xref: /freebsd/contrib/bearssl/src/ssl/ssl_hs_server.c (revision 6829dae12bb055451fa467da4589c43bd03b1e64)
1 /* Automatically generated code; do not modify directly. */
2 
3 #include <stddef.h>
4 #include <stdint.h>
5 
6 typedef struct {
7 	uint32_t *dp;
8 	uint32_t *rp;
9 	const unsigned char *ip;
10 } t0_context;
11 
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 	uint32_t x;
16 
17 	x = 0;
18 	for (;;) {
19 		unsigned y;
20 
21 		y = *(*p) ++;
22 		x = (x << 7) | (uint32_t)(y & 0x7F);
23 		if (y < 0x80) {
24 			return x;
25 		}
26 	}
27 }
28 
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 	int neg;
33 	uint32_t x;
34 
35 	neg = ((**p) >> 6) & 1;
36 	x = (uint32_t)-neg;
37 	for (;;) {
38 		unsigned y;
39 
40 		y = *(*p) ++;
41 		x = (x << 7) | (uint32_t)(y & 0x7F);
42 		if (y < 0x80) {
43 			if (neg) {
44 				return -(int32_t)~x - 1;
45 			} else {
46 				return (int32_t)x;
47 			}
48 		}
49 	}
50 }
51 
52 #define T0_VBYTE(x, n)   (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n)   (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x)      (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x)       T0_FBYTE(x, 0)
56 #define T0_INT2(x)       T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x)       T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x)       T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x)       T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60 
61 /* static const unsigned char t0_datablock[]; */
62 
63 
64 void br_ssl_hs_server_init_main(void *t0ctx);
65 
66 void br_ssl_hs_server_run(void *t0ctx);
67 
68 
69 
70 #include <stddef.h>
71 #include <string.h>
72 
73 #include "inner.h"
74 
75 /*
76  * This macro evaluates to a pointer to the current engine context.
77  */
78 #define ENG  ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79 
80 
81 
82 
83 
84 /*
85  * This macro evaluates to a pointer to the server context, under that
86  * specific name. It must be noted that since the engine context is the
87  * first field of the br_ssl_server_context structure ('eng'), then
88  * pointers values of both types are interchangeable, modulo an
89  * appropriate cast. This also means that "addresses" computed as offsets
90  * within the structure work for both kinds of context.
91  */
92 #define CTX  ((br_ssl_server_context *)ENG)
93 
94 /*
95  * Decrypt the pre-master secret (RSA key exchange).
96  */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 	unsigned char *epms, size_t len)
100 {
101 	uint32_t x;
102 	unsigned char rpms[48];
103 
104 	/*
105 	 * Decrypt the PMS.
106 	 */
107 	x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, &len);
108 
109 	/*
110 	 * Set the first two bytes to the maximum supported client
111 	 * protocol version. These bytes are used for version rollback
112 	 * detection; forceing the two bytes will make the master secret
113 	 * wrong if the bytes are not correct. This process is
114 	 * recommended by RFC 5246 (section 7.4.7.1).
115 	 */
116 	br_enc16be(epms, ctx->client_max_version);
117 
118 	/*
119 	 * Make a random PMS and copy it above the decrypted value if the
120 	 * decryption failed. Note that we use a constant-time conditional
121 	 * copy.
122 	 */
123 	br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 	br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125 
126 	/*
127 	 * Compute master secret.
128 	 */
129 	br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130 
131 	/*
132 	 * Clear the pre-master secret from RAM: it is normally a buffer
133 	 * in the context, hence potentially long-lived.
134 	 */
135 	memset(epms, 0, len);
136 }
137 
138 /*
139  * Common part for ECDH and ECDHE.
140  */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 	unsigned char *xcoor, size_t xcoor_len, uint32_t ctl)
144 {
145 	unsigned char rpms[80];
146 
147 	if (xcoor_len > sizeof rpms) {
148 		xcoor_len = sizeof rpms;
149 		ctl = 0;
150 	}
151 
152 	/*
153 	 * Make a random PMS and copy it above the decrypted value if the
154 	 * decryption failed. Note that we use a constant-time conditional
155 	 * copy.
156 	 */
157 	br_hmac_drbg_generate(&ctx->eng.rng, rpms, xcoor_len);
158 	br_ccopy(ctl ^ 1, xcoor, rpms, xcoor_len);
159 
160 	/*
161 	 * Compute master secret.
162 	 */
163 	br_ssl_engine_compute_master(&ctx->eng, prf_id, xcoor, xcoor_len);
164 
165 	/*
166 	 * Clear the pre-master secret from RAM: it is normally a buffer
167 	 * in the context, hence potentially long-lived.
168 	 */
169 	memset(xcoor, 0, xcoor_len);
170 }
171 
172 /*
173  * Do the ECDH key exchange (not ECDHE).
174  */
175 static void
176 do_ecdh(br_ssl_server_context *ctx, int prf_id,
177 	unsigned char *cpoint, size_t cpoint_len)
178 {
179 	uint32_t x;
180 
181 	/*
182 	 * Finalise the key exchange.
183 	 */
184 	x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
185 		cpoint, &cpoint_len);
186 	ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
187 }
188 
189 /*
190  * Do the full static ECDH key exchange. When this function is called,
191  * it has already been verified that the cipher suite uses ECDH (not ECDHE),
192  * and the client's public key (from its certificate) has type EC and is
193  * apt for key exchange.
194  */
195 static void
196 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
197 {
198 	unsigned char cpoint[133];
199 	size_t cpoint_len;
200 	const br_x509_class **xc;
201 	const br_x509_pkey *pk;
202 
203 	xc = ctx->eng.x509ctx;
204 	pk = (*xc)->get_pkey(xc, NULL);
205 	cpoint_len = pk->key.ec.qlen;
206 	if (cpoint_len > sizeof cpoint) {
207 		/*
208 		 * If the point is larger than our buffer then we need to
209 		 * restrict it. Length 2 is not a valid point length, so
210 		 * the ECDH will fail.
211 		 */
212 		cpoint_len = 2;
213 	}
214 	memcpy(cpoint, pk->key.ec.q, cpoint_len);
215 	do_ecdh(ctx, prf_id, cpoint, cpoint_len);
216 }
217 
218 static size_t
219 hash_data(br_ssl_server_context *ctx,
220 	void *dst, int hash_id, const void *src, size_t len)
221 {
222 	const br_hash_class *hf;
223 	br_hash_compat_context hc;
224 
225 	if (hash_id == 0) {
226 		unsigned char tmp[36];
227 
228 		hf = br_multihash_getimpl(&ctx->eng.mhash, br_md5_ID);
229 		if (hf == NULL) {
230 			return 0;
231 		}
232 		hf->init(&hc.vtable);
233 		hf->update(&hc.vtable, src, len);
234 		hf->out(&hc.vtable, tmp);
235 		hf = br_multihash_getimpl(&ctx->eng.mhash, br_sha1_ID);
236 		if (hf == NULL) {
237 			return 0;
238 		}
239 		hf->init(&hc.vtable);
240 		hf->update(&hc.vtable, src, len);
241 		hf->out(&hc.vtable, tmp + 16);
242 		memcpy(dst, tmp, 36);
243 		return 36;
244 	} else {
245 		hf = br_multihash_getimpl(&ctx->eng.mhash, hash_id);
246 		if (hf == NULL) {
247 			return 0;
248 		}
249 		hf->init(&hc.vtable);
250 		hf->update(&hc.vtable, src, len);
251 		hf->out(&hc.vtable, dst);
252 		return (hf->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK;
253 	}
254 }
255 
256 /*
257  * Do the ECDHE key exchange (part 1: generation of transient key, and
258  * computing of the point to send to the client). Returned value is the
259  * signature length (in bytes), or -x on error (with x being an error
260  * code). The encoded point is written in the ecdhe_point[] context buffer
261  * (length in ecdhe_point_len).
262  */
263 static int
264 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
265 {
266 	unsigned algo_id;
267 	unsigned mask;
268 	const unsigned char *order;
269 	size_t olen, glen;
270 	size_t hv_len, sig_len;
271 
272 	if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
273 		return -BR_ERR_INVALID_ALGORITHM;
274 	}
275 	ctx->eng.ecdhe_curve = curve;
276 
277 	/*
278 	 * Generate our private key. We need a non-zero random value
279 	 * which is lower than the curve order, in a "large enough"
280 	 * range. We force the top bit to 0 and bottom bit to 1, which
281 	 * does the trick. Note that contrary to what happens in ECDSA,
282 	 * this is not a problem if we do not cover the full range of
283 	 * possible values.
284 	 */
285 	order = ctx->eng.iec->order(curve, &olen);
286 	mask = 0xFF;
287 	while (mask >= order[0]) {
288 		mask >>= 1;
289 	}
290 	br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
291 	ctx->ecdhe_key[0] &= mask;
292 	ctx->ecdhe_key[olen - 1] |= 0x01;
293 	ctx->ecdhe_key_len = olen;
294 
295 	/*
296 	 * Compute our ECDH point.
297 	 */
298 	glen = ctx->eng.iec->mulgen(ctx->eng.ecdhe_point,
299 		ctx->ecdhe_key, olen, curve);
300 	ctx->eng.ecdhe_point_len = glen;
301 
302 	/*
303 	 * Assemble the message to be signed, and possibly hash it.
