1/* Automatically generated code; do not modify directly. */
2
3#include <stddef.h>
4#include <stdint.h>
5
6typedef struct {
7	uint32_t *dp;
8	uint32_t *rp;
9	const unsigned char *ip;
10} t0_context;
11
12static uint32_t
13t0_parse7E_unsigned(const unsigned char **p)
14{
15	uint32_t x;
16
17	x = 0;
18	for (;;) {
19		unsigned y;
20
21		y = *(*p) ++;
22		x = (x << 7) | (uint32_t)(y & 0x7F);
23		if (y < 0x80) {
24			return x;
25		}
26	}
27}
28
29static int32_t
30t0_parse7E_signed(const unsigned char **p)
31{
32	int neg;
33	uint32_t x;
34
35	neg = ((**p) >> 6) & 1;
36	x = (uint32_t)-neg;
37	for (;;) {
38		unsigned y;
39
40		y = *(*p) ++;
41		x = (x << 7) | (uint32_t)(y & 0x7F);
42		if (y < 0x80) {
43			if (neg) {
44				return -(int32_t)~x - 1;
45			} else {
46				return (int32_t)x;
47			}
48		}
49	}
50}
51
52#define T0_VBYTE(x, n)   (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53#define T0_FBYTE(x, n)   (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54#define T0_SBYTE(x)      (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55#define T0_INT1(x)       T0_FBYTE(x, 0)
56#define T0_INT2(x)       T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57#define T0_INT3(x)       T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58#define T0_INT4(x)       T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59#define T0_INT5(x)       T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61/* static const unsigned char t0_datablock[]; */
62
63
64void br_x509_minimal_init_main(void *t0ctx);
65
66void br_x509_minimal_run(void *t0ctx);
67
68
69
70#include "inner.h"
71
72
73
74
75
76#include "inner.h"
77
78/*
79 * Implementation Notes
80 * --------------------
81 *
82 * The C code pushes the data by chunks; all decoding is done in the
83 * T0 code. The cert_length value is set to the certificate length when
84 * a new certificate is started; the T0 code picks it up as outer limit,
85 * and decoding functions use it to ensure that no attempt is made at
86 * reading past it. The T0 code also checks that once the certificate is
87 * decoded, there are no trailing bytes.
88 *
89 * The T0 code sets cert_length to 0 when the certificate is fully
90 * decoded.
91 *
92 * The C code must still perform two checks:
93 *
94 *  -- If the certificate length is 0, then the T0 code will not be
95 *  invoked at all. This invalid condition must thus be reported by the
96 *  C code.
97 *
98 *  -- When reaching the end of certificate, the C code must verify that
99 *  the certificate length has been set to 0, thereby signaling that
100 *  the T0 code properly decoded a certificate.
101 *
102 * Processing of a chain works in the following way:
103 *
104 *  -- The error flag is set to a non-zero value when validation is
105 *  finished. The value is either BR_ERR_X509_OK (validation is
106 *  successful) or another non-zero error code. When a non-zero error
107 *  code is obtained, the remaining bytes in the current certificate and
108 *  the subsequent certificates (if any) are completely ignored.
109 *
110 *  -- Each certificate is decoded in due course, with the following
111 *  "interesting points":
112 *
113 *     -- Start of the TBS: the multihash engine is reset and activated.
114 *
115 *     -- Start of the issuer DN: the secondary hash engine is started,
116 *     to process the encoded issuer DN.
117 *
118 *     -- End of the issuer DN: the secondary hash engine is stopped. The
119 *     resulting hash value is computed and then copied into the
120 *     next_dn_hash[] buffer.
121 *
122 *     -- Start of the subject DN: the secondary hash engine is started,
123 *     to process the encoded subject DN.
124 *
125 *     -- For the EE certificate only: the Common Name, if any, is matched
126 *     against the expected server name.
127 *
128 *     -- End of the subject DN: the secondary hash engine is stopped. The
129 *     resulting hash value is computed into the pad. It is then processed:
130 *
131 *        -- If this is the EE certificate, then the hash is ignored
132 *        (except for direct trust processing, see later; the hash is
133 *        simply left in current_dn_hash[]).
134 *
135 *        -- Otherwise, the hashed subject DN is compared with the saved
136 *        hash value (in saved_dn_hash[]). They must match.
137 *
138 *     Either way, the next_dn_hash[] value is then copied into the
139 *     saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]
140 *     contains the hash of the issuer DN for the current certificate,
141 *     and current_dn_hash[] contains the hash of the subject DN for the
142 *     current certificate.
143 *
144 *     -- Public key: it is decoded into the cert_pkey[] buffer. Unknown
145 *     key types are reported at that point.
146 *
147 *        -- If this is the EE certificate, then the key type is compared
148 *        with the expected key type (initialization parameter). The public
149 *        key data is copied to ee_pkey_data[]. The key and hashed subject
150 *        DN are also compared with the "direct trust" keys; if the key
151 *        and DN are matched, then validation ends with a success.
152 *
153 *        -- Otherwise, the saved signature (cert_sig[]) is verified
154 *        against the saved TBS hash (tbs_hash[]) and that freshly
155 *        decoded public key. Failure here ends validation with an error.
156 *
157 *     -- Extensions: extension values are processed in due order.
158 *
159 *        -- Basic Constraints: for all certificates except EE, must be
160 *        present, indicate a CA, and have a path legnth compatible with
161 *        the chain length so far.
162 *
163 *        -- Key Usage: for the EE, if present, must allow signatures
164 *        or encryption/key exchange, as required for the cipher suite.
165 *        For non-EE, if present, must have the "certificate sign" bit.
166 *
167 *        -- Subject Alt Name: for the EE, dNSName names are matched
168 *        against the server name. Ignored for non-EE.
169 *
170 *        -- Authority Key Identifier, Subject Key Identifier, Issuer
171 *        Alt Name, Subject Directory Attributes, CRL Distribution Points
172 *        Freshest CRL, Authority Info Access and Subject Info Access
173 *        extensions are always ignored: they either contain only
174 *        informative data, or they relate to revocation processing, which
175 *        we explicitly do not support.
176 *
177 *        -- All other extensions are ignored if non-critical. If a
178 *        critical extension other than the ones above is encountered,
179 *        then a failure is reported.
180 *
181 *     -- End of the TBS: the multihash engine is stopped.
182 *
183 *     -- Signature algorithm: the signature algorithm on the
184 *     certificate is decoded. A failure is reported if that algorithm
185 *     is unknown. The hashed TBS corresponding to the signature hash
186 *     function is computed and stored in tbs_hash[] (if not supported,
187 *     then a failure is reported). The hash OID and length are stored
188 *     in cert_sig_hash_oid and cert_sig_hash_len.
189 *
190 *     -- Signature value: the signature value is copied into the
191 *     cert_sig[] array.
192 *
193 *     -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is
194 *     looked up in the trust store (CA trust anchors only); for all
195 *     that match, the signature (cert_sig[]) is verified against the
196 *     anchor public key (hashed TBS is in tbs_hash[]). If one of these
197 *     signatures is valid, then validation ends with a success.
198 *
199 *  -- If the chain end is reached without obtaining a validation success,
200 *  then validation is reported as failed.
201 */
202
203#if BR_USE_UNIX_TIME
204#include <time.h>
205#endif
206
207#if BR_USE_WIN32_TIME
208#include <windows.h>
209#endif
210
211/*
212 * The T0 compiler will produce these prototypes declarations in the
213 * header.
