Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	lib/libssl/bs_cbb.c	Lines:	172	200	86.0 %
Date:	2017-11-13	Branches:	102	139	73.4 %


/*	$OpenBSD: bs_cbb.c,v 1.17 2017/08/12 02:50:05 jsing Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

#include <assert.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/opensslconf.h>

#include "bytestring.h"

#define CBB_INITIAL_SIZE 64

static int
cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
{
	struct cbb_buffer_st *base;

	base = malloc(sizeof(struct cbb_buffer_st));
	if (base == NULL)
		return 0;

	base->buf = buf;
	base->len = 0;
	base->cap = cap;
	base->can_resize = 1;

	cbb->base = base;
	cbb->is_top_level = 1;

	return 1;
}

int
CBB_init(CBB *cbb, size_t initial_capacity)
{
	uint8_t *buf = NULL;

	memset(cbb, 0, sizeof(*cbb));

	if (initial_capacity == 0)
		initial_capacity = CBB_INITIAL_SIZE;

	if ((buf = malloc(initial_capacity)) == NULL)
		return 0;

	if (!cbb_init(cbb, buf, initial_capacity)) {
		free(buf);
		return 0;
	}

	return 1;
}

int
CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len)
{
	memset(cbb, 0, sizeof(*cbb));

	if (!cbb_init(cbb, buf, len))
		return 0;

	cbb->base->can_resize = 0;

	return 1;
}

void
CBB_cleanup(CBB *cbb)
{
	if (cbb->base) {
		if (cbb->base->can_resize)
			freezero(cbb->base->buf, cbb->base->cap);
		free(cbb->base);
	}
	cbb->base = NULL;
	cbb->child = NULL;
}

static int
cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len)
{
	size_t newlen;

	if (base == NULL)
		return 0;

	newlen = base->len + len;
	if (newlen < base->len)
		/* Overflow */
		return 0;

	if (newlen > base->cap) {
		size_t newcap = base->cap * 2;
		uint8_t *newbuf;

		if (!base->can_resize)
			return 0;

		if (newcap < base->cap || newcap < newlen)
			newcap = newlen;

		newbuf = recallocarray(base->buf, base->cap, newcap, 1);
		if (newbuf == NULL)
			return 0;

		base->buf = newbuf;
		base->cap = newcap;
	}

	if (out)
		*out = base->buf + base->len;

	base->len = newlen;
	return 1;
}

static int
cbb_add_u(CBB *cbb, uint32_t v, size_t len_len)
{
	uint8_t *buf;
	size_t i;

	if (len_len == 0)
		return 1;

	if (len_len > 4)
		return 0;

	if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len))
		return 0;

	for (i = len_len - 1; i < len_len; i--) {
		buf[i] = v;
		v >>= 8;
	}
	return 1;
}

int
CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len)
{
	if (!cbb->is_top_level)
		return 0;

	if (!CBB_flush(cbb))
		return 0;

	if (cbb->base->can_resize && (out_data == NULL || out_len == NULL))
		/*
		 * |out_data| and |out_len| can only be NULL if the CBB is
		 * fixed.
		 */
		return 0;

	if (out_data != NULL)
		*out_data = cbb->base->buf;

	if (out_len != NULL)
		*out_len = cbb->base->len;

	cbb->base->buf = NULL;
	CBB_cleanup(cbb);
	return 1;
}

/*
 * CBB_flush recurses and then writes out any pending length prefix. The current
 * length of the underlying base is taken to be the length of the
 * length-prefixed data.
 */
int
CBB_flush(CBB *cbb)
{
	size_t child_start, i, len;

	if (cbb->base == NULL)
		return 0;

	if (cbb->child == NULL || cbb->pending_len_len == 0)
		return 1;

	child_start = cbb->offset + cbb->pending_len_len;

	if (!CBB_flush(cbb->child) || child_start < cbb->offset ||
	    cbb->base->len < child_start)
		return 0;

	len = cbb->base->len - child_start;

	if (cbb->pending_is_asn1) {
		/*
		 * For ASN.1, we assumed that we were using short form which
		 * only requires a single byte for the length octet.
		 *
		 * If it turns out that we need long form, we have to move
		 * the contents along in order to make space for more length
		 * octets.
		 */
		size_t len_len = 1;  /* total number of length octets */
		uint8_t initial_length_byte;

