projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added support for client certificates (both client-side and server-side, but still...
[BearSSL] / src / x509 / x509_minimal.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_x509_minimal_init_main(void *t0ctx);
65
66 void br_x509_minimal_run(void *t0ctx);
67
68
69
70 #include "inner.h"
71
72
73
74
75
76 #include "inner.h"
77
78 /*
79 * Implementation Notes
80 * --------------------
81 *
82 * The C code pushes the data by chunks; all decoding is done in the
83 * T0 code. The cert_length value is set to the certificate length when
84 * a new certificate is started; the T0 code picks it up as outer limit,
85 * and decoding functions use it to ensure that no attempt is made at
86 * reading past it. The T0 code also checks that once the certificate is
87 * decoded, there are no trailing bytes.
88 *
89 * The T0 code sets cert_length to 0 when the certificate is fully
90 * decoded.
91 *
92 * The C code must still perform two checks:
93 *
94 * -- If the certificate length is 0, then the T0 code will not be
95 * invoked at all. This invalid condition must thus be reported by the
96 * C code.
97 *
98 * -- When reaching the end of certificate, the C code must verify that
99 * the certificate length has been set to 0, thereby signaling that
100 * the T0 code properly decoded a certificate.
101 *
102 * Processing of a chain works in the following way:
103 *
104 * -- The error flag is set to a non-zero value when validation is
105 * finished. The value is either BR_ERR_X509_OK (validation is
106 * successful) or another non-zero error code. When a non-zero error
107 * code is obtained, the remaining bytes in the current certificate and
108 * the subsequent certificates (if any) are completely ignored.
109 *
110 * -- Each certificate is decoded in due course, with the following
111 * "interesting points":
112 *
113 * -- Start of the TBS: the multihash engine is reset and activated.
114 *
115 * -- Start of the issuer DN: the secondary hash engine is started,
116 * to process the encoded issuer DN.
117 *
118 * -- End of the issuer DN: the secondary hash engine is stopped. The
119 * resulting hash value is computed and then copied into the
120 * next_dn_hash[] buffer.
121 *
122 * -- Start of the subject DN: the secondary hash engine is started,
123 * to process the encoded subject DN.
124 *
125 * -- For the EE certificate only: the Common Name, if any, is matched
126 * against the expected server name.
127 *
128 * -- End of the subject DN: the secondary hash engine is stopped. The
129 * resulting hash value is computed into the pad. It is then processed:
130 *
131 * -- If this is the EE certificate, then the hash is ignored
132 * (except for direct trust processing, see later; the hash is
133 * simply left in current_dn_hash[]).
134 *
135 * -- Otherwise, the hashed subject DN is compared with the saved
136 * hash value (in saved_dn_hash[]). They must match.
137 *
138 * Either way, the next_dn_hash[] value is then copied into the
139 * saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]
140 * contains the hash of the issuer DN for the current certificate,
141 * and current_dn_hash[] contains the hash of the subject DN for the
142 * current certificate.
143 *
144 * -- Public key: it is decoded into the cert_pkey[] buffer. Unknown
145 * key types are reported at that point.
146 *
147 * -- If this is the EE certificate, then the key type is compared
148 * with the expected key type (initialization parameter). The public
149 * key data is copied to ee_pkey_data[]. The key and hashed subject
150 * DN are also compared with the "direct trust" keys; if the key
151 * and DN are matched, then validation ends with a success.
152 *
153 * -- Otherwise, the saved signature (cert_sig[]) is verified
154 * against the saved TBS hash (tbs_hash[]) and that freshly
155 * decoded public key. Failure here ends validation with an error.
156 *
157 * -- Extensions: extension values are processed in due order.
158 *
159 * -- Basic Constraints: for all certificates except EE, must be
160 * present, indicate a CA, and have a path legnth compatible with
161 * the chain length so far.
162 *
163 * -- Key Usage: for the EE, if present, must allow signatures
164 * or encryption/key exchange, as required for the cipher suite.
165 * For non-EE, if present, must have the "certificate sign" bit.
166 *
167 * -- Subject Alt Name: for the EE, dNSName names are matched
168 * against the server name. Ignored for non-EE.
169 *
170 * -- Authority Key Identifier, Subject Key Identifier, Issuer
171 * Alt Name, Subject Directory Attributes, CRL Distribution Points
172 * Freshest CRL, Authority Info Access and Subject Info Access
173 * extensions are always ignored: they either contain only
174 * informative data, or they relate to revocation processing, which
175 * we explicitly do not support.
176 *
177 * -- All other extensions are ignored if non-critical. If a
178 * critical extension other than the ones above is encountered,
179 * then a failure is reported.
180 *
181 * -- End of the TBS: the multihash engine is stopped.
182 *
183 * -- Signature algorithm: the signature algorithm on the
184 * certificate is decoded. A failure is reported if that algorithm
185 * is unknown. The hashed TBS corresponding to the signature hash
186 * function is computed and stored in tbs_hash[] (if not supported,
187 * then a failure is reported). The hash OID and length are stored
188 * in cert_sig_hash_oid and cert_sig_hash_len.
189 *
190 * -- Signature value: the signature value is copied into the
191 * cert_sig[] array.
192 *
193 * -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is
194 * looked up in the trust store (CA trust anchors only); for all
195 * that match, the signature (cert_sig[]) is verified against the
196 * anchor public key (hashed TBS is in tbs_hash[]). If one of these
197 * signatures is valid, then validation ends with a success.
198 *
199 * -- If the chain end is reached without obtaining a validation success,
200 * then validation is reported as failed.
201 */
202
203 #ifndef BR_USE_UNIX_TIME
204 #if defined __unix__ || defined __linux__ \
205 || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \
206 || (defined __APPLE__ && defined __MACH__)
207 #define BR_USE_UNIX_TIME 1
208 #endif
209 #endif
210
211 #ifndef BR_USE_WIN32_TIME
212 #if defined _WIN32 || defined _WIN64
213 #define BR_USE_WIN32_TIME 1
214 #endif
215 #endif
216
217 #if BR_USE_UNIX_TIME
218 #include <time.h>
219 #endif
220
221 #if BR_USE_WIN32_TIME
222 #include <windows.h>
223 #endif
224
225 void br_x509_minimal_init_main(void *ctx);
226 void br_x509_minimal_run(void *ctx);
227
228 /* see bearssl_x509.h */
229 void
230 br_x509_minimal_init(br_x509_minimal_context *ctx,
231 const br_hash_class *dn_hash_impl,
232 const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num)
233 {
234 memset(ctx, 0, sizeof *ctx);
235 ctx->vtable = &br_x509_minimal_vtable;
236 ctx->dn_hash_impl = dn_hash_impl;
237 ctx->trust_anchors = trust_anchors;
238 ctx->trust_anchors_num = trust_anchors_num;
239 }
240
241 static void
242 xm_start_chain(const br_x509_class **ctx, const char *server_name)
243 {
244 br_x509_minimal_context *cc;
245
246 cc = (br_x509_minimal_context *)ctx;
247 memset(&cc->pkey, 0, sizeof cc->pkey);
248 cc->num_certs = 0;
249 cc->err = 0;
250 cc->cpu.dp = cc->dp_stack;
251 cc->cpu.rp = cc->rp_stack;
252 br_x509_minimal_init_main(&cc->cpu);
253 if (server_name == NULL || *server_name == 0) {
254 cc->server_name = NULL;
255 } else {
256 cc->server_name = server_name;
257 }
258 }
259
260 static void
261 xm_start_cert(const br_x509_class **ctx, uint32_t length)
262 {
263 br_x509_minimal_context *cc;
264
265 cc = (br_x509_minimal_context *)ctx;
266 if (cc->err != 0) {
267 return;
268 }
269 if (length == 0) {
270 cc->err = BR_ERR_X509_TRUNCATED;
271 return;
272 }
273 cc->cert_length = length;
274 }
275
276 static void
277 xm_append(const br_x509_class **ctx, const unsigned char *buf, size_t len)
278 {
279 br_x509_minimal_context *cc;
280
281 cc = (br_x509_minimal_context *)ctx;
282 if (cc->err != 0) {
283 return;
284 }
285 cc->hbuf = buf;
286 cc->hlen = len;
287 br_x509_minimal_run(&cc->cpu);
288 }
289
290 static void
291 xm_end_cert(const br_x509_class **ctx)
292 {
293 br_x509_minimal_context *cc;
294
295 cc = (br_x509_minimal_context *)ctx;
296 if (cc->err == 0 && cc->cert_length != 0) {
297 cc->err = BR_ERR_X509_TRUNCATED;
298 }
299 cc->num_certs ++;
300 }
301
302 static unsigned
303 xm_end_chain(const br_x509_class **ctx)
304 {
305 br_x509_minimal_context *cc;
306
307 cc = (br_x509_minimal_context *)ctx;
308 if (cc->err == 0) {
309 if (cc->num_certs == 0) {
310 cc->err = BR_ERR_X509_EMPTY_CHAIN;
311 } else {
312 cc->err = BR_ERR_X509_NOT_TRUSTED;
313 }
314 } else if (cc->err == BR_ERR_X509_OK) {
315 return 0;
316 }
317 return (unsigned)cc->err;
318 }
319
320 static const br_x509_pkey *
321 xm_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
322 {
323 br_x509_minimal_context *cc;
324
325 cc = (br_x509_minimal_context *)ctx;
326 if (cc->err == BR_ERR_X509_OK
327 || cc->err == BR_ERR_X509_NOT_TRUSTED)
328 {
329 if (usages != NULL) {
330 *usages = cc->key_usages;
331 }
332 return &((br_x509_minimal_context *)ctx)->pkey;
333 } else {
334 return NULL;
335 }
336 }
337
338 /* see bearssl_x509.h */
339 const br_x509_class br_x509_minimal_vtable = {
340 sizeof(br_x509_minimal_context),
341 xm_start_chain,
342 xm_start_cert,
343 xm_append,
344 xm_end_cert,
345 xm_end_chain,
346 xm_get_pkey
347 };
348
349 #define CTX ((br_x509_minimal_context *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))
350 #define CONTEXT_NAME br_x509_minimal_context
351
352 #define DNHASH_LEN ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)
353
354 /*
355 * Hash a DN (from a trust anchor) into the provided buffer. This uses the
356 * DN hash implementation and context structure from the X.509 engine
357 * context.
