File Coverage

src/x509/x509_minimal.c

Criterion	Covered	Total	%
statement	374	557	67.1
branch	67	194	34.5
condition			n/a
subroutine			n/a
pod			n/a
total	441	751	58.7

line	stmt	bran	code
1			/* Automatically generated code; do not modify directly. */
2
3			#include
4			#include
5
6			typedef struct {
7			uint32_t *dp;
8			uint32_t *rp;
9			const unsigned char *ip;
10			} t0_context;
11
12			static uint32_t
13	5089		t0_parse7E_unsigned(const unsigned char **p)
14			{
15			uint32_t x;
16
17	5089		x = 0;
18	0		for (;;) {
19			unsigned y;
20
21	5089		y = (p) ++;
22	5089		x = (x << 7) \| (uint32_t)(y & 0x7F);
23	5089	50	if (y < 0x80) {
24	5089		return x;
25			}
26			}
27			}
28
29			static int32_t
30	5184		t0_parse7E_signed(const unsigned char **p)
31			{
32			int neg;
33			uint32_t x;
34
35	5184		neg = ((**p) >> 6) & 1;
36	5184		x = (uint32_t)-neg;
37	952		for (;;) {
38			unsigned y;
39
40	6136		y = (p) ++;
41	6136		x = (x << 7) \| (uint32_t)(y & 0x7F);
42	6136	100	if (y < 0x80) {
43	5184	100	if (neg) {
44	346		return -(int32_t)~x - 1;
45			} else {
46	4838		return (int32_t)x;
47			}
48			}
49			}
50			}
51
52			#define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) \| 0x80)
53			#define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54			#define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55			#define T0_INT1(x) T0_FBYTE(x, 0)
56			#define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57			#define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58			#define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59			#define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61			/* static const unsigned char t0_datablock[]; */
62
63
64			void br_x509_minimal_init_main(void *t0ctx);
65
66			void br_x509_minimal_run(void *t0ctx);
67
68
69
70			#include "inner.h"
71
72
73
74
75
76			#include "inner.h"
77
78			/*
79			* Implementation Notes
80			* --------------------
81			*
82			* The C code pushes the data by chunks; all decoding is done in the
83			* T0 code. The cert_length value is set to the certificate length when
84			* a new certificate is started; the T0 code picks it up as outer limit,
85			* and decoding functions use it to ensure that no attempt is made at
86			* reading past it. The T0 code also checks that once the certificate is
87			* decoded, there are no trailing bytes.
88			*
89			* The T0 code sets cert_length to 0 when the certificate is fully
90			* decoded.
91			*
92			* The C code must still perform two checks:
93			*
94			* -- If the certificate length is 0, then the T0 code will not be
95			* invoked at all. This invalid condition must thus be reported by the
96			* C code.
97			*
98			* -- When reaching the end of certificate, the C code must verify that
99			* the certificate length has been set to 0, thereby signaling that
100			* the T0 code properly decoded a certificate.
101			*
102			* Processing of a chain works in the following way:
103			*
104			* -- The error flag is set to a non-zero value when validation is
105			* finished. The value is either BR_ERR_X509_OK (validation is
106			* successful) or another non-zero error code. When a non-zero error
107			* code is obtained, the remaining bytes in the current certificate and
108			* the subsequent certificates (if any) are completely ignored.
109			*
110			* -- Each certificate is decoded in due course, with the following
111			* "interesting points":
112			*
113			* -- Start of the TBS: the multihash engine is reset and activated.
114			*
115			* -- Start of the issuer DN: the secondary hash engine is started,
116			* to process the encoded issuer DN.
117			*
118			* -- End of the issuer DN: the secondary hash engine is stopped. The
119			* resulting hash value is computed and then copied into the
120			* next_dn_hash[] buffer.
121			*
122			* -- Start of the subject DN: the secondary hash engine is started,
123			* to process the encoded subject DN.
124			*
125			* -- For the EE certificate only: the Common Name, if any, is matched
126			* against the expected server name.
127			*
128			* -- End of the subject DN: the secondary hash engine is stopped. The
129			* resulting hash value is computed into the pad. It is then processed:
130			*
131			* -- If this is the EE certificate, then the hash is ignored
132			* (except for direct trust processing, see later; the hash is
133			* simply left in current_dn_hash[]).
134			*
135			* -- Otherwise, the hashed subject DN is compared with the saved
136			* hash value (in saved_dn_hash[]). They must match.
137			*
138			* Either way, the next_dn_hash[] value is then copied into the
139			* saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]
140			* contains the hash of the issuer DN for the current certificate,
141			* and current_dn_hash[] contains the hash of the subject DN for the
142			* current certificate.
143			*
144			* -- Public key: it is decoded into the cert_pkey[] buffer. Unknown
145			* key types are reported at that point.
146			*
147			* -- If this is the EE certificate, then the key type is compared
148			* with the expected key type (initialization parameter). The public
149			* key data is copied to ee_pkey_data[]. The key and hashed subject
150			* DN are also compared with the "direct trust" keys; if the key
151			* and DN are matched, then validation ends with a success.
152			*
153			* -- Otherwise, the saved signature (cert_sig[]) is verified
154			* against the saved TBS hash (tbs_hash[]) and that freshly
155			* decoded public key. Failure here ends validation with an error.
156			*
157			* -- Extensions: extension values are processed in due order.
158			*
159			* -- Basic Constraints: for all certificates except EE, must be
160			* present, indicate a CA, and have a path length compatible with
161			* the chain length so far.
162			*
163			* -- Key Usage: for the EE, if present, must allow signatures
164			* or encryption/key exchange, as required for the cipher suite.
165			* For non-EE, if present, must have the "certificate sign" bit.
166			*
167			* -- Subject Alt Name: for the EE, dNSName names are matched
168			* against the server name. Ignored for non-EE.
169			*
170			* -- Authority Key Identifier, Subject Key Identifier, Issuer
171			* Alt Name, Subject Directory Attributes, CRL Distribution Points
172			* Freshest CRL, Authority Info Access and Subject Info Access
173			* extensions are always ignored: they either contain only
174			* informative data, or they relate to revocation processing, which
175			* we explicitly do not support.
176			*
177			* -- All other extensions are ignored if non-critical. If a
178			* critical extension other than the ones above is encountered,
179			* then a failure is reported.
180			*
181			* -- End of the TBS: the multihash engine is stopped.
182			*
183			* -- Signature algorithm: the signature algorithm on the
184			* certificate is decoded. A failure is reported if that algorithm
185			* is unknown. The hashed TBS corresponding to the signature hash
186			* function is computed and stored in tbs_hash[] (if not supported,
187			* then a failure is reported). The hash OID and length are stored
188			* in cert_sig_hash_oid and cert_sig_hash_len.
189			*
190			* -- Signature value: the signature value is copied into the
191			* cert_sig[] array.
192			*
193			* -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is
194			* looked up in the trust store (CA trust anchors only); for all
195			* that match, the signature (cert_sig[]) is verified against the
196			* anchor public key (hashed TBS is in tbs_hash[]). If one of these
197			* signatures is valid, then validation ends with a success.
198			*
199			* -- If the chain end is reached without obtaining a validation success,
200			* then validation is reported as failed.
201			*/
202
203			#if BR_USE_UNIX_TIME
204			#include
205			#endif
206
207			#if BR_USE_WIN32_TIME
208			#include
209			#endif
210
211			/*
212			* The T0 compiler will produce these prototypes declarations in the
213			* header.
