projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Simple documentation fix.
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, &len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *xcoor, size_t xcoor_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146
147 if (xcoor_len > sizeof rpms) {
148 xcoor_len = sizeof rpms;
149 ctl = 0;
150 }
151
152 /*
153 * Make a random PMS and copy it above the decrypted value if the
154 * decryption failed. Note that we use a constant-time conditional
155 * copy.
156 */
157 br_hmac_drbg_generate(&ctx->eng.rng, rpms, xcoor_len);
158 br_ccopy(ctl ^ 1, xcoor, rpms, xcoor_len);
159
160 /*
161 * Compute master secret.
162 */
163 br_ssl_engine_compute_master(&ctx->eng, prf_id, xcoor, xcoor_len);
164
165 /*
166 * Clear the pre-master secret from RAM: it is normally a buffer
167 * in the context, hence potentially long-lived.
168 */
169 memset(xcoor, 0, xcoor_len);
170 }
171
172 /*
173 * Do the ECDH key exchange (not ECDHE).
174 */
175 static void
176 do_ecdh(br_ssl_server_context *ctx, int prf_id,
177 unsigned char *cpoint, size_t cpoint_len)
178 {
179 uint32_t x;
180
181 /*
182 * Finalise the key exchange.
183 */
184 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
185 cpoint, &cpoint_len);
186 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
187 }
188
189 /*
190 * Do the full static ECDH key exchange. When this function is called,
191 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
192 * and the client's public key (from its certificate) has type EC and is
193 * apt for key exchange.
194 */
195 static void
196 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
197 {
198 unsigned char cpoint[133];
199 size_t cpoint_len;
200 const br_x509_class **xc;
201 const br_x509_pkey *pk;
202
203 xc = ctx->eng.x509ctx;
204 pk = (*xc)->get_pkey(xc, NULL);
205 cpoint_len = pk->key.ec.qlen;
206 if (cpoint_len > sizeof cpoint) {
207 /*
208 * If the point is larger than our buffer then we need to
209 * restrict it. Length 2 is not a valid point length, so
210 * the ECDH will fail.
211 */
212 cpoint_len = 2;
213 }
214 memcpy(cpoint, pk->key.ec.q, cpoint_len);
215 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
216 }
217
218 static size_t
219 hash_data(br_ssl_server_context *ctx,
220 void *dst, int hash_id, const void *src, size_t len)
221 {
222 const br_hash_class *hf;
223 br_hash_compat_context hc;
224
225 if (hash_id == 0) {
226 unsigned char tmp[36];
227
228 hf = br_multihash_getimpl(&ctx->eng.mhash, br_md5_ID);
229 if (hf == NULL) {
230 return 0;
231 }
232 hf->init(&hc.vtable);
233 hf->update(&hc.vtable, src, len);
234 hf->out(&hc.vtable, tmp);
235 hf = br_multihash_getimpl(&ctx->eng.mhash, br_sha1_ID);
236 if (hf == NULL) {
237 return 0;
238 }
239 hf->init(&hc.vtable);
240 hf->update(&hc.vtable, src, len);
241 hf->out(&hc.vtable, tmp + 16);
242 memcpy(dst, tmp, 36);
243 return 36;
244 } else {
245 hf = br_multihash_getimpl(&ctx->eng.mhash, hash_id);
246 if (hf == NULL) {
247 return 0;
248 }
249 hf->init(&hc.vtable);
250 hf->update(&hc.vtable, src, len);
251 hf->out(&hc.vtable, dst);
252 return (hf->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK;
253 }
254 }
255
256 /*
257 * Do the ECDHE key exchange (part 1: generation of transient key, and
258 * computing of the point to send to the client). Returned value is the
259 * signature length (in bytes), or -x on error (with x being an error
260 * code). The encoded point is written in the ecdhe_point[] context buffer
261 * (length in ecdhe_point_len).
262 */
263 static int
264 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
265 {
266 unsigned algo_id;
267 unsigned mask;
268 const unsigned char *order;
269 size_t olen, glen;
270 size_t hv_len, sig_len;
271
272 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
273 return -BR_ERR_INVALID_ALGORITHM;
274 }
275 ctx->eng.ecdhe_curve = curve;
276
277 /*
278 * Generate our private key. We need a non-zero random value
279 * which is lower than the curve order, in a "large enough"
280 * range. We force the top bit to 0 and bottom bit to 1, which
281 * does the trick. Note that contrary to what happens in ECDSA,
282 * this is not a problem if we do not cover the full range of
283 * possible values.
284 */
285 order = ctx->eng.iec->order(curve, &olen);
286 mask = 0xFF;
287 while (mask >= order[0]) {
288 mask >>= 1;
289 }
290 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
291 ctx->ecdhe_key[0] &= mask;
292 ctx->ecdhe_key[olen - 1] |= 0x01;
293 ctx->ecdhe_key_len = olen;
294
295 /*
296 * Compute our ECDH point.
297 */
298 glen = ctx->eng.iec->mulgen(ctx->eng.ecdhe_point,
299 ctx->ecdhe_key, olen, curve);
300 ctx->eng.ecdhe_point_len = glen;
301
302 /*
303 * Assemble the message to be signed, and possibly hash it.
304 */
305 memcpy(ctx->eng.pad, ctx->eng.client_random, 32);
306 memcpy(ctx->eng.pad + 32, ctx->eng.server_random, 32);
307 ctx->eng.pad[64 + 0] = 0x03;
308 ctx->eng.pad[64 + 1] = 0x00;
309 ctx->eng.pad[64 + 2] = curve;
310 ctx->eng.pad[64 + 3] = ctx->eng.ecdhe_point_len;
311 memcpy(ctx->eng.pad + 64 + 4,
312 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
313 hv_len = 64 + 4 + ctx->eng.ecdhe_point_len;
314 algo_id = ctx->sign_hash_id;
315 if (algo_id >= (unsigned)0xFF00) {
316 hv_len = hash_data(ctx, ctx->eng.pad, algo_id & 0xFF,
317 ctx->eng.pad, hv_len);
318 if (hv_len == 0) {
319 return -BR_ERR_INVALID_ALGORITHM;
320 }
321 }
322
323 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
324 algo_id, ctx->eng.pad, hv_len, sizeof ctx->eng.pad);
325 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
326 }
327
328 /*
329 * Do the ECDHE key exchange (part 2: computation of the shared secret
330 * from the point sent by the client).
331 */
332 static void
333 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
334 unsigned char *cpoint, size_t cpoint_len)
335 {
336 int curve;
337 uint32_t ctl;
338 size_t xoff, xlen;
339
340 curve = ctx->eng.ecdhe_curve;
341
342 /*
343 * Finalise the key exchange.
344 */
345 ctl = ctx->eng.iec->mul(cpoint, cpoint_len,
346 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
347 xoff = ctx->eng.iec->xoff(curve, &xlen);
348 ecdh_common(ctx, prf_id, cpoint + xoff, xlen, ctl);
349
350 /*
351 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
352 * as that key does not get stolen, so we'd better destroy it
353 * as soon as it ceases to be useful.
354 */
355 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
356 }
357
358 /*
359 * Offset for hash value within the pad (when obtaining all hash values,
360 * in preparation for verification of the CertificateVerify message).
361 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
362 * is used to get the total length.
