projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
More optimisations for EC P-256 "i15" (specialised squaring function, mixed coordinat...
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
203 */
204 static void
205 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
206 {
207 unsigned char cpoint[133];
208 size_t cpoint_len;
209 const br_x509_class **xc;
210 const br_x509_pkey *pk;
211
212 xc = ctx->eng.x509ctx;
213 pk = (*xc)->get_pkey(xc, NULL);
214 cpoint_len = pk->key.ec.qlen;
215 if (cpoint_len > sizeof cpoint) {
216 /*
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
220 */
221 cpoint_len = 2;
222 }
223 memcpy(cpoint, pk->key.ec.q, cpoint_len);
224 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
225 }
226
227 /*
228 * Do the ECDHE key exchange (part 1: generation of transient key, and
229 * computing of the point to send to the client). Returned value is the
230 * signature length (in bytes), or -x on error (with x being an error
231 * code). The encoded point is written in the ecdhe_point[] context buffer
232 * (length in ecdhe_point_len).
233 */
234 static int
235 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
236 {
237 int hash;
238 unsigned mask;
239 const unsigned char *order;
240 size_t olen, glen;
241 br_multihash_context mhc;
242 unsigned char head[4];
243 size_t hv_len, sig_len;
244
245 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
246 return -BR_ERR_INVALID_ALGORITHM;
247 }
248 ctx->eng.ecdhe_curve = curve;
249
250 /*
251 * Generate our private key. We need a non-zero random value
252 * which is lower than the curve order, in a "large enough"
253 * range. We force the top bit to 0 and bottom bit to 1, which
254 * does the trick. Note that contrary to what happens in ECDSA,
255 * this is not a problem if we do not cover the full range of
256 * possible values.
257 */
258 order = ctx->eng.iec->order(curve, &olen);
259 mask = 0xFF;
260 while (mask >= order[0]) {
261 mask >>= 1;
262 }
263 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
264 ctx->ecdhe_key[0] &= mask;
265 ctx->ecdhe_key[olen - 1] |= 0x01;
266 ctx->ecdhe_key_len = olen;
267
268 /*
269 * Compute our ECDH point.
270 */
271 #if 0
272 /* obsolete */
273 generator = ctx->eng.iec->generator(curve, &glen);
274 memcpy(ctx->eng.ecdhe_point, generator, glen);
275 ctx->eng.ecdhe_point_len = glen;
276 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
277 ctx->ecdhe_key, olen, curve))
278 {
279 return -BR_ERR_INVALID_ALGORITHM;
280 }
281 #endif
282 glen = ctx->eng.iec->mulgen(ctx->eng.ecdhe_point,
283 ctx->ecdhe_key, olen, curve);
284 ctx->eng.ecdhe_point_len = glen;
285
286 /*
287 * Compute the signature.
288 */
289 br_multihash_zero(&mhc);
290 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
291 br_multihash_init(&mhc);
292 br_multihash_update(&mhc,
293 ctx->eng.client_random, sizeof ctx->eng.client_random);
294 br_multihash_update(&mhc,
295 ctx->eng.server_random, sizeof ctx->eng.server_random);
296 head[0] = 3;
297 head[1] = 0;
298 head[2] = curve;
299 head[3] = ctx->eng.ecdhe_point_len;
300 br_multihash_update(&mhc, head, sizeof head);
301 br_multihash_update(&mhc,
302 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
303 hash = ctx->sign_hash_id;
304 if (hash) {
305 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
306 if (hv_len == 0) {
307 return -BR_ERR_INVALID_ALGORITHM;
308 }
309 } else {
310 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
311 || !br_multihash_out(&mhc,
312 br_sha1_ID, ctx->eng.pad + 16))
313 {
314 return -BR_ERR_INVALID_ALGORITHM;
315 }
316 hv_len = 36;
317 }
318 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
319 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
320 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
321 }
322
323 /*
324 * Do the ECDHE key exchange (part 2: computation of the shared secret
325 * from the point sent by the client).
326 */
327 static void
328 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
329 unsigned char *cpoint, size_t cpoint_len)
330 {
331 int curve;
332 uint32_t x;
333
334 curve = ctx->eng.ecdhe_curve;
335
336 /*
337 * Finalise the key exchange.
338 */
339 x = ctx->eng.iec->mul(cpoint, cpoint_len,
340 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
341 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
342
343 /*
344 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
345 * as that key does not get stolen, so we'd better destroy it
346 * as soon as it ceases to be useful.
347 */
348 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
349 }
350
351 /*
352 * Offset for hash value within the pad (when obtaining all hash values,
353 * in preparation for verification of the CertificateVerify message).
354 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
355 * is used to get the total length.
356 */
357 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
358
359 /*
360 * OID for hash functions in RSA signatures.
361 */
362 static const unsigned char HASH_OID_SHA1[] = {
363 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
364 };
365
366 static const unsigned char HASH_OID_SHA224[] = {
367 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
368 };
369
370 static const unsigned char HASH_OID_SHA256[] = {
371 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
372 };
373
374 static const unsigned char HASH_OID_SHA384[] = {
375 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
376 };
377
378 static const unsigned char HASH_OID_SHA512[] = {
379 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
380 };
381
382 static const unsigned char *HASH_OID[] = {
383 HASH_OID_SHA1,
384 HASH_OID_SHA224,
385 HASH_OID_SHA256,
386 HASH_OID_SHA384,
387 HASH_OID_SHA512
388 };
389
390 /*
391 * Verify the signature in CertificateVerify. Returned value is 0 on
392 * success, or a non-zero error code. Lack of implementation of the
393 * designated signature algorithm is reported as a "bad signature"
394 * error (because it means that the peer did not honour our advertised
395 * set of supported signature algorithms).
