projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added support for ClientHello padding (RFC 7685) and fixed buffering bug.
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
204 * use_rsa non-zero for RSA signature, zero for ECDSA
205 * sig_len signature length (in bytes); signature value is in the pad
206 * Returned value is 0 on success, or an error code.
207 */
208 static int
209 verify_SKE_sig(br_ssl_client_context *ctx,
210 int hash, int use_rsa, size_t sig_len)
211 {
212 const br_x509_class **xc;
213 const br_x509_pkey *pk;
214 br_multihash_context mhc;
215 unsigned char hv[64], head[4];
216 size_t hv_len;
217
218 xc = ctx->eng.x509ctx;
219 pk = (*xc)->get_pkey(xc);
220 br_multihash_zero(&mhc);
221 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
222 br_multihash_init(&mhc);
223 br_multihash_update(&mhc,
224 ctx->eng.client_random, sizeof ctx->eng.client_random);
225 br_multihash_update(&mhc,
226 ctx->eng.server_random, sizeof ctx->eng.server_random);
227 head[0] = 3;
228 head[1] = 0;
229 head[2] = ctx->eng.ecdhe_curve;
230 head[3] = ctx->eng.ecdhe_point_len;
231 br_multihash_update(&mhc, head, sizeof head);
232 br_multihash_update(&mhc,
233 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
234 if (hash) {
235 hv_len = br_multihash_out(&mhc, hash, hv);
236 if (hv_len == 0) {
237 return BR_ERR_INVALID_ALGORITHM;
238 }
239 } else {
240 if (!br_multihash_out(&mhc, br_md5_ID, hv)
241 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
242 {
243 return BR_ERR_INVALID_ALGORITHM;
244 }
245 hv_len = 36;
246 }
247 if (use_rsa) {
248 unsigned char tmp[64];
249 const unsigned char *hash_oid;
250
251 if (hash) {
252 hash_oid = HASH_OID[hash - 2];
253 } else {
254 hash_oid = NULL;
255 }
256 if (!ctx->irsavrfy(ctx->eng.pad, sig_len,
257 hash_oid, hv_len, &pk->key.rsa, tmp)
258 || memcmp(tmp, hv, hv_len) != 0)
259 {
260 return BR_ERR_BAD_SIGNATURE;
261 }
262 } else {
263 if (!ctx->iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
264 ctx->eng.pad, sig_len))
265 {
266 return BR_ERR_BAD_SIGNATURE;
267 }
268 }
269 return 0;
270 }
271
272 /*
273 * Perform client-size ECDH (or ECDHE). The point that should be sent to
274 * the server is written in the pad; returned value is either the point
275 * length (in bytes), or -x on error, with 'x' being an error code.
276 *
277 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
278 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
279 * (for static ECDH).
280 */
281 static int
282 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
283 {
284 int curve;
285 unsigned char key[66], point[133];
286 const unsigned char *generator, *order, *point_src;
287 size_t glen, olen, point_len;
288 unsigned char mask;
289
290 if (ecdhe) {
291 curve = ctx->eng.ecdhe_curve;
292 point_src = ctx->eng.ecdhe_point;
293 point_len = ctx->eng.ecdhe_point_len;
294 } else {
295 const br_x509_class **xc;
296 const br_x509_pkey *pk;
297
298 xc = ctx->eng.x509ctx;
299 pk = (*xc)->get_pkey(xc);
300 curve = pk->key.ec.curve;
301 point_src = pk->key.ec.q;
302 point_len = pk->key.ec.qlen;
303 }
304 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
305 return -BR_ERR_INVALID_ALGORITHM;
306 }
307
308 /*
309 * We need to generate our key, as a non-zero random value which
310 * is lower than the curve order, in a "large enough" range. We
311 * force top bit to 0 and bottom bit to 1, which guarantees that
312 * the value is in the proper range.
313 */
314 order = ctx->eng.iec->order(curve, &olen);
315 mask = 0xFF;
316 while (mask >= order[0]) {
317 mask >>= 1;
318 }
319 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
320 key[0] &= mask;
321 key[olen - 1] |= 0x01;
322
323 /*
324 * Compute the common ECDH point, whose X coordinate is the
325 * pre-master secret.
326 */
327 generator = ctx->eng.iec->generator(curve, &glen);
328 if (glen != point_len) {
329 return -BR_ERR_INVALID_ALGORITHM;
330 }
331
332 memcpy(point, point_src, glen);
333 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
334 return -BR_ERR_INVALID_ALGORITHM;
335 }
336
337 /*
338 * The pre-master secret is the X coordinate.
339 */
340 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
341
342 memcpy(point, generator, glen);
343 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
344 return -BR_ERR_INVALID_ALGORITHM;
345 }
346 memcpy(ctx->eng.pad, point, glen);
347 return (int)glen;
348 }
349
350
351
352 static const uint8_t t0_datablock[] = {
353 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
354 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
355 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
356 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
357 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
358 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
359 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
360 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
361 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
362 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
