File Coverage

src/ssl/ssl_hs_client.c

Criterion	Covered	Total	%
statement	392	646	60.6
branch	52	142	36.6
condition			n/a
subroutine			n/a
pod			n/a
total	444	788	56.3

line	stmt	bran	code
1			/* Automatically generated code; do not modify directly. */
2
3			#include
4			#include
5
6			typedef struct {
7			uint32_t *dp;
8			uint32_t *rp;
9			const unsigned char *ip;
10			} t0_context;
11
12			static uint32_t
13	9095		t0_parse7E_unsigned(const unsigned char **p)
14			{
15			uint32_t x;
16
17	9095		x = 0;
18	0		for (;;) {
19			unsigned y;
20
21	9095		y = (p) ++;
22	9095		x = (x << 7) \| (uint32_t)(y & 0x7F);
23	9095	50	if (y < 0x80) {
24	9095		return x;
25			}
26			}
27			}
28
29			static int32_t
30	12758		t0_parse7E_signed(const unsigned char **p)
31			{
32			int neg;
33			uint32_t x;
34
35	12758		neg = ((**p) >> 6) & 1;
36	12758		x = (uint32_t)-neg;
37	228		for (;;) {
38			unsigned y;
39
40	12986		y = (p) ++;
41	12986		x = (x << 7) \| (uint32_t)(y & 0x7F);
42	12986	100	if (y < 0x80) {
43	12758	100	if (neg) {
44	1654		return -(int32_t)~x - 1;
45			} else {
46	11104		return (int32_t)x;
47			}
48			}
49			}
50			}
51
52			#define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) \| 0x80)
53			#define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54			#define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55			#define T0_INT1(x) T0_FBYTE(x, 0)
56			#define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57			#define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58			#define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59			#define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61			/* static const unsigned char t0_datablock[]; */
62
63
64			void br_ssl_hs_client_init_main(void *t0ctx);
65
66			void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70			#include
71			#include
72
73			#include "inner.h"
74
75			/*
76			* This macro evaluates to a pointer to the current engine context.
77			*/
78			#define ENG ((br_ssl_engine_context )(void )((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84			/*
85			* This macro evaluates to a pointer to the client context, under that
86			* specific name. It must be noted that since the engine context is the
87			* first field of the br_ssl_client_context structure ('eng'), then
88			* pointers values of both types are interchangeable, modulo an
89			* appropriate cast. This also means that "addresses" computed as offsets
90			* within the structure work for both kinds of context.
91			*/
92			#define CTX ((br_ssl_client_context *)ENG)
93
94			/*
95			* Generate the pre-master secret for RSA key exchange, and encrypt it
96			* with the server's public key. Returned value is either the encrypted
97			* data length (in bytes), or -x on error, with 'x' being an error code.
98			*
99			* This code assumes that the public key has been already verified (it
100			* was properly obtained by the X.509 engine, and it has the right type,
101			* i.e. it is of type RSA and suitable for encryption).
102			*/
103			static int
104	0		make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105			{
106			const br_x509_class **xc;
107			const br_x509_pkey *pk;
108			const unsigned char *n;
109			unsigned char *pms;
110			size_t nlen, u;
111
112	0		xc = ctx->eng.x509ctx;
113	0		pk = (*xc)->get_pkey(xc, NULL);
114
115			/*
116			* Compute actual RSA key length, in case there are leading zeros.
117			*/
118	0		n = pk->key.rsa.n;
119	0		nlen = pk->key.rsa.nlen;
120	0	0	while (nlen > 0 && *n == 0) {
		0
121	0		n ++;
122	0		nlen --;
123			}
124
125			/*
126			* We need at least 59 bytes (48 bytes for pre-master secret, and
127			* 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128			* minimal engine normally blocks RSA keys shorter than 128 bytes,
129			* so this is mostly for public keys provided explicitly by the
130			* caller.
131			*/
132	0	0	if (nlen < 59) {
133	0		return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134			}
135	0	0	if (nlen > sizeof ctx->eng.pad) {
136	0		return -BR_ERR_LIMIT_EXCEEDED;
137			}
138
139			/*
140			* Make PMS.
141			*/
142	0		pms = ctx->eng.pad + nlen - 48;
143	0		br_enc16be(pms, ctx->eng.version_max);
144	0		br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145	0		br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147			/*
148			* Apply PKCS#1 type 2 padding.
149			*/
150	0		ctx->eng.pad[0] = 0x00;
151	0		ctx->eng.pad[1] = 0x02;
152	0		ctx->eng.pad[nlen - 49] = 0x00;
153	0		br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154	0	0	for (u = 2; u < nlen - 49; u ++) {
155	0	0	while (ctx->eng.pad[u] == 0) {
156	0		br_hmac_drbg_generate(&ctx->eng.rng,
157	0		&ctx->eng.pad[u], 1);
158			}
159			}
160
161			/*
162			* Compute RSA encryption.
163			*/
164	0	0	if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165	0		return -BR_ERR_LIMIT_EXCEEDED;
166			}
167	0		return (int)nlen;
168			}
169
170			/*
171			* OID for hash functions in RSA signatures.
172			*/
173			static const unsigned char *HASH_OID[] = {
174			BR_HASH_OID_SHA1,
175			BR_HASH_OID_SHA224,
176			BR_HASH_OID_SHA256,
177			BR_HASH_OID_SHA384,
178			BR_HASH_OID_SHA512
179			};
180
181			/*
182			* Check the RSA signature on the ServerKeyExchange message.
183			*
184			* hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185			* use_rsa non-zero for RSA signature, zero for ECDSA
186			* sig_len signature length (in bytes); signature value is in the pad
187			*
188			* Returned value is 0 on success, or an error code.
189			*/
190			static int
191	1		verify_SKE_sig(br_ssl_client_context *ctx,
192			int hash, int use_rsa, size_t sig_len)
193			{
194			const br_x509_class **xc;
195			const br_x509_pkey *pk;
196			br_multihash_context mhc;
197			unsigned char hv[64], head[4];
198			size_t hv_len;
199
200	1		xc = ctx->eng.x509ctx;
201	1		pk = (*xc)->get_pkey(xc, NULL);
202	1		br_multihash_zero(&mhc);
203	1		br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
204	1		br_multihash_init(&mhc);
205	1		br_multihash_update(&mhc,
206	1		ctx->eng.client_random, sizeof ctx->eng.client_random);
207	1		br_multihash_update(&mhc,
208	1		ctx->eng.server_random, sizeof ctx->eng.server_random);
209	1		head[0] = 3;
210	1		head[1] = 0;
211	1		head[2] = ctx->eng.ecdhe_curve;
212	1		head[3] = ctx->eng.ecdhe_point_len;
213	1		br_multihash_update(&mhc, head, sizeof head);
214	1		br_multihash_update(&mhc,
215	1		ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
216	1	50	if (hash) {
217	1		hv_len = br_multihash_out(&mhc, hash, hv);
218	1	50	if (hv_len == 0) {
219	0		return BR_ERR_INVALID_ALGORITHM;
220			}
221			} else {
222	0	0	if (!br_multihash_out(&mhc, br_md5_ID, hv)
223	0	0	\|\| !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
224			{
225	0		return BR_ERR_INVALID_ALGORITHM;
226			}
227	0		hv_len = 36;
228			}
229	1	50	if (use_rsa) {
230			unsigned char tmp[64];
231			const unsigned char *hash_oid;
232
233	1	50	if (hash) {
234	1		hash_oid = HASH_OID[hash - 2];
235			} else {
236	0		hash_oid = NULL;
237			}
238	1	50	if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
239			hash_oid, hv_len, &pk->key.rsa, tmp)
240	1	50	\|\| memcmp(tmp, hv, hv_len) != 0)
241			{
242	0		return BR_ERR_BAD_SIGNATURE;
243			}
244			} else {
245	0	0	if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
246	0		ctx->eng.pad, sig_len))
247			{
248	0		return BR_ERR_BAD_SIGNATURE;
249			}
250			}
251	1		return 0;
252			}
253
254			/*
255			* Perform client-side ECDH (or ECDHE). The point that should be sent to
256			* the server is written in the pad; returned value is either the point
257			* length (in bytes), or -x on error, with 'x' being an error code.
258			*
259			* The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260			* is non-zero, or from the X.509 engine context if 'ecdhe' is zero
261			* (for static ECDH).
