xref: /freebsd/contrib/bearssl/src/x509/x509_minimal.c (revision af23369a6deaaeb612ab266eb88b8bb8d560c322)
1 /* Automatically generated code; do not modify directly. */
2 
3 #include <stddef.h>
4 #include <stdint.h>
5 
6 typedef struct {
7 	uint32_t *dp;
8 	uint32_t *rp;
9 	const unsigned char *ip;
10 } t0_context;
11 
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 	uint32_t x;
16 
17 	x = 0;
18 	for (;;) {
19 		unsigned y;
20 
21 		y = *(*p) ++;
22 		x = (x << 7) | (uint32_t)(y & 0x7F);
23 		if (y < 0x80) {
24 			return x;
25 		}
26 	}
27 }
28 
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 	int neg;
33 	uint32_t x;
34 
35 	neg = ((**p) >> 6) & 1;
36 	x = (uint32_t)-neg;
37 	for (;;) {
38 		unsigned y;
39 
40 		y = *(*p) ++;
41 		x = (x << 7) | (uint32_t)(y & 0x7F);
42 		if (y < 0x80) {
43 			if (neg) {
44 				return -(int32_t)~x - 1;
45 			} else {
46 				return (int32_t)x;
47 			}
48 		}
49 	}
50 }
51 
52 #define T0_VBYTE(x, n)   (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n)   (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x)      (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x)       T0_FBYTE(x, 0)
56 #define T0_INT2(x)       T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x)       T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x)       T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x)       T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60 
61 /* static const unsigned char t0_datablock[]; */
62 
63 
64 void br_x509_minimal_init_main(void *t0ctx);
65 
66 void br_x509_minimal_run(void *t0ctx);
67 
68 
69 
70 #include "inner.h"
71 
72 
73 
74 
75 
76 #include "inner.h"
77 
78 /*
79  * Implementation Notes
80  * --------------------
81  *
82  * The C code pushes the data by chunks; all decoding is done in the
83  * T0 code. The cert_length value is set to the certificate length when
84  * a new certificate is started; the T0 code picks it up as outer limit,
85  * and decoding functions use it to ensure that no attempt is made at
86  * reading past it. The T0 code also checks that once the certificate is
87  * decoded, there are no trailing bytes.
88  *
89  * The T0 code sets cert_length to 0 when the certificate is fully
90  * decoded.
91  *
92  * The C code must still perform two checks:
93  *
94  *  -- If the certificate length is 0, then the T0 code will not be
95  *  invoked at all. This invalid condition must thus be reported by the
96  *  C code.
97  *
98  *  -- When reaching the end of certificate, the C code must verify that
99  *  the certificate length has been set to 0, thereby signaling that
100  *  the T0 code properly decoded a certificate.
101  *
102  * Processing of a chain works in the following way:
103  *
104  *  -- The error flag is set to a non-zero value when validation is
105  *  finished. The value is either BR_ERR_X509_OK (validation is
106  *  successful) or another non-zero error code. When a non-zero error
107  *  code is obtained, the remaining bytes in the current certificate and
108  *  the subsequent certificates (if any) are completely ignored.
109  *
110  *  -- Each certificate is decoded in due course, with the following
111  *  "interesting points":
112  *
113  *     -- Start of the TBS: the multihash engine is reset and activated.
114  *
115  *     -- Start of the issuer DN: the secondary hash engine is started,
116  *     to process the encoded issuer DN.
117  *
118  *     -- End of the issuer DN: the secondary hash engine is stopped. The
119  *     resulting hash value is computed and then copied into the
120  *     next_dn_hash[] buffer.
121  *
122  *     -- Start of the subject DN: the secondary hash engine is started,
123  *     to process the encoded subject DN.
124  *
125  *     -- For the EE certificate only: the Common Name, if any, is matched
126  *     against the expected server name.
127  *
128  *     -- End of the subject DN: the secondary hash engine is stopped. The
129  *     resulting hash value is computed into the pad. It is then processed:
130  *
131  *        -- If this is the EE certificate, then the hash is ignored
132  *        (except for direct trust processing, see later; the hash is
133  *        simply left in current_dn_hash[]).
134  *
135  *        -- Otherwise, the hashed subject DN is compared with the saved
136  *        hash value (in saved_dn_hash[]). They must match.
137  *
138  *     Either way, the next_dn_hash[] value is then copied into the
139  *     saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]
140  *     contains the hash of the issuer DN for the current certificate,
141  *     and current_dn_hash[] contains the hash of the subject DN for the
142  *     current certificate.
143  *
144  *     -- Public key: it is decoded into the cert_pkey[] buffer. Unknown
145  *     key types are reported at that point.
146  *
147  *        -- If this is the EE certificate, then the key type is compared
148  *        with the expected key type (initialization parameter). The public
149  *        key data is copied to ee_pkey_data[]. The key and hashed subject
150  *        DN are also compared with the "direct trust" keys; if the key
151  *        and DN are matched, then validation ends with a success.
152  *
153  *        -- Otherwise, the saved signature (cert_sig[]) is verified
154  *        against the saved TBS hash (tbs_hash[]) and that freshly
155  *        decoded public key. Failure here ends validation with an error.
156  *
157  *     -- Extensions: extension values are processed in due order.
158  *
159  *        -- Basic Constraints: for all certificates except EE, must be
160  *        present, indicate a CA, and have a path length compatible with
161  *        the chain length so far.
162  *
163  *        -- Key Usage: for the EE, if present, must allow signatures
164  *        or encryption/key exchange, as required for the cipher suite.
165  *        For non-EE, if present, must have the "certificate sign" bit.
166  *
167  *        -- Subject Alt Name: for the EE, dNSName names are matched
168  *        against the server name. Ignored for non-EE.
169  *
170  *        -- Authority Key Identifier, Subject Key Identifier, Issuer
171  *        Alt Name, Subject Directory Attributes, CRL Distribution Points
172  *        Freshest CRL, Authority Info Access and Subject Info Access
173  *        extensions are always ignored: they either contain only
174  *        informative data, or they relate to revocation processing, which
175  *        we explicitly do not support.
176  *
177  *        -- All other extensions are ignored if non-critical. If a
178  *        critical extension other than the ones above is encountered,
179  *        then a failure is reported.
180  *
181  *     -- End of the TBS: the multihash engine is stopped.
182  *
183  *     -- Signature algorithm: the signature algorithm on the
184  *     certificate is decoded. A failure is reported if that algorithm
185  *     is unknown. The hashed TBS corresponding to the signature hash
186  *     function is computed and stored in tbs_hash[] (if not supported,
187  *     then a failure is reported). The hash OID and length are stored
188  *     in cert_sig_hash_oid and cert_sig_hash_len.
189  *
190  *     -- Signature value: the signature value is copied into the
191  *     cert_sig[] array.
192  *
193  *     -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is
194  *     looked up in the trust store (CA trust anchors only); for all
195  *     that match, the signature (cert_sig[]) is verified against the
196  *     anchor public key (hashed TBS is in tbs_hash[]). If one of these
197  *     signatures is valid, then validation ends with a success.
198  *
199  *  -- If the chain end is reached without obtaining a validation success,
200  *  then validation is reported as failed.
201  */
202 
203 #if BR_USE_UNIX_TIME
204 #include <time.h>
205 #endif
206 
207 #if BR_USE_WIN32_TIME
208 #include <windows.h>
209 #endif
210 
211 /*
212  * The T0 compiler will produce these prototypes declarations in the
213  * header.
