Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/contrib/bearssl/src/x509/x509_minimal.c
39507 views
1
/* Automatically generated code; do not modify directly. */

2


3
#include <stddef.h>

4
#include <stdint.h>

5


6
typedef struct {

7
	uint32_t *dp;

8
	uint32_t *rp;

9
	const unsigned char *ip;

10
} t0_context;

11


12
static uint32_t

13
t0_parse7E_unsigned(const unsigned char **p)

14
{

15
	uint32_t x;

16


17
	x = 0;

18
	for (;;) {

19
		unsigned y;

20


21
		y = *(*p) ++;

22
		x = (x << 7) | (uint32_t)(y & 0x7F);

23
		if (y < 0x80) {

24
			return x;

25
		}

26
	}

27
}

28


29
static int32_t

30
t0_parse7E_signed(const unsigned char **p)

31
{

32
	int neg;

33
	uint32_t x;

34


35
	neg = ((**p) >> 6) & 1;

36
	x = (uint32_t)-neg;

37
	for (;;) {

38
		unsigned y;

39


40
		y = *(*p) ++;

41
		x = (x << 7) | (uint32_t)(y & 0x7F);

42
		if (y < 0x80) {

43
			if (neg) {

44
				return -(int32_t)~x - 1;

45
			} else {

46
				return (int32_t)x;

47
			}

48
		}

49
	}

50
}

51


52
#define T0_VBYTE(x, n)   (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)

53
#define T0_FBYTE(x, n)   (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)

54
#define T0_SBYTE(x)      (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)

55
#define T0_INT1(x)       T0_FBYTE(x, 0)

56
#define T0_INT2(x)       T0_VBYTE(x, 7), T0_FBYTE(x, 0)

57
#define T0_INT3(x)       T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)

58
#define T0_INT4(x)       T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)

59
#define T0_INT5(x)       T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)

60


61
/* static const unsigned char t0_datablock[]; */

62


63


64
void br_x509_minimal_init_main(void *t0ctx);

65


66
void br_x509_minimal_run(void *t0ctx);

67


68


69


70
#include "inner.h"

71


72


73


74


75


76
#include "inner.h"

77


78
/*

79
 * Implementation Notes

80
 * --------------------

81
 *

82
 * The C code pushes the data by chunks; all decoding is done in the

83
 * T0 code. The cert_length value is set to the certificate length when

84
 * a new certificate is started; the T0 code picks it up as outer limit,

85
 * and decoding functions use it to ensure that no attempt is made at

86
 * reading past it. The T0 code also checks that once the certificate is

87
 * decoded, there are no trailing bytes.

88
 *

89
 * The T0 code sets cert_length to 0 when the certificate is fully

90
 * decoded.

91
 *

92
 * The C code must still perform two checks:

93
 *

94
 *  -- If the certificate length is 0, then the T0 code will not be

95
 *  invoked at all. This invalid condition must thus be reported by the

96
 *  C code.

97
 *

98
 *  -- When reaching the end of certificate, the C code must verify that

99
 *  the certificate length has been set to 0, thereby signaling that

100
 *  the T0 code properly decoded a certificate.

101
 *

102
 * Processing of a chain works in the following way:

103
 *

104
 *  -- The error flag is set to a non-zero value when validation is

105
 *  finished. The value is either BR_ERR_X509_OK (validation is

106
 *  successful) or another non-zero error code. When a non-zero error

107
 *  code is obtained, the remaining bytes in the current certificate and

108
 *  the subsequent certificates (if any) are completely ignored.

109
 *

110
 *  -- Each certificate is decoded in due course, with the following

111
 *  "interesting points":

112
 *

113
 *     -- Start of the TBS: the multihash engine is reset and activated.

114
 *

115
 *     -- Start of the issuer DN: the secondary hash engine is started,

116
 *     to process the encoded issuer DN.

117
 *

118
 *     -- End of the issuer DN: the secondary hash engine is stopped. The

119
 *     resulting hash value is computed and then copied into the

120
 *     next_dn_hash[] buffer.

121
 *

122
 *     -- Start of the subject DN: the secondary hash engine is started,

123
 *     to process the encoded subject DN.

124
 *

125
 *     -- For the EE certificate only: the Common Name, if any, is matched

126
 *     against the expected server name.

127
 *

128
 *     -- End of the subject DN: the secondary hash engine is stopped. The

129
 *     resulting hash value is computed into the pad. It is then processed:

130
 *

131
 *        -- If this is the EE certificate, then the hash is ignored

132
 *        (except for direct trust processing, see later; the hash is

133
 *        simply left in current_dn_hash[]).

134
 *

135
 *        -- Otherwise, the hashed subject DN is compared with the saved

136
 *        hash value (in saved_dn_hash[]). They must match.

137
 *

138
 *     Either way, the next_dn_hash[] value is then copied into the

139
 *     saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]

140
 *     contains the hash of the issuer DN for the current certificate,

141
 *     and current_dn_hash[] contains the hash of the subject DN for the

142
 *     current certificate.

143
 *

144
 *     -- Public key: it is decoded into the cert_pkey[] buffer. Unknown

145
 *     key types are reported at that point.

146
 *

147
 *        -- If this is the EE certificate, then the key type is compared

148
 *        with the expected key type (initialization parameter). The public

149
 *        key data is copied to ee_pkey_data[]. The key and hashed subject

150
 *        DN are also compared with the "direct trust" keys; if the key

151
 *        and DN are matched, then validation ends with a success.

152
 *

153
 *        -- Otherwise, the saved signature (cert_sig[]) is verified

154
 *        against the saved TBS hash (tbs_hash[]) and that freshly

155
 *        decoded public key. Failure here ends validation with an error.

156
 *

157
 *     -- Extensions: extension values are processed in due order.

158
 *

159
 *        -- Basic Constraints: for all certificates except EE, must be

160
 *        present, indicate a CA, and have a path length compatible with

161
 *        the chain length so far.

162
 *

163
 *        -- Key Usage: for the EE, if present, must allow signatures

164
 *        or encryption/key exchange, as required for the cipher suite.

165
 *        For non-EE, if present, must have the "certificate sign" bit.

166
 *

167
 *        -- Subject Alt Name: for the EE, dNSName names are matched

168
 *        against the server name. Ignored for non-EE.

169
 *

170
 *        -- Authority Key Identifier, Subject Key Identifier, Issuer

171
 *        Alt Name, Subject Directory Attributes, CRL Distribution Points

172
 *        Freshest CRL, Authority Info Access and Subject Info Access

173
 *        extensions are always ignored: they either contain only

174
 *        informative data, or they relate to revocation processing, which

175
 *        we explicitly do not support.

176
 *

177
 *        -- All other extensions are ignored if non-critical. If a

178
 *        critical extension other than the ones above is encountered,

179
 *        then a failure is reported.

180
 *

181
 *     -- End of the TBS: the multihash engine is stopped.

182
 *

183
 *     -- Signature algorithm: the signature algorithm on the

184
 *     certificate is decoded. A failure is reported if that algorithm

185
 *     is unknown. The hashed TBS corresponding to the signature hash

186
 *     function is computed and stored in tbs_hash[] (if not supported,

187
 *     then a failure is reported). The hash OID and length are stored

188
 *     in cert_sig_hash_oid and cert_sig_hash_len.

189
 *

190
 *     -- Signature value: the signature value is copied into the

191
 *     cert_sig[] array.

192
 *

193
 *     -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is

194
 *     looked up in the trust store (CA trust anchors only); for all

195
 *     that match, the signature (cert_sig[]) is verified against the

196
 *     anchor public key (hashed TBS is in tbs_hash[]). If one of these

197
 *     signatures is valid, then validation ends with a success.

198
 *

199
 *  -- If the chain end is reached without obtaining a validation success,

200
 *  then validation is reported as failed.

201
 */

202


203
#if BR_USE_UNIX_TIME

204
#include <time.h>

205
#endif

206


207
#if BR_USE_WIN32_TIME

208
#include <windows.h>

209
#endif

210


211
/*

212
 * The T0 compiler will produce these prototypes declarations in the

213
 * header.