363 */
364 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
365
366 /*
367 * OID for hash functions in RSA signatures.
368 */
369 static const unsigned char HASH_OID_SHA1[] = {
370 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
371 };
372
373 static const unsigned char HASH_OID_SHA224[] = {
374 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
375 };
376
377 static const unsigned char HASH_OID_SHA256[] = {
378 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
379 };
380
381 static const unsigned char HASH_OID_SHA384[] = {
382 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
383 };
384
385 static const unsigned char HASH_OID_SHA512[] = {
386 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
387 };
388
389 static const unsigned char *HASH_OID[] = {
390 HASH_OID_SHA1,
391 HASH_OID_SHA224,
392 HASH_OID_SHA256,
393 HASH_OID_SHA384,
394 HASH_OID_SHA512
395 };
396
397 /*
398 * Verify the signature in CertificateVerify. Returned value is 0 on
399 * success, or a non-zero error code. Lack of implementation of the
400 * designated signature algorithm is reported as a "bad signature"
401 * error (because it means that the peer did not honour our advertised
402 * set of supported signature algorithms).
403 */
404 static int
405 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
406 {
407 const br_x509_class **xc;
408 const br_x509_pkey *pk;
409 int id;
410
411 id = ctx->hash_CV_id;
412 xc = ctx->eng.x509ctx;
413 pk = (*xc)->get_pkey(xc, NULL);
414 if (pk->key_type == BR_KEYTYPE_RSA) {
415 unsigned char tmp[64];
416 const unsigned char *hash_oid;
417
418 if (id == 0) {
419 hash_oid = NULL;
420 } else {
421 hash_oid = HASH_OID[id - 2];
422 }
423 if (ctx->eng.irsavrfy == 0) {
424 return BR_ERR_BAD_SIGNATURE;
425 }
426 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
427 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
428 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
429 {
430 return BR_ERR_BAD_SIGNATURE;
431 }
432 } else {
433 if (ctx->eng.iecdsa == 0) {
434 return BR_ERR_BAD_SIGNATURE;
435 }
436 if (!ctx->eng.iecdsa(ctx->eng.iec,
437 ctx->hash_CV, ctx->hash_CV_len,
438 &pk->key.ec, ctx->eng.pad, sig_len))
439 {
440 return BR_ERR_BAD_SIGNATURE;
441 }
442 }
443 return 0;
444 }
445
446
447
448 static const unsigned char t0_datablock[] = {
449 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
450 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
451 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
452 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
453 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
454 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
455 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
456 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
457 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
458 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
459 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
460 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
461 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
462 };
463
464 static const unsigned char t0_codeblock[] = {
465 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
466 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
467 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
468 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
480 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
483 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
486 0x01,
487 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
488 0x00, 0x00, 0x01,
489 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
491 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
494 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
500 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
501 0x00, 0x00, 0x79, 0x01,
502 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
504 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
505 0x00, 0x01,
506 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
507 0x00, 0x01,
508 T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
510 0x00, 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
513 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
514 0x00, 0x01,
515 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
517 0x00, 0x00, 0x01,
518 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
519 0x01,
520 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
521 0x00, 0x00, 0x01,
522 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
523 0x00, 0x00, 0x01,
524 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
525 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
526 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
528 0x00, 0x01,
529 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
530 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
531 0x00, 0x00, 0x01,
532 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
533 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
535 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
536 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
537 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
538 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
539 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA6, 0x1C, 0x83,
540 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
541 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x30, 0x02, 0x00, 0x38, 0x13,
542 0x01, 0x01, 0x0C, 0x75, 0x42, 0x2C, 0x19, 0x38, 0x06, 0x07, 0x02, 0x00,
543 0xCE, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x2A, 0x19,
544 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCE, 0x04, 0x76, 0x00, 0x01, 0x00, 0x75,
545 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0x8A, 0x40, 0x36, 0xAF, 0x35,
546 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD5, 0x01, 0x00, 0xD1, 0x01, 0x00,
547 0xAB, 0x04, 0x80, 0x46, 0xD5, 0xD2, 0x29, 0xD7, 0x4E, 0x06, 0x01, 0xD3,
548 0xD6, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00, 0xAC, 0x2A, 0x5B, 0x06, 0x0F,
549 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B, 0x29, 0xB0, 0xAE, 0x2A, 0xC7,
550 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B, 0x29, 0x01, 0x02, 0xA2, 0x05,
551 0x02, 0x6E, 0x2B, 0xB0, 0x04, 0x0A, 0xB2, 0x2A, 0x05, 0x04, 0x29, 0xA9,
552 0x04, 0x02, 0xB1, 0xAD, 0x04, 0x01, 0xB0, 0x01, 0x00, 0xAB, 0x01, 0x00,
553 0xD1, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00,
554 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCD,
555 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xC4, 0x19, 0x38, 0x06, 0x04,
556 0xCD, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2B, 0x00,
557 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01, 0x13, 0x37, 0x00, 0x00, 0x2A,
