 0x01, 0x0F, 0x01,
563 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC, 0x29,
564 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x04, 0x03, 0x01, 0x00, 0x9F, 0x04,
565 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01, 0x2A, 0x03, 0x00, 0x09, 0x2A,
566 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00, 0x00, 0x00, 0x9A, 0x01, 0x0F,
567 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29,
568 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29, 0x01, 0x02, 0x74, 0x42, 0x01,
569 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x14, 0x29, 0x01, 0x00,
570 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00,
571 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x29,
572 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05, 0x3D, 0xA7, 0x39, 0x04, 0x78,
573 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42, 0x00, 0x00, 0x01, 0x1F, 0x13,
574 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B, 0x76, 0x2E, 0x2A, 0xC8, 0x05,
575 0x02, 0x71, 0x2B, 0xA6, 0x28, 0x00, 0x02, 0x85, 0x2E, 0x05, 0x02, 0xBA,
576 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x7E, 0x03, 0x00, 0x2A, 0x06, 0x17,
577 0xC0, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x4F, 0x2A, 0x02,
578 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04, 0x01, 0x29, 0x04, 0x66, 0x9B,
579 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00, 0x00, 0x31, 0x06, 0x0B, 0x86,
580 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x11, 0xCC, 0x01,
581 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02, 0x71, 0x2B,
582 0x04, 0x70, 0x29, 0xC1, 0x01, 0x01, 0x0E, 0x35, 0x39, 0x06, 0x02, 0x64,
583 0x2B, 0x2A, 0x01, 0x01, 0xC7, 0x38, 0xB3, 0x00, 0x01, 0xB8, 0x01, 0x0B,
584 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01, 0x03, 0x0F, 0x06, 0x08, 0xBF,
585 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00, 0x47, 0x5A, 0xBF, 0xA5, 0x2A,
586 0x06, 0x23, 0xBF, 0xA5, 0x2A, 0x59, 0x2A, 0x06, 0x18, 0x2A, 0x01, 0x82,
587 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x2A, 0x03, 0x00,
588 0x83, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x56, 0x04, 0x65, 0x9B, 0x57, 0x04,
589 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02, 0x37, 0x00, 0x29, 0x2D, 0x00,
590 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02, 0x72, 0x2B, 0x01, 0x0F, 0x13,
591 0x03, 0x00, 0xAE, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x23, 0xBE,
592 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F,
593 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12, 0x2A, 0x01, 0x02, 0x0B, 0x3A,
594 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C, 0x2B, 0x04, 0x0D, 0x02, 0x00,
595 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x02, 0x20,
596 0x05, 0x02, 0x6C, 0x2B, 0xBE, 0x2A, 0x03, 0x01, 0x2A, 0x01, 0x84, 0x00,
597 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x53, 0x2A,
598 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00, 0x1D, 0xB8, 0x01, 0x0F, 0x0F,
599 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB8, 0x01, 0x01, 0x0F, 0x05, 0x02,
600 0x71, 0x2B, 0xBE, 0x2A, 0x03, 0x00, 0x77, 0x40, 0x78, 0x01, 0x20, 0xB4,
601 0xC0, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02, 0x70, 0x2B, 0x2A, 0x8E, 0x42,
602 0x8D, 0x47, 0xB4, 0x1A, 0x03, 0x01, 0xBE, 0xA5, 0x01, 0x00, 0x03, 0x02,
603 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17, 0x3A, 0x08, 0x03, 0x04, 0x03,
604 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBE, 0x2A, 0x03, 0x06, 0x02, 0x01, 0x06,
605 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x2A,
606 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88, 0x30, 0x06, 0x02, 0x69, 0x2B,
607 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x11,
608 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00, 0x95, 0x2E, 0x0B, 0x13, 0x06,
609 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC2, 0x2A, 0x5B, 0x06, 0x03, 0x29, 0x04,
