1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *cpoint
, size_t cpoint_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
155 pms_len
= cpoint_len
>> 1;
156 if (pms_len
> sizeof rpms
) {
157 pms_len
= sizeof rpms
;
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
166 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, pms_len
);
167 br_ccopy(ctl
^ 1, cpoint
+ 1, rpms
, pms_len
);
170 * Compute master secret.
172 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, cpoint
+ 1, pms_len
);
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
178 memset(cpoint
, 0, cpoint_len
);
182 * Do the ECDH key exchange (not ECDHE).
185 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
186 unsigned char *cpoint
, size_t cpoint_len
)
191 * Finalise the key exchange.
193 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
195 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
206 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
210 const unsigned char *order
, *generator
;
212 br_multihash_context mhc
;
213 unsigned char head
[4];
214 size_t hv_len
, sig_len
;
216 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM
;
219 ctx
->eng
.ecdhe_curve
= curve
;
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
229 order
= ctx
->eng
.iec
->order(curve
, &olen
);
231 while (mask
>= order
[0]) {
234 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
235 ctx
->ecdhe_key
[0] &= mask
;
236 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
237 ctx
->ecdhe_key_len
= olen
;
240 * Compute our ECDH point.
242 generator
= ctx
->eng
.iec
->generator(curve
, &glen
);
243 memcpy(ctx
->eng
.ecdhe_point
, generator
, glen
);
244 ctx
->eng
.ecdhe_point_len
= glen
;
245 if (!ctx
->eng
.iec
->mul(ctx
->eng
.ecdhe_point
, glen
,
246 ctx
->ecdhe_key
, olen
, curve
))
248 return -BR_ERR_INVALID_ALGORITHM
;
252 * Compute the signature.
254 br_multihash_zero(&mhc
);
255 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
256 br_multihash_init(&mhc
);
257 br_multihash_update(&mhc
,
258 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
259 br_multihash_update(&mhc
,
260 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
264 head
[3] = ctx
->eng
.ecdhe_point_len
;
265 br_multihash_update(&mhc
, head
, sizeof head
);
266 br_multihash_update(&mhc
,
267 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
268 hash
= ctx
->sign_hash_id
;
270 hv_len
= br_multihash_out(&mhc
, hash
, ctx
->eng
.pad
);
272 return -BR_ERR_INVALID_ALGORITHM
;
275 if (!br_multihash_out(&mhc
, br_md5_ID
, ctx
->eng
.pad
)
276 || !br_multihash_out(&mhc
,
277 br_sha1_ID
, ctx
->eng
.pad
+ 16))
279 return -BR_ERR_INVALID_ALGORITHM
;
283 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
284 hash
, hv_len
, ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
285 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
293 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
294 unsigned char *cpoint
, size_t cpoint_len
)
299 curve
= ctx
->eng
.ecdhe_curve
;
302 * Finalise the key exchange.