214  *
215 void br_x509_minimal_init_main(void *ctx);
216 void br_x509_minimal_run(void *ctx);
217  */
218 
219 /* see bearssl_x509.h */
220 void
221 br_x509_minimal_init(br_x509_minimal_context *ctx,
222 	const br_hash_class *dn_hash_impl,
223 	const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num)
224 {
225 	memset(ctx, 0, sizeof *ctx);
226 	ctx->vtable = &br_x509_minimal_vtable;
227 	ctx->dn_hash_impl = dn_hash_impl;
228 	ctx->trust_anchors = trust_anchors;
229 	ctx->trust_anchors_num = trust_anchors_num;
230 }
231 
232 static void
233 xm_start_chain(const br_x509_class **ctx, const char *server_name)
234 {
235 	br_x509_minimal_context *cc;
236 	size_t u;
237 
238 	cc = (br_x509_minimal_context *)(void *)ctx;
239 	for (u = 0; u < cc->num_name_elts; u ++) {
240 		cc->name_elts[u].status = 0;
241 		cc->name_elts[u].buf[0] = 0;
242 	}
243 	memset(&cc->pkey, 0, sizeof cc->pkey);
244 	cc->num_certs = 0;
245 	cc->err = 0;
246 	cc->cpu.dp = cc->dp_stack;
247 	cc->cpu.rp = cc->rp_stack;
248 	br_x509_minimal_init_main(&cc->cpu);
249 	if (server_name == NULL || *server_name == 0) {
250 		cc->server_name = NULL;
251 	} else {
252 		cc->server_name = server_name;
253 	}
254 }
255 
256 static void
257 xm_start_cert(const br_x509_class **ctx, uint32_t length)
258 {
259 	br_x509_minimal_context *cc;
260 
261 	cc = (br_x509_minimal_context *)(void *)ctx;
262 	if (cc->err != 0) {
263 		return;
264 	}
265 	if (length == 0) {
266 		cc->err = BR_ERR_X509_TRUNCATED;
267 		return;
268 	}
269 	cc->cert_length = length;
270 }
271 
272 static void
273 xm_append(const br_x509_class **ctx, const unsigned char *buf, size_t len)
274 {
275 	br_x509_minimal_context *cc;
276 
277 	cc = (br_x509_minimal_context *)(void *)ctx;
278 	if (cc->err != 0) {
279 		return;
280 	}
281 	cc->hbuf = buf;
282 	cc->hlen = len;
283 	br_x509_minimal_run(&cc->cpu);
284 }
285 
286 static void
287 xm_end_cert(const br_x509_class **ctx)
288 {
289 	br_x509_minimal_context *cc;
290 
291 	cc = (br_x509_minimal_context *)(void *)ctx;
292 	if (cc->err == 0 && cc->cert_length != 0) {
293 		cc->err = BR_ERR_X509_TRUNCATED;
294 	}
295 	cc->num_certs ++;
296 }
297 
298 static unsigned
299 xm_end_chain(const br_x509_class **ctx)
300 {
301 	br_x509_minimal_context *cc;
302 
303 	cc = (br_x509_minimal_context *)(void *)ctx;
304 	if (cc->err == 0) {
305 		if (cc->num_certs == 0) {
306 			cc->err = BR_ERR_X509_EMPTY_CHAIN;
307 		} else {
308 			cc->err = BR_ERR_X509_NOT_TRUSTED;
309 		}
310 	} else if (cc->err == BR_ERR_X509_OK) {
311 		return 0;
312 	}
313 	return (unsigned)cc->err;
314 }
315 
316 static const br_x509_pkey *
317 xm_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
318 {
319 	br_x509_minimal_context *cc;
320 
321 	cc = (br_x509_minimal_context *)(void *)ctx;
322 	if (cc->err == BR_ERR_X509_OK
323 		|| cc->err == BR_ERR_X509_NOT_TRUSTED)
324 	{
325 		if (usages != NULL) {
326 			*usages = cc->key_usages;
327 		}
328 		return &((br_x509_minimal_context *)(void *)ctx)->pkey;
329 	} else {
330 		return NULL;
331 	}
332 }
333 
334 /* see bearssl_x509.h */
335 const br_x509_class br_x509_minimal_vtable = {
336 	sizeof(br_x509_minimal_context),
337 	xm_start_chain,
338 	xm_start_cert,
339 	xm_append,
340 	xm_end_cert,
341 	xm_end_chain,
342 	xm_get_pkey
343 };
344 
345 #define CTX   ((br_x509_minimal_context *)(void *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))
346 #define CONTEXT_NAME   br_x509_minimal_context
347 
348 #define DNHASH_LEN   ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)
349 
350 /*
351  * Hash a DN (from a trust anchor) into the provided buffer. This uses the
352  * DN hash implementation and context structure from the X.509 engine
353  * context.
354  */
355 static void
356 hash_dn(br_x509_minimal_context *ctx, const void *dn, size_t len,
357 	unsigned char *out)
358 {
359 	ctx->dn_hash_impl->init(&ctx->dn_hash.vtable);
360 	ctx->dn_hash_impl->update(&ctx->dn_hash.vtable, dn, len);
361 	ctx->dn_hash_impl->out(&ctx->dn_hash.vtable, out);
362 }
363 
364 /*
365  * Compare two big integers for equality. The integers use unsigned big-endian
366  * encoding; extra leading bytes (of value 0) are allowed.
367  */
368 static int
369 eqbigint(const unsigned char *b1, size_t len1,
370 	const unsigned char *b2, size_t len2)
371 {
372 	while (len1 > 0 && *b1 == 0) {
373 		b1 ++;
374 		len1 --;
375 	}
376 	while (len2 > 0 && *b2 == 0) {
377 		b2 ++;
378 		len2 --;
379 	}
380 	if (len1 != len2) {
381 		return 0;
382 	}
383 	return memcmp(b1, b2, len1) == 0;
384 }
385 
386 /*
387  * Compare two strings for equality, in a case-insensitive way. This
388  * function handles casing only for ASCII letters.
389  */
390 static int
391 eqnocase(const void *s1, const void *s2, size_t len)
392 {
393 	const unsigned char *buf1, *buf2;
394 
395 	buf1 = s1;
396 	buf2 = s2;
397 	while (len -- > 0) {
398 		int x1, x2;
399 
400 		x1 = *buf1 ++;
401 		x2 = *buf2 ++;
402 		if (x1 >= 'A' && x1 <= 'Z') {
403 			x1 += 'a' - 'A';
404 		}
405 		if (x2 >= 'A' && x2 <= 'Z') {
406 			x2 += 'a' - 'A';
407 		}
408 		if (x1 != x2) {
409 			return 0;
410 		}
411 	}
412 	return 1;
413 }
414 
415 static int verify_signature(br_x509_minimal_context *ctx,
416 	const br_x509_pkey *pk);
417 
418 
419 
420 static const unsigned char t0_datablock[] = {
421 	0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,
422 	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,
423 	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,
424 	0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
425 	0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
426 	0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,
427 	0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
428 	0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
429 	0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,
430 	0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,
431 	0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,
432 	0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,
433 	0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,
434 	0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
435 	0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,
436 	0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E,
437 	0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F,
438 	0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E,
439 	0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F,
440 	0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F,
441 	0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x20, 0x08, 0x2B, 0x06, 0x01,
442 	0x05, 0x05, 0x07, 0x02, 0x01, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D,
443 	0x0E, 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D,
444 	0x1F, 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
445 	0x01, 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B
446 };
447 
448 static const unsigned char t0_codeblock[] = {
449 	0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01,
450 	0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A,
451 	0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
452 	T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01,
453 	T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01,
454 	T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01,