262			*/
263			static int
264	1		make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
265			{
266			int curve;
267			unsigned char key[66], point[133];
268			const unsigned char order, point_src;
269			size_t glen, olen, point_len, xoff, xlen;
270			unsigned char mask;
271
272	1	50	if (ecdhe) {
273	1		curve = ctx->eng.ecdhe_curve;
274	1		point_src = ctx->eng.ecdhe_point;
275	1		point_len = ctx->eng.ecdhe_point_len;
276			} else {
277			const br_x509_class **xc;
278			const br_x509_pkey *pk;
279
280	0		xc = ctx->eng.x509ctx;
281	0		pk = (*xc)->get_pkey(xc, NULL);
282	0		curve = pk->key.ec.curve;
283	0		point_src = pk->key.ec.q;
284	0		point_len = pk->key.ec.qlen;
285			}
286	1	50	if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
287	0		return -BR_ERR_INVALID_ALGORITHM;
288			}
289
290			/*
291			* We need to generate our key, as a non-zero random value which
292			* is lower than the curve order, in a "large enough" range. We
293			* force top bit to 0 and bottom bit to 1, which guarantees that
294			* the value is in the proper range.
295			*/
296	1		order = ctx->eng.iec->order(curve, &olen);
297	1		mask = 0xFF;
298	3	100	while (mask >= order[0]) {
299	2		mask >>= 1;
300			}
301	1		br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
302	1		key[0] &= mask;
303	1		key[olen - 1] \|= 0x01;
304
305			/*
306			* Compute the common ECDH point, whose X coordinate is the
307			* pre-master secret.
308			*/
309	1		ctx->eng.iec->generator(curve, &glen);
310	1	50	if (glen != point_len) {
311	0		return -BR_ERR_INVALID_ALGORITHM;
312			}
313
314	1		memcpy(point, point_src, glen);
315	1	50	if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
316	0		return -BR_ERR_INVALID_ALGORITHM;
317			}
318
319			/*
320			* The pre-master secret is the X coordinate.
321			*/
322	1		xoff = ctx->eng.iec->xoff(curve, &xlen);
323	1		br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
324
325	1		ctx->eng.iec->mulgen(point, key, olen, curve);
326	1		memcpy(ctx->eng.pad, point, glen);
327	1		return (int)glen;
328			}
329
330			/*
331			* Perform full static ECDH. This occurs only in the context of client
332			* authentication with certificates: the server uses an EC public key,
333			* the cipher suite is of type ECDH (not ECDHE), the server requested a
334			* client certificate and accepts static ECDH, the client has a
335			* certificate with an EC public key in the same curve, and accepts
336			* static ECDH as well.
337			*
338			* Returned value is 0 on success, -1 on error.
339			*/
340			static int
341	0		make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
342			{
343			unsigned char point[133];
344			size_t point_len;
345			const br_x509_class **xc;
346			const br_x509_pkey *pk;
347
348	0		xc = ctx->eng.x509ctx;
349	0		pk = (*xc)->get_pkey(xc, NULL);
350	0		point_len = pk->key.ec.qlen;
351	0	0	if (point_len > sizeof point) {
352	0		return -1;
353			}
354	0		memcpy(point, pk->key.ec.q, point_len);
355	0	0	if (!(*ctx->client_auth_vtable)->do_keyx(
356			ctx->client_auth_vtable, point, &point_len))
357			{
358	0		return -1;
359			}
360	0		br_ssl_engine_compute_master(&ctx->eng,
361			prf_id, point, point_len);
362	0		return 0;
363			}
364
365			/*
366			* Compute the client-side signature. This is invoked only when a
367			* signature-based client authentication was selected. The computed
368			* signature is in the pad; its length (in bytes) is returned. On
369			* error, 0 is returned.
370			*/
371			static size_t
372	0		make_client_sign(br_ssl_client_context *ctx)
373			{
374			size_t hv_len;
375
376			/*
377			* Compute hash of handshake messages so far. This "cannot" fail
378			* because the list of supported hash functions provided to the
379			* client certificate handler was trimmed to include only the
380			* hash functions that the multi-hasher supports.
381			*/
382	0	0	if (ctx->hash_id) {
383	0		hv_len = br_multihash_out(&ctx->eng.mhash,
384	0		ctx->hash_id, ctx->eng.pad);
385			} else {
386	0		br_multihash_out(&ctx->eng.mhash,
387	0		br_md5_ID, ctx->eng.pad);
388	0		br_multihash_out(&ctx->eng.mhash,
389	0		br_sha1_ID, ctx->eng.pad + 16);
390	0		hv_len = 36;
391			}
392	0		return (*ctx->client_auth_vtable)->do_sign(
393	0		ctx->client_auth_vtable, ctx->hash_id, hv_len,
394	0		ctx->eng.pad, sizeof ctx->eng.pad);
395			}
396
397
398
399			static const unsigned char t0_datablock[] = {
400			0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401			0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402			0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403			0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404			0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405			0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406			0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407			0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408			0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409			0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410			0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411			0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xC0, 0x9C, 0x06,
412			0x04, 0xC0, 0x9D, 0x07, 0x04, 0xC0, 0xA0, 0x08, 0x04, 0xC0, 0xA1, 0x09,
413			0x04, 0xC0, 0xAC, 0x26, 0x04, 0xC0, 0xAD, 0x27, 0x04, 0xC0, 0xAE, 0x28,
414			0x04, 0xC0, 0xAF, 0x29, 0x04, 0xCC, 0xA8, 0x15, 0x04, 0xCC, 0xA9, 0x25,
415			0x04, 0x00, 0x00
416			};
417
418			static const unsigned char t0_codeblock[] = {
419			0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
420			0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
421			0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
422			0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
423			T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
424			T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
425			T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
426			T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
427			T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
428			T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
429			T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
430			T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
431			T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
432			T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
433			0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
434			T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
435			T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
436			0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
437			T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
438			T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
439			T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
440			T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
441			T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
442			T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
443			T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
444			0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
445			0x01,
446			T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
447			0x00, 0x00, 0x01,
448			T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
449			0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
450			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
451			0x00, 0x00, 0x01,
452			T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
453			0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
454			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
455			0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
456			0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
457			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
458			0x00, 0x00, 0x01,
459			T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
460			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
