projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Some cleanups (removed unused files, split i15 code into per-function files).
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, &len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *xcoor, size_t xcoor_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146
147 if (xcoor_len > sizeof rpms) {
148 xcoor_len = sizeof rpms;
149 ctl = 0;
150 }
151
152 /*
153 * Make a random PMS and copy it above the decrypted value if the
154 * decryption failed. Note that we use a constant-time conditional
155 * copy.
156 */
157 br_hmac_drbg_generate(&ctx->eng.rng, rpms, xcoor_len);
158 br_ccopy(ctl ^ 1, xcoor, rpms, xcoor_len);
159
160 /*
161 * Compute master secret.
162 */
163 br_ssl_engine_compute_master(&ctx->eng, prf_id, xcoor, xcoor_len);
164
165 /*
166 * Clear the pre-master secret from RAM: it is normally a buffer
167 * in the context, hence potentially long-lived.
168 */
169 memset(xcoor, 0, xcoor_len);
170 }
171
172 /*
173 * Do the ECDH key exchange (not ECDHE).
174 */
175 static void
176 do_ecdh(br_ssl_server_context *ctx, int prf_id,
177 unsigned char *cpoint, size_t cpoint_len)
178 {
179 uint32_t x;
180
181 /*
182 * Finalise the key exchange.
183 */
184 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
185 cpoint, &cpoint_len);
186 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
187 }
188
189 /*
190 * Do the full static ECDH key exchange. When this function is called,
191 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
192 * and the client's public key (from its certificate) has type EC and is
193 * apt for key exchange.
194 */
195 static void
196 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
197 {
198 unsigned char cpoint[133];
199 size_t cpoint_len;
200 const br_x509_class **xc;
201 const br_x509_pkey *pk;
202
203 xc = ctx->eng.x509ctx;
204 pk = (*xc)->get_pkey(xc, NULL);
205 cpoint_len = pk->key.ec.qlen;
206 if (cpoint_len > sizeof cpoint) {
207 /*
208 * If the point is larger than our buffer then we need to
209 * restrict it. Length 2 is not a valid point length, so
210 * the ECDH will fail.
211 */
212 cpoint_len = 2;
213 }
214 memcpy(cpoint, pk->key.ec.q, cpoint_len);
215 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
216 }
217
218 static size_t
219 hash_data(br_ssl_server_context *ctx,
220 void *dst, int hash_id, const void *src, size_t len)
221 {
222 const br_hash_class *hf;
223 br_hash_compat_context hc;
224
225 if (hash_id == 0) {
226 unsigned char tmp[36];
227
228 hf = br_multihash_getimpl(&ctx->eng.mhash, br_md5_ID);
229 if (hf == NULL) {
230 return 0;
231 }
232 hf->init(&hc.vtable);
233 hf->update(&hc.vtable, src, len);
234 hf->out(&hc.vtable, tmp);
235 hf = br_multihash_getimpl(&ctx->eng.mhash, br_sha1_ID);
236 if (hf == NULL) {
237 return 0;
238 }
239 hf->init(&hc.vtable);
240 hf->update(&hc.vtable, src, len);
241 hf->out(&hc.vtable, tmp + 16);
242 memcpy(dst, tmp, 36);
243 return 36;
244 } else {
245 hf = br_multihash_getimpl(&ctx->eng.mhash, hash_id);
246 if (hf == NULL) {
247 return 0;
248 }
249 hf->init(&hc.vtable);
250 hf->update(&hc.vtable, src, len);
251 hf->out(&hc.vtable, dst);
252 return (hf->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK;
253 }
254 }
255
256 /*
257 * Do the ECDHE key exchange (part 1: generation of transient key, and
258 * computing of the point to send to the client). Returned value is the
259 * signature length (in bytes), or -x on error (with x being an error
260 * code). The encoded point is written in the ecdhe_point[] context buffer
261 * (length in ecdhe_point_len).
262 */
263 static int
264 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
265 {
266 unsigned algo_id;
267 unsigned mask;
268 const unsigned char *order;
269 size_t olen, glen;
270 size_t hv_len, sig_len;
271
272 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
273 return -BR_ERR_INVALID_ALGORITHM;
274 }
275 ctx->eng.ecdhe_curve = curve;
276
277 /*
278 * Generate our private key. We need a non-zero random value
279 * which is lower than the curve order, in a "large enough"
280 * range. We force the top bit to 0 and bottom bit to 1, which
281 * does the trick. Note that contrary to what happens in ECDSA,
282 * this is not a problem if we do not cover the full range of
283 * possible values.
284 */
285 order = ctx->eng.iec->order(curve, &olen);
286 mask = 0xFF;
287 while (mask >= order[0]) {
288 mask >>= 1;
289 }
290 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
291 ctx->ecdhe_key[0] &= mask;
292 ctx->ecdhe_key[olen - 1] |= 0x01;
293 ctx->ecdhe_key_len = olen;
294
295 /*
296 * Compute our ECDH point.
297 */
298 glen = ctx->eng.iec->mulgen(ctx->eng.ecdhe_point,
299 ctx->ecdhe_key, olen, curve);
300 ctx->eng.ecdhe_point_len = glen;
301
302 /*
303 * Assemble the message to be signed, and possibly hash it.
304 */
305 memcpy(ctx->eng.pad, ctx->eng.client_random, 32);
306 memcpy(ctx->eng.pad + 32, ctx->eng.server_random, 32);
307 ctx->eng.pad[64 + 0] = 0x03;
308 ctx->eng.pad[64 + 1] = 0x00;
309 ctx->eng.pad[64 + 2] = curve;
310 ctx->eng.pad[64 + 3] = ctx->eng.ecdhe_point_len;
311 memcpy(ctx->eng.pad + 64 + 4,
312 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
313 hv_len = 64 + 4 + ctx->eng.ecdhe_point_len;
314 algo_id = ctx->sign_hash_id;
315 if (algo_id >= (unsigned)0xFF00) {
316 hv_len = hash_data(ctx, ctx->eng.pad, algo_id & 0xFF,
317 ctx->eng.pad, hv_len);
318 if (hv_len == 0) {
319 return -BR_ERR_INVALID_ALGORITHM;
320 }
321 }
322
323 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
324 algo_id, ctx->eng.pad, hv_len, sizeof ctx->eng.pad);
325 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
326 }
327
328 /*
329 * Do the ECDHE key exchange (part 2: computation of the shared secret
330 * from the point sent by the client).
331 */
332 static void
333 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
334 unsigned char *cpoint, size_t cpoint_len)
335 {
336 int curve;
337 uint32_t ctl;
338 size_t xoff, xlen;
339
340 curve = ctx->eng.ecdhe_curve;
341
342 /*
343 * Finalise the key exchange.
344 */
345 ctl = ctx->eng.iec->mul(cpoint, cpoint_len,
346 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
347 xoff = ctx->eng.iec->xoff(curve, &xlen);
348 ecdh_common(ctx, prf_id, cpoint + xoff, xlen, ctl);
349
350 /*
351 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
352 * as that key does not get stolen, so we'd better destroy it
353 * as soon as it ceases to be useful.
