projects / BearSSL / blob
? search:


8a4c01ba275779d08f11ca1cbfbf14e154d320a6
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, &len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *xcoor, size_t xcoor_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146
147 if (xcoor_len > sizeof rpms) {
148 xcoor_len = sizeof rpms;
149 ctl = 0;
150 }
151
152 /*
153 * Make a random PMS and copy it above the decrypted value if the
154 * decryption failed. Note that we use a constant-time conditional
155 * copy.
156 */
157 br_hmac_drbg_generate(&ctx->eng.rng, rpms, xcoor_len);
158 br_ccopy(ctl ^ 1, xcoor, rpms, xcoor_len);
159
160 /*
161 * Compute master secret.
162 */
163 br_ssl_engine_compute_master(&ctx->eng, prf_id, xcoor, xcoor_len);
164
165 /*
166 * Clear the pre-master secret from RAM: it is normally a buffer
167 * in the context, hence potentially long-lived.
168 */
169 memset(xcoor, 0, xcoor_len);
170 }
171
172 /*
173 * Do the ECDH key exchange (not ECDHE).
174 */
175 static void
176 do_ecdh(br_ssl_server_context *ctx, int prf_id,
177 unsigned char *cpoint, size_t cpoint_len)
178 {
179 uint32_t x;
180
181 /*
182 * Finalise the key exchange.
183 */
184 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
185 cpoint, &cpoint_len);
186 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
187 }
188
189 /*
190 * Do the full static ECDH key exchange. When this function is called,
191 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
192 * and the client's public key (from its certificate) has type EC and is
193 * apt for key exchange.
194 */
195 static void
196 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
197 {
198 unsigned char cpoint[133];
199 size_t cpoint_len;
200 const br_x509_class **xc;
201 const br_x509_pkey *pk;
202
203 xc = ctx->eng.x509ctx;
204 pk = (*xc)->get_pkey(xc, NULL);
205 cpoint_len = pk->key.ec.qlen;
206 if (cpoint_len > sizeof cpoint) {
207 /*
208 * If the point is larger than our buffer then we need to
209 * restrict it. Length 2 is not a valid point length, so
210 * the ECDH will fail.
211 */
212 cpoint_len = 2;
213 }
214 memcpy(cpoint, pk->key.ec.q, cpoint_len);
215 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
216 }
217
218 static size_t
219 hash_data(br_ssl_server_context *ctx,
220 void *dst, int hash_id, const void *src, size_t len)
221 {
222 const br_hash_class *hf;
223 br_hash_compat_context hc;
224
225 if (hash_id == 0) {
226 unsigned char tmp[36];
227
228 hf = br_multihash_getimpl(&ctx->eng.mhash, br_md5_ID);
229 if (hf == NULL) {
230 return 0;
231 }
232 hf->init(&hc.vtable);
233 hf->update(&hc.vtable, src, len);
234 hf->out(&hc.vtable, tmp);
235 hf = br_multihash_getimpl(&ctx->eng.mhash, br_sha1_ID);
236 if (hf == NULL) {
237 return 0;
238 }
239 hf->init(&hc.vtable);
240 hf->update(&hc.vtable, src, len);
241 hf->out(&hc.vtable, tmp + 16);
242 memcpy(dst, tmp, 36);
243 return 36;
244 } else {
245 hf = br_multihash_getimpl(&ctx->eng.mhash, hash_id);
246 if (hf == NULL) {
247 return 0;
248 }
249 hf->init(&hc.vtable);
250 hf->update(&hc.vtable, src, len);
251 hf->out(&hc.vtable, dst);
252 return (hf->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK;
253 }
254 }
255
256 /*
257 * Do the ECDHE key exchange (part 1: generation of transient key, and
258 * computing of the point to send to the client). Returned value is the
259 * signature length (in bytes), or -x on error (with x being an error
260 * code). The encoded point is written in the ecdhe_point[] context buffer
261 * (length in ecdhe_point_len).
262 */
263 static int
264 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
265 {
266 unsigned algo_id;
267 unsigned mask;
268 const unsigned char *order;
269 size_t olen, glen;
270 size_t hv_len, sig_len;
271
272 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
273 return -BR_ERR_INVALID_ALGORITHM;
274 }
275 ctx->eng.ecdhe_curve = curve;
276
277 /*
278 * Generate our private key. We need a non-zero random value
279 * which is lower than the curve order, in a "large enough"
280 * range. We force the top bit to 0 and bottom bit to 1, which
281 * does the trick. Note that contrary to what happens in ECDSA,
282 * this is not a problem if we do not cover the full range of
283 * possible values.
284 */
285 order = ctx->eng.iec->order(curve, &olen);
286 mask = 0xFF;
287 while (mask >= order[0]) {
288 mask >>= 1;
289 }
290 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
291 ctx->ecdhe_key[0] &= mask;
292 ctx->ecdhe_key[olen - 1] |= 0x01;
293 ctx->ecdhe_key_len = olen;
294
295 /*
296 * Compute our ECDH point.
297 */
298 glen = ctx->eng.iec->mulgen(ctx->eng.ecdhe_point,
299 ctx->ecdhe_key, olen, curve);
300 ctx->eng.ecdhe_point_len = glen;
301
302 /*
303 * Assemble the message to be signed, and possibly hash it.
304 */
305 memcpy(ctx->eng.pad, ctx->eng.client_random, 32);
306 memcpy(ctx->eng.pad + 32, ctx->eng.server_random, 32);
307 ctx->eng.pad[64 + 0] = 0x03;
308 ctx->eng.pad[64 + 1] = 0x00;
309 ctx->eng.pad[64 + 2] = curve;
310 ctx->eng.pad[64 + 3] = ctx->eng.ecdhe_point_len;
311 memcpy(ctx->eng.pad + 64 + 4,
312 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
313 hv_len = 64 + 4 + ctx->eng.ecdhe_point_len;
314 algo_id = ctx->sign_hash_id;
315 if (algo_id >= (unsigned)0xFF00) {
316 hv_len = hash_data(ctx, ctx->eng.pad, algo_id & 0xFF,
317 ctx->eng.pad, hv_len);
318 if (hv_len == 0) {
319 return -BR_ERR_INVALID_ALGORITHM;
320 }
321 }
322
323 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
324 algo_id, ctx->eng.pad, hv_len, sizeof ctx->eng.pad);
325 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
326 }
327
328 /*
329 * Do the ECDHE key exchange (part 2: computation of the shared secret
330 * from the point sent by the client).
331 */
332 static void
333 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
334 unsigned char *cpoint, size_t cpoint_len)
335 {
336 int curve;
337 uint32_t ctl;
338 size_t xoff, xlen;
339
340 curve = ctx->eng.ecdhe_curve;
341
342 /*
343 * Finalise the key exchange.
344 */
345 ctl = ctx->eng.iec->mul(cpoint, cpoint_len,
346 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
347 xoff = ctx->eng.iec->xoff(curve, &xlen);
348 ecdh_common(ctx, prf_id, cpoint + xoff, xlen, ctl);
349
350 /*
351 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
352 * as that key does not get stolen, so we'd better destroy it
353 * as soon as it ceases to be useful.
354 */
355 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
356 }
357
358 /*
359 * Offset for hash value within the pad (when obtaining all hash values,
360 * in preparation for verification of the CertificateVerify message).