214			*
215			void br_x509_minimal_init_main(void *ctx);
216			void br_x509_minimal_run(void *ctx);
217			*/
218
219			/* see bearssl_x509.h */
220			void
221	1		br_x509_minimal_init(br_x509_minimal_context *ctx,
222			const br_hash_class *dn_hash_impl,
223			const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num)
224			{
225	1		memset(ctx, 0, sizeof *ctx);
226	1		ctx->vtable = &br_x509_minimal_vtable;
227	1		ctx->dn_hash_impl = dn_hash_impl;
228	1		ctx->trust_anchors = trust_anchors;
229	1		ctx->trust_anchors_num = trust_anchors_num;
230	1		}
231
232			static void
233	1		xm_start_chain(const br_x509_class *ctx, const char server_name)
234			{
235			br_x509_minimal_context *cc;
236			size_t u;
237
238	1		cc = (br_x509_minimal_context )(void )ctx;
239	1	50	for (u = 0; u < cc->num_name_elts; u ++) {
240	0		cc->name_elts[u].status = 0;
241	0		cc->name_elts[u].buf[0] = 0;
242			}
243	1		memset(&cc->pkey, 0, sizeof cc->pkey);
244	1		cc->num_certs = 0;
245	1		cc->err = 0;
246	1		cc->cpu.dp = cc->dp_stack;
247	1		cc->cpu.rp = cc->rp_stack;
248	1		br_x509_minimal_init_main(&cc->cpu);
249	1	50	if (server_name == NULL \|\| *server_name == 0) {
		50
250	0		cc->server_name = NULL;
251			} else {
252	1		cc->server_name = server_name;
253			}
254	1		}
255
256			static void
257	1		xm_start_cert(const br_x509_class **ctx, uint32_t length)
258			{
259			br_x509_minimal_context *cc;
260
261	1		cc = (br_x509_minimal_context )(void )ctx;
262	1	50	if (cc->err != 0) {
263	0		return;
264			}
265	1	50	if (length == 0) {
266	0		cc->err = BR_ERR_X509_TRUNCATED;
267	0		return;
268			}
269	1		cc->cert_length = length;
270			}
271
272			static void
273	4		xm_append(const br_x509_class *ctx, const unsigned char buf, size_t len)
274			{
275			br_x509_minimal_context *cc;
276
277	4		cc = (br_x509_minimal_context )(void )ctx;
278	4	100	if (cc->err != 0) {
279	1		return;
280			}
281	3		cc->hbuf = buf;
282	3		cc->hlen = len;
283	3		br_x509_minimal_run(&cc->cpu);
284			}
285
286			static void
287	1		xm_end_cert(const br_x509_class **ctx)
288			{
289			br_x509_minimal_context *cc;
290
291	1		cc = (br_x509_minimal_context )(void )ctx;
292	1	50	if (cc->err == 0 && cc->cert_length != 0) {
		0
293	0		cc->err = BR_ERR_X509_TRUNCATED;
294			}
295	1		cc->num_certs ++;
296	1		}
297
298			static unsigned
299	1		xm_end_chain(const br_x509_class **ctx)
300			{
301			br_x509_minimal_context *cc;
302
303	1		cc = (br_x509_minimal_context )(void )ctx;
304	1	50	if (cc->err == 0) {
305	0	0	if (cc->num_certs == 0) {
306	0		cc->err = BR_ERR_X509_EMPTY_CHAIN;
307			} else {
308	0		cc->err = BR_ERR_X509_NOT_TRUSTED;
309			}
310	1	50	} else if (cc->err == BR_ERR_X509_OK) {
311	1		return 0;
312			}
313	0		return (unsigned)cc->err;
314			}
315
316			static const br_x509_pkey *
317	3		xm_get_pkey(const br_x509_class const ctx, unsigned *usages)
318			{
319			br_x509_minimal_context *cc;
320
321	3		cc = (br_x509_minimal_context )(void )ctx;
322	3	50	if (cc->err == BR_ERR_X509_OK
323	0	0	\|\| cc->err == BR_ERR_X509_NOT_TRUSTED)
324			{
325	3	100	if (usages != NULL) {
326	1		*usages = cc->key_usages;
327			}
328	3		return &((br_x509_minimal_context )(void )ctx)->pkey;
329			} else {
330	0		return NULL;
331			}
332			}
333
334			/* see bearssl_x509.h */
335			const br_x509_class br_x509_minimal_vtable = {
336			sizeof(br_x509_minimal_context),
337			xm_start_chain,
338			xm_start_cert,
339			xm_append,
340			xm_end_cert,
341			xm_end_chain,
342			xm_get_pkey
343			};
344
345			#define CTX ((br_x509_minimal_context )(void )((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))
346			#define CONTEXT_NAME br_x509_minimal_context
347
348			#define DNHASH_LEN ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)
349
350			/*
351			* Hash a DN (from a trust anchor) into the provided buffer. This uses the
352			* DN hash implementation and context structure from the X.509 engine
353			* context.
354			*/
355			static void
356	1		hash_dn(br_x509_minimal_context ctx, const void dn, size_t len,
357			unsigned char *out)
358			{
359	1		ctx->dn_hash_impl->init(&ctx->dn_hash.vtable);
360	1		ctx->dn_hash_impl->update(&ctx->dn_hash.vtable, dn, len);
361	1		ctx->dn_hash_impl->out(&ctx->dn_hash.vtable, out);
362	1		}
363
364			/*
365			* Compare two big integers for equality. The integers use unsigned big-endian
366			* encoding; extra leading bytes (of value 0) are allowed.
367			*/
368			static int
369	2		eqbigint(const unsigned char *b1, size_t len1,
370			const unsigned char *b2, size_t len2)
371			{
372	2	50	while (len1 > 0 && *b1 == 0) {
		50
373	0		b1 ++;
374	0		len1 --;
375			}
376	2	50	while (len2 > 0 && *b2 == 0) {
		50
377	0		b2 ++;
378	0		len2 --;
379			}
380	2	50	if (len1 != len2) {
381	0		return 0;
382			}
383	2		return memcmp(b1, b2, len1) == 0;
384			}
385
386			/*
387			* Compare two strings for equality, in a case-insensitive way. This
388			* function handles casing only for ASCII letters.
389			*/
390			static int
391	1		eqnocase(const void s1, const void s2, size_t len)
392			{
393			const unsigned char buf1, buf2;
394
395	1		buf1 = s1;
396	1		buf2 = s2;
397	7	100	while (len -- > 0) {
398			int x1, x2;
399
400	6		x1 = *buf1 ++;
401	6		x2 = *buf2 ++;
402	6	50	if (x1 >= 'A' && x1 <= 'Z') {
		50
403	0		x1 += 'a' - 'A';
404			}
405	6	50	if (x2 >= 'A' && x2 <= 'Z') {
		50
406	0		x2 += 'a' - 'A';
407			}
408	6	50	if (x1 != x2) {
409	0		return 0;
410			}
411			}
412	1		return 1;
413			}
414
415			static int verify_signature(br_x509_minimal_context *ctx,
416			const br_x509_pkey *pk);
417
418
419
420			static const unsigned char t0_datablock[] = {
421			0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,
422			0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,
423			0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,
424			0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
425			0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
426			0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,
427			0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
428			0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
429			0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,
430			0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,
431			0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,
432			0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,
433			0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,
434			0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
435			0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,
436			0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E,
437			0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F,
438			0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E,
439			0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F,
440			0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F,
441			0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x20, 0x08, 0x2B, 0x06, 0x01,
442			0x05, 0x05, 0x07, 0x02, 0x01, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D,
443			0x0E, 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D,
444			0x1F, 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
445			0x01, 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B
446			};
447
448			static const unsigned char t0_codeblock[] = {
449			0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01,
450			0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A,
451			0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