455 	T0_INT1(BR_ERR_X509_BAD_TAG_CLASS), 0x00, 0x00, 0x01,
456 	T0_INT1(BR_ERR_X509_BAD_TAG_VALUE), 0x00, 0x00, 0x01,
457 	T0_INT1(BR_ERR_X509_BAD_TIME), 0x00, 0x00, 0x01,
458 	T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION), 0x00, 0x00, 0x01,
459 	T0_INT1(BR_ERR_X509_DN_MISMATCH), 0x00, 0x00, 0x01,
460 	T0_INT1(BR_ERR_X509_EXPIRED), 0x00, 0x00, 0x01,
461 	T0_INT1(BR_ERR_X509_EXTRA_ELEMENT), 0x00, 0x00, 0x01,
462 	T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE), 0x00, 0x00, 0x01,
463 	T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH), 0x00, 0x00, 0x01,
464 	T0_INT1(BR_ERR_X509_INNER_TRUNC), 0x00, 0x00, 0x01,
465 	T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
466 	T0_INT1(BR_ERR_X509_NOT_CA), 0x00, 0x00, 0x01,
467 	T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED), 0x00, 0x00, 0x01,
468 	T0_INT1(BR_ERR_X509_NOT_PRIMITIVE), 0x00, 0x00, 0x01,
469 	T0_INT1(BR_ERR_X509_OVERFLOW), 0x00, 0x00, 0x01,
470 	T0_INT1(BR_ERR_X509_PARTIAL_BYTE), 0x00, 0x00, 0x01,
471 	T0_INT1(BR_ERR_X509_UNEXPECTED), 0x00, 0x00, 0x01,
472 	T0_INT1(BR_ERR_X509_UNSUPPORTED), 0x00, 0x00, 0x01,
473 	T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY), 0x00, 0x00, 0x01,
474 	T0_INT1(BR_KEYTYPE_EC), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA),
475 	0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_length)), 0x00,
476 	0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig)), 0x00, 0x00,
477 	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_len)), 0x00, 0x00,
478 	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_oid)), 0x00, 0x00,
479 	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_len)), 0x00, 0x00, 0x01,
480 	T0_INT2(offsetof(CONTEXT_NAME, cert_signer_key_type)), 0x00, 0x00,
481 	0x01, T0_INT2(offsetof(CONTEXT_NAME, current_dn_hash)), 0x00, 0x00,
482 	0x01, T0_INT2(offsetof(CONTEXT_NAME, key_usages)), 0x00, 0x00, 0x01,
483 	T0_INT2(offsetof(br_x509_minimal_context, pkey_data)), 0x01,
484 	T0_INT2(BR_X509_BUFSIZE_KEY), 0x00, 0x00, 0x01,
485 	T0_INT2(offsetof(CONTEXT_NAME, min_rsa_size)), 0x00, 0x00, 0x01,
486 	T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01,
487 	T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01,
488 	T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01,
489 	T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0x01, 0x80,
490 	0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00, 0x01, 0x81, 0x02, 0x00,
491 	0x00, 0x8F, 0x05, 0x05, 0x33, 0x41, 0x01, 0x00, 0x00, 0x33, 0x01, 0x0A,
492 	0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x82,
493 	0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00, 0x01, 0x81, 0x68, 0x00,
494 	0x02, 0x03, 0x00, 0x03, 0x01, 0x26, 0x02, 0x01, 0x13, 0x3A, 0x02, 0x00,
495 	0x0F, 0x15, 0x00, 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x51,
496 	0x29, 0x00, 0x00, 0x06, 0x02, 0x52, 0x29, 0x00, 0x00, 0x01, 0x10, 0x74,
497 	0x00, 0x00, 0x11, 0x05, 0x02, 0x55, 0x29, 0x71, 0x00, 0x00, 0x11, 0x05,
498 	0x02, 0x55, 0x29, 0x72, 0x00, 0x00, 0x06, 0x02, 0x4B, 0x29, 0x00, 0x00,
499 	0x01, 0x82, 0x11, 0x00, 0x00, 0x26, 0x21, 0x01, 0x08, 0x0E, 0x3A, 0x3F,
500 	0x21, 0x09, 0x00, 0x0B, 0x03, 0x00, 0x5A, 0x2B, 0xAC, 0x38, 0xAC, 0xB0,
501 	0x26, 0x01, 0x20, 0x11, 0x06, 0x11, 0x25, 0x71, 0xAA, 0xB0, 0x01, 0x02,
502 	0x75, 0xAD, 0x01, 0x02, 0x12, 0x06, 0x02, 0x56, 0x29, 0x76, 0xB0, 0x01,
503 	0x02, 0x75, 0xAB, 0xAC, 0xBF, 0x99, 0x64, 0x60, 0x22, 0x16, 0xAC, 0xA4,
504 	0x03, 0x01, 0x03, 0x02, 0xA4, 0x02, 0x02, 0x02, 0x01, 0x19, 0x06, 0x02,
505 	0x4A, 0x29, 0x76, 0x02, 0x00, 0x06, 0x05, 0x9A, 0x03, 0x03, 0x04, 0x09,
506 	0x99, 0x60, 0x67, 0x22, 0x28, 0x05, 0x02, 0x49, 0x29, 0x67, 0x64, 0x22,
507 	0x16, 0xAC, 0xAC, 0x9B, 0x05, 0x02, 0x56, 0x29, 0xB9, 0x27, 0x06, 0x27,
508 	0xBF, 0xA1, 0xAC, 0x62, 0xA7, 0x03, 0x05, 0x62, 0x3A, 0x02, 0x05, 0x09,
509 	0x3A, 0x02, 0x05, 0x0A, 0xA7, 0x03, 0x06, 0x76, 0x63, 0x2A, 0x01, 0x81,
510 	0x00, 0x09, 0x02, 0x05, 0x12, 0x06, 0x02, 0x57, 0x29, 0x76, 0x59, 0x03,
511 	0x04, 0x04, 0x3A, 0x85, 0x27, 0x06, 0x34, 0x9B, 0x05, 0x02, 0x56, 0x29,
512 	0x68, 0x27, 0x06, 0x04, 0x01, 0x17, 0x04, 0x12, 0x69, 0x27, 0x06, 0x04,
513 	0x01, 0x18, 0x04, 0x0A, 0x6A, 0x27, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02,
514 	0x56, 0x29, 0x03, 0x07, 0x76, 0xA1, 0x26, 0x03, 0x08, 0x26, 0x62, 0x33,
515 	0x0D, 0x06, 0x02, 0x4F, 0x29, 0xA2, 0x58, 0x03, 0x04, 0x04, 0x02, 0x56,
516 	0x29, 0x76, 0x02, 0x00, 0x06, 0x21, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06,
517 	0x08, 0x25, 0x02, 0x05, 0x02, 0x06, 0x1E, 0x04, 0x10, 0x58, 0x30, 0x11,
518 	0x06, 0x08, 0x25, 0x02, 0x07, 0x02, 0x08, 0x1D, 0x04, 0x03, 0x56, 0x29,
519 	0x25, 0x04, 0x24, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06, 0x08, 0x25, 0x02,
520 	0x05, 0x02, 0x06, 0x24, 0x04, 0x10, 0x58, 0x30, 0x11, 0x06, 0x08, 0x25,
521 	0x02, 0x07, 0x02, 0x08, 0x23, 0x04, 0x03, 0x56, 0x29, 0x25, 0x26, 0x06,
522 	0x01, 0x29, 0x25, 0x01, 0x00, 0x03, 0x09, 0xB1, 0x01, 0x21, 0x8C, 0x01,
523 	0x22, 0x8C, 0x26, 0x01, 0x23, 0x11, 0x06, 0x81, 0x26, 0x25, 0x71, 0xAA,
524 	0xAC, 0x26, 0x06, 0x81, 0x1A, 0x01, 0x00, 0x03, 0x0A, 0xAC, 0x9B, 0x25,
525 	0xB0, 0x26, 0x01, 0x01, 0x11, 0x06, 0x04, 0xA3, 0x03, 0x0A, 0xB0, 0x01,
526 	0x04, 0x75, 0xAA, 0x6E, 0x27, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC0,
527 	0x04, 0x05, 0x96, 0x01, 0x7F, 0x03, 0x09, 0x04, 0x80, 0x6C, 0x8E, 0x27,
528 	0x06, 0x06, 0x02, 0x00, 0x98, 0x04, 0x80, 0x62, 0xC2, 0x27, 0x06, 0x11,
529 	0x02, 0x00, 0x06, 0x09, 0x01, 0x00, 0x03, 0x03, 0x95, 0x03, 0x03, 0x04,
530 	0x01, 0xC0, 0x04, 0x80, 0x4D, 0x70, 0x27, 0x06, 0x0A, 0x02, 0x0A, 0x06,
531 	0x03, 0x97, 0x04, 0x01, 0xC0, 0x04, 0x3F, 0x6D, 0x27, 0x06, 0x03, 0xC0,
532 	0x04, 0x38, 0xC5, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x31, 0x8D, 0x27, 0x06,
533 	0x03, 0xC0, 0x04, 0x2A, 0xC3, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x23, 0x77,
534 	0x27, 0x06, 0x03, 0xC0, 0x04, 0x1C, 0x82, 0x27, 0x06, 0x03, 0xC0, 0x04,
535 	0x15, 0x6C, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x0E, 0xC4, 0x27, 0x06, 0x03,
536 	0xC0, 0x04, 0x07, 0x02, 0x0A, 0x06, 0x02, 0x48, 0x29, 0xC0, 0x76, 0x76,
537 	0x04, 0xFE, 0x62, 0x76, 0x76, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02,
538 	0x55, 0x29, 0x25, 0x76, 0x39, 0x02, 0x00, 0x06, 0x08, 0x02, 0x03, 0x3B,
539 	0x2F, 0x05, 0x02, 0x44, 0x29, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00,
540 	0x02, 0x09, 0x2F, 0x05, 0x02, 0x50, 0x29, 0xB0, 0x73, 0xAA, 0x9B, 0x06,
541 	0x80, 0x77, 0xBA, 0x27, 0x06, 0x07, 0x01, 0x02, 0x59, 0x87, 0x04, 0x80,
542 	0x5E, 0xBB, 0x27, 0x06, 0x07, 0x01, 0x03, 0x59, 0x88, 0x04, 0x80, 0x53,
543 	0xBC, 0x27, 0x06, 0x07, 0x01, 0x04, 0x59, 0x89, 0x04, 0x80, 0x48, 0xBD,
544 	0x27, 0x06, 0x06, 0x01, 0x05, 0x59, 0x8A, 0x04, 0x3E, 0xBE, 0x27, 0x06,
545 	0x06, 0x01, 0x06, 0x59, 0x8B, 0x04, 0x34, 0x7C, 0x27, 0x06, 0x06, 0x01,
546 	0x02, 0x58, 0x87, 0x04, 0x2A, 0x7D, 0x27, 0x06, 0x06, 0x01, 0x03, 0x58,
547 	0x88, 0x04, 0x20, 0x7E, 0x27, 0x06, 0x06, 0x01, 0x04, 0x58, 0x89, 0x04,
548 	0x16, 0x7F, 0x27, 0x06, 0x06, 0x01, 0x05, 0x58, 0x8A, 0x04, 0x0C, 0x80,
549 	0x27, 0x06, 0x06, 0x01, 0x06, 0x58, 0x8B, 0x04, 0x02, 0x56, 0x29, 0x5D,
550 	0x34, 0x5F, 0x36, 0x1C, 0x26, 0x05, 0x02, 0x56, 0x29, 0x5C, 0x36, 0x04,
551 	0x02, 0x56, 0x29, 0xBF, 0xA1, 0x26, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG),
