diff options
| author | Simon J. Gerraty <sjg@FreeBSD.org> | 2022-04-18 21:47:09 +0000 |
|---|---|---|
| committer | Simon J. Gerraty <sjg@FreeBSD.org> | 2022-04-18 21:52:30 +0000 |
| commit | cc9e6590773dba57440750c124173ed531349a06 (patch) | |
| tree | 654a00387f0d02d74862e536592c8565dffed108 /contrib | |
| parent | ecbe50447d04d7e9e042a20d88e7773d03b4f68e (diff) | |
| parent | f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5 (diff) | |
| download | src-cc9e6590773dba57440750c124173ed531349a06.tar.gz src-cc9e6590773dba57440750c124173ed531349a06.zip | |
Merge bearssl-20220418
Main change is a callback for checking validity period of certificates.
Merge commit 'f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5'
Add -DHAVE_BR_X509_TIME_CHECK to libsecureboot/Makefile.inc
Diffstat (limited to 'contrib')
31 files changed, 1355 insertions, 569 deletions
diff --git a/contrib/bearssl/.gitignore b/contrib/bearssl/.gitignore new file mode 100644 index 000000000000..7da362eddc00 --- /dev/null +++ b/contrib/bearssl/.gitignore @@ -0,0 +1,6 @@ +/build/ +/libbearssl.a +/brssl +/testcrypto +/testspeed +/testx509 diff --git a/contrib/bearssl/T0Comp.exe b/contrib/bearssl/T0Comp.exe Binary files differindex 67eba109800e..de2364d69e07 100755 --- a/contrib/bearssl/T0Comp.exe +++ b/contrib/bearssl/T0Comp.exe diff --git a/contrib/bearssl/flist b/contrib/bearssl/flist new file mode 100644 index 000000000000..9751ad231065 --- /dev/null +++ b/contrib/bearssl/flist @@ -0,0 +1,459 @@ +T0/BlobWriter.cs +T0/CPU.cs +T0/CodeElement.cs +T0/CodeElementJump.cs +T0/CodeElementUInt.cs +T0/CodeElementUIntExpr.cs +T0/CodeElementUIntInt.cs +T0/CodeElementUIntUInt.cs +T0/ConstData.cs +T0/Opcode.cs +T0/OpcodeCall.cs +T0/OpcodeConst.cs +T0/OpcodeGetLocal.cs +T0/OpcodeJump.cs +T0/OpcodeJumpIf.cs +T0/OpcodeJumpIfNot.cs +T0/OpcodeJumpUncond.cs +T0/OpcodePutLocal.cs +T0/OpcodeRet.cs +T0/SType.cs +T0/T0Comp.cs +T0/TPointerBase.cs +T0/TPointerBlob.cs +T0/TPointerExpr.cs +T0/TPointerNull.cs +T0/TPointerXT.cs +T0/TValue.cs +T0/Word.cs +T0/WordBuilder.cs +T0/WordData.cs +T0/WordInterpreted.cs +T0/WordNative.cs +T0/kern.t0 +conf/Unix.mk +conf/Unix32.mk +conf/UnixClang.mk +conf/Win.mk +conf/samd20.mk +inc/bearssl.h +inc/bearssl_aead.h +inc/bearssl_block.h +inc/bearssl_ec.h +inc/bearssl_hash.h +inc/bearssl_hmac.h +inc/bearssl_kdf.h +inc/bearssl_pem.h +inc/bearssl_prf.h +inc/bearssl_rand.h +inc/bearssl_rsa.h +inc/bearssl_ssl.h +inc/bearssl_x509.h +mk/Defaults.mk +mk/NMake.mk +mk/Rules.mk +mk/SingleUnix.mk +mk/mkT0.cmd +mk/mkT0.sh +mk/mkrules.sh +samples/README.txt +samples/cert-ee-ec+rsa.pem +samples/cert-ee-ec.pem +samples/cert-ee-rsa.pem +samples/cert-ica-ec.pem +samples/cert-ica-rsa.pem +samples/cert-root-ec.pem +samples/cert-root-rsa.pem +samples/chain-ec+rsa.h +samples/chain-ec.h +samples/chain-rsa.h +samples/client_basic.c +samples/custom_profile.c +samples/key-ec.h +samples/key-ee-ec.pem +samples/key-ee-rsa.pem +samples/key-ica-ec.pem +samples/key-ica-rsa.pem +samples/key-root-ec.pem +samples/key-root-rsa.pem +samples/key-rsa.h +samples/server_basic.c +src/aead/ccm.c +src/aead/eax.c +src/aead/gcm.c +src/codec/ccopy.c +src/codec/dec16be.c +src/codec/dec16le.c +src/codec/dec32be.c +src/codec/dec32le.c +src/codec/dec64be.c +src/codec/dec64le.c +src/codec/enc16be.c +src/codec/enc16le.c +src/codec/enc32be.c +src/codec/enc32le.c +src/codec/enc64be.c +src/codec/enc64le.c +src/codec/pemdec.c +src/codec/pemdec.t0 +src/codec/pemenc.c +src/config.h +src/ec/ec_all_m15.c +src/ec/ec_all_m31.c +src/ec/ec_c25519_i15.c +src/ec/ec_c25519_i31.c +src/ec/ec_c25519_m15.c +src/ec/ec_c25519_m31.c +src/ec/ec_c25519_m62.c +src/ec/ec_c25519_m64.c +src/ec/ec_curve25519.c +src/ec/ec_default.c +src/ec/ec_keygen.c +src/ec/ec_p256_m15.c +src/ec/ec_p256_m31.c +src/ec/ec_p256_m62.c +src/ec/ec_p256_m64.c +src/ec/ec_prime_i15.c +src/ec/ec_prime_i31.c +src/ec/ec_pubkey.c +src/ec/ec_secp256r1.c +src/ec/ec_secp384r1.c +src/ec/ec_secp521r1.c +src/ec/ecdsa_atr.c +src/ec/ecdsa_default_sign_asn1.c +src/ec/ecdsa_default_sign_raw.c +src/ec/ecdsa_default_vrfy_asn1.c +src/ec/ecdsa_default_vrfy_raw.c +src/ec/ecdsa_i15_bits.c +src/ec/ecdsa_i15_sign_asn1.c +src/ec/ecdsa_i15_sign_raw.c +src/ec/ecdsa_i15_vrfy_asn1.c +src/ec/ecdsa_i15_vrfy_raw.c +src/ec/ecdsa_i31_bits.c +src/ec/ecdsa_i31_sign_asn1.c +src/ec/ecdsa_i31_sign_raw.c +src/ec/ecdsa_i31_vrfy_asn1.c +src/ec/ecdsa_i31_vrfy_raw.c +src/ec/ecdsa_rta.c +src/hash/dig_oid.c +src/hash/dig_size.c +src/hash/ghash_ctmul.c +src/hash/ghash_ctmul32.c +src/hash/ghash_ctmul64.c +src/hash/ghash_pclmul.c +src/hash/ghash_pwr8.c +src/hash/md5.c +src/hash/md5sha1.c +src/hash/mgf1.c +src/hash/multihash.c +src/hash/sha1.c +src/hash/sha2big.c +src/hash/sha2small.c +src/inner.h +src/int/i15_add.c +src/int/i15_bitlen.c +src/int/i15_decmod.c +src/int/i15_decode.c +src/int/i15_decred.c +src/int/i15_encode.c +src/int/i15_fmont.c +src/int/i15_iszero.c +src/int/i15_moddiv.c +src/int/i15_modpow.c +src/int/i15_modpow2.c +src/int/i15_montmul.c +src/int/i15_mulacc.c +src/int/i15_muladd.c +src/int/i15_ninv15.c +src/int/i15_reduce.c +src/int/i15_rshift.c +src/int/i15_sub.c +src/int/i15_tmont.c +src/int/i31_add.c +src/int/i31_bitlen.c +src/int/i31_decmod.c +src/int/i31_decode.c +src/int/i31_decred.c +src/int/i31_encode.c +src/int/i31_fmont.c +src/int/i31_iszero.c +src/int/i31_moddiv.c +src/int/i31_modpow.c +src/int/i31_modpow2.c +src/int/i31_montmul.c +src/int/i31_mulacc.c +src/int/i31_muladd.c +src/int/i31_ninv31.c +src/int/i31_reduce.c +src/int/i31_rshift.c +src/int/i31_sub.c +src/int/i31_tmont.c +src/int/i32_add.c +src/int/i32_bitlen.c +src/int/i32_decmod.c +src/int/i32_decode.c +src/int/i32_decred.c +src/int/i32_div32.c +src/int/i32_encode.c +src/int/i32_fmont.c +src/int/i32_iszero.c +src/int/i32_modpow.c +src/int/i32_montmul.c +src/int/i32_mulacc.c +src/int/i32_muladd.c +src/int/i32_ninv32.c +src/int/i32_reduce.c +src/int/i32_sub.c +src/int/i32_tmont.c +src/int/i62_modpow2.c +src/kdf/hkdf.c +src/kdf/shake.c +src/mac/hmac.c +src/mac/hmac_ct.c +src/rand/aesctr_drbg.c +src/rand/hmac_drbg.c +src/rand/sysrng.c +src/rsa/rsa_default_keygen.c +src/rsa/rsa_default_modulus.c +src/rsa/rsa_default_oaep_decrypt.c +src/rsa/rsa_default_oaep_encrypt.c +src/rsa/rsa_default_pkcs1_sign.c +src/rsa/rsa_default_pkcs1_vrfy.c +src/rsa/rsa_default_priv.c +src/rsa/rsa_default_privexp.c +src/rsa/rsa_default_pss_sign.c +src/rsa/rsa_default_pss_vrfy.c +src/rsa/rsa_default_pub.c +src/rsa/rsa_default_pubexp.c +src/rsa/rsa_i15_keygen.c +src/rsa/rsa_i15_modulus.c +src/rsa/rsa_i15_oaep_decrypt.c +src/rsa/rsa_i15_oaep_encrypt.c +src/rsa/rsa_i15_pkcs1_sign.c +src/rsa/rsa_i15_pkcs1_vrfy.c +src/rsa/rsa_i15_priv.c +src/rsa/rsa_i15_privexp.c +src/rsa/rsa_i15_pss_sign.c +src/rsa/rsa_i15_pss_vrfy.c +src/rsa/rsa_i15_pub.c +src/rsa/rsa_i15_pubexp.c +src/rsa/rsa_i31_keygen.c +src/rsa/rsa_i31_keygen_inner.c +src/rsa/rsa_i31_modulus.c +src/rsa/rsa_i31_oaep_decrypt.c +src/rsa/rsa_i31_oaep_encrypt.c +src/rsa/rsa_i31_pkcs1_sign.c +src/rsa/rsa_i31_pkcs1_vrfy.c +src/rsa/rsa_i31_priv.c +src/rsa/rsa_i31_privexp.c +src/rsa/rsa_i31_pss_sign.c +src/rsa/rsa_i31_pss_vrfy.c +src/rsa/rsa_i31_pub.c +src/rsa/rsa_i31_pubexp.c +src/rsa/rsa_i32_oaep_decrypt.c +src/rsa/rsa_i32_oaep_encrypt.c +src/rsa/rsa_i32_pkcs1_sign.c +src/rsa/rsa_i32_pkcs1_vrfy.c +src/rsa/rsa_i32_priv.c +src/rsa/rsa_i32_pss_sign.c +src/rsa/rsa_i32_pss_vrfy.c +src/rsa/rsa_i32_pub.c +src/rsa/rsa_i62_keygen.c +src/rsa/rsa_i62_oaep_decrypt.c +src/rsa/rsa_i62_oaep_encrypt.c +src/rsa/rsa_i62_pkcs1_sign.c +src/rsa/rsa_i62_pkcs1_vrfy.c +src/rsa/rsa_i62_priv.c +src/rsa/rsa_i62_pss_sign.c +src/rsa/rsa_i62_pss_vrfy.c +src/rsa/rsa_i62_pub.c +src/rsa/rsa_oaep_pad.c +src/rsa/rsa_oaep_unpad.c +src/rsa/rsa_pkcs1_sig_pad.c +src/rsa/rsa_pkcs1_sig_unpad.c +src/rsa/rsa_pss_sig_pad.c +src/rsa/rsa_pss_sig_unpad.c +src/rsa/rsa_ssl_decrypt.c +src/settings.c +src/ssl/prf.c +src/ssl/prf_md5sha1.c +src/ssl/prf_sha256.c +src/ssl/prf_sha384.c +src/ssl/ssl_ccert_single_ec.c +src/ssl/ssl_ccert_single_rsa.c +src/ssl/ssl_client.c +src/ssl/ssl_client_default_rsapub.c +src/ssl/ssl_client_full.c +src/ssl/ssl_engine.c +src/ssl/ssl_engine_default_aescbc.c +src/ssl/ssl_engine_default_aesccm.c +src/ssl/ssl_engine_default_aesgcm.c +src/ssl/ssl_engine_default_chapol.c +src/ssl/ssl_engine_default_descbc.c +src/ssl/ssl_engine_default_ec.c +src/ssl/ssl_engine_default_ecdsa.c +src/ssl/ssl_engine_default_rsavrfy.c +src/ssl/ssl_hashes.c +src/ssl/ssl_hs_client.c +src/ssl/ssl_hs_client.t0 +src/ssl/ssl_hs_common.t0 +src/ssl/ssl_hs_server.c +src/ssl/ssl_hs_server.t0 +src/ssl/ssl_io.c +src/ssl/ssl_keyexport.c +src/ssl/ssl_lru.c +src/ssl/ssl_rec_cbc.c +src/ssl/ssl_rec_ccm.c +src/ssl/ssl_rec_chapol.c +src/ssl/ssl_rec_gcm.c +src/ssl/ssl_scert_single_ec.c +src/ssl/ssl_scert_single_rsa.c +src/ssl/ssl_server.c +src/ssl/ssl_server_full_ec.c +src/ssl/ssl_server_full_rsa.c +src/ssl/ssl_server_mine2c.c +src/ssl/ssl_server_mine2g.c +src/ssl/ssl_server_minf2c.c +src/ssl/ssl_server_minf2g.c +src/ssl/ssl_server_minr2g.c +src/ssl/ssl_server_minu2g.c +src/ssl/ssl_server_minv2g.c +src/symcipher/aes_big_cbcdec.c +src/symcipher/aes_big_cbcenc.c +src/symcipher/aes_big_ctr.c +src/symcipher/aes_big_ctrcbc.c +src/symcipher/aes_big_dec.c +src/symcipher/aes_big_enc.c +src/symcipher/aes_common.c +src/symcipher/aes_ct.c +src/symcipher/aes_ct64.c +src/symcipher/aes_ct64_cbcdec.c +src/symcipher/aes_ct64_cbcenc.c +src/symcipher/aes_ct64_ctr.c +src/symcipher/aes_ct64_ctrcbc.c +src/symcipher/aes_ct64_dec.c +src/symcipher/aes_ct64_enc.c +src/symcipher/aes_ct_cbcdec.c +src/symcipher/aes_ct_cbcenc.c +src/symcipher/aes_ct_ctr.c +src/symcipher/aes_ct_ctrcbc.c +src/symcipher/aes_ct_dec.c +src/symcipher/aes_ct_enc.c +src/symcipher/aes_pwr8.c +src/symcipher/aes_pwr8_cbcdec.c +src/symcipher/aes_pwr8_cbcenc.c +src/symcipher/aes_pwr8_ctr.c +src/symcipher/aes_pwr8_ctrcbc.c +src/symcipher/aes_small_cbcdec.c +src/symcipher/aes_small_cbcenc.c +src/symcipher/aes_small_ctr.c +src/symcipher/aes_small_ctrcbc.c +src/symcipher/aes_small_dec.c +src/symcipher/aes_small_enc.c +src/symcipher/aes_x86ni.c +src/symcipher/aes_x86ni_cbcdec.c +src/symcipher/aes_x86ni_cbcenc.c +src/symcipher/aes_x86ni_ctr.c +src/symcipher/aes_x86ni_ctrcbc.c +src/symcipher/chacha20_ct.c +src/symcipher/chacha20_sse2.c +src/symcipher/des_ct.c +src/symcipher/des_ct_cbcdec.c +src/symcipher/des_ct_cbcenc.c +src/symcipher/des_support.c +src/symcipher/des_tab.c +src/symcipher/des_tab_cbcdec.c +src/symcipher/des_tab_cbcenc.c +src/symcipher/poly1305_ctmul.c +src/symcipher/poly1305_ctmul32.c +src/symcipher/poly1305_ctmulq.c +src/symcipher/poly1305_i15.c +src/x509/asn1.t0 +src/x509/asn1enc.c +src/x509/encode_ec_pk8der.c +src/x509/encode_ec_rawder.c +src/x509/encode_rsa_pk8der.c +src/x509/encode_rsa_rawder.c +src/x509/skey_decoder.c +src/x509/skey_decoder.t0 +src/x509/x509_decoder.c +src/x509/x509_decoder.t0 +src/x509/x509_knownkey.c +src/x509/x509_minimal.c +src/x509/x509_minimal.t0 +src/x509/x509_minimal_full.c +test/test_crypto.c +test/test_math.c +test/test_speed.c +test/test_x509.c +test/x509/alltests.txt +test/x509/dn-ee.der +test/x509/dn-ica1.der +test/x509/dn-ica2.der +test/x509/dn-root-new.der +test/x509/dn-root.der +test/x509/ee-badsig1.crt +test/x509/ee-badsig2.crt +test/x509/ee-cp1.crt +test/x509/ee-cp2.crt +test/x509/ee-cp3.crt +test/x509/ee-cp4.crt +test/x509/ee-dates.crt +test/x509/ee-md5.crt +test/x509/ee-names.crt +test/x509/ee-names2.crt +test/x509/ee-names3.crt +test/x509/ee-names4.crt +test/x509/ee-p256-sha1.crt +test/x509/ee-p256-sha224.crt +test/x509/ee-p256-sha256.crt +test/x509/ee-p256-sha384.crt +test/x509/ee-p256-sha512.crt +test/x509/ee-p256.crt +test/x509/ee-p384.crt +test/x509/ee-p521.crt +test/x509/ee-sha1.crt +test/x509/ee-sha224.crt +test/x509/ee-sha384.crt +test/x509/ee-sha512.crt +test/x509/ee-trailing.crt +test/x509/ee.crt +test/x509/ica1-1016.crt +test/x509/ica1-1017.crt +test/x509/ica1-4096.crt +test/x509/ica1-p256.crt +test/x509/ica1-p384.crt +test/x509/ica1-p521.crt +test/x509/ica1.crt +test/x509/ica2-1016.crt +test/x509/ica2-1017.crt +test/x509/ica2-4096.crt +test/x509/ica2-notCA.crt +test/x509/ica2-p256.crt +test/x509/ica2-p384.crt +test/x509/ica2-p521.crt +test/x509/ica2.crt +test/x509/junk.crt +test/x509/names.crt +test/x509/root-p256.crt +test/x509/root-p384.crt +test/x509/root-p521.crt +test/x509/root.crt +tools/brssl.c +tools/brssl.h +tools/certs.c +tools/chain.c +tools/client.c +tools/errors.c +tools/files.c +tools/impl.c +tools/keys.c +tools/names.c +tools/server.c +tools/skey.c +tools/sslio.c +tools/ta.c +tools/twrch.c +tools/vector.c +tools/verify.c +tools/xmem.c diff --git a/contrib/bearssl/inc/bearssl_ec.h b/contrib/bearssl/inc/bearssl_ec.h index f954309eb6c1..acd3a2bf5a55 100644 --- a/contrib/bearssl/inc/bearssl_ec.h +++ b/contrib/bearssl/inc/bearssl_ec.h @@ -108,7 +108,7 @@ extern "C" { * * - The multipliers (integers) MUST be lower than the subgroup order. * If this property is not met, then the result is indeterminate, - * but an error value is not ncessearily returned. + * but an error value is not necessarily returned. * * * ## ECDSA diff --git a/contrib/bearssl/inc/bearssl_hash.h b/contrib/bearssl/inc/bearssl_hash.h index 3b15ba7ca487..ca4fa26cc4aa 100644 --- a/contrib/bearssl/inc/bearssl_hash.h +++ b/contrib/bearssl/inc/bearssl_hash.h @@ -724,7 +724,7 @@ void br_sha256_update(br_sha256_context *ctx, const void *data, size_t len); */ void br_sha256_out(const br_sha256_context *ctx, void *out); -#if BR_DOXYGEN_IGNORE +#ifdef BR_DOXYGEN_IGNORE /** * \brief Save SHA-256 running state. * @@ -742,7 +742,7 @@ uint64_t br_sha256_state(const br_sha256_context *ctx, void *out); #define br_sha256_state br_sha224_state #endif -#if BR_DOXYGEN_IGNORE +#ifdef BR_DOXYGEN_IGNORE /** * \brief Restore SHA-256 running state. * diff --git a/contrib/bearssl/inc/bearssl_ssl.h b/contrib/bearssl/inc/bearssl_ssl.h index 8c8c86bdb50a..e91df4755690 100644 --- a/contrib/bearssl/inc/bearssl_ssl.h +++ b/contrib/bearssl/inc/bearssl_ssl.h @@ -1250,8 +1250,8 @@ static inline void br_ssl_engine_set_versions(br_ssl_engine_context *cc, unsigned version_min, unsigned version_max) { - cc->version_min = version_min; - cc->version_max = version_max; + cc->version_min = (uint16_t)version_min; + cc->version_max = (uint16_t)version_max; } /** @@ -1324,7 +1324,7 @@ br_ssl_engine_set_protocol_names(br_ssl_engine_context *ctx, const char **names, size_t num) { ctx->protocol_names = names; - ctx->protocol_names_num = num; + ctx->protocol_names_num = (uint16_t)num; } /** @@ -2102,7 +2102,7 @@ void br_ssl_engine_sendapp_ack(br_ssl_engine_context *cc, size_t len); /** * \brief Get buffer for received application data. * - * If the engine has received application data from the peer, hen this + * If the engine has received application data from the peer, then this * call returns a pointer to the buffer from where such data shall be * read, and its length is written in `*len`. Otherwise, `*len` is set * to 0 and `NULL` is returned. diff --git a/contrib/bearssl/inc/bearssl_x509.h b/contrib/bearssl/inc/bearssl_x509.h index 49d2fba0d5bc..7668e1de53a2 100644 --- a/contrib/bearssl/inc/bearssl_x509.h +++ b/contrib/bearssl/inc/bearssl_x509.h @@ -626,6 +626,52 @@ typedef struct { } br_name_element; /** + * \brief Callback for validity date checks. + * + * The function receives as parameter an arbitrary user-provided context, + * and the notBefore and notAfter dates specified in an X.509 certificate, + * both expressed as a number of days and a number of seconds: + * + * - Days are counted in a proleptic Gregorian calendar since + * January 1st, 0 AD. Year "0 AD" is the one that preceded "1 AD"; + * it is also traditionally known as "1 BC". + * + * - Seconds are counted since midnight, from 0 to 86400 (a count of + * 86400 is possible only if a leap second happened). + * + * Each date and time is understood in the UTC time zone. The "Unix + * Epoch" (January 1st, 1970, 00:00 UTC) corresponds to days=719528 and + * seconds=0; the "Windows Epoch" (January 1st, 1601, 00:00 UTC) is + * days=584754, seconds=0. + * + * This function must return -1 if the current date is strictly before + * the "notBefore" time, or +1 if the current date is strictly after the + * "notAfter" time. If neither condition holds, then the function returns + * 0, which means that the current date falls within the validity range of + * the certificate. If the function returns a value distinct from -1, 0 + * and +1, then this is interpreted as an unavailability of the current + * time, which normally ends the validation process with a + * `BR_ERR_X509_TIME_UNKNOWN` error. + * + * During path validation, this callback will be invoked for each + * considered X.509 certificate. Validation fails if any of the calls + * returns a non-zero value. + * + * The context value is an abritrary pointer set by the caller when + * configuring this callback. + * + * \param tctx context pointer. + * \param not_before_days notBefore date (days since Jan 1st, 0 AD). + * \param not_before_seconds notBefore time (seconds, at most 86400). + * \param not_after_days notAfter date (days since Jan 1st, 0 AD). + * \param not_after_seconds notAfter time (seconds, at most 86400). + * \return -1, 0 or +1. + */ +typedef int (*br_x509_time_check)(void *tctx, + uint32_t not_before_days, uint32_t not_before_seconds, + uint32_t not_after_days, uint32_t not_after_seconds); + +/** * \brief The "minimal" X.509 engine structure. * * The structure contents are opaque (they shall not be accessed directly), @@ -647,8 +693,8 @@ typedef struct { uint32_t *rp; const unsigned char *ip; } cpu; - uint32_t dp_stack[32]; - uint32_t rp_stack[32]; + uint32_t dp_stack[31]; + uint32_t rp_stack[31]; int err; /* Server name to match with the SAN / CN of the EE certificate. */ @@ -724,6 +770,12 @@ typedef struct { size_t num_name_elts; /* + * Callback function (and context) to get the current date. + */ + void *itime_ctx; + br_x509_time_check itime; + + /* * Public key cryptography implementations (signature verification). */ br_rsa_pkcs1_vrfy irsa; @@ -853,7 +905,10 @@ void br_x509_minimal_init_full(br_x509_minimal_context *ctx, * - Seconds are counted since midnight, from 0 to 86400 (a count of * 86400 is possible only if a leap second happened). * - * The validation date and time is understood in the UTC time zone. + * The validation date and time is understood in the UTC time zone. The + * "Unix Epoch" (January 1st, 1970, 00:00 UTC) corresponds to days=719528 + * and seconds=0; the "Windows Epoch" (January 1st, 1601, 00:00 UTC) is + * days=584754, seconds=0. * * If the validation date and time are not explicitly set, but BearSSL * was compiled with support for the system clock on the underlying @@ -871,6 +926,28 @@ br_x509_minimal_set_time(br_x509_minimal_context *ctx, { ctx->days = days; ctx->seconds = seconds; + ctx->itime = 0; +} + +/** + * \brief Set the validity range callback function for the X.509 + * "minimal" engine. + * + * The provided function will be invoked to check whether the validation + * date is within the validity range for a given X.509 certificate; a + * call will be issued for each considered certificate. The provided + * context pointer (itime_ctx) will be passed as first parameter to the + * callback. + * + * \param tctx context for callback invocation. + * \param cb callback function. + */ +static inline void +br_x509_minimal_set_time_callback(br_x509_minimal_context *ctx, + void *itime_ctx, br_x509_time_check itime) +{ + ctx->itime_ctx = itime_ctx; + ctx->itime = itime; } /** diff --git a/contrib/bearssl/src/config.h b/contrib/bearssl/src/config.h index 8ea4d8af8d61..94627a23c038 100644 --- a/contrib/bearssl/src/config.h +++ b/contrib/bearssl/src/config.h @@ -110,8 +110,26 @@ */ /* + * When BR_USE_GETENTROPY is enabled, the SSL engine will use the + * getentropy() function to obtain quality randomness for seeding its + * internal PRNG. On Linux and FreeBSD, getentropy() is implemented by + * the standard library with the system call getrandom(); on OpenBSD, + * getentropy() is the system call, and there is no getrandom() wrapper, + * hence the use of the getentropy() function for maximum portability. + * + * If the getentropy() call fails, and BR_USE_URANDOM is not explicitly + * disabled, then /dev/urandom will be used as a fallback mechanism. On + * FreeBSD and OpenBSD, this does not change much, since /dev/urandom + * will block if not enough entropy has been obtained since last boot. + * On Linux, /dev/urandom might not block, which can be troublesome in + * early boot stages, which is why getentropy() is preferred. + * +#define BR_USE_GETENTROPY 1 + */ + +/* * When BR_USE_URANDOM is enabled, the SSL engine will use /dev/urandom - * to automatically obtain quality randomness for seedings its internal + * to automatically obtain quality randomness for seeding its internal * PRNG. * #define BR_USE_URANDOM 1 @@ -120,7 +138,7 @@ /* * When BR_USE_WIN32_RAND is enabled, the SSL engine will use the Win32 * (CryptoAPI) functions (CryptAcquireContext(), CryptGenRandom()...) to - * automatically obtain quality randomness for seedings its internal PRNG. + * automatically obtain quality randomness for seeding its internal PRNG. * * Note: if both BR_USE_URANDOM and BR_USE_WIN32_RAND are defined, the * former takes precedence. diff --git a/contrib/bearssl/src/ec/ec_c25519_m64.c b/contrib/bearssl/src/ec/ec_c25519_m64.c index 7e7f12f7e3ad..df4883467d4a 100644 --- a/contrib/bearssl/src/ec/ec_c25519_m64.c +++ b/contrib/bearssl/src/ec/ec_c25519_m64.c @@ -158,10 +158,6 @@ f255_add(uint64_t *d, const uint64_t *a, const uint64_t *b) /* * Subtraction. - * On input, limbs must fit on 60 bits each. On output, result is - * partially reduced, with max value 2^255+19456; moreover, all - * limbs will fit on 51 bits, except the low limb, which may have - * value up to 2^51+19455. */ static inline void f255_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) diff --git a/contrib/bearssl/src/ec/ec_p256_m15.c b/contrib/bearssl/src/ec/ec_p256_m15.c index 8d68d1d21bdb..05800d87f46a 100644 --- a/contrib/bearssl/src/ec/ec_p256_m15.c +++ b/contrib/bearssl/src/ec/ec_p256_m15.c @@ -2039,12 +2039,13 @@ api_mul(unsigned char *G, size_t Glen, p256_jacobian P; (void)curve; + if (Glen != 65) { + return 0; + } r = p256_decode(&P, G, Glen); p256_mul(&P, x, xlen); - if (Glen >= 65) { - p256_to_affine(&P); - p256_encode(G, &P); - } + p256_to_affine(&P); + p256_encode(G, &P); return r; } @@ -2059,16 +2060,6 @@ api_mulgen(unsigned char *R, p256_to_affine(&P); p256_encode(R, &P); return 65; - - /* - const unsigned char *G; - size_t Glen; - - G = api_generator(curve, &Glen); - memcpy(R, G, Glen); - api_mul(R, Glen, x, xlen, curve); - return Glen; - */ } static uint32_t @@ -2081,6 +2072,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len, int i; (void)curve; + if (len != 65) { + return 0; + } r = p256_decode(&P, A, len); p256_mul(&P, x, xlen); if (B == NULL) { diff --git a/contrib/bearssl/src/ec/ec_p256_m31.c b/contrib/bearssl/src/ec/ec_p256_m31.c index d57ef7b097ff..b185937e1606 100644 --- a/contrib/bearssl/src/ec/ec_p256_m31.c +++ b/contrib/bearssl/src/ec/ec_p256_m31.c @@ -1384,12 +1384,13 @@ api_mul(unsigned char *G, size_t Glen, p256_jacobian P; (void)curve; + if (Glen != 65) { + return 0; + } r = p256_decode(&P, G, Glen); p256_mul(&P, x, xlen); - if (Glen >= 65) { - p256_to_affine(&P); - p256_encode(G, &P); - } + p256_to_affine(&P); + p256_encode(G, &P); return