358 */
359 static void
360 hash_dn(br_x509_minimal_context *ctx, const void *dn, size_t len,
361 unsigned char *out)
362 {
363 ctx->dn_hash_impl->init(&ctx->dn_hash.vtable);
364 ctx->dn_hash_impl->update(&ctx->dn_hash.vtable, dn, len);
365 ctx->dn_hash_impl->out(&ctx->dn_hash.vtable, out);
366 }
367
368 /*
369 * Compare two big integers for equality. The integers use unsigned big-endian
370 * encoding; extra leading bytes (of value 0) are allowed.
371 */
372 static int
373 eqbigint(const unsigned char *b1, size_t len1,
374 const unsigned char *b2, size_t len2)
375 {
376 while (len1 > 0 && *b1 == 0) {
377 b1 ++;
378 len1 --;
379 }
380 while (len2 > 0 && *b2 == 0) {
381 b2 ++;
382 len2 --;
383 }
384 if (len1 != len2) {
385 return 0;
386 }
387 return memcmp(b1, b2, len1) == 0;
388 }
389
390 /*
391 * Verify the signature on the certificate with the provided public key.
392 * This function checks the public key type with regards to the expected
393 * type. Returned value is either 0 on success, or a non-zero error code.
394 */
395 static int
396 verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk)
397 {
398 int kt;
399
400 kt = ctx->cert_signer_key_type;
401 if ((pk->key_type & 0x0F) != kt) {
402 return BR_ERR_X509_WRONG_KEY_TYPE;
403 }
404 switch (kt) {
405 unsigned char tmp[64];
406
407 case BR_KEYTYPE_RSA:
408 if (ctx->irsa == 0) {
409 return BR_ERR_X509_UNSUPPORTED;
410 }
411 if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len,
412 &t0_datablock[ctx->cert_sig_hash_oid],
413 ctx->cert_sig_hash_len, &pk->key.rsa, tmp))
414 {
415 return BR_ERR_X509_BAD_SIGNATURE;
416 }
417 if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
418 return BR_ERR_X509_BAD_SIGNATURE;
419 }
420 return 0;
421
422 case BR_KEYTYPE_EC:
423 if (ctx->iecdsa == 0) {
424 return BR_ERR_X509_UNSUPPORTED;
425 }
426 if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash,
427 ctx->cert_sig_hash_len, &pk->key.ec,
428 ctx->cert_sig, ctx->cert_sig_len))
429 {
430 return BR_ERR_X509_BAD_SIGNATURE;
431 }
432 return 0;
433
434 default:
435 return BR_ERR_X509_UNSUPPORTED;
436 }
437 }
438
439 /*
440 * Compare two strings for equality, in a case-insensitive way. This
441 * function handles casing only for ASCII letters.
442 */
443 static int
444 eqnocase(const void *s1, const void *s2, size_t len)
445 {
446 const unsigned char *buf1, *buf2;
447
448 buf1 = s1;
449 buf2 = s2;
450 while (len -- > 0) {
451 int x1, x2;
452
453 x1 = *buf1 ++;
454 x2 = *buf2 ++;
455 if (x1 >= 'A' && x1 <= 'Z') {
456 x1 += 'a' - 'A';
457 }
458 if (x2 >= 'A' && x2 <= 'Z') {
459 x2 += 'a' - 'A';
460 }
461 if (x1 != x2) {
462 return 0;
463 }
464 }
465 return 1;
466 }
467
468
469
470 static const uint8_t t0_datablock[] = {
471 0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,
472 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,
473 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,
474 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
475 0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
476 0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,
477 0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
478 0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
479 0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,
480 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,
481 0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,
482 0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,
483 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,
484 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
485 0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,
486 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E, 0x0F, 0x1F, 0x12, 0xFE,
487 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F, 0x26, 0x1E, 0x29, 0xDF,
488 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E, 0x0F, 0x3F, 0x13, 0x1E,
489 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F, 0x26, 0x3E, 0x29, 0xFF,
490 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F, 0x03, 0x55, 0x1D, 0x11,
491 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D, 0x0E, 0x03, 0x55, 0x1D, 0x12,
492 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D, 0x1F, 0x03, 0x55, 0x1D, 0x2E,
493 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x08, 0x2B, 0x06,
494 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B
495 };
496
497 static const uint8_t t0_codeblock[] = {
498 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x01,
499 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A, 0x00, 0x00, 0x22, 0x22, 0x00,
500 0x00, 0x01, T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01,
501 T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01,
502 T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01,
503 T0_INT1(BR_ERR_X509_BAD_TAG_CLASS), 0x00, 0x00, 0x01,
504 T0_INT1(BR_ERR_X509_BAD_TAG_VALUE), 0x00, 0x00, 0x01,
505 T0_INT1(BR_ERR_X509_BAD_TIME), 0x00, 0x00, 0x01,
506 T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION), 0x00, 0x00, 0x01,
507 T0_INT1(BR_ERR_X509_DN_MISMATCH), 0x00, 0x00, 0x01,
508 T0_INT1(BR_ERR_X509_EXPIRED), 0x00, 0x00, 0x01,
509 T0_INT1(BR_ERR_X509_EXTRA_ELEMENT), 0x00, 0x00, 0x01,