363 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
364 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
365 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
366 };
367
368 static const uint8_t t0_codeblock[] = {
369 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0C, 0x00, 0x00, 0x01,
370 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01, 0x01, 0x08,
371 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
372 0x01, 0x02, 0x09, 0x00, 0x00, 0x1A, 0x1A, 0x00, 0x00, 0x01,
373 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
374 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
375 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
376 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
377 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
378 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
379 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
380 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
381 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
382 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
383 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
384 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
385 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
386 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
387 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
388 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
389 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
391 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
392 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
393 0x01,
394 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
395 0x00, 0x00, 0x01,
396 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
397 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
398 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
399 0x00, 0x00, 0x01,
400 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
401 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
402 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
403 0x00, 0x00, 0x01,
404 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
405 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
406 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00,
407 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)),
408 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)),
409 0x00, 0x00, 0x01,
410 T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00, 0x00,
411 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)), 0x00,
412 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_random)),
413 0x00, 0x00, 0x01,
414 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
415 0x00, 0x00, 0x01,
416 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
417 0x00, 0x00, 0x01,
418 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
419 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
420 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
421 0x01,
422 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
423 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
424 0x00, 0x00, 0x01,
425 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
426 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
427 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
428 0x00, 0x00, 0x09, 0x1B, 0x40, 0x06, 0x02, 0x50, 0x1C, 0x00, 0x00, 0x06,
429 0x08, 0x1E, 0x0D, 0x05, 0x02, 0x59, 0x1C, 0x04, 0x01, 0x2B, 0x00, 0x00,
430 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x7A, 0x1B, 0x46, 0x32, 0x7E, 0x1B,
431 0x05, 0x04, 0x48, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0D, 0x06, 0x02, 0x7E,
432 0x00, 0x46, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x1C, 0x00, 0x00, 0x1B,
433 0x6B, 0x32, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x32, 0x5F, 0x1E, 0x81, 0x0B,
434 0x15, 0x67, 0x01, 0x0C, 0x22, 0x00, 0x00, 0x1B, 0x16, 0x01, 0x08, 0x0B,
435 0x32, 0x44, 0x16, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x5E, 0x2C,
436 0x1D, 0x13, 0x26, 0x06, 0x08, 0x02, 0x00, 0x81, 0x2A, 0x03, 0x00, 0x04,
437 0x74, 0x01, 0x00, 0x81, 0x22, 0x02, 0x00, 0x1B, 0x13, 0x11, 0x06, 0x02,
438 0x57, 0x1C, 0x81, 0x2A, 0x04, 0x75, 0x01, 0x01, 0x00, 0x5E, 0x2C, 0x01,
439 0x16, 0x69, 0x2C, 0x25, 0x81, 0x2E, 0x1D, 0x81, 0x12, 0x06, 0x0B, 0x01,
440 0x7F, 0x81, 0x0E, 0x01, 0x7F, 0x81, 0x2D, 0x04, 0x80, 0x42, 0x81, 0x0F,
441 0x5F, 0x1E, 0x81, 0x02, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x11, 0x06,
442 0x02, 0x81, 0x13, 0x81, 0x16, 0x1B, 0x01, 0x0D, 0x0D, 0x06, 0x09, 0x1A,
443 0x81, 0x15, 0x81, 0x16, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00,
444 0x01, 0x0E, 0x0D, 0x05, 0x02, 0x5A, 0x1C, 0x06, 0x02, 0x4F, 0x1C, 0x24,
445 0x06, 0x02, 0x5A, 0x1C, 0x02, 0x00, 0x06, 0x02, 0x81, 0x34, 0x81, 0x2F,
446 0x01, 0x7F, 0x81, 0x2D, 0x01, 0x7F, 0x81, 0x0E, 0x01, 0x01, 0x5E, 0x2C,
447 0x01, 0x17, 0x69, 0x2C, 0x00, 0x00, 0x28, 0x28, 0x00, 0x00, 0x7B, 0x01,
448 0x0C, 0x10, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
