xref: /freebsd/contrib/bearssl/src/ssl/ssl_hs_client.c (revision 2aaf9152a852aba9eb2036b95f4948ee77988826)
1 /* Automatically generated code; do not modify directly. */
2 
3 #include <stddef.h>
4 #include <stdint.h>
5 
6 typedef struct {
7 	uint32_t *dp;
8 	uint32_t *rp;
9 	const unsigned char *ip;
10 } t0_context;
11 
12 static uint32_t
t0_parse7E_unsigned(const unsigned char ** p)13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 	uint32_t x;
16 
17 	x = 0;
18 	for (;;) {
19 		unsigned y;
20 
21 		y = *(*p) ++;
22 		x = (x << 7) | (uint32_t)(y & 0x7F);
23 		if (y < 0x80) {
24 			return x;
25 		}
26 	}
27 }
28 
29 static int32_t
t0_parse7E_signed(const unsigned char ** p)30 t0_parse7E_signed(const unsigned char **p)
31 {
32 	int neg;
33 	uint32_t x;
34 
35 	neg = ((**p) >> 6) & 1;
36 	x = (uint32_t)-neg;
37 	for (;;) {
38 		unsigned y;
39 
40 		y = *(*p) ++;
41 		x = (x << 7) | (uint32_t)(y & 0x7F);
42 		if (y < 0x80) {
43 			if (neg) {
44 				return -(int32_t)~x - 1;
45 			} else {
46 				return (int32_t)x;
47 			}
48 		}
49 	}
50 }
51 
52 #define T0_VBYTE(x, n)   (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n)   (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x)      (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x)       T0_FBYTE(x, 0)
56 #define T0_INT2(x)       T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x)       T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x)       T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x)       T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60 
61 /* static const unsigned char t0_datablock[]; */
62 
63 
64 void br_ssl_hs_client_init_main(void *t0ctx);
65 
66 void br_ssl_hs_client_run(void *t0ctx);
67 
68 
69 
70 #include <stddef.h>
71 #include <string.h>
72 
73 #include "inner.h"
74 
75 /*
76  * This macro evaluates to a pointer to the current engine context.
77  */
78 #define ENG  ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79 
80 
81 
82 
83 
84 /*
85  * This macro evaluates to a pointer to the client context, under that
86  * specific name. It must be noted that since the engine context is the
87  * first field of the br_ssl_client_context structure ('eng'), then
88  * pointers values of both types are interchangeable, modulo an
89  * appropriate cast. This also means that "addresses" computed as offsets
90  * within the structure work for both kinds of context.
91  */
92 #define CTX  ((br_ssl_client_context *)ENG)
93 
94 /*
95  * Generate the pre-master secret for RSA key exchange, and encrypt it
96  * with the server's public key. Returned value is either the encrypted
97  * data length (in bytes), or -x on error, with 'x' being an error code.
98  *
99  * This code assumes that the public key has been already verified (it
100  * was properly obtained by the X.509 engine, and it has the right type,
101  * i.e. it is of type RSA and suitable for encryption).
102  */
103 static int
make_pms_rsa(br_ssl_client_context * ctx,int prf_id)104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 	const br_x509_class **xc;
107 	const br_x509_pkey *pk;
108 	const unsigned char *n;
109 	unsigned char *pms;
110 	size_t nlen, u;
111 
112 	xc = ctx->eng.x509ctx;
113 	pk = (*xc)->get_pkey(xc, NULL);
114 
115 	/*
116 	 * Compute actual RSA key length, in case there are leading zeros.
117 	 */
118 	n = pk->key.rsa.n;
119 	nlen = pk->key.rsa.nlen;
120 	while (nlen > 0 && *n == 0) {
121 		n ++;
122 		nlen --;
123 	}
124 
125 	/*
126 	 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 	 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 	 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 	 * so this is mostly for public keys provided explicitly by the
130 	 * caller.
131 	 */
132 	if (nlen < 59) {
133 		return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 	}
135 	if (nlen > sizeof ctx->eng.pad) {
136 		return -BR_ERR_LIMIT_EXCEEDED;
137 	}
138 
139 	/*
140 	 * Make PMS.
141 	 */
142 	pms = ctx->eng.pad + nlen - 48;
143 	br_enc16be(pms, ctx->eng.version_max);
144 	br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 	br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146 
147 	/*
148 	 * Apply PKCS#1 type 2 padding.
149 	 */
150 	ctx->eng.pad[0] = 0x00;
151 	ctx->eng.pad[1] = 0x02;
152 	ctx->eng.pad[nlen - 49] = 0x00;
153 	br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 	for (u = 2; u < nlen - 49; u ++) {
155 		while (ctx->eng.pad[u] == 0) {
156 			br_hmac_drbg_generate(&ctx->eng.rng,
157 				&ctx->eng.pad[u], 1);
158 		}
159 	}
160 
161 	/*
162 	 * Compute RSA encryption.
163 	 */
164 	if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 		return -BR_ERR_LIMIT_EXCEEDED;
166 	}
167 	return (int)nlen;
168 }
169 
170 /*
171  * OID for hash functions in RSA signatures.
172  */
173 static const unsigned char *HASH_OID[] = {
174 	BR_HASH_OID_SHA1,
175 	BR_HASH_OID_SHA224,
176 	BR_HASH_OID_SHA256,
177 	BR_HASH_OID_SHA384,
178 	BR_HASH_OID_SHA512
179 };
180 
181 /*
182  * Check the RSA signature on the ServerKeyExchange message.
183  *
184  *   hash      hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185  *   use_rsa   non-zero for RSA signature, zero for ECDSA
186  *   sig_len   signature length (in bytes); signature value is in the pad
187  *
188  * Returned value is 0 on success, or an error code.
189  */
190 static int
verify_SKE_sig(br_ssl_client_context * ctx,int hash,int use_rsa,size_t sig_len)191 verify_SKE_sig(br_ssl_client_context *ctx,
192 	int hash, int use_rsa, size_t sig_len)
193 {
194 	const br_x509_class **xc;
195 	const br_x509_pkey *pk;
196 	br_multihash_context mhc;
197 	unsigned char hv[64], head[4];
198 	size_t hv_len;
199 
200 	xc = ctx->eng.x509ctx;
201 	pk = (*xc)->get_pkey(xc, NULL);
202 	br_multihash_zero(&mhc);
203 	br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
204 	br_multihash_init(&mhc);
205 	br_multihash_update(&mhc,
206 		ctx->eng.client_random, sizeof ctx->eng.client_random);
207 	br_multihash_update(&mhc,
208 		ctx->eng.server_random, sizeof ctx->eng.server_random);
209 	head[0] = 3;
210 	head[1] = 0;
211 	head[2] = ctx->eng.ecdhe_curve;
212 	head[3] = ctx->eng.ecdhe_point_len;
213 	br_multihash_update(&mhc, head, sizeof head);
214 	br_multihash_update(&mhc,
215 		ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
216 	if (hash) {
217 		hv_len = br_multihash_out(&mhc, hash, hv);
218 		if (hv_len == 0) {
219 			return BR_ERR_INVALID_ALGORITHM;
220 		}
221 	} else {
222 		if (!br_multihash_out(&mhc, br_md5_ID, hv)
223 			|| !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
224 		{
225 			return BR_ERR_INVALID_ALGORITHM;
226 		}
227 		hv_len = 36;
228 	}
229 	if (use_rsa) {
230 		unsigned char tmp[64];
231 		const unsigned char *hash_oid;
232 
233 		if (hash) {
234 			hash_oid = HASH_OID[hash - 2];
235 		} else {
236 			hash_oid = NULL;
237 		}
238 		if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
239 			hash_oid, hv_len, &pk->key.rsa, tmp)
240 			|| memcmp(tmp, hv, hv_len) != 0)
241 		{
242 			return BR_ERR_BAD_SIGNATURE;
243 		}
244 	} else {
245 		if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
246 			ctx->eng.pad, sig_len))
247 		{
248 			return BR_ERR_BAD_SIGNATURE;
249 		}
250 	}
251 	return 0;
252 }
253 
254 /*
255  * Perform client-side ECDH (or ECDHE). The point that should be sent to
256  * the server is written in the pad; returned value is either the point
257  * length (in bytes), or -x on error, with 'x' being an error code.
258  *
259  * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260  * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
261  * (for static ECDH).