396 */
397 static int
398 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
399 {
400 const br_x509_class **xc;
401 const br_x509_pkey *pk;
402 int id;
403
404 id = ctx->hash_CV_id;
405 xc = ctx->eng.x509ctx;
406 pk = (*xc)->get_pkey(xc, NULL);
407 if (pk->key_type == BR_KEYTYPE_RSA) {
408 unsigned char tmp[64];
409 const unsigned char *hash_oid;
410
411 if (id == 0) {
412 hash_oid = NULL;
413 } else {
414 hash_oid = HASH_OID[id - 2];
415 }
416 if (ctx->eng.irsavrfy == 0) {
417 return BR_ERR_BAD_SIGNATURE;
418 }
419 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
420 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
421 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
422 {
423 return BR_ERR_BAD_SIGNATURE;
424 }
425 } else {
426 if (ctx->eng.iecdsa == 0) {
427 return BR_ERR_BAD_SIGNATURE;
428 }
429 if (!ctx->eng.iecdsa(ctx->eng.iec,
430 ctx->hash_CV, ctx->hash_CV_len,
431 &pk->key.ec, ctx->eng.pad, sig_len))
432 {
433 return BR_ERR_BAD_SIGNATURE;
434 }
435 }
436 return 0;
437 }
438
439
440
441 static const uint8_t t0_datablock[] = {
442 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
443 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
444 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
445 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
446 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
447 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
448 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
449 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
450 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
451 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
452 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
453 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
454 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
455 };
456
457 static const uint8_t t0_codeblock[] = {
458 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
459 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
460 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
461 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
466 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
467 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
473 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
476 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
477 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
479 0x01,
480 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
481 0x00, 0x00, 0x01,
482 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
484 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
486 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
487 0x00, 0x00, 0x01,
488 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
489 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
490 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
491 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
492 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
493 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
494 0x00, 0x00, 0x79, 0x01,
495 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
496 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
497 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
498 0x00, 0x01,
499 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
500 0x00, 0x01,
501 T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
502 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
503 0x00, 0x00, 0x01,
504 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
505 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
506 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
507 0x00, 0x01,
508 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
510 0x00, 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
512 0x01,
513 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
514 0x00, 0x00, 0x01,
515 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
516 0x00, 0x00, 0x01,
517 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
518 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
519 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
520 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
521 0x00, 0x01,
522 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
523 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
524 0x00, 0x00, 0x01,
525 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
526 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
528 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
529 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
530 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
531 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
532 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA5, 0x1C, 0x83,
533 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
534 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x42, 0x2C, 0x19,
535 0x38, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
536 0xC4, 0x02, 0x00, 0x2A, 0x19, 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCC, 0x04,
537 0x76, 0x00, 0x01, 0x00, 0x75, 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
538 0x8A, 0x40, 0x36, 0xAE, 0x35, 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD3,
539 0x01, 0x00, 0xCF, 0x01, 0x00, 0xAA, 0x04, 0x80, 0x46, 0xD3, 0xD0, 0x29,
540 0xD5, 0x4E, 0x06, 0x01, 0xD1, 0xD4, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00,
541 0xAB, 0x2A, 0x5B, 0x06, 0x0F, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B,
542 0x29, 0xAF, 0xAD, 0x2A, 0xC5, 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B,
543 0x29, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x6E, 0x2B, 0xAF, 0x04, 0x0A, 0xB1,
544 0x2A, 0x05, 0x04, 0x29, 0xA8, 0x04, 0x02, 0xB0, 0xAC, 0x04, 0x01, 0xAF,
545 0x01, 0x00, 0xAA, 0x01, 0x00, 0xCF, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01,
546 0x17, 0x87, 0x42, 0x00, 0x00, 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C,
547 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00,
548 0xC3, 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01,
549 0x84, 0x00, 0x08, 0x2B, 0x00, 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01,
550 0x13, 0x37, 0x00, 0x00, 0x01, 0x7F, 0x9F, 0xCB, 0x2A, 0x01, 0x07, 0x13,
551 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01,
552 0xC2, 0x04, 0x2A, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88,
553 0x30, 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19,