461			0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
462			0x00, 0x00, 0x01,
463			T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
464			0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
465			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
466			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
467			0x00, 0x00, 0x01,
468			T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
469			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
470			0x00, 0x00, 0x01,
471			T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
472			0x01,
473			T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
474			0x00, 0x00, 0x01,
475			T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
476			0x00, 0x00, 0x01,
477			T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
478			0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
479			0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
480			0x01,
481			T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
482			0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
483			0x00, 0x00, 0x01,
484			T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
485			0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
486			0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
487			0x00, 0x00, 0x09, 0x26, 0x58, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x06,
488			0x08, 0x2C, 0x0E, 0x05, 0x02, 0x71, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
489			0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x26, 0x5E, 0x44, 0x9D, 0x26,
490			0x05, 0x04, 0x60, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9D,
491			0x00, 0x5E, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x26,
492			0x89, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x79, 0x2C, 0xAB, 0x1C,
493			0x84, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
494			0x5C, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x77, 0x2E, 0x02, 0x00, 0x36,
495			0x17, 0x01, 0x01, 0x0B, 0x77, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
496			0x00, 0xCF, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x26,
497			0x1A, 0x17, 0x06, 0x02, 0x6F, 0x28, 0xCF, 0x04, 0x76, 0x01, 0x01, 0x00,
498			0x77, 0x3E, 0x01, 0x16, 0x87, 0x3E, 0x01, 0x00, 0x8A, 0x3C, 0x34, 0xD5,
499			0x29, 0xB4, 0x06, 0x09, 0x01, 0x7F, 0xAF, 0x01, 0x7F, 0xD2, 0x04, 0x80,
500			0x53, 0xB1, 0x79, 0x2C, 0xA1, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
501			0x06, 0x01, 0xB5, 0xB8, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB7,
502			0xB8, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
503			0x05, 0x02, 0x72, 0x28, 0x06, 0x02, 0x67, 0x28, 0x33, 0x06, 0x02, 0x72,
504			0x28, 0x02, 0x00, 0x06, 0x1C, 0xD3, 0x80, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
505			0x06, 0x0D, 0x25, 0x01, 0x10, 0xDE, 0x01, 0x00, 0xDD, 0x79, 0x2C, 0xAB,
506			0x24, 0x04, 0x04, 0xD6, 0x06, 0x01, 0xD4, 0x04, 0x01, 0xD6, 0x01, 0x7F,
507			0xD2, 0x01, 0x7F, 0xAF, 0x01, 0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E,
508			0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x00,
509			0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
510			T0_INT1(BR_KEYTYPE_RSA \| BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
511			0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
512			T0_INT1(BR_KEYTYPE_RSA \| BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
513			0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
514			T0_INT1(BR_KEYTYPE_EC \| BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
515			0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
516			T0_INT1(BR_KEYTYPE_EC \| BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
517			0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
518			T0_INT1(BR_KEYTYPE_EC \| BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
519			0x44, 0x25, 0x00, 0x00, 0x82, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
520			0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
521			0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x88, 0x2E, 0x26, 0x06, 0x08, 0x01,
522			0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
523			0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
524			0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
525			0x01, 0x06, 0x08, 0x00, 0x00, 0x8B, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
526			0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
527			0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
528			0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
529			0x08, 0x00, 0x00, 0x7F, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
530			0x00, 0x9F, 0xCE, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
531			0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9F, 0x04, 0x35, 0x01, 0x01,
532			0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x77, 0x3E, 0xB3, 0x88,
533			0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA8, 0x37, 0x06, 0x17, 0x29, 0x1A,
534			0x36, 0x06, 0x04, 0xCE, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x01,
535			0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E, 0x04, 0x01, 0x9F, 0x04, 0x03,
536			0x72, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
537			0x58, 0x06, 0x02, 0x68, 0x28, 0x02, 0x00, 0x00, 0x00, 0x9A, 0x01, 0x0F,
538			0x17, 0x00, 0x00, 0x76, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
539			0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x76, 0x3E, 0x01,
540			0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
541			0x76, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
542			0x08, 0x28, 0x5A, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
543			0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAC, 0x37, 0x04, 0x78,
544			0x26, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x3E, 0x00, 0x01, 0xBF, 0xAA, 0xBF,
545			0xAA, 0xC1, 0x84, 0x44, 0x26, 0x03, 0x00, 0xB6, 0x9B, 0x9B, 0x02, 0x00,
546			0x4D, 0x26, 0x58, 0x06, 0x0A, 0x01, 0x03, 0xA8, 0x06, 0x02, 0x72, 0x28,
547			0x25, 0x04, 0x03, 0x5C, 0x8A, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x86,
548			0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72, 0x28, 0x04, 0x11, 0xCE, 0x01,
549			0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x72, 0x28,
550			0x04, 0x70, 0x25, 0xC2, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x61,
551			0x28, 0x26, 0x01, 0x01, 0xC8, 0x36, 0xB2, 0x00, 0x01, 0xB8, 0x01, 0x0B,
552			0x0E, 0x05, 0x02, 0x72, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xC0,
553			0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x00, 0x44, 0x57, 0xC0, 0xAA, 0x26,
554			0x06, 0x23, 0xC0, 0xAA, 0x26, 0x56, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
555			0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
556			0x84, 0x02, 0x00, 0xB6, 0x02, 0x00, 0x53, 0x04, 0x65, 0x9B, 0x54, 0x04,
557			0x5A, 0x9B, 0x9B, 0x55, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
558			0x00, 0x79, 0x2C, 0xA1, 0x01, 0x7F, 0xB0, 0x26, 0x58, 0x06, 0x02, 0x35,
559			0x28, 0x26, 0x05, 0x02, 0x72, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x74,
560			0x28, 0x3B, 0x00, 0x00, 0x9C, 0xB8, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72,
561			0x28, 0x84, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB6, 0x9B, 0x84, 0x26, 0x01,
562			0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x64, 0x28, 0x00, 0x00, 0xB9,
563			0x06, 0x02, 0x72, 0x28, 0x06, 0x02, 0x66, 0x28, 0x00, 0x0A, 0xB8, 0x01,
564			0x02, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xBF, 0x03, 0x00, 0x02, 0x00, 0x95,
565			0x2C, 0x0A, 0x02, 0x00, 0x94, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x73, 0x28,
566			0x02, 0x00, 0x93, 0x2C, 0x0D, 0x06, 0x02, 0x6B, 0x28, 0x02, 0x00, 0x96,
567			0x3C, 0x8C, 0x01, 0x20, 0xB6, 0x01, 0x00, 0x03, 0x01, 0xC1, 0x03, 0x02,