r; } @@ -1404,16 +1405,6 @@ api_mulgen(unsigned char *R, p256_to_affine(&P); p256_encode(R, &P); return 65; - - /* - const unsigned char *G; - size_t Glen; - - G = api_generator(curve, &Glen); - memcpy(R, G, Glen); - api_mul(R, Glen, x, xlen, curve); - return Glen; - */ } static uint32_t @@ -1426,6 +1417,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len, int i; (void)curve; + if (len != 65) { + return 0; + } r = p256_decode(&P, A, len); p256_mul(&P, x, xlen); if (B == NULL) { diff --git a/contrib/bearssl/src/ec/ec_p256_m62.c b/contrib/bearssl/src/ec/ec_p256_m62.c index 3bcb95b5b19b..a4317905204d 100644 --- a/contrib/bearssl/src/ec/ec_p256_m62.c +++ b/contrib/bearssl/src/ec/ec_p256_m62.c @@ -580,7 +580,7 @@ f256_final_reduce(uint64_t *a) w = t[2] - cc; t[2] = w & MASK52; cc = w >> 63; - w = t[3] - BIT(36); + w = t[3] - BIT(36) - cc; t[3] = w & MASK52; cc = w >> 63; t[4] -= cc; diff --git a/contrib/bearssl/src/ec/ec_p256_m64.c b/contrib/bearssl/src/ec/ec_p256_m64.c index 5a7ea177408b..71a527c36955 100644 --- a/contrib/bearssl/src/ec/ec_p256_m64.c +++ b/contrib/bearssl/src/ec/ec_p256_m64.c @@ -99,6 +99,9 @@ f256_add(uint64_t *d, const uint64_t *a, const uint64_t *b) unsigned __int128 w; uint64_t t; + /* + * Do the addition, with an extra carry in t. + */ w = (unsigned __int128)a[0] + b[0]; d[0] = (uint64_t)w; w = (unsigned __int128)a[1] + b[1] + (w >> 64); @@ -110,7 +113,7 @@ f256_add(uint64_t *d, const uint64_t *a, const uint64_t *b) t = (uint64_t)(w >> 64); /* - * 2^256 = 2^224 - 2^192 - 2^96 + 1 in the field. + * Fold carry t, using: 2^256 = 2^224 - 2^192 - 2^96 + 1 mod p. */ w = (unsigned __int128)d[0] + t; d[0] = (uint64_t)w; @@ -119,8 +122,22 @@ f256_add(uint64_t *d, const uint64_t *a, const uint64_t *b) /* Here, carry "w >> 64" can only be 0 or -1 */ w = (unsigned __int128)d[2] - ((w >> 64) & 1); d[2] = (uint64_t)w; - /* Again, carry is 0 or -1 */ - d[3] += (uint64_t)(w >> 64) + (t << 32) - t; + /* Again, carry is 0 or -1. But there can be carry only if t = 1, + in which case the addition of (t << 32) - t is positive. */ + w = (unsigned __int128)d[3] - ((w >> 64) & 1) + (t << 32) - t; + d[3] = (uint64_t)w; + t = (uint64_t)(w >> 64); + + /* + * There can be an extra carry here, which we must fold again. + */ + w = (unsigned __int128)d[0] + t; + d[0] = (uint64_t)w; + w = (unsigned __int128)d[1] + (w >> 64) - (t << 32); + d[1] = (uint64_t)w; + w = (unsigned __int128)d[2] - ((w >> 64) & 1); + d[2] = (uint64_t)w; + d[3] += (t << 32) - t - (uint64_t)((w >> 64) & 1); #elif BR_UMUL128 @@ -140,6 +157,15 @@ f256_add(uint64_t *d, const uint64_t *a, const uint64_t *b) cc = _addcarry_u64(cc, d[0], 0, &d[0]); cc = _addcarry_u64(cc, d[1], -(t << 32), &d[1]); cc = _addcarry_u64(cc, d[2], -t, &d[2]); + cc = _addcarry_u64(cc, d[3], (t << 32) - (t << 1), &d[3]); + + /* + * We have to do it again if there still is a carry. + */ + t = cc; + cc = _addcarry_u64(cc, d[0], 0, &d[0]); + cc = _addcarry_u64(cc, d[1], -(t << 32), &d[1]); + cc = _addcarry_u64(cc, d[2], -t, &d[2]); (void)_addcarry_u64(cc, d[3], (t << 32) - (t << 1), &d[3]); #endif @@ -167,6 +193,7 @@ f256_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) t = (uint64_t)(w >> 64) & 1; /* + * If there is a borrow (t = 1), then we must add the modulus * p = 2^256 - 2^224 + 2^192 + 2^96 - 1. */ w = (unsigned __int128)d[0] - t; @@ -177,6 +204,20 @@ f256_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) w = (unsigned __int128)d[2] + (w >> 64); d[2] = (uint64_t)w; /* Again, carry is 0 or +1 */ + w = (unsigned __int128)d[3] + (w >> 64) - (t << 32) + t; + d[3] = (uint64_t)w; + t = (uint64_t)(w >> 64) & 1; + + /* + * There may be again a borrow, in which case we must add the + * modulus again. + */ + w = (unsigned __int128)d[0] - t; + d[0] = (uint64_t)w; + w = (unsigned __int128)d[1] + (t << 32) - ((w >> 64) & 1); + d[1] = (uint64_t)w; + w = (unsigned __int128)d[2] + (w >> 64); + d[2] = (uint64_t)w; d[3] += (uint64_t)(w >> 64) - (t << 32) + t; #elif BR_UMUL128 @@ -190,13 +231,23 @@ f256_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) cc = _subborrow_u64(cc, a[3], b[3], &d[3]); /* - * If there is a carry, then we need to add p. + * If there is a borrow, then we need to add p. We (virtually) + * add 2^256, then subtract 2^256 - p. + */ + t = cc; + cc = _subborrow_u64(0, d[0], t, &d[0]); + cc = _subborrow_u64(cc, d[1], -(t << 32), &d[1]); + cc = _subborrow_u64(cc, d[2], -t, &d[2]); + cc = _subborrow_u64(cc, d[3], (t << 32) - (t << 1), &d[3]); + + /* + * If there still is a borrow, then we need to add p again. */ t = cc; - cc = _addcarry_u64(0, d[0], -t, &d[0]); - cc = _addcarry_u64(cc, d[1], (-t) >> 32, &d[1]); - cc = _addcarry_u64(cc, d[2], 0, &d[2]); - (void)_addcarry_u64(cc, d[3], t - (t << 32), &d[3]); + cc = _subborrow_u64(0, d[0], t, &d[0]); + cc = _subborrow_u64(cc, d[1], -(t << 32), &d[1]); + cc = _subborrow_u64(cc, d[2], -t, &d[2]); + (void)_subborrow_u64(cc, d[3], (t << 32) - (t << 1), &d[3]); #endif } diff --git a/contrib/bearssl/src/ec/ec_prime_i15.c b/contrib/bearssl/src/ec/ec_prime_i15.c index 0f210f240475..f86dbe6ff0db 100644 --- a/contrib/bearssl/src/ec/ec_prime_i15.c +++ b/contrib/bearssl/src/ec/ec_prime_i15.c @@ -733,11 +733,12 @@ api_mul(unsigned char *G, size_t Glen, jacobian P; cc = id_to_curve(curve); + if (Glen != cc->point_len) { + return 0; + } r = point_decode(&P, G, Glen, cc); point_mul(&P, x, xlen, cc); - if (Glen == cc->point_len) { - point_encode(G, &P, cc); - } + point_encode(G, &P, cc); return r; } @@ -770,6 +771,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len, */ cc = id_to_curve(curve); + if (len != cc->point_len) { + return 0; + } r = point_decode(&P, A, len, cc); if (B == NULL) { size_t Glen; diff --git a/contrib/bearssl/src/ec/ec_prime_i31.c b/contrib/bearssl/src/ec/ec_prime_i31.c index 0586a3b5ab6d..b205f367aeba 100644 --- a/contrib/bearssl/src/ec/ec_prime_i31.c +++ b/contrib/bearssl/src/ec/ec_prime_i31.c @@ -107,15 +107,16 @@ typedef struct { const uint32_t *b; const uint32_t *R2; uint32_t p0i; + size_t point_len; } curve_params; static inline const curve_params * id_to_curve(int curve) { static const curve_params pp[] = { - { P256_P, P256_B, P256_R2, 0x00000001 }, - { P384_P, P384_B, P384_R2, 0x00000001 }, - { P521_P, P521_B, P521_R2, 0x00000001 } + { P256_P, P256_B, P256_R2, 0x00000001, 65 }, + { P384_P, P384_B, P384_R2, 0x00000001, 97 }, + { P521_P, P521_B, P521_R2, 0x00000001, 133 } }; return &pp[curve - BR_EC_secp256r1]; @@ -734,6 +735,9 @@ api_mul(unsigned char *G, size_t Glen, jacobian P; cc = id_to_curve(curve); + if (Glen != cc->point_len) { + return 0; + } r = point_decode(&P, G, Glen, cc); point_mul(&P, x, xlen, cc); point_encode(G, &P, cc); @@ -769,6 +773,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len, */ cc = id_to_curve(curve); + if (len != cc->point_len) { + return 0; + } r = point_decode(&P, A, len, cc); if (B == NULL) { size_t Glen; diff --git a/contrib/bearssl/src/inner.h b/contrib/bearssl/src/inner.h index 986220f0f542..07e1d0a478e8 100644 --- a/contrib/bearssl/src/inner.h +++ b/contrib/bearssl/src/inner.h @@ -309,9 +309,20 @@ * values are documented on: * https://sourceforge.net/p/predef/wiki/OperatingSystems/ * - * TODO: enrich the list of detected system. Also add detection for - * alternate system calls like getentropy(), which are usually - * preferable when available. + * Win32's CryptGenRandom() should be available on Windows systems. + * + * /dev/urandom should work on all Unix-like systems (including macOS X). + * + * getentropy() is present on Linux (Glibc 2.25+), FreeBSD (12.0+) and + * OpenBSD (5.6+). For OpenBSD, there does not seem to be easy to use + * macros to test the minimum version, so we just assume that it is + * recent enough (last version without getentropy() has gone out of + * support in May 2015). + * + * Ideally we should use getentropy() on macOS (10.12+) too, but I don't + * know how to test the exact OS version with preprocessor macros. + * + * TODO: enrich the list of detected system. */ #ifndef BR_USE_URANDOM @@ -328,6 +339,15 @@ #endif #endif +#ifndef BR_USE_GETENTROPY +#if (defined __linux__ \ + && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25))) \ + || (defined __FreeBSD__ && __FreeBSD__ >= 12) \ + || defined __OpenBSD__ +#define BR_USE_GETENTROPY 1 +#endif +#endif + #ifndef BR_USE_WIN32_RAND #if defined _WIN32 || defined _WIN64 #define BR_USE_WIN32_RAND 1 diff --git a/contrib/bearssl/src/rand/sysrng.c b/contrib/bearssl/src/rand/sysrng.c index 5ddbcbea4fb9..5a921145db73 100644 --- a/contrib/bearssl/src/rand/sysrng.c +++ b/contrib/bearssl/src/rand/sysrng.c @@ -25,6 +25,10 @@ #define BR_ENABLE_INTRINSICS 1 #include "inner.h" +#if BR_USE_GETENTROPY +#include <unistd.h> +#endif + #if BR_USE_URANDOM #include <sys/types.h> #include <unistd.h> @@ -38,6 +42,9 @@ #pragma comment(lib, "advapi32") #endif +/* + * Seeder that uses the RDRAND opcodes (on x86 CPU). + */ #if BR_RDRAND BR_TARGETS_X86_UP BR_TARGET("rdrnd") @@ -57,9 +64,24 @@ seeder_rdrand(const br_prng_class **ctx) * * Intel recommends trying at least 10 times in case of * failure. + * + * AMD bug: there are reports that some AMD processors + * have a bug that makes them fail silently after a + * suspend/resume cycle, in which case RDRAND will report + * a success but always return 0xFFFFFFFF. + * see: https://bugzilla.kernel.org/show_bug.cgi?id=85911 + * + * As a mitigation, if the 32-bit value is 0 or -1, then + * it is considered a failure and tried again. This should + * reliably detect the buggy case, at least. This also + * implies that the selected seed values can never be + * 0x00000000 or 0xFFFFFFFF, which is not a problem since + * we are generating a seed for a PRNG, and we overdo it + * a bit (we generate 32 bytes of randomness, and 256 bits + * of entropy are really overkill). */ for (j = 0; j < 10; j ++) { - if (_rdrand32_step(&x)) { + if (_rdrand32_step(&x) && x != 0 && x != (uint32_t)-1) { goto next_word; } } @@ -80,9 +102,11 @@ rdrand_supported(void) */ return br_cpuid(0, 0, 0x40000000, 0); } - #endif +/* + * Seeder that uses /dev/urandom (on Unix-like systems). + */ #if BR_USE_URANDOM static int seeder_urandom(const br_prng_class **ctx) @@ -116,6 +140,32 @@ seeder_urandom(const br_prng_class **ctx) } #endif +/* + * Seeder that uses getentropy() (backed by getrandom() on some systems, + * e.g. Linux). On failure, it will use the /dev/urandom seeder (if + * enabled). + */ +#if BR_USE_GETENTROPY +static int +seeder_getentropy(const br_prng_class **ctx) +{ + unsigned char tmp[32]; + + if (getentropy(tmp, sizeof tmp) == 0) { + (*ctx)->update(ctx, tmp, sizeof tmp); + return 1; + } +#if BR_USE_URANDOM + return seeder_urandom(ctx); +#else + return 0; +#endif +} +#endif + +/* + * Seeder that uses CryptGenRandom() (on Windows). + */ #if BR_USE_WIN32_RAND static int seeder_win32(const br_prng_class **ctx) @@ -139,6 +189,29 @@ seeder_win32(const br_prng_class **ctx) } #endif +/* + * An aggregate seeder that uses RDRAND, and falls back to an OS-provided + * source if RDRAND fails. + */ +#if BR_RDRAND && (BR_USE_GETENTROPY || BR_USE_URANDOM || BR_USE_WIN32_RAND) +static int +seeder_rdrand_with_fallback(const br_prng_class **ctx) +{ + if (!seeder_rdrand(ctx)) { +#if BR_USE_GETENTROPY + return seeder_getentropy(ctx); +#elif BR_USE_URANDOM + return seeder_urandom(ctx); +#elif BR_USE_WIN32_RAND + return seeder_win32(ctx); +#else +#error "macro selection has gone wrong" +#endif + } + return 1; +} +#endif + /* see bearssl_rand.h */ br_prng_seeder br_prng_seeder_system(const char **name) @@ -148,10 +221,19 @@ br_prng_seeder_system(const char **name) if (name != NULL) { *name = "rdrand"; } +#if BR_USE_GETENTROPY || BR_USE_URANDOM || BR_USE_WIN32_RAND + return &seeder_rdrand_with_fallback; +#else return &seeder_rdrand; +#endif } #endif -#if BR_USE_URANDOM +#if BR_USE_GETENTROPY + if (name != NULL) { + *name = "getentropy"; + } + return &seeder_getentropy; +#elif BR_USE_URANDOM if (name != NULL) { *name = "urandom"; } diff --git a/contrib/bearssl/src/rsa/rsa_i15_keygen.c b/contrib/bearssl/src/rsa/rsa_i15_keygen.c index 1c011fe0dcdf..e8da41984a08 100644 --- a/contrib/bearssl/src/rsa/rsa_i15_keygen.c +++ b/contrib/bearssl/src/rsa/rsa_i15_keygen.c @@ -318,9 +318,9 @@ mkprime(const br_prng_class **rng, uint16_t *x, uint32_t esize, continue; } if ((pubexp == 3 && m3 == 1) - || (pubexp == 5 && m5 == 5) - || (pubexp == 7 && m5 == 7) - || (pubexp == 11 && m5 == 11)) + || (pubexp == 5 && m5 == 1) + || (pubexp == 7 && m7 == 1) + || (pubexp == 11 && m11 == 1)) { continue; } diff --git a/contrib/bearssl/src/rsa/rsa_i15_modulus.c b/contrib/bearssl/src/rsa/rsa_i15_modulus.c index d61c7949c6fc..16458c3e5123 100644 --- a/contrib/bearssl/src/rsa/rsa_i15_modulus.c +++ b/contrib/bearssl/src/rsa/rsa_i15_modulus.c @@ -28,7 +28,7 @@ size_t br_rsa_i15_compute_modulus(void *n, const br_rsa_private_key *sk) { - uint16_t tmp[2 * ((BR_MAX_RSA_SIZE + 14) / 15) + 5]; + uint16_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 14) / 15) + 5]; uint16_t *t, *p, *q; const unsigned char *pbuf, *qbuf; size_t nlen, plen, qlen, tlen; diff --git a/contrib/bearssl/src/rsa/rsa_i31_keygen_inner.c b/contrib/bearssl/src/rsa/rsa_i31_keygen_inner.c index 9ec881b5f945..98df445871f5 100644 --- a/contrib/bearssl/src/rsa/rsa_i31_keygen_inner.c +++ b/contrib/bearssl/src/rsa/rsa_i31_keygen_inner.c @@ -340,9 +340,9 @@ mkprime(const br_prng_class **rng, uint32_t *x, uint32_t esize, continue; } if ((pubexp == 3 && m3 == 1) - || (pubexp == 5 && m5 == 5) - || (pubexp == 7 && m5 == 7) - || (pubexp == 11 && m5 == 11)) + || (pubexp == 5 && m5 == 1) + || (pubexp == 7 && m7 == 1) + || (pubexp == 11 && m11 == 1)) { continue; } diff --git a/contrib/bearssl/src/rsa/rsa_i31_modulus.c b/contrib/bearssl/src/rsa/rsa_i31_modulus.c index c469cf3c9cf7..f5f997f592cf 100644 --- a/contrib/bearssl/src/rsa/rsa_i31_modulus.c +++ b/contrib/bearssl/src/rsa/rsa_i31_modulus.c @@ -28,7 +28,7 @@ size_t br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk) { - uint32_t tmp[2 * ((BR_MAX_RSA_SIZE + 30) / 31) + 5]; + uint32_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 30) / 31) + 5]; uint32_t *t, *p, *q; const unsigned char *pbuf, *qbuf; size_t nlen, plen, qlen, tlen; diff --git a/contrib/bearssl/src/ssl/ssl_engine.c b/contrib/bearssl/src/ssl/ssl_engine.c index f4ffe1854724..f59fe1a0f1e5 100644 --- a/contrib/bearssl/src/ssl/ssl_engine.c +++ b/contrib/bearssl/src/ssl/ssl_engine.c @@ -1232,6 +1232,21 @@ void br_ssl_engine_close(br_ssl_engine_context *cc) { if (!br_ssl_engine_closed(cc)) { + /* + * If we are not already closed, then we need to + * initiate the closure. Once closing, any incoming + * application data is discarded; we should also discard + * application data which is already there but has not + * been acknowledged by the application yet (this mimics + * usual semantics on BSD sockets: you cannot read() + * once you called close(), even if there was some + * unread data already buffered). + */ + size_t len; + + if (br_ssl_engine_recvapp_buf(cc, &len) != NULL && len != 0) { + br_ssl_engine_recvapp_ack(cc, len); + } jump_handshake(cc, 1); } } diff --git a/contrib/bearssl/src/ssl/ssl_rec_cbc.c b/contrib/bearssl/src/ssl/ssl_rec_cbc.c index c0806049e3cd..c38cbfdfb1cc 100644 --- a/contrib/bearssl/src/ssl/ssl_rec_cbc.c +++ b/contrib/bearssl/src/ssl/ssl_rec_cbc.c @@ -136,7 +136,7 @@ cbc_decrypt(br_sslrec_in_cbc_context *cc, /* * Use the last decrypted byte to compute the actual payload - * length. Take care not to underflow (we use unsigned types). + * length. Take care not to overflow (we use unsigned types). */ pad_len = buf[max_len]; good = LE(pad_len, (uint32_t)(max_len - min_len)); diff --git a/contrib/bearssl/src/x509/asn1.t0 b/contrib/bearssl/src/x509/asn1.t0 index ba59252632e9..c329514ad96f 100644 --- a/contrib/bearssl/src/x509/asn1.t0 +++ b/contrib/bearssl/src/x509/asn1.t0 @@ -480,7 +480,7 @@ OID: id-at-commonName 2.5.4.3 \ 66 noncharacters, and also the surrogate range; this function does NOT \ check that the value is in the 0..10FFFF range. : valid-unicode? ( val -- bool ) - dup 0xFDD0 0xFEDF between? if drop 0 ret then + dup 0xFDD0 0xFDEF between? if drop 0 ret then dup 0xD800 0xDFFF between? if drop 0 ret then 0xFFFF and 0xFFFE < ; diff --git a/contrib/bearssl/src/x509/skey_decoder.c b/contrib/bearssl/src/x509/skey_decoder.c index f4e43e7bfc40..9e285d74e42d 100644 --- a/contrib/bearssl/src/x509/skey_decoder.c +++ b/contrib/bearssl/src/x509/skey_decoder.c @@ -155,7 +155,7 @@ static const unsigned char t0_codeblock[] = { 0x02, 0x06, 0x1E, 0x00, 0x00, 0x19, 0x19, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x20, 0x14, 0x06, 0x08, 0x01, 0x01, 0x21, 0x20, 0x22, 0x20, 0x04, 0x75, 0x13, 0x00, 0x00, 0x01, - T0_INT2(3 * BR_X509_BUFSIZE_KEY), 0x00, 0x01, 0x01, 0x87, 0xFF, 0xFF, + T0_INT2(3 * BR_X509_BUFSIZE_SIG), 0x00, 0x01, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x54, 0x57, 0x01, 0x02, 0x3E, 0x55, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x30, 0x16, 0x57, 0x01, 0x02, 0x19, 0x0D, 0x06, 0x06, 0x13, 0x3B, 0x44, 0x32, 0x04, 0x1C, 0x01, 0x04, 0x19, 0x0D, 0x06, 0x08, 0x13, 0x3B, 0x01, diff --git a/contrib/bearssl/src/x509/skey_decoder.t0 b/contrib/bearssl/src/x509/skey_decoder.t0 index 5b5942111816..f00e614e2b35 100644 --- a/contrib/bearssl/src/x509/skey_decoder.t0 +++ b/contrib/bearssl/src/x509/skey_decoder.t0 @@ -80,7 +80,7 @@ cc: read-blob-inner ( addr len -- addr len ) { \ Get the length of the key_data buffer. : len-key_data - CX 0 8191 { 3 * BR_X509_BUFSIZE_KEY } ; + CX 0 8191 { 3 * BR_X509_BUFSIZE_SIG } ; \ Get the address and length for the key_data buffer. : addr-len-key_data ( -- addr len ) diff --git a/contrib/bearssl/src/x509/x509_minimal.c b/contrib/bearssl/src/x509/x509_minimal.c index 3b876ef81980..04f149b98b3d 100644 --- a/contrib/bearssl/src/x509/x509_minimal.c +++ b/contrib/bearssl/src/x509/x509_minimal.c @@ -157,7 +157,7 @@ void br_x509_minimal_run(void *t0ctx); * -- Extensions: extension values are processed in due order. * * -- Basic Constraints: for all certificates except EE, must be - * present, indicate a CA, and have a path legnth compatible with + * present, indicate a CA, and have a path length compatible with * the chain length so far. * * -- Key Usage: for the EE, if present, must allow signatures @@ -448,7 +448,7 @@ static const unsigned char t0_datablock[] = { static const unsigned char t0_codeblock[] = { 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A, - 0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01, @@ -486,227 +486,224 @@ static const unsigned char t0_codeblock[] = { T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01, - T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0xC9, 0x71, - 0x00, 0x00, 0x01, 0x80, 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00, - 0x01, 0x81, 0x02, 0x00, 0x00, 0x92, 0x05, 0x05, 0x34, 0x42, 0x01, 0x00, - 0x00, 0x34, 0x01, 0x0A, 0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A, - 0x00, 0x00, 0x01, 0x82, 0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00, - 0x01, 0x81, 0x68, 0x00, 0x04, 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0x03, - 0x03, 0x02, 0x03, 0x02, 0x01, 0x11, 0x06, 0x07, 0x02, 0x02, 0x02, 0x00, - 0x0D, 0x04, 0x05, 0x02, 0x03, 0x02, 0x01, 0x0D, 0x00, 0x02, 0x03, 0x00, - 0x03, 0x01, 0x25, 0x02, 0x01, 0x13, 0x3B, 0x02, 0x00, 0x0F, 0x15, 0x00, - 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x52, 0x28, 0x00, 0x00, - 0x06, 0x02, 0x53, 0x28, 0x00, 0x00, 0x01, 0x10, 0x77, 0x00, 0x00, 0x11, - 0x05, 0x02, 0x56, 0x28, 0x74, 0x00, 0x00, 0x11, 0x05, 0x02, 0x56, 0x28, - 0x75, 0x00, 0x00, 0x06, 0x02, 0x4C, 0x28, 0x00, 0x00, 0x01, 0x82, 0x11, - 0x00, 0x00, 0x25, 0x20, 0x01, 0x08, 0x0E, 0x3B, 0x40, 0x20, 0x09, 0x00, - 0x09, 0x03, 0x00, 0x5B, 0x2B, 0xAF, 0x39, 0xAF, 0xB3, 0x25, 0x01, 0x20, - 0x11, 0x06, 0x11, 0x24, 0x74, 0xAD, 0xB3, 0x01, 0x02, 0x78, 0xB0, 0x01, - 0x02, 0x12, 0x06, 0x02, 0x57, 0x28, 0x79, 0xB3, 0x01, 0x02, 0x78, 0xAE, - 0xAF, 0xC2, 0x9C, 0x65, 0x61, 0x21, 0x16, 0xAF, 0xA7, 0x29, 0x69, 0x06, - 0x02, 0x4B, 0x28, 0xA7, 0x29, 0x71, 0x06, 0x02, 0x4B, 0x28, 0x79, 0x02, - 0x00, 0x06, 0x05, 0x9D, 0x03, 0x01, 0x04, 0x09, 0x9C, 0x61, 0x68, 0x21, - 0x27, 0x05, 0x02, 0x4A, 0x28, 0x68, 0x65, 0x21, 0x16, 0xAF, 0xAF, 0x9E, - 0x05, 0x02, 0x57, 0x28, 0xBC, 0x26, 0x06, 0x27, 0xC2, 0xA4, 0xAF, 0x63, - 0xAA, 0x03, 0x03, 0x63, 0x3B, 0x02, 0x03, 0x09, 0x3B, 0x02, 0x03, 0x0A, - 0xAA, 0x03, 0x04, 0x79, 0x64, 0x2A, 0x01, 0x81, 0x00, 0x09, 0x02, 0x03, - 0x12, 0x06, 0x02, 0x58, 0x28, 0x79, 0x5A, 0x03, 0x02, 0x04, 0x3A, 0x88, - 0x26, 0x06, 0x34, 0x9E, 0x05, 0x02, 0x57, 0x28, 0x6A, 0x26, 0x06, 0x04, - 0x01, 0x17, 0x04, 0x12, 0x6B, 0x26, 0x06, 0x04, 0x01, 0x18, 0x04, 0x0A, - 0x6C, 0x26, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02, 0x57, 0x28, 0x03, 0x05, - 0x79, 0xA4, 0x25, 0x03, 0x06, 0x25, 0x63, 0x34, 0x0D, 0x06, 0x02, 0x50, - 0x28, 0xA5, 0x59, 0x03, 0x02, 0x04, 0x02, 0x57, 0x28, 0x79, 0x02, 0x00, - 0x06, 0x21, 0x02, 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, - 0x02, 0x04, 0x1D, 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, - 0x05, 0x02, 0x06, 0x1C, 0x04, 0x03, 0x57, 0x28, 0x24, 0x04, 0x24, 0x02, - 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, 0x02, 0x04, 0x23, - 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x05, 0x02, 0x06, - 0x22, 0x04, 0x03, 0x57, 0x28, 0x24, 0x25, 0x06, 0x01, 0x28, 0x24, 0x01, - 0x00, 0x03, 0x07, 0xB4, 0x01, 0x21, 0x8F, 0x01, 0x22, 0x8F, 0x25, 0x01, - 0x23, 0x11, 0x06, 0x81, 0x26, 0x24, 0x74, 0xAD, 0xAF, 0x25, 0x06, 0x81, - 0x1A, 0x01, 0x00, 0x03, 0x08, 0xAF, 0x9E, 0x24, 0xB3, 0x25, 0x01, 0x01, - 0x11, 0x06, 0x04, 0xA6, 0x03, 0x08, 0xB3, 0x01, 0x04, 0x78, 0xAD, 0x70, - 0x26, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC3, 0x04, 0x05, 0x99, 0x01, - 0x7F, 0x03, 0x07, 0x04, 0x80, 0x6C, 0x91, 0x26, 0x06, 0x06, 0x02, 0x00, - 0x9B, 0x04, 0x80, 0x62, 0xC5, 0x26, 0x06, 0x11, 0x02, 0x00, 0x06, 0x09, - 0x01, 0x00, 0x03, 0x01, 0x98, 0x03, 0x01, 0x04, 0x01, 0xC3, 0x04, 0x80, - 0x4D, 0x73, 0x26, 0x06, 0x0A, 0x02, 0x08, 0x06, 0x03, 0x9A, 0x04, 0x01, - 0xC3, 0x04, 0x3F, 0x6F, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x38, 0xC8, 0x26, - 0x06, 0x03, 0xC3, 0x04, 0x31, 0x90, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x2A, - 0xC6, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x23, 0x7A, 0x26, 0x06, 0x03, 0xC3, - 0x04, 0x1C, 0x85, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x15, 0x6E, 0x26, 0x06, - 0x03, 0xC3, 0x04, 0x0E, 0xC7, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x07, 0x02, - 0x08, 0x06, 0x02, 0x49, 0x28, 0xC3, 0x79, 0x79, 0x04, 0xFE, 0x62, 0x79, - 0x79, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02, 0x56, 0x28, 0x24, 0x79, - 0x3A, 0x02, 0x00, 0x06, 0x08, 0x02, 0x01, 0x3C, 0x2F, 0x05, 0x02, 0x45, - 0x28, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00, 0x02, 0x07, 0x2F, 0x05, - 0x02, 0x51, 0x28, 0xB3, 0x76, 0xAD, 0x9E, 0x06, 0x80, 0x77, 0xBD, 0x26, - 0x06, 0x07, 0x01, 0x02, 0x5A, 0x8A, 0x04, 0x80, 0x5E, 0xBE, 0x26, 0x06, - 0x07, 0x01, 0x03, 0x5A, 0x8B, 0x04, 0x80, 0x53, 0xBF, 0x26, 0x06, 0x07, - 0x01, 0x04, 0x5A, 0x8C, 0x04, 0x80, 0x48, 0xC0, 0x26, 0x06, 0x06, 0x01, - 0x05, 0x5A, 0x8D, 0x04, 0x3E, 0xC1, 0x26, 0x06, 0x06, 0x01, 0x06, 0x5A, - 0x8E, 0x04, 0x34, 0x7F, 0x26, 0x06, 0x06, 0x01, 0x02, 0x59, 0x8A, 0x04, - 0x2A, 0x80, 0x26, 0x06, 0x06, 0x01, 0x03, 0x59, 0x8B, 0x04, 0x20, 0x81, - 0x26, 0x06, 0x06, 0x01, 0x04, 0x59, 0x8C, 