ring-native 0.0.0

data/vendor/ring/mk/travis.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+#
+# Copyright 2015 Brian Smith.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND AND THE AUTHORS DISCLAIM ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+set -eux -o pipefail
+IFS=$'\n\t'
+
+printenv
+$CC_X --version
+$CXX_X --version
+make --version
+
+cargo version
+rustc --version
+
+if [[ "$MODE_X" == "RELWITHDEBINFO" ]]; then mode=--release; fi
+
+# TODO: Add --target $TARGET_X.
+
+CC=$CC_X CXX=$CXX_X cargo build -j2 ${mode-} --verbose
+
+CC=$CC_X CXX=$CXX_X cargo test -j2 ${mode-} --verbose
+
+CC=$CC_X CXX=$CXX_X cargo doc --verbose
+
+CC=$CC_X CXX=$CXX_X cargo clean --verbose
+
+echo end of mk/travis.sh

data/vendor/ring/mk/update-travis-yml.py

@@ -0,0 +1,229 @@
+# Run this as "python mk/update-travis-yml.py"
+
+# Copyright 2015 Brian Smith.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND BRIAN SMITH AND THE AUTHORS DISCLAIM
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL BRIAN SMITH OR THE AUTHORS
+# BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
+# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+# AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+import re
+import shutil
+
+latest_clang = "clang-3.8"
+
+rusts = [
+    "stable",
+    "nightly",
+    "beta",
+]
+
+linux_compilers = [
+    # Pre-release of clang.
+    "clang-3.8",
+
+    # Newest clang and GCC.
+    "clang-3.7",
+    "gcc-5",
+
+    # All other clang versions, newest to oldest.
+    "clang-3.6",
+    "clang-3.4",
+
+    # All other GCC versions, newest to oldest.
+    "gcc-4.9",
+    "gcc-4.8",
+]
+
+osx_compilers = [
+     "clang",
+]
+
+compilers = {
+    "linux" : linux_compilers,
+    "osx" : osx_compilers,
+}
+
+modes = [
+    "DEBUG",
+    "RELWITHDEBINFO"
+]
+
+# Mac OS X is first because we don't want to have to wait until all the Linux
+# configurations have been built to find out that there is a failure on Mac.
+oss = [
+    "osx",
+    "linux",
+]
+
+targets = {
+    "osx" : [
+        "x86_64-apple-darwin",
+        "i586-apple-darwin",
+    ],
+    "linux" : [
+        "x86_64-pc-linux-gnu",
+        "i586-pc-linux-gnu",
+    ],
+}
+
+def format_entries():
+    return "\n".join([format_entry(os, target, compiler, rust, mode)
+                      for rust in rusts
+                      for os in oss
+                      for compiler in compilers[os]
+                      for target in targets[os]
+                      for mode in modes
+                      # XXX: 32-bit GCC 4.9 does not work because Travis does
+                      # not have g++-4.9-multilib whitelisted for use.
+                      if (not (compiler == "gcc-4.9" and
+                               target == "i586-pc-linux-gnu"))])
+
+# We use alternative names (the "_X" suffix) so that, in mk/travis.sh, we can
+# enure that we set the specific variables we want and that no relevant
+# variables are unintentially inherited into the build process. Also, we have
+# to set |USE_CC| and |USE_CXX| instead of |CC| and |CXX| since Travis sets
+# |CC| and |CXX| to their default values *after* processing the |env:|
+# directive here. Also, we keep these variable names short so that the env
+# line does not get cut off in the Travis CI UI.
+entry_template = """
+    - env: TARGET_X=%(target)s CC_X=%(cc)s CXX_X=%(cxx)s MODE_X=%(mode)s
+      rust: %(rust)s
+      os: %(os)s"""
+
+entry_packages_template = """
+      addons:
+        apt:
+          packages:
+            %(packages)s"""
+
+entry_sources_template = """
+          sources:
+            %(sources)s"""
+
+def format_entry(os, target, compiler, rust, mode):
+    target_words = target.split("-")
+    arch = target_words[0]
+    vendor = target_words[1]
+    sys = target_words[2]
+
+    def prefix_all(prefix, xs):
+        return [prefix + x for x in xs]
+
+    template = entry_template
+
+    if sys == "linux":
+        packages = sorted(get_linux_packages_to_install(compiler, arch))
+        sources_with_dups = sum([get_sources_for_package(p) for p in packages],[])
+        sources = sorted(list(set(sources_with_dups)))
+        if packages:
+            template += entry_packages_template
+        if sources:
+            template += entry_sources_template
+    else:
+        packages = []
+        sources = []
+
+    cc = get_cc(sys, compiler)
+    cxx = replace_cc_with_cxx(sys, compiler)
+
+    return template % {
+            "cc" : cc,
+            "cxx" : cxx,
+            "mode" : mode,
+            "packages" : "\n            ".join(prefix_all("- ", packages)),
+            "rust" : rust,
+            "sources" : "\n            ".join(prefix_all("- ", sources)),
+            "target" : target,
+            "os" : os,
+            }
+
+def get_linux_packages_to_install(compiler, arch):
+    # clang 3.4 is already installed
+    if compiler == "clang-3.4":
+        packages = []
+    elif compiler.startswith("clang-"):
+        packages = [compiler]
+    elif compiler.startswith("gcc-"):
+        packages = [compiler, replace_cc_with_cxx("linux", compiler)]
+    else:
+        raise ValueError("unexpected compiler: %s" % compiler)
+
+    if arch == "i586":
+        if compiler.startswith("clang-"):
+            packages += ["libc6-dev-i386",
+                         "gcc-multilib",
+                         "g++-multilib"]
+        elif compiler.startswith("gcc-"):
+            packages += [compiler + "-multilib",
+                         replace_cc_with_cxx("linux", compiler) + "-multilib",
+                         "linux-libc-dev:i386"]
+        else:
+            raise ValueError("unexpected compiler: %s" % compiler)
+    elif arch == "x86_64":
+        pass
+    else:
+        raise ValueError("unexpected arch: %s" % arch)
+
+    packages.append("yasm")
+
+    return packages
+
+def get_sources_for_package(package):
+    # Packages in the default repo.
