You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1458 lines
158 KiB

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Wed, 10 Jun 2020 17:48:42 +1000
Subject: [PATCH] test_asn1: test module for libtasn1
Import tests from libtasn1 that don't use functionality we don't
import. I have put them here rather than in the libtasn1 directory
because:
- They need much more significant changes to run in the grub
context.
- I don't expect they will need to be changed when updating
libtasn1: I expect the old tests will usually continue to pass on
new versions.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
Makefile.util.def | 6 +
grub-core/Makefile.core.def | 13 ++
.../lib/libtasn1_wrap/tests/CVE-2018-1000654.c | 61 ++++++
grub-core/lib/libtasn1_wrap/tests/Test_overflow.c | 138 ++++++++++++++
grub-core/lib/libtasn1_wrap/tests/Test_simple.c | 207 ++++++++++++++++++++
grub-core/lib/libtasn1_wrap/tests/Test_strings.c | 150 +++++++++++++++
.../lib/libtasn1_wrap/tests/object-id-decoding.c | 116 +++++++++++
.../lib/libtasn1_wrap/tests/object-id-encoding.c | 120 ++++++++++++
grub-core/lib/libtasn1_wrap/tests/octet-string.c | 211 +++++++++++++++++++++
grub-core/lib/libtasn1_wrap/tests/reproducers.c | 81 ++++++++
grub-core/lib/libtasn1_wrap/wrap_tests.c | 75 ++++++++
.../tests/CVE-2018-1000654-1_asn1_tab.h | 32 ++++
.../tests/CVE-2018-1000654-2_asn1_tab.h | 36 ++++
grub-core/lib/libtasn1_wrap/wrap_tests.h | 38 ++++
.gitignore | 1 +
tests/test_asn1.in | 12 ++
16 files changed, 1297 insertions(+)
create mode 100644 grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/Test_overflow.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/Test_simple.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/Test_strings.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/octet-string.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/reproducers.c
create mode 100644 grub-core/lib/libtasn1_wrap/wrap_tests.c
create mode 100644 grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h
create mode 100644 grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h
create mode 100644 grub-core/lib/libtasn1_wrap/wrap_tests.h
create mode 100644 tests/test_asn1.in
diff --git a/Makefile.util.def b/Makefile.util.def
index e1242f54022..8cfbe69a76e 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -1305,6 +1305,12 @@ script = {
common = tests/syslinux_test.in;
};
+script = {
+ testcase;
+ name = test_asn1;
+ common = tests/test_asn1.in;
+};
+
program = {
testcase;
name = example_unit_test;
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 21d2c541850..b4aaccf7b57 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -2591,3 +2591,16 @@ module = {
// -Wno-type-limits comes from libtasn1's configure.ac
cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1/lib -Wno-type-limits';
};
+
+module = {
+ name = test_asn1;
+ common = lib/libtasn1_wrap/tests/CVE-2018-1000654.c;
+ common = lib/libtasn1_wrap/tests/object-id-decoding.c;
+ common = lib/libtasn1_wrap/tests/object-id-encoding.c;
+ common = lib/libtasn1_wrap/tests/octet-string.c;
+ common = lib/libtasn1_wrap/tests/reproducers.c;
+ common = lib/libtasn1_wrap/tests/Test_overflow.c;
+ common = lib/libtasn1_wrap/tests/Test_simple.c;
+ common = lib/libtasn1_wrap/tests/Test_strings.c;
+ common = lib/libtasn1_wrap/wrap_tests.c;
+};
diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c
new file mode 100644
index 00000000000..534e304521e
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2002-2018 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/****************************************************************/
+/* Description: reproducer for CVE-2018-1000654 */
+/****************************************************************/
+
+#include <grub/libtasn1.h>
+#include <grub/err.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include <grub/types.h>
+#include "../wrap_tests.h"
+
+#include "CVE-2018-1000654-1_asn1_tab.h"
+#include "CVE-2018-1000654-2_asn1_tab.h"
+
+void
+test_CVE_2018_1000654 (void)
+{
+ int result;
