1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *cpoint
, size_t cpoint_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
155 pms_len
= cpoint_len
>> 1;
156 if (pms_len
> sizeof rpms
) {
157 pms_len
= sizeof rpms
;
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
166 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, pms_len
);
167 br_ccopy(ctl
^ 1, cpoint
+ 1, rpms
, pms_len
);
170 * Compute master secret.
172 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, cpoint
+ 1, pms_len
);
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
178 memset(cpoint
, 0, cpoint_len
);
182 * Do the ECDH key exchange (not ECDHE).
185 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
186 unsigned char *cpoint
, size_t cpoint_len
)
191 * Finalise the key exchange.
193 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
195 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
205 do_static_ecdh(br_ssl_server_context
*ctx
, int prf_id
)
207 unsigned char cpoint
[133];
209 const br_x509_class
**xc
;
210 const br_x509_pkey
*pk
;
212 xc
= ctx
->eng
.x509ctx
;
213 pk
= (*xc
)->get_pkey(xc
, NULL
);
214 cpoint_len
= pk
->key
.ec
.qlen
;
215 if (cpoint_len
> sizeof cpoint
) {
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
223 memcpy(cpoint
, pk
->key
.ec
.q
, cpoint_len
);
224 do_ecdh(ctx
, prf_id
, cpoint
, cpoint_len
);
228 * Do the ECDHE key exchange (part 1: generation of transient key, and
229 * computing of the point to send to the client). Returned value is the
230 * signature length (in bytes), or -x on error (with x being an error
231 * code). The encoded point is written in the ecdhe_point[] context buffer
232 * (length in ecdhe_point_len).
235 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
239 const unsigned char *order
;
241 br_multihash_context mhc
;
242 unsigned char head
[4];
243 size_t hv_len
, sig_len
;
245 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
246 return -BR_ERR_INVALID_ALGORITHM
;
248 ctx
->eng
.ecdhe_curve
= curve
;
251 * Generate our private key. We need a non-zero random value
252 * which is lower than the curve order, in a "large enough"
253 * range. We force the top bit to 0 and bottom bit to 1, which
254 * does the trick. Note that contrary to what happens in ECDSA,
255 * this is not a problem if we do not cover the full range of
258 order
= ctx
->eng
.iec
->order(curve
, &olen
);
260 while (mask
>= order
[0]) {
263 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
264 ctx
->ecdhe_key
[0] &= mask
;
265 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
266 ctx
->ecdhe_key_len
= olen
;
269 * Compute our ECDH point.
273 generator
= ctx
->eng
.iec
->generator(curve
, &glen
);
274 memcpy(ctx
->eng
.ecdhe_point
, generator
, glen
);
275 ctx
->eng
.ecdhe_point_len
= glen
;
276 if (!ctx
->eng
.iec
->mul(ctx
->eng
.ecdhe_point
, glen
,
277 ctx
->ecdhe_key
, olen
, curve
))
279 return -BR_ERR_INVALID_ALGORITHM
;
282 glen
= ctx
->eng
.iec
->mulgen(ctx
->eng
.ecdhe_point
,
283 ctx
->ecdhe_key
, olen
, curve
);
284 ctx
->eng
.ecdhe_point_len
= glen
;
287 * Compute the signature.
289 br_multihash_zero(&mhc
);
290 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
291 br_multihash_init(&mhc
);
292 br_multihash_update(&mhc
,
293 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
294 br_multihash_update(&mhc
,
295 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
299 head
[3] = ctx
->eng
.ecdhe_point_len
;
300 br_multihash_update(&mhc
, head
, sizeof head
);
301 br_multihash_update(&mhc
,
302 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
303 hash
= ctx
->sign_hash_id
;
305 hv_len
= br_multihash_out(&mhc
, hash
, ctx
->eng
.pad
);
307 return -BR_ERR_INVALID_ALGORITHM
;
310 if (!br_multihash_out(&mhc
, br_md5_ID
, ctx
->eng
.pad
)
311 || !br_multihash_out(&mhc
,
312 br_sha1_ID
, ctx
->eng
.pad
+ 16))
314 return -BR_ERR_INVALID_ALGORITHM
;
318 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
319 hash
, hv_len
, ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
320 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
324 * Do the ECDHE key exchange (part 2: computation of the shared secret
325 * from the point sent by the client).
328 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
329 unsigned char *cpoint
, size_t cpoint_len
)
334 curve
= ctx
->eng
.ecdhe_curve
;
337 * Finalise the key exchange.
339 x
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
340 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
341 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
344 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
345 * as that key does not get stolen, so we'd better destroy it
346 * as soon as it ceases to be useful.
348 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
352 * Offset for hash value within the pad (when obtaining all hash values,
353 * in preparation for verification of the CertificateVerify message).
354 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
355 * is used to get the total length.