452			T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01,
453			T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01,
454			T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01,
455			T0_INT1(BR_ERR_X509_BAD_TAG_CLASS), 0x00, 0x00, 0x01,
456			T0_INT1(BR_ERR_X509_BAD_TAG_VALUE), 0x00, 0x00, 0x01,
457			T0_INT1(BR_ERR_X509_BAD_TIME), 0x00, 0x00, 0x01,
458			T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION), 0x00, 0x00, 0x01,
459			T0_INT1(BR_ERR_X509_DN_MISMATCH), 0x00, 0x00, 0x01,
460			T0_INT1(BR_ERR_X509_EXPIRED), 0x00, 0x00, 0x01,
461			T0_INT1(BR_ERR_X509_EXTRA_ELEMENT), 0x00, 0x00, 0x01,
462			T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE), 0x00, 0x00, 0x01,
463			T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH), 0x00, 0x00, 0x01,
464			T0_INT1(BR_ERR_X509_INNER_TRUNC), 0x00, 0x00, 0x01,
465			T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
466			T0_INT1(BR_ERR_X509_NOT_CA), 0x00, 0x00, 0x01,
467			T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED), 0x00, 0x00, 0x01,
468			T0_INT1(BR_ERR_X509_NOT_PRIMITIVE), 0x00, 0x00, 0x01,
469			T0_INT1(BR_ERR_X509_OVERFLOW), 0x00, 0x00, 0x01,
470			T0_INT1(BR_ERR_X509_PARTIAL_BYTE), 0x00, 0x00, 0x01,
471			T0_INT1(BR_ERR_X509_UNEXPECTED), 0x00, 0x00, 0x01,
472			T0_INT1(BR_ERR_X509_UNSUPPORTED), 0x00, 0x00, 0x01,
473			T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY), 0x00, 0x00, 0x01,
474			T0_INT1(BR_KEYTYPE_EC), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA),
475			0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_length)), 0x00,
476			0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig)), 0x00, 0x00,
477			0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_len)), 0x00, 0x00,
478			0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_oid)), 0x00, 0x00,
479			0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_len)), 0x00, 0x00, 0x01,
480			T0_INT2(offsetof(CONTEXT_NAME, cert_signer_key_type)), 0x00, 0x00,
481			0x01, T0_INT2(offsetof(CONTEXT_NAME, current_dn_hash)), 0x00, 0x00,
482			0x01, T0_INT2(offsetof(CONTEXT_NAME, key_usages)), 0x00, 0x00, 0x01,
483			T0_INT2(offsetof(br_x509_minimal_context, pkey_data)), 0x01,
484			T0_INT2(BR_X509_BUFSIZE_KEY), 0x00, 0x00, 0x01,
485			T0_INT2(offsetof(CONTEXT_NAME, min_rsa_size)), 0x00, 0x00, 0x01,
486			T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01,
487			T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01,
488			T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01,
489			T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0x01, 0x80,
490			0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00, 0x01, 0x81, 0x02, 0x00,
491			0x00, 0x8F, 0x05, 0x05, 0x33, 0x41, 0x01, 0x00, 0x00, 0x33, 0x01, 0x0A,
492			0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x82,
493			0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00, 0x01, 0x81, 0x68, 0x00,
494			0x02, 0x03, 0x00, 0x03, 0x01, 0x26, 0x02, 0x01, 0x13, 0x3A, 0x02, 0x00,
495			0x0F, 0x15, 0x00, 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x51,
496			0x29, 0x00, 0x00, 0x06, 0x02, 0x52, 0x29, 0x00, 0x00, 0x01, 0x10, 0x74,
497			0x00, 0x00, 0x11, 0x05, 0x02, 0x55, 0x29, 0x71, 0x00, 0x00, 0x11, 0x05,
498			0x02, 0x55, 0x29, 0x72, 0x00, 0x00, 0x06, 0x02, 0x4B, 0x29, 0x00, 0x00,
499			0x01, 0x82, 0x11, 0x00, 0x00, 0x26, 0x21, 0x01, 0x08, 0x0E, 0x3A, 0x3F,
500			0x21, 0x09, 0x00, 0x0B, 0x03, 0x00, 0x5A, 0x2B, 0xAC, 0x38, 0xAC, 0xB0,
501			0x26, 0x01, 0x20, 0x11, 0x06, 0x11, 0x25, 0x71, 0xAA, 0xB0, 0x01, 0x02,
502			0x75, 0xAD, 0x01, 0x02, 0x12, 0x06, 0x02, 0x56, 0x29, 0x76, 0xB0, 0x01,
503			0x02, 0x75, 0xAB, 0xAC, 0xBF, 0x99, 0x64, 0x60, 0x22, 0x16, 0xAC, 0xA4,
504			0x03, 0x01, 0x03, 0x02, 0xA4, 0x02, 0x02, 0x02, 0x01, 0x19, 0x06, 0x02,
505			0x4A, 0x29, 0x76, 0x02, 0x00, 0x06, 0x05, 0x9A, 0x03, 0x03, 0x04, 0x09,
506			0x99, 0x60, 0x67, 0x22, 0x28, 0x05, 0x02, 0x49, 0x29, 0x67, 0x64, 0x22,
507			0x16, 0xAC, 0xAC, 0x9B, 0x05, 0x02, 0x56, 0x29, 0xB9, 0x27, 0x06, 0x27,
508			0xBF, 0xA1, 0xAC, 0x62, 0xA7, 0x03, 0x05, 0x62, 0x3A, 0x02, 0x05, 0x09,
509			0x3A, 0x02, 0x05, 0x0A, 0xA7, 0x03, 0x06, 0x76, 0x63, 0x2A, 0x01, 0x81,
510			0x00, 0x09, 0x02, 0x05, 0x12, 0x06, 0x02, 0x57, 0x29, 0x76, 0x59, 0x03,
511			0x04, 0x04, 0x3A, 0x85, 0x27, 0x06, 0x34, 0x9B, 0x05, 0x02, 0x56, 0x29,
512			0x68, 0x27, 0x06, 0x04, 0x01, 0x17, 0x04, 0x12, 0x69, 0x27, 0x06, 0x04,
513			0x01, 0x18, 0x04, 0x0A, 0x6A, 0x27, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02,
514			0x56, 0x29, 0x03, 0x07, 0x76, 0xA1, 0x26, 0x03, 0x08, 0x26, 0x62, 0x33,
515			0x0D, 0x06, 0x02, 0x4F, 0x29, 0xA2, 0x58, 0x03, 0x04, 0x04, 0x02, 0x56,
516			0x29, 0x76, 0x02, 0x00, 0x06, 0x21, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06,
517			0x08, 0x25, 0x02, 0x05, 0x02, 0x06, 0x1E, 0x04, 0x10, 0x58, 0x30, 0x11,
518			0x06, 0x08, 0x25, 0x02, 0x07, 0x02, 0x08, 0x1D, 0x04, 0x03, 0x56, 0x29,
519			0x25, 0x04, 0x24, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06, 0x08, 0x25, 0x02,
520			0x05, 0x02, 0x06, 0x24, 0x04, 0x10, 0x58, 0x30, 0x11, 0x06, 0x08, 0x25,
521			0x02, 0x07, 0x02, 0x08, 0x23, 0x04, 0x03, 0x56, 0x29, 0x25, 0x26, 0x06,
522			0x01, 0x29, 0x25, 0x01, 0x00, 0x03, 0x09, 0xB1, 0x01, 0x21, 0x8C, 0x01,
523			0x22, 0x8C, 0x26, 0x01, 0x23, 0x11, 0x06, 0x81, 0x26, 0x25, 0x71, 0xAA,
524			0xAC, 0x26, 0x06, 0x81, 0x1A, 0x01, 0x00, 0x03, 0x0A, 0xAC, 0x9B, 0x25,
525			0xB0, 0x26, 0x01, 0x01, 0x11, 0x06, 0x04, 0xA3, 0x03, 0x0A, 0xB0, 0x01,
526			0x04, 0x75, 0xAA, 0x6E, 0x27, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC0,
527			0x04, 0x05, 0x96, 0x01, 0x7F, 0x03, 0x09, 0x04, 0x80, 0x6C, 0x8E, 0x27,
528			0x06, 0x06, 0x02, 0x00, 0x98, 0x04, 0x80, 0x62, 0xC2, 0x27, 0x06, 0x11,
529			0x02, 0x00, 0x06, 0x09, 0x01, 0x00, 0x03, 0x03, 0x95, 0x03, 0x03, 0x04,
530			0x01, 0xC0, 0x04, 0x80, 0x4D, 0x70, 0x27, 0x06, 0x0A, 0x02, 0x0A, 0x06,
531			0x03, 0x97, 0x04, 0x01, 0xC0, 0x04, 0x3F, 0x6D, 0x27, 0x06, 0x03, 0xC0,
532			0x04, 0x38, 0xC5, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x31, 0x8D, 0x27, 0x06,
533			0x03, 0xC0, 0x04, 0x2A, 0xC3, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x23, 0x77,
534			0x27, 0x06, 0x03, 0xC0, 0x04, 0x1C, 0x82, 0x27, 0x06, 0x03, 0xC0, 0x04,
535			0x15, 0x6C, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x0E, 0xC4, 0x27, 0x06, 0x03,
536			0xC0, 0x04, 0x07, 0x02, 0x0A, 0x06, 0x02, 0x48, 0x29, 0xC0, 0x76, 0x76,
537			0x04, 0xFE, 0x62, 0x76, 0x76, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02,
538			0x55, 0x29, 0x25, 0x76, 0x39, 0x02, 0x00, 0x06, 0x08, 0x02, 0x03, 0x3B,
539			0x2F, 0x05, 0x02, 0x44, 0x29, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00,
540			0x02, 0x09, 0x2F, 0x05, 0x02, 0x50, 0x29, 0xB0, 0x73, 0xAA, 0x9B, 0x06,
541			0x80, 0x77, 0xBA, 0x27, 0x06, 0x07, 0x01, 0x02, 0x59, 0x87, 0x04, 0x80,
542			0x5E, 0xBB, 0x27, 0x06, 0x07, 0x01, 0x03, 0x59, 0x88, 0x04, 0x80, 0x53,
543			0xBC, 0x27, 0x06, 0x07, 0x01, 0x04, 0x59, 0x89, 0x04, 0x80, 0x48, 0xBD,
544			0x27, 0x06, 0x06, 0x01, 0x05, 0x59, 0x8A, 0x04, 0x3E, 0xBE, 0x27, 0x06,
545			0x06, 0x01, 0x06, 0x59, 0x8B, 0x04, 0x34, 0x7C, 0x27, 0x06, 0x06, 0x01,
546			0x02, 0x58, 0x87, 0x04, 0x2A, 0x7D, 0x27, 0x06, 0x06, 0x01, 0x03, 0x58,
547			0x88, 0x04, 0x20, 0x7E, 0x27, 0x06, 0x06, 0x01, 0x04, 0x58, 0x89, 0x04,
548			0x16, 0x7F, 0x27, 0x06, 0x06, 0x01, 0x05, 0x58, 0x8A, 0x04, 0x0C, 0x80,
549			0x27, 0x06, 0x06, 0x01, 0x06, 0x58, 0x8B, 0x04, 0x02, 0x56, 0x29, 0x5D,
550			0x34, 0x5F, 0x36, 0x1C, 0x26, 0x05, 0x02, 0x56, 0x29, 0x5C, 0x36, 0x04,
