xref: /freebsd/contrib/bearssl/src/x509/x509_minimal.c (revision e8d8bef961a50d4dc22501cde4fb9fb0be1b2532)
1 /* Automatically generated code; do not modify directly. */
2 
3 #include <stddef.h>
4 #include <stdint.h>
5 
6 typedef struct {
7 	uint32_t *dp;
8 	uint32_t *rp;
9 	const unsigned char *ip;
10 } t0_context;
11 
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 	uint32_t x;
16 
17 	x = 0;
18 	for (;;) {
19 		unsigned y;
20 
21 		y = *(*p) ++;
22 		x = (x << 7) | (uint32_t)(y & 0x7F);
23 		if (y < 0x80) {
24 			return x;
25 		}
26 	}
27 }
28 
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 	int neg;
33 	uint32_t x;
34 
35 	neg = ((**p) >> 6) & 1;
36 	x = (uint32_t)-neg;
37 	for (;;) {
38 		unsigned y;
39 
40 		y = *(*p) ++;
41 		x = (x << 7) | (uint32_t)(y & 0x7F);
42 		if (y < 0x80) {
43 			if (neg) {
44 				return -(int32_t)~x - 1;
45 			} else {
46 				return (int32_t)x;
47 			}
48 		}
49 	}
50 }
51 
52 #define T0_VBYTE(x, n)   (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n)   (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x)      (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x)       T0_FBYTE(x, 0)
56 #define T0_INT2(x)       T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x)       T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x)       T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x)       T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60 
61 /* static const unsigned char t0_datablock[]; */
62 
63 
64 void br_x509_minimal_init_main(void *t0ctx);
65 
66 void br_x509_minimal_run(void *t0ctx);
67 
68 
69 
70 #include "inner.h"
71 
72 
73 
74 
75 
76 #include "inner.h"
77 
78 /*
79  * Implementation Notes
80  * --------------------
81  *
82  * The C code pushes the data by chunks; all decoding is done in the
83  * T0 code. The cert_length value is set to the certificate length when
84  * a new certificate is started; the T0 code picks it up as outer limit,
85  * and decoding functions use it to ensure that no attempt is made at
86  * reading past it. The T0 code also checks that once the certificate is
87  * decoded, there are no trailing bytes.
88  *
89  * The T0 code sets cert_length to 0 when the certificate is fully
90  * decoded.
91  *
92  * The C code must still perform two checks:
93  *
94  *  -- If the certificate length is 0, then the T0 code will not be
95  *  invoked at all. This invalid condition must thus be reported by the
96  *  C code.
97  *
98  *  -- When reaching the end of certificate, the C code must verify that
99  *  the certificate length has been set to 0, thereby signaling that
100  *  the T0 code properly decoded a certificate.
101  *
102  * Processing of a chain works in the following way:
103  *
104  *  -- The error flag is set to a non-zero value when validation is
105  *  finished. The value is either BR_ERR_X509_OK (validation is
106  *  successful) or another non-zero error code. When a non-zero error
107  *  code is obtained, the remaining bytes in the current certificate and
108  *  the subsequent certificates (if any) are completely ignored.
109  *
110  *  -- Each certificate is decoded in due course, with the following
111  *  "interesting points":
112  *
113  *     -- Start of the TBS: the multihash engine is reset and activated.
114  *
115  *     -- Start of the issuer DN: the secondary hash engine is started,
116  *     to process the encoded issuer DN.
117  *
118  *     -- End of the issuer DN: the secondary hash engine is stopped. The
119  *     resulting hash value is computed and then copied into the
120  *     next_dn_hash[] buffer.
121  *
122  *     -- Start of the subject DN: the secondary hash engine is started,
123  *     to process the encoded subject DN.
124  *
125  *     -- For the EE certificate only: the Common Name, if any, is matched
126  *     against the expected server name.
127  *
128  *     -- End of the subject DN: the secondary hash engine is stopped. The
129  *     resulting hash value is computed into the pad. It is then processed:
130  *
131  *        -- If this is the EE certificate, then the hash is ignored
132  *        (except for direct trust processing, see later; the hash is
133  *        simply left in current_dn_hash[]).
134  *
135  *        -- Otherwise, the hashed subject DN is compared with the saved
136  *        hash value (in saved_dn_hash[]). They must match.
137  *
138  *     Either way, the next_dn_hash[] value is then copied into the
139  *     saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]
140  *     contains the hash of the issuer DN for the current certificate,
141  *     and current_dn_hash[] contains the hash of the subject DN for the
142  *     current certificate.
143  *
144  *     -- Public key: it is decoded into the cert_pkey[] buffer. Unknown
145  *     key types are reported at that point.
146  *
147  *        -- If this is the EE certificate, then the key type is compared
148  *        with the expected key type (initialization parameter). The public
149  *        key data is copied to ee_pkey_data[]. The key and hashed subject
150  *        DN are also compared with the "direct trust" keys; if the key
151  *        and DN are matched, then validation ends with a success.
152  *
153  *        -- Otherwise, the saved signature (cert_sig[]) is verified
154  *        against the saved TBS hash (tbs_hash[]) and that freshly
155  *        decoded public key. Failure here ends validation with an error.
156  *
157  *     -- Extensions: extension values are processed in due order.
158  *
159  *        -- Basic Constraints: for all certificates except EE, must be
160  *        present, indicate a CA, and have a path legnth compatible with
161  *        the chain length so far.
162  *
163  *        -- Key Usage: for the EE, if present, must allow signatures
164  *        or encryption/key exchange, as required for the cipher suite.
165  *        For non-EE, if present, must have the "certificate sign" bit.
166  *
167  *        -- Subject Alt Name: for the EE, dNSName names are matched
168  *        against the server name. Ignored for non-EE.
169  *
170  *        -- Authority Key Identifier, Subject Key Identifier, Issuer
171  *        Alt Name, Subject Directory Attributes, CRL Distribution Points
172  *        Freshest CRL, Authority Info Access and Subject Info Access
173  *        extensions are always ignored: they either contain only
174  *        informative data, or they relate to revocation processing, which
175  *        we explicitly do not support.
176  *
177  *        -- All other extensions are ignored if non-critical. If a
178  *        critical extension other than the ones above is encountered,
179  *        then a failure is reported.
180  *
181  *     -- End of the TBS: the multihash engine is stopped.
182  *
183  *     -- Signature algorithm: the signature algorithm on the
184  *     certificate is decoded. A failure is reported if that algorithm
185  *     is unknown. The hashed TBS corresponding to the signature hash
186  *     function is computed and stored in tbs_hash[] (if not supported,
187  *     then a failure is reported). The hash OID and length are stored
188  *     in cert_sig_hash_oid and cert_sig_hash_len.
189  *
190  *     -- Signature value: the signature value is copied into the
191  *     cert_sig[] array.
192  *
193  *     -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is
194  *     looked up in the trust store (CA trust anchors only); for all
195  *     that match, the signature (cert_sig[]) is verified against the
196  *     anchor public key (hashed TBS is in tbs_hash[]). If one of these
197  *     signatures is valid, then validation ends with a success.
198  *
199  *  -- If the chain end is reached without obtaining a validation success,
200  *  then validation is reported as failed.
201  */
202 
203 #if BR_USE_UNIX_TIME
204 #include <time.h>
205 #endif
206 
207 #if BR_USE_WIN32_TIME
208 #include <windows.h>
209 #endif
210 
211 /*
212  * The T0 compiler will produce these prototypes declarations in the
213  * header.