214 *
215void br_x509_minimal_init_main(void *ctx);
216void br_x509_minimal_run(void *ctx);
217 */
218
219/* see bearssl_x509.h */
220void
221br_x509_minimal_init(br_x509_minimal_context *ctx,
222	const br_hash_class *dn_hash_impl,
223	const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num)
224{
225	memset(ctx, 0, sizeof *ctx);
226	ctx->vtable = &br_x509_minimal_vtable;
227	ctx->dn_hash_impl = dn_hash_impl;
228	ctx->trust_anchors = trust_anchors;
229	ctx->trust_anchors_num = trust_anchors_num;
230}
231
232static void
233xm_start_chain(const br_x509_class **ctx, const char *server_name)
234{
235	br_x509_minimal_context *cc;
236	size_t u;
237
238	cc = (br_x509_minimal_context *)(void *)ctx;
239	for (u = 0; u < cc->num_name_elts; u ++) {
240		cc->name_elts[u].status = 0;
241		cc->name_elts[u].buf[0] = 0;
242	}
243	memset(&cc->pkey, 0, sizeof cc->pkey);
244	cc->num_certs = 0;
245	cc->err = 0;
246	cc->cpu.dp = cc->dp_stack;
247	cc->cpu.rp = cc->rp_stack;
248	br_x509_minimal_init_main(&cc->cpu);
249	if (server_name == NULL || *server_name == 0) {
250		cc->server_name = NULL;
251	} else {
252		cc->server_name = server_name;
253	}
254}
255
256static void
257xm_start_cert(const br_x509_class **ctx, uint32_t length)
258{
259	br_x509_minimal_context *cc;
260
261	cc = (br_x509_minimal_context *)(void *)ctx;
262	if (cc->err != 0) {
263		return;
264	}
265	if (length == 0) {
266		cc->err = BR_ERR_X509_TRUNCATED;
267		return;
268	}
269	cc->cert_length = length;
270}
271
272static void
273xm_append(const br_x509_class **ctx, const unsigned char *buf, size_t len)
274{
275	br_x509_minimal_context *cc;
276
277	cc = (br_x509_minimal_context *)(void *)ctx;
278	if (cc->err != 0) {
279		return;
280	}
281	cc->hbuf = buf;
282	cc->hlen = len;
283	br_x509_minimal_run(&cc->cpu);
284}
285
286static void
287xm_end_cert(const br_x509_class **ctx)
288{
289	br_x509_minimal_context *cc;
290
291	cc = (br_x509_minimal_context *)(void *)ctx;
292	if (cc->err == 0 && cc->cert_length != 0) {
293		cc->err = BR_ERR_X509_TRUNCATED;
294	}
295	cc->num_certs ++;
296}
297
298static unsigned
299xm_end_chain(const br_x509_class **ctx)
300{
301	br_x509_minimal_context *cc;
302
303	cc = (br_x509_minimal_context *)(void *)ctx;
304	if (cc->err == 0) {
305		if (cc->num_certs == 0) {
306			cc->err = BR_ERR_X509_EMPTY_CHAIN;
307		} else {
308			cc->err = BR_ERR_X509_NOT_TRUSTED;
309		}
310	} else if (cc->err == BR_ERR_X509_OK) {
311		return 0;
312	}
313	return (unsigned)cc->err;
314}
315
316static const br_x509_pkey *
317xm_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
318{
319	br_x509_minimal_context *cc;
320
321	cc = (br_x509_minimal_context *)(void *)ctx;
322	if (cc->err == BR_ERR_X509_OK
323		|| cc->err == BR_ERR_X509_NOT_TRUSTED)
324	{
325		if (usages != NULL) {
326			*usages = cc->key_usages;
327		}
328		return &((br_x509_minimal_context *)(void *)ctx)->pkey;
329	} else {
330		return NULL;
331	}
332}
333
334/* see bearssl_x509.h */
335const br_x509_class br_x509_minimal_vtable = {
336	sizeof(br_x509_minimal_context),
337	xm_start_chain,
338	xm_start_cert,
339	xm_append,
340	xm_end_cert,
341	xm_end_chain,
342	xm_get_pkey
343};
344
345#define CTX   ((br_x509_minimal_context *)(void *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))
346#define CONTEXT_NAME   br_x509_minimal_context
347
348#define DNHASH_LEN   ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)
349
350/*
351 * Hash a DN (from a trust anchor) into the provided buffer. This uses the
352 * DN hash implementation and context structure from the X.509 engine
353 * context.
354 */
355static void
356hash_dn(br_x509_minimal_context *ctx, const void *dn, size_t len,
357	unsigned char *out)
358{
359	ctx->dn_hash_impl->init(&ctx->dn_hash.vtable);
360	ctx->dn_hash_impl->update(&ctx->dn_hash.vtable, dn, len);
361	ctx->dn_hash_impl->out(&ctx->dn_hash.vtable, out);
362}
363
364/*
365 * Compare two big integers for equality. The integers use unsigned big-endian
366 * encoding; extra leading bytes (of value 0) are allowed.
367 */
368static int
369eqbigint(const unsigned char *b1, size_t len1,
370	const unsigned char *b2, size_t len2)
371{
372	while (len1 > 0 && *b1 == 0) {
373		b1 ++;
374		len1 --;
375	}
376	while (len2 > 0 && *b2 == 0) {
377		b2 ++;
378		len2 --;
379	}
380	if (len1 != len2) {
381		return 0;
382	}
383	return memcmp(b1, b2, len1) == 0;
384}
385
386/*
387 * Compare two strings for equality, in a case-insensitive way. This
388 * function handles casing only for ASCII letters.
389 */
390static int
391eqnocase(const void *s1, const void *s2, size_t len)
392{
393	const unsigned char *buf1, *buf2;
394
395	buf1 = s1;
396	buf2 = s2;
397	while (len -- > 0) {
398		int x1, x2;
399
400		x1 = *buf1 ++;
401		x2 = *buf2 ++;
402		if (x1 >= 'A' && x1 <= 'Z') {
403			x1 += 'a' - 'A';
404		}
405		if (x2 >= 'A' && x2 <= 'Z') {
406			x2 += 'a' - 'A';
407		}
408		if (x1 != x2) {
409			return 0;
410		}
411	}
412	return 1;
413}
414
415static int verify_signature(br_x509_minimal_context *ctx,
416	const br_x509_pkey *pk);
417
418
419
420static const unsigned char t0_datablock[] = {
421	0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,
422	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,
423	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,
424	0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
425	0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
426	0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,
427	0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
428	0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
429	0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,
430	0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,
431	0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,
432	0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,
433	0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,
434	0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
435	0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,
436	0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E,
437	0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F,
438	0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E,
439	0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F,
440	0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F,
441	0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x20, 0x08, 0x2B, 0x06, 0x01,
442	0x05, 0x05, 0x07, 0x02, 0x01, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D,
443	0x0E, 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D,
444	0x1F, 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
445	0x01, 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B
446};
447
448static const unsigned char t0_codeblock[] = {
449	0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01,
450	0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A,
451	0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01,
452	T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01,
453	T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01,
454	T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01,
455	T0_INT1(BR_ERR_X509_BAD_TAG_CLASS), 0x00, 0x00, 0x01,