		/* We already wrote 1 byte for the length. */
		assert (cbb->pending_len_len == 1);

		/* Check for long form */
		if (len > 0xfffffffe)
			return 0;	/* 0xffffffff is reserved */
		else if (len > 0xffffff)
			len_len = 5;
		else if (len > 0xffff)
			len_len = 4;
		else if (len > 0xff)
			len_len = 3;
		else if (len > 0x7f)
			len_len = 2;

		if (len_len == 1) {
			/* For short form, the initial byte is the length. */
			initial_length_byte = len;
			len = 0;

		} else {
			/*
			 * For long form, the initial byte is the number of
			 * subsequent length octets (plus bit 8 set).
			 */
			initial_length_byte = 0x80 | (len_len - 1);

			/*
			 * We need to move the contents along in order to make
			 * space for the long form length octets.
			 */
			size_t extra_bytes = len_len - 1;
			if (!cbb_buffer_add(cbb->base, NULL, extra_bytes))
				return 0;

			memmove(cbb->base->buf + child_start + extra_bytes,
			    cbb->base->buf + child_start, len);
		}
		cbb->base->buf[cbb->offset++] = initial_length_byte;
		cbb->pending_len_len = len_len - 1;
	}

	for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) {
		cbb->base->buf[cbb->offset + i] = len;
		len >>= 8;
	}
	if (len != 0)
		return 0;

	cbb->child->base = NULL;
	cbb->child = NULL;
	cbb->pending_len_len = 0;
	cbb->pending_is_asn1 = 0;
	cbb->offset = 0;

	return 1;
}


static int
cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len)
{
	uint8_t *prefix_bytes;

	if (!CBB_flush(cbb))
		return 0;

	cbb->offset = cbb->base->len;
	if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len))
		return 0;

	memset(prefix_bytes, 0, len_len);
	memset(out_contents, 0, sizeof(CBB));
	out_contents->base = cbb->base;
	cbb->child = out_contents;
	cbb->pending_len_len = len_len;
	cbb->pending_is_asn1 = 0;

	return 1;
}

int
CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents)
{
	return cbb_add_length_prefixed(cbb, out_contents, 1);
}

int
CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents)
{
	return cbb_add_length_prefixed(cbb, out_contents, 2);
}

int
CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents)
{
	return cbb_add_length_prefixed(cbb, out_contents, 3);
}

int
CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag)
{
	if (tag > UINT8_MAX)
		return 0;

	/* Long form identifier octets are not supported. */
	if ((tag & 0x1f) == 0x1f)
		return 0;

	/* Short-form identifier octet only needs a single byte */
	if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag))
		return 0;

	/*
	 * Add 1 byte to cover the short-form length octet case.  If it turns
	 * out we need long-form, it will be extended later.
	 */
	cbb->offset = cbb->base->len;
	if (!CBB_add_u8(cbb, 0))
		return 0;

	memset(out_contents, 0, sizeof(CBB));
	out_contents->base = cbb->base;
	cbb->child = out_contents;
	cbb->pending_len_len = 1;
	cbb->pending_is_asn1 = 1;

	return 1;
}

int
CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len)
{
	uint8_t *dest;

	if (!CBB_add_space(cbb, &dest, len))
		return 0;

	memcpy(dest, data, len);
	return 1;
}

int
CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
{
	if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
		return 0;

	return 1;
}

int
CBB_add_u8(CBB *cbb, size_t value)
{
	if (value > UINT8_MAX)
		return 0;

	return cbb_add_u(cbb, (uint32_t)value, 1);
}

int
CBB_add_u16(CBB *cbb, size_t value)
{
	if (value > UINT16_MAX)
		return 0;

	return cbb_add_u(cbb, (uint32_t)value, 2);
}

int
CBB_add_u24(CBB *cbb, size_t value)
{
	if (value > 0xffffffUL)
		return 0;

	return cbb_add_u(cbb, (uint32_t)value, 3);
}

int
CBB_add_asn1_uint64(CBB *cbb, uint64_t value)
{
	CBB child;
	size_t i;
	int started = 0;

	if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER))
		return 0;

	for (i = 0; i < 8; i++) {
		uint8_t byte = (value >> 8 * (7 - i)) & 0xff;