+    if package in ["yasm"]:
+        return []
+
+    ubuntu_toolchain = "ubuntu-toolchain-r-test"
+    if package.startswith("clang-"):
+        if package == latest_clang:
+            llvm_toolchain = "llvm-toolchain-precise"
+        else:
+            _, version = package.split("-")
+            llvm_toolchain = "llvm-toolchain-precise-%s" % version
+
+        # Stuff in llvm-toolchain-precise depends on stuff in the toolchain
+        # packages.
+        return [llvm_toolchain, ubuntu_toolchain]
+    else:
+        return [ubuntu_toolchain]
+
+def get_cc(sys, compiler):
+    if sys == "linux" and compiler == "clang-3.4":
+        return "clang"
+
+    return compiler
+
+def replace_cc_with_cxx(sys, compiler):
+    return get_cc(sys, compiler) \
+               .replace("gcc", "g++") \
+               .replace("clang", "clang++")
+
+def main():
+    # Make a backup of the file we are about to update.
+    shutil.copyfile(".travis.yml", ".travis.yml~")
+    with open(".travis.yml", "r+b") as file:
+        begin = "    # BEGIN GENERATED\n"
+        end = "    # END GENERATED\n"
+        old_contents = file.read()
+        new_contents = re.sub("%s(.*?)\n[ ]*%s" % (begin, end),
+                              "".join([begin, format_entries(), "\n\n", end]),
+                              old_contents, flags=re.S)
+        if old_contents == new_contents:
+            print "No changes"
+            return
+
+        file.seek(0)
+        file.write(new_contents)
+        file.truncate()
+        print new_contents
+
+if __name__ == '__main__':
+    main()

data/vendor/ring/ring.sln

@@ -0,0 +1,153 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.23107.0
+MinimumVisualStudioVersion = 12.0.21005.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libring.Windows", "crypto\libring.Windows.vcxproj", "{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Tests", "Tests", "{73F15439-77AE-4EA2-8CB7-D82876016316}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aes_test.Windows", "crypto\aes\aes_test.Windows.vcxproj", "{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bn_test.Windows", "crypto\bn\bn_test.Windows.vcxproj", "{06C8B12A-97C3-4326-B0AB-8C8004E94A76}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bytestring_test.Windows", "crypto\bytestring\bytestring_test.Windows.vcxproj", "{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ecdsa_test.Windows", "crypto\ecdsa\ecdsa_test.Windows.vcxproj", "{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gcm_test.Windows", "crypto\modes\gcm_test.Windows.vcxproj", "{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "poly1305_test.Windows", "crypto\poly1305\poly1305_test.Windows.vcxproj", "{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libring.test.Windows", "crypto\test\test.Windows.vcxproj", "{1DACE503-6498-492D-B1FF-F9EE18624443}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "constant_time_test.Windows", "crypto\constant_time_test.Windows.vcxproj", "{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "thread_test.Windows", "crypto\thread_test.Windows.vcxproj", "{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "refcount_test.Windows", "crypto\refcount_test.Windows.vcxproj", "{5C80997F-DB68-4996-BF6D-2B0EAF69D035}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_test.Windows", "crypto\rsa\rsa_test.Windows.vcxproj", "{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Debug|Win32.ActiveCfg = Debug|Win32
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Debug|Win32.Build.0 = Debug|Win32
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Debug|x64.ActiveCfg = Debug|x64
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Debug|x64.Build.0 = Debug|x64
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Release|Win32.ActiveCfg = Release|Win32
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Release|Win32.Build.0 = Release|Win32
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Release|x64.ActiveCfg = Release|x64
+		{F4C0A1B6-5E09-41C8-8242-3E1F6762FB18}.Release|x64.Build.0 = Release|x64
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Debug|Win32.Build.0 = Debug|Win32
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Debug|x64.ActiveCfg = Debug|x64
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Debug|x64.Build.0 = Debug|x64
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Release|Win32.ActiveCfg = Release|Win32
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Release|Win32.Build.0 = Release|Win32
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Release|x64.ActiveCfg = Release|x64
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7}.Release|x64.Build.0 = Release|x64
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Debug|Win32.ActiveCfg = Debug|Win32
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Debug|Win32.Build.0 = Debug|Win32
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Debug|x64.ActiveCfg = Debug|x64
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Debug|x64.Build.0 = Debug|x64
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Release|Win32.ActiveCfg = Release|Win32
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Release|Win32.Build.0 = Release|Win32
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Release|x64.ActiveCfg = Release|x64
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76}.Release|x64.Build.0 = Release|x64
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Debug|Win32.Build.0 = Debug|Win32
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Debug|x64.ActiveCfg = Debug|x64
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Debug|x64.Build.0 = Debug|x64
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Release|Win32.ActiveCfg = Release|Win32
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Release|Win32.Build.0 = Release|Win32
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Release|x64.ActiveCfg = Release|x64
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787}.Release|x64.Build.0 = Release|x64
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Debug|Win32.Build.0 = Debug|Win32
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Debug|x64.ActiveCfg = Debug|x64