551			0x02, 0x56, 0x29, 0xBF, 0xA1, 0x26, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG),
552			0x12, 0x06, 0x02, 0x4F, 0x29, 0x26, 0x5E, 0x34, 0x5B, 0xA2, 0x76, 0x76,
553			0x01, 0x00, 0x5A, 0x35, 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x26, 0x01,
554			0x00, 0x01, 0x09, 0x6F, 0x05, 0x02, 0x47, 0x29, 0x00, 0x00, 0x30, 0x30,
555			0x00, 0x00, 0x01, 0x81, 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00,
556			0x01, 0x81, 0x19, 0x00, 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81,
557			0x2B, 0x00, 0x01, 0x7B, 0x01, 0x01, 0x11, 0x3A, 0x01, 0x83, 0xFD, 0x7F,
558			0x11, 0x15, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x3A, 0x26, 0x03, 0x00, 0x26,
559			0xC6, 0x05, 0x04, 0x41, 0x01, 0x00, 0x00, 0x26, 0x01, 0x81, 0x00, 0x0D,
560			0x06, 0x04, 0x93, 0x04, 0x80, 0x49, 0x26, 0x01, 0x90, 0x00, 0x0D, 0x06,
561			0x0F, 0x01, 0x06, 0x14, 0x01, 0x81, 0x40, 0x2F, 0x93, 0x02, 0x00, 0x01,
562			0x00, 0x94, 0x04, 0x33, 0x26, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14,
563			0x01, 0x0C, 0x14, 0x01, 0x81, 0x60, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x06,
564			0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01,
565			0x81, 0x70, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x0C, 0x94, 0x02, 0x00, 0x01,
566			0x06, 0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x00, 0x00, 0x01, 0x82, 0x15,
567			0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x6F,
568			0x00, 0x00, 0x01, 0x81, 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00,
569			0x01, 0x81, 0x78, 0x00, 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43,
570			0x00, 0x00, 0x01, 0x80, 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00,
571			0x01, 0x80, 0x61, 0x00, 0x00, 0x30, 0x11, 0x06, 0x04, 0x41, 0xAA, 0xBF,
572			0xB1, 0x00, 0x00, 0x01, 0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00,
573			0x00, 0x26, 0x01, 0x83, 0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x6F, 0x00,
574			0x00, 0x01, 0x30, 0x61, 0x36, 0x01, 0x7F, 0x79, 0x1A, 0x01, 0x00, 0x79,
575			0x1A, 0x04, 0x7A, 0x00, 0x01, 0x81, 0x38, 0x00, 0x01, 0x7B, 0x0D, 0x06,
576			0x02, 0x4E, 0x29, 0x26, 0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30,
577			0x26, 0x3E, 0x3A, 0x01, 0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x41, 0x01,
578			0x00, 0x00, 0x30, 0x66, 0x09, 0x36, 0x3F, 0x00, 0x00, 0x14, 0x01, 0x3F,
579			0x15, 0x01, 0x81, 0x00, 0x2F, 0x93, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00,
580			0xAC, 0x26, 0x06, 0x80, 0x59, 0xB0, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17,
581			0x25, 0x71, 0xAA, 0x9B, 0x25, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB0, 0x01,
582			0x20, 0x74, 0xAA, 0xAF, 0x02, 0x01, 0x20, 0x76, 0x76, 0x04, 0x38, 0x01,
583			0x21, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x01, 0x1F, 0x04,
584			0x2A, 0x01, 0x22, 0x30, 0x11, 0x06, 0x11, 0x25, 0x72, 0xB3, 0x26, 0x06,
585			0x06, 0x2C, 0x02, 0x00, 0x2F, 0x03, 0x00, 0x01, 0x02, 0x1F, 0x04, 0x13,
586			0x01, 0x26, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x06, 0x1F,
587			0x04, 0x05, 0x41, 0xAB, 0x01, 0x00, 0x25, 0x04, 0xFF, 0x23, 0x76, 0x02,
588			0x00, 0x00, 0x00, 0xAC, 0xB1, 0x26, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA3,
589			0x05, 0x02, 0x50, 0x29, 0xB1, 0x04, 0x02, 0x50, 0x29, 0x26, 0x01, 0x02,
590			0x11, 0x06, 0x0C, 0x25, 0x72, 0xAD, 0x65, 0x2B, 0x40, 0x0D, 0x06, 0x02,
591			0x50, 0x29, 0xB1, 0x01, 0x7F, 0x10, 0x06, 0x02, 0x55, 0x29, 0x25, 0x76,
592			0x00, 0x00, 0xAC, 0x26, 0x06, 0x1A, 0xAC, 0x9B, 0x25, 0x26, 0x06, 0x11,
593			0xAC, 0x26, 0x06, 0x0C, 0xAC, 0x9B, 0x25, 0x86, 0x27, 0x05, 0x02, 0x48,
594			0x29, 0xBF, 0x04, 0x71, 0x76, 0x76, 0x04, 0x63, 0x76, 0x00, 0x02, 0x03,
595			0x00, 0xB0, 0x01, 0x03, 0x75, 0xAA, 0xB7, 0x03, 0x01, 0x02, 0x01, 0x01,
596			0x07, 0x12, 0x06, 0x02, 0x55, 0x29, 0x26, 0x01, 0x00, 0x30, 0x11, 0x06,
597			0x05, 0x25, 0x4C, 0x29, 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A,
598			0x25, 0xB7, 0x02, 0x01, 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x25, 0xB7,
599			0x01, 0x00, 0x25, 0x02, 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38,
600			0x15, 0x06, 0x03, 0x01, 0x10, 0x2F, 0x3A, 0x01, 0x81, 0x40, 0x15, 0x06,
601			0x03, 0x01, 0x20, 0x2F, 0x61, 0x36, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05,
602			0x02, 0x4C, 0x29, 0xBF, 0x00, 0x00, 0x37, 0xAC, 0xBF, 0x1B, 0x00, 0x03,
603			0x01, 0x00, 0x03, 0x00, 0x37, 0xAC, 0x26, 0x06, 0x30, 0xB0, 0x01, 0x11,
604			0x74, 0xAA, 0x26, 0x05, 0x02, 0x43, 0x29, 0x26, 0x06, 0x20, 0xAC, 0x9B,
605			0x25, 0x84, 0x27, 0x03, 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xAF, 0x26,
606			0x02, 0x01, 0x15, 0x06, 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00,
607			0x02, 0x02, 0x20, 0x76, 0x04, 0x5D, 0x76, 0x04, 0x4D, 0x76, 0x1B, 0x02,
608			0x00, 0x00, 0x00, 0xB0, 0x01, 0x06, 0x75, 0xAE, 0x00, 0x00, 0xB5, 0x83,
609			0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00,
610			0xB5, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25, 0x01, 0x00, 0x04, 0x00,
611			0x00, 0x00, 0xB6, 0x83, 0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01,
612			0x00, 0x01, 0x00, 0x00, 0xB6, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25,
613			0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D,
614			0x06, 0x04, 0x00, 0x04, 0x80, 0x55, 0x26, 0x01, 0x81, 0x40, 0x0D, 0x06,
615			0x07, 0x25, 0x01, 0x00, 0x00, 0x04, 0x80, 0x47, 0x26, 0x01, 0x81, 0x60,
616			0x0D, 0x06, 0x0E, 0x01, 0x1F, 0x15, 0x01, 0x01, 0xA0, 0x01, 0x81, 0x00,
617			0x01, 0x8F, 0x7F, 0x04, 0x32, 0x26, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F,
618			0x01, 0x0F, 0x15, 0x01, 0x02, 0xA0, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF,
619			0x7F, 0x04, 0x1C, 0x26, 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07,
620			0x15, 0x01, 0x03, 0xA0, 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF,
621			0x7F, 0x04, 0x04, 0x25, 0x01, 0x00, 0x00, 0x6F, 0x05, 0x03, 0x25, 0x01,
622			0x00, 0x00, 0x00, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x7F,
623			0x00, 0xB7, 0x33, 0x26, 0x3C, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x01, 0x06,
624			0x0E, 0x3A, 0x26, 0x01, 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x41,
625			0x01, 0x7F, 0x00, 0x01, 0x3F, 0x15, 0x09, 0x00, 0x00, 0x26, 0x06, 0x06,
626			0x0B, 0x9F, 0x33, 0x40, 0x04, 0x77, 0x25, 0x26, 0x00, 0x00, 0xB0, 0x01,
627			0x03, 0x75, 0xAA, 0xB7, 0x06, 0x02, 0x54, 0x29, 0x00, 0x00, 0x3A, 0x26,
628			0x06, 0x07, 0x31, 0x26, 0x06, 0x01, 0x1A, 0x04, 0x76, 0x41, 0x00, 0x00,
629			0x01, 0x01, 0x75, 0xA9, 0x01, 0x01, 0x10, 0x06, 0x02, 0x42, 0x29, 0xB7,
630			0x3D, 0x00, 0x04, 0xB0, 0x26, 0x01, 0x17, 0x01, 0x18, 0x6F, 0x05, 0x02,
631			0x47, 0x29, 0x01, 0x18, 0x11, 0x03, 0x00, 0x72, 0xAA, 0xA5, 0x02, 0x00,
632			0x06, 0x0C, 0x01, 0x80, 0x64, 0x08, 0x03, 0x01, 0xA5, 0x02, 0x01, 0x09,
633			0x04, 0x0E, 0x26, 0x01, 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09,
634			0x01, 0x8E, 0x6C, 0x09, 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08,
635			0x02, 0x01, 0x01, 0x03, 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01,
636			0x80, 0x63, 0x09, 0x01, 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83,
637			0x0F, 0x09, 0x01, 0x83, 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01,
638			0x0C, 0xA6, 0x40, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3E,
639			0x02, 0x01, 0x01, 0x80, 0x64, 0x07, 0x3D, 0x02, 0x01, 0x01, 0x83, 0x10,