354 */
355 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
356 }
357
358 /*
359 * Offset for hash value within the pad (when obtaining all hash values,
360 * in preparation for verification of the CertificateVerify message).
361 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
362 * is used to get the total length.
363 */
364 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
365
366 /*
367 * OID for hash functions in RSA signatures.
368 */
369 static const unsigned char HASH_OID_SHA1[] = {
370 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
371 };
372
373 static const unsigned char HASH_OID_SHA224[] = {
374 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
375 };
376
377 static const unsigned char HASH_OID_SHA256[] = {
378 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
379 };
380
381 static const unsigned char HASH_OID_SHA384[] = {
382 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
383 };
384
385 static const unsigned char HASH_OID_SHA512[] = {
386 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
387 };
388
389 static const unsigned char *HASH_OID[] = {
390 HASH_OID_SHA1,
391 HASH_OID_SHA224,
392 HASH_OID_SHA256,
393 HASH_OID_SHA384,
394 HASH_OID_SHA512
395 };
396
397 /*
398 * Verify the signature in CertificateVerify. Returned value is 0 on
399 * success, or a non-zero error code. Lack of implementation of the
400 * designated signature algorithm is reported as a "bad signature"
401 * error (because it means that the peer did not honour our advertised
402 * set of supported signature algorithms).
403 */
404 static int
405 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
406 {
407 const br_x509_class **xc;
408 const br_x509_pkey *pk;
409 int id;
410
411 id = ctx->hash_CV_id;
412 xc = ctx->eng.x509ctx;
413 pk = (*xc)->get_pkey(xc, NULL);
414 if (pk->key_type == BR_KEYTYPE_RSA) {
415 unsigned char tmp[64];
416 const unsigned char *hash_oid;
417
418 if (id == 0) {
419 hash_oid = NULL;
420 } else {
421 hash_oid = HASH_OID[id - 2];
422 }
423 if (ctx->eng.irsavrfy == 0) {
424 return BR_ERR_BAD_SIGNATURE;
425 }
426 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
427 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
428 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
429 {
430 return BR_ERR_BAD_SIGNATURE;
431 }
432 } else {
433 if (ctx->eng.iecdsa == 0) {
434 return BR_ERR_BAD_SIGNATURE;
435 }
436 if (!ctx->eng.iecdsa(ctx->eng.iec,
437 ctx->hash_CV, ctx->hash_CV_len,
438 &pk->key.ec, ctx->eng.pad, sig_len))
439 {
440 return BR_ERR_BAD_SIGNATURE;
441 }
442 }
443 return 0;
444 }
445
446
447
448 static const uint8_t t0_datablock[] = {
449 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
450 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
451 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
452 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
453 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
454 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
455 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
456 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
457 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
458 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
459 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
460 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
461 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
462 };
463
464 static const uint8_t t0_codeblock[] = {
465 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
466 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
467 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
468 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
480 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
483 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
486 0x01,
487 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
488 0x00, 0x00, 0x01,
489 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
491 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
494 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
500 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
501 0x00, 0x00, 0x79, 0x01,
502 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
504 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
505 0x00, 0x01,
506 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
507 0x00, 0x01,
508 T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
510 0x00, 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
513 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
514 0x00, 0x01,
515 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
517 0x00, 0x00, 0x01,
518 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
519 0x01,
520 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
521 0x00, 0x00, 0x01,
522 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
523 0x00, 0x00, 0x01,
524 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
525 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
526 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
528 0x00, 0x01,
529 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
530 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
531 0x00, 0x00, 0x01,
532 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
533 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
535 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
536 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
537 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
538 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
539 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA6, 0x1C, 0x83,
540 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
541 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x42, 0x2C, 0x19,
542 0x38, 0x06, 0x07, 0x02, 0x00, 0xCD, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
543 0xC5, 0x02, 0x00, 0x2A, 0x19, 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCD, 0x04,
544 0x76, 0x00, 0x01, 0x00, 0x75, 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
545 0x8A, 0x40, 0x36, 0xAF, 0x35, 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD4,
546 0x01, 0x00, 0xD0, 0x01, 0x00, 0xAB, 0x04, 0x80, 0x46, 0xD4, 0xD1, 0x29,
547 0xD6, 0x4E, 0x06, 0x01, 0xD2, 0xD5, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00,
548 0xAC, 0x2A, 0x5B, 0x06, 0x0F, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B,
549 0x29, 0xB0, 0xAE, 0x2A, 0xC6, 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B,
550 0x29, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x6E, 0x2B, 0xB0, 0x04, 0x0A, 0xB2,
551 0x2A, 0x05, 0x04, 0x29, 0xA9, 0x04, 0x02, 0xB1, 0xAD, 0x04, 0x01, 0xB0,