510 T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE), 0x00, 0x00, 0x01,
511 T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH), 0x00, 0x00, 0x01,
512 T0_INT1(BR_ERR_X509_INNER_TRUNC), 0x00, 0x00, 0x01,
513 T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
514 T0_INT1(BR_ERR_X509_NOT_CA), 0x00, 0x00, 0x01,
515 T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED), 0x00, 0x00, 0x01,
516 T0_INT1(BR_ERR_X509_NOT_PRIMITIVE), 0x00, 0x00, 0x01,
517 T0_INT1(BR_ERR_X509_OVERFLOW), 0x00, 0x00, 0x01,
518 T0_INT1(BR_ERR_X509_PARTIAL_BYTE), 0x00, 0x00, 0x01,
519 T0_INT1(BR_ERR_X509_UNEXPECTED), 0x00, 0x00, 0x01,
520 T0_INT1(BR_ERR_X509_UNSUPPORTED), 0x00, 0x00, 0x01,
521 T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY), 0x00, 0x00, 0x01,
522 T0_INT1(BR_KEYTYPE_EC), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA),
523 0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_length)), 0x00,
524 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig)), 0x00, 0x00,
525 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_len)), 0x00, 0x00,
526 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_oid)), 0x00, 0x00,
527 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_len)), 0x00, 0x00, 0x01,
528 T0_INT2(offsetof(CONTEXT_NAME, cert_signer_key_type)), 0x00, 0x00,
529 0x01, T0_INT2(offsetof(CONTEXT_NAME, current_dn_hash)), 0x00, 0x00,
530 0x01, T0_INT2(offsetof(CONTEXT_NAME, key_usages)), 0x00, 0x00, 0x01,
531 T0_INT2(offsetof(br_x509_minimal_context, pkey_data)), 0x01,
532 T0_INT2(BR_X509_BUFSIZE_KEY), 0x00, 0x00, 0x01,
533 T0_INT2(offsetof(CONTEXT_NAME, min_rsa_size)), 0x00, 0x00, 0x01,
534 T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01,
535 T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01,
536 T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01,
537 T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0x81, 0x2F,
538 0x6C, 0x00, 0x00, 0x01, 0x80, 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00,
539 0x00, 0x01, 0x81, 0x02, 0x00, 0x00, 0x01, 0x82, 0x08, 0x00, 0x00, 0x01,
540 0x81, 0x70, 0x00, 0x00, 0x01, 0x81, 0x64, 0x00, 0x04, 0x03, 0x00, 0x03,
541 0x01, 0x03, 0x02, 0x03, 0x03, 0x02, 0x03, 0x02, 0x01, 0x11, 0x06, 0x07,
542 0x02, 0x02, 0x02, 0x00, 0x0D, 0x04, 0x05, 0x02, 0x03, 0x02, 0x01, 0x0D,
543 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x23, 0x02, 0x01, 0x13, 0x38, 0x02,
544 0x00, 0x0F, 0x15, 0x00, 0x00, 0x05, 0x02, 0x4E, 0x26, 0x00, 0x00, 0x06,
545 0x02, 0x4F, 0x26, 0x00, 0x00, 0x01, 0x10, 0x71, 0x00, 0x00, 0x11, 0x05,
546 0x02, 0x52, 0x26, 0x6E, 0x00, 0x00, 0x11, 0x05, 0x02, 0x52, 0x26, 0x6F,
547 0x00, 0x00, 0x06, 0x02, 0x48, 0x26, 0x00, 0x00, 0x01, 0x82, 0x00, 0x00,
548 0x00, 0x23, 0x1E, 0x01, 0x08, 0x0E, 0x38, 0x3C, 0x1E, 0x09, 0x00, 0x09,
549 0x03, 0x00, 0x57, 0x29, 0x81, 0x1B, 0x36, 0x81, 0x1B, 0x81, 0x1E, 0x23,
550 0x01, 0x20, 0x11, 0x06, 0x15, 0x22, 0x6E, 0x81, 0x19, 0x81, 0x1E, 0x01,
551 0x02, 0x72, 0x81, 0x1C, 0x01, 0x02, 0x12, 0x06, 0x02, 0x53, 0x26, 0x73,
552 0x81, 0x1E, 0x01, 0x02, 0x72, 0x81, 0x1A, 0x81, 0x1B, 0x81, 0x28, 0x81,
553 0x0E, 0x61, 0x5D, 0x1F, 0x16, 0x81, 0x1B, 0x81, 0x13, 0x27, 0x65, 0x06,
554 0x02, 0x47, 0x26, 0x81, 0x13, 0x27, 0x6C, 0x06, 0x02, 0x47, 0x26, 0x73,
555 0x81, 0x0E, 0x02, 0x00, 0x06, 0x05, 0x2A, 0x03, 0x01, 0x04, 0x08, 0x5D,
556 0x64, 0x1F, 0x25, 0x05, 0x02, 0x46, 0x26, 0x64, 0x61, 0x1F, 0x16, 0x81,
557 0x1B, 0x81, 0x1B, 0x81, 0x0F, 0x05, 0x02, 0x53, 0x26, 0x81, 0x22, 0x24,
558 0x06, 0x2C, 0x81, 0x28, 0x81, 0x10, 0x81, 0x1B, 0x5F, 0x81, 0x16, 0x03,
559 0x03, 0x5F, 0x38, 0x02, 0x03, 0x09, 0x38, 0x02, 0x03, 0x0A, 0x81, 0x16,
560 0x03, 0x04, 0x73, 0x60, 0x28, 0x01, 0x81, 0x00, 0x09, 0x02, 0x03, 0x12,
561 0x06, 0x02, 0x54, 0x26, 0x73, 0x56, 0x03, 0x02, 0x04, 0x3D, 0x7F, 0x24,
562 0x06, 0x37, 0x81, 0x0F, 0x05, 0x02, 0x53, 0x26, 0x66, 0x24, 0x06, 0x04,
563 0x01, 0x17, 0x04, 0x12, 0x67, 0x24, 0x06, 0x04, 0x01, 0x18, 0x04, 0x0A,
564 0x68, 0x24, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02, 0x53, 0x26, 0x03, 0x05,
565 0x73, 0x81, 0x10, 0x23, 0x03, 0x06, 0x23, 0x5F, 0x31, 0x0D, 0x06, 0x02,
566 0x4C, 0x26, 0x81, 0x11, 0x55, 0x03, 0x02, 0x04, 0x02, 0x53, 0x26, 0x73,
567 0x02, 0x00, 0x06, 0x21, 0x02, 0x02, 0x56, 0x2D, 0x11, 0x06, 0x08, 0x22,
568 0x02, 0x03, 0x02, 0x04, 0x1D, 0x04, 0x10, 0x55, 0x2D, 0x11, 0x06, 0x08,
569 0x22, 0x02, 0x05, 0x02, 0x06, 0x1C, 0x04, 0x03, 0x53, 0x26, 0x22, 0x04,
570 0x24, 0x02, 0x02, 0x56, 0x2D, 0x11, 0x06, 0x08, 0x22, 0x02, 0x03, 0x02,
571 0x04, 0x21, 0x04, 0x10, 0x55, 0x2D, 0x11, 0x06, 0x08, 0x22, 0x02, 0x05,
572 0x02, 0x06, 0x20, 0x04, 0x03, 0x53, 0x26, 0x22, 0x23, 0x06, 0x01, 0x26,
573 0x22, 0x01, 0x00, 0x03, 0x07, 0x81, 0x1F, 0x01, 0x21, 0x81, 0x05, 0x01,
574 0x22, 0x81, 0x05, 0x23, 0x01, 0x23, 0x11, 0x06, 0x81, 0x35, 0x22, 0x6E,
575 0x81, 0x19, 0x81, 0x1B, 0x23, 0x06, 0x81, 0x27, 0x01, 0x00, 0x03, 0x08,
576 0x81, 0x1B, 0x81, 0x0F, 0x22, 0x81, 0x1E, 0x23, 0x01, 0x01, 0x11, 0x06,
577 0x06, 0x81, 0x12, 0x03, 0x08, 0x81, 0x1E, 0x01, 0x04, 0x72, 0x81, 0x19,
578 0x6B, 0x24, 0x06, 0x11, 0x02, 0x00, 0x06, 0x04, 0x81, 0x29, 0x04, 0x06,