361 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
362 * is used to get the total length.
363 */
364 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
365
366 /*
367 * OID for hash functions in RSA signatures.
368 */
369 static const unsigned char HASH_OID_SHA1[] = {
370 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
371 };
372
373 static const unsigned char HASH_OID_SHA224[] = {
374 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
375 };
376
377 static const unsigned char HASH_OID_SHA256[] = {
378 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
379 };
380
381 static const unsigned char HASH_OID_SHA384[] = {
382 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
383 };
384
385 static const unsigned char HASH_OID_SHA512[] = {
386 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
387 };
388
389 static const unsigned char *HASH_OID[] = {
390 HASH_OID_SHA1,
391 HASH_OID_SHA224,
392 HASH_OID_SHA256,
393 HASH_OID_SHA384,
394 HASH_OID_SHA512
395 };
396
397 /*
398 * Verify the signature in CertificateVerify. Returned value is 0 on
399 * success, or a non-zero error code. Lack of implementation of the
400 * designated signature algorithm is reported as a "bad signature"
401 * error (because it means that the peer did not honour our advertised
402 * set of supported signature algorithms).
403 */
404 static int
405 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
406 {
407 const br_x509_class **xc;
408 const br_x509_pkey *pk;
409 int id;
410
411 id = ctx->hash_CV_id;
412 xc = ctx->eng.x509ctx;
413 pk = (*xc)->get_pkey(xc, NULL);
414 if (pk->key_type == BR_KEYTYPE_RSA) {
415 unsigned char tmp[64];
416 const unsigned char *hash_oid;
417
418 if (id == 0) {
419 hash_oid = NULL;
420 } else {
421 hash_oid = HASH_OID[id - 2];
422 }
423 if (ctx->eng.irsavrfy == 0) {
424 return BR_ERR_BAD_SIGNATURE;
425 }
426 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
427 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
428 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
429 {
430 return BR_ERR_BAD_SIGNATURE;
431 }
432 } else {
433 if (ctx->eng.iecdsa == 0) {
434 return BR_ERR_BAD_SIGNATURE;
435 }
436 if (!ctx->eng.iecdsa(ctx->eng.iec,
437 ctx->hash_CV, ctx->hash_CV_len,
438 &pk->key.ec, ctx->eng.pad, sig_len))
439 {
440 return BR_ERR_BAD_SIGNATURE;
441 }
442 }
443 return 0;
444 }
445
446
447
448 static const unsigned char t0_datablock[] = {
449 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
450 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
451 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
452 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
453 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
454 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
455 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
456 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
457 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
458 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
459 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
460 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
461 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
462 };
463
464 static const unsigned char t0_codeblock[] = {
465 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
466 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
467 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
468 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
480 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
483 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
486 0x01,
487 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
488 0x00, 0x00, 0x01,
489 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
491 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
494 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
500 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
501 0x00, 0x00, 0x79, 0x01,
502 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
504 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
505 0x00, 0x01,
506 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
507 0x00, 0x01,
508 T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
510 0x00, 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
513 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
514 0x00, 0x01,
515 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
517 0x00, 0x00, 0x01,
518 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
519 0x01,
520 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
521 0x00, 0x00, 0x01,
522 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
523 0x00, 0x00, 0x01,
524 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
525 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
526 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
528 0x00, 0x01,
529 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
530 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
531 0x00, 0x00, 0x01,
532 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
533 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
535 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
536 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
537 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
538 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
539 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA6, 0x1C, 0x83,
540 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
541 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x30, 0x02, 0x00, 0x38, 0x13,
542 0x01, 0x01, 0x0C, 0x75, 0x42, 0x2C, 0x19, 0x38, 0x06, 0x07, 0x02, 0x00,
543 0xCD, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x2A, 0x19,
544 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCD, 0x04, 0x76, 0x00, 0x01, 0x00, 0x75,
545 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0x8A, 0x40, 0x36, 0xAF, 0x35,
546 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD4, 0x01, 0x00, 0xD0, 0x01, 0x00,
547 0xAB, 0x04, 0x80, 0x46, 0xD4, 0xD1, 0x29, 0xD6, 0x4E, 0x06, 0x01, 0xD2,
548 0xD5, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00, 0xAC, 0x2A, 0x5B, 0x06, 0x0F,
549 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B, 0x29, 0xB0, 0xAE, 0x2A, 0xC6,
550 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B, 0x29, 0x01, 0x02, 0xA2, 0x05,
551 0x02, 0x6E, 0x2B, 0xB0, 0x04, 0x0A, 0xB2, 0x2A, 0x05, 0x04, 0x29, 0xA9,
552 0x04, 0x02, 0xB1, 0xAD, 0x04, 0x01, 0xB0, 0x01, 0x00, 0xAB, 0x01, 0x00,
553 0xD0, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00,
554 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC,
555 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xC4, 0x19, 0x38, 0x06, 0x04,
556 0xCC, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2B, 0x00,
