ring-native 0.0.0

data/vendor/ring/crypto/bn/rsaz_exp.h

@@ -0,0 +1,53 @@
+/*****************************************************************************
+*                                                                            *
+*  Copyright (c) 2012, Intel Corporation                                     *
+*                                                                            *
+*  All rights reserved.                                                      *
+*                                                                            *
+*  Redistribution and use in source and binary forms, with or without        *
+*  modification, are permitted provided that the following conditions are    *
+*  met:                                                                      *
+*                                                                            *
+*  *  Redistributions of source code must retain the above copyright         *
+*     notice, this list of conditions and the following disclaimer.          *
+*                                                                            *
+*  *  Redistributions in binary form must reproduce the above copyright      *
+*     notice, this list of conditions and the following disclaimer in the    *
+*     documentation and/or other materials provided with the                 *
+*     distribution.                                                          *
+*                                                                            *
+*  *  Neither the name of the Intel Corporation nor the names of its         *
+*     contributors may be used to endorse or promote products derived from   *
+*     this software without specific prior written permission.               *
+*                                                                            *
+*                                                                            *
+*  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          *
+*  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
+*  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        *
+*  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            *
+*  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     *
+*  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       *
+*  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        *
+*  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    *
+*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      *
+*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        *
+*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              *
+*                                                                            *
+******************************************************************************
+* Developers and authors:                                                    *
+* Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
+* (1) Intel Corporation, Israel Development Center, Haifa, Israel            *
+* (2) University of Haifa, Israel                                            *
+*****************************************************************************/
+
+#ifndef RSAZ_EXP_H
+#define RSAZ_EXP_H
+
+#include <openssl/bn.h>
+
+void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
+	const BN_ULONG base_norm[16], const BN_ULONG exponent[16],
+	const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0);
+int rsaz_avx2_eligible(void);
+
+#endif

data/vendor/ring/crypto/bn/shift.c

@@ -0,0 +1,276 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.] */
+
+#include <openssl/bn.h>
+
+#include <string.h>
+
+#include <openssl/err.h>
+
+#include "internal.h"
+
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) {
+  int i, nw, lb, rb;