579 0x81, 0x0C, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x80, 0x71, 0x81, 0x07, 0x24,
580 0x06, 0x07, 0x02, 0x00, 0x81, 0x0D, 0x04, 0x80, 0x65, 0x81, 0x2B, 0x24,
581 0x06, 0x13, 0x02, 0x00, 0x06, 0x0A, 0x01, 0x00, 0x03, 0x01, 0x81, 0x0B,
582 0x03, 0x01, 0x04, 0x02, 0x81, 0x29, 0x04, 0x80, 0x4D, 0x6A, 0x24, 0x06,
583 0x05, 0x81, 0x29, 0x04, 0x80, 0x44, 0x81, 0x2E, 0x24, 0x06, 0x04, 0x81,
584 0x29, 0x04, 0x3B, 0x81, 0x06, 0x24, 0x06, 0x04, 0x81, 0x29, 0x04, 0x32,
585 0x81, 0x2C, 0x24, 0x06, 0x04, 0x81, 0x29, 0x04, 0x29, 0x74, 0x24, 0x06,
586 0x04, 0x81, 0x29, 0x04, 0x21, 0x7E, 0x24, 0x06, 0x04, 0x81, 0x29, 0x04,
587 0x19, 0x69, 0x24, 0x06, 0x04, 0x81, 0x29, 0x04, 0x11, 0x81, 0x2D, 0x24,
588 0x06, 0x04, 0x81, 0x29, 0x04, 0x08, 0x02, 0x08, 0x06, 0x02, 0x45, 0x26,
589 0x81, 0x29, 0x73, 0x73, 0x04, 0xFE, 0x55, 0x73, 0x73, 0x04, 0x08, 0x01,
590 0x7F, 0x11, 0x05, 0x02, 0x52, 0x26, 0x22, 0x73, 0x37, 0x02, 0x00, 0x06,
591 0x08, 0x02, 0x01, 0x39, 0x2C, 0x05, 0x02, 0x41, 0x26, 0x02, 0x00, 0x06,
592 0x01, 0x17, 0x02, 0x00, 0x02, 0x07, 0x2C, 0x05, 0x02, 0x4D, 0x26, 0x81,
593 0x1E, 0x70, 0x81, 0x19, 0x81, 0x0F, 0x06, 0x81, 0x07, 0x81, 0x23, 0x24,
594 0x06, 0x08, 0x01, 0x02, 0x56, 0x81, 0x00, 0x04, 0x80, 0x6C, 0x81, 0x24,
595 0x24, 0x06, 0x08, 0x01, 0x03, 0x56, 0x81, 0x01, 0x04, 0x80, 0x5F, 0x81,
596 0x25, 0x24, 0x06, 0x08, 0x01, 0x04, 0x56, 0x81, 0x02, 0x04, 0x80, 0x52,
597 0x81, 0x26, 0x24, 0x06, 0x08, 0x01, 0x05, 0x56, 0x81, 0x03, 0x04, 0x80,
598 0x45, 0x81, 0x27, 0x24, 0x06, 0x07, 0x01, 0x06, 0x56, 0x81, 0x04, 0x04,
599 0x39, 0x79, 0x24, 0x06, 0x07, 0x01, 0x02, 0x55, 0x81, 0x00, 0x04, 0x2E,
600 0x7A, 0x24, 0x06, 0x07, 0x01, 0x03, 0x55, 0x81, 0x01, 0x04, 0x23, 0x7B,
601 0x24, 0x06, 0x07, 0x01, 0x04, 0x55, 0x81, 0x02, 0x04, 0x18, 0x7C, 0x24,
602 0x06, 0x07, 0x01, 0x05, 0x55, 0x81, 0x03, 0x04, 0x0D, 0x7D, 0x24, 0x06,
603 0x07, 0x01, 0x06, 0x55, 0x81, 0x04, 0x04, 0x02, 0x53, 0x26, 0x5A, 0x32,
604 0x5C, 0x34, 0x1B, 0x23, 0x05, 0x02, 0x53, 0x26, 0x59, 0x34, 0x04, 0x02,
605 0x53, 0x26, 0x81, 0x28, 0x81, 0x10, 0x23, 0x01,
606 T0_INT2(BR_X509_BUFSIZE_SIG), 0x12, 0x06, 0x02, 0x4C, 0x26, 0x23, 0x5B,
607 0x32, 0x58, 0x81, 0x11, 0x73, 0x73, 0x01, 0x00, 0x57, 0x33, 0x18, 0x00,
608 0x00, 0x01, 0x30, 0x0A, 0x23, 0x01, 0x00, 0x01, 0x09, 0x6D, 0x05, 0x02,
609 0x44, 0x26, 0x00, 0x00, 0x2D, 0x2D, 0x00, 0x00, 0x01, 0x81, 0x08, 0x00,
610 0x00, 0x01, 0x81, 0x10, 0x00, 0x00, 0x01, 0x81, 0x19, 0x00, 0x00, 0x01,
611 0x81, 0x22, 0x00, 0x00, 0x01, 0x81, 0x2B, 0x00, 0x00, 0x01, 0x82, 0x04,
612 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01,
613 0x80, 0x43, 0x00, 0x00, 0x01, 0x80, 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57,
614 0x00, 0x00, 0x01, 0x80, 0x61, 0x00, 0x00, 0x2D, 0x11, 0x06, 0x07, 0x3E,
615 0x81, 0x19, 0x81, 0x28, 0x81, 0x1F, 0x00, 0x00, 0x01, 0x81, 0x78, 0x00,
616 0x00, 0x01, 0x81, 0x68, 0x00, 0x00, 0x01, 0x30, 0x5E, 0x34, 0x01, 0x7F,
617 0x76, 0x19, 0x01, 0x00, 0x76, 0x19, 0x04, 0x7A, 0x00, 0x01, 0x81, 0x34,
618 0x00, 0x01, 0x78, 0x0D, 0x06, 0x02, 0x4B, 0x26, 0x23, 0x03, 0x00, 0x0A,
619 0x02, 0x00, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x81, 0x1B, 0x23, 0x06,
620 0x18, 0x81, 0x1E, 0x01, 0x22, 0x11, 0x06, 0x0C, 0x6F, 0x81, 0x1D, 0x22,
621 0x2A, 0x02, 0x00, 0x2C, 0x03, 0x00, 0x04, 0x03, 0x22, 0x81, 0x1A, 0x04,
622 0x65, 0x73, 0x02, 0x00, 0x00, 0x00, 0x81, 0x1B, 0x81, 0x1F, 0x23, 0x01,
623 0x01, 0x11, 0x06, 0x0A, 0x81, 0x12, 0x05, 0x02, 0x4D, 0x26, 0x81, 0x1F,
624 0x04, 0x02, 0x4D, 0x26, 0x23, 0x01, 0x02, 0x11, 0x06, 0x0E, 0x22, 0x6F,
625 0x81, 0x1C, 0x62, 0x29, 0x3D, 0x0D, 0x06, 0x02, 0x4D, 0x26, 0x81, 0x1F,
626 0x01, 0x7F, 0x10, 0x06, 0x02, 0x52, 0x26, 0x22, 0x73, 0x00, 0x02, 0x03,
627 0x00, 0x81, 0x1E, 0x01, 0x03, 0x72, 0x81, 0x19, 0x81, 0x20, 0x03, 0x01,
628 0x02, 0x01, 0x01, 0x07, 0x12, 0x06, 0x02, 0x52, 0x26, 0x23, 0x01, 0x00,
629 0x2D, 0x11, 0x06, 0x05, 0x22, 0x49, 0x26, 0x04, 0x17, 0x01, 0x01, 0x2D,
630 0x11, 0x06, 0x0B, 0x22, 0x81, 0x20, 0x02, 0x01, 0x14, 0x02, 0x01, 0x0E,
631 0x04, 0x06, 0x22, 0x81, 0x20, 0x01, 0x00, 0x22, 0x02, 0x00, 0x06, 0x19,
632 0x01, 0x00, 0x2D, 0x01, 0x38, 0x15, 0x06, 0x03, 0x01, 0x10, 0x2C, 0x38,
633 0x01, 0x81, 0x40, 0x15, 0x06, 0x03, 0x01, 0x20, 0x2C, 0x5E, 0x34, 0x04,
634 0x07, 0x01, 0x04, 0x15, 0x05, 0x02, 0x49, 0x26, 0x81, 0x28, 0x00, 0x02,
635 0x35, 0x01, 0x00, 0x63, 0x34, 0x81, 0x1B, 0x23, 0x06, 0x80, 0x6F, 0x81,
636 0x1E, 0x01, 0x11, 0x71, 0x81, 0x19, 0x23, 0x05, 0x02, 0x40, 0x26, 0x23,
637 0x06, 0x80, 0x5B, 0x81, 0x1B, 0x81, 0x1E, 0x01, 0x06, 0x72, 0x81, 0x19,
638 0x23, 0x01, 0x03, 0x11, 0x06, 0x1E, 0x81, 0x20, 0x01, 0x10, 0x0E, 0x03,
639 0x00, 0x81, 0x20, 0x01, 0x08, 0x0E, 0x02, 0x00, 0x09, 0x03, 0x00, 0x81,
640 0x20, 0x02, 0x00, 0x09, 0x01, 0x82, 0xD4, 0x88, 0x03, 0x11, 0x03, 0x01,
641 0x81, 0x28, 0x02, 0x01, 0x06, 0x23, 0x81, 0x1E, 0x23, 0x23, 0x01, 0x0C,
642 0x11, 0x38, 0x01, 0x13, 0x11, 0x2C, 0x38, 0x01, 0x14, 0x11, 0x2C, 0x06,
643 0x07, 0x6F, 0x81, 0x1D, 0x22, 0x73, 0x04, 0x07, 0x22, 0x01, 0x00, 0x63,
644 0x34, 0x81, 0x28, 0x04, 0x02, 0x81, 0x28, 0x04, 0xFF, 0x21, 0x73, 0x04,
645 0xFF, 0x0D, 0x73, 0x1A, 0x00, 0x00, 0x81, 0x1E, 0x01, 0x06, 0x72, 0x81,
646 0x1D, 0x00, 0x00, 0x81, 0x1E, 0x01, 0x03, 0x72, 0x81, 0x19, 0x81, 0x20,