554 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC4, 0x04,
555 0x03, 0x01, 0x00, 0x9F, 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01,
556 0x2A, 0x03, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00,
557 0x00, 0x00, 0x9A, 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00,
558 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29,
559 0x01, 0x02, 0x74, 0x42, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x3A, 0x0F,
560 0x06, 0x15, 0x29, 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F,
561 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x00, 0x04, 0x07, 0x29,
562 0x01, 0x82, 0x00, 0x08, 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06,
563 0x05, 0x3D, 0xA6, 0x39, 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F,
564 0x42, 0x00, 0x00, 0x01, 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72,
565 0x2B, 0x76, 0x2E, 0x2A, 0xC7, 0x05, 0x02, 0x71, 0x2B, 0xA5, 0x28, 0x00,
566 0x02, 0x85, 0x2E, 0x05, 0x02, 0xB9, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x01,
567 0x7E, 0x03, 0x00, 0x2A, 0x06, 0x17, 0xBF, 0x2A, 0x03, 0x01, 0x83, 0x47,
568 0xB3, 0x02, 0x01, 0x4F, 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00,
569 0x04, 0x01, 0x29, 0x04, 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40,
570 0x00, 0x00, 0x31, 0x06, 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02,
571 0x71, 0x2B, 0x04, 0x11, 0xCB, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E,
572 0x06, 0x06, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC0, 0x01, 0x01,
573 0x0E, 0x35, 0x39, 0x06, 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC6, 0x38,
574 0xB2, 0x00, 0x01, 0xB7, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A,
575 0x01, 0x03, 0x0F, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29,
576 0x00, 0x47, 0x5A, 0xBE, 0xA4, 0x2A, 0x06, 0x23, 0xBE, 0xA4, 0x2A, 0x59,
577 0x2A, 0x06, 0x18, 0x2A, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82,
578 0x00, 0x04, 0x01, 0x2A, 0x03, 0x00, 0x83, 0x02, 0x00, 0xB3, 0x02, 0x00,
579 0x56, 0x04, 0x65, 0x9B, 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06,
580 0x02, 0x37, 0x00, 0x29, 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05,
581 0x02, 0x72, 0x2B, 0x01, 0x0F, 0x13, 0x03, 0x00, 0xAD, 0x93, 0x2E, 0x01,
582 0x86, 0x03, 0x11, 0x06, 0x23, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F,
583 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08,
584 0x12, 0x2A, 0x01, 0x02, 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02,
585 0x6C, 0x2B, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01,
586 0x00, 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBD, 0x2A,
587 0x03, 0x01, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83,
588 0x47, 0xB3, 0x02, 0x01, 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00,
589 0x00, 0x1D, 0xB7, 0x01, 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A,
590 0xB7, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0xBD, 0x2A, 0x03, 0x00,
591 0x77, 0x40, 0x78, 0x01, 0x20, 0xB3, 0xBF, 0x2A, 0x01, 0x20, 0x10, 0x06,
592 0x02, 0x70, 0x2B, 0x2A, 0x8E, 0x42, 0x8D, 0x47, 0xB3, 0x1A, 0x03, 0x01,
593 0xBD, 0xA4, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0,
594 0x17, 0x3A, 0x08, 0x03, 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBD,
595 0x2A, 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06,
596 0x04, 0x01, 0x7F, 0x03, 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A,
597 0x88, 0x30, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01,
598 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02,
599 0x00, 0x95, 0x2E, 0x0B, 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC1,
600 0x2A, 0x5B, 0x06, 0x03, 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B,
601 0x01, 0x02, 0x0C, 0x79, 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29,
602 0x02, 0x05, 0x02, 0x04, 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02,
603 0x05, 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F,
604 0x29, 0x01, 0x00, 0x03, 0x07, 0xBF, 0xA4, 0x2A, 0x06, 0x09, 0xBF, 0x05,
605 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42,
606 0x01, 0x88, 0x04, 0x80, 0x40, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41,
607 0x2A, 0x06, 0x80, 0x4E, 0xBD, 0xA4, 0x2A, 0x06, 0x80, 0x47, 0xBD, 0x01,
608 0x00, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04, 0x39, 0x01, 0x01, 0x3A,
609 0x0F, 0x06, 0x04, 0x29, 0xB4, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A,
610 0x0F, 0x06, 0x04, 0x29, 0xB5, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06,
611 0x04, 0x29, 0xBB, 0x04, 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29,
612 0xBC, 0x04, 0x0F, 0x01, 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xA9, 0x04,
613 0x05, 0x29, 0xB9, 0x01, 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02,
614 0x01, 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77,
615 0x2E, 0x97, 0x40, 0x01, 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00,
616 0x10, 0x06, 0x03, 0x29, 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06,
617 0x02, 0x6B, 0x2B, 0x02, 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80,
618 0x46, 0xA1, 0x02, 0x01, 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06,
619 0x05, 0x29, 0x93, 0x2E, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93,
620 0x40, 0x2A, 0x94, 0x40, 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03,
621 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x88, 0x42, 0x02, 0x07, 0x05,
622 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07, 0x80, 0x2E,
623 0x13, 0x2A, 0x80, 0x40, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47,
624 0x01, 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03,
625 0x09, 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00,
626 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20,
627 0x34, 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04,
628 0x0B, 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12,
629 0x2A, 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A,
630 0x02, 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05,
631 0x0E, 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63,
632 0x01, 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05,
633 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01,
634 0x04, 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02,
635 0x12, 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01,
636 0x83, 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01,