+ asn1_node definitions = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ result = asn1_array2tree (CVE_2018_1000654_1_asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_RECURSION)
+ {
+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
+ asn1_strerror (result), errorDescription);
+ return;
+ }
+
+ asn1_delete_structure (&definitions);
+
+ result = asn1_array2tree (CVE_2018_1000654_2_asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_RECURSION)
+ {
+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
+ asn1_strerror (result), errorDescription);
+ return;
+ }
+
+ asn1_delete_structure (&definitions);
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c
new file mode 100644
index 00000000000..f48aea0ef8b
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2012-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/* Written by Simon Josefsson */
+
+#include <grub/libtasn1.h>
+#include <grub/err.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include <grub/types.h>
+#include "../wrap_tests.h"
+
+void
+test_overflow(void)
+{
+ /* Test that values larger than long are rejected. This has worked
+ fine with all versions of libtasn1. */
+
+ {
+ unsigned char der[] = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF";
+ long l;
+ int len;
+
+ l = asn1_get_length_der (der, sizeof der, &len);
+
+ if (l != -2L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der bignum (l %ld len %d)\n", l, len);
+ return;
+ }
+ }
+
+ /* Test that values larger than int but smaller than long are
+ rejected. This limitation was introduced with libtasn1 2.12. */
+#if (GRUB_LONG_MAX > GRUB_INT_MAX)
+ {
+ unsigned long num = ((long) GRUB_UINT_MAX) << 2;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -2L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der intnum (l %ld len %d)\n", l,
+ len);
+ return;
+ }
+ }
+#endif
+
+ /* Test that values larger than would fit in the input string are
+ rejected. This problem was fixed in libtasn1 2.12. */
+ {
+ unsigned long num = 64;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ der_len = sizeof (der);
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -4L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der overflow-small (l %ld len %d)\n",
+ l, len);
+ return;
+ }
+ }
+
+ /* Test that values larger than would fit in the input string are
+ rejected. This problem was fixed in libtasn1 2.12. */
+ {
+ unsigned long num = 1073741824;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ der_len = sizeof (der);
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -4L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der overflow-large1 (l %ld len %d)\n",
+ l, len);
+ return;
+ }
+ }
+
+ /* Test that values larger than would fit in the input string are
+ rejected. This problem was fixed in libtasn1 2.12. */
+ {
+ unsigned long num = 2147483649;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ der_len = sizeof (der);
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -2L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der overflow-large2 (l %ld len %d)\n",
+ l, len);
+ return;
+ }
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_simple.c b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c
new file mode 100644
index 00000000000..9f01006ddf4
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2011-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Written by Simon Josefsson
+ *
+ */
+
+#include <grub/libtasn1.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include <grub/err.h>
+#include "../wrap_tests.h"
+
+struct tv
+{
+ int bitlen;
+ const char *bitstr;
+ int derlen;
+ const char *der;
+};
+
+static const struct tv tv[] = {
+ {0, "", 2, "\x01\x00"},
+ {1, "\x00", 3, "\x02\x07\x00"},
+ {2, "\x00", 3, "\x02\x06\x00"},
+ {3, "\x00", 3, "\x02\x05\x00"},
+ {4, "\x00", 3, "\x02\x04\x00"},
+ {5, "\x00", 3, "\x02\x03\x00"},
+ {6, "\x00", 3, "\x02\x02\x00"},
+ {7, "\x00", 3, "\x02\x01\x00"},
+ {8, "\x00\x00", 3, "\x02\x00\x00"},
+ {9, "\x00\x00", 4, "\x03\x07\x00\x00"},
+ {10, "\x00\x00", 4, "\x03\x06\x00\x00"},
+ {11, "\x00\x00", 4, "\x03\x05\x00\x00"},
+ {12, "\x00\x00", 4, "\x03\x04\x00\x00"},
+ {13, "\x00\x00", 4, "\x03\x03\x00\x00"},
