diff options
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/README.md | 175 | ||||
| -rw-r--r-- | fuzz/asn1.c | 375 | ||||
| -rw-r--r-- | fuzz/asn1parse.c | 45 | ||||
| -rw-r--r-- | fuzz/bignum.c | 109 | ||||
| -rw-r--r-- | fuzz/bndiv.c | 131 | ||||
| -rw-r--r-- | fuzz/build.info | 146 | ||||
| -rw-r--r-- | fuzz/client.c | 108 | ||||
| -rw-r--r-- | fuzz/cmp.c | 203 | ||||
| -rw-r--r-- | fuzz/cms.c | 55 | ||||
| -rw-r--r-- | fuzz/conf.c | 48 | ||||
| -rw-r--r-- | fuzz/crl.c | 47 | ||||
| -rw-r--r-- | fuzz/ct.c | 51 | ||||
| -rw-r--r-- | fuzz/driver.c | 55 | ||||
| -rw-r--r-- | fuzz/fuzz_rand.c | 168 | ||||
| -rw-r--r-- | fuzz/fuzzer.h | 16 | ||||
| -rwxr-xr-x | fuzz/helper.py | 52 | ||||
| -rwxr-xr-x | fuzz/mkfuzzoids.pl | 42 | ||||
| -rw-r--r-- | fuzz/oids.txt | 1113 | ||||
| -rw-r--r-- | fuzz/server.c | 659 | ||||
| -rw-r--r-- | fuzz/test-corpus.c | 104 | ||||
| -rw-r--r-- | fuzz/x509.c | 153 |
21 files changed, 3855 insertions, 0 deletions
diff --git a/fuzz/README.md b/fuzz/README.md new file mode 100644 index 000000000000..6cc7811ad003 --- /dev/null +++ b/fuzz/README.md @@ -0,0 +1,175 @@ +Fuzzing OpenSSL +=============== + +OpenSSL can use either LibFuzzer or AFL to do fuzzing. + +LibFuzzer +--------- + +How to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html), +starting from a vanilla+OpenSSH server Ubuntu install. + +With `clang` from a package manager +----------------------------------- + +Install `clang`, which [ships with `libfuzzer`](http://llvm.org/docs/LibFuzzer.html#fuzzer-usage) +since version 6.0: + + sudo apt-get install clang + +Configure `openssl` for fuzzing. For now, you'll still need to pass in the path +to the `libFuzzer` library file while configuring; this is represented as +`$PATH_TO_LIBFUZZER` below. A typical value would be +`/usr/lib/llvm-7/lib/clang/7.0.1/lib/linux/libclang_rt.fuzzer-x86_64.a`. + + CC=clang ./config enable-fuzz-libfuzzer \ + --with-fuzzer-lib=$PATH_TO_LIBFUZZER \ + -DPEDANTIC enable-asan enable-ubsan no-shared \ + -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ + -fsanitize=fuzzer-no-link \ + enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ + enable-weak-ssl-ciphers enable-rc5 enable-md2 \ + enable-ssl3 enable-ssl3-method enable-nextprotoneg \ + --debug + +Compile: + + sudo apt-get install make + make clean + LDCMD=clang++ make -j4 + +Finally, perform the actual fuzzing: + + fuzz/helper.py $FUZZER + +where $FUZZER is one of the executables in `fuzz/`. +It will run until you stop it. + +If you get a crash, you should find a corresponding input file in +`fuzz/corpora/$FUZZER-crash/`. + +With `clang` from source/pre-built binaries +------------------------------------------- + +You may also wish to use a pre-built binary from the [LLVM Download +site](http://releases.llvm.org/download.html), or to [build `clang` from +source](https://clang.llvm.org/get_started.html). After adding `clang` to your +path and locating the `libfuzzer` library file, the procedure for configuring +fuzzing is the same, except that you also need to specify +a `--with-fuzzer-include` option, which should be the parent directory of the +prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below. + + CC=clang ./config enable-fuzz-libfuzzer \ + --with-fuzzer-include=$PATH_TO_LIBFUZZER_DIR \ + --with-fuzzer-lib=$PATH_TO_LIBFUZZER \ + -DPEDANTIC enable-asan enable-ubsan no-shared \ + -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ + -fsanitize=fuzzer-no-link \ + enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ + enable-weak-ssl-ciphers enable-rc5 enable-md2 \ + enable-ssl3 enable-ssl3-method enable-nextprotoneg \ + --debug + +AFL +--- + +This is an alternative to using LibFuzzer. + +Configure for fuzzing: + + sudo apt-get install afl-clang + CC=afl-clang-fast ./config enable-fuzz-afl no-shared no-module \ + -DPEDANTIC enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 \ + enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg \ + enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ + --debug + make clean + make + +The following options can also be enabled: enable-asan, enable-ubsan, enable-msan + +Run one of the fuzzers: + + afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER + +Where $FUZZER is one of the executables in `fuzz/`. + +Reproducing issues +------------------ + +If a fuzzer generates a reproducible error, you can reproduce the problem using +the fuzz/*-test binaries and the file generated by the fuzzer. They binaries +don't need to be built for fuzzing, there is no need to set CC or the call +config with enable-fuzz-* or -fsanitize-coverage, but some of the other options +above might be needed. For instance the enable-asan or enable-ubsan option might +be useful to show you when the problem happens. For the client and server fuzzer +it might be needed to use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to +reproduce the generated random numbers. + +To reproduce the crash you can run: + + fuzz/$FUZZER-test $file + +To do all the tests of a specific fuzzer such as asn1 you can run + + fuzz/asn1-test fuzz/corpora/asn1 +or + make test TESTS=fuzz_test_asn1 + +To run several fuzz tests you can use for instance: + + make test TESTS='test_fuzz_cmp test_fuzz_cms' + +To run all fuzz tests you can use: + + make test TESTS='test_fuzz_*' + +Random numbers +-------------- + +The client and server fuzzer normally generate random numbers as part of the TLS +connection setup. This results in the coverage of the fuzzing corpus changing +depending on the random numbers. This also has an effect for coverage of the +rest of the test suite and you see the coverage change for each commit even when +no code has been modified. + +Since we want to maximize the coverage of the fuzzing corpus, the client and +server fuzzer will use predictable numbers instead of the random numbers. This +is controlled by the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION define. + +The coverage depends on the way the numbers are generated. We don't disable any +check of hashes, but the corpus has the correct hash in it for the random +numbers that were generated. For instance the client fuzzer will always generate +the same client hello with the same random number in it, and so the server, as +emulated by the file, can be generated for that client hello. + +Coverage changes +---------------- + +Since the corpus depends on the default behaviour of the client and the server, +changes in what they send by default will have an impact on the coverage. The +corpus will need to be updated in that case. + +Updating the corpus +------------------- + +The client and server corpus is generated with multiple config options: + +- The options as documented above +- Without enable-ec_nistp_64_gcc_128 and without --debug +- With no-asm +- Using 32 bit +- A default config, plus options needed to generate the fuzzer. + +The libfuzzer merge option is used to add the additional coverage +from each config to the minimal set. + +Minimizing the corpus +--------------------- + +When you have gathered corpus data from more than one fuzzer run +or for any other reason want to minimize the data +in some corpus subdirectory `fuzz/corpora/DIR` this can be done as follows: + + mkdir fuzz/corpora/NEWDIR + fuzz/$FUZZER -merge=1 fuzz/corpora/NEWDIR fuzz/corpora/DIR diff --git a/fuzz/asn1.c b/fuzz/asn1.c new file mode 100644 index 000000000000..ee602a08a3d9 --- /dev/null +++ b/fuzz/asn1.c @@ -0,0 +1,375 @@ +/* + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Fuzz ASN.1 parsing for various data structures. Specify which on the + * command line: + * + * asn1 <data structure> + */ + +/* We need to use some deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + +#include <stdio.h> +#include <string.h> +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/dh.h> +#include <openssl/dsa.h> +#include <openssl/ec.h> +#include <openssl/ocsp.h> +#include <openssl/pkcs12.h> +#include <openssl/rsa.h> +#include <openssl/ts.h> +#include <openssl/x509v3.h> +#include <openssl/cms.h> +#include <openssl/ess.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/ssl.h> +#include "internal/nelem.h" +#include "fuzzer.h" + +static ASN1_ITEM_EXP *item_type[] = { + ASN1_ITEM_ref(ACCESS_DESCRIPTION), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(ASIdentifierChoice), + ASN1_ITEM_ref(ASIdentifiers), + ASN1_ITEM_ref(ASIdOrRange), +#endif + ASN1_ITEM_ref(ASN1_ANY), + ASN1_ITEM_ref(ASN1_BIT_STRING), + ASN1_ITEM_ref(ASN1_BMPSTRING), + ASN1_ITEM_ref(ASN1_BOOLEAN), + ASN1_ITEM_ref(ASN1_ENUMERATED), + ASN1_ITEM_ref(ASN1_FBOOLEAN), + ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + ASN1_ITEM_ref(ASN1_GENERALSTRING), + ASN1_ITEM_ref(ASN1_IA5STRING), + ASN1_ITEM_ref(ASN1_INTEGER), + ASN1_ITEM_ref(ASN1_NULL), + ASN1_ITEM_ref(ASN1_OBJECT), + ASN1_ITEM_ref(ASN1_OCTET_STRING), + ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF), + ASN1_ITEM_ref(ASN1_PRINTABLE), + ASN1_ITEM_ref(ASN1_PRINTABLESTRING), + ASN1_ITEM_ref(ASN1_SEQUENCE), + ASN1_ITEM_ref(ASN1_SEQUENCE_ANY), + ASN1_ITEM_ref(ASN1_SET_ANY), + ASN1_ITEM_ref(ASN1_T61STRING), + ASN1_ITEM_ref(ASN1_TBOOLEAN), + ASN1_ITEM_ref(ASN1_TIME), + ASN1_ITEM_ref(ASN1_UNIVERSALSTRING), + ASN1_ITEM_ref(ASN1_UTCTIME), + ASN1_ITEM_ref(ASN1_UTF8STRING), + ASN1_ITEM_ref(ASN1_VISIBLESTRING), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(ASRange), +#endif + ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), + ASN1_ITEM_ref(AUTHORITY_KEYID), + ASN1_ITEM_ref(BASIC_CONSTRAINTS), + ASN1_ITEM_ref(BIGNUM), + ASN1_ITEM_ref(CBIGNUM), + ASN1_ITEM_ref(CERTIFICATEPOLICIES), +#ifndef OPENSSL_NO_CMS + ASN1_ITEM_ref(CMS_ContentInfo), + ASN1_ITEM_ref(CMS_ReceiptRequest), + ASN1_ITEM_ref(CRL_DIST_POINTS), +#endif +#ifndef OPENSSL_NO_DH + ASN1_ITEM_ref(DHparams), +#endif + ASN1_ITEM_ref(DIRECTORYSTRING), + ASN1_ITEM_ref(DISPLAYTEXT), + ASN1_ITEM_ref(DIST_POINT), + ASN1_ITEM_ref(DIST_POINT_NAME), +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) + ASN1_ITEM_ref(ECPARAMETERS), + ASN1_ITEM_ref(ECPKPARAMETERS), +#endif + ASN1_ITEM_ref(EDIPARTYNAME), + ASN1_ITEM_ref(EXTENDED_KEY_USAGE), + ASN1_ITEM_ref(GENERAL_NAME), + ASN1_ITEM_ref(GENERAL_NAMES), + ASN1_ITEM_ref(GENERAL_SUBTREE), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(IPAddressChoice), + ASN1_ITEM_ref(IPAddressFamily), + ASN1_ITEM_ref(IPAddressOrRange), + ASN1_ITEM_ref(IPAddressRange), +#endif + ASN1_ITEM_ref(ISSUING_DIST_POINT), +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ASN1_ITEM_ref(LONG), +#endif + ASN1_ITEM_ref(NAME_CONSTRAINTS), + ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE), + ASN1_ITEM_ref(NETSCAPE_SPKAC), + ASN1_ITEM_ref(NETSCAPE_SPKI), + ASN1_ITEM_ref(NOTICEREF), +#ifndef OPENSSL_NO_OCSP + ASN1_ITEM_ref(OCSP_BASICRESP), + ASN1_ITEM_ref(OCSP_CERTID), + ASN1_ITEM_ref(OCSP_CERTSTATUS), + ASN1_ITEM_ref(OCSP_CRLID), + ASN1_ITEM_ref(OCSP_ONEREQ), + ASN1_ITEM_ref(OCSP_REQINFO), + ASN1_ITEM_ref(OCSP_REQUEST), + ASN1_ITEM_ref(OCSP_RESPBYTES), + ASN1_ITEM_ref(OCSP_RESPDATA), + ASN1_ITEM_ref(OCSP_RESPID), + ASN1_ITEM_ref(OCSP_RESPONSE), + ASN1_ITEM_ref(OCSP_REVOKEDINFO), + ASN1_ITEM_ref(OCSP_SERVICELOC), + ASN1_ITEM_ref(OCSP_SIGNATURE), + ASN1_ITEM_ref(OCSP_SINGLERESP), +#endif + ASN1_ITEM_ref(OTHERNAME), + ASN1_ITEM_ref(PBE2PARAM), + ASN1_ITEM_ref(PBEPARAM), + ASN1_ITEM_ref(PBKDF2PARAM), + ASN1_ITEM_ref(PKCS12), + ASN1_ITEM_ref(PKCS12_AUTHSAFES), + ASN1_ITEM_ref(PKCS12_BAGS), + ASN1_ITEM_ref(PKCS12_MAC_DATA), + ASN1_ITEM_ref(PKCS12_SAFEBAG), + ASN1_ITEM_ref(PKCS12_SAFEBAGS), + ASN1_ITEM_ref(PKCS7), + ASN1_ITEM_ref(PKCS7_ATTR_SIGN), + ASN1_ITEM_ref(PKCS7_ATTR_VERIFY), + ASN1_ITEM_ref(PKCS7_DIGEST), + ASN1_ITEM_ref(PKCS7_ENC_CONTENT), + ASN1_ITEM_ref(PKCS7_ENCRYPT), + ASN1_ITEM_ref(PKCS7_ENVELOPE), + ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL), + ASN1_ITEM_ref(PKCS7_RECIP_INFO), + ASN1_ITEM_ref(PKCS7_SIGNED), + ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE), + ASN1_ITEM_ref(PKCS7_SIGNER_INFO), + ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO), + ASN1_ITEM_ref(PKEY_USAGE_PERIOD), + ASN1_ITEM_ref(POLICY_CONSTRAINTS), + ASN1_ITEM_ref(POLICYINFO), + ASN1_ITEM_ref(POLICY_MAPPING), + ASN1_ITEM_ref(POLICY_MAPPINGS), + ASN1_ITEM_ref(POLICYQUALINFO), + ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), + ASN1_ITEM_ref(PROXY_POLICY), + ASN1_ITEM_ref(RSA_OAEP_PARAMS), + ASN1_ITEM_ref(RSA_PSS_PARAMS), +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ASN1_ITEM_ref(RSAPrivateKey), + ASN1_ITEM_ref(RSAPublicKey), +#endif + ASN1_ITEM_ref(SXNET), + ASN1_ITEM_ref(SXNETID), + ASN1_ITEM_ref(USERNOTICE), + ASN1_ITEM_ref(X509), + ASN1_ITEM_ref(X509_ALGOR), + ASN1_ITEM_ref(X509_ALGORS), + ASN1_ITEM_ref(X509_ATTRIBUTE), + ASN1_ITEM_ref(X509_CERT_AUX), + ASN1_ITEM_ref(X509_CINF), + ASN1_ITEM_ref(X509_CRL), + ASN1_ITEM_ref(X509_CRL_INFO), + ASN1_ITEM_ref(X509_EXTENSION), + ASN1_ITEM_ref(X509_EXTENSIONS), + ASN1_ITEM_ref(X509_NAME), + ASN1_ITEM_ref(X509_NAME_ENTRY), + ASN1_ITEM_ref(X509_PUBKEY), + ASN1_ITEM_ref(X509_REQ), + ASN1_ITEM_ref(X509_REQ_INFO), + ASN1_ITEM_ref(X509_REVOKED), + ASN1_ITEM_ref(X509_SIG), + ASN1_ITEM_ref(X509_VAL), +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ASN1_ITEM_ref(ZLONG), +#endif + ASN1_ITEM_ref(INT32), + ASN1_ITEM_ref(ZINT32), + ASN1_ITEM_ref(UINT32), + ASN1_ITEM_ref(ZUINT32), + ASN1_ITEM_ref(INT64), + ASN1_ITEM_ref(ZINT64), + ASN1_ITEM_ref(UINT64), + ASN1_ITEM_ref(ZUINT64), + NULL +}; + +static ASN1_PCTX *pctx; + +#define DO_TEST(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + int len2; \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + if (bio != NULL) { \ + PRINT(bio, type); \ + BIO_free(bio); \ + } \ + len2 = I2D(type, &der); \ + if (len2 != 0) {} \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + +#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + if (bio != NULL) { \ + PRINT(bio, type, 0); \ + BIO_free(bio); \ + } \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + +#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + if (bio != NULL) { \ + PRINT(bio, type, 0, pctx); \ + BIO_free(bio); \ + } \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + + +#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + + +int FuzzerInitialize(int *argc, char ***argv) +{ + FuzzerSetRand(); + pctx = ASN1_PCTX_new(); + ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | + ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | + ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME); + ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT | + ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL); + + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + int n; + + + for (n = 0; item_type[n] != NULL; ++n) { + const uint8_t *b = buf; + unsigned char *der = NULL; + const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]); + ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i); + + if (o != NULL) { + BIO *bio = BIO_new(BIO_s_null()); + if (bio != NULL) { + ASN1_item_print(bio, o, 4, i, pctx); + BIO_free(bio); + } + if (ASN1_item_i2d(o, &der, i) > 0) { + OPENSSL_free(der); + } + ASN1_item_free(o, i); + } + } + +#ifndef OPENSSL_NO_TS + DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio); + DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio); + DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio); + DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio); + DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio); + DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY); +#endif + DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL); + DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID); + DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT); + DO_TEST_NO_PRINT(ESS_CERT_ID_V2, d2i_ESS_CERT_ID_V2, i2d_ESS_CERT_ID_V2); + DO_TEST_NO_PRINT(ESS_SIGNING_CERT_V2, d2i_ESS_SIGNING_CERT_V2, i2d_ESS_SIGNING_CERT_V2); +#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) + DO_TEST_NO_PRINT(DH, d2i_DHparams, i2d_DHparams); + DO_TEST_NO_PRINT(DH, d2i_DHxparams, i2d_DHxparams); +#endif +#ifndef OPENSSL_NO_DSA + DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG); +# ifndef OPENSSL_NO_DEPRECATED_3_0 + DO_TEST_NO_PRINT(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey); + DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey); + DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams); +# endif +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 + DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey); +#endif +#ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 + DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); + DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); + DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print); + DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG); +# endif +#endif + DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private); + DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print); + + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ + ASN1_PCTX_free(pctx); + FuzzerClearRand(); +} diff --git a/fuzz/asn1parse.c b/fuzz/asn1parse.c new file mode 100644 index 000000000000..c25705cf730d --- /dev/null +++ b/fuzz/asn1parse.c @@ -0,0 +1,45 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Fuzz the parser used for dumping ASN.1 using "openssl asn1parse". + */ + +#include <stdio.h> +#include <openssl/asn1.