637 0x80, 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28,
638 0xA1, 0x01, 0x00, 0x00, 0x00, 0xB1, 0xB0, 0x00, 0x04, 0x76, 0x2E, 0xCA,
639 0x06, 0x16, 0xBD, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B,
640 0x2A, 0x03, 0x00, 0x83, 0x47, 0xB3, 0x02, 0x00, 0x76, 0x2E, 0xA5, 0x27,
641 0x76, 0x2E, 0x2A, 0xC8, 0x47, 0xC7, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01,
642 0x02, 0x02, 0x39, 0x06, 0x14, 0xBF, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB3,
643 0x02, 0x03, 0x76, 0x2E, 0xA5, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01,
644 0x24, 0x9B, 0x00, 0x00, 0xB7, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B,
645 0x00, 0x00, 0x9C, 0xB7, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83,
646 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB3, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08,
647 0x01, 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03,
648 0x01, 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00,
649 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x04, 0x74, 0x00, 0xBD, 0x01, 0x01,
650 0x0E, 0x06, 0x02, 0x66, 0x2B, 0xBF, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05,
651 0x11, 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30,
652 0x0B, 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42,
653 0x84, 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBD, 0x88, 0x30, 0x01, 0x00,
654 0x3A, 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B,
655 0xBF, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01,
656 0x02, 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69,
657 0x2B, 0xBF, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C,
658 0xB3, 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03,
659 0x69, 0x2B, 0x29, 0x00, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x2A, 0x06, 0x1D,
660 0xBF, 0x06, 0x03, 0xB9, 0x04, 0x15, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x0D,
661 0x06, 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB3,
662 0x04, 0x01, 0xC5, 0x04, 0x60, 0x9B, 0x9B, 0x00, 0x00, 0xB8, 0x2A, 0x5D,
663 0x06, 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC0,
664 0x01, 0x03, 0xBE, 0x47, 0x29, 0x47, 0x00, 0x00, 0xBD, 0xC5, 0x00, 0x03,
665 0x01, 0x00, 0x03, 0x00, 0xBD, 0xA4, 0x2A, 0x06, 0x32, 0xBF, 0x03, 0x01,
666 0xBF, 0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06,
667 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F,
668 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60, 0x01,
669 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0x4B, 0x9B,
670 0x02, 0x00, 0x00, 0x00, 0xBD, 0xA4, 0xBA, 0x80, 0x40, 0x9B, 0x00, 0x00,
671 0xBD, 0xA4, 0xBD, 0xA4, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBD,
672 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F,
673 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00,
674 0x01, 0x02, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x00, 0x00, 0x01,
675 0x03, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x01, 0x08, 0x0C, 0xC0,
676 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC0, 0x00, 0x00, 0x3D, 0x2A, 0x5B,
677 0x05, 0x01, 0x00, 0x29, 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x92, 0x30,
678 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01,
679 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F,
680 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04,
681 0xCB, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0xDE, 0x01,
682 0x00, 0xDD, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01, 0x15, 0x87,
683 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47,
684 0xC3, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05, 0xC0, 0x29,
685 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03,
686 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01,
687 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00,
688 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06,
689 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F,
690 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A,
691 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F,
692 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01,
693 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01,
694 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x29, 0x01,
695 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06,
696 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06,
697 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04,
698 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02,
699 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03,
700 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00,
701 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73,
702 0x30, 0x2A, 0x06, 0x1F, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01,
703 0x00, 0x9E, 0x04, 0x11, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0A, 0x29, 0x75,
704 0x30, 0x06, 0x03, 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29,
705 0x7B, 0x30, 0x05, 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A,
706 0x0F, 0x06, 0x06, 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A,
707 0x0F, 0x06, 0x09, 0x29, 0xA7, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13,
708 0x01, 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07,
709 0x29, 0x01, 0x04, 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08,
710 0x39, 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x0F, 0x31, 0x06, 0x0C, 0x86, 0x30,
711 0x01, 0x15, 0x0F, 0x06, 0x04, 0x29, 0xA7, 0x04, 0x01, 0x23, 0x00, 0x00,
712 0xCB, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00,
713 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00,
714 0xCB, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDE, 0x2C,
715 0x2A, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD2, 0x2C, 0x00, 0x00, 0x01,
716 0x0B, 0xDE, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDD, 0xDD, 0x14, 0x2A,
717 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47,
718 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD8, 0x93, 0x2E,
719 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xD9, 0x08, 0x4E,
720 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDE, 0xDD, 0x01, 0x00, 0xD8, 0xDE,
721 0x01, 0x01, 0xD8, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08,
722 0x01, 0x00, 0xD9, 0xDC, 0x01, 0x01, 0xD9, 0x29, 0x4E, 0xDC, 0x16, 0x15,
723 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDC, 0x1F, 0x2A, 0x06, 0x05, 0x83,