+  BN_ULONG *t, *f;
+  BN_ULONG l;
+
+  if (n < 0) {
+    OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
+    return 0;
+  }
+
+  r->neg = a->neg;
+  nw = n / BN_BITS2;
+  if (bn_wexpand(r, a->top + nw + 1) == NULL) {
+    return 0;
+  }
+  lb = n % BN_BITS2;
+  rb = BN_BITS2 - lb;
+  f = a->d;
+  t = r->d;
+  t[a->top + nw] = 0;
+  if (lb == 0) {
+    for (i = a->top - 1; i >= 0; i--) {
+      t[nw + i] = f[i];
+    }
+  } else {
+    for (i = a->top - 1; i >= 0; i--) {
+      l = f[i];
+      t[nw + i + 1] |= (l >> rb) & BN_MASK2;
+      t[nw + i] = (l << lb) & BN_MASK2;
+    }
+  }
+  memset(t, 0, nw * sizeof(t[0]));
+  r->top = a->top + nw + 1;
+  bn_correct_top(r);
+
+  return 1;
+}
+
+int BN_lshift1(BIGNUM *r, const BIGNUM *a) {
+  BN_ULONG *ap, *rp, t, c;
+  int i;
+
+  if (r != a) {
+    r->neg = a->neg;
+    if (bn_wexpand(r, a->top + 1) == NULL) {
+      return 0;
+    }
+    r->top = a->top;
+  } else {
+    if (bn_wexpand(r, a->top + 1) == NULL) {
+      return 0;
+    }
+  }
+  ap = a->d;
+  rp = r->d;
+  c = 0;
+  for (i = 0; i < a->top; i++) {
+    t = *(ap++);
+    *(rp++) = ((t << 1) | c) & BN_MASK2;
+    c = (t & BN_TBIT) ? 1 : 0;
+  }
+  if (c) {
+    *rp = 1;
+    r->top++;
+  }
+
+  return 1;
+}
+
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) {
+  int i, j, nw, lb, rb;
+  BN_ULONG *t, *f;
+  BN_ULONG l, tmp;
+
+  if (n < 0) {
+    OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
+    return 0;
+  }
+
+  nw = n / BN_BITS2;
+  rb = n % BN_BITS2;
+  lb = BN_BITS2 - rb;
+  if (nw >= a->top || a->top == 0) {
+    BN_zero(r);
+    return 1;
+  }
+  i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
+  if (r != a) {
+    r->neg = a->neg;
+    if (bn_wexpand(r, i) == NULL) {
+      return 0;
+    }
+  } else {
+    if (n == 0) {
+      return 1; /* or the copying loop will go berserk */
+    }
+  }
+
+  f = &(a->d[nw]);
+  t = r->d;
+  j = a->top - nw;
+  r->top = i;
+
+  if (rb == 0) {
+    for (i = j; i != 0; i--) {
+      *(t++) = *(f++);
+    }
+  } else {
+    l = *(f++);
+    for (i = j - 1; i != 0; i--) {
+      tmp = (l >> rb) & BN_MASK2;
+      l = *(f++);
+      *(t++) = (tmp | (l << lb)) & BN_MASK2;
+    }
+    if ((l = (l >> rb) & BN_MASK2)) {
+      *(t) = l;
+    }
+  }
+
+  return 1;
+}
+
+int BN_rshift1(BIGNUM *r, const BIGNUM *a) {
+  BN_ULONG *ap, *rp, t, c;
+  int i, j;
+
+  if (BN_is_zero(a)) {
+    BN_zero(r);
+    return 1;
+  }
+  i = a->top;
+  ap = a->d;
+  j = i - (ap[i - 1] == 1);
+  if (a != r) {
+    if (bn_wexpand(r, j) == NULL) {
+      return 0;
+    }
+    r->neg = a->neg;
+  }
+  rp = r->d;
+  t = ap[--i];
+  c = (t & 1) ? BN_TBIT : 0;
+  if (t >>= 1) {
+    rp[i] = t;
+  }
+  while (i > 0) {
+    t = ap[--i];
+    rp[i] = ((t >> 1) & BN_MASK2) | c;
+    c = (t & 1) ? BN_TBIT : 0;
+  }
+  r->top = j;
+
+  return 1;
+}
+
+int BN_set_bit(BIGNUM *a, int n) {
+  int i, j, k;
+
+  if (n < 0) {
+    return 0;
+  }
+
+  i = n / BN_BITS2;
+  j = n % BN_BITS2;
+  if (a->top <= i) {
+    if (bn_wexpand(a, i + 1) == NULL) {
+      return 0;
+    }
+    for (k = a->top; k < i + 1; k++) {
+      a->d[k] = 0;
+    }
+    a->top = i + 1;
+  }
+
+  a->d[i] |= (((BN_ULONG)1) << j);
+
+  return 1;
+}
+
+int BN_clear_bit(BIGNUM *a, int n) {
+  int i, j;
+
+  if (n < 0) {
+    return 0;
+  }
+
+  i = n / BN_BITS2;
+  j = n % BN_BITS2;
+  if (a->top <= i) {
+    return 0;
+  }
+
+  a->d[i] &= (~(((BN_ULONG)1) << j));
+  bn_correct_top(a);
+  return 1;
+}
+
+int BN_is_bit_set(const BIGNUM *a, int n) {
+  int i, j;
+
+  if (n < 0) {
+    return 0;
+  }
+  i = n / BN_BITS2;
+  j = n % BN_BITS2;
+  if (a->top <= i) {
+    return 0;
+  }
+
+  return (a->d[i]>>j)&1;
+}

data/vendor/ring/crypto/bytestring/bytestring_test.Windows.vcxproj