214
 *

215
void br_x509_minimal_init_main(void *ctx);

216
void br_x509_minimal_run(void *ctx);

217
 */

218


219
/* see bearssl_x509.h */

220
void

221
br_x509_minimal_init(br_x509_minimal_context *ctx,

222
	const br_hash_class *dn_hash_impl,

223
	const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num)

224
{

225
	memset(ctx, 0, sizeof *ctx);

226
	ctx->vtable = &br_x509_minimal_vtable;

227
	ctx->dn_hash_impl = dn_hash_impl;

228
	ctx->trust_anchors = trust_anchors;

229
	ctx->trust_anchors_num = trust_anchors_num;

230
}

231


232
static void

233
xm_start_chain(const br_x509_class **ctx, const char *server_name)

234
{

235
	br_x509_minimal_context *cc;

236
	size_t u;

237


238
	cc = (br_x509_minimal_context *)(void *)ctx;

239
	for (u = 0; u < cc->num_name_elts; u ++) {

240
		cc->name_elts[u].status = 0;

241
		cc->name_elts[u].buf[0] = 0;

242
	}

243
	memset(&cc->pkey, 0, sizeof cc->pkey);

244
	cc->num_certs = 0;

245
	cc->err = 0;

246
	cc->cpu.dp = cc->dp_stack;

247
	cc->cpu.rp = cc->rp_stack;

248
	br_x509_minimal_init_main(&cc->cpu);

249
	if (server_name == NULL || *server_name == 0) {

250
		cc->server_name = NULL;

251
	} else {

252
		cc->server_name = server_name;

253
	}

254
}

255


256
static void

257
xm_start_cert(const br_x509_class **ctx, uint32_t length)

258
{

259
	br_x509_minimal_context *cc;

260


261
	cc = (br_x509_minimal_context *)(void *)ctx;

262
	if (cc->err != 0) {

263
		return;

264
	}

265
	if (length == 0) {

266
		cc->err = BR_ERR_X509_TRUNCATED;

267
		return;

268
	}

269
	cc->cert_length = length;

270
}

271


272
static void

273
xm_append(const br_x509_class **ctx, const unsigned char *buf, size_t len)

274
{

275
	br_x509_minimal_context *cc;

276


277
	cc = (br_x509_minimal_context *)(void *)ctx;

278
	if (cc->err != 0) {

279
		return;

280
	}

281
	cc->hbuf = buf;

282
	cc->hlen = len;

283
	br_x509_minimal_run(&cc->cpu);

284
}

285


286
static void

287
xm_end_cert(const br_x509_class **ctx)

288
{

289
	br_x509_minimal_context *cc;

290


291
	cc = (br_x509_minimal_context *)(void *)ctx;

292
	if (cc->err == 0 && cc->cert_length != 0) {

293
		cc->err = BR_ERR_X509_TRUNCATED;

294
	}

295
	cc->num_certs ++;

296
}

297


298
static unsigned

299
xm_end_chain(const br_x509_class **ctx)

300
{

301
	br_x509_minimal_context *cc;

302


303
	cc = (br_x509_minimal_context *)(void *)ctx;

304
	if (cc->err == 0) {

305
		if (cc->num_certs == 0) {

306
			cc->err = BR_ERR_X509_EMPTY_CHAIN;

307
		} else {

308
			cc->err = BR_ERR_X509_NOT_TRUSTED;

309
		}

310
	} else if (cc->err == BR_ERR_X509_OK) {

311
		return 0;

312
	}

313
	return (unsigned)cc->err;

314
}

315


316
static const br_x509_pkey *

317
xm_get_pkey(const br_x509_class *const *ctx, unsigned *usages)

318
{

319
	br_x509_minimal_context *cc;

320


321
	cc = (br_x509_minimal_context *)(void *)ctx;

322
	if (cc->err == BR_ERR_X509_OK

323
		|| cc->err == BR_ERR_X509_NOT_TRUSTED)

324
	{

325
		if (usages != NULL) {

326
			*usages = cc->key_usages;

327
		}

328
		return &((br_x509_minimal_context *)(void *)ctx)->pkey;

329
	} else {

330
		return NULL;

331
	}

332
}

333


334
/* see bearssl_x509.h */

335
const br_x509_class br_x509_minimal_vtable = {

336
	sizeof(br_x509_minimal_context),

337
	xm_start_chain,

338
	xm_start_cert,

339
	xm_append,

340
	xm_end_cert,

341
	xm_end_chain,

342
	xm_get_pkey

343
};

344


345
#define CTX   ((br_x509_minimal_context *)(void *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))

346
#define CONTEXT_NAME   br_x509_minimal_context

347


348
#define DNHASH_LEN   ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)

349


350
/*

351
 * Hash a DN (from a trust anchor) into the provided buffer. This uses the

352
 * DN hash implementation and context structure from the X.509 engine

353
 * context.

354
 */

355
static void

356
hash_dn(br_x509_minimal_context *ctx, const void *dn, size_t len,

357
	unsigned char *out)

358
{

359
	ctx->dn_hash_impl->init(&ctx->dn_hash.vtable);

360
	ctx->dn_hash_impl->update(&ctx->dn_hash.vtable, dn, len);

361
	ctx->dn_hash_impl->out(&ctx->dn_hash.vtable, out);

362
}

363


364
/*

365
 * Compare two big integers for equality. The integers use unsigned big-endian

366
 * encoding; extra leading bytes (of value 0) are allowed.

367
 */

368
static int

369
eqbigint(const unsigned char *b1, size_t len1,

370
	const unsigned char *b2, size_t len2)

371
{

372
	while (len1 > 0 && *b1 == 0) {

373
		b1 ++;

374
		len1 --;

375
	}

376
	while (len2 > 0 && *b2 == 0) {

377
		b2 ++;

378
		len2 --;

379
	}

380
	if (len1 != len2) {

381
		return 0;

382
	}

383
	return memcmp(b1, b2, len1) == 0;

384
}

385


386
/*

387
 * Compare two strings for equality, in a case-insensitive way. This

388
 * function handles casing only for ASCII letters.

389
 */

390
static int

391
eqnocase(const void *s1, const void *s2, size_t len)

392
{

393
	const unsigned char *buf1, *buf2;

394


395
	buf1 = s1;

396
	buf2 = s2;

397
	while (len -- > 0) {

398
		int x1, x2;

399


400
		x1 = *buf1 ++;

401
		x2 = *buf2 ++;

402
		if (x1 >= 'A' && x1 <= 'Z') {

403
			x1 += 'a' - 'A';

404
		}

405
		if (x2 >= 'A' && x2 <= 'Z') {

406
			x2 += 'a' - 'A';

407
		}

408
		if (x1 != x2) {

409
			return 0;

410
		}

411
	}

412
	return 1;

413
}

414


415
static int verify_signature(br_x509_minimal_context *ctx,

416
	const br_x509_pkey *pk);

417


418


419


420
static const unsigned char t0_datablock[] = {

421
	0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,

422
	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,

423
	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,

424
	0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,

425
	0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,

426
	0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,

427
	0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,

428
	0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,

429
	0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,

430
	0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,

431
	0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,

432
	0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,

433
	0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,

434
	0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,

435
	0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,

436
	0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E,

437
	0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F,

438
	0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E,

439
	0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F,

440
	0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F,

441
	0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x20, 0x08, 0x2B, 0x06, 0x01,

442
	0x05, 0x05, 0x07, 0x02, 0x01, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D,

443
	0x0E, 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D,

444
	0x1F, 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,

445
	0x01, 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B

446
};

447


448
static const unsigned char t0_codeblock[] = {

449
	0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01,

450
	0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A,

451
	0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,

452
	T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01,

453
	T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01,

454
	T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01,

455
	T0_INT1(BR_ERR_X509_BAD_TAG_CLASS), 0x00, 0x00, 0x01,

456
	T0_INT1(BR_ERR_X509_BAD_TAG_VALUE), 0x00, 0x00, 0x01,

457
	T0_INT1(BR_ERR_X509_BAD_TIME), 0x00, 0x00, 0x01,

458
	T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION), 0x00, 0x00, 0x01,

459
	T0_INT1(BR_ERR_X509_DN_MISMATCH), 0x00, 0x00, 0x01,

460
	T0_INT1(BR_ERR_X509_EXPIRED), 0x00, 0x00, 0x01,

461
	T0_INT1(BR_ERR_X509_EXTRA_ELEMENT), 0x00, 0x00, 0x01,

462
	T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE), 0x00, 0x00, 0x01,

463
	T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH), 0x00, 0x00, 0x01,

464
	T0_INT1(BR_ERR_X509_INNER_TRUNC), 0x00, 0x00, 0x01,

465
	T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,

466
	T0_INT1(BR_ERR_X509_NOT_CA), 0x00, 0x00, 0x01,

467
	T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED), 0x00, 0x00, 0x01,

468
	T0_INT1(BR_ERR_X509_NOT_PRIMITIVE), 0x00, 0x00, 0x01,

469
	T0_INT1(BR_ERR_X509_OVERFLOW), 0x00, 0x00, 0x01,

470
	T0_INT1(BR_ERR_X509_PARTIAL_BYTE), 0x00, 0x00, 0x01,

471
	T0_INT1(BR_ERR_X509_UNEXPECTED), 0x00, 0x00, 0x01,

472
	T0_INT1(BR_ERR_X509_UNSUPPORTED), 0x00, 0x00, 0x01,

473
	T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY), 0x00, 0x00, 0x01,

474
	T0_INT1(BR_KEYTYPE_EC), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA),

475
	0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_length)), 0x00,

476
	0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig)), 0x00, 0x00,

477
	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_len)), 0x00, 0x00,

478
	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_oid)), 0x00, 0x00,

479
	0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_len)), 0x00, 0x00, 0x01,

480
	T0_INT2(offsetof(CONTEXT_NAME, cert_signer_key_type)), 0x00, 0x00,

481
	0x01, T0_INT2(offsetof(CONTEXT_NAME, current_dn_hash)), 0x00, 0x00,

482
	0x01, T0_INT2(offsetof(CONTEXT_NAME, key_usages)), 0x00, 0x00, 0x01,

483
	T0_INT2(offsetof(br_x509_minimal_context, pkey_data)), 0x01,

484
	T0_INT2(BR_X509_BUFSIZE_KEY), 0x00, 0x00, 0x01,

485
	T0_INT2(offsetof(CONTEXT_NAME, min_rsa_size)), 0x00, 0x00, 0x01,

486
	T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01,

487
	T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01,

488
	T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01,

489
	T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0x01, 0x80,

490
	0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00, 0x01, 0x81, 0x02, 0x00,