610 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x79, 0x08, 0x02,
611 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02, 0x05, 0x02, 0x04, 0x11, 0x06,
612 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04,
613 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29, 0x01, 0x00, 0x03, 0x07, 0xC0,
614 0xA5, 0x2A, 0x06, 0x09, 0xC0, 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04,
615 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01, 0x88, 0x04, 0x80, 0x41, 0x01,
616 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x80, 0x4E, 0xBE, 0xA5,
617 0x2A, 0x06, 0x80, 0x47, 0xBE, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x04, 0x29,
618 0xB7, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB5, 0x04,
619 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04,
620 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBC, 0x04, 0x19, 0x01,
621 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBD, 0x04, 0x0F, 0x01, 0x10, 0x3A,
622 0x0F, 0x06, 0x04, 0x29, 0xAA, 0x04, 0x05, 0x29, 0xBA, 0x01, 0x00, 0x29,
623 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03, 0x01,
624 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E, 0x97, 0x40, 0x01, 0x80, 0x56,
625 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10, 0x06, 0x03, 0x29, 0x02, 0x00,
626 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x6B, 0x2B, 0x02, 0x00, 0x96,
627 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0xA1, 0x02, 0x01, 0x06, 0x10,
628 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x29, 0x93, 0x2E, 0x04, 0x04,
629 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40, 0x2A, 0x94, 0x40, 0x2A, 0x97,
630 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x04, 0x01,
631 0x02, 0x88, 0x42, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29,
632 0x01, 0x82, 0x01, 0x07, 0x01, 0xFC, 0x80, 0x00, 0x39, 0x80, 0x2F, 0x13,
633 0x2A, 0x80, 0x41, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47, 0x01,
634 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03, 0x09,
635 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00, 0x03,
636 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20, 0x34,
637 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04, 0x0B,
638 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12, 0x2A,
639 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A, 0x02,
640 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05, 0x0E,
641 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63, 0x01,
642 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05, 0x40,
643 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01, 0x04,
644 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02, 0x12,
645 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01, 0x83,
646 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01, 0x80,
647 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28, 0xA1,
648 0x01, 0x00, 0x00, 0x00, 0xB2, 0xB1, 0x00, 0x04, 0x76, 0x2E, 0xCB, 0x06,
649 0x16, 0xBE, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x2A,
650 0x03, 0x00, 0x83, 0x47, 0xB4, 0x02, 0x00, 0x76, 0x2E, 0xA6, 0x27, 0x76,
651 0x2E, 0x2A, 0xC9, 0x47, 0xC8, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02,
652 0x02, 0x39, 0x06, 0x14, 0xC0, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB4, 0x02,
653 0x03, 0x76, 0x2E, 0xA6, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01, 0x24,
654 0x9B, 0x00, 0x00, 0xB8, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00,
655 0x00, 0x9C, 0xB8, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83, 0x01,
656 0x0C, 0x08, 0x01, 0x0C, 0xB4, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08, 0x01,
657 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01,
658 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00, 0x0F,