304 x
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
305 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
306 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
313 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
318 static const uint8_t t0_datablock
[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
334 static const uint8_t t0_codeblock
[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
352 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
354 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
357 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
360 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, flags
)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
371 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
374 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
379 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
381 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
383 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
385 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
390 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
393 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x24, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x1B, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0D, 0x06,
418 0x06, 0x01, 0x00, 0x81, 0x01, 0x04, 0x0A, 0x24, 0x16, 0x2F, 0x06, 0x05,
419 0x81, 0x25, 0x21, 0x04, 0x77, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0x44,
420 0x01, 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02,
421 0x00, 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01,
422 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03,
423 0x21, 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x15, 0x01, 0x01, 0x31,
424 0x0E, 0x06, 0x09, 0x21, 0x01, 0x00, 0x58, 0x38, 0x46, 0x00, 0x04, 0x06,
425 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28, 0x06,
426 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01, 0x01,
427 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14, 0x0D,
428 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12, 0x22,
429 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F, 0x21,
430 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23, 0x22,
431 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12, 0x01,
432 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00, 0x5B,
433 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20, 0x0F,
434 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E, 0x17,
435 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00,
436 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03, 0x05,
437 0x22, 0x06, 0x80, 0x57, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01, 0x06,
438 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x22,
439 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51, 0x23,
440 0x01, 0x7F, 0x03, 0x02, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03, 0x21, 0x04,
441 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B, 0x5D, 0x08,
442 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02, 0x04, 0x10,
443 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02, 0x05, 0x01,
444 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x25, 0x21, 0x01, 0x00, 0x03, 0x07,
445 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05, 0x04, 0x01,
446 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38, 0x01, 0x88,
447 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37, 0x22, 0x06,
448 0x80, 0x4D, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x44, 0x81, 0x17,