449 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
450 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
451 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
452 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
453 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
454 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
455 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
456 0x28, 0x0D, 0x06, 0x05, 0x1A, 0x01,
457 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
458 0x32, 0x1A, 0x00, 0x00, 0x65, 0x1F, 0x01, 0x0E, 0x0D, 0x06, 0x04, 0x01,
459 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x2E, 0x06, 0x04, 0x01, 0x06,
460 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x6A, 0x1F, 0x1B, 0x06, 0x08, 0x01,
461 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x1A, 0x01, 0x05, 0x00, 0x01,
462 0x2F, 0x03, 0x00, 0x1A, 0x01, 0x00, 0x31, 0x06, 0x03, 0x02, 0x00, 0x08,
463 0x30, 0x06, 0x03, 0x02, 0x00, 0x08, 0x1B, 0x06, 0x06, 0x01, 0x01, 0x0B,
464 0x01, 0x06, 0x08, 0x00, 0x00, 0x6C, 0x2D, 0x1B, 0x06, 0x03, 0x01, 0x09,
465 0x08, 0x00, 0x01, 0x2E, 0x1B, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x1B,
466 0x06, 0x0E, 0x1B, 0x01, 0x01, 0x11, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
467 0x01, 0x10, 0x04, 0x6F, 0x1A, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
468 0x08, 0x00, 0x00, 0x81, 0x00, 0x81, 0x29, 0x1B, 0x01, 0x07, 0x11, 0x01,
469 0x00, 0x28, 0x0D, 0x06, 0x0A, 0x1A, 0x01, 0x10, 0x11, 0x06, 0x02, 0x81,
470 0x00, 0x04, 0x2D, 0x01, 0x01, 0x28, 0x0D, 0x06, 0x24, 0x1A, 0x1A, 0x01,
471 0x00, 0x5E, 0x2C, 0x81, 0x11, 0x6A, 0x1F, 0x01, 0x01, 0x0D, 0x06, 0x11,
472 0x1D, 0x13, 0x26, 0x06, 0x05, 0x81, 0x29, 0x1A, 0x04, 0x77, 0x01, 0x80,
473 0x64, 0x81, 0x22, 0x04, 0x02, 0x81, 0x00, 0x04, 0x03, 0x5A, 0x1C, 0x1A,
474 0x04, 0xFF, 0x3A, 0x01, 0x1B, 0x03, 0x00, 0x09, 0x1B, 0x40, 0x06, 0x02,
475 0x50, 0x1C, 0x02, 0x00, 0x00, 0x00, 0x7B, 0x01, 0x0F, 0x11, 0x00, 0x00,
476 0x5D, 0x1F, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x1B, 0x01, 0x01,
477 0x0C, 0x06, 0x03, 0x1A, 0x01, 0x02, 0x5D, 0x2C, 0x01, 0x00, 0x04, 0x15,
478 0x01, 0x01, 0x28, 0x0D, 0x06, 0x09, 0x1A, 0x01, 0x00, 0x5D, 0x2C, 0x42,
479 0x00, 0x04, 0x06, 0x01, 0x82, 0x00, 0x08, 0x1C, 0x1A, 0x00, 0x00, 0x01,
480 0x00, 0x20, 0x06, 0x06, 0x2A, 0x81, 0x0C, 0x27, 0x04, 0x77, 0x1B, 0x06,
481 0x04, 0x01, 0x01, 0x70, 0x2C, 0x00, 0x00, 0x20, 0x06, 0x0B, 0x68, 0x1F,
482 0x01, 0x14, 0x0C, 0x06, 0x02, 0x5A, 0x1C, 0x04, 0x12, 0x81, 0x29, 0x01,
483 0x07, 0x11, 0x1B, 0x01, 0x02, 0x0C, 0x06, 0x06, 0x06, 0x02, 0x5A, 0x1C,
484 0x04, 0x6F, 0x1A, 0x81, 0x1F, 0x01, 0x01, 0x0C, 0x24, 0x27, 0x06, 0x02,
485 0x49, 0x1C, 0x1B, 0x01, 0x01, 0x81, 0x25, 0x26, 0x81, 0x10, 0x00, 0x01,
486 0x81, 0x16, 0x01, 0x0B, 0x0D, 0x05, 0x02, 0x5A, 0x1C, 0x5F, 0x1E, 0x81,
487 0x02, 0x3F, 0x81, 0x1D, 0x81, 0x0A, 0x1B, 0x06, 0x26, 0x81, 0x1D, 0x81,
488 0x0A, 0x1B, 0x3E, 0x1B, 0x06, 0x19, 0x1B, 0x01, 0x82, 0x00, 0x0E, 0x06,
489 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x1B, 0x03, 0x00, 0x67, 0x02, 0x00,
490 0x81, 0x14, 0x02, 0x00, 0x3B, 0x04, 0x64, 0x7C, 0x3C, 0x04, 0x57, 0x7C,
491 0x7C, 0x3D, 0x1B, 0x06, 0x01, 0x1C, 0x1A, 0x00, 0x00, 0x7D, 0x81, 0x16,
492 0x01, 0x14, 0x0C, 0x06, 0x02, 0x5A, 0x1C, 0x67, 0x01, 0x0C, 0x08, 0x01,
493 0x0C, 0x81, 0x14, 0x7C, 0x67, 0x1B, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x21,
494 0x05, 0x02, 0x4C, 0x1C, 0x00, 0x00, 0x81, 0x17, 0x06, 0x02, 0x5A, 0x1C,
495 0x06, 0x02, 0x4E, 0x1C, 0x00, 0x09, 0x81, 0x16, 0x01, 0x02, 0x0D, 0x05,
496 0x02, 0x5A, 0x1C, 0x81, 0x1C, 0x03, 0x00, 0x02, 0x00, 0x76, 0x1E, 0x0A,
497 0x02, 0x00, 0x75, 0x1E, 0x0E, 0x27, 0x06, 0x02, 0x5B, 0x1C, 0x02, 0x00,
498 0x74, 0x1E, 0x0C, 0x06, 0x02, 0x53, 0x1C, 0x02, 0x00, 0x77, 0x2B, 0x6D,
499 0x01, 0x20, 0x81, 0x14, 0x01, 0x00, 0x03, 0x01, 0x81, 0x1E, 0x03, 0x02,
500 0x02, 0x02, 0x01, 0x20, 0x0E, 0x06, 0x02, 0x58, 0x1C, 0x67, 0x02, 0x02,
501 0x81, 0x14, 0x02, 0x02, 0x6F, 0x1F, 0x0D, 0x02, 0x02, 0x01, 0x00, 0x0E,
502 0x11, 0x06, 0x0B, 0x6E, 0x67, 0x02, 0x02, 0x21, 0x06, 0x04, 0x01, 0x7F,
503 0x03, 0x01, 0x6E, 0x67, 0x02, 0x02, 0x22, 0x02, 0x02, 0x6F, 0x2C, 0x02,
504 0x00, 0x73, 0x02, 0x01, 0x79, 0x81, 0x1C, 0x1B, 0x81, 0x20, 0x40, 0x06,
505 0x02, 0x4A, 0x1C, 0x5F, 0x02, 0x01, 0x79, 0x81, 0x1E, 0x06, 0x02, 0x4B,
506 0x1C, 0x1B, 0x06, 0x81, 0x3D, 0x81, 0x1C, 0x81, 0x0A, 0x81, 0x07, 0x03,
507 0x03, 0x81, 0x05, 0x03, 0x04, 0x81, 0x03, 0x03, 0x05, 0x81, 0x06, 0x03,
508 0x06, 0x81, 0x08, 0x03, 0x07, 0x81, 0x04, 0x03, 0x08, 0x1B, 0x06, 0x81,
509 0x0B, 0x81, 0x1C, 0x01, 0x00, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x03,
510 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x03, 0x81, 0x1B, 0x04, 0x80,
511 0x70, 0x01, 0x01, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x05, 0x05, 0x02,
512 0x54, 0x1C, 0x01, 0x00, 0x03, 0x05, 0x81, 0x19, 0x04, 0x80, 0x5A, 0x01,
513 0x83, 0xFE, 0x01, 0x28, 0x0D, 0x06, 0x10, 0x1A, 0x02, 0x04, 0x05, 0x02,
514 0x54, 0x1C, 0x01, 0x00, 0x03, 0x04, 0x81, 0x1A, 0x04, 0x80, 0x42, 0x01,