0x04, 0x16, 0x82, 0x26, 0x06, - 0x06, 0x01, 0x05, 0x59, 0x8D, 0x04, 0x0C, 0x83, 0x26, 0x06, 0x06, 0x01, - 0x06, 0x59, 0x8E, 0x04, 0x02, 0x57, 0x28, 0x5E, 0x35, 0x60, 0x37, 0x1B, - 0x25, 0x05, 0x02, 0x57, 0x28, 0x5D, 0x37, 0x04, 0x02, 0x57, 0x28, 0xC2, - 0xA4, 0x25, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG), 0x12, 0x06, 0x02, 0x50, - 0x28, 0x25, 0x5F, 0x35, 0x5C, 0xA5, 0x79, 0x79, 0x01, 0x00, 0x5B, 0x36, - 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x25, 0x01, 0x00, 0x01, 0x09, 0x72, - 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x30, 0x30, 0x00, 0x00, 0x01, 0x81, - 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00, 0x01, 0x81, 0x19, 0x00, - 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81, 0x2B, 0x00, 0x01, 0x7E, - 0x01, 0x01, 0x11, 0x3B, 0x01, 0x83, 0xFD, 0x7F, 0x11, 0x15, 0x06, 0x03, - 0x3B, 0x24, 0x00, 0x3B, 0x25, 0x03, 0x00, 0x25, 0xCA, 0x05, 0x04, 0x42, - 0x01, 0x00, 0x00, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x96, 0x04, - 0x80, 0x49, 0x25, 0x01, 0x90, 0x00, 0x0D, 0x06, 0x0F, 0x01, 0x06, 0x14, - 0x01, 0x81, 0x40, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x00, 0x97, 0x04, 0x33, - 0x25, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14, 0x01, 0x0C, 0x14, 0x01, - 0x81, 0x60, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00, 0x01, - 0x00, 0x97, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01, 0x81, 0x70, 0x2F, 0x96, - 0x02, 0x00, 0x01, 0x0C, 0x97, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00, - 0x01, 0x00, 0x97, 0x00, 0x00, 0x01, 0x82, 0x15, 0x00, 0x00, 0x25, 0x01, - 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x81, - 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00, 0x01, 0x81, 0x78, 0x00, - 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43, 0x00, 0x00, 0x01, 0x80, - 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00, 0x01, 0x80, 0x61, 0x00, - 0x00, 0x30, 0x11, 0x06, 0x04, 0x42, 0xAD, 0xC2, 0xB4, 0x00, 0x00, 0x01, - 0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00, 0x00, 0x25, 0x01, 0x83, - 0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x30, 0x62, - 0x37, 0x01, 0x7F, 0x7C, 0x19, 0x01, 0x00, 0x7C, 0x19, 0x04, 0x7A, 0x00, - 0x01, 0x81, 0x38, 0x00, 0x01, 0x7E, 0x0D, 0x06, 0x02, 0x4F, 0x28, 0x25, - 0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30, 0x25, 0x3F, 0x3B, 0x01, - 0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x42, 0x01, 0x00, 0x00, 0x30, 0x67, - 0x09, 0x37, 0x40, 0x00, 0x00, 0x14, 0x01, 0x3F, 0x15, 0x01, 0x81, 0x00, - 0x2F, 0x96, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00, 0xAF, 0x25, 0x06, 0x80, - 0x59, 0xB3, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17, 0x24, 0x74, 0xAD, 0x9E, - 0x24, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB3, 0x01, 0x20, 0x77, 0xAD, 0xB2, - 0x02, 0x01, 0x1F, 0x79, 0x79, 0x04, 0x38, 0x01, 0x21, 0x30, 0x11, 0x06, - 0x08, 0x24, 0x75, 0xB6, 0x01, 0x01, 0x1E, 0x04, 0x2A, 0x01, 0x22, 0x30, - 0x11, 0x06, 0x11, 0x24, 0x75, 0xB6, 0x25, 0x06, 0x06, 0x2C, 0x02, 0x00, - 0x2F, 0x03, 0x00, 0x01, 0x02, 0x1E, 0x04, 0x13, 0x01, 0x26, 0x30, 0x11, - 0x06, 0x08, 0x24, 0x75, 0xB6, 0x01, 0x06, 0x1E, 0x04, 0x05, 0x42, 0xAE, - 0x01, 0x00, 0x24, 0x04, 0xFF, 0x23, 0x79, 0x02, 0x00, 0x00, 0x00, 0xAF, - 0xB4, 0x25, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA6, 0x05, 0x02, 0x51, 0x28, - 0xB4, 0x04, 0x02, 0x51, 0x28, 0x25, 0x01, 0x02, 0x11, 0x06, 0x0C, 0x24, - 0x75, 0xB0, 0x66, 0x2B, 0x41, 0x0D, 0x06, 0x02, 0x51, 0x28, 0xB4, 0x01, - 0x7F, 0x10, 0x06, 0x02, 0x56, 0x28, 0x24, 0x79, 0x00, 0x00, 0xAF, 0x25, - 0x06, 0x1A, 0xAF, 0x9E, 0x24, 0x25, 0x06, 0x11, 0xAF, 0x25, 0x06, 0x0C, - 0xAF, 0x9E, 0x24, 0x89, 0x26, 0x05, 0x02, 0x49, 0x28, 0xC2, 0x04, 0x71, - 0x79, 0x79, 0x04, 0x63, 0x79, 0x00, 0x02, 0x03, 0x00, 0xB3, 0x01, 0x03, - 0x78, 0xAD, 0xBA, 0x03, 0x01, 0x02, 0x01, 0x01, 0x07, 0x12, 0x06, 0x02, - 0x56, 0x28, 0x25, 0x01, 0x00, 0x30, 0x11, 0x06, 0x05, 0x24, 0x4D, 0x28, - 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A, 0x24, 0xBA, 0x02, 0x01, - 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x24, 0xBA, 0x01, 0x00, 0x24, 0x02, - 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38, 0x15, 0x06, 0x03, 0x01, - 0x10, 0x2F, 0x3B, 0x01, 0x81, 0x40, 0x15, 0x06, 0x03, 0x01, 0x20, 0x2F, - 0x62, 0x37, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05, 0x02, 0x4D, 0x28, 0xC2, - 0x00, 0x00, 0x38, 0xAF, 0xC2, 0x1A, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, - 0x38, 0xAF, 0x25, 0x06, 0x30, 0xB3, 0x01, 0x11, 0x77, 0xAD, 0x25, 0x05, - 0x02, 0x44, 0x28, 0x25, 0x06, 0x20, 0xAF, 0x9E, 0x24, 0x87, 0x26, 0x03, - 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xB2, 0x25, 0x02, 0x01, 0x15, 0x06, - 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x02, 0x02, 0x1F, 0x79, - 0x04, 0x5D, 0x79, 0x04, 0x4D, 0x79, 0x1A, 0x02, 0x00, 0x00, 0x00, 0xB3, - 0x01, 0x06, 0x78, 0xB1, 0x00, 0x00, 0xB8, 0x86, 0x06, 0x0E, 0x3B, 0x25, - 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, 0xB8, 0x6D, 0x04, 0x08, - 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB9, 0x86, - 0x06, 0x0E, 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, - 0xB9, 0x6D, 0x04, 0x08, 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, - 0x00, 0x00, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x00, 0x04, - 0x80, 0x55, 0x25, 0x01, 0x81, 0x40, 0x0D, 0x06, 0x07, 0x24, 0x01, 0x00, - 0x00, 0x04, 0x80, 0x47, 0x25, 0x01, 0x81, 0x60, 0x0D, 0x06, 0x0E, 0x01, - 0x1F, 0x15, 0x01, 0x01, 0xA3, 0x01, 0x81, 0x00, 0x01, 0x8F, 0x7F, 0x04, - 0x32, 0x25, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F, 0x01, 0x0F, 0x15, 0x01, - 0x02, 0xA3, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x04, 0x1C, 0x25, - 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07, 0x15, 0x01, 0x03, 0xA3, - 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF, 0x7F, 0x04, 0x04, 0x24, - 0x01, 0x00, 0x00, 0x72, 0x05, 0x03, 0x24, 0x01, 0x00, 0x00, 0x00, 0x3B, - 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xBA, 0x34, 0x25, - 0x3D, 0x06, 0x03, 0x3B, 0x24, 0x00, 0x01, 0x06, 0x0E, 0x3B, 0x25, 0x01, - 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x42, 0x01, 0x7F, 0x00, 0x01, - 0x3F, 0x15, 0x09, 0x00, 0x00, 0x25, 0x06, 0x06, 0x0B, 0xA2, 0x34, 0x41, - 0x04, 0x77, 0x24, 0x25, 0x00, 0x00, 0xB3, 0x01, 0x03, 0x78, 0xAD, 0xBA, - 0x06, 0x02, 0x55, 0x28, 0x00, 0x00, 0x3B, 0x25, 0x06, 0x07, 0x31, 0x25, - 0x06, 0x01, 0x19, 0x04, 0x76, 0x42, 0x00, 0x00, 0x01, 0x01, 0x78, 0xAC, - 0x01, 0x01, 0x10, 0x06, 0x02, 0x43, 0x28, 0xBA, 0x3E, 0x00, 0x04, 0xB3, - 0x25, 0x01, 0x17, 0x01, 0x18, 0x72, 0x05, 0x02, 0x48, 0x28, 0x01, 0x18, - 0x11, 0x03, 0x00, 0x75, 0xAD, 0xA8, 0x02, 0x00, 0x06, 0x0C, 0x01, 0x80, - 0x64, 0x08, 0x03, 0x01, 0xA8, 0x02, 0x01, 0x09, 0x04, 0x0E, 0x25, 0x01, - 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09, 0x01, 0x8E, 0x6C, 0x09, - 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08, 0x02, 0x01, 0x01, 0x03, - 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01, 0x80, 0x63, 0x09, 0x01, - 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83, 0x0F, 0x09, 0x01, 0x83, - 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01, 0x0C, 0xA9, 0x41, 0x01, - 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3F, 0x02, 0x01, 0x01, 0x80, - 0x64, 0x07, 0x3E, 0x02, 0x01, 0x01, 0x83, 0x10, 0x07, 0x3F, 0x2F, 0x15, - 0x06, 0x03, 0x01, 0x18, 0x09, 0x94, 0x09, 0x7B, 0x25, 0x01, 0x05, 0x14, - 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15, 0x01, 0x01, 0x3B, 0xA9, - 0x02, 0x03, 0x09, 0x41, 0x03, 0x03, 0x01, 0x00, 0x01, 0x17, 0xA9, 0x01, - 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3B, 0xA9, 0x01, 0x3C, - 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3C, 0xA9, 0x02, - 0x02, 0x09, 0x03, 0x02, 0xBA, 0x25, 0x01, 0x2E, 0x11, 0x06, 0x0D, 0x24, - 0xBA, 0x25, 0x01, 0x30, 0x01, 0x39, 0x72, 0x06, 0x03, 0x24, 0x04, 0x74, - 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x48, 0x28, 0x79, 0x02, 0x03, 0x02, - 0x02, 0x00, 0x01, 0xBA, 0x7D, 0x01, 0x0A, 0x08, 0x03, 0x00, 0xBA, 0x7D, - 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0xA8, 0x25, 0x02, - 0x01, 0x02, 0x00, 0x72, 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x34, 0xB3, - 0x01, 0x02, 0x78, 0x0B, 0xAB, 0x00, 0x03, 0x25, 0x03, 0x00, 0x03, 0x01, - 0x03, 0x02, 0xAD, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06, 0x02, 0x54, - 0x28, 0x25, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x24, 0x25, 0x05, 0x04, 0x24, - 0x01, 0x00, 0x00, 0xBA, 0x04, 0x6F, 0x02, 0x01, 0x25, 0x05, 0x02, 0x50, - 0x28, 0x41, 0x03, 0x01, 0x02, 0x02, 0x37, 0x02, 0x02, 0x40, 0x03, 0x02, - 0x25, 0x06, 0x03, 0xBA, 0x04, 0x68, 0x24, 0x02, 0x00, 0x02, 0x01, 0x0A, - 0x00, 0x01, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x01, - 0x81, 0x00, 0x0A, 0x25, 0x05, 0x02, 0x4E, 0x28, 0x03, 0x00, 0x01, 0x00, - 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, 0x00, 0x41, 0x03, 0x00, - 0x25, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F, 0x28, 0x01, - 0x08, 0x0E, 0x3B, 0xBA, 0x34, 0x09, 0x04, 0x60, 0x00, 0x00, 0xAC, 0x95, - 0x00, 0x00, 0xAD, 0xC2, 0x00, 0x00, 0xB3, 0x76, 0xAD, 0x00, 0x01, 0xAD, - 0x25, 0x05, 0x02, 0x54, 0x28, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06, - 0x02, 0x54, 0x28, 0x03, 0x00, 0x25, 0x06, 0x16, 0xBA, 0x02, 0x00, 0x25, - 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, 0x54, 0x28, 0x01, 0x08, - 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x24, 0x02, 0x00, 0x00, 0x00, 0xAD, - 0x25, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xC2, 0x01, 0x00, 0x67, 0x37, - 0x01, 0x00, 0x00, 0x25, 0x67, 0x37, 0x67, 0x40, 0xA5, 0x01, 0x7F, 0x00, - 0x00, 0xB3, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB6, 0x04, - 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x33, - 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x28, 0x01, - 0x14, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x1D, 0x01, 0x16, - 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x12, 0x01, 0x1E, 0x30, - 0x11, 0x06, 0x05, 0x24, 0x75, 0xB5, 0x04, 0x07, 0x42, 0xAE, 0x01, 0x00, - 0x01, 0x00, 0x24, 0x00, 0x01, 0xBA, 0x03, 0x00, 0x02, 0x00, 0x01, 0x05, - 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01, 0x06, 0x14, 0x25, 0x01, - 0x01, 0x15, 0x06, 0x02, 0x46, 0x28, 0x01, 0x04, 0x0E, 0x02, 0x00, 0x01, - 0x1F, 0x15, 0x25, 0x01, 0x1F, 0x11, 0x06, 0x02, 0x47, 0x28, 0x09, 0x00, - 0x00, 0x25, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xB3, 0x00, 0x01, - 0xAD, 0x25, 0x05, 0x05, 0x67, 0x37, 0x01, 0x7F, 0x00, 0x01, 0x01, 0x03, - 0x00, 0x9F, 0x25, 0x01, 0x83, 0xFF, 0x7E, 0x11, 0x06, 0x16, 0x24, 0x25, - 0x06, 0x10, 0xA0, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, - 0x00, 0x84, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B, 0x25, 0x05, 0x05, 0x24, - 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x25, 0x06, 0x0B, - 0x9F, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x04, 0x6D, 0x24, - 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01, 0x7F, 0x00, - 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xA1, 0x25, 0x05, - 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x04, - 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01, - 0x7F, 0x00, 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xBA, - 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, - 0x00, 0x04, 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, - 0x37, 0x01, 0x7F, 0x00, 0x00, 0xBA, 0x01, 0x08, 0x0E, 0x3B, 0xBA, 0x34, - 0x09, 0x00, 0x00, 0xBA, 0x3B, 0xBA, 0x01, 0x08, 0x0E, 0x34, 0x09, 0x00, - 0x00, 0x25, 0x05, 0x02, 0x4F, 0x28, 0x41, 0xBB, 0x00, 0x00, 0x32, 0x25, - 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x24, 0x19, 0x04, 0x74, 0x00, 0x01, - 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x15, 