1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *cpoint
, size_t cpoint_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
155 pms_len
= cpoint_len
>> 1;
156 if (pms_len
> sizeof rpms
) {
157 pms_len
= sizeof rpms
;
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
166 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, pms_len
);
167 br_ccopy(ctl
^ 1, cpoint
+ 1, rpms
, pms_len
);
170 * Compute master secret.
172 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, cpoint
+ 1, pms_len
);
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
178 memset(cpoint
, 0, cpoint_len
);
182 * Do the ECDH key exchange (not ECDHE).
185 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
186 unsigned char *cpoint
, size_t cpoint_len
)
191 * Finalise the key exchange.
193 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
195 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
206 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
210 const unsigned char *order
, *generator
;
212 br_multihash_context mhc
;
213 unsigned char head
[4];
214 size_t hv_len
, sig_len
;
216 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM
;
219 ctx
->eng
.ecdhe_curve
= curve
;
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
229 order
= ctx
->eng
.iec
->order(curve
, &olen
);
231 while (mask
>= order
[0]) {
234 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
235 ctx
->ecdhe_key
[0] &= mask
;
236 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
237 ctx
->ecdhe_key_len
= olen
;
240 * Compute our ECDH point.
242 generator
= ctx
->eng
.iec
->generator(curve
, &glen
);
243 memcpy(ctx
->eng
.ecdhe_point
, generator
, glen
);
244 ctx
->eng
.ecdhe_point_len
= glen
;
245 if (!ctx
->eng
.iec
->mul(ctx
->eng
.ecdhe_point
, glen
,
246 ctx
->ecdhe_key
, olen
, curve
))
248 return -BR_ERR_INVALID_ALGORITHM
;
252 * Compute the signature.
254 br_multihash_zero(&mhc
);
255 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
256 br_multihash_init(&mhc
);
257 br_multihash_update(&mhc
,
258 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
259 br_multihash_update(&mhc
,
260 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
264 head
[3] = ctx
->eng
.ecdhe_point_len
;
265 br_multihash_update(&mhc
, head
, sizeof head
);
266 br_multihash_update(&mhc
,
267 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
268 hash
= ctx
->sign_hash_id
;
270 hv_len
= br_multihash_out(&mhc
, hash
, ctx
->eng
.pad
);
272 return -BR_ERR_INVALID_ALGORITHM
;
275 if (!br_multihash_out(&mhc
, br_md5_ID
, ctx
->eng
.pad
)
276 || !br_multihash_out(&mhc
,
277 br_sha1_ID
, ctx
->eng
.pad
+ 16))
279 return -BR_ERR_INVALID_ALGORITHM
;
283 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
284 hash
, hv_len
, ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
285 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
293 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
294 unsigned char *cpoint
, size_t cpoint_len
)
299 curve
= ctx
->eng
.ecdhe_curve
;
302 * Finalise the key exchange.
304 x
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
305 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
306 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
313 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
318 static const uint8_t t0_datablock
[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
334 static const uint8_t t0_codeblock
[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
352 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
354 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
357 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
360 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
371 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
374 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
379 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
381 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
383 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
385 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
390 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
393 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x2E, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x25, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0E, 0x01,
418 0x01, 0x81, 0x04, 0x30, 0x06, 0x11, 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81,
419 0x25, 0x21, 0x04, 0x77, 0x01, 0x80, 0x64, 0x81, 0x1E, 0x04, 0x04, 0x01,
420 0x00, 0x81, 0x01, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0xFF, 0x39, 0x01,
421 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02, 0x00,
422 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01, 0x00,
423 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x21,
424 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x31, 0x0E,
425 0x06, 0x15, 0x21, 0x01, 0x00, 0x58, 0x38, 0x22, 0x01, 0x80, 0x64, 0x0E,
426 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x23, 0x46, 0x00, 0x04, 0x07, 0x21,
427 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28, 0x06,
428 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01, 0x01,
429 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14, 0x0D,
430 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12, 0x22,
431 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F, 0x21,
432 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23, 0x22,
433 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12, 0x01,
434 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00, 0x5B,
435 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20, 0x0F,
436 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E, 0x17,
437 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00,
438 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03, 0x05,
439 0x22, 0x06, 0x80, 0x70, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01, 0x06,
440 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x22,
441 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51, 0x23,
442 0x01, 0x7F, 0x03, 0x02, 0x22, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x11,
443 0x02, 0x00, 0x78, 0x25, 0x10, 0x02, 0x00, 0x77, 0x25, 0x0A, 0x12, 0x06,
444 0x04, 0x01, 0x7F, 0x03, 0x00, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03, 0x21,
445 0x04, 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B, 0x5D,
446 0x08, 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02, 0x04,
447 0x10, 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02, 0x05,
448 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0C, 0x21, 0x01, 0x00, 0x03,
449 0x07, 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05, 0x04,
450 0x01, 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38, 0x01,
451 0x88, 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37, 0x22,
452 0x06, 0x80, 0x4D, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x44, 0x81,
453 0x17, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04, 0x34,
454 0x01, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x29, 0x01,
455 0x83, 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04, 0x1C,
456 0x01, 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x11, 0x01,
457 0x0A, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x06, 0x21, 0x81,
458 0x14, 0x01, 0x00, 0x21, 0x04, 0xFF, 0x38, 0x7D, 0x7D, 0x02, 0x01, 0x02,
459 0x03, 0x12, 0x03, 0x01, 0x02, 0x00, 0x44, 0x06, 0x09, 0x5B, 0x25, 0x79,
460 0x36, 0x01, 0x80, 0x56, 0x81, 0x03, 0x77, 0x25, 0x22, 0x02, 0x00, 0x0F,
461 0x06, 0x03, 0x21, 0x02, 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06, 0x02,
462 0x52, 0x23, 0x02, 0x00, 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80, 0x46,
463 0x81, 0x03, 0x02, 0x01, 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C, 0x06,
464 0x05, 0x21, 0x75, 0x25, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22, 0x75,
465 0x36, 0x22, 0x76, 0x36, 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10, 0x03,
466 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07, 0x05,
467 0x04, 0x01, 0x28, 0x81, 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07, 0x64,
468 0x25, 0x12, 0x22, 0x64, 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39, 0x12,
469 0x22, 0x60, 0x37, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06,
470 0x03, 0x01, 0x7F, 0x00, 0x6F, 0x01, 0x20, 0x2B, 0x01, 0x20, 0x70, 0x38,
471 0x5D, 0x22, 0x03, 0x05, 0x22, 0x02, 0x04, 0x0A, 0x06, 0x80, 0x47, 0x22,
472 0x25, 0x22, 0x7C, 0x02, 0x09, 0x05, 0x13, 0x22, 0x01, 0x0C, 0x11, 0x22,
473 0x01, 0x01, 0x0E, 0x3B, 0x01, 0x02, 0x0E, 0x30, 0x06, 0x04, 0x4B, 0x01,
474 0x00, 0x22, 0x02, 0x08, 0x05, 0x0E, 0x22, 0x01, 0x81, 0x70, 0x12, 0x01,
475 0x20, 0x0D, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x22, 0x06, 0x10, 0x02,
476 0x05, 0x4A, 0x36, 0x02, 0x05, 0x36, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03,
477 0x05, 0x04, 0x01, 0x4B, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x32, 0x21, 0x02,
478 0x05, 0x5D, 0x09, 0x01, 0x02, 0x11, 0x22, 0x05, 0x04, 0x01, 0x28, 0x81,
479 0x03, 0x5E, 0x38, 0x15, 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x01, 0x00,
480 0x00, 0x04, 0x81, 0x12, 0x01, 0x10, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x5A,
481 0x25, 0x81, 0x24, 0x06, 0x19, 0x81, 0x17, 0x22, 0x01, 0x84, 0x00, 0x0F,
482 0x06, 0x02, 0x53, 0x23, 0x22, 0x03, 0x00, 0x67, 0x3B, 0x81, 0x0E, 0x02,
483 0x00, 0x5A, 0x25, 0x81, 0x07, 0x20, 0x5A, 0x25, 0x22, 0x81, 0x22, 0x3B,
484 0x81, 0x21, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x30, 0x06,
485 0x17, 0x81, 0x19, 0x22, 0x03, 0x03, 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x03,
486 0x5A, 0x25, 0x81, 0x07, 0x02, 0x02, 0x06, 0x03, 0x1F, 0x04, 0x01, 0x1D,
487 0x7D, 0x00, 0x00, 0x7E, 0x81, 0x12, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x56,
488 0x23, 0x67, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x81, 0x0E, 0x7D, 0x67, 0x22,
489 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x4D, 0x23, 0x00, 0x02,
490 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x7A, 0x02, 0x01, 0x02, 0x00, 0x32,
491 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81, 0x27, 0x04, 0x73,
492 0x00, 0x81, 0x17, 0x01, 0x01, 0x0D, 0x06, 0x02, 0x4E, 0x23, 0x81, 0x19,
493 0x22, 0x22, 0x46, 0x3B, 0x01, 0x05, 0x10, 0x30, 0x06, 0x02, 0x4E, 0x23,
494 0x01, 0x08, 0x08, 0x22, 0x66, 0x27, 0x0A, 0x06, 0x0D, 0x22, 0x01, 0x01,
495 0x3B, 0x0B, 0x35, 0x22, 0x66, 0x38, 0x68, 0x38, 0x04, 0x01, 0x21, 0x00,
496 0x00, 0x81, 0x17, 0x6B, 0x27, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x14, 0x21,
497 0x01, 0x01, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81, 0x19, 0x06, 0x02, 0x51,
498 0x23, 0x01, 0x02, 0x6B, 0x38, 0x04, 0x2A, 0x01, 0x02, 0x31, 0x0E, 0x06,
499 0x21, 0x21, 0x01, 0x0D, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81, 0x19, 0x01,
500 0x0C, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x67, 0x01, 0x0C, 0x81, 0x0E, 0x6C,
501 0x67, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x51, 0x23, 0x04, 0x03, 0x51, 0x23,
502 0x21, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x22,
503 0x06, 0x22, 0x81, 0x19, 0x06, 0x04, 0x81, 0x14, 0x04, 0x18, 0x81, 0x17,
504 0x22, 0x01, 0x81, 0x7F, 0x0C, 0x06, 0x0D, 0x22, 0x6D, 0x08, 0x01, 0x00,
505 0x3B, 0x38, 0x6D, 0x3B, 0x81, 0x0E, 0x04, 0x02, 0x81, 0x1F, 0x04, 0x5B,
506 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x13, 0x22, 0x46, 0x06, 0x07, 0x21, 0x06,
507 0x02, 0x4F, 0x23, 0x04, 0x73, 0x00, 0x00, 0x81, 0x1A, 0x01, 0x03, 0x81,
508 0x18, 0x3B, 0x21, 0x3B, 0x00, 0x00, 0x81, 0x17, 0x81, 0x1F, 0x00, 0x02,
509 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x64, 0x36, 0x81, 0x17, 0x81, 0x06,
510 0x22, 0x06, 0x34, 0x81, 0x19, 0x03, 0x00, 0x81, 0x19, 0x03, 0x01, 0x02,
511 0x00, 0x01, 0x02, 0x10, 0x02, 0x00, 0x01, 0x06, 0x0C, 0x12, 0x02, 0x01,
512 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x03, 0x0E, 0x30, 0x12, 0x06, 0x11,
513 0x64, 0x25, 0x01, 0x01, 0x02, 0x01, 0x49, 0x01, 0x02, 0x0B, 0x02, 0x00,
514 0x08, 0x0B, 0x30, 0x64, 0x36, 0x04, 0x49, 0x7D, 0x7D, 0x00, 0x00, 0x81,
515 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x60, 0x37, 0x22,
516 0x06, 0x16, 0x81, 0x17, 0x22, 0x01, 0x20, 0x0A, 0x06, 0x0B, 0x01, 0x01,
517 0x3B, 0x0B, 0x60, 0x26, 0x30, 0x60, 0x37, 0x04, 0x01, 0x21, 0x04, 0x67,
518 0x7D, 0x7D, 0x00, 0x00, 0x01, 0x02, 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B,
519 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x03, 0x7A, 0x81, 0x1A, 0x01, 0x08,
520 0x0B, 0x81, 0x1A, 0x08, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00,
521 0x01, 0x01, 0x7A, 0x81, 0x1A, 0x00, 0x00, 0x33, 0x22, 0x44, 0x05, 0x01,
522 0x00, 0x21, 0x81, 0x27, 0x04, 0x75, 0x02, 0x03, 0x00, 0x74, 0x27, 0x03,
523 0x01, 0x01, 0x00, 0x22, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x22, 0x01, 0x01,
524 0x0B, 0x73, 0x08, 0x25, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x48, 0x04,
525 0x6A, 0x21, 0x01, 0x7F, 0x00, 0x00, 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81,
526 0x25, 0x21, 0x04, 0x77, 0x01, 0x16, 0x6A, 0x38, 0x01, 0x00, 0x81, 0x33,
527 0x01, 0x00, 0x81, 0x32, 0x24, 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x01,
528 0x15, 0x6A, 0x38, 0x3B, 0x43, 0x21, 0x43, 0x21, 0x24, 0x00, 0x00, 0x01,
529 0x01, 0x3B, 0x81, 0x1D, 0x00, 0x00, 0x3B, 0x31, 0x7A, 0x3B, 0x22, 0x06,
530 0x06, 0x81, 0x1A, 0x21, 0x49, 0x04, 0x77, 0x21, 0x00, 0x02, 0x03, 0x00,
531 0x5A, 0x25, 0x7C, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x12, 0x02, 0x01,
532 0x01, 0x04, 0x11, 0x01, 0x0F, 0x12, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01,
533 0x0F, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01, 0x00, 0x01,
534 0x18, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x80, 0x56,
535 0x01, 0x01, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01, 0x01, 0x01, 0x10, 0x02,
536 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x80, 0x40, 0x01, 0x02,
537 0x31, 0x0E, 0x06, 0x0F, 0x21, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06,
538 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x2B, 0x01, 0x03, 0x31, 0x0E, 0x06,
539 0x0E, 0x21, 0x21, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01,
540 0x3D, 0x04, 0x17, 0x01, 0x04, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01,
541 0x20, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x03, 0x50,
542 0x23, 0x21, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
543 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x22, 0x47, 0x3B, 0x01, 0x03, 0x0A, 0x12,
544 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x7C,
545 0x01, 0x0C, 0x11, 0x46, 0x00, 0x00, 0x18, 0x01, 0x00, 0x57, 0x27, 0x22,
546 0x06, 0x20, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x07, 0x21, 0x01, 0x00, 0x81,
547 0x00, 0x04, 0x11, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0A, 0x21, 0x59, 0x27,
548 0x06, 0x03, 0x01, 0x10, 0x30, 0x04, 0x01, 0x21, 0x04, 0x01, 0x21, 0x5F,
549 0x27, 0x05, 0x35, 0x28, 0x06, 0x32, 0x69, 0x27, 0x01, 0x14, 0x31, 0x0E,
550 0x06, 0x06, 0x21, 0x01, 0x02, 0x30, 0x04, 0x24, 0x01, 0x15, 0x31, 0x0E,
551 0x06, 0x0B, 0x21, 0x81, 0x09, 0x06, 0x04, 0x01, 0x7F, 0x81, 0x00, 0x04,
552 0x13, 0x01, 0x16, 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01, 0x01, 0x30, 0x04,
553 0x07, 0x21, 0x01, 0x04, 0x30, 0x01, 0x00, 0x21, 0x16, 0x06, 0x03, 0x01,
554 0x08, 0x30, 0x00, 0x00, 0x18, 0x22, 0x05, 0x10, 0x28, 0x06, 0x0D, 0x69,
555 0x27, 0x01, 0x15, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x09, 0x04, 0x01, 0x1C,
556 0x00, 0x00, 0x81, 0x25, 0x01, 0x07, 0x12, 0x01, 0x01, 0x0F, 0x06, 0x02,
557 0x56, 0x23, 0x00, 0x01, 0x03, 0x00, 0x24, 0x16, 0x06, 0x05, 0x02, 0x00,
558 0x6A, 0x38, 0x00, 0x81, 0x25, 0x21, 0x04, 0x73, 0x00, 0x01, 0x14, 0x81,
559 0x28, 0x01, 0x01, 0x81, 0x33, 0x24, 0x22, 0x01, 0x00, 0x81, 0x20, 0x01,
560 0x16, 0x81, 0x28, 0x81, 0x2B, 0x24, 0x00, 0x00, 0x01, 0x0B, 0x81, 0x33,
561 0x40, 0x22, 0x01, 0x03, 0x08, 0x81, 0x32, 0x81, 0x32, 0x13, 0x22, 0x44,
562 0x06, 0x02, 0x21, 0x00, 0x81, 0x32, 0x1A, 0x22, 0x06, 0x06, 0x67, 0x3B,
563 0x81, 0x2F, 0x04, 0x76, 0x21, 0x04, 0x6A, 0x00, 0x7E, 0x01, 0x14, 0x81,
564 0x33, 0x01, 0x0C, 0x81, 0x32, 0x67, 0x01, 0x0C, 0x81, 0x2F, 0x00, 0x03,
565 0x03, 0x00, 0x01, 0x02, 0x81, 0x33, 0x01, 0x80, 0x46, 0x6B, 0x27, 0x01,
566 0x02, 0x0E, 0x06, 0x0C, 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
567 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03, 0x01, 0x68, 0x27, 0x06, 0x04,
568 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02,
569 0x08, 0x22, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0x81, 0x32, 0x75, 0x25,
570 0x81, 0x31, 0x6E, 0x01, 0x04, 0x14, 0x6E, 0x01, 0x04, 0x08, 0x01, 0x1C,
571 0x2B, 0x6E, 0x01, 0x20, 0x81, 0x2F, 0x01, 0x20, 0x81, 0x33, 0x6F, 0x01,
572 0x20, 0x81, 0x2F, 0x5A, 0x25, 0x81, 0x31, 0x01, 0x00, 0x81, 0x33, 0x02,
573 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x30, 0x81, 0x31, 0x02, 0x01, 0x22,
574 0x06, 0x13, 0x01, 0x83, 0xFE, 0x01, 0x81, 0x31, 0x01, 0x04, 0x09, 0x22,
575 0x81, 0x31, 0x49, 0x6C, 0x3B, 0x81, 0x30, 0x04, 0x01, 0x21, 0x02, 0x02,
576 0x06, 0x0F, 0x01, 0x01, 0x81, 0x31, 0x01, 0x01, 0x81, 0x31, 0x68, 0x27,
577 0x01, 0x08, 0x09, 0x81, 0x33, 0x04, 0x01, 0x21, 0x00, 0x00, 0x01, 0x0E,
578 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x00, 0x03, 0x5A, 0x25, 0x81, 0x22,
579 0x05, 0x01, 0x00, 0x60, 0x26, 0x01, 0x00, 0x81, 0x02, 0x11, 0x01, 0x01,
580 0x12, 0x46, 0x06, 0x03, 0x48, 0x04, 0x74, 0x03, 0x00, 0x21, 0x02, 0x00,
581 0x1E, 0x22, 0x44, 0x06, 0x02, 0x2E, 0x23, 0x03, 0x01, 0x75, 0x25, 0x01,
582 0x86, 0x03, 0x10, 0x03, 0x02, 0x01, 0x0C, 0x81, 0x33, 0x02, 0x01, 0x62,
583 0x27, 0x08, 0x02, 0x02, 0x01, 0x02, 0x12, 0x08, 0x01, 0x06, 0x08, 0x81,
584 0x32, 0x01, 0x03, 0x81, 0x33, 0x02, 0x00, 0x81, 0x31, 0x61, 0x62, 0x27,
585 0x81, 0x30, 0x02, 0x02, 0x06, 0x10, 0x72, 0x27, 0x81, 0x33, 0x5A, 0x25,
586 0x81, 0x23, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x81, 0x33, 0x02, 0x01,
587 0x81, 0x31, 0x67, 0x02, 0x01, 0x81, 0x2F, 0x00, 0x00, 0x42, 0x22, 0x01,
588 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81, 0x25, 0x21, 0x04, 0x72, 0x00,
589 0x22, 0x81, 0x33, 0x81, 0x2F, 0x00, 0x00, 0x22, 0x01, 0x08, 0x41, 0x81,
590 0x33, 0x81, 0x33, 0x00, 0x00, 0x22, 0x01, 0x10, 0x41, 0x81, 0x33, 0x81,
591 0x31, 0x00, 0x00, 0x22, 0x43, 0x06, 0x02, 0x21, 0x00, 0x81, 0x25, 0x21,
595 static const uint16_t t0_caddr
[] = {
710 #define T0_INTERPRETED 68
712 #define T0_ENTER(ip, rp, slot) do { \
713 const unsigned char *t0_newip; \
715 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
716 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
718 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
722 #define T0_DEFENTRY(name, slot) \
726 t0_context *t0ctx = ctx; \
727 t0ctx->ip = &t0_codeblock[0]; \
728 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
731 T0_DEFENTRY(br_ssl_hs_server_init_main
, 133)
734 br_ssl_hs_server_run(void *t0ctx
)
737 const unsigned char *ip
;
739 #define T0_LOCAL(x) (*(rp - 2 - (x)))
740 #define T0_POP() (*-- dp)
741 #define T0_POPi() (*(int32_t *)(-- dp))
742 #define T0_PEEK(x) (*(dp - 1 - (x)))
743 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
744 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
745 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
746 #define T0_RPOP() (*-- rp)
747 #define T0_RPOPi() (*(int32_t *)(-- rp))
748 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
749 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
750 #define T0_ROLL(x) do { \
751 size_t t0len = (size_t)(x); \
752 uint32_t t0tmp = *(dp - 1 - t0len); \
753 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
756 #define T0_SWAP() do { \
757 uint32_t t0tmp = *(dp - 2); \
758 *(dp - 2) = *(dp - 1); \
761 #define T0_ROT() do { \
762 uint32_t t0tmp = *(dp - 3); \
763 *(dp - 3) = *(dp - 2); \
764 *(dp - 2) = *(dp - 1); \
767 #define T0_NROT() do { \
768 uint32_t t0tmp = *(dp - 1); \
769 *(dp - 1) = *(dp - 2); \
770 *(dp - 2) = *(dp - 3); \
773 #define T0_PICK(x) do { \
774 uint32_t t0depth = (x); \
775 T0_PUSH(T0_PEEK(t0depth)); \
777 #define T0_CO() do { \
780 #define T0_RET() break
782 dp
= ((t0_context
*)t0ctx
)->dp
;
783 rp
= ((t0_context
*)t0ctx
)->rp
;
784 ip
= ((t0_context
*)t0ctx
)->ip
;
788 t0x
= t0_parse7E_unsigned(&ip
);
789 if (t0x
< T0_INTERPRETED
) {
801 ip
= &t0_codeblock
[t0x
];
803 case 1: /* literal constant */
804 T0_PUSHi(t0_parse7E_signed(&ip
));
806 case 2: /* read local */
807 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
809 case 3: /* write local */
810 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
813 t0off
= t0_parse7E_signed(&ip
);
816 case 5: /* jump if */
817 t0off
= t0_parse7E_signed(&ip
);
822 case 6: /* jump if not */
823 t0off
= t0_parse7E_signed(&ip
);
831 uint32_t b
= T0_POP();
832 uint32_t a
= T0_POP();
840 uint32_t b
= T0_POP();
841 uint32_t a
= T0_POP();
849 uint32_t b
= T0_POP();
850 uint32_t a
= T0_POP();
858 int32_t b
= T0_POPi();
859 int32_t a
= T0_POPi();
860 T0_PUSH(-(uint32_t)(a
< b
));
867 int c
= (int)T0_POPi();
868 uint32_t x
= T0_POP();
876 int32_t b
= T0_POPi();
877 int32_t a
= T0_POPi();
878 T0_PUSH(-(uint32_t)(a
<= b
));
885 uint32_t b
= T0_POP();
886 uint32_t a
= T0_POP();
887 T0_PUSH(-(uint32_t)(a
!= b
));
894 uint32_t b
= T0_POP();
895 uint32_t a
= T0_POP();
896 T0_PUSH(-(uint32_t)(a
== b
));
903 int32_t b
= T0_POPi();
904 int32_t a
= T0_POPi();
905 T0_PUSH(-(uint32_t)(a
> b
));
912 int32_t b
= T0_POPi();
913 int32_t a
= T0_POPi();
914 T0_PUSH(-(uint32_t)(a
>= b
));
921 int c
= (int)T0_POPi();
922 int32_t x
= T0_POPi();
930 uint32_t b
= T0_POP();
931 uint32_t a
= T0_POP();
939 if (CTX
->chain_len
== 0) {
942 CTX
->cert_cur
= CTX
->chain
->data
;
943 CTX
->cert_len
= CTX
->chain
->data_len
;
946 T0_PUSH(CTX
->cert_len
);
954 size_t len
= (size_t)T0_POP();
955 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
956 memset(addr
, 0, len
);
961 /* call-policy-handler */
964 br_ssl_server_choices choices
;
966 x
= (*CTX
->policy_vtable
)->choose(
967 CTX
->policy_vtable
, CTX
, &choices
);
968 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
969 CTX
->sign_hash_id
= choices
.hash_id
;
970 CTX
->chain
= choices
.chain
;
971 CTX
->chain_len
= choices
.chain_len
;
979 T0_PUSHi(-(ENG
->hlen_out
> 0));
986 if (ENG
->session
.session_id_len
== 32
987 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
988 CTX
->cache_vtable
, CTX
, &ENG
->session
))
1003 /* compute-Finished-inner */
1005 int prf_id
= T0_POP();
1006 int from_client
= T0_POPi();
1007 unsigned char seed
[48];
1010 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1011 if (ENG
->session
.version
>= BR_TLS12
) {
1012 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1014 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1015 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1018 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1019 sizeof ENG
->session
.master_secret
,
1020 from_client
? "client finished" : "server finished",
1026 /* copy-cert-chunk */
1030 clen
= CTX
->cert_len
;
1031 if (clen
> sizeof ENG
->pad
) {
1032 clen
= sizeof ENG
->pad
;
1034 memcpy(ENG
->pad
, CTX
->cert_cur
, clen
);
1035 CTX
->cert_cur
+= clen
;
1036 CTX
->cert_len
-= clen
;
1044 size_t addr
= T0_POP();
1045 T0_PUSH(t0_datablock
[addr
]);
1059 int prf_id
= T0_POPi();
1060 size_t len
= T0_POP();
1061 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1066 /* do-ecdhe-part1 */
1068 int curve
= T0_POPi();
1069 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1074 /* do-ecdhe-part2 */
1076 int prf_id
= T0_POPi();
1077 size_t len
= T0_POP();
1078 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1083 /* do-rsa-decrypt */
1085 int prf_id
= T0_POPi();
1086 size_t len
= T0_POP();
1087 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1098 T0_PUSH(T0_PEEK(0));
1104 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1112 br_ssl_engine_flush_record(ENG
);
1119 size_t addr
= (size_t)T0_POP();
1120 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1127 size_t addr
= (size_t)T0_POP();
1128 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1135 size_t addr
= (size_t)T0_POP();
1136 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1143 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1150 size_t len
= (size_t)T0_POP();
1151 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1152 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1153 int x
= memcmp(addr1
, addr2
, len
);
1154 T0_PUSH((uint32_t)-(x
== 0));
1161 size_t len
= (size_t)T0_POP();
1162 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1163 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1164 memcpy(dst
, src
, len
);
1171 size_t len
= (size_t)T0_POP();
1172 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1173 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1178 /* more-incoming-bytes? */
1180 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1185 /* multihash-init */
1187 br_multihash_init(&ENG
->mhash
);
1194 uint32_t a
= T0_POP();
1202 uint32_t a
= T0_POP();
1210 uint32_t b
= T0_POP();
1211 uint32_t a
= T0_POP();
1218 T0_PUSH(T0_PEEK(1));
1222 /* read-chunk-native */
1224 size_t clen
= ENG
->hlen_in
;
1230 if ((size_t)len
< clen
) {
1233 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1234 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1235 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1237 T0_PUSH(addr
+ (uint32_t)clen
);
1238 T0_PUSH(len
- (uint32_t)clen
);
1239 ENG
->hbuf_in
+= clen
;
1240 ENG
->hlen_in
-= clen
;
1248 if (ENG
->hlen_in
> 0) {
1251 x
= *ENG
->hbuf_in
++;
1252 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1253 br_multihash_update(&ENG
->mhash
, &x
, 1);
1266 if (CTX
->cache_vtable
!= NULL
) {
1267 (*CTX
->cache_vtable
)->save(
1268 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1274 /* set-max-frag-len */
1276 size_t max_frag_len
= T0_POP();
1278 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1281 * We must adjust our own output limit. Since we call this only
1282 * after receiving a ClientHello and before beginning to send
1283 * the ServerHello, the next output record should be empty at
1284 * that point, so we can use max_frag_len as a limit.
1286 if (ENG
->hlen_out
> max_frag_len
) {
1287 ENG
->hlen_out
= max_frag_len
;
1295 size_t addr
= (size_t)T0_POP();
1296 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1303 size_t addr
= (size_t)T0_POP();
1304 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1311 size_t addr
= (size_t)T0_POP();
1312 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1317 /* supported-curves */
1319 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1325 /* supported-hash-functions */
1332 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1333 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1349 /* switch-aesgcm-in */
1351 int is_client
, prf_id
;
1352 unsigned cipher_key_len
;
1354 cipher_key_len
= T0_POP();
1356 is_client
= T0_POP();
1357 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1358 ENG
->iaes_ctr
, cipher_key_len
);
1363 /* switch-aesgcm-out */
1365 int is_client
, prf_id
;
1366 unsigned cipher_key_len
;
1368 cipher_key_len
= T0_POP();
1370 is_client
= T0_POP();
1371 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1372 ENG
->iaes_ctr
, cipher_key_len
);
1379 int is_client
, prf_id
, mac_id
, aes
;
1380 unsigned cipher_key_len
;
1382 cipher_key_len
= T0_POP();
1386 is_client
= T0_POP();
1387 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1388 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1393 /* switch-cbc-out */
1395 int is_client
, prf_id
, mac_id
, aes
;
1396 unsigned cipher_key_len
;
1398 cipher_key_len
= T0_POP();
1402 is_client
= T0_POP();
1403 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1404 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1409 /* total-chain-length */
1415 for (u
= 0; u
< CTX
->chain_len
; u
++) {
1416 total
+= 3 + (uint32_t)CTX
->chain
[u
].data_len
;
1425 int c
= (int)T0_POPi();
1426 uint32_t x
= T0_POP();
1432 /* write-blob-chunk */
1434 size_t clen
= ENG
->hlen_out
;
1440 if ((size_t)len
< clen
) {
1443 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1444 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1445 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1447 T0_PUSH(addr
+ (uint32_t)clen
);
1448 T0_PUSH(len
- (uint32_t)clen
);
1449 ENG
->hbuf_out
+= clen
;
1450 ENG
->hlen_out
-= clen
;
1460 x
= (unsigned char)T0_POP();
1461 if (ENG
->hlen_out
> 0) {
1462 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1463 br_multihash_update(&ENG
->mhash
, &x
, 1);
1465 *ENG
->hbuf_out
++ = x
;
1477 T0_ENTER(ip
, rp
, t0x
);
1481 ((t0_context
*)t0ctx
)->dp
= dp
;
1482 ((t0_context
*)t0ctx
)->rp
= rp
;
1483 ((t0_context
*)t0ctx
)->ip
= ip
;