552 0x01, 0x00, 0xAB, 0x01, 0x00, 0xD0, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01,
553 0x17, 0x87, 0x42, 0x00, 0x00, 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C,
554 0x19, 0x38, 0x06, 0x04, 0xCC, 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00,
555 0xC4, 0x19, 0x38, 0x06, 0x04, 0xCC, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01,
556 0x84, 0x00, 0x08, 0x2B, 0x00, 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01,
557 0x13, 0x37, 0x00, 0x00, 0x2A, 0x05, 0x04, 0x29, 0x01, 0x7F, 0x00, 0x01,
558 0x00, 0xA0, 0x12, 0x01, 0x01, 0x13, 0x5D, 0x06, 0x03, 0x5F, 0x04, 0x75,
559 0x47, 0x29, 0x00, 0x00, 0x01, 0x7F, 0x9F, 0xCC, 0x2A, 0x01, 0x07, 0x13,
560 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01,
561 0xC3, 0x04, 0x2A, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88,
562 0x30, 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19,
563 0x38, 0x06, 0x04, 0xCC, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x04,
564 0x03, 0x01, 0x00, 0x9F, 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01,
565 0x2A, 0x03, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00,
566 0x00, 0x00, 0x9A, 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00,
567 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29,
568 0x01, 0x02, 0x74, 0x42, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F,
569 0x06, 0x14, 0x29, 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F,
570 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01,
571 0x82, 0x00, 0x08, 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05,
572 0x3D, 0xA7, 0x39, 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42,
573 0x00, 0x00, 0x01, 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B,
574 0x76, 0x2E, 0x2A, 0xC8, 0x05, 0x02, 0x71, 0x2B, 0xA6, 0x28, 0x00, 0x02,
575 0x85, 0x2E, 0x05, 0x02, 0xBA, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x7E,
576 0x03, 0x00, 0x2A, 0x06, 0x17, 0xC0, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB4,
577 0x02, 0x01, 0x4F, 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04,
578 0x01, 0x29, 0x04, 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00,
579 0x00, 0x31, 0x06, 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71,
580 0x2B, 0x04, 0x11, 0xCC, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06,
581 0x06, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC1, 0x01, 0x01, 0x0E,
582 0x35, 0x39, 0x06, 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC7, 0x38, 0xB3,
583 0x00, 0x01, 0xB8, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01,
584 0x03, 0x0F, 0x06, 0x08, 0xBF, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00,
585 0x47, 0x5A, 0xBF, 0xA5, 0x2A, 0x06, 0x23, 0xBF, 0xA5, 0x2A, 0x59, 0x2A,
586 0x06, 0x18, 0x2A, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00,
587 0x04, 0x01, 0x2A, 0x03, 0x00, 0x83, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x56,
588 0x04, 0x65, 0x9B, 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02,
589 0x37, 0x00, 0x29, 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02,
590 0x72, 0x2B, 0x01, 0x0F, 0x13, 0x03, 0x00, 0xAE, 0x93, 0x2E, 0x01, 0x86,
591 0x03, 0x11, 0x06, 0x23, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01,
592 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12,
593 0x2A, 0x01, 0x02, 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C,
594 0x2B, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00,
595 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBE, 0x2A, 0x03,
596 0x01, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47,
597 0xB4, 0x02, 0x01, 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00,
598 0x1D, 0xB8, 0x01, 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB8,
599 0x01, 0x01, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0xBE, 0x2A, 0x03, 0x00, 0x77,
600 0x40, 0x78, 0x01, 0x20, 0xB4, 0xC0, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02,
601 0x70, 0x2B, 0x2A, 0x8E, 0x42, 0x8D, 0x47, 0xB4, 0x1A, 0x03, 0x01, 0xBE,
602 0xA5, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17,
603 0x3A, 0x08, 0x03, 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBE, 0x2A,
604 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04,
605 0x01, 0x7F, 0x03, 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88,
606 0x30, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81,
607 0xAC, 0x00, 0x0F, 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00,
608 0x95, 0x2E, 0x0B, 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC2, 0x2A,
609 0x5B, 0x06, 0x03, 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01,
610 0x02, 0x0C, 0x79, 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02,
611 0x05, 0x02, 0x04, 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05,
612 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29,
613 0x01, 0x00, 0x03, 0x07, 0xC0, 0xA5, 0x2A, 0x06, 0x09, 0xC0, 0x05, 0x04,
614 0x01, 0x7F, 0x03, 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01,
615 0x88, 0x04, 0x80, 0x41, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A,
616 0x06, 0x80, 0x4E, 0xBE, 0xA5, 0x2A, 0x06, 0x80, 0x47, 0xBE, 0x01, 0x00,
617 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB7, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F,
618 0x06, 0x04, 0x29, 0xB5, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F,
619 0x06, 0x04, 0x29, 0xB6, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04,
620 0x29, 0xBC, 0x04, 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBD,
621 0x04, 0x0F, 0x01, 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xAA, 0x04, 0x05,
622 0x29, 0xBA, 0x01, 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01,
623 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E,
624 0x97, 0x40, 0x01, 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10,
625 0x06, 0x03, 0x29, 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02,
626 0x6B, 0x2B, 0x02, 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46,
627 0xA1, 0x02, 0x01, 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05,
628 0x29, 0x93, 0x2E, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40,
629 0x2A, 0x94, 0x40, 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08,
630 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x88, 0x42, 0x02, 0x07, 0x05, 0x03,
631 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07, 0x01, 0xFC, 0x80,
632 0x00, 0x39, 0x80, 0x2F, 0x13, 0x2A, 0x80, 0x41, 0x2A, 0x01, 0x81, 0x7F,
633 0x13, 0x5C, 0x37, 0x47, 0x01, 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39,
634 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41,
635 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F,
636 0x00, 0x8D, 0x01, 0x20, 0x34, 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03,