456	T0_INT1(BR_ERR_X509_BAD_TAG_VALUE), 0x00, 0x00, 0x01,
457	T0_INT1(BR_ERR_X509_BAD_TIME), 0x00, 0x00, 0x01,
458	T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION), 0x00, 0x00, 0x01,
459	T0_INT1(BR_ERR_X509_DN_MISMATCH), 0x00, 0x00, 0x01,
460	T0_INT1(BR_ERR_X509_EXPIRED), 0x00, 0x00, 0x01,
461	T0_INT1(BR_ERR_X509_EXTRA_ELEMENT), 0x00, 0x00, 0x01,
462	T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE), 0x00, 0x00, 0x01,
463	T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH), 0x00, 0x00, 0x01,
464	T0_INT1(BR_ERR_X509_INNER_TRUNC), 0x00, 0x00, 0x01,
465	T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
466	T0_INT1(BR_ERR_X509_NOT_CA), 0x00, 0x00, 0x01,
467	T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED), 0x00, 0x00, 0x01,
468	T0_INT1(BR_ERR_X509_NOT_PRIMITIVE), 0x00, 0x00, 0x01,
469	T0_INT1(BR_ERR_X509_OVERFLOW), 0x00, 0x00, 0x01,
470	T0_INT1(BR_ERR_X509_PARTIAL_BYTE), 0x00, 0x00, 0x01,
471	T0_INT1(BR_ERR_X509_UNEXPECTED), 0x00, 0x00, 0x01,
472	T0_INT1(BR_ERR_X509_UNSUPPORTED), 0x00, 0x00, 0x01,
473	T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY), 0x00, 0x00, 0x01,
474	T0_INT1(BR_KEYTYPE_EC), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA),
475	0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_length)), 0x00,
476	0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig)), 0x00, 0x00,
477	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_len)), 0x00, 0x00,
478	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_oid)), 0x00, 0x00,
479	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_len)), 0x00, 0x00, 0x01,
480	T0_INT2(offsetof(CONTEXT_NAME, cert_signer_key_type)), 0x00, 0x00,
481	0x01, T0_INT2(offsetof(CONTEXT_NAME, current_dn_hash)), 0x00, 0x00,
482	0x01, T0_INT2(offsetof(CONTEXT_NAME, key_usages)), 0x00, 0x00, 0x01,
483	T0_INT2(offsetof(br_x509_minimal_context, pkey_data)), 0x01,
484	T0_INT2(BR_X509_BUFSIZE_KEY), 0x00, 0x00, 0x01,
485	T0_INT2(offsetof(CONTEXT_NAME, min_rsa_size)), 0x00, 0x00, 0x01,
486	T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01,
487	T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01,
488	T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01,
489	T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0xC9, 0x71,
490	0x00, 0x00, 0x01, 0x80, 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00,
491	0x01, 0x81, 0x02, 0x00, 0x00, 0x92, 0x05, 0x05, 0x34, 0x42, 0x01, 0x00,
492	0x00, 0x34, 0x01, 0x0A, 0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A,
493	0x00, 0x00, 0x01, 0x82, 0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00,
494	0x01, 0x81, 0x68, 0x00, 0x04, 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0x03,
495	0x03, 0x02, 0x03, 0x02, 0x01, 0x11, 0x06, 0x07, 0x02, 0x02, 0x02, 0x00,
496	0x0D, 0x04, 0x05, 0x02, 0x03, 0x02, 0x01, 0x0D, 0x00, 0x02, 0x03, 0x00,
497	0x03, 0x01, 0x25, 0x02, 0x01, 0x13, 0x3B, 0x02, 0x00, 0x0F, 0x15, 0x00,
498	0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x52, 0x28, 0x00, 0x00,
499	0x06, 0x02, 0x53, 0x28, 0x00, 0x00, 0x01, 0x10, 0x77, 0x00, 0x00, 0x11,
500	0x05, 0x02, 0x56, 0x28, 0x74, 0x00, 0x00, 0x11, 0x05, 0x02, 0x56, 0x28,
501	0x75, 0x00, 0x00, 0x06, 0x02, 0x4C, 0x28, 0x00, 0x00, 0x01, 0x82, 0x11,
502	0x00, 0x00, 0x25, 0x20, 0x01, 0x08, 0x0E, 0x3B, 0x40, 0x20, 0x09, 0x00,
503	0x09, 0x03, 0x00, 0x5B, 0x2B, 0xAF, 0x39, 0xAF, 0xB3, 0x25, 0x01, 0x20,
504	0x11, 0x06, 0x11, 0x24, 0x74, 0xAD, 0xB3, 0x01, 0x02, 0x78, 0xB0, 0x01,
505	0x02, 0x12, 0x06, 0x02, 0x57, 0x28, 0x79, 0xB3, 0x01, 0x02, 0x78, 0xAE,
506	0xAF, 0xC2, 0x9C, 0x65, 0x61, 0x21, 0x16, 0xAF, 0xA7, 0x29, 0x69, 0x06,
507	0x02, 0x4B, 0x28, 0xA7, 0x29, 0x71, 0x06, 0x02, 0x4B, 0x28, 0x79, 0x02,
508	0x00, 0x06, 0x05, 0x9D, 0x03, 0x01, 0x04, 0x09, 0x9C, 0x61, 0x68, 0x21,
509	0x27, 0x05, 0x02, 0x4A, 0x28, 0x68, 0x65, 0x21, 0x16, 0xAF, 0xAF, 0x9E,
510	0x05, 0x02, 0x57, 0x28, 0xBC, 0x26, 0x06, 0x27, 0xC2, 0xA4, 0xAF, 0x63,
511	0xAA, 0x03, 0x03, 0x63, 0x3B, 0x02, 0x03, 0x09, 0x3B, 0x02, 0x03, 0x0A,
512	0xAA, 0x03, 0x04, 0x79, 0x64, 0x2A, 0x01, 0x81, 0x00, 0x09, 0x02, 0x03,
513	0x12, 0x06, 0x02, 0x58, 0x28, 0x79, 0x5A, 0x03, 0x02, 0x04, 0x3A, 0x88,
514	0x26, 0x06, 0x34, 0x9E, 0x05, 0x02, 0x57, 0x28, 0x6A, 0x26, 0x06, 0x04,
515	0x01, 0x17, 0x04, 0x12, 0x6B, 0x26, 0x06, 0x04, 0x01, 0x18, 0x04, 0x0A,
516	0x6C, 0x26, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02, 0x57, 0x28, 0x03, 0x05,
517	0x79, 0xA4, 0x25, 0x03, 0x06, 0x25, 0x63, 0x34, 0x0D, 0x06, 0x02, 0x50,
518	0x28, 0xA5, 0x59, 0x03, 0x02, 0x04, 0x02, 0x57, 0x28, 0x79, 0x02, 0x00,
519	0x06, 0x21, 0x02, 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03,
520	0x02, 0x04, 0x1D, 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02,
521	0x05, 0x02, 0x06, 0x1C, 0x04, 0x03, 0x57, 0x28, 0x24, 0x04, 0x24, 0x02,
522	0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, 0x02, 0x04, 0x23,
523	0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x05, 0x02, 0x06,
524	0x22, 0x04, 0x03, 0x57, 0x28, 0x24, 0x25, 0x06, 0x01, 0x28, 0x24, 0x01,
525	0x00, 0x03, 0x07, 0xB4, 0x01, 0x21, 0x8F, 0x01, 0x22, 0x8F, 0x25, 0x01,
526	0x23, 0x11, 0x06, 0x81, 0x26, 0x24, 0x74, 0xAD, 0xAF, 0x25, 0x06, 0x81,
527	0x1A, 0x01, 0x00, 0x03, 0x08, 0xAF, 0x9E, 0x24, 0xB3, 0x25, 0x01, 0x01,
528	0x11, 0x06, 0x04, 0xA6, 0x03, 0x08, 0xB3, 0x01, 0x04, 0x78, 0xAD, 0x70,
529	0x26, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC3, 0x04, 0x05, 0x99, 0x01,
530	0x7F, 0x03, 0x07, 0x04, 0x80, 0x6C, 0x91, 0x26, 0x06, 0x06, 0x02, 0x00,
531	0x9B, 0x04, 0x80, 0x62, 0xC5, 0x26, 0x06, 0x11, 0x02, 0x00, 0x06, 0x09,
532	0x01, 0x00, 0x03, 0x01, 0x98, 0x03, 0x01, 0x04, 0x01, 0xC3, 0x04, 0x80,
533	0x4D, 0x73, 0x26, 0x06, 0x0A, 0x02, 0x08, 0x06, 0x03, 0x9A, 0x04, 0x01,
534	0xC3, 0x04, 0x3F, 0x6F, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x38, 0xC8, 0x26,
535	0x06, 0x03, 0xC3, 0x04, 0x31, 0x90, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x2A,
536	0xC6, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x23, 0x7A, 0x26, 0x06, 0x03, 0xC3,
537	0x04, 0x1C, 0x85, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x15, 0x6E, 0x26, 0x06,
538	0x03, 0xC3, 0x04, 0x0E, 0xC7, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x07, 0x02,
539	0x08, 0x06, 0x02, 0x49, 0x28, 0xC3, 0x79, 0x79, 0x04, 0xFE, 0x62, 0x79,
540	0x79, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02, 0x56, 0x28, 0x24, 0x79,
541	0x3A, 0x02, 0x00, 0x06, 0x08, 0x02, 0x01, 0x3C, 0x2F, 0x05, 0x02, 0x45,
542	0x28, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00, 0x02, 0x07, 0x2F, 0x05,
543	0x02, 0x51, 0x28, 0xB3, 0x76, 0xAD, 0x9E, 0x06, 0x80, 0x77, 0xBD, 0x26,
544	0x06, 0x07, 0x01, 0x02, 0x5A, 0x8A, 0x04, 0x80, 0x5E, 0xBE, 0x26, 0x06,
545	0x07, 0x01, 0x03, 0x5A, 0x8B, 0x04, 0x80, 0x53, 0xBF, 0x26, 0x06, 0x07,
546	0x01, 0x04, 0x5A, 0x8C, 0x04, 0x80, 0x48, 0xC0, 0x26, 0x06, 0x06, 0x01,
547	0x05, 0x5A, 0x8D, 0x04, 0x3E, 0xC1, 0x26, 0x06, 0x06, 0x01, 0x06, 0x5A,
548	0x8E, 0x04, 0x34, 0x7F, 0x26, 0x06, 0x06, 0x01, 0x02, 0x59, 0x8A, 0x04,
549	0x2A, 0x80, 0x26, 0x06, 0x06, 0x01, 0x03, 0x59, 0x8B, 0x04, 0x20, 0x81,
550	0x26, 0x06, 0x06, 0x01, 0x04, 0x59, 0x8C, 0x04, 0x16, 0x82, 0x26, 0x06,