449 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04, 0x34, 0x01,
450 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x29, 0x01, 0x83,
451 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04, 0x1C, 0x01,
452 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x11, 0x01, 0x0A,
453 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x06, 0x21, 0x81, 0x14,
454 0x01, 0x00, 0x21, 0x04, 0xFF, 0x38, 0x7D, 0x7D, 0x02, 0x01, 0x02, 0x03,
455 0x12, 0x03, 0x01, 0x77, 0x25, 0x22, 0x02, 0x00, 0x0F, 0x06, 0x03, 0x21,
456 0x02, 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06, 0x02, 0x52, 0x23, 0x02,
457 0x00, 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80, 0x46, 0x81, 0x03, 0x02,
458 0x01, 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C, 0x06, 0x05, 0x21, 0x75,
459 0x25, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22, 0x75, 0x36, 0x22, 0x76,
460 0x36, 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10, 0x03, 0x08, 0x02, 0x02,
461 0x06, 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07, 0x05, 0x04, 0x01, 0x28,
462 0x81, 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07, 0x64, 0x25, 0x12, 0x22,
463 0x64, 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39, 0x12, 0x22, 0x60, 0x37,
464 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F,
465 0x00, 0x6F, 0x01, 0x20, 0x2B, 0x5D, 0x22, 0x03, 0x05, 0x22, 0x02, 0x04,
466 0x0A, 0x06, 0x80, 0x47, 0x22, 0x25, 0x22, 0x7C, 0x02, 0x09, 0x05, 0x13,
467 0x22, 0x01, 0x0C, 0x11, 0x22, 0x01, 0x01, 0x0E, 0x3B, 0x01, 0x02, 0x0E,
468 0x30, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x02, 0x08, 0x05, 0x0E, 0x22,
469 0x01, 0x81, 0x70, 0x12, 0x01, 0x20, 0x0D, 0x06, 0x04, 0x4B, 0x01, 0x00,
470 0x22, 0x22, 0x06, 0x10, 0x02, 0x05, 0x4A, 0x36, 0x02, 0x05, 0x36, 0x02,
471 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x4B, 0x01, 0x04, 0x08,
472 0x04, 0xFF, 0x32, 0x21, 0x02, 0x05, 0x5D, 0x09, 0x01, 0x02, 0x11, 0x22,
473 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x5E, 0x38, 0x15, 0x05, 0x04, 0x01,
474 0x28, 0x81, 0x03, 0x01, 0x00, 0x00, 0x04, 0x81, 0x12, 0x01, 0x10, 0x0E,
475 0x05, 0x02, 0x56, 0x23, 0x5A, 0x25, 0x81, 0x24, 0x06, 0x19, 0x81, 0x17,
476 0x22, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x53, 0x23, 0x22, 0x03, 0x00,
477 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x00, 0x5A, 0x25, 0x81, 0x07, 0x20, 0x5A,
478 0x25, 0x22, 0x81, 0x22, 0x3B, 0x81, 0x21, 0x03, 0x01, 0x03, 0x02, 0x02,
479 0x01, 0x02, 0x02, 0x30, 0x06, 0x17, 0x81, 0x19, 0x22, 0x03, 0x03, 0x67,
480 0x3B, 0x81, 0x0E, 0x02, 0x03, 0x5A, 0x25, 0x81, 0x07, 0x02, 0x02, 0x06,
481 0x03, 0x1F, 0x04, 0x01, 0x1D, 0x7D, 0x00, 0x00, 0x7E, 0x81, 0x12, 0x01,
482 0x14, 0x0D, 0x06, 0x02, 0x56, 0x23, 0x67, 0x01, 0x0C, 0x08, 0x01, 0x0C,
483 0x81, 0x0E, 0x7D, 0x67, 0x22, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x29, 0x05,
484 0x02, 0x4D, 0x23, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x7A,
485 0x02, 0x01, 0x02, 0x00, 0x32, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B,
486 0x00, 0x81, 0x27, 0x04, 0x73, 0x00, 0x81, 0x17, 0x01, 0x01, 0x0D, 0x06,
487 0x02, 0x4E, 0x23, 0x81, 0x19, 0x22, 0x22, 0x46, 0x3B, 0x01, 0x05, 0x10,
488 0x30, 0x06, 0x02, 0x4E, 0x23, 0x01, 0x08, 0x08, 0x22, 0x66, 0x27, 0x0A,
489 0x06, 0x0D, 0x22, 0x01, 0x01, 0x3B, 0x0B, 0x35, 0x22, 0x66, 0x38, 0x68,
490 0x38, 0x04, 0x01, 0x21, 0x00, 0x00, 0x81, 0x17, 0x6B, 0x27, 0x01, 0x00,
491 0x31, 0x0E, 0x06, 0x14, 0x21, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x51, 0x23,
492 0x81, 0x19, 0x06, 0x02, 0x51, 0x23, 0x01, 0x02, 0x6B, 0x38, 0x04, 0x2A,