659 0x06, 0x02, 0x63, 0x00, 0xCE, 0x04, 0x74, 0x00, 0xBE, 0x01, 0x01, 0x0E,
660 0x06, 0x02, 0x66, 0x2B, 0xC0, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05, 0x11,
661 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30, 0x0B,
662 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42, 0x84,
663 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBE, 0x88, 0x30, 0x01, 0x00, 0x3A,
664 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0,
665 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01, 0x02,
666 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69, 0x2B,
667 0xC0, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C, 0xB4,
668 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03, 0x69,
669 0x2B, 0x29, 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x2A, 0x06, 0x1D, 0xC0,
670 0x06, 0x03, 0xBA, 0x04, 0x15, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x0D, 0x06,
671 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB4, 0x04,
672 0x01, 0xC6, 0x04, 0x60, 0x9B, 0x9B, 0x00, 0x00, 0xB9, 0x2A, 0x5D, 0x06,
673 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC1, 0x01,
674 0x03, 0xBF, 0x47, 0x29, 0x47, 0x00, 0x00, 0xBE, 0xC6, 0x00, 0x03, 0x01,
675 0x00, 0x03, 0x00, 0xBE, 0xA5, 0x2A, 0x06, 0x80, 0x50, 0xC0, 0x03, 0x01,
676 0xC0, 0x03, 0x02, 0x02, 0x01, 0x01, 0x08, 0x0F, 0x06, 0x16, 0x02, 0x02,
677 0x01, 0x0F, 0x0D, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08,
678 0x0C, 0x02, 0x00, 0x39, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02,
679 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F,
680 0x02, 0x02, 0x01, 0x03, 0x0F, 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01,
681 0x01, 0x02, 0x02, 0x60, 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39,
682 0x03, 0x00, 0x04, 0xFF, 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBE, 0xA5,
683 0xBB, 0x80, 0x41, 0x9B, 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x00,
684 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBE, 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B,
685 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F, 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29,
686 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00, 0x01, 0x02, 0x98, 0xC1, 0x01, 0x08,
687 0x0C, 0xC1, 0x08, 0x00, 0x00, 0x01, 0x03, 0x98, 0xC1, 0x01, 0x08, 0x0C,
688 0xC1, 0x08, 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x00, 0x00, 0x01, 0x01, 0x98,
689 0xC1, 0x00, 0x00, 0x3D, 0x2A, 0x5B, 0x05, 0x01, 0x00, 0x29, 0xCE, 0x04,
690 0x76, 0x02, 0x03, 0x00, 0x92, 0x30, 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02,
691 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01, 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02,
692 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F, 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00,
693 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC, 0x29, 0x04, 0x78, 0x01, 0x16,
694 0x87, 0x42, 0x01, 0x00, 0xDF, 0x01, 0x00, 0xDE, 0x2C, 0x01, 0x17, 0x87,
695 0x42, 0x00, 0x00, 0x01, 0x15, 0x87, 0x42, 0x47, 0x55, 0x29, 0x55, 0x29,
696 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47, 0xC4, 0x00, 0x00, 0x47, 0x3A, 0x98,
697 0x47, 0x2A, 0x06, 0x05, 0xC1, 0x29, 0x60, 0x04, 0x78, 0x29, 0x00, 0x02,
698 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13,
699 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08,
700 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01,
701 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04,
702 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x01, 0x01,
703 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52,
704 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F, 0x29, 0x01, 0x01, 0x01, 0x20, 0x02,
705 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A,
706 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x48,