214  *
215 void br_x509_minimal_init_main(void *ctx);
216 void br_x509_minimal_run(void *ctx);
217  */
218 
219 /* see bearssl_x509.h */
220 void
221 br_x509_minimal_init(br_x509_minimal_context *ctx,
222 	const br_hash_class *dn_hash_impl,
223 	const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num)
224 {
225 	memset(ctx, 0, sizeof *ctx);
226 	ctx->vtable = &br_x509_minimal_vtable;
227 	ctx->dn_hash_impl = dn_hash_impl;
228 	ctx->trust_anchors = trust_anchors;
229 	ctx->trust_anchors_num = trust_anchors_num;
230 }
231 
232 static void
233 xm_start_chain(const br_x509_class **ctx, const char *server_name)
234 {
235 	br_x509_minimal_context *cc;
236 	size_t u;
237 
238 	cc = (br_x509_minimal_context *)(void *)ctx;
239 	for (u = 0; u < cc->num_name_elts; u ++) {
240 		cc->name_elts[u].status = 0;
241 		cc->name_elts[u].buf[0] = 0;
242 	}
243 	memset(&cc->pkey, 0, sizeof cc->pkey);
244 	cc->num_certs = 0;
245 	cc->err = 0;
246 	cc->cpu.dp = cc->dp_stack;
247 	cc->cpu.rp = cc->rp_stack;
248 	br_x509_minimal_init_main(&cc->cpu);
249 	if (server_name == NULL || *server_name == 0) {
250 		cc->server_name = NULL;
251 	} else {
252 		cc->server_name = server_name;
253 	}
254 }
255 
256 static void
257 xm_start_cert(const br_x509_class **ctx, uint32_t length)
258 {
259 	br_x509_minimal_context *cc;
260 
261 	cc = (br_x509_minimal_context *)(void *)ctx;
262 	if (cc->err != 0) {
263 		return;
264 	}
265 	if (length == 0) {
266 		cc->err = BR_ERR_X509_TRUNCATED;
267 		return;
268 	}
269 	cc->cert_length = length;
270 }
271 
272 static void
273 xm_append(const br_x509_class **ctx, const unsigned char *buf, size_t len)
274 {
275 	br_x509_minimal_context *cc;
276 
277 	cc = (br_x509_minimal_context *)(void *)ctx;
278 	if (cc->err != 0) {
279 		return;
280 	}
281 	cc->hbuf = buf;
282 	cc->hlen = len;
283 	br_x509_minimal_run(&cc->cpu);
284 }
285 
286 static void
287 xm_end_cert(const br_x509_class **ctx)
288 {
289 	br_x509_minimal_context *cc;
290 
291 	cc = (br_x509_minimal_context *)(void *)ctx;
292 	if (cc->err == 0 && cc->cert_length != 0) {
293 		cc->err = BR_ERR_X509_TRUNCATED;
294 	}
295 	cc->num_certs ++;
296 }
297 
298 static unsigned
299 xm_end_chain(const br_x509_class **ctx)
300 {
301 	br_x509_minimal_context *cc;
302 
303 	cc = (br_x509_minimal_context *)(void *)ctx;
304 	if (cc->err == 0) {
305 		if (cc->num_certs == 0) {
306 			cc->err = BR_ERR_X509_EMPTY_CHAIN;
307 		} else {
308 			cc->err = BR_ERR_X509_NOT_TRUSTED;
309 		}
310 	} else if (cc->err == BR_ERR_X509_OK) {
311 		return 0;
312 	}
313 	return (unsigned)cc->err;
314 }
315 
316 static const br_x509_pkey *
317 xm_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
318 {
319 	br_x509_minimal_context *cc;
320 
321 	cc = (br_x509_minimal_context *)(void *)ctx;
322 	if (cc->err == BR_ERR_X509_OK
323 		|| cc->err == BR_ERR_X509_NOT_TRUSTED)
324 	{
325 		if (usages != NULL) {
326 			*usages = cc->key_usages;
327 		}
328 		return &((br_x509_minimal_context *)(void *)ctx)->pkey;
329 	} else {
330 		return NULL;
331 	}
332 }
333 
334 /* see bearssl_x509.h */
335 const br_x509_class br_x509_minimal_vtable = {
336 	sizeof(br_x509_minimal_context),
337 	xm_start_chain,
338 	xm_start_cert,
339 	xm_append,
340 	xm_end_cert,
341 	xm_end_chain,
342 	xm_get_pkey
343 };
344 
345 #define CTX   ((br_x509_minimal_context *)(void *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))
346 #define CONTEXT_NAME   br_x509_minimal_context
347 
348 #define DNHASH_LEN   ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)
349 
350 /*
351  * Hash a DN (from a trust anchor) into the provided buffer. This uses the
352  * DN hash implementation and context structure from the X.509 engine
353  * context.
354  */
355 static void
356 hash_dn(br_x509_minimal_context *ctx, const void *dn, size_t len,
357 	unsigned char *out)
358 {
359 	ctx->dn_hash_impl->init(&ctx->dn_hash.vtable);
360 	ctx->dn_hash_impl->update(&ctx->dn_hash.vtable, dn, len);
361 	ctx->dn_hash_impl->out(&ctx->dn_hash.vtable, out);
362 }
363 
364 /*
365  * Compare two big integers for equality. The integers use unsigned big-endian
366  * encoding; extra leading bytes (of value 0) are allowed.
367  */
368 static int
369 eqbigint(const unsigned char *b1, size_t len1,
370 	const unsigned char *b2, size_t len2)
371 {
372 	while (len1 > 0 && *b1 == 0) {
373 		b1 ++;
374 		len1 --;
375 	}
376 	while (len2 > 0 && *b2 == 0) {
377 		b2 ++;
378 		len2 --;
379 	}
380 	if (len1 != len2) {
381 		return 0;
382 	}
383 	return memcmp(b1, b2, len1) == 0;
384 }
385 
386 /*
387  * Compare two strings for equality, in a case-insensitive way. This
388  * function handles casing only for ASCII letters.
389  */
390 static int
391 eqnocase(const void *s1, const void *s2, size_t len)
392 {
393 	const unsigned char *buf1, *buf2;
394 
395 	buf1 = s1;
396 	buf2 = s2;
397 	while (len -- > 0) {
398 		int x1, x2;
399 
400 		x1 = *buf1 ++;
401 		x2 = *buf2 ++;
402 		if (x1 >= 'A' && x1 <= 'Z') {
403 			x1 += 'a' - 'A';
404 		}
405 		if (x2 >= 'A' && x2 <= 'Z') {
406 			x2 += 'a' - 'A';
407 		}
408 		if (x1 != x2) {
409 			return 0;
410 		}
411 	}
412 	return 1;
413 }
414 
415 static int verify_signature(br_x509_minimal_context *ctx,
416 	const br_x509_pkey *pk);
417 
418 
419 
420 static const unsigned char t0_datablock[] = {
421 	0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,
422 	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,
423 	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,
424 	0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
425 	0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
426 	0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,
427 	0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
428 	0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
429 	0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,
430 	0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,
431 	0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,
432 	0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,
433 	0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,
434 	0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
435 	0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,
436 	0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E,
437 	0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F,
438 	0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E,
439 	0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F,
440 	0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F,
441 	0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x20, 0x08, 0x2B, 0x06, 0x01,
442 	0x05, 0x05, 0x07, 0x02, 0x01, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D,
443 	0x0E, 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D,
444 	0x1F, 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
445 	0x01, 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B
446 };
447 
448 static const unsigned char t0_codeblock[] = {
449 	0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01,
450 	0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A,
451 	0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01,
452 	T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01,
453 	T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01,
454 	T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01,