493 0x01, 0x02, 0x31, 0x0E, 0x06, 0x21, 0x21, 0x01, 0x0D, 0x0E, 0x05, 0x02,
494 0x51, 0x23, 0x81, 0x19, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x67,
495 0x01, 0x0C, 0x81, 0x0E, 0x6C, 0x67, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x51,
496 0x23, 0x04, 0x03, 0x51, 0x23, 0x21, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06,
497 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x22, 0x81, 0x19, 0x06, 0x04, 0x81,
498 0x14, 0x04, 0x18, 0x81, 0x17, 0x22, 0x01, 0x81, 0x7F, 0x0C, 0x06, 0x0D,
499 0x22, 0x6D, 0x08, 0x01, 0x00, 0x3B, 0x38, 0x6D, 0x3B, 0x81, 0x0E, 0x04,
500 0x02, 0x81, 0x1F, 0x04, 0x5B, 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x13, 0x22,
501 0x46, 0x06, 0x07, 0x21, 0x06, 0x02, 0x4F, 0x23, 0x04, 0x73, 0x00, 0x00,
502 0x81, 0x1A, 0x01, 0x03, 0x81, 0x18, 0x3B, 0x21, 0x3B, 0x00, 0x00, 0x81,
503 0x17, 0x81, 0x1F, 0x00, 0x02, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x64,
504 0x36, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x34, 0x81, 0x19, 0x03, 0x00,
505 0x81, 0x19, 0x03, 0x01, 0x02, 0x00, 0x01, 0x02, 0x10, 0x02, 0x00, 0x01,
506 0x06, 0x0C, 0x12, 0x02, 0x01, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x03,
507 0x0E, 0x30, 0x12, 0x06, 0x11, 0x64, 0x25, 0x01, 0x01, 0x02, 0x01, 0x49,
508 0x01, 0x02, 0x0B, 0x02, 0x00, 0x08, 0x0B, 0x30, 0x64, 0x36, 0x04, 0x49,
509 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06,
510 0x01, 0x00, 0x60, 0x37, 0x22, 0x06, 0x16, 0x81, 0x17, 0x22, 0x01, 0x20,
511 0x0A, 0x06, 0x0B, 0x01, 0x01, 0x3B, 0x0B, 0x60, 0x26, 0x30, 0x60, 0x37,
512 0x04, 0x01, 0x21, 0x04, 0x67, 0x7D, 0x7D, 0x00, 0x00, 0x01, 0x02, 0x7A,
513 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x03,
514 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x01, 0x08, 0x0B,
515 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x01, 0x7A, 0x81, 0x1A, 0x00, 0x00,
516 0x33, 0x22, 0x44, 0x05, 0x01, 0x00, 0x21, 0x81, 0x27, 0x04, 0x75, 0x02,
517 0x03, 0x00, 0x74, 0x27, 0x03, 0x01, 0x01, 0x00, 0x22, 0x02, 0x01, 0x0A,
518 0x06, 0x10, 0x22, 0x01, 0x01, 0x0B, 0x73, 0x08, 0x25, 0x02, 0x00, 0x0E,
519 0x06, 0x01, 0x00, 0x48, 0x04, 0x6A, 0x21, 0x01, 0x7F, 0x00, 0x00, 0x24,
520 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x16, 0x6A,
521 0x38, 0x01, 0x00, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x24, 0x01, 0x17,
522 0x6A, 0x38, 0x00, 0x00, 0x01, 0x15, 0x6A, 0x38, 0x3B, 0x43, 0x21, 0x43,
523 0x21, 0x24, 0x00, 0x00, 0x01, 0x01, 0x3B, 0x81, 0x1D, 0x00, 0x00, 0x3B,
524 0x31, 0x7A, 0x3B, 0x22, 0x06, 0x06, 0x81, 0x1A, 0x21, 0x49, 0x04, 0x77,
525 0x21, 0x00, 0x02, 0x03, 0x00, 0x5A, 0x25, 0x7C, 0x03, 0x01, 0x02, 0x01,
526 0x01, 0x0F, 0x12, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x12, 0x02,
527 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06,
528 0x10, 0x21, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04,
529 0x01, 0x3F, 0x04, 0x80, 0x56, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x10, 0x21,
530 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F,
531 0x04, 0x80, 0x40, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0F, 0x21, 0x01, 0x01,
532 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x2B,
533 0x01, 0x03, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01, 0x10, 0x02, 0x00,
534 0x06, 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x17, 0x01, 0x04, 0x31, 0x0E,
535 0x06, 0x0E, 0x21, 0x21, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04,
536 0x01, 0x3D, 0x04, 0x03, 0x50, 0x23, 0x21, 0x00, 0x00, 0x7C, 0x01, 0x0C,