557 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01, 0x13, 0x37, 0x00, 0x00, 0x2A,
558 0x05, 0x04, 0x29, 0x01, 0x7F, 0x00, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01,
559 0x13, 0x5D, 0x06, 0x03, 0x5F, 0x04, 0x75, 0x47, 0x29, 0x00, 0x00, 0x01,
560 0x7F, 0x9F, 0xCC, 0x2A, 0x01, 0x07, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06,
561 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01, 0xC3, 0x04, 0x2A, 0x01, 0x01,
562 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88, 0x30, 0x01, 0x01, 0x0F, 0x01,
563 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCC, 0x29,
564 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x04, 0x03, 0x01, 0x00, 0x9F, 0x04,
565 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01, 0x2A, 0x03, 0x00, 0x09, 0x2A,
566 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00, 0x00, 0x00, 0x9A, 0x01, 0x0F,
567 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29,
568 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29, 0x01, 0x02, 0x74, 0x42, 0x01,
569 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x14, 0x29, 0x01, 0x00,
570 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00,
571 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x29,
572 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05, 0x3D, 0xA7, 0x39, 0x04, 0x78,
573 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42, 0x00, 0x00, 0x01, 0x1F, 0x13,
574 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B, 0x76, 0x2E, 0x2A, 0xC8, 0x05,
575 0x02, 0x71, 0x2B, 0xA6, 0x28, 0x00, 0x02, 0x85, 0x2E, 0x05, 0x02, 0xBA,
576 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x7E, 0x03, 0x00, 0x2A, 0x06, 0x17,
577 0xC0, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x4F, 0x2A, 0x02,
578 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04, 0x01, 0x29, 0x04, 0x66, 0x9B,
579 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00, 0x00, 0x31, 0x06, 0x0B, 0x86,
580 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x11, 0xCC, 0x01,
581 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02, 0x71, 0x2B,
582 0x04, 0x70, 0x29, 0xC1, 0x01, 0x01, 0x0E, 0x35, 0x39, 0x06, 0x02, 0x64,
583 0x2B, 0x2A, 0x01, 0x01, 0xC7, 0x38, 0xB3, 0x00, 0x01, 0xB8, 0x01, 0x0B,
584 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01, 0x03, 0x0F, 0x06, 0x08, 0xBF,
585 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00, 0x47, 0x5A, 0xBF, 0xA5, 0x2A,
586 0x06, 0x23, 0xBF, 0xA5, 0x2A, 0x59, 0x2A, 0x06, 0x18, 0x2A, 0x01, 0x82,
587 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x2A, 0x03, 0x00,
588 0x83, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x56, 0x04, 0x65, 0x9B, 0x57, 0x04,
589 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02, 0x37, 0x00, 0x29, 0x2D, 0x00,
590 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02, 0x72, 0x2B, 0x01, 0x0F, 0x13,
591 0x03, 0x00, 0xAE, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x23, 0xBE,
592 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F,
593 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12, 0x2A, 0x01, 0x02, 0x0B, 0x3A,
594 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C, 0x2B, 0x04, 0x0D, 0x02, 0x00,
595 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x02, 0x20,
596 0x05, 0x02, 0x6C, 0x2B, 0xBE, 0x2A, 0x03, 0x01, 0x2A, 0x01, 0x84, 0x00,
597 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x53, 0x2A,
598 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00, 0x1D, 0xB8, 0x01, 0x0F, 0x0F,
599 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB8, 0x01, 0x01, 0x0F, 0x05, 0x02,
600 0x71, 0x2B, 0xBE, 0x2A, 0x03, 0x00, 0x77, 0x40, 0x78, 0x01, 0x20, 0xB4,
601 0xC0, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02, 0x70, 0x2B, 0x2A, 0x8E, 0x42,
602 0x8D, 0x47, 0xB4, 0x1A, 0x03, 0x01, 0xBE, 0xA5, 0x01, 0x00, 0x03, 0x02,
603 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17, 0x3A, 0x08, 0x03, 0x04, 0x03,
604 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBE, 0x2A, 0x03, 0x06, 0x02, 0x01, 0x06,
605 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x2A,
606 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88, 0x30, 0x06, 0x02, 0x69, 0x2B,
607 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x11,
608 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00, 0x95, 0x2E, 0x0B, 0x13, 0x06,
609 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC2, 0x2A, 0x5B, 0x06, 0x03, 0x29, 0x04,
610 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x79, 0x08, 0x02,
611 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02, 0x05, 0x02, 0x04, 0x11, 0x06,
612 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04,
613 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29, 0x01, 0x00, 0x03, 0x07, 0xC0,
614 0xA5, 0x2A, 0x06, 0x09, 0xC0, 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04,
615 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01, 0x88, 0x04, 0x80, 0x41, 0x01,
616 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x80, 0x4E, 0xBE, 0xA5,
617 0x2A, 0x06, 0x80, 0x47, 0xBE, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x04, 0x29,
618 0xB7, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB5, 0x04,
619 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04,
620 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBC, 0x04, 0x19, 0x01,
621 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBD, 0x04, 0x0F, 0x01, 0x10, 0x3A,
622 0x0F, 0x06, 0x04, 0x29, 0xAA, 0x04, 0x05, 0x29, 0xBA, 0x01, 0x00, 0x29,
623 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03, 0x01,
624 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E, 0x97, 0x40, 0x01, 0x80, 0x56,
625 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10, 0x06, 0x03, 0x29, 0x02, 0x00,
626 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x6B, 0x2B, 0x02, 0x00, 0x96,
627 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0xA1, 0x02, 0x01, 0x06, 0x10,
628 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x29, 0x93, 0x2E, 0x04, 0x04,
629 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40, 0x2A, 0x94, 0x40, 0x2A, 0x97,
630 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x04, 0x01,
631 0x02, 0x88, 0x42, 0x88, 0x30, 0x05, 0x04, 0x01, 0x01, 0x88, 0x42, 0x02,
632 0x07, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07,
633 0x01, 0xFC, 0x80, 0x00, 0x39, 0x80, 0x2F, 0x13, 0x2A, 0x80, 0x41, 0x2A,
634 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47, 0x01, 0x08, 0x12, 0x5C, 0x01,
635 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7C, 0x2F, 0x43, 0x13,
636 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06,
637 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20, 0x34, 0x01, 0x20, 0x8E, 0x42,
638 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x2A,