357 static const unsigned char HASH_PAD_OFF
[] = { 0, 16, 36, 64, 96, 144, 208 };
360 * OID for hash functions in RSA signatures.
362 static const unsigned char HASH_OID_SHA1
[] = {
363 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
366 static const unsigned char HASH_OID_SHA224
[] = {
367 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
370 static const unsigned char HASH_OID_SHA256
[] = {
371 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
374 static const unsigned char HASH_OID_SHA384
[] = {
375 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
378 static const unsigned char HASH_OID_SHA512
[] = {
379 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
382 static const unsigned char *HASH_OID
[] = {
391 * Verify the signature in CertificateVerify. Returned value is 0 on
392 * success, or a non-zero error code. Lack of implementation of the
393 * designated signature algorithm is reported as a "bad signature"
394 * error (because it means that the peer did not honour our advertised
395 * set of supported signature algorithms).
398 verify_CV_sig(br_ssl_server_context
*ctx
, size_t sig_len
)
400 const br_x509_class
**xc
;
401 const br_x509_pkey
*pk
;
404 id
= ctx
->hash_CV_id
;
405 xc
= ctx
->eng
.x509ctx
;
406 pk
= (*xc
)->get_pkey(xc
, NULL
);
407 if (pk
->key_type
== BR_KEYTYPE_RSA
) {
408 unsigned char tmp
[64];
409 const unsigned char *hash_oid
;
414 hash_oid
= HASH_OID
[id
- 2];
416 if (ctx
->eng
.irsavrfy
== 0) {
417 return BR_ERR_BAD_SIGNATURE
;
419 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
420 hash_oid
, ctx
->hash_CV_len
, &pk
->key
.rsa
, tmp
)
421 || memcmp(tmp
, ctx
->hash_CV
, ctx
->hash_CV_len
) != 0)
423 return BR_ERR_BAD_SIGNATURE
;
426 if (ctx
->eng
.iecdsa
== 0) {
427 return BR_ERR_BAD_SIGNATURE
;
429 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
,
430 ctx
->hash_CV
, ctx
->hash_CV_len
,
431 &pk
->key
.ec
, ctx
->eng
.pad
, sig_len
))
433 return BR_ERR_BAD_SIGNATURE
;
441 static const uint8_t t0_datablock
[] = {
442 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
443 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
444 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
445 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
446 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
447 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
448 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
449 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
450 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
451 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
452 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
453 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
454 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
457 static const uint8_t t0_codeblock
[] = {
458 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
459 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
460 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
461 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
466 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
467 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_BAD_SIGNATURE
), 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_NO_CLIENT_AUTH
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
473 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
476 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
477 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
480 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
482 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
485 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
486 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
488 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
489 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
490 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
491 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
492 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)),
493 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
494 0x00, 0x00, 0x79, 0x01,
495 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
496 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
497 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
499 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
501 T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)), 0x00,
502 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
504 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
505 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
506 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
508 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
511 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
513 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
515 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
517 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
518 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
519 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
520 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
522 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
523 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
525 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
526 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
528 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
529 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
530 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