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}</ProjectGuid>
+    <TargetName>bytestring_test</TargetName>
+  </PropertyGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="..\..\mk\WindowsTest.props" />
+  </ImportGroup>
+  <PropertyGroup Label="Configuration">
+    <OutDir>$(OutRootDir)test\ring\crypto\bytestring\</OutDir>
+  </PropertyGroup>
+  <ItemGroup>
+    <ClCompile Include="bytestring_test.cc" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\libring.Windows.vcxproj">
+      <Project>{f4c0a1b6-5e09-41c8-8242-3e1f6762fb18}</Project>
+    </ProjectReference>
+    <ProjectReference Include="..\test\test.Windows.vcxproj">
+      <Project>{1dace503-6498-492d-b1ff-f9ee18624443}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

data/vendor/ring/crypto/bytestring/bytestring_test.cc

@@ -0,0 +1,421 @@
+/* Copyright (c) 2014, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#if !defined(__STDC_CONSTANT_MACROS)
+#define __STDC_CONSTANT_MACROS
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <vector>
+
+#include <openssl/crypto.h>
+#include <openssl/bytestring.h>
+
+#include "internal.h"
+#include "../test/scoped_types.h"
+
+
+static bool TestGetASN1() {
+  static const uint8_t kData1[] = {0x30, 2, 1, 2};
+  static const uint8_t kData2[] = {0x30, 3, 1, 2};
+  static const uint8_t kData3[] = {0x30, 0x80};
+  static const uint8_t kData4[] = {0x30, 0x81, 1, 1};
+  static const uint8_t kData5[4 + 0x80] = {0x30, 0x82, 0, 0x80};
+
+  CBS data, contents;
+
+  CBS_init(&data, kData1, sizeof(kData1));
+  if (CBS_peek_asn1_tag(&data, 0x1) ||
+      !CBS_peek_asn1_tag(&data, 0x30)) {
+    return false;
+  }
+  if (!CBS_get_asn1(&data, &contents, 0x30) ||
+      CBS_len(&contents) != 2 ||
+      memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) {
+    return false;
+  }
+
+  CBS_init(&data, kData2, sizeof(kData2));
+  // data is truncated
+  if (CBS_get_asn1(&data, &contents, 0x30)) {
+    return false;
+  }
+
+  CBS_init(&data, kData3, sizeof(kData3));
+  // zero byte length of length
+  if (CBS_get_asn1(&data, &contents, 0x30)) {
+    return false;
+  }
+
+  CBS_init(&data, kData4, sizeof(kData4));
+  // long form mistakenly used.
+  if (CBS_get_asn1(&data, &contents, 0x30)) {
+    return false;
+  }
+
+  CBS_init(&data, kData5, sizeof(kData5));
+  // length takes too many bytes.
+  if (CBS_get_asn1(&data, &contents, 0x30)) {
+    return false;
+  }
+
+  CBS_init(&data, kData1, sizeof(kData1));
+  // wrong tag.
+  if (CBS_get_asn1(&data, &contents, 0x31)) {
+    return false;
+  }
+
+  CBS_init(&data, NULL, 0);
+  // peek at empty data.
+  if (CBS_peek_asn1_tag(&data, 0x30)) {
+    return false;
+  }
+
+  return true;
+}
+
+static bool TestCBBBasic() {
+  static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8};
+  uint8_t *buf;
+  size_t buf_len;
+  CBB cbb;
+
+  if (!CBB_init(&cbb, 100)) {
+    return false;
+  }
+  CBB_cleanup(&cbb);
+
+  if (!CBB_init(&cbb, 0)) {
+    return false;
+  }
+  if (!CBB_add_u8(&cbb, 1) ||
+      !CBB_add_u16(&cbb, 0x203) ||
+      !CBB_add_u24(&cbb, 0x40506) ||
+      !CBB_add_bytes(&cbb, (const uint8_t*) "\x07\x08", 2) ||
+      !CBB_finish(&cbb, &buf, &buf_len)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+
+  ScopedOpenSSLBytes scoper(buf);
+  return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0;
+}
+
+static bool TestCBBFixed() {
+  CBB cbb;
+  uint8_t buf[1];
+  uint8_t *out_buf;
+  size_t out_size;
+
+  if (!CBB_init_fixed(&cbb, NULL, 0) ||
+      CBB_add_u8(&cbb, 1) ||
+      !CBB_finish(&cbb, &out_buf, &out_size) ||
+      out_buf != NULL ||
+      out_size != 0) {
+    return false;
+  }
+
+  if (!CBB_init_fixed(&cbb, buf, 1) ||
+      !CBB_add_u8(&cbb, 1) ||
+      CBB_add_u8(&cbb, 2) ||
+      !CBB_finish(&cbb, &out_buf, &out_size) ||