568			0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x70, 0x28, 0x84, 0x02, 0x02,
569			0xB6, 0x02, 0x02, 0x8E, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
570			0x06, 0x0B, 0x8D, 0x84, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
571			0x01, 0x8D, 0x84, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8E, 0x3E, 0x02, 0x00,
572			0x92, 0x02, 0x01, 0x98, 0xBF, 0x26, 0xC3, 0x58, 0x06, 0x02, 0x62, 0x28,
573			0x26, 0xCD, 0x02, 0x00, 0x01, 0x86, 0x03, 0x0A, 0x17, 0x06, 0x02, 0x62,
574			0x28, 0x79, 0x02, 0x01, 0x98, 0xC1, 0x06, 0x02, 0x63, 0x28, 0x26, 0x06,
575			0x81, 0x47, 0xBF, 0xAA, 0xA6, 0x03, 0x03, 0xA4, 0x03, 0x04, 0xA2, 0x03,
576			0x05, 0xA5, 0x03, 0x06, 0xA7, 0x03, 0x07, 0xA3, 0x03, 0x08, 0x27, 0x03,
577			0x09, 0x26, 0x06, 0x81, 0x18, 0xBF, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F,
578			0x25, 0x02, 0x03, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBE,
579			0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05,
580			0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBC, 0x04, 0x80, 0x6A,
581			0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05,
582			0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBD, 0x04, 0x80, 0x53, 0x01,
583			0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6C, 0x28,
584			0x01, 0x00, 0x03, 0x06, 0xBA, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06,
585			0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x07,
586			0xBA, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08,
587			0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x08, 0xBA, 0x04, 0x17, 0x01,
588			0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6C, 0x28,
589			0x01, 0x00, 0x03, 0x09, 0xAE, 0x04, 0x03, 0x6C, 0x28, 0x25, 0x04, 0xFE,
590			0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02,
591			0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x04, 0x0C, 0xA4, 0x01, 0x05,
592			0x0F, 0x06, 0x02, 0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x02, 0x01,
593			0x00, 0x04, 0xB8, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xC1, 0x01,
594			0x03, 0x0E, 0x05, 0x02, 0x6D, 0x28, 0xBF, 0x26, 0x7C, 0x3E, 0x26, 0x01,
595			0x20, 0x10, 0x06, 0x02, 0x6D, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17,
596			0x05, 0x02, 0x6D, 0x28, 0xC1, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02,
597			0x6D, 0x28, 0x26, 0x7E, 0x3E, 0x7D, 0x44, 0xB6, 0x92, 0x2C, 0x01, 0x86,
598			0x03, 0x10, 0x03, 0x00, 0x79, 0x2C, 0xCB, 0x03, 0x01, 0x01, 0x02, 0x03,
599			0x02, 0x02, 0x00, 0x06, 0x21, 0xC1, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44,
600			0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6D, 0x28, 0x03, 0x02, 0xC1, 0x02,
601			0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6D, 0x28,
602			0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBF, 0x26,
603			0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x84,
604			0x44, 0xB6, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x50, 0x26, 0x06, 0x01,
605			0x28, 0x25, 0x9B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x97,
606			0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x60,
607			0x00, 0xD0, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xC1, 0xAA, 0x26,
608			0x06, 0x80, 0x43, 0xC1, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
609			0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25,
610			0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06,
611			0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38,
612			0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00,
613			0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x9B, 0x79,
614			0x2C, 0xC9, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03,
615			0x00, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xBB, 0x26, 0x81,
616			0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00,
617			0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17,
618			0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80,
619			0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88,
620			0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88,
621			0x01, 0x17, 0x03, 0x00, 0x16, 0xBF, 0xAA, 0x26, 0x06, 0x23, 0xBF, 0xAA,
622			0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05,
623			0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x84, 0x02, 0x01, 0xB6,
624			0x02, 0x01, 0x12, 0x04, 0x65, 0x9B, 0x13, 0x04, 0x5A, 0x9B, 0x14, 0x9B,
625			0x02, 0x00, 0x2A, 0x00, 0x00, 0xB9, 0x26, 0x5A, 0x06, 0x07, 0x25, 0x06,
626			0x02, 0x66, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC2, 0x01, 0x03, 0xC0, 0x44,
627			0x25, 0x44, 0x00, 0x00, 0xBF, 0xC6, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
628			0xBF, 0xAA, 0x26, 0x06, 0x80, 0x50, 0xC1, 0x03, 0x01, 0xC1, 0x03, 0x02,
629			0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C,
630			0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00,
631			0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01,
632			0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01,
633			0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02,
634			0x5D, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04,
635			0xFF, 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBF, 0x01, 0x01, 0x0E, 0x05,
636			0x02, 0x65, 0x28, 0xC1, 0x01, 0x08, 0x08, 0x82, 0x2E, 0x0E, 0x05, 0x02,
637			0x65, 0x28, 0x00, 0x00, 0xBF, 0x88, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E,
638			0x05, 0x02, 0x69, 0x28, 0xC1, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x69, 0x28,
639			0x01, 0x02, 0x88, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x69,
640			0x28, 0xC1, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x69, 0x28, 0x84, 0x01, 0x18,
641			0xB6, 0x89, 0x84, 0x01, 0x18, 0x30, 0x05, 0x02, 0x69, 0x28, 0x00, 0x00,
642			0xBF, 0x06, 0x02, 0x6A, 0x28, 0x00, 0x00, 0x01, 0x02, 0x97, 0xC2, 0x01,
643			0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x03, 0x97, 0xC2, 0x01, 0x08,
644			0x0B, 0xC2, 0x08, 0x01, 0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x01,
645			0x97, 0xC2, 0x00, 0x00, 0x3A, 0x26, 0x58, 0x05, 0x01, 0x00, 0x25, 0xD0,
646			0x04, 0x76, 0x02, 0x03, 0x00, 0x91, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26,
647			0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x90, 0x08, 0x2C,
648			0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5C, 0x04, 0x6A, 0x25, 0x01, 0x7F,
649			0x00, 0x00, 0x01, 0x15, 0x87, 0x3E, 0x44, 0x52, 0x25, 0x52, 0x25, 0x29,
650			0x00, 0x00, 0x01, 0x01, 0x44, 0xC4, 0x00, 0x00, 0x44, 0x38, 0x97, 0x44,
651			0x26, 0x06, 0x05, 0xC2, 0x25, 0x5D, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26,
652			0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x9A,
653			0x59, 0x00, 0x02, 0x03, 0x00, 0x79, 0x2C, 0x9A, 0x03, 0x01, 0x02, 0x01,
654			0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02,
655			0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
656			0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04,
657			0x01, 0x4A, 0x04, 0x81, 0x0D, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25,
658			0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A,
659			0x04, 0x80, 0x77, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01,
660			0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x80,
661			0x61, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x25, 0x01, 0x10, 0x02,
662			0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x80, 0x4C, 0x01, 0x04,
663			0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
664			0x47, 0x04, 0x01, 0x48, 0x04, 0x38, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C,
665			0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x4B, 0x04, 0x01, 0x4C, 0x04, 0x26,
666			0x26, 0x01, 0x09, 0x0F, 0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x26, 0x01,
667			0x01, 0x17, 0x01, 0x04, 0x0B, 0x01, 0x10, 0x08, 0x44, 0x01, 0x08, 0x17,