640			0x07, 0x3E, 0x2F, 0x15, 0x06, 0x03, 0x01, 0x18, 0x09, 0x91, 0x09, 0x78,
641			0x26, 0x01, 0x05, 0x14, 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15,
642			0x01, 0x01, 0x3A, 0xA6, 0x02, 0x03, 0x09, 0x40, 0x03, 0x03, 0x01, 0x00,
643			0x01, 0x17, 0xA6, 0x01, 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01,
644			0x3B, 0xA6, 0x01, 0x3C, 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00,
645			0x01, 0x3C, 0xA6, 0x02, 0x02, 0x09, 0x03, 0x02, 0xB7, 0x26, 0x01, 0x2E,
646			0x11, 0x06, 0x0D, 0x25, 0xB7, 0x26, 0x01, 0x30, 0x01, 0x39, 0x6F, 0x06,
647			0x03, 0x25, 0x04, 0x74, 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x47, 0x29,
648			0x76, 0x02, 0x03, 0x02, 0x02, 0x00, 0x01, 0xB7, 0x7A, 0x01, 0x0A, 0x08,
649			0x03, 0x00, 0xB7, 0x7A, 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03,
650			0x01, 0xA5, 0x26, 0x02, 0x01, 0x02, 0x00, 0x6F, 0x05, 0x02, 0x47, 0x29,
651			0x00, 0x00, 0x33, 0xB0, 0x01, 0x02, 0x75, 0x0B, 0xA8, 0x00, 0x03, 0x26,
652			0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0xAA, 0xB7, 0x26, 0x01, 0x81, 0x00,
653			0x13, 0x06, 0x02, 0x53, 0x29, 0x26, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x25,
654			0x26, 0x05, 0x04, 0x25, 0x01, 0x00, 0x00, 0xB7, 0x04, 0x6F, 0x02, 0x01,
655			0x26, 0x05, 0x02, 0x4F, 0x29, 0x40, 0x03, 0x01, 0x02, 0x02, 0x36, 0x02,
656			0x02, 0x3F, 0x03, 0x02, 0x26, 0x06, 0x03, 0xB7, 0x04, 0x68, 0x25, 0x02,
657			0x00, 0x02, 0x01, 0x0A, 0x00, 0x01, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D,
658			0x06, 0x01, 0x00, 0x01, 0x81, 0x00, 0x0A, 0x26, 0x05, 0x02, 0x4D, 0x29,
659			0x03, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02,
660			0x00, 0x40, 0x03, 0x00, 0x26, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06,
661			0x02, 0x4E, 0x29, 0x01, 0x08, 0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x04, 0x60,
662			0x00, 0x00, 0xA9, 0x92, 0x00, 0x00, 0xAA, 0xBF, 0x00, 0x00, 0xB0, 0x73,
663			0xAA, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x02, 0x53, 0x29, 0xB7, 0x26, 0x01,
664			0x81, 0x00, 0x13, 0x06, 0x02, 0x53, 0x29, 0x03, 0x00, 0x26, 0x06, 0x16,
665			0xB7, 0x02, 0x00, 0x26, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02,
666			0x53, 0x29, 0x01, 0x08, 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x25, 0x02,
667			0x00, 0x00, 0x00, 0xAA, 0x26, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xBF,
668			0x01, 0x00, 0x66, 0x36, 0x01, 0x00, 0x00, 0x26, 0x66, 0x36, 0x66, 0x3F,
669			0xA2, 0x01, 0x7F, 0x00, 0x00, 0xB0, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05,
670			0x25, 0x72, 0xB3, 0x04, 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x25,
671			0x72, 0xB4, 0x04, 0x33, 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72,
672			0xB4, 0x04, 0x28, 0x01, 0x14, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4,
673			0x04, 0x1D, 0x01, 0x16, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4, 0x04,
674			0x12, 0x01, 0x1E, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB2, 0x04, 0x07,
675			0x41, 0xAB, 0x01, 0x00, 0x01, 0x00, 0x25, 0x00, 0x01, 0xB7, 0x03, 0x00,
676			0x02, 0x00, 0x01, 0x05, 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01,
677			0x06, 0x14, 0x26, 0x01, 0x01, 0x15, 0x06, 0x02, 0x45, 0x29, 0x01, 0x04,
678			0x0E, 0x02, 0x00, 0x01, 0x1F, 0x15, 0x26, 0x01, 0x1F, 0x11, 0x06, 0x02,
679			0x46, 0x29, 0x09, 0x00, 0x00, 0x26, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F,
680			0x00, 0xB0, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x05, 0x66, 0x36, 0x01, 0x7F,
681			0x00, 0x01, 0x01, 0x03, 0x00, 0x9C, 0x26, 0x01, 0x83, 0xFF, 0x7E, 0x11,
682			0x06, 0x16, 0x25, 0x26, 0x06, 0x10, 0x9D, 0x26, 0x05, 0x05, 0x25, 0xBF,
683			0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B,
684			0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03,
685			0x00, 0x26, 0x06, 0x0B, 0x9C, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00,
686			0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00, 0x40, 0x66,
687			0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00, 0x26, 0x06,
688			0x10, 0x9E, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00,
689			0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00,
690			0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00,
691			0x26, 0x06, 0x10, 0xB7, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00,
692			0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05,
693			0x01, 0x00, 0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x00, 0xB7, 0x01, 0x08,
694			0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x00, 0x00, 0xB7, 0x3A, 0xB7, 0x01, 0x08,
695			0x0E, 0x33, 0x09, 0x00, 0x00, 0x26, 0x05, 0x02, 0x4E, 0x29, 0x40, 0xB8,
696			0x00, 0x00, 0x32, 0x26, 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x25, 0x1A,
697			0x04, 0x74, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01,
698			0x15, 0x00, 0x00, 0x01, 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01,
699			0x33, 0x00, 0x00, 0xC0, 0x25, 0x00, 0x00, 0x26, 0x06, 0x07, 0xC1, 0x26,
700			0x06, 0x01, 0x1A, 0x04, 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B,
701			0x41, 0x00, 0x00, 0x01, 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00,
702			0x00, 0x01, 0x82, 0x22, 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x26,
703			0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFB, 0x6F, 0x6F, 0x06, 0x04, 0x25,
704			0x01, 0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xBF, 0x7F,
705			0x6F, 0x06, 0x04, 0x25, 0x01, 0x00, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x15,
706			0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00
707			};
708
709			static const uint16_t t0_caddr[] = {
710			0,
711			5,
712			10,
713			15,
714			20,
715			25,
716			29,
717			33,
718			37,
719			41,
720			45,
721			49,
722			53,
723			57,
724			61,
725			65,
726			69,
727			73,
728			77,
729			81,
730			85,
731			89,
732			93,
733			97,
734			101,
735			105,
736			109,
737			113,
738			117,
739			121,
740			125,
741			130,
742			135,
743			140,
744			145,
745			150,
746			155,
747			160,
748			165,
749			173,
750			178,
751			183,
752			188,
753			193,
754			198,
755			203,
756			208,
757			213,
758			234,
759			239,
760			244,
761			249,
762			264,
763			269,
764			275,
765			281,
766			286,
767			294,
768			302,
769			308,
770			313,
771			324,
772			960,
773			975,
774			979,
775			984,
776			989,
777			994,
778			999,
779			1004,
780			1118,
781			1123,
782			1135,
783			1140,
784			1145,
785			1150,
786			1154,
787			1159,
788			1164,
789			1169,
790			1174,
791			1184,
792			1189,
793			1194,
794			1206,
795			1221,
796			1226,
797			1240,
798			1262,
799			1273,
800			1376,
801			1423,
802			1456,
803			1547,
804			1553,
805			1616,
806			1623,
807			1651,
808			1679,
809			1784,
810			1826,
811			1839,
812			1851,
813			1865,
814			1880,
815			2100,
816			2114,
817			2131,
818			2140,
819			2207,
820			2263,
821			2267,
822			2271,
823			2276,
824			2324,
825			2350,
826			2426,
827			2470,
828			2481,
829			2566,
830			2604,
831			2642,
832			2652,
833			2662,
834			2671,
835			2684,
836			2688,
837			2692,
838			2696,
839			2700,
840			2704,
841			2708,
842			2712,
843			2724,
844			2732,
845			2737,
846			2742,
847			2747,
848			2752
849			};
850
851			#define T0_INTERPRETED 60
852
853			#define T0_ENTER(ip, rp, slot) do { \
854			const unsigned char *t0_newip; \
855			uint32_t t0_lnum; \
856			t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