552 	0x12, 0x06, 0x02, 0x4F, 0x29, 0x26, 0x5E, 0x34, 0x5B, 0xA2, 0x76, 0x76,
553 	0x01, 0x00, 0x5A, 0x35, 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x26, 0x01,
554 	0x00, 0x01, 0x09, 0x6F, 0x05, 0x02, 0x47, 0x29, 0x00, 0x00, 0x30, 0x30,
555 	0x00, 0x00, 0x01, 0x81, 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00,
556 	0x01, 0x81, 0x19, 0x00, 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81,
557 	0x2B, 0x00, 0x01, 0x7B, 0x01, 0x01, 0x11, 0x3A, 0x01, 0x83, 0xFD, 0x7F,
558 	0x11, 0x15, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x3A, 0x26, 0x03, 0x00, 0x26,
559 	0xC6, 0x05, 0x04, 0x41, 0x01, 0x00, 0x00, 0x26, 0x01, 0x81, 0x00, 0x0D,
560 	0x06, 0x04, 0x93, 0x04, 0x80, 0x49, 0x26, 0x01, 0x90, 0x00, 0x0D, 0x06,
561 	0x0F, 0x01, 0x06, 0x14, 0x01, 0x81, 0x40, 0x2F, 0x93, 0x02, 0x00, 0x01,
562 	0x00, 0x94, 0x04, 0x33, 0x26, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14,
563 	0x01, 0x0C, 0x14, 0x01, 0x81, 0x60, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x06,
564 	0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01,
565 	0x81, 0x70, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x0C, 0x94, 0x02, 0x00, 0x01,
566 	0x06, 0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x00, 0x00, 0x01, 0x82, 0x15,
567 	0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x6F,
568 	0x00, 0x00, 0x01, 0x81, 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00,
569 	0x01, 0x81, 0x78, 0x00, 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43,
570 	0x00, 0x00, 0x01, 0x80, 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00,
571 	0x01, 0x80, 0x61, 0x00, 0x00, 0x30, 0x11, 0x06, 0x04, 0x41, 0xAA, 0xBF,
572 	0xB1, 0x00, 0x00, 0x01, 0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00,
573 	0x00, 0x26, 0x01, 0x83, 0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x6F, 0x00,
574 	0x00, 0x01, 0x30, 0x61, 0x36, 0x01, 0x7F, 0x79, 0x1A, 0x01, 0x00, 0x79,
575 	0x1A, 0x04, 0x7A, 0x00, 0x01, 0x81, 0x38, 0x00, 0x01, 0x7B, 0x0D, 0x06,
576 	0x02, 0x4E, 0x29, 0x26, 0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30,
577 	0x26, 0x3E, 0x3A, 0x01, 0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x41, 0x01,
578 	0x00, 0x00, 0x30, 0x66, 0x09, 0x36, 0x3F, 0x00, 0x00, 0x14, 0x01, 0x3F,
579 	0x15, 0x01, 0x81, 0x00, 0x2F, 0x93, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00,
580 	0xAC, 0x26, 0x06, 0x80, 0x59, 0xB0, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17,
581 	0x25, 0x71, 0xAA, 0x9B, 0x25, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB0, 0x01,
582 	0x20, 0x74, 0xAA, 0xAF, 0x02, 0x01, 0x20, 0x76, 0x76, 0x04, 0x38, 0x01,
583 	0x21, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x01, 0x1F, 0x04,
584 	0x2A, 0x01, 0x22, 0x30, 0x11, 0x06, 0x11, 0x25, 0x72, 0xB3, 0x26, 0x06,
585 	0x06, 0x2C, 0x02, 0x00, 0x2F, 0x03, 0x00, 0x01, 0x02, 0x1F, 0x04, 0x13,
586 	0x01, 0x26, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x06, 0x1F,
587 	0x04, 0x05, 0x41, 0xAB, 0x01, 0x00, 0x25, 0x04, 0xFF, 0x23, 0x76, 0x02,
588 	0x00, 0x00, 0x00, 0xAC, 0xB1, 0x26, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA3,
589 	0x05, 0x02, 0x50, 0x29, 0xB1, 0x04, 0x02, 0x50, 0x29, 0x26, 0x01, 0x02,
590 	0x11, 0x06, 0x0C, 0x25, 0x72, 0xAD, 0x65, 0x2B, 0x40, 0x0D, 0x06, 0x02,
591 	0x50, 0x29, 0xB1, 0x01, 0x7F, 0x10, 0x06, 0x02, 0x55, 0x29, 0x25, 0x76,
592 	0x00, 0x00, 0xAC, 0x26, 0x06, 0x1A, 0xAC, 0x9B, 0x25, 0x26, 0x06, 0x11,
593 	0xAC, 0x26, 0x06, 0x0C, 0xAC, 0x9B, 0x25, 0x86, 0x27, 0x05, 0x02, 0x48,
594 	0x29, 0xBF, 0x04, 0x71, 0x76, 0x76, 0x04, 0x63, 0x76, 0x00, 0x02, 0x03,
595 	0x00, 0xB0, 0x01, 0x03, 0x75, 0xAA, 0xB7, 0x03, 0x01, 0x02, 0x01, 0x01,
596 	0x07, 0x12, 0x06, 0x02, 0x55, 0x29, 0x26, 0x01, 0x00, 0x30, 0x11, 0x06,
597 	0x05, 0x25, 0x4C, 0x29, 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A,
598 	0x25, 0xB7, 0x02, 0x01, 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x25, 0xB7,
599 	0x01, 0x00, 0x25, 0x02, 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38,
600 	0x15, 0x06, 0x03, 0x01, 0x10, 0x2F, 0x3A, 0x01, 0x81, 0x40, 0x15, 0x06,
601 	0x03, 0x01, 0x20, 0x2F, 0x61, 0x36, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05,
602 	0x02, 0x4C, 0x29, 0xBF, 0x00, 0x00, 0x37, 0xAC, 0xBF, 0x1B, 0x00, 0x03,
603 	0x01, 0x00, 0x03, 0x00, 0x37, 0xAC, 0x26, 0x06, 0x30, 0xB0, 0x01, 0x11,
604 	0x74, 0xAA, 0x26, 0x05, 0x02, 0x43, 0x29, 0x26, 0x06, 0x20, 0xAC, 0x9B,
605 	0x25, 0x84, 0x27, 0x03, 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xAF, 0x26,
606 	0x02, 0x01, 0x15, 0x06, 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00,
607 	0x02, 0x02, 0x20, 0x76, 0x04, 0x5D, 0x76, 0x04, 0x4D, 0x76, 0x1B, 0x02,
608 	0x00, 0x00, 0x00, 0xB0, 0x01, 0x06, 0x75, 0xAE, 0x00, 0x00, 0xB5, 0x83,
609 	0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00,
610 	0xB5, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25, 0x01, 0x00, 0x04, 0x00,
611 	0x00, 0x00, 0xB6, 0x83, 0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01,
612 	0x00, 0x01, 0x00, 0x00, 0xB6, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25,
613 	0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D,
614 	0x06, 0x04, 0x00, 0x04, 0x80, 0x55, 0x26, 0x01, 0x81, 0x40, 0x0D, 0x06,
615 	0x07, 0x25, 0x01, 0x00, 0x00, 0x04, 0x80, 0x47, 0x26, 0x01, 0x81, 0x60,
616 	0x0D, 0x06, 0x0E, 0x01, 0x1F, 0x15, 0x01, 0x01, 0xA0, 0x01, 0x81, 0x00,
617 	0x01, 0x8F, 0x7F, 0x04, 0x32, 0x26, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F,
618 	0x01, 0x0F, 0x15, 0x01, 0x02, 0xA0, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF,
619 	0x7F, 0x04, 0x1C, 0x26, 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07,
620 	0x15, 0x01, 0x03, 0xA0, 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF,
621 	0x7F, 0x04, 0x04, 0x25, 0x01, 0x00, 0x00, 0x6F, 0x05, 0x03, 0x25, 0x01,
622 	0x00, 0x00, 0x00, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x7F,
623 	0x00, 0xB7, 0x33, 0x26, 0x3C, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x01, 0x06,
624 	0x0E, 0x3A, 0x26, 0x01, 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x41,
625 	0x01, 0x7F, 0x00, 0x01, 0x3F, 0x15, 0x09, 0x00, 0x00, 0x26, 0x06, 0x06,
626 	0x0B, 0x9F, 0x33, 0x40, 0x04, 0x77, 0x25, 0x26, 0x00, 0x00, 0xB0, 0x01,
627 	0x03, 0x75, 0xAA, 0xB7, 0x06, 0x02, 0x54, 0x29, 0x00, 0x00, 0x3A, 0x26,
628 	0x06, 0x07, 0x31, 0x26, 0x06, 0x01, 0x1A, 0x04, 0x76, 0x41, 0x00, 0x00,
629 	0x01, 0x01, 0x75, 0xA9, 0x01, 0x01, 0x10, 0x06, 0x02, 0x42, 0x29, 0xB7,
630 	0x3D, 0x00, 0x04, 0xB0, 0x26, 0x01, 0x17, 0x01, 0x18, 0x6F, 0x05, 0x02,
631 	0x47, 0x29, 0x01, 0x18, 0x11, 0x03, 0x00, 0x72, 0xAA, 0xA5, 0x02, 0x00,
632 	0x06, 0x0C, 0x01, 0x80, 0x64, 0x08, 0x03, 0x01, 0xA5, 0x02, 0x01, 0x09,
633 	0x04, 0x0E, 0x26, 0x01, 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09,
634 	0x01, 0x8E, 0x6C, 0x09, 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08,
635 	0x02, 0x01, 0x01, 0x03, 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01,
636 	0x80, 0x63, 0x09, 0x01, 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83,
637 	0x0F, 0x09, 0x01, 0x83, 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01,
638 	0x0C, 0xA6, 0x40, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3E,
639 	0x02, 0x01, 0x01, 0x80, 0x64, 0x07, 0x3D, 0x02, 0x01, 0x01, 0x83, 0x10,