668			0x01, 0x10, 0x44, 0x09, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46,
669			0x00, 0x25, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
670			0x00, 0x9A, 0x01, 0x0C, 0x11, 0x26, 0x5B, 0x44, 0x01, 0x03, 0x0A, 0x17,
671			0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x9A,
672			0x01, 0x0C, 0x11, 0x5A, 0x00, 0x00, 0x9A, 0x01, 0x81, 0x70, 0x17, 0x01,
673			0x20, 0x0D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x75, 0x2E, 0x26, 0x06, 0x22,
674			0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9E, 0x04, 0x14,
675			0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x77, 0x2E, 0x01, 0x01, 0x0E,
676			0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x7B,
677			0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x86, 0x2E, 0x01, 0x14, 0x38, 0x0E,
678			0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E,
679			0x06, 0x09, 0x25, 0xAD, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01,
680			0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25,
681			0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37,
682			0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x86, 0x2E, 0x01,
683			0x15, 0x0E, 0x06, 0x08, 0x25, 0xAD, 0x01, 0x00, 0x77, 0x3E, 0x04, 0x01,
684			0x20, 0x00, 0x00, 0xCE, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02,
685			0x72, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00,
686			0x87, 0x3E, 0x00, 0xCE, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xD1, 0x01,
687			0x01, 0xDE, 0x29, 0x26, 0x01, 0x00, 0xC8, 0x01, 0x16, 0xD1, 0xD7, 0x29,
688			0x00, 0x00, 0x01, 0x0B, 0xDE, 0x4E, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDD,
689			0xDD, 0x18, 0x26, 0x58, 0x06, 0x02, 0x25, 0x00, 0xDD, 0x1D, 0x26, 0x06,
690			0x05, 0x84, 0x44, 0xD8, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01,
691			0x0F, 0xDE, 0x26, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01,
692			0x04, 0x08, 0xDD, 0x80, 0x2E, 0xDE, 0x78, 0x2E, 0xDE, 0x04, 0x02, 0x5E,
693			0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x00, 0x02, 0xA4, 0xA6, 0x08, 0xA2,
694			0x08, 0xA5, 0x08, 0xA7, 0x08, 0xA3, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01,
695			0x01, 0xDE, 0x01, 0x27, 0x8E, 0x2E, 0x08, 0x91, 0x2E, 0x01, 0x01, 0x0B,
696			0x08, 0x02, 0x00, 0x06, 0x04, 0x5E, 0x02, 0x00, 0x08, 0x83, 0x2C, 0x38,
697			0x09, 0x26, 0x5B, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5E, 0x44,
698			0x5F, 0x01, 0x04, 0x09, 0x26, 0x58, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26,
699			0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08,
700			0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDD, 0x94,
701			0x2C, 0xDC, 0x7A, 0x01, 0x04, 0x19, 0x7A, 0x01, 0x04, 0x08, 0x01, 0x1C,
702			0x32, 0x7A, 0x01, 0x20, 0xD8, 0x8D, 0x8E, 0x2E, 0xDA, 0x91, 0x2E, 0x26,
703			0x01, 0x01, 0x0B, 0xDC, 0x90, 0x44, 0x26, 0x06, 0x0F, 0x5D, 0x38, 0x2C,
704			0x26, 0xC7, 0x05, 0x02, 0x62, 0x28, 0xDC, 0x44, 0x5E, 0x44, 0x04, 0x6E,
705			0x60, 0x01, 0x01, 0xDE, 0x01, 0x00, 0xDE, 0x02, 0x00, 0x06, 0x81, 0x5A,
706			0x02, 0x00, 0xDC, 0xA4, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xDC, 0x89,
707			0xA4, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x5D, 0xDA, 0xA6, 0x06, 0x16, 0x01,
708			0x00, 0xDC, 0x8B, 0xA6, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x01, 0x02, 0x09,
709			0x26, 0xDC, 0x01, 0x00, 0xDE, 0x01, 0x03, 0x09, 0xD9, 0xA2, 0x06, 0x0C,
710			0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC, 0x82, 0x2E, 0x01, 0x08, 0x09, 0xDE,
711			0xA5, 0x06, 0x19, 0x01, 0x0D, 0xDC, 0xA5, 0x01, 0x04, 0x09, 0x26, 0xDC,
712			0x01, 0x02, 0x09, 0xDC, 0x42, 0x06, 0x03, 0x01, 0x03, 0xDB, 0x43, 0x06,
713			0x03, 0x01, 0x01, 0xDB, 0xA7, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xDC, 0x01,
714			0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82,
715			0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF,
716			0x7F, 0x17, 0x01, 0x1D, 0xDC, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0xA0,
717			0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xDC, 0x5C, 0x04, 0x6E, 0x60,
718			0x04, 0x01, 0x25, 0xA3, 0x06, 0x0A, 0x01, 0x0B, 0xDC, 0x01, 0x02, 0xDC,
719			0x01, 0x82, 0x00, 0xDC, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xDC, 0x01,
720			0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x85, 0x2C, 0x01, 0x00, 0xA0, 0x0F,
721			0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDE, 0x84, 0x44, 0xD8, 0x5C, 0x04, 0x72,
722			0x60, 0x04, 0x01, 0x25, 0x02, 0x01, 0x58, 0x05, 0x11, 0x01, 0x15, 0xDC,
723			0x02, 0x01, 0x26, 0xDC, 0x26, 0x06, 0x06, 0x5D, 0x01, 0x00, 0xDE, 0x04,
724			0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDE, 0x79, 0x2C, 0x26, 0xCC, 0x06,
725			0x0C, 0xAB, 0x23, 0x26, 0x5E, 0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x04,
726			0x0D, 0x26, 0xCA, 0x44, 0xAB, 0x22, 0x26, 0x5C, 0xDD, 0x26, 0xDE, 0x84,
727			0x44, 0xD8, 0x00, 0x00, 0x9C, 0x01, 0x14, 0xDE, 0x01, 0x0C, 0xDD, 0x84,
728			0x01, 0x0C, 0xD8, 0x00, 0x00, 0x51, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
729			0x60, 0x00, 0xCE, 0x25, 0x04, 0x73, 0x00, 0x26, 0xDC, 0xD8, 0x00, 0x00,
730			0x26, 0xDE, 0xD8, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10,
731			0x17, 0x06, 0x06, 0x01, 0x04, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x08,
732			0x17, 0x06, 0x06, 0x01, 0x03, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x20,
733			0x17, 0x06, 0x06, 0x01, 0x05, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x80,
734			0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDE, 0x02, 0x00, 0xDE, 0x01, 0x04,
735			0x17, 0x06, 0x06, 0x01, 0x02, 0xDE, 0x02, 0x00, 0xDE, 0x00, 0x00, 0x26,
736			0x01, 0x08, 0x4F, 0xDE, 0xDE, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4F, 0xDE,
737			0xDC, 0x00, 0x00, 0x26, 0x52, 0x06, 0x02, 0x25, 0x00, 0xCE, 0x25, 0x04,
738			0x76
739			};
740
741			static const uint16_t t0_caddr[] = {
742			0,
743			5,
744			10,
745			15,
746			20,
747			25,
748			30,
749			35,
750			40,
751			44,
752			48,
753			52,
754			56,
755			60,
756			64,
757			68,
758			72,
759			76,
760			80,
761			84,
762			88,
763			92,
764			96,
765			100,
766			104,
767			108,
768			112,
769			116,
770			120,
771			124,
772			129,
773			134,
774			139,
775			144,
776			149,
777			154,
778			159,
779			164,
780			169,
781			174,
782			179,
783			184,
784			189,
785			194,
786			199,
787			204,
788			209,
789			214,
790			219,
791			224,
792			229,
793			234,
794			239,
795			244,
796			249,
797			254,
798			259,
799			264,
800			269,
801			274,
802			279,
803			284,
804			289,
805			294,
806			303,
807			316,
808			320,
809			345,
810			351,
811			370,
812			381,
813			422,
814			542,
815			546,
816			611,
817			626,
818			637,
819			655,
820			684,
821			694,
822			730,
823			740,
824			818,
825			832,
826			838,
827			897,
828			916,
829			951,
830			1000,
831			1076,
832			1103,
833			1134,
834			1145,
835			1497,
836			1644,
837			1668,
838			1884,
839			1898,
840			1907,
841			1911,
842			2006,
843			2027,
844			2083,
845			2090,
846			2101,
847			2117,
848			2123,
849			2134,
850			2169,
851			2181,
852			2187,
853			2202,
854			2218,
855			2411,
856			2420,
857			2433,
858			2442,
859			2449,
860			2459,
861			2565,
862			2590,
863			2603,
864			2619,
865			2637,
866			2669,
867			2703,
868			3071,
869			3107,
870			3120,
871			3134,
872			3139,
873			3144,
874			3210,
875			3218,
876			3226
877			};
878
879			#define T0_INTERPRETED 88
880
881			#define T0_ENTER(ip, rp, slot) do { \
882			const unsigned char *t0_newip; \
883			uint32_t t0_lnum; \
884			t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
885			t0_lnum = t0_parse7E_unsigned(&t0_newip); \
886			(rp) += t0_lnum; \
887			*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
888			(ip) = t0_newip; \
889			} while (0)