455 	T0_INT1(BR_ERR_X509_BAD_TAG_CLASS), 0x00, 0x00, 0x01,
456 	T0_INT1(BR_ERR_X509_BAD_TAG_VALUE), 0x00, 0x00, 0x01,
457 	T0_INT1(BR_ERR_X509_BAD_TIME), 0x00, 0x00, 0x01,
458 	T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION), 0x00, 0x00, 0x01,
459 	T0_INT1(BR_ERR_X509_DN_MISMATCH), 0x00, 0x00, 0x01,
460 	T0_INT1(BR_ERR_X509_EXPIRED), 0x00, 0x00, 0x01,
461 	T0_INT1(BR_ERR_X509_EXTRA_ELEMENT), 0x00, 0x00, 0x01,
462 	T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE), 0x00, 0x00, 0x01,
463 	T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH), 0x00, 0x00, 0x01,
464 	T0_INT1(BR_ERR_X509_INNER_TRUNC), 0x00, 0x00, 0x01,
465 	T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
466 	T0_INT1(BR_ERR_X509_NOT_CA), 0x00, 0x00, 0x01,
467 	T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED), 0x00, 0x00, 0x01,
468 	T0_INT1(BR_ERR_X509_NOT_PRIMITIVE), 0x00, 0x00, 0x01,
469 	T0_INT1(BR_ERR_X509_OVERFLOW), 0x00, 0x00, 0x01,
470 	T0_INT1(BR_ERR_X509_PARTIAL_BYTE), 0x00, 0x00, 0x01,
471 	T0_INT1(BR_ERR_X509_UNEXPECTED), 0x00, 0x00, 0x01,
472 	T0_INT1(BR_ERR_X509_UNSUPPORTED), 0x00, 0x00, 0x01,
473 	T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY), 0x00, 0x00, 0x01,
474 	T0_INT1(BR_KEYTYPE_EC), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA),
475 	0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_length)), 0x00,
476 	0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig)), 0x00, 0x00,
477 	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_len)), 0x00, 0x00,
478 	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_oid)), 0x00, 0x00,
479 	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_len)), 0x00, 0x00, 0x01,
480 	T0_INT2(offsetof(CONTEXT_NAME, cert_signer_key_type)), 0x00, 0x00,
481 	0x01, T0_INT2(offsetof(CONTEXT_NAME, current_dn_hash)), 0x00, 0x00,
482 	0x01, T0_INT2(offsetof(CONTEXT_NAME, key_usages)), 0x00, 0x00, 0x01,
483 	T0_INT2(offsetof(br_x509_minimal_context, pkey_data)), 0x01,
484 	T0_INT2(BR_X509_BUFSIZE_KEY), 0x00, 0x00, 0x01,
485 	T0_INT2(offsetof(CONTEXT_NAME, min_rsa_size)), 0x00, 0x00, 0x01,
486 	T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01,
487 	T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01,
488 	T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01,
489 	T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0xC9, 0x71,
490 	0x00, 0x00, 0x01, 0x80, 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00,
491 	0x01, 0x81, 0x02, 0x00, 0x00, 0x92, 0x05, 0x05, 0x34, 0x42, 0x01, 0x00,
492 	0x00, 0x34, 0x01, 0x0A, 0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A,
493 	0x00, 0x00, 0x01, 0x82, 0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00,
494 	0x01, 0x81, 0x68, 0x00, 0x04, 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0x03,
495 	0x03, 0x02, 0x03, 0x02, 0x01, 0x11, 0x06, 0x07, 0x02, 0x02, 0x02, 0x00,
496 	0x0D, 0x04, 0x05, 0x02, 0x03, 0x02, 0x01, 0x0D, 0x00, 0x02, 0x03, 0x00,
497 	0x03, 0x01, 0x25, 0x02, 0x01, 0x13, 0x3B, 0x02, 0x00, 0x0F, 0x15, 0x00,
498 	0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x52, 0x28, 0x00, 0x00,
499 	0x06, 0x02, 0x53, 0x28, 0x00, 0x00, 0x01, 0x10, 0x77, 0x00, 0x00, 0x11,
500 	0x05, 0x02, 0x56, 0x28, 0x74, 0x00, 0x00, 0x11, 0x05, 0x02, 0x56, 0x28,
501 	0x75, 0x00, 0x00, 0x06, 0x02, 0x4C, 0x28, 0x00, 0x00, 0x01, 0x82, 0x11,
502 	0x00, 0x00, 0x25, 0x20, 0x01, 0x08, 0x0E, 0x3B, 0x40, 0x20, 0x09, 0x00,
503 	0x09, 0x03, 0x00, 0x5B, 0x2B, 0xAF, 0x39, 0xAF, 0xB3, 0x25, 0x01, 0x20,
504 	0x11, 0x06, 0x11, 0x24, 0x74, 0xAD, 0xB3, 0x01, 0x02, 0x78, 0xB0, 0x01,
505 	0x02, 0x12, 0x06, 0x02, 0x57, 0x28, 0x79, 0xB3, 0x01, 0x02, 0x78, 0xAE,
506 	0xAF, 0xC2, 0x9C, 0x65, 0x61, 0x21, 0x16, 0xAF, 0xA7, 0x29, 0x69, 0x06,
507 	0x02, 0x4B, 0x28, 0xA7, 0x29, 0x71, 0x06, 0x02, 0x4B, 0x28, 0x79, 0x02,
508 	0x00, 0x06, 0x05, 0x9D, 0x03, 0x01, 0x04, 0x09, 0x9C, 0x61, 0x68, 0x21,
509 	0x27, 0x05, 0x02, 0x4A, 0x28, 0x68, 0x65, 0x21, 0x16, 0xAF, 0xAF, 0x9E,
510 	0x05, 0x02, 0x57, 0x28, 0xBC, 0x26, 0x06, 0x27, 0xC2, 0xA4, 0xAF, 0x63,
511 	0xAA, 0x03, 0x03, 0x63, 0x3B, 0x02, 0x03, 0x09, 0x3B, 0x02, 0x03, 0x0A,
512 	0xAA, 0x03, 0x04, 0x79, 0x64, 0x2A, 0x01, 0x81, 0x00, 0x09, 0x02, 0x03,
513 	0x12, 0x06, 0x02, 0x58, 0x28, 0x79, 0x5A, 0x03, 0x02, 0x04, 0x3A, 0x88,
514 	0x26, 0x06, 0x34, 0x9E, 0x05, 0x02, 0x57, 0x28, 0x6A, 0x26, 0x06, 0x04,
515 	0x01, 0x17, 0x04, 0x12, 0x6B, 0x26, 0x06, 0x04, 0x01, 0x18, 0x04, 0x0A,
516 	0x6C, 0x26, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02, 0x57, 0x28, 0x03, 0x05,
517 	0x79, 0xA4, 0x25, 0x03, 0x06, 0x25, 0x63, 0x34, 0x0D, 0x06, 0x02, 0x50,
518 	0x28, 0xA5, 0x59, 0x03, 0x02, 0x04, 0x02, 0x57, 0x28, 0x79, 0x02, 0x00,
519 	0x06, 0x21, 0x02, 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03,
520 	0x02, 0x04, 0x1D, 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02,
521 	0x05, 0x02, 0x06, 0x1C, 0x04, 0x03, 0x57, 0x28, 0x24, 0x04, 0x24, 0x02,
522 	0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, 0x02, 0x04, 0x23,
523 	0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x05, 0x02, 0x06,
524 	0x22, 0x04, 0x03, 0x57, 0x28, 0x24, 0x25, 0x06, 0x01, 0x28, 0x24, 0x01,
525 	0x00, 0x03, 0x07, 0xB4, 0x01, 0x21, 0x8F, 0x01, 0x22, 0x8F, 0x25, 0x01,
526 	0x23, 0x11, 0x06, 0x81, 0x26, 0x24, 0x74, 0xAD, 0xAF, 0x25, 0x06, 0x81,
527 	0x1A, 0x01, 0x00, 0x03, 0x08, 0xAF, 0x9E, 0x24, 0xB3, 0x25, 0x01, 0x01,
528 	0x11, 0x06, 0x04, 0xA6, 0x03, 0x08, 0xB3, 0x01, 0x04, 0x78, 0xAD, 0x70,
529 	0x26, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC3, 0x04, 0x05, 0x99, 0x01,
530 	0x7F, 0x03, 0x07, 0x04, 0x80, 0x6C, 0x91, 0x26, 0x06, 0x06, 0x02, 0x00,
531 	0x9B, 0x04, 0x80, 0x62, 0xC5, 0x26, 0x06, 0x11, 0x02, 0x00, 0x06, 0x09,
532 	0x01, 0x00, 0x03, 0x01, 0x98, 0x03, 0x01, 0x04, 0x01, 0xC3, 0x04, 0x80,
533 	0x4D, 0x73, 0x26, 0x06, 0x0A, 0x02, 0x08, 0x06, 0x03, 0x9A, 0x04, 0x01,
534 	0xC3, 0x04, 0x3F, 0x6F, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x38, 0xC8, 0x26,
535 	0x06, 0x03, 0xC3, 0x04, 0x31, 0x90, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x2A,
536 	0xC6, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x23, 0x7A, 0x26, 0x06, 0x03, 0xC3,
537 	0x04, 0x1C, 0x85, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x15, 0x6E, 0x26, 0x06,
538 	0x03, 0xC3, 0x04, 0x0E, 0xC7, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x07, 0x02,
539 	0x08, 0x06, 0x02, 0x49, 0x28, 0xC3, 0x79, 0x79, 0x04, 0xFE, 0x62, 0x79,
540 	0x79, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02, 0x56, 0x28, 0x24, 0x79,
541 	0x3A, 0x02, 0x00, 0x06, 0x08, 0x02, 0x01, 0x3C, 0x2F, 0x05, 0x02, 0x45,
542 	0x28, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00, 0x02, 0x07, 0x2F, 0x05,
543 	0x02, 0x51, 0x28, 0xB3, 0x76, 0xAD, 0x9E, 0x06, 0x80, 0x77, 0xBD, 0x26,
544 	0x06, 0x07, 0x01, 0x02, 0x5A, 0x8A, 0x04, 0x80, 0x5E, 0xBE, 0x26, 0x06,
545 	0x07, 0x01, 0x03, 0x5A, 0x8B, 0x04, 0x80, 0x53, 0xBF, 0x26, 0x06, 0x07,
546 	0x01, 0x04, 0x5A, 0x8C, 0x04, 0x80, 0x48, 0xC0, 0x26, 0x06, 0x06, 0x01,
547 	0x05, 0x5A, 0x8D, 0x04, 0x3E, 0xC1, 0x26, 0x06, 0x06, 0x01, 0x06, 0x5A,
548 	0x8E, 0x04, 0x34, 0x7F, 0x26, 0x06, 0x06, 0x01, 0x02, 0x59, 0x8A, 0x04,
549 	0x2A, 0x80, 0x26, 0x06, 0x06, 0x01, 0x03, 0x59, 0x8B, 0x04, 0x20, 0x81,
550 	0x26, 0x06, 0x06, 0x01, 0x04, 0x59, 0x8C, 0x04, 0x16, 0x82, 0x26, 0x06,
551 	0x06, 0x01, 0x05, 0x59, 0x8D, 0x04, 0x0C, 0x83, 0x26, 0x06, 0x06, 0x01,
