projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added flag to prohibit renegotiations.
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
204 * use_rsa non-zero for RSA signature, zero for ECDSA
205 * sig_len signature length (in bytes); signature value is in the pad
206 * Returned value is 0 on success, or an error code.
207 */
208 static int
209 verify_SKE_sig(br_ssl_client_context *ctx,
210 int hash, int use_rsa, size_t sig_len)
211 {
212 const br_x509_class **xc;
213 const br_x509_pkey *pk;
214 br_multihash_context mhc;
215 unsigned char hv[64], head[4];
216 size_t hv_len;
217
218 xc = ctx->eng.x509ctx;
219 pk = (*xc)->get_pkey(xc);
220 br_multihash_zero(&mhc);
221 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
222 br_multihash_init(&mhc);
223 br_multihash_update(&mhc,
224 ctx->eng.client_random, sizeof ctx->eng.client_random);
225 br_multihash_update(&mhc,
226 ctx->eng.server_random, sizeof ctx->eng.server_random);
227 head[0] = 3;
228 head[1] = 0;
229 head[2] = ctx->eng.ecdhe_curve;
230 head[3] = ctx->eng.ecdhe_point_len;
231 br_multihash_update(&mhc, head, sizeof head);
232 br_multihash_update(&mhc,
233 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
234 if (hash) {
235 hv_len = br_multihash_out(&mhc, hash, hv);
236 if (hv_len == 0) {
237 return BR_ERR_INVALID_ALGORITHM;
238 }
239 } else {
240 if (!br_multihash_out(&mhc, br_md5_ID, hv)
241 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
242 {
243 return BR_ERR_INVALID_ALGORITHM;
244 }
245 hv_len = 36;
246 }
247 if (use_rsa) {
248 unsigned char tmp[64];
249 const unsigned char *hash_oid;
250
251 if (hash) {
252 hash_oid = HASH_OID[hash - 2];
253 } else {
254 hash_oid = NULL;
255 }
256 if (!ctx->irsavrfy(ctx->eng.pad, sig_len,
257 hash_oid, hv_len, &pk->key.rsa, tmp)
258 || memcmp(tmp, hv, hv_len) != 0)
259 {
260 return BR_ERR_BAD_SIGNATURE;
261 }
262 } else {
263 if (!ctx->iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
264 ctx->eng.pad, sig_len))
265 {
266 return BR_ERR_BAD_SIGNATURE;
267 }
268 }
269 return 0;
270 }
271
272 /*
273 * Perform client-size ECDH (or ECDHE). The point that should be sent to
274 * the server is written in the pad; returned value is either the point
275 * length (in bytes), or -x on error, with 'x' being an error code.
276 *
277 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
278 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
279 * (for static ECDH).
280 */
281 static int
282 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
283 {
284 int curve;
285 unsigned char key[66], point[133];
286 const unsigned char *generator, *order, *point_src;
287 size_t glen, olen, point_len;
288 unsigned char mask;
289
290 if (ecdhe) {
291 curve = ctx->eng.ecdhe_curve;
292 point_src = ctx->eng.ecdhe_point;
293 point_len = ctx->eng.ecdhe_point_len;
294 } else {
295 const br_x509_class **xc;
296 const br_x509_pkey *pk;
297
298 xc = ctx->eng.x509ctx;
299 pk = (*xc)->get_pkey(xc);
300 curve = pk->key.ec.curve;
301 point_src = pk->key.ec.q;
302 point_len = pk->key.ec.qlen;
303 }
304 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
305 return -BR_ERR_INVALID_ALGORITHM;
306 }
307
308 /*
309 * We need to generate our key, as a non-zero random value which
310 * is lower than the curve order, in a "large enough" range. We
311 * force top bit to 0 and bottom bit to 1, which guarantees that
312 * the value is in the proper range.
313 */
314 order = ctx->eng.iec->order(curve, &olen);
315 mask = 0xFF;
316 while (mask >= order[0]) {
317 mask >>= 1;
318 }
319 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
320 key[0] &= mask;
321 key[olen - 1] |= 0x01;
322
323 /*
324 * Compute the common ECDH point, whose X coordinate is the
325 * pre-master secret.
326 */
327 generator = ctx->eng.iec->generator(curve, &glen);
328 if (glen != point_len) {
329 return -BR_ERR_INVALID_ALGORITHM;
330 }
331
332 memcpy(point, point_src, glen);
333 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
334 return -BR_ERR_INVALID_ALGORITHM;
335 }
336
337 /*
338 * The pre-master secret is the X coordinate.
339 */
340 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
341
342 memcpy(point, generator, glen);
343 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
344 return -BR_ERR_INVALID_ALGORITHM;
345 }
346 memcpy(ctx->eng.pad, point, glen);
347 return (int)glen;
348 }
349
350
351
352 static const uint8_t t0_datablock[] = {
353 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
354 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
355 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
356 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
357 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
358 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
359 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
360 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
361 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
362 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
363 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
364 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
