We will migrate the test in an upcoming cl.

PiperOrigin-RevId: 263749532

PiperOrigin-RevId: 263748450

PiperOrigin-RevId: 263722626

This function has the contract that it doesn't need to initialize the string when resizing. At the moment, the only implementation we have is the one which does the additional work of actually resizing the string.

PiperOrigin-RevId: 263559220

With the KeyTypeManager we can now test individual functions easily, so I'll do that here.

PiperOrigin-RevId: 263558445

We also replace some memcpy instances with string operations. Context on the string replacement: cl/263529237

PiperOrigin-RevId: 263557252

In an earlier change I used string::replace, but looking at the string::replace API it feels that it is a little bit weird. Let's try to avoid it.

PiperOrigin-RevId: 263549047

PiperOrigin-RevId: 263531796

We will migrate the test in an upcoming cl.

PiperOrigin-RevId: 263530089

This removes one string copy from both encryption and decryption. When doing this, we need to ensure that we can write in the buffer underlying the string. The C++11 standard states in the relevant section 21.4.5: Returns: *(begin() + pos) if pos < size(), otherwise a reference to an object of type T with value charT(); the referenced value shall not be modified."

This is somewhat unclear: should the referenced value only not be modified in case pos = size() -- which would be a natural restriction, or should the referenced value never be modified (which would mean that string a; a[1] = 'a'; is already UB).

The second interpretation seems outrageous, and C++14 clarifies it, apparently: "operator[]: returns *(begin() + pos) if pos < size(). Otherwise, returns a reference to an object of type charT with value charT(), where modifying the object leads to undefined behavior."

I think the intention of the standard is that this works, and furthermore, I don't believe that any compiler will break this in C++11.

PiperOrigin-RevId: 263529237

Delete uses of goog.isDefAndNotNull, goog.isDef, goog.isNull, goog.isString, goog.isBoolean, and goog.isNumber.

PiperOrigin-RevId: 263407097

PiperOrigin-RevId: 263368093

We will migrate the test in an upcoming cl.

PiperOrigin-RevId: 263347373

PiperOrigin-RevId: 263318645

PiperOrigin-RevId: 263313121

Like in the corresponding commit pr/c6394fff for Tink Status, We guard it with a "#ifndef CPP_TINK_TEMPORARY_STATUS_MUST_NOT_USE_RESULT", so that users can disable this if necessary.

Note that this also only can break the build for users which compile with both -Werror and -Wunused-result -- so another option for users to disable this is to remove -Wunused-result temporarily.

PiperOrigin-RevId: 263311358

PiperOrigin-RevId: 263309980

PiperOrigin-RevId: 263300817

PiperOrigin-RevId: 263297547

Remove the function getEncryptedSegments() from the StreamSegmentEncrypter, and add overflow protection in AesGcmHkdfStreaming. Also, use a new specialized function putAsUnsignedInt to make sure that negative numbers are treated correctly -- the implementation is trivial, but the fact that it works requires some deep knowledge, so I'd rather just add a test.

PiperOrigin-RevId: 263127232

PiperOrigin-RevId: 263120938

PiperOrigin-RevId: 263109082

PiperOrigin-RevId: 263106297

PiperOrigin-RevId: 263101343

Split the cmake presubmit/postsubmit script into two parts. In the presubmit one, only run the unit tests.

This should make the CMake presubmit tests quick enough that we can make them blocking for submit.

PiperOrigin-RevId: 263096295

We guard it with a "#ifndef CPP_TINK_TEMPORARY_STATUS_MUST_NOT_USE_RESULT", so that users can disable this if necessary.

Note that this also only can break the build for users which compile with both -Werror and -Wunused-result -- so another option for users to disable this is to remove -Wunused-result temporarily.

PiperOrigin-RevId: 263090014

PiperOrigin-RevId: 262922614

Add methods HybridTestUtil which allow encrypting then decrypting with a Hybrid{En,De}crypt. This is sometimes useful in tests (you can easily check if two objects fit together.

PiperOrigin-RevId: 262898879

PiperOrigin-RevId: 262647886

PiperOrigin-RevId: 262557105

PiperOrigin-RevId: 262528850

PiperOrigin-RevId: 262516706

PiperOrigin-RevId: 262511503

This was forgotten in a previous cl.

PiperOrigin-RevId: 262357462

We changed the segment size validation in all Tink streaming keys such that the first block always needs to have room for at least 1 byte of ciphertext. Previously it was not consistent. The decision whether to allow empty ciphertexts in the first segment is somewhat arbitrary, but it should be consistent everywhere.

PiperOrigin-RevId: 262315914

We previously used passed an owned raw pointer from registry.h to registry_impl.h, because this makes it possible to infer template parameters (which doesn't work with unique pointers). However, it is better to instead specify the parameters explicitly, which is easiest if we add typedefs to the KeyTypeManager class.

This will also be useful elsewhere (to create [1] automatically).

PiperOrigin-RevId: 262295924

PiperOrigin-RevId: 262222179

These are the fixes in *non-test-code* needed in order to annotate our Status object with ABSL_MUST_USE_RESULT.

Note that most of these cannot trigger anyhow, so nothing bad is uncovered.

PiperOrigin-RevId: 262129168

PiperOrigin-RevId: 261922099