552 	0x06, 0x59, 0x8E, 0x04, 0x02, 0x57, 0x28, 0x5E, 0x35, 0x60, 0x37, 0x1B,
553 	0x25, 0x05, 0x02, 0x57, 0x28, 0x5D, 0x37, 0x04, 0x02, 0x57, 0x28, 0xC2,
554 	0xA4, 0x25, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG), 0x12, 0x06, 0x02, 0x50,
555 	0x28, 0x25, 0x5F, 0x35, 0x5C, 0xA5, 0x79, 0x79, 0x01, 0x00, 0x5B, 0x36,
556 	0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x25, 0x01, 0x00, 0x01, 0x09, 0x72,
557 	0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x30, 0x30, 0x00, 0x00, 0x01, 0x81,
558 	0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00, 0x01, 0x81, 0x19, 0x00,
559 	0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81, 0x2B, 0x00, 0x01, 0x7E,
560 	0x01, 0x01, 0x11, 0x3B, 0x01, 0x83, 0xFD, 0x7F, 0x11, 0x15, 0x06, 0x03,
561 	0x3B, 0x24, 0x00, 0x3B, 0x25, 0x03, 0x00, 0x25, 0xCA, 0x05, 0x04, 0x42,
562 	0x01, 0x00, 0x00, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x96, 0x04,
563 	0x80, 0x49, 0x25, 0x01, 0x90, 0x00, 0x0D, 0x06, 0x0F, 0x01, 0x06, 0x14,
564 	0x01, 0x81, 0x40, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x00, 0x97, 0x04, 0x33,
565 	0x25, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14, 0x01, 0x0C, 0x14, 0x01,
566 	0x81, 0x60, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00, 0x01,
567 	0x00, 0x97, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01, 0x81, 0x70, 0x2F, 0x96,
568 	0x02, 0x00, 0x01, 0x0C, 0x97, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00,
569 	0x01, 0x00, 0x97, 0x00, 0x00, 0x01, 0x82, 0x15, 0x00, 0x00, 0x25, 0x01,
570 	0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x81,
571 	0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00, 0x01, 0x81, 0x78, 0x00,
572 	0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43, 0x00, 0x00, 0x01, 0x80,
573 	0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00, 0x01, 0x80, 0x61, 0x00,
574 	0x00, 0x30, 0x11, 0x06, 0x04, 0x42, 0xAD, 0xC2, 0xB4, 0x00, 0x00, 0x01,
575 	0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00, 0x00, 0x25, 0x01, 0x83,
576 	0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x30, 0x62,
577 	0x37, 0x01, 0x7F, 0x7C, 0x19, 0x01, 0x00, 0x7C, 0x19, 0x04, 0x7A, 0x00,
578 	0x01, 0x81, 0x38, 0x00, 0x01, 0x7E, 0x0D, 0x06, 0x02, 0x4F, 0x28, 0x25,
579 	0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30, 0x25, 0x3F, 0x3B, 0x01,
580 	0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x42, 0x01, 0x00, 0x00, 0x30, 0x67,
581 	0x09, 0x37, 0x40, 0x00, 0x00, 0x14, 0x01, 0x3F, 0x15, 0x01, 0x81, 0x00,
582 	0x2F, 0x96, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00, 0xAF, 0x25, 0x06, 0x80,
583 	0x59, 0xB3, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17, 0x24, 0x74, 0xAD, 0x9E,
584 	0x24, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB3, 0x01, 0x20, 0x77, 0xAD, 0xB2,
585 	0x02, 0x01, 0x1F, 0x79, 0x79, 0x04, 0x38, 0x01, 0x21, 0x30, 0x11, 0x06,
586 	0x08, 0x24, 0x75, 0xB6, 0x01, 0x01, 0x1E, 0x04, 0x2A, 0x01, 0x22, 0x30,
587 	0x11, 0x06, 0x11, 0x24, 0x75, 0xB6, 0x25, 0x06, 0x06, 0x2C, 0x02, 0x00,
588 	0x2F, 0x03, 0x00, 0x01, 0x02, 0x1E, 0x04, 0x13, 0x01, 0x26, 0x30, 0x11,
589 	0x06, 0x08, 0x24, 0x75, 0xB6, 0x01, 0x06, 0x1E, 0x04, 0x05, 0x42, 0xAE,
590 	0x01, 0x00, 0x24, 0x04, 0xFF, 0x23, 0x79, 0x02, 0x00, 0x00, 0x00, 0xAF,
591 	0xB4, 0x25, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA6, 0x05, 0x02, 0x51, 0x28,
592 	0xB4, 0x04, 0x02, 0x51, 0x28, 0x25, 0x01, 0x02, 0x11, 0x06, 0x0C, 0x24,
593 	0x75, 0xB0, 0x66, 0x2B, 0x41, 0x0D, 0x06, 0x02, 0x51, 0x28, 0xB4, 0x01,
594 	0x7F, 0x10, 0x06, 0x02, 0x56, 0x28, 0x24, 0x79, 0x00, 0x00, 0xAF, 0x25,
595 	0x06, 0x1A, 0xAF, 0x9E, 0x24, 0x25, 0x06, 0x11, 0xAF, 0x25, 0x06, 0x0C,
596 	0xAF, 0x9E, 0x24, 0x89, 0x26, 0x05, 0x02, 0x49, 0x28, 0xC2, 0x04, 0x71,
597 	0x79, 0x79, 0x04, 0x63, 0x79, 0x00, 0x02, 0x03, 0x00, 0xB3, 0x01, 0x03,
598 	0x78, 0xAD, 0xBA, 0x03, 0x01, 0x02, 0x01, 0x01, 0x07, 0x12, 0x06, 0x02,
599 	0x56, 0x28, 0x25, 0x01, 0x00, 0x30, 0x11, 0x06, 0x05, 0x24, 0x4D, 0x28,
600 	0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A, 0x24, 0xBA, 0x02, 0x01,
601 	0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x24, 0xBA, 0x01, 0x00, 0x24, 0x02,
602 	0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38, 0x15, 0x06, 0x03, 0x01,
603 	0x10, 0x2F, 0x3B, 0x01, 0x81, 0x40, 0x15, 0x06, 0x03, 0x01, 0x20, 0x2F,
604 	0x62, 0x37, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05, 0x02, 0x4D, 0x28, 0xC2,
605 	0x00, 0x00, 0x38, 0xAF, 0xC2, 0x1A, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
606 	0x38, 0xAF, 0x25, 0x06, 0x30, 0xB3, 0x01, 0x11, 0x77, 0xAD, 0x25, 0x05,
607 	0x02, 0x44, 0x28, 0x25, 0x06, 0x20, 0xAF, 0x9E, 0x24, 0x87, 0x26, 0x03,
608 	0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xB2, 0x25, 0x02, 0x01, 0x15, 0x06,
609 	0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x02, 0x02, 0x1F, 0x79,
610 	0x04, 0x5D, 0x79, 0x04, 0x4D, 0x79, 0x1A, 0x02, 0x00, 0x00, 0x00, 0xB3,
611 	0x01, 0x06, 0x78, 0xB1, 0x00, 0x00, 0xB8, 0x86, 0x06, 0x0E, 0x3B, 0x25,
612 	0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, 0xB8, 0x6D, 0x04, 0x08,
613 	0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB9, 0x86,
614 	0x06, 0x0E, 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00,
615 	0xB9, 0x6D, 0x04, 0x08, 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00,
616 	0x00, 0x00, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x00, 0x04,
617 	0x80, 0x55, 0x25, 0x01, 0x81, 0x40, 0x0D, 0x06, 0x07, 0x24, 0x01, 0x00,
618 	0x00, 0x04, 0x80, 0x47, 0x25, 0x01, 0x81, 0x60, 0x0D, 0x06, 0x0E, 0x01,
619 	0x1F, 0x15, 0x01, 0x01, 0xA3, 0x01, 0x81, 0x00, 0x01, 0x8F, 0x7F, 0x04,
620 	0x32, 0x25, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F, 0x01, 0x0F, 0x15, 0x01,
621 	0x02, 0xA3, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x04, 0x1C, 0x25,
622 	0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07, 0x15, 0x01, 0x03, 0xA3,
623 	0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF, 0x7F, 0x04, 0x04, 0x24,
624 	0x01, 0x00, 0x00, 0x72, 0x05, 0x03, 0x24, 0x01, 0x00, 0x00, 0x00, 0x3B,
625 	0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xBA, 0x34, 0x25,
626 	0x3D, 0x06, 0x03, 0x3B, 0x24, 0x00, 0x01, 0x06, 0x0E, 0x3B, 0x25, 0x01,
627 	0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x42, 0x01, 0x7F, 0x00, 0x01,
628 	0x3F, 0x15, 0x09, 0x00, 0x00, 0x25, 0x06, 0x06, 0x0B, 0xA2, 0x34, 0x41,
629 	0x04, 0x77, 0x24, 0x25, 0x00, 0x00, 0xB3, 0x01, 0x03, 0x78, 0xAD, 0xBA,
630 	0x06, 0x02, 0x55, 0x28, 0x00, 0x00, 0x3B, 0x25, 0x06, 0x07, 0x31, 0x25,
631 	0x06, 0x01, 0x19, 0x04, 0x76, 0x42, 0x00, 0x00, 0x01, 0x01, 0x78, 0xAC,
632 	0x01, 0x01, 0x10, 0x06, 0x02, 0x43, 0x28, 0xBA, 0x3E, 0x00, 0x04, 0xB3,
633 	0x25, 0x01, 0x17, 0x01, 0x18, 0x72, 0x05, 0x02, 0x48, 0x28, 0x01, 0x18,
634 	0x11, 0x03, 0x00, 0x75, 0xAD, 0xA8, 0x02, 0x00, 0x06, 0x0C, 0x01, 0x80,
635 	0x64, 0x08, 0x03, 0x01, 0xA8, 0x02, 0x01, 0x09, 0x04, 0x0E, 0x25, 0x01,
636 	0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09, 0x01, 0x8E, 0x6C, 0x09,
637 	0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08, 0x02, 0x01, 0x01, 0x03,
638 	0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01, 0x80, 0x63, 0x09, 0x01,
639 	0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83, 0x0F, 0x09, 0x01, 0x83,
640 	0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01, 0x0C, 0xA9, 0x41, 0x01,