+      out_buf != buf ||
+      out_size != 1 ||
+      buf[0] != 1) {
+    return false;
+  }
+
+  return true;
+}
+
+static bool TestCBBFinishChild() {
+  CBB cbb, child;
+  uint8_t *out_buf;
+  size_t out_size;
+
+  if (!CBB_init(&cbb, 16)) {
+    return false;
+  }
+  if (!CBB_add_u8_length_prefixed(&cbb, &child) ||
+      CBB_finish(&child, &out_buf, &out_size) ||
+      !CBB_finish(&cbb, &out_buf, &out_size)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+  ScopedOpenSSLBytes scoper(out_buf);
+  return out_size == 1 && out_buf[0] == 0;
+}
+
+static bool TestCBBPrefixed() {
+  static const uint8_t kExpected[] = {0, 1, 1, 0, 2, 2, 3, 0, 0, 3,
+                                      4, 5, 6, 5, 4, 1, 0, 1, 2};
+  uint8_t *buf;
+  size_t buf_len;
+  CBB cbb, contents, inner_contents, inner_inner_contents;
+
+  if (!CBB_init(&cbb, 0)) {
+    return false;
+  }
+  if (!CBB_add_u8_length_prefixed(&cbb, &contents) ||
+      !CBB_add_u8_length_prefixed(&cbb, &contents) ||
+      !CBB_add_u8(&contents, 1) ||
+      !CBB_add_u16_length_prefixed(&cbb, &contents) ||
+      !CBB_add_u16(&contents, 0x203) ||
+      !CBB_add_u24_length_prefixed(&cbb, &contents) ||
+      !CBB_add_u24(&contents, 0x40506) ||
+      !CBB_add_u8_length_prefixed(&cbb, &contents) ||
+      !CBB_add_u8_length_prefixed(&contents, &inner_contents) ||
+      !CBB_add_u8(&inner_contents, 1) ||
+      !CBB_add_u16_length_prefixed(&inner_contents, &inner_inner_contents) ||
+      !CBB_add_u8(&inner_inner_contents, 2) ||
+      !CBB_finish(&cbb, &buf, &buf_len)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+
+  ScopedOpenSSLBytes scoper(buf);
+  return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0;
+}
+
+static bool TestCBBMisuse() {
+  CBB cbb, child, contents;
+  uint8_t *buf;
+  size_t buf_len;
+
+  if (!CBB_init(&cbb, 0)) {
+    return false;
+  }
+  if (!CBB_add_u8_length_prefixed(&cbb, &child) ||
+      !CBB_add_u8(&child, 1) ||
+      !CBB_add_u8(&cbb, 2)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+
+  // Since we wrote to |cbb|, |child| is now invalid and attempts to write to
+  // it should fail.
+  if (CBB_add_u8(&child, 1) ||
+      CBB_add_u16(&child, 1) ||
+      CBB_add_u24(&child, 1) ||
+      CBB_add_u8_length_prefixed(&child, &contents) ||
+      CBB_add_u16_length_prefixed(&child, &contents) ||
+      CBB_add_asn1(&child, &contents, 1) ||
+      CBB_add_bytes(&child, (const uint8_t*) "a", 1)) {
+    fprintf(stderr, "CBB operation on invalid CBB did not fail.\n");
+    CBB_cleanup(&cbb);
+    return false;
+  }
+
+  if (!CBB_finish(&cbb, &buf, &buf_len)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+  ScopedOpenSSLBytes scoper(buf);
+
+  if (buf_len != 3 ||
+      memcmp(buf, "\x01\x01\x02", 3) != 0) {
+    return false;
+  }
+  return true;
+}
+
+static bool TestCBBASN1() {
+  static const uint8_t kExpected[] = {0x30, 3, 1, 2, 3};
+  uint8_t *buf;
+  size_t buf_len;
+  CBB cbb, contents, inner_contents;
+
+  if (!CBB_init(&cbb, 0)) {
+    return false;
+  }
+  if (!CBB_add_asn1(&cbb, &contents, 0x30) ||
+      !CBB_add_bytes(&contents, (const uint8_t*) "\x01\x02\x03", 3) ||
+      !CBB_finish(&cbb, &buf, &buf_len)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+  ScopedOpenSSLBytes scoper(buf);
+
+  if (buf_len != sizeof(kExpected) || memcmp(buf, kExpected, buf_len) != 0) {
+    return false;
+  }
+
+  std::vector<uint8_t> test_data(100000, 0x42);
+
+  if (!CBB_init(&cbb, 0)) {
+    return false;
+  }
+  if (!CBB_add_asn1(&cbb, &contents, 0x30) ||
+      !CBB_add_bytes(&contents, test_data.data(), 130) ||
+      !CBB_finish(&cbb, &buf, &buf_len)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+  scoper.reset(buf);
+
+  if (buf_len != 3 + 130 ||
+      memcmp(buf, "\x30\x81\x82", 3) != 0 ||