647 0x06, 0x02, 0x51, 0x26, 0x00, 0x00, 0x38, 0x23, 0x06, 0x07, 0x2E, 0x23,
648 0x06, 0x01, 0x19, 0x04, 0x76, 0x3E, 0x00, 0x00, 0x01, 0x01, 0x72, 0x81,
649 0x18, 0x01, 0x01, 0x10, 0x06, 0x02, 0x3F, 0x26, 0x81, 0x20, 0x3A, 0x00,
650 0x04, 0x81, 0x1E, 0x23, 0x01, 0x17, 0x01, 0x18, 0x6D, 0x05, 0x02, 0x44,
651 0x26, 0x01, 0x18, 0x11, 0x03, 0x00, 0x6F, 0x81, 0x19, 0x81, 0x14, 0x02,
652 0x00, 0x06, 0x0D, 0x01, 0x80, 0x64, 0x08, 0x03, 0x01, 0x81, 0x14, 0x02,
653 0x01, 0x09, 0x04, 0x0E, 0x23, 0x01, 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80,
654 0x64, 0x09, 0x01, 0x8E, 0x6C, 0x09, 0x03, 0x01, 0x02, 0x01, 0x01, 0x82,
655 0x6D, 0x08, 0x02, 0x01, 0x01, 0x03, 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02,
656 0x01, 0x01, 0x80, 0x63, 0x09, 0x01, 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01,
657 0x01, 0x83, 0x0F, 0x09, 0x01, 0x83, 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01,
658 0x01, 0x01, 0x0C, 0x81, 0x15, 0x3D, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01,
659 0x04, 0x07, 0x3B, 0x02, 0x01, 0x01, 0x80, 0x64, 0x07, 0x3A, 0x02, 0x01,
660 0x01, 0x83, 0x10, 0x07, 0x3B, 0x2C, 0x15, 0x06, 0x03, 0x01, 0x18, 0x09,
661 0x81, 0x09, 0x09, 0x75, 0x23, 0x01, 0x05, 0x14, 0x02, 0x03, 0x09, 0x03,
662 0x03, 0x01, 0x1F, 0x15, 0x01, 0x01, 0x38, 0x81, 0x15, 0x02, 0x03, 0x09,
663 0x3D, 0x03, 0x03, 0x01, 0x00, 0x01, 0x17, 0x81, 0x15, 0x01, 0x9C, 0x10,
664 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3B, 0x81, 0x15, 0x01, 0x3C, 0x08,
665 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3C, 0x81, 0x15, 0x02,
666 0x02, 0x09, 0x03, 0x02, 0x81, 0x20, 0x23, 0x01, 0x2E, 0x11, 0x06, 0x0E,
667 0x22, 0x81, 0x20, 0x23, 0x01, 0x30, 0x01, 0x39, 0x6D, 0x06, 0x03, 0x22,
668 0x04, 0x73, 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x44, 0x26, 0x73, 0x02,
669 0x03, 0x02, 0x02, 0x00, 0x01, 0x81, 0x20, 0x77, 0x01, 0x0A, 0x08, 0x03,
670 0x00, 0x81, 0x20, 0x77, 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03,
671 0x01, 0x81, 0x14, 0x23, 0x02, 0x01, 0x02, 0x00, 0x6D, 0x05, 0x02, 0x44,
672 0x26, 0x00, 0x00, 0x31, 0x81, 0x1E, 0x01, 0x02, 0x72, 0x0B, 0x81, 0x17,
673 0x00, 0x03, 0x23, 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0x81, 0x19, 0x81,
674 0x20, 0x23, 0x01, 0x81, 0x00, 0x13, 0x06, 0x02, 0x50, 0x26, 0x23, 0x01,
675 0x00, 0x11, 0x06, 0x0C, 0x22, 0x23, 0x05, 0x04, 0x22, 0x01, 0x00, 0x00,
676 0x81, 0x20, 0x04, 0x6E, 0x02, 0x01, 0x23, 0x05, 0x02, 0x4C, 0x26, 0x3D,
677 0x03, 0x01, 0x02, 0x02, 0x34, 0x02, 0x02, 0x3C, 0x03, 0x02, 0x23, 0x06,
678 0x04, 0x81, 0x20, 0x04, 0x67, 0x22, 0x02, 0x00, 0x02, 0x01, 0x0A, 0x00,
679 0x01, 0x81, 0x20, 0x23, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x01,
680 0x81, 0x00, 0x0A, 0x23, 0x05, 0x02, 0x4A, 0x26, 0x03, 0x00, 0x01, 0x00,
681 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x1A, 0x02, 0x00, 0x3D, 0x03, 0x00,
682 0x23, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4B, 0x26, 0x01,
683 0x08, 0x0E, 0x38, 0x81, 0x20, 0x31, 0x09, 0x04, 0x5F, 0x00, 0x00, 0x81,
684 0x18, 0x81, 0x0A, 0x00, 0x00, 0x81, 0x19, 0x81, 0x28, 0x00, 0x00, 0x81,
685 0x1E, 0x70, 0x81, 0x19, 0x00, 0x01, 0x81, 0x19, 0x23, 0x05, 0x02, 0x50,
686 0x26, 0x81, 0x20, 0x23, 0x01, 0x81, 0x00, 0x13, 0x06, 0x02, 0x50, 0x26,
687 0x03, 0x00, 0x23, 0x06, 0x17, 0x81, 0x20, 0x02, 0x00, 0x23, 0x01, 0x87,
688 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, 0x50, 0x26, 0x01, 0x08, 0x0E, 0x09,
689 0x03, 0x00, 0x04, 0x66, 0x22, 0x02, 0x00, 0x00, 0x00, 0x81, 0x19, 0x23,
690 0x01, 0x81, 0x7F, 0x12, 0x06, 0x09, 0x81, 0x28, 0x01, 0x00, 0x63, 0x34,
691 0x01, 0x00, 0x00, 0x23, 0x63, 0x34, 0x63, 0x3C, 0x81, 0x11, 0x01, 0x7F,
692 0x00, 0x01, 0x81, 0x20, 0x03, 0x00, 0x02, 0x00, 0x01, 0x05, 0x14, 0x01,
693 0x01, 0x15, 0x2B, 0x02, 0x00, 0x01, 0x06, 0x14, 0x23, 0x01, 0x01, 0x15,
694 0x06, 0x02, 0x42, 0x26, 0x01, 0x04, 0x0E, 0x02, 0x00, 0x01, 0x1F, 0x15,
695 0x23, 0x01, 0x1F, 0x11, 0x06, 0x02, 0x43, 0x26, 0x09, 0x00, 0x00, 0x23,
696 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, 0x00, 0x81, 0x1E, 0x00, 0x00, 0x23,
697 0x05, 0x02, 0x4B, 0x26, 0x3D, 0x81, 0x21, 0x00, 0x00, 0x2F, 0x23, 0x01,
698 0x00, 0x13, 0x06, 0x01, 0x00, 0x22, 0x19, 0x04, 0x74, 0x00, 0x01, 0x01,
699 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x15, 0x00, 0x00, 0x01, 0x1F,
700 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, 0x33, 0x00, 0x00, 0x81, 0x29,
701 0x22, 0x00, 0x00, 0x23, 0x06, 0x08, 0x81, 0x2A, 0x23, 0x06, 0x01, 0x19,
702 0x04, 0x75, 0x00, 0x00, 0x01, 0x00, 0x2D, 0x2E, 0x0B, 0x3E, 0x00, 0x00,
703 0x01, 0x81, 0x6C, 0x00, 0x00, 0x01, 0x81, 0x7C, 0x00, 0x00, 0x01, 0x82,
704 0x11, 0x00, 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x01, 0x03, 0x30, 0x01,
705 0x03, 0x30, 0x00
706 };
707
708 static const uint16_t t0_caddr[] = {
709 0,
710 5,
711 10,
712 15,
713 20,
714 24,
715 28,
716 32,
717 36,
718 40,
719 44,
720 48,
721 52,
722 56,
723 60,
724 64,
725 68,
726 72,
727 76,
728 80,
729 84,
730 88,
731 92,
732 96,
733 100,
734 104,
735 108,
736 112,
737 116,
738 120,
739 125,
740 130,
741 135,
742 140,
743 145,
744 150,
745 155,
746 160,
747 168,
748 173,
749 178,
750 183,
751 188,
752 193,
753 198,