641 	0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3F, 0x02, 0x01, 0x01, 0x80,
642 	0x64, 0x07, 0x3E, 0x02, 0x01, 0x01, 0x83, 0x10, 0x07, 0x3F, 0x2F, 0x15,
643 	0x06, 0x03, 0x01, 0x18, 0x09, 0x94, 0x09, 0x7B, 0x25, 0x01, 0x05, 0x14,
644 	0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15, 0x01, 0x01, 0x3B, 0xA9,
645 	0x02, 0x03, 0x09, 0x41, 0x03, 0x03, 0x01, 0x00, 0x01, 0x17, 0xA9, 0x01,
646 	0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3B, 0xA9, 0x01, 0x3C,
647 	0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3C, 0xA9, 0x02,
648 	0x02, 0x09, 0x03, 0x02, 0xBA, 0x25, 0x01, 0x2E, 0x11, 0x06, 0x0D, 0x24,
649 	0xBA, 0x25, 0x01, 0x30, 0x01, 0x39, 0x72, 0x06, 0x03, 0x24, 0x04, 0x74,
650 	0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x48, 0x28, 0x79, 0x02, 0x03, 0x02,
651 	0x02, 0x00, 0x01, 0xBA, 0x7D, 0x01, 0x0A, 0x08, 0x03, 0x00, 0xBA, 0x7D,
652 	0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0xA8, 0x25, 0x02,
653 	0x01, 0x02, 0x00, 0x72, 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x34, 0xB3,
654 	0x01, 0x02, 0x78, 0x0B, 0xAB, 0x00, 0x03, 0x25, 0x03, 0x00, 0x03, 0x01,
655 	0x03, 0x02, 0xAD, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06, 0x02, 0x54,
656 	0x28, 0x25, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x24, 0x25, 0x05, 0x04, 0x24,
657 	0x01, 0x00, 0x00, 0xBA, 0x04, 0x6F, 0x02, 0x01, 0x25, 0x05, 0x02, 0x50,
658 	0x28, 0x41, 0x03, 0x01, 0x02, 0x02, 0x37, 0x02, 0x02, 0x40, 0x03, 0x02,
659 	0x25, 0x06, 0x03, 0xBA, 0x04, 0x68, 0x24, 0x02, 0x00, 0x02, 0x01, 0x0A,
660 	0x00, 0x01, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x01,
661 	0x81, 0x00, 0x0A, 0x25, 0x05, 0x02, 0x4E, 0x28, 0x03, 0x00, 0x01, 0x00,
662 	0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, 0x00, 0x41, 0x03, 0x00,
663 	0x25, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F, 0x28, 0x01,
664 	0x08, 0x0E, 0x3B, 0xBA, 0x34, 0x09, 0x04, 0x60, 0x00, 0x00, 0xAC, 0x95,
665 	0x00, 0x00, 0xAD, 0xC2, 0x00, 0x00, 0xB3, 0x76, 0xAD, 0x00, 0x01, 0xAD,
666 	0x25, 0x05, 0x02, 0x54, 0x28, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06,
667 	0x02, 0x54, 0x28, 0x03, 0x00, 0x25, 0x06, 0x16, 0xBA, 0x02, 0x00, 0x25,
668 	0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, 0x54, 0x28, 0x01, 0x08,
669 	0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x24, 0x02, 0x00, 0x00, 0x00, 0xAD,
670 	0x25, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xC2, 0x01, 0x00, 0x67, 0x37,
671 	0x01, 0x00, 0x00, 0x25, 0x67, 0x37, 0x67, 0x40, 0xA5, 0x01, 0x7F, 0x00,
672 	0x00, 0xB3, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB6, 0x04,
673 	0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x33,
674 	0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x28, 0x01,
675 	0x14, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x1D, 0x01, 0x16,
676 	0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x12, 0x01, 0x1E, 0x30,
677 	0x11, 0x06, 0x05, 0x24, 0x75, 0xB5, 0x04, 0x07, 0x42, 0xAE, 0x01, 0x00,
678 	0x01, 0x00, 0x24, 0x00, 0x01, 0xBA, 0x03, 0x00, 0x02, 0x00, 0x01, 0x05,
679 	0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01, 0x06, 0x14, 0x25, 0x01,
680 	0x01, 0x15, 0x06, 0x02, 0x46, 0x28, 0x01, 0x04, 0x0E, 0x02, 0x00, 0x01,
681 	0x1F, 0x15, 0x25, 0x01, 0x1F, 0x11, 0x06, 0x02, 0x47, 0x28, 0x09, 0x00,
682 	0x00, 0x25, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xB3, 0x00, 0x01,
683 	0xAD, 0x25, 0x05, 0x05, 0x67, 0x37, 0x01, 0x7F, 0x00, 0x01, 0x01, 0x03,
684 	0x00, 0x9F, 0x25, 0x01, 0x83, 0xFF, 0x7E, 0x11, 0x06, 0x16, 0x24, 0x25,
685 	0x06, 0x10, 0xA0, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02,
686 	0x00, 0x84, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B, 0x25, 0x05, 0x05, 0x24,
687 	0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x25, 0x06, 0x0B,
688 	0x9F, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x04, 0x6D, 0x24,
689 	0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01, 0x7F, 0x00,
690 	0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xA1, 0x25, 0x05,
691 	0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x04,
692 	0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01,
693 	0x7F, 0x00, 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xBA,
694 	0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03,
695 	0x00, 0x04, 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67,
696 	0x37, 0x01, 0x7F, 0x00, 0x00, 0xBA, 0x01, 0x08, 0x0E, 0x3B, 0xBA, 0x34,
697 	0x09, 0x00, 0x00, 0xBA, 0x3B, 0xBA, 0x01, 0x08, 0x0E, 0x34, 0x09, 0x00,
698 	0x00, 0x25, 0x05, 0x02, 0x4F, 0x28, 0x41, 0xBB, 0x00, 0x00, 0x32, 0x25,
699 	0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x24, 0x19, 0x04, 0x74, 0x00, 0x01,
700 	0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x15, 0x00, 0x00, 0x01,
701 	0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, 0x33, 0x00, 0x00, 0xC3,
702 	0x24, 0x00, 0x00, 0x25, 0x06, 0x07, 0xC4, 0x25, 0x06, 0x01, 0x19, 0x04,
703 	0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, 0x42, 0x00, 0x00, 0x01,
704 	0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00, 0x00, 0x01, 0x82, 0x22,
705 	0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x01, 0x03, 0x33, 0x01, 0x03,
706 	0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFD, 0x5F,
707 	0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x25, 0x01, 0x83, 0xB0, 0x00,
708 	0x01, 0x83, 0xBF, 0x7F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x01,
709 	0x83, 0xFF, 0x7F, 0x15, 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00
710 };
711 
712 static const uint16_t t0_caddr[] = {
713 	0,
714 	5,
715 	10,
716 	15,
717 	20,
718 	25,
719 	29,
720 	33,
721 	37,
722 	41,
723 	45,
724 	49,
725 	53,
726 	57,
727 	61,
728 	65,
729 	69,
730 	73,
731 	77,
732 	81,
733 	85,
734 	89,
735 	93,
736 	97,
737 	101,
738 	105,
739 	109,
740 	113,
741 	117,
742 	121,
743 	125,
744 	130,
745 	135,
746 	140,
747 	145,
748 	150,
749 	155,
750 	160,
751 	165,
752 	173,
753 	178,
754 	183,
755 	188,
756 	193,
757 	198,
758 	202,
759 	207,
760 	212,
761 	217,
762 	238,
763 	243,
764 	248,
765 	253,
766 	282,
767 	297,
768 	302,
769 	308,
770 	314,
771 	319,
772 	327,
773 	335,
774 	341,
775 	346,
776 	357,
777 	992,
778 	1007,
779 	1011,
780 	1016,
781 	1021,
782 	1026,
783 	1031,
784 	1036,
785 	1150,
786 	1155,
787 	1167,
788 	1172,
789 	1177,
790 	1182,
791 	1186,
792 	1191,
793 	1196,
794 	1201,
795 	1206,
796 	1216,
797 	1221,
798 	1226,
799 	1238,
800 	1253,
801 	1258,
802 	1272,
803 	1294,
804 	1305,
805 	1408,
806 	1455,
807 	1488,
808 	1579,
809 	1585,
810 	1648,
811 	1655,
812 	1683,
813 	1711,
814 	1816,
815 	1858,
816 	1871,
817 	1883,
818 	1897,
819 	1912,
820 	2132,
821 	2146,
822 	2163,
823 	2172,
824 	2239,
825 	2295,
826 	2299,
827 	2303,
828 	2308,
829 	2356,
830 	2382,
831 	2458,
832 	2502,
833 	2513,
834 	2598,
835 	2636,
836 	2674,
837 	2684,
838 	2694,
839 	2703,
840 	2716,
841 	2720,
842 	2724,
843 	2728,
844 	2732,
845 	2736,
846 	2740,
847 	2744,
848 	2756,
849 	2764,
850 	2769,
851 	2774,
852 	2779,
853 	2784,
854 	2792
855 };
856 
857 #define T0_INTERPRETED   61
858 
859 #define T0_ENTER(ip, rp, slot)   do { \
860 		const unsigned char *t0_newip; \
861 		uint32_t t0_lnum; \
862 		t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