262  */
263 static int
make_pms_ecdh(br_ssl_client_context * ctx,unsigned ecdhe,int prf_id)264 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
265 {
266 	int curve;
267 	unsigned char key[66], point[133];
268 	const unsigned char *order, *point_src;
269 	size_t glen, olen, point_len, xoff, xlen;
270 	unsigned char mask;
271 
272 	if (ecdhe) {
273 		curve = ctx->eng.ecdhe_curve;
274 		point_src = ctx->eng.ecdhe_point;
275 		point_len = ctx->eng.ecdhe_point_len;
276 	} else {
277 		const br_x509_class **xc;
278 		const br_x509_pkey *pk;
279 
280 		xc = ctx->eng.x509ctx;
281 		pk = (*xc)->get_pkey(xc, NULL);
282 		curve = pk->key.ec.curve;
283 		point_src = pk->key.ec.q;
284 		point_len = pk->key.ec.qlen;
285 	}
286 	if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
287 		return -BR_ERR_INVALID_ALGORITHM;
288 	}
289 
290 	/*
291 	 * We need to generate our key, as a non-zero random value which
292 	 * is lower than the curve order, in a "large enough" range. We
293 	 * force top bit to 0 and bottom bit to 1, which guarantees that
294 	 * the value is in the proper range.
295 	 */
296 	order = ctx->eng.iec->order(curve, &olen);
297 	mask = 0xFF;
298 	while (mask >= order[0]) {
299 		mask >>= 1;
300 	}
301 	br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
302 	key[0] &= mask;
303 	key[olen - 1] |= 0x01;
304 
305 	/*
306 	 * Compute the common ECDH point, whose X coordinate is the
307 	 * pre-master secret.
308 	 */
309 	ctx->eng.iec->generator(curve, &glen);
310 	if (glen != point_len) {
311 		return -BR_ERR_INVALID_ALGORITHM;
312 	}
313 
314 	memcpy(point, point_src, glen);
315 	if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
316 		return -BR_ERR_INVALID_ALGORITHM;
317 	}
318 
319 	/*
320 	 * The pre-master secret is the X coordinate.
321 	 */
322 	xoff = ctx->eng.iec->xoff(curve, &xlen);
323 	br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
324 
325 	ctx->eng.iec->mulgen(point, key, olen, curve);
326 	memcpy(ctx->eng.pad, point, glen);
327 	return (int)glen;
328 }
329 
330 /*
331  * Perform full static ECDH. This occurs only in the context of client
332  * authentication with certificates: the server uses an EC public key,
333  * the cipher suite is of type ECDH (not ECDHE), the server requested a
334  * client certificate and accepts static ECDH, the client has a
335  * certificate with an EC public key in the same curve, and accepts
336  * static ECDH as well.
337  *
338  * Returned value is 0 on success, -1 on error.
339  */
340 static int
make_pms_static_ecdh(br_ssl_client_context * ctx,int prf_id)341 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
342 {
343 	unsigned char point[133];
344 	size_t point_len;
345 	const br_x509_class **xc;
346 	const br_x509_pkey *pk;
347 
348 	xc = ctx->eng.x509ctx;
349 	pk = (*xc)->get_pkey(xc, NULL);
350 	point_len = pk->key.ec.qlen;
351 	if (point_len > sizeof point) {
352 		return -1;
353 	}
354 	memcpy(point, pk->key.ec.q, point_len);
355 	if (!(*ctx->client_auth_vtable)->do_keyx(
356 		ctx->client_auth_vtable, point, &point_len))
357 	{
358 		return -1;
359 	}
360 	br_ssl_engine_compute_master(&ctx->eng,
361 		prf_id, point, point_len);
362 	return 0;
363 }
364 
365 /*
366  * Compute the client-side signature. This is invoked only when a
367  * signature-based client authentication was selected. The computed
368  * signature is in the pad; its length (in bytes) is returned. On
369  * error, 0 is returned.
370  */
371 static size_t
make_client_sign(br_ssl_client_context * ctx)372 make_client_sign(br_ssl_client_context *ctx)
373 {
374 	size_t hv_len;
375 
376 	/*
377 	 * Compute hash of handshake messages so far. This "cannot" fail
378 	 * because the list of supported hash functions provided to the
379 	 * client certificate handler was trimmed to include only the
380 	 * hash functions that the multi-hasher supports.
381 	 */
382 	if (ctx->hash_id) {
383 		hv_len = br_multihash_out(&ctx->eng.mhash,
384 			ctx->hash_id, ctx->eng.pad);
385 	} else {
386 		br_multihash_out(&ctx->eng.mhash,
387 			br_md5_ID, ctx->eng.pad);
388 		br_multihash_out(&ctx->eng.mhash,
389 			br_sha1_ID, ctx->eng.pad + 16);
390 		hv_len = 36;
391 	}
392 	return (*ctx->client_auth_vtable)->do_sign(
393 		ctx->client_auth_vtable, ctx->hash_id, hv_len,
394 		ctx->eng.pad, sizeof ctx->eng.pad);
395 }
396 
397 
398 
399 static const unsigned char t0_datablock[] = {
400 	0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 	0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 	0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 	0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 	0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 	0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 	0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 	0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 	0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 	0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 	0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 	0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xC0, 0x9C, 0x06,
412 	0x04, 0xC0, 0x9D, 0x07, 0x04, 0xC0, 0xA0, 0x08, 0x04, 0xC0, 0xA1, 0x09,
413 	0x04, 0xC0, 0xAC, 0x26, 0x04, 0xC0, 0xAD, 0x27, 0x04, 0xC0, 0xAE, 0x28,
414 	0x04, 0xC0, 0xAF, 0x29, 0x04, 0xCC, 0xA8, 0x15, 0x04, 0xCC, 0xA9, 0x25,
415 	0x04, 0x00, 0x00
416 };
417 
418 static const unsigned char t0_codeblock[] = {
419 	0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
420 	0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
421 	0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
422 	0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
423 	T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
424 	T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
425 	T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
426 	T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
427 	T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
428 	T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
429 	T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
430 	T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
431 	T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
432 	T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
433 	0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
434 	T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
435 	T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
436 	0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
437 	T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
438 	T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
439 	T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
440 	T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
441 	T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
442 	T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
443 	T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
444 	0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
445 	0x01,
446 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
447 	0x00, 0x00, 0x01,
448 	T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
449 	0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
450 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
451 	0x00, 0x00, 0x01,
452 	T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
453 	0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
454 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
455 	0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
456 	0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
457 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
458 	0x00, 0x00, 0x01,
459 	T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