754 203,
755 208,
756 213,
757 218,
758 223,
759 228,
760 257,
761 272,
762 278,
763 284,
764 289,
765 297,
766 305,
767 311,
768 316,
769 327,
770 1029,
771 1044,
772 1048,
773 1053,
774 1058,
775 1063,
776 1068,
777 1073,
778 1078,
779 1083,
780 1087,
781 1092,
782 1097,
783 1102,
784 1107,
785 1120,
786 1125,
787 1130,
788 1145,
789 1150,
790 1164,
791 1202,
792 1255,
793 1352,
794 1478,
795 1487,
796 1502,
797 1516,
798 1533,
799 1765,
800 1781,
801 1799,
802 1810,
803 1881,
804 1939,
805 1945,
806 1951,
807 1958,
808 2009,
809 2038,
810 2083,
811 2095,
812 2105,
813 2118,
814 2122,
815 2126,
816 2130,
817 2134,
818 2138,
819 2142,
820 2147,
821 2160,
822 2168,
823 2173,
824 2178,
825 2183,
826 2188
827 };
828
829 #define T0_INTERPRETED 58
830
831 #define T0_ENTER(ip, rp, slot) do { \
832 const unsigned char *t0_newip; \
833 uint32_t t0_lnum; \
834 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
835 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
836 (rp) += t0_lnum; \
837 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
838 (ip) = t0_newip; \
839 } while (0)
840
841 #define T0_DEFENTRY(name, slot) \
842 void \
843 name(void *ctx) \
844 { \
845 t0_context *t0ctx = ctx; \
846 t0ctx->ip = &t0_codeblock[0]; \
847 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
848 }
849
850 T0_DEFENTRY(br_x509_minimal_init_main, 136)
851
852 void
853 br_x509_minimal_run(void *t0ctx)
854 {
855 uint32_t *dp, *rp;
856 const unsigned char *ip;
857
858 #define T0_LOCAL(x) (*(rp - 2 - (x)))
859 #define T0_POP() (*-- dp)
860 #define T0_POPi() (*(int32_t *)(-- dp))
861 #define T0_PEEK(x) (*(dp - 1 - (x)))
862 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
863 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
864 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
865 #define T0_RPOP() (*-- rp)
866 #define T0_RPOPi() (*(int32_t *)(-- rp))
867 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
868 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
869 #define T0_ROLL(x) do { \
870 size_t t0len = (size_t)(x); \
871 uint32_t t0tmp = *(dp - 1 - t0len); \
872 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
873 *(dp - 1) = t0tmp; \
874 } while (0)
875 #define T0_SWAP() do { \
876 uint32_t t0tmp = *(dp - 2); \
877 *(dp - 2) = *(dp - 1); \
878 *(dp - 1) = t0tmp; \
879 } while (0)
880 #define T0_ROT() do { \
881 uint32_t t0tmp = *(dp - 3); \
882 *(dp - 3) = *(dp - 2); \
883 *(dp - 2) = *(dp - 1); \
884 *(dp - 1) = t0tmp; \
885 } while (0)
886 #define T0_NROT() do { \
887 uint32_t t0tmp = *(dp - 1); \
888 *(dp - 1) = *(dp - 2); \
889 *(dp - 2) = *(dp - 3); \
890 *(dp - 3) = t0tmp; \
891 } while (0)
892 #define T0_PICK(x) do { \
893 uint32_t t0depth = (x); \
894 T0_PUSH(T0_PEEK(t0depth)); \
895 } while (0)
896 #define T0_CO() do { \
897 goto t0_exit; \
898 } while (0)
899 #define T0_RET() break
900
901 dp = ((t0_context *)t0ctx)->dp;
902 rp = ((t0_context *)t0ctx)->rp;
903 ip = ((t0_context *)t0ctx)->ip;
904 for (;;) {
905 uint32_t t0x;
906
907 t0x = t0_parse7E_unsigned(&ip);
908 if (t0x < T0_INTERPRETED) {
909 switch (t0x) {
910 int32_t t0off;
911
912 case 0: /* ret */
913 t0x = T0_RPOP();
914 rp -= (t0x >> 16);
915 t0x &= 0xFFFF;
916 if (t0x == 0) {
917 ip = NULL;
918 goto t0_exit;
919 }
920 ip = &t0_codeblock[t0x];
921 break;
922 case 1: /* literal constant */
923 T0_PUSHi(t0_parse7E_signed(&ip));
924 break;
925 case 2: /* read local */
926 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
927 break;
928 case 3: /* write local */
929 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
930 break;
931 case 4: /* jump */
932 t0off = t0_parse7E_signed(&ip);
933 ip += t0off;
934 break;
935 case 5: /* jump if */
936 t0off = t0_parse7E_signed(&ip);
937 if (T0_POP()) {
938 ip += t0off;
939 }
940 break;
941 case 6: /* jump if not */
942 t0off = t0_parse7E_signed(&ip);
943 if (!T0_POP()) {
944 ip += t0off;
945 }
946 break;
947 case 7: {
948 /* %25 */
949
950 int32_t b = T0_POPi();
951 int32_t a = T0_POPi();
952 T0_PUSHi(a % b);
953
954 }
955 break;
956 case 8: {
957 /* * */
958
959 uint32_t b = T0_POP();
960 uint32_t a = T0_POP();
961 T0_PUSH(a * b);
962
963 }
964 break;
965 case 9: {
966 /* + */
967
968 uint32_t b = T0_POP();
969 uint32_t a = T0_POP();
970 T0_PUSH(a + b);
971
972 }
973 break;
974 case 10: {
975 /* - */
976
977 uint32_t b = T0_POP();
978 uint32_t a = T0_POP();
979 T0_PUSH(a - b);
980
981 }
982 break;
983 case 11: {
984 /* -rot */
985 T0_NROT();
986 }
987 break;
988 case 12: {
989 /* / */
990
991 int32_t b = T0_POPi();
992 int32_t a = T0_POPi();
993 T0_PUSHi(a / b);
994
995 }
996 break;
997 case 13: {
998 /* < */
999
1000 int32_t b = T0_POPi();
1001 int32_t a = T0_POPi();
1002 T0_PUSH(-(uint32_t)(a < b));
1003
1004 }
1005 break;
1006 case 14: {
1007 /* << */
1008
1009 int c = (int)T0_POPi();
1010 uint32_t x = T0_POP();
1011 T0_PUSH(x << c);
1012
1013 }
1014 break;
1015 case 15: {
1016 /* <= */
1017
1018 int32_t b = T0_POPi();
1019 int32_t a = T0_POPi();
1020 T0_PUSH(-(uint32_t)(a <= b));
1021
1022 }
1023 break;
1024 case 16: {
1025 /* <> */
1026
1027 uint32_t b = T0_POP();
1028 uint32_t a = T0_POP();