+ {14, "\x00\x00", 4, "\x03\x02\x00\x00"},
+ {15, "\x00\x00", 4, "\x03\x01\x00\x00"},
+ {16, "\x00\x00", 4, "\x03\x00\x00\x00"},
+ {17, "\x00\x00\x00", 5, "\x04\x07\x00\x00\x00"},
+ {18, "\x00\x00\x00", 5, "\x04\x06\x00\x00\x00"},
+ {19, "\x00\x00\x00", 5, "\x04\x05\x00\x00\x00"},
+ {1, "\xFF", 3, "\x02\x07\x80"},
+ {2, "\xFF", 3, "\x02\x06\xc0"},
+ {3, "\xFF", 3, "\x02\x05\xe0"},
+ {4, "\xFF", 3, "\x02\x04\xf0"},
+ {5, "\xFF", 3, "\x02\x03\xf8"},
+ {6, "\xFF", 3, "\x02\x02\xfc"},
+ {7, "\xFF", 3, "\x02\x01\xfe"},
+ {8, "\xFF\xFF", 3, "\x02\x00\xff"},
+ {9, "\xFF\xFF", 4, "\x03\x07\xff\x80"},
+ {10, "\xFF\xFF", 4, "\x03\x06\xff\xc0"},
+ {11, "\xFF\xFF", 4, "\x03\x05\xff\xe0"},
+ {12, "\xFF\xFF", 4, "\x03\x04\xff\xf0"},
+ {13, "\xFF\xFF", 4, "\x03\x03\xff\xf8"},
+ {14, "\xFF\xFF", 4, "\x03\x02\xff\xfc"},
+ {15, "\xFF\xFF", 4, "\x03\x01\xff\xfe"},
+ {16, "\xFF\xFF", 4, "\x03\x00\xff\xff"},
+ {17, "\xFF\xFF\xFF", 5, "\x04\x07\xff\xff\x80"},
+ {18, "\xFF\xFF\xFF", 5, "\x04\x06\xff\xff\xc0"},
+ {19, "\xFF\xFF\xFF", 5, "\x04\x05\xff\xff\xe0"},
+};
+
+void
+test_simple (void)
+{
+ int result;
+ unsigned char der[100];
+ unsigned char str[100];
+ int der_len = sizeof (der);
+ int str_size = sizeof (str);
+ int ret_len, bit_len;
+ grub_size_t i;
+
+ /* Dummy test */
+
+ asn1_bit_der (NULL, 0, der, &der_len);
+ result = asn1_get_bit_der (der, 0, &ret_len, str, str_size, &bit_len);
+ if (result != ASN1_GENERIC_ERROR)
+ {
+ grub_fatal ("asn1_get_bit_der zero\n");
+ return;
+ }
+
+ /* Encode short strings with increasing bit lengths */
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ /* Encode */
+
+ asn1_bit_der ((const unsigned char *) tv[i].bitstr, tv[i].bitlen,
+ der, &der_len);
+
+#if 0
+ {
+ size_t j;
+ for (j = 0; j < der_len; j++)
+ printf ("\\x%02x", der[j]);
+ printf ("\n");
+ }
+#endif
+
+ if (der_len != tv[i].derlen || grub_memcmp (der, tv[i].der, der_len) != 0)
+ {
+ grub_fatal ("asn1_bit_der iter %lu\n", (unsigned long) i);
+ return;
+ }
+
+ /* Decode it */
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str,
+ str_size, &bit_len);
+ if (result != ASN1_SUCCESS || ret_len != tv[i].derlen
+ || bit_len != tv[i].bitlen)
+ {
+ grub_fatal ("asn1_get_bit_der iter %lu, err: %d\n", (unsigned long) i, result);
+ return;
+ }
+ }
+
+
+ /* Decode sample from "A Layman's Guide to a Subset of ASN.1, BER,
+ and DER" section 5.4 "BIT STRING": "The BER encoding of the BIT
+ STRING value "011011100101110111" can be any of the following,
+ among others, depending on the choice of padding bits, the form
+ of length octets [...]".
+ */
+
+ /* 03 04 06 6e 5d c0 DER encoding */
+
+ grub_memcpy (der, "\x04\x06\x6e\x5d\xc0", 5);
+ der_len = 5;
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len);
+ if (result != ASN1_SUCCESS || ret_len != 5
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0)
+ {
+ grub_fatal ("asn1_get_bit_der example\n");
+ return;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
+ grub_fatal ("asn1_bit_der example roundtrip\n");
+ return;
+ }
+
+ /* 03 04 06 6e 5d e0 padded with "100000" */
+
+ grub_memcpy (der, "\x04\x06\x6e\x5d\xe0", 5);
+ der_len = 5;
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len);
+ if (result != ASN1_SUCCESS || ret_len != 5
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xe0", 3) != 0)
+ {
+ grub_fatal ("asn1_get_bit_der example padded\n");
+ return;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
+ grub_fatal ("asn1_bit_der example roundtrip\n");
+ return;
+ }
+
+ /* 03 81 04 06 6e 5d c0 long form of length octets */
+
+ grub_memcpy (der, "\x81\x04\x06\x6e\x5d\xc0", 6);
+ der_len = 6;
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len);
+
+ if (result != ASN1_SUCCESS || ret_len != 6
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0)
+ {
+ grub_fatal ("asn1_get_bit_der example long form\n");
+ return;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
+ grub_fatal ("asn1_bit_der example roundtrip\n");
+ return;
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_strings.c b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c
new file mode 100644
index 00000000000..dbe1474b204