857			t0_lnum = t0_parse7E_unsigned(&t0_newip); \
858			(rp) += t0_lnum; \
859			*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
860			(ip) = t0_newip; \
861			} while (0)
862
863			#define T0_DEFENTRY(name, slot) \
864			void \
865			name(void *ctx) \
866			{ \
867			t0_context *t0ctx = ctx; \
868			t0ctx->ip = &t0_codeblock[0]; \
869			T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
870			}
871
872	1		T0_DEFENTRY(br_x509_minimal_init_main, 144)
873
874			#define T0_NEXT(t0ipp) (((t0ipp)) ++)
875
876			void
877	3		br_x509_minimal_run(void *t0ctx)
878			{
879			uint32_t dp, rp;
880			const unsigned char *ip;
881
882			#define T0_LOCAL(x) (*(rp - 2 - (x)))
883			#define T0_POP() (*-- dp)
884			#define T0_POPi() ((int32_t )(-- dp))
885			#define T0_PEEK(x) (*(dp - 1 - (x)))
886			#define T0_PEEKi(x) ((int32_t )(dp - 1 - (x)))
887			#define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
888			#define T0_PUSHi(v) do { (int32_t )dp = (v); dp ++; } while (0)
889			#define T0_RPOP() (*-- rp)
890			#define T0_RPOPi() ((int32_t )(-- rp))
891			#define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
892			#define T0_RPUSHi(v) do { (int32_t )rp = (v); rp ++; } while (0)
893			#define T0_ROLL(x) do { \
894			size_t t0len = (size_t)(x); \
895			uint32_t t0tmp = *(dp - 1 - t0len); \
896			memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
897			*(dp - 1) = t0tmp; \
898			} while (0)
899			#define T0_SWAP() do { \
900			uint32_t t0tmp = *(dp - 2); \
901			(dp - 2) = (dp - 1); \
902			*(dp - 1) = t0tmp; \
903			} while (0)
904			#define T0_ROT() do { \
905			uint32_t t0tmp = *(dp - 3); \
906			(dp - 3) = (dp - 2); \
907			(dp - 2) = (dp - 1); \
908			*(dp - 1) = t0tmp; \
909			} while (0)
910			#define T0_NROT() do { \
911			uint32_t t0tmp = *(dp - 1); \
912			(dp - 1) = (dp - 2); \
913			(dp - 2) = (dp - 3); \
914			*(dp - 3) = t0tmp; \
915			} while (0)
916			#define T0_PICK(x) do { \
917			uint32_t t0depth = (x); \
918			T0_PUSH(T0_PEEK(t0depth)); \
919			} while (0)
920			#define T0_CO() do { \
921			goto t0_exit; \
922			} while (0)
923			#define T0_RET() goto t0_next
924
925	3		dp = ((t0_context *)t0ctx)->dp;
926	3		rp = ((t0_context *)t0ctx)->rp;
927	3		ip = ((t0_context *)t0ctx)->ip;
928	3		goto t0_next;
929	19519		for (;;) {
930			uint32_t t0x;
931
932	19520		t0_next:
933	19523		t0x = T0_NEXT(&ip);
934	19523	100	if (t0x < T0_INTERPRETED) {
935	16787		switch (t0x) {
936			int32_t t0off;
937
938	2735		case 0: /* ret */
939	2735		t0x = T0_RPOP();
940	2735		rp -= (t0x >> 16);
941	2735		t0x &= 0xFFFF;
942	2735	50	if (t0x == 0) {
943	0		ip = NULL;
944	0		goto t0_exit;
945			}
946	2735		ip = &t0_codeblock[t0x];
947	2735		break;
948	2623		case 1: /* literal constant */
949	2623		T0_PUSHi(t0_parse7E_signed(&ip));
950	2623		break;
951	1336		case 2: /* read local */
952	1336		T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
953	1336		break;
954	1016		case 3: /* write local */
955	1016		T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
956	1016		break;
957	386		case 4: /* jump */
958	386		t0off = t0_parse7E_signed(&ip);
959	386		ip += t0off;
960	386		break;
961	870		case 5: /* jump if */
962	870		t0off = t0_parse7E_signed(&ip);
963	870	50	if (T0_POP()) {
964	870		ip += t0off;
965			}
966	870		break;
967	1305		case 6: /* jump if not */
968	1305		t0off = t0_parse7E_signed(&ip);
969	1305	100	if (!T0_POP()) {
970	421		ip += t0off;
971			}
972	1305		break;
973	6		case 7: {
974			/* %25 */
975
976	6		int32_t b = T0_POPi();
977	6		int32_t a = T0_POPi();
978	6		T0_PUSHi(a % b);
979
980			}
981	6		break;
982	18		case 8: {
983			/* * */
984
985	18		uint32_t b = T0_POP();
986	18		uint32_t a = T0_POP();
987	18		T0_PUSH(a * b);
988
989			}
990	18		break;
991	442		case 9: {
992			/* + */
993
994	442		uint32_t b = T0_POP();
995	442		uint32_t a = T0_POP();
996	442		T0_PUSH(a + b);
997
998			}
999	442		break;
1000	773		case 10: {
1001			/* - */
1002
1003	773		uint32_t b = T0_POP();
1004	773		uint32_t a = T0_POP();
1005	773		T0_PUSH(a - b);
1006
1007			}
1008	773		break;
1009	7		case 11: {
1010			/* -rot */
1011	7		T0_NROT();
1012			}
1013	7		break;
1014	6		case 12: {
1015			/* / */
1016
1017	6		int32_t b = T0_POPi();
1018	6		int32_t a = T0_POPi();
1019	6		T0_PUSHi(a / b);
1020
1021			}
1022	6		break;
1023	204		case 13: {
1024			/* < */
1025
1026	204		int32_t b = T0_POPi();
1027	204		int32_t a = T0_POPi();
1028	204		T0_PUSH(-(uint32_t)(a < b));
1029
1030			}
1031	204		break;
1032	55		case 14: {
1033			/* << */
1034
1035	55		int c = (int)T0_POPi();
1036	55		uint32_t x = T0_POP();
1037	55		T0_PUSH(x << c);
1038
1039			}
1040	55		break;
1041	120		case 15: {
1042			/* <= */
1043
1044	120		int32_t b = T0_POPi();
1045	120		int32_t a = T0_POPi();
1046	120		T0_PUSH(-(uint32_t)(a <= b));
1047
1048			}
1049	120		break;
1050	4		case 16: {
1051			/* <> */
1052
1053	4		uint32_t b = T0_POP();
1054	4		uint32_t a = T0_POP();
1055	4		T0_PUSH(-(uint32_t)(a != b));
1056
1057			}
1058	4		break;
1059	219		case 17: {
1060			/* = */
1061
1062	219		uint32_t b = T0_POP();
1063	219		uint32_t a = T0_POP();
1064	219		T0_PUSH(-(uint32_t)(a == b));
1065
1066			}
1067	219		break;
1068	38		case 18: {
1069			/* > */
1070
1071	38		int32_t b = T0_POPi();
1072	38		int32_t a = T0_POPi();
1073	38		T0_PUSH(-(uint32_t)(a > b));
1074
1075			}
1076	38		break;
1077	587		case 19: {
1078			/* >= */
1079
1080	587		int32_t b = T0_POPi();
1081	587		int32_t a = T0_POPi();
1082	587		T0_PUSH(-(uint32_t)(a >= b));
1083
1084			}
1085	587		break;
1086	80		case 20: {
1087			/* >> */
1088
1089	80		int c = (int)T0_POPi();
1090	80		int32_t x = T0_POPi();
1091	80		T0_PUSHi(x >> c);
1092
1093			}
1094	80		break;
1095	329		case 21: {
1096			/* and */
1097
1098	329		uint32_t b = T0_POP();
1099	329		uint32_t a = T0_POP();
1100	329		T0_PUSH(a & b);
1101
1102			}
1103	329		break;
1104	2		case 22: {
1105			/* blobcopy */
1106
1107	2		size_t len = T0_POP();
1108	2		unsigned char src = (unsigned char )CTX + T0_POP();
1109	2		unsigned char dst = (unsigned char )CTX + T0_POP();
1110	2		memcpy(dst, src, len);
1111
1112			}
1113	2		break;
1114	1		case 23: {
1115			/* check-direct-trust */
1116
1117			size_t u;
1118
1119	1	50	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1120			const br_x509_trust_anchor *ta;
1121			unsigned char hashed_DN[64];
1122			int kt;
1123
1124	1		ta = &CTX->trust_anchors[u];
1125	1	50	if (ta->flags & BR_X509_TA_CA) {
1126	0		continue;
1127			}
1128	1		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1129	1	50	if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {
1130	0		continue;
1131			}
1132	1		kt = CTX->pkey.key_type;
1133	1	50	if ((ta->pkey.key_type & 0x0F) != kt) {
1134	0		continue;
1135			}
1136	1		switch (kt) {
1137
1138	1		case BR_KEYTYPE_RSA:
1139	1	50	if (!eqbigint(CTX->pkey.key.rsa.n,
1140	1		CTX->pkey.key.rsa.nlen,
1141	1		ta->pkey.key.rsa.n,
1142	1		ta->pkey.key.rsa.nlen)
1143	1	50	\|\| !eqbigint(CTX->pkey.key.rsa.e,
1144	1		CTX->pkey.key.rsa.elen,
1145	1		ta->pkey.key.rsa.e,
1146	1		ta->pkey.key.rsa.elen))
1147			{
1148	0		continue;
1149			}
1150	1		break;
1151
1152	0		case BR_KEYTYPE_EC:
1153	0	0	if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve
1154	0	0	\|\| CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen
1155	0		\|\| memcmp(CTX->pkey.key.ec.q,
1156	0		ta->pkey.key.ec.q,
1157	0	0	ta->pkey.key.ec.qlen) != 0)
1158			{
1159	0		continue;
1160			}
1161	0		break;
1162
1163	0		default:
1164	0		continue;
1165			}
1166
1167			/*
1168			* Direct trust match!