		/*
		 * ASN.1 restriction: first 9 bits cannot be all zeroes or
		 * all ones.  Since this function only encodes unsigned
		 * integers, the only concerns are not encoding leading
		 * zeros and adding a padding byte if necessary.
		 *
		 * In practice, this means:
		 * 1) Skip leading octets of all zero bits in the value
		 * 2) After skipping the leading zero octets, if the next 9
		 *    bits are all ones, add an all zero prefix octet (and
		 *    set the high bit of the prefix octet if negative).
		 *
		 * Additionally, for an unsigned value, add an all zero
		 * prefix if the high bit of the first octet would be one.
		 */
		if (!started) {
			if (byte == 0)
				/* Don't encode leading zeros. */
				continue;

			/*
			 * If the high bit is set, add a padding byte to make it
			 * unsigned.
			 */
			if ((byte & 0x80) && !CBB_add_u8(&child, 0))
				return 0;

			started = 1;
		}
		if (!CBB_add_u8(&child, byte))
			return 0;
	}

	/* 0 is encoded as a single 0, not the empty string. */
	if (!started && !CBB_add_u8(&child, 0))
		return 0;

	return CBB_flush(cbb);
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: bs_cbb.c,v 1.17 2017/08/12 02:50:05 jsing Exp $ */
2			/*
3			* Copyright (c) 2014, Google Inc.
4			*
5			* Permission to use, copy, modify, and/or distribute this software for any
6			* purpose with or without fee is hereby granted, provided that the above
7			* copyright notice and this permission notice appear in all copies.
8			*
9			* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10			* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11			* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12			* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13			* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14			* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15			* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17			#include <assert.h>
18			#include <stdlib.h>
19			#include <string.h>
20
21			#include <openssl/opensslconf.h>
22
23			#include "bytestring.h"
24
25			#define CBB_INITIAL_SIZE 64
26
27			static int
28			cbb_init(CBB cbb, uint8_t buf, size_t cap)
29			{
30			struct cbb_buffer_st *base;
31
32		102048	base = malloc(sizeof(struct cbb_buffer_st));
33	✗✓	51024	if (base == NULL)
34			return 0;
35
36		51024	base->buf = buf;
37		51024	base->len = 0;
38		51024	base->cap = cap;
39		51024	base->can_resize = 1;
40
41		51024	cbb->base = base;
42		51024	cbb->is_top_level = 1;
43
44		51024	return 1;
45		51024	}
46
47			int
48			CBB_init(CBB *cbb, size_t initial_capacity)
49			{
50			uint8_t *buf = NULL;
51
52		69886	memset(cbb, 0, sizeof(*cbb));
53
54	✓✓	34943	if (initial_capacity == 0)
55		1049	initial_capacity = CBB_INITIAL_SIZE;
56
57	✗✓	34943	if ((buf = malloc(initial_capacity)) == NULL)
58			return 0;
59
60	✗✓	34943	if (!cbb_init(cbb, buf, initial_capacity)) {
61			free(buf);
62			return 0;
63			}
64
65		34943	return 1;
66		34943	}
67
68			int
69			CBB_init_fixed(CBB cbb, uint8_t buf, size_t len)
70			{
71		32162	memset(cbb, 0, sizeof(*cbb));
72
73	✗✓	16081	if (!cbb_init(cbb, buf, len))
74			return 0;
75
76		16081	cbb->base->can_resize = 0;
77
78		16081	return 1;
79		16081	}
80
81			void
82			CBB_cleanup(CBB *cbb)
83			{
84	✓✓	103696	if (cbb->base) {