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 2012-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Written by Simon Josefsson
+ *
+ */
+
+#include <grub/mm.h>
+#include <grub/err.h>
+#include <grub/misc.h>
+#include <grub/libtasn1.h>
+#include "../wrap_tests.h"
+
+struct tv
+{
+ unsigned int etype;
+ unsigned int str_len;
+ const void *str;
+ unsigned int der_len;
+ const void *der;
+};
+
+static const struct tv tv[] = {
+ {ASN1_ETYPE_IA5_STRING, 20,
+ "\x63\x73\x63\x61\x40\x70\x61\x73\x73\x70\x6f\x72\x74\x2e\x67\x6f\x76\x2e\x67\x72",
+ 22,
+ "\x16\x14\x63\x73\x63\x61\x40\x70\x61\x73\x73\x70\x6f\x72\x74\x2e\x67\x6f\x76\x2e\x67\x72"},
+ {ASN1_ETYPE_PRINTABLE_STRING, 5, "\x4e\x69\x6b\x6f\x73",
+ 7, "\x13\x05\x4e\x69\x6b\x6f\x73"},
+ {ASN1_ETYPE_UTF8_STRING, 12, "Αττική",
+ 14, "\x0c\x0c\xce\x91\xcf\x84\xcf\x84\xce\xb9\xce\xba\xce\xae"},
+ {ASN1_ETYPE_TELETEX_STRING, 15,
+ "\x53\x69\x6d\x6f\x6e\x20\x4a\x6f\x73\x65\x66\x73\x73\x6f\x6e",
+ 17,
+ "\x14\x0f\x53\x69\x6d\x6f\x6e\x20\x4a\x6f\x73\x65\x66\x73\x73\x6f\x6e"},
+ {ASN1_ETYPE_OCTET_STRING, 36,
+ "\x30\x22\x80\x0F\x32\x30\x31\x31\x30\x38\x32\x31\x30\x38\x30\x30\x30\x36\x5A\x81\x0F\x32\x30\x31\x31\x30\x38\x32\x33\x32\x30\x35\x39\x35\x39\x5A",
+ 38,
+ "\x04\x24\x30\x22\x80\x0F\x32\x30\x31\x31\x30\x38\x32\x31\x30\x38\x30\x30\x30\x36\x5A\x81\x0F\x32\x30\x31\x31\x30\x38\x32\x33\x32\x30\x35\x39\x35\x39\x5A"}
+};
+
+#define SSTR(x) sizeof(x)-1,x
+static const struct tv ber[] = {
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x00\x00")},
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0\xb0\xb0\xb0"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x00\x00")},
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0\xb0\xb0\xb0\xa1\xa1"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x24\x80\x04\x82\x00\x02\xa1\xa1\x00\x00\x00\x00")},
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0\xb0\xb0\xb0\xa1\xa1\xc1"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x24\x80\x04\x82\x00\x02\xa1\xa1\x04\x82\x00\x01\xc1\x00\x00\x00\x00")},
+};
+
+void
+test_strings ()
+{
+ int ret;
+ unsigned char tl[ASN1_MAX_TL_SIZE];
+ unsigned int tl_len, der_len, str_len;
+ const unsigned char *str;
+ unsigned char *b;
+ unsigned int i;
+
+ /* Dummy test */
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ /* Encode */
+ tl_len = sizeof (tl);
+ ret = asn1_encode_simple_der (tv[i].etype, tv[i].str, tv[i].str_len,
+ tl, &tl_len);
+ if (ret != ASN1_SUCCESS)
+ {
+ grub_fatal ("Encoding error in %u: %s\n", i,
+ asn1_strerror (ret));
+ return;
+ }
+ der_len = tl_len + tv[i].str_len;
+
+ if (der_len != tv[i].der_len || grub_memcmp (tl, tv[i].der, tl_len) != 0)
+ {
+ grub_fatal (
+ "DER encoding differs in %u! (size: %u, expected: %u)\n",
+ i, der_len, tv[i].der_len);
+ return;
+ }
+
+ /* decoding */
+ ret =
+ asn1_decode_simple_der (tv[i].etype, tv[i].der, tv[i].der_len, &str,
+ &str_len);
+ if (ret != ASN1_SUCCESS)
+ {
+ grub_fatal ("Decoding error in %u: %s\n", i,
+ asn1_strerror (ret));
+ return;
+ }
+
+ if (str_len != tv[i].str_len || grub_memcmp (str, tv[i].str, str_len) != 0)
+ {
+ grub_fatal (
+ "DER decoded data differ in %u! (size: %u, expected: %u)\n",
+ i, der_len, tv[i].str_len);
+ return;
+ }
+ }
+
+ /* BER decoding */
+ for (i = 0; i < sizeof (ber) / sizeof (ber[0]); i++)
+ {
+ /* decoding */
+ ret =
+ asn1_decode_simple_ber (ber[i].etype, ber[i].der, ber[i].der_len, &b,
+ &str_len, NULL);
+ if (ret != ASN1_SUCCESS)
+ {
+ grub_fatal ("BER decoding error in %u: %s\n", i,
+ asn1_strerror (ret));
+ return;
+ }
+
+ if (str_len != ber[i].str_len || grub_memcmp (b, ber[i].str, str_len) != 0)
+ {
+ grub_fatal (
+ "BER decoded data differ in %u! (size: %u, expected: %u)\n",
+ i, str_len, ber[i].str_len);
+ return;
+ }
+ grub_free(b);
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c
new file mode 100644
index 00000000000..d367bbfb5a7
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <grub/libtasn1.h>
+#include <grub/types.h>
+#include <grub/misc.h>
+#include <grub/err.h>
+#include "../wrap_tests.h"
+
+struct tv
+{
+ int der_len;
+ const unsigned char *der;