537 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x22, 0x47,
538 0x3B, 0x01, 0x03, 0x0A, 0x12, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01,
539 0x01, 0x0E, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x46, 0x00, 0x00, 0x18,
540 0x01, 0x00, 0x57, 0x27, 0x22, 0x06, 0x20, 0x01, 0x01, 0x31, 0x0E, 0x06,
541 0x07, 0x21, 0x01, 0x00, 0x81, 0x00, 0x04, 0x11, 0x01, 0x02, 0x31, 0x0E,
542 0x06, 0x0A, 0x21, 0x59, 0x27, 0x06, 0x03, 0x01, 0x10, 0x30, 0x04, 0x01,
543 0x21, 0x04, 0x01, 0x21, 0x5F, 0x27, 0x05, 0x35, 0x28, 0x06, 0x32, 0x69,
544 0x27, 0x01, 0x14, 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01, 0x02, 0x30, 0x04,
545 0x24, 0x01, 0x15, 0x31, 0x0E, 0x06, 0x0B, 0x21, 0x81, 0x09, 0x06, 0x04,
546 0x01, 0x7F, 0x81, 0x00, 0x04, 0x13, 0x01, 0x16, 0x31, 0x0E, 0x06, 0x06,
547 0x21, 0x01, 0x01, 0x30, 0x04, 0x07, 0x21, 0x01, 0x04, 0x30, 0x01, 0x00,
548 0x21, 0x16, 0x06, 0x03, 0x01, 0x08, 0x30, 0x00, 0x00, 0x18, 0x22, 0x05,
549 0x10, 0x28, 0x06, 0x0D, 0x69, 0x27, 0x01, 0x15, 0x0E, 0x06, 0x05, 0x21,
550 0x81, 0x09, 0x04, 0x01, 0x1C, 0x00, 0x00, 0x81, 0x25, 0x01, 0x07, 0x12,
551 0x01, 0x01, 0x0F, 0x06, 0x02, 0x56, 0x23, 0x00, 0x01, 0x03, 0x00, 0x24,
552 0x16, 0x06, 0x05, 0x02, 0x00, 0x6A, 0x38, 0x00, 0x81, 0x25, 0x21, 0x04,
553 0x73, 0x00, 0x01, 0x14, 0x81, 0x28, 0x01, 0x01, 0x81, 0x33, 0x24, 0x22,
554 0x01, 0x00, 0x81, 0x20, 0x01, 0x16, 0x81, 0x28, 0x81, 0x2B, 0x24, 0x00,
555 0x00, 0x01, 0x0B, 0x81, 0x33, 0x40, 0x22, 0x01, 0x03, 0x08, 0x81, 0x32,
556 0x81, 0x32, 0x13, 0x22, 0x44, 0x06, 0x02, 0x21, 0x00, 0x81, 0x32, 0x1A,
557 0x22, 0x06, 0x06, 0x67, 0x3B, 0x81, 0x2F, 0x04, 0x76, 0x21, 0x04, 0x6A,
558 0x00, 0x7E, 0x01, 0x14, 0x81, 0x33, 0x01, 0x0C, 0x81, 0x32, 0x67, 0x01,
559 0x0C, 0x81, 0x2F, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02, 0x81, 0x33, 0x01,
560 0x80, 0x46, 0x6B, 0x27, 0x01, 0x02, 0x0E, 0x06, 0x0C, 0x02, 0x00, 0x06,
561 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03,
562 0x01, 0x68, 0x27, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03,
563 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x03, 0x01, 0x02, 0x08,
564 0x08, 0x81, 0x32, 0x75, 0x25, 0x81, 0x31, 0x6E, 0x01, 0x04, 0x14, 0x6E,
565 0x01, 0x04, 0x08, 0x01, 0x1C, 0x2B, 0x6E, 0x01, 0x20, 0x81, 0x2F, 0x01,
566 0x20, 0x81, 0x33, 0x6F, 0x01, 0x20, 0x81, 0x2F, 0x5A, 0x25, 0x81, 0x31,
567 0x01, 0x00, 0x81, 0x33, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x30,
568 0x81, 0x31, 0x02, 0x01, 0x22, 0x06, 0x13, 0x01, 0x83, 0xFE, 0x01, 0x81,
569 0x31, 0x01, 0x04, 0x09, 0x22, 0x81, 0x31, 0x49, 0x6C, 0x3B, 0x81, 0x30,
570 0x04, 0x01, 0x21, 0x02, 0x02, 0x06, 0x0F, 0x01, 0x01, 0x81, 0x31, 0x01,
571 0x01, 0x81, 0x31, 0x68, 0x27, 0x01, 0x08, 0x09, 0x81, 0x33, 0x04, 0x01,
572 0x21, 0x00, 0x00, 0x01, 0x0E, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x00,
573 0x03, 0x5A, 0x25, 0x81, 0x22, 0x05, 0x01, 0x00, 0x60, 0x26, 0x01, 0x00,
574 0x81, 0x02, 0x11, 0x01, 0x01, 0x12, 0x46, 0x06, 0x03, 0x48, 0x04, 0x74,
575 0x03, 0x00, 0x21, 0x02, 0x00, 0x1E, 0x22, 0x44, 0x06, 0x02, 0x2E, 0x23,
576 0x03, 0x01, 0x75, 0x25, 0x01, 0x86, 0x03, 0x10, 0x03, 0x02, 0x01, 0x0C,
577 0x81, 0x33, 0x02, 0x01, 0x62, 0x27, 0x08, 0x02, 0x02, 0x01, 0x02, 0x12,
578 0x08, 0x01, 0x06, 0x08, 0x81, 0x32, 0x01, 0x03, 0x81, 0x33, 0x02, 0x00,
579 0x81, 0x31, 0x61, 0x62, 0x27, 0x81, 0x30, 0x02, 0x02, 0x06, 0x10, 0x72,
580 0x27, 0x81, 0x33, 0x5A, 0x25, 0x81, 0x23, 0x01, 0x01, 0x0B, 0x01, 0x03,
581 0x08, 0x81, 0x33, 0x02, 0x01, 0x81, 0x31, 0x67, 0x02, 0x01, 0x81, 0x2F,
582 0x00, 0x00, 0x42, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81,