558 0x05, 0x04, 0x29, 0x01, 0x7F, 0x00, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01,
559 0x13, 0x5D, 0x06, 0x03, 0x5F, 0x04, 0x75, 0x47, 0x29, 0x00, 0x00, 0x01,
560 0x7F, 0x9F, 0xCD, 0x2A, 0x01, 0x07, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06,
561 0x0D, 0x29, 0x01, 0x10, 0x13, 0x06, 0x05, 0x01, 0x00, 0x75, 0x42, 0xC3,
562 0x04, 0x33, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x2A, 0x29, 0x29, 0x88, 0x30,
563 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x18, 0xC6, 0x2C, 0x19,
564 0x38, 0x06, 0x04, 0xCD, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x01,
565 0x01, 0x75, 0x42, 0x01, 0x17, 0x87, 0x42, 0x04, 0x03, 0x01, 0x00, 0x9F,
566 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0xFF, 0x32, 0x01, 0x2A, 0x03, 0x00,
567 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00, 0x00, 0x00, 0x9A,
568 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06,
569 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29, 0x01, 0x02, 0x74,
570 0x42, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x14, 0x29,
571 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01,
572 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01, 0x82, 0x00, 0x08,
573 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05, 0x3D, 0xA7, 0x39,
574 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42, 0x00, 0x00, 0x01,
575 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B, 0x76, 0x2E, 0x2A,
576 0xC9, 0x05, 0x02, 0x71, 0x2B, 0xA6, 0x28, 0x00, 0x02, 0x85, 0x2E, 0x05,
577 0x02, 0xBA, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x7E, 0x03, 0x00, 0x2A,
578 0x06, 0x17, 0xC0, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x4F,
579 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04, 0x01, 0x29, 0x04,
580 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00, 0x00, 0x31, 0x06,
581 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x11,
582 0xCD, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02,
583 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC1, 0x01, 0x01, 0x0E, 0x35, 0x39, 0x06,
584 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC8, 0x38, 0xB3, 0x00, 0x01, 0xB8,
585 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01, 0x03, 0x0F, 0x06,
586 0x08, 0xBF, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00, 0x47, 0x5A, 0xBF,
587 0xA5, 0x2A, 0x06, 0x23, 0xBF, 0xA5, 0x2A, 0x59, 0x2A, 0x06, 0x18, 0x2A,
588 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x2A,
589 0x03, 0x00, 0x83, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x56, 0x04, 0x65, 0x9B,
590 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02, 0x37, 0x00, 0x29,
591 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02, 0x72, 0x2B, 0x01,
592 0x0F, 0x13, 0x03, 0x00, 0xAE, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06,
593 0x23, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01, 0x01, 0x12, 0x02,
594 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12, 0x2A, 0x01, 0x02,
595 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C, 0x2B, 0x04, 0x0D,
596 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01,
597 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBE, 0x2A, 0x03, 0x01, 0x2A, 0x01,
598 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47, 0xB4, 0x02, 0x01,
599 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00, 0x1D, 0xB8, 0x01,
600 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB8, 0x01, 0x01, 0x0F,
601 0x05, 0x02, 0x71, 0x2B, 0xBE, 0x2A, 0x03, 0x00, 0x77, 0x40, 0x78, 0x01,
602 0x20, 0xB4, 0xC0, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02, 0x70, 0x2B, 0x2A,
603 0x8E, 0x42, 0x8D, 0x47, 0xB4, 0x1A, 0x03, 0x01, 0xBE, 0xA5, 0x01, 0x00,
604 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17, 0x3A, 0x08, 0x03,
605 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBE, 0x2A, 0x03, 0x06, 0x02,
606 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03,
607 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88, 0x30, 0x06, 0x02,
608 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81, 0xAC, 0x00, 0x0F,
609 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00, 0x95, 0x2E, 0x0B,
610 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC2, 0x2A, 0x5B, 0x06, 0x03,
611 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x79,
612 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02, 0x05, 0x02, 0x04,
613 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05, 0x40, 0x02, 0x05,
614 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29, 0x01, 0x00, 0x03,
615 0x07, 0xC0, 0xA5, 0x2A, 0x06, 0x09, 0xC0, 0x05, 0x04, 0x01, 0x7F, 0x03,
616 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01, 0x88, 0x04, 0x80,
617 0x41, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x80, 0x4E,
618 0xBE, 0xA5, 0x2A, 0x06, 0x80, 0x47, 0xBE, 0x01, 0x00, 0x3A, 0x0F, 0x06,
619 0x04, 0x29, 0xB7, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29,
620 0xB5, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29,
621 0xB6, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBC, 0x04,
622 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBD, 0x04, 0x0F, 0x01,
623 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xAA, 0x04, 0x05, 0x29, 0xBA, 0x01,
624 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01, 0x02, 0x03, 0x13,
625 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E, 0x97, 0x40, 0x01,
626 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10, 0x06, 0x03, 0x29,
627 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x6B, 0x2B, 0x02,
628 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0xA1, 0x02, 0x01,
629 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x29, 0x93, 0x2E,
630 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40, 0x2A, 0x94, 0x40,
631 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06,
632 0x04, 0x01, 0x02, 0x88, 0x42, 0x88, 0x30, 0x05, 0x04, 0x01, 0x01, 0x88,
633 0x42, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82,
634 0x01, 0x07, 0x01, 0xFC, 0x80, 0x00, 0x39, 0x80, 0x2F, 0x13, 0x2A, 0x80,
635 0x41, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47, 0x01, 0x08, 0x12,
636 0x5C, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7C, 0x2F,
637 0x43, 0x13, 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02,
638 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20, 0x34, 0x01, 0x20,
639 0x8E, 0x42, 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80,
640 0x49, 0x2A, 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01,
641 0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13,
642 0x05, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01,
643 0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63, 0x01, 0x00, 0x2A,
644 0x2A, 0x06, 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05,