639 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01, 0x0F, 0x47,
640 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13, 0x05, 0x04,
641 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01, 0x81, 0x70,
642 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x2A, 0x06,
643 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05, 0x01, 0x04,
644 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30,
645 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05, 0x03, 0x01,
646 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01, 0x83, 0xFF, 0x7F, 0x0F, 0x06,
647 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA1, 0x01, 0x00,
648 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x01, 0x00, 0x00, 0x00,
649 0xB2, 0xB1, 0x00, 0x04, 0x76, 0x2E, 0xCB, 0x06, 0x16, 0xBE, 0x2A, 0x01,
650 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x2A, 0x03, 0x00, 0x83, 0x47,
651 0xB4, 0x02, 0x00, 0x76, 0x2E, 0xA6, 0x27, 0x76, 0x2E, 0x2A, 0xC9, 0x47,
652 0xC8, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39, 0x06, 0x14,
653 0xC0, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB4, 0x02, 0x03, 0x76, 0x2E, 0xA6,
654 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01, 0x24, 0x9B, 0x00, 0x00, 0xB8,
655 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x00, 0x9C, 0xB8, 0x01,
656 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83, 0x01, 0x0C, 0x08, 0x01, 0x0C,
657 0xB4, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32, 0x05, 0x02,
658 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x98, 0x02,
659 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00,
660 0xCE, 0x04, 0x74, 0x00, 0xBE, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x66, 0x2B,
661 0xC0, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06, 0x02, 0x66,
662 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30, 0x0B, 0x06, 0x0D, 0x2A, 0x01,
663 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42, 0x84, 0x42, 0x04, 0x01, 0x29,
664 0x00, 0x00, 0xBE, 0x88, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x13, 0x29,
665 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x06, 0x02, 0x69, 0x2B,
666 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x1F,
667 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x01, 0x0C, 0x0F,
668 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C, 0xB4, 0x89, 0x83, 0x01, 0x0C,
669 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03, 0x69, 0x2B, 0x29, 0x00, 0x00,
670 0xBE, 0xA5, 0xBE, 0xA5, 0x2A, 0x06, 0x1D, 0xC0, 0x06, 0x03, 0xBA, 0x04,
671 0x15, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A, 0x8B, 0x08,
672 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB4, 0x04, 0x01, 0xC6, 0x04, 0x60,
673 0x9B, 0x9B, 0x00, 0x00, 0xB9, 0x2A, 0x5D, 0x06, 0x07, 0x29, 0x06, 0x02,
674 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC1, 0x01, 0x03, 0xBF, 0x47, 0x29,
675 0x47, 0x00, 0x00, 0xBE, 0xC6, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xBE,
676 0xA5, 0x2A, 0x06, 0x80, 0x50, 0xC0, 0x03, 0x01, 0xC0, 0x03, 0x02, 0x02,
677 0x01, 0x01, 0x08, 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0D, 0x06,
678 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02, 0x00, 0x39,
679 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01,
680 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03,
681 0x0F, 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60,
682 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0xFF,
683 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBE, 0xA5, 0xBB, 0x80, 0x41, 0x9B,
684 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06,
685 0x15, 0xBE, 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C,
686 0x7C, 0x2F, 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B,
687 0x00, 0x00, 0x01, 0x02, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x00,
688 0x00, 0x01, 0x03, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x01, 0x08,
689 0x0C, 0xC1, 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC1, 0x00, 0x00, 0x3D,
690 0x2A, 0x5B, 0x05, 0x01, 0x00, 0x29, 0xCE, 0x04, 0x76, 0x02, 0x03, 0x00,
691 0x92, 0x30, 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10,
692 0x2A, 0x01, 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01,
693 0x00, 0x5F, 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38,
694 0x06, 0x04, 0xCC, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
695 0xDF, 0x01, 0x00, 0xDE, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01,
696 0x15, 0x87, 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01,
697 0x01, 0x47, 0xC4, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05,
698 0xC1, 0x29, 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E,
699 0x9A, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04,
700 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13,
701 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02,
702 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01,
703 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06,
704 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F,
705 0x06, 0x0F, 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A,
706 0x04, 0x01, 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29,
707 0x29, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04,
708 0x29, 0x01, 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02,
709 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A,
710 0x0F, 0x06, 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01,
711 0x4D, 0x04, 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12,
712 0x01, 0x02, 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47,
713 0x01, 0x03, 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01,
714 0x0F, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01,
715 0x00, 0x73, 0x30, 0x2A, 0x06, 0x22, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06,
716 0x29, 0x01, 0x00, 0x9E, 0x04, 0x14, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0D,
717 0x29, 0x75, 0x30, 0x01, 0x01, 0x0F, 0x06, 0x03, 0x01, 0x10, 0x39, 0x04,
718 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B, 0x30, 0x05, 0x33, 0x31, 0x06, 0x30,
719 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x02, 0x39,
720 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0xA8, 0x06, 0x03,
721 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01, 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29,
722 0x01, 0x01, 0x39, 0x04, 0x07, 0x29, 0x01, 0x04, 0x39, 0x01, 0x00, 0x29,
723 0x19, 0x06, 0x03, 0x01, 0x08, 0x39, 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x13,
724 0x31, 0x06, 0x10, 0x86, 0x30, 0x01, 0x15, 0x0F, 0x06, 0x08, 0x29, 0xA8,
725 0x01, 0x00, 0x75, 0x42, 0x04, 0x01, 0x23, 0x00, 0x00, 0xCC, 0x01, 0x07,
726 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00, 0x01, 0x03, 0x00,