583 0x25, 0x21, 0x04, 0x72, 0x00, 0x22, 0x81, 0x33, 0x81, 0x2F, 0x00, 0x00,
584 0x22, 0x01, 0x08, 0x41, 0x81, 0x33, 0x81, 0x33, 0x00, 0x00, 0x22, 0x01,
585 0x10, 0x41, 0x81, 0x33, 0x81, 0x31, 0x00, 0x00, 0x22, 0x43, 0x06, 0x02,
586 0x21, 0x00, 0x81, 0x25, 0x21, 0x04, 0x75
589 static const uint16_t t0_caddr
[] = {
704 #define T0_INTERPRETED 68
706 #define T0_ENTER(ip, rp, slot) do { \
707 const unsigned char *t0_newip; \
709 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
710 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
712 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
716 #define T0_DEFENTRY(name, slot) \
720 t0_context *t0ctx = ctx; \
721 t0ctx->ip = &t0_codeblock[0]; \
722 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
725 T0_DEFENTRY(br_ssl_hs_server_init_main
, 133)
728 br_ssl_hs_server_run(void *t0ctx
)
731 const unsigned char *ip
;
733 #define T0_LOCAL(x) (*(rp - 2 - (x)))
734 #define T0_POP() (*-- dp)
735 #define T0_POPi() (*(int32_t *)(-- dp))
736 #define T0_PEEK(x) (*(dp - 1 - (x)))
737 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
738 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
739 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
740 #define T0_RPOP() (*-- rp)
741 #define T0_RPOPi() (*(int32_t *)(-- rp))
742 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
743 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
744 #define T0_ROLL(x) do { \
745 size_t t0len = (size_t)(x); \
746 uint32_t t0tmp = *(dp - 1 - t0len); \
747 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
750 #define T0_SWAP() do { \
751 uint32_t t0tmp = *(dp - 2); \
752 *(dp - 2) = *(dp - 1); \
755 #define T0_ROT() do { \
756 uint32_t t0tmp = *(dp - 3); \
757 *(dp - 3) = *(dp - 2); \
758 *(dp - 2) = *(dp - 1); \
761 #define T0_NROT() do { \
762 uint32_t t0tmp = *(dp - 1); \
763 *(dp - 1) = *(dp - 2); \
764 *(dp - 2) = *(dp - 3); \
767 #define T0_PICK(x) do { \
768 uint32_t t0depth = (x); \
769 T0_PUSH(T0_PEEK(t0depth)); \
771 #define T0_CO() do { \
774 #define T0_RET() break
776 dp
= ((t0_context
*)t0ctx
)->dp
;
777 rp
= ((t0_context
*)t0ctx
)->rp
;
778 ip
= ((t0_context
*)t0ctx
)->ip
;
782 t0x
= t0_parse7E_unsigned(&ip
);
783 if (t0x
< T0_INTERPRETED
) {
795 ip
= &t0_codeblock
[t0x
];
797 case 1: /* literal constant */
798 T0_PUSHi(t0_parse7E_signed(&ip
));
800 case 2: /* read local */
801 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
803 case 3: /* write local */
804 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
807 t0off
= t0_parse7E_signed(&ip
);
810 case 5: /* jump if */
811 t0off
= t0_parse7E_signed(&ip
);
816 case 6: /* jump if not */
817 t0off
= t0_parse7E_signed(&ip
);
825 uint32_t b
= T0_POP();
826 uint32_t a
= T0_POP();
834 uint32_t b
= T0_POP();
835 uint32_t a
= T0_POP();
843 uint32_t b
= T0_POP();
844 uint32_t a
= T0_POP();
852 int32_t b
= T0_POPi();
853 int32_t a
= T0_POPi();
854 T0_PUSH(-(uint32_t)(a
< b
));
861 int c
= (int)T0_POPi();
862 uint32_t x
= T0_POP();
870 int32_t b
= T0_POPi();
871 int32_t a
= T0_POPi();
872 T0_PUSH(-(uint32_t)(a
<= b
));
879 uint32_t b
= T0_POP();
880 uint32_t a
= T0_POP();
881 T0_PUSH(-(uint32_t)(a
!= b
));
888 uint32_t b
= T0_POP();
889 uint32_t a
= T0_POP();
890 T0_PUSH(-(uint32_t)(a
== b
));
897 int32_t b
= T0_POPi();
898 int32_t a
= T0_POPi();
899 T0_PUSH(-(uint32_t)(a
> b
));
906 int32_t b
= T0_POPi();
907 int32_t a
= T0_POPi();
908 T0_PUSH(-(uint32_t)(a
>= b
));
915 int c
= (int)T0_POPi();
916 int32_t x
= T0_POPi();
924 uint32_t b
= T0_POP();
925 uint32_t a
= T0_POP();
933 if (CTX
->chain_len