1029 T0_PUSH(-(uint32_t)(a != b));
1030
1031 }
1032 break;
1033 case 17: {
1034 /* = */
1035
1036 uint32_t b = T0_POP();
1037 uint32_t a = T0_POP();
1038 T0_PUSH(-(uint32_t)(a == b));
1039
1040 }
1041 break;
1042 case 18: {
1043 /* > */
1044
1045 int32_t b = T0_POPi();
1046 int32_t a = T0_POPi();
1047 T0_PUSH(-(uint32_t)(a > b));
1048
1049 }
1050 break;
1051 case 19: {
1052 /* >= */
1053
1054 int32_t b = T0_POPi();
1055 int32_t a = T0_POPi();
1056 T0_PUSH(-(uint32_t)(a >= b));
1057
1058 }
1059 break;
1060 case 20: {
1061 /* >> */
1062
1063 int c = (int)T0_POPi();
1064 int32_t x = T0_POPi();
1065 T0_PUSHi(x >> c);
1066
1067 }
1068 break;
1069 case 21: {
1070 /* and */
1071
1072 uint32_t b = T0_POP();
1073 uint32_t a = T0_POP();
1074 T0_PUSH(a & b);
1075
1076 }
1077 break;
1078 case 22: {
1079 /* blobcopy */
1080
1081 size_t len = T0_POP();
1082 unsigned char *src = (unsigned char *)CTX + T0_POP();
1083 unsigned char *dst = (unsigned char *)CTX + T0_POP();
1084 memcpy(dst, src, len);
1085
1086 }
1087 break;
1088 case 23: {
1089 /* check-direct-trust */
1090
1091 size_t u;
1092
1093 for (u = 0; u < CTX->trust_anchors_num; u ++) {
1094 const br_x509_trust_anchor *ta;
1095 unsigned char hashed_DN[64];
1096 int kt;
1097
1098 ta = &CTX->trust_anchors[u];
1099 if (ta->flags & BR_X509_TA_CA) {
1100 continue;
1101 }
1102 hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1103 if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {
1104 continue;
1105 }
1106 kt = CTX->pkey.key_type;
1107 if ((ta->pkey.key_type & 0x0F) != kt) {
1108 continue;
1109 }
1110 switch (kt) {
1111
1112 case BR_KEYTYPE_RSA:
1113 if (!eqbigint(CTX->pkey.key.rsa.n,
1114 CTX->pkey.key.rsa.nlen,
1115 ta->pkey.key.rsa.n,
1116 ta->pkey.key.rsa.nlen)
1117 || !eqbigint(CTX->pkey.key.rsa.e,
1118 CTX->pkey.key.rsa.elen,
1119 ta->pkey.key.rsa.e,
1120 ta->pkey.key.rsa.elen))
1121 {
1122 continue;
1123 }
1124 break;
1125
1126 case BR_KEYTYPE_EC:
1127 if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve
1128 || CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen
1129 || memcmp(CTX->pkey.key.ec.q,
1130 ta->pkey.key.ec.q,
1131 ta->pkey.key.ec.qlen) != 0)
1132 {
1133 continue;
1134 }
1135 break;
1136
1137 default:
1138 continue;
1139 }
1140
1141 /*
1142 * Direct trust match!
1143 */
1144 CTX->err = BR_ERR_X509_OK;
1145 T0_CO();
1146 }
1147
1148 }
1149 break;
1150 case 24: {
1151 /* check-trust-anchor-CA */
1152
1153 size_t u;
1154
1155 for (u = 0; u < CTX->trust_anchors_num; u ++) {
1156 const br_x509_trust_anchor *ta;
1157 unsigned char hashed_DN[64];
1158
1159 ta = &CTX->trust_anchors[u];
1160 if (!(ta->flags & BR_X509_TA_CA)) {
1161 continue;
1162 }
1163 hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1164 if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {
1165 continue;
1166 }
1167 if (verify_signature(CTX, &ta->pkey) == 0) {
1168 CTX->err = BR_ERR_X509_OK;
1169 T0_CO();
1170 }
1171 }
1172
1173 }
1174 break;
1175 case 25: {
1176 /* co */
1177 T0_CO();
1178 }
1179 break;
1180 case 26: {
1181 /* compute-dn-hash */
1182
1183 CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash);
1184 CTX->do_dn_hash = 0;
1185
1186 }
1187 break;
1188 case 27: {
1189 /* compute-tbs-hash */
1190
1191 int id = T0_POPi();
1192 size_t len;
1193 len = br_multihash_out(&CTX->mhash, id, CTX->tbs_hash);
1194 T0_PUSH(len);
1195
1196 }
1197 break;
1198 case 28: {
1199 /* copy-ee-ec-pkey */
1200
1201 size_t qlen = T0_POP();
1202 uint32_t curve = T0_POP();
1203 memcpy(CTX->ee_pkey_data, CTX->pkey_data, qlen);
1204 CTX->pkey.key_type = BR_KEYTYPE_EC;
1205 CTX->pkey.key.ec.curve = curve;
1206 CTX->pkey.key.ec.q = CTX->ee_pkey_data;
1207 CTX->pkey.key.ec.qlen = qlen;
1208
1209 }
1210 break;
1211 case 29: {
1212 /* copy-ee-rsa-pkey */
1213
1214 size_t elen = T0_POP();
1215 size_t nlen = T0_POP();
1216 memcpy(CTX->ee_pkey_data, CTX->pkey_data, nlen + elen);
1217 CTX->pkey.key_type = BR_KEYTYPE_RSA;
1218 CTX->pkey.key.rsa.n = CTX->ee_pkey_data;
1219 CTX->pkey.key.rsa.nlen = nlen;
1220 CTX->pkey.key.rsa.e = CTX->ee_pkey_data + nlen;
1221 CTX->pkey.key.rsa.elen = elen;
1222
1223 }
1224 break;
1225 case 30: {
1226 /* data-get8 */
1227
1228 size_t addr = T0_POP();
1229 T0_PUSH(t0_datablock[addr]);
1230
1231 }
1232 break;
1233 case 31: {
1234 /* dn-hash-length */
1235
1236 T0_PUSH(DNHASH_LEN);
1237
1238 }
1239 break;
1240 case 32: {
1241 /* do-ecdsa-vrfy */
1242
1243 size_t qlen = T0_POP();
1244 int curve = T0_POP();
1245 br_x509_pkey pk;
1246
1247 pk.key_type = BR_KEYTYPE_EC;
1248 pk.key.ec.curve = curve;
1249 pk.key.ec.q = CTX->pkey_data;
1250 pk.key.ec.qlen = qlen;
1251 T0_PUSH(verify_signature(CTX, &pk));
1252
1253 }
1254 break;
1255 case 33: {
1256 /* do-rsa-vrfy */
1257
1258 size_t elen = T0_POP();
1259 size_t nlen = T0_POP();
1260 br_x509_pkey pk;
1261
1262 pk.key_type = BR_KEYTYPE_RSA;
1263 pk.key.rsa.n = CTX->pkey_data;
1264 pk.key.rsa.nlen = nlen;
1265 pk.key.rsa.e = CTX->pkey_data + nlen;
1266 pk.key.rsa.elen = elen;
1267 T0_PUSH(verify_signature(CTX, &pk));
1268
1269 }
1270 break;
1271 case 34: {
1272 /* drop */
1273 (void)T0_POP();
1274 }
1275 break;
1276 case 35: {
1277 /* dup */
1278 T0_PUSH(T0_PEEK(0));