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/err.h> +#include "fuzzer.h" + +static BIO *bio_out; + +int FuzzerInitialize(int *argc, char ***argv) +{ + bio_out = BIO_new(BIO_s_null()); /* output will be ignored */ + if (bio_out == NULL) + return 0; + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + (void)ASN1_parse_dump(bio_out, buf, len, 0, 0); + ERR_clear_error(); + return 0; +} + +void FuzzerCleanup(void) +{ + BIO_free(bio_out); +} diff --git a/fuzz/bignum.c b/fuzz/bignum.c new file mode 100644 index 000000000000..d7c3716aacb4 --- /dev/null +++ b/fuzz/bignum.c @@ -0,0 +1,109 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Confirm that a^b mod c agrees when calculated cleverly vs naively, for + * random a, b and c. + */ + +#include <stdio.h> +#include <openssl/bn.h> +#include <openssl/err.h> +#include "fuzzer.h" + + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + int success = 0; + size_t l1 = 0, l2 = 0, l3 = 0; + int s1 = 0, s3 = 0; + BN_CTX *ctx; + BIGNUM *b1; + BIGNUM *b2; + BIGNUM *b3; + BIGNUM *b4; + BIGNUM *b5; + + b1 = BN_new(); + b2 = BN_new(); + b3 = BN_new(); + b4 = BN_new(); + b5 = BN_new(); + ctx = BN_CTX_new(); + + /* Divide the input into three parts, using the values of the first two + * bytes to choose lengths, which generate b1, b2 and b3. Use three bits + * of the third byte to choose signs for the three numbers. + */ + if (len > 2) { + len -= 3; + l1 = (buf[0] * len) / 255; + ++buf; + l2 = (buf[0] * (len - l1)) / 255; + ++buf; + l3 = len - l1 - l2; + + s1 = buf[0] & 1; + s3 = buf[0] & 4; + ++buf; + } + OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1); + BN_set_negative(b1, s1); + OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2); + OPENSSL_assert(BN_bin2bn(buf + l1 + l2, l3, b3) == b3); + BN_set_negative(b3, s3); + + /* mod 0 is undefined */ + if (BN_is_zero(b3)) { + success = 1; + goto done; + } + + OPENSSL_assert(BN_mod_exp(b4, b1, b2, b3, ctx)); + OPENSSL_assert(BN_mod_exp_simple(b5, b1, b2, b3, ctx)); + + success = BN_cmp(b4, b5) == 0; + if (!success) { + BN_print_fp(stdout, b1); + putchar('\n'); + BN_print_fp(stdout, b2); + putchar('\n'); + BN_print_fp(stdout, b3); + putchar('\n'); + BN_print_fp(stdout, b4); + putchar('\n'); + BN_print_fp(stdout, b5); + putchar('\n'); + } + + done: + OPENSSL_assert(success); + BN_free(b1); + BN_free(b2); + BN_free(b3); + BN_free(b4); + BN_free(b5); + BN_CTX_free(ctx); + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ +} diff --git a/fuzz/bndiv.c b/fuzz/bndiv.c new file mode 100644 index 000000000000..d9467b5e8b41 --- /dev/null +++ b/fuzz/bndiv.c @@ -0,0 +1,131 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Confirm that if (d, r) = a / b, then b * d + r == a, and that sign(d) == + * sign(a), and 0 <= r <= b + */ + +#include <stdio.h> +#include <openssl/bn.h> +#include <openssl/err.h> +#include "fuzzer.h" + +/* 256 kB */ +#define MAX_LEN (256 * 1000) + +static BN_CTX *ctx; +static BIGNUM *b1; +static BIGNUM *b2; +static BIGNUM *b3; +static BIGNUM *b4; +static BIGNUM *b5; + +int FuzzerInitialize(int *argc, char ***argv) +{ + b1 = BN_new(); + b2 = BN_new(); + b3 = BN_new(); + b4 = BN_new(); + b5 = BN_new(); + ctx = BN_CTX_new(); + + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + int success = 0; + size_t l1 = 0, l2 = 0; + /* s1 and s2 will be the signs for b1 and b2. */ + int s1 = 0, s2 = 0; + + /* limit the size of the input to avoid timeout */ + if (len > MAX_LEN) + len = MAX_LEN; + + /* We are going to split the buffer in two, sizes l1 and l2, giving b1 and + * b2. + */ + if (len > 0) { + --len; + /* Use first byte to divide the remaining buffer into 3Fths. I admit + * this disallows some number sizes. If it matters, better ideas are + * welcome (Ben). + */ + l1 = ((buf[0] & 0x3f) * len) / 0x3f; + s1 = buf[0] & 0x40; + s2 = buf[0] & 0x80; + ++buf; + l2 = len - l1; + } + OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1); + BN_set_negative(b1, s1); + OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2); + BN_set_negative(b2, s2); + + /* divide by 0 is an error */ + if (BN_is_zero(b2)) { + success = 1; + goto done; + } + + OPENSSL_assert(BN_div(b3, b4, b1, b2, ctx)); + if (BN_is_zero(b1)) + success = BN_is_zero(b3) && BN_is_zero(b4); + else if (BN_is_negative(b1)) + success = (BN_is_negative(b3) != BN_is_negative(b2) || BN_is_zero(b3)) + && (BN_is_negative(b4) || BN_is_zero(b4)); + else + success = (BN_is_negative(b3) == BN_is_negative(b2) || BN_is_zero(b3)) + && (!BN_is_negative(b4) || BN_is_zero(b4)); + OPENSSL_assert(BN_mul(b5, b3, b2, ctx)); + OPENSSL_assert(BN_add(b5, b5, b4)); + + success = success && BN_cmp(b5, b1) == 0; + if (!success) { + BN_print_fp(stdout, b1); + putchar('\n'); + BN_print_fp(stdout, b2); + putchar('\n'); + BN_print_fp(stdout, b3); + putchar('\n'); + BN_print_fp(stdout, b4); + putchar('\n'); + BN_print_fp(stdout, b5); + putchar('\n'); + printf("%d %d %d %d %d %d %d\n", BN_is_negative(b1), + BN_is_negative(b2), + BN_is_negative(b3), BN_is_negative(b4), BN_is_zero(b4), + BN_is_negative(b3) != BN_is_negative(b2) + && (BN_is_negative(b4) || BN_is_zero(b4)), + BN_cmp(b5, b1)); + puts("----\n"); + } + + done: + OPENSSL_assert(success); + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ + BN_free(b1); + BN_free(b2); + BN_free(b3); + BN_free(b4); + BN_free(b5); + BN_CTX_free(ctx); +} diff --git a/fuzz/build.info b/fuzz/build.info new file mode 100644 index 000000000000..dc976b70f067 --- /dev/null +++ b/fuzz/build.info @@ -0,0 +1,146 @@ +{- use File::Spec::Functions; + our $ex_inc = $withargs{fuzzer_include} && + (file_name_is_absolute($withargs{fuzzer_include}) ? + $withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include})); + our $ex_lib = $withargs{fuzzer_lib} && + (file_name_is_absolute($withargs{fuzzer_lib}) ? + $withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib})); + "" +-} + +IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] + PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server + + IF[{- !$disabled{"cmp"} -}] + PROGRAMS{noinst}=cmp + ENDIF + + IF[{- !$disabled{"cms"} -}] + PROGRAMS{noinst}=cms + ENDIF + + IF[{- !$disabled{"ct"} -}] + PROGRAMS{noinst}=ct + ENDIF + + IF[{- !$disabled{"ocsp"} -}] + PROGRAMS{noinst}=x509 + ENDIF + + SOURCE[asn1]=asn1.c driver.c fuzz_rand.c + INCLUDE[asn1]=../include {- $ex_inc -} + DEPEND[asn1]=../libcrypto ../libssl {- $ex_lib -} + + SOURCE[asn1parse]=asn1parse.c driver.c + INCLUDE[asn1parse]=../include {- $ex_inc -} + DEPEND[asn1parse]=../libcrypto {- $ex_lib -} + + SOURCE[bignum]=bignum.c driver.c + INCLUDE[bignum]=../include {- $ex_inc -} + DEPEND[bignum]=../libcrypto {- $ex_lib -} + + SOURCE[bndiv]=bndiv.c driver.c + INCLUDE[bndiv]=../include {- $ex_inc -} + DEPEND[bndiv]=../libcrypto {- $ex_lib -} + + SOURCE[client]=client.c driver.c fuzz_rand.c + INCLUDE[client]=../include {- $ex_inc -} + DEPEND[client]=../libcrypto ../libssl {- $ex_lib -} + + SOURCE[cmp]=cmp.c driver.c fuzz_rand.c + INCLUDE[cmp]=../include {- $ex_inc -} + DEPEND[cmp]=../libcrypto {- $ex_lib -} + + SOURCE[cms]=cms.c driver.c + INCLUDE[cms]=../include {- $ex_inc -} + DEPEND[cms]=../libcrypto {- $ex_lib -} + + SOURCE[conf]=conf.c driver.c + INCLUDE[conf]=../include {- $ex_inc -} + DEPEND[conf]=../libcrypto {- $ex_lib -} + + SOURCE[crl]=crl.c driver.c + INCLUDE[crl]=../include {- $ex_inc -} + DEPEND[crl]=../libcrypto {- $ex_lib -} + + SOURCE[ct]=ct.c driver.c + INCLUDE[ct]=../include {- $ex_inc -} + DEPEND[ct]=../libcrypto {- $ex_lib -} + + SOURCE[server]=server.c driver.c fuzz_rand.c + INCLUDE[server]=../include {- $ex_inc -} + DEPEND[server]=../libcrypto ../libssl {- $ex_lib -} + + SOURCE[x509]=x509.c driver.c fuzz_rand.c + INCLUDE[x509]=../include {- $ex_inc -} + DEPEND[x509]=../libcrypto {- $ex_lib -} +ENDIF + +IF[{- !$disabled{tests} -}] + PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test + + IF[{- !$disabled{"cmp"} -}] + PROGRAMS{noinst}=cmp-test + ENDIF + + IF[{- !$disabled{"cms"} -}] + PROGRAMS{noinst}=cms-test + ENDIF + + IF[{- !$disabled{"ct"} -}] + PROGRAMS{noinst}=ct-test + ENDIF + + IF[{- !$disabled{"ocsp"} -}] + PROGRAMS{noinst}=x509-test + ENDIF + + SOURCE[asn1-test]=asn1.c test-corpus.c fuzz_rand.c + INCLUDE[asn1-test]=../include + DEPEND[asn1-test]=../libcrypto ../libssl + + SOURCE[asn1parse-test]=asn1parse.c test-corpus.c + INCLUDE[asn1parse-test]=../include + DEPEND[asn1parse-test]=../libcrypto + + SOURCE[bignum-test]=bignum.c test-corpus.c + INCLUDE[bignum-test]=../include + DEPEND[bignum-test]=../libcrypto + + SOURCE[bndiv-test]=bndiv.c test-corpus.c + INCLUDE[bndiv-test]=../include + DEPEND[bndiv-test]=../libcrypto + + SOURCE[client-test]=client.c test-corpus.c fuzz_rand.c + INCLUDE[client-test]=../include + DEPEND[client-test]=../libcrypto ../libssl + + SOURCE[cmp-test]=cmp.c test-corpus.c fuzz_rand.c + INCLUDE[cmp-test]=../include + DEPEND[cmp-test]=../libcrypto.a + # referring to static lib allows using non-exported functions + + SOURCE[cms-test]=cms.c test-corpus.c + INCLUDE[cms-test]=../include + DEPEND[cms-test]=../libcrypto + + SOURCE[conf-test]=conf.c test-corpus.c + INCLUDE[conf-test]=../include + DEPEND[conf-test]=../libcrypto + + SOURCE[crl-test]=crl.c test-corpus.c + INCLUDE[crl-test]=../include + DEPEND[crl-test]=../libcrypto + + SOURCE[ct-test]=ct.c test-corpus.c + INCLUDE[ct-test]=../include + DEPEND[ct-test]=../libcrypto + + SOURCE[server-test]=server.c test-corpus.c fuzz_rand.c + INCLUDE[server-test]=../include + DEPEND[server-test]=../libcrypto ../libssl + + SOURCE[x509-test]=x509.c test-corpus.c fuzz_rand.c + INCLUDE[x509-test]=../include + DEPEND[x509-test]=../libcrypto +ENDIF diff --git a/fuzz/client.c b/fuzz/client.c new file mode 100644 index 000000000000..1754add50967 --- /dev/null +++ b/fuzz/client.c @@ -0,0 +1,108 @@ +/* + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include <time.h> +#include <openssl/rand.h> +#include <openssl/ssl.h> +#include <openssl/rsa.h> +#include <openssl/dsa.h> +#include <openssl/ec.h> +#include <openssl/dh.h> +#include <openssl/err.h> +#include "fuzzer.h" + +/* unused, to avoid warning. */ +static int idx; + +#define FUZZTIME 1485898104 + +#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } + +/* + * This might not work in all cases (and definitely not on Windows + * because of the way linkers are) and callees can still get the + * current time instead of the fixed time. This will just result + * in things not being fully reproducible and have a slightly + * different coverage. + */ +#if !defined(_WIN32) +time_t time(time_t *t) TIME_IMPL(t) +#endif + +int FuzzerInitialize(int *argc, char ***argv) +{ + STACK_OF(SSL_COMP) *comp_methods; + + FuzzerSetRand(); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + comp_methods = SSL_COMP_get_compression_methods(); + if (comp_methods != NULL) + sk_SSL_COMP_sort(comp_methods); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + SSL *client = NULL; + BIO *in; + BIO *out; + SSL_CTX *ctx; + + if (len == 0) + return 0; + + /* This only fuzzes the initial flow from the client so far. */ + ctx = SSL_CTX_new(SSLv23_method()); + if (ctx == NULL) + goto end; + + client = SSL_new(ctx); + if (client == NULL) + goto end; + OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1); + OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1); + SSL_set_tlsext_host_name(client, "localhost"); + in = BIO_new(BIO_s_mem()); + if (in == NULL) + goto end; + out = BIO_new(BIO_s_mem()); + if (out == NULL) { + BIO_free(in); + goto end; + } + SSL_set_bio(client, in, out); + SSL_set_connect_state(client); + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + if (SSL_do_handshake(client) == 1) { + /* Keep reading application data until error or EOF. */ + uint8_t tmp[1024]; + for (;;) { + if (SSL_read(client, tmp, sizeof(tmp)) <= 0) { + break; + } + } + } + end: + SSL_free(client); + ERR_clear_error(); + SSL_CTX_free(ctx); + + return 0; +} + +void FuzzerCleanup(void) +{ + FuzzerClearRand(); +} diff --git a/fuzz/cmp.c b/fuzz/cmp.c new file mode 100644 index 000000000000..490c4211f8e2 --- /dev/null +++ b/fuzz/cmp.c @@ -0,0 +1,203 @@ +/* + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Test CMP DER parsing. + */ + +#include <openssl/bio.h> +#include <openssl/cmp.h> +#include "../crypto/cmp/cmp_local.h" +#include <openssl/err.h> +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + FuzzerSetRand(); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + return 1; +} + +static int num_responses; + +static OSSL_CMP_MSG *transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req) +{ + if (num_responses++ > 2) + return NULL; /* prevent loops due to repeated pollRep */ + return OSSL_CMP_MSG_dup((OSSL_CMP_MSG *) + OSSL_CMP_CTX_get_transfer_cb_arg(ctx)); +} + +static int print_noop(const char *func, const char *file, int line, + OSSL_CMP_severity level, const char *msg) +{ + return 1; +} + +static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *rep, + int invalid_protection, int expected_type) +{ + return 1; +} + +static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) +{ + X509_NAME *name = X509_NAME_new(); + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + + ctx->unprotectedSend = 1; /* satisfy ossl_cmp_msg_protect() */ + ctx->disableConfirm = 1; /* check just one response message */ + ctx->popoMethod = OSSL_CRMF_POPO_NONE; /* satisfy ossl_cmp_certReq_new() */ + ctx->oldCert = X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */ + if (!OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)"", + 0) /* prevent too unspecific error */ + || ctx->oldCert == NULL + || name == NULL || !X509_set_issuer_name(ctx->oldCert, name) + || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial)) + goto err; + + (void)OSSL_CMP_CTX_set_transfer_cb(ctx, transfer_cb); + (void)OSSL_CMP_CTX_set_transfer_cb_arg(ctx, msg); + (void)OSSL_CMP_CTX_set_log_cb(ctx, print_noop); + num_responses = 0; + switch (msg->body != NULL ? msg->body->type : -1) { + case OSSL_CMP_PKIBODY_IP: + (void)OSSL_CMP_exec_IR_ses(ctx); + break; + case OSSL_CMP_PKIBODY_CP: + (void)OSSL_CMP_exec_CR_ses(ctx); + (void)OSSL_CMP_exec_P10CR_ses(ctx); + break; + case OSSL_CMP_PKIBODY_KUP: + (void)OSSL_CMP_exec_KUR_ses(ctx); + break; + case OSSL_CMP_PKIBODY_POLLREP: + ctx->status = OSSL_CMP_PKISTATUS_waiting; + (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL, NULL); + break; + case OSSL_CMP_PKIBODY_RP: + (void)OSSL_CMP_exec_RR_ses(ctx); + break; + case OSSL_CMP_PKIBODY_GENP: + sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx), + OSSL_CMP_ITAV_free); + break; + default: + (void)ossl_cmp_msg_check_update(ctx, msg, allow_unprotected, 0); + break; + } + err: + X509_NAME_free(name); + ASN1_INTEGER_free(serial); +} + +static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *cert_req, + int certReqId, + const OSSL_CRMF_MSG *crm, + const X509_REQ *p10cr, + X509 **certOut, + STACK_OF(X509) **chainOut, + STACK_OF(X509) **caPubs) +{ + ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); + return NULL; +} + +static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *rr, + const X509_NAME *issuer, + const ASN1_INTEGER *serial) +{ + ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); + return NULL; +} + +static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *genm, + const STACK_OF(OSSL_CMP_ITAV) *in, + STACK_OF(OSSL_CMP_ITAV) **out) +{ + ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); + return 0; +} + +static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error, + const OSSL_CMP_PKISI *statusInfo, + const ASN1_INTEGER *errorCode, + const OSSL_CMP_PKIFREETEXT *errorDetails) +{ + ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); +} + +static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *certConf, int certReqId, + const ASN1_OCTET_STRING *certHash, + const OSSL_CMP_PKISI *si) +{ + ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); + return 0; +} + +static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *pollReq, int certReqId, + OSSL_CMP_MSG **certReq, int64_t *check_after) +{ + ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); + return 0; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + OSSL_CMP_MSG *msg; + BIO *in; + + if (len == 0) + return 0; + + in = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + msg = d2i_OSSL_CMP_MSG_bio(in, NULL); + if (msg != NULL) { + BIO *out = BIO_new(BIO_s_null()); + OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(NULL, NULL); + OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new(NULL, NULL); + + i2d_OSSL_CMP_MSG_bio(out, msg); + ASN1_item_print(out, (ASN1_VALUE *)msg, 4, + ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL); + BIO_free(out); + + if (client_ctx != NULL) + cmp_client_process_response(client_ctx, msg); + if (srv_ctx != NULL + && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx), + print_noop) + && OSSL_CMP_SRV_CTX_init(srv_ctx, NULL, process_cert_request, + process_rr, process_genm, process_error, + process_certConf, process_pollReq)) + OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx, msg)); + + OSSL_CMP_CTX_free(client_ctx); + OSSL_CMP_SRV_CTX_free(srv_ctx); + OSSL_CMP_MSG_free(msg); + } + + BIO_free(in); + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ + FuzzerClearRand(); +} diff --git a/fuzz/cms.c b/fuzz/cms.c new file mode 100644 index 000000000000..d464429a5407 --- /dev/null +++ b/fuzz/cms.c @@ -0,0 +1,55 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Test CMS DER parsing. + */ + +#include <openssl/bio.h> +#include <openssl/cms.h> +#include <openssl/err.h> +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + CMS_ContentInfo *cms; + BIO *in; + + if (len == 0) + return 0; + + in = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + cms = d2i_CMS_bio(in, NULL); + if (cms != NULL) { + BIO *out = BIO_new(BIO_s_null()); + + i2d_CMS_bio(out, cms); + BIO_free(out); + CMS_ContentInfo_free(cms); + } + + BIO_free(in); + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ +} diff --git a/fuzz/conf.c b/fuzz/conf.c new file mode 100644 index 000000000000..72e4b358fd86 --- /dev/null +++ b/fuzz/conf.c @@ -0,0 +1,48 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Test configuration parsing. + */ + +#include <openssl/conf.h> +#include <openssl/err.h> +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + CONF *conf; + BIO *in; + long eline; + + if (len == 0) + return 0; + + conf = NCONF_new(NULL); + in = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + NCONF_load_bio(conf, in, &eline); + NCONF_free(conf); + BIO_free(in); + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ +} diff --git a/fuzz/crl.c b/fuzz/crl.c new file mode 100644 index 000000000000..9e18dcb94b36 --- /dev/null +++ b/fuzz/crl.c @@ -0,0 +1,47 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include <openssl/x509.h> +#include <openssl/bio.h> +#include <openssl/err.h> +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + const unsigned char *p = buf; + unsigned char *der = NULL; + + X509_CRL *crl = d2i_X509_CRL(NULL, &p, len); + if (crl != NULL) { + BIO *bio = BIO_new(BIO_s_null()); + X509_CRL_print(bio, crl); + BIO_free(bio); + + i2d_X509_CRL(crl, &der); + OPENSSL_free(der); + + X509_CRL_free(crl); + } + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ +} diff --git a/fuzz/ct.c b/fuzz/ct.c new file mode 100644 index 000000000000..b37b11039c0b --- /dev/null +++ b/fuzz/ct.c @@ -0,0 +1,51 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Fuzz the SCT parser. + */ + +#include <stdio.h> +#include <openssl/ct.h> +#include <openssl/err.h> +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + CRYPTO_free_ex_index(0, -1); + ERR_clear_error(); + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + const uint8_t **pp = &buf; + unsigned char *der = NULL; + STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len); + if (scts != NULL) { + BIO *bio = BIO_new(BIO_s_null()); + SCT_LIST_print(scts, bio, 4, "\n", NULL); + BIO_free(bio); + + if (i2d_SCT_LIST(scts, &der)) { + /* Silence unused result warning */ + } + OPENSSL_free(der); + + SCT_LIST_free(scts); + } + ERR_clear_error(); + return 0; +} + +void FuzzerCleanup(void) +{ +} diff --git a/fuzz/driver.c b/fuzz/driver.c new file mode 100644 index 000000000000..337b8de5eb51 --- /dev/null +++ b/fuzz/driver.c @@ -0,0 +1,55 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ +#include <stdint.h> +#include <unistd.h> +#include <stdlib.h> +#include <openssl/opensslconf.h> +#include "fuzzer.h" + +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER + +int LLVMFuzzerInitialize(int *argc, char ***argv); +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len); + +int LLVMFuzzerInitialize(int *argc, char ***argv) +{ + return FuzzerInitialize(argc, argv); +} + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + return FuzzerTestOneInput(buf, len); +} + +#elif !defined(OPENSSL_NO_FUZZ_AFL) + +#define BUF_SIZE 65536 + +int main(int argc, char** argv) +{ + FuzzerInitialize(&argc, &argv); + + while (__AFL_LOOP(10000)) { + uint8_t *buf = malloc(BUF_SIZE); + size_t size = read(0, buf, BUF_SIZE); + + FuzzerTestOneInput(buf, size); + free(buf); + } + + FuzzerCleanup(); + return 0; +} + +#else + +#error "Unsupported fuzzer" + +#endif diff --git a/fuzz/fuzz_rand.c b/fuzz/fuzz_rand.c new file mode 100644 index 000000000000..6d160b092110 --- /dev/null +++ b/fuzz/fuzz_rand.c @@ -0,0 +1,168 @@ +/* + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include <openssl/core_names.h> +#include <openssl/rand.h> +#include <openssl/provider.h> +#include "fuzzer.h" + +static OSSL_FUNC_rand_newctx_fn fuzz_rand_newctx; +static OSSL_FUNC_rand_freectx_fn fuzz_rand_freectx; +static OSSL_FUNC_rand_instantiate_fn fuzz_rand_instantiate; +static OSSL_FUNC_rand_uninstantiate_fn fuzz_rand_uninstantiate; +static OSSL_FUNC_rand_generate_fn fuzz_rand_generate; +static OSSL_FUNC_rand_gettable_ctx_params_fn fuzz_rand_gettable_ctx_params; +static OSSL_FUNC_rand_get_ctx_params_fn fuzz_rand_get_ctx_params; +static OSSL_FUNC_rand_enable_locking_fn fuzz_rand_enable_locking; + +static void *fuzz_rand_newctx( + void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch) +{ + int *st = OPENSSL_malloc(sizeof(*st)); + + if (st != NULL) + *st = EVP_RAND_STATE_UNINITIALISED; + return st; +} + +static void fuzz_rand_freectx(ossl_unused void *vrng) +{ + OPENSSL_free(vrng); +} + +static int fuzz_rand_instantiate(ossl_unused void *vrng, + ossl_unused unsigned int strength, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *pstr, + ossl_unused size_t pstr_len, + ossl_unused const OSSL_PARAM params[]) +{ + *(int *)vrng = EVP_RAND_STATE_READY; + return 1; +} + +static int fuzz_rand_uninstantiate(ossl_unused void *vrng) +{ + *(int *)vrng = EVP_RAND_STATE_UNINITIALISED; + return 1; +} + +static int fuzz_rand_generate(ossl_unused void *vdrbg, + unsigned char *out, size_t outlen, + ossl_unused unsigned int strength, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *adin, + ossl_unused size_t adinlen) +{ + unsigned char val = 1; + size_t i; + + for (i = 0; i < outlen; i++) + out[i] = val++; + return 1; +} + +static int fuzz_rand_enable_locking(ossl_unused void *vrng) +{ + return 1; +} + +static int fuzz_rand_get_ctx_params(void *vrng, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE); + if (p != NULL && !OSSL_PARAM_set_int(p, *(int *)vrng)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH); + if (p != NULL && !OSSL_PARAM_set_int(p, 500)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); + if (p != NULL && !OSSL_PARAM_set_size_t(p, INT_MAX)) + return 0; + return 1; +} + +static const OSSL_PARAM *fuzz_rand_gettable_ctx_params(ossl_unused void *vrng, + ossl_unused void *provctx) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), + OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL), + OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +} + +static const OSSL_DISPATCH fuzz_rand_functions[] = { + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))fuzz_rand_newctx }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))fuzz_rand_freectx }, + { OSSL_FUNC_RAND_INSTANTIATE, (void (*)(void))fuzz_rand_instantiate }, + { OSSL_FUNC_RAND_UNINSTANTIATE, (void (*)(void))fuzz_rand_uninstantiate }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))fuzz_rand_generate }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))fuzz_rand_enable_locking }, + { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, + (void(*)(void))fuzz_rand_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fuzz_rand_get_ctx_params }, + { 0, NULL } +}; + +static const OSSL_ALGORITHM fuzz_rand_rand[] = { + { "fuzz", "provider=fuzz-rand", fuzz_rand_functions }, + { NULL, NULL, NULL } +}; + +static const OSSL_ALGORITHM *fuzz_rand_query(void *provctx, + int operation_id, + int *no_cache) +{ + *no_cache = 0; + switch (operation_id) { + case OSSL_OP_RAND: + return fuzz_rand_rand; + } + return NULL; +} + +/* Functions we provide to the core */ +static const OSSL_DISPATCH fuzz_rand_method[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fuzz_rand_query }, + { 0, NULL } +}; + +static int fuzz_rand_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, void **provctx) +{ + *provctx = OSSL_LIB_CTX_new(); + if (*provctx == NULL) + return 0; + *out = fuzz_rand_method; + return 1; +} + +static OSSL_PROVIDER *r_prov; + +void FuzzerSetRand(void) +{ + if (!OSSL_PROVIDER_add_builtin(NULL, "fuzz-rand", fuzz_rand_provider_init) + || !RAND_set_DRBG_type(NULL, "fuzz", NULL, NULL, NULL) + || (r_prov = OSSL_PROVIDER_try_load(NULL, "fuzz-rand", 1)) == NULL) + exit(1); +} + +void FuzzerClearRand(void) +{ + OSSL_PROVIDER_unload(r_prov); +} diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h new file mode 100644 index 000000000000..cd460dea8d94 --- /dev/null +++ b/fuzz/fuzzer.h @@ -0,0 +1,16 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +int FuzzerTestOneInput(const uint8_t *buf, size_t len); +int FuzzerInitialize(int *argc, char ***argv); +void FuzzerCleanup(void); + +void FuzzerSetRand(void); +void FuzzerClearRand(void); diff --git a/fuzz/helper.py b/fuzz/helper.py new file mode 100755 index 000000000000..9185b17228bb --- /dev/null +++ b/fuzz/helper.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +"""Fuzzing helper, creates and uses corpus/crash directories. + +fuzzer.py <fuzzer> <extra fuzzer arguments> +""" + +import os +import subprocess +import sys + +FUZZER = sys.argv[1] + +THIS_DIR = os.path.abspath(os.path.dirname(__file__)) +CORPORA_DIR = os.path.abspath(os.path.join(THIS_DIR, "corpora")) + +FUZZER_DIR = os.path.abspath(os.path.join(CORPORA_DIR, FUZZER)) +if not os.path.isdir(FUZZER_DIR): + os.mkdir(FUZZER_DIR) + +corpora = [] + +def _create(d): + dd = os.path.abspath(os.path.join(CORPORA_DIR, d)) + if not os.path.isdir(dd): + os.mkdir(dd) + corpora.append(dd) + +def _add(d): + dd = os.path.abspath(os.path.join(CORPORA_DIR, d)) + if os.path.isdir(dd): + corpora.append(dd) + +def main(): + _create(FUZZER) + _create(FUZZER + "-crash") + _add(FUZZER + "-seed") + + cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + sys.argv[2:] + + ["-artifact_prefix=" + corpora[1] + "/"] + corpora) + print(" ".join(cmd)) + subprocess.call(cmd) + +if __name__ == "__main__": + main() diff --git a/fuzz/mkfuzzoids.pl b/fuzz/mkfuzzoids.pl new file mode 100755 index 000000000000..56021717a8d4 --- /dev/null +++ b/fuzz/mkfuzzoids.pl @@ -0,0 +1,42 @@ +#! /usr/bin/env perl +# Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +use FindBin; +use lib "$FindBin::Bin/../util/perl"; +use OpenSSL::copyright; + +my $obj_dat_h = $ARGV[0]; +my $YEAR = OpenSSL::copyright::latest(($0, $obj_dat_h)); +print <<"EOF"; +# WARNING: do not edit! +# Generated by fuzz/mkfuzzoids.pl +# +# Copyright 2020-$YEAR The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +EOF + +open IN, '<', $obj_dat_h + || die "Couldn't open $obj_dat_h : $!\n"; + +while(<IN>) { + s|\R$||; # Better chomp + + next unless m|^\s+((0x[0-9A-F][0-9A-F],)*)\s+/\*\s\[\s*\d+\]\s(OBJ_\w+)\s\*/$|; + + my $OID = $1; + my $OBJname = $3; + + $OID =~ s|0x|\\x|g; + $OID =~ s|,||g; + + print "$OBJname=\"$OID\"\n"; +} +close IN; diff --git a/fuzz/oids.txt b/fuzz/oids.txt new file mode 100644 index 000000000000..36c79212bb75 --- /dev/null +++ b/fuzz/oids.txt @@ -0,0 +1,1113 @@ +# WARNING: do not edit! +# Generated by fuzz/mkfuzzoids.pl +# +# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +OBJ_rsadsi="\x2A\x86\x48\x86\xF7\x0D" +OBJ_pkcs="\x2A\x86\x48\x86\xF7\x0D\x01" +OBJ_md2="\x2A\x86\x48\x86\xF7\x0D\x02\x02" +OBJ_md5="\x2A\x86\x48\x86\xF7\x0D\x02\x05" +OBJ_rc4="\x2A\x86\x48\x86\xF7\x0D\x03\x04" +OBJ_rsaEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" +OBJ_md2WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02" +OBJ_md5WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04" +OBJ_pbeWithMD2AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x01" +OBJ_pbeWithMD5AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x03" +OBJ_X500="\x55" +OBJ_X509="\x55\x04" +OBJ_commonName="\x55\x04\x03" +OBJ_countryName="\x55\x04\x06" +OBJ_localityName="\x55\x04\x07" +OBJ_stateOrProvinceName="\x55\x04\x08" +OBJ_organizationName="\x55\x04\x0A" +OBJ_organizationalUnitName="\x55\x04\x0B" +OBJ_rsa="\x55\x08\x01\x01" +OBJ_pkcs7="\x2A\x86\x48\x86\xF7\x0D\x01\x07" +OBJ_pkcs7_data="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01" +OBJ_pkcs7_signed="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02" +OBJ_pkcs7_enveloped="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03" +OBJ_pkcs7_signedAndEnveloped="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x04" +OBJ_pkcs7_digest="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x05" +OBJ_pkcs7_encrypted="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x06" +OBJ_pkcs3="\x2A\x86\x48\x86\xF7\x0D\x01\x03" +OBJ_dhKeyAgreement="\x2A\x86\x48\x86\xF7\x0D\x01\x03\x01" +OBJ_des_ecb="\x2B\x0E\x03\x02\x06" +OBJ_des_cfb64="\x2B\x0E\x03\x02\x09" +OBJ_des_cbc="\x2B\x0E\x03\x02\x07" +OBJ_des_ede_ecb="\x2B\x0E\x03\x02\x11" +OBJ_idea_cbc="\x2B\x06\x01\x04\x01\x81\x3C\x07\x01\x01\x02" +OBJ_rc2_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x02" +OBJ_sha="\x2B\x0E\x03\x02\x12" +OBJ_shaWithRSAEncryption="\x2B\x0E\x03\x02\x0F" +OBJ_des_ede3_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x07" +OBJ_des_ofb64="\x2B\x0E\x03\x02\x08" +OBJ_pkcs9="\x2A\x86\x48\x86\xF7\x0D\x01\x09" +OBJ_pkcs9_emailAddress="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" +OBJ_pkcs9_unstructuredName="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x02" +OBJ_pkcs9_contentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03" +OBJ_pkcs9_messageDigest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x04" +OBJ_pkcs9_signingTime="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x05" +OBJ_pkcs9_countersignature="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x06" +OBJ_pkcs9_challengePassword="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x07" +OBJ_pkcs9_unstructuredAddress="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x08" +OBJ_pkcs9_extCertAttributes="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x09" +OBJ_netscape="\x60\x86\x48\x01\x86\xF8\x42" +OBJ_netscape_cert_extension="\x60\x86\x48\x01\x86\xF8\x42\x01" +OBJ_netscape_data_type="\x60\x86\x48\x01\x86\xF8\x42\x02" +OBJ_sha1="\x2B\x0E\x03\x02\x1A" +OBJ_sha1WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05" +OBJ_dsaWithSHA="\x2B\x0E\x03\x02\x0D" +OBJ_dsa_2="\x2B\x0E\x03\x02\x0C" +OBJ_pbeWithSHA1AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0B" +OBJ_id_pbkdf2="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0C" +OBJ_dsaWithSHA1_2="\x2B\x0E\x03\x02\x1B" +OBJ_netscape_cert_type="\x60\x86\x48\x01\x86\xF8\x42\x01\x01" +OBJ_netscape_base_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x02" +OBJ_netscape_revocation_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x03" +OBJ_netscape_ca_revocation_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x04" +OBJ_netscape_renewal_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x07" +OBJ_netscape_ca_policy_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x08" +OBJ_netscape_ssl_server_name="\x60\x86\x48\x01\x86\xF8\x42\x01\x0C" +OBJ_netscape_comment="\x60\x86\x48\x01\x86\xF8\x42\x01\x0D" +OBJ_netscape_cert_sequence="\x60\x86\x48\x01\x86\xF8\x42\x02\x05" +OBJ_id_ce="\x55\x1D" +OBJ_subject_key_identifier="\x55\x1D\x0E" +OBJ_key_usage="\x55\x1D\x0F" +OBJ_private_key_usage_period="\x55\x1D\x10" +OBJ_subject_alt_name="\x55\x1D\x11" +OBJ_issuer_alt_name="\x55\x1D\x12" +OBJ_basic_constraints="\x55\x1D\x13" +OBJ_crl_number="\x55\x1D\x14" +OBJ_certificate_policies="\x55\x1D\x20" +OBJ_authority_key_identifier="\x55\x1D\x23" +OBJ_bf_cbc="\x2B\x06\x01\x04\x01\x97\x55\x01\x02" +OBJ_mdc2="\x55\x08\x03\x65" +OBJ_mdc2WithRSA="\x55\x08\x03\x64" +OBJ_givenName="\x55\x04\x2A" +OBJ_surname="\x55\x04\x04" +OBJ_initials="\x55\x04\x2B" +OBJ_uniqueIdentifier="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2C" +OBJ_crl_distribution_points="\x55\x1D\x1F" +OBJ_md5WithRSA="\x2B\x0E\x03\x02\x03" +OBJ_serialNumber="\x55\x04\x05" +OBJ_title="\x55\x04\x0C" +OBJ_description="\x55\x04\x0D" +OBJ_cast5_cbc="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0A" +OBJ_pbeWithMD5AndCast5_CBC="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0C" +OBJ_dsaWithSHA1="\x2A\x86\x48\xCE\x38\x04\x03" +OBJ_sha1WithRSA="\x2B\x0E\x03\x02\x1D" +OBJ_dsa="\x2A\x86\x48\xCE\x38\x04\x01" +OBJ_ripemd160="\x2B\x24\x03\x02\x01" +OBJ_ripemd160WithRSA="\x2B\x24\x03\x03\x01\x02" +OBJ_rc5_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x08" +OBJ_zlib_compression="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x08" +OBJ_ext_key_usage="\x55\x1D\x25" +OBJ_id_pkix="\x2B\x06\x01\x05\x05\x07" +OBJ_id_kp="\x2B\x06\x01\x05\x05\x07\x03" +OBJ_server_auth="\x2B\x06\x01\x05\x05\x07\x03\x01" +OBJ_client_auth="\x2B\x06\x01\x05\x05\x07\x03\x02" +OBJ_code_sign="\x2B\x06\x01\x05\x05\x07\x03\x03" +OBJ_email_protect="\x2B\x06\x01\x05\x05\x07\x03\x04" +OBJ_time_stamp="\x2B\x06\x01\x05\x05\x07\x03\x08" +OBJ_ms_code_ind="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x15" +OBJ_ms_code_com="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x16" +OBJ_ms_ctl_sign="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x01" +OBJ_ms_sgc="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03" +OBJ_ms_efs="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x04" +OBJ_ns_sgc="\x60\x86\x48\x01\x86\xF8\x42\x04\x01" +OBJ_delta_crl="\x55\x1D\x1B" +OBJ_crl_reason="\x55\x1D\x15" +OBJ_invalidity_date="\x55\x1D\x18" +OBJ_sxnet="\x2B\x65\x01\x04\x01" +OBJ_pbe_WithSHA1And128BitRC4="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x01" +OBJ_pbe_WithSHA1And40BitRC4="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x02" +OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x03" +OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x04" +OBJ_pbe_WithSHA1And128BitRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x05" +OBJ_pbe_WithSHA1And40BitRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x06" +OBJ_keyBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x01" +OBJ_pkcs8ShroudedKeyBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x02" +OBJ_certBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x03" +OBJ_crlBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x04" +OBJ_secretBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x05" +OBJ_safeContentsBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x06" +OBJ_friendlyName="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x14" +OBJ_localKeyID="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x15" +OBJ_x509Certificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x01" +OBJ_sdsiCertificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x02" +OBJ_x509Crl="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x17\x01" +OBJ_pbes2="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0D" +OBJ_pbmac1="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0E" +OBJ_hmacWithSHA1="\x2A\x86\x48\x86\xF7\x0D\x02\x07" +OBJ_id_qt_cps="\x2B\x06\x01\x05\x05\x07\x02\x01" +OBJ_id_qt_unotice="\x2B\x06\x01\x05\x05\x07\x02\x02" +OBJ_SMIMECapabilities="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0F" +OBJ_pbeWithMD2AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x04" +OBJ_pbeWithMD5AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x06" +OBJ_pbeWithSHA1AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0A" +OBJ_ms_ext_req="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x0E" +OBJ_ext_req="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0E" +OBJ_name="\x55\x04\x29" +OBJ_dnQualifier="\x55\x04\x2E" +OBJ_id_pe="\x2B\x06\x01\x05\x05\x07\x01" +OBJ_id_ad="\x2B\x06\x01\x05\x05\x07\x30" +OBJ_info_access="\x2B\x06\x01\x05\x05\x07\x01\x01" +OBJ_ad_OCSP="\x2B\x06\x01\x05\x05\x07\x30\x01" +OBJ_ad_ca_issuers="\x2B\x06\x01\x05\x05\x07\x30\x02" +OBJ_OCSP_sign="\x2B\x06\x01\x05\x05\x07\x03\x09" +OBJ_member_body="\x2A" +OBJ_ISO_US="\x2A\x86\x48" +OBJ_X9_57="\x2A\x86\x48\xCE\x38" +OBJ_X9cm="\x2A\x86\x48\xCE\x38\x04" +OBJ_pkcs1="\x2A\x86\x48\x86\xF7\x0D\x01\x01" +OBJ_pkcs5="\x2A\x86\x48\x86\xF7\x0D\x01\x05" +OBJ_SMIME="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10" +OBJ_id_smime_mod="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00" +OBJ_id_smime_ct="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01" +OBJ_id_smime_aa="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02" +OBJ_id_smime_alg="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03" +OBJ_id_smime_cd="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x04" +OBJ_id_smime_spq="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05" +OBJ_id_smime_cti="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06" +OBJ_id_smime_mod_cms="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x01" +OBJ_id_smime_mod_ess="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x02" +OBJ_id_smime_mod_oid="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x03" +OBJ_id_smime_mod_msg_v3="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x04" +OBJ_id_smime_mod_ets_eSignature_88="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x05" +OBJ_id_smime_mod_ets_eSignature_97="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x06" +OBJ_id_smime_mod_ets_eSigPolicy_88="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x07" +OBJ_id_smime_mod_ets_eSigPolicy_97="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x08" +OBJ_id_smime_ct_receipt="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x01" +OBJ_id_smime_ct_authData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x02" +OBJ_id_smime_ct_publishCert="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x03" +OBJ_id_smime_ct_TSTInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x04" +OBJ_id_smime_ct_TDTInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x05" +OBJ_id_smime_ct_contentInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x06" +OBJ_id_smime_ct_DVCSRequestData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x07" +OBJ_id_smime_ct_DVCSResponseData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x08" +OBJ_id_smime_aa_receiptRequest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x01" +OBJ_id_smime_aa_securityLabel="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x02" +OBJ_id_smime_aa_mlExpandHistory="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x03" +OBJ_id_smime_aa_contentHint="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x04" +OBJ_id_smime_aa_msgSigDigest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x05" +OBJ_id_smime_aa_encapContentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x06" +OBJ_id_smime_aa_contentIdentifier="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x07" +OBJ_id_smime_aa_macValue="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x08" +OBJ_id_smime_aa_equivalentLabels="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x09" +OBJ_id_smime_aa_contentReference="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0A" +OBJ_id_smime_aa_encrypKeyPref="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0B" +OBJ_id_smime_aa_signingCertificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0C" +OBJ_id_smime_aa_smimeEncryptCerts="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0D" +OBJ_id_smime_aa_timeStampToken="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0E" +OBJ_id_smime_aa_ets_sigPolicyId="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0F" +OBJ_id_smime_aa_ets_commitmentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x10" +OBJ_id_smime_aa_ets_signerLocation="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x11" +OBJ_id_smime_aa_ets_signerAttr="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x12" +OBJ_id_smime_aa_ets_otherSigCert="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x13" +OBJ_id_smime_aa_ets_contentTimestamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x14" +OBJ_id_smime_aa_ets_CertificateRefs="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x15" +OBJ_id_smime_aa_ets_RevocationRefs="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x16" +OBJ_id_smime_aa_ets_certValues="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x17" +OBJ_id_smime_aa_ets_revocationValues="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x18" +OBJ_id_smime_aa_ets_escTimeStamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x19" +OBJ_id_smime_aa_ets_certCRLTimestamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1A" +OBJ_id_smime_aa_ets_archiveTimeStamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1B" +OBJ_id_smime_aa_signatureType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1C" +OBJ_id_smime_aa_dvcs_dvc="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1D" +OBJ_id_smime_alg_ESDHwith3DES="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x01" +OBJ_id_smime_alg_ESDHwithRC2="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x02" +OBJ_id_smime_alg_3DESwrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x03" +OBJ_id_smime_alg_RC2wrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x04" +OBJ_id_smime_alg_ESDH="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x05" +OBJ_id_smime_alg_CMS3DESwrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x06" +OBJ_id_smime_alg_CMSRC2wrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x07" +OBJ_id_smime_cd_ldap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x04\x01" +OBJ_id_smime_spq_ets_sqt_uri="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05\x01" +OBJ_id_smime_spq_ets_sqt_unotice="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05\x02" +OBJ_id_smime_cti_ets_proofOfOrigin="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x01" +OBJ_id_smime_cti_ets_proofOfReceipt="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x02" +OBJ_id_smime_cti_ets_proofOfDelivery="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x03" +OBJ_id_smime_cti_ets_proofOfSender="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x04" +OBJ_id_smime_cti_ets_proofOfApproval="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x05" +OBJ_id_smime_cti_ets_proofOfCreation="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x06" +OBJ_md4="\x2A\x86\x48\x86\xF7\x0D\x02\x04" +OBJ_id_pkix_mod="\x2B\x06\x01\x05\x05\x07\x00" +OBJ_id_qt="\x2B\x06\x01\x05\x05\x07\x02" +OBJ_id_it="\x2B\x06\x01\x05\x05\x07\x04" +OBJ_id_pkip="\x2B\x06\x01\x05\x05\x07\x05" +OBJ_id_alg="\x2B\x06\x01\x05\x05\x07\x06" +OBJ_id_cmc="\x2B\x06\x01\x05\x05\x07\x07" +OBJ_id_on="\x2B\x06\x01\x05\x05\x07\x08" +OBJ_id_pda="\x2B\x06\x01\x05\x05\x07\x09" +OBJ_id_aca="\x2B\x06\x01\x05\x05\x07\x0A" +OBJ_id_qcs="\x2B\x06\x01\x05\x05\x07\x0B" +OBJ_id_cct="\x2B\x06\x01\x05\x05\x07\x0C" +OBJ_id_pkix1_explicit_88="\x2B\x06\x01\x05\x05\x07\x00\x01" +OBJ_id_pkix1_implicit_88="\x2B\x06\x01\x05\x05\x07\x00\x02" +OBJ_id_pkix1_explicit_93="\x2B\x06\x01\x05\x05\x07\x00\x03" +OBJ_id_pkix1_implicit_93="\x2B\x06\x01\x05\x05\x07\x00\x04" +OBJ_id_mod_crmf="\x2B\x06\x01\x05\x05\x07\x00\x05" +OBJ_id_mod_cmc="\x2B\x06\x01\x05\x05\x07\x00\x06" +OBJ_id_mod_kea_profile_88="\x2B\x06\x01\x05\x05\x07\x00\x07" +OBJ_id_mod_kea_profile_93="\x2B\x06\x01\x05\x05\x07\x00\x08" +OBJ_id_mod_cmp="\x2B\x06\x01\x05\x05\x07\x00\x09" +OBJ_id_mod_qualified_cert_88="\x2B\x06\x01\x05\x05\x07\x00\x0A" +OBJ_id_mod_qualified_cert_93="\x2B\x06\x01\x05\x05\x07\x00\x0B" +OBJ_id_mod_attribute_cert="\x2B\x06\x01\x05\x05\x07\x00\x0C" +OBJ_id_mod_timestamp_protocol="\x2B\x06\x01\x05\x05\x07\x00\x0D" +OBJ_id_mod_ocsp="\x2B\x06\x01\x05\x05\x07\x00\x0E" +OBJ_id_mod_dvcs="\x2B\x06\x01\x05\x05\x07\x00\x0F" +OBJ_id_mod_cmp2000="\x2B\x06\x01\x05\x05\x07\x00\x10" +OBJ_biometricInfo="\x2B\x06\x01\x05\x05\x07\x01\x02" +OBJ_qcStatements="\x2B\x06\x01\x05\x05\x07\x01\x03" +OBJ_ac_auditEntity="\x2B\x06\x01\x05\x05\x07\x01\x04" +OBJ_ac_targeting="\x2B\x06\x01\x05\x05\x07\x01\x05" +OBJ_aaControls="\x2B\x06\x01\x05\x05\x07\x01\x06" +OBJ_sbgp_ipAddrBlock="\x2B\x06\x01\x05\x05\x07\x01\x07" +OBJ_sbgp_autonomousSysNum="\x2B\x06\x01\x05\x05\x07\x01\x08" +OBJ_sbgp_routerIdentifier="\x2B\x06\x01\x05\x05\x07\x01\x09" +OBJ_textNotice="\x2B\x06\x01\x05\x05\x07\x02\x03" +OBJ_ipsecEndSystem="\x2B\x06\x01\x05\x05\x07\x03\x05" +OBJ_ipsecTunnel="\x2B\x06\x01\x05\x05\x07\x03\x06" +OBJ_ipsecUser="\x2B\x06\x01\x05\x05\x07\x03\x07" +OBJ_dvcs="\x2B\x06\x01\x05\x05\x07\x03\x0A" +OBJ_id_it_caProtEncCert="\x2B\x06\x01\x05\x05\x07\x04\x01" +OBJ_id_it_signKeyPairTypes="\x2B\x06\x01\x05\x05\x07\x04\x02" +OBJ_id_it_encKeyPairTypes="\x2B\x06\x01\x05\x05\x07\x04\x03" +OBJ_id_it_preferredSymmAlg="\x2B\x06\x01\x05\x05\x07\x04\x04" +OBJ_id_it_caKeyUpdateInfo="\x2B\x06\x01\x05\x05\x07\x04\x05" +OBJ_id_it_currentCRL="\x2B\x06\x01\x05\x05\x07\x04\x06" +OBJ_id_it_unsupportedOIDs="\x2B\x06\x01\x05\x05\x07\x04\x07" +OBJ_id_it_subscriptionRequest="\x2B\x06\x01\x05\x05\x07\x04\x08" +OBJ_id_it_subscriptionResponse="\x2B\x06\x01\x05\x05\x07\x04\x09" +OBJ_id_it_keyPairParamReq="\x2B\x06\x01\x05\x05\x07\x04\x0A" +OBJ_id_it_keyPairParamRep="\x2B\x06\x01\x05\x05\x07\x04\x0B" +OBJ_id_it_revPassphrase="\x2B\x06\x01\x05\x05\x07\x04\x0C" +OBJ_id_it_implicitConfirm="\x2B\x06\x01\x05\x05\x07\x04\x0D" +OBJ_id_it_confirmWaitTime="\x2B\x06\x01\x05\x05\x07\x04\x0E" +OBJ_id_it_origPKIMessage="\x2B\x06\x01\x05\x05\x07\x04\x0F" +OBJ_id_regCtrl="\x2B\x06\x01\x05\x05\x07\x05\x01" +OBJ_id_regInfo="\x2B\x06\x01\x05\x05\x07\x05\x02" +OBJ_id_regCtrl_regToken="\x2B\x06\x01\x05\x05\x07\x05\x01\x01" +OBJ_id_regCtrl_authenticator="\x2B\x06\x01\x05\x05\x07\x05\x01\x02" +OBJ_id_regCtrl_pkiPublicationInfo="\x2B\x06\x01\x05\x05\x07\x05\x01\x03" +OBJ_id_regCtrl_pkiArchiveOptions="\x2B\x06\x01\x05\x05\x07\x05\x01\x04" +OBJ_id_regCtrl_oldCertID="\x2B\x06\x01\x05\x05\x07\x05\x01\x05" +OBJ_id_regCtrl_protocolEncrKey="\x2B\x06\x01\x05\x05\x07\x05\x01\x06" +OBJ_id_regInfo_utf8Pairs="\x2B\x06\x01\x05\x05\x07\x05\x02\x01" +OBJ_id_regInfo_certReq="\x2B\x06\x01\x05\x05\x07\x05\x02\x02" +OBJ_id_alg_des40="\x2B\x06\x01\x05\x05\x07\x06\x01" +OBJ_id_alg_noSignature="\x2B\x06\x01\x05\x05\x07\x06\x02" +OBJ_id_alg_dh_sig_hmac_sha1="\x2B\x06\x01\x05\x05\x07\x06\x03" +OBJ_id_alg_dh_pop="\x2B\x06\x01\x05\x05\x07\x06\x04" +OBJ_id_cmc_statusInfo="\x2B\x06\x01\x05\x05\x07\x07\x01" +OBJ_id_cmc_identification="\x2B\x06\x01\x05\x05\x07\x07\x02" +OBJ_id_cmc_identityProof="\x2B\x06\x01\x05\x05\x07\x07\x03" +OBJ_id_cmc_dataReturn="\x2B\x06\x01\x05\x05\x07\x07\x04" +OBJ_id_cmc_transactionId="\x2B\x06\x01\x05\x05\x07\x07\x05" +OBJ_id_cmc_senderNonce="\x2B\x06\x01\x05\x05\x07\x07\x06" +OBJ_id_cmc_recipientNonce="\x2B\x06\x01\x05\x05\x07\x07\x07" +OBJ_id_cmc_addExtensions="\x2B\x06\x01\x05\x05\x07\x07\x08" +OBJ_id_cmc_encryptedPOP="\x2B\x06\x01\x05\x05\x07\x07\x09" +OBJ_id_cmc_decryptedPOP="\x2B\x06\x01\x05\x05\x07\x07\x0A" +OBJ_id_cmc_lraPOPWitness="\x2B\x06\x01\x05\x05\x07\x07\x0B" +OBJ_id_cmc_getCert="\x2B\x06\x01\x05\x05\x07\x07\x0F" +OBJ_id_cmc_getCRL="\x2B\x06\x01\x05\x05\x07\x07\x10" +OBJ_id_cmc_revokeRequest="\x2B\x06\x01\x05\x05\x07\x07\x11" +OBJ_id_cmc_regInfo="\x2B\x06\x01\x05\x05\x07\x07\x12" +OBJ_id_cmc_responseInfo="\x2B\x06\x01\x05\x05\x07\x07\x13" +OBJ_id_cmc_queryPending="\x2B\x06\x01\x05\x05\x07\x07\x15" +OBJ_id_cmc_popLinkRandom="\x2B\x06\x01\x05\x05\x07\x07\x16" +OBJ_id_cmc_popLinkWitness="\x2B\x06\x01\x05\x05\x07\x07\x17" +OBJ_id_cmc_confirmCertAcceptance="\x2B\x06\x01\x05\x05\x07\x07\x18" +OBJ_id_on_personalData="\x2B\x06\x01\x05\x05\x07\x08\x01" +OBJ_id_pda_dateOfBirth="\x2B\x06\x01\x05\x05\x07\x09\x01" +OBJ_id_pda_placeOfBirth="\x2B\x06\x01\x05\x05\x07\x09\x02" +OBJ_id_pda_gender="\x2B\x06\x01\x05\x05\x07\x09\x03" +OBJ_id_pda_countryOfCitizenship="\x2B\x06\x01\x05\x05\x07\x09\x04" +OBJ_id_pda_countryOfResidence="\x2B\x06\x01\x05\x05\x07\x09\x05" +OBJ_id_aca_authenticationInfo="\x2B\x06\x01\x05\x05\x07\x0A\x01" +OBJ_id_aca_accessIdentity="\x2B\x06\x01\x05\x05\x07\x0A\x02" +OBJ_id_aca_chargingIdentity="\x2B\x06\x01\x05\x05\x07\x0A\x03" +OBJ_id_aca_group="\x2B\x06\x01\x05\x05\x07\x0A\x04" +OBJ_id_aca_role="\x2B\x06\x01\x05\x05\x07\x0A\x05" +OBJ_id_qcs_pkixQCSyntax_v1="\x2B\x06\x01\x05\x05\x07\x0B\x01" +OBJ_id_cct_crs="\x2B\x06\x01\x05\x05\x07\x0C\x01" +OBJ_id_cct_PKIData="\x2B\x06\x01\x05\x05\x07\x0C\x02" +OBJ_id_cct_PKIResponse="\x2B\x06\x01\x05\x05\x07\x0C\x03" +OBJ_ad_timeStamping="\x2B\x06\x01\x05\x05\x07\x30\x03" +OBJ_ad_dvcs="\x2B\x06\x01\x05\x05\x07\x30\x04" +OBJ_id_pkix_OCSP_basic="\x2B\x06\x01\x05\x05\x07\x30\x01\x01" +OBJ_id_pkix_OCSP_Nonce="\x2B\x06\x01\x05\x05\x07\x30\x01\x02" +OBJ_id_pkix_OCSP_CrlID="\x2B\x06\x01\x05\x05\x07\x30\x01\x03" +OBJ_id_pkix_OCSP_acceptableResponses="\x2B\x06\x01\x05\x05\x07\x30\x01\x04" +OBJ_id_pkix_OCSP_noCheck="\x2B\x06\x01\x05\x05\x07\x30\x01\x05" +OBJ_id_pkix_OCSP_archiveCutoff="\x2B\x06\x01\x05\x05\x07\x30\x01\x06" +OBJ_id_pkix_OCSP_serviceLocator="\x2B\x06\x01\x05\x05\x07\x30\x01\x07" +OBJ_id_pkix_OCSP_extendedStatus="\x2B\x06\x01\x05\x05\x07\x30\x01\x08" +OBJ_id_pkix_OCSP_valid="\x2B\x06\x01\x05\x05\x07\x30\x01\x09" +OBJ_id_pkix_OCSP_path="\x2B\x06\x01\x05\x05\x07\x30\x01\x0A" +OBJ_id_pkix_OCSP_trustRoot="\x2B\x06\x01\x05\x05\x07\x30\x01\x0B" +OBJ_algorithm="\x2B\x0E\x03\x02" +OBJ_rsaSignature="\x2B\x0E\x03\x02\x0B" +OBJ_X500algorithms="\x55\x08" +OBJ_org="\x2B" +OBJ_dod="\x2B\x06" +OBJ_iana="\x2B\x06\x01" +OBJ_Directory="\x2B\x06\x01\x01" +OBJ_Management="\x2B\x06\x01\x02" +OBJ_Experimental="\x2B\x06\x01\x03" +OBJ_Private="\x2B\x06\x01\x04" +OBJ_Security="\x2B\x06\x01\x05" +OBJ_SNMPv2="\x2B\x06\x01\x06" +OBJ_Mail="\x2B\x06\x01\x07" +OBJ_Enterprises="\x2B\x06\x01\x04\x01" +OBJ_dcObject="\x2B\x06\x01\x04\x01\x8B\x3A\x82\x58" +OBJ_domainComponent="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" +OBJ_Domain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0D" +OBJ_selected_attribute_types="\x55\x01\x05" +OBJ_clearance="\x55\x01\x05\x37" +OBJ_md4WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x03" +OBJ_ac_proxying="\x2B\x06\x01\x05\x05\x07\x01\x0A" +OBJ_sinfo_access="\x2B\x06\x01\x05\x05\x07\x01\x0B" +OBJ_id_aca_encAttrs="\x2B\x06\x01\x05\x05\x07\x0A\x06" +OBJ_role="\x55\x04\x48" +OBJ_policy_constraints="\x55\x1D\x24" +OBJ_target_information="\x55\x1D\x37" +OBJ_no_rev_avail="\x55\x1D\x38" +OBJ_ansi_X9_62="\x2A\x86\x48\xCE\x3D" +OBJ_X9_62_prime_field="\x2A\x86\x48\xCE\x3D\x01\x01" +OBJ_X9_62_characteristic_two_field="\x2A\x86\x48\xCE\x3D\x01\x02" +OBJ_X9_62_id_ecPublicKey="\x2A\x86\x48\xCE\x3D\x02\x01" +OBJ_X9_62_prime192v1="\x2A\x86\x48\xCE\x3D\x03\x01\x01" +OBJ_X9_62_prime192v2="\x2A\x86\x48\xCE\x3D\x03\x01\x02" +OBJ_X9_62_prime192v3="\x2A\x86\x48\xCE\x3D\x03\x01\x03" +OBJ_X9_62_prime239v1="\x2A\x86\x48\xCE\x3D\x03\x01\x04" +OBJ_X9_62_prime239v2="\x2A\x86\x48\xCE\x3D\x03\x01\x05" +OBJ_X9_62_prime239v3="\x2A\x86\x48\xCE\x3D\x03\x01\x06" +OBJ_X9_62_prime256v1="\x2A\x86\x48\xCE\x3D\x03\x01\x07" +OBJ_ecdsa_with_SHA1="\x2A\x86\x48\xCE\x3D\x04\x01" +OBJ_ms_csp_name="\x2B\x06\x01\x04\x01\x82\x37\x11\x01" +OBJ_aes_128_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x01" +OBJ_aes_128_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x02" +OBJ_aes_128_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x03" +OBJ_aes_128_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x04" +OBJ_aes_192_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x15" +OBJ_aes_192_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x16" +OBJ_aes_192_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x17" +OBJ_aes_192_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x18" +OBJ_aes_256_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x29" +OBJ_aes_256_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x2A" +OBJ_aes_256_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x2B" +OBJ_aes_256_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x2C" +OBJ_hold_instruction_code="\x55\x1D\x17" +OBJ_hold_instruction_none="\x2A\x86\x48\xCE\x38\x02\x01" +OBJ_hold_instruction_call_issuer="\x2A\x86\x48\xCE\x38\x02\x02" +OBJ_hold_instruction_reject="\x2A\x86\x48\xCE\x38\x02\x03" +OBJ_data="\x09" +OBJ_pss="\x09\x92\x26" +OBJ_ucl="\x09\x92\x26\x89\x93\xF2\x2C" +OBJ_pilot="\x09\x92\x26\x89\x93\xF2\x2C\x64" +OBJ_pilotAttributeType="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01" +OBJ_pilotAttributeSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03" +OBJ_pilotObjectClass="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04" +OBJ_pilotGroups="\x09\x92\x26\x89\x93\xF2\x2C\x64\x0A" +OBJ_iA5StringSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03\x04" +OBJ_caseIgnoreIA5StringSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03\x05" +OBJ_pilotObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x03" +OBJ_pilotPerson="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x04" +OBJ_account="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x05" +OBJ_document="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x06" +OBJ_room="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x07" +OBJ_documentSeries="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x09" +OBJ_rFC822localPart="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0E" +OBJ_dNSDomain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0F" +OBJ_domainRelatedObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x11" +OBJ_friendlyCountry="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x12" +OBJ_simpleSecurityObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x13" +OBJ_pilotOrganization="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x14" +OBJ_pilotDSA="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x15" +OBJ_qualityLabelledData="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x16" +OBJ_userId="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" +OBJ_textEncodedORAddress="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x02" +OBJ_rfc822Mailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x03" +OBJ_info="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x04" +OBJ_favouriteDrink="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x05" +OBJ_roomNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x06" +OBJ_photo="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x07" +OBJ_userClass="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x08" +OBJ_host="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x09" +OBJ_manager="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0A" +OBJ_documentIdentifier="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0B" +OBJ_documentTitle="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0C" +OBJ_documentVersion="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0D" +OBJ_documentAuthor="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0E" +OBJ_documentLocation="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0F" +OBJ_homeTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x14" +OBJ_secretary="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x15" +OBJ_otherMailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x16" +OBJ_lastModifiedTime="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x17" +OBJ_lastModifiedBy="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x18" +OBJ_aRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1A" +OBJ_pilotAttributeType27="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1B" +OBJ_mXRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1C" +OBJ_nSRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1D" +OBJ_sOARecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1E" +OBJ_cNAMERecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1F" +OBJ_associatedDomain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x25" +OBJ_associatedName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x26" +OBJ_homePostalAddress="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x27" +OBJ_personalTitle="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x28" +OBJ_mobileTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x29" +OBJ_pagerTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2A" +OBJ_friendlyCountryName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2B" +OBJ_organizationalStatus="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2D" +OBJ_janetMailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2E" +OBJ_mailPreferenceOption="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2F" +OBJ_buildingName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x30" +OBJ_dSAQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x31" +OBJ_singleLevelQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x32" +OBJ_subtreeMinimumQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x33" +OBJ_subtreeMaximumQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x34" +OBJ_personalSignature="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x35" +OBJ_dITRedirect="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x36" +OBJ_audio="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x37" +OBJ_documentPublisher="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x38" +OBJ_x500UniqueIdentifier="\x55\x04\x2D" +OBJ_mime_mhs="\x2B\x06\x01\x07\x01" +OBJ_mime_mhs_headings="\x2B\x06\x01\x07\x01\x01" +OBJ_mime_mhs_bodies="\x2B\x06\x01\x07\x01\x02" +OBJ_id_hex_partial_message="\x2B\x06\x01\x07\x01\x01\x01" +OBJ_id_hex_multipart_message="\x2B\x06\x01\x07\x01\x01\x02" +OBJ_generationQualifier="\x55\x04\x2C" +OBJ_pseudonym="\x55\x04\x41" +OBJ_id_set="\x67\x2A" +OBJ_set_ctype="\x67\x2A\x00" +OBJ_set_msgExt="\x67\x2A\x01" +OBJ_set_attr="\x67\x2A\x03" +OBJ_set_policy="\x67\x2A\x05" +OBJ_set_certExt="\x67\x2A\x07" +OBJ_set_brand="\x67\x2A\x08" +OBJ_setct_PANData="\x67\x2A\x00\x00" +OBJ_setct_PANToken="\x67\x2A\x00\x01" +OBJ_setct_PANOnly="\x67\x2A\x00\x02" +OBJ_setct_OIData="\x67\x2A\x00\x03" +OBJ_setct_PI="\x67\x2A\x00\x04" +OBJ_setct_PIData="\x67\x2A\x00\x05" +OBJ_setct_PIDataUnsigned="\x67\x2A\x00\x06" +OBJ_setct_HODInput="\x67\x2A\x00\x07" +OBJ_setct_AuthResBaggage="\x67\x2A\x00\x08" +OBJ_setct_AuthRevReqBaggage="\x67\x2A\x00\x09" +OBJ_setct_AuthRevResBaggage="\x67\x2A\x00\x0A" +OBJ_setct_CapTokenSeq="\x67\x2A\x00\x0B" +OBJ_setct_PInitResData="\x67\x2A\x00\x0C" +OBJ_setct_PI_TBS="\x67\x2A\x00\x0D" +OBJ_setct_PResData="\x67\x2A\x00\x0E" +OBJ_setct_AuthReqTBS="\x67\x2A\x00\x10" +OBJ_setct_AuthResTBS="\x67\x2A\x00\x11" +OBJ_setct_AuthResTBSX="\x67\x2A\x00\x12" +OBJ_setct_AuthTokenTBS="\x67\x2A\x00\x13" +OBJ_setct_CapTokenData="\x67\x2A\x00\x14" +OBJ_setct_CapTokenTBS="\x67\x2A\x00\x15" +OBJ_setct_AcqCardCodeMsg="\x67\x2A\x00\x16" +OBJ_setct_AuthRevReqTBS="\x67\x2A\x00\x17" +OBJ_setct_AuthRevResData="\x67\x2A\x00\x18" +OBJ_setct_AuthRevResTBS="\x67\x2A\x00\x19" +OBJ_setct_CapReqTBS="\x67\x2A\x00\x1A" +OBJ_setct_CapReqTBSX="\x67\x2A\x00\x1B" +OBJ_setct_CapResData="\x67\x2A\x00\x1C" +OBJ_setct_CapRevReqTBS="\x67\x2A\x00\x1D" +OBJ_setct_CapRevReqTBSX="\x67\x2A\x00\x1E" +OBJ_setct_CapRevResData="\x67\x2A\x00\x1F" +OBJ_setct_CredReqTBS="\x67\x2A\x00\x20" +OBJ_setct_CredReqTBSX="\x67\x2A\x00\x21" +OBJ_setct_CredResData="\x67\x2A\x00\x22" +OBJ_setct_CredRevReqTBS="\x67\x2A\x00\x23" +OBJ_setct_CredRevReqTBSX="\x67\x2A\x00\x24" +OBJ_setct_CredRevResData="\x67\x2A\x00\x25" +OBJ_setct_PCertReqData="\x67\x2A\x00\x26" +OBJ_setct_PCertResTBS="\x67\x2A\x00\x27" +OBJ_setct_BatchAdminReqData="\x67\x2A\x00\x28" +OBJ_setct_BatchAdminResData="\x67\x2A\x00\x29" +OBJ_setct_CardCInitResTBS="\x67\x2A\x00\x2A" +OBJ_setct_MeAqCInitResTBS="\x67\x2A\x00\x2B" +OBJ_setct_RegFormResTBS="\x67\x2A\x00\x2C" +OBJ_setct_CertReqData="\x67\x2A\x00\x2D" +OBJ_setct_CertReqTBS="\x67\x2A\x00\x2E" +OBJ_setct_CertResData="\x67\x2A\x00\x2F" +OBJ_setct_CertInqReqTBS="\x67\x2A\x00\x30" +OBJ_setct_ErrorTBS="\x67\x2A\x00\x31" +OBJ_setct_PIDualSignedTBE="\x67\x2A\x00\x32" +OBJ_setct_PIUnsignedTBE="\x67\x2A\x00\x33" +OBJ_setct_AuthReqTBE="\x67\x2A\x00\x34" +OBJ_setct_AuthResTBE="\x67\x2A\x00\x35" +OBJ_setct_AuthResTBEX="\x67\x2A\x00\x36" +OBJ_setct_AuthTokenTBE="\x67\x2A\x00\x37" +OBJ_setct_CapTokenTBE="\x67\x2A\x00\x38" +OBJ_setct_CapTokenTBEX="\x67\x2A\x00\x39" +OBJ_setct_AcqCardCodeMsgTBE="\x67\x2A\x00\x3A" +OBJ_setct_AuthRevReqTBE="\x67\x2A\x00\x3B" +OBJ_setct_AuthRevResTBE="\x67\x2A\x00\x3C" +OBJ_setct_AuthRevResTBEB="\x67\x2A\x00\x3D" +OBJ_setct_CapReqTBE="\x67\x2A\x00\x3E" +OBJ_setct_CapReqTBEX="\x67\x2A\x00\x3F" +OBJ_setct_CapResTBE="\x67\x2A\x00\x40" +OBJ_setct_CapRevReqTBE="\x67\x2A\x00\x41" +OBJ_setct_CapRevReqTBEX="\x67\x2A\x00\x42" +OBJ_setct_CapRevResTBE="\x67\x2A\x00\x43" +OBJ_setct_CredReqTBE="\x67\x2A\x00\x44" +OBJ_setct_CredReqTBEX="\x67\x2A\x00\x45" +OBJ_setct_CredResTBE="\x67\x2A\x00\x46" +OBJ_setct_CredRevReqTBE="\x67\x2A\x00\x47" +OBJ_setct_CredRevReqTBEX="\x67\x2A\x00\x48" +OBJ_setct_CredRevResTBE="\x67\x2A\x00\x49" +OBJ_setct_BatchAdminReqTBE="\x67\x2A\x00\x4A" +OBJ_setct_BatchAdminResTBE="\x67\x2A\x00\x4B" +OBJ_setct_RegFormReqTBE="\x67\x2A\x00\x4C" +OBJ_setct_CertReqTBE="\x67\x2A\x00\x4D" +OBJ_setct_CertReqTBEX="\x67\x2A\x00\x4E" +OBJ_setct_CertResTBE="\x67\x2A\x00\x4F" +OBJ_setct_CRLNotificationTBS="\x67\x2A\x00\x50" +OBJ_setct_CRLNotificationResTBS="\x67\x2A\x00\x51" +OBJ_setct_BCIDistributionTBS="\x67\x2A\x00\x52" +OBJ_setext_genCrypt="\x67\x2A\x01\x01" +OBJ_setext_miAuth="\x67\x2A\x01\x03" +OBJ_setext_pinSecure="\x67\x2A\x01\x04" +OBJ_setext_pinAny="\x67\x2A\x01\x05" +OBJ_setext_track2="\x67\x2A\x01\x07" +OBJ_setext_cv="\x67\x2A\x01\x08" +OBJ_set_policy_root="\x67\x2A\x05\x00" +OBJ_setCext_hashedRoot="\x67\x2A\x07\x00" +OBJ_setCext_certType="\x67\x2A\x07\x01" +OBJ_setCext_merchData="\x67\x2A\x07\x02" +OBJ_setCext_cCertRequired="\x67\x2A\x07\x03" +OBJ_setCext_tunneling="\x67\x2A\x07\x04" +OBJ_setCext_setExt="\x67\x2A\x07\x05" +OBJ_setCext_setQualf="\x67\x2A\x07\x06" +OBJ_setCext_PGWYcapabilities="\x67\x2A\x07\x07" +OBJ_setCext_TokenIdentifier="\x67\x2A\x07\x08" +OBJ_setCext_Track2Data="\x67\x2A\x07\x09" +OBJ_setCext_TokenType="\x67\x2A\x07\x0A" +OBJ_setCext_IssuerCapabilities="\x67\x2A\x07\x0B" +OBJ_setAttr_Cert="\x67\x2A\x03\x00" +OBJ_setAttr_PGWYcap="\x67\x2A\x03\x01" +OBJ_setAttr_TokenType="\x67\x2A\x03\x02" +OBJ_setAttr_IssCap="\x67\x2A\x03\x03" +OBJ_set_rootKeyThumb="\x67\x2A\x03\x00\x00" +OBJ_set_addPolicy="\x67\x2A\x03\x00\x01" +OBJ_setAttr_Token_EMV="\x67\x2A\x03\x02\x01" +OBJ_setAttr_Token_B0Prime="\x67\x2A\x03\x02\x02" +OBJ_setAttr_IssCap_CVM="\x67\x2A\x03\x03\x03" +OBJ_setAttr_IssCap_T2="\x67\x2A\x03\x03\x04" +OBJ_setAttr_IssCap_Sig="\x67\x2A\x03\x03\x05" +OBJ_setAttr_GenCryptgrm="\x67\x2A\x03\x03\x03\x01" +OBJ_setAttr_T2Enc="\x67\x2A\x03\x03\x04\x01" +OBJ_setAttr_T2cleartxt="\x67\x2A\x03\x03\x04\x02" +OBJ_setAttr_TokICCsig="\x67\x2A\x03\x03\x05\x01" +OBJ_setAttr_SecDevSig="\x67\x2A\x03\x03\x05\x02" +OBJ_set_brand_IATA_ATA="\x67\x2A\x08\x01" +OBJ_set_brand_Diners="\x67\x2A\x08\x1E" +OBJ_set_brand_AmericanExpress="\x67\x2A\x08\x22" +OBJ_set_brand_JCB="\x67\x2A\x08\x23" +OBJ_set_brand_Visa="\x67\x2A\x08\x04" +OBJ_set_brand_MasterCard="\x67\x2A\x08\x05" +OBJ_set_brand_Novus="\x67\x2A\x08\xAE\x7B" +OBJ_des_cdmf="\x2A\x86\x48\x86\xF7\x0D\x03\x0A" +OBJ_rsaOAEPEncryptionSET="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x06" +OBJ_international_organizations="\x67" +OBJ_ms_smartcard_login="\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x02" +OBJ_ms_upn="\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x03" +OBJ_streetAddress="\x55\x04\x09" +OBJ_postalCode="\x55\x04\x11" +OBJ_id_ppl="\x2B\x06\x01\x05\x05\x07\x15" +OBJ_proxyCertInfo="\x2B\x06\x01\x05\x05\x07\x01\x0E" +OBJ_id_ppl_anyLanguage="\x2B\x06\x01\x05\x05\x07\x15\x00" +OBJ_id_ppl_inheritAll="\x2B\x06\x01\x05\x05\x07\x15\x01" +OBJ_name_constraints="\x55\x1D\x1E" +OBJ_Independent="\x2B\x06\x01\x05\x05\x07\x15\x02" +OBJ_sha256WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B" +OBJ_sha384WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C" +OBJ_sha512WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0D" +OBJ_sha224WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0E" +OBJ_sha256="\x60\x86\x48\x01\x65\x03\x04\x02\x01" +OBJ_sha384="\x60\x86\x48\x01\x65\x03\x04\x02\x02" +OBJ_sha512="\x60\x86\x48\x01\x65\x03\x04\x02\x03" +OBJ_sha224="\x60\x86\x48\x01\x65\x03\x04\x02\x04" +OBJ_identified_organization="\x2B" +OBJ_certicom_arc="\x2B\x81\x04" +OBJ_wap="\x67\x2B" +OBJ_wap_wsg="\x67\x2B\x01" +OBJ_X9_62_id_characteristic_two_basis="\x2A\x86\x48\xCE\x3D\x01\x02\x03" +OBJ_X9_62_onBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x01" +OBJ_X9_62_tpBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x02" +OBJ_X9_62_ppBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x03" +OBJ_X9_62_c2pnb163v1="\x2A\x86\x48\xCE\x3D\x03\x00\x01" +OBJ_X9_62_c2pnb163v2="\x2A\x86\x48\xCE\x3D\x03\x00\x02" +OBJ_X9_62_c2pnb163v3="\x2A\x86\x48\xCE\x3D\x03\x00\x03" +OBJ_X9_62_c2pnb176v1="\x2A\x86\x48\xCE\x3D\x03\x00\x04" +OBJ_X9_62_c2tnb191v1="\x2A\x86\x48\xCE\x3D\x03\x00\x05" +OBJ_X9_62_c2tnb191v2="\x2A\x86\x48\xCE\x3D\x03\x00\x06" +OBJ_X9_62_c2tnb191v3="\x2A\x86\x48\xCE\x3D\x03\x00\x07" +OBJ_X9_62_c2onb191v4="\x2A\x86\x48\xCE\x3D\x03\x00\x08" +OBJ_X9_62_c2onb191v5="\x2A\x86\x48\xCE\x3D\x03\x00\x09" +OBJ_X9_62_c2pnb208w1="\x2A\x86\x48\xCE\x3D\x03\x00\x0A" +OBJ_X9_62_c2tnb239v1="\x2A\x86\x48\xCE\x3D\x03\x00\x0B" +OBJ_X9_62_c2tnb239v2="\x2A\x86\x48\xCE\x3D\x03\x00\x0C" +OBJ_X9_62_c2tnb239v3="\x2A\x86\x48\xCE\x3D\x03\x00\x0D" +OBJ_X9_62_c2onb239v4="\x2A\x86\x48\xCE\x3D\x03\x00\x0E" +OBJ_X9_62_c2onb239v5="\x2A\x86\x48\xCE\x3D\x03\x00\x0F" +OBJ_X9_62_c2pnb272w1="\x2A\x86\x48\xCE\x3D\x03\x00\x10" +OBJ_X9_62_c2pnb304w1="\x2A\x86\x48\xCE\x3D\x03\x00\x11" +OBJ_X9_62_c2tnb359v1="\x2A\x86\x48\xCE\x3D\x03\x00\x12" +OBJ_X9_62_c2pnb368w1="\x2A\x86\x48\xCE\x3D\x03\x00\x13" +OBJ_X9_62_c2tnb431r1="\x2A\x86\x48\xCE\x3D\x03\x00\x14" +OBJ_secp112r1="\x2B\x81\x04\x00\x06" +OBJ_secp112r2="\x2B\x81\x04\x00\x07" +OBJ_secp128r1="\x2B\x81\x04\x00\x1C" +OBJ_secp128r2="\x2B\x81\x04\x00\x1D" +OBJ_secp160k1="\x2B\x81\x04\x00\x09" +OBJ_secp160r1="\x2B\x81\x04\x00\x08" +OBJ_secp160r2="\x2B\x81\x04\x00\x1E" +OBJ_secp192k1="\x2B\x81\x04\x00\x1F" +OBJ_secp224k1="\x2B\x81\x04\x00\x20" +OBJ_secp224r1="\x2B\x81\x04\x00\x21" +OBJ_secp256k1="\x2B\x81\x04\x00\x0A" +OBJ_secp384r1="\x2B\x81\x04\x00\x22" +OBJ_secp521r1="\x2B\x81\x04\x00\x23" +OBJ_sect113r1="\x2B\x81\x04\x00\x04" +OBJ_sect113r2="\x2B\x81\x04\x00\x05" +OBJ_sect131r1="\x2B\x81\x04\x00\x16" +OBJ_sect131r2="\x2B\x81\x04\x00\x17" +OBJ_sect163k1="\x2B\x81\x04\x00\x01" +OBJ_sect163r1="\x2B\x81\x04\x00\x02" +OBJ_sect163r2="\x2B\x81\x04\x00\x0F" +OBJ_sect193r1="\x2B\x81\x04\x00\x18" +OBJ_sect193r2="\x2B\x81\x04\x00\x19" +OBJ_sect233k1="\x2B\x81\x04\x00\x1A" +OBJ_sect233r1="\x2B\x81\x04\x00\x1B" +OBJ_sect239k1="\x2B\x81\x04\x00\x03" +OBJ_sect283k1="\x2B\x81\x04\x00\x10" +OBJ_sect283r1="\x2B\x81\x04\x00\x11" +OBJ_sect409k1="\x2B\x81\x04\x00\x24" +OBJ_sect409r1="\x2B\x81\x04\x00\x25" +OBJ_sect571k1="\x2B\x81\x04\x00\x26" +OBJ_sect571r1="\x2B\x81\x04\x00\x27" +OBJ_wap_wsg_idm_ecid_wtls1="\x67\x2B\x01\x04\x01" +OBJ_wap_wsg_idm_ecid_wtls3="\x67\x2B\x01\x04\x03" +OBJ_wap_wsg_idm_ecid_wtls4="\x67\x2B\x01\x04\x04" +OBJ_wap_wsg_idm_ecid_wtls5="\x67\x2B\x01\x04\x05" +OBJ_wap_wsg_idm_ecid_wtls6="\x67\x2B\x01\x04\x06" +OBJ_wap_wsg_idm_ecid_wtls7="\x67\x2B\x01\x04\x07" +OBJ_wap_wsg_idm_ecid_wtls8="\x67\x2B\x01\x04\x08" +OBJ_wap_wsg_idm_ecid_wtls9="\x67\x2B\x01\x04\x09" +OBJ_wap_wsg_idm_ecid_wtls10="\x67\x2B\x01\x04\x0A" +OBJ_wap_wsg_idm_ecid_wtls11="\x67\x2B\x01\x04\x0B" +OBJ_wap_wsg_idm_ecid_wtls12="\x67\x2B\x01\x04\x0C" +OBJ_any_policy="\x55\x1D\x20\x00" +OBJ_policy_mappings="\x55\x1D\x21" +OBJ_inhibit_any_policy="\x55\x1D\x36" +OBJ_camellia_128_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x02" +OBJ_camellia_192_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x03" +OBJ_camellia_256_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x04" +OBJ_camellia_128_ecb="\x03\xA2\x31\x05\x03\x01\x09\x01" +OBJ_camellia_192_ecb="\x03\xA2\x31\x05\x03\x01\x09\x15" +OBJ_camellia_256_ecb="\x03\xA2\x31\x05\x03\x01\x09\x29" +OBJ_camellia_128_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x04" +OBJ_camellia_192_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x18" +OBJ_camellia_256_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x2C" +OBJ_camellia_128_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x03" +OBJ_camellia_192_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x17" +OBJ_camellia_256_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x2B" +OBJ_subject_directory_attributes="\x55\x1D\x09" +OBJ_issuing_distribution_point="\x55\x1D\x1C" +OBJ_certificate_issuer="\x55\x1D\x1D" +OBJ_kisa="\x2A\x83\x1A\x8C\x9A\x44" +OBJ_seed_ecb="\x2A\x83\x1A\x8C\x9A\x44\x01\x03" +OBJ_seed_cbc="\x2A\x83\x1A\x8C\x9A\x44\x01\x04" +OBJ_seed_ofb128="\x2A\x83\x1A\x8C\x9A\x44\x01\x06" +OBJ_seed_cfb128="\x2A\x83\x1A\x8C\x9A\x44\x01\x05" +OBJ_hmac_md5="\x2B\x06\x01\x05\x05\x08\x01\x01" +OBJ_hmac_sha1="\x2B\x06\x01\x05\x05\x08\x01\x02" +OBJ_id_PasswordBasedMAC="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0D" +OBJ_id_DHBasedMac="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x1E" +OBJ_id_it_suppLangTags="\x2B\x06\x01\x05\x05\x07\x04\x10" +OBJ_caRepository="\x2B\x06\x01\x05\x05\x07\x30\x05" +OBJ_id_smime_ct_compressedData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x09" +OBJ_id_ct_asciiTextWithCRLF="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1B" +OBJ_id_aes128_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x05" +OBJ_id_aes192_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x19" +OBJ_id_aes256_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x2D" +OBJ_ecdsa_with_Recommended="\x2A\x86\x48\xCE\x3D\x04\x02" +OBJ_ecdsa_with_Specified="\x2A\x86\x48\xCE\x3D\x04\x03" +OBJ_ecdsa_with_SHA224="\x2A\x86\x48\xCE\x3D\x04\x03\x01" +OBJ_ecdsa_with_SHA256="\x2A\x86\x48\xCE\x3D\x04\x03\x02" +OBJ_ecdsa_with_SHA384="\x2A\x86\x48\xCE\x3D\x04\x03\x03" +OBJ_ecdsa_with_SHA512="\x2A\x86\x48\xCE\x3D\x04\x03\x04" +OBJ_hmacWithMD5="\x2A\x86\x48\x86\xF7\x0D\x02\x06" +OBJ_hmacWithSHA224="\x2A\x86\x48\x86\xF7\x0D\x02\x08" +OBJ_hmacWithSHA256="\x2A\x86\x48\x86\xF7\x0D\x02\x09" +OBJ_hmacWithSHA384="\x2A\x86\x48\x86\xF7\x0D\x02\x0A" +OBJ_hmacWithSHA512="\x2A\x86\x48\x86\xF7\x0D\x02\x0B" +OBJ_dsa_with_SHA224="\x60\x86\x48\x01\x65\x03\x04\x03\x01" +OBJ_dsa_with_SHA256="\x60\x86\x48\x01\x65\x03\x04\x03\x02" +OBJ_whirlpool="\x28\xCF\x06\x03\x00\x37" +OBJ_cryptopro="\x2A\x85\x03\x02\x02" +OBJ_cryptocom="\x2A\x85\x03\x02\x09" +OBJ_id_GostR3411_94_with_GostR3410_2001="\x2A\x85\x03\x02\x02\x03" +OBJ_id_GostR3411_94_with_GostR3410_94="\x2A\x85\x03\x02\x02\x04" +OBJ_id_GostR3411_94="\x2A\x85\x03\x02\x02\x09" +OBJ_id_HMACGostR3411_94="\x2A\x85\x03\x02\x02\x0A" +OBJ_id_GostR3410_2001="\x2A\x85\x03\x02\x02\x13" +OBJ_id_GostR3410_94="\x2A\x85\x03\x02\x02\x14" +OBJ_id_Gost28147_89="\x2A\x85\x03\x02\x02\x15" +OBJ_id_Gost28147_89_MAC="\x2A\x85\x03\x02\x02\x16" +OBJ_id_GostR3411_94_prf="\x2A\x85\x03\x02\x02\x17" +OBJ_id_GostR3410_2001DH="\x2A\x85\x03\x02\x02\x62" +OBJ_id_GostR3410_94DH="\x2A\x85\x03\x02\x02\x63" +OBJ_id_Gost28147_89_CryptoPro_KeyMeshing="\x2A\x85\x03\x02\x02\x0E\x01" +OBJ_id_Gost28147_89_None_KeyMeshing="\x2A\x85\x03\x02\x02\x0E\x00" +OBJ_id_GostR3411_94_TestParamSet="\x2A\x85\x03\x02\x02\x1E\x00" +OBJ_id_GostR3411_94_CryptoProParamSet="\x2A\x85\x03\x02\x02\x1E\x01" +OBJ_id_Gost28147_89_TestParamSet="\x2A\x85\x03\x02\x02\x1F\x00" +OBJ_id_Gost28147_89_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x1F\x01" +OBJ_id_Gost28147_89_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x1F\x02" +OBJ_id_Gost28147_89_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x1F\x03" +OBJ_id_Gost28147_89_CryptoPro_D_ParamSet="\x2A\x85\x03\x02\x02\x1F\x04" +OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet="\x2A\x85\x03\x02\x02\x1F\x05" +OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet="\x2A\x85\x03\x02\x02\x1F\x06" +OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet="\x2A\x85\x03\x02\x02\x1F\x07" +OBJ_id_GostR3410_94_TestParamSet="\x2A\x85\x03\x02\x02\x20\x00" +OBJ_id_GostR3410_94_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x20\x02" +OBJ_id_GostR3410_94_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x20\x03" +OBJ_id_GostR3410_94_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x20\x04" +OBJ_id_GostR3410_94_CryptoPro_D_ParamSet="\x2A\x85\x03\x02\x02\x20\x05" +OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet="\x2A\x85\x03\x02\x02\x21\x01" +OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet="\x2A\x85\x03\x02\x02\x21\x02" +OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet="\x2A\x85\x03\x02\x02\x21\x03" +OBJ_id_GostR3410_2001_TestParamSet="\x2A\x85\x03\x02\x02\x23\x00" +OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x23\x01" +OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x23\x02" +OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x23\x03" +OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet="\x2A\x85\x03\x02\x02\x24\x00" +OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet="\x2A\x85\x03\x02\x02\x24\x01" +OBJ_id_GostR3410_94_a="\x2A\x85\x03\x02\x02\x14\x01" +OBJ_id_GostR3410_94_aBis="\x2A\x85\x03\x02\x02\x14\x02" +OBJ_id_GostR3410_94_b="\x2A\x85\x03\x02\x02\x14\x03" +OBJ_id_GostR3410_94_bBis="\x2A\x85\x03\x02\x02\x14\x04" +OBJ_id_Gost28147_89_cc="\x2A\x85\x03\x02\x09\x01\x06\x01" +OBJ_id_GostR3410_94_cc="\x2A\x85\x03\x02\x09\x01\x05\x03" +OBJ_id_GostR3410_2001_cc="\x2A\x85\x03\x02\x09\x01\x05\x04" +OBJ_id_GostR3411_94_with_GostR3410_94_cc="\x2A\x85\x03\x02\x09\x01\x03\x03" +OBJ_id_GostR3411_94_with_GostR3410_2001_cc="\x2A\x85\x03\x02\x09\x01\x03\x04" +OBJ_id_GostR3410_2001_ParamSet_cc="\x2A\x85\x03\x02\x09\x01\x08\x01" +OBJ_LocalKeySet="\x2B\x06\x01\x04\x01\x82\x37\x11\x02" +OBJ_freshest_crl="\x55\x1D\x2E" +OBJ_id_on_permanentIdentifier="\x2B\x06\x01\x05\x05\x07\x08\x03" +OBJ_searchGuide="\x55\x04\x0E" +OBJ_businessCategory="\x55\x04\x0F" +OBJ_postalAddress="\x55\x04\x10" +OBJ_postOfficeBox="\x55\x04\x12" +OBJ_physicalDeliveryOfficeName="\x55\x04\x13" +OBJ_telephoneNumber="\x55\x04\x14" +OBJ_telexNumber="\x55\x04\x15" +OBJ_teletexTerminalIdentifier="\x55\x04\x16" +OBJ_facsimileTelephoneNumber="\x55\x04\x17" +OBJ_x121Address="\x55\x04\x18" +OBJ_internationaliSDNNumber="\x55\x04\x19" +OBJ_registeredAddress="\x55\x04\x1A" +OBJ_destinationIndicator="\x55\x04\x1B" +OBJ_preferredDeliveryMethod="\x55\x04\x1C" +OBJ_presentationAddress="\x55\x04\x1D" +OBJ_supportedApplicationContext="\x55\x04\x1E" +OBJ_member="\x55\x04\x1F" +OBJ_owner="\x55\x04\x20" +OBJ_roleOccupant="\x55\x04\x21" +OBJ_seeAlso="\x55\x04\x22" +OBJ_userPassword="\x55\x04\x23" +OBJ_userCertificate="\x55\x04\x24" +OBJ_cACertificate="\x55\x04\x25" +OBJ_authorityRevocationList="\x55\x04\x26" +OBJ_certificateRevocationList="\x55\x04\x27" +OBJ_crossCertificatePair="\x55\x04\x28" +OBJ_enhancedSearchGuide="\x55\x04\x2F" +OBJ_protocolInformation="\x55\x04\x30" +OBJ_distinguishedName="\x55\x04\x31" +OBJ_uniqueMember="\x55\x04\x32" +OBJ_houseIdentifier="\x55\x04\x33" +OBJ_supportedAlgorithms="\x55\x04\x34" +OBJ_deltaRevocationList="\x55\x04\x35" +OBJ_dmdName="\x55\x04\x36" +OBJ_id_alg_PWRI_KEK="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x09" +OBJ_aes_128_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x06" +OBJ_aes_128_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x07" +OBJ_id_aes128_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x08" +OBJ_aes_192_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x1A" +OBJ_aes_192_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x1B" +OBJ_id_aes192_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x1C" +OBJ_aes_256_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x2E" +OBJ_aes_256_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x2F" +OBJ_id_aes256_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x30" +OBJ_id_camellia128_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x02" +OBJ_id_camellia192_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x03" +OBJ_id_camellia256_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x04" +OBJ_anyExtendedKeyUsage="\x55\x1D\x25\x00" +OBJ_mgf1="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x08" +OBJ_rsassaPss="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0A" +OBJ_aes_128_xts="\x2B\x6F\x02\x8C\x53\x00\x01\x01" +OBJ_aes_256_xts="\x2B\x6F\x02\x8C\x53\x00\x01\x02" +OBJ_rsaesOaep="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x07" +OBJ_dhpublicnumber="\x2A\x86\x48\xCE\x3E\x02\x01" +OBJ_brainpoolP160r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x01" +OBJ_brainpoolP160t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x02" +OBJ_brainpoolP192r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x03" +OBJ_brainpoolP192t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x04" +OBJ_brainpoolP224r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x05" +OBJ_brainpoolP224t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x06" +OBJ_brainpoolP256r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x07" +OBJ_brainpoolP256t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x08" +OBJ_brainpoolP320r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x09" +OBJ_brainpoolP320t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0A" +OBJ_brainpoolP384r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0B" +OBJ_brainpoolP384t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0C" +OBJ_brainpoolP512r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0D" +OBJ_brainpoolP512t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0E" +OBJ_pSpecified="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x09" +OBJ_dhSinglePass_stdDH_sha1kdf_scheme="\x2B\x81\x05\x10\x86\x48\x3F\x00\x02" +OBJ_dhSinglePass_stdDH_sha224kdf_scheme="\x2B\x81\x04\x01\x0B\x00" +OBJ_dhSinglePass_stdDH_sha256kdf_scheme="\x2B\x81\x04\x01\x0B\x01" +OBJ_dhSinglePass_stdDH_sha384kdf_scheme="\x2B\x81\x04\x01\x0B\x02" +OBJ_dhSinglePass_stdDH_sha512kdf_scheme="\x2B\x81\x04\x01\x0B\x03" +OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme="\x2B\x81\x05\x10\x86\x48\x3F\x00\x03" +OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme="\x2B\x81\x04\x01\x0E\x00" +OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme="\x2B\x81\x04\x01\x0E\x01" +OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme="\x2B\x81\x04\x01\x0E\x02" +OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme="\x2B\x81\x04\x01\x0E\x03" +OBJ_ct_precert_scts="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x02" +OBJ_ct_precert_poison="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x03" +OBJ_ct_precert_signer="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x04" +OBJ_ct_cert_scts="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x05" +OBJ_jurisdictionLocalityName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x01" +OBJ_jurisdictionStateOrProvinceName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x02" +OBJ_jurisdictionCountryName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x03" +OBJ_camellia_128_gcm="\x03\xA2\x31\x05\x03\x01\x09\x06" +OBJ_camellia_128_ccm="\x03\xA2\x31\x05\x03\x01\x09\x07" +OBJ_camellia_128_ctr="\x03\xA2\x31\x05\x03\x01\x09\x09" +OBJ_camellia_128_cmac="\x03\xA2\x31\x05\x03\x01\x09\x0A" +OBJ_camellia_192_gcm="\x03\xA2\x31\x05\x03\x01\x09\x1A" +OBJ_camellia_192_ccm="\x03\xA2\x31\x05\x03\x01\x09\x1B" +OBJ_camellia_192_ctr="\x03\xA2\x31\x05\x03\x01\x09\x1D" +OBJ_camellia_192_cmac="\x03\xA2\x31\x05\x03\x01\x09\x1E" +OBJ_camellia_256_gcm="\x03\xA2\x31\x05\x03\x01\x09\x2E" +OBJ_camellia_256_ccm="\x03\xA2\x31\x05\x03\x01\x09\x2F" +OBJ_camellia_256_ctr="\x03\xA2\x31\x05\x03\x01\x09\x31" +OBJ_camellia_256_cmac="\x03\xA2\x31\x05\x03\x01\x09\x32" +OBJ_id_scrypt="\x2B\x06\x01\x04\x01\xDA\x47\x04\x0B" +OBJ_id_tc26="\x2A\x85\x03\x07\x01" +OBJ_id_tc26_algorithms="\x2A\x85\x03\x07\x01\x01" +OBJ_id_tc26_sign="\x2A\x85\x03\x07\x01\x01\x01" +OBJ_id_GostR3410_2012_256="\x2A\x85\x03\x07\x01\x01\x01\x01" +OBJ_id_GostR3410_2012_512="\x2A\x85\x03\x07\x01\x01\x01\x02" +OBJ_id_tc26_digest="\x2A\x85\x03\x07\x01\x01\x02" +OBJ_id_GostR3411_2012_256="\x2A\x85\x03\x07\x01\x01\x02\x02" +OBJ_id_GostR3411_2012_512="\x2A\x85\x03\x07\x01\x01\x02\x03" +OBJ_id_tc26_signwithdigest="\x2A\x85\x03\x07\x01\x01\x03" +OBJ_id_tc26_signwithdigest_gost3410_2012_256="\x2A\x85\x03\x07\x01\x01\x03\x02" +OBJ_id_tc26_signwithdigest_gost3410_2012_512="\x2A\x85\x03\x07\x01\x01\x03\x03" +OBJ_id_tc26_mac="\x2A\x85\x03\x07\x01\x01\x04" +OBJ_id_tc26_hmac_gost_3411_2012_256="\x2A\x85\x03\x07\x01\x01\x04\x01" +OBJ_id_tc26_hmac_gost_3411_2012_512="\x2A\x85\x03\x07\x01\x01\x04\x02" +OBJ_id_tc26_cipher="\x2A\x85\x03\x07\x01\x01\x05" +OBJ_id_tc26_agreement="\x2A\x85\x03\x07\x01\x01\x06" +OBJ_id_tc26_agreement_gost_3410_2012_256="\x2A\x85\x03\x07\x01\x01\x06\x01" +OBJ_id_tc26_agreement_gost_3410_2012_512="\x2A\x85\x03\x07\x01\x01\x06\x02" +OBJ_id_tc26_constants="\x2A\x85\x03\x07\x01\x02" +OBJ_id_tc26_sign_constants="\x2A\x85\x03\x07\x01\x02\x01" +OBJ_id_tc26_gost_3410_2012_512_constants="\x2A\x85\x03\x07\x01\x02\x01\x02" +OBJ_id_tc26_gost_3410_2012_512_paramSetTest="\x2A\x85\x03\x07\x01\x02\x01\x02\x00" +OBJ_id_tc26_gost_3410_2012_512_paramSetA="\x2A\x85\x03\x07\x01\x02\x01\x02\x01" +OBJ_id_tc26_gost_3410_2012_512_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x02\x02" +OBJ_id_tc26_digest_constants="\x2A\x85\x03\x07\x01\x02\x02" +OBJ_id_tc26_cipher_constants="\x2A\x85\x03\x07\x01\x02\x05" +OBJ_id_tc26_gost_28147_constants="\x2A\x85\x03\x07\x01\x02\x05\x01" +OBJ_id_tc26_gost_28147_param_Z="\x2A\x85\x03\x07\x01\x02\x05\x01\x01" +OBJ_INN="\x2A\x85\x03\x03\x81\x03\x01\x01" +OBJ_OGRN="\x2A\x85\x03\x64\x01" +OBJ_SNILS="\x2A\x85\x03\x64\x03" +OBJ_subjectSignTool="\x2A\x85\x03\x64\x6F" +OBJ_issuerSignTool="\x2A\x85\x03\x64\x70" +OBJ_tlsfeature="\x2B\x06\x01\x05\x05\x07\x01\x18" +OBJ_ipsec_IKE="\x2B\x06\x01\x05\x05\x07\x03\x11" +OBJ_capwapAC="\x2B\x06\x01\x05\x05\x07\x03\x12" +OBJ_capwapWTP="\x2B\x06\x01\x05\x05\x07\x03\x13" +OBJ_sshClient="\x2B\x06\x01\x05\x05\x07\x03\x15" +OBJ_sshServer="\x2B\x06\x01\x05\x05\x07\x03\x16" +OBJ_sendRouter="\x2B\x06\x01\x05\x05\x07\x03\x17" +OBJ_sendProxiedRouter="\x2B\x06\x01\x05\x05\x07\x03\x18" +OBJ_sendOwner="\x2B\x06\x01\x05\x05\x07\x03\x19" +OBJ_sendProxiedOwner="\x2B\x06\x01\x05\x05\x07\x03\x1A" +OBJ_id_pkinit="\x2B\x06\x01\x05\x02\x03" +OBJ_pkInitClientAuth="\x2B\x06\x01\x05\x02\x03\x04" +OBJ_pkInitKDC="\x2B\x06\x01\x05\x02\x03\x05" +OBJ_X25519="\x2B\x65\x6E" +OBJ_X448="\x2B\x65\x6F" +OBJ_blake2b512="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x01\x10" +OBJ_blake2s256="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x02\x08" +OBJ_id_smime_ct_contentCollection="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x13" +OBJ_id_smime_ct_authEnvelopedData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x17" +OBJ_id_ct_xml="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1C" +OBJ_aria_128_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x01" +OBJ_aria_128_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x02" +OBJ_aria_128_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x03" +OBJ_aria_128_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x04" +OBJ_aria_128_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x05" +OBJ_aria_192_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x06" +OBJ_aria_192_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x07" +OBJ_aria_192_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x08" +OBJ_aria_192_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x09" +OBJ_aria_192_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0A" +OBJ_aria_256_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0B" +OBJ_aria_256_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0C" +OBJ_aria_256_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0D" +OBJ_aria_256_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0E" +OBJ_aria_256_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0F" +OBJ_id_smime_aa_signingCertificateV2="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x2F" +OBJ_ED25519="\x2B\x65\x70" +OBJ_ED448="\x2B\x65\x71" +OBJ_organizationIdentifier="\x55\x04\x61" +OBJ_countryCode3c="\x55\x04\x62" +OBJ_countryCode3n="\x55\x04\x63" +OBJ_dnsName="\x55\x04\x64" +OBJ_x509ExtAdmission="\x2B\x24\x08\x03\x03" +OBJ_sha512_224="\x60\x86\x48\x01\x65\x03\x04\x02\x05" +OBJ_sha512_256="\x60\x86\x48\x01\x65\x03\x04\x02\x06" +OBJ_sha3_224="\x60\x86\x48\x01\x65\x03\x04\x02\x07" +OBJ_sha3_256="\x60\x86\x48\x01\x65\x03\x04\x02\x08" +OBJ_sha3_384="\x60\x86\x48\x01\x65\x03\x04\x02\x09" +OBJ_sha3_512="\x60\x86\x48\x01\x65\x03\x04\x02\x0A" +OBJ_shake128="\x60\x86\x48\x01\x65\x03\x04\x02\x0B" +OBJ_shake256="\x60\x86\x48\x01\x65\x03\x04\x02\x0C" +OBJ_hmac_sha3_224="\x60\x86\x48\x01\x65\x03\x04\x02\x0D" +OBJ_hmac_sha3_256="\x60\x86\x48\x01\x65\x03\x04\x02\x0E" +OBJ_hmac_sha3_384="\x60\x86\x48\x01\x65\x03\x04\x02\x0F" +OBJ_hmac_sha3_512="\x60\x86\x48\x01\x65\x03\x04\x02\x10" +OBJ_dsa_with_SHA384="\x60\x86\x48\x01\x65\x03\x04\x03\x03" +OBJ_dsa_with_SHA512="\x60\x86\x48\x01\x65\x03\x04\x03\x04" +OBJ_dsa_with_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x05" +OBJ_dsa_with_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x06" +OBJ_dsa_with_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x07" +OBJ_dsa_with_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x08" +OBJ_ecdsa_with_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x09" +OBJ_ecdsa_with_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x0A" +OBJ_ecdsa_with_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x0B" +OBJ_ecdsa_with_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x0C" +OBJ_RSA_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x0D" +OBJ_RSA_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x0E" +OBJ_RSA_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x0F" +OBJ_RSA_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x10" +OBJ_aria_128_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x25" +OBJ_aria_192_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x26" +OBJ_aria_256_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x27" +OBJ_aria_128_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x22" +OBJ_aria_192_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x23" +OBJ_aria_256_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x24" +OBJ_cmcCA="\x2B\x06\x01\x05\x05\x07\x03\x1B" +OBJ_cmcRA="\x2B\x06\x01\x05\x05\x07\x03\x1C" +OBJ_sm4_ecb="\x2A\x81\x1C\xCF\x55\x01\x68\x01" +OBJ_sm4_cbc="\x2A\x81\x1C\xCF\x55\x01\x68\x02" +OBJ_sm4_ofb128="\x2A\x81\x1C\xCF\x55\x01\x68\x03" +OBJ_sm4_cfb1="\x2A\x81\x1C\xCF\x55\x01\x68\x05" +OBJ_sm4_cfb128="\x2A\x81\x1C\xCF\x55\x01\x68\x04" +OBJ_sm4_cfb8="\x2A\x81\x1C\xCF\x55\x01\x68\x06" +OBJ_sm4_ctr="\x2A\x81\x1C\xCF\x55\x01\x68\x07" +OBJ_ISO_CN="\x2A\x81\x1C" +OBJ_oscca="\x2A\x81\x1C\xCF\x55" +OBJ_sm_scheme="\x2A\x81\x1C\xCF\x55\x01" +OBJ_sm3="\x2A\x81\x1C\xCF\x55\x01\x83\x11" +OBJ_sm3WithRSAEncryption="\x2A\x81\x1C\xCF\x55\x01\x83\x78" +OBJ_sha512_224WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0F" +OBJ_sha512_256WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x10" +OBJ_id_tc26_gost_3410_2012_256_constants="\x2A\x85\x03\x07\x01\x02\x01\x01" +OBJ_id_tc26_gost_3410_2012_256_paramSetA="\x2A\x85\x03\x07\x01\x02\x01\x01\x01" +OBJ_id_tc26_gost_3410_2012_512_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x02\x03" +OBJ_ISO_UA="\x2A\x86\x24" +OBJ_ua_pki="\x2A\x86\x24\x02\x01\x01\x01" +OBJ_dstu28147="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01" +OBJ_dstu28147_ofb="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x02" +OBJ_dstu28147_cfb="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x03" +OBJ_dstu28147_wrap="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x05" +OBJ_hmacWithDstu34311="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x02" +OBJ_dstu34311="\x2A\x86\x24\x02\x01\x01\x01\x01\x02\x01" +OBJ_dstu4145le="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01" +OBJ_dstu4145be="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x01\x01" +OBJ_uacurve0="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x00" +OBJ_uacurve1="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x01" +OBJ_uacurve2="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x02" +OBJ_uacurve3="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x03" +OBJ_uacurve4="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x04" +OBJ_uacurve5="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x05" +OBJ_uacurve6="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x06" +OBJ_uacurve7="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x07" +OBJ_uacurve8="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x08" +OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09" +OBJ_ieee="\x2B\x6F" +OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53" +OBJ_sm2="\x2A\x81\x1C\xCF\x55\x01\x82\x2D" +OBJ_id_tc26_cipher_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x05\x01" +OBJ_magma_ctr_acpkm="\x2A\x85\x03\x07\x01\x01\x05\x01\x01" +OBJ_magma_ctr_acpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x01\x02" +OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x05\x02" +OBJ_kuznyechik_ctr_acpkm="\x2A\x85\x03\x07\x01\x01\x05\x02\x01" +OBJ_kuznyechik_ctr_acpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x02\x02" +OBJ_id_tc26_wrap="\x2A\x85\x03\x07\x01\x01\x07" +OBJ_id_tc26_wrap_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x07\x01" +OBJ_magma_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01" +OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x07\x02" +OBJ_kuznyechik_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x02\x01" +OBJ_id_tc26_gost_3410_2012_256_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x01\x02" +OBJ_id_tc26_gost_3410_2012_256_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x01\x03" +OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" +OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C" +OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D" +OBJ_gmac="\x28\xCC\x45\x03\x04" +OBJ_kmac128="\x60\x86\x48\x01\x65\x03\x04\x02\x13" +OBJ_kmac256="\x60\x86\x48\x01\x65\x03\x04\x02\x14" +OBJ_blake2bmac="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x01" +OBJ_blake2smac="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x02" +OBJ_SM2_with_SM3="\x2A\x81\x1C\xCF\x55\x01\x83\x75" +OBJ_id_on_SmtpUTF8Mailbox="\x2B\x06\x01\x05\x05\x07\x08\x09" +OBJ_XmppAddr="\x2B\x06\x01\x05\x05\x07\x08\x05" +OBJ_SRVName="\x2B\x06\x01\x05\x05\x07\x08\x07" +OBJ_NAIRealm="\x2B\x06\x01\x05\x05\x07\x08\x08" +OBJ_cmcArchive="\x2B\x06\x01\x05\x05\x07\x03\x1D" +OBJ_id_kp_bgpsec_router="\x2B\x06\x01\x05\x05\x07\x03\x1E" +OBJ_id_kp_BrandIndicatorforMessageIdentification="\x2B\x06\x01\x05\x05\x07\x03\x1F" +OBJ_cmKGA="\x2B\x06\x01\x05\x05\x07\x03\x20" +OBJ_id_it_caCerts="\x2B\x06\x01\x05\x05\x07\x04\x11" +OBJ_id_it_rootCaKeyUpdate="\x2B\x06\x01\x05\x05\x07\x04\x12" +OBJ_id_it_certReqTemplate="\x2B\x06\x01\x05\x05\x07\x04\x13" +OBJ_OGRNIP="\x2A\x85\x03\x64\x05" +OBJ_classSignTool="\x2A\x85\x03\x64\x71" +OBJ_classSignToolKC1="\x2A\x85\x03\x64\x71\x01" +OBJ_classSignToolKC2="\x2A\x85\x03\x64\x71\x02" +OBJ_classSignToolKC3="\x2A\x85\x03\x64\x71\x03" +OBJ_classSignToolKB1="\x2A\x85\x03\x64\x71\x04" +OBJ_classSignToolKB2="\x2A\x85\x03\x64\x71\x05" +OBJ_classSignToolKA1="\x2A\x85\x03\x64\x71\x06" +OBJ_id_ct_routeOriginAuthz="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x18" +OBJ_id_ct_rpkiManifest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1A" +OBJ_id_ct_rpkiGhostbusters="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x23" +OBJ_id_ct_resourceTaggedAttest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x24" +OBJ_id_cp="\x2B\x06\x01\x05\x05\x07\x0E" +OBJ_sbgp_ipAddrBlockv2="\x2B\x06\x01\x05\x05\x07\x01\x1C" +OBJ_sbgp_autonomousSysNumv2="\x2B\x06\x01\x05\x05\x07\x01\x1D" +OBJ_ipAddr_asNumber="\x2B\x06\x01\x05\x05\x07\x0E\x02" +OBJ_ipAddr_asNumberv2="\x2B\x06\x01\x05\x05\x07\x0E\x03" +OBJ_rpkiManifest="\x2B\x06\x01\x05\x05\x07\x30\x0A" +OBJ_signedObject="\x2B\x06\x01\x05\x05\x07\x30\x0B" +OBJ_rpkiNotify="\x2B\x06\x01\x05\x05\x07\x30\x0D" +OBJ_id_ct_geofeedCSVwithCRLF="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x2F" +OBJ_id_ct_signedChecklist="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x30" diff --git a/fuzz/server.c b/fuzz/server.c new file mode 100644 index 