85	✓✓	51024	if (cbb->base->can_resize)
86		34943	freezero(cbb->base->buf, cbb->base->cap);
87		51024	free(cbb->base);
88		51024	}
89		51848	cbb->base = NULL;
90		51848	cbb->child = NULL;
91		51848	}
92
93			static int
94			cbb_buffer_add(struct cbb_buffer_st base, uint8_t *out, size_t len)
95			{
96			size_t newlen;
97
98	✗✓	2574568	if (base == NULL)
99			return 0;
100
101		1287284	newlen = base->len + len;
102	✗✓	1287284	if (newlen < base->len)
103			/* Overflow */
104			return 0;
105
106	✓✓	1287284	if (newlen > base->cap) {
107		1242	size_t newcap = base->cap * 2;
108			uint8_t *newbuf;
109
110	✓✓	1242	if (!base->can_resize)
111		6	return 0;
112
113	✓✗✓✓	2472	if (newcap < base->cap \|\| newcap < newlen)
114		182	newcap = newlen;
115
116		1236	newbuf = recallocarray(base->buf, base->cap, newcap, 1);
117	✗✓	1236	if (newbuf == NULL)
118			return 0;
119
120		1236	base->buf = newbuf;
121		1236	base->cap = newcap;
122	✓✓	1236	}
123
124	✓✓	1287278	if (out)
125		1287042	*out = base->buf + base->len;
126
127		1287278	base->len = newlen;
128		1287278	return 1;
129		1287284	}
130
131			static int
132			cbb_add_u(CBB *cbb, uint32_t v, size_t len_len)
133			{
134		1953972	uint8_t *buf;
135			size_t i;
136
137	✗✓	976986	if (len_len == 0)
138			return 1;
139
140	✗✓	976986	if (len_len > 4)
141			return 0;
142
143	✓✓✓✓	1953963	if (!CBB_flush(cbb) \|\| !cbb_buffer_add(cbb->base, &buf, len_len))
144		15	return 0;
145
146	✓✓	5678490	for (i = len_len - 1; i < len_len; i--) {
147		1862274	buf[i] = v;
148		1862274	v >>= 8;
149			}
150		976971	return 1;
151		976986	}
152
153			int
154			CBB_finish(CBB cbb, uint8_t out_data, size_t out_len)
155			{
156	✓✓	101982	if (!cbb->is_top_level)
157		3	return 0;
158
159	✗✓	50988	if (!CBB_flush(cbb))
160			return 0;
161
162	✓✓✗✓	85895	if (cbb->base->can_resize && (out_data == NULL \|\| out_len == NULL))
163			/*
164			* \|out_data\| and \|out_len\| can only be NULL if the CBB is
165			* fixed.
166			*/
167			return 0;
168
169	✓✓	50988	if (out_data != NULL)
170		34913	*out_data = cbb->base->buf;
171
172	✓✓	50988	if (out_len != NULL)
173		50982	*out_len = cbb->base->len;
174
175		50988	cbb->base->buf = NULL;
176		50988	CBB_cleanup(cbb);
177		50988	return 1;
178		50991	}
179
180			/*
181			* CBB_flush recurses and then writes out any pending length prefix. The current
182			* length of the underlying base is taken to be the length of the
183			* length-prefixed data.
184			*/
185			int
186			CBB_flush(CBB *cbb)
187			{
188			size_t child_start, i, len;
189
190	✓✓	3337996	if (cbb->base == NULL)
191		21	return 0;
192
193	✓✓✗✓	1889966	if (cbb->child == NULL \|\| cbb->pending_len_len == 0)
194		1447988	return 1;
195
196		220989	child_start = cbb->offset + cbb->pending_len_len;
197
198	✓✗✓✗ ✗✓	662967	if (!CBB_flush(cbb->child) \|\| child_start < cbb->offset \|\|
199		220989	cbb->base->len < child_start)
200			return 0;
201
202		220989	len = cbb->base->len - child_start;
203
204	✓✓	220989	if (cbb->pending_is_asn1) {
205			/*
206			* For ASN.1, we assumed that we were using short form which
207			* only requires a single byte for the length octet.
208			*
209			* If it turns out that we need long form, we have to move
210			* the contents along in order to make space for more length
