From patchwork Wed Jul 21 04:00:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Axtens X-Patchwork-Id: 1507897 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=gswiguQv; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GV3lG5Qqsz9sWX for ; Wed, 21 Jul 2021 15:18:34 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4GV3lG4BTLz30D9 for ; Wed, 21 Jul 2021 15:18:34 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=gswiguQv; dkim-atps=neutral X-Original-To: skiboot-stable@lists.ozlabs.org Delivered-To: skiboot-stable@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=axtens.net (client-ip=2607:f8b0:4864:20::636; helo=mail-pl1-x636.google.com; envelope-from=dja@axtens.net; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=gswiguQv; dkim-atps=neutral Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4GV21Q296Hz2yht for ; Wed, 21 Jul 2021 14:00:42 +1000 (AEST) Received: by mail-pl1-x636.google.com with SMTP id h1so320329plf.6 for ; Tue, 20 Jul 2021 21:00:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D1D9VJflHsPb3awZQkaHJus2eMm1sS7/ujfkhbeP0wk=; b=gswiguQv3kQ2VUzilozkDqOjenmY9B9qzfdo2zwFtyiSe7lz/mhMR2QQvbLfJR+Ypf FeBpV9kfGw8m8TU4Ws/pX1ce2DOe0A/7DOD1fZsVJ/rRm7I40+3zfOqFK0b+JAW2RXaj uG8qV4NM/Wx4D0xOfhhLuUlH5tc1BKSOhfB0k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D1D9VJflHsPb3awZQkaHJus2eMm1sS7/ujfkhbeP0wk=; b=RUW/F9DLM8FyNMsl+Mk0S/OXP35Cmr1gEJ9QlUrc/FkP8yuTiA4p3EOdo8tJkdsMf/ E++3SzoSXywUelG/3DJUUxRughRe4SBpXAPyvqWt/R+jA9mXgcTw8l3ZxbwaJYreSep1 lv6+guvhbo36lXnkjAdrToPoMCQ41IB9OygZLmCy3KrCKjIKjhrU2XmVA32KEEpz650U kvMG7TYxNvVlFc3HgvD5+cfYGvqP9z1U8AsozbrT0DsgcTF1KFj28hnZUbRj3eWanki3 WmV6wA0veaEf9tSqM9ZOqc965w9sbH1wlYa9uB5QurQEtGU3NDjRAGUfAxeWWmE/gtAm VArg== X-Gm-Message-State: AOAM532dlDxLNejZA8DODeGuZeCeEfgESCLBYnt/e42idQo2xVIiQpg1 IXDzv9FW7JmARfOH2pu8s67Qqc3eVexaAA== X-Google-Smtp-Source: ABdhPJydk4dmT1rgmqhv27i/OOgCQeRia9aelqtH6ortRA1J9gFbRYQa31MxfBXAnndD/upkMoWhIQ== X-Received: by 2002:a17:902:8d8f:b029:12b:a6b4:c91b with SMTP id v15-20020a1709028d8fb029012ba6b4c91bmr1723801plo.28.1626840039631; Tue, 20 Jul 2021 21:00:39 -0700 (PDT) Received: from localhost ([203.206.29.204]) by smtp.gmail.com with ESMTPSA id z6sm4687832pgs.4.2021.07.20.21.00.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jul 2021 21:00:39 -0700 (PDT) From: Daniel Axtens To: skiboot-stable@lists.ozlabs.org Date: Wed, 21 Jul 2021 14:00:27 +1000 Message-Id: <20210721040030.29050-2-dja@axtens.net> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210721040030.29050-1-dja@axtens.net> References: <20210721040030.29050-1-dja@axtens.net> MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 21 Jul 2021 15:18:32 +1000 Subject: [Skiboot-stable] [PATCH 6.7.x 1/4] secvar/backend: Don't overread data in auth descriptor X-BeenThere: skiboot-stable@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches, review, and discussion for stable releases of skiboot" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nick.child@ibm.com, nayna@linux.ibm.com, Daniel Axtens Errors-To: skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot-stable" commit 15da2fd447c04a9f6ea53b8f8bdfaa7cbc6ea520 upstream Catch another OOB read picked up by the fuzzer. Signed-off-by: Daniel Axtens Reviewed-by: Nayna Jain Tested-by: Nayna Jain Signed-off-by: Vasant Hegde --- libstb/secvar/backend/edk2-compat-process.c | 3 +++ libstb/secvar/test/secvar-test-edk2-compat.c | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index c0006a5e908e..99fe10631139 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -192,6 +192,9 @@ int get_auth_descriptor2(const void *buf, const size_t buflen, void **auth_buffe auth_buffer_size = sizeof(auth->timestamp) + sizeof(auth->auth_info.hdr) + sizeof(auth->auth_info.cert_type) + len; + if (auth_buffer_size > buflen) + return OPAL_PARAMETER; + *auth_buffer = zalloc(auth_buffer_size); if (!