707 0x04, 0x01, 0x49, 0x04, 0x29, 0x01, 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29,
708 0x29, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04,
709 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06, 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06,
710 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00,
711 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C,
712 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03, 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01,
713 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D,
714 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x30, 0x2A, 0x06, 0x22, 0x01, 0x01,
715 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x00, 0x9E, 0x04, 0x14, 0x01, 0x02,
716 0x3A, 0x0F, 0x06, 0x0D, 0x29, 0x75, 0x30, 0x01, 0x01, 0x0F, 0x06, 0x03,
717 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B, 0x30, 0x05,
718 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F, 0x06, 0x06,
719 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F, 0x06, 0x09,
720 0x29, 0xA8, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01, 0x16, 0x3A,
721 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07, 0x29, 0x01, 0x04,
722 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08, 0x39, 0x00, 0x00,
723 0x1B, 0x2A, 0x05, 0x13, 0x31, 0x06, 0x10, 0x86, 0x30, 0x01, 0x15, 0x0F,
724 0x06, 0x08, 0x29, 0xA8, 0x01, 0x00, 0x75, 0x42, 0x04, 0x01, 0x23, 0x00,
725 0x00, 0xCC, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B,
726 0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42,
727 0x00, 0xCC, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCF, 0x01, 0x01, 0xDF,
728 0x2C, 0x2A, 0x01, 0x00, 0xC7, 0x01, 0x16, 0xCF, 0xD3, 0x2C, 0x00, 0x00,
729 0x01, 0x0B, 0xDF, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDE, 0xDE, 0x14,
730 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDE, 0x1E, 0x2A, 0x06, 0x05, 0x83,
731 0x47, 0xD7, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD9, 0x93,
732 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xDA, 0x08,
733 0x4E, 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDF, 0xDE, 0x01, 0x00, 0xD9,
734 0xDF, 0x01, 0x01, 0xD9, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06,
735 0x08, 0x01, 0x00, 0xDA, 0xDD, 0x01, 0x01, 0xDA, 0x29, 0x4E, 0xDD, 0x16,
736 0x15, 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1F, 0x2A, 0x06, 0x05,
737 0x83, 0x47, 0xD7, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14,
738 0xDF, 0x01, 0x0C, 0xDE, 0x83, 0x01, 0x0C, 0xD7, 0x00, 0x04, 0x03, 0x00,
739 0x01, 0x02, 0xDF, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06,
740 0x0C, 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04,
741 0x02, 0x01, 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04,
742 0x02, 0x01, 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21,
743 0x01, 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03,
744 0x08, 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDE, 0x93, 0x2E, 0xDD,
745 0x8C, 0x01, 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C,
746 0x01, 0x20, 0xD7, 0x01, 0x20, 0xDF, 0x8D, 0x01, 0x20, 0xD7, 0x76, 0x2E,
747 0xDD, 0x01, 0x00, 0xDF, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
748 0x2A, 0x06, 0x80, 0x40, 0xDD, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83,
749 0xFE, 0x01, 0xDD, 0x01, 0x04, 0x09, 0x2A, 0xDD, 0x60, 0x89, 0x47, 0xD8,
750 0x04, 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDD, 0x01, 0x01,
751 0xDD, 0x84, 0x30, 0x01, 0x08, 0x09, 0xDF, 0x02, 0x03, 0x2A, 0x06, 0x11,
752 0x01, 0x10, 0xDD, 0x01, 0x04, 0x09, 0x2A, 0xDD, 0x62, 0x2A, 0xDD, 0x60,
753 0x83, 0x47, 0xD8, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01,
754 0x0E, 0xDF, 0x01, 0x00, 0xDE, 0x00, 0x03, 0x76, 0x2E, 0xC9, 0x05, 0x01,
755 0x00, 0x7C, 0x2F, 0x2A, 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x13, 0x06,