640 	0x07, 0x3E, 0x2F, 0x15, 0x06, 0x03, 0x01, 0x18, 0x09, 0x91, 0x09, 0x78,
641 	0x26, 0x01, 0x05, 0x14, 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15,
642 	0x01, 0x01, 0x3A, 0xA6, 0x02, 0x03, 0x09, 0x40, 0x03, 0x03, 0x01, 0x00,
643 	0x01, 0x17, 0xA6, 0x01, 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01,
644 	0x3B, 0xA6, 0x01, 0x3C, 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00,
645 	0x01, 0x3C, 0xA6, 0x02, 0x02, 0x09, 0x03, 0x02, 0xB7, 0x26, 0x01, 0x2E,
646 	0x11, 0x06, 0x0D, 0x25, 0xB7, 0x26, 0x01, 0x30, 0x01, 0x39, 0x6F, 0x06,
647 	0x03, 0x25, 0x04, 0x74, 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x47, 0x29,
648 	0x76, 0x02, 0x03, 0x02, 0x02, 0x00, 0x01, 0xB7, 0x7A, 0x01, 0x0A, 0x08,
649 	0x03, 0x00, 0xB7, 0x7A, 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03,
650 	0x01, 0xA5, 0x26, 0x02, 0x01, 0x02, 0x00, 0x6F, 0x05, 0x02, 0x47, 0x29,
651 	0x00, 0x00, 0x33, 0xB0, 0x01, 0x02, 0x75, 0x0B, 0xA8, 0x00, 0x03, 0x26,
652 	0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0xAA, 0xB7, 0x26, 0x01, 0x81, 0x00,
653 	0x13, 0x06, 0x02, 0x53, 0x29, 0x26, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x25,
654 	0x26, 0x05, 0x04, 0x25, 0x01, 0x00, 0x00, 0xB7, 0x04, 0x6F, 0x02, 0x01,
655 	0x26, 0x05, 0x02, 0x4F, 0x29, 0x40, 0x03, 0x01, 0x02, 0x02, 0x36, 0x02,
656 	0x02, 0x3F, 0x03, 0x02, 0x26, 0x06, 0x03, 0xB7, 0x04, 0x68, 0x25, 0x02,
657 	0x00, 0x02, 0x01, 0x0A, 0x00, 0x01, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D,
658 	0x06, 0x01, 0x00, 0x01, 0x81, 0x00, 0x0A, 0x26, 0x05, 0x02, 0x4D, 0x29,
659 	0x03, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02,
660 	0x00, 0x40, 0x03, 0x00, 0x26, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06,
661 	0x02, 0x4E, 0x29, 0x01, 0x08, 0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x04, 0x60,
662 	0x00, 0x00, 0xA9, 0x92, 0x00, 0x00, 0xAA, 0xBF, 0x00, 0x00, 0xB0, 0x73,
663 	0xAA, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x02, 0x53, 0x29, 0xB7, 0x26, 0x01,
664 	0x81, 0x00, 0x13, 0x06, 0x02, 0x53, 0x29, 0x03, 0x00, 0x26, 0x06, 0x16,
665 	0xB7, 0x02, 0x00, 0x26, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02,
666 	0x53, 0x29, 0x01, 0x08, 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x25, 0x02,
667 	0x00, 0x00, 0x00, 0xAA, 0x26, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xBF,
668 	0x01, 0x00, 0x66, 0x36, 0x01, 0x00, 0x00, 0x26, 0x66, 0x36, 0x66, 0x3F,
669 	0xA2, 0x01, 0x7F, 0x00, 0x00, 0xB0, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05,
670 	0x25, 0x72, 0xB3, 0x04, 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x25,
671 	0x72, 0xB4, 0x04, 0x33, 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72,
672 	0xB4, 0x04, 0x28, 0x01, 0x14, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4,
673 	0x04, 0x1D, 0x01, 0x16, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4, 0x04,
674 	0x12, 0x01, 0x1E, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB2, 0x04, 0x07,
675 	0x41, 0xAB, 0x01, 0x00, 0x01, 0x00, 0x25, 0x00, 0x01, 0xB7, 0x03, 0x00,
676 	0x02, 0x00, 0x01, 0x05, 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01,
677 	0x06, 0x14, 0x26, 0x01, 0x01, 0x15, 0x06, 0x02, 0x45, 0x29, 0x01, 0x04,
678 	0x0E, 0x02, 0x00, 0x01, 0x1F, 0x15, 0x26, 0x01, 0x1F, 0x11, 0x06, 0x02,
679 	0x46, 0x29, 0x09, 0x00, 0x00, 0x26, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F,
680 	0x00, 0xB0, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x05, 0x66, 0x36, 0x01, 0x7F,
681 	0x00, 0x01, 0x01, 0x03, 0x00, 0x9C, 0x26, 0x01, 0x83, 0xFF, 0x7E, 0x11,
682 	0x06, 0x16, 0x25, 0x26, 0x06, 0x10, 0x9D, 0x26, 0x05, 0x05, 0x25, 0xBF,
683 	0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B,
684 	0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03,
685 	0x00, 0x26, 0x06, 0x0B, 0x9C, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00,
686 	0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00, 0x40, 0x66,
687 	0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00, 0x26, 0x06,
688 	0x10, 0x9E, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00,
689 	0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00,
690 	0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00,
691 	0x26, 0x06, 0x10, 0xB7, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00,
692 	0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05,
693 	0x01, 0x00, 0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x00, 0xB7, 0x01, 0x08,
694 	0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x00, 0x00, 0xB7, 0x3A, 0xB7, 0x01, 0x08,
695 	0x0E, 0x33, 0x09, 0x00, 0x00, 0x26, 0x05, 0x02, 0x4E, 0x29, 0x40, 0xB8,
696 	0x00, 0x00, 0x32, 0x26, 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x25, 0x1A,
697 	0x04, 0x74, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01,
698 	0x15, 0x00, 0x00, 0x01, 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01,
699 	0x33, 0x00, 0x00, 0xC0, 0x25, 0x00, 0x00, 0x26, 0x06, 0x07, 0xC1, 0x26,
700 	0x06, 0x01, 0x1A, 0x04, 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B,
701 	0x41, 0x00, 0x00, 0x01, 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00,
702 	0x00, 0x01, 0x82, 0x22, 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x26,
703 	0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFB, 0x6F, 0x6F, 0x06, 0x04, 0x25,
704 	0x01, 0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xBF, 0x7F,
705 	0x6F, 0x06, 0x04, 0x25, 0x01, 0x00, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x15,
706 	0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00
707 };
708 
709 static const uint16_t t0_caddr[] = {
710 	0,
711 	5,
712 	10,
713 	15,
714 	20,
715 	25,
716 	29,
717 	33,
718 	37,
719 	41,
720 	45,
721 	49,
722 	53,
723 	57,
724 	61,
725 	65,
726 	69,
727 	73,
728 	77,
729 	81,
730 	85,
731 	89,
732 	93,
733 	97,
734 	101,
735 	105,
736 	109,
737 	113,
738 	117,
739 	121,
740 	125,
741 	130,
742 	135,
743 	140,
744 	145,
745 	150,
746 	155,
747 	160,
748 	165,
749 	173,
750 	178,
751 	183,
752 	188,
753 	193,
754 	198,
755 	203,
756 	208,
757 	213,
758 	234,
759 	239,
760 	244,
761 	249,
762 	264,
763 	269,
764 	275,
765 	281,
766 	286,
767 	294,
768 	302,
769 	308,
770 	313,
771 	324,
772 	960,
773 	975,
774 	979,
775 	984,
776 	989,
777 	994,
778 	999,
779 	1004,
780 	1118,
781 	1123,
782 	1135,
783 	1140,
784 	1145,
785 	1150,
786 	1154,
787 	1159,
788 	1164,
789 	1169,
790 	1174,
791 	1184,
792 	1189,
793 	1194,
794 	1206,
795 	1221,
796 	1226,
797 	1240,
798 	1262,
799 	1273,
800 	1376,
801 	1423,
802 	1456,
803 	1547,
804 	1553,
805 	1616,
806 	1623,
807 	1651,
808 	1679,
809 	1784,
810 	1826,
811 	1839,
812 	1851,
813 	1865,
814 	1880,
815 	2100,
816 	2114,
817 	2131,
818 	2140,
819 	2207,
820 	2263,
821 	2267,
822 	2271,
823 	2276,
824 	2324,
825 	2350,
826 	2426,
827 	2470,
828 	2481,
829 	2566,
830 	2604,
831 	2642,
832 	2652,
833 	2662,
834 	2671,
835 	2684,
836 	2688,
837 	2692,
838 	2696,
839 	2700,
840 	2704,
841 	2708,
842 	2712,
843 	2724,
844 	2732,
845 	2737,
846 	2742,
847 	2747,
848 	2752
849 };
850 
851 #define T0_INTERPRETED   60
852 
853 #define T0_ENTER(ip, rp, slot)   do { \
854 		const unsigned char *t0_newip; \
855 		uint32_t t0_lnum; \
856 		t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
857 		t0_lnum = t0_parse7E_unsigned(&t0_newip); \