(*auth_buffer)) return OPAL_NO_MEM; diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c index 100fda7d008d..a3b1613a711a 100644 --- a/libstb/secvar/test/secvar-test-edk2-compat.c +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -91,6 +91,7 @@ int run_test() struct secvar *tmp; size_t tmp_size; char empty[64] = {0}; + void *data; /* The sequence of test cases here is important to ensure that * timestamp checks work as expected. */ @@ -253,6 +254,24 @@ int run_test() ASSERT(NULL != tmp); ASSERT(0 == tmp->data_size); + printf("Try truncated KEK < size of auth structure:\n"); + data = malloc(1467); + memcpy(data, KEK_auth, 1467); + tmp = new_secvar("KEK", 4, data, 1467, 0); + rc = edk2_compat_validate(tmp); + ASSERT(0 == rc); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(0 != rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 == tmp->data_size); + free(data); + /* Add valid KEK, .process(), succeeds. */ printf("Add KEK"); tmp = new_secvar("KEK", 4, KEK_auth, KEK_auth_len, 0); From patchwork Wed Jul 21 04:00:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Axtens X-Patchwork-Id: 1507899 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=Y9WrNvVM; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GV3lH3SC5z9sWd for ; Wed, 21 Jul 2021 15:18:35 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4GV3lH2JFpz30J6 for ; Wed, 21 Jul 2021 15:18:35 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=Y9WrNvVM; dkim-atps=neutral X-Original-To: skiboot-stable@lists.ozlabs.org Delivered-To: skiboot-stable@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=axtens.net (client-ip=2607:f8b0:4864:20::535; helo=mail-pg1-x535.google.com; envelope-from=dja@axtens.net; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=Y9WrNvVM; dkim-atps=neutral Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4GV21V3fD4z2yjY for ; Wed, 21 Jul 2021 14:00:46 +1000 (AEST) Received: by mail-pg1-x535.google.com with SMTP id y4so656668pgl.10 for ; Tue, 20 Jul 2021 21:00:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H96K7OQ/q+gyjcWDua4aB7QkUTYmZjToVcLHtY8/FaE=; b=Y9WrNvVMxj5Rj54oRBae2PuVJPmTIvmB/aLZwrkWdfyxGk42DJJ+tQYzGnLl3h1E65 Ssa49LagQHmxgmNtmBnae/qKuvyB1gwUgQO2uhWJwar5KtAUJ3HGY7YJDHs4kg1Jtq2S ddX7nPzqF4/aGfD1NAAhZDWb3n7HRrvJ5Rkkw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H96K7OQ/q+gyjcWDua4aB7QkUTYmZjToVcLHtY8/FaE=; b=kTtYrDnzRs+YnQVfhDmCBIDWJKO2G2dqBfjKOnFGVRhAKjU0j8l5MDyoUL56IcZb1r eqzk2/5uIr3Hv7F/9R6PE2VocQ803xM9AT+ah/x2vDUYyAUPLsRQDUt4g/luvZCGG49l xRJiQ9D/JIywm17RRT6Yr8FGDV5OZ1VfAKbni52ir6JV8EKs5WVZz8v0PPI9Az0klGE7 XHIbIT5CF1HYqLNLrfYpN2BtoMt15NwG3eU2mq7B1272Tft2L7OPeMID1sBNxZM450gS LUqMUlYLHearX55RwDxnmO5E1goy5WgyPTwm1JRqE2xrT7bg2ncZn/wHEAF+3Oma5Cxf Phqg== X-Gm-Message-State: AOAM530MbN8aWgR2dsv8woJuMXXH8BqumR3CaYs79Z+s7DzzBfINvCsO MVqrE9KnkpPfcS7xe9CRlC1mpk7RqvWb5w== X-Google-Smtp-Source: ABdhPJyc0kuZ1SdBohW61eCGWrfDtoS+aHhjWJWQwTm4K6avEZ3F08mLL7yZX3tqgp9IPAoxIEGNWQ== X-Received: by 2002:a62:5c6:0:b029:341:e0b1:a72c with SMTP id 189-20020a6205c60000b0290341e0b1a72cmr18574229pff.71.1626840043736; Tue, 20 Jul 2021 21:00:43 -0700 (PDT) Received: from localhost ([203.206.29.204]) by smtp.gmail.com with ESMTPSA id h30sm25440093pfr.191.2021.07.20.21.00.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jul 2021 21:00:43 -0700 (PDT) From: Daniel Axtens To: skiboot-stable@lists.ozlabs.org Date: Wed, 21 Jul 2021 14:00:28 +1000 Message-Id: <20210721040030.29050-3-dja@axtens.net> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210721040030.29050-1-dja@axtens.net> References: <20210721040030.29050-1-dja@axtens.net> MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 21 Jul 2021 15:18:32 +1000 Subject: [Skiboot-stable] [PATCH 6.7.x 2/4] secvar/backend: fix an integer underflow bug X-BeenThere: skiboot-stable@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches, review, and discussion for stable releases of skiboot" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nick.child@ibm.com, nayna@linux.ibm.com, Daniel Axtens Errors-To: skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot-stable" commit 0c265ace91b9d9ee08e09392a7d4a78a1301a3ab upstream. If a declared size is smaller than uuid size, we end up allocating with an allocation of a 'negative' number, which is a huge 64 bit number. This will probably then fail with an OPAL_NO_MEM, but it will be better to catch it and return OPAL_PARAMETER instead. Signed-off-by: Daniel Axtens Reviewed-by: Nayna Jain Tested-by: Nayna Jain Signed-off-by: Vasant Hegde --- libstb/secvar/backend/edk2-compat-process.c | 3 + libstb/secvar/test/data/KEKeslcorrupt.h | 161 +++++++++++++++++++ libstb/secvar/test/secvar-test-edk2-compat.c | 18 +++ 3 files changed, 182 insertions(+) create mode 100644 libstb/secvar/test/data/KEKeslcorrupt.h diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index 99fe10631139..c5113b72b3f1 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -123,6 +123,9 @@ static int get_esl_cert(const char *buf, const size_t buflen, char **cert) assert(cert != NULL); + if (le32_to_cpu(list->SignatureSize) <= sizeof(uuid_t)) + return OPAL_PARAMETER; + size = le32_to_cpu(list->SignatureSize) - sizeof(uuid_t); prlog(PR_DEBUG,"size of signature list size is %u\n", diff --git a/libstb/secvar/test/data/KEKeslcorrupt.h b/libstb/secvar/test/data/KEKeslcorrupt.h new file mode 100644 index 000000000000..ba5cdf8cdf00 --- /dev/null +++ b/libstb/secvar/test/data/KEKeslcorrupt.h @@ -0,0 +1,161 @@ +unsigned char KEKeslcorrupt_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0e ,0x22 ,0x2e ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x9a ,0x63 ,0x09 ,0xe0 ,0x7f ,0xb8 ,0x20 ,0xd5 ,0x19 ,0x63 ,0x05 ,0x37 ,0x22 +,0x8d ,0xe4 ,0x03 ,0x0e ,0xd1 ,0x62 ,0x05 ,0x90 ,0xb4 ,0x49 ,0x9b ,0x03 ,0x1c ,0x4b ,0xd8 ,0x0f +,0x0f ,0xf5 ,0x43 ,0x17 ,0xe9 ,0xf6 ,0xb4 ,0x5f ,0x41 ,0x0f ,0xc1 ,0x7e ,0x92 ,0x5d ,0x39 ,0x53 +,0xd7 ,0x5c ,0x7a ,0x0b ,0x00 ,0x71 ,0x62 ,0x29 ,0x7c ,0xb2 ,0xf7 ,0x85 ,0xc6 ,0x77 ,0x34 ,0x9c +,0x6c ,0xdc ,0x08 ,0x8d ,0x11 ,0x93 ,0x5c ,0x8c ,0x0d ,0x76 ,0xc0 ,0x27 ,0xc2 ,0x1f ,0x15 ,0x32 +,0x72 ,0xdc ,0xff ,0xfc ,0xf1 ,0x56 ,0xbd ,0x82 ,0xe4 ,0xe4 ,0xc0 ,0xbd ,0x76 ,0xaa ,0x99 ,0x16 +,0x89 ,0x26 ,0x43 ,0x2c ,0xef ,0xa8 ,0xd4 ,0x2e ,0x01 ,0x77 ,0x13 ,0x32 ,0xbe ,0xdc ,0xea ,0xaf +,0xc0 ,0x18 ,0x4d ,0x90 ,0xb5 ,0x8d ,0x07 ,0xd7 ,0x86 ,0x21 ,0x71 ,0x3f ,0xf7 ,0x18 ,0xa9 ,0x41 +,0x3b ,0x97 ,0xf9 ,0x4f ,0xe8 ,0x3a ,0x91 ,0x8b ,0xe8 ,0xf1 ,0xae ,0x99 ,0x63 ,0x5d ,0xc1 ,0x63 +,0xc2 ,0x74 ,0xdf ,0xeb ,0x3e ,0x10 ,0xa5 ,0x34 ,0x24 ,0x95 ,0x1d ,0xba ,0xd2 ,0xa0 ,0xae ,0x78 +,0x94 ,0x0b ,0xfd ,0x75 ,0x4b ,0x55 ,0x4c ,0x1d ,0x75 ,0x91 ,0xc9 ,0xd0 ,0x1c ,0x48 ,0x01 ,0x84 +,0x35 ,0xbd ,0xcd ,0xbf ,0xbc ,0x5b ,0xd0 ,0x83 ,0xf4 ,0x0d ,0x19 ,0x4f ,0x9c ,0xa7 ,0xfe ,0x60 +,0x24 ,0x9b ,0x06 ,0x9d ,0x7e ,0xe5 ,0x3b ,0x69 ,0x7f ,0x6a ,0x09 ,0x73 ,0xb9 ,0x7d ,0x23 ,0x70 +,0x6e ,0x70 ,0x5e ,0x20 ,0x67 ,0xda ,0x65 ,0xfe ,0x27 ,0x07 ,0x27 ,0xee ,0x38 ,0x22 ,0xd1 ,0x12 +,0x94 ,0xf6 ,0x8c ,0x14 ,0x95 ,0xd7 ,0x8e ,0xc6 ,0x43 ,0x71 ,0xc1 ,0xcf ,0x96 ,0xcb ,0x7b ,0xa7 +,0x98 ,0x7b ,0x83 ,0x65 ,0x2c ,0xd9 ,0x9f ,0xb3 ,0xff ,0x05 ,0xa3 ,0x70 ,0xc0 ,0x52 ,0x8c ,0xf3 +,0x2c ,0x2e ,0x3d ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c +,0x2b ,0xf0 ,0x72 ,0xf8 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 +,0x82 ,0x03 ,0xc8 ,0x30 ,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xb0 +,0x40 ,0xaf ,0x25 ,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b +,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 +,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f +,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 +,0x35 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 ,0x35 +,0x5a ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 +,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 +,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 +,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 +,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 +,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e +,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 +,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xc1 ,0xeb ,0xb8 +,0xf7 ,0x3f ,0x53 ,0xb6 ,0xa1 ,0x8a ,0x3f ,0xca ,0x99 ,0x56 ,0xbc ,0x3b ,0xdf ,0xbf ,0x70 ,0x0a +,0x78 ,0x5b ,0x06 ,0xc1 ,0xeb ,0xbe ,0x4e ,0xd7 ,0xd9 ,0xe9 ,0x57 ,0x1f ,0xc4 ,0xf4 ,0xe5 ,0x78 +,0xb6 ,0x14 ,0xda ,0x87 ,0x43 ,0x31 ,0xad ,0x6d ,0x9f ,0xae ,0x6c ,0x44 ,0xe3 ,0x12 ,0xe4 ,0xf1 +,0xa4 ,0x81 ,0xf8 ,0x7d ,0x09 ,0x0e ,0xa6 ,0x6a ,0xe1 ,0xf7 ,0xcb ,0xe9 ,0x63 ,0xd6 ,0xd6 ,0x58 +,0x28 ,0x10 ,0xf2 ,0xb9 ,0xcf ,0xd7 ,0x85 ,0x95 ,0x0b ,0x24 ,0x51 ,0xe8 ,0x5a ,0x08 ,0x74 ,0xbc +,0x42 ,0x9b ,0xd6 ,0x84 ,0xcd ,0x5e ,0xe5 ,0x61 ,0x83 ,0x7c ,0x5f ,0x0e ,0x3a ,0x9d ,0x3d ,0x6d +,0x84 ,0xe2 ,0xc0 ,0x26 ,0x64 ,0x35 ,0x80 ,0x6c ,0xb1 ,0x37 ,0x72 ,0x38 ,0x00 ,0xa0 ,0x90 ,0x51 +,0xd3 ,0x64 ,0x01 ,0x62 ,0x70 ,0xf8 ,0xa4 ,0xe4 ,0xc8 ,0x87 ,0x4c ,0xe1 ,0x76 ,0xd7 ,0xe6 ,0xbf +,0xed ,0x08 ,0xba ,0xde ,0x42 ,0x90 ,0x00 ,0xb7 ,0x19 ,0x81 ,0x91 ,0xd0 ,0x18 ,0xcb ,0x03 ,0xe6 +,0xf5 ,0xf9 ,0x31 ,0x2b ,0x56 ,0xc3 ,0x21 ,0x39 ,0x4d ,0x9a ,0x63 ,0x0a ,0xb7 ,0x1c ,0xa9 ,0xdc +,0xce ,0xa9 ,0xc4 ,0xe0 ,0x0a ,0xa4 ,0x53 ,0x8f ,0x78 ,0xd1 ,0xc0 ,0x3f ,0xc2 ,0x8e ,0x8a ,0x37 +,0x52 ,0x42 ,0x60 ,0x97 ,0xb3 ,0x53 ,0xaa ,0xa4 ,0x4f ,0x98 ,0x7e ,0xa5 ,0x2a ,0xe1 ,0x52 ,0xfa +,0x9f ,0xc1 ,0x32 ,0xf7 ,0x15 ,0x12 ,0x62 ,0x6b ,0x5a ,0x4d ,0xfe ,0x22 ,0x8d ,0x88 ,0x87 ,0xfd +,0x83 ,0x2f ,0xaa ,0x1a ,0xb8 ,0xad ,0x3d ,0x4f ,0xdc ,0xe0 ,0x39 ,0x8b ,0x88 ,0xed ,0xc6 ,0xf5 +,0xee ,0x32 ,0xea ,0xd6 ,0x25 ,0xcf ,0x91 ,0x66 ,0x77 ,0x4c ,0xa1 ,0x0c ,0x6a ,0x7b ,0x6e ,0xb2 +,0x72 ,0xa8 ,0xf4 ,0xc7 ,0xeb ,0xa4 ,0x91 ,0xda ,0x5d ,0x14 ,0xf9 ,0x9e ,0xe9 ,0x02 ,0x03 ,0x01 +,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 +,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 +,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 +,0x80 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad +,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff +,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x7a ,0xc8 ,0xc9 ,0x0e ,0x45 +,0x1c ,0xa6 ,0xce ,0xd5 ,0xdb ,0x9c ,0x5d ,0x95 ,0x8b ,0x8b ,0xbc ,0x90 ,0xca ,0x98 ,0xd1 ,0xe9 +,0x4b ,0xfb ,0xf3 ,0xef ,0x48 ,0xb0 ,0x9e ,0x0d ,0x95 ,0x0f ,0x3a ,0xa0 ,0xb6 ,0x93 ,0x9f ,0xc6 +,0xf7 ,0xca ,0xca ,0xf1 ,0x04 ,0x90 ,0x4d ,0x6b ,0x57 ,0xc1 ,0xe5 ,0x85 ,0xfd ,0x87 ,0x09 ,0xe5 +,0xaf ,0x98 ,0x89 ,0x32 ,0x27 ,0x35 ,0x85 ,0xcf ,0xe1 ,0x1f ,0xaf ,0xc0 ,0x8c ,0x3f ,0x2a ,0xba +,0xa4 ,0xfc ,0xaa ,0x40 ,0x02 ,0x7c ,0x57 ,0xd9 ,0x73 ,0xc6 ,0xc0 ,0x59 ,0xcb ,0x47 ,0x71 ,0x07 +,0x1a ,0xfe ,0x46 ,0xb1 ,0x81 ,0x14 ,0x6b ,0xa5 ,0xeb ,0xe7 ,0x9c ,0x2b ,0x87 ,0xee ,0x72 ,0x96 +,0xe0 ,0xb0 ,0x11 ,0x86 ,0x33 ,0x95 ,0xdf ,0x6e ,0x9c ,0x3f ,0x0f ,0xc1 ,0x46 ,0x8c ,0x53 ,0x12 +,0xf1 ,0xd9 ,0xa8 ,0xee ,0x04 ,0xc5 ,0x71 ,0x52 ,0x22 ,0x13 ,0x0f ,0x91 ,0x0c ,0x73 ,0xca ,0x34 +,0xb1 ,0x36 ,0x5f ,0x8c ,0x2e ,0x0f ,0x3a ,0x04 ,0x42 ,0xfe ,0x45 ,0x82 ,0x29 ,0x56 ,0x5e ,0xe5 +,0x4c ,0xeb ,0x4b ,0xa6 ,0xe5 ,0xe0 ,0x1d ,0x74 ,0xc0 ,0x5a ,0x2f ,0x42 ,0xa5 ,0xf2 ,0x65 ,0xd5 +,0x4d ,0x3b ,0x22 ,0xd2 ,0x96 ,0x42 ,0xcf ,0xbd ,0xd7 ,0x8b ,0x37 ,0x7a ,0xb6 ,0xd9 ,0xd4 ,0xd7 +,0x45 ,0x47 ,0x3b ,0x3c ,0xb3 ,0xd9 ,0x29 ,0x69 ,0x91 ,0x7d ,0x4c ,0x06 ,0xad ,0x6c ,0xea ,0x62 +,0xf1 ,0xf7 ,0xec ,0x67 ,0xae ,0xd5 ,0x43 ,0xd0 ,0xab ,0xb8 ,0xbf ,0xa4 ,0x28 ,0xd4 ,0x75 ,0xd2 +,0x3f ,0x53 ,0x5d ,0xa8 ,0x09 ,0x46 ,0x89 ,0x7f ,0x84 ,0x36 ,0xad ,0x78 ,0x41 ,0x03 ,0xf4 ,0xc4 +,0x43 ,0x43 ,0xdc ,0x52 ,0xc6 ,0xff ,0xab ,0xd6 ,0x8c ,0x7f ,0xc0 ,0xab ,0x67 ,0x5b ,0x0b ,0xa9 +,0x6a ,0xd2 ,0x85 ,0x71 ,0x9f ,0xc2 ,0xf1 ,0x96 ,0xd2 ,0x41 ,0xb0 }; + +unsigned int KEKeslcorrupt_auth_len = 2523; diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c index a3b1613a711a..4952a4b3d555 100644 --- a/libstb/secvar/test/secvar-test-edk2-compat.c +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -13,6 +13,7 @@ #include "./data/invalidkek.h" #include "./data/malformedkek.h" #include "./data/trimmedKEK.h" +#include "./data/KEKeslcorrupt.h" #include "./data/db.h" #include "./data/dbsigneddata.h" #include "./data/OldTSKEK.h" @@ -272,6 +273,23 @@ int run_test() ASSERT(0 == tmp->data_size); free(data); + /* KEK with corrupted ESL SignatureSize */ + printf("KEK with corrupt ESL SignatureSize\n"); + tmp = new_secvar("KEK", 4, KEKeslcorrupt_auth, KEKeslcorrupt_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + /* If we don't catch the error, we get OPAL_NO_MEM instead */ + ASSERT(OPAL_PARAMETER == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 == tmp->data_size); + + /* Add valid KEK, .process(), succeeds. */ printf("Add KEK"); tmp = new_secvar("KEK", 4, KEK_auth, KEK_auth_len, 0); From patchwork Wed Jul 21 04:00:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Axtens X-Patchwork-Id: 1507900 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=YrR8m6ye; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GV3lJ0JZZz9sSs for ; Wed, 21 Jul 2021 15:18:36 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4GV3lH6JHcz30D6 for ; Wed, 21 Jul 2021 15:18:35 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=YrR8m6ye; dkim-atps=neutral X-Original-To: skiboot-stable@lists.ozlabs.org Delivered-To: skiboot-stable@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=axtens.net (client-ip=2607:f8b0:4864:20::630; helo=mail-pl1-x630.google.com; envelope-from=dja@axtens.net; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=YrR8m6ye; dkim-atps=neutral Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4GV21Z2GcXz307m for ; Wed, 21 Jul 2021 14:00:50 +1000 (AEST) Received: by mail-pl1-x630.google.com with SMTP id d1so340902plg.0 for ; Tue, 20 Jul 2021 21:00:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xRJKVDECvLwSOOnMaPTzdGZyVbG26QMo1xeeQrc+LBY=; b=YrR8m6yeyP0PUTzIG1PabmdmKtcqPHw94F7Prj+NOk/Q2DIHsNH3NgsYJpJ6RdcX4G TxPifP4w1O39A+Yuel3yDn4lij/JnRrNIKeUwI+4rA7h9FJLCS6b9TO5vsnKXbrMxLfU Tx6Ileq2f52cu/7ph/F9yjobl4DC/bT9WibiE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xRJKVDECvLwSOOnMaPTzdGZyVbG26QMo1xeeQrc+LBY=; b=iY8cgticpXgzHhreLF/rxV0j/5erJ3hbJuGrYTMKsCIttYarLMHCAGg6ddNlaPKqDl LxLiMKCmvY3fxXF20ZdQro+zHciXmnc59gZNzK+WO3W5qcYDozW28UqPhziv57HHqNBf Wl7jP/zQ7uBPac1Vg/XiVVpvdBjkRxX6vtHNtyxFjvmTFlk21t6ZQZbMK1KfEEvlJezr +K+CLCDIScaYmNbPiq48t0Ng2HeM/vFh2UsDpLVk7WMZpVH0IR7/FhVWwKJX7ESDnjpi +Uhywe2nglKjujxR3jT/Yp9vhmt7+TmgBredpWiWaysgMBNJzqmsV02SsNq6K7Y+wTIt BxOA== X-Gm-Message-State: AOAM5324gmiuWMX8j4cU5RsF/kivQ2whgjWnocOkBbcaCtgzGHUZjDcI 0Qzp68i1sZHVw9EUNgIqRoD2sPJwqG+xPw== X-Google-Smtp-Source: ABdhPJxRSAcdOkX9d0h+1i81lqWPSwbgwXEAKfTtnPSqc4B4us3xplgf5vTOQzhgLGkntNtB6tYbVQ== X-Received: by 2002:a17:902:768c:b029:128:b109:d0d8 with SMTP id m12-20020a170902768cb0290128b109d0d8mr26074532pll.19.1626840047609; Tue, 20 Jul 2021 21:00:47 -0700 (PDT) Received: from localhost ([203.206.29.204]) by smtp.gmail.com with ESMTPSA id f16sm27870328pgb.51.2021.07.20.21.00.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jul 2021 21:00:47 -0700 (PDT) From: Daniel Axtens To: skiboot-stable@lists.ozlabs.org Date: Wed, 21 Jul 2021 14:00:29 +1000 Message-Id: <20210721040030.29050-4-dja@axtens.net> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210721040030.29050-1-dja@axtens.net> References: <20210721040030.29050-1-dja@axtens.net> MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 21 Jul 2021 15:18:32 +1000 Subject: [Skiboot-stable] [PATCH 6.7.x 3/4] secvar/backend: fix a memory leak in get_pkcs7 X-BeenThere: skiboot-stable@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches, review, and discussion for stable releases of skiboot" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nick.child@ibm.com, nayna@linux.ibm.com, Daniel Axtens Errors-To: skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot-stable" commit 8dd8b6e4abb4d61cdf98470f3fe5cb750def7a18 upstream. We need to actually free the pkcs7 structure, not just pass it to mbedtls_pkcs7_free(). Signed-off-by: Daniel Axtens Reviewed-by: Nayna Jain Tested-by: Nayna Jain Signed-off-by: Vasant Hegde --- libstb/secvar/backend/edk2-compat-process.c | 1 + libstb/secvar/test/Makefile.check | 5 +- libstb/secvar/test/data/KEKpkcs7corrupt.h | 161 +++++++++++++++++++ libstb/secvar/test/secvar-test-edk2-compat.c | 15 ++ 4 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 libstb/secvar/test/data/KEKpkcs7corrupt.h diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index c5113b72b3f1..3361eb5f8169 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -461,6 +461,7 @@ static mbedtls_pkcs7* get_pkcs7(const struct efi_variable_authentication_2 *auth out: mbedtls_pkcs7_free(pkcs7); + free(pkcs7); pkcs7 = NULL; return pkcs7; } diff --git a/libstb/secvar/test/Makefile.check b/libstb/secvar/test/Makefile.check index 6cb1687d3a7e..5aeeb54d6ea8 100644 --- a/libstb/secvar/test/Makefile.check +++ b/libstb/secvar/test/Makefile.check @@ -10,6 +10,9 @@ HOSTCFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include # Needed because x86 and POWER disagree on the type for uint64_t, causes printf issues HOSTCFLAGS+= -Wno-format +# we want to test for leaks too: +SECVAR_VALGRIND := $(VALGRIND) --leak-check=full + .PHONY : secvar-check secvar-check: $(SECVAR_TEST:%=%-check) $(SECVAR_TEST_NOSTUB:%=%-check) @@ -27,7 +30,7 @@ $(SECVAR_TEST:%=%-gcov-run) : %-run: % $(SECVAR_TEST:%=%-check) : %-check: % @dd if=/dev/zero of=secboot.img bs=128k count=1 2> /dev/null - $(call QTEST, RUN-TEST ,$(VALGRIND) $<, $<) + $(call QTEST, RUN-TEST ,$(SECVAR_VALGRIND) $<, $<) @$(RM) -f secboot.img