projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed proper handling of clients with no "secure renegotiation" support.
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, &len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *xcoor, size_t xcoor_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146
147 if (xcoor_len > sizeof rpms) {
148 xcoor_len = sizeof rpms;
149 ctl = 0;
150 }
151
152 /*
153 * Make a random PMS and copy it above the decrypted value if the
154 * decryption failed. Note that we use a constant-time conditional
155 * copy.
156 */
157 br_hmac_drbg_generate(&ctx->eng.rng, rpms, xcoor_len);
158 br_ccopy(ctl ^ 1, xcoor, rpms, xcoor_len);
159
160 /*
161 * Compute master secret.
162 */
163 br_ssl_engine_compute_master(&ctx->eng, prf_id, xcoor, xcoor_len);
164
165 /*
166 * Clear the pre-master secret from RAM: it is normally a buffer
167 * in the context, hence potentially long-lived.
168 */
169 memset(xcoor, 0, xcoor_len);
170 }
171
172 /*
173 * Do the ECDH key exchange (not ECDHE).
174 */
175 static void
176 do_ecdh(br_ssl_server_context *ctx, int prf_id,
177 unsigned char *cpoint, size_t cpoint_len)
178 {
179 uint32_t x;
180
181 /*
182 * Finalise the key exchange.
183 */
184 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
185 cpoint, &cpoint_len);
186 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
187 }
188
189 /*
190 * Do the full static ECDH key exchange. When this function is called,
191 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
192 * and the client's public key (from its certificate) has type EC and is
193 * apt for key exchange.
194 */
195 static void
196 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
197 {
198 unsigned char cpoint[133];
199 size_t cpoint_len;
200 const br_x509_class **xc;
201 const br_x509_pkey *pk;
202
203 xc = ctx->eng.x509ctx;
204 pk = (*xc)->get_pkey(xc, NULL);
205 cpoint_len = pk->key.ec.qlen;
206 if (cpoint_len > sizeof cpoint) {
207 /*
208 * If the point is larger than our buffer then we need to
209 * restrict it. Length 2 is not a valid point length, so
210 * the ECDH will fail.
211 */
212 cpoint_len = 2;
213 }
214 memcpy(cpoint, pk->key.ec.q, cpoint_len);
215 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
216 }
217
218 static size_t
219 hash_data(br_ssl_server_context *ctx,
220 void *dst, int hash_id, const void *src, size_t len)
221 {
222 const br_hash_class *hf;
223 br_hash_compat_context hc;
224
225 if (hash_id == 0) {
226 unsigned char tmp[36];
227
228 hf = br_multihash_getimpl(&ctx->eng.mhash, br_md5_ID);
229 if (hf == NULL) {
230 return 0;
231 }
232 hf->init(&hc.vtable);
233 hf->update(&hc.vtable, src, len);
234 hf->out(&hc.vtable, tmp);
235 hf = br_multihash_getimpl(&ctx->eng.mhash, br_sha1_ID);
236 if (hf == NULL) {
237 return 0;
238 }
239 hf->init(&hc.vtable);
240 hf->update(&hc.vtable, src, len);
241 hf->out(&hc.vtable, tmp + 16);
242 memcpy(dst, tmp, 36);
243 return 36;
244 } else {
245 hf = br_multihash_getimpl(&ctx->eng.mhash, hash_id);
246 if (hf == NULL) {
247 return 0;
248 }
249 hf->init(&hc.vtable);
250 hf->update(&hc.vtable, src, len);
251 hf->out(&hc.vtable, dst);
252 return (hf->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK;
253 }
254 }
255
256 /*
257 * Do the ECDHE key exchange (part 1: generation of transient key, and
258 * computing of the point to send to the client). Returned value is the
259 * signature length (in bytes), or -x on error (with x being an error
260 * code). The encoded point is written in the ecdhe_point[] context buffer
261 * (length in ecdhe_point_len).
262 */
263 static int
264 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
265 {
266 unsigned algo_id;
267 unsigned mask;
268 const unsigned char *order;
269 size_t olen, glen;
270 size_t hv_len, sig_len;
271
272 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
273 return -BR_ERR_INVALID_ALGORITHM;
274 }
275 ctx->eng.ecdhe_curve = curve;
276
277 /*
278 * Generate our private key. We need a non-zero random value
279 * which is lower than the curve order, in a "large enough"
280 * range. We force the top bit to 0 and bottom bit to 1, which
281 * does the trick. Note that contrary to what happens in ECDSA,
282 * this is not a problem if we do not cover the full range of
283 * possible values.
284 */
285 order = ctx->eng.iec->order(curve, &olen);
286 mask = 0xFF;
287 while (mask >= order[0]) {
288 mask >>= 1;
289 }
290 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
291 ctx->ecdhe_key[0] &= mask;
292 ctx->ecdhe_key[olen - 1] |= 0x01;
293 ctx->ecdhe_key_len = olen;
294
295 /*
296 * Compute our ECDH point.
297 */
298 glen = ctx->eng.iec->mulgen(ctx->eng.ecdhe_point,
299 ctx->ecdhe_key, olen, curve);
300 ctx->eng.ecdhe_point_len = glen;
301
302 /*
303 * Assemble the message to be signed, and possibly hash it.
304 */
305 memcpy(ctx->eng.pad, ctx->eng.client_random, 32);
306 memcpy(ctx->eng.pad + 32, ctx->eng.server_random, 32);
307 ctx->eng.pad[64 + 0] = 0x03;
308 ctx->eng.pad[64 + 1] = 0x00;
309 ctx->eng.pad[64 + 2] = curve;
310 ctx->eng.pad[64 + 3] = ctx->eng.ecdhe_point_len;
311 memcpy(ctx->eng.pad + 64 + 4,
312 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
313 hv_len = 64 + 4 + ctx->eng.ecdhe_point_len;
314 algo_id = ctx->sign_hash_id;
315 if (algo_id >= (unsigned)0xFF00) {
316 hv_len = hash_data(ctx, ctx->eng.pad, algo_id & 0xFF,
317 ctx->eng.pad, hv_len);
318 if (hv_len == 0) {
319 return -BR_ERR_INVALID_ALGORITHM;
320 }
321 }
322
323 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
324 algo_id, ctx->eng.pad, hv_len, sizeof ctx->eng.pad);
325 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
326 }
327
328 /*
329 * Do the ECDHE key exchange (part 2: computation of the shared secret
330 * from the point sent by the client).
331 */
332 static void
333 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
334 unsigned char *cpoint, size_t cpoint_len)
335 {
336 int curve;
337 uint32_t ctl;
338 size_t xoff, xlen;
339
340 curve = ctx->eng.ecdhe_curve;
341
342 /*
343 * Finalise the key exchange.
344 */
345 ctl = ctx->eng.iec->mul(cpoint, cpoint_len,
346 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
347 xoff = ctx->eng.iec->xoff(curve, &xlen);
348 ecdh_common(ctx, prf_id, cpoint + xoff, xlen, ctl);
349
350 /*
351 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
352 * as that key does not get stolen, so we'd better destroy it
353 * as soon as it ceases to be useful.
354 */
355 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
356 }
357
358 /*
359 * Offset for hash value within the pad (when obtaining all hash values,
360 * in preparation for verification of the CertificateVerify message).