491
	0x00, 0x8F, 0x05, 0x05, 0x33, 0x41, 0x01, 0x00, 0x00, 0x33, 0x01, 0x0A,

492
	0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x82,

493
	0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00, 0x01, 0x81, 0x68, 0x00,

494
	0x02, 0x03, 0x00, 0x03, 0x01, 0x26, 0x02, 0x01, 0x13, 0x3A, 0x02, 0x00,

495
	0x0F, 0x15, 0x00, 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x51,

496
	0x29, 0x00, 0x00, 0x06, 0x02, 0x52, 0x29, 0x00, 0x00, 0x01, 0x10, 0x74,

497
	0x00, 0x00, 0x11, 0x05, 0x02, 0x55, 0x29, 0x71, 0x00, 0x00, 0x11, 0x05,

498
	0x02, 0x55, 0x29, 0x72, 0x00, 0x00, 0x06, 0x02, 0x4B, 0x29, 0x00, 0x00,

499
	0x01, 0x82, 0x11, 0x00, 0x00, 0x26, 0x21, 0x01, 0x08, 0x0E, 0x3A, 0x3F,

500
	0x21, 0x09, 0x00, 0x0B, 0x03, 0x00, 0x5A, 0x2B, 0xAC, 0x38, 0xAC, 0xB0,

501
	0x26, 0x01, 0x20, 0x11, 0x06, 0x11, 0x25, 0x71, 0xAA, 0xB0, 0x01, 0x02,

502
	0x75, 0xAD, 0x01, 0x02, 0x12, 0x06, 0x02, 0x56, 0x29, 0x76, 0xB0, 0x01,

503
	0x02, 0x75, 0xAB, 0xAC, 0xBF, 0x99, 0x64, 0x60, 0x22, 0x16, 0xAC, 0xA4,

504
	0x03, 0x01, 0x03, 0x02, 0xA4, 0x02, 0x02, 0x02, 0x01, 0x19, 0x06, 0x02,

505
	0x4A, 0x29, 0x76, 0x02, 0x00, 0x06, 0x05, 0x9A, 0x03, 0x03, 0x04, 0x09,

506
	0x99, 0x60, 0x67, 0x22, 0x28, 0x05, 0x02, 0x49, 0x29, 0x67, 0x64, 0x22,

507
	0x16, 0xAC, 0xAC, 0x9B, 0x05, 0x02, 0x56, 0x29, 0xB9, 0x27, 0x06, 0x27,

508
	0xBF, 0xA1, 0xAC, 0x62, 0xA7, 0x03, 0x05, 0x62, 0x3A, 0x02, 0x05, 0x09,

509
	0x3A, 0x02, 0x05, 0x0A, 0xA7, 0x03, 0x06, 0x76, 0x63, 0x2A, 0x01, 0x81,

510
	0x00, 0x09, 0x02, 0x05, 0x12, 0x06, 0x02, 0x57, 0x29, 0x76, 0x59, 0x03,

511
	0x04, 0x04, 0x3A, 0x85, 0x27, 0x06, 0x34, 0x9B, 0x05, 0x02, 0x56, 0x29,

512
	0x68, 0x27, 0x06, 0x04, 0x01, 0x17, 0x04, 0x12, 0x69, 0x27, 0x06, 0x04,

513
	0x01, 0x18, 0x04, 0x0A, 0x6A, 0x27, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02,

514
	0x56, 0x29, 0x03, 0x07, 0x76, 0xA1, 0x26, 0x03, 0x08, 0x26, 0x62, 0x33,

515
	0x0D, 0x06, 0x02, 0x4F, 0x29, 0xA2, 0x58, 0x03, 0x04, 0x04, 0x02, 0x56,

516
	0x29, 0x76, 0x02, 0x00, 0x06, 0x21, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06,

517
	0x08, 0x25, 0x02, 0x05, 0x02, 0x06, 0x1E, 0x04, 0x10, 0x58, 0x30, 0x11,

518
	0x06, 0x08, 0x25, 0x02, 0x07, 0x02, 0x08, 0x1D, 0x04, 0x03, 0x56, 0x29,

519
	0x25, 0x04, 0x24, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06, 0x08, 0x25, 0x02,

520
	0x05, 0x02, 0x06, 0x24, 0x04, 0x10, 0x58, 0x30, 0x11, 0x06, 0x08, 0x25,

521
	0x02, 0x07, 0x02, 0x08, 0x23, 0x04, 0x03, 0x56, 0x29, 0x25, 0x26, 0x06,

522
	0x01, 0x29, 0x25, 0x01, 0x00, 0x03, 0x09, 0xB1, 0x01, 0x21, 0x8C, 0x01,

523
	0x22, 0x8C, 0x26, 0x01, 0x23, 0x11, 0x06, 0x81, 0x26, 0x25, 0x71, 0xAA,

524
	0xAC, 0x26, 0x06, 0x81, 0x1A, 0x01, 0x00, 0x03, 0x0A, 0xAC, 0x9B, 0x25,

525
	0xB0, 0x26, 0x01, 0x01, 0x11, 0x06, 0x04, 0xA3, 0x03, 0x0A, 0xB0, 0x01,

526
	0x04, 0x75, 0xAA, 0x6E, 0x27, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC0,

527
	0x04, 0x05, 0x96, 0x01, 0x7F, 0x03, 0x09, 0x04, 0x80, 0x6C, 0x8E, 0x27,

528
	0x06, 0x06, 0x02, 0x00, 0x98, 0x04, 0x80, 0x62, 0xC2, 0x27, 0x06, 0x11,

529
	0x02, 0x00, 0x06, 0x09, 0x01, 0x00, 0x03, 0x03, 0x95, 0x03, 0x03, 0x04,

530
	0x01, 0xC0, 0x04, 0x80, 0x4D, 0x70, 0x27, 0x06, 0x0A, 0x02, 0x0A, 0x06,

531
	0x03, 0x97, 0x04, 0x01, 0xC0, 0x04, 0x3F, 0x6D, 0x27, 0x06, 0x03, 0xC0,

532
	0x04, 0x38, 0xC5, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x31, 0x8D, 0x27, 0x06,

533
	0x03, 0xC0, 0x04, 0x2A, 0xC3, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x23, 0x77,

534
	0x27, 0x06, 0x03, 0xC0, 0x04, 0x1C, 0x82, 0x27, 0x06, 0x03, 0xC0, 0x04,

535
	0x15, 0x6C, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x0E, 0xC4, 0x27, 0x06, 0x03,

536
	0xC0, 0x04, 0x07, 0x02, 0x0A, 0x06, 0x02, 0x48, 0x29, 0xC0, 0x76, 0x76,

537
	0x04, 0xFE, 0x62, 0x76, 0x76, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02,

538
	0x55, 0x29, 0x25, 0x76, 0x39, 0x02, 0x00, 0x06, 0x08, 0x02, 0x03, 0x3B,

539
	0x2F, 0x05, 0x02, 0x44, 0x29, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00,

540
	0x02, 0x09, 0x2F, 0x05, 0x02, 0x50, 0x29, 0xB0, 0x73, 0xAA, 0x9B, 0x06,

541
	0x80, 0x77, 0xBA, 0x27, 0x06, 0x07, 0x01, 0x02, 0x59, 0x87, 0x04, 0x80,

542
	0x5E, 0xBB, 0x27, 0x06, 0x07, 0x01, 0x03, 0x59, 0x88, 0x04, 0x80, 0x53,

543
	0xBC, 0x27, 0x06, 0x07, 0x01, 0x04, 0x59, 0x89, 0x04, 0x80, 0x48, 0xBD,

544
	0x27, 0x06, 0x06, 0x01, 0x05, 0x59, 0x8A, 0x04, 0x3E, 0xBE, 0x27, 0x06,

545
	0x06, 0x01, 0x06, 0x59, 0x8B, 0x04, 0x34, 0x7C, 0x27, 0x06, 0x06, 0x01,

546
	0x02, 0x58, 0x87, 0x04, 0x2A, 0x7D, 0x27, 0x06, 0x06, 0x01, 0x03, 0x58,

547
	0x88, 0x04, 0x20, 0x7E, 0x27, 0x06, 0x06, 0x01, 0x04, 0x58, 0x89, 0x04,

548
	0x16, 0x7F, 0x27, 0x06, 0x06, 0x01, 0x05, 0x58, 0x8A, 0x04, 0x0C, 0x80,

549
	0x27, 0x06, 0x06, 0x01, 0x06, 0x58, 0x8B, 0x04, 0x02, 0x56, 0x29, 0x5D,

550
	0x34, 0x5F, 0x36, 0x1C, 0x26, 0x05, 0x02, 0x56, 0x29, 0x5C, 0x36, 0x04,

551
	0x02, 0x56, 0x29, 0xBF, 0xA1, 0x26, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG),

552
	0x12, 0x06, 0x02, 0x4F, 0x29, 0x26, 0x5E, 0x34, 0x5B, 0xA2, 0x76, 0x76,

553
	0x01, 0x00, 0x5A, 0x35, 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x26, 0x01,

554
	0x00, 0x01, 0x09, 0x6F, 0x05, 0x02, 0x47, 0x29, 0x00, 0x00, 0x30, 0x30,

555
	0x00, 0x00, 0x01, 0x81, 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00,