+ const char *oid;
+ int expected_error;
+};
+
+static const struct tv tv[] = {
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x80\x37\x03",
+ .oid = "2.999.3",
+ .expected_error = ASN1_DER_ERROR /* leading 0x80 */
+ },
+ {.der_len = 12,
+ .der = (void *) "\x06\x0a\x2b\x06\x01\x80\x01\x92\x08\x09\x05\x01",
+ .oid = "1.3.6.1.4.1.2312.9.5.1",
+ .expected_error = ASN1_DER_ERROR /* leading 0x80 */
+ },
+ {.der_len = 6,
+ .der = (void *) "\x06\x04\x01\x02\x03\x04",
+ .oid = "0.1.2.3.4",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x51\x02\x03",
+ .oid = "2.1.2.3",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x88\x37\x03",
+ .oid = "2.999.3",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 12,
+ .der = (void *) "\x06\x0a\x2b\x06\x01\x04\x01\x92\x08\x09\x05\x01",
+ .oid = "1.3.6.1.4.1.2312.9.5.1",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 19,
+ .der = (void *) "\x06\x11\xfa\x80\x00\x00\x00\x0e\x01\x0e\xfa\x80\x00\x00\x00\x0e\x63\x6f\x6d",
+ .oid = "2.1998768.0.0.14.1.14.1998848.0.0.14.99.111.109",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 19,
+ .der =
+ (void *)
+ "\x06\x11\x2b\x06\x01\x04\x01\x92\x08\x09\x02\xaa\xda\xbe\xbe\xfa\x72\x01\x07",
+ .oid = "1.3.6.1.4.1.2312.9.2.1467399257458.1.7",
+ .expected_error = ASN1_SUCCESS},
+};
+
+void
+test_object_id_decoding (void)
+{
+ char str[128];
+ int ret, ret_len;
+ grub_size_t i;
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ /* decode */
+ ret =
+ asn1_get_object_id_der (tv[i].der+1,
+ tv[i].der_len-1, &ret_len, str,
+ sizeof (str));
+ if (ret != tv[i].expected_error)
+ {
+ grub_fatal (
+ "%d: asn1_get_object_id_der iter %lu: got '%s' expected %d\n",
+ __LINE__, (unsigned long) i, asn1_strerror(ret), tv[i].expected_error);
+ return;
+ }
+
+ if (tv[i].expected_error != ASN1_SUCCESS)
+ continue;
+
+ if (ret_len != tv[i].der_len-1)
+ {
+ grub_fatal (
+ "%d: iter %lu: error in DER, length returned is %d, had %d\n",
+ __LINE__, (unsigned long)i, ret_len, tv[i].der_len-1);
+ return;
+ }
+
+ if (grub_strcmp (tv[i].oid, str) != 0)
+ {
+ grub_fatal (
+ "%d: strcmp iter %lu: got invalid OID: %s, expected: %s\n",
+ __LINE__, (unsigned long) i, str, tv[i].oid);
+ return;
+ }
+
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c
new file mode 100644
index 00000000000..3a83b58c59f
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2019 Nikos Mavrogiannopoulos
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <grub/libtasn1.h>
+#include <grub/types.h>
+#include <grub/misc.h>
+#include <grub/err.h>
+#include "../wrap_tests.h"
+
+struct tv
+{
+ int der_len;
+ const unsigned char *der;
+ const char *oid;
+ int expected_error;
+};
+
+static const struct tv tv[] = {
+ {.der_len = 0,
+ .der = (void *) "",
+ .oid = "5.999.3",
+ .expected_error = ASN1_VALUE_NOT_VALID /* cannot start with 5 */
+ },
+ {.der_len = 0,
+ .der = (void *) "",
+ .oid = "0.48.9",
+ .expected_error = ASN1_VALUE_NOT_VALID /* second field cannot be 48 */
+ },
+ {.der_len = 0,
+ .der = (void *) "",
+ .oid = "1.40.9",
+ .expected_error = ASN1_VALUE_NOT_VALID /* second field cannot be 40 */
+ },
+ {.der_len = 4,
+ .der = (void *) "\x06\x02\x4f\x63",
+ .oid = "1.39.99",
+ .expected_error = ASN1_SUCCESS,
+ },
+ {.der_len = 6,
+ .der = (void *) "\x06\x04\x01\x02\x03\x04",
+ .oid = "0.1.2.3.4",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x51\x02\x03",
+ .oid = "2.1.2.3",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x88\x37\x03",
+ .oid = "2.999.3",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 12,
+ .der = (void *) "\x06\x0a\x2b\x06\x01\x04\x01\x92\x08\x09\x05\x01",
+ .oid = "1.3.6.1.4.1.2312.9.5.1",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 19,
+ .der = (void *) "\x06\x11\xfa\x80\x00\x00\x00\x0e\x01\x0e\xfa\x80\x00\x00\x00\x0e\x63\x6f\x6d",
+ .oid = "2.1998768.0.0.14.1.14.1998848.0.0.14.99.111.109",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 19,
+ .der =
+ (void *)
+ "\x06\x11\x2b\x06\x01\x04\x01\x92\x08\x09\x02\xaa\xda\xbe\xbe\xfa\x72\x01\x07",
+ .oid = "1.3.6.1.4.1.2312.9.2.1467399257458.1.7",
+ .expected_error = ASN1_SUCCESS},
+};
+
+void
