projects / BearSSL / blob
? search:


16c708ab51f2905339f9f2101f79b6cb2df2e54e
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
204 * use_rsa non-zero for RSA signature, zero for ECDSA
205 * sig_len signature length (in bytes); signature value is in the pad
206 * Returned value is 0 on success, or an error code.
207 */
208 static int
209 verify_SKE_sig(br_ssl_client_context *ctx,
210 int hash, int use_rsa, size_t sig_len)
211 {
212 const br_x509_class **xc;
213 const br_x509_pkey *pk;
214 br_multihash_context mhc;
215 unsigned char hv[64], head[4];
216 size_t hv_len;
217
218 xc = ctx->eng.x509ctx;
219 pk = (*xc)->get_pkey(xc);
220 br_multihash_zero(&mhc);
221 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
222 br_multihash_init(&mhc);
223 br_multihash_update(&mhc,
224 ctx->eng.client_random, sizeof ctx->eng.client_random);
225 br_multihash_update(&mhc,
226 ctx->eng.server_random, sizeof ctx->eng.server_random);
227 head[0] = 3;
228 head[1] = 0;
229 head[2] = ctx->eng.ecdhe_curve;
230 head[3] = ctx->eng.ecdhe_point_len;
231 br_multihash_update(&mhc, head, sizeof head);
232 br_multihash_update(&mhc,
233 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
234 if (hash) {
235 hv_len = br_multihash_out(&mhc, hash, hv);
236 if (hv_len == 0) {
237 return BR_ERR_INVALID_ALGORITHM;
238 }
239 } else {
240 if (!br_multihash_out(&mhc, br_md5_ID, hv)
241 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
242 {
243 return BR_ERR_INVALID_ALGORITHM;
244 }
245 hv_len = 36;
246 }
247 if (use_rsa) {
248 unsigned char tmp[64];
249 const unsigned char *hash_oid;
250
251 if (hash) {
252 hash_oid = HASH_OID[hash - 2];
253 } else {
254 hash_oid = NULL;
255 }
256 if (!ctx->irsavrfy(ctx->eng.pad, sig_len,
257 hash_oid, hv_len, &pk->key.rsa, tmp)
258 || memcmp(tmp, hv, hv_len) != 0)
259 {
260 return BR_ERR_BAD_SIGNATURE;
261 }
262 } else {
263 if (!ctx->iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
264 ctx->eng.pad, sig_len))
265 {
266 return BR_ERR_BAD_SIGNATURE;
267 }
268 }
269 return 0;
270 }
271
272 /*
273 * Perform client-size ECDH (or ECDHE). The point that should be sent to
274 * the server is written in the pad; returned value is either the point
275 * length (in bytes), or -x on error, with 'x' being an error code.
276 *
277 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
278 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
279 * (for static ECDH).
280 */
281 static int
282 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
283 {
284 int curve;
285 unsigned char key[66], point[133];
286 const unsigned char *generator, *order, *point_src;
287 size_t glen, olen, point_len;
288 unsigned char mask;
289
290 if (ecdhe) {
291 curve = ctx->eng.ecdhe_curve;
292 point_src = ctx->eng.ecdhe_point;
293 point_len = ctx->eng.ecdhe_point_len;
294 } else {
295 const br_x509_class **xc;
296 const br_x509_pkey *pk;
297
298 xc = ctx->eng.x509ctx;
299 pk = (*xc)->get_pkey(xc);
300 curve = pk->key.ec.curve;
301 point_src = pk->key.ec.q;
302 point_len = pk->key.ec.qlen;
303 }
304 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
305 return -BR_ERR_INVALID_ALGORITHM;
306 }
307
308 /*
309 * We need to generate our key, as a non-zero random value which
310 * is lower than the curve order, in a "large enough" range. We
311 * force top bit to 0 and bottom bit to 1, which guarantees that
312 * the value is in the proper range.
313 */
314 order = ctx->eng.iec->order(curve, &olen);
315 mask = 0xFF;
316 while (mask >= order[0]) {
317 mask >>= 1;
318 }
319 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
320 key[0] &= mask;
321 key[olen - 1] |= 0x01;
322
323 /*
324 * Compute the common ECDH point, whose X coordinate is the
325 * pre-master secret.
326 */
327 generator = ctx->eng.iec->generator(curve, &glen);
328 if (glen != point_len) {
329 return -BR_ERR_INVALID_ALGORITHM;
330 }
331
332 memcpy(point, point_src, glen);
333 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
334 return -BR_ERR_INVALID_ALGORITHM;
335 }
336
337 /*
338 * The pre-master secret is the X coordinate.
339 */
340 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
341
342 memcpy(point, generator, glen);
343 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
344 return -BR_ERR_INVALID_ALGORITHM;
345 }
346 memcpy(ctx->eng.pad, point, glen);
347 return (int)glen;
348 }
349
350
351
352 static const uint8_t t0_datablock[] = {
353 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
354 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
355 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
356 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
357 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
358 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
359 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
360 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
361 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
362 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