515 0x0D, 0x28, 0x0D, 0x06, 0x0F, 0x1A, 0x02, 0x06, 0x05, 0x02, 0x54, 0x1C,
516 0x01, 0x00, 0x03, 0x06, 0x81, 0x18, 0x04, 0x2D, 0x01, 0x0A, 0x28, 0x0D,
517 0x06, 0x0F, 0x1A, 0x02, 0x07, 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03,
518 0x07, 0x81, 0x18, 0x04, 0x18, 0x01, 0x0B, 0x28, 0x0D, 0x06, 0x0F, 0x1A,
519 0x02, 0x08, 0x05, 0x02, 0x54, 0x1C, 0x01, 0x00, 0x03, 0x08, 0x81, 0x18,
520 0x04, 0x03, 0x54, 0x1C, 0x1A, 0x04, 0xFE, 0x71, 0x02, 0x04, 0x06, 0x0D,
521 0x02, 0x04, 0x01, 0x05, 0x0E, 0x06, 0x02, 0x51, 0x1C, 0x01, 0x01, 0x6A,
522 0x2C, 0x7C, 0x7C, 0x02, 0x01, 0x00, 0x04, 0x81, 0x16, 0x01, 0x0C, 0x0D,
523 0x05, 0x02, 0x5A, 0x1C, 0x81, 0x1E, 0x01, 0x03, 0x0D, 0x05, 0x02, 0x55,
524 0x1C, 0x81, 0x1C, 0x1B, 0x62, 0x2C, 0x1B, 0x01, 0x20, 0x0F, 0x06, 0x02,
525 0x55, 0x1C, 0x2E, 0x32, 0x10, 0x01, 0x01, 0x11, 0x05, 0x02, 0x55, 0x1C,
526 0x81, 0x1E, 0x1B, 0x01, 0x81, 0x05, 0x0E, 0x06, 0x02, 0x55, 0x1C, 0x1B,
527 0x64, 0x2C, 0x63, 0x32, 0x81, 0x14, 0x73, 0x1E, 0x01, 0x86, 0x03, 0x0F,
528 0x03, 0x00, 0x5F, 0x1E, 0x81, 0x27, 0x03, 0x01, 0x01, 0x02, 0x03, 0x02,
529 0x02, 0x00, 0x06, 0x23, 0x81, 0x1E, 0x1B, 0x1B, 0x01, 0x02, 0x0A, 0x32,
530 0x01, 0x06, 0x0E, 0x27, 0x06, 0x02, 0x55, 0x1C, 0x03, 0x02, 0x81, 0x1E,
531 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0D, 0x05, 0x02, 0x55,
532 0x1C, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0x81,
533 0x1C, 0x1B, 0x03, 0x03, 0x1B, 0x01, 0x84, 0x00, 0x0E, 0x06, 0x02, 0x56,
534 0x1C, 0x67, 0x32, 0x81, 0x14, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x38,
535 0x1B, 0x06, 0x01, 0x1C, 0x1A, 0x7C, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01,
536 0x02, 0x00, 0x78, 0x02, 0x01, 0x02, 0x00, 0x29, 0x1B, 0x01, 0x00, 0x0D,
537 0x06, 0x02, 0x48, 0x00, 0x81, 0x2B, 0x04, 0x73, 0x00, 0x1B, 0x06, 0x05,
538 0x81, 0x1E, 0x1A, 0x04, 0x78, 0x1A, 0x00, 0x00, 0x81, 0x17, 0x1B, 0x42,
539 0x06, 0x07, 0x1A, 0x06, 0x02, 0x4E, 0x1C, 0x04, 0x73, 0x00, 0x00, 0x81,
540 0x1F, 0x01, 0x03, 0x81, 0x1D, 0x32, 0x1A, 0x32, 0x00, 0x00, 0x81, 0x1C,
541 0x81, 0x23, 0x00, 0x00, 0x81, 0x1C, 0x01, 0x01, 0x0D, 0x05, 0x02, 0x4D,
542 0x1C, 0x81, 0x1E, 0x01, 0x08, 0x08, 0x65, 0x1F, 0x0D, 0x05, 0x02, 0x4D,
543 0x1C, 0x00, 0x00, 0x81, 0x1C, 0x6A, 0x1F, 0x05, 0x16, 0x01, 0x01, 0x0D,
544 0x05, 0x02, 0x51, 0x1C, 0x81, 0x1E, 0x01, 0x00, 0x0D, 0x05, 0x02, 0x51,
545 0x1C, 0x01, 0x02, 0x6A, 0x2C, 0x04, 0x1E, 0x01, 0x19, 0x0D, 0x05, 0x02,
546 0x51, 0x1C, 0x81, 0x1E, 0x01, 0x18, 0x0D, 0x05, 0x02, 0x51, 0x1C, 0x67,
547 0x01, 0x18, 0x81, 0x14, 0x6B, 0x67, 0x01, 0x18, 0x21, 0x05, 0x02, 0x51,
548 0x1C, 0x00, 0x00, 0x81, 0x1C, 0x06, 0x02, 0x52, 0x1C, 0x00, 0x00, 0x01,
549 0x02, 0x78, 0x81, 0x1F, 0x01, 0x08, 0x0B, 0x81, 0x1F, 0x08, 0x00, 0x00,
550 0x01, 0x03, 0x78, 0x81, 0x1F, 0x01, 0x08, 0x0B, 0x81, 0x1F, 0x08, 0x01,
551 0x08, 0x0B, 0x81, 0x1F, 0x08, 0x00, 0x00, 0x01, 0x01, 0x78, 0x81, 0x1F,
552 0x00, 0x00, 0x2A, 0x1B, 0x40, 0x05, 0x01, 0x00, 0x1A, 0x81, 0x2B, 0x04,
553 0x75, 0x02, 0x03, 0x00, 0x72, 0x1F, 0x03, 0x01, 0x01, 0x00, 0x1B, 0x02,
554 0x01, 0x0A, 0x06, 0x10, 0x1B, 0x01, 0x01, 0x0B, 0x71, 0x08, 0x1E, 0x02,
555 0x00, 0x0D, 0x06, 0x01, 0x00, 0x44, 0x04, 0x6A, 0x1A, 0x01, 0x7F, 0x00,
556 0x00, 0x01, 0x15, 0x69, 0x2C, 0x32, 0x3A, 0x1A, 0x3A, 0x1A, 0x1D, 0x00,
557 0x00, 0x01, 0x01, 0x32, 0x81, 0x21, 0x00, 0x00, 0x32, 0x28, 0x78, 0x32,
558 0x1B, 0x06, 0x06, 0x81, 0x1F, 0x1A, 0x45, 0x04, 0x77, 0x1A, 0x00, 0x00,
559 0x7B, 0x41, 0x00, 0x02, 0x03, 0x00, 0x5F, 0x1E, 0x7B, 0x03, 0x01, 0x02,
560 0x01, 0x01, 0x0F, 0x11, 0x02, 0x01, 0x01, 0x04, 0x10, 0x01, 0x0F, 0x11,
561 0x02, 0x01, 0x01, 0x08, 0x10, 0x01, 0x0F, 0x11, 0x01, 0x00, 0x28, 0x0D,
562 0x06, 0x10, 0x1A, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x35,
563 0x04, 0x01, 0x36, 0x04, 0x80, 0x56, 0x01, 0x01, 0x28, 0x0D, 0x06, 0x10,
564 0x1A, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01,
565 0x36, 0x04, 0x80, 0x40, 0x01, 0x02, 0x28, 0x0D, 0x06, 0x0F, 0x1A, 0x01,
566 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01, 0x36, 0x04,
567 0x2B, 0x01, 0x03, 0x28, 0x0D, 0x06, 0x0E, 0x1A, 0x1A, 0x01, 0x10, 0x02,
568 0x00, 0x06, 0x03, 0x33, 0x04, 0x01, 0x34, 0x04, 0x17, 0x01, 0x04, 0x28,
569 0x0D, 0x06, 0x0E, 0x1A, 0x1A, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x33,
570 0x04, 0x01, 0x34, 0x04, 0x03, 0x50, 0x1C, 0x1A, 0x00, 0x00, 0x7B, 0x01,
571 0x0C, 0x10, 0x1B, 0x43, 0x32, 0x01, 0x03, 0x0A, 0x11, 0x00, 0x00, 0x7B,
572 0x01, 0x0C, 0x10, 0x01, 0x01, 0x0D, 0x00, 0x00, 0x7B, 0x01, 0x0C, 0x10,
573 0x42, 0x00, 0x00, 0x14, 0x01, 0x00, 0x5C, 0x1F, 0x1B, 0x06, 0x1F, 0x01,
574 0x01, 0x28, 0x0D, 0x06, 0x06, 0x1A, 0x01, 0x00, 0x7F, 0x04, 0x11, 0x01,
575 0x02, 0x28, 0x0D, 0x06, 0x0A, 0x1A, 0x5E, 0x1F, 0x06, 0x03, 0x01, 0x10,
576 0x27, 0x04, 0x01, 0x1A, 0x04, 0x01, 0x1A, 0x61, 0x1F, 0x05, 0x34, 0x20,
577 0x06, 0x31, 0x68, 0x1F, 0x01, 0x14, 0x28, 0x0D, 0x06, 0x06, 0x1A, 0x01,
578 0x02, 0x27, 0x04, 0x23, 0x01, 0x15, 0x28, 0x0D, 0x06, 0x0A, 0x1A, 0x81,
579 0x0D, 0x06, 0x03, 0x01, 0x7F, 0x7F, 0x04, 0x13, 0x01, 0x16, 0x28, 0x0D,