+      memcmp(buf + 3, test_data.data(), 130) != 0) {
+    return false;
+  }
+
+  if (!CBB_init(&cbb, 0)) {
+    return false;
+  }
+  if (!CBB_add_asn1(&cbb, &contents, 0x30) ||
+      !CBB_add_bytes(&contents, test_data.data(), 1000) ||
+      !CBB_finish(&cbb, &buf, &buf_len)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+  scoper.reset(buf);
+
+  if (buf_len != 4 + 1000 ||
+      memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 ||
+      memcmp(buf + 4, test_data.data(), 1000)) {
+    return false;
+  }
+
+  if (!CBB_init(&cbb, 0)) {
+    return false;
+  }
+  if (!CBB_add_asn1(&cbb, &contents, 0x30) ||
+      !CBB_add_asn1(&contents, &inner_contents, 0x30) ||
+      !CBB_add_bytes(&inner_contents, test_data.data(), 100000) ||
+      !CBB_finish(&cbb, &buf, &buf_len)) {
+    CBB_cleanup(&cbb);
+    return false;
+  }
+  scoper.reset(buf);
+
+  if (buf_len != 5 + 5 + 100000 ||
+      memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 ||
+      memcmp(buf + 10, test_data.data(), 100000)) {
+    return false;
+  }
+
+  return true;
+}
+
+struct ASN1Uint64Test {
+  uint64_t value;
+  const char *encoding;
+  size_t encoding_len;
+};
+
+static const ASN1Uint64Test kASN1Uint64Tests[] = {
+    {0, "\x02\x01\x00", 3},
+    {1, "\x02\x01\x01", 3},
+    {127, "\x02\x01\x7f", 3},
+    {128, "\x02\x02\x00\x80", 4},
+    {0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7},
+    {UINT64_C(0x0102030405060708),
+     "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10},
+    {UINT64_C(0xffffffffffffffff),
+      "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11},
+};
+
+struct ASN1InvalidUint64Test {
+  const char *encoding;
+  size_t encoding_len;
+};
+
+static const ASN1InvalidUint64Test kASN1InvalidUint64Tests[] = {
+    // Bad tag.
+    {"\x03\x01\x00", 3},
+    // Empty contents.
+    {"\x02\x00", 2},
+    // Negative number.
+    {"\x02\x01\x80", 3},
+    // Overflow.
+    {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
+    // Leading zeros.
+    {"\x02\x02\x00\x01", 4},
+};
+
+static bool TestASN1Uint64() {
+  for (size_t i = 0; i < sizeof(kASN1Uint64Tests) / sizeof(kASN1Uint64Tests[0]);
+       i++) {
+    const ASN1Uint64Test *test = &kASN1Uint64Tests[i];
+    CBS cbs;
+    uint64_t value;
+    CBB cbb;
+    uint8_t *out;
+    size_t len;
+
+    CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len);
+    if (!CBS_get_asn1_uint64(&cbs, &value) ||
+        CBS_len(&cbs) != 0 ||
+        value != test->value) {
+      return false;
+    }
+
+    if (!CBB_init(&cbb, 0)) {
+      return false;
+    }
+    if (!CBB_add_asn1_uint64(&cbb, test->value) ||
+        !CBB_finish(&cbb, &out, &len)) {
+      CBB_cleanup(&cbb);
+      return false;
+    }
+    ScopedOpenSSLBytes scoper(out);
+    if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) {
+      return false;
+    }
+  }
+
+  for (size_t i = 0;
+       i < sizeof(kASN1InvalidUint64Tests) / sizeof(kASN1InvalidUint64Tests[0]);
+       i++) {
+    const ASN1InvalidUint64Test *test = &kASN1InvalidUint64Tests[i];
+    CBS cbs;
+    uint64_t value;
+
+    CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len);
+    if (CBS_get_asn1_uint64(&cbs, &value)) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+static int TestZero() {
+  CBB cbb;
+  CBB_zero(&cbb);
+  // Calling |CBB_cleanup| on a zero-state |CBB| must not crash.
+  CBB_cleanup(&cbb);
+  return 1;
+}
+
+int main(void) {
+  CRYPTO_library_init();
+
+  if (!TestGetASN1() ||
+      !TestCBBBasic() ||
+      !TestCBBFixed() ||
+      !TestCBBFinishChild() ||
+      !TestCBBMisuse() ||
+      !TestCBBPrefixed() ||
+      !TestCBBASN1() ||
+      !TestASN1Uint64() ||
+      !TestZero()) {
+    return 1;
+  }
+
+  return 0;
+}