+test_object_id_encoding(void)
+{
+ unsigned char der[128];
+ int ret, der_len, i;
+
+ for (i = 0; i < (int)(sizeof (tv) / sizeof (tv[0])); i++)
+ {
+ der_len = sizeof(der);
+ ret = asn1_object_id_der(tv[i].oid, der, &der_len, 0);
+ if (ret != ASN1_SUCCESS)
+ {
+ if (ret == tv[i].expected_error)
+ continue;
+ grub_fatal (
+ "%d: iter %lu, encoding of OID failed: %s\n",
+ __LINE__, (unsigned long) i, asn1_strerror(ret));
+ return;
+ }
+ else if (ret != tv[i].expected_error)
+ {
+ grub_fatal (
+ "%d: iter %lu, encoding of OID %s succeeded when expecting failure\n",
+ __LINE__, (unsigned long) i, tv[i].oid);
+ return;
+ }
+
+ if (der_len != tv[i].der_len || grub_memcmp(der, tv[i].der, der_len) != 0)
+ {
+ grub_fatal (
+ "%d: iter %lu, re-encoding of OID %s resulted to different string (%d vs %d bytes)\n",
+ __LINE__, (unsigned long) i, tv[i].oid, der_len, tv[i].der_len);
+
+ return;
+ }
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/octet-string.c b/grub-core/lib/libtasn1_wrap/tests/octet-string.c
new file mode 100644
index 00000000000..d8a049e8df0
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/octet-string.c
@@ -0,0 +1,211 @@
+/*
+ * Copyright (C) 2011-2020 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Written by Simon Josefsson and Nikos Mavrogiannopoulos
+ *
+ */
+
+#include <grub/libtasn1.h>
+#include <grub/err.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include "../wrap_tests.h"
+
+
+struct tv
+{
+ const char *name;
+ int der_len;
+ const unsigned char *der_str;
+ int len;
+ const unsigned char *string;
+ int expected_error;
+ int ber;
+};
+
+static const struct tv tv[] = {
+ {.name = "primitive octet strings",
+ .der_len = 10,
+ .der_str =
+ (void*)"\x04\x08\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .len = 8,
+ .string =
+ (void*)"\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .ber = 0},
+ {.der_len = 22,
+ .der_str =
+ (void*)"\x04\x14\x13\x00\xd9\xa8\x47\xf7\xf2\x1c\xf4\xb0\xec\x5f\xc1\x73\xe5\x1b\x25\xc2\x62\x27",
+ .len = 20,
+ .string =
+ (void*)"\x13\x00\xD9\xA8\x47\xF7\xF2\x1C\xF4\xB0\xEC\x5F\xC1\x73\xE5\x1B\x25\xC2\x62\x27"},
+
+ {.name = "long type of length",
+ .der_len = 23,
+ .der_str =
+ (void*)"\x04\x81\x14\x13\x00\xd9\xa8\x47\xf7\xf2\x1c\xf4\xb0\xec\x5f\xc1\x73\xe5\x1b\x25\xc2\x62\x27",
+ .len = 20,
+ .string =
+ (void*)"\x13\x00\xD9\xA8\x47\xF7\xF2\x1C\xF4\xB0\xEC\x5F\xC1\x73\xE5\x1B\x25\xC2\x62\x27",
+ .ber = 1},
+ {.der_len = 11,
+ .der_str =
+ (void*)"\x04\x81\x08\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .len = 8,
+ .string =
+ (void*)"\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .ber = 1},
+
+ {.name = "constructed - indefinite",
+ .der_len = 11,
+ .der_str = (void*)"\x24\x80\x04\x05\x01\x02\x03\x04\x05\x00\x00",
+ .len = 5,
+ .string = (void*)"\x01\x02\x03\x04\x05",
+ .ber = 1,
+ },
+
+ {.name = "constructed - definite - concat",
+ .der_len = 12,
+ .der_str = (void*)"\x24\x0a\x04\x04\x0a\x0b\x0c\x0d\x04\x02\x0e\x0f",
+ .len = 6,
+ .string = (void*)"\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ber = 1,
+ },
+ {.name = "constructed - definite - recursive",
+ .der_len = 15,
+ .der_str = (void*)"\x24\x0d\x04\x04\x0a\x0b\x0c\x0d\x24\x05\x04\x00\x04\x01\x0f",
+ .len = 5,
+ .string = (void*)"\x0a\x0b\x0c\x0d\x0f",
+ .ber = 1,
+ },
+ {.name = "constructed - definite - single",
+ .der_len = 7,
+ .der_str = (void*)"\x24\x05\x04\x03\x01\x02\x03",
+ .len = 3,
+ .string = (void*)"\x01\x02\x03",
+ .ber = 1,
+ },
+
+ /* a large amount of recursive indefinite encoding */
+ {.name = "a large amount of recursive indefinite encoding",
+ .der_len = 29325,
+ .der_str = (void*)"\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24
+ .len = 0,
+ .ber = 1,
+ .expected_error = ASN1_DER_ERROR
+ }
+};
+
+void
+test_octet_string (void)
+{
+ unsigned char str[100];
+ unsigned char der[100];
+ int der_len = sizeof (der);
+ int str_size = sizeof (str);
+ unsigned char *tmp = NULL;
+ int ret, ret_len;
+ grub_size_t i;
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ /* Decode */
+
+ if (tv[i].ber == 0)
+ {
+ str_size = sizeof (str);
+ ret =
+ asn1_get_octet_der (tv[i].der_str + 1,