531 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
532 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA5, 0x1C, 0x83,
533 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
534 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x42, 0x2C, 0x19,
535 0x38, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
536 0xC4, 0x02, 0x00, 0x2A, 0x19, 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCC, 0x04,
537 0x76, 0x00, 0x01, 0x00, 0x75, 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
538 0x8A, 0x40, 0x36, 0xAE, 0x35, 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD3,
539 0x01, 0x00, 0xCF, 0x01, 0x00, 0xAA, 0x04, 0x80, 0x46, 0xD3, 0xD0, 0x29,
540 0xD5, 0x4E, 0x06, 0x01, 0xD1, 0xD4, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00,
541 0xAB, 0x2A, 0x5B, 0x06, 0x0F, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B,
542 0x29, 0xAF, 0xAD, 0x2A, 0xC5, 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B,
543 0x29, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x6E, 0x2B, 0xAF, 0x04, 0x0A, 0xB1,
544 0x2A, 0x05, 0x04, 0x29, 0xA8, 0x04, 0x02, 0xB0, 0xAC, 0x04, 0x01, 0xAF,
545 0x01, 0x00, 0xAA, 0x01, 0x00, 0xCF, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01,
546 0x17, 0x87, 0x42, 0x00, 0x00, 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C,
547 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00,
548 0xC3, 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01,
549 0x84, 0x00, 0x08, 0x2B, 0x00, 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01,
550 0x13, 0x37, 0x00, 0x00, 0x01, 0x7F, 0x9F, 0xCB, 0x2A, 0x01, 0x07, 0x13,
551 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01,
552 0xC2, 0x04, 0x2A, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88,
553 0x30, 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19,
554 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC4, 0x04,
555 0x03, 0x01, 0x00, 0x9F, 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01,
556 0x2A, 0x03, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00,
557 0x00, 0x00, 0x9A, 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00,
558 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29,
559 0x01, 0x02, 0x74, 0x42, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x3A, 0x0F,
560 0x06, 0x15, 0x29, 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F,
561 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x00, 0x04, 0x07, 0x29,
562 0x01, 0x82, 0x00, 0x08, 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06,
563 0x05, 0x3D, 0xA6, 0x39, 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F,
564 0x42, 0x00, 0x00, 0x01, 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72,
565 0x2B, 0x76, 0x2E, 0x2A, 0xC7, 0x05, 0x02, 0x71, 0x2B, 0xA5, 0x28, 0x00,
566 0x02, 0x85, 0x2E, 0x05, 0x02, 0xB9, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x01,
567 0x7E, 0x03, 0x00, 0x2A, 0x06, 0x17, 0xBF, 0x2A, 0x03, 0x01, 0x83, 0x47,
568 0xB3, 0x02, 0x01, 0x4F, 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00,
569 0x04, 0x01, 0x29, 0x04, 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40,
570 0x00, 0x00, 0x31, 0x06, 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02,
571 0x71, 0x2B, 0x04, 0x11, 0xCB, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E,
572 0x06, 0x06, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC0, 0x01, 0x01,
573 0x0E, 0x35, 0x39, 0x06, 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC6, 0x38,
574 0xB2, 0x00, 0x01, 0xB7, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A,
575 0x01, 0x03, 0x0F, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29,
576 0x00, 0x47, 0x5A, 0xBE, 0xA4, 0x2A, 0x06, 0x23, 0xBE, 0xA4, 0x2A, 0x59,
577 0x2A, 0x06, 0x18, 0x2A, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82,
578 0x00, 0x04, 0x01, 0x2A, 0x03, 0x00, 0x83, 0x02, 0x00, 0xB3, 0x02, 0x00,
579 0x56, 0x04, 0x65, 0x9B, 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06,
580 0x02, 0x37, 0x00, 0x29, 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05,
581 0x02, 0x72, 0x2B, 0x01, 0x0F, 0x13, 0x03, 0x00, 0xAD, 0x93, 0x2E, 0x01,
582 0x86, 0x03, 0x11, 0x06, 0x23, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F,
583 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08,
584 0x12, 0x2A, 0x01, 0x02, 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02,
585 0x6C, 0x2B, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01,
586 0x00, 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBD, 0x2A,
587 0x03, 0x01, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83,
588 0x47, 0xB3, 0x02, 0x01, 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00,
589 0x00, 0x1D, 0xB7, 0x01, 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A,
590 0xB7, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0xBD, 0x2A, 0x03, 0x00,
591 0x77, 0x40, 0x78, 0x01, 0x20, 0xB3, 0xBF, 0x2A, 0x01, 0x20, 0x10, 0x06,
592 0x02, 0x70, 0x2B, 0x2A, 0x8E, 0x42, 0x8D, 0x47, 0xB3, 0x1A, 0x03, 0x01,
593 0xBD, 0xA4, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0,
594 0x17, 0x3A, 0x08, 0x03, 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBD,
595 0x2A, 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06,
596 0x04, 0x01, 0x7F, 0x03, 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A,
597 0x88, 0x30, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01,
598 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02,
599 0x00, 0x95, 0x2E, 0x0B, 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC1,