551	0x06, 0x01, 0x05, 0x59, 0x8D, 0x04, 0x0C, 0x83, 0x26, 0x06, 0x06, 0x01,
552	0x06, 0x59, 0x8E, 0x04, 0x02, 0x57, 0x28, 0x5E, 0x35, 0x60, 0x37, 0x1B,
553	0x25, 0x05, 0x02, 0x57, 0x28, 0x5D, 0x37, 0x04, 0x02, 0x57, 0x28, 0xC2,
554	0xA4, 0x25, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG), 0x12, 0x06, 0x02, 0x50,
555	0x28, 0x25, 0x5F, 0x35, 0x5C, 0xA5, 0x79, 0x79, 0x01, 0x00, 0x5B, 0x36,
556	0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x25, 0x01, 0x00, 0x01, 0x09, 0x72,
557	0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x30, 0x30, 0x00, 0x00, 0x01, 0x81,
558	0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00, 0x01, 0x81, 0x19, 0x00,
559	0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81, 0x2B, 0x00, 0x01, 0x7E,
560	0x01, 0x01, 0x11, 0x3B, 0x01, 0x83, 0xFD, 0x7F, 0x11, 0x15, 0x06, 0x03,
561	0x3B, 0x24, 0x00, 0x3B, 0x25, 0x03, 0x00, 0x25, 0xCA, 0x05, 0x04, 0x42,
562	0x01, 0x00, 0x00, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x96, 0x04,
563	0x80, 0x49, 0x25, 0x01, 0x90, 0x00, 0x0D, 0x06, 0x0F, 0x01, 0x06, 0x14,
564	0x01, 0x81, 0x40, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x00, 0x97, 0x04, 0x33,
565	0x25, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14, 0x01, 0x0C, 0x14, 0x01,
566	0x81, 0x60, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00, 0x01,
567	0x00, 0x97, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01, 0x81, 0x70, 0x2F, 0x96,
568	0x02, 0x00, 0x01, 0x0C, 0x97, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00,
569	0x01, 0x00, 0x97, 0x00, 0x00, 0x01, 0x82, 0x15, 0x00, 0x00, 0x25, 0x01,
570	0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x81,
571	0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00, 0x01, 0x81, 0x78, 0x00,
572	0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43, 0x00, 0x00, 0x01, 0x80,
573	0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00, 0x01, 0x80, 0x61, 0x00,
574	0x00, 0x30, 0x11, 0x06, 0x04, 0x42, 0xAD, 0xC2, 0xB4, 0x00, 0x00, 0x01,
575	0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00, 0x00, 0x25, 0x01, 0x83,
576	0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x30, 0x62,
577	0x37, 0x01, 0x7F, 0x7C, 0x19, 0x01, 0x00, 0x7C, 0x19, 0x04, 0x7A, 0x00,
578	0x01, 0x81, 0x38, 0x00, 0x01, 0x7E, 0x0D, 0x06, 0x02, 0x4F, 0x28, 0x25,
579	0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30, 0x25, 0x3F, 0x3B, 0x01,
580	0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x42, 0x01, 0x00, 0x00, 0x30, 0x67,
581	0x09, 0x37, 0x40, 0x00, 0x00, 0x14, 0x01, 0x3F, 0x15, 0x01, 0x81, 0x00,
582	0x2F, 0x96, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00, 0xAF, 0x25, 0x06, 0x80,
583	0x59, 0xB3, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17, 0x24, 0x74, 0xAD, 0x9E,
584	0x24, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB3, 0x01, 0x20, 0x77, 0xAD, 0xB2,
585	0x02, 0x01, 0x1F, 0x79, 0x79, 0x04, 0x38, 0x01, 0x21, 0x30, 0x11, 0x06,
586	0x08, 0x24, 0x75, 0xB6, 0x01, 0x01, 0x1E, 0x04, 0x2A, 0x01, 0x22, 0x30,
587	0x11, 0x06, 0x11, 0x24, 0x75, 0xB6, 0x25, 0x06, 0x06, 0x2C, 0x02, 0x00,
588	0x2F, 0x03, 0x00, 0x01, 0x02, 0x1E, 0x04, 0x13, 0x01, 0x26, 0x30, 0x11,
589	0x06, 0x08, 0x24, 0x75, 0xB6, 0x01, 0x06, 0x1E, 0x04, 0x05, 0x42, 0xAE,
590	0x01, 0x00, 0x24, 0x04, 0xFF, 0x23, 0x79, 0x02, 0x00, 0x00, 0x00, 0xAF,
591	0xB4, 0x25, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA6, 0x05, 0x02, 0x51, 0x28,
592	0xB4, 0x04, 0x02, 0x51, 0x28, 0x25, 0x01, 0x02, 0x11, 0x06, 0x0C, 0x24,
593	0x75, 0xB0, 0x66, 0x2B, 0x41, 0x0D, 0x06, 0x02, 0x51, 0x28, 0xB4, 0x01,
594	0x7F, 0x10, 0x06, 0x02, 0x56, 0x28, 0x24, 0x79, 0x00, 0x00, 0xAF, 0x25,
595	0x06, 0x1A, 0xAF, 0x9E, 0x24, 0x25, 0x06, 0x11, 0xAF, 0x25, 0x06, 0x0C,
596	0xAF, 0x9E, 0x24, 0x89, 0x26, 0x05, 0x02, 0x49, 0x28, 0xC2, 0x04, 0x71,
597	0x79, 0x79, 0x04, 0x63, 0x79, 0x00, 0x02, 0x03, 0x00, 0xB3, 0x01, 0x03,
598	0x78, 0xAD, 0xBA, 0x03, 0x01, 0x02, 0x01, 0x01, 0x07, 0x12, 0x06, 0x02,
599	0x56, 0x28, 0x25, 0x01, 0x00, 0x30, 0x11, 0x06, 0x05, 0x24, 0x4D, 0x28,
600	0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A, 0x24, 0xBA, 0x02, 0x01,
601	0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x24, 0xBA, 0x01, 0x00, 0x24, 0x02,
602	0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38, 0x15, 0x06, 0x03, 0x01,
603	0x10, 0x2F, 0x3B, 0x01, 0x81, 0x40, 0x15, 0x06, 0x03, 0x01, 0x20, 0x2F,
604	0x62, 0x37, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05, 0x02, 0x4D, 0x28, 0xC2,
605	0x00, 0x00, 0x38, 0xAF, 0xC2, 0x1A, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
606	0x38, 0xAF, 0x25, 0x06, 0x30, 0xB3, 0x01, 0x11, 0x77, 0xAD, 0x25, 0x05,
607	0x02, 0x44, 0x28, 0x25, 0x06, 0x20, 0xAF, 0x9E, 0x24, 0x87, 0x26, 0x03,
608	0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xB2, 0x25, 0x02, 0x01, 0x15, 0x06,
609	0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x02, 0x02, 0x1F, 0x79,
610	0x04, 0x5D, 0x79, 0x04, 0x4D, 0x79, 0x1A, 0x02, 0x00, 0x00, 0x00, 0xB3,
611	0x01, 0x06, 0x78, 0xB1, 0x00, 0x00, 0xB8, 0x86, 0x06, 0x0E, 0x3B, 0x25,
612	0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, 0xB8, 0x6D, 0x04, 0x08,
613	0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB9, 0x86,
614	0x06, 0x0E, 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00,
615	0xB9, 0x6D, 0x04, 0x08, 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00,
616	0x00, 0x00, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x00, 0x04,
617	0x80, 0x55, 0x25, 0x01, 0x81, 0x40, 0x0D, 0x06, 0x07, 0x24, 0x01, 0x00,
618	0x00, 0x04, 0x80, 0x47, 0x25, 0x01, 0x81, 0x60, 0x0D, 0x06, 0x0E, 0x01,
619	0x1F, 0x15, 0x01, 0x01, 0xA3, 0x01, 0x81, 0x00, 0x01, 0x8F, 0x7F, 0x04,
620	0x32, 0x25, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F, 0x01, 0x0F, 0x15, 0x01,
621	0x02, 0xA3, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x04, 0x1C, 0x25,
622	0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07, 0x15, 0x01, 0x03, 0xA3,
623	0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF, 0x7F, 0x04, 0x04, 0x24,
624	0x01, 0x00, 0x00, 0x72, 0x05, 0x03, 0x24, 0x01, 0x00, 0x00, 0x00, 0x3B,
625	0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xBA, 0x34, 0x25,
626	0x3D, 0x06, 0x03, 0x3B, 0x24, 0x00, 0x01, 0x06, 0x0E, 0x3B, 0x25, 0x01,
627	0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x42, 0x01, 0x7F, 0x00, 0x01,
628	0x3F, 0x15, 0x09, 0x00, 0x00, 0x25, 0x06, 0x06, 0x0B, 0xA2, 0x34, 0x41,
629	0x04, 0x77, 0x24, 0x25, 0x00, 0x00, 0xB3, 0x01, 0x03, 0x78, 0xAD, 0xBA,
630	0x06, 0x02, 0x55, 0x28, 0x00, 0x00, 0x3B, 0x25, 0x06, 0x07, 0x31, 0x25,
631	0x06, 0x01, 0x19, 0x04, 0x76, 0x42, 0x00, 0x00, 0x01, 0x01, 0x78, 0xAC,
632	0x01, 0x01, 0x10, 0x06, 0x02, 0x43, 0x28, 0xBA, 0x3E, 0x00, 0x04, 0xB3,
633	0x25, 0x01, 0x17, 0x01, 0x18, 0x72, 0x05, 0x02, 0x48, 0x28, 0x01, 0x18,
634	0x11, 0x03, 0x00, 0x75, 0xAD, 0xA8, 0x02, 0x00, 0x06, 0x0C, 0x01, 0x80,
635	0x64, 0x08, 0x03, 0x01, 0xA8, 0x02, 0x01, 0x09, 0x04, 0x0E, 0x25, 0x01,
636	0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09, 0x01, 0x8E, 0x6C, 0x09,
637	0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08, 0x02, 0x01, 0x01, 0x03,
638	0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01, 0x80, 0x63, 0x09, 0x01,