365 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
366 };
367
368 static const uint8_t t0_codeblock[] = {
369 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0C, 0x00, 0x00, 0x01,
370 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01, 0x01, 0x08,
371 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
372 0x01, 0x02, 0x09, 0x00, 0x00, 0x1A, 0x1A, 0x00, 0x00, 0x01,
373 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
374 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
375 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
376 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
377 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
378 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
379 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
380 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
381 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
382 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
383 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
384 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
385 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
386 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
387 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
388 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
389 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
391 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
392 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
393 0x01,
394 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
395 0x00, 0x00, 0x01,
396 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
397 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
398 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
399 0x00, 0x00, 0x01,
400 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
401 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
402 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
403 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
404 0x00, 0x00, 0x01,
405 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
406 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
407 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00,
408 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)),
409 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)),
410 0x00, 0x00, 0x01,
411 T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00, 0x00,
412 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)), 0x00,
413 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_random)),
414 0x00, 0x00, 0x01,
415 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
416 0x00, 0x00, 0x01,
417 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
418 0x00, 0x00, 0x01,
419 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
420 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
421 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
422 0x01,
423 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
424 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
425 0x00, 0x00, 0x01,
426 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
427 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
428 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
429 0x00, 0x00, 0x09, 0x1B, 0x42, 0x06, 0x02, 0x52, 0x1C, 0x00, 0x00, 0x06,
430 0x08, 0x1E, 0x0D, 0x05, 0x02, 0x5B, 0x1C, 0x04, 0x01, 0x2D, 0x00, 0x00,
431 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x7D, 0x1B, 0x48, 0x34, 0x81, 0x01,
432 0x1B, 0x05, 0x04, 0x4A, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0D, 0x06, 0x03,
433 0x81, 0x01, 0x00, 0x48, 0x04, 0x69, 0x00, 0x06, 0x02, 0x52, 0x1C, 0x00,
434 0x00, 0x1B, 0x6E, 0x34, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x34, 0x61, 0x1E,
435 0x81, 0x0F, 0x15, 0x6A, 0x01, 0x0C, 0x23, 0x00, 0x00, 0x1B, 0x16, 0x01,
436 0x08, 0x0B, 0x34, 0x46, 0x16, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00,
437 0x60, 0x2E, 0x1D, 0x13, 0x28, 0x06, 0x08, 0x02, 0x00, 0x81, 0x2E, 0x03,
438 0x00, 0x04, 0x74, 0x01, 0x00, 0x81, 0x26, 0x02, 0x00, 0x1B, 0x13, 0x11,
439 0x06, 0x02, 0x59, 0x1C, 0x81, 0x2E, 0x04, 0x75, 0x01, 0x01, 0x00, 0x60,
440 0x2E, 0x01, 0x16, 0x6C, 0x2E, 0x26, 0x81, 0x32, 0x1D, 0x81, 0x16, 0x06,
441 0x0B, 0x01, 0x7F, 0x81, 0x12, 0x01, 0x7F, 0x81, 0x31, 0x04, 0x80, 0x42,
442 0x81, 0x13, 0x61, 0x1E, 0x81, 0x05, 0x01, T0_INT1(BR_KEYTYPE_SIGN),
443 0x11, 0x06, 0x02, 0x81, 0x17, 0x81, 0x1A, 0x1B, 0x01, 0x0D, 0x0D, 0x06,
444 0x09, 0x1A, 0x81, 0x19, 0x81, 0x1A, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00,
445 0x03, 0x00, 0x01, 0x0E, 0x0D, 0x05, 0x02, 0x5C, 0x1C, 0x06, 0x02, 0x51,
446 0x1C, 0x25, 0x06, 0x02, 0x5C, 0x1C, 0x02, 0x00, 0x06, 0x02, 0x81, 0x38,
447 0x81, 0x33, 0x01, 0x7F, 0x81, 0x31, 0x01, 0x7F, 0x81, 0x12, 0x01, 0x01,
448 0x60, 0x2E, 0x01, 0x17, 0x6C, 0x2E, 0x00, 0x00, 0x2A, 0x2A, 0x00, 0x00,
449 0x7E, 0x01, 0x0C, 0x10, 0x01, 0x00, 0x2A, 0x0D, 0x06, 0x05, 0x1A, 0x01,
450 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
451 0x2A, 0x0D, 0x06, 0x05, 0x1A, 0x01,
452 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