361 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
362 * is used to get the total length.
363 */
364 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
365
366 /*
367 * OID for hash functions in RSA signatures.
368 */
369 static const unsigned char HASH_OID_SHA1[] = {
370 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
371 };
372
373 static const unsigned char HASH_OID_SHA224[] = {
374 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
375 };
376
377 static const unsigned char HASH_OID_SHA256[] = {
378 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
379 };
380
381 static const unsigned char HASH_OID_SHA384[] = {
382 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
383 };
384
385 static const unsigned char HASH_OID_SHA512[] = {
386 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
387 };
388
389 static const unsigned char *HASH_OID[] = {
390 HASH_OID_SHA1,
391 HASH_OID_SHA224,
392 HASH_OID_SHA256,
393 HASH_OID_SHA384,
394 HASH_OID_SHA512
395 };
396
397 /*
398 * Verify the signature in CertificateVerify. Returned value is 0 on
399 * success, or a non-zero error code. Lack of implementation of the
400 * designated signature algorithm is reported as a "bad signature"
401 * error (because it means that the peer did not honour our advertised
402 * set of supported signature algorithms).
403 */
404 static int
405 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
406 {
407 const br_x509_class **xc;
408 const br_x509_pkey *pk;
409 int id;
410
411 id = ctx->hash_CV_id;
412 xc = ctx->eng.x509ctx;
413 pk = (*xc)->get_pkey(xc, NULL);
414 if (pk->key_type == BR_KEYTYPE_RSA) {
415 unsigned char tmp[64];
416 const unsigned char *hash_oid;
417
418 if (id == 0) {
419 hash_oid = NULL;
420 } else {
421 hash_oid = HASH_OID[id - 2];
422 }
423 if (ctx->eng.irsavrfy == 0) {
424 return BR_ERR_BAD_SIGNATURE;
425 }
426 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
427 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
428 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
429 {
430 return BR_ERR_BAD_SIGNATURE;
431 }
432 } else {
433 if (ctx->eng.iecdsa == 0) {
434 return BR_ERR_BAD_SIGNATURE;
435 }
436 if (!ctx->eng.iecdsa(ctx->eng.iec,
437 ctx->hash_CV, ctx->hash_CV_len,
438 &pk->key.ec, ctx->eng.pad, sig_len))
439 {
440 return BR_ERR_BAD_SIGNATURE;
441 }
442 }
443 return 0;
444 }
445
446
447
448 static const unsigned char t0_datablock[] = {
449 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
450 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
451 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
452 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
453 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
454 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
455 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
456 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
457 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
458 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
459 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
460 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
461 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
462 };
463
464 static const unsigned char t0_codeblock[] = {
465 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
466 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
467 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
468 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
480 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
483 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
486 0x01,
487 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
488 0x00, 0x00, 0x01,
489 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
491 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
494 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
500 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
501 0x00, 0x00, 0x79, 0x01,
502 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
504 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
505 0x00, 0x01,
506 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
507 0x00, 0x01,
508 T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
510 0x00, 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
513 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
514 0x00, 0x01,
515 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
517 0x00, 0x00, 0x01,
518 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
519 0x01,
520 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
521 0x00, 0x00, 0x01,
522 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
523 0x00, 0x00, 0x01,
524 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
525 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
526 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
528 0x00, 0x01,
529 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
530 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
531 0x00, 0x00, 0x01,
532 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
533 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
535 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
536 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
537 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
538 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
539 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA6, 0x1C, 0x83,
540 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
541 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x30, 0x02, 0x00, 0x38, 0x13,
542 0x01, 0x01, 0x0C, 0x75, 0x42, 0x2C, 0x19, 0x38, 0x06, 0x07, 0x02, 0x00,
543 0xCD, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x2A, 0x19,
544 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCD, 0x04, 0x76, 0x00, 0x01, 0x00, 0x75,
545 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0x8A, 0x40, 0x36, 0xAF, 0x35,
546 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD4, 0x01, 0x00, 0xD0, 0x01, 0x00,
547 0xAB, 0x04, 0x80, 0x46, 0xD4, 0xD1, 0x29, 0xD6, 0x4E, 0x06, 0x01, 0xD2,
548 0xD5, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00, 0xAC, 0x2A, 0x5B, 0x06, 0x0F,
549 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B, 0x29, 0xB0, 0xAE, 0x2A, 0xC6,
550 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B, 0x29, 0x01, 0x02, 0xA2, 0x05,
551 0x02, 0x6E, 0x2B, 0xB0, 0x04, 0x0A, 0xB2, 0x2A, 0x05, 0x04, 0x29, 0xA9,
552 0x04, 0x02, 0xB1, 0xAD, 0x04, 0x01, 0xB0, 0x01, 0x00, 0xAB, 0x01, 0x00,
553 0xD0, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00,
554 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC,
555 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xC4, 0x19, 0x38, 0x06, 0x04,
556 0xCC, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2B, 0x00,