304 	 */
305 	memcpy(ctx->eng.pad, ctx->eng.client_random, 32);
306 	memcpy(ctx->eng.pad + 32, ctx->eng.server_random, 32);
307 	ctx->eng.pad[64 + 0] = 0x03;
308 	ctx->eng.pad[64 + 1] = 0x00;
309 	ctx->eng.pad[64 + 2] = curve;
310 	ctx->eng.pad[64 + 3] = ctx->eng.ecdhe_point_len;
311 	memcpy(ctx->eng.pad + 64 + 4,
312 		ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
313 	hv_len = 64 + 4 + ctx->eng.ecdhe_point_len;
314 	algo_id = ctx->sign_hash_id;
315 	if (algo_id >= (unsigned)0xFF00) {
316 		hv_len = hash_data(ctx, ctx->eng.pad, algo_id & 0xFF,
317 			ctx->eng.pad, hv_len);
318 		if (hv_len == 0) {
319 			return -BR_ERR_INVALID_ALGORITHM;
320 		}
321 	}
322 
323 	sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
324 		algo_id, ctx->eng.pad, hv_len, sizeof ctx->eng.pad);
325 	return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
326 }
327 
328 /*
329  * Do the ECDHE key exchange (part 2: computation of the shared secret
330  * from the point sent by the client).
331  */
332 static void
333 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
334 	unsigned char *cpoint, size_t cpoint_len)
335 {
336 	int curve;
337 	uint32_t ctl;
338 	size_t xoff, xlen;
339 
340 	curve = ctx->eng.ecdhe_curve;
341 
342 	/*
343 	 * Finalise the key exchange.
344 	 */
345 	ctl = ctx->eng.iec->mul(cpoint, cpoint_len,
346 		ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
347 	xoff = ctx->eng.iec->xoff(curve, &xlen);
348 	ecdh_common(ctx, prf_id, cpoint + xoff, xlen, ctl);
349 
350 	/*
351 	 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
352 	 * as that key does not get stolen, so we'd better destroy it
353 	 * as soon as it ceases to be useful.
354 	 */
355 	memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
356 }
357 
358 /*
359  * Offset for hash value within the pad (when obtaining all hash values,
360  * in preparation for verification of the CertificateVerify message).
361  * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
362  * is used to get the total length.
363  */
364 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
365 
366 /*
367  * OID for hash functions in RSA signatures.
368  */
369 static const unsigned char HASH_OID_SHA1[] = {
370 	0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
371 };
372 
373 static const unsigned char HASH_OID_SHA224[] = {
374 	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
375 };
376 
377 static const unsigned char HASH_OID_SHA256[] = {
378 	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
379 };
380 
381 static const unsigned char HASH_OID_SHA384[] = {
382 	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
383 };
384 
385 static const unsigned char HASH_OID_SHA512[] = {
386 	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
387 };
388 
389 static const unsigned char *HASH_OID[] = {
390 	HASH_OID_SHA1,
391 	HASH_OID_SHA224,
392 	HASH_OID_SHA256,
393 	HASH_OID_SHA384,
394 	HASH_OID_SHA512
395 };
396 
397 /*
398  * Verify the signature in CertificateVerify. Returned value is 0 on
399  * success, or a non-zero error code. Lack of implementation of the
400  * designated signature algorithm is reported as a "bad signature"
401  * error (because it means that the peer did not honour our advertised
402  * set of supported signature algorithms).
403  */
404 static int
405 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
406 {
407 	const br_x509_class **xc;
408 	const br_x509_pkey *pk;
409 	int id;
410 
411 	id = ctx->hash_CV_id;
412 	xc = ctx->eng.x509ctx;
413 	pk = (*xc)->get_pkey(xc, NULL);
414 	if (pk->key_type == BR_KEYTYPE_RSA) {
415 		unsigned char tmp[64];
416 		const unsigned char *hash_oid;
417 
418 		if (id == 0) {
419 			hash_oid = NULL;
420 		} else {
421 			hash_oid = HASH_OID[id - 2];
422 		}
423 		if (ctx->eng.irsavrfy == 0) {
424 			return BR_ERR_BAD_SIGNATURE;
425 		}
426 		if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
427 			hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
428 			|| memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
429 		{
430 			return BR_ERR_BAD_SIGNATURE;
431 		}
432 	} else {
433 		if (ctx->eng.iecdsa == 0) {
434 			return BR_ERR_BAD_SIGNATURE;
435 		}
436 		if (!ctx->eng.iecdsa(ctx->eng.iec,
437 			ctx->hash_CV, ctx->hash_CV_len,
438 			&pk->key.ec, ctx->eng.pad, sig_len))
439 		{
440 			return BR_ERR_BAD_SIGNATURE;
441 		}
442 	}
443 	return 0;
444 }
445 
446 
447 
448 static const unsigned char t0_datablock[] = {
449 	0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
450 	0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
451 	0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
452 	0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
453 	0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
454 	0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
455 	0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
456 	0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
457 	0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
458 	0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
459 	0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
460 	0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xC0, 0x9C, 0x06,
461 	0x04, 0xC0, 0x9D, 0x07, 0x04, 0xC0, 0xA0, 0x08, 0x04, 0xC0, 0xA1, 0x09,
462 	0x04, 0xC0, 0xAC, 0x26, 0x04, 0xC0, 0xAD, 0x27, 0x04, 0xC0, 0xAE, 0x28,
463 	0x04, 0xC0, 0xAF, 0x29, 0x04, 0xCC, 0xA8, 0x15, 0x04, 0xCC, 0xA9, 0x25,
464 	0x04, 0x00, 0x00
465 };
466 
467 static const unsigned char t0_codeblock[] = {
468 	0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
469 	0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
470 	0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
471 	0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
472 	T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
473 	T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
474 	T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
475 	T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
476 	T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
477 	T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
478 	T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
479 	T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
480 	T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
481 	T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
482 	T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
483 	0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
484 	T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
485 	T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
486 	T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
487 	T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
488 	T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
489 	0x01,
490 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
491 	0x00, 0x00, 0x01,
492 	T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
493 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
494 	0x00, 0x00, 0x01,
495 	T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
496 	0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
497 	0x00, 0x00, 0x01,
498 	T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
499 	0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
500 	0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
501 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
502 	0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
503 	0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
504 	0x00, 0x00, 0x7B, 0x01,
505 	T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
506 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
507 	0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
508 	0x00, 0x01,
509 	T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
510 	0x00, 0x01,
511 	T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
512 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