645 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01, 0x04, 0x08, 0x04,
646 0xFF, 0x30, 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05,
647 0x03, 0x01, 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01, 0x83, 0xFF, 0x7F,
648 0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA1,
649 0x01, 0x00, 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x01, 0x00,
650 0x00, 0x00, 0xB2, 0xB1, 0x00, 0x04, 0x76, 0x2E, 0xCC, 0x06, 0x16, 0xBE,
651 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x2A, 0x03, 0x00,
652 0x83, 0x47, 0xB4, 0x02, 0x00, 0x76, 0x2E, 0xA6, 0x27, 0x76, 0x2E, 0x2A,
653 0xCA, 0x47, 0xC9, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39,
654 0x06, 0x14, 0xC0, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB4, 0x02, 0x03, 0x76,
655 0x2E, 0xA6, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01, 0x24, 0x9B, 0x00,
656 0x00, 0xB8, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x00, 0x9C,
657 0xB8, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83, 0x01, 0x0C, 0x08,
658 0x01, 0x0C, 0xB4, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32,
659 0x05, 0x02, 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
660 0x98, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02,
661 0x63, 0x00, 0xCF, 0x04, 0x74, 0x00, 0xBE, 0x01, 0x01, 0x0E, 0x06, 0x02,
662 0x66, 0x2B, 0xC0, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06,
663 0x02, 0x66, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30, 0x0B, 0x06, 0x0D,
664 0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42, 0x84, 0x42, 0x04,
665 0x01, 0x29, 0x00, 0x00, 0xBE, 0x88, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06,
666 0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x06, 0x02,
667 0x69, 0x2B, 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F,
668 0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x01,
669 0x0C, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C, 0xB4, 0x89, 0x83,
670 0x01, 0x0C, 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03, 0x69, 0x2B, 0x29,
671 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x2A, 0x06, 0x1D, 0xC0, 0x06, 0x03,
672 0xBA, 0x04, 0x15, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A,
673 0x8B, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB4, 0x04, 0x01, 0xC7,
674 0x04, 0x60, 0x9B, 0x9B, 0x00, 0x00, 0xB9, 0x2A, 0x5D, 0x06, 0x07, 0x29,
675 0x06, 0x02, 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC1, 0x01, 0x03, 0xBF,
676 0x47, 0x29, 0x47, 0x00, 0x00, 0xBE, 0xC7, 0x00, 0x03, 0x01, 0x00, 0x03,
677 0x00, 0xBE, 0xA5, 0x2A, 0x06, 0x80, 0x50, 0xC0, 0x03, 0x01, 0xC0, 0x03,
678 0x02, 0x02, 0x01, 0x01, 0x08, 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
679 0x0D, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02,
680 0x00, 0x39, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02,
681 0x01, 0x01, 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02,
682 0x01, 0x03, 0x0F, 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
683 0x02, 0x60, 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00,
684 0x04, 0xFF, 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBE, 0xA5, 0xBB, 0x80,
685 0x41, 0x9B, 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x00, 0x7C, 0x41,
686 0x2A, 0x06, 0x15, 0xBE, 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01,
687 0x47, 0x0C, 0x7C, 0x2F, 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68,
688 0x9B, 0x9B, 0x00, 0x00, 0x01, 0x02, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1,
689 0x08, 0x00, 0x00, 0x01, 0x03, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08,
690 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC1, 0x00,
691 0x00, 0x3D, 0x2A, 0x5B, 0x05, 0x01, 0x00, 0x29, 0xCF, 0x04, 0x76, 0x02,
692 0x03, 0x00, 0x92, 0x30, 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B,
693 0x06, 0x10, 0x2A, 0x01, 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F,
694 0x06, 0x01, 0x00, 0x5F, 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C,
695 0x19, 0x38, 0x06, 0x04, 0xCD, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42,
696 0x01, 0x00, 0xE0, 0x01, 0x00, 0xDF, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00,
697 0x00, 0x01, 0x15, 0x87, 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00,
698 0x00, 0x01, 0x01, 0x47, 0xC4, 0x00, 0x00, 0xB9, 0x01, 0x01, 0x0F, 0x05,
699 0x02, 0x71, 0x2B, 0x2A, 0xC7, 0x29, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47,
700 0x2A, 0x06, 0x05, 0xC1, 0x29, 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03,
701 0x00, 0x76, 0x2E, 0x9A, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02,
702 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12,
703 0x01, 0x0F, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00,
704 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80,
705 0x68, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10,
706 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01,
707 0x02, 0x3A, 0x0F, 0x06, 0x0F, 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00,
708 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F,
709 0x06, 0x0E, 0x29, 0x29, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04,
710 0x01, 0x49, 0x04, 0x29, 0x01, 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29,
711 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15,
712 0x01, 0x05, 0x3A, 0x0F, 0x06, 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03,
713 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A,
714 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12,
715 0x2A, 0x5E, 0x47, 0x01, 0x03, 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C,
716 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00,
717 0x00, 0x1B, 0x01, 0x00, 0x73, 0x30, 0x2A, 0x06, 0x22, 0x01, 0x01, 0x3A,
718 0x0F, 0x06, 0x06, 0x29, 0x01, 0x00, 0x9E, 0x04, 0x14, 0x01, 0x02, 0x3A,
719 0x0F, 0x06, 0x0D, 0x29, 0x75, 0x30, 0x01, 0x01, 0x0F, 0x06, 0x03, 0x01,
720 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B, 0x30, 0x05, 0x33,
721 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F, 0x06, 0x06, 0x29,
722 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F, 0x06, 0x09, 0x29,
723 0xA8, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01, 0x16, 0x3A, 0x0F,
724 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07, 0x29, 0x01, 0x04, 0x39,
725 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08, 0x39, 0x00, 0x00, 0x1B,
726 0x2A, 0x05, 0x13, 0x31, 0x06, 0x10, 0x86, 0x30, 0x01, 0x15, 0x0F, 0x06,
727 0x08, 0x29, 0xA8, 0x01, 0x00, 0x75, 0x42, 0x04, 0x01, 0x23, 0x00, 0x00,
728 0xCD, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00,
729 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00,