580 0x06, 0x06, 0x1A, 0x01, 0x01, 0x27, 0x04, 0x07, 0x1A, 0x01, 0x04, 0x27,
581 0x01, 0x00, 0x1A, 0x13, 0x06, 0x03, 0x01, 0x08, 0x27, 0x00, 0x00, 0x14,
582 0x1B, 0x05, 0x10, 0x20, 0x06, 0x0D, 0x68, 0x1F, 0x01, 0x15, 0x0D, 0x06,
583 0x05, 0x1A, 0x81, 0x0D, 0x04, 0x01, 0x17, 0x00, 0x00, 0x81, 0x29, 0x01,
584 0x07, 0x11, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x5A, 0x1C, 0x00, 0x01, 0x03,
585 0x00, 0x1D, 0x13, 0x06, 0x05, 0x02, 0x00, 0x69, 0x2C, 0x00, 0x81, 0x29,
586 0x1A, 0x04, 0x73, 0x00, 0x01, 0x14, 0x81, 0x2C, 0x01, 0x01, 0x81, 0x38,
587 0x1D, 0x1B, 0x01, 0x00, 0x81, 0x25, 0x01, 0x16, 0x81, 0x2C, 0x81, 0x30,
588 0x1D, 0x00, 0x02, 0x81, 0x05, 0x81, 0x07, 0x08, 0x81, 0x03, 0x08, 0x81,
589 0x06, 0x08, 0x81, 0x08, 0x08, 0x81, 0x04, 0x08, 0x03, 0x00, 0x01, 0x01,
590 0x81, 0x38, 0x01, 0x27, 0x6F, 0x1F, 0x08, 0x72, 0x1F, 0x01, 0x01, 0x0B,
591 0x08, 0x02, 0x00, 0x06, 0x04, 0x46, 0x02, 0x00, 0x08, 0x66, 0x1E, 0x28,
592 0x09, 0x1B, 0x43, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x32, 0x46, 0x32,
593 0x47, 0x01, 0x04, 0x09, 0x1B, 0x40, 0x06, 0x03, 0x1A, 0x01, 0x00, 0x1B,
594 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x32, 0x01, 0x04, 0x08,
595 0x28, 0x08, 0x32, 0x04, 0x03, 0x1A, 0x01, 0x7F, 0x03, 0x01, 0x81, 0x37,
596 0x75, 0x1E, 0x81, 0x36, 0x60, 0x01, 0x04, 0x12, 0x60, 0x01, 0x04, 0x08,
597 0x01, 0x1C, 0x23, 0x60, 0x01, 0x20, 0x81, 0x31, 0x6E, 0x6F, 0x1F, 0x81,
598 0x33, 0x72, 0x1F, 0x1B, 0x01, 0x01, 0x0B, 0x81, 0x36, 0x71, 0x32, 0x1B,
599 0x06, 0x11, 0x45, 0x28, 0x1E, 0x1B, 0x81, 0x24, 0x05, 0x02, 0x4A, 0x1C,
600 0x81, 0x36, 0x32, 0x46, 0x32, 0x04, 0x6C, 0x48, 0x01, 0x01, 0x81, 0x38,
601 0x01, 0x00, 0x81, 0x38, 0x02, 0x00, 0x06, 0x81, 0x47, 0x02, 0x00, 0x81,
602 0x36, 0x81, 0x05, 0x06, 0x12, 0x01, 0x83, 0xFE, 0x01, 0x81, 0x36, 0x6B,
603 0x81, 0x05, 0x01, 0x04, 0x09, 0x1B, 0x81, 0x36, 0x45, 0x81, 0x33, 0x81,
604 0x07, 0x06, 0x1C, 0x01, 0x00, 0x81, 0x36, 0x6C, 0x81, 0x07, 0x01, 0x04,
605 0x09, 0x1B, 0x81, 0x36, 0x01, 0x02, 0x09, 0x1B, 0x81, 0x36, 0x01, 0x00,
606 0x81, 0x38, 0x01, 0x03, 0x09, 0x81, 0x32, 0x81, 0x03, 0x06, 0x0F, 0x01,
607 0x01, 0x81, 0x36, 0x01, 0x01, 0x81, 0x36, 0x65, 0x1F, 0x01, 0x08, 0x09,
608 0x81, 0x38, 0x81, 0x06, 0x06, 0x1F, 0x01, 0x0D, 0x81, 0x36, 0x81, 0x06,
609 0x01, 0x04, 0x09, 0x1B, 0x81, 0x36, 0x01, 0x02, 0x09, 0x81, 0x36, 0x30,
610 0x06, 0x04, 0x01, 0x03, 0x81, 0x35, 0x31, 0x06, 0x04, 0x01, 0x01, 0x81,
611 0x35, 0x81, 0x08, 0x1B, 0x06, 0x27, 0x01, 0x0A, 0x81, 0x36, 0x01, 0x04,
612 0x09, 0x1B, 0x81, 0x36, 0x47, 0x81, 0x36, 0x2E, 0x01, 0x00, 0x1B, 0x01,
613 0x20, 0x0A, 0x06, 0x0E, 0x81, 0x01, 0x10, 0x01, 0x01, 0x11, 0x06, 0x03,
614 0x1B, 0x81, 0x36, 0x44, 0x04, 0x6C, 0x48, 0x04, 0x01, 0x1A, 0x81, 0x04,
615 0x06, 0x0D, 0x01, 0x0B, 0x81, 0x36, 0x01, 0x02, 0x81, 0x36, 0x01, 0x82,
616 0x00, 0x81, 0x36, 0x02, 0x01, 0x40, 0x05, 0x14, 0x01, 0x15, 0x81, 0x36,
617 0x02, 0x01, 0x1B, 0x81, 0x36, 0x1B, 0x06, 0x07, 0x45, 0x01, 0x00, 0x81,
618 0x38, 0x04, 0x76, 0x1A, 0x00, 0x00, 0x01, 0x10, 0x81, 0x38, 0x5F, 0x1E,
619 0x1B, 0x81, 0x28, 0x06, 0x10, 0x81, 0x0B, 0x19, 0x1B, 0x46, 0x81, 0x37,
620 0x1B, 0x81, 0x36, 0x67, 0x32, 0x81, 0x31, 0x04, 0x12, 0x1B, 0x81, 0x26,
621 0x32, 0x81, 0x0B, 0x18, 0x1B, 0x44, 0x81, 0x37, 0x1B, 0x81, 0x38, 0x67,
622 0x32, 0x81, 0x31, 0x00, 0x00, 0x7D, 0x01, 0x14, 0x81, 0x38, 0x01, 0x0C,
623 0x81, 0x37, 0x67, 0x01, 0x0C, 0x81, 0x31, 0x00, 0x00, 0x39, 0x1B, 0x01,
624 0x00, 0x0D, 0x06, 0x02, 0x48, 0x00, 0x81, 0x29, 0x1A, 0x04, 0x72, 0x00,
625 0x1B, 0x81, 0x36, 0x81, 0x31, 0x00, 0x00, 0x1B, 0x81, 0x38, 0x81, 0x31,
626 0x00, 0x00, 0x01, 0x0B, 0x81, 0x38, 0x01, 0x03, 0x81, 0x37, 0x01, 0x00,
627 0x81, 0x37, 0x00, 0x01, 0x03, 0x00, 0x2F, 0x1A, 0x1B, 0x01, 0x10, 0x11,
628 0x06, 0x08, 0x01, 0x04, 0x81, 0x38, 0x02, 0x00, 0x81, 0x38, 0x1B, 0x01,
629 0x08, 0x11, 0x06, 0x08, 0x01, 0x03, 0x81, 0x38, 0x02, 0x00, 0x81, 0x38,
630 0x1B, 0x01, 0x20, 0x11, 0x06, 0x08, 0x01, 0x05, 0x81, 0x38, 0x02, 0x00,
631 0x81, 0x38, 0x1B, 0x01, 0x80, 0x40, 0x11, 0x06, 0x08, 0x01, 0x06, 0x81,
632 0x38, 0x02, 0x00, 0x81, 0x38, 0x01, 0x04, 0x11, 0x06, 0x08, 0x01, 0x02,
633 0x81, 0x38, 0x02, 0x00, 0x81, 0x38, 0x00, 0x00, 0x1B, 0x01, 0x08, 0x37,
634 0x81, 0x38, 0x81, 0x38, 0x00, 0x00, 0x1B, 0x01, 0x10, 0x37, 0x81, 0x38,
635 0x81, 0x36, 0x00, 0x00, 0x1B, 0x3A, 0x06, 0x02, 0x1A, 0x00, 0x81, 0x29,
636 0x1A, 0x04, 0x75
637 };
638
639 static const uint16_t t0_caddr[] = {
640 0,
641 5,
642 10,
643 15,
644 20,
645 25,
646 30,
647 35,
648 40,
649 44,
650 48,
651 52,
652 56,
653 60,
654 64,
655 68,
656 72,
657 76,
658 80,
659 84,
660 88,
661 92,
662 96,
663 100,
664 104,
665 108,
666 112,
667 116,
668 120,
669 125,
670 130,
671 135,
672 140,
673 145,
674 150,
675 155,
676 160,
677 165,
678 170,
679 175,
680 180,
681 185,
682 190,
683 195,
684 200,
685 205,
686 210,
687 215,
688 220,
689 225,
690 230,
691 235,
692 240,
693 245,
694 250,
695 255,
696 260,
697 269,
698 282,
699 286,
700 311,
701 317,
702 337,
703 348,
704 385,
705 488,
706 492,
707 557,
708 572,
709 583,
710 601,
711 630,
712 640,
713 676,
714 749,
715 763,
716 769,