556
	0x01, 0x81, 0x19, 0x00, 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81,

557
	0x2B, 0x00, 0x01, 0x7B, 0x01, 0x01, 0x11, 0x3A, 0x01, 0x83, 0xFD, 0x7F,

558
	0x11, 0x15, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x3A, 0x26, 0x03, 0x00, 0x26,

559
	0xC6, 0x05, 0x04, 0x41, 0x01, 0x00, 0x00, 0x26, 0x01, 0x81, 0x00, 0x0D,

560
	0x06, 0x04, 0x93, 0x04, 0x80, 0x49, 0x26, 0x01, 0x90, 0x00, 0x0D, 0x06,

561
	0x0F, 0x01, 0x06, 0x14, 0x01, 0x81, 0x40, 0x2F, 0x93, 0x02, 0x00, 0x01,

562
	0x00, 0x94, 0x04, 0x33, 0x26, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14,

563
	0x01, 0x0C, 0x14, 0x01, 0x81, 0x60, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x06,

564
	0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01,

565
	0x81, 0x70, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x0C, 0x94, 0x02, 0x00, 0x01,

566
	0x06, 0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x00, 0x00, 0x01, 0x82, 0x15,

567
	0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x6F,

568
	0x00, 0x00, 0x01, 0x81, 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00,

569
	0x01, 0x81, 0x78, 0x00, 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43,

570
	0x00, 0x00, 0x01, 0x80, 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00,

571
	0x01, 0x80, 0x61, 0x00, 0x00, 0x30, 0x11, 0x06, 0x04, 0x41, 0xAA, 0xBF,

572
	0xB1, 0x00, 0x00, 0x01, 0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00,

573
	0x00, 0x26, 0x01, 0x83, 0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x6F, 0x00,

574
	0x00, 0x01, 0x30, 0x61, 0x36, 0x01, 0x7F, 0x79, 0x1A, 0x01, 0x00, 0x79,

575
	0x1A, 0x04, 0x7A, 0x00, 0x01, 0x81, 0x38, 0x00, 0x01, 0x7B, 0x0D, 0x06,

576
	0x02, 0x4E, 0x29, 0x26, 0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30,

577
	0x26, 0x3E, 0x3A, 0x01, 0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x41, 0x01,

578
	0x00, 0x00, 0x30, 0x66, 0x09, 0x36, 0x3F, 0x00, 0x00, 0x14, 0x01, 0x3F,

579
	0x15, 0x01, 0x81, 0x00, 0x2F, 0x93, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00,

580
	0xAC, 0x26, 0x06, 0x80, 0x59, 0xB0, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17,

581
	0x25, 0x71, 0xAA, 0x9B, 0x25, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB0, 0x01,

582
	0x20, 0x74, 0xAA, 0xAF, 0x02, 0x01, 0x20, 0x76, 0x76, 0x04, 0x38, 0x01,

583
	0x21, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x01, 0x1F, 0x04,

584
	0x2A, 0x01, 0x22, 0x30, 0x11, 0x06, 0x11, 0x25, 0x72, 0xB3, 0x26, 0x06,

585
	0x06, 0x2C, 0x02, 0x00, 0x2F, 0x03, 0x00, 0x01, 0x02, 0x1F, 0x04, 0x13,

586
	0x01, 0x26, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x06, 0x1F,

587
	0x04, 0x05, 0x41, 0xAB, 0x01, 0x00, 0x25, 0x04, 0xFF, 0x23, 0x76, 0x02,

588
	0x00, 0x00, 0x00, 0xAC, 0xB1, 0x26, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA3,

589
	0x05, 0x02, 0x50, 0x29, 0xB1, 0x04, 0x02, 0x50, 0x29, 0x26, 0x01, 0x02,

590
	0x11, 0x06, 0x0C, 0x25, 0x72, 0xAD, 0x65, 0x2B, 0x40, 0x0D, 0x06, 0x02,

591
	0x50, 0x29, 0xB1, 0x01, 0x7F, 0x10, 0x06, 0x02, 0x55, 0x29, 0x25, 0x76,

592
	0x00, 0x00, 0xAC, 0x26, 0x06, 0x1A, 0xAC, 0x9B, 0x25, 0x26, 0x06, 0x11,

593
	0xAC, 0x26, 0x06, 0x0C, 0xAC, 0x9B, 0x25, 0x86, 0x27, 0x05, 0x02, 0x48,

594
	0x29, 0xBF, 0x04, 0x71, 0x76, 0x76, 0x04, 0x63, 0x76, 0x00, 0x02, 0x03,

595
	0x00, 0xB0, 0x01, 0x03, 0x75, 0xAA, 0xB7, 0x03, 0x01, 0x02, 0x01, 0x01,

596
	0x07, 0x12, 0x06, 0x02, 0x55, 0x29, 0x26, 0x01, 0x00, 0x30, 0x11, 0x06,

597
	0x05, 0x25, 0x4C, 0x29, 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A,

598
	0x25, 0xB7, 0x02, 0x01, 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x25, 0xB7,

599
	0x01, 0x00, 0x25, 0x02, 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38,

600
	0x15, 0x06, 0x03, 0x01, 0x10, 0x2F, 0x3A, 0x01, 0x81, 0x40, 0x15, 0x06,

601
	0x03, 0x01, 0x20, 0x2F, 0x61, 0x36, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05,

602
	0x02, 0x4C, 0x29, 0xBF, 0x00, 0x00, 0x37, 0xAC, 0xBF, 0x1B, 0x00, 0x03,

603
	0x01, 0x00, 0x03, 0x00, 0x37, 0xAC, 0x26, 0x06, 0x30, 0xB0, 0x01, 0x11,

604
	0x74, 0xAA, 0x26, 0x05, 0x02, 0x43, 0x29, 0x26, 0x06, 0x20, 0xAC, 0x9B,

605
	0x25, 0x84, 0x27, 0x03, 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xAF, 0x26,

606
	0x02, 0x01, 0x15, 0x06, 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00,

607
	0x02, 0x02, 0x20, 0x76, 0x04, 0x5D, 0x76, 0x04, 0x4D, 0x76, 0x1B, 0x02,

608
	0x00, 0x00, 0x00, 0xB0, 0x01, 0x06, 0x75, 0xAE, 0x00, 0x00, 0xB5, 0x83,

609
	0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00,

610
	0xB5, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25, 0x01, 0x00, 0x04, 0x00,

611
	0x00, 0x00, 0xB6, 0x83, 0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01,

612
	0x00, 0x01, 0x00, 0x00, 0xB6, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25,

613
	0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D,

614
	0x06, 0x04, 0x00, 0x04, 0x80, 0x55, 0x26, 0x01, 0x81, 0x40, 0x0D, 0x06,

615
	0x07, 0x25, 0x01, 0x00, 0x00, 0x04, 0x80, 0x47, 0x26, 0x01, 0x81, 0x60,

616
	0x0D, 0x06, 0x0E, 0x01, 0x1F, 0x15, 0x01, 0x01, 0xA0, 0x01, 0x81, 0x00,

617
	0x01, 0x8F, 0x7F, 0x04, 0x32, 0x26, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F,

618
	0x01, 0x0F, 0x15, 0x01, 0x02, 0xA0, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF,

619
	0x7F, 0x04, 0x1C, 0x26, 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07,

620
	0x15, 0x01, 0x03, 0xA0, 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF,

621
	0x7F, 0x04, 0x04, 0x25, 0x01, 0x00, 0x00, 0x6F, 0x05, 0x03, 0x25, 0x01,

622
	0x00, 0x00, 0x00, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x7F,

623
	0x00, 0xB7, 0x33, 0x26, 0x3C, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x01, 0x06,

624
	0x0E, 0x3A, 0x26, 0x01, 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x41,

625
	0x01, 0x7F, 0x00, 0x01, 0x3F, 0x15, 0x09, 0x00, 0x00, 0x26, 0x06, 0x06,

626
	0x0B, 0x9F, 0x33, 0x40, 0x04, 0x77, 0x25, 0x26, 0x00, 0x00, 0xB0, 0x01,

627
	0x03, 0x75, 0xAA, 0xB7, 0x06, 0x02, 0x54, 0x29, 0x00, 0x00, 0x3A, 0x26,

628
	0x06, 0x07, 0x31, 0x26, 0x06, 0x01, 0x1A, 0x04, 0x76, 0x41, 0x00, 0x00,

629
	0x01, 0x01, 0x75, 0xA9, 0x01, 0x01, 0x10, 0x06, 0x02, 0x42, 0x29, 0xB7,

630
	0x3D, 0x00, 0x04, 0xB0, 0x26, 0x01, 0x17, 0x01, 0x18, 0x6F, 0x05, 0x02,

631
	0x47, 0x29, 0x01, 0x18, 0x11, 0x03, 0x00, 0x72, 0xAA, 0xA5, 0x02, 0x00,

632
	0x06, 0x0C, 0x01, 0x80, 0x64, 0x08, 0x03, 0x01, 0xA5, 0x02, 0x01, 0x09,

633
	0x04, 0x0E, 0x26, 0x01, 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09,

634
	0x01, 0x8E, 0x6C, 0x09, 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08,

635
	0x02, 0x01, 0x01, 0x03, 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01,

636
	0x80, 0x63, 0x09, 0x01, 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83,