639	0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83, 0x0F, 0x09, 0x01, 0x83,
640	0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01, 0x0C, 0xA9, 0x41, 0x01,
641	0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3F, 0x02, 0x01, 0x01, 0x80,
642	0x64, 0x07, 0x3E, 0x02, 0x01, 0x01, 0x83, 0x10, 0x07, 0x3F, 0x2F, 0x15,
643	0x06, 0x03, 0x01, 0x18, 0x09, 0x94, 0x09, 0x7B, 0x25, 0x01, 0x05, 0x14,
644	0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15, 0x01, 0x01, 0x3B, 0xA9,
645	0x02, 0x03, 0x09, 0x41, 0x03, 0x03, 0x01, 0x00, 0x01, 0x17, 0xA9, 0x01,
646	0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3B, 0xA9, 0x01, 0x3C,
647	0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3C, 0xA9, 0x02,
648	0x02, 0x09, 0x03, 0x02, 0xBA, 0x25, 0x01, 0x2E, 0x11, 0x06, 0x0D, 0x24,
649	0xBA, 0x25, 0x01, 0x30, 0x01, 0x39, 0x72, 0x06, 0x03, 0x24, 0x04, 0x74,
650	0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x48, 0x28, 0x79, 0x02, 0x03, 0x02,
651	0x02, 0x00, 0x01, 0xBA, 0x7D, 0x01, 0x0A, 0x08, 0x03, 0x00, 0xBA, 0x7D,
652	0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0xA8, 0x25, 0x02,
653	0x01, 0x02, 0x00, 0x72, 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x34, 0xB3,
654	0x01, 0x02, 0x78, 0x0B, 0xAB, 0x00, 0x03, 0x25, 0x03, 0x00, 0x03, 0x01,
655	0x03, 0x02, 0xAD, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06, 0x02, 0x54,
656	0x28, 0x25, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x24, 0x25, 0x05, 0x04, 0x24,
657	0x01, 0x00, 0x00, 0xBA, 0x04, 0x6F, 0x02, 0x01, 0x25, 0x05, 0x02, 0x50,
658	0x28, 0x41, 0x03, 0x01, 0x02, 0x02, 0x37, 0x02, 0x02, 0x40, 0x03, 0x02,
659	0x25, 0x06, 0x03, 0xBA, 0x04, 0x68, 0x24, 0x02, 0x00, 0x02, 0x01, 0x0A,
660	0x00, 0x01, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x01,
661	0x81, 0x00, 0x0A, 0x25, 0x05, 0x02, 0x4E, 0x28, 0x03, 0x00, 0x01, 0x00,
662	0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, 0x00, 0x41, 0x03, 0x00,
663	0x25, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F, 0x28, 0x01,
664	0x08, 0x0E, 0x3B, 0xBA, 0x34, 0x09, 0x04, 0x60, 0x00, 0x00, 0xAC, 0x95,
665	0x00, 0x00, 0xAD, 0xC2, 0x00, 0x00, 0xB3, 0x76, 0xAD, 0x00, 0x01, 0xAD,
666	0x25, 0x05, 0x02, 0x54, 0x28, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06,
667	0x02, 0x54, 0x28, 0x03, 0x00, 0x25, 0x06, 0x16, 0xBA, 0x02, 0x00, 0x25,
668	0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, 0x54, 0x28, 0x01, 0x08,
669	0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x24, 0x02, 0x00, 0x00, 0x00, 0xAD,
670	0x25, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xC2, 0x01, 0x00, 0x67, 0x37,
671	0x01, 0x00, 0x00, 0x25, 0x67, 0x37, 0x67, 0x40, 0xA5, 0x01, 0x7F, 0x00,
672	0x00, 0xB3, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB6, 0x04,
673	0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x33,
674	0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x28, 0x01,
675	0x14, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x1D, 0x01, 0x16,
676	0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x12, 0x01, 0x1E, 0x30,
677	0x11, 0x06, 0x05, 0x24, 0x75, 0xB5, 0x04, 0x07, 0x42, 0xAE, 0x01, 0x00,
678	0x01, 0x00, 0x24, 0x00, 0x01, 0xBA, 0x03, 0x00, 0x02, 0x00, 0x01, 0x05,
679	0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01, 0x06, 0x14, 0x25, 0x01,
680	0x01, 0x15, 0x06, 0x02, 0x46, 0x28, 0x01, 0x04, 0x0E, 0x02, 0x00, 0x01,
681	0x1F, 0x15, 0x25, 0x01, 0x1F, 0x11, 0x06, 0x02, 0x47, 0x28, 0x09, 0x00,
682	0x00, 0x25, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xB3, 0x00, 0x01,
683	0xAD, 0x25, 0x05, 0x05, 0x67, 0x37, 0x01, 0x7F, 0x00, 0x01, 0x01, 0x03,
684	0x00, 0x9F, 0x25, 0x01, 0x83, 0xFF, 0x7E, 0x11, 0x06, 0x16, 0x24, 0x25,
685	0x06, 0x10, 0xA0, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02,
686	0x00, 0x84, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B, 0x25, 0x05, 0x05, 0x24,
687	0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x25, 0x06, 0x0B,
688	0x9F, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x04, 0x6D, 0x24,
689	0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01, 0x7F, 0x00,
690	0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xA1, 0x25, 0x05,
691	0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x04,
692	0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01,
693	0x7F, 0x00, 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xBA,
694	0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03,
695	0x00, 0x04, 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67,
696	0x37, 0x01, 0x7F, 0x00, 0x00, 0xBA, 0x01, 0x08, 0x0E, 0x3B, 0xBA, 0x34,
697	0x09, 0x00, 0x00, 0xBA, 0x3B, 0xBA, 0x01, 0x08, 0x0E, 0x34, 0x09, 0x00,
698	0x00, 0x25, 0x05, 0x02, 0x4F, 0x28, 0x41, 0xBB, 0x00, 0x00, 0x32, 0x25,
699	0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x24, 0x19, 0x04, 0x74, 0x00, 0x01,
700	0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x15, 0x00, 0x00, 0x01,
701	0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, 0x33, 0x00, 0x00, 0xC3,
702	0x24, 0x00, 0x00, 0x25, 0x06, 0x07, 0xC4, 0x25, 0x06, 0x01, 0x19, 0x04,
703	0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, 0x42, 0x00, 0x00, 0x01,
704	0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00, 0x00, 0x01, 0x82, 0x22,
705	0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x01, 0x03, 0x33, 0x01, 0x03,
706	0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFD, 0x5F,
707	0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x25, 0x01, 0x83, 0xB0, 0x00,
708	0x01, 0x83, 0xBF, 0x7F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x01,
709	0x83, 0xFF, 0x7F, 0x15, 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00
710};
711
712static const uint16_t t0_caddr[] = {
713	0,
714	5,
715	10,
716	15,
717	20,
718	25,
719	29,
720	33,
721	37,
722	41,
723	45,
724	49,
725	53,
726	57,
727	61,
728	65,
729	69,
730	73,
731	77,
732	81,
733	85,
734	89,
735	93,
736	97,
737	101,
738	105,
739	109,
740	113,
741	117,
742	121,
743	125,
744	130,
745	135,
746	140,
747	145,
748	150,
749	155,
750	160,
751	165,
752	173,
753	178,
754	183,
755	188,
756	193,
757	198,
758	202,
759	207,
760	212,
761	217,
762	238,
763	243,
764	248,
765	253,
766	282,
767	297,
768	302,
769	308,
770	314,
771	319,
772	327,
773	335,
774	341,
775	346,
776	357,
777	992,
778	1007,
779	1011,
780	1016,
781	1021,
782	1026,
783	1031,
784	1036,
785	1150,
786	1155,
787	1167,
788	1172,
789	1177,
790	1182,
791	1186,
792	1191,
793	1196,
794	1201,
795	1206,
796	1216,
797	1221,
798	1226,
799	1238,
800	1253,
801	1258,
802	1272,
803	1294,
804	1305,
805	1408,
806	1455,
807	1488,
808	1579,
809	1585,
810	1648,
811	1655,
812	1683,
813	1711,
814	1816,
815	1858,
816	1871,
817	1883,
818	1897,
819	1912,
820	2132,
821	2146,
822	2163,
823	2172,
824	2239,
825	2295,
826	2299,
827	2303,
828	2308,
829	2356,
830	2382,
831	2458,
832	2502,
833	2513,
834	2598,
835	2636,
836	2674,
837	2684,
838	2694,
839	2703,
840	2716,
841	2720,
842	2724,
843	2728,
844	2732,
845	2736,
846	2740,
847	2744,
848	2756,
849	2764,
850	2769,
851	2774,
852	2779,
853	2784,
854	2792
855};
856
857#define T0_INTERPRETED   61
858
859#define T0_ENTER(ip, rp, slot)   do { \
860		const unsigned char *t0_newip; \