1169			*/
1170	1		CTX->err = BR_ERR_X509_OK;
1171	1		T0_CO();
1172			}
1173
1174			}
1175	0		break;
1176	0		case 24: {
1177			/* check-trust-anchor-CA */
1178
1179			size_t u;
1180
1181	0	0	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1182			const br_x509_trust_anchor *ta;
1183			unsigned char hashed_DN[64];
1184
1185	0		ta = &CTX->trust_anchors[u];
1186	0	0	if (!(ta->flags & BR_X509_TA_CA)) {
1187	0		continue;
1188			}
1189	0		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1190	0	0	if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {
1191	0		continue;
1192			}
1193	0	0	if (verify_signature(CTX, &ta->pkey) == 0) {
1194	0		CTX->err = BR_ERR_X509_OK;
1195	0		T0_CO();
1196			}
1197			}
1198
1199			}
1200	0		break;
1201	1		case 25: {
1202			/* check-validity-range */
1203
1204	1		uint32_t nbs = T0_POP();
1205	1		uint32_t nbd = T0_POP();
1206	1		uint32_t nas = T0_POP();
1207	1		uint32_t nad = T0_POP();
1208			int r;
1209	1	50	if (CTX->itime != 0) {
1210	0		r = CTX->itime(CTX->itime_ctx, nbd, nbs, nad, nas);
1211	0	0	if (r < -1 \|\| r > 1) {
		0
1212	0		CTX->err = BR_ERR_X509_TIME_UNKNOWN;
1213	0		T0_CO();
1214			}
1215			} else {
1216	1		uint32_t vd = CTX->days;
1217	1		uint32_t vs = CTX->seconds;
1218	1	50	if (vd == 0 && vs == 0) {
		50
1219			#if BR_USE_UNIX_TIME
1220	1		time_t x = time(NULL);
1221
1222	1		vd = (uint32_t)(x / 86400) + 719528;
1223	1		vs = (uint32_t)(x % 86400);
1224			#elif BR_USE_WIN32_TIME
1225			FILETIME ft;
1226			uint64_t x;
1227
1228			GetSystemTimeAsFileTime(&ft);
1229			x = ((uint64_t)ft.dwHighDateTime << 32)
1230			+ (uint64_t)ft.dwLowDateTime;
1231			x = (x / 10000000);
1232			vd = (uint32_t)(x / 86400) + 584754;
1233			vs = (uint32_t)(x % 86400);
1234			#else
1235			CTX->err = BR_ERR_X509_TIME_UNKNOWN;
1236			T0_CO();
1237			#endif
1238			}
1239	1	50	if (vd < nbd \|\| (vd == nbd && vs < nbs)) {
		50
		0
1240	0		r = -1;
1241	1	50	} else if (vd > nad \|\| (vd == nad && vs > nas)) {
		50
		0
1242	0		r = 1;
1243			} else {
1244	1		r = 0;
1245			}
1246			}
1247	1		T0_PUSHi(r);
1248
1249			}
1250	1		break;
1251	2		case 26: {
1252			/* co */
1253	2		T0_CO();
1254			}
1255			break;
1256	2		case 27: {
1257			/* compute-dn-hash */
1258
1259	2		CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash);
1260	2		CTX->do_dn_hash = 0;
1261
1262			}
1263	2		break;
1264	0		case 28: {
1265			/* compute-tbs-hash */
1266
1267	0		int id = T0_POPi();
1268			size_t len;
1269	0		len = br_multihash_out(&CTX->mhash, id, CTX->tbs_hash);
1270	0		T0_PUSH(len);
1271
1272			}
1273	0		break;
1274	0		case 29: {
1275			/* copy-ee-ec-pkey */
1276
1277	0		size_t qlen = T0_POP();
1278	0		uint32_t curve = T0_POP();
1279	0		memcpy(CTX->ee_pkey_data, CTX->pkey_data, qlen);
1280	0		CTX->pkey.key_type = BR_KEYTYPE_EC;
1281	0		CTX->pkey.key.ec.curve = curve;
1282	0		CTX->pkey.key.ec.q = CTX->ee_pkey_data;
1283	0		CTX->pkey.key.ec.qlen = qlen;
1284
1285			}
1286	0		break;
1287	1		case 30: {
1288			/* copy-ee-rsa-pkey */
1289
1290	1		size_t elen = T0_POP();
1291	1		size_t nlen = T0_POP();
1292	1		memcpy(CTX->ee_pkey_data, CTX->pkey_data, nlen + elen);
1293	1		CTX->pkey.key_type = BR_KEYTYPE_RSA;
1294	1		CTX->pkey.key.rsa.n = CTX->ee_pkey_data;
1295	1		CTX->pkey.key.rsa.nlen = nlen;
1296	1		CTX->pkey.key.rsa.e = CTX->ee_pkey_data + nlen;
1297	1		CTX->pkey.key.rsa.elen = elen;
1298
1299			}
1300	1		break;
1301	0		case 31: {
1302			/* copy-name-SAN */
1303
1304	0		unsigned tag = T0_POP();
1305	0		unsigned ok = T0_POP();
1306			size_t u, len;
1307
1308	0		len = CTX->pad[0];
1309	0	0	for (u = 0; u < CTX->num_name_elts; u ++) {
1310			br_name_element *ne;
1311
1312	0		ne = &CTX->name_elts[u];
1313	0	0	if (ne->status == 0 && ne->oid[0] == 0 && ne->oid[1] == tag) {
		0
		0
1314	0	0	if (ok && ne->len > len) {
		0
1315	0		memcpy(ne->buf, CTX->pad + 1, len);
1316	0		ne->buf[len] = 0;
1317	0		ne->status = 1;
1318			} else {
1319	0		ne->status = -1;
1320			}
1321	0		break;
1322			}
1323			}
1324
1325			}
1326	0		break;
1327	4		case 32: {
1328			/* copy-name-element */
1329
1330			size_t len;
1331	4		int32_t off = T0_POPi();
1332	4		int ok = T0_POPi();
1333
1334	4	50	if (off >= 0) {
1335	0		br_name_element *ne = &CTX->name_elts[off];
1336
1337	0	0	if (ok) {
1338	0		len = CTX->pad[0];
1339	0	0	if (len < ne->len) {
1340	0		memcpy(ne->buf, CTX->pad + 1, len);
1341	0		ne->buf[len] = 0;
1342	0		ne->status = 1;
1343			} else {
1344	0		ne->status = -1;
1345			}
1346			} else {
1347	0		ne->status = -1;
1348			}
1349			}
1350
1351			}
1352	4		break;
1353	4		case 33: {
1354			/* data-get8 */
1355
1356	4		size_t addr = T0_POP();
1357	4		T0_PUSH(t0_datablock[addr]);
1358
1359			}
1360	4		break;
1361	2		case 34: {
1362			/* dn-hash-length */
1363
1364	2		T0_PUSH(DNHASH_LEN);
1365
1366			}
1367	2		break;
1368	0		case 35: {
1369			/* do-ecdsa-vrfy */
1370
1371	0		size_t qlen = T0_POP();
1372	0		int curve = T0_POP();
1373			br_x509_pkey pk;
1374
1375	0		pk.key_type = BR_KEYTYPE_EC;
1376	0		pk.key.ec.curve = curve;
1377	0		pk.key.ec.q = CTX->pkey_data;
1378	0		pk.key.ec.qlen = qlen;
1379	0		T0_PUSH(verify_signature(CTX, &pk));
1380
1381			}
1382	0		break;
1383	0		case 36: {
1384			/* do-rsa-vrfy */
1385
1386	0		size_t elen = T0_POP();
1387	0		size_t nlen = T0_POP();
1388			br_x509_pkey pk;
1389
1390	0		pk.key_type = BR_KEYTYPE_RSA;
1391	0		pk.key.rsa.n = CTX->pkey_data;
1392	0		pk.key.rsa.nlen = nlen;
1393	0		pk.key.rsa.e = CTX->pkey_data + nlen;
1394	0		pk.key.rsa.elen = elen;
1395	0		T0_PUSH(verify_signature(CTX, &pk));
1396
1397			}
1398	0		break;
1399	48		case 37: {
1400			/* drop */
1401	48		(void)T0_POP();
1402			}
1403	48		break;
1404	2165		case 38: {
1405			/* dup */
1406	2165		T0_PUSH(T0_PEEK(0));
1407			}
1408	2165		break;
1409	11		case 39: {
1410			/* eqOID */
1411
1412	11		const unsigned char *a2 = &t0_datablock[T0_POP()];
1413	11		const unsigned char *a1 = &CTX->pad[0];
1414	11		size_t len = a1[0];
1415			int x;
1416	11	50	if (len == a2[0]) {
1417	11		x = -(memcmp(a1 + 1, a2 + 1, len) == 0);
1418			} else {
1419	0		x = 0;
1420			}
1421	11		T0_PUSH((uint32_t)x);
1422
1423			}
1424	11		break;
1425	0		case 40: {
1426			/* eqblob */
1427
1428	0		size_t len = T0_POP();
1429	0		const unsigned char a2 = (const unsigned char )CTX + T0_POP();
1430	0		const unsigned char a1 = (const unsigned char )CTX + T0_POP();
1431	0		T0_PUSHi(-(memcmp(a1, a2, len) == 0));
1432
1433			}
1434	0		break;
1435	0		case 41: {
1436			/* fail */
1437