557 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01, 0x13, 0x37, 0x00, 0x00, 0x2A,
558 0x05, 0x04, 0x29, 0x01, 0x7F, 0x00, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01,
559 0x13, 0x5D, 0x06, 0x03, 0x5F, 0x04, 0x75, 0x47, 0x29, 0x00, 0x00, 0x01,
560 0x7F, 0x9F, 0xCC, 0x2A, 0x01, 0x07, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06,
561 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01, 0xC3, 0x04, 0x2A, 0x01, 0x01,
562 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88, 0x30, 0x01, 0x01, 0x0F, 0x01,
563 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC, 0x29,
564 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x04, 0x03, 0x01, 0x00, 0x9F, 0x04,
565 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01, 0x2A, 0x03, 0x00, 0x09, 0x2A,
566 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00, 0x00, 0x00, 0x9A, 0x01, 0x0F,
567 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29,
568 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29, 0x01, 0x02, 0x74, 0x42, 0x01,
569 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x14, 0x29, 0x01, 0x00,
570 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00,
571 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x29,
572 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05, 0x3D, 0xA7, 0x39, 0x04, 0x78,
573 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42, 0x00, 0x00, 0x01, 0x1F, 0x13,
574 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B, 0x76, 0x2E, 0x2A, 0xC8, 0x05,
575 0x02, 0x71, 0x2B, 0xA6, 0x28, 0x00, 0x02, 0x85, 0x2E, 0x05, 0x02, 0xBA,
576 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x7E, 0x03, 0x00, 0x2A, 0x06, 0x17,
577 0xC0, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x4F, 0x2A, 0x02,
578 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04, 0x01, 0x29, 0x04, 0x66, 0x9B,
579 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00, 0x00, 0x31, 0x06, 0x0B, 0x86,
580 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x11, 0xCC, 0x01,
581 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02, 0x71, 0x2B,
582 0x04, 0x70, 0x29, 0xC1, 0x01, 0x01, 0x0E, 0x35, 0x39, 0x06, 0x02, 0x64,
583 0x2B, 0x2A, 0x01, 0x01, 0xC7, 0x38, 0xB3, 0x00, 0x01, 0xB8, 0x01, 0x0B,
584 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01, 0x03, 0x0F, 0x06, 0x08, 0xBF,
585 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00, 0x47, 0x5A, 0xBF, 0xA5, 0x2A,
586 0x06, 0x23, 0xBF, 0xA5, 0x2A, 0x59, 0x2A, 0x06, 0x18, 0x2A, 0x01, 0x82,
587 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x2A, 0x03, 0x00,
588 0x83, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x56, 0x04, 0x65, 0x9B, 0x57, 0x04,
589 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02, 0x37, 0x00, 0x29, 0x2D, 0x00,
590 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02, 0x72, 0x2B, 0x01, 0x0F, 0x13,
591 0x03, 0x00, 0xAE, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x23, 0xBE,
592 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F,
593 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12, 0x2A, 0x01, 0x02, 0x0B, 0x3A,
594 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C, 0x2B, 0x04, 0x0D, 0x02, 0x00,
595 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x02, 0x20,
596 0x05, 0x02, 0x6C, 0x2B, 0xBE, 0x2A, 0x03, 0x01, 0x2A, 0x01, 0x84, 0x00,
597 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x53, 0x2A,
598 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00, 0x1D, 0xB8, 0x01, 0x0F, 0x0F,
599 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB8, 0x01, 0x01, 0x0F, 0x05, 0x02,
600 0x71, 0x2B, 0xBE, 0x2A, 0x03, 0x00, 0x77, 0x40, 0x78, 0x01, 0x20, 0xB4,
601 0xC0, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02, 0x70, 0x2B, 0x2A, 0x8E, 0x42,
602 0x8D, 0x47, 0xB4, 0x1A, 0x03, 0x01, 0xBE, 0xA5, 0x01, 0x00, 0x03, 0x02,
603 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17, 0x3A, 0x08, 0x03, 0x04, 0x03,
604 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBE, 0x2A, 0x03, 0x06, 0x02, 0x01, 0x06,
605 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x2A,
606 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88, 0x30, 0x06, 0x02, 0x69, 0x2B,
607 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x11,
608 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00, 0x95, 0x2E, 0x0B, 0x13, 0x06,
609 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC2, 0x2A, 0x5B, 0x06, 0x03, 0x29, 0x04,
610 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x79, 0x08, 0x02,
611 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02, 0x05, 0x02, 0x04, 0x11, 0x06,
612 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04,
613 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29, 0x01, 0x00, 0x03, 0x07, 0xC0,
614 0xA5, 0x2A, 0x06, 0x09, 0xC0, 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04,
615 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01, 0x88, 0x04, 0x80, 0x41, 0x01,
616 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x80, 0x4E, 0xBE, 0xA5,
617 0x2A, 0x06, 0x80, 0x47, 0xBE, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x04, 0x29,
618 0xB7, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB5, 0x04,
619 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04,
620 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBC, 0x04, 0x19, 0x01,
621 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBD, 0x04, 0x0F, 0x01, 0x10, 0x3A,
622 0x0F, 0x06, 0x04, 0x29, 0xAA, 0x04, 0x05, 0x29, 0xBA, 0x01, 0x00, 0x29,
623 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03, 0x01,
624 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E, 0x97, 0x40, 0x01, 0x80, 0x56,
625 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10, 0x06, 0x03, 0x29, 0x02, 0x00,
626 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x6B, 0x2B, 0x02, 0x00, 0x96,
627 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0xA1, 0x02, 0x01, 0x06, 0x10,
628 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x29, 0x93, 0x2E, 0x04, 0x04,
629 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40, 0x2A, 0x94, 0x40, 0x2A, 0x97,
630 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x04, 0x01,
631 0x02, 0x88, 0x42, 0x88, 0x30, 0x05, 0x04, 0x01, 0x01, 0x88, 0x42, 0x02,
632 0x07, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07,
633 0x01, 0xFC, 0x80, 0x00, 0x39, 0x80, 0x2F, 0x13, 0x2A, 0x80, 0x41, 0x2A,
634 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47, 0x01, 0x08, 0x12, 0x5C, 0x01,
635 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7C, 0x2F, 0x43, 0x13,
636 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06,
637 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20, 0x34, 0x01, 0x20, 0x8E, 0x42,
638 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x2A,