453 0x2A, 0x0D, 0x06, 0x05, 0x1A, 0x01,
454 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
455 0x2A, 0x0D, 0x06, 0x05, 0x1A, 0x01,
456 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
457 0x2A, 0x0D, 0x06, 0x05, 0x1A, 0x01,
458 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
459 0x34, 0x1A, 0x00, 0x00, 0x68, 0x20, 0x01, 0x0E, 0x0D, 0x06, 0x04, 0x01,
460 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x30, 0x06, 0x04, 0x01, 0x06,
461 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x6D, 0x20, 0x1B, 0x06, 0x08, 0x01,
462 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x1A, 0x01, 0x05, 0x00, 0x01,
463 0x31, 0x03, 0x00, 0x1A, 0x01, 0x00, 0x33, 0x06, 0x03, 0x02, 0x00, 0x08,
464 0x32, 0x06, 0x03, 0x02, 0x00, 0x08, 0x1B, 0x06, 0x06, 0x01, 0x01, 0x0B,
465 0x01, 0x06, 0x08, 0x00, 0x00, 0x6F, 0x2F, 0x1B, 0x06, 0x03, 0x01, 0x09,
466 0x08, 0x00, 0x01, 0x30, 0x1B, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x1B,
467 0x06, 0x0E, 0x1B, 0x01, 0x01, 0x11, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
468 0x01, 0x10, 0x04, 0x6F, 0x1A, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
469 0x08, 0x00, 0x00, 0x67, 0x1F, 0x34, 0x10, 0x01, 0x01, 0x11, 0x27, 0x00,
470 0x00, 0x81, 0x03, 0x81, 0x2D, 0x1B, 0x01, 0x07, 0x11, 0x01, 0x00, 0x2A,
471 0x0D, 0x06, 0x0A, 0x1A, 0x01, 0x10, 0x11, 0x06, 0x02, 0x81, 0x03, 0x04,
472 0x32, 0x01, 0x01, 0x2A, 0x0D, 0x06, 0x29, 0x1A, 0x1A, 0x01, 0x00, 0x60,
473 0x2E, 0x81, 0x15, 0x6D, 0x20, 0x01, 0x01, 0x0D, 0x01, 0x01, 0x81, 0x0C,
474 0x29, 0x06, 0x11, 0x1D, 0x13, 0x28, 0x06, 0x05, 0x81, 0x2D, 0x1A, 0x04,
475 0x77, 0x01, 0x80, 0x64, 0x81, 0x26, 0x04, 0x02, 0x81, 0x03, 0x04, 0x03,
476 0x5C, 0x1C, 0x1A, 0x04, 0xFF, 0x35, 0x01, 0x1B, 0x03, 0x00, 0x09, 0x1B,
477 0x42, 0x06, 0x02, 0x52, 0x1C, 0x02, 0x00, 0x00, 0x00, 0x7E, 0x01, 0x0F,
478 0x11, 0x00, 0x00, 0x5F, 0x20, 0x01, 0x00, 0x2A, 0x0D, 0x06, 0x10, 0x1A,
479 0x1B, 0x01, 0x01, 0x0C, 0x06, 0x03, 0x1A, 0x01, 0x02, 0x5F, 0x2E, 0x01,
480 0x00, 0x04, 0x22, 0x01, 0x01, 0x2A, 0x0D, 0x06, 0x15, 0x1A, 0x01, 0x00,
481 0x5F, 0x2E, 0x1B, 0x01, 0x80, 0x64, 0x0D, 0x06, 0x05, 0x01, 0x82, 0x00,
482 0x08, 0x1C, 0x44, 0x00, 0x04, 0x07, 0x1A, 0x01, 0x82, 0x00, 0x08, 0x1C,
483 0x1A, 0x00, 0x00, 0x01, 0x00, 0x21, 0x06, 0x06, 0x2C, 0x81, 0x10, 0x29,
484 0x04, 0x77, 0x1B, 0x06, 0x04, 0x01, 0x01, 0x73, 0x2E, 0x00, 0x00, 0x21,
485 0x06, 0x0B, 0x6B, 0x20, 0x01, 0x14, 0x0C, 0x06, 0x02, 0x5C, 0x1C, 0x04,
486 0x12, 0x81, 0x2D, 0x01, 0x07, 0x11, 0x1B, 0x01, 0x02, 0x0C, 0x06, 0x06,
487 0x06, 0x02, 0x5C, 0x1C, 0x04, 0x6F, 0x1A, 0x81, 0x23, 0x01, 0x01, 0x0C,
488 0x25, 0x29, 0x06, 0x02, 0x4B, 0x1C, 0x1B, 0x01, 0x01, 0x81, 0x29, 0x28,
489 0x81, 0x14, 0x00, 0x01, 0x81, 0x1A, 0x01, 0x0B, 0x0D, 0x05, 0x02, 0x5C,
490 0x1C, 0x61, 0x1E, 0x81, 0x05, 0x41, 0x81, 0x21, 0x81, 0x0E, 0x1B, 0x06,
491 0x26, 0x81, 0x21, 0x81, 0x0E, 0x1B, 0x40, 0x1B, 0x06, 0x19, 0x1B, 0x01,
492 0x82, 0x00, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x1B, 0x03,
493 0x00, 0x6A, 0x02, 0x00, 0x81, 0x18, 0x02, 0x00, 0x3D, 0x04, 0x64, 0x7F,
494 0x3E, 0x04, 0x57, 0x7F, 0x7F, 0x3F, 0x1B, 0x06, 0x01, 0x1C, 0x1A, 0x00,
495 0x00, 0x81, 0x00, 0x81, 0x1A, 0x01, 0x14, 0x0C, 0x06, 0x02, 0x5C, 0x1C,
496 0x6A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x81, 0x18, 0x7F, 0x6A, 0x1B, 0x01,
497 0x0C, 0x08, 0x01, 0x0C, 0x22, 0x05, 0x02, 0x4E, 0x1C, 0x00, 0x00, 0x81,
498 0x1B, 0x06, 0x02, 0x5C, 0x1C, 0x06, 0x02, 0x50, 0x1C, 0x00, 0x09, 0x81,
499 0x1A, 0x01, 0x02, 0x0D, 0x05, 0x02, 0x5C, 0x1C, 0x81, 0x20, 0x03, 0x00,
500 0x02, 0x00, 0x79, 0x1E, 0x0A, 0x02, 0x00, 0x78, 0x1E, 0x0E, 0x29, 0x06,
501 0x02, 0x5D, 0x1C, 0x02, 0x00, 0x77, 0x1E, 0x0C, 0x06, 0x02, 0x55, 0x1C,
502 0x02, 0x00, 0x7A, 0x2D, 0x70, 0x01, 0x20, 0x81, 0x18, 0x01, 0x00, 0x03,
503 0x01, 0x81, 0x22, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0E, 0x06, 0x02,
504 0x5A, 0x1C, 0x6A, 0x02, 0x02, 0x81, 0x18, 0x02, 0x02, 0x72, 0x20, 0x0D,
505 0x02, 0x02, 0x01, 0x00, 0x0E, 0x11, 0x06, 0x0B, 0x71, 0x6A, 0x02, 0x02,
506 0x22, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x71, 0x6A, 0x02, 0x02, 0x23,
507 0x02, 0x02, 0x72, 0x2E, 0x02, 0x00, 0x76, 0x02, 0x01, 0x7C, 0x81, 0x20,
508 0x1B, 0x81, 0x24, 0x42, 0x06, 0x02, 0x4C, 0x1C, 0x61, 0x02, 0x01, 0x7C,
509 0x81, 0x22, 0x06, 0x02, 0x4D, 0x1C, 0x1B, 0x06, 0x81, 0x3D, 0x81, 0x20,
510 0x81, 0x0E, 0x81, 0x0A, 0x03, 0x03, 0x81, 0x08, 0x03, 0x04, 0x81, 0x06,
511 0x03, 0x05, 0x81, 0x09, 0x03, 0x06, 0x81, 0x0B, 0x03, 0x07, 0x81, 0x07,
512 0x03, 0x08, 0x1B, 0x06, 0x81, 0x0B, 0x81, 0x20, 0x01, 0x00, 0x2A, 0x0D,
513 0x06, 0x10, 0x1A, 0x02, 0x03, 0x05, 0x02, 0x56, 0x1C, 0x01, 0x00, 0x03,
514 0x03, 0x81, 0x1F, 0x04, 0x80, 0x70, 0x01, 0x01, 0x2A, 0x0D, 0x06, 0x10,
515 0x1A, 0x02, 0x05, 0x05, 0x02, 0x56, 0x1C, 0x01, 0x00, 0x03, 0x05, 0x81,
516 0x1D, 0x04, 0x80, 0x5A, 0x01, 0x83, 0xFE, 0x01, 0x2A, 0x0D, 0x06, 0x10,
517 0x1A, 0x02, 0x04, 0x05, 0x02, 0x56, 0x1C, 0x01, 0x00, 0x03, 0x04, 0x81,
518 0x1E, 0x04, 0x80, 0x42, 0x01, 0x0D, 0x2A, 0x0D, 0x06, 0x0F, 0x1A, 0x02,
519 0x06, 0x05, 0x02, 0x56, 0x1C, 0x01, 0x00, 0x03, 0x06, 0x81, 0x1C, 0x04,