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Debug|x64.Build.0 = Debug|x64
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Release|Win32.ActiveCfg = Release|Win32
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Release|Win32.Build.0 = Release|Win32
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Release|x64.ActiveCfg = Release|x64
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20}.Release|x64.Build.0 = Release|x64
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Debug|Win32.Build.0 = Debug|Win32
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Debug|x64.ActiveCfg = Debug|x64
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Debug|x64.Build.0 = Debug|x64
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Release|Win32.ActiveCfg = Release|Win32
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Release|Win32.Build.0 = Release|Win32
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Release|x64.ActiveCfg = Release|x64
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74}.Release|x64.Build.0 = Release|x64
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Debug|Win32.ActiveCfg = Debug|Win32
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Debug|Win32.Build.0 = Debug|Win32
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Debug|x64.ActiveCfg = Debug|x64
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Debug|x64.Build.0 = Debug|x64
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Release|Win32.ActiveCfg = Release|Win32
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Release|Win32.Build.0 = Release|Win32
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Release|x64.ActiveCfg = Release|x64
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6}.Release|x64.Build.0 = Release|x64
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Debug|Win32.Build.0 = Debug|Win32
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Debug|x64.ActiveCfg = Debug|x64
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Debug|x64.Build.0 = Debug|x64
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Release|Win32.ActiveCfg = Release|Win32
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Release|Win32.Build.0 = Release|Win32
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Release|x64.ActiveCfg = Release|x64
+		{1DACE503-6498-492D-B1FF-F9EE18624443}.Release|x64.Build.0 = Release|x64
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Debug|Win32.Build.0 = Debug|Win32
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Debug|x64.ActiveCfg = Debug|x64
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Debug|x64.Build.0 = Debug|x64
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Release|Win32.ActiveCfg = Release|Win32
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Release|Win32.Build.0 = Release|Win32
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Release|x64.ActiveCfg = Release|x64
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0}.Release|x64.Build.0 = Release|x64
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Debug|Win32.ActiveCfg = Debug|Win32
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Debug|Win32.Build.0 = Debug|Win32
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Debug|x64.ActiveCfg = Debug|x64
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Debug|x64.Build.0 = Debug|x64
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Release|Win32.ActiveCfg = Release|Win32
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Release|Win32.Build.0 = Release|Win32
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Release|x64.ActiveCfg = Release|x64
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19}.Release|x64.Build.0 = Release|x64
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Debug|Win32.ActiveCfg = Debug|Win32
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Debug|Win32.Build.0 = Debug|Win32
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Debug|x64.ActiveCfg = Debug|x64
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Debug|x64.Build.0 = Debug|x64
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Release|Win32.ActiveCfg = Release|Win32
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Release|Win32.Build.0 = Release|Win32
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Release|x64.ActiveCfg = Release|x64
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035}.Release|x64.Build.0 = Release|x64
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Debug|Win32.Build.0 = Debug|Win32
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Debug|x64.ActiveCfg = Debug|x64
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Debug|x64.Build.0 = Debug|x64
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Release|Win32.ActiveCfg = Release|Win32
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Release|Win32.Build.0 = Release|Win32
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Release|x64.ActiveCfg = Release|x64
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D}.Release|x64.Build.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{1C3071CC-26DA-4790-B48A-3936DDD0E7E7} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{06C8B12A-97C3-4326-B0AB-8C8004E94A76} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{8B0DEF57-6FC5-404F-A1D0-A8FC0FCAD787} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{8ECBC55D-D42D-40AA-9ACF-EDE67739EE20} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{A8616FF5-8273-4C80-8BF0-1785D8E1DF74} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{CD0F021B-E347-4CCA-B5B7-CD1F757E15D6} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{1DACE503-6498-492D-B1FF-F9EE18624443} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{C8E7CDAF-3953-48E8-95F2-97DAC472E2E0} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{52C6E909-4E56-4329-8B99-E1B5C2E1FB19} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{5C80997F-DB68-4996-BF6D-2B0EAF69D035} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+		{F28F10A9-540F-4FC9-AD81-79E79F3FC73D} = {73F15439-77AE-4EA2-8CB7-D82876016316}
+	EndGlobalSection
+EndGlobal

data/vendor/ring/src/aead.rs

@@ -0,0 +1,682 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+//! Authenticated Encryption with Associated Data (AEAD).