460 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
461 	0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
462 	0x00, 0x00, 0x01,
463 	T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
464 	0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
465 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
466 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
467 	0x00, 0x00, 0x01,
468 	T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
469 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
470 	0x00, 0x00, 0x01,
471 	T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
472 	0x01,
473 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
474 	0x00, 0x00, 0x01,
475 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
476 	0x00, 0x00, 0x01,
477 	T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
478 	0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
479 	0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
480 	0x01,
481 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
482 	0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
483 	0x00, 0x00, 0x01,
484 	T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
485 	0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
486 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
487 	0x00, 0x00, 0x09, 0x26, 0x58, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x06,
488 	0x08, 0x2C, 0x0E, 0x05, 0x02, 0x71, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
489 	0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x26, 0x5E, 0x44, 0x9D, 0x26,
490 	0x05, 0x04, 0x60, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9D,
491 	0x00, 0x5E, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x26,
492 	0x89, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x79, 0x2C, 0xAB, 0x1C,
493 	0x84, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
494 	0x5C, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x77, 0x2E, 0x02, 0x00, 0x36,
495 	0x17, 0x01, 0x01, 0x0B, 0x77, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
496 	0x00, 0xCF, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x26,
497 	0x1A, 0x17, 0x06, 0x02, 0x6F, 0x28, 0xCF, 0x04, 0x76, 0x01, 0x01, 0x00,
498 	0x77, 0x3E, 0x01, 0x16, 0x87, 0x3E, 0x01, 0x00, 0x8A, 0x3C, 0x34, 0xD5,
499 	0x29, 0xB4, 0x06, 0x09, 0x01, 0x7F, 0xAF, 0x01, 0x7F, 0xD2, 0x04, 0x80,
500 	0x53, 0xB1, 0x79, 0x2C, 0xA1, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
501 	0x06, 0x01, 0xB5, 0xB8, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB7,
502 	0xB8, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
503 	0x05, 0x02, 0x72, 0x28, 0x06, 0x02, 0x67, 0x28, 0x33, 0x06, 0x02, 0x72,
504 	0x28, 0x02, 0x00, 0x06, 0x1C, 0xD3, 0x80, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
505 	0x06, 0x0D, 0x25, 0x01, 0x10, 0xDE, 0x01, 0x00, 0xDD, 0x79, 0x2C, 0xAB,
506 	0x24, 0x04, 0x04, 0xD6, 0x06, 0x01, 0xD4, 0x04, 0x01, 0xD6, 0x01, 0x7F,
507 	0xD2, 0x01, 0x7F, 0xAF, 0x01, 0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E,
508 	0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x00,
509 	0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
510 	T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
511 	0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
512 	T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
513 	0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
514 	T0_INT1(BR_KEYTYPE_EC  | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
515 	0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
516 	T0_INT1(BR_KEYTYPE_EC  | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
517 	0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
518 	T0_INT1(BR_KEYTYPE_EC  | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
519 	0x44, 0x25, 0x00, 0x00, 0x82, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
520 	0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
521 	0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x88, 0x2E, 0x26, 0x06, 0x08, 0x01,
522 	0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
523 	0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
524 	0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
525 	0x01, 0x06, 0x08, 0x00, 0x00, 0x8B, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
526 	0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
527 	0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
528 	0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
529 	0x08, 0x00, 0x00, 0x7F, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
530 	0x00, 0x9F, 0xCE, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
531 	0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9F, 0x04, 0x35, 0x01, 0x01,
532 	0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x77, 0x3E, 0xB3, 0x88,
533 	0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA8, 0x37, 0x06, 0x17, 0x29, 0x1A,
534 	0x36, 0x06, 0x04, 0xCE, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x01,
535 	0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E, 0x04, 0x01, 0x9F, 0x04, 0x03,
536 	0x72, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
537 	0x58, 0x06, 0x02, 0x68, 0x28, 0x02, 0x00, 0x00, 0x00, 0x9A, 0x01, 0x0F,
538 	0x17, 0x00, 0x00, 0x76, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
539 	0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x76, 0x3E, 0x01,
540 	0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
541 	0x76, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
542 	0x08, 0x28, 0x5A, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
543 	0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAC, 0x37, 0x04, 0x78,
544 	0x26, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x3E, 0x00, 0x01, 0xBF, 0xAA, 0xBF,
545 	0xAA, 0xC1, 0x84, 0x44, 0x26, 0x03, 0x00, 0xB6, 0x9B, 0x9B, 0x02, 0x00,
546 	0x4D, 0x26, 0x58, 0x06, 0x0A, 0x01, 0x03, 0xA8, 0x06, 0x02, 0x72, 0x28,
547 	0x25, 0x04, 0x03, 0x5C, 0x8A, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x86,
548 	0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72, 0x28, 0x04, 0x11, 0xCE, 0x01,
549 	0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x72, 0x28,
550 	0x04, 0x70, 0x25, 0xC2, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x61,
551 	0x28, 0x26, 0x01, 0x01, 0xC8, 0x36, 0xB2, 0x00, 0x01, 0xB8, 0x01, 0x0B,
552 	0x0E, 0x05, 0x02, 0x72, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xC0,
553 	0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x00, 0x44, 0x57, 0xC0, 0xAA, 0x26,
554 	0x06, 0x23, 0xC0, 0xAA, 0x26, 0x56, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
555 	0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
556 	0x84, 0x02, 0x00, 0xB6, 0x02, 0x00, 0x53, 0x04, 0x65, 0x9B, 0x54, 0x04,
557 	0x5A, 0x9B, 0x9B, 0x55, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
558 	0x00, 0x79, 0x2C, 0xA1, 0x01, 0x7F, 0xB0, 0x26, 0x58, 0x06, 0x02, 0x35,
559 	0x28, 0x26, 0x05, 0x02, 0x72, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x74,
560 	0x28, 0x3B, 0x00, 0x00, 0x9C, 0xB8, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72,
561 	0x28, 0x84, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB6, 0x9B, 0x84, 0x26, 0x01,
562 	0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x64, 0x28, 0x00, 0x00, 0xB9,
563 	0x06, 0x02, 0x72, 0x28, 0x06, 0x02, 0x66, 0x28, 0x00, 0x0A, 0xB8, 0x01,
564 	0x02, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xBF, 0x03, 0x00, 0x02, 0x00, 0x95,
565 	0x2C, 0x0A, 0x02, 0x00, 0x94, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x73, 0x28,
566 	0x02, 0x00, 0x93, 0x2C, 0x0D, 0x06, 0x02, 0x6B, 0x28, 0x02, 0x00, 0x96,
567 	0x3C, 0x8C, 0x01, 0x20, 0xB6, 0x01, 0x00, 0x03, 0x01, 0xC1, 0x03, 0x02,