600 0x2A, 0x5B, 0x06, 0x03, 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B,
601 0x01, 0x02, 0x0C, 0x79, 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29,
602 0x02, 0x05, 0x02, 0x04, 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02,
603 0x05, 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F,
604 0x29, 0x01, 0x00, 0x03, 0x07, 0xBF, 0xA4, 0x2A, 0x06, 0x09, 0xBF, 0x05,
605 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42,
606 0x01, 0x88, 0x04, 0x80, 0x40, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41,
607 0x2A, 0x06, 0x80, 0x4E, 0xBD, 0xA4, 0x2A, 0x06, 0x80, 0x47, 0xBD, 0x01,
608 0x00, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04, 0x39, 0x01, 0x01, 0x3A,
609 0x0F, 0x06, 0x04, 0x29, 0xB4, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A,
610 0x0F, 0x06, 0x04, 0x29, 0xB5, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06,
611 0x04, 0x29, 0xBB, 0x04, 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29,
612 0xBC, 0x04, 0x0F, 0x01, 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xA9, 0x04,
613 0x05, 0x29, 0xB9, 0x01, 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02,
614 0x01, 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77,
615 0x2E, 0x97, 0x40, 0x01, 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00,
616 0x10, 0x06, 0x03, 0x29, 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06,
617 0x02, 0x6B, 0x2B, 0x02, 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80,
618 0x46, 0xA1, 0x02, 0x01, 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06,
619 0x05, 0x29, 0x93, 0x2E, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93,
620 0x40, 0x2A, 0x94, 0x40, 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03,
621 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x88, 0x42, 0x02, 0x07, 0x05,
622 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07, 0x80, 0x2E,
623 0x13, 0x2A, 0x80, 0x40, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47,
624 0x01, 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03,
625 0x09, 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00,
626 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20,
627 0x34, 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04,
628 0x0B, 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12,
629 0x2A, 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A,
630 0x02, 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05,
631 0x0E, 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63,
632 0x01, 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05,
633 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01,
634 0x04, 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02,
635 0x12, 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01,
636 0x83, 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01,
637 0x80, 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28,
638 0xA1, 0x01, 0x00, 0x00, 0x00, 0xB1, 0xB0, 0x00, 0x04, 0x76, 0x2E, 0xCA,
639 0x06, 0x16, 0xBD, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B,
640 0x2A, 0x03, 0x00, 0x83, 0x47, 0xB3, 0x02, 0x00, 0x76, 0x2E, 0xA5, 0x27,
641 0x76, 0x2E, 0x2A, 0xC8, 0x47, 0xC7, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01,
642 0x02, 0x02, 0x39, 0x06, 0x14, 0xBF, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB3,
643 0x02, 0x03, 0x76, 0x2E, 0xA5, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01,
644 0x24, 0x9B, 0x00, 0x00, 0xB7, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B,
645 0x00, 0x00, 0x9C, 0xB7, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83,
646 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB3, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08,
647 0x01, 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03,
648 0x01, 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00,
649 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x04, 0x74, 0x00, 0xBD, 0x01, 0x01,
650 0x0E, 0x06, 0x02, 0x66, 0x2B, 0xBF, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05,
651 0x11, 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30,
652 0x0B, 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42,
653 0x84, 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBD, 0x88, 0x30, 0x01, 0x00,
654 0x3A, 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B,
655 0xBF, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01,
656 0x02, 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69,
657 0x2B, 0xBF, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C,
658 0xB3, 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03,
659 0x69, 0x2B, 0x29, 0x00, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x2A, 0x06, 0x1D,
660 0xBF, 0x06, 0x03, 0xB9, 0x04, 0x15, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x0D,
661 0x06, 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB3,
662 0x04, 0x01, 0xC5, 0x04, 0x60, 0x9B, 0x9B, 0x00, 0x00, 0xB8, 0x2A, 0x5D,
663 0x06, 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC0,
664 0x01, 0x03, 0xBE, 0x47, 0x29, 0x47, 0x00, 0x00, 0xBD, 0xC5, 0x00, 0x03,
665 0x01, 0x00, 0x03, 0x00, 0xBD, 0xA4, 0x2A, 0x06, 0x32, 0xBF, 0x03, 0x01,
666 0xBF, 0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06,
667 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F,
668 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60, 0x01,
669 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0x4B, 0x9B,
670 0x02, 0x00, 0x00, 0x00, 0xBD, 0xA4, 0xBA, 0x80, 0x40, 0x9B, 0x00, 0x00,