858 		(rp) += t0_lnum; \
859 		*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
860 		(ip) = t0_newip; \
861 	} while (0)
862 
863 #define T0_DEFENTRY(name, slot) \
864 void \
865 name(void *ctx) \
866 { \
867 	t0_context *t0ctx = ctx; \
868 	t0ctx->ip = &t0_codeblock[0]; \
869 	T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
870 }
871 
872 T0_DEFENTRY(br_x509_minimal_init_main, 144)
873 
874 #define T0_NEXT(t0ipp)   (*(*(t0ipp)) ++)
875 
876 void
877 br_x509_minimal_run(void *t0ctx)
878 {
879 	uint32_t *dp, *rp;
880 	const unsigned char *ip;
881 
882 #define T0_LOCAL(x)    (*(rp - 2 - (x)))
883 #define T0_POP()       (*-- dp)
884 #define T0_POPi()      (*(int32_t *)(-- dp))
885 #define T0_PEEK(x)     (*(dp - 1 - (x)))
886 #define T0_PEEKi(x)    (*(int32_t *)(dp - 1 - (x)))
887 #define T0_PUSH(v)     do { *dp = (v); dp ++; } while (0)
888 #define T0_PUSHi(v)    do { *(int32_t *)dp = (v); dp ++; } while (0)
889 #define T0_RPOP()      (*-- rp)
890 #define T0_RPOPi()     (*(int32_t *)(-- rp))
891 #define T0_RPUSH(v)    do { *rp = (v); rp ++; } while (0)
892 #define T0_RPUSHi(v)   do { *(int32_t *)rp = (v); rp ++; } while (0)
893 #define T0_ROLL(x)     do { \
894 	size_t t0len = (size_t)(x); \
895 	uint32_t t0tmp = *(dp - 1 - t0len); \
896 	memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
897 	*(dp - 1) = t0tmp; \
898 } while (0)
899 #define T0_SWAP()      do { \
900 	uint32_t t0tmp = *(dp - 2); \
901 	*(dp - 2) = *(dp - 1); \
902 	*(dp - 1) = t0tmp; \
903 } while (0)
904 #define T0_ROT()       do { \
905 	uint32_t t0tmp = *(dp - 3); \
906 	*(dp - 3) = *(dp - 2); \
907 	*(dp - 2) = *(dp - 1); \
908 	*(dp - 1) = t0tmp; \
909 } while (0)
910 #define T0_NROT()       do { \
911 	uint32_t t0tmp = *(dp - 1); \
912 	*(dp - 1) = *(dp - 2); \
913 	*(dp - 2) = *(dp - 3); \
914 	*(dp - 3) = t0tmp; \
915 } while (0)
916 #define T0_PICK(x)      do { \
917 	uint32_t t0depth = (x); \
918 	T0_PUSH(T0_PEEK(t0depth)); \
919 } while (0)
920 #define T0_CO()         do { \
921 	goto t0_exit; \
922 } while (0)
923 #define T0_RET()        goto t0_next
924 
925 	dp = ((t0_context *)t0ctx)->dp;
926 	rp = ((t0_context *)t0ctx)->rp;
927 	ip = ((t0_context *)t0ctx)->ip;
928 	goto t0_next;
929 	for (;;) {
930 		uint32_t t0x;
931 
932 	t0_next:
933 		t0x = T0_NEXT(&ip);
934 		if (t0x < T0_INTERPRETED) {
935 			switch (t0x) {
936 				int32_t t0off;
937 
938 			case 0: /* ret */
939 				t0x = T0_RPOP();
940 				rp -= (t0x >> 16);
941 				t0x &= 0xFFFF;
942 				if (t0x == 0) {
943 					ip = NULL;
944 					goto t0_exit;
945 				}
946 				ip = &t0_codeblock[t0x];
947 				break;
948 			case 1: /* literal constant */
949 				T0_PUSHi(t0_parse7E_signed(&ip));
950 				break;
951 			case 2: /* read local */
952 				T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
953 				break;
954 			case 3: /* write local */
955 				T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
956 				break;
957 			case 4: /* jump */
958 				t0off = t0_parse7E_signed(&ip);
959 				ip += t0off;
960 				break;
961 			case 5: /* jump if */
962 				t0off = t0_parse7E_signed(&ip);
963 				if (T0_POP()) {
964 					ip += t0off;
965 				}
966 				break;
967 			case 6: /* jump if not */
968 				t0off = t0_parse7E_signed(&ip);
969 				if (!T0_POP()) {
970 					ip += t0off;
971 				}
972 				break;
973 			case 7: {
974 				/* %25 */
975 
976 	int32_t b = T0_POPi();
977 	int32_t a = T0_POPi();
978 	T0_PUSHi(a % b);
979 
980 				}
981 				break;
982 			case 8: {
983 				/* * */
984 
985 	uint32_t b = T0_POP();
986 	uint32_t a = T0_POP();
987 	T0_PUSH(a * b);
988 
989 				}
990 				break;
991 			case 9: {
992 				/* + */
993 
994 	uint32_t b = T0_POP();
995 	uint32_t a = T0_POP();
996 	T0_PUSH(a + b);
997 
998 				}
999 				break;
1000 			case 10: {
1001 				/* - */
1002 
1003 	uint32_t b = T0_POP();
1004 	uint32_t a = T0_POP();
1005 	T0_PUSH(a - b);
1006 
1007 				}
1008 				break;
1009 			case 11: {
1010 				/* -rot */
1011  T0_NROT();
1012 				}
1013 				break;
1014 			case 12: {
1015 				/* / */
1016 
1017 	int32_t b = T0_POPi();
1018 	int32_t a = T0_POPi();
1019 	T0_PUSHi(a / b);
1020 
1021 				}
1022 				break;
1023 			case 13: {
1024 				/* < */
1025 
1026 	int32_t b = T0_POPi();
1027 	int32_t a = T0_POPi();
1028 	T0_PUSH(-(uint32_t)(a < b));
1029 
1030 				}
1031 				break;
1032 			case 14: {
1033 				/* << */
1034 
1035 	int c = (int)T0_POPi();
1036 	uint32_t x = T0_POP();
1037 	T0_PUSH(x << c);
1038 
1039 				}
1040 				break;
1041 			case 15: {
1042 				/* <= */
1043 
1044 	int32_t b = T0_POPi();
1045 	int32_t a = T0_POPi();
1046 	T0_PUSH(-(uint32_t)(a <= b));
1047 
1048 				}
1049 				break;
1050 			case 16: {
1051 				/* <> */
1052 
1053 	uint32_t b = T0_POP();
1054 	uint32_t a = T0_POP();
1055 	T0_PUSH(-(uint32_t)(a != b));
1056 
1057 				}
1058 				break;
1059 			case 17: {
1060 				/* = */
1061 
1062 	uint32_t b = T0_POP();
1063 	uint32_t a = T0_POP();
1064 	T0_PUSH(-(uint32_t)(a == b));
1065 
1066 				}
1067 				break;
1068 			case 18: {
1069 				/* > */
1070 
1071 	int32_t b = T0_POPi();
1072 	int32_t a = T0_POPi();
1073 	T0_PUSH(-(uint32_t)(a > b));
1074 
1075 				}
1076 				break;
1077 			case 19: {
1078 				/* >= */
1079 
1080 	int32_t b = T0_POPi();
1081 	int32_t a = T0_POPi();
1082 	T0_PUSH(-(uint32_t)(a >= b));
1083 
1084 				}
1085 				break;
1086 			case 20: {
1087 				/* >> */
1088 
1089 	int c = (int)T0_POPi();
1090 	int32_t x = T0_POPi();
1091 	T0_PUSHi(x >> c);
1092 
1093 				}
1094 				break;
1095 			case 21: {
1096 				/* and */
1097 
1098 	uint32_t b = T0_POP();
1099 	uint32_t a = T0_POP();
1100 	T0_PUSH(a & b);
1101 
1102 				}
1103 				break;
1104 			case 22: {
1105 				/* blobcopy */
1106 
1107 	size_t len = T0_POP();
1108 	unsigned char *src = (unsigned char *)CTX + T0_POP();
1109 	unsigned char *dst = (unsigned char *)CTX + T0_POP();
1110 	memcpy(dst, src, len);
1111 
1112 				}
1113 				break;
1114 			case 23: {
1115 				/* check-direct-trust */
1116 
1117 	size_t u;
1118 
1119 	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1120 		const br_x509_trust_anchor *ta;
1121 		unsigned char hashed_DN[64];
1122 		int kt;
1123 
1124 		ta = &CTX->trust_anchors[u];
1125 		if (ta->flags & BR_X509_TA_CA) {
1126 			continue;
1127 		}
1128 		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1129 		if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {
1130 			continue;
1131 		}
1132 		kt = CTX->pkey.key_type;
1133 		if ((ta->pkey.key_type & 0x0F) != kt) {
1134 			continue;
1135 		}
1136 		switch (kt) {
1137 
1138 		case BR_KEYTYPE_RSA:
1139 			if (!eqbigint(CTX->pkey.key.rsa.n,
1140 				CTX->pkey.key.rsa.nlen,
1141 				ta->pkey.key.rsa.n,
1142 				ta->pkey.key.rsa.nlen)
1143 				|| !eqbigint(CTX->pkey.key.rsa.e,
1144 				CTX->pkey.key.rsa.elen,
1145 				ta->pkey.key.rsa.e,
1146 				ta->pkey.key.rsa.elen))
1147 			{
1148 				continue;
1149 			}
1150 			break;
1151 
1152 		case BR_KEYTYPE_EC:
1153 			if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve
1154 				|| CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen
1155 				|| memcmp(CTX->pkey.key.ec.q,
1156 					ta->pkey.key.ec.q,
1157 					ta->pkey.key.ec.qlen) != 0)
1158 			{
1159 				continue;
1160 			}
1161 			break;
1162 
1163 		default:
1164 			continue;
1165 		}
1166 
1167 		/*
1168 		 * Direct trust match!