756 0x05, 0x29, 0x01, 0x1D, 0x04, 0x0E, 0x2A, 0x01, 0x83, 0xC0, 0x80, 0x80,
757 0x00, 0x13, 0x2A, 0x06, 0x01, 0x47, 0x29, 0xA3, 0x03, 0x00, 0x02, 0x00,
758 0x25, 0x2A, 0x5B, 0x06, 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01,
759 0x86, 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xDF, 0x02, 0x01, 0x7E, 0x30,
760 0x08, 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDE, 0x01,
761 0x03, 0xDF, 0x02, 0x00, 0xDD, 0x7D, 0x7E, 0x30, 0xD8, 0x02, 0x02, 0x06,
762 0x1C, 0x90, 0x2E, 0x2A, 0x01, 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDD,
763 0x04, 0x0F, 0x01, 0x81, 0x7F, 0x13, 0xDF, 0x76, 0x2E, 0xCA, 0x01, 0x01,
764 0x0C, 0x01, 0x03, 0x08, 0xDF, 0x02, 0x01, 0xDD, 0x83, 0x02, 0x01, 0xD7,
765 0x00, 0x00, 0x54, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCC,
766 0x29, 0x04, 0x73, 0x00, 0x2A, 0xDF, 0xD7, 0x00, 0x00, 0x01, 0x00, 0x76,
767 0x2E, 0xC8, 0x06, 0x0C, 0x61, 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xDF,
768 0x01, 0x80, 0x42, 0xDF, 0x46, 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01,
769 0x01, 0xDF, 0x45, 0x06, 0x08, 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40,
770 0xDF, 0x47, 0x29, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39,
771 0x05, 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C, 0xDB, 0x03, 0x00, 0x01, 0x03,
772 0x01, 0x80, 0x7C, 0xDB, 0x02, 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06,
773 0x07, 0x01, 0x01, 0x44, 0x29, 0xDB, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01,
774 0x03, 0x44, 0x29, 0xDB, 0x02, 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00,
775 0x00, 0x00, 0x01, 0x00, 0x01, 0x04, 0xDC, 0x01, 0x05, 0xDC, 0x01, 0x06,
776 0xDC, 0x01, 0x03, 0xDC, 0x01, 0x02, 0xDC, 0x0A, 0x63, 0x00, 0x01, 0x03,
777 0x00, 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61,
778 0x01, 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00, 0xDF, 0x01, 0x02, 0x3B, 0xDF,
779 0x00, 0x00, 0x2A, 0x01, 0x08, 0x52, 0xDF, 0xDF, 0x00, 0x00, 0x2A, 0x01,
780 0x10, 0x52, 0xDF, 0xDD, 0x00, 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00,
781 0xCC, 0x29, 0x04, 0x76
784 static const uint16_t t0_caddr
[] = {
920 #define T0_INTERPRETED 91
922 #define T0_ENTER(ip, rp, slot) do { \
923 const unsigned char *t0_newip; \
925 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
926 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
928 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
932 #define T0_DEFENTRY(name, slot) \
936 t0_context *t0ctx = ctx; \
937 t0ctx->ip = &t0_codeblock[0]; \
938 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
941 T0_DEFENTRY(br_ssl_hs_server_init_main
, 164)
943 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
946 br_ssl_hs_server_run(void *t0ctx
)
949 const unsigned char *ip
;
951 #define T0_LOCAL(x) (*(rp - 2 - (x)))
952 #define T0_POP() (*-- dp)
953 #define T0_POPi() (*(int32_t *)(-- dp))
954 #define T0_PEEK(x) (*(dp - 1 - (x)))
955 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
956 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
957 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
958 #define T0_RPOP() (*-- rp)
959 #define T0_RPOPi() (*(int32_t *)(-- rp))
960 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
961 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
962 #define T0_ROLL(x) do { \
963 size_t t0len = (size_t)(x); \
964 uint32_t t0tmp = *(dp - 1 - t0len); \
965 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
968 #define T0_SWAP() do { \
969 uint32_t t0tmp = *(dp - 2); \
970 *(dp - 2) = *(dp - 1); \
973 #define T0_ROT() do { \
974 uint32_t t0tmp = *(dp - 3); \
975 *(dp - 3) = *(dp - 2); \
976 *(dp - 2) = *(dp - 1); \
979 #define T0_NROT() do { \
980 uint32_t t0tmp = *(dp - 1); \
981 *(dp - 1) = *(dp - 2); \
982 *(dp - 2) = *(dp - 3); \
985 #define T0_PICK(x) do { \