727 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00, 0xCC, 0x29, 0x04,
728 0x74, 0x00, 0x01, 0x14, 0xCF, 0x01, 0x01, 0xDF, 0x2C, 0x2A, 0x01, 0x00,
729 0xC7, 0x01, 0x16, 0xCF, 0xD3, 0x2C, 0x00, 0x00, 0x01, 0x0B, 0xDF, 0x50,
730 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDE, 0xDE, 0x14, 0x2A, 0x5B, 0x06, 0x02,
731 0x29, 0x00, 0xDE, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47, 0xD7, 0x04, 0x77,
732 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD9, 0x93, 0x2E, 0x01, 0x86, 0x03,
733 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xDA, 0x08, 0x4E, 0x08, 0x01, 0x03,
734 0x08, 0x01, 0x0D, 0xDF, 0xDE, 0x01, 0x00, 0xD9, 0xDF, 0x01, 0x01, 0xD9,
735 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, 0x01, 0x00, 0xDA,
736 0xDD, 0x01, 0x01, 0xDA, 0x29, 0x4E, 0xDD, 0x16, 0x15, 0x2A, 0x5B, 0x06,
737 0x02, 0x29, 0x00, 0xDD, 0x1F, 0x2A, 0x06, 0x05, 0x83, 0x47, 0xD7, 0x04,
738 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDF, 0x01, 0x0C, 0xDE,
739 0x83, 0x01, 0x0C, 0xD7, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0xDF, 0x01,
740 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02, 0x00, 0x06,
741 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03,
742 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03,
743 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01, 0x07, 0x08, 0x03,
744 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A, 0x06, 0x03,
745 0x01, 0x02, 0x08, 0x08, 0xDE, 0x93, 0x2E, 0xDD, 0x8C, 0x01, 0x04, 0x17,
746 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01, 0x20, 0xD7, 0x01,
747 0x20, 0xDF, 0x8D, 0x01, 0x20, 0xD7, 0x76, 0x2E, 0xDD, 0x01, 0x00, 0xDF,
748 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A, 0x06, 0x80, 0x40,
749 0xDD, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE, 0x01, 0xDD, 0x01,
750 0x04, 0x09, 0x2A, 0xDD, 0x60, 0x89, 0x47, 0xD8, 0x04, 0x01, 0x29, 0x02,
751 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDD, 0x01, 0x01, 0xDD, 0x84, 0x30, 0x01,
752 0x08, 0x09, 0xDF, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01, 0x10, 0xDD, 0x01,
753 0x04, 0x09, 0x2A, 0xDD, 0x62, 0x2A, 0xDD, 0x60, 0x83, 0x47, 0xD8, 0x04,
754 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E, 0xDF, 0x01, 0x00,
755 0xDE, 0x00, 0x03, 0x76, 0x2E, 0xC9, 0x05, 0x01, 0x00, 0x7C, 0x2F, 0x2A,
756 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x13, 0x06, 0x05, 0x29, 0x01, 0x1D,
757 0x04, 0x0E, 0x2A, 0x01, 0x83, 0xC0, 0x80, 0x80, 0x00, 0x13, 0x2A, 0x06,
758 0x01, 0x47, 0x29, 0xA3, 0x03, 0x00, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06,
759 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03,
760 0x02, 0x01, 0x0C, 0xDF, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01,
761 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDE, 0x01, 0x03, 0xDF, 0x02, 0x00,
762 0xDD, 0x7D, 0x7E, 0x30, 0xD8, 0x02, 0x02, 0x06, 0x1C, 0x90, 0x2E, 0x2A,
763 0x01, 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDD, 0x04, 0x0F, 0x01, 0x81,
764 0x7F, 0x13, 0xDF, 0x76, 0x2E, 0xCA, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08,
765 0xDF, 0x02, 0x01, 0xDD, 0x83, 0x02, 0x01, 0xD7, 0x00, 0x00, 0x54, 0x2A,
766 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCC, 0x29, 0x04, 0x73, 0x00,
767 0x2A, 0xDF, 0xD7, 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC8, 0x06, 0x0C,
768 0x61, 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xDF, 0x01, 0x80, 0x42, 0xDF,
769 0x46, 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDF, 0x45, 0x06,
770 0x08, 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40, 0xDF, 0x47, 0x29, 0x00,
771 0x01, 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01,
772 0x01, 0x80, 0x7C, 0xDB, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDB,
773 0x02, 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44,
774 0x29, 0xDB, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDB,
775 0x02, 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00,
776 0x01, 0x04, 0xDC, 0x01, 0x05, 0xDC, 0x01, 0x06, 0xDC, 0x01, 0x03, 0xDC,
777 0x01, 0x02, 0xDC, 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01,
778 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06,
779 0x07, 0x02, 0x00, 0xDF, 0x01, 0x02, 0x3B, 0xDF, 0x00, 0x00, 0x2A, 0x01,
780 0x08, 0x52, 0xDF, 0xDF, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDF, 0xDD,
781 0x00, 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00, 0xCC, 0x29, 0x04, 0x76
782 };
783
784 static const uint16_t t0_caddr[] = {
785 0,
786 5,
787 10,
788 15,
789 20,
790 25,
791 30,
792 35,
793 40,
794 44,
795 48,
796 52,
797 56,
798 60,
799 64,
800 68,
801 72,
802 76,
803 80,
804 84,
805 88,
806 92,
807 96,
808 100,
809 104,
810 109,
811 114,
812 119,
813 124,
814 129,
815 134,
816 139,
817 144,
818 149,
819 154,
820 159,
821 164,
822 169,
823 174,
824 180,
825 185,
826 190,
827 195,
828 200,
829 205,
830 210,
831 215,
832 220,
833 225,
834 230,
835 235,
836 240,
837 245,
838 250,
839 255,
840 260,
841 265,
842 270,
843 275,
844 280,
845 285,
846 290,
847 299,
848 303,
849 328,
850 334,
851 353,
852 364,
853 405,
854 516,
855 520,
856 553,
857 563,
858 587,
859 655,
860 669,
861 675,
862 734,
863 753,
864 775,
865 824,
866 873,
867 949,
868 1051,
869 1062,
870 1656,
871 1660,
872 1727,
873 1737,
874 1768,
875 1792,
876 1838,
877 1908,
878 1948,
879 1962,
880 1971,
881 1975,
882 2070,
883 2078,
884 2114,
885 2125,
886 2141,
887 2147,
888 2158,
889 2193,
890 2219,
891 2231,
892 2237,
893 2252,
894 2408,
895 2417,
896 2430,
897 2439,
898 2446,
899 2552,
900 2577,
901 2590,
902 2606,
903 2624,
904 2656,
905 2729,
906 2742,
907 2923,
908 2931,
909 3058,
910 3072,
911 3077,
912 3121,
913 3178,
914 3199,
915 3226,
916 3234,
917 3242
918 };
919
920 #define T0_INTERPRETED 91
921
922 #define T0_ENTER(ip, rp, slot) do { \
923 const unsigned char *t0_newip; \
924 uint32_t t0_lnum; \
925 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
926 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
927 (rp) += t0_lnum; \
928 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
929 (ip) = t0_newip; \
930 } while (0)
931
932 #define T0_DEFENTRY(name, slot) \
933 void \
934 name(void *ctx) \
935 { \
936 t0_context *t0ctx = ctx; \
937 t0ctx->ip = &t0_codeblock[0]; \
938 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
939 }
940
941 T0_DEFENTRY(br_ssl_hs_server_init_main, 164)
942
943 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
944
945 void
946 br_ssl_hs_server_run(void *t0ctx)
947 {
948 uint32_t *dp, *rp;
949 const unsigned char *ip;
950
951 #define T0_LOCAL(x) (*(rp - 2 - (x)))
952 #define T0_POP() (*-- dp)
953 #define T0_POPi() (*(int32_t *)(-- dp))
954 #define T0_PEEK(x) (*(dp - 1 - (x)))
955 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