863 		t0_lnum = t0_parse7E_unsigned(&t0_newip); \
864 		(rp) += t0_lnum; \
865 		*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
866 		(ip) = t0_newip; \
867 	} while (0)
868 
869 #define T0_DEFENTRY(name, slot) \
870 void \
871 name(void *ctx) \
872 { \
873 	t0_context *t0ctx = ctx; \
874 	t0ctx->ip = &t0_codeblock[0]; \
875 	T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
876 }
877 
878 T0_DEFENTRY(br_x509_minimal_init_main, 147)
879 
880 #define T0_NEXT(t0ipp)   (*(*(t0ipp)) ++)
881 
882 void
883 br_x509_minimal_run(void *t0ctx)
884 {
885 	uint32_t *dp, *rp;
886 	const unsigned char *ip;
887 
888 #define T0_LOCAL(x)    (*(rp - 2 - (x)))
889 #define T0_POP()       (*-- dp)
890 #define T0_POPi()      (*(int32_t *)(-- dp))
891 #define T0_PEEK(x)     (*(dp - 1 - (x)))
892 #define T0_PEEKi(x)    (*(int32_t *)(dp - 1 - (x)))
893 #define T0_PUSH(v)     do { *dp = (v); dp ++; } while (0)
894 #define T0_PUSHi(v)    do { *(int32_t *)dp = (v); dp ++; } while (0)
895 #define T0_RPOP()      (*-- rp)
896 #define T0_RPOPi()     (*(int32_t *)(-- rp))
897 #define T0_RPUSH(v)    do { *rp = (v); rp ++; } while (0)
898 #define T0_RPUSHi(v)   do { *(int32_t *)rp = (v); rp ++; } while (0)
899 #define T0_ROLL(x)     do { \
900 	size_t t0len = (size_t)(x); \
901 	uint32_t t0tmp = *(dp - 1 - t0len); \
902 	memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
903 	*(dp - 1) = t0tmp; \
904 } while (0)
905 #define T0_SWAP()      do { \
906 	uint32_t t0tmp = *(dp - 2); \
907 	*(dp - 2) = *(dp - 1); \
908 	*(dp - 1) = t0tmp; \
909 } while (0)
910 #define T0_ROT()       do { \
911 	uint32_t t0tmp = *(dp - 3); \
912 	*(dp - 3) = *(dp - 2); \
913 	*(dp - 2) = *(dp - 1); \
914 	*(dp - 1) = t0tmp; \
915 } while (0)
916 #define T0_NROT()       do { \
917 	uint32_t t0tmp = *(dp - 1); \
918 	*(dp - 1) = *(dp - 2); \
919 	*(dp - 2) = *(dp - 3); \
920 	*(dp - 3) = t0tmp; \
921 } while (0)
922 #define T0_PICK(x)      do { \
923 	uint32_t t0depth = (x); \
924 	T0_PUSH(T0_PEEK(t0depth)); \
925 } while (0)
926 #define T0_CO()         do { \
927 	goto t0_exit; \
928 } while (0)
929 #define T0_RET()        goto t0_next
930 
931 	dp = ((t0_context *)t0ctx)->dp;
932 	rp = ((t0_context *)t0ctx)->rp;
933 	ip = ((t0_context *)t0ctx)->ip;
934 	goto t0_next;
935 	for (;;) {
936 		uint32_t t0x;
937 
938 	t0_next:
939 		t0x = T0_NEXT(&ip);
940 		if (t0x < T0_INTERPRETED) {
941 			switch (t0x) {
942 				int32_t t0off;
943 
944 			case 0: /* ret */
945 				t0x = T0_RPOP();
946 				rp -= (t0x >> 16);
947 				t0x &= 0xFFFF;
948 				if (t0x == 0) {
949 					ip = NULL;
950 					goto t0_exit;
951 				}
952 				ip = &t0_codeblock[t0x];
953 				break;
954 			case 1: /* literal constant */
955 				T0_PUSHi(t0_parse7E_signed(&ip));
956 				break;
957 			case 2: /* read local */
958 				T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
959 				break;
960 			case 3: /* write local */
961 				T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
962 				break;
963 			case 4: /* jump */
964 				t0off = t0_parse7E_signed(&ip);
965 				ip += t0off;
966 				break;
967 			case 5: /* jump if */
968 				t0off = t0_parse7E_signed(&ip);
969 				if (T0_POP()) {
970 					ip += t0off;
971 				}
972 				break;
973 			case 6: /* jump if not */
974 				t0off = t0_parse7E_signed(&ip);
975 				if (!T0_POP()) {
976 					ip += t0off;
977 				}
978 				break;
979 			case 7: {
980 				/* %25 */
981 
982 	int32_t b = T0_POPi();
983 	int32_t a = T0_POPi();
984 	T0_PUSHi(a % b);
985 
986 				}
987 				break;
988 			case 8: {
989 				/* * */
990 
991 	uint32_t b = T0_POP();
992 	uint32_t a = T0_POP();
993 	T0_PUSH(a * b);
994 
995 				}
996 				break;
997 			case 9: {
998 				/* + */
999 
1000 	uint32_t b = T0_POP();
1001 	uint32_t a = T0_POP();
1002 	T0_PUSH(a + b);
1003 
1004 				}
1005 				break;
1006 			case 10: {
1007 				/* - */
1008 
1009 	uint32_t b = T0_POP();
1010 	uint32_t a = T0_POP();
1011 	T0_PUSH(a - b);
1012 
1013 				}
1014 				break;
1015 			case 11: {
1016 				/* -rot */
1017  T0_NROT();
1018 				}
1019 				break;
1020 			case 12: {
1021 				/* / */
1022 
1023 	int32_t b = T0_POPi();
1024 	int32_t a = T0_POPi();
1025 	T0_PUSHi(a / b);
1026 
1027 				}
1028 				break;
1029 			case 13: {
1030 				/* < */
1031 
1032 	int32_t b = T0_POPi();
1033 	int32_t a = T0_POPi();
1034 	T0_PUSH(-(uint32_t)(a < b));
1035 
1036 				}
1037 				break;
1038 			case 14: {
1039 				/* << */
1040 
1041 	int c = (int)T0_POPi();
1042 	uint32_t x = T0_POP();
1043 	T0_PUSH(x << c);
1044 
1045 				}
1046 				break;
1047 			case 15: {
1048 				/* <= */
1049 
1050 	int32_t b = T0_POPi();
1051 	int32_t a = T0_POPi();
1052 	T0_PUSH(-(uint32_t)(a <= b));
1053 
1054 				}
1055 				break;
1056 			case 16: {
1057 				/* <> */
1058 
1059 	uint32_t b = T0_POP();
1060 	uint32_t a = T0_POP();
1061 	T0_PUSH(-(uint32_t)(a != b));
1062 
1063 				}
1064 				break;
1065 			case 17: {
1066 				/* = */
1067 
1068 	uint32_t b = T0_POP();
1069 	uint32_t a = T0_POP();
1070 	T0_PUSH(-(uint32_t)(a == b));
1071 
1072 				}
1073 				break;
1074 			case 18: {
1075 				/* > */
1076 
1077 	int32_t b = T0_POPi();
1078 	int32_t a = T0_POPi();
1079 	T0_PUSH(-(uint32_t)(a > b));
1080 
1081 				}
1082 				break;
1083 			case 19: {
1084 				/* >= */
1085 
1086 	int32_t b = T0_POPi();
1087 	int32_t a = T0_POPi();
1088 	T0_PUSH(-(uint32_t)(a >= b));
1089 
1090 				}
1091 				break;
1092 			case 20: {
1093 				/* >> */
1094 
1095 	int c = (int)T0_POPi();
1096 	int32_t x = T0_POPi();
1097 	T0_PUSHi(x >> c);
1098 
1099 				}
1100 				break;
1101 			case 21: {
1102 				/* and */
1103 
1104 	uint32_t b = T0_POP();
1105 	uint32_t a = T0_POP();
1106 	T0_PUSH(a & b);
1107 
1108 				}
1109 				break;
1110 			case 22: {
1111 				/* blobcopy */
1112 
1113 	size_t len = T0_POP();
1114 	unsigned char *src = (unsigned char *)CTX + T0_POP();
1115 	unsigned char *dst = (unsigned char *)CTX + T0_POP();
1116 	memcpy(dst, src, len);
1117 
1118 				}
1119 				break;
1120 			case 23: {
1121 				/* check-direct-trust */
1122 
1123 	size_t u;
1124 
1125 	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1126 		const br_x509_trust_anchor *ta;
1127 		unsigned char hashed_DN[64];
1128 		int kt;
1129 
1130 		ta = &CTX->trust_anchors[u];
1131 		if (ta->flags & BR_X509_TA_CA) {
1132 			continue;
1133 		}
1134 		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1135 		if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {
1136 			continue;
1137 		}
1138 		kt = CTX->pkey.key_type;
1139 		if ((ta->pkey.key_type & 0x0F) != kt) {
1140 			continue;
1141 		}
1142 		switch (kt) {
1143 
1144 		case BR_KEYTYPE_RSA:
1145 			if (!eqbigint(CTX->pkey.key.rsa.n,
1146 				CTX->pkey.key.rsa.nlen,
1147 				ta->pkey.key.rsa.n,
1148 				ta->pkey.key.rsa.nlen)
1149 				|| !eqbigint(CTX->pkey.key.rsa.e,
1150 				CTX->pkey.key.rsa.elen,
1151 				ta->pkey.key.rsa.e,
1152 				ta->pkey.key.rsa.elen))
1153 			{
1154 				continue;
1155 			}
1156 			break;
1157 
1158 		case BR_KEYTYPE_EC:
1159 			if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve
1160 				|| CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen
1161 				|| memcmp(CTX->pkey.key.ec.q,
1162 					ta->pkey.key.ec.q,
1163 					ta->pkey.key.ec.qlen) != 0)
1164 			{
1165 				continue;
1166 			}
1167 			break;
1168 
1169 		default:
1170 			continue;
1171 		}
1172 
1173 		/*
1174 		 * Direct trust match!