0x00, 0x00, 0x01, - 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, 0x33, 0x00, 0x00, 0xC3, - 0x24, 0x00, 0x00, 0x25, 0x06, 0x07, 0xC4, 0x25, 0x06, 0x01, 0x19, 0x04, - 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, 0x42, 0x00, 0x00, 0x01, - 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00, 0x00, 0x01, 0x82, 0x22, - 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x01, 0x03, 0x33, 0x01, 0x03, - 0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFD, 0x5F, - 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x25, 0x01, 0x83, 0xB0, 0x00, - 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x01, - 0x83, 0xFF, 0x7F, 0x15, 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00 + T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0x01, 0x80, + 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00, 0x01, 0x81, 0x02, 0x00, + 0x00, 0x8F, 0x05, 0x05, 0x33, 0x41, 0x01, 0x00, 0x00, 0x33, 0x01, 0x0A, + 0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x82, + 0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00, 0x01, 0x81, 0x68, 0x00, + 0x02, 0x03, 0x00, 0x03, 0x01, 0x26, 0x02, 0x01, 0x13, 0x3A, 0x02, 0x00, + 0x0F, 0x15, 0x00, 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x51, + 0x29, 0x00, 0x00, 0x06, 0x02, 0x52, 0x29, 0x00, 0x00, 0x01, 0x10, 0x74, + 0x00, 0x00, 0x11, 0x05, 0x02, 0x55, 0x29, 0x71, 0x00, 0x00, 0x11, 0x05, + 0x02, 0x55, 0x29, 0x72, 0x00, 0x00, 0x06, 0x02, 0x4B, 0x29, 0x00, 0x00, + 0x01, 0x82, 0x11, 0x00, 0x00, 0x26, 0x21, 0x01, 0x08, 0x0E, 0x3A, 0x3F, + 0x21, 0x09, 0x00, 0x0B, 0x03, 0x00, 0x5A, 0x2B, 0xAC, 0x38, 0xAC, 0xB0, + 0x26, 0x01, 0x20, 0x11, 0x06, 0x11, 0x25, 0x71, 0xAA, 0xB0, 0x01, 0x02, + 0x75, 0xAD, 0x01, 0x02, 0x12, 0x06, 0x02, 0x56, 0x29, 0x76, 0xB0, 0x01, + 0x02, 0x75, 0xAB, 0xAC, 0xBF, 0x99, 0x64, 0x60, 0x22, 0x16, 0xAC, 0xA4, + 0x03, 0x01, 0x03, 0x02, 0xA4, 0x02, 0x02, 0x02, 0x01, 0x19, 0x06, 0x02, + 0x4A, 0x29, 0x76, 0x02, 0x00, 0x06, 0x05, 0x9A, 0x03, 0x03, 0x04, 0x09, + 0x99, 0x60, 0x67, 0x22, 0x28, 0x05, 0x02, 0x49, 0x29, 0x67, 0x64, 0x22, + 0x16, 0xAC, 0xAC, 0x9B, 0x05, 0x02, 0x56, 0x29, 0xB9, 0x27, 0x06, 0x27, + 0xBF, 0xA1, 0xAC, 0x62, 0xA7, 0x03, 0x05, 0x62, 0x3A, 0x02, 0x05, 0x09, + 0x3A, 0x02, 0x05, 0x0A, 0xA7, 0x03, 0x06, 0x76, 0x63, 0x2A, 0x01, 0x81, + 0x00, 0x09, 0x02, 0x05, 0x12, 0x06, 0x02, 0x57, 0x29, 0x76, 0x59, 0x03, + 0x04, 0x04, 0x3A, 0x85, 0x27, 0x06, 0x34, 0x9B, 0x05, 0x02, 0x56, 0x29, + 0x68, 0x27, 0x06, 0x04, 0x01, 0x17, 0x04, 0x12, 0x69, 0x27, 0x06, 0x04, + 0x01, 0x18, 0x04, 0x0A, 0x6A, 0x27, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02, + 0x56, 0x29, 0x03, 0x07, 0x76, 0xA1, 0x26, 0x03, 0x08, 0x26, 0x62, 0x33, + 0x0D, 0x06, 0x02, 0x4F, 0x29, 0xA2, 0x58, 0x03, 0x04, 0x04, 0x02, 0x56, + 0x29, 0x76, 0x02, 0x00, 0x06, 0x21, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06, + 0x08, 0x25, 0x02, 0x05, 0x02, 0x06, 0x1E, 0x04, 0x10, 0x58, 0x30, 0x11, + 0x06, 0x08, 0x25, 0x02, 0x07, 0x02, 0x08, 0x1D, 0x04, 0x03, 0x56, 0x29, + 0x25, 0x04, 0x24, 0x02, 0x04, 0x59, 0x30, 0x11, 0x06, 0x08, 0x25, 0x02, + 0x05, 0x02, 0x06, 0x24, 0x04, 0x10, 0x58, 0x30, 0x11, 0x06, 0x08, 0x25, + 0x02, 0x07, 0x02, 0x08, 0x23, 0x04, 0x03, 0x56, 0x29, 0x25, 0x26, 0x06, + 0x01, 0x29, 0x25, 0x01, 0x00, 0x03, 0x09, 0xB1, 0x01, 0x21, 0x8C, 0x01, + 0x22, 0x8C, 0x26, 0x01, 0x23, 0x11, 0x06, 0x81, 0x26, 0x25, 0x71, 0xAA, + 0xAC, 0x26, 0x06, 0x81, 0x1A, 0x01, 0x00, 0x03, 0x0A, 0xAC, 0x9B, 0x25, + 0xB0, 0x26, 0x01, 0x01, 0x11, 0x06, 0x04, 0xA3, 0x03, 0x0A, 0xB0, 0x01, + 0x04, 0x75, 0xAA, 0x6E, 0x27, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC0, + 0x04, 0x05, 0x96, 0x01, 0x7F, 0x03, 0x09, 0x04, 0x80, 0x6C, 0x8E, 0x27, + 0x06, 0x06, 0x02, 0x00, 0x98, 0x04, 0x80, 0x62, 0xC2, 0x27, 0x06, 0x11, + 0x02, 0x00, 0x06, 0x09, 0x01, 0x00, 0x03, 0x03, 0x95, 0x03, 0x03, 0x04, + 0x01, 0xC0, 0x04, 0x80, 0x4D, 0x70, 0x27, 0x06, 0x0A, 0x02, 0x0A, 0x06, + 0x03, 0x97, 0x04, 0x01, 0xC0, 0x04, 0x3F, 0x6D, 0x27, 0x06, 0x03, 0xC0, + 0x04, 0x38, 0xC5, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x31, 0x8D, 0x27, 0x06, + 0x03, 0xC0, 0x04, 0x2A, 0xC3, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x23, 0x77, + 0x27, 0x06, 0x03, 0xC0, 0x04, 0x1C, 0x82, 0x27, 0x06, 0x03, 0xC0, 0x04, + 0x15, 0x6C, 0x27, 0x06, 0x03, 0xC0, 0x04, 0x0E, 0xC4, 0x27, 0x06, 0x03, + 0xC0, 0x04, 0x07, 0x02, 0x0A, 0x06, 0x02, 0x48, 0x29, 0xC0, 0x76, 0x76, + 0x04, 0xFE, 0x62, 0x76, 0x76, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02, + 0x55, 0x29, 0x25, 0x76, 0x39, 0x02, 0x00, 0x06, 0x08, 0x02, 0x03, 0x3B, + 0x2F, 0x05, 0x02, 0x44, 0x29, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00, + 0x02, 0x09, 0x2F, 0x05, 0x02, 0x50, 0x29, 0xB0, 0x73, 0xAA, 0x9B, 0x06, + 0x80, 0x77, 0xBA, 0x27, 0x06, 0x07, 0x01, 0x02, 0x59, 0x87, 0x04, 0x80, + 0x5E, 0xBB, 0x27, 0x06, 0x07, 0x01, 0x03, 0x59, 0x88, 0x04, 0x80, 0x53, + 0xBC, 0x27, 0x06, 0x07, 0x01, 0x04, 0x59, 0x89, 0x04, 0x80, 0x48, 0xBD, + 0x27, 0x06, 0x06, 0x01, 0x05, 0x59, 0x8A, 0x04, 0x3E, 0xBE, 0x27, 0x06, + 0x06, 0x01, 0x06, 0x59, 0x8B, 0x04, 0x34, 0x7C, 0x27, 0x06, 0x06, 0x01, + 0x02, 0x58, 0x87, 0x04, 0x2A, 0x7D, 0x27, 0x06, 0x06, 0x01, 0x03, 0x58, + 0x88, 0x04, 0x20, 0x7E, 0x27, 0x06, 0x06, 0x01, 0x04, 0x58, 0x89, 0x04, + 0x16, 0x7F, 0x27, 0x06, 0x06, 0x01, 0x05, 0x58, 0x8A, 0x04, 0x0C, 0x80, + 0x27, 0x06, 0x06, 0x01, 0x06, 0x58, 0x8B, 0x04, 0x02, 0x56, 0x29, 0x5D, + 0x34, 0x5F, 0x36, 0x1C, 0x26, 0x05, 0x02, 0x56, 0x29, 0x5C, 0x36, 0x04, + 0x02, 0x56, 0x29, 0xBF, 0xA1, 0x26, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG), + 0x12, 0x06, 0x02, 0x4F, 0x29, 0x26, 0x5E, 0x34, 0x5B, 0xA2, 0x76, 0x76, + 0x01, 0x00, 0x5A, 0x35, 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x26, 0x01, + 0x00, 0x01, 0x09, 0x6F, 0x05, 0x02, 0x47, 0x29, 0x00, 0x00, 0x30, 0x30, + 0x00, 0x00, 0x01, 0x81, 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00, + 0x01, 0x81, 0x19, 0x00, 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81, + 0x2B, 0x00, 0x01, 0x7B, 0x01, 0x01, 0x11, 0x3A, 0x01, 0x83, 0xFD, 0x7F, + 0x11, 0x15, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x3A, 0x26, 0x03, 0x00, 0x26, + 0xC6, 0x05, 0x04, 0x41, 0x01, 0x00, 0x00, 0x26, 0x01, 0x81, 0x00, 0x0D, + 0x06, 0x04, 0x93, 0x04, 0x80, 0x49, 0x26, 0x01, 0x90, 0x00, 0x0D, 0x06, + 0x0F, 0x01, 0x06, 0x14, 0x01, 0x81, 0x40, 0x2F, 0x93, 0x02, 0x00, 0x01, + 0x00, 0x94, 0x04, 0x33, 0x26, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14, + 0x01, 0x0C, 0x14, 0x01, 0x81, 0x60, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x06, + 0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01, + 0x81, 0x70, 0x2F, 0x93, 0x02, 0x00, 0x01, 0x0C, 0x94, 0x02, 0x00, 0x01, + 0x06, 0x94, 0x02, 0x00, 0x01, 0x00, 0x94, 0x00, 0x00, 0x01, 0x82, 0x15, + 0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x6F, + 0x00, 0x00, 0x01, 0x81, 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00, + 0x01, 0x81, 0x78, 0x00, 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43, + 0x00, 0x00, 0x01, 0x80, 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00, + 0x01, 0x80, 0x61, 0x00, 0x00, 0x30, 0x11, 0x06, 0x04, 0x41, 0xAA, 0xBF, + 0xB1, 0x00, 0x00, 0x01, 0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00, + 0x00, 0x26, 0x01, 0x83, 0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x6F, 0x00, + 0x00, 0x01, 0x30, 0x61, 0x36, 0x01, 0x7F, 0x79, 0x1A, 0x01, 0x00, 0x79, + 0x1A, 0x04, 0x7A, 0x00, 0x01, 0x81, 0x38, 0x00, 0x01, 0x7B, 0x0D, 0x06, + 0x02, 0x4E, 0x29, 0x26, 0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30, + 0x26, 0x3E, 0x3A, 0x01, 0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x41, 0x01, + 0x00, 0x00, 0x30, 0x66, 0x09, 0x36, 0x3F, 0x00, 0x00, 0x14, 0x01, 0x3F, + 0x15, 0x01, 0x81, 0x00, 0x2F, 0x93, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00, + 0xAC, 0x26, 0x06, 0x80, 0x59, 0xB0, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17, + 0x25, 0x71, 0xAA, 0x9B, 0x25, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB0, 0x01, + 0x20, 0x74, 0xAA, 0xAF, 0x02, 0x01, 0x20, 0x76, 0x76, 0x04, 0x38, 0x01, + 0x21, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x01, 0x1F, 0x04, + 0x2A, 0x01, 0x22, 0x30, 0x11, 0x06, 0x11, 0x25, 0x72, 0xB3, 0x26, 0x06, + 0x06, 0x2C, 0x02, 0x00, 0x2F, 0x03, 0x00, 0x01, 0x02, 0x1F, 0x04, 0x13, + 0x01, 0x26, 0x30, 0x11, 0x06, 0x08, 0x25, 0x72, 0xB3, 0x01, 0x06, 0x1F, + 0x04, 0x05, 0x41, 0xAB, 0x01, 0x00, 0x25, 0x04, 0xFF, 0x23, 0x76, 0x02, + 0x00, 0x00, 0x00, 0xAC, 0xB1, 0x26, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA3, + 0x05, 0x02, 0x50, 0x29, 0xB1, 0x04, 0x02, 0x50, 0x29, 0x26, 0x01, 0x02, + 0x11, 0x06, 0x0C, 0x25, 0x72, 0xAD, 0x65, 0x2B, 0x40, 0x0D, 0x06, 0x02, + 0x50, 0x29, 0xB1, 0x01, 0x7F, 0x10, 0x06, 0x02, 0x55, 0x29, 0x25, 0x76, + 0x00, 0x00, 0xAC, 0x26, 0x06, 0x1A, 0xAC, 0x9B, 0x25, 0x26, 0x06, 0x11, + 0xAC, 0x26, 0x06, 0x0C, 0xAC, 0x9B, 0x25, 0x86, 0x27, 0x05, 0x02, 0x48, + 0x29, 0xBF, 0x04, 0x71, 0x76, 0x76, 0x04, 0x63, 0x76, 0x00, 0x02, 0x03, + 0x00, 0xB0, 0x01, 0x03, 0x75, 0xAA, 0xB7, 0x03, 0x01, 0x02, 0x01, 0x01, + 0x07, 0x12, 0x06, 0x02, 0x55, 0x29, 0x26, 0x01, 0x00, 0x30, 0x11, 0x06, + 0x05, 0x25, 0x4C, 0x29, 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A, + 0x25, 0xB7, 0x02, 0x01, 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x25, 0xB7, + 0x01, 0x00, 0x25, 0x02, 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38, + 0x15, 0x06, 0x03, 0x01, 0x10, 0x2F, 0x3A, 0x01, 0x81, 0x40, 0x15, 0x06, + 0x03, 0x01, 0x20, 0x2F, 0x61, 0x36, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05, + 0x02, 0x4C, 0x29, 0xBF, 0x00, 0x00, 0x37, 0xAC, 0xBF, 0x1B, 0x00, 0x03, + 0x01, 0x00, 0x03, 0x00, 0x37, 0xAC, 0x26, 0x06, 0x30, 0xB0, 0x01, 0x11, + 0x74, 0xAA, 0x26, 0x05, 0x02, 0x43, 0x29, 0x26, 0x06, 0x20, 0xAC, 0x9B, + 0x25, 0x84, 0x27, 0x03, 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xAF, 0x26, + 0x02, 0x01, 0x15, 0x06, 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, + 0x02, 0x02, 0x20, 0x76, 0x04, 0x5D, 0x76, 0x04, 0x4D, 0x76, 0x1B, 0x02, + 0x00, 0x00, 0x00, 0xB0, 0x01, 0x06, 0x75, 0xAE, 0x00, 0x00, 0xB5, 0x83, + 0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00, + 0xB5, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25, 0x01, 0x00, 0x04, 0x00, + 0x00, 0x00, 0xB6, 0x83, 0x06, 0x0E, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, + 0x00, 0x01, 0x00, 0x00, 0xB6, 0x6B, 0x04, 0x08, 0x8F, 0x06, 0x05, 0x25, + 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D, + 0x06, 0x04, 0x00, 0x04, 0x80, 0x55, 0x26, 0x01, 0x81, 0x40, 0x0D, 0x06, + 0x07, 0x25, 0x01, 0x00, 0x00, 0x04, 0x80, 0x47, 0x26, 0x01, 0x81, 0x60, + 0x0D, 0x06, 0x0E, 0x01, 0x1F, 0x15, 0x01, 0x01, 0xA0, 0x01, 0x81, 0x00, + 0x01, 0x8F, 0x7F, 0x04, 0x32, 0x26, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F, + 0x01, 0x0F, 0x15, 0x01, 0x02, 0xA0, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF, + 0x7F, 0x04, 0x1C, 0x26, 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07, + 0x15, 0x01, 0x03, 0xA0, 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF, + 0x7F, 0x04, 0x04, 0x25, 0x01, 0x00, 0x00, 0x6F, 0x05, 0x03, 0x25, 0x01, + 0x00, 0x00, 0x00, 0x3A, 0x26, 0x05, 0x06, 0x41, 0x01, 0x00, 0x01, 0x7F, + 0x00, 0xB7, 0x33, 0x26, 0x3C, 0x06, 0x03, 0x3A, 0x25, 0x00, 0x01, 0x06, + 0x0E, 0x3A, 0x26, 0x01, 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x41, + 0x01, 0x7F, 0x00, 0x01, 0x3F, 0x15, 0x09, 0x00, 0x00, 0x26, 0x06, 0x06, + 0x0B, 0x9F, 0x33, 0x40, 0x04, 0x77, 0x25, 0x26, 0x00, 0x00, 0xB0, 0x01, + 0x03, 0x75, 0xAA, 0xB7, 0x06, 0x02, 0x54, 0x29, 0x00, 0x00, 0x3A, 0x26, + 0x06, 0x07, 0x31, 0x26, 0x06, 0x01, 0x1A, 0x04, 0x76, 0x41, 0x00, 0x00, + 0x01, 0x01, 0x75, 0xA9, 0x01, 0x01, 0x10, 0x06, 0x02, 0x42, 0x29, 0xB7, + 0x3D, 0x00, 0x04, 0xB0, 0x26, 