986 uint32_t t0depth = (x); \
987 T0_PUSH(T0_PEEK(t0depth)); \
989 #define T0_CO() do { \
992 #define T0_RET() goto t0_next
994 dp
= ((t0_context
*)t0ctx
)->dp
;
995 rp
= ((t0_context
*)t0ctx
)->rp
;
996 ip
= ((t0_context
*)t0ctx
)->ip
;
1003 if (t0x
< T0_INTERPRETED
) {
1015 ip
= &t0_codeblock
[t0x
];
1017 case 1: /* literal constant */
1018 T0_PUSHi(t0_parse7E_signed(&ip
));
1020 case 2: /* read local */
1021 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
1023 case 3: /* write local */
1024 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
1027 t0off
= t0_parse7E_signed(&ip
);
1030 case 5: /* jump if */
1031 t0off
= t0_parse7E_signed(&ip
);
1036 case 6: /* jump if not */
1037 t0off
= t0_parse7E_signed(&ip
);
1045 uint32_t b
= T0_POP();
1046 uint32_t a
= T0_POP();
1054 uint32_t b
= T0_POP();
1055 uint32_t a
= T0_POP();
1063 uint32_t b
= T0_POP();
1064 uint32_t a
= T0_POP();
1077 int32_t b
= T0_POPi();
1078 int32_t a
= T0_POPi();
1079 T0_PUSH(-(uint32_t)(a
< b
));
1086 int c
= (int)T0_POPi();
1087 uint32_t x
= T0_POP();
1095 int32_t b
= T0_POPi();
1096 int32_t a
= T0_POPi();
1097 T0_PUSH(-(uint32_t)(a
<= b
));
1104 uint32_t b
= T0_POP();
1105 uint32_t a
= T0_POP();
1106 T0_PUSH(-(uint32_t)(a
!= b
));
1113 uint32_t b
= T0_POP();
1114 uint32_t a
= T0_POP();
1115 T0_PUSH(-(uint32_t)(a
== b
));
1122 int32_t b
= T0_POPi();
1123 int32_t a
= T0_POPi();
1124 T0_PUSH(-(uint32_t)(a
> b
));
1131 int32_t b
= T0_POPi();
1132 int32_t a
= T0_POPi();
1133 T0_PUSH(-(uint32_t)(a
>= b
));
1140 int c
= (int)T0_POPi();
1141 int32_t x
= T0_POPi();
1149 uint32_t b
= T0_POP();
1150 uint32_t a
= T0_POP();
1158 if (ENG
->chain_len
== 0) {
1161 ENG
->cert_cur
= ENG
->chain
->data
;
1162 ENG
->cert_len
= ENG
->chain
->data_len
;
1165 T0_PUSH(ENG
->cert_len
);
1173 const br_x500_name
*dn
;
1174 if (CTX
->cur_dn_index
>= CTX
->num_tas
) {
1177 if (CTX
->ta_names
== NULL
) {
1178 dn
= &CTX
->tas
[CTX
->cur_dn_index
].dn
;
1180 dn
= &CTX
->ta_names
[CTX
->cur_dn_index
];
1182 CTX
->cur_dn_index
++;
1183 CTX
->cur_dn
= dn
->data
;
1184 CTX
->cur_dn_len
= dn
->len
;
1185 T0_PUSH(CTX
->cur_dn_len
);
1191 /* begin-ta-name-list */
1193 CTX
->cur_dn_index
= 0;
1200 size_t len
= (size_t)T0_POP();
1201 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1202 memset(addr
, 0, len
);
1207 /* call-policy-handler */
1210 br_ssl_server_choices choices
;
1212 x
= (*CTX
->policy_vtable
)->choose(
1213 CTX
->policy_vtable
, CTX
, &choices
);
1214 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
1215 CTX
->sign_hash_id
= choices
.algo_id
;
1216 ENG
->chain
= choices
.chain
;
1217 ENG
->chain_len
= choices
.chain_len
;
1218 T0_PUSHi(-(x
!= 0));
1225 T0_PUSHi(-(ENG
->hlen_out
> 0));
1232 if (ENG
->session
.session_id_len
== 32
1233 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
1234 CTX
->cache_vtable
, CTX
, &ENG
->session
))
1249 /* compute-Finished-inner */
1251 int prf_id
= T0_POP();
1252 int from_client
= T0_POPi();
1253 unsigned char seed
[48];
1256 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1257 if (ENG
->session
.version
>= BR_TLS12
) {
1258 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1260 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1261 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1264 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1265 sizeof ENG
->session
.master_secret
,
1266 from_client
? "client finished" : "server finished",
1272 /* compute-hash-CV */
1276 for (i
= 1; i
<= 6; i
++) {
1277 br_multihash_out(&ENG
->mhash
, i
,
1278 ENG
->pad
+ HASH_PAD_OFF
[i
- 1]);
1284 /* copy-cert-chunk */
1288 clen
= ENG
->cert_len
;
1289 if (clen
> sizeof ENG
->pad
) {
1290 clen
= sizeof ENG
->pad
;
1292 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1293 ENG
->cert_cur
+= clen
;
1294 ENG
->cert_len
-= clen
;
1304 clen
= CTX
->cur_dn_len
;
1305 if (clen