724 0x47, 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDE,
725 0x01, 0x0C, 0xDD, 0x83, 0x01, 0x0C, 0xD6, 0x00, 0x04, 0x03, 0x00, 0x01,
726 0x02, 0xDE, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C,
727 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
728 0x01, 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
729 0x01, 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01,
730 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
731 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDD, 0x93, 0x2E, 0xDC, 0x8C,
732 0x01, 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01,
733 0x20, 0xD6, 0x01, 0x20, 0xDE, 0x8D, 0x01, 0x20, 0xD6, 0x76, 0x2E, 0xDC,
734 0x01, 0x00, 0xDE, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
735 0x06, 0x80, 0x40, 0xDC, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE,
736 0x01, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x60, 0x89, 0x47, 0xD7, 0x04,
737 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC,
738 0x84, 0x30, 0x01, 0x08, 0x09, 0xDE, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01,
739 0x10, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x62, 0x2A, 0xDC, 0x60, 0x83,
740 0x47, 0xD7, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E,
741 0xDE, 0x01, 0x00, 0xDD, 0x00, 0x03, 0x76, 0x2E, 0xC8, 0x05, 0x01, 0x00,
742 0x7C, 0x2F, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01, 0x13, 0x5D, 0x06, 0x03,
743 0x5F, 0x04, 0x75, 0x03, 0x00, 0x29, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06,
744 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03,
745 0x02, 0x01, 0x0C, 0xDE, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01,
746 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDD, 0x01, 0x03, 0xDE, 0x02, 0x00,
747 0xDC, 0x7D, 0x7E, 0x30, 0xD7, 0x02, 0x02, 0x06, 0x0D, 0x90, 0x30, 0xDE,
748 0x76, 0x2E, 0xC9, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, 0xDE, 0x02, 0x01,
749 0xDC, 0x83, 0x02, 0x01, 0xD6, 0x00, 0x00, 0x54, 0x2A, 0x01, 0x00, 0x0F,
750 0x06, 0x02, 0x63, 0x00, 0xCB, 0x29, 0x04, 0x73, 0x00, 0x2A, 0xDE, 0xD6,
751 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC7, 0x06, 0x0C, 0x61, 0x3A, 0x06,
752 0x08, 0x01, 0x80, 0x41, 0xDE, 0x01, 0x80, 0x42, 0xDE, 0x46, 0x06, 0x07,
753 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDE, 0x45, 0x06, 0x08, 0x5F, 0x3A,
754 0x06, 0x04, 0x01, 0x80, 0x40, 0xDE, 0x47, 0x29, 0x00, 0x01, 0x01, 0x00,
755 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C,
756 0xDA, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDA, 0x02, 0x00, 0x08,
757 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44, 0x29, 0xDA, 0x03,
758 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDA, 0x02, 0x00, 0x08,
759 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x04, 0xDB,
760 0x01, 0x05, 0xDB, 0x01, 0x06, 0xDB, 0x01, 0x03, 0xDB, 0x01, 0x02, 0xDB,
761 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C,
762 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00,
763 0xDE, 0x01, 0x02, 0x3B, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x08, 0x52, 0xDE,
764 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDE, 0xDC, 0x00, 0x00, 0x2A,
765 0x55, 0x06, 0x02, 0x29, 0x00, 0xCB, 0x29, 0x04, 0x76
766 };
767
768 static const uint16_t t0_caddr[] = {
769 0,
770 5,
771 10,
772 15,
773 20,
774 25,
775 30,
776 35,
777 40,
778 44,
779 48,
780 52,
781 56,
782 60,
783 64,
784 68,
785 72,
786 76,
787 80,
788 84,
789 88,
790 92,
791 96,
792 100,
793 104,
794 109,
795 114,
796 119,
797 124,
798 129,
799 134,
800 139,
801 144,
802 149,
803 154,
804 159,
805 164,
806 169,
807 174,
808 180,
809 185,
810 190,
811 195,
812 200,
813 205,
814 210,
815 215,
816 220,
817 225,
818 230,
819 235,
820 240,
821 245,
822 250,
823 255,
824 260,
825 265,
826 270,
827 275,
828 280,
829 285,
830 290,
831 299,
832 303,
833 328,
834 334,
835 353,
836 364,
837 398,
838 509,
839 513,
840 546,
841 556,
842 624,
843 638,
844 644,
845 704,
846 723,
847 745,
848 794,
849 843,
850 919,
851 1021,
852 1032,
853 1613,
854 1617,
855 1684,
856 1694,
857 1725,
858 1749,
859 1795,
860 1865,
861 1905,
862 1919,
863 1928,
864 1932,
865 1996,
866 2004,
867 2040,
868 2051,
869 2067,
870 2073,
871 2084,
872 2119,
873 2145,
874 2157,
875 2163,
876 2178,
877 2334,
878 2343,
879 2356,
880 2365,
881 2372,
882 2475,
883 2496,
884 2509,
885 2525,
886 2543,
887 2575,
888 2648,
889 2661,
890 2842,
891 2850,
892 2947,
893 2961,
894 2966,
895 3010,
896 3067,
897 3088,
898 3115,
899 3123,
900 3131
901 };
902
903 #define T0_INTERPRETED 91
904
905 #define T0_ENTER(ip, rp, slot) do { \
906 const unsigned char *t0_newip; \
907 uint32_t t0_lnum; \
908 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
909 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
910 (rp) += t0_lnum; \
911 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
912 (ip) = t0_newip; \
913 } while (0)
914
915 #define T0_DEFENTRY(name, slot) \
916 void \
917 name(void *ctx) \
918 { \
919 t0_context *t0ctx = ctx; \
920 t0ctx->ip = &t0_codeblock[0]; \
921 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
922 }
923
924 T0_DEFENTRY(br_ssl_hs_server_init_main, 163)
925
926 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
927
928 void
929 br_ssl_hs_server_run(void *t0ctx)
930 {
931 uint32_t *dp, *rp;
932 const unsigned char *ip;
933
934 #define T0_LOCAL(x) (*(rp - 2 - (x)))
935 #define T0_POP() (*-- dp)
936 #define T0_POPi() (*(int32_t *)(-- dp))
937 #define T0_PEEK(x) (*(dp - 1 - (x)))
938 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
939 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
940 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
941 #define T0_RPOP() (*-- rp)
942 #define T0_RPOPi() (*(int32_t *)(-- rp))
943 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
944 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
945 #define T0_ROLL(x) do { \
946 size_t t0len = (size_t)(x); \
947 uint32_t t0tmp = *(dp - 1 - t0len); \
948 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
949 *(dp - 1) = t0tmp; \
950 } while (0)
951 #define T0_SWAP() do { \
952 uint32_t t0tmp = *(dp - 2); \
953 *(dp - 2) = *(dp - 1); \
954 *(dp - 1) = t0tmp; \
955 } while (0)
956 #define T0_ROT() do { \
957 uint32_t t0tmp = *(dp - 3); \
958 *(dp - 3) = *(dp - 2); \
959 *(dp - 2) = *(dp - 1); \
960 *(dp - 1) = t0tmp; \
961 } while (0)
962 #define T0_NROT() do { \
963 uint32_t t0tmp = *(dp - 1); \
964 *(dp - 1) = *(dp - 2); \