568 	0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x70, 0x28, 0x84, 0x02, 0x02,
569 	0xB6, 0x02, 0x02, 0x8E, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
570 	0x06, 0x0B, 0x8D, 0x84, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
571 	0x01, 0x8D, 0x84, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8E, 0x3E, 0x02, 0x00,
572 	0x92, 0x02, 0x01, 0x98, 0xBF, 0x26, 0xC3, 0x58, 0x06, 0x02, 0x62, 0x28,
573 	0x26, 0xCD, 0x02, 0x00, 0x01, 0x86, 0x03, 0x0A, 0x17, 0x06, 0x02, 0x62,
574 	0x28, 0x79, 0x02, 0x01, 0x98, 0xC1, 0x06, 0x02, 0x63, 0x28, 0x26, 0x06,
575 	0x81, 0x47, 0xBF, 0xAA, 0xA6, 0x03, 0x03, 0xA4, 0x03, 0x04, 0xA2, 0x03,
576 	0x05, 0xA5, 0x03, 0x06, 0xA7, 0x03, 0x07, 0xA3, 0x03, 0x08, 0x27, 0x03,
577 	0x09, 0x26, 0x06, 0x81, 0x18, 0xBF, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F,
578 	0x25, 0x02, 0x03, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBE,
579 	0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05,
580 	0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBC, 0x04, 0x80, 0x6A,
581 	0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05,
582 	0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBD, 0x04, 0x80, 0x53, 0x01,
583 	0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6C, 0x28,
584 	0x01, 0x00, 0x03, 0x06, 0xBA, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06,
585 	0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x07,
586 	0xBA, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08,
587 	0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x08, 0xBA, 0x04, 0x17, 0x01,
588 	0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6C, 0x28,
589 	0x01, 0x00, 0x03, 0x09, 0xAE, 0x04, 0x03, 0x6C, 0x28, 0x25, 0x04, 0xFE,
590 	0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02,
591 	0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x04, 0x0C, 0xA4, 0x01, 0x05,
592 	0x0F, 0x06, 0x02, 0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x02, 0x01,
593 	0x00, 0x04, 0xB8, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xC1, 0x01,
594 	0x03, 0x0E, 0x05, 0x02, 0x6D, 0x28, 0xBF, 0x26, 0x7C, 0x3E, 0x26, 0x01,
595 	0x20, 0x10, 0x06, 0x02, 0x6D, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17,
596 	0x05, 0x02, 0x6D, 0x28, 0xC1, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02,
597 	0x6D, 0x28, 0x26, 0x7E, 0x3E, 0x7D, 0x44, 0xB6, 0x92, 0x2C, 0x01, 0x86,
598 	0x03, 0x10, 0x03, 0x00, 0x79, 0x2C, 0xCB, 0x03, 0x01, 0x01, 0x02, 0x03,
599 	0x02, 0x02, 0x00, 0x06, 0x21, 0xC1, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44,
600 	0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6D, 0x28, 0x03, 0x02, 0xC1, 0x02,
601 	0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6D, 0x28,
602 	0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBF, 0x26,
603 	0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x84,
604 	0x44, 0xB6, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x50, 0x26, 0x06, 0x01,
605 	0x28, 0x25, 0x9B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x97,
606 	0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x60,
607 	0x00, 0xD0, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xC1, 0xAA, 0x26,
608 	0x06, 0x80, 0x43, 0xC1, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
609 	0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25,
610 	0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06,
611 	0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38,
612 	0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00,
613 	0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x9B, 0x79,
614 	0x2C, 0xC9, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03,
615 	0x00, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xBB, 0x26, 0x81,
616 	0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00,
617 	0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17,
618 	0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80,
619 	0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88,
620 	0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88,
621 	0x01, 0x17, 0x03, 0x00, 0x16, 0xBF, 0xAA, 0x26, 0x06, 0x23, 0xBF, 0xAA,
622 	0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05,
623 	0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x84, 0x02, 0x01, 0xB6,
624 	0x02, 0x01, 0x12, 0x04, 0x65, 0x9B, 0x13, 0x04, 0x5A, 0x9B, 0x14, 0x9B,
625 	0x02, 0x00, 0x2A, 0x00, 0x00, 0xB9, 0x26, 0x5A, 0x06, 0x07, 0x25, 0x06,
626 	0x02, 0x66, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC2, 0x01, 0x03, 0xC0, 0x44,
627 	0x25, 0x44, 0x00, 0x00, 0xBF, 0xC6, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
628 	0xBF, 0xAA, 0x26, 0x06, 0x80, 0x50, 0xC1, 0x03, 0x01, 0xC1, 0x03, 0x02,
629 	0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C,
630 	0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00,
631 	0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01,
632 	0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01,
633 	0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02,
634 	0x5D, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04,
635 	0xFF, 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBF, 0x01, 0x01, 0x0E, 0x05,
636 	0x02, 0x65, 0x28, 0xC1, 0x01, 0x08, 0x08, 0x82, 0x2E, 0x0E, 0x05, 0x02,
637 	0x65, 0x28, 0x00, 0x00, 0xBF, 0x88, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E,
638 	0x05, 0x02, 0x69, 0x28, 0xC1, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x69, 0x28,
639 	0x01, 0x02, 0x88, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x69,
640 	0x28, 0xC1, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x69, 0x28, 0x84, 0x01, 0x18,
641 	0xB6, 0x89, 0x84, 0x01, 0x18, 0x30, 0x05, 0x02, 0x69, 0x28, 0x00, 0x00,
642 	0xBF, 0x06, 0x02, 0x6A, 0x28, 0x00, 0x00, 0x01, 0x02, 0x97, 0xC2, 0x01,
643 	0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x03, 0x97, 0xC2, 0x01, 0x08,
644 	0x0B, 0xC2, 0x08, 0x01, 0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x01,
645 	0x97, 0xC2, 0x00, 0x00, 0x3A, 0x26, 0x58, 0x05, 0x01, 0x00, 0x25, 0xD0,
646 	0x04, 0x76, 0x02, 0x03, 0x00, 0x91, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26,
647 	0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x90, 0x08, 0x2C,
648 	0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5C, 0x04, 0x6A, 0x25, 0x01, 0x7F,
649 	0x00, 0x00, 0x01, 0x15, 0x87, 0x3E, 0x44, 0x52, 0x25, 0x52, 0x25, 0x29,
650 	0x00, 0x00, 0x01, 0x01, 0x44, 0xC4, 0x00, 0x00, 0x44, 0x38, 0x97, 0x44,
651 	0x26, 0x06, 0x05, 0xC2, 0x25, 0x5D, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26,
652 	0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x9A,
653 	0x59, 0x00, 0x02, 0x03, 0x00, 0x79, 0x2C, 0x9A, 0x03, 0x01, 0x02, 0x01,
654 	0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02,
655 	0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
656 	0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04,
657 	0x01, 0x4A, 0x04, 0x81, 0x0D, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25,
658 	0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A,
659 	0x04, 0x80, 0x77, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01,
660 	0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x80,
661 	0x61, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x25, 0x01, 0x10, 0x02,
662 	0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x80, 0x4C, 0x01, 0x04,
663 	0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
664 	0x47, 0x04, 0x01, 0x48, 0x04, 0x38, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C,
665 	0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x4B, 0x04, 0x01, 0x4C, 0x04, 0x26,
666 	0x26, 0x01, 0x09, 0x0F, 0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x26, 0x01,
667 	0x01, 0x17, 0x01, 0x04, 0x0B, 0x01, 0x10, 0x08, 0x44, 0x01, 0x08, 0x17,