== 0) {
936 CTX
->cert_cur
= CTX
->chain
->data
;
937 CTX
->cert_len
= CTX
->chain
->data_len
;
940 T0_PUSH(CTX
->cert_len
);
948 size_t len
= (size_t)T0_POP();
949 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
950 memset(addr
, 0, len
);
955 /* call-policy-handler */
958 br_ssl_server_choices choices
;
960 x
= (*CTX
->policy_vtable
)->choose(
961 CTX
->policy_vtable
, CTX
, &choices
);
962 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
963 CTX
->sign_hash_id
= choices
.hash_id
;
964 CTX
->chain
= choices
.chain
;
965 CTX
->chain_len
= choices
.chain_len
;
973 T0_PUSHi(-(ENG
->hlen_out
> 0));
980 if (ENG
->session
.session_id_len
== 32
981 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
982 CTX
->cache_vtable
, CTX
, &ENG
->session
))
997 /* compute-Finished-inner */
999 int prf_id
= T0_POP();
1000 int from_client
= T0_POPi();
1001 unsigned char seed
[48];
1004 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1005 if (ENG
->session
.version
>= BR_TLS12
) {
1006 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1008 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1009 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1012 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1013 sizeof ENG
->session
.master_secret
,
1014 from_client
? "client finished" : "server finished",
1020 /* copy-cert-chunk */
1024 clen
= CTX
->cert_len
;
1025 if (clen
> sizeof ENG
->pad
) {
1026 clen
= sizeof ENG
->pad
;
1028 memcpy(ENG
->pad
, CTX
->cert_cur
, clen
);
1029 CTX
->cert_cur
+= clen
;
1030 CTX
->cert_len
-= clen
;
1038 size_t addr
= T0_POP();
1039 T0_PUSH(t0_datablock
[addr
]);
1053 int prf_id
= T0_POPi();
1054 size_t len
= T0_POP();
1055 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1060 /* do-ecdhe-part1 */
1062 int curve
= T0_POPi();
1063 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1068 /* do-ecdhe-part2 */
1070 int prf_id
= T0_POPi();
1071 size_t len
= T0_POP();
1072 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1077 /* do-rsa-decrypt */
1079 int prf_id
= T0_POPi();
1080 size_t len
= T0_POP();
1081 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1092 T0_PUSH(T0_PEEK(0));
1098 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1106 br_ssl_engine_flush_record(ENG
);
1113 size_t addr
= (size_t)T0_POP();
1114 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1121 size_t addr
= (size_t)T0_POP();
1122 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1129 size_t addr
= (size_t)T0_POP();
1130 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1137 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1144 size_t len
= (size_t)T0_POP();
1145 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1146 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1147 int x
= memcmp(addr1
, addr2
, len
);
1148 T0_PUSH((uint32_t)-(x
== 0));
1155 size_t len
= (size_t)T0_POP();
1156 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1157 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1158 memcpy(dst
, src
, len
);
1165 size_t len
= (size_t)T0_POP();
1166 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1167 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1172 /* more-incoming-bytes? */
1174 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1179 /* multihash-init */
1181 br_multihash_init(&ENG
->mhash
);
1188 uint32_t a
= T0_POP();
1196 uint32_t a
= T0_POP();
1204 uint32_t b
= T0_POP();
1205 uint32_t a
= T0_POP();
1212 T0_PUSH(T0_PEEK(1));
1216 /* read-chunk-native */
1218 size_t clen
= ENG
->hlen_in
;
1224 if ((size_t)len
< clen
) {