965 *(dp - 2) = *(dp - 3); \
966 *(dp - 3) = t0tmp; \
967 } while (0)
968 #define T0_PICK(x) do { \
969 uint32_t t0depth = (x); \
970 T0_PUSH(T0_PEEK(t0depth)); \
971 } while (0)
972 #define T0_CO() do { \
973 goto t0_exit; \
974 } while (0)
975 #define T0_RET() goto t0_next
976
977 dp = ((t0_context *)t0ctx)->dp;
978 rp = ((t0_context *)t0ctx)->rp;
979 ip = ((t0_context *)t0ctx)->ip;
980 goto t0_next;
981 for (;;) {
982 uint32_t t0x;
983
984 t0_next:
985 t0x = T0_NEXT(&ip);
986 if (t0x < T0_INTERPRETED) {
987 switch (t0x) {
988 int32_t t0off;
989
990 case 0: /* ret */
991 t0x = T0_RPOP();
992 rp -= (t0x >> 16);
993 t0x &= 0xFFFF;
994 if (t0x == 0) {
995 ip = NULL;
996 goto t0_exit;
997 }
998 ip = &t0_codeblock[t0x];
999 break;
1000 case 1: /* literal constant */
1001 T0_PUSHi(t0_parse7E_signed(&ip));
1002 break;
1003 case 2: /* read local */
1004 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
1005 break;
1006 case 3: /* write local */
1007 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1008 break;
1009 case 4: /* jump */
1010 t0off = t0_parse7E_signed(&ip);
1011 ip += t0off;
1012 break;
1013 case 5: /* jump if */
1014 t0off = t0_parse7E_signed(&ip);
1015 if (T0_POP()) {
1016 ip += t0off;
1017 }
1018 break;
1019 case 6: /* jump if not */
1020 t0off = t0_parse7E_signed(&ip);
1021 if (!T0_POP()) {
1022 ip += t0off;
1023 }
1024 break;
1025 case 7: {
1026 /* * */
1027
1028 uint32_t b = T0_POP();
1029 uint32_t a = T0_POP();
1030 T0_PUSH(a * b);
1031
1032 }
1033 break;
1034 case 8: {
1035 /* + */
1036
1037 uint32_t b = T0_POP();
1038 uint32_t a = T0_POP();
1039 T0_PUSH(a + b);
1040
1041 }
1042 break;
1043 case 9: {
1044 /* - */
1045
1046 uint32_t b = T0_POP();
1047 uint32_t a = T0_POP();
1048 T0_PUSH(a - b);
1049
1050 }
1051 break;
1052 case 10: {
1053 /* -rot */
1054 T0_NROT();
1055 }
1056 break;
1057 case 11: {
1058 /* < */
1059
1060 int32_t b = T0_POPi();
1061 int32_t a = T0_POPi();
1062 T0_PUSH(-(uint32_t)(a < b));
1063
1064 }
1065 break;
1066 case 12: {
1067 /* << */
1068
1069 int c = (int)T0_POPi();
1070 uint32_t x = T0_POP();
1071 T0_PUSH(x << c);
1072
1073 }
1074 break;
1075 case 13: {
1076 /* <= */
1077
1078 int32_t b = T0_POPi();
1079 int32_t a = T0_POPi();
1080 T0_PUSH(-(uint32_t)(a <= b));
1081
1082 }
1083 break;
1084 case 14: {
1085 /* <> */
1086
1087 uint32_t b = T0_POP();
1088 uint32_t a = T0_POP();
1089 T0_PUSH(-(uint32_t)(a != b));
1090
1091 }
1092 break;
1093 case 15: {
1094 /* = */
1095
1096 uint32_t b = T0_POP();
1097 uint32_t a = T0_POP();
1098 T0_PUSH(-(uint32_t)(a == b));
1099
1100 }
1101 break;
1102 case 16: {
1103 /* > */
1104
1105 int32_t b = T0_POPi();
1106 int32_t a = T0_POPi();
1107 T0_PUSH(-(uint32_t)(a > b));
1108
1109 }
1110 break;
1111 case 17: {
1112 /* >= */
1113
1114 int32_t b = T0_POPi();
1115 int32_t a = T0_POPi();
1116 T0_PUSH(-(uint32_t)(a >= b));
1117
1118 }
1119 break;
1120 case 18: {
1121 /* >> */
1122
1123 int c = (int)T0_POPi();
1124 int32_t x = T0_POPi();
1125 T0_PUSHi(x >> c);
1126
1127 }
1128 break;
1129 case 19: {
1130 /* and */
1131
1132 uint32_t b = T0_POP();
1133 uint32_t a = T0_POP();
1134 T0_PUSH(a & b);
1135
1136 }
1137 break;
1138 case 20: {
1139 /* begin-cert */
1140
1141 if (ENG->chain_len == 0) {
1142 T0_PUSHi(-1);
1143 } else {
1144 ENG->cert_cur = ENG->chain->data;
1145 ENG->cert_len = ENG->chain->data_len;
1146 ENG->chain ++;
1147 ENG->chain_len --;
1148 T0_PUSH(ENG->cert_len);
1149 }
1150
1151 }
1152 break;
1153 case 21: {
1154 /* begin-ta-name */
1155
1156 const br_x500_name *dn;
1157 if (CTX->cur_dn_index >= CTX->num_tas) {
1158 T0_PUSHi(-1);
1159 } else {
1160 if (CTX->ta_names == NULL) {
1161 dn = &CTX->tas[CTX->cur_dn_index].dn;
1162 } else {
1163 dn = &CTX->ta_names[CTX->cur_dn_index];
1164 }
1165 CTX->cur_dn_index ++;
1166 CTX->cur_dn = dn->data;
1167 CTX->cur_dn_len = dn->len;
1168 T0_PUSH(CTX->cur_dn_len);
1169 }
1170
1171 }
1172 break;
1173 case 22: {
1174 /* begin-ta-name-list */
1175
1176 CTX->cur_dn_index = 0;
1177
1178 }
1179 break;
1180 case 23: {
1181 /* bzero */
1182
1183 size_t len = (size_t)T0_POP();
1184 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1185 memset(addr, 0, len);
1186
1187 }
1188 break;
1189 case 24: {
1190 /* call-policy-handler */
1191
1192 int x;
1193 br_ssl_server_choices choices;
1194
1195 x = (*CTX->policy_vtable)->choose(
1196 CTX->policy_vtable, CTX, &choices);
1197 ENG->session.cipher_suite = choices.cipher_suite;
1198 CTX->sign_hash_id = choices.hash_id;
1199 ENG->chain = choices.chain;
1200 ENG->chain_len = choices.chain_len;
1201 T0_PUSHi(-(x != 0));
1202
1203 }
1204 break;
1205 case 25: {
1206 /* can-output? */
1207
1208 T0_PUSHi(-(ENG->hlen_out > 0));
1209
1210 }
1211 break;
1212 case 26: {
1213 /* check-resume */
1214
1215 if (ENG->session.session_id_len == 32
1216 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1217 CTX->cache_vtable, CTX, &ENG->session))
1218 {
1219 T0_PUSHi(-1);
1220 } else {
1221 T0_PUSH(0);
1222 }
1223
1224 }
1225 break;
1226 case 27: {
1227 /* co */
1228 T0_CO();
1229 }
1230 break;
1231 case 28: {
1232 /* compute-Finished-inner */
1233
1234 int prf_id = T0_POP();
1235 int from_client = T0_POPi();
1236 unsigned char seed[48];
1237 size_t seed_len;
1238
1239 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1240 if (ENG->session.version >= BR_TLS12) {
1241 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1242 } else {
1243 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1244 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1245 seed_len = 36;
1246 }
1247 prf(ENG->pad, 12, ENG->session.master_secret,
1248 sizeof ENG->session.master_secret,
1249 from_client ? "client finished" : "server finished",
1250 seed, seed_len);
1251
1252 }
1253 break;
1254 case 29: {
1255 /* compute-hash-CV */
1256
1257 int i;
1258
1259 for (i = 1; i <= 6; i ++) {
1260 br_multihash_out(&ENG->mhash, i,
1261 ENG->pad + HASH_PAD_OFF[i - 1]);
1262 }
1263
1264 }
1265 break;
1266 case 30: {
1267 /* copy-cert-chunk */
1268
1269 size_t clen;
1270
1271 clen = ENG->cert_len;
1272 if (clen > sizeof ENG->pad) {
1273 clen = sizeof ENG->pad;
1274 }
1275 memcpy(ENG->pad, ENG->cert_cur, clen);
1276 ENG->cert_cur += clen;
1277 ENG->cert_len -= clen;
1278 T0_PUSH(clen);
1279
1280 }
1281 break;
1282 case 31: {
1283 /* copy-dn-chunk */
1284
1285 size_t clen;
1286
1287 clen = CTX->cur_dn_len;
1288 if (clen > sizeof ENG->pad) {
1289 clen = sizeof ENG->pad;
1290 }
1291 memcpy(ENG->pad, CTX->cur_dn, clen);