+//!
+//! See [Authenticated encryption: relations among notions and analysis of the
+//! generic composition
+//! paradigm](http://www-cse.ucsd.edu/~mihir/papers/oem.html) for an
+//! introduction to the concept of AEADs.
+//!
+//! C analog: `openssl/aead.h`
+//!
+//! Go analog: [`crypto.cipher.AEAD`](https://golang.org/pkg/crypto/cipher/#AEAD)
+
+use std;
+use super::{c, ffi};
+
+/// A key for authenticating and decrypting (“opening”)
+/// AEAD-protected data.
+///
+/// C analog: `EVP_AEAD_CTX` with direction `evp_aead_open`
+///
+/// Go analog: [`crypto.cipher.AEAD`](https://golang.org/pkg/crypto/cipher/#AEAD)
+pub struct OpeningKey {
+    key: Key,
+}
+
+impl OpeningKey {
+    /// Create a new opening key.
+    ///
+    /// `key_bytes` must be exactly `algorithm.key_len` bytes long.
+    ///
+    /// C analogs: `EVP_AEAD_CTX_init_with_direction` with direction
+    ///            `evp_aead_open`, `EVP_AEAD_CTX_init`.
+    ///
+    /// Go analog: [`crypto.aes.NewCipher`](https://golang.org/pkg/crypto/aes/#NewCipher)
+    /// + [`crypto.cipher.NewGCM`](https://golang.org/pkg/crypto/cipher/#NewGCM)
+    #[inline]
+    pub fn new(algorithm: &'static Algorithm, key_bytes: &[u8])
+               -> Result<OpeningKey, ()> {
+        let mut key = OpeningKey {
+            key: Key {
+                algorithm: algorithm,
+                ctx_buf: [0; KEY_CTX_BUF_ELEMS]
+            }
+        };
+        try!(key.key.init(key_bytes));
+        Ok(key)
+    }
+
+    /// The key's AEAD algorithm.
+    ///
+    /// C analog: `EVP_AEAD_CTX.aead`
+    #[inline(always)]
+    pub fn algorithm(&self) -> &'static Algorithm { self.key.algorithm() }
+}
+
+/// Authenticates and decrypts (&ldquo;opens&rdquo;) data in place.
+///
+/// The input is `in_out[in_prefix_len..]`; i.e. the input is the part of
+/// `in_out` after the prefix. When `open` returns `Ok(out_len)`, the decrypted
+/// output is `in_out[0..out_len]`; i.e. the output has been written over the
+/// top of the prefix and the input. To put it a different way, the output
+/// overwrites the input, shifted by `in_prefix_len` bytes. To have the output
+/// overwrite the input without shifting, pass 0 as `in_prefix_len`. (The input
+/// and output buffers are expressed this way because Rust's type system does
+/// not allow us to have two slices, one mutable and one immutable, that
+/// reference overlapping memory.)
+///
+/// C analog: `EVP_AEAD_CTX_open`
+///
+/// Go analog: [`AEAD.Open`](https://golang.org/pkg/crypto/cipher/#AEAD)
+pub fn open_in_place(key: &OpeningKey, nonce: &[u8], in_prefix_len: usize,
+                     in_out: &mut [u8], ad: &[u8]) -> Result<usize, ()> {
+    if in_out.len() < in_prefix_len {
+        return Err(());
+    }
+    let ciphertext_len = in_out.len() - in_prefix_len;
+    // For AEADs where `max_overhead_len` == `tag_len`, this is the only check
+    // of plaintext_len that is needed. For AEADs where
+    // `max_overhead_len > tag_len`, this check isn't precise enough and the
+    // AEAD's `open` function will have to do an additional check.
+    if ciphertext_len < key.key.algorithm.tag_len {
+        return Err(());
+    }
+    unsafe {
+        key.key.open_or_seal_in_place(key.key.algorithm.open, nonce,
+                                      in_out[in_prefix_len..].as_ptr(),
+                                      in_out.len() - in_prefix_len, ad, in_out)
+    }
+}
+
+/// A key for encrypting and signing (&ldquo;sealing&rdquo;) data.
+///
+/// C analog: `EVP_AEAD_CTX` with direction `evp_aead_seal`.
+///
+/// Go analog: [`AEAD`](https://golang.org/pkg/crypto/cipher/#AEAD)
+pub struct SealingKey {
+    key: Key,
+}
+
+impl SealingKey {
+    /// C analogs: `EVP_AEAD_CTX_init_with_direction` with direction
+    ///            `evp_aead_seal`, `EVP_AEAD_CTX_init`.