363 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
364 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
365 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
366 };
367
368 static const uint8_t t0_codeblock[] = {
369 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0C, 0x00, 0x00, 0x01,
370 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01, 0x01, 0x08,
371 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
372 0x01, 0x02, 0x09, 0x00, 0x00, 0x1A, 0x1A, 0x00, 0x00, 0x01,
373 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
374 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
375 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
376 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
377 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
378 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
379 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
380 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
381 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
382 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
383 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
384 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
385 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
386 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
387 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
388 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
389 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
391 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
392 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
393 0x01,
394 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
395 0x00, 0x00, 0x01,
396 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
397 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
398 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
399 0x00, 0x00, 0x01,
400 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
401 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
402 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
403 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
404 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
405 0x00, 0x00, 0x01,
406 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
407 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
408 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
409 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
410 0x00, 0x00, 0x01,
411 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
412 0x01,
413 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
414 0x00, 0x00, 0x01,
415 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
416 0x00, 0x00, 0x01,
417 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
418 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
419 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
420 0x01,
421 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
422 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
423 0x00, 0x00, 0x01,
424 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
425 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
426 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
427 0x00, 0x00, 0x09, 0x1B, 0x40, 0x06, 0x02, 0x50, 0x1C, 0x00, 0x00, 0x06,
428 0x08, 0x1E, 0x0D, 0x05, 0x02, 0x59, 0x1C, 0x04, 0x01, 0x2B, 0x00, 0x00,
429 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x79, 0x1B, 0x46, 0x32, 0x7D, 0x1B,
430 0x05, 0x04, 0x48, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0D, 0x06, 0x02, 0x7D,
431 0x00, 0x46, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x1C, 0x00, 0x00, 0x1B,
432 0x6A, 0x32, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x32, 0x5F, 0x1E, 0x81, 0x0A,
433 0x15, 0x66, 0x01, 0x0C, 0x22, 0x00, 0x00, 0x1B, 0x16, 0x01, 0x08, 0x0B,
434 0x32, 0x44, 0x16, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x5E, 0x2C,
435 0x1D, 0x13, 0x26, 0x06, 0x08, 0x02, 0x00, 0x81, 0x29, 0x03, 0x00, 0x04,
436 0x74, 0x01, 0x00, 0x81, 0x21, 0x02, 0x00, 0x1B, 0x13, 0x11, 0x06, 0x02,
437 0x57, 0x1C, 0x81, 0x29, 0x04, 0x75, 0x01, 0x01, 0x00, 0x5E, 0x2C, 0x01,
438 0x16, 0x68, 0x2C, 0x25, 0x81, 0x2D, 0x1D, 0x81, 0x11, 0x06, 0x0B, 0x01,
439 0x7F, 0x81, 0x0D, 0x01, 0x7F, 0x81, 0x2C, 0x04, 0x80, 0x42, 0x81, 0x0E,
440 0x5F, 0x1E, 0x81, 0x01, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x11, 0x06,
441 0x02, 0x81, 0x12, 0x81, 0x15, 0x1B, 0x01, 0x0D, 0x0D, 0x06, 0x09, 0x1A,
442 0x81, 0x14, 0x81, 0x15, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00,
443 0x01, 0x0E, 0x0D, 0x05, 0x02, 0x5A, 0x1C, 0x06, 0x02, 0x4F, 0x1C, 0x24,
444 0x06, 0x02, 0x5A, 0x1C, 0x02, 0x00, 0x06, 0x02, 0x81, 0x33, 0x81, 0x2E,
445 0x01, 0x7F, 0x81, 0x2C, 0x01, 0x7F, 0x81, 0x0D, 0x01, 0x01, 0x5E, 0x2C,
446 0x01, 0x17, 0x68, 0x2C, 0x00, 0x00, 0x28, 0x28, 0x00, 0x00, 0x7A, 0x01,
447 0x0C, 0x10, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
448 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