1438	0		CTX->err = T0_POPi();
1439	0		T0_CO();
1440
1441			}
1442			break;
1443	1		case 42: {
1444			/* get16 */
1445
1446	1		uint32_t addr = T0_POP();
1447	1		T0_PUSH((uint16_t )(void )((unsigned char )CTX + addr));
1448
1449			}
1450	1		break;
1451	1		case 43: {
1452			/* get32 */
1453
1454	1		uint32_t addr = T0_POP();
1455	1		T0_PUSH((uint32_t )(void )((unsigned char )CTX + addr));
1456
1457			}
1458	1		break;
1459	1		case 44: {
1460			/* match-server-name */
1461
1462			size_t n1, n2;
1463
1464	1	50	if (CTX->server_name == NULL) {
1465	0		T0_PUSH(0);
1466	0		T0_RET();
1467			}
1468	1		n1 = strlen(CTX->server_name);
1469	1		n2 = CTX->pad[0];
1470	1	50	if (n1 == n2 && eqnocase(&CTX->pad[1], CTX->server_name, n1)) {
		50
1471	1		T0_PUSHi(-1);
1472	1		T0_RET();
1473			}
1474	0	0	if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {
		0
		0
1475			size_t u;
1476
1477	0		u = 0;
1478	0	0	while (u < n1 && CTX->server_name[u] != '.') {
		0
1479	0		u ++;
1480			}
1481	0		u ++;
1482	0		n1 -= u;
1483	0	0	if ((n2 - 2) == n1
1484	0	0	&& eqnocase(&CTX->pad[3], CTX->server_name + u, n1))
1485			{
1486	0		T0_PUSHi(-1);
1487	0		T0_RET();
1488			}
1489			}
1490	0		T0_PUSH(0);
1491
1492			}
1493	0		break;
1494	39		case 45: {
1495			/* neg */
1496
1497	39		uint32_t a = T0_POP();
1498	39		T0_PUSH(-a);
1499
1500			}
1501	39		break;
1502	4		case 46: {
1503			/* offset-name-element */
1504
1505	4		unsigned san = T0_POP();
1506			size_t u;
1507
1508	4	50	for (u = 0; u < CTX->num_name_elts; u ++) {
1509	0	0	if (CTX->name_elts[u].status == 0) {
1510			const unsigned char *oid;
1511			size_t len, off;
1512
1513	0		oid = CTX->name_elts[u].oid;
1514	0	0	if (san) {
1515	0	0	if (oid[0] != 0 \|\| oid[1] != 0) {
		0
1516	0		continue;
1517			}
1518	0		off = 2;
1519			} else {
1520	0		off = 0;
1521			}
1522	0		len = oid[off];
1523	0	0	if (len != 0 && len == CTX->pad[0]
		0
1524	0		&& memcmp(oid + off + 1,
1525	0	0	CTX->pad + 1, len) == 0)
1526			{
1527	0		T0_PUSH(u);
1528	0		T0_RET();
1529			}
1530			}
1531			}
1532	4		T0_PUSHi(-1);
1533
1534			}
1535	4		break;
1536	45		case 47: {
1537			/* or */
1538
1539	45		uint32_t b = T0_POP();
1540	45		uint32_t a = T0_POP();
1541	45		T0_PUSH(a \| b);
1542
1543			}
1544	45		break;
1545	260		case 48: {
1546			/* over */
1547	260		T0_PUSH(T0_PEEK(1));
1548			}
1549	260		break;
1550	11		case 49: {
1551			/* read-blob-inner */
1552
1553	11		uint32_t len = T0_POP();
1554	11		uint32_t addr = T0_POP();
1555	11		size_t clen = CTX->hlen;
1556	11	50	if (clen > len) {
1557	11		clen = (size_t)len;
1558			}
1559	11	100	if (addr != 0) {
1560	6		memcpy((unsigned char *)CTX + addr, CTX->hbuf, clen);
1561			}
1562	11	50	if (CTX->do_mhash) {
1563	11		br_multihash_update(&CTX->mhash, CTX->hbuf, clen);
1564			}
1565	11	100	if (CTX->do_dn_hash) {
1566	5		CTX->dn_hash_impl->update(
1567	5		&CTX->dn_hash.vtable, CTX->hbuf, clen);
1568			}
1569	11		CTX->hbuf += clen;
1570	11		CTX->hlen -= clen;
1571	11		T0_PUSH(addr + clen);
1572	11		T0_PUSH(len - clen);
1573
1574			}
1575	11		break;
1576	422		case 50: {
1577			/* read8-low */
1578
1579	422	100	if (CTX->hlen == 0) {
1580	2		T0_PUSHi(-1);
1581			} else {
1582	420		unsigned char x = *CTX->hbuf ++;
1583	420	100	if (CTX->do_mhash) {
1584	416		br_multihash_update(&CTX->mhash, &x, 1);
1585			}
1586	420	100	if (CTX->do_dn_hash) {
1587	78		CTX->dn_hash_impl->update(&CTX->dn_hash.vtable, &x, 1);
1588			}
1589	420		CTX->hlen --;
1590	420		T0_PUSH(x);
1591			}
1592
1593			}
1594	422		break;
1595	14		case 51: {
1596			/* rot */
1597	14		T0_ROT();
1598			}
1599	14		break;
1600	0		case 52: {
1601			/* set16 */
1602
1603	0		uint32_t addr = T0_POP();
1604	0		(uint16_t )(void )((unsigned char )CTX + addr) = T0_POP();
1605
1606			}
1607	0		break;
1608	0		case 53: {
1609			/* set32 */
1610
1611	0		uint32_t addr = T0_POP();
1612	0		(uint32_t )(void )((unsigned char )CTX + addr) = T0_POP();
1613
1614			}
1615	0		break;
1616	312		case 54: {
1617			/* set8 */
1618
1619	312		uint32_t addr = T0_POP();
1620	312		((unsigned char )CTX + addr) = (unsigned char)T0_POP();
1621
1622			}
1623	312		break;
1624	2		case 55: {
1625			/* start-dn-hash */
1626
1627	2		CTX->dn_hash_impl->init(&CTX->dn_hash.vtable);
1628	2		CTX->do_dn_hash = 1;
1629
1630			}
1631	2		break;
1632	1		case 56: {
1633			/* start-tbs-hash */
1634
1635	1		br_multihash_init(&CTX->mhash);
1636	1		CTX->do_mhash = 1;
1637
1638			}
1639	1		break;
1640	1		case 57: {
1641			/* stop-tbs-hash */
1642
1643	1		CTX->do_mhash = 0;
1644
1645			}
1646	1		break;
1647	270		case 58: {
1648			/* swap */
1649	270		T0_SWAP();
1650			}
1651	270		break;
1652	1		case 59: {
1653			/* zero-server-name */
1654
1655	1		T0_PUSHi(-(CTX->server_name == NULL));
1656
1657			}
1658	1		break;
1659			}
1660
1661			} else {
1662	2736		T0_ENTER(ip, rp, t0x);
1663			}
1664			}
1665	3		t0_exit:
1666	3		((t0_context *)t0ctx)->dp = dp;
1667	3		((t0_context *)t0ctx)->rp = rp;
1668	3		((t0_context *)t0ctx)->ip = ip;
1669	3		}
1670
1671
1672
1673			/*
1674			* Verify the signature on the certificate with the provided public key.
1675			* This function checks the public key type with regards to the expected
1676			* type. Returned value is either 0 on success, or a non-zero error code.
1677			*/
1678			static int
1679	0		verify_signature(br_x509_minimal_context ctx, const br_x509_pkey pk)
1680			{
1681			int kt;
1682
1683	0		kt = ctx->cert_signer_key_type;
1684	0	0	if ((pk->key_type & 0x0F) != kt) {
1685	0		return BR_ERR_X509_WRONG_KEY_TYPE;
1686			}
1687	0		switch (kt) {
1688			unsigned char tmp[64];
1689
1690	0		case BR_KEYTYPE_RSA:
1691	0	0	if (ctx->irsa == 0) {
1692	0		return BR_ERR_X509_UNSUPPORTED;
1693			}
1694	0	0	if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len,
1695	0		&t0_datablock[ctx->cert_sig_hash_oid],
1696	0		ctx->cert_sig_hash_len, &pk->key.rsa, tmp))
1697			{
1698	0		return BR_ERR_X509_BAD_SIGNATURE;
1699			}
1700	0	0	if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
1701	0		return BR_ERR_X509_BAD_SIGNATURE;
1702			}
1703	0		return 0;
1704
1705	0		case BR_KEYTYPE_EC:
1706	0	0	if (ctx->iecdsa == 0) {
1707	0		return BR_ERR_X509_UNSUPPORTED;
1708			}
1709	0	0	if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash,
1710	0		ctx->cert_sig_hash_len, &pk->key.ec,
1711	0		ctx->cert_sig, ctx->cert_sig_len))
1712			{
1713	0		return BR_ERR_X509_BAD_SIGNATURE;
1714			}
1715	0		return 0;
1716
1717	0		default:
1718	0		return BR_ERR_X509_UNSUPPORTED;
1719			}
1720			}
1721
1722