+    ///
+    /// Go analog: [`crypto.aes.NewCipher`](https://golang.org/pkg/crypto/aes/#NewCipher)
+    /// + [`crypto.cipher.NewGCM`](https://golang.org/pkg/crypto/cipher/#NewGCM)
+    #[inline]
+    pub fn new(algorithm: &'static Algorithm, key_bytes: &[u8])
+               -> Result<SealingKey, ()> {
+        let mut key = SealingKey {
+            key: Key {
+                algorithm: algorithm,
+                ctx_buf: [0; KEY_CTX_BUF_ELEMS],
+            }
+        };
+        try!(key.key.init(key_bytes));
+        Ok(key)
+    }
+
+    /// The key's AEAD algorithm.
+    ///
+    /// C analog: `EVP_AEAD_CTX.aead`
+    #[inline(always)]
+    pub fn algorithm(&self) -> &'static Algorithm { self.key.algorithm() }
+}
+
+/// Encrypts and signs (&ldquo;seals&rdquo;) data in place.
+///
+/// `nonce` must be unique for every use of the key to seal data.
+///
+/// The input is `in_out[0..(in_out.len() - out_suffix_capacity]`; i.e. the
+/// input is the part of `in_out` that precedes the suffix. When `seal` returns
+/// `Ok(out_len)`, the encrypted and signed output is `in_out[0..out_len]`; i.e.
+/// the output has been written over input and at least part of the data
+/// reserved for the suffix. (This way the input and output buffers are
+/// expressed this way because Rust's type system does not allow us to have two
+/// slices, one mutable and one immutable, that reference overlapping memory.)
+///
+/// `out_suffix_capacity` must be at least `key.algorithm.max_overhead_len`.
+/// See also `MAX_OVERHEAD_LEN`.
+///
+/// `ad` is the additional authenticated data, if any.
+///
+/// C analog: `EVP_AEAD_CTX_seal`.
+///
+/// Go analog: [`AEAD.Seal`](https://golang.org/pkg/crypto/cipher/#AEAD)
+pub fn seal_in_place(key: &SealingKey, nonce: &[u8], in_out: &mut [u8],
+                     out_suffix_capacity: usize, ad: &[u8])
+                     -> Result<usize, ()> {
+    if in_out.len() < out_suffix_capacity ||
+       out_suffix_capacity < key.key.algorithm.max_overhead_len {
+        return Err(());
+    }
+    unsafe {
+        key.key.open_or_seal_in_place(key.key.algorithm.seal, nonce,
+                                      in_out.as_ptr(),
+                                      in_out.len() - out_suffix_capacity, ad,
+                                      in_out)
+    }
+}
+
+/// `OpeningKey` and `SealingKey` are type-safety wrappers around `Key`, which
+/// does all the actual work via the C AEAD interface.
+///
+/// C analog: `EVP_AEAD_CTX`
+struct Key {
+    ctx_buf: [u64; KEY_CTX_BUF_ELEMS],
+    algorithm: &'static Algorithm,
+}
+
+// TODO: Implement Drop for Key that zeroizes the key data?
+
+const KEY_CTX_BUF_ELEMS: usize = (KEY_CTX_BUF_LEN + 7) / 8;
+
+// Keep this in sync with `aead_aes_gcm_ctx` in e_aes.c.
+const KEY_CTX_BUF_LEN: usize = AES_KEY_BUF_LEN + GCM128_CONTEXT_BUF_LEN + 8;
+
+// Keep this in sync with `AES_KEY` in aes.h.
+const AES_KEY_BUF_LEN: usize = (4 * 4 * (AES_MAX_ROUNDS + 1)) + 8;
+
+// Keep this in sync with `AES_MAXNR` in aes.h.
+const AES_MAX_ROUNDS: usize = 14;
+
+// Keep this in sync with `gcm128_context` in gcm.h.
+const GCM128_CONTEXT_BUF_LEN: usize = (16 * 6) + (16 * 16) + (6 * 8);
+
+impl Key {
+    /// XXX: Assumes self.algorithm is already filled in.
+    ///
+    /// C analogs: `EVP_AEAD_CTX_init`, `EVP_AEAD_CTX_init_with_direction`
+    fn init(&mut self, key_bytes: &[u8]) -> Result<(), ()> {
+        if key_bytes.len() != self.algorithm.key_len {
+            return Err(());
+        }
+
+        ffi::map_bssl_result(unsafe {
+            (self.algorithm.init)(
+                    self.ctx_buf.as_mut_ptr(),
+                    std::mem::size_of::<[u64; KEY_CTX_BUF_ELEMS]>(),
+                    key_bytes.as_ptr(), key_bytes.len())
+        })
+    }
+
+    /// The key's AEAD algorithm.
+    #[inline(always)]
+    fn algorithm(&self) -> &'static Algorithm { self.algorithm }
+
+    unsafe fn open_or_seal_in_place(&self, open_or_seal_fn: OpenOrSealFn,
+                                    nonce: &[u8], in_ptr: *const u8,
+                                    in_len: usize, ad: &[u8], out: &mut [u8])
+                                    -> Result<usize, ()> {
+        debug_assert!(self.algorithm.max_overhead_len >= self.algorithm.tag_len);
+        if nonce.len() != self.algorithm.nonce_len {
+            return Err(()) // CIPHER_R_INVALID_NONCE_SIZE
+        }
+        let mut out_len: c::size_t = 0;
+        match (open_or_seal_fn)(self.ctx_buf.as_ptr(), out.as_mut_ptr(),
+                                &mut out_len, out.len(), nonce.as_ptr(), in_ptr,
+                                in_len, ad.as_ptr(), ad.len()) {
+            1 => Ok(out_len),
+            _ => {
+                // Follow BoringSSL's lead in zeroizing the output buffer on
+                // error just in case an application accidentally and wrongly
+                // fails to check whether an open or seal operation failed.