449 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
450 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
451 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
452 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
453 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
454 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
455 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
456 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
457 0x32, 0x1A, 0x00, 0x00, 0x65, 0x1F, 0x01, 0x0E, 0x0D, 0x06, 0x04, 0x01,
458 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x2E, 0x06, 0x04, 0x01, 0x06,
459 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x69, 0x1F, 0x1B, 0x06, 0x08, 0x01,
460 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x1A, 0x01, 0x05, 0x00, 0x01,
461 0x2F, 0x03, 0x00, 0x1A, 0x01, 0x00, 0x31, 0x06, 0x03, 0x02, 0x00, 0x08,
462 0x30, 0x06, 0x03, 0x02, 0x00, 0x08, 0x1B, 0x06, 0x06, 0x01, 0x01, 0x0B,
463 0x01, 0x06, 0x08, 0x00, 0x00, 0x6B, 0x2D, 0x1B, 0x06, 0x03, 0x01, 0x09,
464 0x08, 0x00, 0x01, 0x2E, 0x1B, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x1B,
465 0x06, 0x0E, 0x1B, 0x01, 0x01, 0x11, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
466 0x01, 0x10, 0x04, 0x6F, 0x1A, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
467 0x08, 0x00, 0x00, 0x7F, 0x81, 0x28, 0x1B, 0x01, 0x07, 0x11, 0x01, 0x00,
468 0x28, 0x0D, 0x06, 0x09, 0x1A, 0x01, 0x10, 0x11, 0x06, 0x01, 0x7F, 0x04,
469 0x2C, 0x01, 0x01, 0x28, 0x0D, 0x06, 0x23, 0x1A, 0x1A, 0x01, 0x00, 0x5E,
470 0x2C, 0x81, 0x10, 0x69, 0x1F, 0x01, 0x01, 0x0D, 0x06, 0x11, 0x1D, 0x13,
471 0x26, 0x06, 0x05, 0x81, 0x28, 0x1A, 0x04, 0x77, 0x01, 0x80, 0x64, 0x81,
472 0x21, 0x04, 0x01, 0x7F, 0x04, 0x03, 0x5A, 0x1C, 0x1A, 0x04, 0xFF, 0x3C,
473 0x01, 0x1B, 0x03, 0x00, 0x09, 0x1B, 0x40, 0x06, 0x02, 0x50, 0x1C, 0x02,
474 0x00, 0x00, 0x00, 0x7A, 0x01, 0x0F, 0x11, 0x00, 0x00, 0x5D, 0x1F, 0x01,
475 0x00, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x1B, 0x01, 0x01, 0x0C, 0x06, 0x03,
476 0x1A, 0x01, 0x02, 0x5D, 0x2C, 0x01, 0x00, 0x04, 0x15, 0x01, 0x01, 0x28,
477 0x0D, 0x06, 0x09, 0x1A, 0x01, 0x00, 0x5D, 0x2C, 0x42, 0x00, 0x04, 0x06,
478 0x01, 0x82, 0x00, 0x08, 0x1C, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x20, 0x06,
479 0x06, 0x2A, 0x81, 0x0B, 0x27, 0x04, 0x77, 0x1B, 0x06, 0x04, 0x01, 0x01,
480 0x6F, 0x2C, 0x00, 0x00, 0x20, 0x06, 0x0B, 0x67, 0x1F, 0x01, 0x14, 0x0C,
481 0x06, 0x02, 0x5A, 0x1C, 0x04, 0x12, 0x81, 0x28, 0x01, 0x07, 0x11, 0x1B,
482 0x01, 0x02, 0x0C, 0x06, 0x06, 0x06, 0x02, 0x5A, 0x1C, 0x04, 0x6F, 0x1A,
483 0x81, 0x1E, 0x01, 0x01, 0x0C, 0x24, 0x27, 0x06, 0x02, 0x49, 0x1C, 0x1B,
484 0x01, 0x01, 0x81, 0x24, 0x26, 0x81, 0x0F, 0x00, 0x01, 0x81, 0x15, 0x01,
485 0x0B, 0x0D, 0x05, 0x02, 0x5A, 0x1C, 0x5F, 0x1E, 0x81, 0x01, 0x3F, 0x81,
486 0x1C, 0x81, 0x09, 0x1B, 0x06, 0x26, 0x81, 0x1C, 0x81, 0x09, 0x1B, 0x3E,
487 0x1B, 0x06, 0x19, 0x1B, 0x01, 0x82, 0x00, 0x0E, 0x06, 0x05, 0x01, 0x82,
488 0x00, 0x04, 0x01, 0x1B, 0x03, 0x00, 0x66, 0x02, 0x00, 0x81, 0x13, 0x02,
489 0x00, 0x3B, 0x04, 0x64, 0x7B, 0x3C, 0x04, 0x57, 0x7B, 0x7B, 0x3D, 0x1B,
490 0x06, 0x01, 0x1C, 0x1A, 0x00, 0x00, 0x7C, 0x81, 0x15, 0x01, 0x14, 0x0C,
491 0x06, 0x02, 0x5A, 0x1C, 0x66, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x81, 0x13,
492 0x7B, 0x66, 0x1B, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x21, 0x05, 0x02, 0x4C,
493 0x1C, 0x00, 0x00, 0x81, 0x16, 0x06, 0x02, 0x5A, 0x1C, 0x06, 0x02, 0x4E,
494 0x1C, 0x00, 0x09, 0x81, 0x15, 0x01, 0x02, 0x0D, 0x05, 0x02, 0x5A, 0x1C,
495 0x81, 0x1B, 0x03, 0x00, 0x02, 0x00, 0x75, 0x1E, 0x0A, 0x02, 0x00, 0x74,
496 0x1E, 0x0E, 0x27, 0x06, 0x02, 0x5B, 0x1C, 0x02, 0x00, 0x73, 0x1E, 0x0C,
497 0x06, 0x02, 0x53, 0x1C, 0x02, 0x00, 0x76, 0x2B, 0x6C, 0x01, 0x20, 0x81,
498 0x13, 0x01, 0x00, 0x03, 0x01, 0x81, 0x1D, 0x03, 0x02, 0x02, 0x02, 0x01,
499 0x20, 0x0E, 0x06, 0x02, 0x58, 0x1C, 0x66, 0x02, 0x02, 0x81, 0x13, 0x02,
500 0x02, 0x6E, 0x1F, 0x0D, 0x02, 0x02, 0x01, 0x00, 0x0E, 0x11, 0x06, 0x0B,
501 0x6D, 0x66, 0x02, 0x02, 0x21, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x6D,
502 0x66, 0x02, 0x02, 0x22, 0x02, 0x02, 0x6E, 0x2C, 0x02, 0x00, 0x72, 0x02,
503 0x01, 0x78, 0x81, 0x1B, 0x1B, 0x81, 0x1F, 0x40, 0x06, 0x02, 0x4A, 0x1C,
504 0x5F, 0x02, 0x01, 0x78, 0x81, 0x1D, 0x06, 0x02, 0x4B, 0x1C, 0x1B, 0x06,
505 0x81, 0x3D, 0x81, 0x1B, 0x81, 0x09, 0x81, 0x06, 0x03, 0x03, 0x81, 0x04,
506 0x03, 0x04, 0x81, 0x02, 0x03, 0x05, 0x81, 0x05, 0x03, 0x06, 0x81, 0x07,
507 0x03, 0x07, 0x81, 0x03, 0x03, 0x08, 0x1B, 0x06, 0x81, 0x0B, 0x81, 0x1B,
508 0x01, 0x00, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x03, 0x05, 0x02, 0x54,
509 0x1C, 0x01, 0x00, 0x03, 0x03, 0x81, 0x1A, 0x04, 0x80, 0x70, 0x01, 0x01,
510 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x05, 0x05, 0x02, 0x54, 0x1C, 0x01,
511 0x00, 0x03, 0x05, 0x81, 0x18, 0x04, 0x80, 0x5A, 0x01, 0x83, 0xFE, 0x01,
512 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x04, 0x05, 0x02, 0x54, 0x1C, 0x01,