668 	0x01, 0x10, 0x44, 0x09, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46,
669 	0x00, 0x25, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
670 	0x00, 0x9A, 0x01, 0x0C, 0x11, 0x26, 0x5B, 0x44, 0x01, 0x03, 0x0A, 0x17,
671 	0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x9A,
672 	0x01, 0x0C, 0x11, 0x5A, 0x00, 0x00, 0x9A, 0x01, 0x81, 0x70, 0x17, 0x01,
673 	0x20, 0x0D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x75, 0x2E, 0x26, 0x06, 0x22,
674 	0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9E, 0x04, 0x14,
675 	0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x77, 0x2E, 0x01, 0x01, 0x0E,
676 	0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x7B,
677 	0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x86, 0x2E, 0x01, 0x14, 0x38, 0x0E,
678 	0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E,
679 	0x06, 0x09, 0x25, 0xAD, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01,
680 	0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25,
681 	0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37,
682 	0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x86, 0x2E, 0x01,
683 	0x15, 0x0E, 0x06, 0x08, 0x25, 0xAD, 0x01, 0x00, 0x77, 0x3E, 0x04, 0x01,
684 	0x20, 0x00, 0x00, 0xCE, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02,
685 	0x72, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00,
686 	0x87, 0x3E, 0x00, 0xCE, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xD1, 0x01,
687 	0x01, 0xDE, 0x29, 0x26, 0x01, 0x00, 0xC8, 0x01, 0x16, 0xD1, 0xD7, 0x29,
688 	0x00, 0x00, 0x01, 0x0B, 0xDE, 0x4E, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDD,
689 	0xDD, 0x18, 0x26, 0x58, 0x06, 0x02, 0x25, 0x00, 0xDD, 0x1D, 0x26, 0x06,
690 	0x05, 0x84, 0x44, 0xD8, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01,
691 	0x0F, 0xDE, 0x26, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01,
692 	0x04, 0x08, 0xDD, 0x80, 0x2E, 0xDE, 0x78, 0x2E, 0xDE, 0x04, 0x02, 0x5E,
693 	0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x00, 0x02, 0xA4, 0xA6, 0x08, 0xA2,
694 	0x08, 0xA5, 0x08, 0xA7, 0x08, 0xA3, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01,
695 	0x01, 0xDE, 0x01, 0x27, 0x8E, 0x2E, 0x08, 0x91, 0x2E, 0x01, 0x01, 0x0B,
696 	0x08, 0x02, 0x00, 0x06, 0x04, 0x5E, 0x02, 0x00, 0x08, 0x83, 0x2C, 0x38,
697 	0x09, 0x26, 0x5B, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5E, 0x44,
698 	0x5F, 0x01, 0x04, 0x09, 0x26, 0x58, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26,
699 	0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08,
700 	0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDD, 0x94,
701 	0x2C, 0xDC, 0x7A, 0x01, 0x04, 0x19, 0x7A, 0x01, 0x04, 0x08, 0x01, 0x1C,
702 	0x32, 0x7A, 0x01, 0x20, 0xD8, 0x8D, 0x8E, 0x2E, 0xDA, 0x91, 0x2E, 0x26,
703 	0x01, 0x01, 0x0B, 0xDC, 0x90, 0x44, 0x26, 0x06, 0x0F, 0x5D, 0x38, 0x2C,
704 	0x26, 0xC7, 0x05, 0x02, 0x62, 0x28, 0xDC, 0x44, 0x5E, 0x44, 0x04, 0x6E,
705 	0x60, 0x01, 0x01, 0xDE, 0x01, 0x00, 0xDE, 0x02, 0x00, 0x06, 0x81, 0x5A,
706 	0x02, 0x00, 0xDC, 0xA4, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xDC, 0x89,
707 	0xA4, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x5D, 0xDA, 0xA6, 0x06, 0x16, 0x01,
708 	0x00, 0xDC, 0x8B, 0xA6, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x01, 0x02, 0x09,
709 	0x26, 0xDC, 0x01, 0x00, 0xDE, 0x01, 0x03, 0x09, 0xD9, 0xA2, 0x06, 0x0C,
710 	0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC, 0x82, 0x2E, 0x01, 0x08, 0x09, 0xDE,
711 	0xA5, 0x06, 0x19, 0x01, 0x0D, 0xDC, 0xA5, 0x01, 0x04, 0x09, 0x26, 0xDC,
712 	0x01, 0x02, 0x09, 0xDC, 0x42, 0x06, 0x03, 0x01, 0x03, 0xDB, 0x43, 0x06,
713 	0x03, 0x01, 0x01, 0xDB, 0xA7, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xDC, 0x01,
714 	0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82,
715 	0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF,
716 	0x7F, 0x17, 0x01, 0x1D, 0xDC, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0xA0,
717 	0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xDC, 0x5C, 0x04, 0x6E, 0x60,
718 	0x04, 0x01, 0x25, 0xA3, 0x06, 0x0A, 0x01, 0x0B, 0xDC, 0x01, 0x02, 0xDC,
719 	0x01, 0x82, 0x00, 0xDC, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xDC, 0x01,
720 	0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x85, 0x2C, 0x01, 0x00, 0xA0, 0x0F,
721 	0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDE, 0x84, 0x44, 0xD8, 0x5C, 0x04, 0x72,
722 	0x60, 0x04, 0x01, 0x25, 0x02, 0x01, 0x58, 0x05, 0x11, 0x01, 0x15, 0xDC,
723 	0x02, 0x01, 0x26, 0xDC, 0x26, 0x06, 0x06, 0x5D, 0x01, 0x00, 0xDE, 0x04,
724 	0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDE, 0x79, 0x2C, 0x26, 0xCC, 0x06,
725 	0x0C, 0xAB, 0x23, 0x26, 0x5E, 0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x04,
726 	0x0D, 0x26, 0xCA, 0x44, 0xAB, 0x22, 0x26, 0x5C, 0xDD, 0x26, 0xDE, 0x84,
727 	0x44, 0xD8, 0x00, 0x00, 0x9C, 0x01, 0x14, 0xDE, 0x01, 0x0C, 0xDD, 0x84,
728 	0x01, 0x0C, 0xD8, 0x00, 0x00, 0x51, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
729 	0x60, 0x00, 0xCE, 0x25, 0x04, 0x73, 0x00, 0x26, 0xDC, 0xD8, 0x00, 0x00,
730 	0x26, 0xDE, 0xD8, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10,
731 	0x17, 0x06, 0x06, 0x01, 0x04, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x08,
732 	0x17, 0x06, 0x06, 0x01, 0x03, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x20,
733 	0x17, 0x06, 0x06, 0x01, 0x05, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x80,
734 	0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDE, 0x02, 0x00, 0xDE, 0x01, 0x04,
735 	0x17, 0x06, 0x06, 0x01, 0x02, 0xDE, 0x02, 0x00, 0xDE, 0x00, 0x00, 0x26,
736 	0x01, 0x08, 0x4F, 0xDE, 0xDE, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4F, 0xDE,
737 	0xDC, 0x00, 0x00, 0x26, 0x52, 0x06, 0x02, 0x25, 0x00, 0xCE, 0x25, 0x04,
738 	0x76
739 };
740 
741 static const uint16_t t0_caddr[] = {
742 	0,
743 	5,
744 	10,
745 	15,
746 	20,
747 	25,
748 	30,
749 	35,
750 	40,
751 	44,
752 	48,
753 	52,
754 	56,
755 	60,
756 	64,
757 	68,
758 	72,
759 	76,
760 	80,
761 	84,
762 	88,
763 	92,
764 	96,
765 	100,
766 	104,
767 	108,
768 	112,
769 	116,
770 	120,
771 	124,
772 	129,
773 	134,
774 	139,
775 	144,
776 	149,
777 	154,
778 	159,
779 	164,
780 	169,
781 	174,
782 	179,
783 	184,
784 	189,
785 	194,
786 	199,
787 	204,
788 	209,
789 	214,
790 	219,
791 	224,
792 	229,
793 	234,
794 	239,
795 	244,
796 	249,
797 	254,
798 	259,
799 	264,
800 	269,
801 	274,
802 	279,
803 	284,
804 	289,
805 	294,
806 	303,
807 	316,
808 	320,
809 	345,
810 	351,
811 	370,
812 	381,
813 	422,
814 	542,
815 	546,
816 	611,
817 	626,
818 	637,
819 	655,
820 	684,
821 	694,
822 	730,
823 	740,
824 	818,
825 	832,
826 	838,
827 	897,
828 	916,
829 	951,
830 	1000,
831 	1076,
832 	1103,
833 	1134,
834 	1145,
835 	1497,
836 	1644,
837 	1668,
838 	1884,
839 	1898,
840 	1907,
841 	1911,
842 	2006,
843 	2027,
844 	2083,
845 	2090,
846 	2101,
847 	2117,
848 	2123,
849 	2134,
850 	2169,
851 	2181,
852 	2187,
853 	2202,
854 	2218,
855 	2411,
856 	2420,
857 	2433,
858 	2442,
859 	2449,
860 	2459,
861 	2565,
862 	2590,
863 	2603,
864 	2619,
865 	2637,
866 	2669,
867 	2703,
868 	3071,
869 	3107,
870 	3120,
871 	3134,
872 	3139,
873 	3144,
874 	3210,
875 	3218,
876 	3226
877 };
878 
879 #define T0_INTERPRETED   88
880 
881 #define T0_ENTER(ip, rp, slot)   do { \
882 		const unsigned char *t0_newip; \
883 		uint32_t t0_lnum; \
884 		t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
885 		t0_lnum = t0_parse7E_unsigned(&t0_newip); \
886 		(rp) += t0_lnum; \
887 		*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
888 		(ip) = t0_newip; \
889 	} while (0)
890 
891 #define T0_DEFENTRY(name, slot) \
892 void \
893 name(void *ctx) \