> sizeof ENG
->pad
) {
1306 clen
= sizeof ENG
->pad
;
1308 memcpy(ENG
->pad
, CTX
->cur_dn
, clen
);
1309 CTX
->cur_dn
+= clen
;
1310 CTX
->cur_dn_len
-= clen
;
1325 if (br_multihash_getimpl(&ENG
->mhash
, id
) == 0) {
1329 off
= HASH_PAD_OFF
[id
- 1];
1330 len
= HASH_PAD_OFF
[id
] - off
;
1332 memcpy(CTX
->hash_CV
, ENG
->pad
+ off
, len
);
1333 CTX
->hash_CV_len
= len
;
1334 CTX
->hash_CV_id
= id
;
1340 /* copy-protocol-name */
1342 size_t idx
= T0_POP();
1343 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1344 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1352 size_t addr
= T0_POP();
1353 T0_PUSH(t0_datablock
[addr
]);
1367 int prf_id
= T0_POPi();
1368 size_t len
= T0_POP();
1369 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1374 /* do-ecdhe-part1 */
1376 int curve
= T0_POPi();
1377 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1382 /* do-ecdhe-part2 */
1384 int prf_id
= T0_POPi();
1385 size_t len
= T0_POP();
1386 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1391 /* do-rsa-decrypt */
1393 int prf_id
= T0_POPi();
1394 size_t len
= T0_POP();
1395 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1400 /* do-static-ecdh */
1402 do_static_ecdh(CTX
, T0_POP());
1413 T0_PUSH(T0_PEEK(0));
1419 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1427 br_ssl_engine_flush_record(ENG
);
1432 /* get-key-type-usages */
1434 const br_x509_class
*xc
;
1435 const br_x509_pkey
*pk
;
1438 xc
= *(ENG
->x509ctx
);
1439 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1443 T0_PUSH(pk
->key_type
| usages
);
1451 size_t addr
= (size_t)T0_POP();
1452 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1459 size_t addr
= (size_t)T0_POP();
1460 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1467 size_t addr
= (size_t)T0_POP();
1468 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1475 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1482 size_t len
= (size_t)T0_POP();
1483 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1484 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1485 int x
= memcmp(addr1
, addr2
, len
);
1486 T0_PUSH((uint32_t)-(x
== 0));
1493 size_t len
= (size_t)T0_POP();
1494 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1495 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1496 memcpy(dst
, src
, len
);
1503 size_t len
= (size_t)T0_POP();
1504 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1505 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1510 /* more-incoming-bytes? */
1512 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1517 /* multihash-init */
1519 br_multihash_init(&ENG
->mhash
);
1526 uint32_t a
= T0_POP();
1534 uint32_t a
= T0_POP();
1542 uint32_t b
= T0_POP();
1543 uint32_t a
= T0_POP();
1550 T0_PUSH(T0_PEEK(1));
1559 /* read-chunk-native */
1561 size_t clen
= ENG
->hlen_in
;
1567 if ((size_t)len
< clen
) {
1570 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1571 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1572 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1574 T0_PUSH(addr
+ (uint32_t)clen
);
1575 T0_PUSH(len
- (uint32_t)clen
);
1576 ENG
->hbuf_in
+= clen
;
1577 ENG
->hlen_in
-= clen
;
1585 if (ENG
->hlen_in
> 0) {
1588 x
= *ENG
->hbuf_in
++;
1589 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1590 br_multihash_update(&ENG
->mhash
, &x
, 1);
1603 if (CTX
->cache_vtable
!= NULL
) {
1604 (*CTX
->cache_vtable
)->save(
1605 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1611 /* set-max-frag-len */
1613 size_t max_frag_len
= T0_POP();
1615 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1618 * We must adjust our own output limit. Since we call this only
1619 * after receiving a ClientHello and before beginning to send
1620 * the ServerHello, the next output record should be empty at
1621 * that point, so we can use max_frag_len as a limit.