717 816,
718 836,
719 889,
720 958,
721 991,
722 1003,
723 1328,
724 1485,
725 1510,
726 1521,
727 1536,
728 1547,
729 1553,
730 1576,
731 1636,
732 1644,
733 1657,
734 1676,
735 1683,
736 1695,
737 1730,
738 1742,
739 1749,
740 1765,
741 1769,
742 1907,
743 1920,
744 1929,
745 1936,
746 2040,
747 2062,
748 2076,
749 2093,
750 2116,
751 2479,
752 2526,
753 2542,
754 2557,
755 2564,
756 2571,
757 2585,
758 2661,
759 2671,
760 2681
761 };
762
763 #define T0_INTERPRETED 64
764
765 #define T0_ENTER(ip, rp, slot) do { \
766 const unsigned char *t0_newip; \
767 uint32_t t0_lnum; \
768 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
769 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
770 (rp) += t0_lnum; \
771 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
772 (ip) = t0_newip; \
773 } while (0)
774
775 #define T0_DEFENTRY(name, slot) \
776 void \
777 name(void *ctx) \
778 { \
779 t0_context *t0ctx = ctx; \
780 t0ctx->ip = &t0_codeblock[0]; \
781 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
782 }
783
784 T0_DEFENTRY(br_ssl_hs_client_init_main, 137)
785
786 void
787 br_ssl_hs_client_run(void *t0ctx)
788 {
789 uint32_t *dp, *rp;
790 const unsigned char *ip;
791
792 #define T0_LOCAL(x) (*(rp - 2 - (x)))
793 #define T0_POP() (*-- dp)
794 #define T0_POPi() (*(int32_t *)(-- dp))
795 #define T0_PEEK(x) (*(dp - 1 - (x)))
796 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
797 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
798 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
799 #define T0_RPOP() (*-- rp)
800 #define T0_RPOPi() (*(int32_t *)(-- rp))
801 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
802 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
803 #define T0_ROLL(x) do { \
804 size_t t0len = (size_t)(x); \
805 uint32_t t0tmp = *(dp - 1 - t0len); \
806 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
807 *(dp - 1) = t0tmp; \
808 } while (0)
809 #define T0_SWAP() do { \
810 uint32_t t0tmp = *(dp - 2); \
811 *(dp - 2) = *(dp - 1); \
812 *(dp - 1) = t0tmp; \
813 } while (0)
814 #define T0_ROT() do { \
815 uint32_t t0tmp = *(dp - 3); \
816 *(dp - 3) = *(dp - 2); \
817 *(dp - 2) = *(dp - 1); \
818 *(dp - 1) = t0tmp; \
819 } while (0)
820 #define T0_NROT() do { \
821 uint32_t t0tmp = *(dp - 1); \
822 *(dp - 1) = *(dp - 2); \
823 *(dp - 2) = *(dp - 3); \
824 *(dp - 3) = t0tmp; \
825 } while (0)
826 #define T0_PICK(x) do { \
827 uint32_t t0depth = (x); \
828 T0_PUSH(T0_PEEK(t0depth)); \
829 } while (0)
830 #define T0_CO() do { \
831 goto t0_exit; \
832 } while (0)
833 #define T0_RET() break
834
835 dp = ((t0_context *)t0ctx)->dp;
836 rp = ((t0_context *)t0ctx)->rp;
837 ip = ((t0_context *)t0ctx)->ip;
838 for (;;) {
839 uint32_t t0x;
840
841 t0x = t0_parse7E_unsigned(&ip);
842 if (t0x < T0_INTERPRETED) {
843 switch (t0x) {
844 int32_t t0off;
845
846 case 0: /* ret */
847 t0x = T0_RPOP();
848 rp -= (t0x >> 16);
849 t0x &= 0xFFFF;
850 if (t0x == 0) {
851 ip = NULL;
852 goto t0_exit;
853 }
854 ip = &t0_codeblock[t0x];
855 break;
856 case 1: /* literal constant */
857 T0_PUSHi(t0_parse7E_signed(&ip));
858 break;
859 case 2: /* read local */
860 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
861 break;
862 case 3: /* write local */
863 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
864 break;
865 case 4: /* jump */
866 t0off = t0_parse7E_signed(&ip);
867 ip += t0off;
868 break;
869 case 5: /* jump if */
870 t0off = t0_parse7E_signed(&ip);
871 if (T0_POP()) {
872 ip += t0off;
873 }
874 break;
875 case 6: /* jump if not */
876 t0off = t0_parse7E_signed(&ip);
877 if (!T0_POP()) {
878 ip += t0off;
879 }
880 break;
881 case 7: {
882 /* * */
883
884 uint32_t b = T0_POP();
885 uint32_t a = T0_POP();
886 T0_PUSH(a * b);
887
888 }
889 break;
890 case 8: {
891 /* + */
892
893 uint32_t b = T0_POP();
894 uint32_t a = T0_POP();
895 T0_PUSH(a + b);
896
897 }
898 break;
899 case 9: {
900 /* - */
901
902 uint32_t b = T0_POP();
903 uint32_t a = T0_POP();
904 T0_PUSH(a - b);
905
906 }
907 break;
908 case 10: {
909 /* < */
910
911 int32_t b = T0_POPi();
912 int32_t a = T0_POPi();
913 T0_PUSH(-(uint32_t)(a < b));
914
915 }
916 break;
917 case 11: {
918 /* << */
919
920 int c = (int)T0_POPi();
921 uint32_t x = T0_POP();
922 T0_PUSH(x << c);
923
924 }
925 break;
926 case 12: {
927 /* <> */
928
929 uint32_t b = T0_POP();
930 uint32_t a = T0_POP();
931 T0_PUSH(-(uint32_t)(a != b));
932
933 }
934 break;
935 case 13: {
936 /* = */
937
938 uint32_t b = T0_POP();
939 uint32_t a = T0_POP();
940 T0_PUSH(-(uint32_t)(a == b));
941
942 }
943 break;
944 case 14: {
945 /* > */
946
947 int32_t b = T0_POPi();
948 int32_t a = T0_POPi();
949 T0_PUSH(-(uint32_t)(a > b));
950
951 }
952 break;
953 case 15: {
954 /* >= */
955
956 int32_t b = T0_POPi();
957 int32_t a = T0_POPi();
958 T0_PUSH(-(uint32_t)(a >= b));
959
960 }
961 break;
962 case 16: {
963 /* >> */
964
965 int c = (int)T0_POPi();
966 int32_t x = T0_POPi();
967 T0_PUSHi(x >> c);
968
969 }
970 break;
971 case 17: {
972 /* and */
973