890
891			#define T0_DEFENTRY(name, slot) \
892			void \
893			name(void *ctx) \
894			{ \
895			t0_context *t0ctx = ctx; \
896			t0ctx->ip = &t0_codeblock[0]; \
897			T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
898			}
899
900	1		T0_DEFENTRY(br_ssl_hs_client_init_main, 169)
901
902			#define T0_NEXT(t0ipp) (((t0ipp)) ++)
903
904			void
905	14		br_ssl_hs_client_run(void *t0ctx)
906			{
907			uint32_t dp, rp;
908			const unsigned char *ip;
909
910			#define T0_LOCAL(x) (*(rp - 2 - (x)))
911			#define T0_POP() (*-- dp)
912			#define T0_POPi() ((int32_t )(-- dp))
913			#define T0_PEEK(x) (*(dp - 1 - (x)))
914			#define T0_PEEKi(x) ((int32_t )(dp - 1 - (x)))
915			#define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
916			#define T0_PUSHi(v) do { (int32_t )dp = (v); dp ++; } while (0)
917			#define T0_RPOP() (*-- rp)
918			#define T0_RPOPi() ((int32_t )(-- rp))
919			#define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
920			#define T0_RPUSHi(v) do { (int32_t )rp = (v); rp ++; } while (0)
921			#define T0_ROLL(x) do { \
922			size_t t0len = (size_t)(x); \
923			uint32_t t0tmp = *(dp - 1 - t0len); \
924			memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
925			*(dp - 1) = t0tmp; \
926			} while (0)
927			#define T0_SWAP() do { \
928			uint32_t t0tmp = *(dp - 2); \
929			(dp - 2) = (dp - 1); \
930			*(dp - 1) = t0tmp; \
931			} while (0)
932			#define T0_ROT() do { \
933			uint32_t t0tmp = *(dp - 3); \
934			(dp - 3) = (dp - 2); \
935			(dp - 2) = (dp - 1); \
936			*(dp - 1) = t0tmp; \
937			} while (0)
938			#define T0_NROT() do { \
939			uint32_t t0tmp = *(dp - 1); \
940			(dp - 1) = (dp - 2); \
941			(dp - 2) = (dp - 3); \
942			*(dp - 3) = t0tmp; \
943			} while (0)
944			#define T0_PICK(x) do { \
945			uint32_t t0depth = (x); \
946			T0_PUSH(T0_PEEK(t0depth)); \
947			} while (0)
948			#define T0_CO() do { \
949			goto t0_exit; \
950			} while (0)
951			#define T0_RET() goto t0_next
952
953	14		dp = ((t0_context *)t0ctx)->dp;
954	14		rp = ((t0_context *)t0ctx)->rp;
955	14		ip = ((t0_context *)t0ctx)->ip;
956	14		goto t0_next;
957	51953		for (;;) {
958			uint32_t t0x;
959
960	51956		t0_next:
961	51970		t0x = T0_NEXT(&ip);
962	51970	100	if (t0x < T0_INTERPRETED) {
963	44796		switch (t0x) {
964			int32_t t0off;
965
966	7172		case 0: /* ret */
967	7172		t0x = T0_RPOP();
968	7172		rp -= (t0x >> 16);
969	7172		t0x &= 0xFFFF;
970	7172	50	if (t0x == 0) {
971	0		ip = NULL;
972	0		goto t0_exit;
973			}
974	7172		ip = &t0_codeblock[t0x];
975	7172		break;
976	7247		case 1: /* literal constant */
977	7247		T0_PUSHi(t0_parse7E_signed(&ip));
978	7247		break;
979	1712		case 2: /* read local */
980	1712		T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
981	1712		break;
982	208		case 3: /* write local */
983	208		T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
984	208		break;
985	1676		case 4: /* jump */
986	1676		t0off = t0_parse7E_signed(&ip);
987	1676		ip += t0off;
988	1676		break;
989	1644		case 5: /* jump if */
990	1644		t0off = t0_parse7E_signed(&ip);
991	1644	100	if (T0_POP()) {
992	1582		ip += t0off;
993			}
994	1644		break;
995	2191		case 6: /* jump if not */
996	2191		t0off = t0_parse7E_signed(&ip);
997	2191	100	if (!T0_POP()) {
998	1682		ip += t0off;
999			}
1000	2191		break;
1001	0		case 7: {
1002			/* * */
1003
1004	0		uint32_t b = T0_POP();
1005	0		uint32_t a = T0_POP();
1006	0		T0_PUSH(a * b);
1007
1008			}
1009	0		break;
1010	6358		case 8: {
1011			/* + */
1012
1013	6358		uint32_t b = T0_POP();
1014	6358		uint32_t a = T0_POP();
1015	6358		T0_PUSH(a + b);
1016
1017			}
1018	6358		break;
1019	88		case 9: {
1020			/* - */
1021
1022	88		uint32_t b = T0_POP();
1023	88		uint32_t a = T0_POP();
1024	88		T0_PUSH(a - b);
1025
1026			}
1027	88		break;
1028	127		case 10: {
1029			/* < */
1030
1031	127		int32_t b = T0_POPi();
1032	127		int32_t a = T0_POPi();
1033	127		T0_PUSH(-(uint32_t)(a < b));
1034
1035			}
1036	127		break;
1037	1609		case 11: {
1038			/* << */
1039
1040	1609		int c = (int)T0_POPi();
1041	1609		uint32_t x = T0_POP();
1042	1609		T0_PUSH(x << c);
1043
1044			}
1045	1609		break;
1046	0		case 12: {
1047			/* <= */
1048
1049	0		int32_t b = T0_POPi();
1050	0		int32_t a = T0_POPi();
1051	0		T0_PUSH(-(uint32_t)(a <= b));
1052
1053			}
1054	0		break;
1055	53		case 13: {
1056			/* <> */
1057
1058	53		uint32_t b = T0_POP();
1059	53		uint32_t a = T0_POP();
1060	53		T0_PUSH(-(uint32_t)(a != b));
1061
1062			}
1063	53		break;
1064	1636		case 14: {
1065			/* = */
1066
1067	1636		uint32_t b = T0_POP();
1068	1636		uint32_t a = T0_POP();
1069	1636		T0_PUSH(-(uint32_t)(a == b));
1070
1071			}
1072	1636		break;
1073	16		case 15: {
1074			/* > */
1075
1076	16		int32_t b = T0_POPi();
1077	16		int32_t a = T0_POPi();
1078	16		T0_PUSH(-(uint32_t)(a > b));
1079
1080			}
1081	16		break;
1082	2		case 16: {
1083			/* >= */
1084
1085	2		int32_t b = T0_POPi();
1086	2		int32_t a = T0_POPi();
1087	2		T0_PUSH(-(uint32_t)(a >= b));
1088
1089			}
1090	2		break;
1091	132		case 17: {
1092			/* >> */
1093
1094	132		int c = (int)T0_POPi();
1095	132		int32_t x = T0_POPi();
1096	132		T0_PUSHi(x >> c);
1097
1098			}
1099	132		break;
1100	0		case 18: {
1101			/* anchor-dn-append-name */
1102
1103			size_t len;
1104
1105	0		len = T0_POP();
1106	0	0	if (CTX->client_auth_vtable != NULL) {
1107	0		(*CTX->client_auth_vtable)->append_name(
1108	0		CTX->client_auth_vtable, ENG->pad, len);
1109			}
1110
1111			}
1112	0		break;
1113	0		case 19: {
1114			/* anchor-dn-end-name */
1115
1116	0	0	if (CTX->client_auth_vtable != NULL) {
1117	0		(*CTX->client_auth_vtable)->end_name(
1118	0		CTX->client_auth_vtable);
1119			}
1120
1121			}
1122	0		break;
1123	0		case 20: {
1124			/* anchor-dn-end-name-list */
1125
1126	0	0	if (CTX->client_auth_vtable != NULL) {
1127	0		(*CTX->client_auth_vtable)->end_name_list(
1128	0		CTX->client_auth_vtable);
1129			}
1130
1131			}
1132	0		break;
1133	0		case 21: {
1134			/* anchor-dn-start-name */
1135
1136			size_t len;
1137
1138	0		len = T0_POP();
1139	0	0	if (CTX->client_auth_vtable != NULL) {
1140	0		(*CTX->client_auth_vtable)->start_name(
1141	0		CTX->client_auth_vtable, len);
1142			}
1143
1144			}
1145	0		break;
1146	0		case 22: {
1147			/* anchor-dn-start-name-list */
1148
1149	0	0	if (CTX->client_auth_vtable != NULL) {
1150	0		(*CTX->client_auth_vtable)->start_name_list(
1151	0		CTX->client_auth_vtable);
1152			}
1153
1154			}
1155	0		break;
1156	161		case 23: {
1157			/* and */
1158
1159	161		uint32_t b = T0_POP();
1160	161		uint32_t a = T0_POP();
1161	161		T0_PUSH(a & b);
1162
1163			}
1164	161		break;
1165	0		case 24: {
1166			/* begin-cert */
1167
1168	0	0	if (ENG->chain_len == 0) {
1169	0		T0_PUSHi(-1);
1170			} else {
1171	0		ENG->cert_cur = ENG->chain->data;
1172	0		ENG->cert_len = ENG->chain->data_len;
1173	0		ENG->chain ++;
1174	0		ENG->chain_len --;
1175	0		T0_PUSH(ENG->cert_len);
1176			}
1177
1178			}
1179	0		break;
1180	1		case 25: {
1181			/* bzero */
1182
1183	1		size_t len = (size_t)T0_POP();
1184	1		void addr = (unsigned char )ENG + (size_t)T0_POP();
1185	1		memset(addr, 0, len);
1186
1187			}
1188	1		break;
1189	19		case 26: {
1190			/* can-output? */
1191
1192	19		T0_PUSHi(-(ENG->hlen_out > 0));
1193
1194			}
1195	19		break;
1196	13		case 27: {
1197			/* co */
1198	13		T0_CO();
1199			}
1200			break;
1201	2		case 28: {
1202			/* compute-Finished-inner */
1203
1204	2		int prf_id = T0_POP();
1205	2		int from_client = T0_POPi();
1206			unsigned char tmp[48];
1207			br_tls_prf_seed_chunk seed;
1208
1209	2		br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1210	2		seed.data = tmp;
1211	2	50	if (ENG->session.version >= BR_TLS12) {
1212	2		seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1213			} else {
1214	0		br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1215	0		br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1216	0		seed.len = 36;