637
	0x0F, 0x09, 0x01, 0x83, 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01,

638
	0x0C, 0xA6, 0x40, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3E,

639
	0x02, 0x01, 0x01, 0x80, 0x64, 0x07, 0x3D, 0x02, 0x01, 0x01, 0x83, 0x10,

640
	0x07, 0x3E, 0x2F, 0x15, 0x06, 0x03, 0x01, 0x18, 0x09, 0x91, 0x09, 0x78,

641
	0x26, 0x01, 0x05, 0x14, 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15,

642
	0x01, 0x01, 0x3A, 0xA6, 0x02, 0x03, 0x09, 0x40, 0x03, 0x03, 0x01, 0x00,

643
	0x01, 0x17, 0xA6, 0x01, 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01,

644
	0x3B, 0xA6, 0x01, 0x3C, 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00,

645
	0x01, 0x3C, 0xA6, 0x02, 0x02, 0x09, 0x03, 0x02, 0xB7, 0x26, 0x01, 0x2E,

646
	0x11, 0x06, 0x0D, 0x25, 0xB7, 0x26, 0x01, 0x30, 0x01, 0x39, 0x6F, 0x06,

647
	0x03, 0x25, 0x04, 0x74, 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x47, 0x29,

648
	0x76, 0x02, 0x03, 0x02, 0x02, 0x00, 0x01, 0xB7, 0x7A, 0x01, 0x0A, 0x08,

649
	0x03, 0x00, 0xB7, 0x7A, 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03,

650
	0x01, 0xA5, 0x26, 0x02, 0x01, 0x02, 0x00, 0x6F, 0x05, 0x02, 0x47, 0x29,

651
	0x00, 0x00, 0x33, 0xB0, 0x01, 0x02, 0x75, 0x0B, 0xA8, 0x00, 0x03, 0x26,

652
	0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0xAA, 0xB7, 0x26, 0x01, 0x81, 0x00,

653
	0x13, 0x06, 0x02, 0x53, 0x29, 0x26, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x25,

654
	0x26, 0x05, 0x04, 0x25, 0x01, 0x00, 0x00, 0xB7, 0x04, 0x6F, 0x02, 0x01,

655
	0x26, 0x05, 0x02, 0x4F, 0x29, 0x40, 0x03, 0x01, 0x02, 0x02, 0x36, 0x02,

656
	0x02, 0x3F, 0x03, 0x02, 0x26, 0x06, 0x03, 0xB7, 0x04, 0x68, 0x25, 0x02,

657
	0x00, 0x02, 0x01, 0x0A, 0x00, 0x01, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D,

658
	0x06, 0x01, 0x00, 0x01, 0x81, 0x00, 0x0A, 0x26, 0x05, 0x02, 0x4D, 0x29,

659
	0x03, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02,

660
	0x00, 0x40, 0x03, 0x00, 0x26, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06,

661
	0x02, 0x4E, 0x29, 0x01, 0x08, 0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x04, 0x60,

662
	0x00, 0x00, 0xA9, 0x92, 0x00, 0x00, 0xAA, 0xBF, 0x00, 0x00, 0xB0, 0x73,

663
	0xAA, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x02, 0x53, 0x29, 0xB7, 0x26, 0x01,

664
	0x81, 0x00, 0x13, 0x06, 0x02, 0x53, 0x29, 0x03, 0x00, 0x26, 0x06, 0x16,

665
	0xB7, 0x02, 0x00, 0x26, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02,

666
	0x53, 0x29, 0x01, 0x08, 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x25, 0x02,

667
	0x00, 0x00, 0x00, 0xAA, 0x26, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xBF,

668
	0x01, 0x00, 0x66, 0x36, 0x01, 0x00, 0x00, 0x26, 0x66, 0x36, 0x66, 0x3F,

669
	0xA2, 0x01, 0x7F, 0x00, 0x00, 0xB0, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05,

670
	0x25, 0x72, 0xB3, 0x04, 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x25,

671
	0x72, 0xB4, 0x04, 0x33, 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72,

672
	0xB4, 0x04, 0x28, 0x01, 0x14, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4,

673
	0x04, 0x1D, 0x01, 0x16, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4, 0x04,

674
	0x12, 0x01, 0x1E, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB2, 0x04, 0x07,

675
	0x41, 0xAB, 0x01, 0x00, 0x01, 0x00, 0x25, 0x00, 0x01, 0xB7, 0x03, 0x00,

676
	0x02, 0x00, 0x01, 0x05, 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01,

677
	0x06, 0x14, 0x26, 0x01, 0x01, 0x15, 0x06, 0x02, 0x45, 0x29, 0x01, 0x04,

678
	0x0E, 0x02, 0x00, 0x01, 0x1F, 0x15, 0x26, 0x01, 0x1F, 0x11, 0x06, 0x02,

679
	0x46, 0x29, 0x09, 0x00, 0x00, 0x26, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F,

680
	0x00, 0xB0, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x05, 0x66, 0x36, 0x01, 0x7F,

681
	0x00, 0x01, 0x01, 0x03, 0x00, 0x9C, 0x26, 0x01, 0x83, 0xFF, 0x7E, 0x11,

682
	0x06, 0x16, 0x25, 0x26, 0x06, 0x10, 0x9D, 0x26, 0x05, 0x05, 0x25, 0xBF,

683
	0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B,

684
	0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03,

685
	0x00, 0x26, 0x06, 0x0B, 0x9C, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00,

686
	0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00, 0x40, 0x66,

687
	0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00, 0x26, 0x06,

688
	0x10, 0x9E, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00,

689
	0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00,

690
	0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00,

691
	0x26, 0x06, 0x10, 0xB7, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00,

692
	0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05,

693
	0x01, 0x00, 0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x00, 0xB7, 0x01, 0x08,

694
	0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x00, 0x00, 0xB7, 0x3A, 0xB7, 0x01, 0x08,

695
	0x0E, 0x33, 0x09, 0x00, 0x00, 0x26, 0x05, 0x02, 0x4E, 0x29, 0x40, 0xB8,

696
	0x00, 0x00, 0x32, 0x26, 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x25, 0x1A,

697
	0x04, 0x74, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01,

698
	0x15, 0x00, 0x00, 0x01, 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01,

699
	0x33, 0x00, 0x00, 0xC0, 0x25, 0x00, 0x00, 0x26, 0x06, 0x07, 0xC1, 0x26,

700
	0x06, 0x01, 0x1A, 0x04, 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B,

701
	0x41, 0x00, 0x00, 0x01, 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00,

702
	0x00, 0x01, 0x82, 0x22, 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x26,

703
	0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFB, 0x6F, 0x6F, 0x06, 0x04, 0x25,

704
	0x01, 0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xBF, 0x7F,

705
	0x6F, 0x06, 0x04, 0x25, 0x01, 0x00, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x15,

706
	0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00

707
};

708


709
static const uint16_t t0_caddr[] = {

710
	0,

711
	5,

712
	10,

713
	15,

714
	20,

715
	25,

716
	29,

717
	33,

718
	37,

719
	41,

720
	45,

721
	49,

722
	53,

723
	57,

724
	61,

725
	65,

726
	69,

727
	73,

728
	77,

729
	81,

730
	85,

731
	89,

732
	93,

733
	97,

734
	101,

735
	105,

736
	109,

737
	113,

738
	117,

739
	121,

740
	125,

741
	130,

742
	135,

743
	140,

744
	145,

745
	150,

746
	155,

747
	160,

748
	165,

749
	173,

750
	178,

751
	183,

752
	188,

753
	193,

754
	198,

755
	203,

756
	208,

757
	213,

758
	234,

759
	239,

760
	244,

761
	249,

762
	264,

763
	269,

764
	275,

765
	281,

766
	286,

767
	294,

768
	302,

769
	308,

770
	313,

771
	324,

772
	960,

773
	975,

774
	979,

775
	984,

776
	989,

777
	994,

778
	999,

779
	1004,

780
	1118,

781
	1123,

782
	1135,

783
	1140,

784
	1145,

785
	1150,

786
	1154,

787
	1159,

788
	1164,

789
	1169,

790
	1174,

791
	1184,

792
	1189,

793
	1194,

794
	1206,

795
	1221,

796
	1226,

797
	1240,

798
	1262,

799
	1273,

800
	1376,

801
	1423,

802
	1456,

803
	1547,

804
	1553,

805
	1616,

806
	1623,

807
	1651,

808
	1679,

809
	1784,

810
	1826,

811
	1839,

812
	1851,

813
	1865,

814
	1880,

815
	2100,

816
	2114,

817
	2131,

818
	2140,

819
	2207,

820
	2263,

821
	2267,

822
	2271,

823
	2276,

824
	2324,

825
	2350,

826
	2426,

827
	2470,

828
	2481,

829
	2566,

830
	2604,

831
	2642,

832
	2652,

833
	2662,

834
	2671,

835
	2684,

836
	2688,

837
	2692,

838
	2696,

839
	2700,

840
	2704,

841
	2708,

842
	2712,

843
	2724,

844
	2732,

845
	2737,

846
	2742,

847
	2747,

848
	2752

849
};