+                for b in out {
+                    *b = 0;
+                }
+                Err(())
+            }
+        }
+    }
+}
+
+/// An AEAD Algorithm.
+///
+/// C analog: `EVP_AEAD`
+///
+/// Go analog: [`crypto.cipher.AEAD`](https://golang.org/pkg/crypto/cipher/#AEAD)
+pub struct Algorithm {
+  // Keep the layout of this in sync with the layout of `EVP_AEAD`.
+
+  /// The length of the key.
+  ///
+  /// C analog: `EVP_AEAD_key_length`
+  pub key_len: usize,
+
+  /// The length of the nonces.
+  ///
+  /// C analog: `EVP_AEAD_nonce_length`
+  ///
+  /// Go analog: [`crypto.cipher.AEAD.NonceSize`](https://golang.org/pkg/crypto/cipher/#AEAD)
+  pub nonce_len: usize,
+
+  /// The maximum number of bytes that sealing operations may add to plaintexts.
+  /// See also `MAX_OVERHEAD_LEN`.
+  ///
+  /// C analog: `EVP_AEAD_max_overhead`
+  ///
+  /// Go analog: [`crypto.cipher.AEAD.Overhead`](https://golang.org/pkg/crypto/cipher/#AEAD)
+  pub max_overhead_len: usize,
+
+  /// The length of the authentication tags or MACs.
+  ///
+  /// Use `max_overhead_len` or `MAX_OVERHEAD_LEN` when sizing buffers for
+  /// sealing operations.
+  ///
+  /// C analog: `EVP_AEAD_tag_len`
+  pub tag_len: usize,
+
+  init: unsafe extern fn(ctx_buf: *mut u64, ctx_buf_len: c::size_t,
+                         key: *const u8, key_len: c::size_t) -> c::int,
+
+  seal: OpenOrSealFn,
+  open: OpenOrSealFn,
+}
+
+const AES_128_KEY_LEN: usize = 128 / 8;
+const AES_256_KEY_LEN: usize = 32; // 256 / 8
+const AES_GCM_NONCE_LEN: usize = 96 / 8;
+const AES_GCM_TAG_LEN: usize = 128 / 8;
+
+const CHACHA20_KEY_LEN: usize = 32; // 256 / 8
+const POLY1305_TAG_LEN: usize = 128 / 8;
+
+/// The maximum value of `Algorithm.max_overhead_len` for the algorithms in
+/// this module.
+pub const MAX_OVERHEAD_LEN: usize = AES_GCM_TAG_LEN;
+
+/// AES-128 in GCM mode with 128-bit tags and 96 bit nonces.
+///
+/// C analog: `EVP_aead_aes_128_gcm`
+///
+/// Go analog: [`crypto.aes`](https://golang.org/pkg/crypto/aes/)
+pub static AES_128_GCM: Algorithm = Algorithm {
+    key_len: AES_128_KEY_LEN,
+    nonce_len: AES_GCM_NONCE_LEN,
+    max_overhead_len: AES_GCM_TAG_LEN,
+    tag_len: AES_GCM_TAG_LEN,
+    init: evp_aead_aes_gcm_init,
+    seal: evp_aead_aes_gcm_seal,
+    open: evp_aead_aes_gcm_open,
+};
+
+/// AES-256 in GCM mode with 128-bit tags and 96 bit nonces.
+///
+/// C analog: `EVP_aead_aes_256_gcm`
+///
+/// Go analog: [`crypto.aes`](https://golang.org/pkg/crypto/aes/)
+pub static AES_256_GCM: Algorithm = Algorithm {
+    key_len: AES_256_KEY_LEN,
+    nonce_len: AES_GCM_NONCE_LEN,
+    max_overhead_len: AES_GCM_TAG_LEN,
+    tag_len: AES_GCM_TAG_LEN,
+    init: evp_aead_aes_gcm_init,
+    seal: evp_aead_aes_gcm_seal,
+    open: evp_aead_aes_gcm_open,
+};
+
+/// ChaCha20-Poly1305 as described in
+/// [RFC 7539](https://tools.ietf.org/html/rfc7539).
+///
+/// The keys are 256 bits long and the nonces are 96 bits long.
+pub static CHACHA20_POLY1305: Algorithm = Algorithm {
+    key_len: CHACHA20_KEY_LEN,
+    nonce_len: 96 / 8,
+    max_overhead_len: POLY1305_TAG_LEN,
+    tag_len: POLY1305_TAG_LEN,
+    init: evp_aead_chacha20_poly1305_init,
+    seal: evp_aead_chacha20_poly1305_seal,
+    open: evp_aead_chacha20_poly1305_open,
+};
+
+/// The old ChaCha20-Poly13065 construction used in OpenSSH's
+/// [chacha20-poly1305@openssh.com](http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.chacha20poly1305)
+/// and the experimental TLS cipher suites with IDs `0xCC13` (ECDHE-RSA) and
+/// `0xCC14` (ECDHE-ECDSA). Use `CHACHA20_POLY1305` instead.