639 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01, 0x0F, 0x47,
640 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13, 0x05, 0x04,
641 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01, 0x81, 0x70,
642 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x2A, 0x06,
643 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04,
644 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30,
645 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05, 0x03, 0x01,
646 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01, 0x83, 0xFF, 0x7F, 0x0F, 0x06,
647 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA1, 0x01, 0x00,
648 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x01, 0x00, 0x00, 0x00,
649 0xB2, 0xB1, 0x00, 0x04, 0x76, 0x2E, 0xCB, 0x06, 0x16, 0xBE, 0x2A, 0x01,
650 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x2A, 0x03, 0x00, 0x83, 0x47,
651 0xB4, 0x02, 0x00, 0x76, 0x2E, 0xA6, 0x27, 0x76, 0x2E, 0x2A, 0xC9, 0x47,
652 0xC8, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39, 0x06, 0x14,
653 0xC0, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB4, 0x02, 0x03, 0x76, 0x2E, 0xA6,
654 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01, 0x24, 0x9B, 0x00, 0x00, 0xB8,
655 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x00, 0x9C, 0xB8, 0x01,
656 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83, 0x01, 0x0C, 0x08, 0x01, 0x0C,
657 0xB4, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32, 0x05, 0x02,
658 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x98, 0x02,
659 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00,
660 0xCE, 0x04, 0x74, 0x00, 0xBE, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x66, 0x2B,
661 0xC0, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06, 0x02, 0x66,
662 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30, 0x0B, 0x06, 0x0D, 0x2A, 0x01,
663 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42, 0x84, 0x42, 0x04, 0x01, 0x29,
664 0x00, 0x00, 0xBE, 0x88, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x13, 0x29,
665 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x06, 0x02, 0x69, 0x2B,
666 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x1F,
667 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x01, 0x0C, 0x0F,
668 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C, 0xB4, 0x89, 0x83, 0x01, 0x0C,
669 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03, 0x69, 0x2B, 0x29, 0x00, 0x00,
670 0xBE, 0xA5, 0xBE, 0xA5, 0x2A, 0x06, 0x1D, 0xC0, 0x06, 0x03, 0xBA, 0x04,
671 0x15, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A, 0x8B, 0x08,
672 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB4, 0x04, 0x01, 0xC6, 0x04, 0x60,
673 0x9B, 0x9B, 0x00, 0x00, 0xB9, 0x2A, 0x5D, 0x06, 0x07, 0x29, 0x06, 0x02,
674 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC1, 0x01, 0x03, 0xBF, 0x47, 0x29,
675 0x47, 0x00, 0x00, 0xBE, 0xC6, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xBE,
676 0xA5, 0x2A, 0x06, 0x80, 0x50, 0xC0, 0x03, 0x01, 0xC0, 0x03, 0x02, 0x02,
677 0x01, 0x01, 0x08, 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0D, 0x06,
678 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02, 0x00, 0x39,
679 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01,
680 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03,
681 0x0F, 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60,
682 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0xFF,
683 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBE, 0xA5, 0xBB, 0x80, 0x41, 0x9B,
684 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06,
685 0x15, 0xBE, 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C,
686 0x7C, 0x2F, 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B,
687 0x00, 0x00, 0x01, 0x02, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x00,
688 0x00, 0x01, 0x03, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x01, 0x08,
689 0x0C, 0xC1, 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC1, 0x00, 0x00, 0x3D,
690 0x2A, 0x5B, 0x05, 0x01, 0x00, 0x29, 0xCE, 0x04, 0x76, 0x02, 0x03, 0x00,
691 0x92, 0x30, 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10,
692 0x2A, 0x01, 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01,
693 0x00, 0x5F, 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38,
694 0x06, 0x04, 0xCC, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
695 0xDF, 0x01, 0x00, 0xDE, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01,
696 0x15, 0x87, 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01,
697 0x01, 0x47, 0xC4, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05,
698 0xC1, 0x29, 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E,
699 0x9A, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04,
700 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13,
701 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02,
702 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01,
703 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06,
704 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F,
705 0x06, 0x0F, 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A,
706 0x04, 0x01, 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29,
707 0x29, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04,
708 0x29, 0x01, 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02,
709 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A,
710 0x0F, 0x06, 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01,
711 0x4D, 0x04, 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12,
712 0x01, 0x02, 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47,
713 0x01, 0x03, 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01,
714 0x0F, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01,
715 0x00, 0x73, 0x30, 0x2A, 0x06, 0x22, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06,
716 0x29, 0x01, 0x00, 0x9E, 0x04, 0x14, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0D,
717 0x29, 0x75, 0x30, 0x01, 0x01, 0x0F, 0x06, 0x03, 0x01, 0x10, 0x39, 0x04,
718 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B, 0x30, 0x05, 0x33, 0x31, 0x06, 0x30,
719 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x02, 0x39,
720 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0xA8, 0x06, 0x03,
721 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01, 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29,
722 0x01, 0x01, 0x39, 0x04, 0x07, 0x29, 0x01, 0x04, 0x39, 0x01, 0x00, 0x29,
723 0x19, 0x06, 0x03, 0x01, 0x08, 0x39, 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x13,
724 0x31, 0x06, 0x10, 0x86, 0x30, 0x01, 0x15, 0x0F, 0x06, 0x08, 0x29, 0xA8,
725 0x01, 0x00, 0x75, 0x42, 0x04, 0x01, 0x23, 0x00, 0x00, 0xCC, 0x01, 0x07,
726 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00, 0x01, 0x03, 0x00,