1169 		 */
1170 		CTX->err = BR_ERR_X509_OK;
1171 		T0_CO();
1172 	}
1173 
1174 				}
1175 				break;
1176 			case 24: {
1177 				/* check-trust-anchor-CA */
1178 
1179 	size_t u;
1180 
1181 	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1182 		const br_x509_trust_anchor *ta;
1183 		unsigned char hashed_DN[64];
1184 
1185 		ta = &CTX->trust_anchors[u];
1186 		if (!(ta->flags & BR_X509_TA_CA)) {
1187 			continue;
1188 		}
1189 		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1190 		if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {
1191 			continue;
1192 		}
1193 		if (verify_signature(CTX, &ta->pkey) == 0) {
1194 			CTX->err = BR_ERR_X509_OK;
1195 			T0_CO();
1196 		}
1197 	}
1198 
1199 				}
1200 				break;
1201 			case 25: {
1202 				/* check-validity-range */
1203 
1204 	uint32_t nbs = T0_POP();
1205 	uint32_t nbd = T0_POP();
1206 	uint32_t nas = T0_POP();
1207 	uint32_t nad = T0_POP();
1208 	int r;
1209 	if (CTX->itime != 0) {
1210 		r = CTX->itime(CTX->itime_ctx, nbd, nbs, nad, nas);
1211 		if (r < -1 || r > 1) {
1212 			CTX->err = BR_ERR_X509_TIME_UNKNOWN;
1213 			T0_CO();
1214 		}
1215 	} else {
1216 		uint32_t vd = CTX->days;
1217 		uint32_t vs = CTX->seconds;
1218 		if (vd == 0 && vs == 0) {
1219 #if BR_USE_UNIX_TIME
1220 			time_t x = time(NULL);
1221 
1222 			vd = (uint32_t)(x / 86400) + 719528;
1223 			vs = (uint32_t)(x % 86400);
1224 #elif BR_USE_WIN32_TIME
1225 			FILETIME ft;
1226 			uint64_t x;
1227 
1228 			GetSystemTimeAsFileTime(&ft);
1229 			x = ((uint64_t)ft.dwHighDateTime << 32)
1230 				+ (uint64_t)ft.dwLowDateTime;
1231 			x = (x / 10000000);
1232 			vd = (uint32_t)(x / 86400) + 584754;
1233 			vs = (uint32_t)(x % 86400);
1234 #else
1235 			CTX->err = BR_ERR_X509_TIME_UNKNOWN;
1236 			T0_CO();
1237 #endif
1238 		}
1239 		if (vd < nbd || (vd == nbd && vs < nbs)) {
1240 			r = -1;
1241 		} else if (vd > nad || (vd == nad && vs > nas)) {
1242 			r = 1;
1243 		} else {
1244 			r = 0;
1245 		}
1246 	}
1247 	T0_PUSHi(r);
1248 
1249 				}
1250 				break;
1251 			case 26: {
1252 				/* co */
1253  T0_CO();
1254 				}
1255 				break;
1256 			case 27: {
1257 				/* compute-dn-hash */
1258 
1259 	CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash);
1260 	CTX->do_dn_hash = 0;
1261 
1262 				}
1263 				break;
1264 			case 28: {
1265 				/* compute-tbs-hash */
1266 
1267 	int id = T0_POPi();
1268 	size_t len;
1269 	len = br_multihash_out(&CTX->mhash, id, CTX->tbs_hash);
1270 	T0_PUSH(len);
1271 
1272 				}
1273 				break;
1274 			case 29: {
1275 				/* copy-ee-ec-pkey */
1276 
1277 	size_t qlen = T0_POP();
1278 	uint32_t curve = T0_POP();
1279 	memcpy(CTX->ee_pkey_data, CTX->pkey_data, qlen);
1280 	CTX->pkey.key_type = BR_KEYTYPE_EC;
1281 	CTX->pkey.key.ec.curve = curve;
1282 	CTX->pkey.key.ec.q = CTX->ee_pkey_data;
1283 	CTX->pkey.key.ec.qlen = qlen;
1284 
1285 				}
1286 				break;
1287 			case 30: {
1288 				/* copy-ee-rsa-pkey */
1289 
1290 	size_t elen = T0_POP();
1291 	size_t nlen = T0_POP();
1292 	memcpy(CTX->ee_pkey_data, CTX->pkey_data, nlen + elen);
1293 	CTX->pkey.key_type = BR_KEYTYPE_RSA;
1294 	CTX->pkey.key.rsa.n = CTX->ee_pkey_data;
1295 	CTX->pkey.key.rsa.nlen = nlen;
1296 	CTX->pkey.key.rsa.e = CTX->ee_pkey_data + nlen;
1297 	CTX->pkey.key.rsa.elen = elen;
1298 
1299 				}
1300 				break;
1301 			case 31: {
1302 				/* copy-name-SAN */
1303 
1304 	unsigned tag = T0_POP();
1305 	unsigned ok = T0_POP();
1306 	size_t u, len;
1307 
1308 	len = CTX->pad[0];
1309 	for (u = 0; u < CTX->num_name_elts; u ++) {
1310 		br_name_element *ne;
1311 
1312 		ne = &CTX->name_elts[u];
1313 		if (ne->status == 0 && ne->oid[0] == 0 && ne->oid[1] == tag) {
1314 			if (ok && ne->len > len) {
1315 				memcpy(ne->buf, CTX->pad + 1, len);
1316 				ne->buf[len] = 0;
1317 				ne->status = 1;
1318 			} else {
1319 				ne->status = -1;
1320 			}
1321 			break;
1322 		}
1323 	}
1324 
1325 				}
1326 				break;
1327 			case 32: {
1328 				/* copy-name-element */
1329 
1330 	size_t len;
1331 	int32_t off = T0_POPi();
1332 	int ok = T0_POPi();
1333 
1334 	if (off >= 0) {
1335 		br_name_element *ne = &CTX->name_elts[off];
1336 
1337 		if (ok) {
1338 			len = CTX->pad[0];
1339 			if (len < ne->len) {
1340 				memcpy(ne->buf, CTX->pad + 1, len);
1341 				ne->buf[len] = 0;
1342 				ne->status = 1;
1343 			} else {
1344 				ne->status = -1;
1345 			}
1346 		} else {
1347 			ne->status = -1;
1348 		}
1349 	}
1350 
1351 				}
1352 				break;
1353 			case 33: {
1354 				/* data-get8 */
1355 
1356 	size_t addr = T0_POP();
1357 	T0_PUSH(t0_datablock[addr]);
1358 
1359 				}
1360 				break;
1361 			case 34: {
1362 				/* dn-hash-length */
1363 
1364 	T0_PUSH(DNHASH_LEN);
1365 
1366 				}
1367 				break;
1368 			case 35: {
1369 				/* do-ecdsa-vrfy */
1370 
1371 	size_t qlen = T0_POP();
1372 	int curve = T0_POP();
1373 	br_x509_pkey pk;
1374 
1375 	pk.key_type = BR_KEYTYPE_EC;
1376 	pk.key.ec.curve = curve;
1377 	pk.key.ec.q = CTX->pkey_data;
1378 	pk.key.ec.qlen = qlen;
1379 	T0_PUSH(verify_signature(CTX, &pk));
1380 
1381 				}
1382 				break;
1383 			case 36: {
1384 				/* do-rsa-vrfy */
1385 
1386 	size_t elen = T0_POP();
1387 	size_t nlen = T0_POP();
1388 	br_x509_pkey pk;
1389 
1390 	pk.key_type = BR_KEYTYPE_RSA;
1391 	pk.key.rsa.n = CTX->pkey_data;
1392 	pk.key.rsa.nlen = nlen;
1393 	pk.key.rsa.e = CTX->pkey_data + nlen;
1394 	pk.key.rsa.elen = elen;
1395 	T0_PUSH(verify_signature(CTX, &pk));
1396 
1397 				}
1398 				break;
1399 			case 37: {
1400 				/* drop */
1401  (void)T0_POP();
1402 				}
1403 				break;
1404 			case 38: {
1405 				/* dup */
1406  T0_PUSH(T0_PEEK(0));
1407 				}
1408 				break;
1409 			case 39: {
1410 				/* eqOID */
1411 
1412 	const unsigned char *a2 = &t0_datablock[T0_POP()];
1413 	const unsigned char *a1 = &CTX->pad[0];
1414 	size_t len = a1[0];
1415 	int x;
1416 	if (len == a2[0]) {
1417 		x = -(memcmp(a1 + 1, a2 + 1, len) == 0);
1418 	} else {
1419 		x = 0;
1420 	}
1421 	T0_PUSH((uint32_t)x);
1422 
1423 				}
1424 				break;
1425 			case 40: {
1426 				/* eqblob */
1427 
1428 	size_t len = T0_POP();
1429 	const unsigned char *a2 = (const unsigned char *)CTX + T0_POP();
1430 	const unsigned char *a1 = (const unsigned char *)CTX + T0_POP();
1431 	T0_PUSHi(-(memcmp(a1, a2, len) == 0));
1432 
1433 				}
1434 				break;
1435 			case 41: {
1436 				/* fail */