+///
+/// The keys are 256 bits long and the nonces are 96 bits. The first four bytes
+/// of the nonce must be `[0, 0, 0, 0]` in order to interoperate with other
+/// implementations, which use 64-bit nonces.
+pub static CHACHA20_POLY1305_OLD: Algorithm = Algorithm {
+    key_len: CHACHA20_KEY_LEN,
+    nonce_len: 96 / 8,
+    max_overhead_len: POLY1305_TAG_LEN,
+    tag_len: POLY1305_TAG_LEN,
+    init: evp_aead_chacha20_poly1305_init,
+    seal: evp_aead_chacha20_poly1305_old_seal,
+    open: evp_aead_chacha20_poly1305_old_open,
+};
+
+type OpenOrSealFn =
+    unsafe extern fn(ctx: *const u64, out: *mut u8,
+                     out_len: &mut c::size_t, max_out_len: c::size_t,
+                     nonce: *const u8, in_: *const u8, in_len: c::size_t,
+                     ad: *const u8, ad_len: c::size_t) -> c::int;
+
+extern {
+    fn evp_aead_aes_gcm_init(ctx_buf: *mut u64, ctx_buf_len: c::size_t,
+                             key: *const u8, key_len: c::size_t) -> c::int;
+
+    fn evp_aead_aes_gcm_seal(ctx_buf: *const u64, out: *mut u8,
+                             out_len: &mut c::size_t, max_out_len: c::size_t,
+                             nonce: *const u8, in_: *const u8,
+                             in_len: c::size_t, ad: *const u8,
+                             ad_len: c::size_t) -> c::int;
+
+    fn evp_aead_aes_gcm_open(ctx_buf: *const u64, out: *mut u8,
+                             out_len: &mut c::size_t, max_out_len: c::size_t,
+                             nonce: *const u8, in_: *const u8,
+                             in_len: c::size_t, ad: *const u8,
+                             ad_len: c::size_t) -> c::int;
+
+    fn evp_aead_chacha20_poly1305_init(ctx_buf: *mut u64,
+                                       ctx_buf_len: c::size_t, key: *const u8,
+                                       key_len: c::size_t) -> c::int;
+
+    fn evp_aead_chacha20_poly1305_seal(ctx_buf: *const u64, out: *mut u8,
+                                       out_len: &mut c::size_t,
+                                       max_out_len: c::size_t,
+                                       nonce: *const u8, in_: *const u8,
+                                       in_len: c::size_t, ad: *const u8,
+                                       ad_len: c::size_t) -> c::int;
+
+    fn evp_aead_chacha20_poly1305_open(ctx_buf: *const u64, out: *mut u8,
+                                       out_len: &mut c::size_t,
+                                       max_out_len: c::size_t,
+                                       nonce: *const u8, in_: *const u8,
+                                       in_len: c::size_t, ad: *const u8,
+                                       ad_len: c::size_t) -> c::int;
+
+    fn evp_aead_chacha20_poly1305_old_seal(ctx_buf: *const u64, out: *mut u8,
+                                           out_len: &mut c::size_t,
+                                           max_out_len: c::size_t,
+                                           nonce: *const u8, in_: *const u8,
+                                           in_len: c::size_t, ad: *const u8,
+                                           ad_len: c::size_t) -> c::int;
+
+    fn evp_aead_chacha20_poly1305_old_open(ctx_buf: *const u64, out: *mut u8,
+                                           out_len: &mut c::size_t,
+                                           max_out_len: c::size_t,
+                                           nonce: *const u8, in_: *const u8,
+                                           in_len: c::size_t, ad: *const u8,
+                                           ad_len: c::size_t) -> c::int;
+}
+
+#[cfg(test)]
+mod tests {
+
+    use super::super::{aead, file_test};
+    use rustc_serialize::hex::ToHex;
+
+    #[test]
+    pub fn test_aes_gcm_128() {
+        test_aead(&aead::AES_128_GCM,
+                  "crypto/cipher/test/aes_128_gcm_tests.txt");
+    }
+
+    #[test]
+    pub fn test_aes_gcm_256() {
+        test_aead(&aead::AES_256_GCM,
+                  "crypto/cipher/test/aes_256_gcm_tests.txt");
+    }
+
+    #[test]
+    pub fn test_chacha20_poly1305() {
+        test_aead(&aead::CHACHA20_POLY1305,
+                  "crypto/cipher/test/chacha20_poly1305_tests.txt");
+    }
+
+    #[test]
+    pub fn test_chacha20_poly1305_old() {
+        test_aead(&aead::CHACHA20_POLY1305_OLD,
+                  "crypto/cipher/test/chacha20_poly1305_old_tests.txt");
+    }
+
+    fn test_aead(aead_alg: &'static aead::Algorithm, file_path: &str) {
+        test_aead_key_sizes(aead_alg);
+        test_aead_nonce_sizes(aead_alg);
+
+        file_test::run(file_path, |section, test_case| {
+            assert_eq!(section, "");
+            let key_bytes = test_case.consume_bytes("KEY");
+            let nonce = test_case.consume_bytes("NONCE");
+            let plaintext = test_case.consume_bytes("IN");
+            let ad = test_case.consume_bytes("AD");
+            let mut ct = test_case.consume_bytes("CT");
+            let tag = test_case.consume_bytes("TAG");
+            let error = test_case.consume_optional_string("FAILS");
+
+            ct.extend(tag);
+
+            // TODO: test shifting.