520 0x2D, 0x01, 0x0A, 0x2A, 0x0D, 0x06, 0x0F, 0x1A, 0x02, 0x07, 0x05, 0x02,
521 0x56, 0x1C, 0x01, 0x00, 0x03, 0x07, 0x81, 0x1C, 0x04, 0x18, 0x01, 0x0B,
522 0x2A, 0x0D, 0x06, 0x0F, 0x1A, 0x02, 0x08, 0x05, 0x02, 0x56, 0x1C, 0x01,
523 0x00, 0x03, 0x08, 0x81, 0x1C, 0x04, 0x03, 0x56, 0x1C, 0x1A, 0x04, 0xFE,
524 0x71, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0E, 0x06, 0x02,
525 0x53, 0x1C, 0x01, 0x01, 0x6D, 0x2E, 0x7F, 0x7F, 0x02, 0x01, 0x00, 0x04,
526 0x81, 0x1A, 0x01, 0x0C, 0x0D, 0x05, 0x02, 0x5C, 0x1C, 0x81, 0x22, 0x01,
527 0x03, 0x0D, 0x05, 0x02, 0x57, 0x1C, 0x81, 0x20, 0x1B, 0x64, 0x2E, 0x1B,
528 0x01, 0x20, 0x0F, 0x06, 0x02, 0x57, 0x1C, 0x30, 0x34, 0x10, 0x01, 0x01,
529 0x11, 0x05, 0x02, 0x57, 0x1C, 0x81, 0x22, 0x1B, 0x01, 0x81, 0x05, 0x0E,
530 0x06, 0x02, 0x57, 0x1C, 0x1B, 0x66, 0x2E, 0x65, 0x34, 0x81, 0x18, 0x76,
531 0x1E, 0x01, 0x86, 0x03, 0x0F, 0x03, 0x00, 0x61, 0x1E, 0x81, 0x2B, 0x03,
532 0x01, 0x01, 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x23, 0x81, 0x22, 0x1B,
533 0x1B, 0x01, 0x02, 0x0A, 0x34, 0x01, 0x06, 0x0E, 0x29, 0x06, 0x02, 0x57,
534 0x1C, 0x03, 0x02, 0x81, 0x22, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03,
535 0x08, 0x0D, 0x05, 0x02, 0x57, 0x1C, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04,
536 0x01, 0x00, 0x03, 0x02, 0x81, 0x20, 0x1B, 0x03, 0x03, 0x1B, 0x01, 0x84,
537 0x00, 0x0E, 0x06, 0x02, 0x58, 0x1C, 0x6A, 0x34, 0x81, 0x18, 0x02, 0x02,
538 0x02, 0x01, 0x02, 0x03, 0x3A, 0x1B, 0x06, 0x01, 0x1C, 0x1A, 0x7F, 0x00,
539 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x7B, 0x02, 0x01, 0x02, 0x00,
540 0x2B, 0x1B, 0x01, 0x00, 0x0D, 0x06, 0x02, 0x4A, 0x00, 0x81, 0x2F, 0x04,
541 0x73, 0x00, 0x1B, 0x06, 0x05, 0x81, 0x22, 0x1A, 0x04, 0x78, 0x1A, 0x00,
542 0x00, 0x81, 0x1B, 0x1B, 0x44, 0x06, 0x07, 0x1A, 0x06, 0x02, 0x50, 0x1C,
543 0x04, 0x73, 0x00, 0x00, 0x81, 0x23, 0x01, 0x03, 0x81, 0x21, 0x34, 0x1A,
544 0x34, 0x00, 0x00, 0x81, 0x20, 0x81, 0x27, 0x00, 0x00, 0x81, 0x20, 0x01,
545 0x01, 0x0D, 0x05, 0x02, 0x4F, 0x1C, 0x81, 0x22, 0x01, 0x08, 0x08, 0x68,
546 0x20, 0x0D, 0x05, 0x02, 0x4F, 0x1C, 0x00, 0x00, 0x81, 0x20, 0x6D, 0x20,
547 0x05, 0x16, 0x01, 0x01, 0x0D, 0x05, 0x02, 0x53, 0x1C, 0x81, 0x22, 0x01,
548 0x00, 0x0D, 0x05, 0x02, 0x53, 0x1C, 0x01, 0x02, 0x6D, 0x2E, 0x04, 0x1E,
549 0x01, 0x19, 0x0D, 0x05, 0x02, 0x53, 0x1C, 0x81, 0x22, 0x01, 0x18, 0x0D,
550 0x05, 0x02, 0x53, 0x1C, 0x6A, 0x01, 0x18, 0x81, 0x18, 0x6E, 0x6A, 0x01,
551 0x18, 0x22, 0x05, 0x02, 0x53, 0x1C, 0x00, 0x00, 0x81, 0x20, 0x06, 0x02,
552 0x54, 0x1C, 0x00, 0x00, 0x01, 0x02, 0x7B, 0x81, 0x23, 0x01, 0x08, 0x0B,
553 0x81, 0x23, 0x08, 0x00, 0x00, 0x01, 0x03, 0x7B, 0x81, 0x23, 0x01, 0x08,
554 0x0B, 0x81, 0x23, 0x08, 0x01, 0x08, 0x0B, 0x81, 0x23, 0x08, 0x00, 0x00,
555 0x01, 0x01, 0x7B, 0x81, 0x23, 0x00, 0x00, 0x2C, 0x1B, 0x42, 0x05, 0x01,
556 0x00, 0x1A, 0x81, 0x2F, 0x04, 0x75, 0x02, 0x03, 0x00, 0x75, 0x20, 0x03,
557 0x01, 0x01, 0x00, 0x1B, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x1B, 0x01, 0x01,
558 0x0B, 0x74, 0x08, 0x1E, 0x02, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x46, 0x04,
559 0x6A, 0x1A, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, 0x6C, 0x2E, 0x34, 0x3C,
560 0x1A, 0x3C, 0x1A, 0x1D, 0x00, 0x00, 0x01, 0x01, 0x34, 0x81, 0x25, 0x00,
561 0x00, 0x34, 0x2A, 0x7B, 0x34, 0x1B, 0x06, 0x06, 0x81, 0x23, 0x1A, 0x47,
562 0x04, 0x77, 0x1A, 0x00, 0x00, 0x1B, 0x01, 0x81, 0xAC, 0x00, 0x0D, 0x06,
563 0x04, 0x1A, 0x01, 0x7F, 0x00, 0x7E, 0x43, 0x00, 0x02, 0x03, 0x00, 0x61,
564 0x1E, 0x7E, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x11, 0x02, 0x01, 0x01,
565 0x04, 0x10, 0x01, 0x0F, 0x11, 0x02, 0x01, 0x01, 0x08, 0x10, 0x01, 0x0F,
566 0x11, 0x01, 0x00, 0x2A, 0x0D, 0x06, 0x10, 0x1A, 0x01, 0x00, 0x01, 0x18,
567 0x02, 0x00, 0x06, 0x03, 0x37, 0x04, 0x01, 0x38, 0x04, 0x80, 0x56, 0x01,
568 0x01, 0x2A, 0x0D, 0x06, 0x10, 0x1A, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00,
569 0x06, 0x03, 0x37, 0x04, 0x01, 0x38, 0x04, 0x80, 0x40, 0x01, 0x02, 0x2A,
570 0x0D, 0x06, 0x0F, 0x1A, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
571 0x37, 0x04, 0x01, 0x38, 0x04, 0x2B, 0x01, 0x03, 0x2A, 0x0D, 0x06, 0x0E,
572 0x1A, 0x1A, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01, 0x36,
573 0x04, 0x17, 0x01, 0x04, 0x2A, 0x0D, 0x06, 0x0E, 0x1A, 0x1A, 0x01, 0x20,
574 0x02, 0x00, 0x06, 0x03, 0x35, 0x04, 0x01, 0x36, 0x04, 0x03, 0x52, 0x1C,
575 0x1A, 0x00, 0x00, 0x7E, 0x01, 0x0C, 0x10, 0x1B, 0x45, 0x34, 0x01, 0x03,
576 0x0A, 0x11, 0x00, 0x00, 0x7E, 0x01, 0x0C, 0x10, 0x01, 0x01, 0x0D, 0x00,
577 0x00, 0x7E, 0x01, 0x0C, 0x10, 0x44, 0x00, 0x00, 0x14, 0x01, 0x00, 0x5E,
578 0x20, 0x1B, 0x06, 0x20, 0x01, 0x01, 0x2A, 0x0D, 0x06, 0x07, 0x1A, 0x01,
579 0x00, 0x81, 0x02, 0x04, 0x11, 0x01, 0x02, 0x2A, 0x0D, 0x06, 0x0A, 0x1A,
580 0x60, 0x20, 0x06, 0x03, 0x01, 0x10, 0x29, 0x04, 0x01, 0x1A, 0x04, 0x01,
581 0x1A, 0x63, 0x20, 0x05, 0x35, 0x21, 0x06, 0x32, 0x6B, 0x20, 0x01, 0x14,
582 0x2A, 0x0D, 0x06, 0x06, 0x1A, 0x01, 0x02, 0x29, 0x04, 0x24, 0x01, 0x15,
583 0x2A, 0x0D, 0x06, 0x0B, 0x1A, 0x81, 0x11, 0x06, 0x04, 0x01, 0x7F, 0x81,
584 0x02, 0x04, 0x13, 0x01, 0x16, 0x2A, 0x0D, 0x06, 0x06, 0x1A, 0x01, 0x01,