513 	0x00, 0x00, 0x01,
514 	T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
515 	0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
516 	0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
517 	0x00, 0x01,
518 	T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
519 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
520 	0x00, 0x00, 0x01,
521 	T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
522 	0x01,
523 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
524 	0x00, 0x00, 0x01,
525 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
526 	0x00, 0x00, 0x01,
527 	T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
528 	0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
529 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
530 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
531 	0x00, 0x01,
532 	T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
533 	0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
534 	0x00, 0x00, 0x01,
535 	T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
536 	0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
537 	0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
538 	0x00, 0x00, 0x09, 0x2A, 0x5D, 0x06, 0x02, 0x6A, 0x2B, 0x00, 0x00, 0x01,
539 	0x01, 0x00, 0x01, 0x03, 0x00, 0x9B, 0x2A, 0x63, 0x47, 0x9F, 0x2A, 0x05,
540 	0x04, 0x65, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9F, 0x00,
541 	0x63, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x6A, 0x2B, 0x00, 0x00, 0x2A, 0x8B,
542 	0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x78, 0x2E, 0xA8, 0x1C, 0x85,
543 	0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x61,
544 	0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x77, 0x30, 0x02, 0x00, 0x38, 0x13,
545 	0x01, 0x01, 0x0C, 0x77, 0x42, 0x2C, 0x19, 0x38, 0x06, 0x07, 0x02, 0x00,
546 	0xD0, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC7, 0x02, 0x00, 0x2A, 0x19,
547 	0x13, 0x06, 0x02, 0x71, 0x2B, 0xD0, 0x04, 0x76, 0x00, 0x01, 0x00, 0x77,
548 	0x42, 0x01, 0x16, 0x89, 0x42, 0x01, 0x00, 0x8C, 0x40, 0x36, 0xB1, 0x35,
549 	0x06, 0x02, 0x73, 0x2B, 0x06, 0x0A, 0xD7, 0x01, 0x00, 0xD3, 0x01, 0x00,
550 	0xAD, 0x04, 0x80, 0x46, 0xD7, 0xD4, 0x29, 0xD9, 0x50, 0x06, 0x01, 0xD5,
551 	0xD8, 0x2C, 0x50, 0x06, 0x31, 0x01, 0x00, 0xAE, 0x2A, 0x5D, 0x06, 0x0F,
552 	0x01, 0x02, 0xA4, 0x05, 0x02, 0x37, 0x2B, 0x29, 0xB2, 0xB0, 0x2A, 0xC9,
553 	0x29, 0x04, 0x19, 0x2A, 0x5F, 0x06, 0x0B, 0x29, 0x01, 0x02, 0xA4, 0x05,
554 	0x02, 0x70, 0x2B, 0xB2, 0x04, 0x0A, 0xB4, 0x2A, 0x05, 0x04, 0x29, 0xAB,
555 	0x04, 0x02, 0xB3, 0xAF, 0x04, 0x01, 0xB2, 0x01, 0x00, 0xAD, 0x01, 0x00,
556 	0xD3, 0x3E, 0x01, 0x01, 0x77, 0x42, 0x01, 0x17, 0x89, 0x42, 0x00, 0x00,
557 	0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCF,
558 	0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xC6, 0x19, 0x38, 0x06, 0x04,
559 	0xCF, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2B, 0x00,
560 	0x00, 0x81, 0x2F, 0x47, 0x12, 0x01, 0x01, 0x13, 0x37, 0x00, 0x00, 0x2A,
561 	0x05, 0x04, 0x29, 0x01, 0x7F, 0x00, 0x01, 0x00, 0xA2, 0x12, 0x01, 0x01,
562 	0x13, 0x5F, 0x06, 0x03, 0x61, 0x04, 0x75, 0x47, 0x29, 0x00, 0x00, 0x01,
563 	0x7F, 0xA1, 0xCF, 0x2A, 0x01, 0x07, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06,
564 	0x0D, 0x29, 0x01, 0x10, 0x13, 0x06, 0x05, 0x01, 0x00, 0x77, 0x42, 0xC5,
565 	0x04, 0x33, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x2A, 0x29, 0x29, 0x8A, 0x30,
566 	0x01, 0x01, 0x0F, 0x01, 0x01, 0xA4, 0x39, 0x06, 0x18, 0xC8, 0x2C, 0x19,
567 	0x38, 0x06, 0x04, 0xCF, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC7, 0x01,
568 	0x01, 0x77, 0x42, 0x01, 0x17, 0x89, 0x42, 0x04, 0x03, 0x01, 0x00, 0xA1,
569 	0x04, 0x03, 0x73, 0x2B, 0x29, 0x04, 0xFF, 0x32, 0x01, 0x2A, 0x03, 0x00,
570 	0x09, 0x2A, 0x5D, 0x06, 0x02, 0x6A, 0x2B, 0x02, 0x00, 0x00, 0x00, 0x9C,
571 	0x01, 0x0F, 0x13, 0x00, 0x00, 0x76, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06,
572 	0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29, 0x01, 0x02, 0x76,
573 	0x42, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x14, 0x29,
574 	0x01, 0x00, 0x76, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01,
575 	0x82, 0x00, 0x08, 0x2B, 0x5F, 0x04, 0x07, 0x29, 0x01, 0x82, 0x00, 0x08,
576 	0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05, 0x3D, 0xA9, 0x39,
577 	0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x91, 0x42, 0x00, 0x00, 0x01,
578 	0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x74, 0x2B, 0x78, 0x2E, 0x2A,
579 	0xCB, 0x05, 0x02, 0x73, 0x2B, 0xA8, 0x28, 0x00, 0x02, 0x87, 0x2E, 0x05,
580 	0x02, 0xBC, 0x00, 0xC0, 0xA7, 0xC0, 0xA7, 0x01, 0x7E, 0x03, 0x00, 0x2A,
581 	0x06, 0x17, 0xC2, 0x2A, 0x03, 0x01, 0x85, 0x47, 0xB6, 0x02, 0x01, 0x51,
582 	0x2A, 0x02, 0x00, 0x53, 0x06, 0x04, 0x03, 0x00, 0x04, 0x01, 0x29, 0x04,
583 	0x66, 0x9D, 0x9D, 0x02, 0x00, 0x61, 0x8C, 0x40, 0x00, 0x00, 0x31, 0x06,
584 	0x0B, 0x88, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x73, 0x2B, 0x04, 0x11,
585 	0xCF, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02,
586 	0x73, 0x2B, 0x04, 0x70, 0x29, 0xC3, 0x01, 0x01, 0x0E, 0x35, 0x39, 0x06,
587 	0x02, 0x66, 0x2B, 0x2A, 0x01, 0x01, 0xCA, 0x38, 0xB5, 0x00, 0x01, 0xBA,
588 	0x01, 0x0B, 0x0F, 0x05, 0x02, 0x73, 0x2B, 0x2A, 0x01, 0x03, 0x0F, 0x06,
589 	0x08, 0xC1, 0x06, 0x02, 0x6A, 0x2B, 0x47, 0x29, 0x00, 0x47, 0x5C, 0xC1,
590 	0xA7, 0x2A, 0x06, 0x23, 0xC1, 0xA7, 0x2A, 0x5B, 0x2A, 0x06, 0x18, 0x2A,
591 	0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x2A,
592 	0x03, 0x00, 0x85, 0x02, 0x00, 0xB6, 0x02, 0x00, 0x58, 0x04, 0x65, 0x9D,
593 	0x59, 0x04, 0x5A, 0x9D, 0x9D, 0x5A, 0x2A, 0x06, 0x02, 0x37, 0x00, 0x29,
594 	0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02, 0x74, 0x2B, 0x01,
595 	0x0F, 0x13, 0x03, 0x00, 0xB0, 0x95, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06,
596 	0x23, 0xC0, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x61, 0x01, 0x01, 0x12, 0x02,
597 	0x00, 0x0F, 0x05, 0x02, 0x6C, 0x2B, 0x01, 0x08, 0x12, 0x2A, 0x01, 0x02,
598 	0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6E, 0x2B, 0x04, 0x0D,
599 	0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01,
600 	0x02, 0x20, 0x05, 0x02, 0x6E, 0x2B, 0xC0, 0x2A, 0x03, 0x01, 0x2A, 0x01,
601 	0x84, 0x00, 0x10, 0x06, 0x02, 0x6F, 0x2B, 0x85, 0x47, 0xB6, 0x02, 0x01,
602 	0x55, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9D, 0x00, 0x00, 0x1D, 0xBA, 0x01,
603 	0x0F, 0x0F, 0x05, 0x02, 0x73, 0x2B, 0x00, 0x0A, 0xBA, 0x01, 0x01, 0x0F,
604 	0x05, 0x02, 0x73, 0x2B, 0xC0, 0x2A, 0x03, 0x00, 0x79, 0x40, 0x7A, 0x01,
605 	0x20, 0xB6, 0xC2, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02, 0x72, 0x2B, 0x2A,
606 	0x90, 0x42, 0x8F, 0x47, 0xB6, 0x1A, 0x03, 0x01, 0xC0, 0xA7, 0x01, 0x00,
607 	0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x83, 0xA2, 0x17, 0x3A, 0x08, 0x03,
608 	0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xC0, 0x2A, 0x03, 0x06, 0x02,
609 	0x01, 0x06, 0x0A, 0x2A, 0x78, 0x2E, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03,
610 	0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x8A, 0x30, 0x06, 0x02,
611 	0x6B, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81, 0xAC, 0x00, 0x0F,
612 	0x06, 0x11, 0x02, 0x00, 0x98, 0x2E, 0x11, 0x02, 0x00, 0x97, 0x2E, 0x0B,
613 	0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC4, 0x2A, 0x5D, 0x06, 0x03,
614 	0x29, 0x04, 0x26, 0x01, 0x00, 0xA4, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x7B,
615 	0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02, 0x05, 0x02, 0x04,
616 	0x11, 0x06, 0x02, 0x69, 0x2B, 0x02, 0x06, 0x02, 0x05, 0x40, 0x02, 0x05,
617 	0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29, 0x01, 0x00, 0x03,
618 	0x07, 0xC2, 0xA7, 0x2A, 0x06, 0x09, 0xC2, 0x05, 0x04, 0x01, 0x7F, 0x03,
619 	0x07, 0x04, 0x74, 0x9D, 0x01, 0x00, 0x8D, 0x42, 0x01, 0x88, 0x04, 0x82,
620 	0x41, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7E, 0x41, 0x2A, 0x06, 0x80, 0x4E,