671 0xBD, 0xA4, 0xBD, 0xA4, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBD,
672 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F,
673 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00,
674 0x01, 0x02, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x00, 0x00, 0x01,
675 0x03, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x01, 0x08, 0x0C, 0xC0,
676 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC0, 0x00, 0x00, 0x3D, 0x2A, 0x5B,
677 0x05, 0x01, 0x00, 0x29, 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x92, 0x30,
678 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01,
679 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F,
680 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04,
681 0xCB, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0xDE, 0x01,
682 0x00, 0xDD, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01, 0x15, 0x87,
683 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47,
684 0xC3, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05, 0xC0, 0x29,
685 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03,
686 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01,
687 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00,
688 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06,
689 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F,
690 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A,
691 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F,
692 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01,
693 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01,
694 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x29, 0x01,
695 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06,
696 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06,
697 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04,
698 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02,
699 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03,
700 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00,
701 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73,
702 0x30, 0x2A, 0x06, 0x1F, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01,
703 0x00, 0x9E, 0x04, 0x11, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0A, 0x29, 0x75,
704 0x30, 0x06, 0x03, 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29,
705 0x7B, 0x30, 0x05, 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A,
706 0x0F, 0x06, 0x06, 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A,
707 0x0F, 0x06, 0x09, 0x29, 0xA7, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13,
708 0x01, 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07,
709 0x29, 0x01, 0x04, 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08,
710 0x39, 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x0F, 0x31, 0x06, 0x0C, 0x86, 0x30,
711 0x01, 0x15, 0x0F, 0x06, 0x04, 0x29, 0xA7, 0x04, 0x01, 0x23, 0x00, 0x00,
712 0xCB, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00,
713 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00,
714 0xCB, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDE, 0x2C,
715 0x2A, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD2, 0x2C, 0x00, 0x00, 0x01,
716 0x0B, 0xDE, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDD, 0xDD, 0x14, 0x2A,
717 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47,
718 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD8, 0x93, 0x2E,
719 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xD9, 0x08, 0x4E,
720 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDE, 0xDD, 0x01, 0x00, 0xD8, 0xDE,
721 0x01, 0x01, 0xD8, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08,
722 0x01, 0x00, 0xD9, 0xDC, 0x01, 0x01, 0xD9, 0x29, 0x4E, 0xDC, 0x16, 0x15,
723 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDC, 0x1F, 0x2A, 0x06, 0x05, 0x83,
724 0x47, 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDE,
725 0x01, 0x0C, 0xDD, 0x83, 0x01, 0x0C, 0xD6, 0x00, 0x04, 0x03, 0x00, 0x01,
726 0x02, 0xDE, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C,
727 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
728 0x01, 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
729 0x01, 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01,
730 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
731 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDD, 0x93, 0x2E, 0xDC, 0x8C,
732 0x01, 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01,
733 0x20, 0xD6, 0x01, 0x20, 0xDE, 0x8D, 0x01, 0x20, 0xD6, 0x76, 0x2E, 0xDC,
734 0x01, 0x00, 0xDE, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
735 0x06, 0x80, 0x40, 0xDC, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE,
736 0x01, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x60, 0x89, 0x47, 0xD7, 0x04,
737 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC,
738 0x84, 0x30, 0x01, 0x08, 0x09, 0xDE, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01,
739 0x10, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x62, 0x2A, 0xDC, 0x60, 0x83,
740 0x47, 0xD7, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E,
741 0xDE, 0x01, 0x00, 0xDD, 0x00, 0x03, 0x76, 0x2E, 0xC8, 0x05, 0x01, 0x00,
742 0x7C, 0x2F, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01, 0x13, 0x5D, 0x06, 0x03,
743 0x5F, 0x04, 0x75, 0x03, 0x00, 0x29, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06,
744 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03,
745 0x02, 0x01, 0x0C, 0xDE, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01,