211			* octets.
212			*/
213			size_t len_len = 1; /* total number of length octets */
214			uint8_t initial_length_byte;
215
216			/* We already wrote 1 byte for the length. */
217	✗✓	9233	assert (cbb->pending_len_len == 1);
218
219			/* Check for long form */
220	✗✓	9233	if (len > 0xfffffffe)
221			return 0; /* 0xffffffff is reserved */
222	✗✓	9233	else if (len > 0xffffff)
223			len_len = 5;
224	✓✓	9233	else if (len > 0xffff)
225		6	len_len = 4;
226	✓✓	9227	else if (len > 0xff)
227		199	len_len = 3;
228	✓✓	9028	else if (len > 0x7f)
229		31	len_len = 2;
230
231	✓✓	9233	if (len_len == 1) {
232			/* For short form, the initial byte is the length. */
233		8997	initial_length_byte = len;
234			len = 0;
235
236		8997	} else {
237			/*
238			* For long form, the initial byte is the number of
239			* subsequent length octets (plus bit 8 set).
240			*/
241		236	initial_length_byte = 0x80 \| (len_len - 1);
242
243			/*
244			* We need to move the contents along in order to make
245			* space for the long form length octets.
246			*/
247			size_t extra_bytes = len_len - 1;
248	✗✓	236	if (!cbb_buffer_add(cbb->base, NULL, extra_bytes))
249			return 0;
250
251		236	memmove(cbb->base->buf + child_start + extra_bytes,
252			cbb->base->buf + child_start, len);
253	✓✗	236	}
254		9233	cbb->base->buf[cbb->offset++] = initial_length_byte;
255		9233	cbb->pending_len_len = len_len - 1;
256	✓✗	9233	}
257
258	✓✓	1259636	for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) {
259		408829	cbb->base->buf[cbb->offset + i] = len;
260		408829	len >>= 8;
261			}
262	✗✓	220989	if (len != 0)
263			return 0;
264
265		220989	cbb->child->base = NULL;
266		220989	cbb->child = NULL;
267		220989	cbb->pending_len_len = 0;
268		220989	cbb->pending_is_asn1 = 0;
269		220989	cbb->offset = 0;
270
271		220989	return 1;
272		1668998	}
273
274
275			static int
276			cbb_add_length_prefixed(CBB cbb, CBB out_contents, size_t len_len)
277			{
278		423524	uint8_t *prefix_bytes;
279
280	✓✓	211762	if (!CBB_flush(cbb))
281		6	return 0;
282
283		211756	cbb->offset = cbb->base->len;
284	✗✓	211756	if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len))
285			return 0;
286
287		211756	memset(prefix_bytes, 0, len_len);
288		211756	memset(out_contents, 0, sizeof(CBB));
289		211756	out_contents->base = cbb->base;
290		211756	cbb->child = out_contents;
291		211756	cbb->pending_len_len = len_len;
292		211756	cbb->pending_is_asn1 = 0;
293
294		211756	return 1;
295		211762	}
296
297			int
298			CBB_add_u8_length_prefixed(CBB cbb, CBB out_contents)
299			{
300		98990	return cbb_add_length_prefixed(cbb, out_contents, 1);
301			}
302
303			int
304			CBB_add_u16_length_prefixed(CBB cbb, CBB out_contents)
305			{
306		255810	return cbb_add_length_prefixed(cbb, out_contents, 2);
307			}
308
309			int
310			CBB_add_u24_length_prefixed(CBB cbb, CBB out_contents)
311			{
312		68724	return cbb_add_length_prefixed(cbb, out_contents, 3);
313			}
314
315			int
316			CBB_add_asn1(CBB cbb, CBB out_contents, unsigned int tag)
317			{
318	✗✓	18496	if (tag > UINT8_MAX)
319			return 0;
320
321			/* Long form identifier octets are not supported. */
322	✗✓	9248	if ((tag & 0x1f) == 0x1f)
323			return 0;
324