1175 		 */
1176 		CTX->err = BR_ERR_X509_OK;
1177 		T0_CO();
1178 	}
1179 
1180 				}
1181 				break;
1182 			case 24: {
1183 				/* check-trust-anchor-CA */
1184 
1185 	size_t u;
1186 
1187 	for (u = 0; u < CTX->trust_anchors_num; u ++) {
1188 		const br_x509_trust_anchor *ta;
1189 		unsigned char hashed_DN[64];
1190 
1191 		ta = &CTX->trust_anchors[u];
1192 		if (!(ta->flags & BR_X509_TA_CA)) {
1193 			continue;
1194 		}
1195 		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
1196 		if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {
1197 			continue;
1198 		}
1199 		if (verify_signature(CTX, &ta->pkey) == 0) {
1200 			CTX->err = BR_ERR_X509_OK;
1201 			T0_CO();
1202 		}
1203 	}
1204 
1205 				}
1206 				break;
1207 			case 25: {
1208 				/* co */
1209  T0_CO();
1210 				}
1211 				break;
1212 			case 26: {
1213 				/* compute-dn-hash */
1214 
1215 	CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash);
1216 	CTX->do_dn_hash = 0;
1217 
1218 				}
1219 				break;
1220 			case 27: {
1221 				/* compute-tbs-hash */
1222 
1223 	int id = T0_POPi();
1224 	size_t len;
1225 	len = br_multihash_out(&CTX->mhash, id, CTX->tbs_hash);
1226 	T0_PUSH(len);
1227 
1228 				}
1229 				break;
1230 			case 28: {
1231 				/* copy-ee-ec-pkey */
1232 
1233 	size_t qlen = T0_POP();
1234 	uint32_t curve = T0_POP();
1235 	memcpy(CTX->ee_pkey_data, CTX->pkey_data, qlen);
1236 	CTX->pkey.key_type = BR_KEYTYPE_EC;
1237 	CTX->pkey.key.ec.curve = curve;
1238 	CTX->pkey.key.ec.q = CTX->ee_pkey_data;
1239 	CTX->pkey.key.ec.qlen = qlen;
1240 
1241 				}
1242 				break;
1243 			case 29: {
1244 				/* copy-ee-rsa-pkey */
1245 
1246 	size_t elen = T0_POP();
1247 	size_t nlen = T0_POP();
1248 	memcpy(CTX->ee_pkey_data, CTX->pkey_data, nlen + elen);
1249 	CTX->pkey.key_type = BR_KEYTYPE_RSA;
1250 	CTX->pkey.key.rsa.n = CTX->ee_pkey_data;
1251 	CTX->pkey.key.rsa.nlen = nlen;
1252 	CTX->pkey.key.rsa.e = CTX->ee_pkey_data + nlen;
1253 	CTX->pkey.key.rsa.elen = elen;
1254 
1255 				}
1256 				break;
1257 			case 30: {
1258 				/* copy-name-SAN */
1259 
1260 	unsigned tag = T0_POP();
1261 	unsigned ok = T0_POP();
1262 	size_t u, len;
1263 
1264 	len = CTX->pad[0];
1265 	for (u = 0; u < CTX->num_name_elts; u ++) {
1266 		br_name_element *ne;
1267 
1268 		ne = &CTX->name_elts[u];
1269 		if (ne->status == 0 && ne->oid[0] == 0 && ne->oid[1] == tag) {
1270 			if (ok && ne->len > len) {
1271 				memcpy(ne->buf, CTX->pad + 1, len);
1272 				ne->buf[len] = 0;
1273 				ne->status = 1;
1274 			} else {
1275 				ne->status = -1;
1276 			}
1277 			break;
1278 		}
1279 	}
1280 
1281 				}
1282 				break;
1283 			case 31: {
1284 				/* copy-name-element */
1285 
1286 	size_t len;
1287 	int32_t off = T0_POPi();
1288 	int ok = T0_POPi();
1289 
1290 	if (off >= 0) {
1291 		br_name_element *ne = &CTX->name_elts[off];
1292 
1293 		if (ok) {
1294 			len = CTX->pad[0];
1295 			if (len < ne->len) {
1296 				memcpy(ne->buf, CTX->pad + 1, len);
1297 				ne->buf[len] = 0;
1298 				ne->status = 1;
1299 			} else {
1300 				ne->status = -1;
1301 			}
1302 		} else {
1303 			ne->status = -1;
1304 		}
1305 	}
1306 
1307 				}
1308 				break;
1309 			case 32: {
1310 				/* data-get8 */
1311 
1312 	size_t addr = T0_POP();
1313 	T0_PUSH(t0_datablock[addr]);
1314 
1315 				}
1316 				break;
1317 			case 33: {
1318 				/* dn-hash-length */
1319 
1320 	T0_PUSH(DNHASH_LEN);
1321 
1322 				}
1323 				break;
1324 			case 34: {
1325 				/* do-ecdsa-vrfy */
1326 
1327 	size_t qlen = T0_POP();
1328 	int curve = T0_POP();
1329 	br_x509_pkey pk;
1330 
1331 	pk.key_type = BR_KEYTYPE_EC;
1332 	pk.key.ec.curve = curve;
1333 	pk.key.ec.q = CTX->pkey_data;
1334 	pk.key.ec.qlen = qlen;
1335 	T0_PUSH(verify_signature(CTX, &pk));
1336 
1337 				}
1338 				break;
1339 			case 35: {
1340 				/* do-rsa-vrfy */
1341 
1342 	size_t elen = T0_POP();
1343 	size_t nlen = T0_POP();
1344 	br_x509_pkey pk;
1345 
1346 	pk.key_type = BR_KEYTYPE_RSA;
1347 	pk.key.rsa.n = CTX->pkey_data;
1348 	pk.key.rsa.nlen = nlen;
1349 	pk.key.rsa.e = CTX->pkey_data + nlen;
1350 	pk.key.rsa.elen = elen;
1351 	T0_PUSH(verify_signature(CTX, &pk));
1352 
1353 				}
1354 				break;
1355 			case 36: {
1356 				/* drop */
1357  (void)T0_POP();
1358 				}
1359 				break;
1360 			case 37: {
1361 				/* dup */
1362  T0_PUSH(T0_PEEK(0));
1363 				}
1364 				break;
1365 			case 38: {
1366 				/* eqOID */
1367 
1368 	const unsigned char *a2 = &t0_datablock[T0_POP()];
1369 	const unsigned char *a1 = &CTX->pad[0];
1370 	size_t len = a1[0];
1371 	int x;
1372 	if (len == a2[0]) {
1373 		x = -(memcmp(a1 + 1, a2 + 1, len) == 0);
1374 	} else {
1375 		x = 0;
1376 	}
1377 	T0_PUSH((uint32_t)x);
1378 
1379 				}
1380 				break;
1381 			case 39: {
1382 				/* eqblob */
1383 
1384 	size_t len = T0_POP();
1385 	const unsigned char *a2 = (const unsigned char *)CTX + T0_POP();
1386 	const unsigned char *a1 = (const unsigned char *)CTX + T0_POP();
1387 	T0_PUSHi(-(memcmp(a1, a2, len) == 0));
1388 
1389 				}
1390 				break;
1391 			case 40: {
1392 				/* fail */
1393 
1394 	CTX->err = T0_POPi();
1395 	T0_CO();
1396 
1397 				}
1398 				break;
1399 			case 41: {
1400 				/* get-system-date */
1401 
1402 	if (CTX->days == 0 && CTX->seconds == 0) {
1403 #if BR_USE_UNIX_TIME
1404 		time_t x = time(NULL);
1405 
1406 		T0_PUSH((uint32_t)(x / 86400) + 719528);
1407 		T0_PUSH((uint32_t)(x % 86400));
1408 #elif BR_USE_WIN32_TIME
1409 		FILETIME ft;
1410 		uint64_t x;
1411 
1412 		GetSystemTimeAsFileTime(&ft);
1413 		x = ((uint64_t)ft.dwHighDateTime << 32)
1414 			+ (uint64_t)ft.dwLowDateTime;
1415 		x = (x / 10000000);
1416 		T0_PUSH((uint32_t)(x / 86400) + 584754);
1417 		T0_PUSH((uint32_t)(x % 86400));
1418 #else
1419 		CTX->err = BR_ERR_X509_TIME_UNKNOWN;
1420 		T0_CO();
1421 #endif
1422 	} else {
1423 		T0_PUSH(CTX->days);
1424 		T0_PUSH(CTX->seconds);
1425 	}
1426 
1427 				}
1428 				break;
1429 			case 42: {
1430 				/* get16 */
1431 
1432 	uint32_t addr = T0_POP();
1433 	T0_PUSH(*(uint16_t *)(void *)((unsigned char *)CTX + addr));
1434 
1435 				}
1436 				break;
1437 			case 43: {
1438 				/* get32 */
1439 