585 0x29, 0x04, 0x07, 0x1A, 0x01, 0x04, 0x29, 0x01, 0x00, 0x1A, 0x13, 0x06,
586 0x03, 0x01, 0x08, 0x29, 0x00, 0x00, 0x14, 0x1B, 0x05, 0x10, 0x21, 0x06,
587 0x0D, 0x6B, 0x20, 0x01, 0x15, 0x0D, 0x06, 0x05, 0x1A, 0x81, 0x11, 0x04,
588 0x01, 0x17, 0x00, 0x00, 0x81, 0x2D, 0x01, 0x07, 0x11, 0x01, 0x01, 0x0E,
589 0x06, 0x02, 0x5C, 0x1C, 0x00, 0x01, 0x03, 0x00, 0x1D, 0x13, 0x06, 0x05,
590 0x02, 0x00, 0x6C, 0x2E, 0x00, 0x81, 0x2D, 0x1A, 0x04, 0x73, 0x00, 0x01,
591 0x14, 0x81, 0x30, 0x01, 0x01, 0x81, 0x3C, 0x1D, 0x1B, 0x01, 0x00, 0x81,
592 0x29, 0x01, 0x16, 0x81, 0x30, 0x81, 0x34, 0x1D, 0x00, 0x02, 0x81, 0x08,
593 0x81, 0x0A, 0x08, 0x81, 0x06, 0x08, 0x81, 0x09, 0x08, 0x81, 0x0B, 0x08,
594 0x81, 0x07, 0x08, 0x03, 0x00, 0x01, 0x01, 0x81, 0x3C, 0x01, 0x27, 0x72,
595 0x20, 0x08, 0x75, 0x20, 0x01, 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04,
596 0x48, 0x02, 0x00, 0x08, 0x69, 0x1E, 0x2A, 0x09, 0x1B, 0x45, 0x06, 0x24,
597 0x02, 0x00, 0x05, 0x04, 0x34, 0x48, 0x34, 0x49, 0x01, 0x04, 0x09, 0x1B,
598 0x42, 0x06, 0x03, 0x1A, 0x01, 0x00, 0x1B, 0x01, 0x04, 0x08, 0x02, 0x00,
599 0x08, 0x03, 0x00, 0x34, 0x01, 0x04, 0x08, 0x2A, 0x08, 0x34, 0x04, 0x03,
600 0x1A, 0x01, 0x7F, 0x03, 0x01, 0x81, 0x3B, 0x78, 0x1E, 0x81, 0x3A, 0x62,
601 0x01, 0x04, 0x12, 0x62, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x24, 0x62, 0x01,
602 0x20, 0x81, 0x35, 0x71, 0x72, 0x20, 0x81, 0x37, 0x75, 0x20, 0x1B, 0x01,
603 0x01, 0x0B, 0x81, 0x3A, 0x74, 0x34, 0x1B, 0x06, 0x11, 0x47, 0x2A, 0x1E,
604 0x1B, 0x81, 0x28, 0x05, 0x02, 0x4C, 0x1C, 0x81, 0x3A, 0x34, 0x48, 0x34,
605 0x04, 0x6C, 0x4A, 0x01, 0x01, 0x81, 0x3C, 0x01, 0x00, 0x81, 0x3C, 0x02,
606 0x00, 0x06, 0x81, 0x47, 0x02, 0x00, 0x81, 0x3A, 0x81, 0x08, 0x06, 0x12,
607 0x01, 0x83, 0xFE, 0x01, 0x81, 0x3A, 0x6E, 0x81, 0x08, 0x01, 0x04, 0x09,
608 0x1B, 0x81, 0x3A, 0x47, 0x81, 0x37, 0x81, 0x0A, 0x06, 0x1C, 0x01, 0x00,
609 0x81, 0x3A, 0x6F, 0x81, 0x0A, 0x01, 0x04, 0x09, 0x1B, 0x81, 0x3A, 0x01,
610 0x02, 0x09, 0x1B, 0x81, 0x3A, 0x01, 0x00, 0x81, 0x3C, 0x01, 0x03, 0x09,
611 0x81, 0x36, 0x81, 0x06, 0x06, 0x0F, 0x01, 0x01, 0x81, 0x3A, 0x01, 0x01,
612 0x81, 0x3A, 0x68, 0x20, 0x01, 0x08, 0x09, 0x81, 0x3C, 0x81, 0x09, 0x06,
613 0x1F, 0x01, 0x0D, 0x81, 0x3A, 0x81, 0x09, 0x01, 0x04, 0x09, 0x1B, 0x81,
614 0x3A, 0x01, 0x02, 0x09, 0x81, 0x3A, 0x32, 0x06, 0x04, 0x01, 0x03, 0x81,
615 0x39, 0x33, 0x06, 0x04, 0x01, 0x01, 0x81, 0x39, 0x81, 0x0B, 0x1B, 0x06,
616 0x27, 0x01, 0x0A, 0x81, 0x3A, 0x01, 0x04, 0x09, 0x1B, 0x81, 0x3A, 0x49,
617 0x81, 0x3A, 0x30, 0x01, 0x00, 0x1B, 0x01, 0x20, 0x0A, 0x06, 0x0E, 0x81,
618 0x04, 0x10, 0x01, 0x01, 0x11, 0x06, 0x03, 0x1B, 0x81, 0x3A, 0x46, 0x04,
619 0x6C, 0x4A, 0x04, 0x01, 0x1A, 0x81, 0x07, 0x06, 0x0D, 0x01, 0x0B, 0x81,
620 0x3A, 0x01, 0x02, 0x81, 0x3A, 0x01, 0x82, 0x00, 0x81, 0x3A, 0x02, 0x01,
621 0x42, 0x05, 0x14, 0x01, 0x15, 0x81, 0x3A, 0x02, 0x01, 0x1B, 0x81, 0x3A,
622 0x1B, 0x06, 0x07, 0x47, 0x01, 0x00, 0x81, 0x3C, 0x04, 0x76, 0x1A, 0x00,
623 0x00, 0x01, 0x10, 0x81, 0x3C, 0x61, 0x1E, 0x1B, 0x81, 0x2C, 0x06, 0x10,
624 0x81, 0x0F, 0x19, 0x1B, 0x48, 0x81, 0x3B, 0x1B, 0x81, 0x3A, 0x6A, 0x34,
625 0x81, 0x35, 0x04, 0x12, 0x1B, 0x81, 0x2A, 0x34, 0x81, 0x0F, 0x18, 0x1B,
626 0x46, 0x81, 0x3B, 0x1B, 0x81, 0x3C, 0x6A, 0x34, 0x81, 0x35, 0x00, 0x00,
627 0x81, 0x00, 0x01, 0x14, 0x81, 0x3C, 0x01, 0x0C, 0x81, 0x3B, 0x6A, 0x01,
628 0x0C, 0x81, 0x35, 0x00, 0x00, 0x3B, 0x1B, 0x01, 0x00, 0x0D, 0x06, 0x02,
629 0x4A, 0x00, 0x81, 0x2D, 0x1A, 0x04, 0x72, 0x00, 0x1B, 0x81, 0x3A, 0x81,
630 0x35, 0x00, 0x00, 0x1B, 0x81, 0x3C, 0x81, 0x35, 0x00, 0x00, 0x01, 0x0B,
631 0x81, 0x3C, 0x01, 0x03, 0x81, 0x3B, 0x01, 0x00, 0x81, 0x3B, 0x00, 0x01,
632 0x03, 0x00, 0x31, 0x1A, 0x1B, 0x01, 0x10, 0x11, 0x06, 0x08, 0x01, 0x04,
633 0x81, 0x3C, 0x02, 0x00, 0x81, 0x3C, 0x1B, 0x01, 0x08, 0x11, 0x06, 0x08,
634 0x01, 0x03, 0x81, 0x3C, 0x02, 0x00, 0x81, 0x3C, 0x1B, 0x01, 0x20, 0x11,
635 0x06, 0x08, 0x01, 0x05, 0x81, 0x3C, 0x02, 0x00, 0x81, 0x3C, 0x1B, 0x01,
636 0x80, 0x40, 0x11, 0x06, 0x08, 0x01, 0x06, 0x81, 0x3C, 0x02, 0x00, 0x81,
637 0x3C, 0x01, 0x04, 0x11, 0x06, 0x08, 0x01, 0x02, 0x81, 0x3C, 0x02, 0x00,
638 0x81, 0x3C, 0x00, 0x00, 0x1B, 0x01, 0x08, 0x39, 0x81, 0x3C, 0x81, 0x3C,
639 0x00, 0x00, 0x1B, 0x01, 0x10, 0x39, 0x81, 0x3C, 0x81, 0x3A, 0x00, 0x00,
640 0x1B, 0x3C, 0x06, 0x02, 0x1A, 0x00, 0x81, 0x2D, 0x1A, 0x04, 0x75
641 };
642
643 static const uint16_t t0_caddr[] = {
644 0,
645 5,
646 10,
647 15,
648 20,
649 25,
650 30,
651 35,
652 40,
653 44,
654 48,
655 52,
656 56,
657 60,
658 64,
659 68,
660 72,
661 76,
662 80,
663 84,
664 88,
665 92,
666 96,
667 100,
668 104,
669 108,
670 112,
671 116,
672 120,
673 125,
674 130,
675 135,
676 140,
677 145,
678 150,
679 155,
680 160,
681 165,
682 170,
683 175,
684 180,
685 185,
686 190,
687 195,
688 200,
689 205,
690 210,
691 215,
692 220,
693 225,
694 230,
695 235,
696 240,
697 245,
698 250,
699 255,
700 260,
701 265,
702 274,
703 287,
704 291,
705 318,
706 324,
707 344,
708 355,
709 392,
710 495,
711 499,
712 564,
713 579,
714 590,
715 608,
716 637,
717 647,
718 683,
719 693,
720 771,
721 785,
722 791,
723 851,
724 871,
725 924,
726 993,
727 1027,