+ tv[i].der_len - 1, &ret_len, str,
+ sizeof (str), &str_size);
+ if (ret != tv[i].expected_error)
+ {
+ grub_fatal (
+ "%d: asn1_get_octet_der: %s: got %d expected %d\n",
+ __LINE__, tv[i].name, ret,
+ tv[i].expected_error);
+ return;
+ }
+ if (tv[i].expected_error)
+ continue;
+
+ if (ret_len != tv[i].der_len - 1)
+ {
+ grub_fatal (
+ "%d: error in DER, length returned is %d, had %d\n",
+ __LINE__, ret_len, tv[i].der_len - 1);
+ return;
+ }
+
+ if (str_size != tv[i].len
+ || grub_memcmp (tv[i].string, str, tv[i].len) != 0)
+ {
+ grub_fatal (
+ "%d: memcmp: %s: got invalid decoding\n",
+ __LINE__, tv[i].name);
+
+ return;
+ }
+
+ /* Encode */
+ der_len = sizeof (der);
+ asn1_octet_der (str, str_size, der, &der_len);
+
+ if (der_len != tv[i].der_len - 1
+ || grub_memcmp (tv[i].der_str + 1, der, tv[i].der_len - 1) != 0)
+ {
+ grub_fatal (
+ "encoding: %s: got invalid encoding\n",
+ tv[i].name);
+ return;
+ }
+ }
+
+ ret =
+ asn1_decode_simple_ber (ASN1_ETYPE_OCTET_STRING,
+ tv[i].der_str, tv[i].der_len,
+ &tmp, (unsigned int*)&str_size, (unsigned int*)&der_len);
+ if (ret != tv[i].expected_error)
+ {
+ grub_fatal (
+ "%d: asn1_decode_simple_ber: %s: got %s expected %s\n",
+ __LINE__, tv[i].name, asn1_strerror(ret), asn1_strerror(tv[i].expected_error));
+ return;
+ }
+ if (tv[i].expected_error)
+ continue;
+
+ if (der_len != tv[i].der_len)
+ {
+ grub_fatal (
+ "%d: error: %s: DER, length returned is %d, had %d\n",
+ __LINE__, tv[i].name, der_len, tv[i].der_len);
+ return;
+ }
+
+ if (str_size != tv[i].len || grub_memcmp (tv[i].string, tmp, tv[i].len) != 0)
+ {
+ grub_fatal (
+ "%d: memcmp: %s: got invalid decoding\n",
+ __LINE__, tv[i].name);
+ return;
+ }
+ grub_free (tmp);
+ tmp = NULL;
+
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/reproducers.c b/grub-core/lib/libtasn1_wrap/tests/reproducers.c
new file mode 100644
index 00000000000..dc7268d4c6c
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/reproducers.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2019 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/****************************************************************/
+/* Description: run reproducers for several fixed issues */
+/****************************************************************/
+
+#include <grub/libtasn1.h>
+#include <grub/err.h>
+#include <grub/mm.h>
+#include "../wrap_tests.h"
+
+#define CONST_DOWN (1U<<29)
+
+/* produces endless loop (fixed by d4b624b2):
+ * The following translates into a single node with all pointers
+ * (right,left,down) set to NULL. */
+const asn1_static_node endless_asn1_tab[] = {
+ { "TEST_TREE", 536875024, NULL },
+ { NULL, 0, NULL }
+};
+
+/* produces memory leak (fixed by f16d1ff9):
+ * 152 bytes in 1 blocks are definitely lost in loss record 1 of 1
+ * at 0x4837B65: calloc (vg_replace_malloc.c:762)
+ * by 0x4851C0D: _asn1_add_static_node (parser_aux.c:71)
+ * by 0x4853AAC: asn1_array2tree (structure.c:200)
+ * by 0x10923B: main (single_node.c:67)
+ */
+const asn1_static_node tab[] = {
+{ "a", CONST_DOWN, "" },
+{ "b", 0, "" },
+{ "c", 0, "" },
+{ NULL, 0, NULL }
+};
+
+void
+test_reproducers (void)
+{
+ int result;
+ asn1_node definitions = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ result = asn1_array2tree (endless_asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
+ asn1_strerror (result), errorDescription);
+ return;
+ }
+
+ asn1_delete_structure (&definitions);
+
+ definitions = NULL;
+ result = asn1_array2tree (tab, &definitions, errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
+ asn1_strerror (result), errorDescription);
+ return;
+ }
+
+ asn1_delete_structure (&definitions);
+}
diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.c b/grub-core/lib/libtasn1_wrap/wrap_tests.c
new file mode 100644
index 00000000000..75fcd21f0d5
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/wrap_tests.c
@@ -0,0 +1,75 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/dl.h>
+#include <grub/command.h>
+#include <grub/mm.h>
+#include "wrap_tests.h"
+
+/*
+ * libtasn1 tests - from which this is derived - are provided under GPL3+.