1217			}
1218	2	100	prf(ENG->pad, 12, ENG->session.master_secret,
1219			sizeof ENG->session.master_secret,
1220			from_client ? "client finished" : "server finished",
1221			1, &seed);
1222
1223			}
1224	2		break;
1225	0		case 29: {
1226			/* copy-cert-chunk */
1227
1228			size_t clen;
1229
1230	0		clen = ENG->cert_len;
1231	0	0	if (clen > sizeof ENG->pad) {
1232	0		clen = sizeof ENG->pad;
1233			}
1234	0		memcpy(ENG->pad, ENG->cert_cur, clen);
1235	0		ENG->cert_cur += clen;
1236	0		ENG->cert_len -= clen;
1237	0		T0_PUSH(clen);
1238
1239			}
1240	0		break;
1241	0		case 30: {
1242			/* copy-protocol-name */
1243
1244	0		size_t idx = T0_POP();
1245	0		size_t len = strlen(ENG->protocol_names[idx]);
1246	0		memcpy(ENG->pad, ENG->protocol_names[idx], len);
1247	0		T0_PUSH(len);
1248
1249			}
1250	0		break;
1251	3150		case 31: {
1252			/* data-get8 */
1253
1254	3150		size_t addr = T0_POP();
1255	3150		T0_PUSH(t0_datablock[addr]);
1256
1257			}
1258	3150		break;
1259	0		case 32: {
1260			/* discard-input */
1261
1262	0		ENG->hlen_in = 0;
1263
1264			}
1265	0		break;
1266	0		case 33: {
1267			/* do-client-sign */
1268
1269			size_t sig_len;
1270
1271	0		sig_len = make_client_sign(CTX);
1272	0	0	if (sig_len == 0) {
1273	0		br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1274	0		T0_CO();
1275			}
1276	0		T0_PUSH(sig_len);
1277
1278			}
1279	0		break;
1280	1		case 34: {
1281			/* do-ecdh */
1282
1283	1		unsigned prf_id = T0_POP();
1284	1		unsigned ecdhe = T0_POP();
1285			int x;
1286
1287	1		x = make_pms_ecdh(CTX, ecdhe, prf_id);
1288	1	50	if (x < 0) {
1289	0		br_ssl_engine_fail(ENG, -x);
1290	0		T0_CO();
1291			} else {
1292	1		T0_PUSH(x);
1293			}
1294
1295			}
1296	1		break;
1297	0		case 35: {
1298			/* do-rsa-encrypt */
1299
1300			int x;
1301
1302	0		x = make_pms_rsa(CTX, T0_POP());
1303	0	0	if (x < 0) {
1304	0		br_ssl_engine_fail(ENG, -x);
1305	0		T0_CO();
1306			} else {
1307	0		T0_PUSH(x);
1308			}
1309
1310			}
1311	0		break;
1312	0		case 36: {
1313			/* do-static-ecdh */
1314
1315	0		unsigned prf_id = T0_POP();
1316
1317	0	0	if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1318	0		br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1319	0		T0_CO();
1320			}
1321
1322			}
1323	0		break;
1324	264		case 37: {
1325			/* drop */
1326	264		(void)T0_POP();
1327			}
1328	264		break;
1329	5427		case 38: {
1330			/* dup */
1331	5427		T0_PUSH(T0_PEEK(0));
1332			}
1333	5427		break;
1334	3		case 39: {
1335			/* ext-ALPN-length */
1336
1337			size_t u, len;
1338
1339	3	50	if (ENG->protocol_names_num == 0) {
1340	3		T0_PUSH(0);
1341	3		T0_RET();
1342			}
1343	0		len = 6;
1344	0	0	for (u = 0; u < ENG->protocol_names_num; u ++) {
1345	0		len += 1 + strlen(ENG->protocol_names[u]);
1346			}
1347	0		T0_PUSH(len);
1348
1349			}
1350	0		break;
1351	1		case 40: {
1352			/* fail */
1353
1354	1		br_ssl_engine_fail(ENG, (int)T0_POPi());
1355	1		T0_CO();
1356
1357			}
1358			break;
1359	7		case 41: {
1360			/* flush-record */
1361
1362	7		br_ssl_engine_flush_record(ENG);
1363
1364			}
1365	7		break;
1366	0		case 42: {
1367			/* get-client-chain */
1368
1369			uint32_t auth_types;
1370
1371	0		auth_types = T0_POP();
1372	0	0	if (CTX->client_auth_vtable != NULL) {
1373			br_ssl_client_certificate ux;
1374
1375	0		(*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1376	0		CTX, auth_types, &ux);
1377	0		CTX->auth_type = (unsigned char)ux.auth_type;
1378	0		CTX->hash_id = (unsigned char)ux.hash_id;
1379	0		ENG->chain = ux.chain;
1380	0		ENG->chain_len = ux.chain_len;
1381			} else {
1382	0		CTX->hash_id = 0;
1383	0		ENG->chain_len = 0;
1384			}
1385
1386			}
1387	0		break;
1388	1		case 43: {
1389			/* get-key-type-usages */
1390
1391			const br_x509_class *xc;
1392			const br_x509_pkey *pk;
1393			unsigned usages;
1394
1395	1		xc = *(ENG->x509ctx);
1396	1		pk = xc->get_pkey(ENG->x509ctx, &usages);
1397	1	50	if (pk == NULL) {
1398	0		T0_PUSH(0);
1399			} else {
1400	1		T0_PUSH(pk->key_type \| usages);
1401			}
1402
1403			}
1404	1		break;
1405	61		case 44: {
1406			/* get16 */
1407
1408	61		size_t addr = (size_t)T0_POP();
1409	61		T0_PUSH((uint16_t )(void )((unsigned char )ENG + addr));
1410
1411			}
1412	61		break;
1413	0		case 45: {
1414			/* get32 */
1415
1416	0		size_t addr = (size_t)T0_POP();
1417	0		T0_PUSH((uint32_t )(void )((unsigned char )ENG + addr));
1418
1419			}
1420	0		break;
1421	42		case 46: {
1422			/* get8 */
1423
1424	42		size_t addr = (size_t)T0_POP();
1425	42		T0_PUSH(((unsigned char )ENG + addr));
1426
1427			}
1428	42		break;
1429	16		case 47: {
1430			/* has-input? */
1431
1432	16		T0_PUSHi(-(ENG->hlen_in != 0));
1433
1434			}
1435	16		break;
1436	1		case 48: {
1437			/* memcmp */
1438
1439	1		size_t len = (size_t)T0_POP();
1440	1		void addr2 = (unsigned char )ENG + (size_t)T0_POP();
1441	1		void addr1 = (unsigned char )ENG + (size_t)T0_POP();
1442	1		int x = memcmp(addr1, addr2, len);
1443	1		T0_PUSH((uint32_t)-(x == 0));
1444
1445			}
1446	1		break;
1447	3		case 49: {
1448			/* memcpy */
1449
1450	3		size_t len = (size_t)T0_POP();
1451	3		void src = (unsigned char )ENG + (size_t)T0_POP();
1452	3		void dst = (unsigned char )ENG + (size_t)T0_POP();
1453	3		memcpy(dst, src, len);
1454
1455			}
1456	3		break;
1457	1		case 50: {
1458			/* mkrand */
1459
1460	1		size_t len = (size_t)T0_POP();
1461	1		void addr = (unsigned char )ENG + (size_t)T0_POP();
1462	1		br_hmac_drbg_generate(&ENG->rng, addr, len);
1463
1464			}
1465	1		break;
1466	2		case 51: {
1467			/* more-incoming-bytes? */
1468
1469	2	50	T0_PUSHi(ENG->hlen_in != 0 \|\| !br_ssl_engine_recvrec_finished(ENG));
		50
1470
1471			}
1472	2		break;
1473	1		case 52: {
1474			/* multihash-init */
1475
1476	1		br_multihash_init(&ENG->mhash);
1477
1478			}
1479	1		break;
1480	0		case 53: {
1481			/* neg */
1482
1483	0		uint32_t a = T0_POP();
1484	0		T0_PUSH(-a);
1485
1486			}
1487	0		break;
1488	3		case 54: {
1489			/* not */
1490
1491	3		uint32_t a = T0_POP();
1492	3		T0_PUSH(~a);
1493
1494			}
1495	3		break;
1496	17		case 55: {
1497			/* or */
1498
1499	17		uint32_t b = T0_POP();
1500	17		uint32_t a = T0_POP();
1501	17		T0_PUSH(a \| b);
1502
1503			}
1504	17		break;
1505	142		case 56: {
1506			/* over */
1507	142		T0_PUSH(T0_PEEK(1));
1508			}
1509	142		break;
1510	9		case 57: {
1511			/* read-chunk-native */
1512
1513	9		size_t clen = ENG->hlen_in;
1514	9	50	if (clen > 0) {
1515			uint32_t addr, len;
1516
1517	9		len = T0_POP();
1518	9		addr = T0_POP();
1519	9	100	if ((size_t)len < clen) {
1520	8		clen = (size_t)len;
1521			}
1522	9		memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1523	9	50	if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1524	9		br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1525			}
1526	9		T0_PUSH(addr + (uint32_t)clen);
1527	9		T0_PUSH(len - (uint32_t)clen);
1528	9		ENG->hbuf_in += clen;
1529	9		ENG->hlen_in -= clen;
1530			}
1531
1532			}
1533	9		break;
1534	54		case 58: {
1535			/* read8-native */
1536
1537	54	100	if (ENG->hlen_in > 0) {
1538			unsigned char x;
1539
1540	50		x = *ENG->hbuf_in ++;
1541	50	100	if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1542	47		br_multihash_update(&ENG->mhash, &x, 1);
1543			}
1544	50		T0_PUSH(x);
1545	50		ENG->hlen_in --;
1546			} else {
1547	4		T0_PUSHi(-1);
1548			}
1549
1550			}
1551	54		break;
1552	1		case 59: {
1553			/* set-server-curve */
1554
1555			const br_x509_class *xc;
1556			const br_x509_pkey *pk;
1557
1558	1		xc = *(ENG->x509ctx);
1559	1		pk = xc->get_pkey(ENG->x509ctx, NULL);
1560	1		CTX->server_curve =
1561	1	50	(pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1562
1563			}
1564	1		break;
1565	4		case 60: {
1566			/* set16 */
1567
1568	4		size_t addr = (size_t)T0_POP();
1569	4		(uint16_t )(void )((unsigned char )ENG + addr) = (uint16_t)T0_POP();