727 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00, 0xCC, 0x29, 0x04,
728 0x74, 0x00, 0x01, 0x14, 0xCF, 0x01, 0x01, 0xDF, 0x2C, 0x2A, 0x01, 0x00,
729 0xC7, 0x01, 0x16, 0xCF, 0xD3, 0x2C, 0x00, 0x00, 0x01, 0x0B, 0xDF, 0x50,
730 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDE, 0xDE, 0x14, 0x2A, 0x5B, 0x06, 0x02,
731 0x29, 0x00, 0xDE, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47, 0xD7, 0x04, 0x77,
732 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD9, 0x93, 0x2E, 0x01, 0x86, 0x03,
733 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xDA, 0x08, 0x4E, 0x08, 0x01, 0x03,
734 0x08, 0x01, 0x0D, 0xDF, 0xDE, 0x01, 0x00, 0xD9, 0xDF, 0x01, 0x01, 0xD9,
735 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, 0x01, 0x00, 0xDA,
736 0xDD, 0x01, 0x01, 0xDA, 0x29, 0x4E, 0xDD, 0x16, 0x15, 0x2A, 0x5B, 0x06,
737 0x02, 0x29, 0x00, 0xDD, 0x1F, 0x2A, 0x06, 0x05, 0x83, 0x47, 0xD7, 0x04,
738 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDF, 0x01, 0x0C, 0xDE,
739 0x83, 0x01, 0x0C, 0xD7, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0xDF, 0x01,
740 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02, 0x00, 0x06,
741 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03,
742 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03,
743 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01, 0x07, 0x08, 0x03,
744 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A, 0x06, 0x03,
745 0x01, 0x02, 0x08, 0x08, 0xDE, 0x93, 0x2E, 0xDD, 0x8C, 0x01, 0x04, 0x17,
746 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01, 0x20, 0xD7, 0x01,
747 0x20, 0xDF, 0x8D, 0x01, 0x20, 0xD7, 0x76, 0x2E, 0xDD, 0x01, 0x00, 0xDF,
748 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A, 0x06, 0x80, 0x40,
749 0xDD, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE, 0x01, 0xDD, 0x01,
750 0x04, 0x09, 0x2A, 0xDD, 0x60, 0x89, 0x47, 0xD8, 0x04, 0x01, 0x29, 0x02,
751 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDD, 0x01, 0x01, 0xDD, 0x84, 0x30, 0x01,
752 0x08, 0x09, 0xDF, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01, 0x10, 0xDD, 0x01,
753 0x04, 0x09, 0x2A, 0xDD, 0x62, 0x2A, 0xDD, 0x60, 0x83, 0x47, 0xD8, 0x04,
754 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E, 0xDF, 0x01, 0x00,
755 0xDE, 0x00, 0x03, 0x76, 0x2E, 0xC9, 0x05, 0x01, 0x00, 0x7C, 0x2F, 0x2A,
756 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x13, 0x06, 0x05, 0x29, 0x01, 0x1D,
757 0x04, 0x0E, 0x2A, 0x01, 0x83, 0xC0, 0x80, 0x80, 0x00, 0x13, 0x2A, 0x06,
758 0x01, 0x47, 0x29, 0xA3, 0x03, 0x00, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06,
759 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03,
760 0x02, 0x01, 0x0C, 0xDF, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01,
761 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDE, 0x01, 0x03, 0xDF, 0x02, 0x00,
762 0xDD, 0x7D, 0x7E, 0x30, 0xD8, 0x02, 0x02, 0x06, 0x1C, 0x90, 0x2E, 0x2A,
763 0x01, 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDD, 0x04, 0x0F, 0x01, 0x81,
764 0x7F, 0x13, 0xDF, 0x76, 0x2E, 0xCA, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08,
765 0xDF, 0x02, 0x01, 0xDD, 0x83, 0x02, 0x01, 0xD7, 0x00, 0x00, 0x54, 0x2A,
766 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCC, 0x29, 0x04, 0x73, 0x00,
767 0x2A, 0xDF, 0xD7, 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC8, 0x06, 0x0C,
768 0x61, 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xDF, 0x01, 0x80, 0x42, 0xDF,
769 0x46, 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDF, 0x45, 0x06,
770 0x08, 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40, 0xDF, 0x47, 0x29, 0x00,
771 0x01, 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01,
772 0x01, 0x80, 0x7C, 0xDB, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDB,
773 0x02, 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44,
774 0x29, 0xDB, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDB,
775 0x02, 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00,
776 0x01, 0x04, 0xDC, 0x01, 0x05, 0xDC, 0x01, 0x06, 0xDC, 0x01, 0x03, 0xDC,
777 0x01, 0x02, 0xDC, 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01,
778 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06,
779 0x07, 0x02, 0x00, 0xDF, 0x01, 0x02, 0x3B, 0xDF, 0x00, 0x00, 0x2A, 0x01,
780 0x08, 0x52, 0xDF, 0xDF, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDF, 0xDD,
781 0x00, 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00, 0xCC, 0x29, 0x04, 0x76
782 };
783
784 static const uint16_t t0_caddr[] = {
785 0,
786 5,
787 10,
788 15,
789 20,
790 25,
791 30,
792 35,
793 40,
794 44,
795 48,
796 52,
797 56,
798 60,
799 64,
800 68,
801 72,
802 76,
803 80,
804 84,
805 88,
806 92,
807 96,
808 100,
809 104,
810 109,
811 114,
812 119,
813 124,
814 129,
815 134,
816 139,
817 144,
818 149,
819 154,
820 159,
821 164,
822 169,
823 174,
824 180,
825 185,
826 190,
827 195,
828 200,
829 205,
830 210,
831 215,
832 220,
833 225,
834 230,
835 235,
836 240,
837 245,
838 250,
839 255,
840 260,
841 265,
842 270,
843 275,
844 280,
845 285,
846 290,
847 299,
848 303,
849 328,
850 334,
851 353,
852 364,
853 405,
854 516,
855 520,
856 553,
857 563,
858 587,
859 655,
860 669,
861 675,
862 734,
863 753,
864 775,
865 824,
866 873,
867 949,
868 1051,
869 1062,
870 1656,
871 1660,
872 1727,
873 1737,
874 1768,
875 1792,
876 1838,
877 1908,
878 1948,
879 1962,
880 1971,
881 1975,
882 2070,
883 2078,
884 2114,
885 2125,
886 2141,
887 2147,
888 2158,
889 2193,
890 2219,
891 2231,
892 2237,
893 2252,
894 2408,
895 2417,
896 2430,
897 2439,
898 2446,
899 2552,
900 2577,
901 2590,
902 2606,
903 2624,
904 2656,
905 2729,
906 2742,
907 2923,
908 2931,
909 3058,
910 3072,
911 3077,
912 3121,
913 3178,
914 3199,
915 3226,
916 3234,
917 3242
918 };
919
920 #define T0_INTERPRETED 91
921
922 #define T0_ENTER(ip, rp, slot) do { \
923 const unsigned char *t0_newip; \
924 uint32_t t0_lnum; \
925 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
926 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
927 (rp) += t0_lnum; \
928 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
929 (ip) = t0_newip; \
930 } while (0)
931
932 #define T0_DEFENTRY(name, slot) \
933 void \
934 name(void *ctx) \
935 { \
936 t0_context *t0ctx = ctx; \
937 t0ctx->ip = &t0_codeblock[0]; \
938 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
939 }
940
941 T0_DEFENTRY(br_ssl_hs_server_init_main, 164)
942
943 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
944
945 void
946 br_ssl_hs_server_run(void *t0ctx)
947 {
948 uint32_t *dp, *rp;
949 const unsigned char *ip;
950
951 #define T0_LOCAL(x) (*(rp - 2 - (x)))
952 #define T0_POP() (*-- dp)
953 #define T0_POPi() (*(int32_t *)(-- dp))
954 #define T0_PEEK(x) (*(dp - 1 - (x)))
955 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
