PiperOrigin-RevId: 238430863
GitOrigin-RevId: e1987ad427992c7e94325bc417e7efafb600de97

PiperOrigin-RevId: 238424122
GitOrigin-RevId: e3850c2a7efb4b5ae1673260d681f53177943c2c

PiperOrigin-RevId: 237213662
GitOrigin-RevId: e9669e35823bb3b06092a5812e2a461f4aa026c2

PiperOrigin-RevId: 236120306
GitOrigin-RevId: f4c68a4c78bff1e0f210916efb62110c731b1cb8

PiperOrigin-RevId: 236118327
GitOrigin-RevId: 9195d1152405a7ca40a94df7276f5b9f25e04af7

PiperOrigin-RevId: 236110230
GitOrigin-RevId: 89396bfa7dd35a3955ac8eeed6c25fecc9a3bd11

NOKEYCHECK=True
PiperOrigin-RevId: 234869572
GitOrigin-RevId: 6ca4bf591b4ea1ae7e06ca0e0dfccde57b8906a1

PiperOrigin-RevId: 234120525
GitOrigin-RevId: 31e937ad206ebf99b42a0b2a7d4ed63f903f4cfc

PiperOrigin-RevId: 233627889
GitOrigin-RevId: 0d4400a0e11d02551d976ad3de239f4144eb55aa

PiperOrigin-RevId: 233509988
GitOrigin-RevId: 328c5111eca01b96f8af29d518e2c33c16b26042

PiperOrigin-RevId: 232526481
GitOrigin-RevId: 1c760965083c4df78332634794bb90e241be0f6a

PiperOrigin-RevId: 231774709
GitOrigin-RevId: d2342a02ac016a6ede43cd8228f80395d52c71cb

PiperOrigin-RevId: 231768956
GitOrigin-RevId: e1bdee9ed2b15a98a25fb5d911953e07e56812ef

PiperOrigin-RevId: 230899006
GitOrigin-RevId: 9f39dacabc3ee7197fa02fa5e259eb9675595bb0

PiperOrigin-RevId: 229376687
GitOrigin-RevId: d96e0edba430213583ee577c566332e2bfe4f952

PiperOrigin-RevId: 228688688
GitOrigin-RevId: e5f552ff01ae5910cd7ac4bd29c94ae61f3c5eb6

PiperOrigin-RevId: 228479368
GitOrigin-RevId: fc77779c849697b7929c31bb3430ae9f45a5cdbd

PiperOrigin-RevId: 222059710
GitOrigin-RevId: aa17789b4100c36e92cae877ef0155de290471d5

Since AES-GCM-SIV is nonce-misuse resistant, this encryption mode
could also be used in situations where the nonce is user provided.
However, because of lack of concrete use cases this is currently not
implemented.

PiperOrigin-RevId: 222051134
GitOrigin-RevId: 353fc02f64accde521a98bb7d774b8e1b015d275

Doing so indicates that the failure is non-retriable (unlike INTERNAL), and not a mystery (unlike UNKNOWN).

PiperOrigin-RevId: 217432987
GitOrigin-RevId: ffcac9744a4d5cbfa686270d52c95c62ef532678

PiperOrigin-RevId: 216478382
GitOrigin-RevId: eeef80b7c32f683ed1934770abc496b692dbb58f

PiperOrigin-RevId: 216322480
GitOrigin-RevId: cbc56e0c821af10af86a7fee66b455f1b9bf6ea2

Key Transparency gets keys in DER format, which can be easily deserialized into an EC_KEY. Extracting the curve and x,y points to make an EcKey struct which will then be converted back to an EC_KEY seemed unnecessary.

PiperOrigin-RevId: 215790073
GitOrigin-RevId: 55ec839d1cf516c8ab7ba9461d854b542643bc16

PiperOrigin-RevId: 215715293
GitOrigin-RevId: 80e07d9c0b633860f95c31e45d8d8deb26bf8353

PiperOrigin-RevId: 215708241
GitOrigin-RevId: b596f3df1821ab588e144bbd47790cda3fcf082a

PiperOrigin-RevId: 215393164
GitOrigin-RevId: 4722ec1d886d61a86a9f0624d3f64425768fe473

(it's #ifdef'ed out in aes_eax_aesni_test.{c,h} so test doesn't compile)

PiperOrigin-RevId: 214917122
GitOrigin-RevId: 434d8966fbf9c66c632c375c7fe8cc8e015aa48a

Move GetInteger to WycheproofUtil to prevent duplicate code.

PiperOrigin-RevId: 214674978
GitOrigin-RevId: 9c45beb794bbbf5e75e4f753a5121a238928799f

Rename subtle's sig_hash to hash_type to be consistent with protocol buffer.

PiperOrigin-RevId: 213834218
GitOrigin-RevId: 96efe6bf38f797e2d01091c7d6cb498a397b1aae

Our tests are linked with gunit_main (or gunit_main_no_google3), which means that main is already defined in another translation unit. Having two main functions violates ODR and hence can result in undefined behavior.

There is no need to fear losing tests. If a build system tries to run a test and there is no main function, then it will fail. Hence, i cannot see a way for this to stop testing a test.

PiperOrigin-RevId: 213593596
GitOrigin-RevId: 1fd8b2dcc18d24901d77170082587557cc5303e3

PiperOrigin-RevId: 213049325
GitOrigin-RevId: 87533b41a95cd0dcef5d1d29d285e6fe14103cb1

The implementation uses old OpenSSL interfaces for AES.
I haven't found a good way to use newer ones.
Possibly, it is easier to just rewrite the code with intrinsics.

PiperOrigin-RevId: 212435613
GitOrigin-RevId: 6176b392469957303d3ebb34af794d422f5f34df

EVP_CIPHER is the legacy OpenSSL API that's kind of a disaster, hence recent
issues around null pointers and the like. New code should be written against
EVP_AEAD which is much more sensible. Notably, this file is about half as long
now.

On top of things, this should be more efficient as it allows BoringSSL to reuse
the AES key schedule. (EVP_AEAD_CTX is immutable after initialization. It can
used multiple times or concurrently or whatever.)

PiperOrigin-RevId: 211020450
GitOrigin-RevId: 0734d56e3432c24e9e75e78accefd6ae36eb9be4

PiperOrigin-RevId: 210115829
GitOrigin-RevId: 5471228a7b79b4031942edfe9f56627bbd764df6

PiperOrigin-RevId: 209964963
GitOrigin-RevId: df4cd1de59380a7098bb0b887bdb60a672db44f3

PiperOrigin-RevId: 209232529
GitOrigin-RevId: 10d4ab77b7cba897908310a5def7252563574318

PiperOrigin-RevId: 209036221
GitOrigin-RevId: a6366505feef699fe29905c07b38e03b0b470432

This fixes a "bug": not a real one, but still a bit of a bug: if generated_keys.size() is 0, "generated_keys.size() - 1" is 2^64-1 or so.

PiperOrigin-RevId: 208970206
GitOrigin-RevId: 27ed0d8e1cbf9b8793b4c68b5b5f6973fda798c5

PiperOrigin-RevId: 208416455
GitOrigin-RevId: 0116f376a20d3375a60e86576337dd4cbf767698

This will be used later to at least test the RsaSignBoringSSL class.

PiperOrigin-RevId: 208055588
GitOrigin-RevId: 5db7533b333088b10bb8d22656c6aad4114da005