1227 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1228 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1229 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1231 T0_PUSH(addr
+ (uint32_t)clen
);
1232 T0_PUSH(len
- (uint32_t)clen
);
1233 ENG
->hbuf_in
+= clen
;
1234 ENG
->hlen_in
-= clen
;
1242 if (ENG
->hlen_in
> 0) {
1245 x
= *ENG
->hbuf_in
++;
1246 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1247 br_multihash_update(&ENG
->mhash
, &x
, 1);
1260 if (CTX
->cache_vtable
!= NULL
) {
1261 (*CTX
->cache_vtable
)->save(
1262 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1268 /* set-max-frag-len */
1270 size_t max_frag_len
= T0_POP();
1272 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1275 * We must adjust our own output limit. Since we call this only
1276 * after receiving a ClientHello and before beginning to send
1277 * the ServerHello, the next output record should be empty at
1278 * that point, so we can use max_frag_len as a limit.
1280 if (ENG
->hlen_out
> max_frag_len
) {
1281 ENG
->hlen_out
= max_frag_len
;
1289 size_t addr
= (size_t)T0_POP();
1290 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1297 size_t addr
= (size_t)T0_POP();
1298 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1305 size_t addr
= (size_t)T0_POP();
1306 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1311 /* supported-curves */
1313 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1319 /* supported-hash-functions */
1326 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1327 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1343 /* switch-aesgcm-in */
1345 int is_client
, prf_id
;
1346 unsigned cipher_key_len
;
1348 cipher_key_len
= T0_POP();
1350 is_client
= T0_POP();
1351 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1352 ENG
->iaes_ctr
, cipher_key_len
);
1357 /* switch-aesgcm-out */
1359 int is_client
, prf_id
;
1360 unsigned cipher_key_len
;
1362 cipher_key_len
= T0_POP();
1364 is_client
= T0_POP();
1365 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1366 ENG
->iaes_ctr
, cipher_key_len
);
1373 int is_client
, prf_id
, mac_id
, aes
;
1374 unsigned cipher_key_len
;
1376 cipher_key_len
= T0_POP();
1380 is_client
= T0_POP();
1381 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1382 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1387 /* switch-cbc-out */
1389 int is_client
, prf_id
, mac_id
, aes
;
1390 unsigned cipher_key_len
;
1392 cipher_key_len
= T0_POP();
1396 is_client
= T0_POP();
1397 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1398 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1403 /* total-chain-length */
1409 for (u
= 0; u
< CTX
->chain_len
; u
++) {
1410 total
+= 3 + (uint32_t)CTX
->chain
[u
].data_len
;
1419 int c
= (int)T0_POPi();
1420 uint32_t x
= T0_POP();
1426 /* write-blob-chunk */
1428 size_t clen
= ENG
->hlen_out
;
1434 if ((size_t)len
< clen
) {
1437 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1438 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1439 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1441 T0_PUSH(addr
+ (uint32_t)clen
);
1442 T0_PUSH(len
- (uint32_t)clen
);
1443 ENG
->hbuf_out
+= clen
;
1444 ENG
->hlen_out
-= clen
;
1454 x
= (unsigned char)T0_POP();
1455 if (ENG
->hlen_out
> 0) {
1456 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1457 br_multihash_update(&ENG
->mhash
, &x
, 1);
1459 *ENG
->hbuf_out
++ = x
;
1471 T0_ENTER(ip
, rp
, t0x
);
1475 ((t0_context
*)t0ctx
)->dp
= dp
;
1476 ((t0_context
*)t0ctx
)->rp
= rp
;
1477 ((t0_context
*)t0ctx
)->ip
= ip
;