1292 CTX->cur_dn += clen;
1293 CTX->cur_dn_len -= clen;
1294 T0_PUSH(clen);
1295
1296 }
1297 break;
1298 case 32: {
1299 /* copy-hash-CV */
1300
1301 int id = T0_POP();
1302 size_t off, len;
1303
1304 if (id == 0) {
1305 off = 0;
1306 len = 36;
1307 } else {
1308 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1309 T0_PUSH(0);
1310 T0_RET();
1311 }
1312 off = HASH_PAD_OFF[id - 1];
1313 len = HASH_PAD_OFF[id] - off;
1314 }
1315 memcpy(CTX->hash_CV, ENG->pad + off, len);
1316 CTX->hash_CV_len = len;
1317 CTX->hash_CV_id = id;
1318 T0_PUSHi(-1);
1319
1320 }
1321 break;
1322 case 33: {
1323 /* copy-protocol-name */
1324
1325 size_t idx = T0_POP();
1326 size_t len = strlen(ENG->protocol_names[idx]);
1327 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1328 T0_PUSH(len);
1329
1330 }
1331 break;
1332 case 34: {
1333 /* data-get8 */
1334
1335 size_t addr = T0_POP();
1336 T0_PUSH(t0_datablock[addr]);
1337
1338 }
1339 break;
1340 case 35: {
1341 /* discard-input */
1342
1343 ENG->hlen_in = 0;
1344
1345 }
1346 break;
1347 case 36: {
1348 /* do-ecdh */
1349
1350 int prf_id = T0_POPi();
1351 size_t len = T0_POP();
1352 do_ecdh(CTX, prf_id, ENG->pad, len);
1353
1354 }
1355 break;
1356 case 37: {
1357 /* do-ecdhe-part1 */
1358
1359 int curve = T0_POPi();
1360 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1361
1362 }
1363 break;
1364 case 38: {
1365 /* do-ecdhe-part2 */
1366
1367 int prf_id = T0_POPi();
1368 size_t len = T0_POP();
1369 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1370
1371 }
1372 break;
1373 case 39: {
1374 /* do-rsa-decrypt */
1375
1376 int prf_id = T0_POPi();
1377 size_t len = T0_POP();
1378 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1379
1380 }
1381 break;
1382 case 40: {
1383 /* do-static-ecdh */
1384
1385 do_static_ecdh(CTX, T0_POP());
1386
1387 }
1388 break;
1389 case 41: {
1390 /* drop */
1391 (void)T0_POP();
1392 }
1393 break;
1394 case 42: {
1395 /* dup */
1396 T0_PUSH(T0_PEEK(0));
1397 }
1398 break;
1399 case 43: {
1400 /* fail */
1401
1402 br_ssl_engine_fail(ENG, (int)T0_POPi());
1403 T0_CO();
1404
1405 }
1406 break;
1407 case 44: {
1408 /* flush-record */
1409
1410 br_ssl_engine_flush_record(ENG);
1411
1412 }
1413 break;
1414 case 45: {
1415 /* get-key-type-usages */
1416
1417 const br_x509_class *xc;
1418 const br_x509_pkey *pk;
1419 unsigned usages;
1420
1421 xc = *(ENG->x509ctx);
1422 pk = xc->get_pkey(ENG->x509ctx, &usages);
1423 if (pk == NULL) {
1424 T0_PUSH(0);
1425 } else {
1426 T0_PUSH(pk->key_type | usages);
1427 }
1428
1429 }
1430 break;
1431 case 46: {
1432 /* get16 */
1433
1434 size_t addr = (size_t)T0_POP();
1435 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1436
1437 }
1438 break;
1439 case 47: {
1440 /* get32 */
1441
1442 size_t addr = (size_t)T0_POP();
1443 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1444
1445 }
1446 break;
1447 case 48: {
1448 /* get8 */
1449
1450 size_t addr = (size_t)T0_POP();
1451 T0_PUSH(*((unsigned char *)ENG + addr));
1452
1453 }
1454 break;
1455 case 49: {
1456 /* has-input? */
1457
1458 T0_PUSHi(-(ENG->hlen_in != 0));
1459
1460 }
1461 break;
1462 case 50: {
1463 /* memcmp */
1464
1465 size_t len = (size_t)T0_POP();
1466 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1467 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1468 int x = memcmp(addr1, addr2, len);
1469 T0_PUSH((uint32_t)-(x == 0));
1470
1471 }
1472 break;
1473 case 51: {
1474 /* memcpy */
1475
1476 size_t len = (size_t)T0_POP();
1477 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1478 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1479 memcpy(dst, src, len);
1480
1481 }
1482 break;
1483 case 52: {
1484 /* mkrand */
1485
1486 size_t len = (size_t)T0_POP();
1487 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1488 br_hmac_drbg_generate(&ENG->rng, addr, len);
1489
1490 }
1491 break;
1492 case 53: {
1493 /* more-incoming-bytes? */
1494
1495 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1496
1497 }
1498 break;
1499 case 54: {
1500 /* multihash-init */
1501
1502 br_multihash_init(&ENG->mhash);
1503
1504 }
1505 break;
1506 case 55: {
1507 /* neg */
1508
1509 uint32_t a = T0_POP();
1510 T0_PUSH(-a);
1511
1512 }
1513 break;
1514 case 56: {
1515 /* not */
1516
1517 uint32_t a = T0_POP();
1518 T0_PUSH(~a);
1519
1520 }
1521 break;
1522 case 57: {
1523 /* or */
1524
1525 uint32_t b = T0_POP();
1526 uint32_t a = T0_POP();
1527 T0_PUSH(a | b);
1528
1529 }
1530 break;
1531 case 58: {
1532 /* over */
1533 T0_PUSH(T0_PEEK(1));
1534 }
1535 break;
1536 case 59: {
1537 /* pick */
1538 T0_PICK(T0_POP());
1539 }
1540 break;
1541 case 60: {
1542 /* read-chunk-native */
1543
1544 size_t clen = ENG->hlen_in;
1545 if (clen > 0) {
1546 uint32_t addr, len;
1547
1548 len = T0_POP();
1549 addr = T0_POP();
1550 if ((size_t)len < clen) {
1551 clen = (size_t)len;
1552 }
1553 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1554 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1555 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1556 }
1557 T0_PUSH(addr + (uint32_t)clen);
1558 T0_PUSH(len - (uint32_t)clen);
1559 ENG->hbuf_in += clen;
1560 ENG->hlen_in -= clen;
1561 }
1562
1563 }
1564 break;
1565 case 61: {
1566 /* read8-native */
1567
1568 if (ENG->hlen_in > 0) {
1569 unsigned char x;
1570
1571 x = *ENG->hbuf_in ++;
1572 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1573 br_multihash_update(&ENG->mhash, &x, 1);
1574 }
1575 T0_PUSH(x);
1576 ENG->hlen_in --;
1577 } else {
1578 T0_PUSHi(-1);
1579 }
1580
1581 }
1582 break;
1583 case 62: {
1584 /* save-session */
1585
1586 if (CTX->cache_vtable != NULL) {
1587 (*CTX->cache_vtable)->save(
1588 CTX->cache_vtable, CTX, &ENG->session);
1589 }
1590
1591 }
1592 break;
1593 case 63: {
1594 /* set-max-frag-len */
1595
1596 size_t max_frag_len = T0_POP();
1597
1598 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1599
1600 /*
1601 * We must adjust our own output limit. Since we call this only
1602 * after receiving a ClientHello and before beginning to send
1603 * the ServerHello, the next output record should be empty at
1604 * that point, so we can use max_frag_len as a limit.
1605 */
1606 if (ENG->hlen_out > max_frag_len) {
1607 ENG->hlen_out = max_frag_len;
1608 }
1609
1610 }
1611 break;
1612 case 64: {
1613 /* set16 */
1614
1615 size_t addr = (size_t)T0_POP();
1616 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1617
1618 }
1619 break;
1620 case 65: {
1621 /* set32 */
1622
1623 size_t addr = (size_t)T0_POP();