730 0xCD, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xD0, 0x01, 0x01, 0xE0, 0x2C,
731 0x2A, 0x01, 0x00, 0xC8, 0x01, 0x16, 0xD0, 0xD4, 0x2C, 0x00, 0x00, 0x01,
732 0x0B, 0xE0, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDF, 0xDF, 0x14, 0x2A,
733 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDF, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47,
734 0xD8, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xDA, 0x93, 0x2E,
735 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xDB, 0x08, 0x4E,
736 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xE0, 0xDF, 0x01, 0x00, 0xDA, 0xE0,
737 0x01, 0x01, 0xDA, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08,
738 0x01, 0x00, 0xDB, 0xDE, 0x01, 0x01, 0xDB, 0x29, 0x4E, 0xDE, 0x16, 0x15,
739 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDE, 0x1F, 0x2A, 0x06, 0x05, 0x83,
740 0x47, 0xD8, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xE0,
741 0x01, 0x0C, 0xDF, 0x83, 0x01, 0x0C, 0xD8, 0x00, 0x04, 0x03, 0x00, 0x01,
742 0x02, 0xE0, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C,
743 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
744 0x01, 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
745 0x01, 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01,
746 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
747 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDF, 0x93, 0x2E, 0xDE, 0x8C,
748 0x01, 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01,
749 0x20, 0xD8, 0x01, 0x20, 0xE0, 0x8D, 0x01, 0x20, 0xD8, 0x76, 0x2E, 0xDE,
750 0x01, 0x00, 0xE0, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
751 0x06, 0x80, 0x40, 0xDE, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE,
752 0x01, 0xDE, 0x01, 0x04, 0x09, 0x2A, 0xDE, 0x60, 0x89, 0x47, 0xD9, 0x04,
753 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDE, 0x01, 0x01, 0xDE,
754 0x84, 0x30, 0x01, 0x08, 0x09, 0xE0, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01,
755 0x10, 0xDE, 0x01, 0x04, 0x09, 0x2A, 0xDE, 0x62, 0x2A, 0xDE, 0x60, 0x83,
756 0x47, 0xD9, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E,
757 0xE0, 0x01, 0x00, 0xDF, 0x00, 0x03, 0x76, 0x2E, 0xCA, 0x05, 0x01, 0x00,
758 0x7C, 0x2F, 0x2A, 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x13, 0x06, 0x05,
759 0x29, 0x01, 0x1D, 0x04, 0x0E, 0x2A, 0x01, 0x83, 0xC0, 0x80, 0x80, 0x00,
760 0x13, 0x2A, 0x06, 0x01, 0x47, 0x29, 0xA3, 0x03, 0x00, 0x02, 0x00, 0x25,
761 0x2A, 0x5B, 0x06, 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86,
762 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xE0, 0x02, 0x01, 0x7E, 0x30, 0x08,
763 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDF, 0x01, 0x03,
764 0xE0, 0x02, 0x00, 0xDE, 0x7D, 0x7E, 0x30, 0xD9, 0x02, 0x02, 0x06, 0x1C,
765 0x90, 0x2E, 0x2A, 0x01, 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDE, 0x04,
766 0x0F, 0x01, 0x81, 0x7F, 0x13, 0xE0, 0x76, 0x2E, 0xCB, 0x01, 0x01, 0x0C,
767 0x01, 0x03, 0x08, 0xE0, 0x02, 0x01, 0xDE, 0x83, 0x02, 0x01, 0xD8, 0x00,
768 0x00, 0x54, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x29,
769 0x04, 0x73, 0x00, 0x2A, 0xE0, 0xD8, 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E,
770 0xC9, 0x06, 0x0C, 0x61, 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xE0, 0x01,
771 0x80, 0x42, 0xE0, 0x46, 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01,
772 0xE0, 0x45, 0x06, 0x08, 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40, 0xE0,
773 0x47, 0x29, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39, 0x05,
774 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C, 0xDC, 0x03, 0x00, 0x01, 0x03, 0x01,
775 0x80, 0x7C, 0xDC, 0x02, 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06, 0x07,
776 0x01, 0x01, 0x44, 0x29, 0xDC, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03,
777 0x44, 0x29, 0xDC, 0x02, 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00, 0x00,
778 0x00, 0x01, 0x00, 0x01, 0x04, 0xDD, 0x01, 0x05, 0xDD, 0x01, 0x06, 0xDD,
779 0x01, 0x03, 0xDD, 0x01, 0x02, 0xDD, 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00,
780 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61, 0x01,
781 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00, 0xE0, 0x01, 0x02, 0x3B, 0xE0, 0x00,
782 0x00, 0x2A, 0x01, 0x08, 0x52, 0xE0, 0xE0, 0x00, 0x00, 0x2A, 0x01, 0x10,
783 0x52, 0xE0, 0xDE, 0x00, 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00, 0xCD,
784 0x29, 0x04, 0x76
785 };
786
787 static const uint16_t t0_caddr[] = {
788 0,
789 5,
790 10,
791 15,
792 20,
793 25,
794 30,
795 35,
796 40,
797 44,
798 48,
799 52,
800 56,
801 60,
802 64,
803 68,
804 72,
805 76,
806 80,
807 84,
808 88,
809 92,
810 96,
811 100,
812 104,
813 109,
814 114,
815 119,
816 124,
817 129,
818 134,
819 139,
820 144,
821 149,
822 154,
823 159,
824 164,
825 169,
826 174,
827 180,
828 185,
829 190,
830 195,
831 200,
832 205,
833 210,
834 215,
835 220,
836 225,
837 230,
838 235,
839 240,
840 245,
841 250,
842 255,
843 260,
844 265,
845 270,
846 275,
847 280,
848 285,
849 290,
850 299,
851 303,
852 328,
853 334,
854 353,
855 364,
856 405,
857 516,
858 520,
859 553,
860 563,
861 587,
862 669,
863 683,
864 689,
865 748,
866 767,
867 789,
868 838,
869 887,
870 963,
871 1065,
872 1076,
873 1670,
874 1674,
875 1741,
876 1751,
877 1782,
878 1806,
879 1852,
880 1922,
881 1962,
882 1976,
883 1985,
884 1989,
885 2084,
886 2092,
887 2128,
888 2139,
889 2155,
890 2161,
891 2172,
892 2207,
893 2233,
894 2245,
895 2251,
896 2264,
897 2279,
898 2435,
899 2444,
900 2457,
901 2466,
902 2473,
903 2579,
904 2604,
905 2617,
906 2633,
907 2651,
908 2683,
909 2756,
910 2769,
911 2950,
912 2958,
913 3085,
914 3099,
915 3104,
916 3148,
917 3205,
918 3226,
919 3253,
920 3261,
921 3269
922 };
923
924 #define T0_INTERPRETED 91
925
926 #define T0_ENTER(ip, rp, slot) do { \
927 const unsigned char *t0_newip; \
928 uint32_t t0_lnum; \
929 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
930 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
931 (rp) += t0_lnum; \
932 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
933 (ip) = t0_newip; \
934 } while (0)
935
936 #define T0_DEFENTRY(name, slot) \
937 void \
938 name(void *ctx) \
939 { \
940 t0_context *t0ctx = ctx; \
941 t0ctx->ip = &t0_codeblock[0]; \
942 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
943 }
944
945 T0_DEFENTRY(br_ssl_hs_server_init_main, 164)
946
947 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
948
949 void
950 br_ssl_hs_server_run(void *t0ctx)
951 {
952 uint32_t *dp, *rp;
953 const unsigned char *ip;
954
955 #define T0_LOCAL(x) (*(rp - 2 - (x)))
956 #define T0_POP() (*-- dp)
957 #define T0_POPi() (*(int32_t *)(-- dp))
958 #define T0_PEEK(x) (*(dp - 1 - (x)))
959 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
960 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