621 	0xC0, 0xA7, 0x2A, 0x06, 0x80, 0x47, 0xC0, 0x01, 0x00, 0x3A, 0x0F, 0x06,
622 	0x04, 0x29, 0xB9, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29,
623 	0xB7, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29,
624 	0xB8, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBE, 0x04,
625 	0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBF, 0x04, 0x0F, 0x01,
626 	0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xAC, 0x04, 0x05, 0x29, 0xBC, 0x01,
627 	0x00, 0x29, 0x04, 0xFF, 0x35, 0x9D, 0x9D, 0x02, 0x01, 0x02, 0x03, 0x13,
628 	0x03, 0x01, 0x02, 0x00, 0x5D, 0x06, 0x08, 0x79, 0x2E, 0x99, 0x40, 0x01,
629 	0x80, 0x56, 0xA3, 0x97, 0x2E, 0x2A, 0x02, 0x00, 0x10, 0x06, 0x03, 0x29,
630 	0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x6D, 0x2B, 0x02,
631 	0x00, 0x98, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0xA3, 0x02, 0x01,
632 	0x06, 0x10, 0x95, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x29, 0x95, 0x2E,
633 	0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x95, 0x40, 0x2A, 0x96, 0x40,
634 	0x2A, 0x99, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06,
635 	0x04, 0x01, 0x02, 0x8A, 0x42, 0x8A, 0x30, 0x05, 0x04, 0x01, 0x01, 0x8A,
636 	0x42, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0xA3, 0x44, 0x29, 0x01, 0x82,
637 	0x01, 0x07, 0x01, 0xFC, 0x80, 0x00, 0x39, 0x82, 0x2F, 0x13, 0x2A, 0x82,
638 	0x41, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5E, 0x37, 0x47, 0x01, 0x08, 0x12,
639 	0x5E, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7E, 0x2F,
640 	0x43, 0x13, 0x2A, 0x7E, 0x41, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02,
641 	0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8F, 0x01, 0x20, 0x34, 0x01, 0x20,
642 	0x90, 0x42, 0x7B, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80,
643 	0x49, 0x2A, 0x2E, 0x2A, 0x9C, 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01,
644 	0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13,
645 	0x05, 0x04, 0x65, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01,
646 	0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x65, 0x01, 0x00, 0x2A,
647 	0x2A, 0x06, 0x10, 0x02, 0x05, 0x63, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05,
648 	0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x65, 0x01, 0x04, 0x08, 0x04,
649 	0xFF, 0x30, 0x29, 0x02, 0x05, 0x7B, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05,
650 	0x03, 0x01, 0x28, 0xA3, 0x7C, 0x42, 0x8C, 0x2E, 0x01, 0x83, 0xFF, 0x7F,
651 	0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA4, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA3,
652 	0x01, 0x00, 0x8C, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28, 0xA3, 0x01, 0x00,
653 	0x00, 0x00, 0xB4, 0xB3, 0x00, 0x04, 0x78, 0x2E, 0xCE, 0x06, 0x16, 0xC0,
654 	0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6F, 0x2B, 0x2A, 0x03, 0x00,
655 	0x85, 0x47, 0xB6, 0x02, 0x00, 0x78, 0x2E, 0xA8, 0x27, 0x78, 0x2E, 0x2A,
656 	0xCC, 0x47, 0xCB, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39,
657 	0x06, 0x14, 0xC2, 0x2A, 0x03, 0x03, 0x85, 0x47, 0xB6, 0x02, 0x03, 0x78,
658 	0x2E, 0xA8, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01, 0x24, 0x9D, 0x00,
659 	0x00, 0xBA, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x73, 0x2B, 0x00, 0x00, 0x9E,
660 	0xBA, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x73, 0x2B, 0x85, 0x01, 0x0C, 0x08,
661 	0x01, 0x0C, 0xB6, 0x9D, 0x85, 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32,
662 	0x05, 0x02, 0x67, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
663 	0x9A, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02,
664 	0x65, 0x00, 0xD1, 0x04, 0x74, 0x00, 0xC0, 0x01, 0x01, 0x0E, 0x06, 0x02,
665 	0x68, 0x2B, 0xC2, 0x2A, 0x2A, 0x5F, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06,
666 	0x02, 0x68, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x84, 0x30, 0x0B, 0x06, 0x0D,
667 	0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x84, 0x42, 0x86, 0x42, 0x04,
668 	0x01, 0x29, 0x00, 0x00, 0xC0, 0x8A, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06,
669 	0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x6B, 0x2B, 0xC2, 0x06, 0x02,
670 	0x6B, 0x2B, 0x01, 0x02, 0x8A, 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F,
671 	0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x6B, 0x2B, 0xC2, 0x01,
672 	0x0C, 0x0F, 0x05, 0x02, 0x6B, 0x2B, 0x85, 0x01, 0x0C, 0xB6, 0x8B, 0x85,
673 	0x01, 0x0C, 0x32, 0x05, 0x02, 0x6B, 0x2B, 0x04, 0x03, 0x6B, 0x2B, 0x29,
674 	0x00, 0x00, 0xC0, 0xA7, 0xC0, 0xA7, 0x2A, 0x06, 0x1D, 0xC2, 0x06, 0x03,
675 	0xBC, 0x04, 0x15, 0xC0, 0x2A, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A,
676 	0x8D, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8D, 0x47, 0xB6, 0x04, 0x01, 0xC9,
677 	0x04, 0x60, 0x9D, 0x9D, 0x00, 0x00, 0xBB, 0x2A, 0x5F, 0x06, 0x07, 0x29,
678 	0x06, 0x02, 0x69, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC3, 0x01, 0x03, 0xC1,
679 	0x47, 0x29, 0x47, 0x00, 0x00, 0xC0, 0xC9, 0x00, 0x03, 0x01, 0x00, 0x03,
680 	0x00, 0xC0, 0xA7, 0x2A, 0x06, 0x80, 0x50, 0xC2, 0x03, 0x01, 0xC2, 0x03,
681 	0x02, 0x02, 0x01, 0x01, 0x08, 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
682 	0x0D, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02,
683 	0x00, 0x39, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02,
684 	0x01, 0x01, 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02,
685 	0x01, 0x03, 0x0F, 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
686 	0x02, 0x62, 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00,
687 	0x04, 0xFF, 0x2C, 0x9D, 0x02, 0x00, 0x00, 0x00, 0xC0, 0xA7, 0xBD, 0x82,
688 	0x41, 0x9D, 0x00, 0x00, 0xC0, 0xA7, 0xC0, 0xA7, 0x01, 0x00, 0x7E, 0x41,
689 	0x2A, 0x06, 0x15, 0xC0, 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01,
690 	0x47, 0x0C, 0x7E, 0x2F, 0x39, 0x7E, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68,
691 	0x9D, 0x9D, 0x00, 0x00, 0x01, 0x02, 0x9A, 0xC3, 0x01, 0x08, 0x0C, 0xC3,
692 	0x08, 0x00, 0x00, 0x01, 0x03, 0x9A, 0xC3, 0x01, 0x08, 0x0C, 0xC3, 0x08,
693 	0x01, 0x08, 0x0C, 0xC3, 0x08, 0x00, 0x00, 0x01, 0x01, 0x9A, 0xC3, 0x00,
694 	0x00, 0x3D, 0x2A, 0x5D, 0x05, 0x01, 0x00, 0x29, 0xD1, 0x04, 0x76, 0x02,
695 	0x03, 0x00, 0x94, 0x30, 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B,
696 	0x06, 0x10, 0x2A, 0x01, 0x01, 0x0C, 0x93, 0x08, 0x2E, 0x02, 0x00, 0x0F,
697 	0x06, 0x01, 0x00, 0x61, 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C,
698 	0x19, 0x38, 0x06, 0x04, 0xCF, 0x29, 0x04, 0x78, 0x01, 0x16, 0x89, 0x42,
699 	0x01, 0x00, 0xE2, 0x01, 0x00, 0xE1, 0x2C, 0x01, 0x17, 0x89, 0x42, 0x00,
700 	0x00, 0x01, 0x15, 0x89, 0x42, 0x47, 0x57, 0x29, 0x57, 0x29, 0x2C, 0x00,
701 	0x00, 0x01, 0x01, 0x47, 0xC6, 0x00, 0x00, 0xBB, 0x01, 0x01, 0x0F, 0x05,
702 	0x02, 0x73, 0x2B, 0x2A, 0xC9, 0x29, 0x00, 0x00, 0x47, 0x3A, 0x9A, 0x47,
703 	0x2A, 0x06, 0x05, 0xC3, 0x29, 0x62, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03,
704 	0x00, 0x78, 0x2E, 0x9C, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02,
705 	0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12,
706 	0x01, 0x0F, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00,
707 	0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x81,
708 	0x0D, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10,
709 	0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x80, 0x77, 0x01,
710 	0x02, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00,
711 	0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x80, 0x61, 0x01, 0x03, 0x3A,
712 	0x0F, 0x06, 0x0F, 0x29, 0x29, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A,
713 	0x04, 0x01, 0x4B, 0x04, 0x80, 0x4C, 0x01, 0x04, 0x3A, 0x0F, 0x06, 0x0E,
714 	0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B,
715 	0x04, 0x38, 0x01, 0x05, 0x3A, 0x0F, 0x06, 0x0C, 0x29, 0x29, 0x02, 0x00,
716 	0x06, 0x03, 0x4E, 0x04, 0x01, 0x4F, 0x04, 0x26, 0x2A, 0x01, 0x09, 0x10,