956 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
957 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
958 #define T0_RPOP() (*-- rp)
959 #define T0_RPOPi() (*(int32_t *)(-- rp))
960 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
961 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
962 #define T0_ROLL(x) do { \
963 size_t t0len = (size_t)(x); \
964 uint32_t t0tmp = *(dp - 1 - t0len); \
965 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
966 *(dp - 1) = t0tmp; \
967 } while (0)
968 #define T0_SWAP() do { \
969 uint32_t t0tmp = *(dp - 2); \
970 *(dp - 2) = *(dp - 1); \
971 *(dp - 1) = t0tmp; \
972 } while (0)
973 #define T0_ROT() do { \
974 uint32_t t0tmp = *(dp - 3); \
975 *(dp - 3) = *(dp - 2); \
976 *(dp - 2) = *(dp - 1); \
977 *(dp - 1) = t0tmp; \
978 } while (0)
979 #define T0_NROT() do { \
980 uint32_t t0tmp = *(dp - 1); \
981 *(dp - 1) = *(dp - 2); \
982 *(dp - 2) = *(dp - 3); \
983 *(dp - 3) = t0tmp; \
984 } while (0)
985 #define T0_PICK(x) do { \
986 uint32_t t0depth = (x); \
987 T0_PUSH(T0_PEEK(t0depth)); \
988 } while (0)
989 #define T0_CO() do { \
990 goto t0_exit; \
991 } while (0)
992 #define T0_RET() goto t0_next
993
994 dp = ((t0_context *)t0ctx)->dp;
995 rp = ((t0_context *)t0ctx)->rp;
996 ip = ((t0_context *)t0ctx)->ip;
997 goto t0_next;
998 for (;;) {
999 uint32_t t0x;
1000
1001 t0_next:
1002 t0x = T0_NEXT(&ip);
1003 if (t0x < T0_INTERPRETED) {
1004 switch (t0x) {
1005 int32_t t0off;
1006
1007 case 0: /* ret */
1008 t0x = T0_RPOP();
1009 rp -= (t0x >> 16);
1010 t0x &= 0xFFFF;
1011 if (t0x == 0) {
1012 ip = NULL;
1013 goto t0_exit;
1014 }
1015 ip = &t0_codeblock[t0x];
1016 break;
1017 case 1: /* literal constant */
1018 T0_PUSHi(t0_parse7E_signed(&ip));
1019 break;
1020 case 2: /* read local */
1021 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
1022 break;
1023 case 3: /* write local */
1024 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1025 break;
1026 case 4: /* jump */
1027 t0off = t0_parse7E_signed(&ip);
1028 ip += t0off;
1029 break;
1030 case 5: /* jump if */
1031 t0off = t0_parse7E_signed(&ip);
1032 if (T0_POP()) {
1033 ip += t0off;
1034 }
1035 break;
1036 case 6: /* jump if not */
1037 t0off = t0_parse7E_signed(&ip);
1038 if (!T0_POP()) {
1039 ip += t0off;
1040 }
1041 break;
1042 case 7: {
1043 /* * */
1044
1045 uint32_t b = T0_POP();
1046 uint32_t a = T0_POP();
1047 T0_PUSH(a * b);
1048
1049 }
1050 break;
1051 case 8: {
1052 /* + */
1053
1054 uint32_t b = T0_POP();
1055 uint32_t a = T0_POP();
1056 T0_PUSH(a + b);
1057
1058 }
1059 break;
1060 case 9: {
1061 /* - */
1062
1063 uint32_t b = T0_POP();
1064 uint32_t a = T0_POP();
1065 T0_PUSH(a - b);
1066
1067 }
1068 break;
1069 case 10: {
1070 /* -rot */
1071 T0_NROT();
1072 }
1073 break;
1074 case 11: {
1075 /* < */
1076
1077 int32_t b = T0_POPi();
1078 int32_t a = T0_POPi();
1079 T0_PUSH(-(uint32_t)(a < b));
1080
1081 }
1082 break;
1083 case 12: {
1084 /* << */
1085
1086 int c = (int)T0_POPi();
1087 uint32_t x = T0_POP();
1088 T0_PUSH(x << c);
1089
1090 }
1091 break;
1092 case 13: {
1093 /* <= */
1094
1095 int32_t b = T0_POPi();
1096 int32_t a = T0_POPi();
1097 T0_PUSH(-(uint32_t)(a <= b));
1098
1099 }
1100 break;
1101 case 14: {
1102 /* <> */
1103
1104 uint32_t b = T0_POP();
1105 uint32_t a = T0_POP();
1106 T0_PUSH(-(uint32_t)(a != b));
1107
1108 }
1109 break;
1110 case 15: {
1111 /* = */
1112
1113 uint32_t b = T0_POP();
1114 uint32_t a = T0_POP();
1115 T0_PUSH(-(uint32_t)(a == b));
1116
1117 }
1118 break;
1119 case 16: {
1120 /* > */
1121
1122 int32_t b = T0_POPi();
1123 int32_t a = T0_POPi();
1124 T0_PUSH(-(uint32_t)(a > b));
1125
1126 }
1127 break;
1128 case 17: {
1129 /* >= */
1130
1131 int32_t b = T0_POPi();
1132 int32_t a = T0_POPi();
1133 T0_PUSH(-(uint32_t)(a >= b));
1134
1135 }
1136 break;
1137 case 18: {
1138 /* >> */
1139
1140 int c = (int)T0_POPi();
1141 int32_t x = T0_POPi();
1142 T0_PUSHi(x >> c);
1143
1144 }
1145 break;
1146 case 19: {
1147 /* and */
1148
1149 uint32_t b = T0_POP();
1150 uint32_t a = T0_POP();
1151 T0_PUSH(a & b);
1152
1153 }
1154 break;
1155 case 20: {
1156 /* begin-cert */
1157
1158 if (ENG->chain_len == 0) {
1159 T0_PUSHi(-1);
1160 } else {
1161 ENG->cert_cur = ENG->chain->data;
1162 ENG->cert_len = ENG->chain->data_len;
1163 ENG->chain ++;
1164 ENG->chain_len --;
1165 T0_PUSH(ENG->cert_len);
1166 }
1167
1168 }
1169 break;
1170 case 21: {
1171 /* begin-ta-name */
1172
1173 const br_x500_name *dn;
1174 if (CTX->cur_dn_index >= CTX->num_tas) {
1175 T0_PUSHi(-1);
1176 } else {
1177 if (CTX->ta_names == NULL) {
1178 dn = &CTX->tas[CTX->cur_dn_index].dn;
1179 } else {
1180 dn = &CTX->ta_names[CTX->cur_dn_index];
1181 }
1182 CTX->cur_dn_index ++;
1183 CTX->cur_dn = dn->data;
1184 CTX->cur_dn_len = dn->len;
1185 T0_PUSH(CTX->cur_dn_len);
1186 }
1187
1188 }
1189 break;
1190 case 22: {
1191 /* begin-ta-name-list */
1192
1193 CTX->cur_dn_index = 0;
1194
1195 }
1196 break;
1197 case 23: {
1198 /* bzero */
1199
1200 size_t len = (size_t)T0_POP();
1201 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1202 memset(addr, 0, len);
1203
1204 }
1205 break;
1206 case 24: {
1207 /* call-policy-handler */
1208
1209 int x;
1210 br_ssl_server_choices choices;
1211
1212 x = (*CTX->policy_vtable)->choose(
1213 CTX->policy_vtable, CTX, &choices);
1214 ENG->session.cipher_suite = choices.cipher_suite;
1215 CTX->sign_hash_id = choices.algo_id;
1216 ENG->chain = choices.chain;
1217 ENG->chain_len = choices.chain_len;
1218 T0_PUSHi(-(x != 0));
1219
1220 }
1221 break;
1222 case 25: {
1223 /* can-output? */
1224
1225 T0_PUSHi(-(ENG->hlen_out > 0));
1226
1227 }
1228 break;
1229 case 26: {
1230 /* check-resume */
1231
1232 if (ENG->session.session_id_len == 32
1233 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1234 CTX->cache_vtable, CTX, &ENG->session))
1235 {
1236 T0_PUSHi(-1);
1237 } else {
1238 T0_PUSH(0);
1239 }
1240
1241 }
1242 break;
1243 case 27: {
1244 /* co */
1245 T0_CO();
1246 }
1247 break;
1248 case 28: {
1249 /* compute-Finished-inner */
1250
1251 int prf_id = T0_POP();
1252 int from_client = T0_POPi();
1253 unsigned char tmp[48];
1254 br_tls_prf_seed_chunk seed;
1255
1256 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1257 seed.data = tmp;
1258 if (ENG->session.version >= BR_TLS12) {
1259 seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1260 } else {
1261 br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1262 br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1263 seed.len = 36;
1264 }
1265 prf(ENG->pad, 12, ENG->session.master_secret,
1266 sizeof ENG->session.master_secret,
1267 from_client ? "client finished" : "server finished",
1268 1, &seed);
1269
1270 }
1271 break;
1272 case 29: {
1273 /* compute-hash-CV */
1274
1275 int i;
1276
1277 for (i = 1; i <= 6; i ++) {