1440 	uint32_t addr = T0_POP();
1441 	T0_PUSH(*(uint32_t *)(void *)((unsigned char *)CTX + addr));
1442 
1443 				}
1444 				break;
1445 			case 44: {
1446 				/* match-server-name */
1447 
1448 	size_t n1, n2;
1449 
1450 	if (CTX->server_name == NULL) {
1451 		T0_PUSH(0);
1452 		T0_RET();
1453 	}
1454 	n1 = strlen(CTX->server_name);
1455 	n2 = CTX->pad[0];
1456 	if (n1 == n2 && eqnocase(&CTX->pad[1], CTX->server_name, n1)) {
1457 		T0_PUSHi(-1);
1458 		T0_RET();
1459 	}
1460 	if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {
1461 		size_t u;
1462 
1463 		u = 0;
1464 		while (u < n1 && CTX->server_name[u] != '.') {
1465 			u ++;
1466 		}
1467 		u ++;
1468 		n1 -= u;
1469 		if ((n2 - 2) == n1
1470 			&& eqnocase(&CTX->pad[3], CTX->server_name + u, n1))
1471 		{
1472 			T0_PUSHi(-1);
1473 			T0_RET();
1474 		}
1475 	}
1476 	T0_PUSH(0);
1477 
1478 				}
1479 				break;
1480 			case 45: {
1481 				/* neg */
1482 
1483 	uint32_t a = T0_POP();
1484 	T0_PUSH(-a);
1485 
1486 				}
1487 				break;
1488 			case 46: {
1489 				/* offset-name-element */
1490 
1491 	unsigned san = T0_POP();
1492 	size_t u;
1493 
1494 	for (u = 0; u < CTX->num_name_elts; u ++) {
1495 		if (CTX->name_elts[u].status == 0) {
1496 			const unsigned char *oid;
1497 			size_t len, off;
1498 
1499 			oid = CTX->name_elts[u].oid;
1500 			if (san) {
1501 				if (oid[0] != 0 || oid[1] != 0) {
1502 					continue;
1503 				}
1504 				off = 2;
1505 			} else {
1506 				off = 0;
1507 			}
1508 			len = oid[off];
1509 			if (len != 0 && len == CTX->pad[0]
1510 				&& memcmp(oid + off + 1,
1511 					CTX->pad + 1, len) == 0)
1512 			{
1513 				T0_PUSH(u);
1514 				T0_RET();
1515 			}
1516 		}
1517 	}
1518 	T0_PUSHi(-1);
1519 
1520 				}
1521 				break;
1522 			case 47: {
1523 				/* or */
1524 
1525 	uint32_t b = T0_POP();
1526 	uint32_t a = T0_POP();
1527 	T0_PUSH(a | b);
1528 
1529 				}
1530 				break;
1531 			case 48: {
1532 				/* over */
1533  T0_PUSH(T0_PEEK(1));
1534 				}
1535 				break;
1536 			case 49: {
1537 				/* read-blob-inner */
1538 
1539 	uint32_t len = T0_POP();
1540 	uint32_t addr = T0_POP();
1541 	size_t clen = CTX->hlen;
1542 	if (clen > len) {
1543 		clen = (size_t)len;
1544 	}
1545 	if (addr != 0) {
1546 		memcpy((unsigned char *)CTX + addr, CTX->hbuf, clen);
1547 	}
1548 	if (CTX->do_mhash) {
1549 		br_multihash_update(&CTX->mhash, CTX->hbuf, clen);
1550 	}
1551 	if (CTX->do_dn_hash) {
1552 		CTX->dn_hash_impl->update(
1553 			&CTX->dn_hash.vtable, CTX->hbuf, clen);
1554 	}
1555 	CTX->hbuf += clen;
1556 	CTX->hlen -= clen;
1557 	T0_PUSH(addr + clen);
1558 	T0_PUSH(len - clen);
1559 
1560 				}
1561 				break;
1562 			case 50: {
1563 				/* read8-low */
1564 
1565 	if (CTX->hlen == 0) {
1566 		T0_PUSHi(-1);
1567 	} else {
1568 		unsigned char x = *CTX->hbuf ++;
1569 		if (CTX->do_mhash) {
1570 			br_multihash_update(&CTX->mhash, &x, 1);
1571 		}
1572 		if (CTX->do_dn_hash) {
1573 			CTX->dn_hash_impl->update(&CTX->dn_hash.vtable, &x, 1);
1574 		}
1575 		CTX->hlen --;
1576 		T0_PUSH(x);
1577 	}
1578 
1579 				}
1580 				break;
1581 			case 51: {
1582 				/* roll */
1583  T0_ROLL(T0_POP());
1584 				}
1585 				break;
1586 			case 52: {
1587 				/* rot */
1588  T0_ROT();
1589 				}
1590 				break;
1591 			case 53: {
1592 				/* set16 */
1593 
1594 	uint32_t addr = T0_POP();
1595 	*(uint16_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();
1596 
1597 				}
1598 				break;
1599 			case 54: {
1600 				/* set32 */
1601 
1602 	uint32_t addr = T0_POP();
1603 	*(uint32_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();
1604 
1605 				}
1606 				break;
1607 			case 55: {
1608 				/* set8 */
1609 
1610 	uint32_t addr = T0_POP();
1611 	*((unsigned char *)CTX + addr) = (unsigned char)T0_POP();
1612 
1613 				}
1614 				break;
1615 			case 56: {
1616 				/* start-dn-hash */
1617 
1618 	CTX->dn_hash_impl->init(&CTX->dn_hash.vtable);
1619 	CTX->do_dn_hash = 1;
1620 
1621 				}
1622 				break;
1623 			case 57: {
1624 				/* start-tbs-hash */
1625 
1626 	br_multihash_init(&CTX->mhash);
1627 	CTX->do_mhash = 1;
1628 
1629 				}
1630 				break;
1631 			case 58: {
1632 				/* stop-tbs-hash */
1633 
1634 	CTX->do_mhash = 0;
1635 
1636 				}
1637 				break;
1638 			case 59: {
1639 				/* swap */
1640  T0_SWAP();
1641 				}
1642 				break;
1643 			case 60: {
1644 				/* zero-server-name */
1645 
1646 	T0_PUSHi(-(CTX->server_name == NULL));
1647 
1648 				}
1649 				break;
1650 			}
1651 
1652 		} else {
1653 			T0_ENTER(ip, rp, t0x);
1654 		}
1655 	}
1656 t0_exit:
1657 	((t0_context *)t0ctx)->dp = dp;
1658 	((t0_context *)t0ctx)->rp = rp;
1659 	((t0_context *)t0ctx)->ip = ip;
1660 }
1661 
1662 
1663 
1664 /*
1665  * Verify the signature on the certificate with the provided public key.
1666  * This function checks the public key type with regards to the expected
1667  * type. Returned value is either 0 on success, or a non-zero error code.
1668  */
1669 static int
1670 verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk)
1671 {
1672 	int kt;
1673 
1674 	kt = ctx->cert_signer_key_type;
1675 	if ((pk->key_type & 0x0F) != kt) {
1676 		return BR_ERR_X509_WRONG_KEY_TYPE;
1677 	}
1678 	switch (kt) {
1679 		unsigned char tmp[64];
1680 
1681 	case BR_KEYTYPE_RSA:
1682 		if (ctx->irsa == 0) {
1683 			return BR_ERR_X509_UNSUPPORTED;
1684 		}
1685 		if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len,
1686 			&t0_datablock[ctx->cert_sig_hash_oid],
1687 			ctx->cert_sig_hash_len, &pk->key.rsa, tmp))
1688 		{
1689 			return BR_ERR_X509_BAD_SIGNATURE;
1690 		}
1691 		if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
1692 			return BR_ERR_X509_BAD_SIGNATURE;
1693 		}
1694 		return 0;
1695 
1696 	case BR_KEYTYPE_EC:
1697 		if (ctx->iecdsa == 0) {
1698 			return BR_ERR_X509_UNSUPPORTED;
1699 		}
1700 		if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash,
1701 			ctx->cert_sig_hash_len, &pk->key.ec,
1702 			ctx->cert_sig, ctx->cert_sig_len))
1703 		{
1704 			return BR_ERR_X509_BAD_SIGNATURE;
1705 		}
1706 		return 0;
1707 
1708 	default:
1709 		return BR_ERR_X509_UNSUPPORTED;
1710 	}
1711 }
1712 
1713 
1714