956 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
957 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
958 #define T0_RPOP() (*-- rp)
959 #define T0_RPOPi() (*(int32_t *)(-- rp))
960 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
961 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
962 #define T0_ROLL(x) do { \
963 size_t t0len = (size_t)(x); \
964 uint32_t t0tmp = *(dp - 1 - t0len); \
965 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
966 *(dp - 1) = t0tmp; \
967 } while (0)
968 #define T0_SWAP() do { \
969 uint32_t t0tmp = *(dp - 2); \
970 *(dp - 2) = *(dp - 1); \
971 *(dp - 1) = t0tmp; \
972 } while (0)
973 #define T0_ROT() do { \
974 uint32_t t0tmp = *(dp - 3); \
975 *(dp - 3) = *(dp - 2); \
976 *(dp - 2) = *(dp - 1); \
977 *(dp - 1) = t0tmp; \
978 } while (0)
979 #define T0_NROT() do { \
980 uint32_t t0tmp = *(dp - 1); \
981 *(dp - 1) = *(dp - 2); \
982 *(dp - 2) = *(dp - 3); \
983 *(dp - 3) = t0tmp; \
984 } while (0)
985 #define T0_PICK(x) do { \
986 uint32_t t0depth = (x); \
987 T0_PUSH(T0_PEEK(t0depth)); \
988 } while (0)
989 #define T0_CO() do { \
990 goto t0_exit; \
991 } while (0)
992 #define T0_RET() goto t0_next
993
994 dp = ((t0_context *)t0ctx)->dp;
995 rp = ((t0_context *)t0ctx)->rp;
996 ip = ((t0_context *)t0ctx)->ip;
997 goto t0_next;
998 for (;;) {
999 uint32_t t0x;
1000
1001 t0_next:
1002 t0x = T0_NEXT(&ip);
1003 if (t0x < T0_INTERPRETED) {
1004 switch (t0x) {
1005 int32_t t0off;
1006
1007 case 0: /* ret */
1008 t0x = T0_RPOP();
1009 rp -= (t0x >> 16);
1010 t0x &= 0xFFFF;
1011 if (t0x == 0) {
1012 ip = NULL;
1013 goto t0_exit;
1014 }
1015 ip = &t0_codeblock[t0x];
1016 break;
1017 case 1: /* literal constant */
1018 T0_PUSHi(t0_parse7E_signed(&ip));
1019 break;
1020 case 2: /* read local */
1021 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
1022 break;
1023 case 3: /* write local */
1024 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1025 break;
1026 case 4: /* jump */
1027 t0off = t0_parse7E_signed(&ip);
1028 ip += t0off;
1029 break;
1030 case 5: /* jump if */
1031 t0off = t0_parse7E_signed(&ip);
1032 if (T0_POP()) {
1033 ip += t0off;
1034 }
1035 break;
1036 case 6: /* jump if not */
1037 t0off = t0_parse7E_signed(&ip);
1038 if (!T0_POP()) {
1039 ip += t0off;
1040 }
1041 break;
1042 case 7: {
1043 /* * */
1044
1045 uint32_t b = T0_POP();
1046 uint32_t a = T0_POP();
1047 T0_PUSH(a * b);
1048
1049 }
1050 break;
1051 case 8: {
1052 /* + */
1053
1054 uint32_t b = T0_POP();
1055 uint32_t a = T0_POP();
1056 T0_PUSH(a + b);
1057
1058 }
1059 break;
1060 case 9: {
1061 /* - */
1062
1063 uint32_t b = T0_POP();
1064 uint32_t a = T0_POP();
1065 T0_PUSH(a - b);
1066
1067 }
1068 break;
1069 case 10: {
1070 /* -rot */
1071 T0_NROT();
1072 }
1073 break;
1074 case 11: {
1075 /* < */
1076
1077 int32_t b = T0_POPi();
1078 int32_t a = T0_POPi();
1079 T0_PUSH(-(uint32_t)(a < b));
1080
1081 }
1082 break;
1083 case 12: {
1084 /* << */
1085
1086 int c = (int)T0_POPi();
1087 uint32_t x = T0_POP();
1088 T0_PUSH(x << c);
1089
1090 }
1091 break;
1092 case 13: {
1093 /* <= */
1094
1095 int32_t b = T0_POPi();
1096 int32_t a = T0_POPi();
1097 T0_PUSH(-(uint32_t)(a <= b));
1098
1099 }
1100 break;
1101 case 14: {
1102 /* <> */
1103
1104 uint32_t b = T0_POP();
1105 uint32_t a = T0_POP();
1106 T0_PUSH(-(uint32_t)(a != b));
1107
1108 }
1109 break;
1110 case 15: {
1111 /* = */
1112
1113 uint32_t b = T0_POP();
1114 uint32_t a = T0_POP();
1115 T0_PUSH(-(uint32_t)(a == b));
1116
1117 }
1118 break;
1119 case 16: {
1120 /* > */
1121
1122 int32_t b = T0_POPi();
1123 int32_t a = T0_POPi();
1124 T0_PUSH(-(uint32_t)(a > b));
1125
1126 }
1127 break;
1128 case 17: {
1129 /* >= */
1130
1131 int32_t b = T0_POPi();
1132 int32_t a = T0_POPi();
1133 T0_PUSH(-(uint32_t)(a >= b));
1134
1135 }
1136 break;
1137 case 18: {
1138 /* >> */
1139
1140 int c = (int)T0_POPi();
1141 int32_t x = T0_POPi();
1142 T0_PUSHi(x >> c);
1143
1144 }
1145 break;
1146 case 19: {
1147 /* and */
1148
1149 uint32_t b = T0_POP();
1150 uint32_t a = T0_POP();
1151 T0_PUSH(a & b);
1152
1153 }
1154 break;
1155 case 20: {
1156 /* begin-cert */
1157
1158 if (ENG->chain_len == 0) {
1159 T0_PUSHi(-1);
1160 } else {
1161 ENG->cert_cur = ENG->chain->data;
1162 ENG->cert_len = ENG->chain->data_len;
1163 ENG->chain ++;
1164 ENG->chain_len --;
1165 T0_PUSH(ENG->cert_len);
1166 }
1167
1168 }
1169 break;
1170 case 21: {
1171 /* begin-ta-name */
1172
1173 const br_x500_name *dn;
1174 if (CTX->cur_dn_index >= CTX->num_tas) {
1175 T0_PUSHi(-1);
1176 } else {
1177 if (CTX->ta_names == NULL) {
1178 dn = &CTX->tas[CTX->cur_dn_index].dn;
1179 } else {
1180 dn = &CTX->ta_names[CTX->cur_dn_index];
1181 }
1182 CTX->cur_dn_index ++;
1183 CTX->cur_dn = dn->data;
1184 CTX->cur_dn_len = dn->len;
1185 T0_PUSH(CTX->cur_dn_len);
1186 }
1187
1188 }
1189 break;
1190 case 22: {
1191 /* begin-ta-name-list */
1192
1193 CTX->cur_dn_index = 0;
1194
1195 }
1196 break;
1197 case 23: {
1198 /* bzero */
1199
1200 size_t len = (size_t)T0_POP();
1201 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1202 memset(addr, 0, len);
1203
1204 }
1205 break;
1206 case 24: {
1207 /* call-policy-handler */
1208
1209 int x;
1210 br_ssl_server_choices choices;
1211
1212 x = (*CTX->policy_vtable)->choose(
1213 CTX->policy_vtable, CTX, &choices);
1214 ENG->session.cipher_suite = choices.cipher_suite;
1215 CTX->sign_hash_id = choices.algo_id;
1216 ENG->chain = choices.chain;
1217 ENG->chain_len = choices.chain_len;
1218 T0_PUSHi(-(x != 0));
1219
1220 }
1221 break;
1222 case 25: {
1223 /* can-output? */
1224
1225 T0_PUSHi(-(ENG->hlen_out > 0));
1226
1227 }
1228 break;
1229 case 26: {
1230 /* check-resume */
1231
1232 if (ENG->session.session_id_len == 32
1233 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1234 CTX->cache_vtable, CTX, &ENG->session))
1235 {
1236 T0_PUSHi(-1);
1237 } else {
1238 T0_PUSH(0);
1239 }
1240
1241 }
1242 break;
1243 case 27: {
1244 /* co */
1245 T0_CO();
1246 }
1247 break;
1248 case 28: {
1249 /* compute-Finished-inner */
1250
1251 int prf_id = T0_POP();
1252 int from_client = T0_POPi();
1253 unsigned char seed[48];
1254 size_t seed_len;
1255
1256 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1257 if (ENG->session.version >= BR_TLS12) {
1258 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1259 } else {
1260 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1261 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1262 seed_len = 36;
1263 }
1264 prf(ENG->pad, 12, ENG->session.master_secret,
1265 sizeof ENG->session.master_secret,
1266 from_client ? "client finished" : "server finished",
1267 seed, seed_len);
1268
1269 }
1270 break;
1271 case 29: {
1272 /* compute-hash-CV */
1273
1274 int i;
1275
1276 for (i = 1; i <= 6; i ++) {