1278 br_multihash_out(&ENG->mhash, i,
1279 ENG->pad + HASH_PAD_OFF[i - 1]);
1280 }
1281
1282 }
1283 break;
1284 case 30: {
1285 /* copy-cert-chunk */
1286
1287 size_t clen;
1288
1289 clen = ENG->cert_len;
1290 if (clen > sizeof ENG->pad) {
1291 clen = sizeof ENG->pad;
1292 }
1293 memcpy(ENG->pad, ENG->cert_cur, clen);
1294 ENG->cert_cur += clen;
1295 ENG->cert_len -= clen;
1296 T0_PUSH(clen);
1297
1298 }
1299 break;
1300 case 31: {
1301 /* copy-dn-chunk */
1302
1303 size_t clen;
1304
1305 clen = CTX->cur_dn_len;
1306 if (clen > sizeof ENG->pad) {
1307 clen = sizeof ENG->pad;
1308 }
1309 memcpy(ENG->pad, CTX->cur_dn, clen);
1310 CTX->cur_dn += clen;
1311 CTX->cur_dn_len -= clen;
1312 T0_PUSH(clen);
1313
1314 }
1315 break;
1316 case 32: {
1317 /* copy-hash-CV */
1318
1319 int id = T0_POP();
1320 size_t off, len;
1321
1322 if (id == 0) {
1323 off = 0;
1324 len = 36;
1325 } else {
1326 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1327 T0_PUSH(0);
1328 T0_RET();
1329 }
1330 off = HASH_PAD_OFF[id - 1];
1331 len = HASH_PAD_OFF[id] - off;
1332 }
1333 memcpy(CTX->hash_CV, ENG->pad + off, len);
1334 CTX->hash_CV_len = len;
1335 CTX->hash_CV_id = id;
1336 T0_PUSHi(-1);
1337
1338 }
1339 break;
1340 case 33: {
1341 /* copy-protocol-name */
1342
1343 size_t idx = T0_POP();
1344 size_t len = strlen(ENG->protocol_names[idx]);
1345 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1346 T0_PUSH(len);
1347
1348 }
1349 break;
1350 case 34: {
1351 /* data-get8 */
1352
1353 size_t addr = T0_POP();
1354 T0_PUSH(t0_datablock[addr]);
1355
1356 }
1357 break;
1358 case 35: {
1359 /* discard-input */
1360
1361 ENG->hlen_in = 0;
1362
1363 }
1364 break;
1365 case 36: {
1366 /* do-ecdh */
1367
1368 int prf_id = T0_POPi();
1369 size_t len = T0_POP();
1370 do_ecdh(CTX, prf_id, ENG->pad, len);
1371
1372 }
1373 break;
1374 case 37: {
1375 /* do-ecdhe-part1 */
1376
1377 int curve = T0_POPi();
1378 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1379
1380 }
1381 break;
1382 case 38: {
1383 /* do-ecdhe-part2 */
1384
1385 int prf_id = T0_POPi();
1386 size_t len = T0_POP();
1387 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1388
1389 }
1390 break;
1391 case 39: {
1392 /* do-rsa-decrypt */
1393
1394 int prf_id = T0_POPi();
1395 size_t len = T0_POP();
1396 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1397
1398 }
1399 break;
1400 case 40: {
1401 /* do-static-ecdh */
1402
1403 do_static_ecdh(CTX, T0_POP());
1404
1405 }
1406 break;
1407 case 41: {
1408 /* drop */
1409 (void)T0_POP();
1410 }
1411 break;
1412 case 42: {
1413 /* dup */
1414 T0_PUSH(T0_PEEK(0));
1415 }
1416 break;
1417 case 43: {
1418 /* fail */
1419
1420 br_ssl_engine_fail(ENG, (int)T0_POPi());
1421 T0_CO();
1422
1423 }
1424 break;
1425 case 44: {
1426 /* flush-record */
1427
1428 br_ssl_engine_flush_record(ENG);
1429
1430 }
1431 break;
1432 case 45: {
1433 /* get-key-type-usages */
1434
1435 const br_x509_class *xc;
1436 const br_x509_pkey *pk;
1437 unsigned usages;
1438
1439 xc = *(ENG->x509ctx);
1440 pk = xc->get_pkey(ENG->x509ctx, &usages);
1441 if (pk == NULL) {
1442 T0_PUSH(0);
1443 } else {
1444 T0_PUSH(pk->key_type | usages);
1445 }
1446
1447 }
1448 break;
1449 case 46: {
1450 /* get16 */
1451
1452 size_t addr = (size_t)T0_POP();
1453 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1454
1455 }
1456 break;
1457 case 47: {
1458 /* get32 */
1459
1460 size_t addr = (size_t)T0_POP();
1461 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1462
1463 }
1464 break;
1465 case 48: {
1466 /* get8 */
1467
1468 size_t addr = (size_t)T0_POP();
1469 T0_PUSH(*((unsigned char *)ENG + addr));
1470
1471 }
1472 break;
1473 case 49: {
1474 /* has-input? */
1475
1476 T0_PUSHi(-(ENG->hlen_in != 0));
1477
1478 }
1479 break;
1480 case 50: {
1481 /* memcmp */
1482
1483 size_t len = (size_t)T0_POP();
1484 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1485 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1486 int x = memcmp(addr1, addr2, len);
1487 T0_PUSH((uint32_t)-(x == 0));
1488
1489 }
1490 break;
1491 case 51: {
1492 /* memcpy */
1493
1494 size_t len = (size_t)T0_POP();
1495 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1496 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1497 memcpy(dst, src, len);
1498
1499 }
1500 break;
1501 case 52: {
1502 /* mkrand */
1503
1504 size_t len = (size_t)T0_POP();
1505 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1506 br_hmac_drbg_generate(&ENG->rng, addr, len);
1507
1508 }
1509 break;
1510 case 53: {
1511 /* more-incoming-bytes? */
1512
1513 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1514
1515 }
1516 break;
1517 case 54: {
1518 /* multihash-init */
1519
1520 br_multihash_init(&ENG->mhash);
1521
1522 }
1523 break;
1524 case 55: {
1525 /* neg */
1526
1527 uint32_t a = T0_POP();
1528 T0_PUSH(-a);
1529
1530 }
1531 break;
1532 case 56: {
1533 /* not */
1534
1535 uint32_t a = T0_POP();
1536 T0_PUSH(~a);
1537
1538 }
1539 break;
1540 case 57: {
1541 /* or */
1542
1543 uint32_t b = T0_POP();
1544 uint32_t a = T0_POP();
1545 T0_PUSH(a | b);
1546
1547 }
1548 break;
1549 case 58: {
1550 /* over */
1551 T0_PUSH(T0_PEEK(1));
1552 }
1553 break;
1554 case 59: {
1555 /* pick */
1556 T0_PICK(T0_POP());
1557 }
1558 break;
1559 case 60: {
1560 /* read-chunk-native */
1561
1562 size_t clen = ENG->hlen_in;
1563 if (clen > 0) {
1564 uint32_t addr, len;
1565
1566 len = T0_POP();
1567 addr = T0_POP();
1568 if ((size_t)len < clen) {
1569 clen = (size_t)len;
1570 }
1571 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1572 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1573 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1574 }
1575 T0_PUSH(addr + (uint32_t)clen);
1576 T0_PUSH(len - (uint32_t)clen);
1577 ENG->hbuf_in += clen;
1578 ENG->hlen_in -= clen;
1579 }
1580
1581 }
1582 break;
1583 case 61: {
1584 /* read8-native */
1585
1586 if (ENG->hlen_in > 0) {
1587 unsigned char x;
1588
1589 x = *ENG->hbuf_in ++;
1590 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1591 br_multihash_update(&ENG->mhash, &x, 1);
1592 }
1593 T0_PUSH(x);
1594 ENG->hlen_in --;
1595 } else {
1596 T0_PUSHi(-1);
1597 }
1598
1599 }
1600 break;
1601 case 62: {
1602 /* save-session */
1603
1604 if (CTX->cache_vtable != NULL) {
1605 (*CTX->cache_vtable)->save(
1606 CTX->cache_vtable, CTX, &ENG->session);
1607 }
1608
1609 }
1610 break;
1611 case 63: {
1612 /* set-max-frag-len */
1613
1614 size_t max_frag_len = T0_POP();
1615
1616 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1617
1618 /*
1619 * We must adjust our own output limit. Since we call this only
1620 * after receiving a ClientHello and before beginning to send
1621 * the ServerHello, the next output record should be empty at
1622 * that point, so we can use max_frag_len as a limit.