728 1039,
729 1364,
730 1521,
731 1546,
732 1557,
733 1572,
734 1583,
735 1589,
736 1612,
737 1672,
738 1680,
739 1693,
740 1712,
741 1719,
742 1731,
743 1766,
744 1778,
745 1785,
746 1801,
747 1817,
748 1955,
749 1968,
750 1977,
751 1984,
752 2090,
753 2112,
754 2126,
755 2143,
756 2166,
757 2529,
758 2576,
759 2593,
760 2608,
761 2615,
762 2622,
763 2636,
764 2712,
765 2722,
766 2732
767 };
768
769 #define T0_INTERPRETED 66
770
771 #define T0_ENTER(ip, rp, slot) do { \
772 const unsigned char *t0_newip; \
773 uint32_t t0_lnum; \
774 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
775 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
776 (rp) += t0_lnum; \
777 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
778 (ip) = t0_newip; \
779 } while (0)
780
781 #define T0_DEFENTRY(name, slot) \
782 void \
783 name(void *ctx) \
784 { \
785 t0_context *t0ctx = ctx; \
786 t0ctx->ip = &t0_codeblock[0]; \
787 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
788 }
789
790 T0_DEFENTRY(br_ssl_hs_client_init_main, 141)
791
792 void
793 br_ssl_hs_client_run(void *t0ctx)
794 {
795 uint32_t *dp, *rp;
796 const unsigned char *ip;
797
798 #define T0_LOCAL(x) (*(rp - 2 - (x)))
799 #define T0_POP() (*-- dp)
800 #define T0_POPi() (*(int32_t *)(-- dp))
801 #define T0_PEEK(x) (*(dp - 1 - (x)))
802 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
803 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
804 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
805 #define T0_RPOP() (*-- rp)
806 #define T0_RPOPi() (*(int32_t *)(-- rp))
807 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
808 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
809 #define T0_ROLL(x) do { \
810 size_t t0len = (size_t)(x); \
811 uint32_t t0tmp = *(dp - 1 - t0len); \
812 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
813 *(dp - 1) = t0tmp; \
814 } while (0)
815 #define T0_SWAP() do { \
816 uint32_t t0tmp = *(dp - 2); \
817 *(dp - 2) = *(dp - 1); \
818 *(dp - 1) = t0tmp; \
819 } while (0)
820 #define T0_ROT() do { \
821 uint32_t t0tmp = *(dp - 3); \
822 *(dp - 3) = *(dp - 2); \
823 *(dp - 2) = *(dp - 1); \
824 *(dp - 1) = t0tmp; \
825 } while (0)
826 #define T0_NROT() do { \
827 uint32_t t0tmp = *(dp - 1); \
828 *(dp - 1) = *(dp - 2); \
829 *(dp - 2) = *(dp - 3); \
830 *(dp - 3) = t0tmp; \
831 } while (0)
832 #define T0_PICK(x) do { \
833 uint32_t t0depth = (x); \
834 T0_PUSH(T0_PEEK(t0depth)); \
835 } while (0)
836 #define T0_CO() do { \
837 goto t0_exit; \
838 } while (0)
839 #define T0_RET() break
840
841 dp = ((t0_context *)t0ctx)->dp;
842 rp = ((t0_context *)t0ctx)->rp;
843 ip = ((t0_context *)t0ctx)->ip;
844 for (;;) {
845 uint32_t t0x;
846
847 t0x = t0_parse7E_unsigned(&ip);
848 if (t0x < T0_INTERPRETED) {
849 switch (t0x) {
850 int32_t t0off;
851
852 case 0: /* ret */
853 t0x = T0_RPOP();
854 rp -= (t0x >> 16);
855 t0x &= 0xFFFF;
856 if (t0x == 0) {
857 ip = NULL;
858 goto t0_exit;
859 }
860 ip = &t0_codeblock[t0x];
861 break;
862 case 1: /* literal constant */
863 T0_PUSHi(t0_parse7E_signed(&ip));
864 break;
865 case 2: /* read local */
866 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
867 break;
868 case 3: /* write local */
869 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
870 break;
871 case 4: /* jump */
872 t0off = t0_parse7E_signed(&ip);
873 ip += t0off;
874 break;
875 case 5: /* jump if */
876 t0off = t0_parse7E_signed(&ip);
877 if (T0_POP()) {
878 ip += t0off;
879 }
880 break;
881 case 6: /* jump if not */
882 t0off = t0_parse7E_signed(&ip);
883 if (!T0_POP()) {
884 ip += t0off;
885 }
886 break;
887 case 7: {
888 /* * */
889
890 uint32_t b = T0_POP();
891 uint32_t a = T0_POP();
892 T0_PUSH(a * b);
893
894 }
895 break;
896 case 8: {
897 /* + */
898
899 uint32_t b = T0_POP();
900 uint32_t a = T0_POP();
901 T0_PUSH(a + b);
902
903 }
904 break;
905 case 9: {
906 /* - */
907
908 uint32_t b = T0_POP();
909 uint32_t a = T0_POP();
910 T0_PUSH(a - b);
911
912 }
913 break;
914 case 10: {
915 /* < */
916
917 int32_t b = T0_POPi();
918 int32_t a = T0_POPi();
919 T0_PUSH(-(uint32_t)(a < b));
920
921 }
922 break;
923 case 11: {
924 /* << */
925
926 int c = (int)T0_POPi();
927 uint32_t x = T0_POP();
928 T0_PUSH(x << c);
929
930 }
931 break;
932 case 12: {
933 /* <> */
934
935 uint32_t b = T0_POP();
936 uint32_t a = T0_POP();
937 T0_PUSH(-(uint32_t)(a != b));
938
939 }
940 break;
941 case 13: {
942 /* = */
943
944 uint32_t b = T0_POP();
945 uint32_t a = T0_POP();
946 T0_PUSH(-(uint32_t)(a == b));
947
948 }
949 break;
950 case 14: {
951 /* > */
952
953 int32_t b = T0_POPi();
954 int32_t a = T0_POPi();
955 T0_PUSH(-(uint32_t)(a > b));
956
957 }
958 break;
959 case 15: {
960 /* >= */
961
962 int32_t b = T0_POPi();
963 int32_t a = T0_POPi();
964 T0_PUSH(-(uint32_t)(a >= b));
965
966 }
967 break;
968 case 16: {
969 /* >> */
970
971 int c = (int)T0_POPi();
972 int32_t x = T0_POPi();
973 T0_PUSHi(x >> c);
974
975 }
976 break;
977 case 17: {
978 /* and */
979
980 uint32_t b = T0_POP();
981 uint32_t a = T0_POP();
982 T0_PUSH(a & b);
983
984 }
985 break;
986 case 18: {
987 /* bzero */