000000000000..e481e5621ce3 --- /dev/null +++ b/fuzz/server.c @@ -0,0 +1,659 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* Shamelessly copied from BoringSSL and converted to C. */ + +/* Test first part of SSL server handshake. */ + +/* We need to use some deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + +#include <time.h> +#include <openssl/rand.h> +#include <openssl/ssl.h> +#include <openssl/rsa.h> +#include <openssl/dsa.h> +#include <openssl/ec.h> +#include <openssl/dh.h> +#include <openssl/err.h> +#include "fuzzer.h" + +static const uint8_t kCertificateDER[] = { + 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb, + 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, + 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, + 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31, + 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a, + 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34, + 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, + 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11, + 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6, + 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9, + 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71, + 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8, + 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57, + 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3, + 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20, + 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca, + 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a, + 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0, + 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40, + 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea, + 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7, + 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d, + 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09, + 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf, + 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9, + 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33, + 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb, + 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94, + 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, + 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, + 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82, + 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67, + 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92, + 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae, + 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9, + 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a, + 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36, + 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef, + 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b, + 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e, + 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef, + 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5, + 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55, + 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17, + 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba, + 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34, + 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1, + 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39, + 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70, + 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb, + 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22, + 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90, + 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4, + 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58, + 0x76, 0x8a, 0xbb, +}; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +static const uint8_t kRSAPrivateKeyDER[] = { + 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, + 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, + 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, + 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, + 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, + 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, + 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, + 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, + 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, + 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, + 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, + 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, + 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, + 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, + 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, + 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, + 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, + 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, + 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, + 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, + 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, + 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef, + 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08, + 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72, + 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81, + 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28, + 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce, + 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d, + 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf, + 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4, + 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c, + 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d, + 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51, + 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05, + 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16, + 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35, + 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17, + 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2, + 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd, + 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02, + 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6, + 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75, + 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46, + 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00, + 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b, + 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20, + 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c, + 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c, + 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72, + 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb, + 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26, + 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31, + 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78, + 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f, + 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d, + 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2, + 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3, + 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7, + 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80, + 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed, + 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4, + 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6, + 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b, + 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d, + 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c, + 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d, + 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05, + 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6, + 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0, + 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc, + 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b, + 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3, + 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9, + 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53, + 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e, + 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88, + 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85, + 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6, + 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b, + 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98, + 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f, + 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16, + 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a, + 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9, + 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7, + 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc, + 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7, + 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c, + 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05, + 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94, + 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81, + 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55, + 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a, + 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42, + 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c, + 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90, + 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50, + 0x98, 0x46, 0x89, 0x82, 0x40, +}; +#endif + +#ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * -----BEGIN EC PRIVATE KEY----- + * MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49 + * AwEHoUQDQgAEdsjygVYjjaKBF4CNECVllNf017p5/MxNSWDoTHy9I2GeDwEDDazI + * D/xy8JiYjtPKVE/Zqwbmivp2UwtH28a7NQ== + * -----END EC PRIVATE KEY----- + */ +static const char ECDSAPrivateKeyPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, + 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, + 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x48, 0x63, 0x43, 0x41, + 0x51, 0x45, 0x45, 0x49, 0x4a, 0x4c, 0x79, 0x6c, 0x37, 0x68, 0x4a, 0x6a, + 0x70, 0x51, 0x4c, 0x2f, 0x52, 0x68, 0x50, 0x31, 0x78, 0x32, 0x7a, 0x53, + 0x37, 0x39, 0x78, 0x64, 0x69, 0x50, 0x4a, 0x51, 0x42, 0x36, 0x38, 0x33, + 0x67, 0x57, 0x65, 0x71, 0x63, 0x71, 0x48, 0x50, 0x65, 0x5a, 0x6b, 0x6f, + 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x0a, + 0x41, 0x77, 0x45, 0x48, 0x6f, 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45, + 0x64, 0x73, 0x6a, 0x79, 0x67, 0x56, 0x59, 0x6a, 0x6a, 0x61, 0x4b, 0x42, + 0x46, 0x34, 0x43, 0x4e, 0x45, 0x43, 0x56, 0x6c, 0x6c, 0x4e, 0x66, 0x30, + 0x31, 0x37, 0x70, 0x35, 0x2f, 0x4d, 0x78, 0x4e, 0x53, 0x57, 0x44, 0x6f, + 0x54, 0x48, 0x79, 0x39, 0x49, 0x32, 0x47, 0x65, 0x44, 0x77, 0x45, 0x44, + 0x44, 0x61, 0x7a, 0x49, 0x0a, 0x44, 0x2f, 0x78, 0x79, 0x38, 0x4a, 0x69, + 0x59, 0x6a, 0x74, 0x50, 0x4b, 0x56, 0x45, 0x2f, 0x5a, 0x71, 0x77, 0x62, + 0x6d, 0x69, 0x76, 0x70, 0x32, 0x55, 0x77, 0x74, 0x48, 0x32, 0x38, 0x61, + 0x37, 0x4e, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, + 0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, + 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a +}; +# endif + +/* + * -----BEGIN CERTIFICATE----- + * MIIBXzCCAQagAwIBAgIJAK6/Yvf/ain6MAoGCCqGSM49BAMCMBIxEDAOBgNVBAoM + * B0FjbWUgQ28wHhcNMTYxMjI1MTEzOTI3WhcNMjYxMjI1MTEzOTI3WjASMRAwDgYD + * VQQKDAdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdsjygVYjjaKB + * F4CNECVllNf017p5/MxNSWDoTHy9I2GeDwEDDazID/xy8JiYjtPKVE/Zqwbmivp2 + * UwtH28a7NaNFMEMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYI + * KwYBBQUHAwEwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAoGCCqGSM49BAMCA0cAMEQC + * IEzr3t/jejVE9oSnBp8c3P2p+lDLVRrB8zxLyjZvirUXAiAyQPaE9MNcL8/nRpuu + * 99I1enCSmWIAJ57IwuJ/n1d45Q== + * -----END CERTIFICATE----- + */ +static const char ECDSACertPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, + 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, 0x58, 0x7a, 0x43, 0x43, + 0x41, 0x51, 0x61, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4a, + 0x41, 0x4b, 0x36, 0x2f, 0x59, 0x76, 0x66, 0x2f, 0x61, 0x69, 0x6e, 0x36, + 0x4d, 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, + 0x42, 0x41, 0x4d, 0x43, 0x4d, 0x42, 0x49, 0x78, 0x45, 0x44, 0x41, 0x4f, + 0x42, 0x67, 0x4e, 0x56, 0x42, 0x41, 0x6f, 0x4d, 0x0a, 0x42, 0x30, 0x46, + 0x6a, 0x62, 0x57, 0x55, 0x67, 0x51, 0x32, 0x38, 0x77, 0x48, 0x68, 0x63, + 0x4e, 0x4d, 0x54, 0x59, 0x78, 0x4d, 0x6a, 0x49, 0x31, 0x4d, 0x54, 0x45, + 0x7a, 0x4f, 0x54, 0x49, 0x33, 0x57, 0x68, 0x63, 0x4e, 0x4d, 0x6a, 0x59, + 0x78, 0x4d, 0x6a, 0x49, 0x31, 0x4d, 0x54, 0x45, 0x7a, 0x4f, 0x54, 0x49, + 0x33, 0x57, 0x6a, 0x41, 0x53, 0x4d, 0x52, 0x41, 0x77, 0x44, 0x67, 0x59, + 0x44, 0x0a, 0x56, 0x51, 0x51, 0x4b, 0x44, 0x41, 0x64, 0x42, 0x59, 0x32, + 0x31, 0x6c, 0x49, 0x45, 0x4e, 0x76, 0x4d, 0x46, 0x6b, 0x77, 0x45, 0x77, + 0x59, 0x48, 0x4b, 0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x43, 0x41, 0x51, + 0x59, 0x49, 0x4b, 0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x44, 0x41, 0x51, + 0x63, 0x44, 0x51, 0x67, 0x41, 0x45, 0x64, 0x73, 0x6a, 0x79, 0x67, 0x56, + 0x59, 0x6a, 0x6a, 0x61, 0x4b, 0x42, 0x0a, 0x46, 0x34, 0x43, 0x4e, 0x45, + 0x43, 0x56, 0x6c, 0x6c, 0x4e, 0x66, 0x30, 0x31, 0x37, 0x70, 0x35, 0x2f, + 0x4d, 0x78, 0x4e, 0x53, 0x57, 0x44, 0x6f, 0x54, 0x48, 0x79, 0x39, 0x49, + 0x32, 0x47, 0x65, 0x44, 0x77, 0x45, 0x44, 0x44, 0x61, 0x7a, 0x49, 0x44, + 0x2f, 0x78, 0x79, 0x38, 0x4a, 0x69, 0x59, 0x6a, 0x74, 0x50, 0x4b, 0x56, + 0x45, 0x2f, 0x5a, 0x71, 0x77, 0x62, 0x6d, 0x69, 0x76, 0x70, 0x32, 0x0a, + 0x55, 0x77, 0x74, 0x48, 0x32, 0x38, 0x61, 0x37, 0x4e, 0x61, 0x4e, 0x46, + 0x4d, 0x45, 0x4d, 0x77, 0x43, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x54, + 0x42, 0x41, 0x49, 0x77, 0x41, 0x44, 0x41, 0x4c, 0x42, 0x67, 0x4e, 0x56, + 0x48, 0x51, 0x38, 0x45, 0x42, 0x41, 0x4d, 0x43, 0x42, 0x61, 0x41, 0x77, + 0x45, 0x77, 0x59, 0x44, 0x56, 0x52, 0x30, 0x6c, 0x42, 0x41, 0x77, 0x77, + 0x43, 0x67, 0x59, 0x49, 0x0a, 0x4b, 0x77, 0x59, 0x42, 0x42, 0x51, 0x55, + 0x48, 0x41, 0x77, 0x45, 0x77, 0x46, 0x41, 0x59, 0x44, 0x56, 0x52, 0x30, + 0x52, 0x42, 0x41, 0x30, 0x77, 0x43, 0x34, 0x49, 0x4a, 0x62, 0x47, 0x39, + 0x6a, 0x59, 0x57, 0x78, 0x6f, 0x62, 0x33, 0x4e, 0x30, 0x4d, 0x41, 0x6f, + 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x42, 0x41, 0x4d, + 0x43, 0x41, 0x30, 0x63, 0x41, 0x4d, 0x45, 0x51, 0x43, 0x0a, 0x49, 0x45, + 0x7a, 0x72, 0x33, 0x74, 0x2f, 0x6a, 0x65, 0x6a, 0x56, 0x45, 0x39, 0x6f, + 0x53, 0x6e, 0x42, 0x70, 0x38, 0x63, 0x33, 0x50, 0x32, 0x70, 0x2b, 0x6c, + 0x44, 0x4c, 0x56, 0x52, 0x72, 0x42, 0x38, 0x7a, 0x78, 0x4c, 0x79, 0x6a, + 0x5a, 0x76, 0x69, 0x72, 0x55, 0x58, 0x41, 0x69, 0x41, 0x79, 0x51, 0x50, + 0x61, 0x45, 0x39, 0x4d, 0x4e, 0x63, 0x4c, 0x38, 0x2f, 0x6e, 0x52, 0x70, + 0x75, 0x75, 0x0a, 0x39, 0x39, 0x49, 0x31, 0x65, 0x6e, 0x43, 0x53, 0x6d, + 0x57, 0x49, 0x41, 0x4a, 0x35, 0x37, 0x49, 0x77, 0x75, 0x4a, 0x2f, 0x6e, + 0x31, 0x64, 0x34, 0x35, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, + 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, + 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a +}; +#endif + +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) +/* + * -----BEGIN DSA PRIVATE KEY----- + * MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP + * Wzf03ULKS5UKjA6WpR6EiZAhm+PdxusZ5xfAuRZLdKy0bgxn1f348Rwh+EQNaEM8 + * 0TGcnw5ijwKmSw5yyHPDWdiHzoqEBlhAf8Nl22YTXax/clsc/pu/RRLAdwIVAIEg + * QqWRf/1EIZZcgM65Qpd65YuxAoGBAKBauV/RuloFHoSy5iWXESDywiS380tN5974 + * GukGwoYdZo5uSIH6ahpeNSef0MbHGAzr7ZVEnhCQfRAwH1gRvSHoq/Rbmcvtd3r+ + * QtQHOwvQHgLAynhI4i73c794czHaR+439bmcaSwDnQduRM85Mho/jiiZzAVPxBmG + * POIMWNXXAoGAI6Ep5IE7yn3JzkXO9B6tC3bbDM+ZzuuInwZLbtZ8lim7Dsqabg4k + * 2YbE4R95Bnfwnjsyl80mq/DbQN5lAHBvjDrkC6ItojBGKI3+iIrqGUEJdxvl4ulj + * F0PmSD7zvIG8BfocKOel+EHH0YryExiW6krV1KW2ZRmJrqSFw6KCjV0CFFQFbPfU + * xy5PmKytJmXR8BmppkIO + * -----END DSA PRIVATE KEY----- + */ +static const char DSAPrivateKeyPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x44, + 0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, + 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, + 0x75, 0x77, 0x49, 0x42, 0x41, 0x41, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x64, + 0x6b, 0x46, 0x4b, 0x7a, 0x4e, 0x41, 0x42, 0x4c, 0x4f, 0x68, 0x61, 0x37, + 0x45, 0x71, 0x6a, 0x37, 0x30, 0x30, 0x34, 0x2b, 0x70, 0x35, 0x66, 0x68, + 0x74, 0x52, 0x36, 0x62, 0x78, 0x70, 0x75, 0x6a, 0x54, 0x6f, 0x4d, 0x6d, + 0x53, 0x5a, 0x54, 0x59, 0x69, 0x38, 0x69, 0x67, 0x56, 0x56, 0x58, 0x50, + 0x0a, 0x57, 0x7a, 0x66, 0x30, 0x33, 0x55, 0x4c, 0x4b, 0x53, 0x35, 0x55, + 0x4b, 0x6a, 0x41, 0x36, 0x57, 0x70, 0x52, 0x36, 0x45, 0x69, 0x5a, 0x41, + 0x68, 0x6d, 0x2b, 0x50, 0x64, 0x78, 0x75, 0x73, 0x5a, 0x35, 0x78, 0x66, + 0x41, 0x75, 0x52, 0x5a, 0x4c, 0x64, 0x4b, 0x79, 0x30, 0x62, 0x67, 0x78, + 0x6e, 0x31, 0x66, 0x33, 0x34, 0x38, 0x52, 0x77, 0x68, 0x2b, 0x45, 0x51, + 0x4e, 0x61, 0x45, 0x4d, 0x38, 0x0a, 0x30, 0x54, 0x47, 0x63, 0x6e, 0x77, + 0x35, 0x69, 0x6a, 0x77, 0x4b, 0x6d, 0x53, 0x77, 0x35, 0x79, 0x79, 0x48, + 0x50, 0x44, 0x57, 0x64, 0x69, 0x48, 0x7a, 0x6f, 0x71, 0x45, 0x42, 0x6c, + 0x68, 0x41, 0x66, 0x38, 0x4e, 0x6c, 0x32, 0x32, 0x59, 0x54, 0x58, 0x61, + 0x78, 0x2f, 0x63, 0x6c, 0x73, 0x63, 0x2f, 0x70, 0x75, 0x2f, 0x52, 0x52, + 0x4c, 0x41, 0x64, 0x77, 0x49, 0x56, 0x41, 0x49, 0x45, 0x67, 0x0a, 0x51, + 0x71, 0x57, 0x52, 0x66, 0x2f, 0x31, 0x45, 0x49, 0x5a, 0x5a, 0x63, 0x67, + 0x4d, 0x36, 0x35, 0x51, 0x70, 0x64, 0x36, 0x35, 0x59, 0x75, 0x78, 0x41, + 0x6f, 0x47, 0x42, 0x41, 0x4b, 0x42, 0x61, 0x75, 0x56, 0x2f, 0x52, 0x75, + 0x6c, 0x6f, 0x46, 0x48, 0x6f, 0x53, 0x79, 0x35, 0x69, 0x57, 0x58, 0x45, + 0x53, 0x44, 0x79, 0x77, 0x69, 0x53, 0x33, 0x38, 0x30, 0x74, 0x4e, 0x35, + 0x39, 0x37, 0x34, 0x0a, 0x47, 0x75, 0x6b, 0x47, 0x77, 0x6f, 0x59, 0x64, + 0x5a, 0x6f, 0x35, 0x75, 0x53, 0x49, 0x48, 0x36, 0x61, 0x68, 0x70, 0x65, + 0x4e, 0x53, 0x65, 0x66, 0x30, 0x4d, 0x62, 0x48, 0x47, 0x41, 0x7a, 0x72, + 0x37, 0x5a, 0x56, 0x45, 0x6e, 0x68, 0x43, 0x51, 0x66, 0x52, 0x41, 0x77, + 0x48, 0x31, 0x67, 0x52, 0x76, 0x53, 0x48, 0x6f, 0x71, 0x2f, 0x52, 0x62, + 0x6d, 0x63, 0x76, 0x74, 0x64, 0x33, 0x72, 0x2b, 0x0a, 0x51, 0x74, 0x51, + 0x48, 0x4f, 0x77, 0x76, 0x51, 0x48, 0x67, 0x4c, 0x41, 0x79, 0x6e, 0x68, + 0x49, 0x34, 0x69, 0x37, 0x33, 0x63, 0x37, 0x39, 0x34, 0x63, 0x7a, 0x48, + 0x61, 0x52, 0x2b, 0x34, 0x33, 0x39, 0x62, 0x6d, 0x63, 0x61, 0x53, 0x77, + 0x44, 0x6e, 0x51, 0x64, 0x75, 0x52, 0x4d, 0x38, 0x35, 0x4d, 