1277 br_multihash_out(&ENG->mhash, i,
1278 ENG->pad + HASH_PAD_OFF[i - 1]);
1279 }
1280
1281 }
1282 break;
1283 case 30: {
1284 /* copy-cert-chunk */
1285
1286 size_t clen;
1287
1288 clen = ENG->cert_len;
1289 if (clen > sizeof ENG->pad) {
1290 clen = sizeof ENG->pad;
1291 }
1292 memcpy(ENG->pad, ENG->cert_cur, clen);
1293 ENG->cert_cur += clen;
1294 ENG->cert_len -= clen;
1295 T0_PUSH(clen);
1296
1297 }
1298 break;
1299 case 31: {
1300 /* copy-dn-chunk */
1301
1302 size_t clen;
1303
1304 clen = CTX->cur_dn_len;
1305 if (clen > sizeof ENG->pad) {
1306 clen = sizeof ENG->pad;
1307 }
1308 memcpy(ENG->pad, CTX->cur_dn, clen);
1309 CTX->cur_dn += clen;
1310 CTX->cur_dn_len -= clen;
1311 T0_PUSH(clen);
1312
1313 }
1314 break;
1315 case 32: {
1316 /* copy-hash-CV */
1317
1318 int id = T0_POP();
1319 size_t off, len;
1320
1321 if (id == 0) {
1322 off = 0;
1323 len = 36;
1324 } else {
1325 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1326 T0_PUSH(0);
1327 T0_RET();
1328 }
1329 off = HASH_PAD_OFF[id - 1];
1330 len = HASH_PAD_OFF[id] - off;
1331 }
1332 memcpy(CTX->hash_CV, ENG->pad + off, len);
1333 CTX->hash_CV_len = len;
1334 CTX->hash_CV_id = id;
1335 T0_PUSHi(-1);
1336
1337 }
1338 break;
1339 case 33: {
1340 /* copy-protocol-name */
1341
1342 size_t idx = T0_POP();
1343 size_t len = strlen(ENG->protocol_names[idx]);
1344 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1345 T0_PUSH(len);
1346
1347 }
1348 break;
1349 case 34: {
1350 /* data-get8 */
1351
1352 size_t addr = T0_POP();
1353 T0_PUSH(t0_datablock[addr]);
1354
1355 }
1356 break;
1357 case 35: {
1358 /* discard-input */
1359
1360 ENG->hlen_in = 0;
1361
1362 }
1363 break;
1364 case 36: {
1365 /* do-ecdh */
1366
1367 int prf_id = T0_POPi();
1368 size_t len = T0_POP();
1369 do_ecdh(CTX, prf_id, ENG->pad, len);
1370
1371 }
1372 break;
1373 case 37: {
1374 /* do-ecdhe-part1 */
1375
1376 int curve = T0_POPi();
1377 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1378
1379 }
1380 break;
1381 case 38: {
1382 /* do-ecdhe-part2 */
1383
1384 int prf_id = T0_POPi();
1385 size_t len = T0_POP();
1386 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1387
1388 }
1389 break;
1390 case 39: {
1391 /* do-rsa-decrypt */
1392
1393 int prf_id = T0_POPi();
1394 size_t len = T0_POP();
1395 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1396
1397 }
1398 break;
1399 case 40: {
1400 /* do-static-ecdh */
1401
1402 do_static_ecdh(CTX, T0_POP());
1403
1404 }
1405 break;
1406 case 41: {
1407 /* drop */
1408 (void)T0_POP();
1409 }
1410 break;
1411 case 42: {
1412 /* dup */
1413 T0_PUSH(T0_PEEK(0));
1414 }
1415 break;
1416 case 43: {
1417 /* fail */
1418
1419 br_ssl_engine_fail(ENG, (int)T0_POPi());
1420 T0_CO();
1421
1422 }
1423 break;
1424 case 44: {
1425 /* flush-record */
1426
1427 br_ssl_engine_flush_record(ENG);
1428
1429 }
1430 break;
1431 case 45: {
1432 /* get-key-type-usages */
1433
1434 const br_x509_class *xc;
1435 const br_x509_pkey *pk;
1436 unsigned usages;
1437
1438 xc = *(ENG->x509ctx);
1439 pk = xc->get_pkey(ENG->x509ctx, &usages);
1440 if (pk == NULL) {
1441 T0_PUSH(0);
1442 } else {
1443 T0_PUSH(pk->key_type | usages);
1444 }
1445
1446 }
1447 break;
1448 case 46: {
1449 /* get16 */
1450
1451 size_t addr = (size_t)T0_POP();
1452 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1453
1454 }
1455 break;
1456 case 47: {
1457 /* get32 */
1458
1459 size_t addr = (size_t)T0_POP();
1460 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1461
1462 }
1463 break;
1464 case 48: {
1465 /* get8 */
1466
1467 size_t addr = (size_t)T0_POP();
1468 T0_PUSH(*((unsigned char *)ENG + addr));
1469
1470 }
1471 break;
1472 case 49: {
1473 /* has-input? */
1474
1475 T0_PUSHi(-(ENG->hlen_in != 0));
1476
1477 }
1478 break;
1479 case 50: {
1480 /* memcmp */
1481
1482 size_t len = (size_t)T0_POP();
1483 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1484 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1485 int x = memcmp(addr1, addr2, len);
1486 T0_PUSH((uint32_t)-(x == 0));
1487
1488 }
1489 break;
1490 case 51: {
1491 /* memcpy */
1492
1493 size_t len = (size_t)T0_POP();
1494 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1495 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1496 memcpy(dst, src, len);
1497
1498 }
1499 break;
1500 case 52: {
1501 /* mkrand */
1502
1503 size_t len = (size_t)T0_POP();
1504 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1505 br_hmac_drbg_generate(&ENG->rng, addr, len);
1506
1507 }
1508 break;
1509 case 53: {
1510 /* more-incoming-bytes? */
1511
1512 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1513
1514 }
1515 break;
1516 case 54: {
1517 /* multihash-init */
1518
1519 br_multihash_init(&ENG->mhash);
1520
1521 }
1522 break;
1523 case 55: {
1524 /* neg */
1525
1526 uint32_t a = T0_POP();
1527 T0_PUSH(-a);
1528
1529 }
1530 break;
1531 case 56: {
1532 /* not */
1533
1534 uint32_t a = T0_POP();
1535 T0_PUSH(~a);
1536
1537 }
1538 break;
1539 case 57: {
1540 /* or */
1541
1542 uint32_t b = T0_POP();
1543 uint32_t a = T0_POP();
1544 T0_PUSH(a | b);
1545
1546 }
1547 break;
1548 case 58: {
1549 /* over */
1550 T0_PUSH(T0_PEEK(1));
1551 }
1552 break;
1553 case 59: {
1554 /* pick */
1555 T0_PICK(T0_POP());
1556 }
1557 break;
1558 case 60: {
1559 /* read-chunk-native */
1560
1561 size_t clen = ENG->hlen_in;
1562 if (clen > 0) {
1563 uint32_t addr, len;
1564
1565 len = T0_POP();
1566 addr = T0_POP();
1567 if ((size_t)len < clen) {
1568 clen = (size_t)len;
1569 }
1570 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1571 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1572 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1573 }
1574 T0_PUSH(addr + (uint32_t)clen);
1575 T0_PUSH(len - (uint32_t)clen);
1576 ENG->hbuf_in += clen;
1577 ENG->hlen_in -= clen;
1578 }
1579
1580 }
1581 break;
1582 case 61: {
1583 /* read8-native */
1584
1585 if (ENG->hlen_in > 0) {
1586 unsigned char x;
1587
1588 x = *ENG->hbuf_in ++;
1589 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1590 br_multihash_update(&ENG->mhash, &x, 1);
1591 }
1592 T0_PUSH(x);
1593 ENG->hlen_in --;
1594 } else {
1595 T0_PUSHi(-1);
1596 }
1597
1598 }
1599 break;
1600 case 62: {
1601 /* save-session */
1602
1603 if (CTX->cache_vtable != NULL) {
1604 (*CTX->cache_vtable)->save(
1605 CTX->cache_vtable, CTX, &ENG->session);
1606 }
1607
1608 }
1609 break;
1610 case 63: {
1611 /* set-max-frag-len */
1612
1613 size_t max_frag_len = T0_POP();
1614
1615 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1616
1617 /*
1618 * We must adjust our own output limit. Since we call this only
1619 * after receiving a ClientHello and before beginning to send
1620 * the ServerHello, the next output record should be empty at
1621 * that point, so we can use max_frag_len as a limit.