988
989 size_t len = (size_t)T0_POP();
990 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
991 memset(addr, 0, len);
992
993 }
994 break;
995 case 19: {
996 /* can-output? */
997
998 T0_PUSHi(-(ENG->hlen_out > 0));
999
1000 }
1001 break;
1002 case 20: {
1003 /* co */
1004 T0_CO();
1005 }
1006 break;
1007 case 21: {
1008 /* compute-Finished-inner */
1009
1010 int prf_id = T0_POP();
1011 int from_client = T0_POPi();
1012 unsigned char seed[48];
1013 size_t seed_len;
1014
1015 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1016 if (ENG->session.version >= BR_TLS12) {
1017 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1018 } else {
1019 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1020 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1021 seed_len = 36;
1022 }
1023 prf(ENG->pad, 12, ENG->session.master_secret,
1024 sizeof ENG->session.master_secret,
1025 from_client ? "client finished" : "server finished",
1026 seed, seed_len);
1027
1028 }
1029 break;
1030 case 22: {
1031 /* data-get8 */
1032
1033 size_t addr = T0_POP();
1034 T0_PUSH(t0_datablock[addr]);
1035
1036 }
1037 break;
1038 case 23: {
1039 /* discard-input */
1040
1041 ENG->hlen_in = 0;
1042
1043 }
1044 break;
1045 case 24: {
1046 /* do-ecdh */
1047
1048 unsigned prf_id = T0_POP();
1049 unsigned ecdhe = T0_POP();
1050 int x;
1051
1052 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1053 if (x < 0) {
1054 br_ssl_engine_fail(ENG, -x);
1055 T0_CO();
1056 } else {
1057 T0_PUSH(x);
1058 }
1059
1060 }
1061 break;
1062 case 25: {
1063 /* do-rsa-encrypt */
1064
1065 int x;
1066
1067 x = make_pms_rsa(CTX, T0_POP());
1068 if (x < 0) {
1069 br_ssl_engine_fail(ENG, -x);
1070 T0_CO();
1071 } else {
1072 T0_PUSH(x);
1073 }
1074
1075 }
1076 break;
1077 case 26: {
1078 /* drop */
1079 (void)T0_POP();
1080 }
1081 break;
1082 case 27: {
1083 /* dup */
1084 T0_PUSH(T0_PEEK(0));
1085 }
1086 break;
1087 case 28: {
1088 /* fail */
1089
1090 br_ssl_engine_fail(ENG, (int)T0_POPi());
1091 T0_CO();
1092
1093 }
1094 break;
1095 case 29: {
1096 /* flush-record */
1097
1098 br_ssl_engine_flush_record(ENG);
1099
1100 }
1101 break;
1102 case 30: {
1103 /* get16 */
1104
1105 size_t addr = (size_t)T0_POP();
1106 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1107
1108 }
1109 break;
1110 case 31: {
1111 /* get32 */
1112
1113 size_t addr = (size_t)T0_POP();
1114 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1115
1116 }
1117 break;
1118 case 32: {
1119 /* get8 */
1120
1121 size_t addr = (size_t)T0_POP();
1122 T0_PUSH(*((unsigned char *)ENG + addr));
1123
1124 }
1125 break;
1126 case 33: {
1127 /* has-input? */
1128
1129 T0_PUSHi(-(ENG->hlen_in != 0));
1130
1131 }
1132 break;
1133 case 34: {
1134 /* memcmp */
1135
1136 size_t len = (size_t)T0_POP();
1137 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1138 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1139 int x = memcmp(addr1, addr2, len);
1140 T0_PUSH((uint32_t)-(x == 0));
1141
1142 }
1143 break;
1144 case 35: {
1145 /* memcpy */
1146
1147 size_t len = (size_t)T0_POP();
1148 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1149 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1150 memcpy(dst, src, len);
1151
1152 }
1153 break;
1154 case 36: {
1155 /* mkrand */
1156
1157 size_t len = (size_t)T0_POP();
1158 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1159 br_hmac_drbg_generate(&ENG->rng, addr, len);
1160
1161 }
1162 break;
1163 case 37: {
1164 /* more-incoming-bytes? */
1165
1166 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1167
1168 }
1169 break;
1170 case 38: {
1171 /* multihash-init */
1172
1173 br_multihash_init(&ENG->mhash);
1174
1175 }
1176 break;
1177 case 39: {
1178 /* neg */
1179
1180 uint32_t a = T0_POP();
1181 T0_PUSH(-a);
1182
1183 }
1184 break;
1185 case 40: {
1186 /* not */
1187
1188 uint32_t a = T0_POP();
1189 T0_PUSH(~a);
1190
1191 }
1192 break;
1193 case 41: {
1194 /* or */
1195
1196 uint32_t b = T0_POP();
1197 uint32_t a = T0_POP();
1198 T0_PUSH(a | b);
1199
1200 }
1201 break;
1202 case 42: {
1203 /* over */
1204 T0_PUSH(T0_PEEK(1));
1205 }
1206 break;
1207 case 43: {
1208 /* read-chunk-native */
1209
1210 size_t clen = ENG->hlen_in;
1211 if (clen > 0) {
1212 uint32_t addr, len;
1213
1214 len = T0_POP();
1215 addr = T0_POP();
1216 if ((size_t)len < clen) {
1217 clen = (size_t)len;
1218 }
1219 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1220 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1221 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1222 }
1223 T0_PUSH(addr + (uint32_t)clen);
1224 T0_PUSH(len - (uint32_t)clen);
1225 ENG->hbuf_in += clen;
1226 ENG->hlen_in -= clen;
1227 }
1228
1229 }
1230 break;
1231 case 44: {
1232 /* read8-native */
1233
1234 if (ENG->hlen_in > 0) {
1235 unsigned char x;
1236
1237 x = *ENG->hbuf_in ++;
1238 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1239 br_multihash_update(&ENG->mhash, &x, 1);
1240 }
1241 T0_PUSH(x);
1242 ENG->hlen_in --;
1243 } else {
1244 T0_PUSHi(-1);
1245 }
1246
1247 }
1248 break;
1249 case 45: {
1250 /* set16 */
1251
1252 size_t addr = (size_t)T0_POP();