0x01, 0x17, 0x01, 0x18, 0x6F, 0x05, 0x02, + 0x47, 0x29, 0x01, 0x18, 0x11, 0x03, 0x00, 0x72, 0xAA, 0xA5, 0x02, 0x00, + 0x06, 0x0C, 0x01, 0x80, 0x64, 0x08, 0x03, 0x01, 0xA5, 0x02, 0x01, 0x09, + 0x04, 0x0E, 0x26, 0x01, 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09, + 0x01, 0x8E, 0x6C, 0x09, 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08, + 0x02, 0x01, 0x01, 0x03, 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01, + 0x80, 0x63, 0x09, 0x01, 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83, + 0x0F, 0x09, 0x01, 0x83, 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01, + 0x0C, 0xA6, 0x40, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3E, + 0x02, 0x01, 0x01, 0x80, 0x64, 0x07, 0x3D, 0x02, 0x01, 0x01, 0x83, 0x10, + 0x07, 0x3E, 0x2F, 0x15, 0x06, 0x03, 0x01, 0x18, 0x09, 0x91, 0x09, 0x78, + 0x26, 0x01, 0x05, 0x14, 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15, + 0x01, 0x01, 0x3A, 0xA6, 0x02, 0x03, 0x09, 0x40, 0x03, 0x03, 0x01, 0x00, + 0x01, 0x17, 0xA6, 0x01, 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, + 0x3B, 0xA6, 0x01, 0x3C, 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, + 0x01, 0x3C, 0xA6, 0x02, 0x02, 0x09, 0x03, 0x02, 0xB7, 0x26, 0x01, 0x2E, + 0x11, 0x06, 0x0D, 0x25, 0xB7, 0x26, 0x01, 0x30, 0x01, 0x39, 0x6F, 0x06, + 0x03, 0x25, 0x04, 0x74, 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x47, 0x29, + 0x76, 0x02, 0x03, 0x02, 0x02, 0x00, 0x01, 0xB7, 0x7A, 0x01, 0x0A, 0x08, + 0x03, 0x00, 0xB7, 0x7A, 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03, + 0x01, 0xA5, 0x26, 0x02, 0x01, 0x02, 0x00, 0x6F, 0x05, 0x02, 0x47, 0x29, + 0x00, 0x00, 0x33, 0xB0, 0x01, 0x02, 0x75, 0x0B, 0xA8, 0x00, 0x03, 0x26, + 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0xAA, 0xB7, 0x26, 0x01, 0x81, 0x00, + 0x13, 0x06, 0x02, 0x53, 0x29, 0x26, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x25, + 0x26, 0x05, 0x04, 0x25, 0x01, 0x00, 0x00, 0xB7, 0x04, 0x6F, 0x02, 0x01, + 0x26, 0x05, 0x02, 0x4F, 0x29, 0x40, 0x03, 0x01, 0x02, 0x02, 0x36, 0x02, + 0x02, 0x3F, 0x03, 0x02, 0x26, 0x06, 0x03, 0xB7, 0x04, 0x68, 0x25, 0x02, + 0x00, 0x02, 0x01, 0x0A, 0x00, 0x01, 0xB7, 0x26, 0x01, 0x81, 0x00, 0x0D, + 0x06, 0x01, 0x00, 0x01, 0x81, 0x00, 0x0A, 0x26, 0x05, 0x02, 0x4D, 0x29, + 0x03, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, + 0x00, 0x40, 0x03, 0x00, 0x26, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, + 0x02, 0x4E, 0x29, 0x01, 0x08, 0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x04, 0x60, + 0x00, 0x00, 0xA9, 0x92, 0x00, 0x00, 0xAA, 0xBF, 0x00, 0x00, 0xB0, 0x73, + 0xAA, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x02, 0x53, 0x29, 0xB7, 0x26, 0x01, + 0x81, 0x00, 0x13, 0x06, 0x02, 0x53, 0x29, 0x03, 0x00, 0x26, 0x06, 0x16, + 0xB7, 0x02, 0x00, 0x26, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, + 0x53, 0x29, 0x01, 0x08, 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x25, 0x02, + 0x00, 0x00, 0x00, 0xAA, 0x26, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xBF, + 0x01, 0x00, 0x66, 0x36, 0x01, 0x00, 0x00, 0x26, 0x66, 0x36, 0x66, 0x3F, + 0xA2, 0x01, 0x7F, 0x00, 0x00, 0xB0, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05, + 0x25, 0x72, 0xB3, 0x04, 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x25, + 0x72, 0xB4, 0x04, 0x33, 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, + 0xB4, 0x04, 0x28, 0x01, 0x14, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4, + 0x04, 0x1D, 0x01, 0x16, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB4, 0x04, + 0x12, 0x01, 0x1E, 0x30, 0x11, 0x06, 0x05, 0x25, 0x72, 0xB2, 0x04, 0x07, + 0x41, 0xAB, 0x01, 0x00, 0x01, 0x00, 0x25, 0x00, 0x01, 0xB7, 0x03, 0x00, + 0x02, 0x00, 0x01, 0x05, 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01, + 0x06, 0x14, 0x26, 0x01, 0x01, 0x15, 0x06, 0x02, 0x45, 0x29, 0x01, 0x04, + 0x0E, 0x02, 0x00, 0x01, 0x1F, 0x15, 0x26, 0x01, 0x1F, 0x11, 0x06, 0x02, + 0x46, 0x29, 0x09, 0x00, 0x00, 0x26, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, + 0x00, 0xB0, 0x00, 0x01, 0xAA, 0x26, 0x05, 0x05, 0x66, 0x36, 0x01, 0x7F, + 0x00, 0x01, 0x01, 0x03, 0x00, 0x9C, 0x26, 0x01, 0x83, 0xFF, 0x7E, 0x11, + 0x06, 0x16, 0x25, 0x26, 0x06, 0x10, 0x9D, 0x26, 0x05, 0x05, 0x25, 0xBF, + 0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B, + 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00, 0x81, 0x03, + 0x00, 0x26, 0x06, 0x0B, 0x9C, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, + 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00, 0x40, 0x66, + 0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00, 0x26, 0x06, + 0x10, 0x9E, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00, + 0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, 0x01, 0x00, + 0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00, + 0x26, 0x06, 0x10, 0xB7, 0x26, 0x05, 0x05, 0x25, 0xBF, 0x01, 0x00, 0x00, + 0x02, 0x00, 0x81, 0x03, 0x00, 0x04, 0x6D, 0x25, 0x02, 0x00, 0x26, 0x05, + 0x01, 0x00, 0x40, 0x66, 0x36, 0x01, 0x7F, 0x00, 0x00, 0xB7, 0x01, 0x08, + 0x0E, 0x3A, 0xB7, 0x33, 0x09, 0x00, 0x00, 0xB7, 0x3A, 0xB7, 0x01, 0x08, + 0x0E, 0x33, 0x09, 0x00, 0x00, 0x26, 0x05, 0x02, 0x4E, 0x29, 0x40, 0xB8, + 0x00, 0x00, 0x32, 0x26, 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x25, 0x1A, + 0x04, 0x74, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, + 0x15, 0x00, 0x00, 0x01, 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, + 0x33, 0x00, 0x00, 0xC0, 0x25, 0x00, 0x00, 0x26, 0x06, 0x07, 0xC1, 0x26, + 0x06, 0x01, 0x1A, 0x04, 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, + 0x41, 0x00, 0x00, 0x01, 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00, + 0x00, 0x01, 0x82, 0x22, 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x26, + 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFB, 0x6F, 0x6F, 0x06, 0x04, 0x25, + 0x01, 0x00, 0x00, 0x26, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xBF, 0x7F, + 0x6F, 0x06, 0x04, 0x25, 0x01, 0x00, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x15, + 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00 }; static const uint16_t t0_caddr[] = { @@ -755,106 +752,103 @@ static const uint16_t t0_caddr[] = { 188, 193, 198, - 202, - 207, - 212, - 217, - 238, - 243, - 248, - 253, - 282, - 297, + 203, + 208, + 213, + 234, + 239, + 244, + 249, + 264, + 269, + 275, + 281, + 286, + 294, 302, 308, - 314, - 319, - 327, - 335, - 341, - 346, - 357, - 992, - 1007, - 1011, - 1016, - 1021, - 1026, - 1031, - 1036, + 313, + 324, + 960, + 975, + 979, + 984, + 989, + 994, + 999, + 1004, + 1118, + 1123, + 1135, + 1140, + 1145, 1150, - 1155, - 1167, - 1172, - 1177, - 1182, - 1186, - 1191, - 1196, - 1201, + 1154, + 1159, + 1164, + 1169, + 1174, + 1184, + 1189, + 1194, 1206, - 1216, 1221, 1226, - 1238, - 1253, - 1258, - 1272, - 1294, - 1305, - 1408, - 1455, - 1488, - 1579, - 1585, - 1648, - 1655, - 1683, - 1711, - 1816, - 1858, - 1871, - 1883, - 1897, - 1912, - 2132, - 2146, - 2163, - 2172, - 2239, - 2295, - 2299, - 2303, - 2308, - 2356, - 2382, - 2458, - 2502, - 2513, - 2598, - 2636, - 2674, + 1240, + 1262, + 1273, + 1376, + 1423, + 1456, + 1547, + 1553, + 1616, + 1623, + 1651, + 1679, + 1784, + 1826, + 1839, + 1851, + 1865, + 1880, + 2100, + 2114, + 2131, + 2140, + 2207, + 2263, + 2267, + 2271, + 2276, + 2324, + 2350, + 2426, + 2470, + 2481, + 2566, + 2604, + 2642, + 2652, + 2662, + 2671, 2684, - 2694, - 2703, - 2716, - 2720, + 2688, + 2692, + 2696, + 2700, + 2704, + 2708, + 2712, 2724, - 2728, 2732, - 2736, - 2740, - 2744, - 2756, - 2764, - 2769, - 2774, - 2779, - 2784, - 2792 + 2737, + 2742, + 2747, + 2752 }; -#define T0_INTERPRETED 61 +#define T0_INTERPRETED 60 #define T0_ENTER(ip, rp, slot) do { \ const unsigned char *t0_newip; \ @@ -875,7 +869,7 @@ name(void *ctx) \ T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \ } -T0_DEFENTRY(br_x509_minimal_init_main, 147) +T0_DEFENTRY(br_x509_minimal_init_main, 144) #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++) @@ -1205,11 +1199,61 @@ br_x509_minimal_run(void *t0ctx) } break; case 25: { + /* check-validity-range */ + + uint32_t nbs = T0_POP(); + uint32_t nbd = T0_POP(); + uint32_t nas = T0_POP(); + uint32_t nad = T0_POP(); + int r; + if (CTX->itime != 0) { + r = CTX->itime(CTX->itime_ctx, nbd, nbs, nad, nas); + if (r < -1 || r > 1) { + CTX->err = BR_ERR_X509_TIME_UNKNOWN; + T0_CO(); + } + } else { + uint32_t vd = CTX->days; + uint32_t vs = CTX->seconds; + if (vd == 0 && vs == 0) { +#if BR_USE_UNIX_TIME + time_t x = time(NULL); + + vd = (uint32_t)(x / 86400) + 719528; + vs = (uint32_t)(x % 86400); +#elif BR_USE_WIN32_TIME + FILETIME ft; + uint64_t x; + + GetSystemTimeAsFileTime(&ft); + x = ((uint64_t)ft.dwHighDateTime << 32) + + (uint64_t)ft.dwLowDateTime; + x = (x / 10000000); + vd = (uint32_t)(x / 86400) + 584754; + vs = (uint32_t)(x % 86400); +#else + CTX->err = BR_ERR_X509_TIME_UNKNOWN; + T0_CO(); +#endif + } + if (vd < nbd || (vd == nbd && vs < nbs)) { + r = -1; + } else if (vd > nad || (vd == nad && vs > nas)) { + r = 1; + } else { + r = 0; + } + } + T0_PUSHi(r); + + } + break; + case 26: { /* co */ T0_CO(); } break; - case 26: { + case 27: { /* compute-dn-hash */ CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash); @@ -1217,7 +1261,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 27: { + case 28: { /* compute-tbs-hash */ int id = T0_POPi(); @@ -1227,7 +1271,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 28: { + case 29: { /* copy-ee-ec-pkey */ size_t qlen = T0_POP(); @@ -1240,7 +1284,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 29: { + case 30: { /* copy-ee-rsa-pkey */ size_t elen = T0_POP(); @@ -1254,7 +1298,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 30: { + case 31: { /* copy-name-SAN */ unsigned tag = T0_POP(); @@ -1280,7 +1324,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 31: { + case 32: { /* copy-name-element */ size_t len; @@ -1306,7 +1350,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 32: { + case 33: { /* data-get8 */ size_t addr = T0_POP(); @@ -1314,14 +1358,14 @@ br_x509_minimal_run(void *t0ctx) } break; - case 33: { + case 34: { /* dn-hash-length */ T0_PUSH(DNHASH_LEN); } break; - case 34: { + case 35: { /* do-ecdsa-vrfy */ size_t qlen = T0_POP(); @@ -1336,7 +1380,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 35: { + case 36: { /* do-rsa-vrfy */ size_t elen = T0_POP(); @@ -1352,17 +1396,17 @@ br_x509_minimal_run(void *t0ctx) } break; - case 36: { + case 37: { /* drop */ (void)T0_POP(); } break; - case 37: { + case 38: { /* dup */ T0_PUSH(T0_PEEK(0)); } break; - case 38: { + case 39: { /* eqOID */ const unsigned char *a2 = &t0_datablock[T0_POP()]; @@ -1378,7 +1422,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 39: { + case 40: { /* eqblob */ size_t len = T0_POP(); @@ -1388,7 +1432,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 40: { + case 41: { /* fail */ CTX->err = T0_POPi(); @@ -1396,36 +1440,6 @@ br_x509_minimal_run(void *t0ctx) } break; - case 41: { - /* get-system-date */ - - if (CTX->days == 0 && CTX->seconds == 0) { -#if BR_USE_UNIX_TIME - time_t x = time(NULL); - - T0_PUSH((uint32_t)(x / 86400) + 719528); - T0_PUSH((uint32_t)(x % 86400)); -#elif BR_USE_WIN32_TIME - FILETIME ft; - uint64_t x; - - GetSystemTimeAsFileTime(&ft); - x = ((uint64_t)ft.dwHighDateTime << 32) - + (uint64_t)ft.dwLowDateTime; - x = (x / 10000000); - T0_PUSH((uint32_t)(x / 86400) + 584754); - T0_PUSH((uint32_t)(x % 86400)); -#else - CTX->err = BR_ERR_X509_TIME_UNKNOWN; - T0_CO(); -#endif - } else { - T0_PUSH(CTX->days); - T0_PUSH(CTX->seconds); - } - - } - break; case 42: { /* get16 */ @@ -1579,16 +1593,11 @@ br_x509_minimal_run(void *t0ctx) } break; case 51: { - /* roll */ - T0_ROLL(T0_POP()); - } - break; - case 52: { /* rot */ T0_ROT(); } break; - case 53: { + case 