861		uint32_t t0_lnum; \
862		t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
863		t0_lnum = t0_parse7E_unsigned(&t0_newip); \
864		(rp) += t0_lnum; \
865		*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
866		(ip) = t0_newip; \
867	} while (0)
868
869#define T0_DEFENTRY(name, slot) \
870void \
871name(void *ctx) \
872{ \
873	t0_context *t0ctx = ctx; \
874	t0ctx->ip = &t0_codeblock[0]; \
875	T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
876}
877
878T0_DEFENTRY(br_x509_minimal_init_main, 147)
879
880#define T0_NEXT(t0ipp)   (*(*(t0ipp)) ++)
881
882void
883br_x509_minimal_run(void *t0ctx)
884{
885	uint32_t *dp, *rp;
886	const unsigned char *ip;
887
888#define T0_LOCAL(x)    (*(rp - 2 - (x)))
889#define T0_POP()       (*-- dp)
890#define T0_POPi()      (*(int32_t *)(-- dp))
891#define T0_PEEK(x)     (*(dp - 1 - (x)))
892#define T0_PEEKi(x)    (*(int32_t *)(dp - 1 - (x)))
893#define T0_PUSH(v)     do { *dp = (v); dp ++; } while (0)
894#define T0_PUSHi(v)    do { *(int32_t *)dp = (v); dp ++; } while (0)
895#define T0_RPOP()      (*-- rp)
896#define T0_RPOPi()     (*(int32_t *)(-- rp))
897#define T0_RPUSH(v)    do { *rp = (v); rp ++; } while (0)
898#define T0_RPUSHi(v)   do { *(int32_t *)rp = (v); rp ++; } while (0)
899#define T0_ROLL(x)     do { \
900	size_t t0len = (size_t)(x); \
901	uint32_t t0tmp = *(dp - 1 - t0len); \
902	memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
903	*(dp - 1) = t0tmp; \
904} while (0)
905#define T0_SWAP()      do { \
906	uint32_t t0tmp = *(dp - 2); \
907	*(dp - 2) = *(dp - 1); \
908	*(dp - 1) = t0tmp; \
909} while (0)
910#define T0_ROT()       do { \
911	uint32_t t0tmp = *(dp - 3); \
912	*(dp - 3) = *(dp - 2); \
913	*(dp - 2) = *(dp - 1); \
914	*(dp - 1) = t0tmp; \
915} while (0)
916#define T0_NROT()       do { \
917	uint32_t t0tmp = *(dp - 1); \
918	*(dp - 1) = *(dp - 2); \
919	*(dp - 2) = *(dp - 3); \
920	*(dp - 3) = t0tmp; \
921} while (0)
922#define T0_PICK(x)      do { \
923	uint32_t t0depth = (x); \
924	T0_PUSH(T0_PEEK(t0depth)); \
925} while (0)
926#define T0_CO()         do { \
927	goto t0_exit; \
928} while (0)
929#define T0_RET()        goto t0_next
930
931	dp = ((t0_context *)t0ctx)->dp;
932	rp = ((t0_context *)t0ctx)->rp;
933	ip = ((t0_context *)t0ctx)->ip;
934	goto t0_next;
935	for (;;) {
936		uint32_t t0x;
937
938	t0_next:
939		t0x = T0_NEXT(&ip);
940		if (t0x < T0_INTERPRETED) {
941			switch (t0x) {
942				int32_t t0off;
943
944			case 0: /* ret */
945				t0x = T0_RPOP();
946				rp -= (t0x >> 16);
947				t0x &= 0xFFFF;
948				if (t0x == 0) {
949					ip = NULL;
950					goto t0_exit;
951				}
952				ip = &t0_codeblock[t0x];
953				break;
954			case 1: /* literal constant */
955				T0_PUSHi(t0_parse7E_signed(&ip));
956				break;
957			case 2: /* read local */
958				T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
959				break;
960			case 3: /* write local */
961				T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
962				break;
963			case 4: /* jump */
964				t0off = t0_parse7E_signed(&ip);
965				ip += t0off;
966				break;
967			case 5: /* jump if */
968				t0off = t0_parse7E_signed(&ip);
969				if (T0_POP()) {
970					ip += t0off;
971				}
972				break;
973			case 6: /* jump if not */
974				t0off = t0_parse7E_signed(&ip);
975				if (!T0_POP()) {
976					ip += t0off;
977				}
978				break;
979			case 7: {
980				/* %25 */
981
982	int32_t b = T0_POPi();
983	int32_t a = T0_POPi();
984	T0_PUSHi(a % b);
985
986				}
987				break;
988			case 8: {
989				/* * */
990
991	uint32_t b = T0_POP();
992	uint32_t a = T0_POP();
993	T0_PUSH(a * b);
994
995				}
996				break;
997			case 9: {
998				/* + */
999
1000	uint32_t b = T0_POP();
1001	uint32_t a = T0_POP();
1002	T0_PUSH(a + b);
1003
1004				}
1005				break;
1006			case 10: {
1007				/* - */
1008
1009	uint32_t b = T0_POP();
1010	uint32_t a = T0_POP();
1011	T0_PUSH(a - b);
1012
1013				}
1014				break;
1015			case 11: {
1016				/* -rot */
1017 T0_NROT();
1018				}
1019				break;
1020			case 12: {
1021				/* / */
1022
1023	int32_t b = T0_POPi();
1024	int32_t a = T0_POPi();
1025	T0_PUSHi(a / b);
1026
1027				}
1028				break;
1029			case 13: {
1030				/* < */
1031
1032	int32_t b = T0_POPi();
1033	int32_t a = T0_POPi();
1034	T0_PUSH(-(uint32_t)(a < b));
1035
1036				}
1037				break;
1038			case 14: {
1039				/* << */
1040
1041	int c = (int)T0_POPi();
1042	uint32_t x = T0_POP();
1043	T0_PUSH(x << c);
1044
1045				}
1046				break;
1047			case 15: {
1048				/* <= */
1049
1050	int32_t b = T0_POPi();
1051	int32_t a = T0_POPi();
1052	T0_PUSH(-(uint32_t)(a <= b));
1053
1054				}
1055				break;
1056			case 16: {
1057				/* <> */
1058
1059	uint32_t b = T0_POP();
1060	uint32_t a = T0_POP();
1061	T0_PUSH(-(uint32_t)(a != b));
1062
1063				}
1064				break;
1065			case 17: {
1066				/* = */
1067
1068	uint32_t b = T0_POP();
1069	uint32_t a = T0_POP();
1070	T0_PUSH(-(uint32_t)(a == b));
1071
1072				}
1073				break;
1074			case 18: {
1075				/* > */
1076
1077	int32_t b = T0_POPi();
1078	int32_t a = T0_POPi();
1079	T0_PUSH(-(uint32_t)(a > b));
1080
1081				}
1082				break;
1083			case 19: {
1084				/* >= */
1085
1086	int32_t b = T0_POPi();
1087	int32_t a = T0_POPi();
1088	T0_PUSH(-(uint32_t)(a >= b));
1089
1090				}
1091				break;
1092			case 20: {
1093				/* >> */
1094
1095	int c = (int)T0_POPi();
1096	int32_t x = T0_POPi();
1097	T0_PUSHi(x >> c);
1098
1099				}
1100				break;
1101			case 21: {
1102				/* and */
1103
1104	uint32_t b = T0_POP();
1105	uint32_t a = T0_POP();
1106	T0_PUSH(a & b);
1107
1108				}
1109				break;
1110			case 22: {
1111				/* blobcopy */
1112
1113	size_t len = T0_POP();
1114	unsigned char *src = (unsigned char *)CTX + T0_POP();
1115	unsigned char *dst = (unsigned char *)CTX + T0_POP();
1116	memcpy(dst, src, len);
1117
1118				}
1119				break;
1120			case 23: {
1121				/* check-direct-trust */
1122
1123	size_t u;
1124
1125	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1126		const br_x509_trust_anchor *ta;
1127		unsigned char hashed_DN[64];
1128		int kt;
1129
1130		ta = &CTX->trust_anchors[u];
1131		if (ta->flags & BR_X509_TA_CA) {
1132			continue;
1133		}
1134		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1135		if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {
1136			continue;
1137		}
1138		kt = CTX->pkey.key_type;
1139		if ((ta->pkey.key_type & 0x0F) != kt) {
1140			continue;
1141		}
1142		switch (kt) {
1143
1144		case BR_KEYTYPE_RSA:
1145			if (!eqbigint(CTX->pkey.key.rsa.n,
1146				CTX->pkey.key.rsa.nlen,
1147				ta->pkey.key.rsa.n,
1148				ta->pkey.key.rsa.nlen)
1149				|| !eqbigint(CTX->pkey.key.rsa.e,
1150				CTX->pkey.key.rsa.elen,
1151				ta->pkey.key.rsa.e,
1152				ta->pkey.key.rsa.elen))
1153			{
1154				continue;
1155			}
1156			break;
1157
1158		case BR_KEYTYPE_EC:
1159			if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve
1160				|| CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen
1161				|| memcmp(CTX->pkey.key.ec.q,
1162					ta->pkey.key.ec.q,
1163					ta->pkey.key.ec.qlen) != 0)
1164			{
1165				continue;
1166			}
1167			break;
1168
1169		default:
1170			continue;
1171		}
1172
1173		/*
1174		 * Direct trust match!