637 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A,
638 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F,
639 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00,
640 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20,
641 0x0E, 0x06, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05,
642 0x61, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05,
643 0x04, 0x01, 0x63, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05,
644 0x79, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A,
645 0x42, 0x8A, 0x2E, 0x01, 0x83, 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03,
646 0xA2, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18,
647 0x05, 0x03, 0x01, 0x28, 0xA1, 0x01, 0x00, 0x00, 0x00, 0xB2, 0xB1, 0x00,
648 0x04, 0x76, 0x2E, 0xCB, 0x06, 0x16, 0xBE, 0x2A, 0x01, 0x84, 0x00, 0x10,
649 0x06, 0x02, 0x6D, 0x2B, 0x2A, 0x03, 0x00, 0x83, 0x47, 0xB4, 0x02, 0x00,
650 0x76, 0x2E, 0xA6, 0x27, 0x76, 0x2E, 0x2A, 0xC9, 0x47, 0xC8, 0x03, 0x01,
651 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39, 0x06, 0x14, 0xC0, 0x2A, 0x03,
652 0x03, 0x83, 0x47, 0xB4, 0x02, 0x03, 0x76, 0x2E, 0xA6, 0x02, 0x02, 0x06,
653 0x03, 0x26, 0x04, 0x01, 0x24, 0x9B, 0x00, 0x00, 0xB8, 0x01, 0x10, 0x0F,
654 0x05, 0x02, 0x71, 0x2B, 0x00, 0x00, 0x9C, 0xB8, 0x01, 0x14, 0x0E, 0x06,
655 0x02, 0x71, 0x2B, 0x83, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4, 0x9B, 0x83,
656 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00,
657 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00,
658 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCE, 0x04, 0x74,
659 0x00, 0xBE, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x66, 0x2B, 0xC0, 0x2A, 0x2A,
660 0x5D, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08,
661 0x08, 0x2A, 0x82, 0x30, 0x0B, 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C,
662 0x3F, 0x2A, 0x82, 0x42, 0x84, 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBE,
663 0x88, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F,
664 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88,
665 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D,
666 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69,
667 0x2B, 0x83, 0x01, 0x0C, 0xB4, 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02,
668 0x69, 0x2B, 0x04, 0x03, 0x69, 0x2B, 0x29, 0x00, 0x00, 0xBE, 0xA5, 0xBE,
669 0xA5, 0x2A, 0x06, 0x1D, 0xC0, 0x06, 0x03, 0xBA, 0x04, 0x15, 0xBE, 0x2A,
670 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47,
671 0x42, 0x8B, 0x47, 0xB4, 0x04, 0x01, 0xC6, 0x04, 0x60, 0x9B, 0x9B, 0x00,
672 0x00, 0xB9, 0x2A, 0x5D, 0x06, 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04,
673 0x74, 0x00, 0x00, 0xC1, 0x01, 0x03, 0xBF, 0x47, 0x29, 0x47, 0x00, 0x00,
674 0xBE, 0xC6, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xBE, 0xA5, 0x2A, 0x06,
675 0x80, 0x50, 0xC0, 0x03, 0x01, 0xC0, 0x03, 0x02, 0x02, 0x01, 0x01, 0x08,
676 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0D, 0x06, 0x0D, 0x01, 0x01,
677 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02, 0x00, 0x39, 0x03, 0x00, 0x04,
678 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13,
679 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x39, 0x13,
680 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60, 0x01, 0x02, 0x0C,
681 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0xFF, 0x2C, 0x9B, 0x02,
682 0x00, 0x00, 0x00, 0xBE, 0xA5, 0xBB, 0x80, 0x41, 0x9B, 0x00, 0x00, 0xBE,
683 0xA5, 0xBE, 0xA5, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBE, 0x2A,
684 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F, 0x39,
685 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00, 0x01,
686 0x02, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x00, 0x00, 0x01, 0x03,
687 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x01, 0x08, 0x0C, 0xC1, 0x08,
688 0x00, 0x00, 0x01, 0x01, 0x98, 0xC1, 0x00, 0x00, 0x3D, 0x2A, 0x5B, 0x05,
689 0x01, 0x00, 0x29, 0xCE, 0x04, 0x76, 0x02, 0x03, 0x00, 0x92, 0x30, 0x03,
690 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01, 0x01,
691 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F, 0x04,
692 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC,
693 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0xDF, 0x01, 0x00,
694 0xDE, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01, 0x15, 0x87, 0x42,
695 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47, 0xC4,
696 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05, 0xC1, 0x29, 0x60,
697 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03, 0x01,
698 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F,
699 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x3A,
700 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03,
701 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F, 0x06,
702 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04,
703 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F, 0x29,
704 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B,
705 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x10,
706 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x29, 0x01, 0x04,
707 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
708 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06, 0x0C,
709 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x03,
710 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10,
711 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03, 0x0B,
712 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00,
713 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x30,
714 0x2A, 0x06, 0x1F, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x00,
715 0x9E, 0x04, 0x11, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0A, 0x29, 0x75, 0x30,
716 0x06, 0x03, 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B,
717 0x30, 0x05, 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F,
718 0x06, 0x06, 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F,
719 0x06, 0x09, 0x29, 0xA8, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01,
720 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07, 0x29,
721 0x01, 0x04, 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08, 0x39,
722 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x0F, 0x31, 0x06, 0x0C, 0x86, 0x30, 0x01,
723 0x15, 0x0F, 0x06, 0x04, 0x29, 0xA8, 0x04, 0x01, 0x23, 0x00, 0x00, 0xCC,
724 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00, 0x01,
725 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00, 0xCC,
726 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCF, 0x01, 0x01, 0xDF, 0x2C, 0x2A,
727 0x01, 0x00, 0xC7, 0x01, 0x16, 0xCF, 0xD3, 0x2C, 0x00, 0x00, 0x01, 0x0B,