52: { /* set16 */ uint32_t addr = T0_POP(); @@ -1596,7 +1605,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 54: { + case 53: { /* set32 */ uint32_t addr = T0_POP(); @@ -1604,7 +1613,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 55: { + case 54: { /* set8 */ uint32_t addr = T0_POP(); @@ -1612,7 +1621,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 56: { + case 55: { /* start-dn-hash */ CTX->dn_hash_impl->init(&CTX->dn_hash.vtable); @@ -1620,7 +1629,7 @@ br_x509_minimal_run(void *t0ctx) } break; - case 57: { + case 56: { /* start-tbs-hash */ br_multihash_init(&CTX->mhash); @@ -1628,19 +1637,19 @@ br_x509_minimal_run(void *t0ctx) } break; - case 58: { + case 57: { /* stop-tbs-hash */ CTX->do_mhash = 0; } break; - case 59: { + case 58: { /* swap */ T0_SWAP(); } break; - case 60: { + case 59: { /* zero-server-name */ T0_PUSHi(-(CTX->server_name == NULL)); diff --git a/contrib/bearssl/src/x509/x509_minimal.t0 b/contrib/bearssl/src/x509/x509_minimal.t0 index 1e60016dcd71..80a370108e68 100644 --- a/contrib/bearssl/src/x509/x509_minimal.t0 +++ b/contrib/bearssl/src/x509/x509_minimal.t0 @@ -106,7 +106,7 @@ preamble { * -- Extensions: extension values are processed in due order. * * -- Basic Constraints: for all certificates except EE, must be - * present, indicate a CA, and have a path legnth compatible with + * present, indicate a CA, and have a path length compatible with * the chain length so far. * * -- Key Usage: for the EE, if present, must allow signatures @@ -698,42 +698,60 @@ cc: copy-name-SAN ( bool tag -- ) { \ Return the CN match flag. eename-matches ; -\ Get the validation date and time from the context or system. -cc: get-system-date ( -- days seconds ) { - if (CTX->days == 0 && CTX->seconds == 0) { +\ Check the provided validity range against the current (or configured) +\ date and time ("na" = notAfter, "nb = notBefore). Returned value: +\ -1 current date/time is before the notBefore date +\ 0 current date/time is within the allowed range +\ +1 current date/time is after the notAfter range +\ If the current date/time is not available, then this function triggers a +\ failure and does not return. +cc: check-validity-range ( na-days na-seconds nb-days nb-seconds -- int ) { + uint32_t nbs = T0_POP(); + uint32_t nbd = T0_POP(); + uint32_t nas = T0_POP(); + uint32_t nad = T0_POP(); + int r; + if (CTX->itime != 0) { + r = CTX->itime(CTX->itime_ctx, nbd, nbs, nad, nas); + if (r < -1 || r > 1) { + CTX->err = BR_ERR_X509_TIME_UNKNOWN; + T0_CO(); + } + } else { + uint32_t vd = CTX->days; + uint32_t vs = CTX->seconds; + if (vd == 0 && vs == 0) { #if BR_USE_UNIX_TIME - time_t x = time(NULL); + time_t x = time(NULL); - T0_PUSH((uint32_t)(x / 86400) + 719528); - T0_PUSH((uint32_t)(x % 86400)); + vd = (uint32_t)(x / 86400) + 719528; + vs = (uint32_t)(x % 86400); #elif BR_USE_WIN32_TIME - FILETIME ft; - uint64_t x; - - GetSystemTimeAsFileTime(&ft); - x = ((uint64_t)ft.dwHighDateTime << 32) - + (uint64_t)ft.dwLowDateTime; - x = (x / 10000000); - T0_PUSH((uint32_t)(x / 86400) + 584754); - T0_PUSH((uint32_t)(x % 86400)); + FILETIME ft; + uint64_t x; + + GetSystemTimeAsFileTime(&ft); + x = ((uint64_t)ft.dwHighDateTime << 32) + + (uint64_t)ft.dwLowDateTime; + x = (x / 10000000); + vd = (uint32_t)(x / 86400) + 584754; + vs = (uint32_t)(x % 86400); #else - CTX->err = BR_ERR_X509_TIME_UNKNOWN; - T0_CO(); + CTX->err = BR_ERR_X509_TIME_UNKNOWN; + T0_CO(); #endif - } else { - T0_PUSH(CTX->days); - T0_PUSH(CTX->seconds); + } + if (vd < nbd || (vd == nbd && vs < nbs)) { + r = -1; + } else if (vd > nad || (vd == nad && vs > nas)) { + r = 1; + } else { + r = 0; + } } + T0_PUSHi(r); } -\ Compare two dates (days+seconds) together. -: before ( days1 seconds1 days2 seconds2 -- bool ) - { d1 s1 d2 s2 } - d1 d2 = if s1 s2 < else d1 d2 < then ; - -: after ( days1 seconds1 days2 seconds2 -- bool ) - swap2 before ; - \ Swap the top two elements with the two elements immediately below. : swap2 ( a b c d -- c d a b ) 3 roll 3 roll ; @@ -1189,8 +1207,8 @@ OID: subjectInfoAccess 1.3.6.1.5.5.7.1.11 \ Validity dates. read-sequence-open - read-date get-system-date after if ERR_X509_EXPIRED fail then - read-date get-system-date before if ERR_X509_EXPIRED fail then + read-date { nbd nbs } read-date nbd nbs check-validity-range + if ERR_X509_EXPIRED fail then close-elt \ Subject name. diff --git a/contrib/bearssl/test/test_crypto.c b/contrib/bearssl/test/test_crypto.c index ae1d170f7a0b..c6c534d64bab 100644 --- a/contrib/bearssl/test/test_crypto.c +++ b/contrib/bearssl/test/test_crypto.c @@ -6783,7 +6783,7 @@ test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm, uint32_t mod[256]; uint32_t cc; size_t u, v; - unsigned char sig[257], hv[32], hv2[sizeof hv]; + unsigned char sig[257], hv[32], hv2[32]; unsigned mask1, mask2; int j; @@ -8316,7 +8316,7 @@ test_EC_inner(const char *sk, const char *sU, static void test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ) { - unsigned char P[65], Q[sizeof P], k[1]; + unsigned char P[65], Q[65], k[1]; size_t plen, qlen; plen = hextobin(P, sP); diff --git a/contrib/bearssl/test/test_x509.c b/contrib/bearssl/test/test_x509.c index 2c61cf5dd245..c00706839bd3 100644 --- a/contrib/bearssl/test/test_x509.c +++ b/contrib/bearssl/test/test_x509.c @@ -1438,6 +1438,21 @@ eqpkey(const br_x509_pkey *pk1, const br_x509_pkey *pk2) static size_t max_dp_usage; static size_t max_rp_usage; +static int +check_time(void *ctx, uint32_t nbd, uint32_t nbs, uint32_t nad, uint32_t nas) +{ + test_case *tc; + + tc = ctx; + if (tc->days < nbd || (tc->days == nbd && tc->seconds < nbs)) { + return -1; + } + if (tc->days > nad || (tc->days == nad && tc->seconds > nas)) { + return 1; + } + return 0; +} + static void run_test_case(test_case *tc) { @@ -1452,6 +1467,7 @@ run_test_case(test_case *tc) const br_x509_pkey *ee_pkey; unsigned usages; unsigned status; + int j; printf("%s: ", tc->name); fflush(stdout); @@ -1520,110 +1536,130 @@ run_test_case(test_case *tc) } /* - * Initialise the engine. + * We do the test twice, to exercise distinct API functions. */ - br_x509_minimal_init(&ctx, dnhash, anchors, num_anchors); - for (u = 0; hash_impls[u].id; u ++) { - int id; + for (j = 0; j < 2; j ++) { + /* + * Initialise the engine. + */ + br_x509_minimal_init(&ctx, dnhash, anchors, num_anchors); + for (u = 0; hash_impls[u].id; u ++) { + int id; + + id = hash_impls[u].id; + if ((tc->hashes & ((unsigned)1 << id)) != 0) { + br_x509_minimal_set_hash(&ctx, + id, hash_impls[u].impl); + } + } + br_x509_minimal_set_rsa(&ctx, br_rsa_pkcs1_vrfy_get_default()); + br_x509_minimal_set_ecdsa(&ctx, + br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default()); - id = hash_impls[u].id; - if ((tc->hashes & ((unsigned)1 << id)) != 0) { - br_x509_minimal_set_hash(&ctx, id, hash_impls[u].impl); + /* + * Set the validation date. + */ + if (j == 0) { + br_x509_minimal_set_time(&ctx, tc->days, tc->seconds); + } else { + br_x509_minimal_set_time_callback(&ctx, + tc, &check_time); } - } - br_x509_minimal_set_rsa(&ctx, br_rsa_pkcs1_vrfy_get_default()); - br_x509_minimal_set_ecdsa(&ctx, - br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default()); - /* - * Set the validation date. - */ - br_x509_minimal_set_time(&ctx, tc->days, tc->seconds); + /* + * Put "canaries" to detect actual stack usage. + */ + for (u = 0; u < (sizeof ctx.dp_stack) / sizeof(uint32_t); + u ++) + { + ctx.dp_stack[u] = 0xA7C083FE; + } + for (u = 0; u < (sizeof ctx.rp_stack) / sizeof(uint32_t); + u ++) + { + ctx.rp_stack[u] = 0xA7C083FE; + } - /* - * Put "canaries" to detect actual stack usage. - */ - for (u = 0; u < (sizeof ctx.dp_stack) / sizeof(uint32_t); u ++) { - ctx.dp_stack[u] = 0xA7C083FE; - } - for (u = 0; u < (sizeof ctx.rp_stack) / sizeof(uint32_t); u ++) { - ctx.rp_stack[u] = 0xA7C083FE; - } + /* + * Run the engine. We inject certificates by chunks of 100 + * bytes in order to exercise the coroutine API. + */ + ctx.vtable->start_chain(&ctx.vtable, tc->servername); + for (u = 0; u < num_certs; u ++) { + size_t v; - /* - * Run the engine. We inject certificates by chunks of 100 bytes - * in order to exercise the coroutine API. - */ - ctx.vtable->start_chain(&ctx.vtable, tc->servername); - for (u = 0; u < num_certs; u ++) { - size_t v; + ctx.vtable->start_cert(&ctx.vtable, certs[u].len); + v = 0; + while (v < certs[u].len) { + size_t w; - ctx.vtable->start_cert(&ctx.vtable, certs[u].len); - v = 0; - while (v < certs[u].len) { - size_t w; + w = certs[u].len - v; + if (w > 100) { + w = 100; + } + ctx.vtable->append(&ctx.vtable, + certs[u].data + v, w); + v += w; + } + ctx.vtable->end_cert(&ctx.vtable); + } + status = ctx.vtable->end_chain(&ctx.vtable); + ee_pkey = ctx.vtable->get_pkey(&ctx.vtable, &usages); - w = certs[u].len - v; - if (w > 100) { - w = 100; + /* + * Check key type and usage. + */ + if (ee_pkey != NULL) { + unsigned ktu; + + ktu = ee_pkey->key_type | usages; + if (tc->key_type_usage != (ktu & tc->key_type_usage)) { + fprintf(stderr, "wrong key type + usage" + " (expected 0x%02X, got 0x%02X)\n", + tc->key_type_usage, ktu); + exit(EXIT_FAILURE); } - ctx.vtable->append(&ctx.vtable, certs[u].data + v, w); - v += w; } - ctx.vtable->end_cert(&ctx.vtable); - } - status = ctx.vtable->end_chain(&ctx.vtable); - ee_pkey = ctx.vtable->get_pkey(&ctx.vtable, &usages); - /* - * Check key type and usage. - */ - if (ee_pkey != NULL) { - unsigned ktu; - - ktu = ee_pkey->key_type | usages; - if (tc->key_type_usage != (ktu & tc->key_type_usage)) { - fprintf(stderr, "wrong key type + usage" - " (expected 0x%02X, got 0x%02X)\n", - tc->key_type_usage, ktu); + /* + * Check results. Note that we may still get a public key if + * the path is "not trusted" (but otherwise fine). + */ + if (status != tc->status) { + fprintf(stderr, "wrong status (got %d, expected %d)\n", + status, tc->status); + exit(EXIT_FAILURE); + } + if (status == BR_ERR_X509_NOT_TRUSTED) { + ee_pkey = NULL; + } + if (!eqpkey(ee_pkey, ee_pkey_ref)) { + fprintf(stderr, "wrong EE public key\n"); exit(EXIT_FAILURE); } - } - - /* - * Check results. Note that we may still get a public key if - * the path is "not trusted" (but otherwise fine). - */ - if (status != tc->status) { - fprintf(stderr, "wrong status (got %d, expected %d)\n", - status, tc->status); - exit(EXIT_FAILURE); - } - if (status == BR_ERR_X509_NOT_TRUSTED) { - ee_pkey = NULL; - } - if (!eqpkey(ee_pkey, ee_pkey_ref)) { - fprintf(stderr, "wrong EE public key\n"); - exit(EXIT_FAILURE); - } - /* - * Check stack usage. - */ - for (u = (sizeof ctx.dp_stack) / sizeof(uint32_t); u > 0; u --) { - if (ctx.dp_stack[u - 1] != 0xA7C083FE) { - if (max_dp_usage < u) { - max_dp_usage = u; + /* + * Check stack usage. + */ + for (u = (sizeof ctx.dp_stack) / sizeof(uint32_t); + u > 0; u --) + { + if (ctx.dp_stack[u - 1] != 0xA7C083FE) { + if (max_dp_usage < u) { + max_dp_usage = u; + } + break; } - break; } - } - for (u = (sizeof ctx.rp_stack) / sizeof(uint32_t); u > 0; u --) { - if (ctx.rp_stack[u - 1] != 0xA7C083FE) { - if (max_rp_usage < u) { - max_rp_usage = u; + for (u = (sizeof ctx.rp_stack) / sizeof(uint32_t); + u > 0; u --) + { + if (ctx.rp_stack[u - 1] != 0xA7C083FE) { + if (max_rp_usage < u) { + max_rp_usage = u; + } + break; } - break; } } diff --git a/contrib/bearssl/tools/sslio.c b/contrib/bearssl/tools/sslio.c index ef7dd3f6765a..be07c2c098ca 100644 --- a/contrib/bearssl/tools/sslio.c +++ b/contrib/bearssl/tools/sslio.c @@ -281,7 +281,7 @@ run_ssl_engine(br_ssl_engine_context *cc, unsigned long fd, unsigned flags) } if (cc->iaes_ctr != 0) { fprintf(stderr, " AES/CTR: %s\n", - get_algo_name(cc->iaes_cbcdec, 0)); + get_algo_name(cc->iaes_ctr, 0)); } if (cc->iaes_ctrcbc != 0) { fprintf(stderr, " AES/CCM: %s\n", |