1175		 */
1176		CTX->err = BR_ERR_X509_OK;
1177		T0_CO();
1178	}
1179
1180				}
1181				break;
1182			case 24: {
1183				/* check-trust-anchor-CA */
1184
1185	size_t u;
1186
1187	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1188		const br_x509_trust_anchor *ta;
1189		unsigned char hashed_DN[64];
1190
1191		ta = &CTX->trust_anchors[u];
1192		if (!(ta->flags & BR_X509_TA_CA)) {
1193			continue;
1194		}
1195		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1196		if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {
1197			continue;
1198		}
1199		if (verify_signature(CTX, &ta->pkey) == 0) {
1200			CTX->err = BR_ERR_X509_OK;
1201			T0_CO();
1202		}
1203	}
1204
1205				}
1206				break;
1207			case 25: {
1208				/* co */
1209 T0_CO();
1210				}
1211				break;
1212			case 26: {
1213				/* compute-dn-hash */
1214
1215	CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash);
1216	CTX->do_dn_hash = 0;
1217
1218				}
1219				break;
1220			case 27: {
1221				/* compute-tbs-hash */
1222
1223	int id = T0_POPi();
1224	size_t len;
1225	len = br_multihash_out(&CTX->mhash, id, CTX->tbs_hash);
1226	T0_PUSH(len);
1227
1228				}
1229				break;
1230			case 28: {
1231				/* copy-ee-ec-pkey */
1232
1233	size_t qlen = T0_POP();
1234	uint32_t curve = T0_POP();
1235	memcpy(CTX->ee_pkey_data, CTX->pkey_data, qlen);
1236	CTX->pkey.key_type = BR_KEYTYPE_EC;
1237	CTX->pkey.key.ec.curve = curve;
1238	CTX->pkey.key.ec.q = CTX->ee_pkey_data;
1239	CTX->pkey.key.ec.qlen = qlen;
1240
1241				}
1242				break;
1243			case 29: {
1244				/* copy-ee-rsa-pkey */
1245
1246	size_t elen = T0_POP();
1247	size_t nlen = T0_POP();
1248	memcpy(CTX->ee_pkey_data, CTX->pkey_data, nlen + elen);
1249	CTX->pkey.key_type = BR_KEYTYPE_RSA;
1250	CTX->pkey.key.rsa.n = CTX->ee_pkey_data;
1251	CTX->pkey.key.rsa.nlen = nlen;
1252	CTX->pkey.key.rsa.e = CTX->ee_pkey_data + nlen;
1253	CTX->pkey.key.rsa.elen = elen;
1254
1255				}
1256				break;
1257			case 30: {
1258				/* copy-name-SAN */
1259
1260	unsigned tag = T0_POP();
1261	unsigned ok = T0_POP();
1262	size_t u, len;
1263
1264	len = CTX->pad[0];
1265	for (u = 0; u < CTX->num_name_elts; u ++) {
1266		br_name_element *ne;
1267
1268		ne = &CTX->name_elts[u];
1269		if (ne->status == 0 && ne->oid[0] == 0 && ne->oid[1] == tag) {
1270			if (ok && ne->len > len) {
1271				memcpy(ne->buf, CTX->pad + 1, len);
1272				ne->buf[len] = 0;
1273				ne->status = 1;
1274			} else {
1275				ne->status = -1;
1276			}
1277			break;
1278		}
1279	}
1280
1281				}
1282				break;
1283			case 31: {
1284				/* copy-name-element */
1285
1286	size_t len;
1287	int32_t off = T0_POPi();
1288	int ok = T0_POPi();
1289
1290	if (off >= 0) {
1291		br_name_element *ne = &CTX->name_elts[off];
1292
1293		if (ok) {
1294			len = CTX->pad[0];
1295			if (len < ne->len) {
1296				memcpy(ne->buf, CTX->pad + 1, len);
1297				ne->buf[len] = 0;
1298				ne->status = 1;
1299			} else {
1300				ne->status = -1;
1301			}
1302		} else {
1303			ne->status = -1;
1304		}
1305	}
1306
1307				}
1308				break;
1309			case 32: {
1310				/* data-get8 */
1311
1312	size_t addr = T0_POP();
1313	T0_PUSH(t0_datablock[addr]);
1314
1315				}
1316				break;
1317			case 33: {
1318				/* dn-hash-length */
1319
1320	T0_PUSH(DNHASH_LEN);
1321
1322				}
1323				break;
1324			case 34: {
1325				/* do-ecdsa-vrfy */
1326
1327	size_t qlen = T0_POP();
1328	int curve = T0_POP();
1329	br_x509_pkey pk;
1330
1331	pk.key_type = BR_KEYTYPE_EC;
1332	pk.key.ec.curve = curve;
1333	pk.key.ec.q = CTX->pkey_data;
1334	pk.key.ec.qlen = qlen;
1335	T0_PUSH(verify_signature(CTX, &pk));
1336
1337				}
1338				break;
1339			case 35: {
1340				/* do-rsa-vrfy */
1341
1342	size_t elen = T0_POP();
1343	size_t nlen = T0_POP();
1344	br_x509_pkey pk;
1345
1346	pk.key_type = BR_KEYTYPE_RSA;
1347	pk.key.rsa.n = CTX->pkey_data;
1348	pk.key.rsa.nlen = nlen;
1349	pk.key.rsa.e = CTX->pkey_data + nlen;
1350	pk.key.rsa.elen = elen;
1351	T0_PUSH(verify_signature(CTX, &pk));
1352
1353				}
1354				break;
1355			case 36: {
1356				/* drop */
1357 (void)T0_POP();
1358				}
1359				break;
1360			case 37: {
1361				/* dup */
1362 T0_PUSH(T0_PEEK(0));
1363				}
1364				break;
1365			case 38: {
1366				/* eqOID */
1367
1368	const unsigned char *a2 = &t0_datablock[T0_POP()];
1369	const unsigned char *a1 = &CTX->pad[0];
1370	size_t len = a1[0];
1371	int x;
1372	if (len == a2[0]) {
1373		x = -(memcmp(a1 + 1, a2 + 1, len) == 0);
1374	} else {
1375		x = 0;
1376	}
1377	T0_PUSH((uint32_t)x);
1378
1379				}
1380				break;
1381			case 39: {
1382				/* eqblob */
1383
1384	size_t len = T0_POP();
1385	const unsigned char *a2 = (const unsigned char *)CTX + T0_POP();
1386	const unsigned char *a1 = (const unsigned char *)CTX + T0_POP();
1387	T0_PUSHi(-(memcmp(a1, a2, len) == 0));
1388
1389				}
1390				break;
1391			case 40: {
1392				/* fail */
1393
1394	CTX->err = T0_POPi();
1395	T0_CO();
1396
1397				}
1398				break;
1399			case 41: {
1400				/* get-system-date */
1401
1402	if (CTX->days == 0 && CTX->seconds == 0) {
1403#if BR_USE_UNIX_TIME
1404		time_t x = time(NULL);
1405
1406		T0_PUSH((uint32_t)(x / 86400) + 719528);
1407		T0_PUSH((uint32_t)(x % 86400));
1408#elif BR_USE_WIN32_TIME
1409		FILETIME ft;
1410		uint64_t x;
1411
1412		GetSystemTimeAsFileTime(&ft);
1413		x = ((uint64_t)ft.dwHighDateTime << 32)
1414			+ (uint64_t)ft.dwLowDateTime;
1415		x = (x / 10000000);
1416		T0_PUSH((uint32_t)(x / 86400) + 584754);
1417		T0_PUSH((uint32_t)(x % 86400));
1418#else
1419		CTX->err = BR_ERR_X509_TIME_UNKNOWN;
1420		T0_CO();
1421#endif
1422	} else {
1423		T0_PUSH(CTX->days);
1424		T0_PUSH(CTX->seconds);
1425	}
1426
1427				}
1428				break;
1429			case 42: {
1430				/* get16 */
1431
1432	uint32_t addr = T0_POP();
1433	T0_PUSH(*(uint16_t *)(void *)((unsigned char *)CTX + addr));
1434
1435				}
1436				break;
1437			case 43: {
1438				/* get32 */
1439