728 0xDF, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDE, 0xDE, 0x14, 0x2A, 0x5B,
729 0x06, 0x02, 0x29, 0x00, 0xDE, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47, 0xD7,
730 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD9, 0x93, 0x2E, 0x01,
731 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xDA, 0x08, 0x4E, 0x08,
732 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDF, 0xDE, 0x01, 0x00, 0xD9, 0xDF, 0x01,
733 0x01, 0xD9, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, 0x01,
734 0x00, 0xDA, 0xDD, 0x01, 0x01, 0xDA, 0x29, 0x4E, 0xDD, 0x16, 0x15, 0x2A,
735 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1F, 0x2A, 0x06, 0x05, 0x83, 0x47,
736 0xD7, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDF, 0x01,
737 0x0C, 0xDE, 0x83, 0x01, 0x0C, 0xD7, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02,
738 0xDF, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02,
739 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01,
740 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01,
741 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01, 0x07,
742 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
743 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDE, 0x93, 0x2E, 0xDD, 0x8C, 0x01,
744 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01, 0x20,
745 0xD7, 0x01, 0x20, 0xDF, 0x8D, 0x01, 0x20, 0xD7, 0x76, 0x2E, 0xDD, 0x01,
746 0x00, 0xDF, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A, 0x06,
747 0x80, 0x40, 0xDD, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE, 0x01,
748 0xDD, 0x01, 0x04, 0x09, 0x2A, 0xDD, 0x60, 0x89, 0x47, 0xD8, 0x04, 0x01,
749 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDD, 0x01, 0x01, 0xDD, 0x84,
750 0x30, 0x01, 0x08, 0x09, 0xDF, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01, 0x10,
751 0xDD, 0x01, 0x04, 0x09, 0x2A, 0xDD, 0x62, 0x2A, 0xDD, 0x60, 0x83, 0x47,
752 0xD8, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E, 0xDF,
753 0x01, 0x00, 0xDE, 0x00, 0x03, 0x76, 0x2E, 0xC9, 0x05, 0x01, 0x00, 0x7C,
754 0x2F, 0x2A, 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x13, 0x06, 0x05, 0x29,
755 0x01, 0x1D, 0x04, 0x0E, 0x2A, 0x01, 0x83, 0xC0, 0x80, 0x80, 0x00, 0x13,
756 0x2A, 0x06, 0x01, 0x47, 0x29, 0xA3, 0x03, 0x00, 0x02, 0x00, 0x25, 0x2A,
757 0x5B, 0x06, 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03,
758 0x11, 0x03, 0x02, 0x01, 0x0C, 0xDF, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02,
759 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDE, 0x01, 0x03, 0xDF,
760 0x02, 0x00, 0xDD, 0x7D, 0x7E, 0x30, 0xD8, 0x02, 0x02, 0x06, 0x1C, 0x90,
761 0x2E, 0x2A, 0x01, 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDD, 0x04, 0x0F,
762 0x01, 0x81, 0x7F, 0x13, 0xDF, 0x76, 0x2E, 0xCA, 0x01, 0x01, 0x0C, 0x01,
763 0x03, 0x08, 0xDF, 0x02, 0x01, 0xDD, 0x83, 0x02, 0x01, 0xD7, 0x00, 0x00,
764 0x54, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCC, 0x29, 0x04,
765 0x73, 0x00, 0x2A, 0xDF, 0xD7, 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC8,
766 0x06, 0x0C, 0x61, 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xDF, 0x01, 0x80,
767 0x42, 0xDF, 0x46, 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDF,
768 0x45, 0x06, 0x08, 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40, 0xDF, 0x47,
769 0x29, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14,
770 0x01, 0x01, 0x01, 0x80, 0x7C, 0xDB, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80,
771 0x7C, 0xDB, 0x02, 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01,
772 0x01, 0x44, 0x29, 0xDB, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44,
773 0x29, 0xDB, 0x02, 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00,
774 0x01, 0x00, 0x01, 0x04, 0xDC, 0x01, 0x05, 0xDC, 0x01, 0x06, 0xDC, 0x01,
775 0x03, 0xDC, 0x01, 0x02, 0xDC, 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A,
776 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03,
777 0x3B, 0x06, 0x07, 0x02, 0x00, 0xDF, 0x01, 0x02, 0x3B, 0xDF, 0x00, 0x00,
778 0x2A, 0x01, 0x08, 0x52, 0xDF, 0xDF, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52,
779 0xDF, 0xDD, 0x00, 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00, 0xCC, 0x29,
780 0x04, 0x76
781 };
782
783 static const uint16_t t0_caddr[] = {
784 0,
785 5,
786 10,
787 15,
788 20,
789 25,
790 30,
791 35,
792 40,
793 44,
794 48,
795 52,
796 56,
797 60,
798 64,
799 68,
800 72,
801 76,
802 80,
803 84,
804 88,
805 92,
806 96,
807 100,
808 104,
809 109,
810 114,
811 119,
812 124,
813 129,
814 134,
815 139,
816 144,
817 149,
818 154,
819 159,
820 164,
821 169,
822 174,
823 180,
824 185,
825 190,
826 195,
827 200,
828 205,
829 210,
830 215,
831 220,
832 225,
833 230,
834 235,
835 240,
836 245,
837 250,
838 255,
839 260,
840 265,
841 270,
842 275,
843 280,
844 285,
845 290,
846 299,
847 303,
848 328,
849 334,
850 353,
851 364,
852 398,
853 509,
854 513,
855 546,
856 556,
857 580,
858 648,
859 662,
860 668,
861 727,
862 746,
863 768,
864 817,
865 866,
866 942,
867 1044,
868 1055,
869 1641,
870 1645,
871 1712,
872 1722,
873 1753,
874 1777,
875 1823,
876 1893,
877 1933,
878 1947,
879 1956,
880 1960,
881 2055,
882 2063,
883 2099,
884 2110,
885 2126,
886 2132,
887 2143,
888 2178,
889 2204,
890 2216,
891 2222,
892 2237,
893 2393,
894 2402,
895 2415,
896 2424,
897 2431,
898 2534,
899 2555,
900 2568,
901 2584,
902 2602,
903 2634,
904 2707,
905 2720,
906 2901,
907 2909,
908 3036,
909 3050,
910 3055,
911 3099,
912 3156,
913 3177,
914 3204,
915 3212,
916 3220
917 };
918
919 #define T0_INTERPRETED 91
920
921 #define T0_ENTER(ip, rp, slot) do { \
922 const unsigned char *t0_newip; \
923 uint32_t t0_lnum; \
924 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
925 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
926 (rp) += t0_lnum; \
927 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
928 (ip) = t0_newip; \
929 } while (0)
930
931 #define T0_DEFENTRY(name, slot) \
932 void \
933 name(void *ctx) \
934 { \
935 t0_context *t0ctx = ctx; \
936 t0ctx->ip = &t0_codeblock[0]; \
937 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
938 }
939
940 T0_DEFENTRY(br_ssl_hs_server_init_main, 164)
941
942 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
943
944 void
945 br_ssl_hs_server_run(void *t0ctx)
946 {
947 uint32_t *dp, *rp;
948 const unsigned char *ip;
949
950 #define T0_LOCAL(x) (*(rp - 2 - (x)))
951 #define T0_POP() (*-- dp)
952 #define T0_POPi() (*(int32_t *)(-- dp))
953 #define T0_PEEK(x) (*(dp - 1 - (x)))
954 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
955 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
956 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
957 #define T0_RPOP() (*-- rp)