894 { \
895 	t0_context *t0ctx = ctx; \
896 	t0ctx->ip = &t0_codeblock[0]; \
897 	T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
898 }
899 
900 T0_DEFENTRY(br_ssl_hs_client_init_main, 169)
901 
902 #define T0_NEXT(t0ipp)   (*(*(t0ipp)) ++)
903 
904 void
br_ssl_hs_client_run(void * t0ctx)905 br_ssl_hs_client_run(void *t0ctx)
906 {
907 	uint32_t *dp, *rp;
908 	const unsigned char *ip;
909 
910 #define T0_LOCAL(x)    (*(rp - 2 - (x)))
911 #define T0_POP()       (*-- dp)
912 #define T0_POPi()      (*(int32_t *)(-- dp))
913 #define T0_PEEK(x)     (*(dp - 1 - (x)))
914 #define T0_PEEKi(x)    (*(int32_t *)(dp - 1 - (x)))
915 #define T0_PUSH(v)     do { *dp = (v); dp ++; } while (0)
916 #define T0_PUSHi(v)    do { *(int32_t *)dp = (v); dp ++; } while (0)
917 #define T0_RPOP()      (*-- rp)
918 #define T0_RPOPi()     (*(int32_t *)(-- rp))
919 #define T0_RPUSH(v)    do { *rp = (v); rp ++; } while (0)
920 #define T0_RPUSHi(v)   do { *(int32_t *)rp = (v); rp ++; } while (0)
921 #define T0_ROLL(x)     do { \
922 	size_t t0len = (size_t)(x); \
923 	uint32_t t0tmp = *(dp - 1 - t0len); \
924 	memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
925 	*(dp - 1) = t0tmp; \
926 } while (0)
927 #define T0_SWAP()      do { \
928 	uint32_t t0tmp = *(dp - 2); \
929 	*(dp - 2) = *(dp - 1); \
930 	*(dp - 1) = t0tmp; \
931 } while (0)
932 #define T0_ROT()       do { \
933 	uint32_t t0tmp = *(dp - 3); \
934 	*(dp - 3) = *(dp - 2); \
935 	*(dp - 2) = *(dp - 1); \
936 	*(dp - 1) = t0tmp; \
937 } while (0)
938 #define T0_NROT()       do { \
939 	uint32_t t0tmp = *(dp - 1); \
940 	*(dp - 1) = *(dp - 2); \
941 	*(dp - 2) = *(dp - 3); \
942 	*(dp - 3) = t0tmp; \
943 } while (0)
944 #define T0_PICK(x)      do { \
945 	uint32_t t0depth = (x); \
946 	T0_PUSH(T0_PEEK(t0depth)); \
947 } while (0)
948 #define T0_CO()         do { \
949 	goto t0_exit; \
950 } while (0)
951 #define T0_RET()        goto t0_next
952 
953 	dp = ((t0_context *)t0ctx)->dp;
954 	rp = ((t0_context *)t0ctx)->rp;
955 	ip = ((t0_context *)t0ctx)->ip;
956 	goto t0_next;
957 	for (;;) {
958 		uint32_t t0x;
959 
960 	t0_next:
961 		t0x = T0_NEXT(&ip);
962 		if (t0x < T0_INTERPRETED) {
963 			switch (t0x) {
964 				int32_t t0off;
965 
966 			case 0: /* ret */
967 				t0x = T0_RPOP();
968 				rp -= (t0x >> 16);
969 				t0x &= 0xFFFF;
970 				if (t0x == 0) {
971 					ip = NULL;
972 					goto t0_exit;
973 				}
974 				ip = &t0_codeblock[t0x];
975 				break;
976 			case 1: /* literal constant */
977 				T0_PUSHi(t0_parse7E_signed(&ip));
978 				break;
979 			case 2: /* read local */
980 				T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
981 				break;
982 			case 3: /* write local */
983 				T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
984 				break;
985 			case 4: /* jump */
986 				t0off = t0_parse7E_signed(&ip);
987 				ip += t0off;
988 				break;
989 			case 5: /* jump if */
990 				t0off = t0_parse7E_signed(&ip);
991 				if (T0_POP()) {
992 					ip += t0off;
993 				}
994 				break;
995 			case 6: /* jump if not */
996 				t0off = t0_parse7E_signed(&ip);
997 				if (!T0_POP()) {
998 					ip += t0off;
999 				}
1000 				break;
1001 			case 7: {
1002 				/* * */
1003 
1004 	uint32_t b = T0_POP();
1005 	uint32_t a = T0_POP();
1006 	T0_PUSH(a * b);
1007 
1008 				}
1009 				break;
1010 			case 8: {
1011 				/* + */
1012 
1013 	uint32_t b = T0_POP();
1014 	uint32_t a = T0_POP();
1015 	T0_PUSH(a + b);
1016 
1017 				}
1018 				break;
1019 			case 9: {
1020 				/* - */
1021 
1022 	uint32_t b = T0_POP();
1023 	uint32_t a = T0_POP();
1024 	T0_PUSH(a - b);
1025 
1026 				}
1027 				break;
1028 			case 10: {
1029 				/* < */
1030 
1031 	int32_t b = T0_POPi();
1032 	int32_t a = T0_POPi();
1033 	T0_PUSH(-(uint32_t)(a < b));
1034 
1035 				}
1036 				break;
1037 			case 11: {
1038 				/* << */
1039 
1040 	int c = (int)T0_POPi();
1041 	uint32_t x = T0_POP();
1042 	T0_PUSH(x << c);
1043 
1044 				}
1045 				break;
1046 			case 12: {
1047 				/* <= */
1048 
1049 	int32_t b = T0_POPi();
1050 	int32_t a = T0_POPi();
1051 	T0_PUSH(-(uint32_t)(a <= b));
1052 
1053 				}
1054 				break;
1055 			case 13: {
1056 				/* <> */
1057 
1058 	uint32_t b = T0_POP();
1059 	uint32_t a = T0_POP();
1060 	T0_PUSH(-(uint32_t)(a != b));
1061 
1062 				}
1063 				break;
1064 			case 14: {
1065 				/* = */
1066 
1067 	uint32_t b = T0_POP();
1068 	uint32_t a = T0_POP();
1069 	T0_PUSH(-(uint32_t)(a == b));
1070 
1071 				}
1072 				break;
1073 			case 15: {
1074 				/* > */
1075 
1076 	int32_t b = T0_POPi();
1077 	int32_t a = T0_POPi();
1078 	T0_PUSH(-(uint32_t)(a > b));
1079 
1080 				}
1081 				break;
1082 			case 16: {
1083 				/* >= */
1084 
1085 	int32_t b = T0_POPi();
1086 	int32_t a = T0_POPi();
1087 	T0_PUSH(-(uint32_t)(a >= b));
1088 
1089 				}
1090 				break;
1091 			case 17: {
1092 				/* >> */
1093 
1094 	int c = (int)T0_POPi();
1095 	int32_t x = T0_POPi();
1096 	T0_PUSHi(x >> c);
1097 
1098 				}
1099 				break;
1100 			case 18: {
1101 				/* anchor-dn-append-name */
1102 
1103 	size_t len;
1104 
1105 	len = T0_POP();
1106 	if (CTX->client_auth_vtable != NULL) {
1107 		(*CTX->client_auth_vtable)->append_name(
1108 			CTX->client_auth_vtable, ENG->pad, len);
1109 	}
1110 
1111 				}
1112 				break;
1113 			case 19: {
1114 				/* anchor-dn-end-name */
1115 
1116 	if (CTX->client_auth_vtable != NULL) {
1117 		(*CTX->client_auth_vtable)->end_name(
1118 			CTX->client_auth_vtable);
1119 	}
1120 
1121 				}
1122 				break;
1123 			case 20: {
1124 				/* anchor-dn-end-name-list */
1125 
1126 	if (CTX->client_auth_vtable != NULL) {
1127 		(*CTX->client_auth_vtable)->end_name_list(
1128 			CTX->client_auth_vtable);
1129 	}
1130 
1131 				}
1132 				break;
1133 			case 21: {
1134 				/* anchor-dn-start-name */
1135 
1136 	size_t len;
1137 
1138 	len = T0_POP();
1139 	if (CTX->client_auth_vtable != NULL) {
1140 		(*CTX->client_auth_vtable)->start_name(
1141 			CTX->client_auth_vtable, len);
1142 	}
1143 
1144 				}
1145 				break;
1146 			case 22: {
1147 				/* anchor-dn-start-name-list */
1148 
1149 	if (CTX->client_auth_vtable != NULL) {
1150 		(*CTX->client_auth_vtable)->start_name_list(
1151 			CTX->client_auth_vtable);
1152 	}
1153 
1154 				}
1155 				break;
1156 			case 23: {
1157 				/* and */
1158 
1159 	uint32_t b = T0_POP();
1160 	uint32_t a = T0_POP();
1161 	T0_PUSH(a & b);
1162 
1163 				}
1164 				break;
1165 			case 24: {
1166 				/* begin-cert */
1167 
1168 	if (ENG->chain_len == 0) {
1169 		T0_PUSHi(-1);
1170 	} else {
1171 		ENG->cert_cur = ENG->chain->data;
1172 		ENG->cert_len = ENG->chain->data_len;
1173 		ENG->chain ++;
1174 		ENG->chain_len --;
1175 		T0_PUSH(ENG->cert_len);
1176 	}
1177 
1178 				}
1179 				break;
1180 			case 25: {
1181 				/* bzero */
1182 
1183 	size_t len = (size_t)T0_POP();
1184 	void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1185 	memset(addr, 0, len);
1186 
1187 				}
1188 				break;
1189 			case 26: {
1190 				/* can-output? */
1191 
1192 	T0_PUSHi(-(ENG->hlen_out > 0));
1193 
1194 				}
1195 				break;
1196 			case 27: {
1197 				/* co */
1198  T0_CO();
1199 				}
1200 				break;
1201 			case 28: {
1202 				/* compute-Finished-inner */
1203 
1204 	int prf_id = T0_POP();
1205 	int from_client = T0_POPi();
1206 	unsigned char tmp[48];
1207 	br_tls_prf_seed_chunk seed;
1208 
1209 	br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1210 	seed.data = tmp;
1211 	if (ENG->session.version >= BR_TLS12) {
1212 		seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1213 	} else {
1214 		br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1215 		br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1216 		seed.len = 36;
1217 	}
1218 	prf(ENG->pad, 12, ENG->session.master_secret,