513 0x00, 0x03, 0x04, 0x81, 0x19, 0x04, 0x80, 0x42, 0x01, 0x0D, 0x28, 0x0D,
514 0x06, 0x0F, 0x1A, 0x02, 0x06, 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03,
515 0x06, 0x81, 0x17, 0x04, 0x2D, 0x01, 0x0A, 0x28, 0x0D, 0x06, 0x0F, 0x1A,
516 0x02, 0x07, 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x07, 0x81, 0x17,
517 0x04, 0x18, 0x01, 0x0B, 0x28, 0x0D, 0x06, 0x0F, 0x1A, 0x02, 0x08, 0x05,
518 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x08, 0x81, 0x17, 0x04, 0x03, 0x54,
519 0x1C, 0x1A, 0x04, 0xFE, 0x71, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01,
520 0x05, 0x0E, 0x06, 0x02, 0x51, 0x1C, 0x01, 0x01, 0x69, 0x2C, 0x7B, 0x7B,
521 0x02, 0x01, 0x00, 0x04, 0x81, 0x15, 0x01, 0x0C, 0x0D, 0x05, 0x02, 0x5A,
522 0x1C, 0x81, 0x1D, 0x01, 0x03, 0x0D, 0x05, 0x02, 0x55, 0x1C, 0x81, 0x1B,
523 0x1B, 0x62, 0x2C, 0x1B, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x55, 0x1C, 0x2E,
524 0x32, 0x10, 0x01, 0x01, 0x11, 0x05, 0x02, 0x55, 0x1C, 0x81, 0x1D, 0x1B,
525 0x01, 0x81, 0x05, 0x0E, 0x06, 0x02, 0x55, 0x1C, 0x1B, 0x64, 0x2C, 0x63,
526 0x32, 0x81, 0x13, 0x72, 0x1E, 0x01, 0x86, 0x03, 0x0F, 0x03, 0x00, 0x5F,
527 0x1E, 0x81, 0x26, 0x03, 0x01, 0x01, 0x02, 0x03, 0x02, 0x02, 0x00, 0x06,
528 0x23, 0x81, 0x1D, 0x1B, 0x1B, 0x01, 0x02, 0x0A, 0x32, 0x01, 0x06, 0x0E,
529 0x27, 0x06, 0x02, 0x55, 0x1C, 0x03, 0x02, 0x81, 0x1D, 0x02, 0x01, 0x01,
530 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0D, 0x05, 0x02, 0x55, 0x1C, 0x04, 0x08,
531 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0x81, 0x1B, 0x1B, 0x03,
532 0x03, 0x1B, 0x01, 0x84, 0x00, 0x0E, 0x06, 0x02, 0x56, 0x1C, 0x66, 0x32,
533 0x81, 0x13, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x38, 0x1B, 0x06, 0x01,
534 0x1C, 0x1A, 0x7B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x77,
535 0x02, 0x01, 0x02, 0x00, 0x29, 0x1B, 0x01, 0x00, 0x0D, 0x06, 0x02, 0x48,
536 0x00, 0x81, 0x2A, 0x04, 0x73, 0x00, 0x1B, 0x06, 0x05, 0x81, 0x1D, 0x1A,
537 0x04, 0x78, 0x1A, 0x00, 0x00, 0x81, 0x16, 0x1B, 0x42, 0x06, 0x07, 0x1A,
538 0x06, 0x02, 0x4E, 0x1C, 0x04, 0x73, 0x00, 0x00, 0x81, 0x1E, 0x01, 0x03,
539 0x81, 0x1C, 0x32, 0x1A, 0x32, 0x00, 0x00, 0x81, 0x1B, 0x81, 0x22, 0x00,
540 0x00, 0x81, 0x1B, 0x01, 0x01, 0x0D, 0x05, 0x02, 0x4D, 0x1C, 0x81, 0x1D,
541 0x01, 0x08, 0x08, 0x65, 0x1F, 0x0D, 0x05, 0x02, 0x4D, 0x1C, 0x00, 0x00,
542 0x81, 0x1B, 0x69, 0x1F, 0x05, 0x16, 0x01, 0x01, 0x0D, 0x05, 0x02, 0x51,
543 0x1C, 0x81, 0x1D, 0x01, 0x00, 0x0D, 0x05, 0x02, 0x51, 0x1C, 0x01, 0x02,
544 0x69, 0x2C, 0x04, 0x1E, 0x01, 0x19, 0x0D, 0x05, 0x02, 0x51, 0x1C, 0x81,
545 0x1D, 0x01, 0x18, 0x0D, 0x05, 0x02, 0x51, 0x1C, 0x66, 0x01, 0x18, 0x81,
546 0x13, 0x6A, 0x66, 0x01, 0x18, 0x21, 0x05, 0x02, 0x51, 0x1C, 0x00, 0x00,
547 0x81, 0x1B, 0x06, 0x02, 0x52, 0x1C, 0x00, 0x00, 0x01, 0x02, 0x77, 0x81,
548 0x1E, 0x01, 0x08, 0x0B, 0x81, 0x1E, 0x08, 0x00, 0x00, 0x01, 0x03, 0x77,
549 0x81, 0x1E, 0x01, 0x08, 0x0B, 0x81, 0x1E, 0x08, 0x01, 0x08, 0x0B, 0x81,
550 0x1E, 0x08, 0x00, 0x00, 0x01, 0x01, 0x77, 0x81, 0x1E, 0x00, 0x00, 0x2A,
551 0x1B, 0x40, 0x05, 0x01, 0x00, 0x1A, 0x81, 0x2A, 0x04, 0x75, 0x02, 0x03,
552 0x00, 0x71, 0x1F, 0x03, 0x01, 0x01, 0x00, 0x1B, 0x02, 0x01, 0x0A, 0x06,
553 0x10, 0x1B, 0x01, 0x01, 0x0B, 0x70, 0x08, 0x1E, 0x02, 0x00, 0x0D, 0x06,
554 0x01, 0x00, 0x44, 0x04, 0x6A, 0x1A, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15,
555 0x68, 0x2C, 0x32, 0x3A, 0x1A, 0x3A, 0x1A, 0x1D, 0x00, 0x00, 0x01, 0x01,
556 0x32, 0x81, 0x20, 0x00, 0x00, 0x32, 0x28, 0x77, 0x32, 0x1B, 0x06, 0x06,
557 0x81, 0x1E, 0x1A, 0x45, 0x04, 0x77, 0x1A, 0x00, 0x00, 0x7A, 0x41, 0x00,
558 0x02, 0x03, 0x00, 0x5F, 0x1E, 0x7A, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F,
559 0x11, 0x02, 0x01, 0x01, 0x04, 0x10, 0x01, 0x0F, 0x11, 0x02, 0x01, 0x01,
560 0x08, 0x10, 0x01, 0x0F, 0x11, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x10, 0x1A,
561 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01, 0x36,
562 0x04, 0x80, 0x56, 0x01, 0x01, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x01, 0x01,
563 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01, 0x36, 0x04, 0x80,
564 0x40, 0x01, 0x02, 0x28, 0x0D, 0x06, 0x0F, 0x1A, 0x01, 0x01, 0x01, 0x20,
565 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01, 0x36, 0x04, 0x2B, 0x01, 0x03,
566 0x28, 0x0D, 0x06, 0x0E, 0x1A, 0x1A, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03,
567 0x33, 0x04, 0x01, 0x34, 0x04, 0x17, 0x01, 0x04, 0x28, 0x0D, 0x06, 0x0E,
568 0x1A, 0x1A, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x33, 0x04, 0x01, 0x34,
569 0x04, 0x03, 0x50, 0x1C, 0x1A, 0x00, 0x00, 0x7A, 0x01, 0x0C, 0x10, 0x1B,
570 0x43, 0x32, 0x01, 0x03, 0x0A, 0x11, 0x00, 0x00, 0x7A, 0x01, 0x0C, 0x10,
571 0x01, 0x01, 0x0D, 0x00, 0x00, 0x7A, 0x01, 0x0C, 0x10, 0x42, 0x00, 0x00,
572 0x14, 0x01, 0x00, 0x5C, 0x1F, 0x1B, 0x06, 0x1F, 0x01, 0x01, 0x28, 0x0D,
573 0x06, 0x06, 0x1A, 0x01, 0x00, 0x7E, 0x04, 0x11, 0x01, 0x02, 0x28, 0x0D,
574 0x06, 0x0A, 0x1A, 0x5E, 0x1F, 0x06, 0x03, 0x01, 0x10, 0x27, 0x04, 0x01,