850


851
#define T0_INTERPRETED   60

852


853
#define T0_ENTER(ip, rp, slot)   do { \

854
		const unsigned char *t0_newip; \

855
		uint32_t t0_lnum; \

856
		t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \

857
		t0_lnum = t0_parse7E_unsigned(&t0_newip); \

858
		(rp) += t0_lnum; \

859
		*((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \

860
		(ip) = t0_newip; \

861
	} while (0)

862


863
#define T0_DEFENTRY(name, slot) \

864
void \

865
name(void *ctx) \

866
{ \

867
	t0_context *t0ctx = ctx; \

868
	t0ctx->ip = &t0_codeblock[0]; \

869
	T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \

870
}

871


872
T0_DEFENTRY(br_x509_minimal_init_main, 144)

873


874
#define T0_NEXT(t0ipp)   (*(*(t0ipp)) ++)

875


876
void

877
br_x509_minimal_run(void *t0ctx)

878
{

879
	uint32_t *dp, *rp;

880
	const unsigned char *ip;

881


882
#define T0_LOCAL(x)    (*(rp - 2 - (x)))

883
#define T0_POP()       (*-- dp)

884
#define T0_POPi()      (*(int32_t *)(-- dp))

885
#define T0_PEEK(x)     (*(dp - 1 - (x)))

886
#define T0_PEEKi(x)    (*(int32_t *)(dp - 1 - (x)))

887
#define T0_PUSH(v)     do { *dp = (v); dp ++; } while (0)

888
#define T0_PUSHi(v)    do { *(int32_t *)dp = (v); dp ++; } while (0)

889
#define T0_RPOP()      (*-- rp)

890
#define T0_RPOPi()     (*(int32_t *)(-- rp))

891
#define T0_RPUSH(v)    do { *rp = (v); rp ++; } while (0)

892
#define T0_RPUSHi(v)   do { *(int32_t *)rp = (v); rp ++; } while (0)

893
#define T0_ROLL(x)     do { \

894
	size_t t0len = (size_t)(x); \

895
	uint32_t t0tmp = *(dp - 1 - t0len); \

896
	memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \

897
	*(dp - 1) = t0tmp; \

898
} while (0)

899
#define T0_SWAP()      do { \

900
	uint32_t t0tmp = *(dp - 2); \

901
	*(dp - 2) = *(dp - 1); \

902
	*(dp - 1) = t0tmp; \

903
} while (0)

904
#define T0_ROT()       do { \

905
	uint32_t t0tmp = *(dp - 3); \

906
	*(dp - 3) = *(dp - 2); \

907
	*(dp - 2) = *(dp - 1); \

908
	*(dp - 1) = t0tmp; \

909
} while (0)

910
#define T0_NROT()       do { \

911
	uint32_t t0tmp = *(dp - 1); \

912
	*(dp - 1) = *(dp - 2); \

913
	*(dp - 2) = *(dp - 3); \

914
	*(dp - 3) = t0tmp; \

915
} while (0)

916
#define T0_PICK(x)      do { \

917
	uint32_t t0depth = (x); \

918
	T0_PUSH(T0_PEEK(t0depth)); \

919
} while (0)

920
#define T0_CO()         do { \

921
	goto t0_exit; \

922
} while (0)

923
#define T0_RET()        goto t0_next

924


925
	dp = ((t0_context *)t0ctx)->dp;

926
	rp = ((t0_context *)t0ctx)->rp;

927
	ip = ((t0_context *)t0ctx)->ip;

928
	goto t0_next;

929
	for (;;) {

930
		uint32_t t0x;

931


932
	t0_next:

933
		t0x = T0_NEXT(&ip);

934
		if (t0x < T0_INTERPRETED) {

935
			switch (t0x) {

936
				int32_t t0off;

937


938
			case 0: /* ret */

939
				t0x = T0_RPOP();

940
				rp -= (t0x >> 16);

941
				t0x &= 0xFFFF;

942
				if (t0x == 0) {

943
					ip = NULL;

944
					goto t0_exit;

945
				}

946
				ip = &t0_codeblock[t0x];

947
				break;

948
			case 1: /* literal constant */

949
				T0_PUSHi(t0_parse7E_signed(&ip));

950
				break;

951
			case 2: /* read local */

952
				T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));

953
				break;

954
			case 3: /* write local */

955
				T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();

956
				break;

957
			case 4: /* jump */

958
				t0off = t0_parse7E_signed(&ip);

959
				ip += t0off;

960
				break;

961
			case 5: /* jump if */

962
				t0off = t0_parse7E_signed(&ip);

963
				if (T0_POP()) {

964
					ip += t0off;

965
				}

966
				break;

967
			case 6: /* jump if not */

968
				t0off = t0_parse7E_signed(&ip);

969
				if (!T0_POP()) {

970
					ip += t0off;

971
				}

972
				break;

973
			case 7: {

974
				/* %25 */

975


976
	int32_t b = T0_POPi();

977
	int32_t a = T0_POPi();

978
	T0_PUSHi(a % b);

979


980
				}

981
				break;

982
			case 8: {

983
				/* * */

984


985
	uint32_t b = T0_POP();

986
	uint32_t a = T0_POP();

987
	T0_PUSH(a * b);

988


989
				}

990
				break;

991
			case 9: {

992
				/* + */

993


994
	uint32_t b = T0_POP();

995
	uint32_t a = T0_POP();

996
	T0_PUSH(a + b);

997


998
				}

999
				break;

1000
			case 10: {

1001
				/* - */

1002


1003
	uint32_t b = T0_POP();

1004
	uint32_t a = T0_POP();

1005
	T0_PUSH(a - b);

1006


1007
				}

1008
				break;

1009
			case 11: {

1010
				/* -rot */

1011
 T0_NROT(); 

1012
				}

1013
				break;

1014
			case 12: {

1015
				/* / */

1016


1017
	int32_t b = T0_POPi();

1018
	int32_t a = T0_POPi();

1019
	T0_PUSHi(a / b);

1020


1021
				}

1022
				break;

1023
			case 13: {

1024
				/* < */

1025


1026
	int32_t b = T0_POPi();

1027
	int32_t a = T0_POPi();

1028
	T0_PUSH(-(uint32_t)(a < b));

1029


1030
				}

1031
				break;

1032
			case 14: {

1033
				/* << */

1034


1035
	int c = (int)T0_POPi();

1036
	uint32_t x = T0_POP();

1037
	T0_PUSH(x << c);

1038


1039
				}

1040
				break;

1041
			case 15: {

1042
				/* <= */

1043


1044
	int32_t b = T0_POPi();

1045
	int32_t a = T0_POPi();

1046
	T0_PUSH(-(uint32_t)(a <= b));

1047


1048
				}

1049
				break;

1050
			case 16: {

1051
				/* <> */

1052


1053
	uint32_t b = T0_POP();

1054
	uint32_t a = T0_POP();

1055
	T0_PUSH(-(uint32_t)(a != b));

1056


1057
				}

1058
				break;

1059
			case 17: {

1060
				/* = */

1061


1062
	uint32_t b = T0_POP();

1063
	uint32_t a = T0_POP();

1064
	T0_PUSH(-(uint32_t)(a == b));

1065


1066
				}

1067
				break;

1068
			case 18: {

1069
				/* > */

1070


1071
	int32_t b = T0_POPi();

1072
	int32_t a = T0_POPi();

1073
	T0_PUSH(-(uint32_t)(a > b));

1074


1075
				}

1076
				break;

1077
			case 19: {

1078
				/* >= */

1079


1080
	int32_t b = T0_POPi();

1081
	int32_t a = T0_POPi();

1082
	T0_PUSH(-(uint32_t)(a >= b));

1083


1084
				}

1085
				break;

1086
			case 20: {

1087
				/* >> */

1088


1089
	int c = (int)T0_POPi();

1090
	int32_t x = T0_POPi();

1091
	T0_PUSHi(x >> c);

1092


1093
				}

1094
				break;

1095
			case 21: {

1096
				/* and */

1097


1098
	uint32_t b = T0_POP();

1099
	uint32_t a = T0_POP();

1100
	T0_PUSH(a & b);

1101


1102
				}

1103
				break;

1104
			case 22: {

1105
				/* blobcopy */

1106


1107
	size_t len = T0_POP();

1108
	unsigned char *src = (unsigned char *)CTX + T0_POP();

1109
	unsigned char *dst = (unsigned char *)CTX + T0_POP();

1110
	memcpy(dst, src, len);

1111


1112
				}

1113
				break;

1114
			case 23: {

1115
				/* check-direct-trust */

1116


1117
	size_t u;

1118


1119
	for (u = 0; u < CTX->trust_anchors_num; u ++) {

1120
		const br_x509_trust_anchor *ta;

1121
		unsigned char hashed_DN[64];

1122
		int kt;

1123


1124
		ta = &CTX->trust_anchors[u];

1125
		if (ta->flags & BR_X509_TA_CA) {

1126
			continue;

1127
		}

1128
		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);

1129
		if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {

1130
			continue;

1131
		}

1132
		kt = CTX->pkey.key_type;

1133
		if ((ta->pkey.key_type & 0x0F) != kt) {

1134
			continue;

1135
		}

1136
		switch (kt) {

1137


1138
		case BR_KEYTYPE_RSA:

1139
			if (!eqbigint(CTX->pkey.key.rsa.n,

1140
				CTX->pkey.key.rsa.nlen,

1141
				ta->pkey.key.rsa.n,

1142
				ta->pkey.key.rsa.nlen)

1143
				|| !eqbigint(CTX->pkey.key.rsa.e,

1144
				CTX->pkey.key.rsa.elen,

1145
				ta->pkey.key.rsa.e,

1146
				ta->pkey.key.rsa.elen))

1147
			{

1148
				continue;

1149
			}

1150
			break;

1151


1152
		case BR_KEYTYPE_EC:

1153
			if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve

1154
				|| CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen

1155
				|| memcmp(CTX->pkey.key.ec.q,

1156
					ta->pkey.key.ec.q,

1157
					ta->pkey.key.ec.qlen) != 0)

1158
			{

1159
				continue;

1160
			}

1161
			break;

1162


1163
		default:

1164
			continue;

1165
		}

1166


1167
		/*

1168
		 * Direct trust match!