1623 */
1624 if (ENG->hlen_out > max_frag_len) {
1625 ENG->hlen_out = max_frag_len;
1626 }
1627
1628 }
1629 break;
1630 case 64: {
1631 /* set16 */
1632
1633 size_t addr = (size_t)T0_POP();
1634 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1635
1636 }
1637 break;
1638 case 65: {
1639 /* set32 */
1640
1641 size_t addr = (size_t)T0_POP();
1642 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1643
1644 }
1645 break;
1646 case 66: {
1647 /* set8 */
1648
1649 size_t addr = (size_t)T0_POP();
1650 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1651
1652 }
1653 break;
1654 case 67: {
1655 /* supported-curves */
1656
1657 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1658 T0_PUSH(x);
1659
1660 }
1661 break;
1662 case 68: {
1663 /* supported-hash-functions */
1664
1665 int i;
1666 unsigned x, num;
1667
1668 x = 0;
1669 num = 0;
1670 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1671 if (br_multihash_getimpl(&ENG->mhash, i)) {
1672 x |= 1U << i;
1673 num ++;
1674 }
1675 }
1676 T0_PUSH(x);
1677 T0_PUSH(num);
1678
1679 }
1680 break;
1681 case 69: {
1682 /* supports-ecdsa? */
1683
1684 T0_PUSHi(-(ENG->iecdsa != 0));
1685
1686 }
1687 break;
1688 case 70: {
1689 /* supports-rsa-sign? */
1690
1691 T0_PUSHi(-(ENG->irsavrfy != 0));
1692
1693 }
1694 break;
1695 case 71: {
1696 /* swap */
1697 T0_SWAP();
1698 }
1699 break;
1700 case 72: {
1701 /* switch-aesgcm-in */
1702
1703 int is_client, prf_id;
1704 unsigned cipher_key_len;
1705
1706 cipher_key_len = T0_POP();
1707 prf_id = T0_POP();
1708 is_client = T0_POP();
1709 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1710 ENG->iaes_ctr, cipher_key_len);
1711
1712 }
1713 break;
1714 case 73: {
1715 /* switch-aesgcm-out */
1716
1717 int is_client, prf_id;
1718 unsigned cipher_key_len;
1719
1720 cipher_key_len = T0_POP();
1721 prf_id = T0_POP();
1722 is_client = T0_POP();
1723 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1724 ENG->iaes_ctr, cipher_key_len);
1725
1726 }
1727 break;
1728 case 74: {
1729 /* switch-cbc-in */
1730
1731 int is_client, prf_id, mac_id, aes;
1732 unsigned cipher_key_len;
1733
1734 cipher_key_len = T0_POP();
1735 aes = T0_POP();
1736 mac_id = T0_POP();
1737 prf_id = T0_POP();
1738 is_client = T0_POP();
1739 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1740 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1741
1742 }
1743 break;
1744 case 75: {
1745 /* switch-cbc-out */
1746
1747 int is_client, prf_id, mac_id, aes;
1748 unsigned cipher_key_len;
1749
1750 cipher_key_len = T0_POP();
1751 aes = T0_POP();
1752 mac_id = T0_POP();
1753 prf_id = T0_POP();
1754 is_client = T0_POP();
1755 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1756 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1757
1758 }
1759 break;
1760 case 76: {
1761 /* switch-chapol-in */
1762
1763 int is_client, prf_id;
1764
1765 prf_id = T0_POP();
1766 is_client = T0_POP();
1767 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1768
1769 }
1770 break;
1771 case 77: {
1772 /* switch-chapol-out */
1773
1774 int is_client, prf_id;
1775
1776 prf_id = T0_POP();
1777 is_client = T0_POP();
1778 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1779
1780 }
1781 break;
1782 case 78: {
1783 /* ta-names-total-length */
1784
1785 size_t u, len;
1786
1787 len = 0;
1788 if (CTX->ta_names != NULL) {
1789 for (u = 0; u < CTX->num_tas; u ++) {
1790 len += CTX->ta_names[u].len + 2;
1791 }
1792 } else if (CTX->tas != NULL) {
1793 for (u = 0; u < CTX->num_tas; u ++) {
1794 len += CTX->tas[u].dn.len + 2;
1795 }
1796 }
1797 T0_PUSH(len);
1798
1799 }
1800 break;
1801 case 79: {
1802 /* test-protocol-name */
1803
1804 size_t len = T0_POP();
1805 size_t u;
1806
1807 for (u = 0; u < ENG->protocol_names_num; u ++) {
1808 const char *name;
1809
1810 name = ENG->protocol_names[u];
1811 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1812 T0_PUSH(u);
1813 T0_RET();
1814 }
1815 }
1816 T0_PUSHi(-1);
1817
1818 }
1819 break;
1820 case 80: {
1821 /* total-chain-length */
1822
1823 size_t u;
1824 uint32_t total;
1825
1826 total = 0;
1827 for (u = 0; u < ENG->chain_len; u ++) {
1828 total += 3 + (uint32_t)ENG->chain[u].data_len;
1829 }
1830 T0_PUSH(total);
1831
1832 }
1833 break;
1834 case 81: {
1835 /* u< */
1836
1837 uint32_t b = T0_POP();
1838 uint32_t a = T0_POP();
1839 T0_PUSH(-(uint32_t)(a < b));
1840
1841 }
1842 break;
1843 case 82: {
1844 /* u>> */
1845
1846 int c = (int)T0_POPi();
1847 uint32_t x = T0_POP();
1848 T0_PUSH(x >> c);
1849
1850 }
1851 break;
1852 case 83: {
1853 /* verify-CV-sig */
1854
1855 int err;
1856
1857 err = verify_CV_sig(CTX, T0_POP());
1858 T0_PUSHi(err);
1859
1860 }
1861 break;
1862 case 84: {
1863 /* write-blob-chunk */
1864
1865 size_t clen = ENG->hlen_out;
1866 if (clen > 0) {
1867 uint32_t addr, len;
1868
1869 len = T0_POP();
1870 addr = T0_POP();
1871 if ((size_t)len < clen) {
1872 clen = (size_t)len;
1873 }
1874 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1875 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1876 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1877 }
1878 T0_PUSH(addr + (uint32_t)clen);
1879 T0_PUSH(len - (uint32_t)clen);
1880 ENG->hbuf_out += clen;
1881 ENG->hlen_out -= clen;
1882 }
1883
1884 }
1885 break;
1886 case 85: {
1887 /* write8-native */
1888
1889 unsigned char x;
1890
1891 x = (unsigned char)T0_POP();
1892 if (ENG->hlen_out > 0) {
1893 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1894 br_multihash_update(&ENG->mhash, &x, 1);
1895 }
1896 *ENG->hbuf_out ++ = x;
1897 ENG->hlen_out --;
1898 T0_PUSHi(-1);
1899 } else {
1900 T0_PUSHi(0);
1901 }
1902
1903 }
1904 break;
1905 case 86: {
1906 /* x509-append */
1907
1908 const br_x509_class *xc;
1909 size_t len;
1910
1911 xc = *(ENG->x509ctx);
1912 len = T0_POP();
1913 xc->append(ENG->x509ctx, ENG->pad, len);
1914
1915 }
1916 break;
1917 case 87: {
1918 /* x509-end-cert */
1919
1920 const br_x509_class *xc;
1921
1922 xc = *(ENG->x509ctx);
1923 xc->end_cert(ENG->x509ctx);
1924
1925 }
1926 break;
1927 case 88: {
1928 /* x509-end-chain */
1929
1930 const br_x509_class *xc;
1931
1932 xc = *(ENG->x509ctx);
1933 T0_PUSH(xc->end_chain(ENG->x509ctx));
1934
1935 }
1936 break;
1937 case 89: {
1938 /* x509-start-cert */
1939
1940 const br_x509_class *xc;
1941
1942 xc = *(ENG->x509ctx);
1943 xc->start_cert(ENG->x509ctx, T0_POP());
1944
1945 }
1946 break;
1947 case 90: {
1948 /* x509-start-chain */
1949
1950 const br_x509_class *xc;
1951 uint32_t bc;
1952
1953 bc = T0_POP();
1954 xc = *(ENG->x509ctx);
1955 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1956
1957 }
1958 break;
1959 }
1960
1961 } else {
1962 T0_ENTER(ip, rp, t0x);
1963 }
1964 }
1965 t0_exit:
1966 ((t0_context *)t0ctx)->dp = dp;
1967 ((t0_context *)t0ctx)->rp = rp;
1968 ((t0_context *)t0ctx)->ip = ip;
1969 }
The BearSSL library and tools.