575 0x1A, 0x04, 0x01, 0x1A, 0x61, 0x1F, 0x05, 0x34, 0x20, 0x06, 0x31, 0x67,
576 0x1F, 0x01, 0x14, 0x28, 0x0D, 0x06, 0x06, 0x1A, 0x01, 0x02, 0x27, 0x04,
577 0x23, 0x01, 0x15, 0x28, 0x0D, 0x06, 0x0A, 0x1A, 0x81, 0x0C, 0x06, 0x03,
578 0x01, 0x7F, 0x7E, 0x04, 0x13, 0x01, 0x16, 0x28, 0x0D, 0x06, 0x06, 0x1A,
579 0x01, 0x01, 0x27, 0x04, 0x07, 0x1A, 0x01, 0x04, 0x27, 0x01, 0x00, 0x1A,
580 0x13, 0x06, 0x03, 0x01, 0x08, 0x27, 0x00, 0x00, 0x14, 0x1B, 0x05, 0x10,
581 0x20, 0x06, 0x0D, 0x67, 0x1F, 0x01, 0x15, 0x0D, 0x06, 0x05, 0x1A, 0x81,
582 0x0C, 0x04, 0x01, 0x17, 0x00, 0x00, 0x81, 0x28, 0x01, 0x07, 0x11, 0x01,
583 0x01, 0x0E, 0x06, 0x02, 0x5A, 0x1C, 0x00, 0x01, 0x03, 0x00, 0x1D, 0x13,
584 0x06, 0x05, 0x02, 0x00, 0x68, 0x2C, 0x00, 0x81, 0x28, 0x1A, 0x04, 0x73,
585 0x00, 0x01, 0x14, 0x81, 0x2B, 0x01, 0x01, 0x81, 0x37, 0x1D, 0x1B, 0x01,
586 0x00, 0x81, 0x24, 0x01, 0x16, 0x81, 0x2B, 0x81, 0x2F, 0x1D, 0x00, 0x01,
587 0x81, 0x04, 0x81, 0x06, 0x08, 0x81, 0x02, 0x08, 0x81, 0x05, 0x08, 0x81,
588 0x07, 0x08, 0x81, 0x03, 0x08, 0x03, 0x00, 0x01, 0x01, 0x81, 0x37, 0x01,
589 0x27, 0x6E, 0x1F, 0x08, 0x71, 0x1F, 0x01, 0x01, 0x0B, 0x08, 0x02, 0x00,
590 0x06, 0x04, 0x46, 0x02, 0x00, 0x08, 0x81, 0x36, 0x74, 0x1E, 0x81, 0x35,
591 0x60, 0x01, 0x04, 0x12, 0x60, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x23, 0x60,
592 0x01, 0x20, 0x81, 0x30, 0x6D, 0x6E, 0x1F, 0x81, 0x32, 0x71, 0x1F, 0x1B,
593 0x01, 0x01, 0x0B, 0x81, 0x35, 0x70, 0x32, 0x1B, 0x06, 0x11, 0x45, 0x28,
594 0x1E, 0x1B, 0x81, 0x23, 0x05, 0x02, 0x4A, 0x1C, 0x81, 0x35, 0x32, 0x46,
595 0x32, 0x04, 0x6C, 0x48, 0x01, 0x01, 0x81, 0x37, 0x01, 0x00, 0x81, 0x37,
596 0x02, 0x00, 0x06, 0x81, 0x2E, 0x02, 0x00, 0x81, 0x35, 0x81, 0x04, 0x06,
597 0x12, 0x01, 0x83, 0xFE, 0x01, 0x81, 0x35, 0x6A, 0x81, 0x04, 0x01, 0x04,
598 0x09, 0x1B, 0x81, 0x35, 0x45, 0x81, 0x32, 0x81, 0x06, 0x06, 0x1C, 0x01,
599 0x00, 0x81, 0x35, 0x6B, 0x81, 0x06, 0x01, 0x04, 0x09, 0x1B, 0x81, 0x35,
600 0x01, 0x02, 0x09, 0x1B, 0x81, 0x35, 0x01, 0x00, 0x81, 0x37, 0x01, 0x03,
601 0x09, 0x81, 0x31, 0x81, 0x02, 0x06, 0x0F, 0x01, 0x01, 0x81, 0x35, 0x01,
602 0x01, 0x81, 0x35, 0x65, 0x1F, 0x01, 0x08, 0x09, 0x81, 0x37, 0x81, 0x05,
603 0x06, 0x1F, 0x01, 0x0D, 0x81, 0x35, 0x81, 0x05, 0x01, 0x04, 0x09, 0x1B,
604 0x81, 0x35, 0x01, 0x02, 0x09, 0x81, 0x35, 0x30, 0x06, 0x04, 0x01, 0x03,
605 0x81, 0x34, 0x31, 0x06, 0x04, 0x01, 0x01, 0x81, 0x34, 0x81, 0x07, 0x1B,
606 0x06, 0x27, 0x01, 0x0A, 0x81, 0x35, 0x01, 0x04, 0x09, 0x1B, 0x81, 0x35,
607 0x47, 0x81, 0x35, 0x2E, 0x01, 0x00, 0x1B, 0x01, 0x20, 0x0A, 0x06, 0x0E,
608 0x81, 0x00, 0x10, 0x01, 0x01, 0x11, 0x06, 0x03, 0x1B, 0x81, 0x35, 0x44,
609 0x04, 0x6C, 0x48, 0x04, 0x01, 0x1A, 0x81, 0x03, 0x06, 0x0D, 0x01, 0x0B,
610 0x81, 0x35, 0x01, 0x02, 0x81, 0x35, 0x01, 0x82, 0x00, 0x81, 0x35, 0x00,
611 0x00, 0x01, 0x10, 0x81, 0x37, 0x5F, 0x1E, 0x1B, 0x81, 0x27, 0x06, 0x10,
612 0x81, 0x0A, 0x19, 0x1B, 0x46, 0x81, 0x36, 0x1B, 0x81, 0x35, 0x66, 0x32,
613 0x81, 0x30, 0x04, 0x12, 0x1B, 0x81, 0x25, 0x32, 0x81, 0x0A, 0x18, 0x1B,
614 0x44, 0x81, 0x36, 0x1B, 0x81, 0x37, 0x66, 0x32, 0x81, 0x30, 0x00, 0x00,
615 0x7C, 0x01, 0x14, 0x81, 0x37, 0x01, 0x0C, 0x81, 0x36, 0x66, 0x01, 0x0C,
616 0x81, 0x30, 0x00, 0x00, 0x39, 0x1B, 0x01, 0x00, 0x0D, 0x06, 0x02, 0x48,
617 0x00, 0x81, 0x28, 0x1A, 0x04, 0x72, 0x00, 0x1B, 0x81, 0x35, 0x81, 0x30,
618 0x00, 0x00, 0x1B, 0x81, 0x37, 0x81, 0x30, 0x00, 0x00, 0x01, 0x0B, 0x81,
619 0x37, 0x01, 0x03, 0x81, 0x36, 0x01, 0x00, 0x81, 0x36, 0x00, 0x01, 0x03,
620 0x00, 0x2F, 0x1A, 0x1B, 0x01, 0x10, 0x11, 0x06, 0x08, 0x01, 0x04, 0x81,
621 0x37, 0x02, 0x00, 0x81, 0x37, 0x1B, 0x01, 0x08, 0x11, 0x06, 0x08, 0x01,
622 0x03, 0x81, 0x37, 0x02, 0x00, 0x81, 0x37, 0x1B, 0x01, 0x20, 0x11, 0x06,
623 0x08, 0x01, 0x05, 0x81, 0x37, 0x02, 0x00, 0x81, 0x37, 0x1B, 0x01, 0x80,
624 0x40, 0x11, 0x06, 0x08, 0x01, 0x06, 0x81, 0x37, 0x02, 0x00, 0x81, 0x37,
625 0x01, 0x04, 0x11, 0x06, 0x08, 0x01, 0x02, 0x81, 0x37, 0x02, 0x00, 0x81,
626 0x37, 0x00, 0x00, 0x1B, 0x01, 0x08, 0x37, 0x81, 0x37, 0x81, 0x37, 0x00,
627 0x00, 0x1B, 0x01, 0x10, 0x37, 0x81, 0x37, 0x81, 0x35, 0x00, 0x00, 0x1B,
628 0x3A, 0x06, 0x02, 0x1A, 0x00, 0x81, 0x28, 0x1A, 0x04, 0x75
629 };
630
631 static const uint16_t t0_caddr[] = {
632 0,
633 5,
634 10,
635 15,
636 20,
637 25,
638 30,
639 35,
640 40,
641 44,
642 48,
643 52,
644 56,
645 60,
646 64,
647 68,
648 72,
649 76,
650 80,
651 84,
652 88,
653 92,
654 96,
655 100,
656 104,
657 108,
658 112,
659 116,
660 120,
661 125,
662 130,
663 135,
664 140,
665 145,
666 150,
667 155,
668 160,
669 165,
670 170,
671 175,
672 180,
673 185,
674 190,
675 195,
676 200,
677 205,
678 210,
679 215,
680 220,
681 225,
682 230,
683 235,
684 240,
685 245,
686 250,
687 255,
688 264,
689 277,
690 281,
691 306,
692 312,
693 332,
694 343,
695 380,
696 483,
697 487,
698 552,
699 567,
700 578,
701 596,
702 625,
703 635,
704 671,
705 741,
706 755,
707 761,
708 808,
709 828,
710 881,
711 950,
712 983,
713 995,
714 1320,
715 1477,
716 1502,
717 1513,
718 1528,
719 1539,
720 1545,
721 1568,
722 1628,