1219 		sizeof ENG->session.master_secret,
1220 		from_client ? "client finished" : "server finished",
1221 		1, &seed);
1222 
1223 				}
1224 				break;
1225 			case 29: {
1226 				/* copy-cert-chunk */
1227 
1228 	size_t clen;
1229 
1230 	clen = ENG->cert_len;
1231 	if (clen > sizeof ENG->pad) {
1232 		clen = sizeof ENG->pad;
1233 	}
1234 	memcpy(ENG->pad, ENG->cert_cur, clen);
1235 	ENG->cert_cur += clen;
1236 	ENG->cert_len -= clen;
1237 	T0_PUSH(clen);
1238 
1239 				}
1240 				break;
1241 			case 30: {
1242 				/* copy-protocol-name */
1243 
1244 	size_t idx = T0_POP();
1245 	size_t len = strlen(ENG->protocol_names[idx]);
1246 	memcpy(ENG->pad, ENG->protocol_names[idx], len);
1247 	T0_PUSH(len);
1248 
1249 				}
1250 				break;
1251 			case 31: {
1252 				/* data-get8 */
1253 
1254 	size_t addr = T0_POP();
1255 	T0_PUSH(t0_datablock[addr]);
1256 
1257 				}
1258 				break;
1259 			case 32: {
1260 				/* discard-input */
1261 
1262 	ENG->hlen_in = 0;
1263 
1264 				}
1265 				break;
1266 			case 33: {
1267 				/* do-client-sign */
1268 
1269 	size_t sig_len;
1270 
1271 	sig_len = make_client_sign(CTX);
1272 	if (sig_len == 0) {
1273 		br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1274 		T0_CO();
1275 	}
1276 	T0_PUSH(sig_len);
1277 
1278 				}
1279 				break;
1280 			case 34: {
1281 				/* do-ecdh */
1282 
1283 	unsigned prf_id = T0_POP();
1284 	unsigned ecdhe = T0_POP();
1285 	int x;
1286 
1287 	x = make_pms_ecdh(CTX, ecdhe, prf_id);
1288 	if (x < 0) {
1289 		br_ssl_engine_fail(ENG, -x);
1290 		T0_CO();
1291 	} else {
1292 		T0_PUSH(x);
1293 	}
1294 
1295 				}
1296 				break;
1297 			case 35: {
1298 				/* do-rsa-encrypt */
1299 
1300 	int x;
1301 
1302 	x = make_pms_rsa(CTX, T0_POP());
1303 	if (x < 0) {
1304 		br_ssl_engine_fail(ENG, -x);
1305 		T0_CO();
1306 	} else {
1307 		T0_PUSH(x);
1308 	}
1309 
1310 				}
1311 				break;
1312 			case 36: {
1313 				/* do-static-ecdh */
1314 
1315 	unsigned prf_id = T0_POP();
1316 
1317 	if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1318 		br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1319 		T0_CO();
1320 	}
1321 
1322 				}
1323 				break;
1324 			case 37: {
1325 				/* drop */
1326  (void)T0_POP();
1327 				}
1328 				break;
1329 			case 38: {
1330 				/* dup */
1331  T0_PUSH(T0_PEEK(0));
1332 				}
1333 				break;
1334 			case 39: {
1335 				/* ext-ALPN-length */
1336 
1337 	size_t u, len;
1338 
1339 	if (ENG->protocol_names_num == 0) {
1340 		T0_PUSH(0);
1341 		T0_RET();
1342 	}
1343 	len = 6;
1344 	for (u = 0; u < ENG->protocol_names_num; u ++) {
1345 		len += 1 + strlen(ENG->protocol_names[u]);
1346 	}
1347 	T0_PUSH(len);
1348 
1349 				}
1350 				break;
1351 			case 40: {
1352 				/* fail */
1353 
1354 	br_ssl_engine_fail(ENG, (int)T0_POPi());
1355 	T0_CO();
1356 
1357 				}
1358 				break;
1359 			case 41: {
1360 				/* flush-record */
1361 
1362 	br_ssl_engine_flush_record(ENG);
1363 
1364 				}
1365 				break;
1366 			case 42: {
1367 				/* get-client-chain */
1368 
1369 	uint32_t auth_types;
1370 
1371 	auth_types = T0_POP();
1372 	if (CTX->client_auth_vtable != NULL) {
1373 		br_ssl_client_certificate ux;
1374 
1375 		(*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1376 			CTX, auth_types, &ux);
1377 		CTX->auth_type = (unsigned char)ux.auth_type;
1378 		CTX->hash_id = (unsigned char)ux.hash_id;
1379 		ENG->chain = ux.chain;
1380 		ENG->chain_len = ux.chain_len;
1381 	} else {
1382 		CTX->hash_id = 0;
1383 		ENG->chain_len = 0;
1384 	}
1385 
1386 				}
1387 				break;
1388 			case 43: {
1389 				/* get-key-type-usages */
1390 
1391 	const br_x509_class *xc;
1392 	const br_x509_pkey *pk;
1393 	unsigned usages;
1394 
1395 	xc = *(ENG->x509ctx);
1396 	pk = xc->get_pkey(ENG->x509ctx, &usages);
1397 	if (pk == NULL) {
1398 		T0_PUSH(0);
1399 	} else {
1400 		T0_PUSH(pk->key_type | usages);
1401 	}
1402 
1403 				}
1404 				break;
1405 			case 44: {
1406 				/* get16 */
1407 
1408 	size_t addr = (size_t)T0_POP();
1409 	T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG + addr));
1410 
1411 				}
1412 				break;
1413 			case 45: {
1414 				/* get32 */
1415 
1416 	size_t addr = (size_t)T0_POP();
1417 	T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG + addr));
1418 
1419 				}
1420 				break;
1421 			case 46: {
1422 				/* get8 */
1423 
1424 	size_t addr = (size_t)T0_POP();
1425 	T0_PUSH(*((unsigned char *)ENG + addr));
1426 
1427 				}
1428 				break;
1429 			case 47: {
1430 				/* has-input? */
1431 
1432 	T0_PUSHi(-(ENG->hlen_in != 0));
1433 
1434 				}
1435 				break;
1436 			case 48: {
1437 				/* memcmp */
1438 
1439 	size_t len = (size_t)T0_POP();
1440 	void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1441 	void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1442 	int x = memcmp(addr1, addr2, len);
1443 	T0_PUSH((uint32_t)-(x == 0));
1444 
1445 				}
1446 				break;
1447 			case 49: {
1448 				/* memcpy */
1449 
1450 	size_t len = (size_t)T0_POP();
1451 	void *src = (unsigned char *)ENG + (size_t)T0_POP();
1452 	void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1453 	memcpy(dst, src, len);
1454 
1455 				}
1456 				break;
1457 			case 50: {
1458 				/* mkrand */
1459 
1460 	size_t len = (size_t)T0_POP();
1461 	void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1462 	br_hmac_drbg_generate(&ENG->rng, addr, len);
1463 
1464 				}
1465 				break;
1466 			case 51: {
1467 				/* more-incoming-bytes? */
1468 
1469 	T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1470 
1471 				}
1472 				break;
1473 			case 52: {
1474 				/* multihash-init */
1475 
1476 	br_multihash_init(&ENG->mhash);
1477 
1478 				}
1479 				break;
1480 			case 53: {
1481 				/* neg */
1482 
1483 	uint32_t a = T0_POP();
1484 	T0_PUSH(-a);
1485 
1486 				}
1487 				break;
1488 			case 54: {
1489 				/* not */
1490 
1491 	uint32_t a = T0_POP();
1492 	T0_PUSH(~a);
1493 
1494 				}
1495 				break;
1496 			case 55: {
1497 				/* or */
1498 
1499 	uint32_t b = T0_POP();
1500 	uint32_t a = T0_POP();
1501 	T0_PUSH(a | b);
1502 
1503 				}
1504 				break;
1505 			case 56: {
1506 				/* over */
1507  T0_PUSH(T0_PEEK(1));
1508 				}
1509 				break;
1510 			case 57: {
1511 				/* read-chunk-native */
1512 
1513 	size_t clen = ENG->hlen_in;
1514 	if (clen > 0) {
1515 		uint32_t addr, len;
1516 
1517 		len = T0_POP();
1518 		addr = T0_POP();
1519 		if ((size_t)len < clen) {
1520 			clen = (size_t)len;
1521 		}
1522 		memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1523 		if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1524 			br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1525 		}
1526 		T0_PUSH(addr + (uint32_t)clen);
1527 		T0_PUSH(len - (uint32_t)clen);
1528 		ENG->hbuf_in += clen;
1529 		ENG->hlen_in -= clen;
1530 	}
1531 
1532 				}
1533 				break;
1534 			case 58: {
1535 				/* read8-native */
1536 
1537 	if (ENG->hlen_in > 0) {
1538 		unsigned char x;
1539 
1540 		x = *ENG->hbuf_in ++;
1541 		if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1542 			br_multihash_update(&ENG->mhash, &x, 1);
1543 		}
1544 		T0_PUSH(x);
1545 		ENG->hlen_in --;
1546 	} else {
1547 		T0_PUSHi(-1);
1548 	}
1549 
1550 				}
1551 				break;
1552 			case 59: {
1553 				/* set-server-curve */
1554 
1555 	const br_x509_class *xc;
1556 	const br_x509_pkey *pk;
1557 
1558 	xc = *(ENG->x509ctx);
1559 	pk = xc->get_pkey(ENG->x509ctx, NULL);
1560 	CTX->server_curve =
1561 		(pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1562 
1563 				}
1564 				break;
1565 			case 60: {
1566 				/* set16 */
1567 
1568 	size_t addr = (size_t)T0_POP();
1569 	*(uint16_t *)(void *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1570 
1571 				}