1279 }
1280 break;
1281 case 36: {
1282 /* eqOID */
1283
1284 const unsigned char *a2 = &t0_datablock[T0_POP()];
1285 const unsigned char *a1 = &CTX->pad[0];
1286 size_t len = a1[0];
1287 int x;
1288 if (len == a2[0]) {
1289 x = -(memcmp(a1 + 1, a2 + 1, len) == 0);
1290 } else {
1291 x = 0;
1292 }
1293 T0_PUSH((uint32_t)x);
1294
1295 }
1296 break;
1297 case 37: {
1298 /* eqblob */
1299
1300 size_t len = T0_POP();
1301 const unsigned char *a2 = (const unsigned char *)CTX + T0_POP();
1302 const unsigned char *a1 = (const unsigned char *)CTX + T0_POP();
1303 T0_PUSHi(-(memcmp(a1, a2, len) == 0));
1304
1305 }
1306 break;
1307 case 38: {
1308 /* fail */
1309
1310 CTX->err = T0_POPi();
1311 T0_CO();
1312
1313 }
1314 break;
1315 case 39: {
1316 /* get-system-date */
1317
1318 if (CTX->days == 0 && CTX->seconds == 0) {
1319 #if BR_USE_UNIX_TIME
1320 time_t x = time(NULL);
1321
1322 T0_PUSH((uint32_t)(x / 86400) + 719528);
1323 T0_PUSH((uint32_t)(x % 86400));
1324 #elif BR_USE_WIN32_TIME
1325 FILETIME ft;
1326 uint64_t x;
1327
1328 GetSystemTimeAsFileTime(&ft);
1329 x = ((uint64_t)ft.dwHighDateTime << 32)
1330 + (uint64_t)ft.dwLowDateTime;
1331 x = (x / 10000000);
1332 T0_PUSH((uint32_t)(x / 86400) + 584754);
1333 T0_PUSH((uint32_t)(x % 86400));
1334 #else
1335 CTX->err = BR_ERR_X509_TIME_UNKNOWN;
1336 T0_CO();
1337 #endif
1338 } else {
1339 T0_PUSH(CTX->days);
1340 T0_PUSH(CTX->seconds);
1341 }
1342
1343 }
1344 break;
1345 case 40: {
1346 /* get16 */
1347
1348 uint32_t addr = T0_POP();
1349 T0_PUSH(*(uint16_t *)((unsigned char *)CTX + addr));
1350
1351 }
1352 break;
1353 case 41: {
1354 /* get32 */
1355
1356 uint32_t addr = T0_POP();
1357 T0_PUSH(*(uint32_t *)((unsigned char *)CTX + addr));
1358
1359 }
1360 break;
1361 case 42: {
1362 /* match-server-name */
1363
1364 size_t n1, n2;
1365
1366 if (CTX->server_name == NULL) {
1367 T0_PUSH(0);
1368 T0_RET();
1369 }
1370 n1 = strlen(CTX->server_name);
1371 n2 = CTX->pad[0];
1372 if (n1 == n2 && eqnocase(&CTX->pad[1], CTX->server_name, n1)) {
1373 T0_PUSHi(-1);
1374 T0_RET();
1375 }
1376 if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {
1377 size_t u;
1378
1379 u = 0;
1380 while (u < n1 && CTX->server_name[u] != '.') {
1381 u ++;
1382 }
1383 u ++;
1384 n1 -= u;
1385 if ((n2 - 2) == n1
1386 && eqnocase(&CTX->pad[3], CTX->server_name + u, n1))
1387 {
1388 T0_PUSHi(-1);
1389 T0_RET();
1390 }
1391 }
1392 T0_PUSH(0);
1393
1394 }
1395 break;
1396 case 43: {
1397 /* neg */
1398
1399 uint32_t a = T0_POP();
1400 T0_PUSH(-a);
1401
1402 }
1403 break;
1404 case 44: {
1405 /* or */
1406
1407 uint32_t b = T0_POP();
1408 uint32_t a = T0_POP();
1409 T0_PUSH(a | b);
1410
1411 }
1412 break;
1413 case 45: {
1414 /* over */
1415 T0_PUSH(T0_PEEK(1));
1416 }
1417 break;
1418 case 46: {
1419 /* read-blob-inner */
1420
1421 uint32_t len = T0_POP();
1422 uint32_t addr = T0_POP();
1423 size_t clen = CTX->hlen;
1424 if (clen > len) {
1425 clen = (size_t)len;
1426 }
1427 if (addr != 0) {
1428 memcpy((unsigned char *)CTX + addr, CTX->hbuf, clen);
1429 }
1430 if (CTX->do_mhash) {
1431 br_multihash_update(&CTX->mhash, CTX->hbuf, clen);
1432 }
1433 if (CTX->do_dn_hash) {
1434 CTX->dn_hash_impl->update(
1435 &CTX->dn_hash.vtable, CTX->hbuf, clen);
1436 }
1437 CTX->hbuf += clen;
1438 CTX->hlen -= clen;
1439 T0_PUSH(addr + clen);
1440 T0_PUSH(len - clen);
1441
1442 }
1443 break;
1444 case 47: {
1445 /* read8-low */
1446
1447 if (CTX->hlen == 0) {
1448 T0_PUSHi(-1);
1449 } else {
1450 unsigned char x = *CTX->hbuf ++;
1451 if (CTX->do_mhash) {
1452 br_multihash_update(&CTX->mhash, &x, 1);
1453 }
1454 if (CTX->do_dn_hash) {
1455 CTX->dn_hash_impl->update(&CTX->dn_hash.vtable, &x, 1);
1456 }
1457 CTX->hlen --;
1458 T0_PUSH(x);
1459 }
1460
1461 }
1462 break;
1463 case 48: {
1464 /* roll */
1465 T0_ROLL(T0_POP());
1466 }
1467 break;
1468 case 49: {
1469 /* rot */
1470 T0_ROT();
1471 }
1472 break;
1473 case 50: {
1474 /* set16 */
1475
1476 uint32_t addr = T0_POP();
1477 *(uint16_t *)((unsigned char *)CTX + addr) = T0_POP();
1478
1479 }
1480 break;
1481 case 51: {
1482 /* set32 */
1483
1484 uint32_t addr = T0_POP();
1485 *(uint32_t *)((unsigned char *)CTX + addr) = T0_POP();
1486
1487 }
1488 break;
1489 case 52: {
1490 /* set8 */
1491
1492 uint32_t addr = T0_POP();
1493 *((unsigned char *)CTX + addr) = (unsigned char)T0_POP();
1494
1495 }
1496 break;
1497 case 53: {
1498 /* start-dn-hash */
1499
1500 CTX->dn_hash_impl->init(&CTX->dn_hash.vtable);
1501 CTX->do_dn_hash = 1;
1502
1503 }
1504 break;
1505 case 54: {
1506 /* start-tbs-hash */
1507
1508 br_multihash_init(&CTX->mhash);
1509 CTX->do_mhash = 1;
1510
1511 }
1512 break;
1513 case 55: {
1514 /* stop-tbs-hash */
1515
1516 CTX->do_mhash = 0;
1517
1518 }
1519 break;
1520 case 56: {
1521 /* swap */
1522 T0_SWAP();
1523 }
1524 break;
1525 case 57: {
1526 /* zero-server-name */
1527
1528 T0_PUSHi(-(CTX->server_name == NULL));
1529
1530 }
1531 break;
1532 }
1533
1534 } else {
1535 T0_ENTER(ip, rp, t0x);
1536 }
1537 }
1538 t0_exit:
1539 ((t0_context *)t0ctx)->dp = dp;
1540 ((t0_context *)t0ctx)->rp = rp;
1541 ((t0_context *)t0ctx)->ip = ip;
1542 }
The BearSSL library and tools.