723 1636,
724 1649,
725 1668,
726 1675,
727 1687,
728 1722,
729 1734,
730 1741,
731 1757,
732 1761,
733 1899,
734 1912,
735 1921,
736 1928,
737 2032,
738 2054,
739 2068,
740 2085,
741 2108,
742 2397,
743 2444,
744 2460,
745 2475,
746 2482,
747 2489,
748 2503,
749 2579,
750 2589,
751 2599
752 };
753
754 #define T0_INTERPRETED 64
755
756 #define T0_ENTER(ip, rp, slot) do { \
757 const unsigned char *t0_newip; \
758 uint32_t t0_lnum; \
759 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
760 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
761 (rp) += t0_lnum; \
762 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
763 (ip) = t0_newip; \
764 } while (0)
765
766 #define T0_DEFENTRY(name, slot) \
767 void \
768 name(void *ctx) \
769 { \
770 t0_context *t0ctx = ctx; \
771 t0ctx->ip = &t0_codeblock[0]; \
772 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
773 }
774
775 T0_DEFENTRY(br_ssl_hs_client_init_main, 136)
776
777 void
778 br_ssl_hs_client_run(void *t0ctx)
779 {
780 uint32_t *dp, *rp;
781 const unsigned char *ip;
782
783 #define T0_LOCAL(x) (*(rp - 2 - (x)))
784 #define T0_POP() (*-- dp)
785 #define T0_POPi() (*(int32_t *)(-- dp))
786 #define T0_PEEK(x) (*(dp - 1 - (x)))
787 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
788 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
789 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
790 #define T0_RPOP() (*-- rp)
791 #define T0_RPOPi() (*(int32_t *)(-- rp))
792 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
793 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
794 #define T0_ROLL(x) do { \
795 size_t t0len = (size_t)(x); \
796 uint32_t t0tmp = *(dp - 1 - t0len); \
797 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
798 *(dp - 1) = t0tmp; \
799 } while (0)
800 #define T0_SWAP() do { \
801 uint32_t t0tmp = *(dp - 2); \
802 *(dp - 2) = *(dp - 1); \
803 *(dp - 1) = t0tmp; \
804 } while (0)
805 #define T0_ROT() do { \
806 uint32_t t0tmp = *(dp - 3); \
807 *(dp - 3) = *(dp - 2); \
808 *(dp - 2) = *(dp - 1); \
809 *(dp - 1) = t0tmp; \
810 } while (0)
811 #define T0_NROT() do { \
812 uint32_t t0tmp = *(dp - 1); \
813 *(dp - 1) = *(dp - 2); \
814 *(dp - 2) = *(dp - 3); \
815 *(dp - 3) = t0tmp; \
816 } while (0)
817 #define T0_PICK(x) do { \
818 uint32_t t0depth = (x); \
819 T0_PUSH(T0_PEEK(t0depth)); \
820 } while (0)
821 #define T0_CO() do { \
822 goto t0_exit; \
823 } while (0)
824 #define T0_RET() break
825
826 dp = ((t0_context *)t0ctx)->dp;
827 rp = ((t0_context *)t0ctx)->rp;
828 ip = ((t0_context *)t0ctx)->ip;
829 for (;;) {
830 uint32_t t0x;
831
832 t0x = t0_parse7E_unsigned(&ip);
833 if (t0x < T0_INTERPRETED) {
834 switch (t0x) {
835 int32_t t0off;
836
837 case 0: /* ret */
838 t0x = T0_RPOP();
839 rp -= (t0x >> 16);
840 t0x &= 0xFFFF;
841 if (t0x == 0) {
842 ip = NULL;
843 goto t0_exit;
844 }
845 ip = &t0_codeblock[t0x];
846 break;
847 case 1: /* literal constant */
848 T0_PUSHi(t0_parse7E_signed(&ip));
849 break;
850 case 2: /* read local */
851 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
852 break;
853 case 3: /* write local */
854 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
855 break;
856 case 4: /* jump */
857 t0off = t0_parse7E_signed(&ip);
858 ip += t0off;
859 break;
860 case 5: /* jump if */
861 t0off = t0_parse7E_signed(&ip);
862 if (T0_POP()) {
863 ip += t0off;
864 }
865 break;
866 case 6: /* jump if not */
867 t0off = t0_parse7E_signed(&ip);
868 if (!T0_POP()) {
869 ip += t0off;
870 }
871 break;
872 case 7: {
873 /* * */
874
875 uint32_t b = T0_POP();
876 uint32_t a = T0_POP();
877 T0_PUSH(a * b);
878
879 }
880 break;
881 case 8: {
882 /* + */
883
884 uint32_t b = T0_POP();
885 uint32_t a = T0_POP();
886 T0_PUSH(a + b);
887
888 }
889 break;
890 case 9: {
891 /* - */
892
893 uint32_t b = T0_POP();
894 uint32_t a = T0_POP();
895 T0_PUSH(a - b);
896
897 }
898 break;
899 case 10: {
900 /* < */
901
902 int32_t b = T0_POPi();
903 int32_t a = T0_POPi();
904 T0_PUSH(-(uint32_t)(a < b));
905
906 }
907 break;
908 case 11: {
909 /* << */
910
911 int c = (int)T0_POPi();
912 uint32_t x = T0_POP();
913 T0_PUSH(x << c);
914
915 }
916 break;
917 case 12: {
918 /* <> */
919
920 uint32_t b = T0_POP();
921 uint32_t a = T0_POP();
922 T0_PUSH(-(uint32_t)(a != b));
923
924 }
925 break;
926 case 13: {
927 /* = */
928
929 uint32_t b = T0_POP();
930 uint32_t a = T0_POP();
931 T0_PUSH(-(uint32_t)(a == b));
932
933 }
934 break;
935 case 14: {
936 /* > */
937
938 int32_t b = T0_POPi();
939 int32_t a = T0_POPi();
940 T0_PUSH(-(uint32_t)(a > b));
941
942 }
943 break;
944 case 15: {
945 /* >= */
946
947 int32_t b = T0_POPi();
948 int32_t a = T0_POPi();
949 T0_PUSH(-(uint32_t)(a >= b));
950
951 }
952 break;
953 case 16: {
954 /* >> */
955
956 int c = (int)T0_POPi();
957 int32_t x = T0_POPi();
958 T0_PUSHi(x >> c);
959
960 }
961 break;
962 case 17: {
963 /* and */
964
965 uint32_t b = T0_POP();
966 uint32_t a = T0_POP();
967 T0_PUSH(a & b);
968
969 }
970 break;