1437 
1438 	CTX->err = T0_POPi();
1439 	T0_CO();
1440 
1441 				}
1442 				break;
1443 			case 42: {
1444 				/* get16 */
1445 
1446 	uint32_t addr = T0_POP();
1447 	T0_PUSH(*(uint16_t *)(void *)((unsigned char *)CTX + addr));
1448 
1449 				}
1450 				break;
1451 			case 43: {
1452 				/* get32 */
1453 
1454 	uint32_t addr = T0_POP();
1455 	T0_PUSH(*(uint32_t *)(void *)((unsigned char *)CTX + addr));
1456 
1457 				}
1458 				break;
1459 			case 44: {
1460 				/* match-server-name */
1461 
1462 	size_t n1, n2;
1463 
1464 	if (CTX->server_name == NULL) {
1465 		T0_PUSH(0);
1466 		T0_RET();
1467 	}
1468 	n1 = strlen(CTX->server_name);
1469 	n2 = CTX->pad[0];
1470 	if (n1 == n2 && eqnocase(&CTX->pad[1], CTX->server_name, n1)) {
1471 		T0_PUSHi(-1);
1472 		T0_RET();
1473 	}
1474 	if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {
1475 		size_t u;
1476 
1477 		u = 0;
1478 		while (u < n1 && CTX->server_name[u] != '.') {
1479 			u ++;
1480 		}
1481 		u ++;
1482 		n1 -= u;
1483 		if ((n2 - 2) == n1
1484 			&& eqnocase(&CTX->pad[3], CTX->server_name + u, n1))
1485 		{
1486 			T0_PUSHi(-1);
1487 			T0_RET();
1488 		}
1489 	}
1490 	T0_PUSH(0);
1491 
1492 				}
1493 				break;
1494 			case 45: {
1495 				/* neg */
1496 
1497 	uint32_t a = T0_POP();
1498 	T0_PUSH(-a);
1499 
1500 				}
1501 				break;
1502 			case 46: {
1503 				/* offset-name-element */
1504 
1505 	unsigned san = T0_POP();
1506 	size_t u;
1507 
1508 	for (u = 0; u < CTX->num_name_elts; u ++) {
1509 		if (CTX->name_elts[u].status == 0) {
1510 			const unsigned char *oid;
1511 			size_t len, off;
1512 
1513 			oid = CTX->name_elts[u].oid;
1514 			if (san) {
1515 				if (oid[0] != 0 || oid[1] != 0) {
1516 					continue;
1517 				}
1518 				off = 2;
1519 			} else {
1520 				off = 0;
1521 			}
1522 			len = oid[off];
1523 			if (len != 0 && len == CTX->pad[0]
1524 				&& memcmp(oid + off + 1,
1525 					CTX->pad + 1, len) == 0)
1526 			{
1527 				T0_PUSH(u);
1528 				T0_RET();
1529 			}
1530 		}
1531 	}
1532 	T0_PUSHi(-1);
1533 
1534 				}
1535 				break;
1536 			case 47: {
1537 				/* or */
1538 
1539 	uint32_t b = T0_POP();
1540 	uint32_t a = T0_POP();
1541 	T0_PUSH(a | b);
1542 
1543 				}
1544 				break;
1545 			case 48: {
1546 				/* over */
1547  T0_PUSH(T0_PEEK(1));
1548 				}
1549 				break;
1550 			case 49: {
1551 				/* read-blob-inner */
1552 
1553 	uint32_t len = T0_POP();
1554 	uint32_t addr = T0_POP();
1555 	size_t clen = CTX->hlen;
1556 	if (clen > len) {
1557 		clen = (size_t)len;
1558 	}
1559 	if (addr != 0) {
1560 		memcpy((unsigned char *)CTX + addr, CTX->hbuf, clen);
1561 	}
1562 	if (CTX->do_mhash) {
1563 		br_multihash_update(&CTX->mhash, CTX->hbuf, clen);
1564 	}
1565 	if (CTX->do_dn_hash) {
1566 		CTX->dn_hash_impl->update(
1567 			&CTX->dn_hash.vtable, CTX->hbuf, clen);
1568 	}
1569 	CTX->hbuf += clen;
1570 	CTX->hlen -= clen;
1571 	T0_PUSH(addr + clen);
1572 	T0_PUSH(len - clen);
1573 
1574 				}
1575 				break;
1576 			case 50: {
1577 				/* read8-low */
1578 
1579 	if (CTX->hlen == 0) {
1580 		T0_PUSHi(-1);
1581 	} else {
1582 		unsigned char x = *CTX->hbuf ++;
1583 		if (CTX->do_mhash) {
1584 			br_multihash_update(&CTX->mhash, &x, 1);
1585 		}
1586 		if (CTX->do_dn_hash) {
1587 			CTX->dn_hash_impl->update(&CTX->dn_hash.vtable, &x, 1);
1588 		}
1589 		CTX->hlen --;
1590 		T0_PUSH(x);
1591 	}
1592 
1593 				}
1594 				break;
1595 			case 51: {
1596 				/* rot */
1597  T0_ROT();
1598 				}
1599 				break;
1600 			case 52: {
1601 				/* set16 */
1602 
1603 	uint32_t addr = T0_POP();
1604 	*(uint16_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();
1605 
1606 				}
1607 				break;
1608 			case 53: {
1609 				/* set32 */
1610 
1611 	uint32_t addr = T0_POP();
1612 	*(uint32_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();
1613 
1614 				}
1615 				break;
1616 			case 54: {
1617 				/* set8 */
1618 
1619 	uint32_t addr = T0_POP();
1620 	*((unsigned char *)CTX + addr) = (unsigned char)T0_POP();
1621 
1622 				}
1623 				break;
1624 			case 55: {
1625 				/* start-dn-hash */
1626 
1627 	CTX->dn_hash_impl->init(&CTX->dn_hash.vtable);
1628 	CTX->do_dn_hash = 1;
1629 
1630 				}
1631 				break;
1632 			case 56: {
1633 				/* start-tbs-hash */
1634 
1635 	br_multihash_init(&CTX->mhash);
1636 	CTX->do_mhash = 1;
1637 
1638 				}
1639 				break;
1640 			case 57: {
1641 				/* stop-tbs-hash */
1642 
1643 	CTX->do_mhash = 0;
1644 
1645 				}
1646 				break;
1647 			case 58: {
1648 				/* swap */
1649  T0_SWAP();
1650 				}
1651 				break;
1652 			case 59: {
1653 				/* zero-server-name */
1654 
1655 	T0_PUSHi(-(CTX->server_name == NULL));
1656 
1657 				}
1658 				break;
1659 			}
1660 
1661 		} else {
1662 			T0_ENTER(ip, rp, t0x);
1663 		}
1664 	}
1665 t0_exit:
1666 	((t0_context *)t0ctx)->dp = dp;
1667 	((t0_context *)t0ctx)->rp = rp;
1668 	((t0_context *)t0ctx)->ip = ip;
1669 }
1670 
1671 
1672 
1673 /*
1674  * Verify the signature on the certificate with the provided public key.
1675  * This function checks the public key type with regards to the expected
1676  * type. Returned value is either 0 on success, or a non-zero error code.
1677  */
1678 static int
1679 verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk)
1680 {
1681 	int kt;
1682 
1683 	kt = ctx->cert_signer_key_type;
1684 	if ((pk->key_type & 0x0F) != kt) {
1685 		return BR_ERR_X509_WRONG_KEY_TYPE;
1686 	}
1687 	switch (kt) {
1688 		unsigned char tmp[64];
1689 
1690 	case BR_KEYTYPE_RSA:
1691 		if (ctx->irsa == 0) {
1692 			return BR_ERR_X509_UNSUPPORTED;
1693 		}
1694 		if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len,
1695 			&t0_datablock[ctx->cert_sig_hash_oid],
1696 			ctx->cert_sig_hash_len, &pk->key.rsa, tmp))
1697 		{
1698 			return BR_ERR_X509_BAD_SIGNATURE;
1699 		}
1700 		if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
1701 			return BR_ERR_X509_BAD_SIGNATURE;
1702 		}
1703 		return 0;
1704 
1705 	case BR_KEYTYPE_EC:
1706 		if (ctx->iecdsa == 0) {
1707 			return BR_ERR_X509_UNSUPPORTED;
1708 		}
1709 		if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash,
1710 			ctx->cert_sig_hash_len, &pk->key.ec,
1711 			ctx->cert_sig, ctx->cert_sig_len))
1712 		{
1713 			return BR_ERR_X509_BAD_SIGNATURE;
1714 		}
1715 		return 0;
1716 
1717 	default:
1718 		return BR_ERR_X509_UNSUPPORTED;
1719 	}
1720 }
1721 
1722 
1723