0x68, 0x6f, + 0x2f, 0x6a, 0x69, 0x69, 0x5a, 0x7a, 0x41, 0x56, 0x50, 0x78, 0x42, 0x6d, + 0x47, 0x0a, 0x50, 0x4f, 0x49, 0x4d, 0x57, 0x4e, 0x58, 0x58, 0x41, 0x6f, + 0x47, 0x41, 0x49, 0x36, 0x45, 0x70, 0x35, 0x49, 0x45, 0x37, 0x79, 0x6e, + 0x33, 0x4a, 0x7a, 0x6b, 0x58, 0x4f, 0x39, 0x42, 0x36, 0x74, 0x43, 0x33, + 0x62, 0x62, 0x44, 0x4d, 0x2b, 0x5a, 0x7a, 0x75, 0x75, 0x49, 0x6e, 0x77, + 0x5a, 0x4c, 0x62, 0x74, 0x5a, 0x38, 0x6c, 0x69, 0x6d, 0x37, 0x44, 0x73, + 0x71, 0x61, 0x62, 0x67, 0x34, 0x6b, 0x0a, 0x32, 0x59, 0x62, 0x45, 0x34, + 0x52, 0x39, 0x35, 0x42, 0x6e, 0x66, 0x77, 0x6e, 0x6a, 0x73, 0x79, 0x6c, + 0x38, 0x30, 0x6d, 0x71, 0x2f, 0x44, 0x62, 0x51, 0x4e, 0x35, 0x6c, 0x41, + 0x48, 0x42, 0x76, 0x6a, 0x44, 0x72, 0x6b, 0x43, 0x36, 0x49, 0x74, 0x6f, + 0x6a, 0x42, 0x47, 0x4b, 0x49, 0x33, 0x2b, 0x69, 0x49, 0x72, 0x71, 0x47, + 0x55, 0x45, 0x4a, 0x64, 0x78, 0x76, 0x6c, 0x34, 0x75, 0x6c, 0x6a, 0x0a, + 0x46, 0x30, 0x50, 0x6d, 0x53, 0x44, 0x37, 0x7a, 0x76, 0x49, 0x47, 0x38, + 0x42, 0x66, 0x6f, 0x63, 0x4b, 0x4f, 0x65, 0x6c, 0x2b, 0x45, 0x48, 0x48, + 0x30, 0x59, 0x72, 0x79, 0x45, 0x78, 0x69, 0x57, 0x36, 0x6b, 0x72, 0x56, + 0x31, 0x4b, 0x57, 0x32, 0x5a, 0x52, 0x6d, 0x4a, 0x72, 0x71, 0x53, 0x46, + 0x77, 0x36, 0x4b, 0x43, 0x6a, 0x56, 0x30, 0x43, 0x46, 0x46, 0x51, 0x46, + 0x62, 0x50, 0x66, 0x55, 0x0a, 0x78, 0x79, 0x35, 0x50, 0x6d, 0x4b, 0x79, + 0x74, 0x4a, 0x6d, 0x58, 0x52, 0x38, 0x42, 0x6d, 0x70, 0x70, 0x6b, 0x49, + 0x4f, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x44, + 0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, + 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a +}; + +/* + * -----BEGIN CERTIFICATE----- + * MIICqTCCAmegAwIBAgIJAILDGUk37fWGMAsGCWCGSAFlAwQDAjASMRAwDgYDVQQK + * DAdBY21lIENvMB4XDTE2MTIyNTEzMjUzNloXDTI2MTIyNTEzMjUzNlowEjEQMA4G + * A1UECgwHQWNtZSBDbzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDdkFKzNABLOha7 + * Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXPWzf03ULKS5UKjA6WpR6EiZAhm+Pd + * xusZ5xfAuRZLdKy0bgxn1f348Rwh+EQNaEM80TGcnw5ijwKmSw5yyHPDWdiHzoqE + * BlhAf8Nl22YTXax/clsc/pu/RRLAdwIVAIEgQqWRf/1EIZZcgM65Qpd65YuxAoGB + * AKBauV/RuloFHoSy5iWXESDywiS380tN5974GukGwoYdZo5uSIH6ahpeNSef0MbH + * GAzr7ZVEnhCQfRAwH1gRvSHoq/Rbmcvtd3r+QtQHOwvQHgLAynhI4i73c794czHa + * R+439bmcaSwDnQduRM85Mho/jiiZzAVPxBmGPOIMWNXXA4GEAAKBgCOhKeSBO8p9 + * yc5FzvQerQt22wzPmc7riJ8GS27WfJYpuw7Kmm4OJNmGxOEfeQZ38J47MpfNJqvw + * 20DeZQBwb4w65AuiLaIwRiiN/oiK6hlBCXcb5eLpYxdD5kg+87yBvAX6HCjnpfhB + * x9GK8hMYlupK1dSltmUZia6khcOigo1do0UwQzAJBgNVHRMEAjAAMAsGA1UdDwQE + * AwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAUBgNVHREEDTALgglsb2NhbGhvc3Qw + * CwYJYIZIAWUDBAMCAy8AMCwCFClxInXTRWNJEWdi5ilNr/fbM1bKAhQy4B7wtmfd + * I+zV6g3w9qBkNqStpA== + * -----END CERTIFICATE----- + */ +static const char DSACertPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, + 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x71, 0x54, 0x43, 0x43, + 0x41, 0x6d, 0x65, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4a, + 0x41, 0x49, 0x4c, 0x44, 0x47, 0x55, 0x6b, 0x33, 0x37, 0x66, 0x57, 0x47, + 0x4d, 0x41, 0x73, 0x47, 0x43, 0x57, 0x43, 0x47, 0x53, 0x41, 0x46, 0x6c, + 0x41, 0x77, 0x51, 0x44, 0x41, 0x6a, 0x41, 0x53, 0x4d, 0x52, 0x41, 0x77, + 0x44, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4b, 0x0a, 0x44, 0x41, 0x64, + 0x42, 0x59, 0x32, 0x31, 0x6c, 0x49, 0x45, 0x4e, 0x76, 0x4d, 0x42, 0x34, + 0x58, 0x44, 0x54, 0x45, 0x32, 0x4d, 0x54, 0x49, 0x79, 0x4e, 0x54, 0x45, + 0x7a, 0x4d, 0x6a, 0x55, 0x7a, 0x4e, 0x6c, 0x6f, 0x58, 0x44, 0x54, 0x49, + 0x32, 0x4d, 0x54, 0x49, 0x79, 0x4e, 0x54, 0x45, 0x7a, 0x4d, 0x6a, 0x55, + 0x7a, 0x4e, 0x6c, 0x6f, 0x77, 0x45, 0x6a, 0x45, 0x51, 0x4d, 0x41, 0x34, + 0x47, 0x0a, 0x41, 0x31, 0x55, 0x45, 0x43, 0x67, 0x77, 0x48, 0x51, 0x57, + 0x4e, 0x74, 0x5a, 0x53, 0x42, 0x44, 0x62, 0x7a, 0x43, 0x43, 0x41, 0x62, + 0x63, 0x77, 0x67, 0x67, 0x45, 0x73, 0x42, 0x67, 0x63, 0x71, 0x68, 0x6b, + 0x6a, 0x4f, 0x4f, 0x41, 0x51, 0x42, 0x4d, 0x49, 0x49, 0x42, 0x48, 0x77, + 0x4b, 0x42, 0x67, 0x51, 0x44, 0x64, 0x6b, 0x46, 0x4b, 0x7a, 0x4e, 0x41, + 0x42, 0x4c, 0x4f, 0x68, 0x61, 0x37, 0x0a, 0x45, 0x71, 0x6a, 0x37, 0x30, + 0x30, 0x34, 0x2b, 0x70, 0x35, 0x66, 0x68, 0x74, 0x52, 0x36, 0x62, 0x78, + 0x70, 0x75, 0x6a, 0x54, 0x6f, 0x4d, 0x6d, 0x53, 0x5a, 0x54, 0x59, 0x69, + 0x38, 0x69, 0x67, 0x56, 0x56, 0x58, 0x50, 0x57, 0x7a, 0x66, 0x30, 0x33, + 0x55, 0x4c, 0x4b, 0x53, 0x35, 0x55, 0x4b, 0x6a, 0x41, 0x36, 0x57, 0x70, + 0x52, 0x36, 0x45, 0x69, 0x5a, 0x41, 0x68, 0x6d, 0x2b, 0x50, 0x64, 0x0a, + 0x78, 0x75, 0x73, 0x5a, 0x35, 0x78, 0x66, 0x41, 0x75, 0x52, 0x5a, 0x4c, + 0x64, 0x4b, 0x79, 0x30, 0x62, 0x67, 0x78, 0x6e, 0x31, 0x66, 0x33, 0x34, + 0x38, 0x52, 0x77, 0x68, 0x2b, 0x45, 0x51, 0x4e, 0x61, 0x45, 0x4d, 0x38, + 0x30, 0x54, 0x47, 0x63, 0x6e, 0x77, 0x35, 0x69, 0x6a, 0x77, 0x4b, 0x6d, + 0x53, 0x77, 0x35, 0x79, 0x79, 0x48, 0x50, 0x44, 0x57, 0x64, 0x69, 0x48, + 0x7a, 0x6f, 0x71, 0x45, 0x0a, 0x42, 0x6c, 0x68, 0x41, 0x66, 0x38, 0x4e, + 0x6c, 0x32, 0x32, 0x59, 0x54, 0x58, 0x61, 0x78, 0x2f, 0x63, 0x6c, 0x73, + 0x63, 0x2f, 0x70, 0x75, 0x2f, 0x52, 0x52, 0x4c, 0x41, 0x64, 0x77, 0x49, + 0x56, 0x41, 0x49, 0x45, 0x67, 0x51, 0x71, 0x57, 0x52, 0x66, 0x2f, 0x31, + 0x45, 0x49, 0x5a, 0x5a, 0x63, 0x67, 0x4d, 0x36, 0x35, 0x51, 0x70, 0x64, + 0x36, 0x35, 0x59, 0x75, 0x78, 0x41, 0x6f, 0x47, 0x42, 0x0a, 0x41, 0x4b, + 0x42, 0x61, 0x75, 0x56, 0x2f, 0x52, 0x75, 0x6c, 0x6f, 0x46, 0x48, 0x6f, + 0x53, 0x79, 0x35, 0x69, 0x57, 0x58, 0x45, 0x53, 0x44, 0x79, 0x77, 0x69, + 0x53, 0x33, 0x38, 0x30, 0x74, 0x4e, 0x35, 0x39, 0x37, 0x34, 0x47, 0x75, + 0x6b, 0x47, 0x77, 0x6f, 0x59, 0x64, 0x5a, 0x6f, 0x35, 0x75, 0x53, 0x49, + 0x48, 0x36, 0x61, 0x68, 0x70, 0x65, 0x4e, 0x53, 0x65, 0x66, 0x30, 0x4d, + 0x62, 0x48, 0x0a, 0x47, 0x41, 0x7a, 0x72, 0x37, 0x5a, 0x56, 0x45, 0x6e, + 0x68, 0x43, 0x51, 0x66, 0x52, 0x41, 0x77, 0x48, 0x31, 0x67, 0x52, 0x76, + 0x53, 0x48, 0x6f, 0x71, 0x2f, 0x52, 0x62, 0x6d, 0x63, 0x76, 0x74, 0x64, + 0x33, 0x72, 0x2b, 0x51, 0x74, 0x51, 0x48, 0x4f, 0x77, 0x76, 0x51, 0x48, + 0x67, 0x4c, 0x41, 0x79, 0x6e, 0x68, 0x49, 0x34, 0x69, 0x37, 0x33, 0x63, + 0x37, 0x39, 0x34, 0x63, 0x7a, 0x48, 0x61, 0x0a, 0x52, 0x2b, 0x34, 0x33, + 0x39, 0x62, 0x6d, 0x63, 0x61, 0x53, 0x77, 0x44, 0x6e, 0x51, 0x64, 0x75, + 0x52, 0x4d, 0x38, 0x35, 0x4d, 0x68, 0x6f, 0x2f, 0x6a, 0x69, 0x69, 0x5a, + 0x7a, 0x41, 0x56, 0x50, 0x78, 0x42, 0x6d, 0x47, 0x50, 0x4f, 0x49, 0x4d, + 0x57, 0x4e, 0x58, 0x58, 0x41, 0x34, 0x47, 0x45, 0x41, 0x41, 0x4b, 0x42, + 0x67, 0x43, 0x4f, 0x68, 0x4b, 0x65, 0x53, 0x42, 0x4f, 0x38, 0x70, 0x39, + 0x0a, 0x79, 0x63, 0x35, 0x46, 0x7a, 0x76, 0x51, 0x65, 0x72, 0x51, 0x74, + 0x32, 0x32, 0x77, 0x7a, 0x50, 0x6d, 0x63, 0x37, 0x72, 0x69, 0x4a, 0x38, + 0x47, 0x53, 0x32, 0x37, 0x57, 0x66, 0x4a, 0x59, 0x70, 0x75, 0x77, 0x37, + 0x4b, 0x6d, 0x6d, 0x34, 0x4f, 0x4a, 0x4e, 0x6d, 0x47, 0x78, 0x4f, 0x45, + 0x66, 0x65, 0x51, 0x5a, 0x33, 0x38, 0x4a, 0x34, 0x37, 0x4d, 0x70, 0x66, + 0x4e, 0x4a, 0x71, 0x76, 0x77, 0x0a, 0x32, 0x30, 0x44, 0x65, 0x5a, 0x51, + 0x42, 0x77, 0x62, 0x34, 0x77, 0x36, 0x35, 0x41, 0x75, 0x69, 0x4c, 0x61, + 0x49, 0x77, 0x52, 0x69, 0x69, 0x4e, 0x2f, 0x6f, 0x69, 0x4b, 0x36, 0x68, + 0x6c, 0x42, 0x43, 0x58, 0x63, 0x62, 0x35, 0x65, 0x4c, 0x70, 0x59, 0x78, + 0x64, 0x44, 0x35, 0x6b, 0x67, 0x2b, 0x38, 0x37, 0x79, 0x42, 0x76, 0x41, + 0x58, 0x36, 0x48, 0x43, 0x6a, 0x6e, 0x70, 0x66, 0x68, 0x42, 0x0a, 0x78, + 0x39, 0x47, 0x4b, 0x38, 0x68, 0x4d, 0x59, 0x6c, 0x75, 0x70, 0x4b, 0x31, + 0x64, 0x53, 0x6c, 0x74, 0x6d, 0x55, 0x5a, 0x69, 0x61, 0x36, 0x6b, 0x68, + 0x63, 0x4f, 0x69, 0x67, 0x6f, 0x31, 0x64, 0x6f, 0x30, 0x55, 0x77, 0x51, + 0x7a, 0x41, 0x4a, 0x42, 0x67, 0x4e, 0x56, 0x48, 0x52, 0x4d, 0x45, 0x41, + 0x6a, 0x41, 0x41, 0x4d, 0x41, 0x73, 0x47, 0x41, 0x31, 0x55, 0x64, 0x44, + 0x77, 0x51, 0x45, 0x0a, 0x41, 0x77, 0x49, 0x46, 0x6f, 0x44, 0x41, 0x54, + 0x42, 0x67, 0x4e, 0x56, 0x48, 0x53, 0x55, 0x45, 0x44, 0x44, 0x41, 0x4b, + 0x42, 0x67, 0x67, 0x72, 0x42, 0x67, 0x45, 0x46, 0x42, 0x51, 0x63, 0x44, + 0x41, 0x54, 0x41, 0x55, 0x42, 0x67, 0x4e, 0x56, 0x48, 0x52, 0x45, 0x45, + 0x44, 0x54, 0x41, 0x4c, 0x67, 0x67, 0x6c, 0x73, 0x62, 0x32, 0x4e, 0x68, + 0x62, 0x47, 0x68, 0x76, 0x63, 0x33, 0x51, 0x77, 0x0a, 0x43, 0x77, 0x59, + 0x4a, 0x59, 0x49, 0x5a, 0x49, 0x41, 0x57, 0x55, 0x44, 0x42, 0x41, 0x4d, + 0x43, 0x41, 0x79, 0x38, 0x41, 0x4d, 0x43, 0x77, 0x43, 0x46, 0x43, 0x6c, + 0x78, 0x49, 0x6e, 0x58, 0x54, 0x52, 0x57, 0x4e, 0x4a, 0x45, 0x57, 0x64, + 0x69, 0x35, 0x69, 0x6c, 0x4e, 0x72, 0x2f, 0x66, 0x62, 0x4d, 0x31, 0x62, + 0x4b, 0x41, 0x68, 0x51, 0x79, 0x34, 0x42, 0x37, 0x77, 0x74, 0x6d, 0x66, + 0x64, 0x0a, 0x49, 0x2b, 0x7a, 0x56, 0x36, 0x67, 0x33, 0x77, 0x39, 0x71, + 0x42, 0x6b, 0x4e, 0x71, 0x53, 0x74, 0x70, 0x41, 0x3d, 0x3d, 0x0a, 0x2d, + 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, + 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, + 0x0a +}; +#endif + +/* unused, to avoid warning. */ +static int idx; + +#define FUZZTIME 1485898104 + +#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } + +/* + * This might not work in all cases (and definitely not on Windows + * because of the way linkers are) and callees can still get the + * current time instead of the fixed time. This will just result + * in things not being fully reproducible and have a slightly + * different coverage. + */ +#if !defined(_WIN32) +time_t time(time_t *t) TIME_IMPL(t) +#endif + +int FuzzerInitialize(int *argc, char ***argv) +{ + STACK_OF(SSL_COMP) *comp_methods; + + FuzzerSetRand(); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + comp_methods = SSL_COMP_get_compression_methods(); + if (comp_methods != NULL) + sk_SSL_COMP_sort(comp_methods); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + SSL *server; + BIO *in; + BIO *out; +#if !defined(OPENSSL_NO_EC) \ + || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) + BIO *bio_buf; +#endif + SSL_CTX *ctx; + int ret; +#ifndef OPENSSL_NO_DEPRECATED_3_0 + RSA *privkey; +#endif + const uint8_t *bufp; +#if !defined(OPENSSL_NO_DEPRECATED_3_0) + EVP_PKEY *pkey; +#endif + X509 *cert; +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC + EC_KEY *ecdsakey = NULL; +# endif +#endif +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + DSA *dsakey = NULL; +#endif + uint8_t opt; + + if (len < 2) + return 0; + + /* This only fuzzes the initial flow from the client so far. */ + ctx = SSL_CTX_new(SSLv23_method()); + + ret = SSL_CTX_set_min_proto_version(ctx, 0); + OPENSSL_assert(ret == 1); + ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0"); + OPENSSL_assert(ret == 1); + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* RSA */ + bufp = kRSAPrivateKeyDER; + privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); + OPENSSL_assert(privkey != NULL); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, privkey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + OPENSSL_assert(ret == 1); + EVP_PKEY_free(pkey); +#endif + + bufp = kCertificateDER; + cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER)); + OPENSSL_assert(cert != NULL); + ret = SSL_CTX_use_certificate(ctx, cert); + OPENSSL_assert(ret == 1); + X509_free(cert); + +#ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 + /* ECDSA */ + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM)); + ecdsakey = PEM_read_bio_ECPrivateKey(bio_buf, NULL, NULL, NULL); + ERR_print_errors_fp(stderr); + OPENSSL_assert(ecdsakey != NULL); + BIO_free(bio_buf); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_EC_KEY(pkey, ecdsakey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + OPENSSL_assert(ret == 1); + EVP_PKEY_free(pkey); +# endif + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM)); + cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); + OPENSSL_assert(cert != NULL); + BIO_free(bio_buf); + ret = SSL_CTX_use_certificate(ctx, cert); + OPENSSL_assert(ret == 1); + X509_free(cert); +#endif + +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + /* DSA */ + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM)); + dsakey = PEM_read_bio_DSAPrivateKey(bio_buf, NULL, NULL, NULL); + ERR_print_errors_fp(stderr); + OPENSSL_assert(dsakey != NULL); + BIO_free(bio_buf); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsakey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + OPENSSL_assert(ret == 1); + EVP_PKEY_free(pkey); + + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, DSACertPEM, sizeof(DSACertPEM)) == sizeof(DSACertPEM)); + cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); + OPENSSL_assert(cert != NULL); + BIO_free(bio_buf); + ret = SSL_CTX_use_certificate(ctx, cert); + OPENSSL_assert(ret == 1); + X509_free(cert); +#endif + + server = SSL_new(ctx); + in = BIO_new(BIO_s_mem()); + out = BIO_new(BIO_s_mem()); + SSL_set_bio(server, in, out); + SSL_set_accept_state(server); + + opt = (uint8_t)buf[len-1]; + len--; + + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + + if ((opt & 0x01) != 0) + { + do { + char early_buf[16384]; + size_t early_len; + ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len); + + if (ret != SSL_READ_EARLY_DATA_SUCCESS) + break; + } while (1); + } + + if (SSL_do_handshake(server) == 1) { + /* Keep reading application data until error or EOF. */ + uint8_t tmp[1024]; + for (;;) { + if (SSL_read(server, tmp, sizeof(tmp)) <= 0) { + break; + } + } + } + SSL_free(server); + ERR_clear_error(); + SSL_CTX_free(ctx); + + return 0; +} + +void FuzzerCleanup(void) +{ + FuzzerClearRand(); +} diff --git a/fuzz/test-corpus.c b/fuzz/test-corpus.c new file mode 100644 index 000000000000..aaeec778603f --- /dev/null +++ b/fuzz/test-corpus.c @@ -0,0 +1,104 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * Given a list of files, run each of them through the fuzzer. Note that + * failure will be indicated by some kind of crash. Switching on things like + * asan improves the test. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <openssl/crypto.h> +#include "fuzzer.h" +#include "internal/o_dir.h" + +#if defined(_WIN32) && defined(_MAX_PATH) && !defined(PATH_MAX) +# define PATH_MAX _MAX_PATH +#endif + +#ifndef PATH_MAX +# define PATH_MAX 4096 +#endif + +# if !defined(S_ISREG) +# define S_ISREG(m) ((m) & S_IFREG) +# endif + +static void testfile(const char *pathname) +{ + struct stat st; + FILE *f; + unsigned char *buf; + size_t s; + + if (stat(pathname, &st) < 0 || !S_ISREG(st.st_mode)) + return; + printf("# %s\n", pathname); + fflush(stdout); + f = fopen(pathname, "rb"); + if (f == NULL) + return; + buf = malloc(st.st_size); + if (buf != NULL) { + s = fread(buf, 1, st.st_size, f); + OPENSSL_assert(s == (size_t)st.st_size); + FuzzerTestOneInput(buf, s); + free(buf); + } + fclose(f); +} + +int main(int argc, char **argv) { + int n; + + FuzzerInitialize(&argc, &argv); + + for (n = 1; n < argc; ++n) { + size_t dirname_len = strlen(argv[n]); + const char *filename = NULL; + char *pathname = NULL; + OPENSSL_DIR_CTX *ctx = NULL; + int wasdir = 0; + + /* + * We start with trying to read the given path as a directory. + */ + while ((filename = OPENSSL_DIR_read(&ctx, argv[n])) != NULL) { + wasdir = 1; + if (pathname == NULL) { + pathname = malloc(PATH_MAX); + if (pathname == NULL) + break; + strcpy(pathname, argv[n]); +#ifdef __VMS + if (strchr(":<]", pathname[dirname_len - 1]) == NULL) +#endif + pathname[dirname_len++] = '/'; + pathname[dirname_len] = '\0'; + } + strcpy(pathname + dirname_len, filename); + testfile(pathname); + } + OPENSSL_DIR_end(&ctx); + + /* If it wasn't a directory, treat it as a file instead */ + if (!wasdir) + testfile(argv[n]); + + free(pathname); + } + + FuzzerCleanup(); + + return 0; +} diff --git a/fuzz/x509.c b/fuzz/x509.c new file mode 100644 index 000000000000..e2d2639164c0 --- /dev/null +++ b/fuzz/x509.c @@ -0,0 +1,153 @@ +/* + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include <openssl/x509.h> +#include <openssl/ocsp.h> +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + FuzzerSetRand(); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS + | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + return 1; +} + +static int cb(int ok, X509_STORE_CTX *ctx) +{ + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + const unsigned char *p = buf; + size_t orig_len = len; + unsigned char *der = NULL; + BIO *bio = NULL; + X509 *x509_1 = NULL, *x509_2 = NULL; + X509_STORE *store = NULL; + X509_VERIFY_PARAM *param = NULL; + X509_STORE_CTX *ctx = NULL; + X509_CRL *crl = NULL; + STACK_OF(X509_CRL) *crls = NULL; + STACK_OF(X509) *certs = NULL; + OCSP_RESPONSE *resp = NULL; + OCSP_BASICRESP *bs = NULL; + OCSP_CERTID *id = NULL; + + x509_1 = d2i_X509(NULL, &p, len); + if (x509_1 == NULL) + goto err; + + bio = BIO_new(BIO_s_null()); + if (bio == NULL) + goto err; + + /* This will load and print the public key as well as extensions */ + X509_print(bio, x509_1); + BIO_free(bio); + + X509_issuer_and_serial_hash(x509_1); + + i2d_X509(x509_1, &der); + OPENSSL_free(der); + + len = orig_len - (p - buf); + x509_2 = d2i_X509(NULL, &p, len); + if (x509_2 == NULL) + goto err; + + len = orig_len - (p - buf); + crl = d2i_X509_CRL(NULL, &p, len); + if (crl == NULL) + goto err; + + len = orig_len - (p - buf); + resp = d2i_OCSP_RESPONSE(NULL, &p, len); + + store = X509_STORE_new(); + X509_STORE_add_cert(store, x509_2); + + param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); + + X509_STORE_set1_param(store, param); + + X509_STORE_set_verify_cb(store, cb); + + ctx = X509_STORE_CTX_new(); + if (ctx == NULL) + goto err; + + X509_STORE_CTX_init(ctx, store, x509_1, NULL); + + if (crl != NULL) { + crls = sk_X509_CRL_new_null(); + if (crls == NULL) + goto err; + + sk_X509_CRL_push(crls, crl); + X509_STORE_CTX_set0_crls(ctx, crls); + } + + X509_verify_cert(ctx); + + if (resp != NULL) + bs = OCSP_response_get1_basic(resp); + + if (bs != NULL) { + int status, reason; + ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd; + + certs = sk_X509_new_null(); + if (certs == NULL) + goto err; + + sk_X509_push(certs, x509_1); + sk_X509_push(certs, x509_2); + + OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN); + + id = OCSP_cert_to_id(NULL, x509_1, x509_2); + if (id == NULL) + goto err; + OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, + &nextupd); + } + +err: + X509_STORE_CTX_free(ctx); + X509_VERIFY_PARAM_free(param); + X509_STORE_free(store); + X509_free(x509_1); + X509_free(x509_2); + X509_CRL_free(crl); + OCSP_CERTID_free(id); + OCSP_BASICRESP_free(bs); + OCSP_RESPONSE_free(resp); + sk_X509_CRL_free(crls); + sk_X509_free(certs); + + ERR_clear_error(); + return 0; +} + +void FuzzerCleanup(void) +{ + FuzzerClearRand(); +} |