1570
1571			}
1572	4		break;
1573	0		case 61: {
1574			/* set32 */
1575
1576	0		size_t addr = (size_t)T0_POP();
1577	0		(uint32_t )(void )((unsigned char )ENG + addr) = (uint32_t)T0_POP();
1578
1579			}
1580	0		break;
1581	16		case 62: {
1582			/* set8 */
1583
1584	16		size_t addr = (size_t)T0_POP();
1585	16		((unsigned char )ENG + addr) = (unsigned char)T0_POP();
1586
1587			}
1588	16		break;
1589	4		case 63: {
1590			/* strlen */
1591
1592	4		void str = (unsigned char )ENG + (size_t)T0_POP();
1593	4		T0_PUSH((uint32_t)strlen(str));
1594
1595			}
1596	4		break;
1597	8		case 64: {
1598			/* supported-curves */
1599
1600	8	50	uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1601	8		T0_PUSH(x);
1602
1603			}
1604	8		break;
1605	6		case 65: {
1606			/* supported-hash-functions */
1607
1608			int i;
1609			unsigned x, num;
1610
1611	6		x = 0;
1612	6		num = 0;
1613	36	100	for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1614	30	50	if (br_multihash_getimpl(&ENG->mhash, i)) {
1615	30		x \|= 1U << i;
1616	30		num ++;
1617			}
1618			}
1619	6		T0_PUSH(x);
1620	6		T0_PUSH(num);
1621
1622			}
1623	6		break;
1624	5		case 66: {
1625			/* supports-ecdsa? */
1626
1627	5		T0_PUSHi(-(ENG->iecdsa != 0));
1628
1629			}
1630	5		break;
1631	5		case 67: {
1632			/* supports-rsa-sign? */
1633
1634	5		T0_PUSHi(-(ENG->irsavrfy != 0));
1635
1636			}
1637	5		break;
1638	3209		case 68: {
1639			/* swap */
1640	3209		T0_SWAP();
1641			}
1642	3209		break;
1643	0		case 69: {
1644			/* switch-aesccm-in */
1645
1646			int is_client, prf_id;
1647			unsigned cipher_key_len, tag_len;
1648
1649	0		tag_len = T0_POP();
1650	0		cipher_key_len = T0_POP();
1651	0		prf_id = T0_POP();
1652	0		is_client = T0_POP();
1653	0		br_ssl_engine_switch_ccm_in(ENG, is_client, prf_id,
1654	0		ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1655
1656			}
1657	0		break;
1658	0		case 70: {
1659			/* switch-aesccm-out */
1660
1661			int is_client, prf_id;
1662			unsigned cipher_key_len, tag_len;
1663
1664	0		tag_len = T0_POP();
1665	0		cipher_key_len = T0_POP();
1666	0		prf_id = T0_POP();
1667	0		is_client = T0_POP();
1668	0		br_ssl_engine_switch_ccm_out(ENG, is_client, prf_id,
1669	0		ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1670
1671			}
1672	0		break;
1673	0		case 71: {
1674			/* switch-aesgcm-in */
1675
1676			int is_client, prf_id;
1677			unsigned cipher_key_len;
1678
1679	0		cipher_key_len = T0_POP();
1680	0		prf_id = T0_POP();
1681	0		is_client = T0_POP();
1682	0		br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1683	0		ENG->iaes_ctr, cipher_key_len);
1684
1685			}
1686	0		break;
1687	0		case 72: {
1688			/* switch-aesgcm-out */
1689
1690			int is_client, prf_id;
1691			unsigned cipher_key_len;
1692
1693	0		cipher_key_len = T0_POP();
1694	0		prf_id = T0_POP();
1695	0		is_client = T0_POP();
1696	0		br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1697	0		ENG->iaes_ctr, cipher_key_len);
1698
1699			}
1700	0		break;
1701	0		case 73: {
1702			/* switch-cbc-in */
1703
1704			int is_client, prf_id, mac_id, aes;
1705			unsigned cipher_key_len;
1706
1707	0		cipher_key_len = T0_POP();
1708	0		aes = T0_POP();
1709	0		mac_id = T0_POP();
1710	0		prf_id = T0_POP();
1711	0		is_client = T0_POP();
1712	0	0	br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1713	0		aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1714
1715			}
1716	0		break;
1717	0		case 74: {
1718			/* switch-cbc-out */
1719
1720			int is_client, prf_id, mac_id, aes;
1721			unsigned cipher_key_len;
1722
1723	0		cipher_key_len = T0_POP();
1724	0		aes = T0_POP();
1725	0		mac_id = T0_POP();
1726	0		prf_id = T0_POP();
1727	0		is_client = T0_POP();
1728	0	0	br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1729	0		aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1730
1731			}
1732	0		break;
1733	1		case 75: {
1734			/* switch-chapol-in */
1735
1736			int is_client, prf_id;
1737
1738	1		prf_id = T0_POP();
1739	1		is_client = T0_POP();
1740	1		br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1741
1742			}
1743	1		break;
1744	1		case 76: {
1745			/* switch-chapol-out */
1746
1747			int is_client, prf_id;
1748
1749	1		prf_id = T0_POP();
1750	1		is_client = T0_POP();
1751	1		br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1752
1753			}
1754	1		break;
1755	0		case 77: {
1756			/* test-protocol-name */
1757
1758	0		size_t len = T0_POP();
1759			size_t u;
1760
1761	0	0	for (u = 0; u < ENG->protocol_names_num; u ++) {
1762			const char *name;
1763
1764	0		name = ENG->protocol_names[u];
1765	0	0	if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
		0
1766	0		T0_PUSH(u);
1767	0		T0_RET();
1768			}
1769			}
1770	0		T0_PUSHi(-1);
1771
1772			}
1773	0		break;
1774	0		case 78: {
1775			/* total-chain-length */
1776
1777			size_t u;
1778			uint32_t total;
1779
1780	0		total = 0;
1781	0	0	for (u = 0; u < ENG->chain_len; u ++) {
1782	0		total += 3 + (uint32_t)ENG->chain[u].data_len;
1783			}
1784	0		T0_PUSH(total);
1785
1786			}
1787	0		break;
1788	73		case 79: {
1789			/* u>> */
1790
1791	73		int c = (int)T0_POPi();
1792	73		uint32_t x = T0_POP();
1793	73		T0_PUSH(x >> c);
1794
1795			}
1796	73		break;
1797	1		case 80: {
1798			/* verify-SKE-sig */
1799
1800	1		size_t sig_len = T0_POP();
1801	1		int use_rsa = T0_POPi();
1802	1		int hash = T0_POPi();
1803
1804	1		T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1805
1806			}
1807	1		break;
1808	6		case 81: {
1809			/* write-blob-chunk */
1810
1811	6		size_t clen = ENG->hlen_out;
1812	6	50	if (clen > 0) {
1813			uint32_t addr, len;
1814
1815	6		len = T0_POP();
1816	6		addr = T0_POP();
1817	6	50	if ((size_t)len < clen) {
1818	6		clen = (size_t)len;
1819			}
1820	6		memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1821	6	50	if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1822	6		br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1823			}
1824	6		T0_PUSH(addr + (uint32_t)clen);
1825	6		T0_PUSH(len - (uint32_t)clen);
1826	6		ENG->hbuf_out += clen;
1827	6		ENG->hlen_out -= clen;
1828			}
1829
1830			}
1831	6		break;
1832	175		case 82: {
1833			/* write8-native */
1834
1835			unsigned char x;
1836
1837	175		x = (unsigned char)T0_POP();
1838	175	50	if (ENG->hlen_out > 0) {
1839	175	100	if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1840	172		br_multihash_update(&ENG->mhash, &x, 1);
1841			}
1842	175		*ENG->hbuf_out ++ = x;
1843	175		ENG->hlen_out --;
1844	175		T0_PUSHi(-1);
1845			} else {
1846	0		T0_PUSHi(0);
1847			}
1848
1849			}
1850	175		break;
1851	4		case 83: {
1852			/* x509-append */
1853
1854			const br_x509_class *xc;
1855			size_t len;
1856
1857	4		xc = *(ENG->x509ctx);
1858	4		len = T0_POP();
1859	4		xc->append(ENG->x509ctx, ENG->pad, len);
1860
1861			}
1862	4		break;
1863	1		case 84: {
1864			/* x509-end-cert */
1865
1866			const br_x509_class *xc;
1867
1868	1		xc = *(ENG->x509ctx);
1869	1		xc->end_cert(ENG->x509ctx);
1870
1871			}
1872	1		break;
1873	1		case 85: {
1874			/* x509-end-chain */
1875
1876			const br_x509_class *xc;
1877
1878	1		xc = *(ENG->x509ctx);
1879	1		T0_PUSH(xc->end_chain(ENG->x509ctx));
1880
1881			}
1882	1		break;
1883	1		case 86: {
1884			/* x509-start-cert */
1885
1886			const br_x509_class *xc;
1887
1888	1		xc = *(ENG->x509ctx);
1889	1		xc->start_cert(ENG->x509ctx, T0_POP());
1890
1891			}
1892	1		break;
1893	1		case 87: {
1894			/* x509-start-chain */
1895
1896			const br_x509_class *xc;
1897			uint32_t bc;
1898
1899	1		bc = T0_POP();
1900	1		xc = *(ENG->x509ctx);
1901	1	50	xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1902
1903			}
1904	1		break;
1905			}
1906
1907			} else {
1908	7174		T0_ENTER(ip, rp, t0x);
1909			}
1910			}
1911	14		t0_exit:
1912	14		((t0_context *)t0ctx)->dp = dp;
1913	14		((t0_context *)t0ctx)->rp = rp;
1914	14		((t0_context *)t0ctx)->ip = ip;
1915	14		}