717 	0x06, 0x02, 0x6A, 0x2B, 0x47, 0x29, 0x2A, 0x01, 0x01, 0x13, 0x01, 0x04,
718 	0x0C, 0x01, 0x10, 0x08, 0x47, 0x01, 0x08, 0x13, 0x01, 0x10, 0x47, 0x09,
719 	0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x00, 0x29, 0x00, 0x00,
720 	0x9C, 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10, 0x00, 0x00, 0x9C, 0x01, 0x0C,
721 	0x12, 0x2A, 0x60, 0x47, 0x01, 0x03, 0x0B, 0x13, 0x00, 0x00, 0x9C, 0x01,
722 	0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00, 0x9C, 0x01, 0x0C, 0x12, 0x5F,
723 	0x00, 0x00, 0x1B, 0x01, 0x00, 0x75, 0x30, 0x2A, 0x06, 0x22, 0x01, 0x01,
724 	0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x00, 0xA0, 0x04, 0x14, 0x01, 0x02,
725 	0x3A, 0x0F, 0x06, 0x0D, 0x29, 0x77, 0x30, 0x01, 0x01, 0x0F, 0x06, 0x03,
726 	0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x7D, 0x30, 0x05,
727 	0x33, 0x31, 0x06, 0x30, 0x88, 0x30, 0x01, 0x14, 0x3A, 0x0F, 0x06, 0x06,
728 	0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F, 0x06, 0x09,
729 	0x29, 0xAA, 0x06, 0x03, 0x01, 0x7F, 0xA0, 0x04, 0x13, 0x01, 0x16, 0x3A,
730 	0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07, 0x29, 0x01, 0x04,
731 	0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08, 0x39, 0x00, 0x00,
732 	0x1B, 0x2A, 0x05, 0x13, 0x31, 0x06, 0x10, 0x88, 0x30, 0x01, 0x15, 0x0F,
733 	0x06, 0x08, 0x29, 0xAA, 0x01, 0x00, 0x77, 0x42, 0x04, 0x01, 0x23, 0x00,
734 	0x00, 0xCF, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x73, 0x2B,
735 	0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x89, 0x42,
736 	0x00, 0xCF, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xD2, 0x01, 0x01, 0xE2,
737 	0x2C, 0x2A, 0x01, 0x00, 0xCA, 0x01, 0x16, 0xD2, 0xD6, 0x2C, 0x00, 0x00,
738 	0x01, 0x0B, 0xE2, 0x52, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xE1, 0xE1, 0x14,
739 	0x2A, 0x5D, 0x06, 0x02, 0x29, 0x00, 0xE1, 0x1E, 0x2A, 0x06, 0x05, 0x85,
740 	0x47, 0xDA, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xDC, 0x95,
741 	0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x63, 0x01, 0x00, 0xDD, 0x08,
742 	0x50, 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xE2, 0xE1, 0x01, 0x00, 0xDC,
743 	0xE2, 0x01, 0x01, 0xDC, 0x29, 0x95, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06,
744 	0x08, 0x01, 0x00, 0xDD, 0xE0, 0x01, 0x01, 0xDD, 0x29, 0x50, 0xE0, 0x16,
745 	0x15, 0x2A, 0x5D, 0x06, 0x02, 0x29, 0x00, 0xE0, 0x1F, 0x2A, 0x06, 0x05,
746 	0x85, 0x47, 0xDA, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9E, 0x01, 0x14,
747 	0xE2, 0x01, 0x0C, 0xE1, 0x85, 0x01, 0x0C, 0xDA, 0x00, 0x04, 0x03, 0x00,
748 	0x01, 0x02, 0xE2, 0x01, 0x80, 0x46, 0x8A, 0x30, 0x01, 0x02, 0x0F, 0x06,
749 	0x0C, 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04,
750 	0x02, 0x01, 0x00, 0x03, 0x01, 0x86, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04,
751 	0x02, 0x01, 0x00, 0x03, 0x02, 0x8C, 0x2E, 0x2A, 0x06, 0x05, 0x62, 0x21,
752 	0x01, 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03,
753 	0x08, 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xE1, 0x95, 0x2E, 0xE0,
754 	0x8E, 0x01, 0x04, 0x17, 0x8E, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8E,
755 	0x01, 0x20, 0xDA, 0x01, 0x20, 0xE2, 0x8F, 0x01, 0x20, 0xDA, 0x78, 0x2E,
756 	0xE0, 0x01, 0x00, 0xE2, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
757 	0x2A, 0x06, 0x80, 0x40, 0xE0, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83,
758 	0xFE, 0x01, 0xE0, 0x01, 0x04, 0x09, 0x2A, 0xE0, 0x62, 0x8B, 0x47, 0xDB,
759 	0x04, 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xE0, 0x01, 0x01,
760 	0xE0, 0x86, 0x30, 0x01, 0x08, 0x09, 0xE2, 0x02, 0x03, 0x2A, 0x06, 0x11,
761 	0x01, 0x10, 0xE0, 0x01, 0x04, 0x09, 0x2A, 0xE0, 0x64, 0x2A, 0xE0, 0x62,
762 	0x85, 0x47, 0xDB, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01,
763 	0x0E, 0xE2, 0x01, 0x00, 0xE1, 0x00, 0x03, 0x78, 0x2E, 0xCC, 0x05, 0x01,
764 	0x00, 0x7E, 0x2F, 0x2A, 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x13, 0x06,
765 	0x05, 0x29, 0x01, 0x1D, 0x04, 0x0E, 0x2A, 0x01, 0x83, 0xC0, 0x80, 0x80,
766 	0x00, 0x13, 0x2A, 0x06, 0x01, 0x47, 0x29, 0xA5, 0x03, 0x00, 0x02, 0x00,
767 	0x25, 0x2A, 0x5D, 0x06, 0x02, 0x37, 0x2B, 0x03, 0x01, 0x95, 0x2E, 0x01,
768 	0x86, 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xE2, 0x02, 0x01, 0x80, 0x30,
769 	0x08, 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xE1, 0x01,
770 	0x03, 0xE2, 0x02, 0x00, 0xE0, 0x7F, 0x80, 0x30, 0xDB, 0x02, 0x02, 0x06,
771 	0x1C, 0x92, 0x2E, 0x2A, 0x01, 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xE0,
772 	0x04, 0x0F, 0x01, 0x81, 0x7F, 0x13, 0xE2, 0x78, 0x2E, 0xCD, 0x01, 0x01,
773 	0x0C, 0x01, 0x03, 0x08, 0xE2, 0x02, 0x01, 0xE0, 0x85, 0x02, 0x01, 0xDA,
774 	0x00, 0x00, 0x56, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x65, 0x00, 0xCF,
775 	0x29, 0x04, 0x73, 0x00, 0x2A, 0xE2, 0xDA, 0x00, 0x00, 0x01, 0x00, 0x78,
776 	0x2E, 0xCB, 0x06, 0x0C, 0x63, 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xE2,
777 	0x01, 0x80, 0x42, 0xE2, 0x46, 0x06, 0x07, 0x61, 0x3A, 0x06, 0x03, 0x01,
778 	0x01, 0xE2, 0x45, 0x06, 0x08, 0x61, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40,
779 	0xE2, 0x47, 0x29, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39,
780 	0x05, 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C, 0xDE, 0x03, 0x00, 0x01, 0x03,
781 	0x01, 0x80, 0x7C, 0xDE, 0x02, 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06,
782 	0x07, 0x01, 0x01, 0x44, 0x29, 0xDE, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01,
783 	0x03, 0x44, 0x29, 0xDE, 0x02, 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00,
784 	0x00, 0x00, 0x01, 0x00, 0x01, 0x04, 0xDF, 0x01, 0x05, 0xDF, 0x01, 0x06,
785 	0xDF, 0x01, 0x03, 0xDF, 0x01, 0x02, 0xDF, 0x0A, 0x65, 0x00, 0x01, 0x03,
786 	0x00, 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x63,
787 	0x01, 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00, 0xE2, 0x01, 0x02, 0x3B, 0xE2,
788 	0x00, 0x00, 0x2A, 0x01, 0x08, 0x54, 0xE2, 0xE2, 0x00, 0x00, 0x2A, 0x01,
789 	0x10, 0x54, 0xE2, 0xE0, 0x00, 0x00, 0x2A, 0x57, 0x06, 0x02, 0x29, 0x00,
790 	0xCF, 0x29, 0x04, 0x76
791 };
792 
793 static const uint16_t t0_caddr[] = {
794 	0,
795 	5,
796 	10,
797 	15,
798 	20,
799 	25,
800 	30,
801 	35,
802 	40,
803 	44,
804 	48,
805 	52,
806 	56,
807 	60,
808 	64,
809 	68,
810 	72,
811 	76,
812 	80,
813 	84,
814 	88,
815 	92,
816 	96,
817 	100,
818 	104,
819 	109,
820 	114,
821 	119,
822 	124,
823 	129,
824 	134,
825 	139,
826 	144,
827 	149,
828 	154,
829 	159,
830 	164,
831 	169,
832 	174,
833 	180,
834 	185,
835 	190,
836 	195,
837 	200,
838 	205,
839 	210,
840 	215,
841 	220,
842 	225,
843 	230,
844 	235,
845 	240,
846 	245,
847 	250,
848 	255,
849 	260,
850 	265,
851 	270,
852 	275,
853 	280,
854 	285,
855 	290,
856 	299,
857 	303,
858 	328,
859 	334,
860 	353,
861 	364,
862 	405,
863 	516,
864 	520,
865 	553,
866 	563,
867 	587,
868 	669,
869 	683,
870 	689,
871 	748,
872 	767,
873 	789,
874 	838,
875 	887,
876 	963,
877 	1065,
878 	1076,
879 	1670,
880 	1674,
881 	1741,
882 	1751,
883 	1782,
884 	1806,
885 	1852,
886 	1922,
887 	1962,
888 	1976,
889 	1985,
890 	1989,
891 	2084,
892 	2092,
893 	2128,
894 	2139,
895 	2155,
896 	2161,
897 	2172,
898 	2207,
899 	2233,
900 	2245,
901 	2251,
902 	2264,
903 	2279,
904 	2472,
905 	2481,
906 	2494,
907 	2503,
908 	2510,
909 	2616,
910 	2641,
911 	2654,
912 	2670,
913 	2688,
914 	2720,
915 	2793,
916 	2806,
917 	2987,
918 	2995,
919 	3122,
920 	3136,
921 	3141,
922 	3185,
923 	3242,
924 	3263,
925 	3290,
926 	3298,
927 	3306
928 };
929 
930 #define T0_INTERPRETED   93
931 
932 #define T0_ENTER(ip, rp, slot)   do { \
933 		const unsigned char *t0_newip; \
934 		uint32_t t0_lnum; \
935 		t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
936 		t0_lnum = t0_parse7E_unsigned(&t0_newip); \
937 		(rp) += t0_lnum; \
938 		*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
939 		(ip) = t0_newip; \
940 	} while (0)
941 