1440	uint32_t addr = T0_POP();
1441	T0_PUSH(*(uint32_t *)(void *)((unsigned char *)CTX + addr));
1442
1443				}
1444				break;
1445			case 44: {
1446				/* match-server-name */
1447
1448	size_t n1, n2;
1449
1450	if (CTX->server_name == NULL) {
1451		T0_PUSH(0);
1452		T0_RET();
1453	}
1454	n1 = strlen(CTX->server_name);
1455	n2 = CTX->pad[0];
1456	if (n1 == n2 && eqnocase(&CTX->pad[1], CTX->server_name, n1)) {
1457		T0_PUSHi(-1);
1458		T0_RET();
1459	}
1460	if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {
1461		size_t u;
1462
1463		u = 0;
1464		while (u < n1 && CTX->server_name[u] != '.') {
1465			u ++;
1466		}
1467		u ++;
1468		n1 -= u;
1469		if ((n2 - 2) == n1
1470			&& eqnocase(&CTX->pad[3], CTX->server_name + u, n1))
1471		{
1472			T0_PUSHi(-1);
1473			T0_RET();
1474		}
1475	}
1476	T0_PUSH(0);
1477
1478				}
1479				break;
1480			case 45: {
1481				/* neg */
1482
1483	uint32_t a = T0_POP();
1484	T0_PUSH(-a);
1485
1486				}
1487				break;
1488			case 46: {
1489				/* offset-name-element */
1490
1491	unsigned san = T0_POP();
1492	size_t u;
1493
1494	for (u = 0; u < CTX->num_name_elts; u ++) {
1495		if (CTX->name_elts[u].status == 0) {
1496			const unsigned char *oid;
1497			size_t len, off;
1498
1499			oid = CTX->name_elts[u].oid;
1500			if (san) {
1501				if (oid[0] != 0 || oid[1] != 0) {
1502					continue;
1503				}
1504				off = 2;
1505			} else {
1506				off = 0;
1507			}
1508			len = oid[off];
1509			if (len != 0 && len == CTX->pad[0]
1510				&& memcmp(oid + off + 1,
1511					CTX->pad + 1, len) == 0)
1512			{
1513				T0_PUSH(u);
1514				T0_RET();
1515			}
1516		}
1517	}
1518	T0_PUSHi(-1);
1519
1520				}
1521				break;
1522			case 47: {
1523				/* or */
1524
1525	uint32_t b = T0_POP();
1526	uint32_t a = T0_POP();
1527	T0_PUSH(a | b);
1528
1529				}
1530				break;
1531			case 48: {
1532				/* over */
1533 T0_PUSH(T0_PEEK(1));
1534				}
1535				break;
1536			case 49: {
1537				/* read-blob-inner */
1538
1539	uint32_t len = T0_POP();
1540	uint32_t addr = T0_POP();
1541	size_t clen = CTX->hlen;
1542	if (clen > len) {
1543		clen = (size_t)len;
1544	}
1545	if (addr != 0) {
1546		memcpy((unsigned char *)CTX + addr, CTX->hbuf, clen);
1547	}
1548	if (CTX->do_mhash) {
1549		br_multihash_update(&CTX->mhash, CTX->hbuf, clen);
1550	}
1551	if (CTX->do_dn_hash) {
1552		CTX->dn_hash_impl->update(
1553			&CTX->dn_hash.vtable, CTX->hbuf, clen);
1554	}
1555	CTX->hbuf += clen;
1556	CTX->hlen -= clen;
1557	T0_PUSH(addr + clen);
1558	T0_PUSH(len - clen);
1559
1560				}
1561				break;
1562			case 50: {
1563				/* read8-low */
1564
1565	if (CTX->hlen == 0) {
1566		T0_PUSHi(-1);
1567	} else {
1568		unsigned char x = *CTX->hbuf ++;
1569		if (CTX->do_mhash) {
1570			br_multihash_update(&CTX->mhash, &x, 1);
1571		}
1572		if (CTX->do_dn_hash) {
1573			CTX->dn_hash_impl->update(&CTX->dn_hash.vtable, &x, 1);
1574		}
1575		CTX->hlen --;
1576		T0_PUSH(x);
1577	}
1578
1579				}
1580				break;
1581			case 51: {
1582				/* roll */
1583 T0_ROLL(T0_POP());
1584				}
1585				break;
1586			case 52: {
1587				/* rot */
1588 T0_ROT();
1589				}
1590				break;
1591			case 53: {
1592				/* set16 */
1593
1594	uint32_t addr = T0_POP();
1595	*(uint16_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();
1596
1597				}
1598				break;
1599			case 54: {
1600				/* set32 */
1601
1602	uint32_t addr = T0_POP();
1603	*(uint32_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();
1604
1605				}
1606				break;
1607			case 55: {
1608				/* set8 */
1609
1610	uint32_t addr = T0_POP();
1611	*((unsigned char *)CTX + addr) = (unsigned char)T0_POP();
1612
1613				}
1614				break;
1615			case 56: {
1616				/* start-dn-hash */
1617
1618	CTX->dn_hash_impl->init(&CTX->dn_hash.vtable);
1619	CTX->do_dn_hash = 1;
1620
1621				}
1622				break;
1623			case 57: {
1624				/* start-tbs-hash */
1625
1626	br_multihash_init(&CTX->mhash);
1627	CTX->do_mhash = 1;
1628
1629				}
1630				break;
1631			case 58: {
1632				/* stop-tbs-hash */
1633
1634	CTX->do_mhash = 0;
1635
1636				}
1637				break;
1638			case 59: {
1639				/* swap */
1640 T0_SWAP();
1641				}
1642				break;
1643			case 60: {
1644				/* zero-server-name */
1645
1646	T0_PUSHi(-(CTX->server_name == NULL));
1647
1648				}
1649				break;
1650			}
1651
1652		} else {
1653			T0_ENTER(ip, rp, t0x);
1654		}
1655	}
1656t0_exit:
1657	((t0_context *)t0ctx)->dp = dp;
1658	((t0_context *)t0ctx)->rp = rp;
1659	((t0_context *)t0ctx)->ip = ip;
1660}
1661
1662
1663
1664/*
1665 * Verify the signature on the certificate with the provided public key.
1666 * This function checks the public key type with regards to the expected
1667 * type. Returned value is either 0 on success, or a non-zero error code.
1668 */
1669static int
1670verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk)
1671{
1672	int kt;
1673
1674	kt = ctx->cert_signer_key_type;
1675	if ((pk->key_type & 0x0F) != kt) {
1676		return BR_ERR_X509_WRONG_KEY_TYPE;
1677	}
1678	switch (kt) {
1679		unsigned char tmp[64];
1680
1681	case BR_KEYTYPE_RSA:
1682		if (ctx->irsa == 0) {
1683			return BR_ERR_X509_UNSUPPORTED;
1684		}
1685		if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len,
1686			&t0_datablock[ctx->cert_sig_hash_oid],
1687			ctx->cert_sig_hash_len, &pk->key.rsa, tmp))
1688		{
1689			return BR_ERR_X509_BAD_SIGNATURE;
1690		}
1691		if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
1692			return BR_ERR_X509_BAD_SIGNATURE;
1693		}
1694		return 0;
1695
1696	case BR_KEYTYPE_EC:
1697		if (ctx->iecdsa == 0) {
1698			return BR_ERR_X509_UNSUPPORTED;
1699		}
1700		if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash,
1701			ctx->cert_sig_hash_len, &pk->key.ec,
1702			ctx->cert_sig, ctx->cert_sig_len))
1703		{
1704			return BR_ERR_X509_BAD_SIGNATURE;
1705		}
1706		return 0;
1707
1708	default:
1709		return BR_ERR_X509_UNSUPPORTED;
1710	}
1711}
1712
1713
1714