325			/* Short-form identifier octet only needs a single byte */
326	✓✓✗✓	18493	if (!CBB_flush(cbb) \|\| !CBB_add_u8(cbb, tag))
327		3	return 0;
328
329			/*
330			* Add 1 byte to cover the short-form length octet case. If it turns
331			* out we need long-form, it will be extended later.
332			*/
333		9245	cbb->offset = cbb->base->len;
334	✗✓	9245	if (!CBB_add_u8(cbb, 0))
335			return 0;
336
337		9245	memset(out_contents, 0, sizeof(CBB));
338		9245	out_contents->base = cbb->base;
339		9245	cbb->child = out_contents;
340		9245	cbb->pending_len_len = 1;
341		9245	cbb->pending_is_asn1 = 1;
342
343		9245	return 1;
344		9248	}
345
346			int
347			CBB_add_bytes(CBB cbb, const uint8_t data, size_t len)
348			{
349		192446	uint8_t *dest;
350
351	✓✓	96223	if (!CBB_add_space(cbb, &dest, len))
352		3	return 0;
353
354		96220	memcpy(dest, data, len);
355		96220	return 1;
356		96223	}
357
358			int
359			CBB_add_space(CBB cbb, uint8_t *out_data, size_t len)
360			{
361	✓✓✗✓	294951	if (!CBB_flush(cbb) \|\| !cbb_buffer_add(cbb->base, out_data, len))
362		3	return 0;
363
364		98315	return 1;
365		98318	}
366
367			int
368			CBB_add_u8(CBB *cbb, size_t value)
369			{
370	✗✓	183366	if (value > UINT8_MAX)
371			return 0;
372
373		91683	return cbb_add_u(cbb, (uint32_t)value, 1);
374		91683	}
375
376			int
377			CBB_add_u16(CBB *cbb, size_t value)
378			{
379	✗✓	1770588	if (value > UINT16_MAX)
380			return 0;
381
382		885294	return cbb_add_u(cbb, (uint32_t)value, 2);
383		885294	}
384
385			int
386			CBB_add_u24(CBB *cbb, size_t value)
387			{
388	✗✓	18	if (value > 0xffffffUL)
389			return 0;
390
391		9	return cbb_add_u(cbb, (uint32_t)value, 3);
392		9	}
393
394			int
395			CBB_add_asn1_uint64(CBB *cbb, uint64_t value)
396			{
397		6066	CBB child;
398			size_t i;
399			int started = 0;
400
401	✗✓	3033	if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER))
402			return 0;
403
404	✓✓	54594	for (i = 0; i < 8; i++) {
405		24264	uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
406
407			/*
408			* ASN.1 restriction: first 9 bits cannot be all zeroes or
409			* all ones. Since this function only encodes unsigned
410			* integers, the only concerns are not encoding leading
411			* zeros and adding a padding byte if necessary.
412			*
413			* In practice, this means:
414			* 1) Skip leading octets of all zero bits in the value
415			* 2) After skipping the leading zero octets, if the next 9
416			* bits are all ones, add an all zero prefix octet (and
417			* set the high bit of the prefix octet if negative).
418			*
419			* Additionally, for an unsigned value, add an all zero
420			* prefix if the high bit of the first octet would be one.
421			*/
422	✓✓	24264	if (!started) {
423	✓✓	20505	if (byte == 0)
424			/* Don't encode leading zeros. */
425		17475	continue;
426
427			/*
428			* If the high bit is set, add a padding byte to make it
429			* unsigned.
430			*/
431	✓✓✗✓	3183	if ((byte & 0x80) && !CBB_add_u8(&child, 0))
432			return 0;
433
434			started = 1;
435		3030	}
436	✗✓	6789	if (!CBB_add_u8(&child, byte))
437			return 0;
438	✗✓✓	6789	}
439
440			/* 0 is encoded as a single 0, not the empty string. */
441	✓✓✗✓	3036	if (!started && !CBB_add_u8(&child, 0))
442			return 0;
443
444		3033	return CBB_flush(cbb);
445		3033	}