942 #define T0_DEFENTRY(name, slot) \
943 void \
944 name(void *ctx) \
945 { \
946 	t0_context *t0ctx = ctx; \
947 	t0ctx->ip = &t0_codeblock[0]; \
948 	T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
949 }
950 
951 T0_DEFENTRY(br_ssl_hs_server_init_main, 166)
952 
953 #define T0_NEXT(t0ipp)   (*(*(t0ipp)) ++)
954 
955 void
956 br_ssl_hs_server_run(void *t0ctx)
957 {
958 	uint32_t *dp, *rp;
959 	const unsigned char *ip;
960 
961 #define T0_LOCAL(x)    (*(rp - 2 - (x)))
962 #define T0_POP()       (*-- dp)
963 #define T0_POPi()      (*(int32_t *)(-- dp))
964 #define T0_PEEK(x)     (*(dp - 1 - (x)))
965 #define T0_PEEKi(x)    (*(int32_t *)(dp - 1 - (x)))
966 #define T0_PUSH(v)     do { *dp = (v); dp ++; } while (0)
967 #define T0_PUSHi(v)    do { *(int32_t *)dp = (v); dp ++; } while (0)
968 #define T0_RPOP()      (*-- rp)
969 #define T0_RPOPi()     (*(int32_t *)(-- rp))
970 #define T0_RPUSH(v)    do { *rp = (v); rp ++; } while (0)
971 #define T0_RPUSHi(v)   do { *(int32_t *)rp = (v); rp ++; } while (0)
972 #define T0_ROLL(x)     do { \
973 	size_t t0len = (size_t)(x); \
974 	uint32_t t0tmp = *(dp - 1 - t0len); \
975 	memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
976 	*(dp - 1) = t0tmp; \
977 } while (0)
978 #define T0_SWAP()      do { \
979 	uint32_t t0tmp = *(dp - 2); \
980 	*(dp - 2) = *(dp - 1); \
981 	*(dp - 1) = t0tmp; \
982 } while (0)
983 #define T0_ROT()       do { \
984 	uint32_t t0tmp = *(dp - 3); \
985 	*(dp - 3) = *(dp - 2); \
986 	*(dp - 2) = *(dp - 1); \
987 	*(dp - 1) = t0tmp; \
988 } while (0)
989 #define T0_NROT()       do { \
990 	uint32_t t0tmp = *(dp - 1); \
991 	*(dp - 1) = *(dp - 2); \
992 	*(dp - 2) = *(dp - 3); \
993 	*(dp - 3) = t0tmp; \
994 } while (0)
995 #define T0_PICK(x)      do { \
996 	uint32_t t0depth = (x); \
997 	T0_PUSH(T0_PEEK(t0depth)); \
998 } while (0)
999 #define T0_CO()         do { \
1000 	goto t0_exit; \
1001 } while (0)
1002 #define T0_RET()        goto t0_next
1003 
1004 	dp = ((t0_context *)t0ctx)->dp;
1005 	rp = ((t0_context *)t0ctx)->rp;
1006 	ip = ((t0_context *)t0ctx)->ip;
1007 	goto t0_next;
1008 	for (;;) {
1009 		uint32_t t0x;
1010 
1011 	t0_next:
1012 		t0x = T0_NEXT(&ip);
1013 		if (t0x < T0_INTERPRETED) {
1014 			switch (t0x) {
1015 				int32_t t0off;
1016 
1017 			case 0: /* ret */
1018 				t0x = T0_RPOP();
1019 				rp -= (t0x >> 16);
1020 				t0x &= 0xFFFF;
1021 				if (t0x == 0) {
1022 					ip = NULL;
1023 					goto t0_exit;
1024 				}
1025 				ip = &t0_codeblock[t0x];
1026 				break;
1027 			case 1: /* literal constant */
1028 				T0_PUSHi(t0_parse7E_signed(&ip));
1029 				break;
1030 			case 2: /* read local */
1031 				T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
1032 				break;
1033 			case 3: /* write local */
1034 				T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1035 				break;
1036 			case 4: /* jump */
1037 				t0off = t0_parse7E_signed(&ip);
1038 				ip += t0off;
1039 				break;
1040 			case 5: /* jump if */
1041 				t0off = t0_parse7E_signed(&ip);
1042 				if (T0_POP()) {
1043 					ip += t0off;
1044 				}
1045 				break;
1046 			case 6: /* jump if not */
1047 				t0off = t0_parse7E_signed(&ip);
1048 				if (!T0_POP()) {
1049 					ip += t0off;
1050 				}
1051 				break;
1052 			case 7: {
1053 				/* * */
1054 
1055 	uint32_t b = T0_POP();
1056 	uint32_t a = T0_POP();
1057 	T0_PUSH(a * b);
1058 
1059 				}
1060 				break;
1061 			case 8: {
1062 				/* + */
1063 
1064 	uint32_t b = T0_POP();
1065 	uint32_t a = T0_POP();
1066 	T0_PUSH(a + b);
1067 
1068 				}
1069 				break;
1070 			case 9: {
1071 				/* - */
1072 
1073 	uint32_t b = T0_POP();
1074 	uint32_t a = T0_POP();
1075 	T0_PUSH(a - b);
1076 
1077 				}
1078 				break;
1079 			case 10: {
1080 				/* -rot */
1081  T0_NROT();
1082 				}
1083 				break;
1084 			case 11: {
1085 				/* < */
1086 
1087 	int32_t b = T0_POPi();
1088 	int32_t a = T0_POPi();
1089 	T0_PUSH(-(uint32_t)(a < b));
1090 
1091 				}
1092 				break;
1093 			case 12: {
1094 				/* << */
1095 
1096 	int c = (int)T0_POPi();
1097 	uint32_t x = T0_POP();
1098 	T0_PUSH(x << c);
1099 
1100 				}
1101 				break;
1102 			case 13: {
1103 				/* <= */
1104 
1105 	int32_t b = T0_POPi();
1106 	int32_t a = T0_POPi();
1107 	T0_PUSH(-(uint32_t)(a <= b));
1108 
1109 				}
1110 				break;
1111 			case 14: {
1112 				/* <> */
1113 
1114 	uint32_t b = T0_POP();
1115 	uint32_t a = T0_POP();
1116 	T0_PUSH(-(uint32_t)(a != b));
1117 
1118 				}
1119 				break;
1120 			case 15: {
1121 				/* = */
1122 
1123 	uint32_t b = T0_POP();
1124 	uint32_t a = T0_POP();
1125 	T0_PUSH(-(uint32_t)(a == b));
1126 
1127 				}
1128 				break;
1129 			case 16: {
1130 				/* > */
1131 
1132 	int32_t b = T0_POPi();
1133 	int32_t a = T0_POPi();
1134 	T0_PUSH(-(uint32_t)(a > b));
1135 
1136 				}
1137 				break;
1138 			case 17: {
1139 				/* >= */
1140 
1141 	int32_t b = T0_POPi();
1142 	int32_t a = T0_POPi();
1143 	T0_PUSH(-(uint32_t)(a >= b));
1144 
1145 				}
1146 				break;
1147 			case 18: {
1148 				/* >> */
1149 
1150 	int c = (int)T0_POPi();
1151 	int32_t x = T0_POPi();
1152 	T0_PUSHi(x >> c);
1153 
1154 				}
1155 				break;
1156 			case 19: {
1157 				/* and */
1158 
1159 	uint32_t b = T0_POP();
1160 	uint32_t a = T0_POP();
1161 	T0_PUSH(a & b);
1162 
1163 				}
1164 				break;
1165 			case 20: {
1166 				/* begin-cert */
1167 
1168 	if (ENG->chain_len == 0) {
1169 		T0_PUSHi(-1);
1170 	} else {
1171 		ENG->cert_cur = ENG->chain->data;
1172 		ENG->cert_len = ENG->chain->data_len;
1173 		ENG->chain ++;
1174 		ENG->chain_len --;
1175 		T0_PUSH(ENG->cert_len);
1176 	}
1177 
1178 				}
1179 				break;
1180 			case 21: {
1181 				/* begin-ta-name */
1182 
1183 	const br_x500_name *dn;
1184 	if (CTX->cur_dn_index >= CTX->num_tas) {
1185 		T0_PUSHi(-1);
1186 	} else {
1187 		if (CTX->ta_names == NULL) {
1188 			dn = &CTX->tas[CTX->cur_dn_index].dn;
1189 		} else {
1190 			dn = &CTX->ta_names[CTX->cur_dn_index];
1191 		}
1192 		CTX->cur_dn_index ++;
1193 		CTX->cur_dn = dn->data;
1194 		CTX->cur_dn_len = dn->len;
1195 		T0_PUSH(CTX->cur_dn_len);
1196 	}
1197 
1198 				}
1199 				break;
1200 			case 22: {
1201 				/* begin-ta-name-list */
1202 
1203 	CTX->cur_dn_index = 0;
1204 
1205 				}
1206 				break;
1207 			case 23: {
1208 				/* bzero */
1209 
1210 	size_t len = (size_t)T0_POP();
1211 	void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1212 	memset(addr, 0, len);
1213 
1214 				}
1215 				break;
1216 			case 24: {
1217 				/* call-policy-handler */
1218 
1219 	int x;
1220 	br_ssl_server_choices choices;
1221 
1222 	x = (*CTX->policy_vtable)->choose(
1223 		CTX->policy_vtable, CTX, &choices);
1224 	ENG->session.cipher_suite = choices.cipher_suite;
1225 	CTX->sign_hash_id = choices.algo_id;
1226 	ENG->chain = choices.chain;
1227 	ENG->chain_len = choices.chain_len;
1228 	T0_PUSHi(-(x != 0));
1229 
1230 				}
1231 				break;
1232 			case 25: {
1233 				/* can-output? */
1234 
1235 	T0_PUSHi(-(ENG->hlen_out > 0));
1236 
1237 				}
1238 				break;
1239 			case 26: {
1240 				/* check-resume */
1241 
1242 	if (ENG->session.session_id_len == 32
1243 		&& CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1244 			CTX->cache_vtable, CTX, &ENG->session))
1245 	{
1246 		T0_PUSHi(-1);
1247 	} else {
1248 		T0_PUSH(0);
1249 	}
1250 
1251 				}
1252 				break;
1253 			case 27: {
1254 				/* co */
1255  T0_CO();
1256 				}
1257 				break;
1258 			case 28: {
1259 				/* compute-Finished-inner */
1260 
1261 	int prf_id = T0_POP();
1262 	int from_client = T0_POPi();
1263 	unsigned char tmp[48];
1264 	br_tls_prf_seed_chunk seed;
1265 
1266 	br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1267 	seed.data = tmp;
1268 	if (ENG->session.version >= BR_TLS12) {
1269 		seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1270 	} else {
1271 		br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1272 		br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1273 		seed.len = 36;