961 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
962 #define T0_RPOP() (*-- rp)
963 #define T0_RPOPi() (*(int32_t *)(-- rp))
964 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
965 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
966 #define T0_ROLL(x) do { \
967 size_t t0len = (size_t)(x); \
968 uint32_t t0tmp = *(dp - 1 - t0len); \
969 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
970 *(dp - 1) = t0tmp; \
971 } while (0)
972 #define T0_SWAP() do { \
973 uint32_t t0tmp = *(dp - 2); \
974 *(dp - 2) = *(dp - 1); \
975 *(dp - 1) = t0tmp; \
976 } while (0)
977 #define T0_ROT() do { \
978 uint32_t t0tmp = *(dp - 3); \
979 *(dp - 3) = *(dp - 2); \
980 *(dp - 2) = *(dp - 1); \
981 *(dp - 1) = t0tmp; \
982 } while (0)
983 #define T0_NROT() do { \
984 uint32_t t0tmp = *(dp - 1); \
985 *(dp - 1) = *(dp - 2); \
986 *(dp - 2) = *(dp - 3); \
987 *(dp - 3) = t0tmp; \
988 } while (0)
989 #define T0_PICK(x) do { \
990 uint32_t t0depth = (x); \
991 T0_PUSH(T0_PEEK(t0depth)); \
992 } while (0)
993 #define T0_CO() do { \
994 goto t0_exit; \
995 } while (0)
996 #define T0_RET() goto t0_next
997
998 dp = ((t0_context *)t0ctx)->dp;
999 rp = ((t0_context *)t0ctx)->rp;
1000 ip = ((t0_context *)t0ctx)->ip;
1001 goto t0_next;
1002 for (;;) {
1003 uint32_t t0x;
1004
1005 t0_next:
1006 t0x = T0_NEXT(&ip);
1007 if (t0x < T0_INTERPRETED) {
1008 switch (t0x) {
1009 int32_t t0off;
1010
1011 case 0: /* ret */
1012 t0x = T0_RPOP();
1013 rp -= (t0x >> 16);
1014 t0x &= 0xFFFF;
1015 if (t0x == 0) {
1016 ip = NULL;
1017 goto t0_exit;
1018 }
1019 ip = &t0_codeblock[t0x];
1020 break;
1021 case 1: /* literal constant */
1022 T0_PUSHi(t0_parse7E_signed(&ip));
1023 break;
1024 case 2: /* read local */
1025 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
1026 break;
1027 case 3: /* write local */
1028 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1029 break;
1030 case 4: /* jump */
1031 t0off = t0_parse7E_signed(&ip);
1032 ip += t0off;
1033 break;
1034 case 5: /* jump if */
1035 t0off = t0_parse7E_signed(&ip);
1036 if (T0_POP()) {
1037 ip += t0off;
1038 }
1039 break;
1040 case 6: /* jump if not */
1041 t0off = t0_parse7E_signed(&ip);
1042 if (!T0_POP()) {
1043 ip += t0off;
1044 }
1045 break;
1046 case 7: {
1047 /* * */
1048
1049 uint32_t b = T0_POP();
1050 uint32_t a = T0_POP();
1051 T0_PUSH(a * b);
1052
1053 }
1054 break;
1055 case 8: {
1056 /* + */
1057
1058 uint32_t b = T0_POP();
1059 uint32_t a = T0_POP();
1060 T0_PUSH(a + b);
1061
1062 }
1063 break;
1064 case 9: {
1065 /* - */
1066
1067 uint32_t b = T0_POP();
1068 uint32_t a = T0_POP();
1069 T0_PUSH(a - b);
1070
1071 }
1072 break;
1073 case 10: {
1074 /* -rot */
1075 T0_NROT();
1076 }
1077 break;
1078 case 11: {
1079 /* < */
1080
1081 int32_t b = T0_POPi();
1082 int32_t a = T0_POPi();
1083 T0_PUSH(-(uint32_t)(a < b));
1084
1085 }
1086 break;
1087 case 12: {
1088 /* << */
1089
1090 int c = (int)T0_POPi();
1091 uint32_t x = T0_POP();
1092 T0_PUSH(x << c);
1093
1094 }
1095 break;
1096 case 13: {
1097 /* <= */
1098
1099 int32_t b = T0_POPi();
1100 int32_t a = T0_POPi();
1101 T0_PUSH(-(uint32_t)(a <= b));
1102
1103 }
1104 break;
1105 case 14: {
1106 /* <> */
1107
1108 uint32_t b = T0_POP();
1109 uint32_t a = T0_POP();
1110 T0_PUSH(-(uint32_t)(a != b));
1111
1112 }
1113 break;
1114 case 15: {
1115 /* = */
1116
1117 uint32_t b = T0_POP();
1118 uint32_t a = T0_POP();
1119 T0_PUSH(-(uint32_t)(a == b));
1120
1121 }
1122 break;
1123 case 16: {
1124 /* > */
1125
1126 int32_t b = T0_POPi();
1127 int32_t a = T0_POPi();
1128 T0_PUSH(-(uint32_t)(a > b));
1129
1130 }
1131 break;
1132 case 17: {
1133 /* >= */
1134
1135 int32_t b = T0_POPi();
1136 int32_t a = T0_POPi();
1137 T0_PUSH(-(uint32_t)(a >= b));
1138
1139 }
1140 break;
1141 case 18: {
1142 /* >> */
1143
1144 int c = (int)T0_POPi();
1145 int32_t x = T0_POPi();
1146 T0_PUSHi(x >> c);
1147
1148 }
1149 break;
1150 case 19: {
1151 /* and */
1152
1153 uint32_t b = T0_POP();
1154 uint32_t a = T0_POP();
1155 T0_PUSH(a & b);
1156
1157 }
1158 break;
1159 case 20: {
1160 /* begin-cert */
1161
1162 if (ENG->chain_len == 0) {
1163 T0_PUSHi(-1);
1164 } else {
1165 ENG->cert_cur = ENG->chain->data;
1166 ENG->cert_len = ENG->chain->data_len;
1167 ENG->chain ++;
1168 ENG->chain_len --;
1169 T0_PUSH(ENG->cert_len);
1170 }
1171
1172 }
1173 break;
1174 case 21: {
1175 /* begin-ta-name */
1176
1177 const br_x500_name *dn;
1178 if (CTX->cur_dn_index >= CTX->num_tas) {
1179 T0_PUSHi(-1);
1180 } else {
1181 if (CTX->ta_names == NULL) {
1182 dn = &CTX->tas[CTX->cur_dn_index].dn;
1183 } else {
1184 dn = &CTX->ta_names[CTX->cur_dn_index];
1185 }
1186 CTX->cur_dn_index ++;
1187 CTX->cur_dn = dn->data;
1188 CTX->cur_dn_len = dn->len;
1189 T0_PUSH(CTX->cur_dn_len);
1190 }
1191
1192 }
1193 break;
1194 case 22: {
1195 /* begin-ta-name-list */
1196
1197 CTX->cur_dn_index = 0;
1198
1199 }
1200 break;
1201 case 23: {
1202 /* bzero */
1203
1204 size_t len = (size_t)T0_POP();
1205 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1206 memset(addr, 0, len);
1207
1208 }
1209 break;
1210 case 24: {
1211 /* call-policy-handler */
1212
1213 int x;
1214 br_ssl_server_choices choices;
1215
1216 x = (*CTX->policy_vtable)->choose(
1217 CTX->policy_vtable, CTX, &choices);
1218 ENG->session.cipher_suite = choices.cipher_suite;
1219 CTX->sign_hash_id = choices.algo_id;
1220 ENG->chain = choices.chain;
1221 ENG->chain_len = choices.chain_len;
1222 T0_PUSHi(-(x != 0));
1223
1224 }
1225 break;
1226 case 25: {
1227 /* can-output? */
1228
1229 T0_PUSHi(-(ENG->hlen_out > 0));
1230
1231 }
1232 break;
1233 case 26: {
1234 /* check-resume */
1235
1236 if (ENG->session.session_id_len == 32
1237 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1238 CTX->cache_vtable, CTX, &ENG->session))
1239 {
1240 T0_PUSHi(-1);
1241 } else {
1242 T0_PUSH(0);
1243 }
1244
1245 }
1246 break;
1247 case 27: {
1248 /* co */
1249 T0_CO();
1250 }
1251 break;
1252 case 28: {
1253 /* compute-Finished-inner */
1254
1255 int prf_id = T0_POP();
1256 int from_client = T0_POPi();
1257 unsigned char tmp[48];
1258 br_tls_prf_seed_chunk seed;
1259
1260 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1261 seed.data = tmp;
1262 if (ENG->session.version >= BR_TLS12) {
1263 seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1264 } else {
1265 br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1266 br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1267 seed.len = 36;
1268 }
1269 prf(ENG->pad, 12, ENG->session.master_secret,
1270 sizeof ENG->session.master_secret,
1271 from_client ? "client finished" : "server finished",
1272 1, &seed);
1273
1274 }
1275 break;
1276 case 29: {
1277 /* compute-hash-CV */
1278
1279 int i;
1280
1281 for (i = 1; i <= 6; i ++) {
1282 br_multihash_out(&ENG->mhash, i,