746 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDD, 0x01, 0x03, 0xDE, 0x02, 0x00,
747 0xDC, 0x7D, 0x7E, 0x30, 0xD7, 0x02, 0x02, 0x06, 0x0D, 0x90, 0x30, 0xDE,
748 0x76, 0x2E, 0xC9, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, 0xDE, 0x02, 0x01,
749 0xDC, 0x83, 0x02, 0x01, 0xD6, 0x00, 0x00, 0x54, 0x2A, 0x01, 0x00, 0x0F,
750 0x06, 0x02, 0x63, 0x00, 0xCB, 0x29, 0x04, 0x73, 0x00, 0x2A, 0xDE, 0xD6,
751 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC7, 0x06, 0x0C, 0x61, 0x3A, 0x06,
752 0x08, 0x01, 0x80, 0x41, 0xDE, 0x01, 0x80, 0x42, 0xDE, 0x46, 0x06, 0x07,
753 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDE, 0x45, 0x06, 0x08, 0x5F, 0x3A,
754 0x06, 0x04, 0x01, 0x80, 0x40, 0xDE, 0x47, 0x29, 0x00, 0x01, 0x01, 0x00,
755 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C,
756 0xDA, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDA, 0x02, 0x00, 0x08,
757 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44, 0x29, 0xDA, 0x03,
758 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDA, 0x02, 0x00, 0x08,
759 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x04, 0xDB,
760 0x01, 0x05, 0xDB, 0x01, 0x06, 0xDB, 0x01, 0x03, 0xDB, 0x01, 0x02, 0xDB,
761 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C,
762 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00,
763 0xDE, 0x01, 0x02, 0x3B, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x08, 0x52, 0xDE,
764 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDE, 0xDC, 0x00, 0x00, 0x2A,
765 0x55, 0x06, 0x02, 0x29, 0x00, 0xCB, 0x29, 0x04, 0x76
768 static const uint16_t t0_caddr
[] = {
903 #define T0_INTERPRETED 91
905 #define T0_ENTER(ip, rp, slot) do { \
906 const unsigned char *t0_newip; \
908 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
909 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
911 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
915 #define T0_DEFENTRY(name, slot) \
919 t0_context *t0ctx = ctx; \
920 t0ctx->ip = &t0_codeblock[0]; \
921 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
924 T0_DEFENTRY(br_ssl_hs_server_init_main
, 163)
926 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
929 br_ssl_hs_server_run(void *t0ctx
)
932 const unsigned char *ip
;
934 #define T0_LOCAL(x) (*(rp - 2 - (x)))
935 #define T0_POP() (*-- dp)
936 #define T0_POPi() (*(int32_t *)(-- dp))
937 #define T0_PEEK(x) (*(dp - 1 - (x)))
938 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
939 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
940 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
941 #define T0_RPOP() (*-- rp)
942 #define T0_RPOPi() (*(int32_t *)(-- rp))
943 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
944 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
945 #define T0_ROLL(x) do { \
946 size_t t0len = (size_t)(x); \
947 uint32_t t0tmp = *(dp - 1 - t0len); \
948 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
951 #define T0_SWAP() do { \
952 uint32_t t0tmp = *(dp - 2); \
953 *(dp - 2) = *(dp - 1); \
956 #define T0_ROT() do { \
957 uint32_t t0tmp = *(dp - 3); \
958 *(dp - 3) = *(dp - 2); \
959 *(dp - 2) = *(dp - 1); \
962 #define T0_NROT() do { \
963 uint32_t t0tmp = *(dp - 1); \
964 *(dp - 1) = *(dp - 2); \
965 *(dp - 2) = *(dp - 3); \
968 #define T0_PICK(x) do { \
969 uint32_t t0depth = (x); \
970 T0_PUSH(T0_PEEK(t0depth)); \
972 #define T0_CO() do { \
975 #define T0_RET() goto t0_next
977 dp
= ((t0_context
*)t0ctx
)->dp
;
978 rp
= ((t0_context
*)t0ctx
)->rp
;
979 ip
= ((t0_context
*)t0ctx
)->ip
;
986 if (t0x
< T0_INTERPRETED
) {
998 ip
= &t0_codeblock
[t0x
];
1000 case 1: /* literal constant */
1001 T0_PUSHi(t0_parse7E_signed(&ip
));
1003 case 2: /* read local */
1004 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
1006 case 3: /* write local */
1007 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
1010 t0off
= t0_parse7E_signed(&ip
);
1013 case 5: /* jump if */
1014 t0off
= t0_parse7E_signed(&ip
);
1019 case 6: /* jump if not */
1020 t0off
= t0_parse7E_signed(&ip
);
1028 uint32_t b
= T0_POP();
1029 uint32_t a
= T0_POP();
1037 uint32_t b
= T0_POP();
1038 uint32_t a
= T0_POP();
1046 uint32_t b
= T0_POP();
1047 uint32_t a
= T0_POP();
1060 int32_t b
= T0_POPi();
1061 int32_t a
= T0_POPi();
1062 T0_PUSH(-(uint32_t)(a
< b
));
1069 int c
= (int)T0_POPi();
1070 uint32_t x
= T0_POP();
1078 int32_t b
= T0_POPi();
1079 int32_t a
= T0_POPi();
1080 T0_PUSH(-(uint32_t)(a
<= b
));
1087 uint32_t b
= T0_POP();
1088 uint32_t a
= T0_POP();
1089 T0_PUSH(-(uint32_t)(a
!= b
));
1096 uint32_t b
= T0_POP();
1097 uint32_t a
= T0_POP();
1098 T0_PUSH(-(uint32_t)(a
== b
));
1105 int32_t b
= T0_POPi();
1106 int32_t a
= T0_POPi();
1107 T0_PUSH(-(uint32_t)(a
> b
));
1114 int32_t b
= T0_POPi();
1115 int32_t a
= T0_POPi();
1116 T0_PUSH(-(uint32_t)(a
>= b
));
1123 int c
= (int)T0_POPi();
1124 int32_t x
= T0_POPi();
1132 uint32_t b
= T0_POP();
1133 uint32_t a
= T0_POP();
1141 if (ENG
->chain_len
== 0) {
1144 ENG
->cert_cur
= ENG
->chain
->data
;
1145 ENG
->cert_len
= ENG
->chain
->data_len
;
1148 T0_PUSH(ENG
->cert_len
);
1156 const br_x500_name
*dn
;
1157 if (CTX
->cur_dn_index
>= CTX
->num_tas
) {
1160 if (CTX
->ta_names
== NULL
) {
1161 dn
= &CTX
->tas
[CTX
->cur_dn_index
].dn
;
1163 dn
= &CTX
->ta_names
[CTX
->cur_dn_index
];
1165 CTX
->cur_dn_index
++;
1166 CTX
->cur_dn
= dn
->data
;
1167 CTX
->cur_dn_len
= dn
->len
;
1168 T0_PUSH(CTX
->cur_dn_len
);
1174 /* begin-ta-name-list */
1176 CTX
->cur_dn_index
= 0;
1183 size_t len
= (size_t)T0_POP();