974 uint32_t b = T0_POP();
975 uint32_t a = T0_POP();
976 T0_PUSH(a & b);
977
978 }
979 break;
980 case 18: {
981 /* bzero */
982
983 size_t len = (size_t)T0_POP();
984 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
985 memset(addr, 0, len);
986
987 }
988 break;
989 case 19: {
990 /* can-output? */
991
992 T0_PUSHi(-(ENG->hlen_out > 0));
993
994 }
995 break;
996 case 20: {
997 /* co */
998 T0_CO();
999 }
1000 break;
1001 case 21: {
1002 /* compute-Finished-inner */
1003
1004 int prf_id = T0_POP();
1005 int from_client = T0_POPi();
1006 unsigned char seed[48];
1007 size_t seed_len;
1008
1009 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1010 if (ENG->session.version >= BR_TLS12) {
1011 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1012 } else {
1013 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1014 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1015 seed_len = 36;
1016 }
1017 prf(ENG->pad, 12, ENG->session.master_secret,
1018 sizeof ENG->session.master_secret,
1019 from_client ? "client finished" : "server finished",
1020 seed, seed_len);
1021
1022 }
1023 break;
1024 case 22: {
1025 /* data-get8 */
1026
1027 size_t addr = T0_POP();
1028 T0_PUSH(t0_datablock[addr]);
1029
1030 }
1031 break;
1032 case 23: {
1033 /* discard-input */
1034
1035 ENG->hlen_in = 0;
1036
1037 }
1038 break;
1039 case 24: {
1040 /* do-ecdh */
1041
1042 unsigned prf_id = T0_POP();
1043 unsigned ecdhe = T0_POP();
1044 int x;
1045
1046 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1047 if (x < 0) {
1048 br_ssl_engine_fail(ENG, -x);
1049 T0_CO();
1050 } else {
1051 T0_PUSH(x);
1052 }
1053
1054 }
1055 break;
1056 case 25: {
1057 /* do-rsa-encrypt */
1058
1059 int x;
1060
1061 x = make_pms_rsa(CTX, T0_POP());
1062 if (x < 0) {
1063 br_ssl_engine_fail(ENG, -x);
1064 T0_CO();
1065 } else {
1066 T0_PUSH(x);
1067 }
1068
1069 }
1070 break;
1071 case 26: {
1072 /* drop */
1073 (void)T0_POP();
1074 }
1075 break;
1076 case 27: {
1077 /* dup */
1078 T0_PUSH(T0_PEEK(0));
1079 }
1080 break;
1081 case 28: {
1082 /* fail */
1083
1084 br_ssl_engine_fail(ENG, (int)T0_POPi());
1085 T0_CO();
1086
1087 }
1088 break;
1089 case 29: {
1090 /* flush-record */
1091
1092 br_ssl_engine_flush_record(ENG);
1093
1094 }
1095 break;
1096 case 30: {
1097 /* get16 */
1098
1099 size_t addr = (size_t)T0_POP();
1100 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1101
1102 }
1103 break;
1104 case 31: {
1105 /* get8 */
1106
1107 size_t addr = (size_t)T0_POP();
1108 T0_PUSH(*((unsigned char *)ENG + addr));
1109
1110 }
1111 break;
1112 case 32: {
1113 /* has-input? */
1114
1115 T0_PUSHi(-(ENG->hlen_in != 0));
1116
1117 }
1118 break;
1119 case 33: {
1120 /* memcmp */
1121
1122 size_t len = (size_t)T0_POP();
1123 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1124 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1125 int x = memcmp(addr1, addr2, len);
1126 T0_PUSH((uint32_t)-(x == 0));
1127
1128 }
1129 break;
1130 case 34: {
1131 /* memcpy */
1132
1133 size_t len = (size_t)T0_POP();
1134 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1135 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1136 memcpy(dst, src, len);
1137
1138 }
1139 break;
1140 case 35: {
1141 /* mkrand */
1142
1143 size_t len = (size_t)T0_POP();
1144 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1145 br_hmac_drbg_generate(&ENG->rng, addr, len);
1146
1147 }
1148 break;
1149 case 36: {
1150 /* more-incoming-bytes? */
1151
1152 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1153
1154 }
1155 break;
1156 case 37: {
1157 /* multihash-init */
1158
1159 br_multihash_init(&ENG->mhash);
1160
1161 }
1162 break;
1163 case 38: {
1164 /* not */
1165
1166 uint32_t a = T0_POP();
1167 T0_PUSH(~a);
1168
1169 }
1170 break;
1171 case 39: {
1172 /* or */
1173
1174 uint32_t b = T0_POP();
1175 uint32_t a = T0_POP();
1176 T0_PUSH(a | b);
1177
1178 }
1179 break;
1180 case 40: {
1181 /* over */
1182 T0_PUSH(T0_PEEK(1));
1183 }
1184 break;
1185 case 41: {
1186 /* read-chunk-native */
1187
1188 size_t clen = ENG->hlen_in;
1189 if (clen > 0) {
1190 uint32_t addr, len;
1191
1192 len = T0_POP();
1193 addr = T0_POP();
1194 if ((size_t)len < clen) {
1195 clen = (size_t)len;
1196 }
1197 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1198 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1199 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1200 }
1201 T0_PUSH(addr + (uint32_t)clen);
1202 T0_PUSH(len - (uint32_t)clen);
1203 ENG->hbuf_in += clen;
1204 ENG->hlen_in -= clen;
1205 }
1206
1207 }
1208 break;
1209 case 42: {
1210 /* read8-native */
1211
1212 if (ENG->hlen_in > 0) {
1213 unsigned char x;
1214
1215 x = *ENG->hbuf_in ++;
1216 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1217 br_multihash_update(&ENG->mhash, &x, 1);
1218 }
1219 T0_PUSH(x);
1220 ENG->hlen_in --;
1221 } else {
1222 T0_PUSHi(-1);
1223 }
1224
1225 }
1226 break;
1227 case 43: {
1228 /* set16 */
1229
1230 size_t addr = (size_t)T0_POP();
1231 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1232