+
+            let max_overhead_len = aead_alg.max_overhead_len;
+            let mut s_in_out = plaintext.clone();
+            for _ in 0..max_overhead_len {
+                s_in_out.push(0);
+            }
+            let s_key = aead::SealingKey::new(aead_alg, &key_bytes).unwrap();
+            let s_result = aead::seal_in_place(&s_key, &nonce,
+                                               &mut s_in_out[..],
+                                               max_overhead_len, &ad);
+            println!("ACTUAL: {}", s_in_out.to_hex());
+
+            let mut o_in_out = ct.clone();
+            let o_key = aead::OpeningKey::new(aead_alg, &key_bytes).unwrap();
+            let o_result = aead::open_in_place(&o_key, &nonce, 0,
+                                               &mut o_in_out[..], &ad);
+
+            match error {
+                None => {
+                    assert_eq!(Ok(ct.len()), s_result);
+                    assert_eq!(&ct[..], &s_in_out[0..ct.len()]);
+                    assert_eq!(Ok(plaintext.len()), o_result);
+                    assert_eq!(&plaintext[..], &o_in_out[0..plaintext.len()]);
+                },
+                Some(ref error) if error == "WRONG_NONCE_LENGTH" => {
+                    assert_eq!(Err(()), s_result);
+                    assert_eq!(Err(()), o_result);
+                },
+                Some(error) => {
+                    unreachable!("Unexpected error test case: {}", error);
+                }
+            };
+        });
+    }
+
+    fn test_aead_key_sizes(aead_alg: &'static aead::Algorithm) {
+        let key_len = aead_alg.key_len;
+        let key_data = vec![0u8; key_len * 2];
+
+        // Key is the right size.
+        assert!(aead::OpeningKey::new(aead_alg, &key_data[0..key_len])
+                    .is_ok());
+        assert!(aead::SealingKey::new(aead_alg, &key_data[0..key_len])
+                    .is_ok());
+
+        // Key is one byte too small.
+        assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len - 1)])
+                    .is_err());
+        assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len - 1)])
+                    .is_err());
+
+        // Key is one byte too large.
+        assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len + 1)])
+                    .is_err());
+        assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len + 1)])
+                    .is_err());
+
+        // Key is half the required size.
+        assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len / 2)])
+                    .is_err());
+        assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len / 2)])
+                    .is_err());
+
+        // Key is twice the required size.
+        assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len * 2)])
+                    .is_err());
+        assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len * 2)])
+                    .is_err());
+
+        // Key is empty.
+        assert!(aead::OpeningKey::new(aead_alg, &[]).is_err());
+        assert!(aead::SealingKey::new(aead_alg, &[]).is_err());
+
+        // Key is one byte.
+        assert!(aead::OpeningKey::new(aead_alg, &[0]).is_err());
+        assert!(aead::SealingKey::new(aead_alg, &[0]).is_err());
+    }
+
+    // Test that we reject non-standard nonce sizes.
+    //
+    // XXX: This test isn't that great in terms of how it tests
+    // `open_in_place`. It should be constructing a valid ciphertext using the
+    // unsupported nonce size using a different implementation that supports
+    // non-standard nonce sizes. So, when `open_in_place` returns `Err(())`, we
+    // don't know if it is because it rejected the non-standard nonce size or
+    // because it tried to process the input with the wrong nonce. But at least
+    // we're verifying that `open_in_place` won't crash or access out-of-bounds
+    // memory (when run under valgrind or similar). The AES-128-GCM tests have
+    // some WRONG_NONCE_LENGTH test cases that tests this more correctly.
+    fn test_aead_nonce_sizes(aead_alg: &'static aead::Algorithm) {
+        let key_len = aead_alg.key_len;
+        let key_data = vec![0u8; key_len];
+        let o_key =
+            aead::OpeningKey::new(aead_alg, &key_data[0..key_len]).unwrap();
+        let s_key =
+            aead::SealingKey::new(aead_alg, &key_data[0..key_len]).unwrap();
+
+        let nonce_len = aead_alg.nonce_len;
+
+        let nonce = vec![0u8; nonce_len * 2];
+
+        let prefix_len = 0;
+        let suffix_space = aead_alg.max_overhead_len;
+        let ad: [u8; 0] = [];
+
+        // Construct a template input for `seal_in_place`.
+        let plaintext = "hello, world".as_bytes();
+        let mut to_seal = