1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 static const uint8_t t0_datablock
[];
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *cpoint
, size_t cpoint_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
155 pms_len
= cpoint_len
>> 1;
156 if (pms_len
> sizeof rpms
) {
157 pms_len
= sizeof rpms
;
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
166 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, pms_len
);
167 br_ccopy(ctl
^ 1, cpoint
+ 1, rpms
, pms_len
);
170 * Compute master secret.
172 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, cpoint
+ 1, pms_len
);
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
178 memset(cpoint
, 0, cpoint_len
);
182 * Do the ECDH key exchange (not ECDHE).
185 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
186 unsigned char *cpoint
, size_t cpoint_len
)
191 * Finalise the key exchange.
193 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
195 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
205 do_static_ecdh(br_ssl_server_context
*ctx
, int prf_id
)
207 unsigned char cpoint
[133];
209 const br_x509_class
**xc
;
210 const br_x509_pkey
*pk
;
212 xc
= ctx
->eng
.x509ctx
;
213 pk
= (*xc
)->get_pkey(xc
, NULL
);
214 cpoint_len
= pk
->key
.ec
.qlen
;
215 if (cpoint_len
> sizeof cpoint
) {
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
223 memcpy(cpoint
, pk
->key
.ec
.q
, cpoint_len
);
224 do_ecdh(ctx
, prf_id
, cpoint
, cpoint_len
);
228 * Do the ECDHE key exchange (part 1: generation of transient key, and
229 * computing of the point to send to the client). Returned value is the
230 * signature length (in bytes), or -x on error (with x being an error
231 * code). The encoded point is written in the ecdhe_point[] context buffer
232 * (length in ecdhe_point_len).
235 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
239 const unsigned char *order
, *generator
;
241 br_multihash_context mhc
;
242 unsigned char head
[4];
243 size_t hv_len
, sig_len
;
245 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
246 return -BR_ERR_INVALID_ALGORITHM
;
248 ctx
->eng
.ecdhe_curve
= curve
;
251 * Generate our private key. We need a non-zero random value
252 * which is lower than the curve order, in a "large enough"
253 * range. We force the top bit to 0 and bottom bit to 1, which
254 * does the trick. Note that contrary to what happens in ECDSA,
255 * this is not a problem if we do not cover the full range of
258 order
= ctx
->eng
.iec
->order(curve
, &olen
);
260 while (mask
>= order
[0]) {
263 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
264 ctx
->ecdhe_key
[0] &= mask
;
265 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
266 ctx
->ecdhe_key_len
= olen
;
269 * Compute our ECDH point.
271 generator
= ctx
->eng
.iec
->generator(curve
, &glen
);
272 memcpy(ctx
->eng
.ecdhe_point
, generator
, glen
);
273 ctx
->eng
.ecdhe_point_len
= glen
;
274 if (!ctx
->eng
.iec
->mul(ctx
->eng
.ecdhe_point
, glen
,
275 ctx
->ecdhe_key
, olen
, curve
))
277 return -BR_ERR_INVALID_ALGORITHM
;
281 * Compute the signature.
283 br_multihash_zero(&mhc
);
284 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
285 br_multihash_init(&mhc
);
286 br_multihash_update(&mhc
,
287 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
288 br_multihash_update(&mhc
,
289 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
293 head
[3] = ctx
->eng
.ecdhe_point_len
;
294 br_multihash_update(&mhc
, head
, sizeof head
);
295 br_multihash_update(&mhc
,
296 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
297 hash
= ctx
->sign_hash_id
;
299 hv_len
= br_multihash_out(&mhc
, hash
, ctx
->eng
.pad
);
301 return -BR_ERR_INVALID_ALGORITHM
;
304 if (!br_multihash_out(&mhc
, br_md5_ID
, ctx
->eng
.pad
)
305 || !br_multihash_out(&mhc
,
306 br_sha1_ID
, ctx
->eng
.pad
+ 16))
308 return -BR_ERR_INVALID_ALGORITHM
;
312 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
313 hash
, hv_len
, ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
314 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
318 * Do the ECDHE key exchange (part 2: computation of the shared secret
319 * from the point sent by the client).
322 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
323 unsigned char *cpoint
, size_t cpoint_len
)
328 curve
= ctx
->eng
.ecdhe_curve
;
331 * Finalise the key exchange.
333 x
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
334 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
335 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
338 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
339 * as that key does not get stolen, so we'd better destroy it
340 * as soon as it ceases to be useful.
342 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
346 * Offset for hash value within the pad (when obtaining all hash values,
347 * in preparation for verification of the CertificateVerify message).
348 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
349 * is used to get the total length.
351 static const unsigned char HASH_PAD_OFF
[] = { 0, 16, 36, 64, 96, 144, 208 };
354 * OID for hash functions in RSA signatures.
356 static const unsigned char HASH_OID_SHA1
[] = {
357 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
360 static const unsigned char HASH_OID_SHA224
[] = {
361 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
364 static const unsigned char HASH_OID_SHA256
[] = {
365 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
368 static const unsigned char HASH_OID_SHA384
[] = {
369 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
372 static const unsigned char HASH_OID_SHA512
[] = {
373 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
376 static const unsigned char *HASH_OID
[] = {
385 * Verify the signature in CertificateVerify. Returned value is 0 on
386 * success, or a non-zero error code. Lack of implementation of the
387 * designated signature algorithm is reported as a "bad signature"
388 * error (because it means that the peer did not honour our advertised
389 * set of supported signature algorithms).
392 verify_CV_sig(br_ssl_server_context
*ctx
, size_t sig_len
)
394 const br_x509_class
**xc
;
395 const br_x509_pkey
*pk
;
398 id
= ctx
->hash_CV_id
;
399 xc
= ctx
->eng
.x509ctx
;
400 pk
= (*xc
)->get_pkey(xc
, NULL
);
401 if (pk
->key_type
== BR_KEYTYPE_RSA
) {
402 unsigned char tmp
[64];
403 const unsigned char *hash_oid
;
408 hash_oid
= HASH_OID
[id
- 2];
410 if (ctx
->eng
.irsavrfy
== 0) {
411 return BR_ERR_BAD_SIGNATURE
;
413 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
414 hash_oid
, ctx
->hash_CV_len
, &pk
->key
.rsa
, tmp
)
415 || memcmp(tmp
, ctx
->hash_CV
, ctx
->hash_CV_len
) != 0)
417 return BR_ERR_BAD_SIGNATURE
;
420 if (ctx
->eng
.iecdsa
== 0) {
421 return BR_ERR_BAD_SIGNATURE
;
423 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
,
424 ctx
->hash_CV
, ctx
->hash_CV_len
,
425 &pk
->key
.ec
, ctx
->eng
.pad
, sig_len
))
427 return BR_ERR_BAD_SIGNATURE
;
435 static const uint8_t t0_datablock
[] = {
436 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
437 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
438 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
439 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
440 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
441 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
442 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
443 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
444 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
445 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
446 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
447 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
448 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
451 static const uint8_t t0_codeblock
[] = {
452 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
453 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
454 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
455 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
460 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
461 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_BAD_SIGNATURE
), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01,
466 T0_INT1(BR_ERR_NO_CLIENT_AUTH
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
467 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
472 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
474 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
476 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
477 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
479 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
482 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
483 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
484 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
486 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)),
487 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
488 0x00, 0x00, 0x79, 0x01,
489 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
491 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
493 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
495 T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)), 0x00,
496 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
498 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
499 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
500 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
502 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
505 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
507 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
509 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
511 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
513 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
514 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
516 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
517 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
519 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
520 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
521 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
522 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
523 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
524 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
525 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
526 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA5, 0x1C, 0x83,
527 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
528 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x42, 0x2C, 0x19,
529 0x38, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
530 0xC4, 0x02, 0x00, 0x2A, 0x19, 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCC, 0x04,
531 0x76, 0x00, 0x01, 0x00, 0x75, 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
532 0x8A, 0x40, 0x36, 0xAE, 0x35, 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD3,
533 0x01, 0x00, 0xCF, 0x01, 0x00, 0xAA, 0x04, 0x80, 0x46, 0xD3, 0xD0, 0x29,
534 0xD5, 0x4E, 0x06, 0x01, 0xD1, 0xD4, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00,
535 0xAB, 0x2A, 0x5B, 0x06, 0x0F, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B,
536 0x29, 0xAF, 0xAD, 0x2A, 0xC5, 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B,
537 0x29, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x6E, 0x2B, 0xAF, 0x04, 0x0A, 0xB1,
538 0x2A, 0x05, 0x04, 0x29, 0xA8, 0x04, 0x02, 0xB0, 0xAC, 0x04, 0x01, 0xAF,
539 0x01, 0x00, 0xAA, 0x01, 0x00, 0xCF, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01,
540 0x17, 0x87, 0x42, 0x00, 0x00, 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C,
541 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00,
542 0xC3, 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01,
543 0x84, 0x00, 0x08, 0x2B, 0x00, 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01,
544 0x13, 0x37, 0x00, 0x00, 0x01, 0x7F, 0x9F, 0xCB, 0x2A, 0x01, 0x07, 0x13,
545 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01,
546 0xC2, 0x04, 0x2A, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88,
547 0x30, 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19,
548 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC4, 0x04,
549 0x03, 0x01, 0x00, 0x9F, 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01,
550 0x2A, 0x03, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00,
551 0x00, 0x00, 0x9A, 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00,
552 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29,
553 0x01, 0x02, 0x74, 0x42, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x3A, 0x0F,
554 0x06, 0x15, 0x29, 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F,
555 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x00, 0x04, 0x07, 0x29,
556 0x01, 0x82, 0x00, 0x08, 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06,
557 0x05, 0x3D, 0xA6, 0x39, 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F,
558 0x42, 0x00, 0x00, 0x01, 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72,
559 0x2B, 0x76, 0x2E, 0x2A, 0xC7, 0x05, 0x02, 0x71, 0x2B, 0xA5, 0x28, 0x00,
560 0x02, 0x85, 0x2E, 0x05, 0x02, 0xB9, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x01,
561 0x7E, 0x03, 0x00, 0x2A, 0x06, 0x17, 0xBF, 0x2A, 0x03, 0x01, 0x83, 0x47,
562 0xB3, 0x02, 0x01, 0x4F, 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00,
563 0x04, 0x01, 0x29, 0x04, 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40,
564 0x00, 0x00, 0x31, 0x06, 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02,
565 0x71, 0x2B, 0x04, 0x11, 0xCB, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E,
566 0x06, 0x06, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC0, 0x01, 0x01,
567 0x0E, 0x35, 0x39, 0x06, 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC6, 0x38,
568 0xB2, 0x00, 0x01, 0xB7, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A,
569 0x01, 0x03, 0x0F, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29,
570 0x00, 0x47, 0x5A, 0xBE, 0xA4, 0x2A, 0x06, 0x23, 0xBE, 0xA4, 0x2A, 0x59,
571 0x2A, 0x06, 0x18, 0x2A, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82,
572 0x00, 0x04, 0x01, 0x2A, 0x03, 0x00, 0x83, 0x02, 0x00, 0xB3, 0x02, 0x00,
573 0x56, 0x04, 0x65, 0x9B, 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06,
574 0x02, 0x37, 0x00, 0x29, 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05,
575 0x02, 0x72, 0x2B, 0x01, 0x0F, 0x13, 0x03, 0x00, 0xAD, 0x93, 0x2E, 0x01,
576 0x86, 0x03, 0x11, 0x06, 0x23, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F,
577 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08,
578 0x12, 0x2A, 0x01, 0x02, 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02,
579 0x6C, 0x2B, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01,
580 0x00, 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBD, 0x2A,
581 0x03, 0x01, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83,
582 0x47, 0xB3, 0x02, 0x01, 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00,
583 0x00, 0x1D, 0xB7, 0x01, 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A,
584 0xB7, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0xBD, 0x2A, 0x03, 0x00,
585 0x77, 0x40, 0x78, 0x01, 0x20, 0xB3, 0xBF, 0x2A, 0x01, 0x20, 0x10, 0x06,
586 0x02, 0x70, 0x2B, 0x2A, 0x8E, 0x42, 0x8D, 0x47, 0xB3, 0x1A, 0x03, 0x01,
587 0xBD, 0xA4, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0,
588 0x17, 0x3A, 0x08, 0x03, 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBD,
589 0x2A, 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06,
590 0x04, 0x01, 0x7F, 0x03, 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A,
591 0x88, 0x30, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01,
592 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02,
593 0x00, 0x95, 0x2E, 0x0B, 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC1,
594 0x2A, 0x5B, 0x06, 0x03, 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B,
595 0x01, 0x02, 0x0C, 0x79, 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29,
596 0x02, 0x05, 0x02, 0x04, 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02,
597 0x05, 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F,
598 0x29, 0x01, 0x00, 0x03, 0x07, 0xBF, 0xA4, 0x2A, 0x06, 0x09, 0xBF, 0x05,
599 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42,
600 0x01, 0x88, 0x04, 0x80, 0x40, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41,
601 0x2A, 0x06, 0x80, 0x4E, 0xBD, 0xA4, 0x2A, 0x06, 0x80, 0x47, 0xBD, 0x01,
602 0x00, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04, 0x39, 0x01, 0x01, 0x3A,
603 0x0F, 0x06, 0x04, 0x29, 0xB4, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A,
604 0x0F, 0x06, 0x04, 0x29, 0xB5, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06,
605 0x04, 0x29, 0xBB, 0x04, 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29,
606 0xBC, 0x04, 0x0F, 0x01, 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xA9, 0x04,
607 0x05, 0x29, 0xB9, 0x01, 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02,
608 0x01, 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77,
609 0x2E, 0x97, 0x40, 0x01, 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00,
610 0x10, 0x06, 0x03, 0x29, 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06,
611 0x02, 0x6B, 0x2B, 0x02, 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80,
612 0x46, 0xA1, 0x02, 0x01, 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06,
613 0x05, 0x29, 0x93, 0x2E, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93,
614 0x40, 0x2A, 0x94, 0x40, 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03,
615 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x88, 0x42, 0x02, 0x07, 0x05,
616 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07, 0x80, 0x2E,
617 0x13, 0x2A, 0x80, 0x40, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47,
618 0x01, 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03,
619 0x09, 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00,
620 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20,
621 0x34, 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04,
622 0x0B, 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12,
623 0x2A, 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A,
624 0x02, 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05,
625 0x0E, 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63,
626 0x01, 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05,
627 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01,
628 0x04, 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02,
629 0x12, 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01,
630 0x83, 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01,
631 0x80, 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28,
632 0xA1, 0x01, 0x00, 0x00, 0x00, 0xB1, 0xB0, 0x00, 0x04, 0x76, 0x2E, 0xCA,
633 0x06, 0x16, 0xBD, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B,
634 0x2A, 0x03, 0x00, 0x83, 0x47, 0xB3, 0x02, 0x00, 0x76, 0x2E, 0xA5, 0x27,
635 0x76, 0x2E, 0x2A, 0xC8, 0x47, 0xC7, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01,
636 0x02, 0x02, 0x39, 0x06, 0x14, 0xBF, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB3,
637 0x02, 0x03, 0x76, 0x2E, 0xA5, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01,
638 0x24, 0x9B, 0x00, 0x00, 0xB7, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B,
639 0x00, 0x00, 0x9C, 0xB7, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83,
640 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB3, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08,
641 0x01, 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03,
642 0x01, 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00,
643 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x04, 0x74, 0x00, 0xBD, 0x01, 0x01,
644 0x0E, 0x06, 0x02, 0x66, 0x2B, 0xBF, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05,
645 0x11, 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30,
646 0x0B, 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42,
647 0x84, 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBD, 0x88, 0x30, 0x01, 0x00,
648 0x3A, 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B,
649 0xBF, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01,
650 0x02, 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69,
651 0x2B, 0xBF, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C,
652 0xB3, 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03,
653 0x69, 0x2B, 0x29, 0x00, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x2A, 0x06, 0x1D,
654 0xBF, 0x06, 0x03, 0xB9, 0x04, 0x15, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x0D,
655 0x06, 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB3,
656 0x04, 0x01, 0xC5, 0x04, 0x60, 0x9B, 0x9B, 0x00, 0x00, 0xB8, 0x2A, 0x5D,
657 0x06, 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC0,
658 0x01, 0x03, 0xBE, 0x47, 0x29, 0x47, 0x00, 0x00, 0xBD, 0xC5, 0x00, 0x03,
659 0x01, 0x00, 0x03, 0x00, 0xBD, 0xA4, 0x2A, 0x06, 0x32, 0xBF, 0x03, 0x01,
660 0xBF, 0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06,
661 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F,
662 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60, 0x01,
663 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0x4B, 0x9B,
664 0x02, 0x00, 0x00, 0x00, 0xBD, 0xA4, 0xBA, 0x80, 0x40, 0x9B, 0x00, 0x00,
665 0xBD, 0xA4, 0xBD, 0xA4, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBD,
666 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F,
667 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00,
668 0x01, 0x02, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x00, 0x00, 0x01,
669 0x03, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x01, 0x08, 0x0C, 0xC0,
670 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC0, 0x00, 0x00, 0x3D, 0x2A, 0x5B,
671 0x05, 0x01, 0x00, 0x29, 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x92, 0x30,
672 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01,
673 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F,
674 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04,
675 0xCB, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0xDE, 0x01,
676 0x00, 0xDD, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01, 0x15, 0x87,
677 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47,
678 0xC3, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05, 0xC0, 0x29,
679 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03,
680 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01,
681 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00,
682 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06,
683 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F,
684 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A,
685 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F,
686 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01,
687 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01,
688 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x29, 0x01,
689 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06,
690 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06,
691 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04,
692 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02,
693 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03,
694 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00,
695 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73,
696 0x30, 0x2A, 0x06, 0x1F, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01,
697 0x00, 0x9E, 0x04, 0x11, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0A, 0x29, 0x75,
698 0x30, 0x06, 0x03, 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29,
699 0x7B, 0x30, 0x05, 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A,
700 0x0F, 0x06, 0x06, 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A,
701 0x0F, 0x06, 0x09, 0x29, 0xA7, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13,
702 0x01, 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07,
703 0x29, 0x01, 0x04, 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08,
704 0x39, 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x0F, 0x31, 0x06, 0x0C, 0x86, 0x30,
705 0x01, 0x15, 0x0F, 0x06, 0x04, 0x29, 0xA7, 0x04, 0x01, 0x23, 0x00, 0x00,
706 0xCB, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00,
707 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00,
708 0xCB, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDE, 0x2C,
709 0x2A, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD2, 0x2C, 0x00, 0x00, 0x01,
710 0x0B, 0xDE, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDD, 0xDD, 0x14, 0x2A,
711 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47,
712 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD8, 0x93, 0x2E,
713 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xD9, 0x08, 0x4E,
714 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDE, 0xDD, 0x01, 0x00, 0xD8, 0xDE,
715 0x01, 0x01, 0xD8, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08,
716 0x01, 0x00, 0xD9, 0xDC, 0x01, 0x01, 0xD9, 0x29, 0x4E, 0xDC, 0x16, 0x15,
717 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDC, 0x1F, 0x2A, 0x06, 0x05, 0x83,
718 0x47, 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDE,
719 0x01, 0x0C, 0xDD, 0x83, 0x01, 0x0C, 0xD6, 0x00, 0x04, 0x03, 0x00, 0x01,
720 0x02, 0xDE, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C,
721 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
722 0x01, 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
723 0x01, 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01,
724 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
725 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDD, 0x93, 0x2E, 0xDC, 0x8C,
726 0x01, 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01,
727 0x20, 0xD6, 0x01, 0x20, 0xDE, 0x8D, 0x01, 0x20, 0xD6, 0x76, 0x2E, 0xDC,
728 0x01, 0x00, 0xDE, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
729 0x06, 0x80, 0x40, 0xDC, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE,
730 0x01, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x60, 0x89, 0x47, 0xD7, 0x04,
731 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC,
732 0x84, 0x30, 0x01, 0x08, 0x09, 0xDE, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01,
733 0x10, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x62, 0x2A, 0xDC, 0x60, 0x83,
734 0x47, 0xD7, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E,
735 0xDE, 0x01, 0x00, 0xDD, 0x00, 0x03, 0x76, 0x2E, 0xC8, 0x05, 0x01, 0x00,
736 0x7C, 0x2F, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01, 0x13, 0x5D, 0x06, 0x03,
737 0x5F, 0x04, 0x75, 0x03, 0x00, 0x29, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06,
738 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03,
739 0x02, 0x01, 0x0C, 0xDE, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01,
740 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDD, 0x01, 0x03, 0xDE, 0x02, 0x00,
741 0xDC, 0x7D, 0x7E, 0x30, 0xD7, 0x02, 0x02, 0x06, 0x0D, 0x90, 0x30, 0xDE,
742 0x76, 0x2E, 0xC9, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, 0xDE, 0x02, 0x01,
743 0xDC, 0x83, 0x02, 0x01, 0xD6, 0x00, 0x00, 0x54, 0x2A, 0x01, 0x00, 0x0F,
744 0x06, 0x02, 0x63, 0x00, 0xCB, 0x29, 0x04, 0x73, 0x00, 0x2A, 0xDE, 0xD6,
745 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC7, 0x06, 0x0C, 0x61, 0x3A, 0x06,
746 0x08, 0x01, 0x80, 0x41, 0xDE, 0x01, 0x80, 0x42, 0xDE, 0x46, 0x06, 0x07,
747 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDE, 0x45, 0x06, 0x08, 0x5F, 0x3A,
748 0x06, 0x04, 0x01, 0x80, 0x40, 0xDE, 0x47, 0x29, 0x00, 0x01, 0x01, 0x00,
749 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C,
750 0xDA, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDA, 0x02, 0x00, 0x08,
751 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44, 0x29, 0xDA, 0x03,
752 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDA, 0x02, 0x00, 0x08,
753 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x04, 0xDB,
754 0x01, 0x05, 0xDB, 0x01, 0x06, 0xDB, 0x01, 0x03, 0xDB, 0x01, 0x02, 0xDB,
755 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C,
756 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00,
757 0xDE, 0x01, 0x02, 0x3B, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x08, 0x52, 0xDE,
758 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDE, 0xDC, 0x00, 0x00, 0x2A,
759 0x55, 0x06, 0x02, 0x29, 0x00, 0xCB, 0x29, 0x04, 0x76
762 static const uint16_t t0_caddr
[] = {
897 #define T0_INTERPRETED 91
899 #define T0_ENTER(ip, rp, slot) do { \
900 const unsigned char *t0_newip; \
902 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
903 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
905 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
909 #define T0_DEFENTRY(name, slot) \
913 t0_context *t0ctx = ctx; \
914 t0ctx->ip = &t0_codeblock[0]; \
915 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
918 T0_DEFENTRY(br_ssl_hs_server_init_main
, 163)
920 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
923 br_ssl_hs_server_run(void *t0ctx
)
926 const unsigned char *ip
;
928 #define T0_LOCAL(x) (*(rp - 2 - (x)))
929 #define T0_POP() (*-- dp)
930 #define T0_POPi() (*(int32_t *)(-- dp))
931 #define T0_PEEK(x) (*(dp - 1 - (x)))
932 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
933 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
934 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
935 #define T0_RPOP() (*-- rp)
936 #define T0_RPOPi() (*(int32_t *)(-- rp))
937 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
938 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
939 #define T0_ROLL(x) do { \
940 size_t t0len = (size_t)(x); \
941 uint32_t t0tmp = *(dp - 1 - t0len); \
942 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
945 #define T0_SWAP() do { \
946 uint32_t t0tmp = *(dp - 2); \
947 *(dp - 2) = *(dp - 1); \
950 #define T0_ROT() do { \
951 uint32_t t0tmp = *(dp - 3); \
952 *(dp - 3) = *(dp - 2); \
953 *(dp - 2) = *(dp - 1); \
956 #define T0_NROT() do { \
957 uint32_t t0tmp = *(dp - 1); \
958 *(dp - 1) = *(dp - 2); \
959 *(dp - 2) = *(dp - 3); \
962 #define T0_PICK(x) do { \
963 uint32_t t0depth = (x); \
964 T0_PUSH(T0_PEEK(t0depth)); \
966 #define T0_CO() do { \
969 #define T0_RET() goto t0_next
971 dp
= ((t0_context
*)t0ctx
)->dp
;
972 rp
= ((t0_context
*)t0ctx
)->rp
;
973 ip
= ((t0_context
*)t0ctx
)->ip
;
980 if (t0x
< T0_INTERPRETED
) {
992 ip
= &t0_codeblock
[t0x
];
994 case 1: /* literal constant */
995 T0_PUSHi(t0_parse7E_signed(&ip
));
997 case 2: /* read local */
998 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
1000 case 3: /* write local */
1001 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
1004 t0off
= t0_parse7E_signed(&ip
);
1007 case 5: /* jump if */
1008 t0off
= t0_parse7E_signed(&ip
);
1013 case 6: /* jump if not */
1014 t0off
= t0_parse7E_signed(&ip
);
1022 uint32_t b
= T0_POP();
1023 uint32_t a
= T0_POP();
1031 uint32_t b
= T0_POP();
1032 uint32_t a
= T0_POP();
1040 uint32_t b
= T0_POP();
1041 uint32_t a
= T0_POP();
1054 int32_t b
= T0_POPi();
1055 int32_t a
= T0_POPi();
1056 T0_PUSH(-(uint32_t)(a
< b
));
1063 int c
= (int)T0_POPi();
1064 uint32_t x
= T0_POP();
1072 int32_t b
= T0_POPi();
1073 int32_t a
= T0_POPi();
1074 T0_PUSH(-(uint32_t)(a
<= b
));
1081 uint32_t b
= T0_POP();
1082 uint32_t a
= T0_POP();
1083 T0_PUSH(-(uint32_t)(a
!= b
));
1090 uint32_t b
= T0_POP();
1091 uint32_t a
= T0_POP();
1092 T0_PUSH(-(uint32_t)(a
== b
));
1099 int32_t b
= T0_POPi();
1100 int32_t a
= T0_POPi();
1101 T0_PUSH(-(uint32_t)(a
> b
));
1108 int32_t b
= T0_POPi();
1109 int32_t a
= T0_POPi();
1110 T0_PUSH(-(uint32_t)(a
>= b
));
1117 int c
= (int)T0_POPi();
1118 int32_t x
= T0_POPi();
1126 uint32_t b
= T0_POP();
1127 uint32_t a
= T0_POP();
1135 if (ENG
->chain_len
== 0) {
1138 ENG
->cert_cur
= ENG
->chain
->data
;
1139 ENG
->cert_len
= ENG
->chain
->data_len
;
1142 T0_PUSH(ENG
->cert_len
);
1150 const br_x500_name
*dn
;
1151 if (CTX
->cur_dn_index
>= CTX
->num_tas
) {
1154 if (CTX
->ta_names
== NULL
) {
1155 dn
= &CTX
->tas
[CTX
->cur_dn_index
].dn
;
1157 dn
= &CTX
->ta_names
[CTX
->cur_dn_index
];
1159 CTX
->cur_dn_index
++;
1160 CTX
->cur_dn
= dn
->data
;
1161 CTX
->cur_dn_len
= dn
->len
;
1162 T0_PUSH(CTX
->cur_dn_len
);
1168 /* begin-ta-name-list */
1170 CTX
->cur_dn_index
= 0;
1177 size_t len
= (size_t)T0_POP();
1178 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1179 memset(addr
, 0, len
);
1184 /* call-policy-handler */
1187 br_ssl_server_choices choices
;
1189 x
= (*CTX
->policy_vtable
)->choose(
1190 CTX
->policy_vtable
, CTX
, &choices
);
1191 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
1192 CTX
->sign_hash_id
= choices
.hash_id
;
1193 ENG
->chain
= choices
.chain
;
1194 ENG
->chain_len
= choices
.chain_len
;
1195 T0_PUSHi(-(x
!= 0));
1202 T0_PUSHi(-(ENG
->hlen_out
> 0));
1209 if (ENG
->session
.session_id_len
== 32
1210 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
1211 CTX
->cache_vtable
, CTX
, &ENG
->session
))
1226 /* compute-Finished-inner */
1228 int prf_id
= T0_POP();
1229 int from_client
= T0_POPi();
1230 unsigned char seed
[48];
1233 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1234 if (ENG
->session
.version
>= BR_TLS12
) {
1235 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1237 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1238 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1241 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1242 sizeof ENG
->session
.master_secret
,
1243 from_client
? "client finished" : "server finished",
1249 /* compute-hash-CV */
1253 for (i
= 1; i
<= 6; i
++) {
1254 br_multihash_out(&ENG
->mhash
, i
,
1255 ENG
->pad
+ HASH_PAD_OFF
[i
- 1]);
1261 /* copy-cert-chunk */
1265 clen
= ENG
->cert_len
;
1266 if (clen
> sizeof ENG
->pad
) {
1267 clen
= sizeof ENG
->pad
;
1269 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1270 ENG
->cert_cur
+= clen
;
1271 ENG
->cert_len
-= clen
;
1281 clen
= CTX
->cur_dn_len
;
1282 if (clen
> sizeof ENG
->pad
) {
1283 clen
= sizeof ENG
->pad
;
1285 memcpy(ENG
->pad
, CTX
->cur_dn
, clen
);
1286 CTX
->cur_dn
+= clen
;
1287 CTX
->cur_dn_len
-= clen
;
1302 if (br_multihash_getimpl(&ENG
->mhash
, id
) == 0) {
1306 off
= HASH_PAD_OFF
[id
- 1];
1307 len
= HASH_PAD_OFF
[id
] - off
;
1309 memcpy(CTX
->hash_CV
, ENG
->pad
+ off
, len
);
1310 CTX
->hash_CV_len
= len
;
1311 CTX
->hash_CV_id
= id
;
1317 /* copy-protocol-name */
1319 size_t idx
= T0_POP();
1320 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1321 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1329 size_t addr
= T0_POP();
1330 T0_PUSH(t0_datablock
[addr
]);
1344 int prf_id
= T0_POPi();
1345 size_t len
= T0_POP();
1346 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1351 /* do-ecdhe-part1 */
1353 int curve
= T0_POPi();
1354 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1359 /* do-ecdhe-part2 */
1361 int prf_id
= T0_POPi();
1362 size_t len
= T0_POP();
1363 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1368 /* do-rsa-decrypt */
1370 int prf_id
= T0_POPi();
1371 size_t len
= T0_POP();
1372 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1377 /* do-static-ecdh */
1379 do_static_ecdh(CTX
, T0_POP());
1390 T0_PUSH(T0_PEEK(0));
1396 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1404 br_ssl_engine_flush_record(ENG
);
1409 /* get-key-type-usages */
1411 const br_x509_class
*xc
;
1412 const br_x509_pkey
*pk
;
1415 xc
= *(ENG
->x509ctx
);
1416 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1420 T0_PUSH(pk
->key_type
| usages
);
1428 size_t addr
= (size_t)T0_POP();
1429 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1436 size_t addr
= (size_t)T0_POP();
1437 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1444 size_t addr
= (size_t)T0_POP();
1445 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1452 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1459 size_t len
= (size_t)T0_POP();
1460 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1461 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1462 int x
= memcmp(addr1
, addr2
, len
);
1463 T0_PUSH((uint32_t)-(x
== 0));
1470 size_t len
= (size_t)T0_POP();
1471 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1472 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1473 memcpy(dst
, src
, len
);
1480 size_t len
= (size_t)T0_POP();
1481 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1482 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1487 /* more-incoming-bytes? */
1489 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1494 /* multihash-init */
1496 br_multihash_init(&ENG
->mhash
);
1503 uint32_t a
= T0_POP();
1511 uint32_t a
= T0_POP();
1519 uint32_t b
= T0_POP();
1520 uint32_t a
= T0_POP();
1527 T0_PUSH(T0_PEEK(1));
1536 /* read-chunk-native */
1538 size_t clen
= ENG
->hlen_in
;
1544 if ((size_t)len
< clen
) {
1547 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1548 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1549 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1551 T0_PUSH(addr
+ (uint32_t)clen
);
1552 T0_PUSH(len
- (uint32_t)clen
);
1553 ENG
->hbuf_in
+= clen
;
1554 ENG
->hlen_in
-= clen
;
1562 if (ENG
->hlen_in
> 0) {
1565 x
= *ENG
->hbuf_in
++;
1566 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1567 br_multihash_update(&ENG
->mhash
, &x
, 1);
1580 if (CTX
->cache_vtable
!= NULL
) {
1581 (*CTX
->cache_vtable
)->save(
1582 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1588 /* set-max-frag-len */
1590 size_t max_frag_len
= T0_POP();
1592 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1595 * We must adjust our own output limit. Since we call this only
1596 * after receiving a ClientHello and before beginning to send
1597 * the ServerHello, the next output record should be empty at
1598 * that point, so we can use max_frag_len as a limit.
1600 if (ENG
->hlen_out
> max_frag_len
) {
1601 ENG
->hlen_out
= max_frag_len
;
1609 size_t addr
= (size_t)T0_POP();
1610 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1617 size_t addr
= (size_t)T0_POP();
1618 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1625 size_t addr
= (size_t)T0_POP();
1626 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1631 /* supported-curves */
1633 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1639 /* supported-hash-functions */
1646 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1647 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1658 /* supports-ecdsa? */
1660 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1665 /* supports-rsa-sign? */
1667 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1677 /* switch-aesgcm-in */
1679 int is_client
, prf_id
;
1680 unsigned cipher_key_len
;
1682 cipher_key_len
= T0_POP();
1684 is_client
= T0_POP();
1685 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1686 ENG
->iaes_ctr
, cipher_key_len
);
1691 /* switch-aesgcm-out */
1693 int is_client
, prf_id
;
1694 unsigned cipher_key_len
;
1696 cipher_key_len
= T0_POP();
1698 is_client
= T0_POP();
1699 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1700 ENG
->iaes_ctr
, cipher_key_len
);
1707 int is_client
, prf_id
, mac_id
, aes
;
1708 unsigned cipher_key_len
;
1710 cipher_key_len
= T0_POP();
1714 is_client
= T0_POP();
1715 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1716 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1721 /* switch-cbc-out */
1723 int is_client
, prf_id
, mac_id
, aes
;
1724 unsigned cipher_key_len
;
1726 cipher_key_len
= T0_POP();
1730 is_client
= T0_POP();
1731 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1732 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1737 /* switch-chapol-in */
1739 int is_client
, prf_id
;
1742 is_client
= T0_POP();
1743 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1748 /* switch-chapol-out */
1750 int is_client
, prf_id
;
1753 is_client
= T0_POP();
1754 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1759 /* ta-names-total-length */
1764 if (CTX
->ta_names
!= NULL
) {
1765 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1766 len
+= CTX
->ta_names
[u
].len
+ 2;
1768 } else if (CTX
->tas
!= NULL
) {
1769 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1770 len
+= CTX
->tas
[u
].dn
.len
+ 2;
1778 /* test-protocol-name */
1780 size_t len
= T0_POP();
1783 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1786 name
= ENG
->protocol_names
[u
];
1787 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1797 /* total-chain-length */
1803 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1804 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1813 uint32_t b
= T0_POP();
1814 uint32_t a
= T0_POP();
1815 T0_PUSH(-(uint32_t)(a
< b
));
1822 int c
= (int)T0_POPi();
1823 uint32_t x
= T0_POP();
1833 err
= verify_CV_sig(CTX
, T0_POP());
1839 /* write-blob-chunk */
1841 size_t clen
= ENG
->hlen_out
;
1847 if ((size_t)len
< clen
) {
1850 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1851 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1852 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1854 T0_PUSH(addr
+ (uint32_t)clen
);
1855 T0_PUSH(len
- (uint32_t)clen
);
1856 ENG
->hbuf_out
+= clen
;
1857 ENG
->hlen_out
-= clen
;
1867 x
= (unsigned char)T0_POP();
1868 if (ENG
->hlen_out
> 0) {
1869 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1870 br_multihash_update(&ENG
->mhash
, &x
, 1);
1872 *ENG
->hbuf_out
++ = x
;
1884 const br_x509_class
*xc
;
1887 xc
= *(ENG
->x509ctx
);
1889 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1896 const br_x509_class
*xc
;
1898 xc
= *(ENG
->x509ctx
);
1899 xc
->end_cert(ENG
->x509ctx
);
1904 /* x509-end-chain */
1906 const br_x509_class
*xc
;
1908 xc
= *(ENG
->x509ctx
);
1909 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1914 /* x509-start-cert */
1916 const br_x509_class
*xc
;
1918 xc
= *(ENG
->x509ctx
);
1919 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1924 /* x509-start-chain */
1926 const br_x509_class
*xc
;
1930 xc
= *(ENG
->x509ctx
);
1931 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1938 T0_ENTER(ip
, rp
, t0x
);
1942 ((t0_context
*)t0ctx
)->dp
= dp
;
1943 ((t0_context
*)t0ctx
)->rp
= rp
;
1944 ((t0_context
*)t0ctx
)->ip
= ip
;