958 #define T0_RPOPi() (*(int32_t *)(-- rp))
959 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
960 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
961 #define T0_ROLL(x) do { \
962 size_t t0len = (size_t)(x); \
963 uint32_t t0tmp = *(dp - 1 - t0len); \
964 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
965 *(dp - 1) = t0tmp; \
966 } while (0)
967 #define T0_SWAP() do { \
968 uint32_t t0tmp = *(dp - 2); \
969 *(dp - 2) = *(dp - 1); \
970 *(dp - 1) = t0tmp; \
971 } while (0)
972 #define T0_ROT() do { \
973 uint32_t t0tmp = *(dp - 3); \
974 *(dp - 3) = *(dp - 2); \
975 *(dp - 2) = *(dp - 1); \
976 *(dp - 1) = t0tmp; \
977 } while (0)
978 #define T0_NROT() do { \
979 uint32_t t0tmp = *(dp - 1); \
980 *(dp - 1) = *(dp - 2); \
981 *(dp - 2) = *(dp - 3); \
982 *(dp - 3) = t0tmp; \
983 } while (0)
984 #define T0_PICK(x) do { \
985 uint32_t t0depth = (x); \
986 T0_PUSH(T0_PEEK(t0depth)); \
987 } while (0)
988 #define T0_CO() do { \
989 goto t0_exit; \
990 } while (0)
991 #define T0_RET() goto t0_next
992
993 dp = ((t0_context *)t0ctx)->dp;
994 rp = ((t0_context *)t0ctx)->rp;
995 ip = ((t0_context *)t0ctx)->ip;
996 goto t0_next;
997 for (;;) {
998 uint32_t t0x;
999
1000 t0_next:
1001 t0x = T0_NEXT(&ip);
1002 if (t0x < T0_INTERPRETED) {
1003 switch (t0x) {
1004 int32_t t0off;
1005
1006 case 0: /* ret */
1007 t0x = T0_RPOP();
1008 rp -= (t0x >> 16);
1009 t0x &= 0xFFFF;
1010 if (t0x == 0) {
1011 ip = NULL;
1012 goto t0_exit;
1013 }
1014 ip = &t0_codeblock[t0x];
1015 break;
1016 case 1: /* literal constant */
1017 T0_PUSHi(t0_parse7E_signed(&ip));
1018 break;
1019 case 2: /* read local */
1020 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
1021 break;
1022 case 3: /* write local */
1023 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1024 break;
1025 case 4: /* jump */
1026 t0off = t0_parse7E_signed(&ip);
1027 ip += t0off;
1028 break;
1029 case 5: /* jump if */
1030 t0off = t0_parse7E_signed(&ip);
1031 if (T0_POP()) {
1032 ip += t0off;
1033 }
1034 break;
1035 case 6: /* jump if not */
1036 t0off = t0_parse7E_signed(&ip);
1037 if (!T0_POP()) {
1038 ip += t0off;
1039 }
1040 break;
1041 case 7: {
1042 /* * */
1043
1044 uint32_t b = T0_POP();
1045 uint32_t a = T0_POP();
1046 T0_PUSH(a * b);
1047
1048 }
1049 break;
1050 case 8: {
1051 /* + */
1052
1053 uint32_t b = T0_POP();
1054 uint32_t a = T0_POP();
1055 T0_PUSH(a + b);
1056
1057 }
1058 break;
1059 case 9: {
1060 /* - */
1061
1062 uint32_t b = T0_POP();
1063 uint32_t a = T0_POP();
1064 T0_PUSH(a - b);
1065
1066 }
1067 break;
1068 case 10: {
1069 /* -rot */
1070 T0_NROT();
1071 }
1072 break;
1073 case 11: {
1074 /* < */
1075
1076 int32_t b = T0_POPi();
1077 int32_t a = T0_POPi();
1078 T0_PUSH(-(uint32_t)(a < b));
1079
1080 }
1081 break;
1082 case 12: {
1083 /* << */
1084
1085 int c = (int)T0_POPi();
1086 uint32_t x = T0_POP();
1087 T0_PUSH(x << c);
1088
1089 }
1090 break;
1091 case 13: {
1092 /* <= */
1093
1094 int32_t b = T0_POPi();
1095 int32_t a = T0_POPi();
1096 T0_PUSH(-(uint32_t)(a <= b));
1097
1098 }
1099 break;
1100 case 14: {
1101 /* <> */
1102
1103 uint32_t b = T0_POP();
1104 uint32_t a = T0_POP();
1105 T0_PUSH(-(uint32_t)(a != b));
1106
1107 }
1108 break;
1109 case 15: {
1110 /* = */
1111
1112 uint32_t b = T0_POP();
1113 uint32_t a = T0_POP();
1114 T0_PUSH(-(uint32_t)(a == b));
1115
1116 }
1117 break;
1118 case 16: {
1119 /* > */
1120
1121 int32_t b = T0_POPi();
1122 int32_t a = T0_POPi();
1123 T0_PUSH(-(uint32_t)(a > b));
1124
1125 }
1126 break;
1127 case 17: {
1128 /* >= */
1129
1130 int32_t b = T0_POPi();
1131 int32_t a = T0_POPi();
1132 T0_PUSH(-(uint32_t)(a >= b));
1133
1134 }
1135 break;
1136 case 18: {
1137 /* >> */
1138
1139 int c = (int)T0_POPi();
1140 int32_t x = T0_POPi();
1141 T0_PUSHi(x >> c);
1142
1143 }
1144 break;
1145 case 19: {
1146 /* and */
1147
1148 uint32_t b = T0_POP();
1149 uint32_t a = T0_POP();
1150 T0_PUSH(a & b);
1151
1152 }
1153 break;
1154 case 20: {
1155 /* begin-cert */
1156
1157 if (ENG->chain_len == 0) {
1158 T0_PUSHi(-1);
1159 } else {
1160 ENG->cert_cur = ENG->chain->data;
1161 ENG->cert_len = ENG->chain->data_len;
1162 ENG->chain ++;
1163 ENG->chain_len --;
1164 T0_PUSH(ENG->cert_len);
1165 }
1166
1167 }
1168 break;
1169 case 21: {
1170 /* begin-ta-name */
1171
1172 const br_x500_name *dn;
1173 if (CTX->cur_dn_index >= CTX->num_tas) {
1174 T0_PUSHi(-1);
1175 } else {
1176 if (CTX->ta_names == NULL) {
1177 dn = &CTX->tas[CTX->cur_dn_index].dn;
1178 } else {
1179 dn = &CTX->ta_names[CTX->cur_dn_index];
1180 }
1181 CTX->cur_dn_index ++;
1182 CTX->cur_dn = dn->data;
1183 CTX->cur_dn_len = dn->len;
1184 T0_PUSH(CTX->cur_dn_len);
1185 }
1186
1187 }
1188 break;
1189 case 22: {
1190 /* begin-ta-name-list */
1191
1192 CTX->cur_dn_index = 0;
1193
1194 }
1195 break;
1196 case 23: {
1197 /* bzero */
1198
1199 size_t len = (size_t)T0_POP();
1200 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1201 memset(addr, 0, len);
1202
1203 }
1204 break;
1205 case 24: {
1206 /* call-policy-handler */
1207
1208 int x;
1209 br_ssl_server_choices choices;
1210
1211 x = (*CTX->policy_vtable)->choose(
1212 CTX->policy_vtable, CTX, &choices);
1213 ENG->session.cipher_suite = choices.cipher_suite;
1214 CTX->sign_hash_id = choices.algo_id;
1215 ENG->chain = choices.chain;
1216 ENG->chain_len = choices.chain_len;
1217 T0_PUSHi(-(x != 0));
1218
1219 }
1220 break;
1221 case 25: {
1222 /* can-output? */
1223
1224 T0_PUSHi(-(ENG->hlen_out > 0));
1225
1226 }
1227 break;
1228 case 26: {
1229 /* check-resume */
1230
1231 if (ENG->session.session_id_len == 32
1232 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1233 CTX->cache_vtable, CTX, &ENG->session))
1234 {
1235 T0_PUSHi(-1);
1236 } else {
1237 T0_PUSH(0);
1238 }
1239
1240 }
1241 break;
1242 case 27: {
1243 /* co */
1244 T0_CO();
1245 }
1246 break;
1247 case 28: {
1248 /* compute-Finished-inner */
1249
1250 int prf_id = T0_POP();
1251 int from_client = T0_POPi();
1252 unsigned char seed[48];
1253 size_t seed_len;
1254
1255 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1256 if (ENG->session.version >= BR_TLS12) {
1257 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1258 } else {
1259 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1260 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1261 seed_len = 36;
1262 }
1263 prf(ENG->pad, 12, ENG->session.master_secret,
1264 sizeof ENG->session.master_secret,
1265 from_client ? "client finished" : "server finished",
1266 seed, seed_len);
1267
1268 }
1269 break;
1270 case 29: {
1271 /* compute-hash-CV */
1272
1273 int i;
1274
1275 for (i = 1; i <= 6; i ++) {
1276 br_multihash_out(&ENG->mhash, i,
1277 ENG->pad + HASH_PAD_OFF[i - 1]);
1278 }