1274 	}
1275 	prf(ENG->pad, 12, ENG->session.master_secret,
1276 		sizeof ENG->session.master_secret,
1277 		from_client ? "client finished" : "server finished",
1278 		1, &seed);
1279 
1280 				}
1281 				break;
1282 			case 29: {
1283 				/* compute-hash-CV */
1284 
1285 	int i;
1286 
1287 	for (i = 1; i <= 6; i ++) {
1288 		br_multihash_out(&ENG->mhash, i,
1289 			ENG->pad + HASH_PAD_OFF[i - 1]);
1290 	}
1291 
1292 				}
1293 				break;
1294 			case 30: {
1295 				/* copy-cert-chunk */
1296 
1297 	size_t clen;
1298 
1299 	clen = ENG->cert_len;
1300 	if (clen > sizeof ENG->pad) {
1301 		clen = sizeof ENG->pad;
1302 	}
1303 	memcpy(ENG->pad, ENG->cert_cur, clen);
1304 	ENG->cert_cur += clen;
1305 	ENG->cert_len -= clen;
1306 	T0_PUSH(clen);
1307 
1308 				}
1309 				break;
1310 			case 31: {
1311 				/* copy-dn-chunk */
1312 
1313 	size_t clen;
1314 
1315 	clen = CTX->cur_dn_len;
1316 	if (clen > sizeof ENG->pad) {
1317 		clen = sizeof ENG->pad;
1318 	}
1319 	memcpy(ENG->pad, CTX->cur_dn, clen);
1320 	CTX->cur_dn += clen;
1321 	CTX->cur_dn_len -= clen;
1322 	T0_PUSH(clen);
1323 
1324 				}
1325 				break;
1326 			case 32: {
1327 				/* copy-hash-CV */
1328 
1329 	int id = T0_POP();
1330 	size_t off, len;
1331 
1332 	if (id == 0) {
1333 		off = 0;
1334 		len = 36;
1335 	} else {
1336 		if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1337 			T0_PUSH(0);
1338 			T0_RET();
1339 		}
1340 		off = HASH_PAD_OFF[id - 1];
1341 		len = HASH_PAD_OFF[id] - off;
1342 	}
1343 	memcpy(CTX->hash_CV, ENG->pad + off, len);
1344 	CTX->hash_CV_len = len;
1345 	CTX->hash_CV_id = id;
1346 	T0_PUSHi(-1);
1347 
1348 				}
1349 				break;
1350 			case 33: {
1351 				/* copy-protocol-name */
1352 
1353 	size_t idx = T0_POP();
1354 	size_t len = strlen(ENG->protocol_names[idx]);
1355 	memcpy(ENG->pad, ENG->protocol_names[idx], len);
1356 	T0_PUSH(len);
1357 
1358 				}
1359 				break;
1360 			case 34: {
1361 				/* data-get8 */
1362 
1363 	size_t addr = T0_POP();
1364 	T0_PUSH(t0_datablock[addr]);
1365 
1366 				}
1367 				break;
1368 			case 35: {
1369 				/* discard-input */
1370 
1371 	ENG->hlen_in = 0;
1372 
1373 				}
1374 				break;
1375 			case 36: {
1376 				/* do-ecdh */
1377 
1378 	int prf_id = T0_POPi();
1379 	size_t len = T0_POP();
1380 	do_ecdh(CTX, prf_id, ENG->pad, len);
1381 
1382 				}
1383 				break;
1384 			case 37: {
1385 				/* do-ecdhe-part1 */
1386 
1387 	int curve = T0_POPi();
1388 	T0_PUSHi(do_ecdhe_part1(CTX, curve));
1389 
1390 				}
1391 				break;
1392 			case 38: {
1393 				/* do-ecdhe-part2 */
1394 
1395 	int prf_id = T0_POPi();
1396 	size_t len = T0_POP();
1397 	do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1398 
1399 				}
1400 				break;
1401 			case 39: {
1402 				/* do-rsa-decrypt */
1403 
1404 	int prf_id = T0_POPi();
1405 	size_t len = T0_POP();
1406 	do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1407 
1408 				}
1409 				break;
1410 			case 40: {
1411 				/* do-static-ecdh */
1412 
1413 	do_static_ecdh(CTX, T0_POP());
1414 
1415 				}
1416 				break;
1417 			case 41: {
1418 				/* drop */
1419  (void)T0_POP();
1420 				}
1421 				break;
1422 			case 42: {
1423 				/* dup */
1424  T0_PUSH(T0_PEEK(0));
1425 				}
1426 				break;
1427 			case 43: {
1428 				/* fail */
1429 
1430 	br_ssl_engine_fail(ENG, (int)T0_POPi());
1431 	T0_CO();
1432 
1433 				}
1434 				break;
1435 			case 44: {
1436 				/* flush-record */
1437 
1438 	br_ssl_engine_flush_record(ENG);
1439 
1440 				}
1441 				break;
1442 			case 45: {
1443 				/* get-key-type-usages */
1444 
1445 	const br_x509_class *xc;
1446 	const br_x509_pkey *pk;
1447 	unsigned usages;
1448 
1449 	xc = *(ENG->x509ctx);
1450 	pk = xc->get_pkey(ENG->x509ctx, &usages);
1451 	if (pk == NULL) {
1452 		T0_PUSH(0);
1453 	} else {
1454 		T0_PUSH(pk->key_type | usages);
1455 	}
1456 
1457 				}
1458 				break;
1459 			case 46: {
1460 				/* get16 */
1461 
1462 	size_t addr = (size_t)T0_POP();
1463 	T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG + addr));
1464 
1465 				}
1466 				break;
1467 			case 47: {
1468 				/* get32 */
1469 
1470 	size_t addr = (size_t)T0_POP();
1471 	T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG + addr));
1472 
1473 				}
1474 				break;
1475 			case 48: {
1476 				/* get8 */
1477 
1478 	size_t addr = (size_t)T0_POP();
1479 	T0_PUSH(*((unsigned char *)ENG + addr));
1480 
1481 				}
1482 				break;
1483 			case 49: {
1484 				/* has-input? */
1485 
1486 	T0_PUSHi(-(ENG->hlen_in != 0));
1487 
1488 				}
1489 				break;
1490 			case 50: {
1491 				/* memcmp */
1492 
1493 	size_t len = (size_t)T0_POP();
1494 	void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1495 	void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1496 	int x = memcmp(addr1, addr2, len);
1497 	T0_PUSH((uint32_t)-(x == 0));
1498 
1499 				}
1500 				break;
1501 			case 51: {
1502 				/* memcpy */
1503 
1504 	size_t len = (size_t)T0_POP();
1505 	void *src = (unsigned char *)ENG + (size_t)T0_POP();
1506 	void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1507 	memcpy(dst, src, len);
1508 
1509 				}
1510 				break;
1511 			case 52: {
1512 				/* mkrand */
1513 
1514 	size_t len = (size_t)T0_POP();
1515 	void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1516 	br_hmac_drbg_generate(&ENG->rng, addr, len);
1517 
1518 				}
1519 				break;
1520 			case 53: {
1521 				/* more-incoming-bytes? */
1522 
1523 	T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1524 
1525 				}
1526 				break;
1527 			case 54: {
1528 				/* multihash-init */
1529 
1530 	br_multihash_init(&ENG->mhash);
1531 
1532 				}
1533 				break;
1534 			case 55: {
1535 				/* neg */
1536 
1537 	uint32_t a = T0_POP();
1538 	T0_PUSH(-a);
1539 
1540 				}
1541 				break;
1542 			case 56: {
1543 				/* not */
1544 
1545 	uint32_t a = T0_POP();
1546 	T0_PUSH(~a);
1547 
1548 				}
1549 				break;
1550 			case 57: {
1551 				/* or */
1552 
1553 	uint32_t b = T0_POP();
1554 	uint32_t a = T0_POP();
1555 	T0_PUSH(a | b);
1556 
1557 				}
1558 				break;
1559 			case 58: {
1560 				/* over */
1561  T0_PUSH(T0_PEEK(1));
1562 				}
1563 				break;
1564 			case 59: {
1565 				/* pick */
1566  T0_PICK(T0_POP());
1567 				}
1568 				break;
1569 			case 60: {
1570 				/* read-chunk-native */
1571 
1572 	size_t clen = ENG->hlen_in;
1573 	if (clen > 0) {
1574 		uint32_t addr, len;
1575 
1576 		len = T0_POP();
1577 		addr = T0_POP();
1578 		if ((size_t)len < clen) {
1579 			clen = (size_t)len;
1580 		}
1581 		memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1582 		if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1583 			br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1584 		}
1585 		T0_PUSH(addr + (uint32_t)clen);
1586 		T0_PUSH(len - (uint32_t)clen);
1587 		ENG->hbuf_in += clen;
1588 		ENG->hlen_in -= clen;
1589 	}
1590 
1591 				}
1592 				break;
1593 			case 61: {
1594 				/* read8-native */
1595 
1596 	if (ENG->hlen_in > 0) {
1597 		unsigned char x;
1598 
1599 		x = *ENG->hbuf_in ++;
1600 		if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1601 			br_multihash_update(&ENG->mhash, &x, 1);
1602 		}
1603 		T0_PUSH(x);
1604 		ENG->hlen_in --;
1605 	} else {
1606 		T0_PUSHi(-1);
1607 	}
1608 
1609 				}
1610 				break;
1611 			case 62: {
1612 				/* save-session */
1613 
1614 	if (CTX->cache_vtable != NULL) {
1615 		(*CTX->cache_vtable)->save(
1616 			CTX->cache_vtable, CTX, &ENG->session);
1617 	}
1618 
1619 				}
1620 				break;
1621 			case 63: {
1622 				/* set-max-frag-len */
1623 
1624 	size_t max_frag_len = T0_POP();
1625 
1626 	br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1627 
1628 	/*
1629 	 * We must adjust our own output limit. Since we call this only
1630 	 * after receiving a ClientHello and before beginning to send
1631 	 * the ServerHello, the next output record should be empty at
1632 	 * that point, so we can use max_frag_len as a limit.