1253 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1254
1255 }
1256 break;
1257 case 46: {
1258 /* set8 */
1259
1260 size_t addr = (size_t)T0_POP();
1261 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1262
1263 }
1264 break;
1265 case 47: {
1266 /* strlen */
1267
1268 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1269 T0_PUSH((uint32_t)strlen(str));
1270
1271 }
1272 break;
1273 case 48: {
1274 /* supported-curves */
1275
1276 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1277 T0_PUSH(x);
1278
1279 }
1280 break;
1281 case 49: {
1282 /* supported-hash-functions */
1283
1284 int i;
1285 unsigned x, num;
1286
1287 x = 0;
1288 num = 0;
1289 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1290 if (br_multihash_getimpl(&ENG->mhash, i)) {
1291 x |= 1U << i;
1292 num ++;
1293 }
1294 }
1295 T0_PUSH(x);
1296 T0_PUSH(num);
1297
1298 }
1299 break;
1300 case 50: {
1301 /* supports-ecdsa? */
1302
1303 T0_PUSHi(-(CTX->iecdsa != 0));
1304
1305 }
1306 break;
1307 case 51: {
1308 /* supports-rsa-sign? */
1309
1310 T0_PUSHi(-(CTX->irsavrfy != 0));
1311
1312 }
1313 break;
1314 case 52: {
1315 /* swap */
1316 T0_SWAP();
1317 }
1318 break;
1319 case 53: {
1320 /* switch-aesgcm-in */
1321
1322 int is_client, prf_id;
1323 unsigned cipher_key_len;
1324
1325 cipher_key_len = T0_POP();
1326 prf_id = T0_POP();
1327 is_client = T0_POP();
1328 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1329 ENG->iaes_ctr, cipher_key_len);
1330
1331 }
1332 break;
1333 case 54: {
1334 /* switch-aesgcm-out */
1335
1336 int is_client, prf_id;
1337 unsigned cipher_key_len;
1338
1339 cipher_key_len = T0_POP();
1340 prf_id = T0_POP();
1341 is_client = T0_POP();
1342 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1343 ENG->iaes_ctr, cipher_key_len);
1344
1345 }
1346 break;
1347 case 55: {
1348 /* switch-cbc-in */
1349
1350 int is_client, prf_id, mac_id, aes;
1351 unsigned cipher_key_len;
1352
1353 cipher_key_len = T0_POP();
1354 aes = T0_POP();
1355 mac_id = T0_POP();
1356 prf_id = T0_POP();
1357 is_client = T0_POP();
1358 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1359 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1360
1361 }
1362 break;
1363 case 56: {
1364 /* switch-cbc-out */
1365
1366 int is_client, prf_id, mac_id, aes;
1367 unsigned cipher_key_len;
1368
1369 cipher_key_len = T0_POP();
1370 aes = T0_POP();
1371 mac_id = T0_POP();
1372 prf_id = T0_POP();
1373 is_client = T0_POP();
1374 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1375 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1376
1377 }
1378 break;
1379 case 57: {
1380 /* u>> */
1381
1382 int c = (int)T0_POPi();
1383 uint32_t x = T0_POP();
1384 T0_PUSH(x >> c);
1385
1386 }
1387 break;
1388 case 58: {
1389 /* verify-SKE-sig */
1390
1391 size_t sig_len = T0_POP();
1392 int use_rsa = T0_POPi();
1393 int hash = T0_POPi();
1394
1395 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1396
1397 }
1398 break;
1399 case 59: {
1400 /* write-blob-chunk */
1401
1402 size_t clen = ENG->hlen_out;
1403 if (clen > 0) {
1404 uint32_t addr, len;
1405
1406 len = T0_POP();
1407 addr = T0_POP();
1408 if ((size_t)len < clen) {
1409 clen = (size_t)len;
1410 }
1411 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1412 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1413 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1414 }
1415 T0_PUSH(addr + (uint32_t)clen);
1416 T0_PUSH(len - (uint32_t)clen);
1417 ENG->hbuf_out += clen;
1418 ENG->hlen_out -= clen;
1419 }
1420
1421 }
1422 break;
1423 case 60: {
1424 /* write8-native */
1425
1426 unsigned char x;
1427
1428 x = (unsigned char)T0_POP();
1429 if (ENG->hlen_out > 0) {
1430 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1431 br_multihash_update(&ENG->mhash, &x, 1);
1432 }
1433 *ENG->hbuf_out ++ = x;
1434 ENG->hlen_out --;
1435 T0_PUSHi(-1);
1436 } else {
1437 T0_PUSHi(0);
1438 }
1439
1440 }
1441 break;
1442 case 61: {
1443 /* x509-append */
1444
1445 const br_x509_class *xc;
1446 size_t len;
1447
1448 xc = *(ENG->x509ctx);
1449 len = T0_POP();
1450 xc->append(ENG->x509ctx, ENG->pad, len);
1451
1452 }
1453 break;
1454 case 62: {
1455 /* x509-end-cert */
1456
1457 const br_x509_class *xc;
1458
1459 xc = *(ENG->x509ctx);
1460 xc->end_cert(ENG->x509ctx);
1461
1462 }
1463 break;
1464 case 63: {
1465 /* x509-end-chain */
1466
1467 const br_x509_class *xc;
1468
1469 xc = *(ENG->x509ctx);
1470 T0_PUSH(xc->end_chain(ENG->x509ctx));
1471
1472 }
1473 break;
1474 case 64: {
1475 /* x509-start-cert */
1476
1477 const br_x509_class *xc;
1478
1479 xc = *(ENG->x509ctx);
1480 xc->start_cert(ENG->x509ctx, T0_POP());
1481
1482 }
1483 break;
1484 case 65: {
1485 /* x509-start-chain */
1486
1487 const br_x509_class *xc;
1488
1489 xc = *(ENG->x509ctx);
1490 xc->start_chain(ENG->x509ctx, T0_POP(), ENG->server_name);
1491
1492 }
1493 break;
1494 }
1495
1496 } else {
1497 T0_ENTER(ip, rp, t0x);
1498 }
1499 }
1500 t0_exit:
1501 ((t0_context *)t0ctx)->dp = dp;
1502 ((t0_context *)t0ctx)->rp = rp;
1503 ((t0_context *)t0ctx)->ip = ip;
1504 }
The BearSSL library and tools.