1623 if (ENG
->hlen_out
> max_frag_len
) {
1624 ENG
->hlen_out
= max_frag_len
;
1632 size_t addr
= (size_t)T0_POP();
1633 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1640 size_t addr
= (size_t)T0_POP();
1641 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1648 size_t addr
= (size_t)T0_POP();
1649 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1654 /* supported-curves */
1656 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1662 /* supported-hash-functions */
1669 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1670 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1681 /* supports-ecdsa? */
1683 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1688 /* supports-rsa-sign? */
1690 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1700 /* switch-aesgcm-in */
1702 int is_client
, prf_id
;
1703 unsigned cipher_key_len
;
1705 cipher_key_len
= T0_POP();
1707 is_client
= T0_POP();
1708 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1709 ENG
->iaes_ctr
, cipher_key_len
);
1714 /* switch-aesgcm-out */
1716 int is_client
, prf_id
;
1717 unsigned cipher_key_len
;
1719 cipher_key_len
= T0_POP();
1721 is_client
= T0_POP();
1722 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1723 ENG
->iaes_ctr
, cipher_key_len
);
1730 int is_client
, prf_id
, mac_id
, aes
;
1731 unsigned cipher_key_len
;
1733 cipher_key_len
= T0_POP();
1737 is_client
= T0_POP();
1738 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1739 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1744 /* switch-cbc-out */
1746 int is_client
, prf_id
, mac_id
, aes
;
1747 unsigned cipher_key_len
;
1749 cipher_key_len
= T0_POP();
1753 is_client
= T0_POP();
1754 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1755 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1760 /* switch-chapol-in */
1762 int is_client
, prf_id
;
1765 is_client
= T0_POP();
1766 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1771 /* switch-chapol-out */
1773 int is_client
, prf_id
;
1776 is_client
= T0_POP();
1777 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1782 /* ta-names-total-length */
1787 if (CTX
->ta_names
!= NULL
) {
1788 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1789 len
+= CTX
->ta_names
[u
].len
+ 2;
1791 } else if (CTX
->tas
!= NULL
) {
1792 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1793 len
+= CTX
->tas
[u
].dn
.len
+ 2;
1801 /* test-protocol-name */
1803 size_t len
= T0_POP();
1806 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1809 name
= ENG
->protocol_names
[u
];
1810 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1820 /* total-chain-length */
1826 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1827 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1836 uint32_t b
= T0_POP();
1837 uint32_t a
= T0_POP();
1838 T0_PUSH(-(uint32_t)(a
< b
));
1845 int c
= (int)T0_POPi();
1846 uint32_t x
= T0_POP();
1856 err
= verify_CV_sig(CTX
, T0_POP());
1862 /* write-blob-chunk */
1864 size_t clen
= ENG
->hlen_out
;
1870 if ((size_t)len
< clen
) {
1873 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1874 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1875 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1877 T0_PUSH(addr
+ (uint32_t)clen
);
1878 T0_PUSH(len
- (uint32_t)clen
);
1879 ENG
->hbuf_out
+= clen
;
1880 ENG
->hlen_out
-= clen
;
1890 x
= (unsigned char)T0_POP();
1891 if (ENG
->hlen_out
> 0) {
1892 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1893 br_multihash_update(&ENG
->mhash
, &x
, 1);
1895 *ENG
->hbuf_out
++ = x
;
1907 const br_x509_class
*xc
;
1910 xc
= *(ENG
->x509ctx
);
1912 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1919 const br_x509_class
*xc
;
1921 xc
= *(ENG
->x509ctx
);
1922 xc
->end_cert(ENG
->x509ctx
);
1927 /* x509-end-chain */
1929 const br_x509_class
*xc
;
1931 xc
= *(ENG
->x509ctx
);
1932 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1937 /* x509-start-cert */
1939 const br_x509_class
*xc
;
1941 xc
= *(ENG
->x509ctx
);
1942 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1947 /* x509-start-chain */
1949 const br_x509_class
*xc
;
1953 xc
= *(ENG
->x509ctx
);
1954 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1961 T0_ENTER(ip
, rp
, t0x
);
1965 ((t0_context
*)t0ctx
)->dp
= dp
;
1966 ((t0_context
*)t0ctx
)->rp
= rp
;
1967 ((t0_context
*)t0ctx
)->ip
= ip
;