HOST_MBEDTLS_OBJS=$(MBEDTLS_OBJS:%.o=$(CRYPTO_DIR)/%.host.o) diff --git a/libstb/secvar/test/data/KEKpkcs7corrupt.h b/libstb/secvar/test/data/KEKpkcs7corrupt.h new file mode 100644 index 000000000000..4631db47faab --- /dev/null +++ b/libstb/secvar/test/data/KEKpkcs7corrupt.h @@ -0,0 +1,161 @@ +unsigned char KEKpkcs7corrupt_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0e ,0x22 ,0x2e ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0xff ,0xff ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x9a ,0x63 ,0x09 ,0xe0 ,0x7f ,0xb8 ,0x20 ,0xd5 ,0x19 ,0x63 ,0x05 ,0x37 ,0x22 +,0x8d ,0xe4 ,0x03 ,0x0e ,0xd1 ,0x62 ,0x05 ,0x90 ,0xb4 ,0x49 ,0x9b ,0x03 ,0x1c ,0x4b ,0xd8 ,0x0f +,0x0f ,0xf5 ,0x43 ,0x17 ,0xe9 ,0xf6 ,0xb4 ,0x5f ,0x41 ,0x0f ,0xc1 ,0x7e ,0x92 ,0x5d ,0x39 ,0x53 +,0xd7 ,0x5c ,0x7a ,0x0b ,0x00 ,0x71 ,0x62 ,0x29 ,0x7c ,0xb2 ,0xf7 ,0x85 ,0xc6 ,0x77 ,0x34 ,0x9c +,0x6c ,0xdc ,0x08 ,0x8d ,0x11 ,0x93 ,0x5c ,0x8c ,0x0d ,0x76 ,0xc0 ,0x27 ,0xc2 ,0x1f ,0x15 ,0x32 +,0x72 ,0xdc ,0xff ,0xfc ,0xf1 ,0x56 ,0xbd ,0x82 ,0xe4 ,0xe4 ,0xc0 ,0xbd ,0x76 ,0xaa ,0x99 ,0x16 +,0x89 ,0x26 ,0x43 ,0x2c ,0xef ,0xa8 ,0xd4 ,0x2e ,0x01 ,0x77 ,0x13 ,0x32 ,0xbe ,0xdc ,0xea ,0xaf +,0xc0 ,0x18 ,0x4d ,0x90 ,0xb5 ,0x8d ,0x07 ,0xd7 ,0x86 ,0x21 ,0x71 ,0x3f ,0xf7 ,0x18 ,0xa9 ,0x41 +,0x3b ,0x97 ,0xf9 ,0x4f ,0xe8 ,0x3a ,0x91 ,0x8b ,0xe8 ,0xf1 ,0xae ,0x99 ,0x63 ,0x5d ,0xc1 ,0x63 +,0xc2 ,0x74 ,0xdf ,0xeb ,0x3e ,0x10 ,0xa5 ,0x34 ,0x24 ,0x95 ,0x1d ,0xba ,0xd2 ,0xa0 ,0xae ,0x78 +,0x94 ,0x0b ,0xfd ,0x75 ,0x4b ,0x55 ,0x4c ,0x1d ,0x75 ,0x91 ,0xc9 ,0xd0 ,0x1c ,0x48 ,0x01 ,0x84 +,0x35 ,0xbd ,0xcd ,0xbf ,0xbc ,0x5b ,0xd0 ,0x83 ,0xf4 ,0x0d ,0x19 ,0x4f ,0x9c ,0xa7 ,0xfe ,0x60 +,0x24 ,0x9b ,0x06 ,0x9d ,0x7e ,0xe5 ,0x3b ,0x69 ,0x7f ,0x6a ,0x09 ,0x73 ,0xb9 ,0x7d ,0x23 ,0x70 +,0x6e ,0x70 ,0x5e ,0x20 ,0x67 ,0xda ,0x65 ,0xfe ,0x27 ,0x07 ,0x27 ,0xee ,0x38 ,0x22 ,0xd1 ,0x12 +,0x94 ,0xf6 ,0x8c ,0x14 ,0x95 ,0xd7 ,0x8e ,0xc6 ,0x43 ,0x71 ,0xc1 ,0xcf ,0x96 ,0xcb ,0x7b ,0xa7 +,0x98 ,0x7b ,0x83 ,0x65 ,0x2c ,0xd9 ,0x9f ,0xb3 ,0xff ,0x05 ,0xa3 ,0x70 ,0xc0 ,0x52 ,0x8c ,0xf3 +,0x2c ,0x2e ,0x3d ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c +,0x2b ,0xf0 ,0x72 ,0xf8 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xdc ,0x03 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 +,0x82 ,0x03 ,0xc8 ,0x30 ,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xb0 +,0x40 ,0xaf ,0x25 ,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b +,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 +,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f +,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 +,0x35 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 ,0x35 +,0x5a ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 +,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 +,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 +,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 +,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 +,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e +,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 +,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xc1 ,0xeb ,0xb8 +,0xf7 ,0x3f ,0x53 ,0xb6 ,0xa1 ,0x8a ,0x3f ,0xca ,0x99 ,0x56 ,0xbc ,0x3b ,0xdf ,0xbf ,0x70 ,0x0a +,0x78 ,0x5b ,0x06 ,0xc1 ,0xeb ,0xbe ,0x4e ,0xd7 ,0xd9 ,0xe9 ,0x57 ,0x1f ,0xc4 ,0xf4 ,0xe5 ,0x78 +,0xb6 ,0x14 ,0xda ,0x87 ,0x43 ,0x31 ,0xad ,0x6d ,0x9f ,0xae ,0x6c ,0x44 ,0xe3 ,0x12 ,0xe4 ,0xf1 +,0xa4 ,0x81 ,0xf8 ,0x7d ,0x09 ,0x0e ,0xa6 ,0x6a ,0xe1 ,0xf7 ,0xcb ,0xe9 ,0x63 ,0xd6 ,0xd6 ,0x58 +,0x28 ,0x10 ,0xf2 ,0xb9 ,0xcf ,0xd7 ,0x85 ,0x95 ,0x0b ,0x24 ,0x51 ,0xe8 ,0x5a ,0x08 ,0x74 ,0xbc +,0x42 ,0x9b ,0xd6 ,0x84 ,0xcd ,0x5e ,0xe5 ,0x61 ,0x83 ,0x7c ,0x5f ,0x0e ,0x3a ,0x9d ,0x3d ,0x6d +,0x84 ,0xe2 ,0xc0 ,0x26 ,0x64 ,0x35 ,0x80 ,0x6c ,0xb1 ,0x37 ,0x72 ,0x38 ,0x00 ,0xa0 ,0x90 ,0x51 +,0xd3 ,0x64 ,0x01 ,0x62 ,0x70 ,0xf8 ,0xa4 ,0xe4 ,0xc8 ,0x87 ,0x4c ,0xe1 ,0x76 ,0xd7 ,0xe6 ,0xbf +,0xed ,0x08 ,0xba ,0xde ,0x42 ,0x90 ,0x00 ,0xb7 ,0x19 ,0x81 ,0x91 ,0xd0 ,0x18 ,0xcb ,0x03 ,0xe6 +,0xf5 ,0xf9 ,0x31 ,0x2b ,0x56 ,0xc3 ,0x21 ,0x39 ,0x4d ,0x9a ,0x63 ,0x0a ,0xb7 ,0x1c ,0xa9 ,0xdc +,0xce ,0xa9 ,0xc4 ,0xe0 ,0x0a ,0xa4 ,0x53 ,0x8f ,0x78 ,0xd1 ,0xc0 ,0x3f ,0xc2 ,0x8e ,0x8a ,0x37 +,0x52 ,0x42 ,0x60 ,0x97 ,0xb3 ,0x53 ,0xaa ,0xa4 ,0x4f ,0x98 ,0x7e ,0xa5 ,0x2a ,0xe1 ,0x52 ,0xfa +,0x9f ,0xc1 ,0x32 ,0xf7 ,0x15 ,0x12 ,0x62 ,0x6b ,0x5a ,0x4d ,0xfe ,0x22 ,0x8d ,0x88 ,0x87 ,0xfd +,0x83 ,0x2f ,0xaa ,0x1a ,0xb8 ,0xad ,0x3d ,0x4f ,0xdc ,0xe0 ,0x39 ,0x8b ,0x88 ,0xed ,0xc6 ,0xf5 +,0xee ,0x32 ,0xea ,0xd6 ,0x25 ,0xcf ,0x91 ,0x66 ,0x77 ,0x4c ,0xa1 ,0x0c ,0x6a ,0x7b ,0x6e ,0xb2 +,0x72 ,0xa8 ,0xf4 ,0xc7 ,0xeb ,0xa4 ,0x91 ,0xda ,0x5d ,0x14 ,0xf9 ,0x9e ,0xe9 ,0x02 ,0x03 ,0x01 +,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 +,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 +,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 +,0x80 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad +,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff +,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x7a ,0xc8 ,0xc9 ,0x0e ,0x45 +,0x1c ,0xa6 ,0xce ,0xd5 ,0xdb ,0x9c ,0x5d ,0x95 ,0x8b ,0x8b ,0xbc ,0x90 ,0xca ,0x98 ,0xd1 ,0xe9 +,0x4b ,0xfb ,0xf3 ,0xef ,0x48 ,0xb0 ,0x9e ,0x0d ,0x95 ,0x0f ,0x3a ,0xa0 ,0xb6 ,0x93 ,0x9f ,0xc6 +,0xf7 ,0xca ,0xca ,0xf1 ,0x04 ,0x90 ,0x4d ,0x6b ,0x57 ,0xc1 ,0xe5 ,0x85 ,0xfd ,0x87 ,0x09 ,0xe5 +,0xaf ,0x98 ,0x89 ,0x32 ,0x27 ,0x35 ,0x85 ,0xcf ,0xe1 ,0x1f ,0xaf ,0xc0 ,0x8c ,0x3f ,0x2a ,0xba +,0xa4 ,0xfc ,0xaa ,0x40 ,0x02 ,0x7c ,0x57 ,0xd9 ,0x73 ,0xc6 ,0xc0 ,0x59 ,0xcb ,0x47 ,0x71 ,0x07 +,0x1a ,0xfe ,0x46 ,0xb1 ,0x81 ,0x14 ,0x6b ,0xa5 ,0xeb ,0xe7 ,0x9c ,0x2b ,0x87 ,0xee ,0x72 ,0x96 +,0xe0 ,0xb0 ,0x11 ,0x86 ,0x33 ,0x95 ,0xdf ,0x6e ,0x9c ,0x3f ,0x0f ,0xc1 ,0x46 ,0x8c ,0x53 ,0x12 +,0xf1 ,0xd9 ,0xa8 ,0xee ,0x04 ,0xc5 ,0x71 ,0x52 ,0x22 ,0x13 ,0x0f ,0x91 ,0x0c ,0x73 ,0xca ,0x34 +,0xb1 ,0x36 ,0x5f ,0x8c ,0x2e ,0x0f ,0x3a ,0x04 ,0x42 ,0xfe ,0x45 ,0x82 ,0x29 ,0x56 ,0x5e ,0xe5 +,0x4c ,0xeb ,0x4b ,0xa6 ,0xe5 ,0xe0 ,0x1d ,0x74 ,0xc0 ,0x5a ,0x2f ,0x42 ,0xa5 ,0xf2 ,0x65 ,0xd5 +,0x4d ,0x3b ,0x22 ,0xd2 ,0x96 ,0x42 ,0xcf ,0xbd ,0xd7 ,0x8b ,0x37 ,0x7a ,0xb6 ,0xd9 ,0xd4 ,0xd7 +,0x45 ,0x47 ,0x3b ,0x3c ,0xb3 ,0xd9 ,0x29 ,0x69 ,0x91 ,0x7d ,0x4c ,0x06 ,0xad ,0x6c ,0xea ,0x62 +,0xf1 ,0xf7 ,0xec ,0x67 ,0xae ,0xd5 ,0x43 ,0xd0 ,0xab ,0xb8 ,0xbf ,0xa4 ,0x28 ,0xd4 ,0x75 ,0xd2 +,0x3f ,0x53 ,0x5d ,0xa8 ,0x09 ,0x46 ,0x89 ,0x7f ,0x84 ,0x36 ,0xad ,0x78 ,0x41 ,0x03 ,0xf4 ,0xc4 +,0x43 ,0x43 ,0xdc ,0x52 ,0xc6 ,0xff ,0xab ,0xd6 ,0x8c ,0x7f ,0xc0 ,0xab ,0x67 ,0x5b ,0x0b ,0xa9 +,0x6a ,0xd2 ,0x85 ,0x71 ,0x9f ,0xc2 ,0xf1 ,0x96 ,0xd2 ,0x41 ,0xb0 }; + +unsigned int KEKpkcs7corrupt_auth_len = 2523; diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c index 4952a4b3d555..d715b17ec817 100644 --- a/libstb/secvar/test/secvar-test-edk2-compat.c +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -14,6 +14,7 @@ #include "./data/malformedkek.h" #include "./data/trimmedKEK.h" #include "./data/KEKeslcorrupt.h" +#include "./data/KEKpkcs7corrupt.h" #include "./data/db.h" #include "./data/dbsigneddata.h" #include "./data/OldTSKEK.h" @@ -289,6 +290,20 @@ int run_test() ASSERT(NULL != tmp); ASSERT(0 == tmp->data_size); + /* KEK with corrupted pkcs7, used to leak memory */ + printf("KEK with corrupt PKCS#7 message\n"); + tmp = new_secvar("KEK", 4, KEKpkcs7corrupt_auth, KEKpkcs7corrupt_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_PARAMETER == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 == tmp->data_size); /* Add valid KEK, .process(), succeeds. */ printf("Add KEK"); From patchwork Wed Jul 21 04:00:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Axtens X-Patchwork-Id: 1507901 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=PA2NkyBV; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GV3lJ4vfVz9sWX for ; Wed, 21 Jul 2021 15:18:36 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4GV3lJ3zpnz3bTJ for ; Wed, 21 Jul 2021 15:18:36 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=PA2NkyBV; dkim-atps=neutral X-Original-To: skiboot-stable@lists.ozlabs.org Delivered-To: skiboot-stable@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=axtens.net (client-ip=2607:f8b0:4864:20::102c; helo=mail-pj1-x102c.google.com; envelope-from=dja@axtens.net; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.a=rsa-sha256 header.s=google header.b=PA2NkyBV; dkim-atps=neutral Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4GV21f2jHtz300x for ; Wed, 21 Jul 2021 14:00:54 +1000 (AEST) Received: by mail-pj1-x102c.google.com with SMTP id i16-20020a17090acf90b02901736d9d2218so263148pju.1 for ; Tue, 