1624 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1625
1626 }
1627 break;
1628 case 66: {
1629 /* set8 */
1630
1631 size_t addr = (size_t)T0_POP();
1632 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1633
1634 }
1635 break;
1636 case 67: {
1637 /* supported-curves */
1638
1639 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1640 T0_PUSH(x);
1641
1642 }
1643 break;
1644 case 68: {
1645 /* supported-hash-functions */
1646
1647 int i;
1648 unsigned x, num;
1649
1650 x = 0;
1651 num = 0;
1652 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1653 if (br_multihash_getimpl(&ENG->mhash, i)) {
1654 x |= 1U << i;
1655 num ++;
1656 }
1657 }
1658 T0_PUSH(x);
1659 T0_PUSH(num);
1660
1661 }
1662 break;
1663 case 69: {
1664 /* supports-ecdsa? */
1665
1666 T0_PUSHi(-(ENG->iecdsa != 0));
1667
1668 }
1669 break;
1670 case 70: {
1671 /* supports-rsa-sign? */
1672
1673 T0_PUSHi(-(ENG->irsavrfy != 0));
1674
1675 }
1676 break;
1677 case 71: {
1678 /* swap */
1679 T0_SWAP();
1680 }
1681 break;
1682 case 72: {
1683 /* switch-aesgcm-in */
1684
1685 int is_client, prf_id;
1686 unsigned cipher_key_len;
1687
1688 cipher_key_len = T0_POP();
1689 prf_id = T0_POP();
1690 is_client = T0_POP();
1691 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1692 ENG->iaes_ctr, cipher_key_len);
1693
1694 }
1695 break;
1696 case 73: {
1697 /* switch-aesgcm-out */
1698
1699 int is_client, prf_id;
1700 unsigned cipher_key_len;
1701
1702 cipher_key_len = T0_POP();
1703 prf_id = T0_POP();
1704 is_client = T0_POP();
1705 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1706 ENG->iaes_ctr, cipher_key_len);
1707
1708 }
1709 break;
1710 case 74: {
1711 /* switch-cbc-in */
1712
1713 int is_client, prf_id, mac_id, aes;
1714 unsigned cipher_key_len;
1715
1716 cipher_key_len = T0_POP();
1717 aes = T0_POP();
1718 mac_id = T0_POP();
1719 prf_id = T0_POP();
1720 is_client = T0_POP();
1721 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1722 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1723
1724 }
1725 break;
1726 case 75: {
1727 /* switch-cbc-out */
1728
1729 int is_client, prf_id, mac_id, aes;
1730 unsigned cipher_key_len;
1731
1732 cipher_key_len = T0_POP();
1733 aes = T0_POP();
1734 mac_id = T0_POP();
1735 prf_id = T0_POP();
1736 is_client = T0_POP();
1737 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1738 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1739
1740 }
1741 break;
1742 case 76: {
1743 /* switch-chapol-in */
1744
1745 int is_client, prf_id;
1746
1747 prf_id = T0_POP();
1748 is_client = T0_POP();
1749 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1750
1751 }
1752 break;
1753 case 77: {
1754 /* switch-chapol-out */
1755
1756 int is_client, prf_id;
1757
1758 prf_id = T0_POP();
1759 is_client = T0_POP();
1760 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1761
1762 }
1763 break;
1764 case 78: {
1765 /* ta-names-total-length */
1766
1767 size_t u, len;
1768
1769 len = 0;
1770 if (CTX->ta_names != NULL) {
1771 for (u = 0; u < CTX->num_tas; u ++) {
1772 len += CTX->ta_names[u].len + 2;
1773 }
1774 } else if (CTX->tas != NULL) {
1775 for (u = 0; u < CTX->num_tas; u ++) {
1776 len += CTX->tas[u].dn.len + 2;
1777 }
1778 }
1779 T0_PUSH(len);
1780
1781 }
1782 break;
1783 case 79: {
1784 /* test-protocol-name */
1785
1786 size_t len = T0_POP();
1787 size_t u;
1788
1789 for (u = 0; u < ENG->protocol_names_num; u ++) {
1790 const char *name;
1791
1792 name = ENG->protocol_names[u];
1793 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1794 T0_PUSH(u);
1795 T0_RET();
1796 }
1797 }
1798 T0_PUSHi(-1);
1799
1800 }
1801 break;
1802 case 80: {
1803 /* total-chain-length */
1804
1805 size_t u;
1806 uint32_t total;
1807
1808 total = 0;
1809 for (u = 0; u < ENG->chain_len; u ++) {
1810 total += 3 + (uint32_t)ENG->chain[u].data_len;
1811 }
1812 T0_PUSH(total);
1813
1814 }
1815 break;
1816 case 81: {
1817 /* u< */
1818
1819 uint32_t b = T0_POP();
1820 uint32_t a = T0_POP();
1821 T0_PUSH(-(uint32_t)(a < b));
1822
1823 }
1824 break;
1825 case 82: {
1826 /* u>> */
1827
1828 int c = (int)T0_POPi();
1829 uint32_t x = T0_POP();
1830 T0_PUSH(x >> c);
1831
1832 }
1833 break;
1834 case 83: {
1835 /* verify-CV-sig */
1836
1837 int err;
1838
1839 err = verify_CV_sig(CTX, T0_POP());
1840 T0_PUSHi(err);
1841
1842 }
1843 break;
1844 case 84: {
1845 /* write-blob-chunk */
1846
1847 size_t clen = ENG->hlen_out;
1848 if (clen > 0) {
1849 uint32_t addr, len;
1850
1851 len = T0_POP();
1852 addr = T0_POP();
1853 if ((size_t)len < clen) {
1854 clen = (size_t)len;
1855 }
1856 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1857 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1858 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1859 }
1860 T0_PUSH(addr + (uint32_t)clen);
1861 T0_PUSH(len - (uint32_t)clen);
1862 ENG->hbuf_out += clen;
1863 ENG->hlen_out -= clen;
1864 }
1865
1866 }
1867 break;
1868 case 85: {
1869 /* write8-native */
1870
1871 unsigned char x;
1872
1873 x = (unsigned char)T0_POP();
1874 if (ENG->hlen_out > 0) {
1875 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1876 br_multihash_update(&ENG->mhash, &x, 1);
1877 }
1878 *ENG->hbuf_out ++ = x;
1879 ENG->hlen_out --;
1880 T0_PUSHi(-1);
1881 } else {
1882 T0_PUSHi(0);
1883 }
1884
1885 }
1886 break;
1887 case 86: {
1888 /* x509-append */
1889
1890 const br_x509_class *xc;
1891 size_t len;
1892
1893 xc = *(ENG->x509ctx);
1894 len = T0_POP();
1895 xc->append(ENG->x509ctx, ENG->pad, len);
1896
1897 }
1898 break;
1899 case 87: {
1900 /* x509-end-cert */
1901
1902 const br_x509_class *xc;
1903
1904 xc = *(ENG->x509ctx);
1905 xc->end_cert(ENG->x509ctx);
1906
1907 }
1908 break;
1909 case 88: {
1910 /* x509-end-chain */
1911
1912 const br_x509_class *xc;
1913
1914 xc = *(ENG->x509ctx);
1915 T0_PUSH(xc->end_chain(ENG->x509ctx));
1916
1917 }
1918 break;
1919 case 89: {
1920 /* x509-start-cert */
1921
1922 const br_x509_class *xc;
1923
1924 xc = *(ENG->x509ctx);
1925 xc->start_cert(ENG->x509ctx, T0_POP());
1926
1927 }
1928 break;
1929 case 90: {
1930 /* x509-start-chain */
1931
1932 const br_x509_class *xc;
1933 uint32_t bc;
1934
1935 bc = T0_POP();
1936 xc = *(ENG->x509ctx);
1937 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1938
1939 }
1940 break;
1941 }
1942
1943 } else {
1944 T0_ENTER(ip, rp, t0x);
1945 }
1946 }
1947 t0_exit:
1948 ((t0_context *)t0ctx)->dp = dp;
1949 ((t0_context *)t0ctx)->rp = rp;
1950 ((t0_context *)t0ctx)->ip = ip;
1951 }
The BearSSL library and tools.