1279
1280 }
1281 break;
1282 case 30: {
1283 /* copy-cert-chunk */
1284
1285 size_t clen;
1286
1287 clen = ENG->cert_len;
1288 if (clen > sizeof ENG->pad) {
1289 clen = sizeof ENG->pad;
1290 }
1291 memcpy(ENG->pad, ENG->cert_cur, clen);
1292 ENG->cert_cur += clen;
1293 ENG->cert_len -= clen;
1294 T0_PUSH(clen);
1295
1296 }
1297 break;
1298 case 31: {
1299 /* copy-dn-chunk */
1300
1301 size_t clen;
1302
1303 clen = CTX->cur_dn_len;
1304 if (clen > sizeof ENG->pad) {
1305 clen = sizeof ENG->pad;
1306 }
1307 memcpy(ENG->pad, CTX->cur_dn, clen);
1308 CTX->cur_dn += clen;
1309 CTX->cur_dn_len -= clen;
1310 T0_PUSH(clen);
1311
1312 }
1313 break;
1314 case 32: {
1315 /* copy-hash-CV */
1316
1317 int id = T0_POP();
1318 size_t off, len;
1319
1320 if (id == 0) {
1321 off = 0;
1322 len = 36;
1323 } else {
1324 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1325 T0_PUSH(0);
1326 T0_RET();
1327 }
1328 off = HASH_PAD_OFF[id - 1];
1329 len = HASH_PAD_OFF[id] - off;
1330 }
1331 memcpy(CTX->hash_CV, ENG->pad + off, len);
1332 CTX->hash_CV_len = len;
1333 CTX->hash_CV_id = id;
1334 T0_PUSHi(-1);
1335
1336 }
1337 break;
1338 case 33: {
1339 /* copy-protocol-name */
1340
1341 size_t idx = T0_POP();
1342 size_t len = strlen(ENG->protocol_names[idx]);
1343 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1344 T0_PUSH(len);
1345
1346 }
1347 break;
1348 case 34: {
1349 /* data-get8 */
1350
1351 size_t addr = T0_POP();
1352 T0_PUSH(t0_datablock[addr]);
1353
1354 }
1355 break;
1356 case 35: {
1357 /* discard-input */
1358
1359 ENG->hlen_in = 0;
1360
1361 }
1362 break;
1363 case 36: {
1364 /* do-ecdh */
1365
1366 int prf_id = T0_POPi();
1367 size_t len = T0_POP();
1368 do_ecdh(CTX, prf_id, ENG->pad, len);
1369
1370 }
1371 break;
1372 case 37: {
1373 /* do-ecdhe-part1 */
1374
1375 int curve = T0_POPi();
1376 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1377
1378 }
1379 break;
1380 case 38: {
1381 /* do-ecdhe-part2 */
1382
1383 int prf_id = T0_POPi();
1384 size_t len = T0_POP();
1385 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1386
1387 }
1388 break;
1389 case 39: {
1390 /* do-rsa-decrypt */
1391
1392 int prf_id = T0_POPi();
1393 size_t len = T0_POP();
1394 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1395
1396 }
1397 break;
1398 case 40: {
1399 /* do-static-ecdh */
1400
1401 do_static_ecdh(CTX, T0_POP());
1402
1403 }
1404 break;
1405 case 41: {
1406 /* drop */
1407 (void)T0_POP();
1408 }
1409 break;
1410 case 42: {
1411 /* dup */
1412 T0_PUSH(T0_PEEK(0));
1413 }
1414 break;
1415 case 43: {
1416 /* fail */
1417
1418 br_ssl_engine_fail(ENG, (int)T0_POPi());
1419 T0_CO();
1420
1421 }
1422 break;
1423 case 44: {
1424 /* flush-record */
1425
1426 br_ssl_engine_flush_record(ENG);
1427
1428 }
1429 break;
1430 case 45: {
1431 /* get-key-type-usages */
1432
1433 const br_x509_class *xc;
1434 const br_x509_pkey *pk;
1435 unsigned usages;
1436
1437 xc = *(ENG->x509ctx);
1438 pk = xc->get_pkey(ENG->x509ctx, &usages);
1439 if (pk == NULL) {
1440 T0_PUSH(0);
1441 } else {
1442 T0_PUSH(pk->key_type | usages);
1443 }
1444
1445 }
1446 break;
1447 case 46: {
1448 /* get16 */
1449
1450 size_t addr = (size_t)T0_POP();
1451 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1452
1453 }
1454 break;
1455 case 47: {
1456 /* get32 */
1457
1458 size_t addr = (size_t)T0_POP();
1459 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1460
1461 }
1462 break;
1463 case 48: {
1464 /* get8 */
1465
1466 size_t addr = (size_t)T0_POP();
1467 T0_PUSH(*((unsigned char *)ENG + addr));
1468
1469 }
1470 break;
1471 case 49: {
1472 /* has-input? */
1473
1474 T0_PUSHi(-(ENG->hlen_in != 0));
1475
1476 }
1477 break;
1478 case 50: {
1479 /* memcmp */
1480
1481 size_t len = (size_t)T0_POP();
1482 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1483 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1484 int x = memcmp(addr1, addr2, len);
1485 T0_PUSH((uint32_t)-(x == 0));
1486
1487 }
1488 break;
1489 case 51: {
1490 /* memcpy */
1491
1492 size_t len = (size_t)T0_POP();
1493 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1494 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1495 memcpy(dst, src, len);
1496
1497 }
1498 break;
1499 case 52: {
1500 /* mkrand */
1501
1502 size_t len = (size_t)T0_POP();
1503 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1504 br_hmac_drbg_generate(&ENG->rng, addr, len);
1505
1506 }
1507 break;
1508 case 53: {
1509 /* more-incoming-bytes? */
1510
1511 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1512
1513 }
1514 break;
1515 case 54: {
1516 /* multihash-init */
1517
1518 br_multihash_init(&ENG->mhash);
1519
1520 }
1521 break;
1522 case 55: {
1523 /* neg */
1524
1525 uint32_t a = T0_POP();
1526 T0_PUSH(-a);
1527
1528 }
1529 break;
1530 case 56: {
1531 /* not */
1532
1533 uint32_t a = T0_POP();
1534 T0_PUSH(~a);
1535
1536 }
1537 break;
1538 case 57: {
1539 /* or */
1540
1541 uint32_t b = T0_POP();
1542 uint32_t a = T0_POP();
1543 T0_PUSH(a | b);
1544
1545 }
1546 break;
1547 case 58: {
1548 /* over */
1549 T0_PUSH(T0_PEEK(1));
1550 }
1551 break;
1552 case 59: {
1553 /* pick */
1554 T0_PICK(T0_POP());
1555 }
1556 break;
1557 case 60: {
1558 /* read-chunk-native */
1559
1560 size_t clen = ENG->hlen_in;
1561 if (clen > 0) {
1562 uint32_t addr, len;
1563
1564 len = T0_POP();
1565 addr = T0_POP();
1566 if ((size_t)len < clen) {
1567 clen = (size_t)len;
1568 }
1569 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1570 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1571 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1572 }
1573 T0_PUSH(addr + (uint32_t)clen);
1574 T0_PUSH(len - (uint32_t)clen);
1575 ENG->hbuf_in += clen;
1576 ENG->hlen_in -= clen;
1577 }
1578
1579 }
1580 break;
1581 case 61: {
1582 /* read8-native */
1583
1584 if (ENG->hlen_in > 0) {
1585 unsigned char x;
1586
1587 x = *ENG->hbuf_in ++;
1588 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1589 br_multihash_update(&ENG->mhash, &x, 1);
1590 }
1591 T0_PUSH(x);
1592 ENG->hlen_in --;
1593 } else {
1594 T0_PUSHi(-1);
1595 }
1596
1597 }
1598 break;
1599 case 62: {
1600 /* save-session */
1601
1602 if (CTX->cache_vtable != NULL) {
1603 (*CTX->cache_vtable)->save(
1604 CTX->cache_vtable, CTX, &ENG->session);
1605 }
1606
1607 }
1608 break;
1609 case 63: {
1610 /* set-max-frag-len */
1611
1612 size_t max_frag_len = T0_POP();
1613
1614 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1615
1616 /*
1617 * We must adjust our own output limit. Since we call this only
1618 * after receiving a ClientHello and before beginning to send
1619 * the ServerHello, the next output record should be empty at
1620 * that point, so we can use max_frag_len as a limit.