+ */
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static grub_command_t cmd;
+
+static grub_err_t
+grub_cmd_asn1test (grub_command_t cmdd __attribute__((unused)),
+ int argc __attribute__((unused)),
+ char **args __attribute__((unused)))
+{
+ grub_printf ("test_CVE_2018_1000654\n");
+ test_CVE_2018_1000654 ();
+
+ grub_printf ("test_object_id_decoding\n");
+ test_object_id_decoding ();
+
+ grub_printf ("test_object_id_encoding\n");
+ test_object_id_encoding ();
+
+ grub_printf ("test_octet_string\n");
+ test_octet_string ();
+
+ grub_printf ("test_overflow\n");
+ test_overflow ();
+
+ grub_printf ("test_reproducers\n");
+ test_overflow ();
+
+ grub_printf ("test_simple\n");
+ test_simple ();
+
+ grub_printf ("test_strings\n");
+ test_strings ();
+
+ grub_printf ("ASN.1 self-tests passed\n");
+
+ return GRUB_ERR_NONE;
+}
+
+
+GRUB_MOD_INIT(test_asn1)
+{
+ cmd = grub_register_command ("test_asn1", grub_cmd_asn1test, NULL,
+ "Run self-tests for the ASN.1 parser.");
+}
+
+GRUB_MOD_FINI(test_asn1)
+{
+ grub_unregister_command (cmd);
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h
new file mode 100644
index 00000000000..1e7d3d64f55
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h
@@ -0,0 +1,32 @@
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <grub/libtasn1.h>
+
+const asn1_static_node CVE_2018_1000654_1_asn1_tab[] = {
+ { "TEST_TREE", 536875024, NULL },
+ { NULL, 1610612748, NULL },
+ { "iso", 1073741825, "1"},
+ { "identified-organization", 1073741825, "3"},
+ { "dod", 1073741825, "6"},
+ { "internet", 1073741825, "1"},
+ { "security", 1073741825, "5"},
+ { "mechanisms", 1073741825, "5"},
+ { "pkix", 1073741825, "7"},
+ { "id-mod", 1073741825, "0"},
+ { "id-pkix1-implicit-88", 1, "2"},
+ { "id-xnyTest", 1879048204, NULL },
+ { NULL, 1073741825, "id-ix"},
+ { NULL, 1073741825, "29"},
+ { NULL, 1, "1"},
+ { "id-ix", 1880096780, "OBJECR"},
+ { NULL, 1073741825, "id-ix"},
+ { NULL, 1073741825, "29"},
+ { NULL, 1, "2"},
+ { "id-xnyTest", 805306380, NULL },
+ { NULL, 1073741825, "id-ix"},
+ { NULL, 1073741825, "29"},
+ { NULL, 1, "1"},
+ { NULL, 0, NULL }
+};
diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h
new file mode 100644
index 00000000000..e2561e5ec6d
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h
@@ -0,0 +1,36 @@
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <grub/libtasn1.h>
+
+const asn1_static_node CVE_2018_1000654_2_asn1_tab[] = {
+ { "TEST_TREE", 536875024, NULL },
+ { NULL, 1610612748, NULL },
+ { "iso", 1073741825, "1"},
+ { "identified-organization", 1073741825, "3"},
+ { "dod", 1073741825, "6"},
+ { "internet", 1073741825, "1"},
+ { "security", 1073741825, "5"},
+ { "mechanisms", 1073741825, "5"},
+ { "pkix", 1073741825, "7"},
+ { "id-mod", 1073741825, "0"},
+ { "id-pkix1-implicit-88", 1, "2"},
+ { "id-oneTest", 1879048204, NULL },
+ { NULL, 1073741825, "id-two"},
+ { NULL, 1073741825, "9"},
+ { NULL, 1, "1"},
+ { "id-two", 1879048204, NULL },
+ { NULL, 1073741825, "id-three"},
+ { NULL, 1073741825, "2"},
+ { NULL, 1, "2"},
+ { "id-three", 1879048204, NULL },
+ { NULL, 1073741825, "id-four"},
+ { NULL, 1073741825, "3"},
+ { NULL, 1, "3"},
+ { "id-four", 805306380, NULL },
+ { NULL, 1073741825, "id-two"},
+ { NULL, 1073741825, "3"},
+ { NULL, 1, "3"},
+ { NULL, 0, NULL }
+};
diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.h b/grub-core/lib/libtasn1_wrap/wrap_tests.h
new file mode 100644
index 00000000000..555e56dd202
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/wrap_tests.h
@@ -0,0 +1,38 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBTASN1_WRAP_TESTS_H
+#define LIBTASN1_WRAP_TESTS_H
+
+void test_CVE_2018_1000654 (void);
+
+void test_object_id_encoding (void);
+
+void test_object_id_decoding (void);
+
+void test_octet_string (void);
+
+void test_overflow (void);
+
+void test_reproducers (void);
+
+void test_simple (void);
+
+void test_strings (void);
+
+#endif
diff --git a/.gitignore b/.gitignore
index 594d0134d33..856e69bc5c1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -264,6 +264,7 @@ widthspec.bin
/stamp-h1
/syslinux_test
/tar_test
+/test_asn1
/test_sha512sum
/test_unset
/tests/syslinux/ubuntu10.04_grub.cfg
diff --git a/tests/test_asn1.in b/tests/test_asn1.in
new file mode 100644
index 00000000000..8173c5c270e
--- /dev/null
+++ b/tests/test_asn1.in
@@ -0,0 +1,12 @@
+#! @BUILD_SHEBANG@
+set -e
+
+. "@builddir@/grub-core/modinfo.sh"
+
+out=`echo test_asn1 | @builddir@/grub-shell`
+
+if [ "$(echo "$out" | tail -n 1)" != "ASN.1 self-tests passed" ]; then
+ echo "ASN.1 test failure: $out"
+ exit 1
+fi
+