1184 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1185 memset(addr
, 0, len
);
1190 /* call-policy-handler */
1193 br_ssl_server_choices choices
;
1195 x
= (*CTX
->policy_vtable
)->choose(
1196 CTX
->policy_vtable
, CTX
, &choices
);
1197 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
1198 CTX
->sign_hash_id
= choices
.hash_id
;
1199 ENG
->chain
= choices
.chain
;
1200 ENG
->chain_len
= choices
.chain_len
;
1201 T0_PUSHi(-(x
!= 0));
1208 T0_PUSHi(-(ENG
->hlen_out
> 0));
1215 if (ENG
->session
.session_id_len
== 32
1216 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
1217 CTX
->cache_vtable
, CTX
, &ENG
->session
))
1232 /* compute-Finished-inner */
1234 int prf_id
= T0_POP();
1235 int from_client
= T0_POPi();
1236 unsigned char seed
[48];
1239 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1240 if (ENG
->session
.version
>= BR_TLS12
) {
1241 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1243 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1244 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1247 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1248 sizeof ENG
->session
.master_secret
,
1249 from_client
? "client finished" : "server finished",
1255 /* compute-hash-CV */
1259 for (i
= 1; i
<= 6; i
++) {
1260 br_multihash_out(&ENG
->mhash
, i
,
1261 ENG
->pad
+ HASH_PAD_OFF
[i
- 1]);
1267 /* copy-cert-chunk */
1271 clen
= ENG
->cert_len
;
1272 if (clen
> sizeof ENG
->pad
) {
1273 clen
= sizeof ENG
->pad
;
1275 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1276 ENG
->cert_cur
+= clen
;
1277 ENG
->cert_len
-= clen
;
1287 clen
= CTX
->cur_dn_len
;
1288 if (clen
> sizeof ENG
->pad
) {
1289 clen
= sizeof ENG
->pad
;
1291 memcpy(ENG
->pad
, CTX
->cur_dn
, clen
);
1292 CTX
->cur_dn
+= clen
;
1293 CTX
->cur_dn_len
-= clen
;
1308 if (br_multihash_getimpl(&ENG
->mhash
, id
) == 0) {
1312 off
= HASH_PAD_OFF
[id
- 1];
1313 len
= HASH_PAD_OFF
[id
] - off
;
1315 memcpy(CTX
->hash_CV
, ENG
->pad
+ off
, len
);
1316 CTX
->hash_CV_len
= len
;
1317 CTX
->hash_CV_id
= id
;
1323 /* copy-protocol-name */
1325 size_t idx
= T0_POP();
1326 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1327 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1335 size_t addr
= T0_POP();
1336 T0_PUSH(t0_datablock
[addr
]);
1350 int prf_id
= T0_POPi();
1351 size_t len
= T0_POP();
1352 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1357 /* do-ecdhe-part1 */
1359 int curve
= T0_POPi();
1360 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1365 /* do-ecdhe-part2 */
1367 int prf_id
= T0_POPi();
1368 size_t len
= T0_POP();
1369 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1374 /* do-rsa-decrypt */
1376 int prf_id
= T0_POPi();
1377 size_t len
= T0_POP();
1378 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1383 /* do-static-ecdh */
1385 do_static_ecdh(CTX
, T0_POP());
1396 T0_PUSH(T0_PEEK(0));
1402 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1410 br_ssl_engine_flush_record(ENG
);
1415 /* get-key-type-usages */
1417 const br_x509_class
*xc
;
1418 const br_x509_pkey
*pk
;
1421 xc
= *(ENG
->x509ctx
);
1422 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1426 T0_PUSH(pk
->key_type
| usages
);
1434 size_t addr
= (size_t)T0_POP();
1435 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1442 size_t addr
= (size_t)T0_POP();
1443 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1450 size_t addr
= (size_t)T0_POP();
1451 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1458 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1465 size_t len
= (size_t)T0_POP();
1466 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1467 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1468 int x
= memcmp(addr1
, addr2
, len
);
1469 T0_PUSH((uint32_t)-(x
== 0));
1476 size_t len
= (size_t)T0_POP();
1477 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1478 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1479 memcpy(dst
, src
, len
);
1486 size_t len
= (size_t)T0_POP();
1487 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1488 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1493 /* more-incoming-bytes? */
1495 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1500 /* multihash-init */
1502 br_multihash_init(&ENG
->mhash
);
1509 uint32_t a
= T0_POP();
1517 uint32_t a
= T0_POP();
1525 uint32_t b
= T0_POP();
1526 uint32_t a
= T0_POP();
1533 T0_PUSH(T0_PEEK(1));
1542 /* read-chunk-native */
1544 size_t clen
= ENG
->hlen_in
;
1550 if ((size_t)len
< clen
) {
1553 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1554 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1555 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1557 T0_PUSH(addr
+ (uint32_t)clen
);
1558 T0_PUSH(len
- (uint32_t)clen
);
1559 ENG
->hbuf_in
+= clen
;
1560 ENG
->hlen_in
-= clen
;
1568 if (ENG
->hlen_in
> 0) {
1571 x
= *ENG
->hbuf_in
++;
1572 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1573 br_multihash_update(&ENG
->mhash
, &x
, 1);
1586 if (CTX
->cache_vtable
!= NULL
) {
1587 (*CTX
->cache_vtable
)->save(
1588 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1594 /* set-max-frag-len */
1596 size_t max_frag_len
= T0_POP();
1598 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1601 * We must adjust our own output limit. Since we call this only
1602 * after receiving a ClientHello and before beginning to send
1603 * the ServerHello, the next output record should be empty at
1604 * that point, so we can use max_frag_len as a limit.