1283 ENG->pad + HASH_PAD_OFF[i - 1]);
1284 }
1285
1286 }
1287 break;
1288 case 30: {
1289 /* copy-cert-chunk */
1290
1291 size_t clen;
1292
1293 clen = ENG->cert_len;
1294 if (clen > sizeof ENG->pad) {
1295 clen = sizeof ENG->pad;
1296 }
1297 memcpy(ENG->pad, ENG->cert_cur, clen);
1298 ENG->cert_cur += clen;
1299 ENG->cert_len -= clen;
1300 T0_PUSH(clen);
1301
1302 }
1303 break;
1304 case 31: {
1305 /* copy-dn-chunk */
1306
1307 size_t clen;
1308
1309 clen = CTX->cur_dn_len;
1310 if (clen > sizeof ENG->pad) {
1311 clen = sizeof ENG->pad;
1312 }
1313 memcpy(ENG->pad, CTX->cur_dn, clen);
1314 CTX->cur_dn += clen;
1315 CTX->cur_dn_len -= clen;
1316 T0_PUSH(clen);
1317
1318 }
1319 break;
1320 case 32: {
1321 /* copy-hash-CV */
1322
1323 int id = T0_POP();
1324 size_t off, len;
1325
1326 if (id == 0) {
1327 off = 0;
1328 len = 36;
1329 } else {
1330 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1331 T0_PUSH(0);
1332 T0_RET();
1333 }
1334 off = HASH_PAD_OFF[id - 1];
1335 len = HASH_PAD_OFF[id] - off;
1336 }
1337 memcpy(CTX->hash_CV, ENG->pad + off, len);
1338 CTX->hash_CV_len = len;
1339 CTX->hash_CV_id = id;
1340 T0_PUSHi(-1);
1341
1342 }
1343 break;
1344 case 33: {
1345 /* copy-protocol-name */
1346
1347 size_t idx = T0_POP();
1348 size_t len = strlen(ENG->protocol_names[idx]);
1349 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1350 T0_PUSH(len);
1351
1352 }
1353 break;
1354 case 34: {
1355 /* data-get8 */
1356
1357 size_t addr = T0_POP();
1358 T0_PUSH(t0_datablock[addr]);
1359
1360 }
1361 break;
1362 case 35: {
1363 /* discard-input */
1364
1365 ENG->hlen_in = 0;
1366
1367 }
1368 break;
1369 case 36: {
1370 /* do-ecdh */
1371
1372 int prf_id = T0_POPi();
1373 size_t len = T0_POP();
1374 do_ecdh(CTX, prf_id, ENG->pad, len);
1375
1376 }
1377 break;
1378 case 37: {
1379 /* do-ecdhe-part1 */
1380
1381 int curve = T0_POPi();
1382 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1383
1384 }
1385 break;
1386 case 38: {
1387 /* do-ecdhe-part2 */
1388
1389 int prf_id = T0_POPi();
1390 size_t len = T0_POP();
1391 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1392
1393 }
1394 break;
1395 case 39: {
1396 /* do-rsa-decrypt */
1397
1398 int prf_id = T0_POPi();
1399 size_t len = T0_POP();
1400 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1401
1402 }
1403 break;
1404 case 40: {
1405 /* do-static-ecdh */
1406
1407 do_static_ecdh(CTX, T0_POP());
1408
1409 }
1410 break;
1411 case 41: {
1412 /* drop */
1413 (void)T0_POP();
1414 }
1415 break;
1416 case 42: {
1417 /* dup */
1418 T0_PUSH(T0_PEEK(0));
1419 }
1420 break;
1421 case 43: {
1422 /* fail */
1423
1424 br_ssl_engine_fail(ENG, (int)T0_POPi());
1425 T0_CO();
1426
1427 }
1428 break;
1429 case 44: {
1430 /* flush-record */
1431
1432 br_ssl_engine_flush_record(ENG);
1433
1434 }
1435 break;
1436 case 45: {
1437 /* get-key-type-usages */
1438
1439 const br_x509_class *xc;
1440 const br_x509_pkey *pk;
1441 unsigned usages;
1442
1443 xc = *(ENG->x509ctx);
1444 pk = xc->get_pkey(ENG->x509ctx, &usages);
1445 if (pk == NULL) {
1446 T0_PUSH(0);
1447 } else {
1448 T0_PUSH(pk->key_type | usages);
1449 }
1450
1451 }
1452 break;
1453 case 46: {
1454 /* get16 */
1455
1456 size_t addr = (size_t)T0_POP();
1457 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG + addr));
1458
1459 }
1460 break;
1461 case 47: {
1462 /* get32 */
1463
1464 size_t addr = (size_t)T0_POP();
1465 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG + addr));
1466
1467 }
1468 break;
1469 case 48: {
1470 /* get8 */
1471
1472 size_t addr = (size_t)T0_POP();
1473 T0_PUSH(*((unsigned char *)ENG + addr));
1474
1475 }
1476 break;
1477 case 49: {
1478 /* has-input? */
1479
1480 T0_PUSHi(-(ENG->hlen_in != 0));
1481
1482 }
1483 break;
1484 case 50: {
1485 /* memcmp */
1486
1487 size_t len = (size_t)T0_POP();
1488 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1489 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1490 int x = memcmp(addr1, addr2, len);
1491 T0_PUSH((uint32_t)-(x == 0));
1492
1493 }
1494 break;
1495 case 51: {
1496 /* memcpy */
1497
1498 size_t len = (size_t)T0_POP();
1499 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1500 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1501 memcpy(dst, src, len);
1502
1503 }
1504 break;
1505 case 52: {
1506 /* mkrand */
1507
1508 size_t len = (size_t)T0_POP();
1509 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1510 br_hmac_drbg_generate(&ENG->rng, addr, len);
1511
1512 }
1513 break;
1514 case 53: {
1515 /* more-incoming-bytes? */
1516
1517 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1518
1519 }
1520 break;
1521 case 54: {
1522 /* multihash-init */
1523
1524 br_multihash_init(&ENG->mhash);
1525
1526 }
1527 break;
1528 case 55: {
1529 /* neg */
1530
1531 uint32_t a = T0_POP();
1532 T0_PUSH(-a);
1533
1534 }
1535 break;
1536 case 56: {
1537 /* not */
1538
1539 uint32_t a = T0_POP();
1540 T0_PUSH(~a);
1541
1542 }
1543 break;
1544 case 57: {
1545 /* or */
1546
1547 uint32_t b = T0_POP();
1548 uint32_t a = T0_POP();
1549 T0_PUSH(a | b);
1550
1551 }
1552 break;
1553 case 58: {
1554 /* over */
1555 T0_PUSH(T0_PEEK(1));
1556 }
1557 break;
1558 case 59: {
1559 /* pick */
1560 T0_PICK(T0_POP());
1561 }
1562 break;
1563 case 60: {
1564 /* read-chunk-native */
1565
1566 size_t clen = ENG->hlen_in;
1567 if (clen > 0) {
1568 uint32_t addr, len;
1569
1570 len = T0_POP();
1571 addr = T0_POP();
1572 if ((size_t)len < clen) {
1573 clen = (size_t)len;
1574 }
1575 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1576 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1577 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1578 }
1579 T0_PUSH(addr + (uint32_t)clen);
1580 T0_PUSH(len - (uint32_t)clen);
1581 ENG->hbuf_in += clen;
1582 ENG->hlen_in -= clen;
1583 }
1584
1585 }
1586 break;
1587 case 61: {
1588 /* read8-native */
1589
1590 if (ENG->hlen_in > 0) {
1591 unsigned char x;
1592
1593 x = *ENG->hbuf_in ++;
1594 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1595 br_multihash_update(&ENG->mhash, &x, 1);
1596 }
1597 T0_PUSH(x);
1598 ENG->hlen_in --;
1599 } else {
1600 T0_PUSHi(-1);
1601 }
1602
1603 }
1604 break;
1605 case 62: {
1606 /* save-session */
1607
1608 if (CTX->cache_vtable != NULL) {
1609 (*CTX->cache_vtable)->save(
1610 CTX->cache_vtable, CTX, &ENG->session);
1611 }
1612
1613 }
1614 break;
1615 case 63: {
1616 /* set-max-frag-len */
1617
1618 size_t max_frag_len = T0_POP();
1619
1620 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1621
1622 /*
1623 * We must adjust our own output limit. Since we call this only
1624 * after receiving a ClientHello and before beginning to send
1625 * the ServerHello, the next output record should be empty at
1626 * that point, so we can use max_frag_len as a limit.