20 Jul 2021 21:00:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9sheSh/cW/Ytwis42dRd4vleaVHpoQcJhOryPHxV078=; b=PA2NkyBVfdTgP9i4Ih+CuVxuzhzwV0if8IeIPqzrDakCtVu0uLBiVOTTBeVZcefBrv wxqT37lC8AFnK42UQG5f68WTuEd0cr9Ai79OHlgLxGGe9QOF629SSh5YVdGTfSZBXfRS dYLlnRNR7Y4It9RDbLNp8REMJxPYMyk+wCA1U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9sheSh/cW/Ytwis42dRd4vleaVHpoQcJhOryPHxV078=; b=ce1F3fo3ZAb3n60Ep6WzB5zAkzMhFj+KSdgfEoKt0kuZCr4NS1cqOn93CgN4MbiEIM /xPEyCvp/pOIPyniCyy7tXmA9xIKCeeesYUe6L4jAFMD6skvBXE5pJdzfYuRPuMmhotN L1M8lp+ruvFXqoJyQVmXHXFu3Z1jy9u158EuKtN/9XIn2I9A3sMrifj3gKFYWiabuVmC QdOOYSbHNjvSfc9nu7iWWrPMNKn8ipI/NEVPiOA5gCyPdg5f0gN0eaI1Zu5tE/i/nqPt 4pHHE/66gLFt4JtLlQfKm1vC3Pkmz5NnKpnf2iGt//lvx7pRMBJKvm+cgbFui5LxQLga 2A0g== X-Gm-Message-State: AOAM532f6ysbVdLGo5q6Sl8x2d+QjbPoow6BVS6G7fjX67dK8Ysy9zA9 7xd3jvh3IlnCbw71Ju6nzyPPzd5IDV5cAw== X-Google-Smtp-Source: ABdhPJyGGNGfazubAR5N9ujlY/SWF4f+/K7cwnOmwfGq7OcI5sLtKk3KoCLS3MRUkIm9sP5+JCda2g== X-Received: by 2002:a17:90a:c003:: with SMTP id p3mr32911623pjt.14.1626840051468; Tue, 20 Jul 2021 21:00:51 -0700 (PDT) Received: from localhost ([203.206.29.204]) by smtp.gmail.com with ESMTPSA id o184sm28395714pga.18.2021.07.20.21.00.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jul 2021 21:00:51 -0700 (PDT) From: Daniel Axtens To: skiboot-stable@lists.ozlabs.org Date: Wed, 21 Jul 2021 14:00:30 +1000 Message-Id: <20210721040030.29050-5-dja@axtens.net> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210721040030.29050-1-dja@axtens.net> References: <20210721040030.29050-1-dja@axtens.net> MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 21 Jul 2021 15:18:32 +1000 Subject: [Skiboot-stable] [PATCH 6.7.x 4/4] pkcs7: pkcs7_get_content_info_type should reset *p on error X-BeenThere: skiboot-stable@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches, review, and discussion for stable releases of skiboot" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nick.child@ibm.com, nayna@linux.ibm.com, Daniel Axtens Errors-To: skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot-stable" commit d8e13853e506e00713d15fa5e23457ba21a16829 upstream. Fuzzing revealed a crash where pkcs7_get_signed_data was accessing beyond the bounds of the object, despite valid data being passed in to mbedtls_pkcs7_parse_der. Further investigation revealed that pkcs7_get_content_info_type will reset *p to start if the second call to mbedtls_asn1_get_tag fails, but not if the first call fails. mbedtls_asn1_get_tag does indeed advance *p even in some failure cases, so a reset is required. Reset *p to start if the first call to mbedtls_asn1_get_tag fails. Signed-off-by: Daniel Axtens Reviewed-by: Nayna Jain Tested-by: Nayna Jain Signed-off-by: Vasant Hegde --- libstb/crypto/pkcs7/pkcs7.c | 4 +++- libstb/secvar/test/secvar-test-pkcs7.c | 32 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 libstb/secvar/test/secvar-test-pkcs7.c diff --git a/libstb/crypto/pkcs7/pkcs7.c b/libstb/crypto/pkcs7/pkcs7.c index 4407e201a4cc..a523a9d42a16 100644 --- a/libstb/crypto/pkcs7/pkcs7.c +++ b/libstb/crypto/pkcs7/pkcs7.c @@ -151,8 +151,10 @@ static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) + if( ret != 0 ) { + *p = start; return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + } ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ); if( ret != 0 ) { diff --git a/libstb/secvar/test/secvar-test-pkcs7.c b/libstb/secvar/test/secvar-test-pkcs7.c new file mode 100644 index 000000000000..d5e88709f7e3 --- /dev/null +++ b/libstb/secvar/test/secvar-test-pkcs7.c @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2021 IBM Corp. */ + +#define MBEDTLS_PKCS7_C +#include "secvar_common_test.c" +#include "../../crypto/pkcs7/pkcs7.c" + +const char *secvar_test_name = "pkcs7"; + +int run_test() +{ + const unsigned char underrun_p7s[] = {0x30, 0x48}; + mbedtls_pkcs7 pkcs7; + unsigned char *data; + int rc; + + mbedtls_pkcs7_init(&pkcs7); + /* The data must live in the heap, not the stack, for valgrind to + catch the overread. */ + data = malloc(sizeof(underrun_p7s)); + memcpy(data, underrun_p7s, sizeof(underrun_p7s)); + rc = mbedtls_pkcs7_parse_der(data, sizeof(underrun_p7s), &pkcs7); + free(data); + ASSERT(0 > rc); + + return 0; +} + +int main(void) +{ + return run_test(); +}