1606 if (ENG
->hlen_out
> max_frag_len
) {
1607 ENG
->hlen_out
= max_frag_len
;
1615 size_t addr
= (size_t)T0_POP();
1616 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1623 size_t addr
= (size_t)T0_POP();
1624 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1631 size_t addr
= (size_t)T0_POP();
1632 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1637 /* supported-curves */
1639 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1645 /* supported-hash-functions */
1652 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1653 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1664 /* supports-ecdsa? */
1666 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1671 /* supports-rsa-sign? */
1673 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1683 /* switch-aesgcm-in */
1685 int is_client
, prf_id
;
1686 unsigned cipher_key_len
;
1688 cipher_key_len
= T0_POP();
1690 is_client
= T0_POP();
1691 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1692 ENG
->iaes_ctr
, cipher_key_len
);
1697 /* switch-aesgcm-out */
1699 int is_client
, prf_id
;
1700 unsigned cipher_key_len
;
1702 cipher_key_len
= T0_POP();
1704 is_client
= T0_POP();
1705 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1706 ENG
->iaes_ctr
, cipher_key_len
);
1713 int is_client
, prf_id
, mac_id
, aes
;
1714 unsigned cipher_key_len
;
1716 cipher_key_len
= T0_POP();
1720 is_client
= T0_POP();
1721 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1722 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1727 /* switch-cbc-out */
1729 int is_client
, prf_id
, mac_id
, aes
;
1730 unsigned cipher_key_len
;
1732 cipher_key_len
= T0_POP();
1736 is_client
= T0_POP();
1737 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1738 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1743 /* switch-chapol-in */
1745 int is_client
, prf_id
;
1748 is_client
= T0_POP();
1749 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1754 /* switch-chapol-out */
1756 int is_client
, prf_id
;
1759 is_client
= T0_POP();
1760 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1765 /* ta-names-total-length */
1770 if (CTX
->ta_names
!= NULL
) {
1771 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1772 len
+= CTX
->ta_names
[u
].len
+ 2;
1774 } else if (CTX
->tas
!= NULL
) {
1775 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1776 len
+= CTX
->tas
[u
].dn
.len
+ 2;
1784 /* test-protocol-name */
1786 size_t len
= T0_POP();
1789 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1792 name
= ENG
->protocol_names
[u
];
1793 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1803 /* total-chain-length */
1809 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1810 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1819 uint32_t b
= T0_POP();
1820 uint32_t a
= T0_POP();
1821 T0_PUSH(-(uint32_t)(a
< b
));
1828 int c
= (int)T0_POPi();
1829 uint32_t x
= T0_POP();
1839 err
= verify_CV_sig(CTX
, T0_POP());
1845 /* write-blob-chunk */
1847 size_t clen
= ENG
->hlen_out
;
1853 if ((size_t)len
< clen
) {
1856 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1857 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1858 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1860 T0_PUSH(addr
+ (uint32_t)clen
);
1861 T0_PUSH(len
- (uint32_t)clen
);
1862 ENG
->hbuf_out
+= clen
;
1863 ENG
->hlen_out
-= clen
;
1873 x
= (unsigned char)T0_POP();
1874 if (ENG
->hlen_out
> 0) {
1875 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1876 br_multihash_update(&ENG
->mhash
, &x
, 1);
1878 *ENG
->hbuf_out
++ = x
;
1890 const br_x509_class
*xc
;
1893 xc
= *(ENG
->x509ctx
);
1895 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1902 const br_x509_class
*xc
;
1904 xc
= *(ENG
->x509ctx
);
1905 xc
->end_cert(ENG
->x509ctx
);
1910 /* x509-end-chain */
1912 const br_x509_class
*xc
;
1914 xc
= *(ENG
->x509ctx
);
1915 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1920 /* x509-start-cert */
1922 const br_x509_class
*xc
;
1924 xc
= *(ENG
->x509ctx
);
1925 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1930 /* x509-start-chain */
1932 const br_x509_class
*xc
;
1936 xc
= *(ENG
->x509ctx
);
1937 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1944 T0_ENTER(ip
, rp
, t0x
);
1948 ((t0_context
*)t0ctx
)->dp
= dp
;
1949 ((t0_context
*)t0ctx
)->rp
= rp
;
1950 ((t0_context
*)t0ctx
)->ip
= ip
;