971 case 18: {
972 /* bzero */
973
974 size_t len = (size_t)T0_POP();
975 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
976 memset(addr, 0, len);
977
978 }
979 break;
980 case 19: {
981 /* can-output? */
982
983 T0_PUSHi(-(ENG->hlen_out > 0));
984
985 }
986 break;
987 case 20: {
988 /* co */
989 T0_CO();
990 }
991 break;
992 case 21: {
993 /* compute-Finished-inner */
994
995 int prf_id = T0_POP();
996 int from_client = T0_POPi();
997 unsigned char seed[48];
998 size_t seed_len;
999
1000 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1001 if (ENG->session.version >= BR_TLS12) {
1002 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1003 } else {
1004 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1005 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1006 seed_len = 36;
1007 }
1008 prf(ENG->pad, 12, ENG->session.master_secret,
1009 sizeof ENG->session.master_secret,
1010 from_client ? "client finished" : "server finished",
1011 seed, seed_len);
1012
1013 }
1014 break;
1015 case 22: {
1016 /* data-get8 */
1017
1018 size_t addr = T0_POP();
1019 T0_PUSH(t0_datablock[addr]);
1020
1021 }
1022 break;
1023 case 23: {
1024 /* discard-input */
1025
1026 ENG->hlen_in = 0;
1027
1028 }
1029 break;
1030 case 24: {
1031 /* do-ecdh */
1032
1033 unsigned prf_id = T0_POP();
1034 unsigned ecdhe = T0_POP();
1035 int x;
1036
1037 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1038 if (x < 0) {
1039 br_ssl_engine_fail(ENG, -x);
1040 T0_CO();
1041 } else {
1042 T0_PUSH(x);
1043 }
1044
1045 }
1046 break;
1047 case 25: {
1048 /* do-rsa-encrypt */
1049
1050 int x;
1051
1052 x = make_pms_rsa(CTX, T0_POP());
1053 if (x < 0) {
1054 br_ssl_engine_fail(ENG, -x);
1055 T0_CO();
1056 } else {
1057 T0_PUSH(x);
1058 }
1059
1060 }
1061 break;
1062 case 26: {
1063 /* drop */
1064 (void)T0_POP();
1065 }
1066 break;
1067 case 27: {
1068 /* dup */
1069 T0_PUSH(T0_PEEK(0));
1070 }
1071 break;
1072 case 28: {
1073 /* fail */
1074
1075 br_ssl_engine_fail(ENG, (int)T0_POPi());
1076 T0_CO();
1077
1078 }
1079 break;
1080 case 29: {
1081 /* flush-record */
1082
1083 br_ssl_engine_flush_record(ENG);
1084
1085 }
1086 break;
1087 case 30: {
1088 /* get16 */
1089
1090 size_t addr = (size_t)T0_POP();
1091 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1092
1093 }
1094 break;
1095 case 31: {
1096 /* get8 */
1097
1098 size_t addr = (size_t)T0_POP();
1099 T0_PUSH(*((unsigned char *)ENG + addr));
1100
1101 }
1102 break;
1103 case 32: {
1104 /* has-input? */
1105
1106 T0_PUSHi(-(ENG->hlen_in != 0));
1107
1108 }
1109 break;
1110 case 33: {
1111 /* memcmp */
1112
1113 size_t len = (size_t)T0_POP();
1114 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1115 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1116 int x = memcmp(addr1, addr2, len);
1117 T0_PUSH((uint32_t)-(x == 0));
1118
1119 }
1120 break;
1121 case 34: {
1122 /* memcpy */
1123
1124 size_t len = (size_t)T0_POP();
1125 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1126 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1127 memcpy(dst, src, len);
1128
1129 }
1130 break;
1131 case 35: {
1132 /* mkrand */
1133
1134 size_t len = (size_t)T0_POP();
1135 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1136 br_hmac_drbg_generate(&ENG->rng, addr, len);
1137
1138 }
1139 break;
1140 case 36: {
1141 /* more-incoming-bytes? */
1142
1143 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1144
1145 }
1146 break;
1147 case 37: {
1148 /* multihash-init */
1149
1150 br_multihash_init(&ENG->mhash);
1151
1152 }
1153 break;
1154 case 38: {
1155 /* not */
1156
1157 uint32_t a = T0_POP();
1158 T0_PUSH(~a);
1159
1160 }
1161 break;
1162 case 39: {
1163 /* or */
1164
1165 uint32_t b = T0_POP();
1166 uint32_t a = T0_POP();
1167 T0_PUSH(a | b);
1168
1169 }
1170 break;
1171 case 40: {
1172 /* over */
1173 T0_PUSH(T0_PEEK(1));
1174 }
1175 break;
1176 case 41: {
1177 /* read-chunk-native */
1178
1179 size_t clen = ENG->hlen_in;
1180 if (clen > 0) {
1181 uint32_t addr, len;
1182
1183 len = T0_POP();
1184 addr = T0_POP();
1185 if ((size_t)len < clen) {
1186 clen = (size_t)len;
1187 }
1188 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1189 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1190 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1191 }
1192 T0_PUSH(addr + (uint32_t)clen);
1193 T0_PUSH(len - (uint32_t)clen);
1194 ENG->hbuf_in += clen;
1195 ENG->hlen_in -= clen;
1196 }
1197
1198 }
1199 break;
1200 case 42: {
1201 /* read8-native */
1202
1203 if (ENG->hlen_in > 0) {
1204 unsigned char x;
1205
1206 x = *ENG->hbuf_in ++;
1207 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1208 br_multihash_update(&ENG->mhash, &x, 1);
1209 }
1210 T0_PUSH(x);
1211 ENG->hlen_in --;
1212 } else {
1213 T0_PUSHi(-1);
1214 }
1215
1216 }
1217 break;
1218 case 43: {
1219 /* set16 */
1220
1221 size_t addr = (size_t)T0_POP();
1222 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1223
1224 }
1225 break;
1226 case 44: {
1227 /* set8 */