1621 */
1622 if (ENG->hlen_out > max_frag_len) {
1623 ENG->hlen_out = max_frag_len;
1624 }
1625
1626 }
1627 break;
1628 case 64: {
1629 /* set16 */
1630
1631 size_t addr = (size_t)T0_POP();
1632 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1633
1634 }
1635 break;
1636 case 65: {
1637 /* set32 */
1638
1639 size_t addr = (size_t)T0_POP();
1640 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1641
1642 }
1643 break;
1644 case 66: {
1645 /* set8 */
1646
1647 size_t addr = (size_t)T0_POP();
1648 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1649
1650 }
1651 break;
1652 case 67: {
1653 /* supported-curves */
1654
1655 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1656 T0_PUSH(x);
1657
1658 }
1659 break;
1660 case 68: {
1661 /* supported-hash-functions */
1662
1663 int i;
1664 unsigned x, num;
1665
1666 x = 0;
1667 num = 0;
1668 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1669 if (br_multihash_getimpl(&ENG->mhash, i)) {
1670 x |= 1U << i;
1671 num ++;
1672 }
1673 }
1674 T0_PUSH(x);
1675 T0_PUSH(num);
1676
1677 }
1678 break;
1679 case 69: {
1680 /* supports-ecdsa? */
1681
1682 T0_PUSHi(-(ENG->iecdsa != 0));
1683
1684 }
1685 break;
1686 case 70: {
1687 /* supports-rsa-sign? */
1688
1689 T0_PUSHi(-(ENG->irsavrfy != 0));
1690
1691 }
1692 break;
1693 case 71: {
1694 /* swap */
1695 T0_SWAP();
1696 }
1697 break;
1698 case 72: {
1699 /* switch-aesgcm-in */
1700
1701 int is_client, prf_id;
1702 unsigned cipher_key_len;
1703
1704 cipher_key_len = T0_POP();
1705 prf_id = T0_POP();
1706 is_client = T0_POP();
1707 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1708 ENG->iaes_ctr, cipher_key_len);
1709
1710 }
1711 break;
1712 case 73: {
1713 /* switch-aesgcm-out */
1714
1715 int is_client, prf_id;
1716 unsigned cipher_key_len;
1717
1718 cipher_key_len = T0_POP();
1719 prf_id = T0_POP();
1720 is_client = T0_POP();
1721 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1722 ENG->iaes_ctr, cipher_key_len);
1723
1724 }
1725 break;
1726 case 74: {
1727 /* switch-cbc-in */
1728
1729 int is_client, prf_id, mac_id, aes;
1730 unsigned cipher_key_len;
1731
1732 cipher_key_len = T0_POP();
1733 aes = T0_POP();
1734 mac_id = T0_POP();
1735 prf_id = T0_POP();
1736 is_client = T0_POP();
1737 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1738 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1739
1740 }
1741 break;
1742 case 75: {
1743 /* switch-cbc-out */
1744
1745 int is_client, prf_id, mac_id, aes;
1746 unsigned cipher_key_len;
1747
1748 cipher_key_len = T0_POP();
1749 aes = T0_POP();
1750 mac_id = T0_POP();
1751 prf_id = T0_POP();
1752 is_client = T0_POP();
1753 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1754 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1755
1756 }
1757 break;
1758 case 76: {
1759 /* switch-chapol-in */
1760
1761 int is_client, prf_id;
1762
1763 prf_id = T0_POP();
1764 is_client = T0_POP();
1765 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1766
1767 }
1768 break;
1769 case 77: {
1770 /* switch-chapol-out */
1771
1772 int is_client, prf_id;
1773
1774 prf_id = T0_POP();
1775 is_client = T0_POP();
1776 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1777
1778 }
1779 break;
1780 case 78: {
1781 /* ta-names-total-length */
1782
1783 size_t u, len;
1784
1785 len = 0;
1786 if (CTX->ta_names != NULL) {
1787 for (u = 0; u < CTX->num_tas; u ++) {
1788 len += CTX->ta_names[u].len + 2;
1789 }
1790 } else if (CTX->tas != NULL) {
1791 for (u = 0; u < CTX->num_tas; u ++) {
1792 len += CTX->tas[u].dn.len + 2;
1793 }
1794 }
1795 T0_PUSH(len);
1796
1797 }
1798 break;
1799 case 79: {
1800 /* test-protocol-name */
1801
1802 size_t len = T0_POP();
1803 size_t u;
1804
1805 for (u = 0; u < ENG->protocol_names_num; u ++) {
1806 const char *name;
1807
1808 name = ENG->protocol_names[u];
1809 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1810 T0_PUSH(u);
1811 T0_RET();
1812 }
1813 }
1814 T0_PUSHi(-1);
1815
1816 }
1817 break;
1818 case 80: {
1819 /* total-chain-length */
1820
1821 size_t u;
1822 uint32_t total;
1823
1824 total = 0;
1825 for (u = 0; u < ENG->chain_len; u ++) {
1826 total += 3 + (uint32_t)ENG->chain[u].data_len;
1827 }
1828 T0_PUSH(total);
1829
1830 }
1831 break;
1832 case 81: {
1833 /* u< */
1834
1835 uint32_t b = T0_POP();
1836 uint32_t a = T0_POP();
1837 T0_PUSH(-(uint32_t)(a < b));
1838
1839 }
1840 break;
1841 case 82: {
1842 /* u>> */
1843
1844 int c = (int)T0_POPi();
1845 uint32_t x = T0_POP();
1846 T0_PUSH(x >> c);
1847
1848 }
1849 break;
1850 case 83: {
1851 /* verify-CV-sig */
1852
1853 int err;
1854
1855 err = verify_CV_sig(CTX, T0_POP());
1856 T0_PUSHi(err);
1857
1858 }
1859 break;
1860 case 84: {
1861 /* write-blob-chunk */
1862
1863 size_t clen = ENG->hlen_out;
1864 if (clen > 0) {
1865 uint32_t addr, len;
1866
1867 len = T0_POP();
1868 addr = T0_POP();
1869 if ((size_t)len < clen) {
1870 clen = (size_t)len;
1871 }
1872 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1873 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1874 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1875 }
1876 T0_PUSH(addr + (uint32_t)clen);
1877 T0_PUSH(len - (uint32_t)clen);
1878 ENG->hbuf_out += clen;
1879 ENG->hlen_out -= clen;
1880 }
1881
1882 }
1883 break;
1884 case 85: {
1885 /* write8-native */
1886
1887 unsigned char x;
1888
1889 x = (unsigned char)T0_POP();
1890 if (ENG->hlen_out > 0) {
1891 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1892 br_multihash_update(&ENG->mhash, &x, 1);
1893 }
1894 *ENG->hbuf_out ++ = x;
1895 ENG->hlen_out --;
1896 T0_PUSHi(-1);
1897 } else {
1898 T0_PUSHi(0);
1899 }
1900
1901 }
1902 break;
1903 case 86: {
1904 /* x509-append */
1905
1906 const br_x509_class *xc;
1907 size_t len;
1908
1909 xc = *(ENG->x509ctx);
1910 len = T0_POP();
1911 xc->append(ENG->x509ctx, ENG->pad, len);
1912
1913 }
1914 break;
1915 case 87: {
1916 /* x509-end-cert */
1917
1918 const br_x509_class *xc;
1919
1920 xc = *(ENG->x509ctx);
1921 xc->end_cert(ENG->x509ctx);
1922
1923 }
1924 break;
1925 case 88: {
1926 /* x509-end-chain */
1927
1928 const br_x509_class *xc;
1929
1930 xc = *(ENG->x509ctx);
1931 T0_PUSH(xc->end_chain(ENG->x509ctx));
1932
1933 }
1934 break;
1935 case 89: {
1936 /* x509-start-cert */
1937
1938 const br_x509_class *xc;
1939
1940 xc = *(ENG->x509ctx);
1941 xc->start_cert(ENG->x509ctx, T0_POP());
1942
1943 }
1944 break;
1945 case 90: {
1946 /* x509-start-chain */
1947
1948 const br_x509_class *xc;
1949 uint32_t bc;
1950
1951 bc = T0_POP();
1952 xc = *(ENG->x509ctx);
1953 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1954
1955 }
1956 break;
1957 }
1958
1959 } else {
1960 T0_ENTER(ip, rp, t0x);
1961 }
1962 }
1963 t0_exit:
1964 ((t0_context *)t0ctx)->dp = dp;
1965 ((t0_context *)t0ctx)->rp = rp;
1966 ((t0_context *)t0ctx)->ip = ip;
1967 }
The BearSSL library and tools.