1169
		 */

1170
		CTX->err = BR_ERR_X509_OK;

1171
		T0_CO();

1172
	}

1173


1174
				}

1175
				break;

1176
			case 24: {

1177
				/* check-trust-anchor-CA */

1178


1179
	size_t u;

1180


1181
	for (u = 0; u < CTX->trust_anchors_num; u ++) {

1182
		const br_x509_trust_anchor *ta;

1183
		unsigned char hashed_DN[64];

1184


1185
		ta = &CTX->trust_anchors[u];

1186
		if (!(ta->flags & BR_X509_TA_CA)) {

1187
			continue;

1188
		}

1189
		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);

1190
		if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {

1191
			continue;

1192
		}

1193
		if (verify_signature(CTX, &ta->pkey) == 0) {

1194
			CTX->err = BR_ERR_X509_OK;

1195
			T0_CO();

1196
		}

1197
	}

1198


1199
				}

1200
				break;

1201
			case 25: {

1202
				/* check-validity-range */

1203


1204
	uint32_t nbs = T0_POP();

1205
	uint32_t nbd = T0_POP();

1206
	uint32_t nas = T0_POP();

1207
	uint32_t nad = T0_POP();

1208
	int r;

1209
	if (CTX->itime != 0) {

1210
		r = CTX->itime(CTX->itime_ctx, nbd, nbs, nad, nas);

1211
		if (r < -1 || r > 1) {

1212
			CTX->err = BR_ERR_X509_TIME_UNKNOWN;

1213
			T0_CO();

1214
		}

1215
	} else {

1216
		uint32_t vd = CTX->days;

1217
		uint32_t vs = CTX->seconds;

1218
		if (vd == 0 && vs == 0) {

1219
#if BR_USE_UNIX_TIME

1220
			time_t x = time(NULL);

1221


1222
			vd = (uint32_t)(x / 86400) + 719528;

1223
			vs = (uint32_t)(x % 86400);

1224
#elif BR_USE_WIN32_TIME

1225
			FILETIME ft;

1226
			uint64_t x;

1227


1228
			GetSystemTimeAsFileTime(&ft);

1229
			x = ((uint64_t)ft.dwHighDateTime << 32)

1230
				+ (uint64_t)ft.dwLowDateTime;

1231
			x = (x / 10000000);

1232
			vd = (uint32_t)(x / 86400) + 584754;

1233
			vs = (uint32_t)(x % 86400);

1234
#else

1235
			CTX->err = BR_ERR_X509_TIME_UNKNOWN;

1236
			T0_CO();

1237
#endif

1238
		}

1239
		if (vd < nbd || (vd == nbd && vs < nbs)) {

1240
			r = -1;

1241
		} else if (vd > nad || (vd == nad && vs > nas)) {

1242
			r = 1;

1243
		} else {

1244
			r = 0;

1245
		}

1246
	}

1247
	T0_PUSHi(r);

1248


1249
				}

1250
				break;

1251
			case 26: {

1252
				/* co */

1253
 T0_CO(); 

1254
				}

1255
				break;

1256
			case 27: {

1257
				/* compute-dn-hash */

1258


1259
	CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash);

1260
	CTX->do_dn_hash = 0;

1261


1262
				}

1263
				break;

1264
			case 28: {

1265
				/* compute-tbs-hash */

1266


1267
	int id = T0_POPi();

1268
	size_t len;

1269
	len = br_multihash_out(&CTX->mhash, id, CTX->tbs_hash);

1270
	T0_PUSH(len);

1271


1272
				}

1273
				break;

1274
			case 29: {

1275
				/* copy-ee-ec-pkey */

1276


1277
	size_t qlen = T0_POP();

1278
	uint32_t curve = T0_POP();

1279
	memcpy(CTX->ee_pkey_data, CTX->pkey_data, qlen);

1280
	CTX->pkey.key_type = BR_KEYTYPE_EC;

1281
	CTX->pkey.key.ec.curve = curve;

1282
	CTX->pkey.key.ec.q = CTX->ee_pkey_data;

1283
	CTX->pkey.key.ec.qlen = qlen;

1284


1285
				}

1286
				break;

1287
			case 30: {

1288
				/* copy-ee-rsa-pkey */

1289


1290
	size_t elen = T0_POP();

1291
	size_t nlen = T0_POP();

1292
	memcpy(CTX->ee_pkey_data, CTX->pkey_data, nlen + elen);

1293
	CTX->pkey.key_type = BR_KEYTYPE_RSA;

1294
	CTX->pkey.key.rsa.n = CTX->ee_pkey_data;

1295
	CTX->pkey.key.rsa.nlen = nlen;

1296
	CTX->pkey.key.rsa.e = CTX->ee_pkey_data + nlen;

1297
	CTX->pkey.key.rsa.elen = elen;

1298


1299
				}

1300
				break;

1301
			case 31: {

1302
				/* copy-name-SAN */

1303


1304
	unsigned tag = T0_POP();

1305
	unsigned ok = T0_POP();

1306
	size_t u, len;

1307


1308
	len = CTX->pad[0];

1309
	for (u = 0; u < CTX->num_name_elts; u ++) {

1310
		br_name_element *ne;

1311


1312
		ne = &CTX->name_elts[u];

1313
		if (ne->status == 0 && ne->oid[0] == 0 && ne->oid[1] == tag) {

1314
			if (ok && ne->len > len) {

1315
				memcpy(ne->buf, CTX->pad + 1, len);

1316
				ne->buf[len] = 0;

1317
				ne->status = 1;

1318
			} else {

1319
				ne->status = -1;

1320
			}

1321
			break;

1322
		}

1323
	}

1324


1325
				}

1326
				break;

1327
			case 32: {

1328
				/* copy-name-element */

1329


1330
	size_t len;

1331
	int32_t off = T0_POPi();

1332
	int ok = T0_POPi();

1333


1334
	if (off >= 0) {

1335
		br_name_element *ne = &CTX->name_elts[off];

1336


1337
		if (ok) {

1338
			len = CTX->pad[0];

1339
			if (len < ne->len) {

1340
				memcpy(ne->buf, CTX->pad + 1, len);

1341
				ne->buf[len] = 0;

1342
				ne->status = 1;

1343
			} else {

1344
				ne->status = -1;

1345
			}

1346
		} else {

1347
			ne->status = -1;

1348
		}

1349
	}

1350


1351
				}

1352
				break;

1353
			case 33: {

1354
				/* data-get8 */

1355


1356
	size_t addr = T0_POP();

1357
	T0_PUSH(t0_datablock[addr]);

1358


1359
				}

1360
				break;

1361
			case 34: {

1362
				/* dn-hash-length */

1363


1364
	T0_PUSH(DNHASH_LEN);

1365


1366
				}

1367
				break;

1368
			case 35: {

1369
				/* do-ecdsa-vrfy */

1370


1371
	size_t qlen = T0_POP();

1372
	int curve = T0_POP();

1373
	br_x509_pkey pk;

1374


1375
	pk.key_type = BR_KEYTYPE_EC;

1376
	pk.key.ec.curve = curve;

1377
	pk.key.ec.q = CTX->pkey_data;

1378
	pk.key.ec.qlen = qlen;

1379
	T0_PUSH(verify_signature(CTX, &pk));

1380


1381
				}

1382
				break;

1383
			case 36: {

1384
				/* do-rsa-vrfy */

1385


1386
	size_t elen = T0_POP();

1387
	size_t nlen = T0_POP();

1388
	br_x509_pkey pk;

1389


1390
	pk.key_type = BR_KEYTYPE_RSA;

1391
	pk.key.rsa.n = CTX->pkey_data;

1392
	pk.key.rsa.nlen = nlen;

1393
	pk.key.rsa.e = CTX->pkey_data + nlen;

1394
	pk.key.rsa.elen = elen;

1395
	T0_PUSH(verify_signature(CTX, &pk));

1396


1397
				}

1398
				break;

1399
			case 37: {

1400
				/* drop */

1401
 (void)T0_POP(); 

1402
				}

1403
				break;

1404
			case 38: {

1405
				/* dup */

1406
 T0_PUSH(T0_PEEK(0)); 

1407
				}

1408
				break;

1409
			case 39: {

1410
				/* eqOID */

1411


1412
	const unsigned char *a2 = &t0_datablock[T0_POP()];

1413
	const unsigned char *a1 = &CTX->pad[0];

1414
	size_t len = a1[0];

1415
	int x;

1416
	if (len == a2[0]) {

1417
		x = -(memcmp(a1 + 1, a2 + 1, len) == 0);