1572 				break;
1573 			case 61: {
1574 				/* set32 */
1575 
1576 	size_t addr = (size_t)T0_POP();
1577 	*(uint32_t *)(void *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1578 
1579 				}
1580 				break;
1581 			case 62: {
1582 				/* set8 */
1583 
1584 	size_t addr = (size_t)T0_POP();
1585 	*((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1586 
1587 				}
1588 				break;
1589 			case 63: {
1590 				/* strlen */
1591 
1592 	void *str = (unsigned char *)ENG + (size_t)T0_POP();
1593 	T0_PUSH((uint32_t)strlen(str));
1594 
1595 				}
1596 				break;
1597 			case 64: {
1598 				/* supported-curves */
1599 
1600 	uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1601 	T0_PUSH(x);
1602 
1603 				}
1604 				break;
1605 			case 65: {
1606 				/* supported-hash-functions */
1607 
1608 	int i;
1609 	unsigned x, num;
1610 
1611 	x = 0;
1612 	num = 0;
1613 	for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1614 		if (br_multihash_getimpl(&ENG->mhash, i)) {
1615 			x |= 1U << i;
1616 			num ++;
1617 		}
1618 	}
1619 	T0_PUSH(x);
1620 	T0_PUSH(num);
1621 
1622 				}
1623 				break;
1624 			case 66: {
1625 				/* supports-ecdsa? */
1626 
1627 	T0_PUSHi(-(ENG->iecdsa != 0));
1628 
1629 				}
1630 				break;
1631 			case 67: {
1632 				/* supports-rsa-sign? */
1633 
1634 	T0_PUSHi(-(ENG->irsavrfy != 0));
1635 
1636 				}
1637 				break;
1638 			case 68: {
1639 				/* swap */
1640  T0_SWAP();
1641 				}
1642 				break;
1643 			case 69: {
1644 				/* switch-aesccm-in */
1645 
1646 	int is_client, prf_id;
1647 	unsigned cipher_key_len, tag_len;
1648 
1649 	tag_len = T0_POP();
1650 	cipher_key_len = T0_POP();
1651 	prf_id = T0_POP();
1652 	is_client = T0_POP();
1653 	br_ssl_engine_switch_ccm_in(ENG, is_client, prf_id,
1654 		ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1655 
1656 				}
1657 				break;
1658 			case 70: {
1659 				/* switch-aesccm-out */
1660 
1661 	int is_client, prf_id;
1662 	unsigned cipher_key_len, tag_len;
1663 
1664 	tag_len = T0_POP();
1665 	cipher_key_len = T0_POP();
1666 	prf_id = T0_POP();
1667 	is_client = T0_POP();
1668 	br_ssl_engine_switch_ccm_out(ENG, is_client, prf_id,
1669 		ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1670 
1671 				}
1672 				break;
1673 			case 71: {
1674 				/* switch-aesgcm-in */
1675 
1676 	int is_client, prf_id;
1677 	unsigned cipher_key_len;
1678 
1679 	cipher_key_len = T0_POP();
1680 	prf_id = T0_POP();
1681 	is_client = T0_POP();
1682 	br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1683 		ENG->iaes_ctr, cipher_key_len);
1684 
1685 				}
1686 				break;
1687 			case 72: {
1688 				/* switch-aesgcm-out */
1689 
1690 	int is_client, prf_id;
1691 	unsigned cipher_key_len;
1692 
1693 	cipher_key_len = T0_POP();
1694 	prf_id = T0_POP();
1695 	is_client = T0_POP();
1696 	br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1697 		ENG->iaes_ctr, cipher_key_len);
1698 
1699 				}
1700 				break;
1701 			case 73: {
1702 				/* switch-cbc-in */
1703 
1704 	int is_client, prf_id, mac_id, aes;
1705 	unsigned cipher_key_len;
1706 
1707 	cipher_key_len = T0_POP();
1708 	aes = T0_POP();
1709 	mac_id = T0_POP();
1710 	prf_id = T0_POP();
1711 	is_client = T0_POP();
1712 	br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1713 		aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1714 
1715 				}
1716 				break;
1717 			case 74: {
1718 				/* switch-cbc-out */
1719 
1720 	int is_client, prf_id, mac_id, aes;
1721 	unsigned cipher_key_len;
1722 
1723 	cipher_key_len = T0_POP();
1724 	aes = T0_POP();
1725 	mac_id = T0_POP();
1726 	prf_id = T0_POP();
1727 	is_client = T0_POP();
1728 	br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1729 		aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1730 
1731 				}
1732 				break;
1733 			case 75: {
1734 				/* switch-chapol-in */
1735 
1736 	int is_client, prf_id;
1737 
1738 	prf_id = T0_POP();
1739 	is_client = T0_POP();
1740 	br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1741 
1742 				}
1743 				break;
1744 			case 76: {
1745 				/* switch-chapol-out */
1746 
1747 	int is_client, prf_id;
1748 
1749 	prf_id = T0_POP();
1750 	is_client = T0_POP();
1751 	br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1752 
1753 				}
1754 				break;
1755 			case 77: {
1756 				/* test-protocol-name */
1757 
1758 	size_t len = T0_POP();
1759 	size_t u;
1760 
1761 	for (u = 0; u < ENG->protocol_names_num; u ++) {
1762 		const char *name;
1763 
1764 		name = ENG->protocol_names[u];
1765 		if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1766 			T0_PUSH(u);
1767 			T0_RET();
1768 		}
1769 	}
1770 	T0_PUSHi(-1);
1771 
1772 				}
1773 				break;
1774 			case 78: {
1775 				/* total-chain-length */
1776 
1777 	size_t u;
1778 	uint32_t total;
1779 
1780 	total = 0;
1781 	for (u = 0; u < ENG->chain_len; u ++) {
1782 		total += 3 + (uint32_t)ENG->chain[u].data_len;
1783 	}
1784 	T0_PUSH(total);
1785 
1786 				}
1787 				break;
1788 			case 79: {
1789 				/* u>> */
1790 
1791 	int c = (int)T0_POPi();
1792 	uint32_t x = T0_POP();
1793 	T0_PUSH(x >> c);
1794 
1795 				}
1796 				break;
1797 			case 80: {
1798 				/* verify-SKE-sig */
1799 
1800 	size_t sig_len = T0_POP();
1801 	int use_rsa = T0_POPi();
1802 	int hash = T0_POPi();
1803 
1804 	T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1805 
1806 				}
1807 				break;
1808 			case 81: {
1809 				/* write-blob-chunk */
1810 
1811 	size_t clen = ENG->hlen_out;
1812 	if (clen > 0) {
1813 		uint32_t addr, len;
1814 
1815 		len = T0_POP();
1816 		addr = T0_POP();
1817 		if ((size_t)len < clen) {
1818 			clen = (size_t)len;
1819 		}
1820 		memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1821 		if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1822 			br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1823 		}
1824 		T0_PUSH(addr + (uint32_t)clen);
1825 		T0_PUSH(len - (uint32_t)clen);
1826 		ENG->hbuf_out += clen;
1827 		ENG->hlen_out -= clen;
1828 	}
1829 
1830 				}
1831 				break;
1832 			case 82: {
1833 				/* write8-native */
1834 
1835 	unsigned char x;
1836 
1837 	x = (unsigned char)T0_POP();
1838 	if (ENG->hlen_out > 0) {
1839 		if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1840 			br_multihash_update(&ENG->mhash, &x, 1);
1841 		}
1842 		*ENG->hbuf_out ++ = x;
1843 		ENG->hlen_out --;
1844 		T0_PUSHi(-1);
1845 	} else {
1846 		T0_PUSHi(0);
1847 	}
1848 
1849 				}
1850 				break;
1851 			case 83: {
1852 				/* x509-append */
1853 
1854 	const br_x509_class *xc;
1855 	size_t len;
1856 
1857 	xc = *(ENG->x509ctx);
1858 	len = T0_POP();
1859 	xc->append(ENG->x509ctx, ENG->pad, len);
1860 
1861 				}
1862 				break;
1863 			case 84: {
1864 				/* x509-end-cert */
1865 
1866 	const br_x509_class *xc;
1867 
1868 	xc = *(ENG->x509ctx);
1869 	xc->end_cert(ENG->x509ctx);
1870 
1871 				}
1872 				break;
1873 			case 85: {
1874 				/* x509-end-chain */
1875 
1876 	const br_x509_class *xc;
1877 
1878 	xc = *(ENG->x509ctx);
1879 	T0_PUSH(xc->end_chain(ENG->x509ctx));
1880 
1881 				}
1882 				break;
1883 			case 86: {
1884 				/* x509-start-cert */
1885 
1886 	const br_x509_class *xc;
1887 
1888 	xc = *(ENG->x509ctx);
1889 	xc->start_cert(ENG->x509ctx, T0_POP());
1890 
1891 				}
1892 				break;
1893 			case 87: {
1894 				/* x509-start-chain */
1895 
1896 	const br_x509_class *xc;
1897 	uint32_t bc;
1898 
1899 	bc = T0_POP();
1900 	xc = *(ENG->x509ctx);
1901 	xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1902 
1903 				}
1904 				break;
1905 			}
1906 
1907 		} else {
1908 			T0_ENTER(ip, rp, t0x);
1909 		}
1910 	}
1911 t0_exit:
1912 	((t0_context *)t0ctx)->dp = dp;
1913 	((t0_context *)t0ctx)->rp = rp;
1914 	((t0_context *)t0ctx)->ip = ip;
1915 }
1916