1633 	 */
1634 	if (ENG->hlen_out > max_frag_len) {
1635 		ENG->hlen_out = max_frag_len;
1636 	}
1637 
1638 				}
1639 				break;
1640 			case 64: {
1641 				/* set16 */
1642 
1643 	size_t addr = (size_t)T0_POP();
1644 	*(uint16_t *)(void *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1645 
1646 				}
1647 				break;
1648 			case 65: {
1649 				/* set32 */
1650 
1651 	size_t addr = (size_t)T0_POP();
1652 	*(uint32_t *)(void *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1653 
1654 				}
1655 				break;
1656 			case 66: {
1657 				/* set8 */
1658 
1659 	size_t addr = (size_t)T0_POP();
1660 	*((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1661 
1662 				}
1663 				break;
1664 			case 67: {
1665 				/* supported-curves */
1666 
1667 	uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1668 	T0_PUSH(x);
1669 
1670 				}
1671 				break;
1672 			case 68: {
1673 				/* supported-hash-functions */
1674 
1675 	int i;
1676 	unsigned x, num;
1677 
1678 	x = 0;
1679 	num = 0;
1680 	for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1681 		if (br_multihash_getimpl(&ENG->mhash, i)) {
1682 			x |= 1U << i;
1683 			num ++;
1684 		}
1685 	}
1686 	T0_PUSH(x);
1687 	T0_PUSH(num);
1688 
1689 				}
1690 				break;
1691 			case 69: {
1692 				/* supports-ecdsa? */
1693 
1694 	T0_PUSHi(-(ENG->iecdsa != 0));
1695 
1696 				}
1697 				break;
1698 			case 70: {
1699 				/* supports-rsa-sign? */
1700 
1701 	T0_PUSHi(-(ENG->irsavrfy != 0));
1702 
1703 				}
1704 				break;
1705 			case 71: {
1706 				/* swap */
1707  T0_SWAP();
1708 				}
1709 				break;
1710 			case 72: {
1711 				/* switch-aesccm-in */
1712 
1713 	int is_client, prf_id;
1714 	unsigned cipher_key_len, tag_len;
1715 
1716 	tag_len = T0_POP();
1717 	cipher_key_len = T0_POP();
1718 	prf_id = T0_POP();
1719 	is_client = T0_POP();
1720 	br_ssl_engine_switch_ccm_in(ENG, is_client, prf_id,
1721 		ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1722 
1723 				}
1724 				break;
1725 			case 73: {
1726 				/* switch-aesccm-out */
1727 
1728 	int is_client, prf_id;
1729 	unsigned cipher_key_len, tag_len;
1730 
1731 	tag_len = T0_POP();
1732 	cipher_key_len = T0_POP();
1733 	prf_id = T0_POP();
1734 	is_client = T0_POP();
1735 	br_ssl_engine_switch_ccm_out(ENG, is_client, prf_id,
1736 		ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1737 
1738 				}
1739 				break;
1740 			case 74: {
1741 				/* switch-aesgcm-in */
1742 
1743 	int is_client, prf_id;
1744 	unsigned cipher_key_len;
1745 
1746 	cipher_key_len = T0_POP();
1747 	prf_id = T0_POP();
1748 	is_client = T0_POP();
1749 	br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1750 		ENG->iaes_ctr, cipher_key_len);
1751 
1752 				}
1753 				break;
1754 			case 75: {
1755 				/* switch-aesgcm-out */
1756 
1757 	int is_client, prf_id;
1758 	unsigned cipher_key_len;
1759 
1760 	cipher_key_len = T0_POP();
1761 	prf_id = T0_POP();
1762 	is_client = T0_POP();
1763 	br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1764 		ENG->iaes_ctr, cipher_key_len);
1765 
1766 				}
1767 				break;
1768 			case 76: {
1769 				/* switch-cbc-in */
1770 
1771 	int is_client, prf_id, mac_id, aes;
1772 	unsigned cipher_key_len;
1773 
1774 	cipher_key_len = T0_POP();
1775 	aes = T0_POP();
1776 	mac_id = T0_POP();
1777 	prf_id = T0_POP();
1778 	is_client = T0_POP();
1779 	br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1780 		aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1781 
1782 				}
1783 				break;
1784 			case 77: {
1785 				/* switch-cbc-out */
1786 
1787 	int is_client, prf_id, mac_id, aes;
1788 	unsigned cipher_key_len;
1789 
1790 	cipher_key_len = T0_POP();
1791 	aes = T0_POP();
1792 	mac_id = T0_POP();
1793 	prf_id = T0_POP();
1794 	is_client = T0_POP();
1795 	br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1796 		aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1797 
1798 				}
1799 				break;
1800 			case 78: {
1801 				/* switch-chapol-in */
1802 
1803 	int is_client, prf_id;
1804 
1805 	prf_id = T0_POP();
1806 	is_client = T0_POP();
1807 	br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1808 
1809 				}
1810 				break;
1811 			case 79: {
1812 				/* switch-chapol-out */
1813 
1814 	int is_client, prf_id;
1815 
1816 	prf_id = T0_POP();
1817 	is_client = T0_POP();
1818 	br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1819 
1820 				}
1821 				break;
1822 			case 80: {
1823 				/* ta-names-total-length */
1824 
1825 	size_t u, len;
1826 
1827 	len = 0;
1828 	if (CTX->ta_names != NULL) {
1829 		for (u = 0; u < CTX->num_tas; u ++) {
1830 			len += CTX->ta_names[u].len + 2;
1831 		}
1832 	} else if (CTX->tas != NULL) {
1833 		for (u = 0; u < CTX->num_tas; u ++) {
1834 			len += CTX->tas[u].dn.len + 2;
1835 		}
1836 	}
1837 	T0_PUSH(len);
1838 
1839 				}
1840 				break;
1841 			case 81: {
1842 				/* test-protocol-name */
1843 
1844 	size_t len = T0_POP();
1845 	size_t u;
1846 
1847 	for (u = 0; u < ENG->protocol_names_num; u ++) {
1848 		const char *name;
1849 
1850 		name = ENG->protocol_names[u];
1851 		if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1852 			T0_PUSH(u);
1853 			T0_RET();
1854 		}
1855 	}
1856 	T0_PUSHi(-1);
1857 
1858 				}
1859 				break;
1860 			case 82: {
1861 				/* total-chain-length */
1862 
1863 	size_t u;
1864 	uint32_t total;
1865 
1866 	total = 0;
1867 	for (u = 0; u < ENG->chain_len; u ++) {
1868 		total += 3 + (uint32_t)ENG->chain[u].data_len;
1869 	}
1870 	T0_PUSH(total);
1871 
1872 				}
1873 				break;
1874 			case 83: {
1875 				/* u< */
1876 
1877 	uint32_t b = T0_POP();
1878 	uint32_t a = T0_POP();
1879 	T0_PUSH(-(uint32_t)(a < b));
1880 
1881 				}
1882 				break;
1883 			case 84: {
1884 				/* u>> */
1885 
1886 	int c = (int)T0_POPi();
1887 	uint32_t x = T0_POP();
1888 	T0_PUSH(x >> c);
1889 
1890 				}
1891 				break;
1892 			case 85: {
1893 				/* verify-CV-sig */
1894 
1895 	int err;
1896 
1897 	err = verify_CV_sig(CTX, T0_POP());
1898 	T0_PUSHi(err);
1899 
1900 				}
1901 				break;
1902 			case 86: {
1903 				/* write-blob-chunk */
1904 
1905 	size_t clen = ENG->hlen_out;
1906 	if (clen > 0) {
1907 		uint32_t addr, len;
1908 
1909 		len = T0_POP();
1910 		addr = T0_POP();
1911 		if ((size_t)len < clen) {
1912 			clen = (size_t)len;
1913 		}
1914 		memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1915 		if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1916 			br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1917 		}
1918 		T0_PUSH(addr + (uint32_t)clen);
1919 		T0_PUSH(len - (uint32_t)clen);
1920 		ENG->hbuf_out += clen;
1921 		ENG->hlen_out -= clen;
1922 	}
1923 
1924 				}
1925 				break;
1926 			case 87: {
1927 				/* write8-native */
1928 
1929 	unsigned char x;
1930 
1931 	x = (unsigned char)T0_POP();
1932 	if (ENG->hlen_out > 0) {
1933 		if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1934 			br_multihash_update(&ENG->mhash, &x, 1);
1935 		}
1936 		*ENG->hbuf_out ++ = x;
1937 		ENG->hlen_out --;
1938 		T0_PUSHi(-1);
1939 	} else {
1940 		T0_PUSHi(0);
1941 	}
1942 
1943 				}
1944 				break;
1945 			case 88: {
1946 				/* x509-append */
1947 
1948 	const br_x509_class *xc;
1949 	size_t len;
1950 
1951 	xc = *(ENG->x509ctx);
1952 	len = T0_POP();
1953 	xc->append(ENG->x509ctx, ENG->pad, len);
1954 
1955 				}
1956 				break;
1957 			case 89: {
1958 				/* x509-end-cert */
1959 
1960 	const br_x509_class *xc;
1961 
1962 	xc = *(ENG->x509ctx);
1963 	xc->end_cert(ENG->x509ctx);
1964 
1965 				}
1966 				break;
1967 			case 90: {
1968 				/* x509-end-chain */
1969 
1970 	const br_x509_class *xc;
1971 
1972 	xc = *(ENG->x509ctx);
1973 	T0_PUSH(xc->end_chain(ENG->x509ctx));
1974 
1975 				}
1976 				break;
1977 			case 91: {
1978 				/* x509-start-cert */
1979 
1980 	const br_x509_class *xc;
1981 
1982 	xc = *(ENG->x509ctx);
1983 	xc->start_cert(ENG->x509ctx, T0_POP());
1984 
1985 				}
1986 				break;
1987 			case 92: {
1988 				/* x509-start-chain */
1989 
1990 	const br_x509_class *xc;
1991 	uint32_t bc;
1992 
1993 	bc = T0_POP();
1994 	xc = *(ENG->x509ctx);
1995 	xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1996 
1997 				}
1998 				break;
1999 			}
2000 
2001 		} else {
2002 			T0_ENTER(ip, rp, t0x);
2003 		}
2004 	}
2005 t0_exit:
2006 	((t0_context *)t0ctx)->dp = dp;
2007 	((t0_context *)t0ctx)->rp = rp;
2008 	((t0_context *)t0ctx)->ip = ip;
2009 }
2010