1418
	} else {

1419
		x = 0;

1420
	}

1421
	T0_PUSH((uint32_t)x);

1422


1423
				}

1424
				break;

1425
			case 40: {

1426
				/* eqblob */

1427


1428
	size_t len = T0_POP();

1429
	const unsigned char *a2 = (const unsigned char *)CTX + T0_POP();

1430
	const unsigned char *a1 = (const unsigned char *)CTX + T0_POP();

1431
	T0_PUSHi(-(memcmp(a1, a2, len) == 0));

1432


1433
				}

1434
				break;

1435
			case 41: {

1436
				/* fail */

1437


1438
	CTX->err = T0_POPi();

1439
	T0_CO();

1440


1441
				}

1442
				break;

1443
			case 42: {

1444
				/* get16 */

1445


1446
	uint32_t addr = T0_POP();

1447
	T0_PUSH(*(uint16_t *)(void *)((unsigned char *)CTX + addr));

1448


1449
				}

1450
				break;

1451
			case 43: {

1452
				/* get32 */

1453


1454
	uint32_t addr = T0_POP();

1455
	T0_PUSH(*(uint32_t *)(void *)((unsigned char *)CTX + addr));

1456


1457
				}

1458
				break;

1459
			case 44: {

1460
				/* match-server-name */

1461


1462
	size_t n1, n2;

1463


1464
	if (CTX->server_name == NULL) {

1465
		T0_PUSH(0);

1466
		T0_RET();

1467
	}

1468
	n1 = strlen(CTX->server_name);

1469
	n2 = CTX->pad[0];

1470
	if (n1 == n2 && eqnocase(&CTX->pad[1], CTX->server_name, n1)) {

1471
		T0_PUSHi(-1);

1472
		T0_RET();

1473
	}

1474
	if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {

1475
		size_t u;

1476


1477
		u = 0;

1478
		while (u < n1 && CTX->server_name[u] != '.') {

1479
			u ++;

1480
		}

1481
		u ++;

1482
		n1 -= u;

1483
		if ((n2 - 2) == n1

1484
			&& eqnocase(&CTX->pad[3], CTX->server_name + u, n1))

1485
		{

1486
			T0_PUSHi(-1);

1487
			T0_RET();

1488
		}

1489
	}

1490
	T0_PUSH(0);

1491


1492
				}

1493
				break;

1494
			case 45: {

1495
				/* neg */

1496


1497
	uint32_t a = T0_POP();

1498
	T0_PUSH(-a);

1499


1500
				}

1501
				break;

1502
			case 46: {

1503
				/* offset-name-element */

1504


1505
	unsigned san = T0_POP();

1506
	size_t u;

1507


1508
	for (u = 0; u < CTX->num_name_elts; u ++) {

1509
		if (CTX->name_elts[u].status == 0) {

1510
			const unsigned char *oid;

1511
			size_t len, off;

1512


1513
			oid = CTX->name_elts[u].oid;

1514
			if (san) {

1515
				if (oid[0] != 0 || oid[1] != 0) {

1516
					continue;

1517
				}

1518
				off = 2;

1519
			} else {

1520
				off = 0;

1521
			}

1522
			len = oid[off];

1523
			if (len != 0 && len == CTX->pad[0]

1524
				&& memcmp(oid + off + 1,

1525
					CTX->pad + 1, len) == 0)

1526
			{

1527
				T0_PUSH(u);

1528
				T0_RET();

1529
			}

1530
		}

1531
	}

1532
	T0_PUSHi(-1);

1533


1534
				}

1535
				break;

1536
			case 47: {

1537
				/* or */

1538


1539
	uint32_t b = T0_POP();

1540
	uint32_t a = T0_POP();

1541
	T0_PUSH(a | b);

1542


1543
				}

1544
				break;

1545
			case 48: {

1546
				/* over */

1547
 T0_PUSH(T0_PEEK(1)); 

1548
				}

1549
				break;

1550
			case 49: {

1551
				/* read-blob-inner */

1552


1553
	uint32_t len = T0_POP();

1554
	uint32_t addr = T0_POP();

1555
	size_t clen = CTX->hlen;

1556
	if (clen > len) {

1557
		clen = (size_t)len;

1558
	}

1559
	if (addr != 0) {

1560
		memcpy((unsigned char *)CTX + addr, CTX->hbuf, clen);

1561
	}

1562
	if (CTX->do_mhash) {

1563
		br_multihash_update(&CTX->mhash, CTX->hbuf, clen);

1564
	}

1565
	if (CTX->do_dn_hash) {

1566
		CTX->dn_hash_impl->update(

1567
			&CTX->dn_hash.vtable, CTX->hbuf, clen);

1568
	}

1569
	CTX->hbuf += clen;

1570
	CTX->hlen -= clen;

1571
	T0_PUSH(addr + clen);

1572
	T0_PUSH(len - clen);

1573


1574
				}

1575
				break;

1576
			case 50: {

1577
				/* read8-low */

1578


1579
	if (CTX->hlen == 0) {

1580
		T0_PUSHi(-1);

1581
	} else {

1582
		unsigned char x = *CTX->hbuf ++;

1583
		if (CTX->do_mhash) {

1584
			br_multihash_update(&CTX->mhash, &x, 1);

1585
		}

1586
		if (CTX->do_dn_hash) {

1587
			CTX->dn_hash_impl->update(&CTX->dn_hash.vtable, &x, 1);

1588
		}

1589
		CTX->hlen --;

1590
		T0_PUSH(x);

1591
	}

1592


1593
				}

1594
				break;

1595
			case 51: {

1596
				/* rot */

1597
 T0_ROT(); 

1598
				}

1599
				break;

1600
			case 52: {

1601
				/* set16 */

1602


1603
	uint32_t addr = T0_POP();

1604
	*(uint16_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();

1605


1606
				}

1607
				break;

1608
			case 53: {

1609
				/* set32 */

1610


1611
	uint32_t addr = T0_POP();

1612
	*(uint32_t *)(void *)((unsigned char *)CTX + addr) = T0_POP();

1613


1614
				}

1615
				break;

1616
			case 54: {

1617
				/* set8 */

1618


1619
	uint32_t addr = T0_POP();

1620
	*((unsigned char *)CTX + addr) = (unsigned char)T0_POP();

1621


1622
				}

1623
				break;

1624
			case 55: {

1625
				/* start-dn-hash */

1626


1627
	CTX->dn_hash_impl->init(&CTX->dn_hash.vtable);

1628
	CTX->do_dn_hash = 1;

1629


1630
				}

1631
				break;

1632
			case 56: {

1633
				/* start-tbs-hash */

1634


1635
	br_multihash_init(&CTX->mhash);

1636
	CTX->do_mhash = 1;

1637


1638
				}

1639
				break;

1640
			case 57: {

1641
				/* stop-tbs-hash */

1642


1643
	CTX->do_mhash = 0;

1644


1645
				}

1646
				break;

1647
			case 58: {

1648
				/* swap */

1649
 T0_SWAP(); 

1650
				}

1651
				break;

1652
			case 59: {

1653
				/* zero-server-name */

1654


1655
	T0_PUSHi(-(CTX->server_name == NULL));

1656


1657
				}

1658
				break;

1659
			}

1660


1661
		} else {

1662
			T0_ENTER(ip, rp, t0x);

1663
		}

1664
	}

1665
t0_exit:

1666
	((t0_context *)t0ctx)->dp = dp;

1667
	((t0_context *)t0ctx)->rp = rp;

1668
	((t0_context *)t0ctx)->ip = ip;

1669
}

1670


1671


1672


1673
/*

1674
 * Verify the signature on the certificate with the provided public key.

1675
 * This function checks the public key type with regards to the expected

1676
 * type. Returned value is either 0 on success, or a non-zero error code.

1677
 */

1678
static int

1679
verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk)

1680
{

1681
	int kt;

1682


1683
	kt = ctx->cert_signer_key_type;

1684
	if ((pk->key_type & 0x0F) != kt) {

1685
		return BR_ERR_X509_WRONG_KEY_TYPE;

1686
	}

1687
	switch (kt) {

1688
		unsigned char tmp[64];

1689


1690
	case BR_KEYTYPE_RSA:

1691
		if (ctx->irsa == 0) {

1692
			return BR_ERR_X509_UNSUPPORTED;

1693
		}

1694
		if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len,

1695
			&t0_datablock[ctx->cert_sig_hash_oid],

1696
			ctx->cert_sig_hash_len, &pk->key.rsa, tmp))

1697
		{

1698
			return BR_ERR_X509_BAD_SIGNATURE;

1699
		}

1700
		if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {

1701
			return BR_ERR_X509_BAD_SIGNATURE;

1702
		}

1703
		return 0;

1704


1705
	case BR_KEYTYPE_EC:

1706
		if (ctx->iecdsa == 0) {

1707
			return BR_ERR_X509_UNSUPPORTED;

1708
		}

1709
		if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash,

1710
			ctx->cert_sig_hash_len, &pk->key.ec,

1711
			ctx->cert_sig, ctx->cert_sig_len))

1712
		{

1713
			return BR_ERR_X509_BAD_SIGNATURE;

1714
		}

1715
		return 0;

1716


1717
	default:

1718
		return BR_ERR_X509_UNSUPPORTED;

1719
	}

1720
}

1721


1722


1723


1724