1622 */
1623 if (ENG->hlen_out > max_frag_len) {
1624 ENG->hlen_out = max_frag_len;
1625 }
1626
1627 }
1628 break;
1629 case 64: {
1630 /* set16 */
1631
1632 size_t addr = (size_t)T0_POP();
1633 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1634
1635 }
1636 break;
1637 case 65: {
1638 /* set32 */
1639
1640 size_t addr = (size_t)T0_POP();
1641 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1642
1643 }
1644 break;
1645 case 66: {
1646 /* set8 */
1647
1648 size_t addr = (size_t)T0_POP();
1649 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1650
1651 }
1652 break;
1653 case 67: {
1654 /* supported-curves */
1655
1656 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1657 T0_PUSH(x);
1658
1659 }
1660 break;
1661 case 68: {
1662 /* supported-hash-functions */
1663
1664 int i;
1665 unsigned x, num;
1666
1667 x = 0;
1668 num = 0;
1669 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1670 if (br_multihash_getimpl(&ENG->mhash, i)) {
1671 x |= 1U << i;
1672 num ++;
1673 }
1674 }
1675 T0_PUSH(x);
1676 T0_PUSH(num);
1677
1678 }
1679 break;
1680 case 69: {
1681 /* supports-ecdsa? */
1682
1683 T0_PUSHi(-(ENG->iecdsa != 0));
1684
1685 }
1686 break;
1687 case 70: {
1688 /* supports-rsa-sign? */
1689
1690 T0_PUSHi(-(ENG->irsavrfy != 0));
1691
1692 }
1693 break;
1694 case 71: {
1695 /* swap */
1696 T0_SWAP();
1697 }
1698 break;
1699 case 72: {
1700 /* switch-aesgcm-in */
1701
1702 int is_client, prf_id;
1703 unsigned cipher_key_len;
1704
1705 cipher_key_len = T0_POP();
1706 prf_id = T0_POP();
1707 is_client = T0_POP();
1708 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1709 ENG->iaes_ctr, cipher_key_len);
1710
1711 }
1712 break;
1713 case 73: {
1714 /* switch-aesgcm-out */
1715
1716 int is_client, prf_id;
1717 unsigned cipher_key_len;
1718
1719 cipher_key_len = T0_POP();
1720 prf_id = T0_POP();
1721 is_client = T0_POP();
1722 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1723 ENG->iaes_ctr, cipher_key_len);
1724
1725 }
1726 break;
1727 case 74: {
1728 /* switch-cbc-in */
1729
1730 int is_client, prf_id, mac_id, aes;
1731 unsigned cipher_key_len;
1732
1733 cipher_key_len = T0_POP();
1734 aes = T0_POP();
1735 mac_id = T0_POP();
1736 prf_id = T0_POP();
1737 is_client = T0_POP();
1738 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1739 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1740
1741 }
1742 break;
1743 case 75: {
1744 /* switch-cbc-out */
1745
1746 int is_client, prf_id, mac_id, aes;
1747 unsigned cipher_key_len;
1748
1749 cipher_key_len = T0_POP();
1750 aes = T0_POP();
1751 mac_id = T0_POP();
1752 prf_id = T0_POP();
1753 is_client = T0_POP();
1754 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1755 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1756
1757 }
1758 break;
1759 case 76: {
1760 /* switch-chapol-in */
1761
1762 int is_client, prf_id;
1763
1764 prf_id = T0_POP();
1765 is_client = T0_POP();
1766 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1767
1768 }
1769 break;
1770 case 77: {
1771 /* switch-chapol-out */
1772
1773 int is_client, prf_id;
1774
1775 prf_id = T0_POP();
1776 is_client = T0_POP();
1777 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1778
1779 }
1780 break;
1781 case 78: {
1782 /* ta-names-total-length */
1783
1784 size_t u, len;
1785
1786 len = 0;
1787 if (CTX->ta_names != NULL) {
1788 for (u = 0; u < CTX->num_tas; u ++) {
1789 len += CTX->ta_names[u].len + 2;
1790 }
1791 } else if (CTX->tas != NULL) {
1792 for (u = 0; u < CTX->num_tas; u ++) {
1793 len += CTX->tas[u].dn.len + 2;
1794 }
1795 }
1796 T0_PUSH(len);
1797
1798 }
1799 break;
1800 case 79: {
1801 /* test-protocol-name */
1802
1803 size_t len = T0_POP();
1804 size_t u;
1805
1806 for (u = 0; u < ENG->protocol_names_num; u ++) {
1807 const char *name;
1808
1809 name = ENG->protocol_names[u];
1810 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1811 T0_PUSH(u);
1812 T0_RET();
1813 }
1814 }
1815 T0_PUSHi(-1);
1816
1817 }
1818 break;
1819 case 80: {
1820 /* total-chain-length */
1821
1822 size_t u;
1823 uint32_t total;
1824
1825 total = 0;
1826 for (u = 0; u < ENG->chain_len; u ++) {
1827 total += 3 + (uint32_t)ENG->chain[u].data_len;
1828 }
1829 T0_PUSH(total);
1830
1831 }
1832 break;
1833 case 81: {
1834 /* u< */
1835
1836 uint32_t b = T0_POP();
1837 uint32_t a = T0_POP();
1838 T0_PUSH(-(uint32_t)(a < b));
1839
1840 }
1841 break;
1842 case 82: {
1843 /* u>> */
1844
1845 int c = (int)T0_POPi();
1846 uint32_t x = T0_POP();
1847 T0_PUSH(x >> c);
1848
1849 }
1850 break;
1851 case 83: {
1852 /* verify-CV-sig */
1853
1854 int err;
1855
1856 err = verify_CV_sig(CTX, T0_POP());
1857 T0_PUSHi(err);
1858
1859 }
1860 break;
1861 case 84: {
1862 /* write-blob-chunk */
1863
1864 size_t clen = ENG->hlen_out;
1865 if (clen > 0) {
1866 uint32_t addr, len;
1867
1868 len = T0_POP();
1869 addr = T0_POP();
1870 if ((size_t)len < clen) {
1871 clen = (size_t)len;
1872 }
1873 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1874 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1875 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1876 }
1877 T0_PUSH(addr + (uint32_t)clen);
1878 T0_PUSH(len - (uint32_t)clen);
1879 ENG->hbuf_out += clen;
1880 ENG->hlen_out -= clen;
1881 }
1882
1883 }
1884 break;
1885 case 85: {
1886 /* write8-native */
1887
1888 unsigned char x;
1889
1890 x = (unsigned char)T0_POP();
1891 if (ENG->hlen_out > 0) {
1892 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1893 br_multihash_update(&ENG->mhash, &x, 1);
1894 }
1895 *ENG->hbuf_out ++ = x;
1896 ENG->hlen_out --;
1897 T0_PUSHi(-1);
1898 } else {
1899 T0_PUSHi(0);
1900 }
1901
1902 }
1903 break;
1904 case 86: {
1905 /* x509-append */
1906
1907 const br_x509_class *xc;
1908 size_t len;
1909
1910 xc = *(ENG->x509ctx);
1911 len = T0_POP();
1912 xc->append(ENG->x509ctx, ENG->pad, len);
1913
1914 }
1915 break;
1916 case 87: {
1917 /* x509-end-cert */
1918
1919 const br_x509_class *xc;
1920
1921 xc = *(ENG->x509ctx);
1922 xc->end_cert(ENG->x509ctx);
1923
1924 }
1925 break;
1926 case 88: {
1927 /* x509-end-chain */
1928
1929 const br_x509_class *xc;
1930
1931 xc = *(ENG->x509ctx);
1932 T0_PUSH(xc->end_chain(ENG->x509ctx));
1933
1934 }
1935 break;
1936 case 89: {
1937 /* x509-start-cert */
1938
1939 const br_x509_class *xc;
1940
1941 xc = *(ENG->x509ctx);
1942 xc->start_cert(ENG->x509ctx, T0_POP());
1943
1944 }
1945 break;
1946 case 90: {
1947 /* x509-start-chain */
1948
1949 const br_x509_class *xc;
1950 uint32_t bc;
1951
1952 bc = T0_POP();
1953 xc = *(ENG->x509ctx);
1954 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1955
1956 }
1957 break;
1958 }
1959
1960 } else {
1961 T0_ENTER(ip, rp, t0x);
1962 }
1963 }
1964 t0_exit:
1965 ((t0_context *)t0ctx)->dp = dp;
1966 ((t0_context *)t0ctx)->rp = rp;
1967 ((t0_context *)t0ctx)->ip = ip;
1968 }
The BearSSL library and tools.