1233 }
1234 break;
1235 case 44: {
1236 /* set8 */
1237
1238 size_t addr = (size_t)T0_POP();
1239 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1240
1241 }
1242 break;
1243 case 45: {
1244 /* strlen */
1245
1246 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1247 T0_PUSH((uint32_t)strlen(str));
1248
1249 }
1250 break;
1251 case 46: {
1252 /* supported-curves */
1253
1254 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1255 T0_PUSH(x);
1256
1257 }
1258 break;
1259 case 47: {
1260 /* supported-hash-functions */
1261
1262 int i;
1263 unsigned x, num;
1264
1265 x = 0;
1266 num = 0;
1267 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1268 if (br_multihash_getimpl(&ENG->mhash, i)) {
1269 x |= 1U << i;
1270 num ++;
1271 }
1272 }
1273 T0_PUSH(x);
1274 T0_PUSH(num);
1275
1276 }
1277 break;
1278 case 48: {
1279 /* supports-ecdsa? */
1280
1281 T0_PUSHi(-(CTX->iecdsa != 0));
1282
1283 }
1284 break;
1285 case 49: {
1286 /* supports-rsa-sign? */
1287
1288 T0_PUSHi(-(CTX->irsavrfy != 0));
1289
1290 }
1291 break;
1292 case 50: {
1293 /* swap */
1294 T0_SWAP();
1295 }
1296 break;
1297 case 51: {
1298 /* switch-aesgcm-in */
1299
1300 int is_client, prf_id;
1301 unsigned cipher_key_len;
1302
1303 cipher_key_len = T0_POP();
1304 prf_id = T0_POP();
1305 is_client = T0_POP();
1306 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1307 ENG->iaes_ctr, cipher_key_len);
1308
1309 }
1310 break;
1311 case 52: {
1312 /* switch-aesgcm-out */
1313
1314 int is_client, prf_id;
1315 unsigned cipher_key_len;
1316
1317 cipher_key_len = T0_POP();
1318 prf_id = T0_POP();
1319 is_client = T0_POP();
1320 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1321 ENG->iaes_ctr, cipher_key_len);
1322
1323 }
1324 break;
1325 case 53: {
1326 /* switch-cbc-in */
1327
1328 int is_client, prf_id, mac_id, aes;
1329 unsigned cipher_key_len;
1330
1331 cipher_key_len = T0_POP();
1332 aes = T0_POP();
1333 mac_id = T0_POP();
1334 prf_id = T0_POP();
1335 is_client = T0_POP();
1336 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1337 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1338
1339 }
1340 break;
1341 case 54: {
1342 /* switch-cbc-out */
1343
1344 int is_client, prf_id, mac_id, aes;
1345 unsigned cipher_key_len;
1346
1347 cipher_key_len = T0_POP();
1348 aes = T0_POP();
1349 mac_id = T0_POP();
1350 prf_id = T0_POP();
1351 is_client = T0_POP();
1352 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1353 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1354
1355 }
1356 break;
1357 case 55: {
1358 /* u>> */
1359
1360 int c = (int)T0_POPi();
1361 uint32_t x = T0_POP();
1362 T0_PUSH(x >> c);
1363
1364 }
1365 break;
1366 case 56: {
1367 /* verify-SKE-sig */
1368
1369 size_t sig_len = T0_POP();
1370 int use_rsa = T0_POPi();
1371 int hash = T0_POPi();
1372
1373 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1374
1375 }
1376 break;
1377 case 57: {
1378 /* write-blob-chunk */
1379
1380 size_t clen = ENG->hlen_out;
1381 if (clen > 0) {
1382 uint32_t addr, len;
1383
1384 len = T0_POP();
1385 addr = T0_POP();
1386 if ((size_t)len < clen) {
1387 clen = (size_t)len;
1388 }
1389 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1390 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1391 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1392 }
1393 T0_PUSH(addr + (uint32_t)clen);
1394 T0_PUSH(len - (uint32_t)clen);
1395 ENG->hbuf_out += clen;
1396 ENG->hlen_out -= clen;
1397 }
1398
1399 }
1400 break;
1401 case 58: {
1402 /* write8-native */
1403
1404 unsigned char x;
1405
1406 x = (unsigned char)T0_POP();
1407 if (ENG->hlen_out > 0) {
1408 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1409 br_multihash_update(&ENG->mhash, &x, 1);
1410 }
1411 *ENG->hbuf_out ++ = x;
1412 ENG->hlen_out --;
1413 T0_PUSHi(-1);
1414 } else {
1415 T0_PUSHi(0);
1416 }
1417
1418 }
1419 break;
1420 case 59: {
1421 /* x509-append */
1422
1423 const br_x509_class *xc;
1424 size_t len;
1425
1426 xc = *(ENG->x509ctx);
1427 len = T0_POP();
1428 xc->append(ENG->x509ctx, ENG->pad, len);
1429
1430 }
1431 break;
1432 case 60: {
1433 /* x509-end-cert */
1434
1435 const br_x509_class *xc;
1436
1437 xc = *(ENG->x509ctx);
1438 xc->end_cert(ENG->x509ctx);
1439
1440 }
1441 break;
1442 case 61: {
1443 /* x509-end-chain */
1444
1445 const br_x509_class *xc;
1446
1447 xc = *(ENG->x509ctx);
1448 T0_PUSH(xc->end_chain(ENG->x509ctx));
1449
1450 }
1451 break;
1452 case 62: {
1453 /* x509-start-cert */
1454
1455 const br_x509_class *xc;
1456
1457 xc = *(ENG->x509ctx);
1458 xc->start_cert(ENG->x509ctx, T0_POP());
1459
1460 }
1461 break;
1462 case 63: {
1463 /* x509-start-chain */
1464
1465 const br_x509_class *xc;
1466
1467 xc = *(ENG->x509ctx);
1468 xc->start_chain(ENG->x509ctx, T0_POP(), ENG->server_name);
1469
1470 }
1471 break;
1472 }
1473
1474 } else {
1475 T0_ENTER(ip, rp, t0x);
1476 }
1477 }
1478 t0_exit:
1479 ((t0_context *)t0ctx)->dp = dp;
1480 ((t0_context *)t0ctx)->rp = rp;
1481 ((t0_context *)t0ctx)->ip = ip;
1482 }
The BearSSL library and tools.