1228
1229 size_t addr = (size_t)T0_POP();
1230 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1231
1232 }
1233 break;
1234 case 45: {
1235 /* strlen */
1236
1237 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1238 T0_PUSH((uint32_t)strlen(str));
1239
1240 }
1241 break;
1242 case 46: {
1243 /* supported-curves */
1244
1245 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1246 T0_PUSH(x);
1247
1248 }
1249 break;
1250 case 47: {
1251 /* supported-hash-functions */
1252
1253 int i;
1254 unsigned x, num;
1255
1256 x = 0;
1257 num = 0;
1258 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1259 if (br_multihash_getimpl(&ENG->mhash, i)) {
1260 x |= 1U << i;
1261 num ++;
1262 }
1263 }
1264 T0_PUSH(x);
1265 T0_PUSH(num);
1266
1267 }
1268 break;
1269 case 48: {
1270 /* supports-ecdsa? */
1271
1272 T0_PUSHi(-(CTX->iecdsa != 0));
1273
1274 }
1275 break;
1276 case 49: {
1277 /* supports-rsa-sign? */
1278
1279 T0_PUSHi(-(CTX->irsavrfy != 0));
1280
1281 }
1282 break;
1283 case 50: {
1284 /* swap */
1285 T0_SWAP();
1286 }
1287 break;
1288 case 51: {
1289 /* switch-aesgcm-in */
1290
1291 int is_client, prf_id;
1292 unsigned cipher_key_len;
1293
1294 cipher_key_len = T0_POP();
1295 prf_id = T0_POP();
1296 is_client = T0_POP();
1297 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1298 ENG->iaes_ctr, cipher_key_len);
1299
1300 }
1301 break;
1302 case 52: {
1303 /* switch-aesgcm-out */
1304
1305 int is_client, prf_id;
1306 unsigned cipher_key_len;
1307
1308 cipher_key_len = T0_POP();
1309 prf_id = T0_POP();
1310 is_client = T0_POP();
1311 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1312 ENG->iaes_ctr, cipher_key_len);
1313
1314 }
1315 break;
1316 case 53: {
1317 /* switch-cbc-in */
1318
1319 int is_client, prf_id, mac_id, aes;
1320 unsigned cipher_key_len;
1321
1322 cipher_key_len = T0_POP();
1323 aes = T0_POP();
1324 mac_id = T0_POP();
1325 prf_id = T0_POP();
1326 is_client = T0_POP();
1327 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1328 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1329
1330 }
1331 break;
1332 case 54: {
1333 /* switch-cbc-out */
1334
1335 int is_client, prf_id, mac_id, aes;
1336 unsigned cipher_key_len;
1337
1338 cipher_key_len = T0_POP();
1339 aes = T0_POP();
1340 mac_id = T0_POP();
1341 prf_id = T0_POP();
1342 is_client = T0_POP();
1343 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1344 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1345
1346 }
1347 break;
1348 case 55: {
1349 /* u>> */
1350
1351 int c = (int)T0_POPi();
1352 uint32_t x = T0_POP();
1353 T0_PUSH(x >> c);
1354
1355 }
1356 break;
1357 case 56: {
1358 /* verify-SKE-sig */
1359
1360 size_t sig_len = T0_POP();
1361 int use_rsa = T0_POPi();
1362 int hash = T0_POPi();
1363
1364 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1365
1366 }
1367 break;
1368 case 57: {
1369 /* write-blob-chunk */
1370
1371 size_t clen = ENG->hlen_out;
1372 if (clen > 0) {
1373 uint32_t addr, len;
1374
1375 len = T0_POP();
1376 addr = T0_POP();
1377 if ((size_t)len < clen) {
1378 clen = (size_t)len;
1379 }
1380 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1381 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1382 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1383 }
1384 T0_PUSH(addr + (uint32_t)clen);
1385 T0_PUSH(len - (uint32_t)clen);
1386 ENG->hbuf_out += clen;
1387 ENG->hlen_out -= clen;
1388 }
1389
1390 }
1391 break;
1392 case 58: {
1393 /* write8-native */
1394
1395 unsigned char x;
1396
1397 x = (unsigned char)T0_POP();
1398 if (ENG->hlen_out > 0) {
1399 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1400 br_multihash_update(&ENG->mhash, &x, 1);
1401 }
1402 *ENG->hbuf_out ++ = x;
1403 ENG->hlen_out --;
1404 T0_PUSHi(-1);
1405 } else {
1406 T0_PUSHi(0);
1407 }
1408
1409 }
1410 break;
1411 case 59: {
1412 /* x509-append */
1413
1414 const br_x509_class *xc;
1415 size_t len;
1416
1417 xc = *(ENG->x509ctx);
1418 len = T0_POP();
1419 xc->append(ENG->x509ctx, ENG->pad, len);
1420
1421 }
1422 break;
1423 case 60: {
1424 /* x509-end-cert */
1425
1426 const br_x509_class *xc;
1427
1428 xc = *(ENG->x509ctx);
1429 xc->end_cert(ENG->x509ctx);
1430
1431 }
1432 break;
1433 case 61: {
1434 /* x509-end-chain */
1435
1436 const br_x509_class *xc;
1437
1438 xc = *(ENG->x509ctx);
1439 T0_PUSH(xc->end_chain(ENG->x509ctx));
1440
1441 }
1442 break;
1443 case 62: {
1444 /* x509-start-cert */
1445
1446 const br_x509_class *xc;
1447
1448 xc = *(ENG->x509ctx);
1449 xc->start_cert(ENG->x509ctx, T0_POP());
1450
1451 }
1452 break;
1453 case 63: {
1454 /* x509-start-chain */
1455
1456 const br_x509_class *xc;
1457
1458 xc = *(ENG->x509ctx);
1459 xc->start_chain(ENG->x509ctx, T0_POP(), ENG->server_name);
1460
1461 }
1462 break;
1463 }
1464
1465 } else {
1466 T0_ENTER(ip, rp, t0x);
1467 }
1468 }
1469 t0_exit:
1470 ((t0_context *)t0ctx)->dp = dp;
1471 ((t0_context *)t0ctx)->rp = rp;
1472 ((t0_context *)t0ctx)->ip = ip;
1473 }
The BearSSL library and tools.