1627 */
1628 if (ENG->hlen_out > max_frag_len) {
1629 ENG->hlen_out = max_frag_len;
1630 }
1631
1632 }
1633 break;
1634 case 64: {
1635 /* set16 */
1636
1637 size_t addr = (size_t)T0_POP();
1638 *(uint16_t *)(void *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1639
1640 }
1641 break;
1642 case 65: {
1643 /* set32 */
1644
1645 size_t addr = (size_t)T0_POP();
1646 *(uint32_t *)(void *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1647
1648 }
1649 break;
1650 case 66: {
1651 /* set8 */
1652
1653 size_t addr = (size_t)T0_POP();
1654 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1655
1656 }
1657 break;
1658 case 67: {
1659 /* supported-curves */
1660
1661 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1662 T0_PUSH(x);
1663
1664 }
1665 break;
1666 case 68: {
1667 /* supported-hash-functions */
1668
1669 int i;
1670 unsigned x, num;
1671
1672 x = 0;
1673 num = 0;
1674 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1675 if (br_multihash_getimpl(&ENG->mhash, i)) {
1676 x |= 1U << i;
1677 num ++;
1678 }
1679 }
1680 T0_PUSH(x);
1681 T0_PUSH(num);
1682
1683 }
1684 break;
1685 case 69: {
1686 /* supports-ecdsa? */
1687
1688 T0_PUSHi(-(ENG->iecdsa != 0));
1689
1690 }
1691 break;
1692 case 70: {
1693 /* supports-rsa-sign? */
1694
1695 T0_PUSHi(-(ENG->irsavrfy != 0));
1696
1697 }
1698 break;
1699 case 71: {
1700 /* swap */
1701 T0_SWAP();
1702 }
1703 break;
1704 case 72: {
1705 /* switch-aesgcm-in */
1706
1707 int is_client, prf_id;
1708 unsigned cipher_key_len;
1709
1710 cipher_key_len = T0_POP();
1711 prf_id = T0_POP();
1712 is_client = T0_POP();
1713 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1714 ENG->iaes_ctr, cipher_key_len);
1715
1716 }
1717 break;
1718 case 73: {
1719 /* switch-aesgcm-out */
1720
1721 int is_client, prf_id;
1722 unsigned cipher_key_len;
1723
1724 cipher_key_len = T0_POP();
1725 prf_id = T0_POP();
1726 is_client = T0_POP();
1727 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1728 ENG->iaes_ctr, cipher_key_len);
1729
1730 }
1731 break;
1732 case 74: {
1733 /* switch-cbc-in */
1734
1735 int is_client, prf_id, mac_id, aes;
1736 unsigned cipher_key_len;
1737
1738 cipher_key_len = T0_POP();
1739 aes = T0_POP();
1740 mac_id = T0_POP();
1741 prf_id = T0_POP();
1742 is_client = T0_POP();
1743 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1744 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1745
1746 }
1747 break;
1748 case 75: {
1749 /* switch-cbc-out */
1750
1751 int is_client, prf_id, mac_id, aes;
1752 unsigned cipher_key_len;
1753
1754 cipher_key_len = T0_POP();
1755 aes = T0_POP();
1756 mac_id = T0_POP();
1757 prf_id = T0_POP();
1758 is_client = T0_POP();
1759 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1760 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1761
1762 }
1763 break;
1764 case 76: {
1765 /* switch-chapol-in */
1766
1767 int is_client, prf_id;
1768
1769 prf_id = T0_POP();
1770 is_client = T0_POP();
1771 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1772
1773 }
1774 break;
1775 case 77: {
1776 /* switch-chapol-out */
1777
1778 int is_client, prf_id;
1779
1780 prf_id = T0_POP();
1781 is_client = T0_POP();
1782 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1783
1784 }
1785 break;
1786 case 78: {
1787 /* ta-names-total-length */
1788
1789 size_t u, len;
1790
1791 len = 0;
1792 if (CTX->ta_names != NULL) {
1793 for (u = 0; u < CTX->num_tas; u ++) {
1794 len += CTX->ta_names[u].len + 2;
1795 }
1796 } else if (CTX->tas != NULL) {
1797 for (u = 0; u < CTX->num_tas; u ++) {
1798 len += CTX->tas[u].dn.len + 2;
1799 }
1800 }
1801 T0_PUSH(len);
1802
1803 }
1804 break;
1805 case 79: {
1806 /* test-protocol-name */
1807
1808 size_t len = T0_POP();
1809 size_t u;
1810
1811 for (u = 0; u < ENG->protocol_names_num; u ++) {
1812 const char *name;
1813
1814 name = ENG->protocol_names[u];
1815 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1816 T0_PUSH(u);
1817 T0_RET();
1818 }
1819 }
1820 T0_PUSHi(-1);
1821
1822 }
1823 break;
1824 case 80: {
1825 /* total-chain-length */
1826
1827 size_t u;
1828 uint32_t total;
1829
1830 total = 0;
1831 for (u = 0; u < ENG->chain_len; u ++) {
1832 total += 3 + (uint32_t)ENG->chain[u].data_len;
1833 }
1834 T0_PUSH(total);
1835
1836 }
1837 break;
1838 case 81: {
1839 /* u< */
1840
1841 uint32_t b = T0_POP();
1842 uint32_t a = T0_POP();
1843 T0_PUSH(-(uint32_t)(a < b));
1844
1845 }
1846 break;
1847 case 82: {
1848 /* u>> */
1849
1850 int c = (int)T0_POPi();
1851 uint32_t x = T0_POP();
1852 T0_PUSH(x >> c);
1853
1854 }
1855 break;
1856 case 83: {
1857 /* verify-CV-sig */
1858
1859 int err;
1860
1861 err = verify_CV_sig(CTX, T0_POP());
1862 T0_PUSHi(err);
1863
1864 }
1865 break;
1866 case 84: {
1867 /* write-blob-chunk */
1868
1869 size_t clen = ENG->hlen_out;
1870 if (clen > 0) {
1871 uint32_t addr, len;
1872
1873 len = T0_POP();
1874 addr = T0_POP();
1875 if ((size_t)len < clen) {
1876 clen = (size_t)len;
1877 }
1878 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1879 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1880 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1881 }
1882 T0_PUSH(addr + (uint32_t)clen);
1883 T0_PUSH(len - (uint32_t)clen);
1884 ENG->hbuf_out += clen;
1885 ENG->hlen_out -= clen;
1886 }
1887
1888 }
1889 break;
1890 case 85: {
1891 /* write8-native */
1892
1893 unsigned char x;
1894
1895 x = (unsigned char)T0_POP();
1896 if (ENG->hlen_out > 0) {
1897 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1898 br_multihash_update(&ENG->mhash, &x, 1);
1899 }
1900 *ENG->hbuf_out ++ = x;
1901 ENG->hlen_out --;
1902 T0_PUSHi(-1);
1903 } else {
1904 T0_PUSHi(0);
1905 }
1906
1907 }
1908 break;
1909 case 86: {
1910 /* x509-append */
1911
1912 const br_x509_class *xc;
1913 size_t len;
1914
1915 xc = *(ENG->x509ctx);
1916 len = T0_POP();
1917 xc->append(ENG->x509ctx, ENG->pad, len);
1918
1919 }
1920 break;
1921 case 87: {
1922 /* x509-end-cert */
1923
1924 const br_x509_class *xc;
1925
1926 xc = *(ENG->x509ctx);
1927 xc->end_cert(ENG->x509ctx);
1928
1929 }
1930 break;
1931 case 88: {
1932 /* x509-end-chain */
1933
1934 const br_x509_class *xc;
1935
1936 xc = *(ENG->x509ctx);
1937 T0_PUSH(xc->end_chain(ENG->x509ctx));
1938
1939 }
1940 break;
1941 case 89: {
1942 /* x509-start-cert */
1943
1944 const br_x509_class *xc;
1945
1946 xc = *(ENG->x509ctx);
1947 xc->start_cert(ENG->x509ctx, T0_POP());
1948
1949 }
1950 break;
1951 case 90: {
1952 /* x509-start-chain */
1953
1954 const br_x509_class *xc;
1955 uint32_t bc;
1956
1957 bc = T0_POP();
1958 xc = *(ENG->x509ctx);
1959 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1960
1961 }
1962 break;
1963 }
1964
1965 } else {
1966 T0_ENTER(ip, rp, t0x);
1967 }
1968 }
1969 t0_exit:
1970 ((t0_context *)t0ctx)->dp = dp;
1971 ((t0_context *)t0ctx)->rp = rp;
1972 ((t0_context *)t0ctx)->ip = ip;
1973 }
The BearSSL library and tools.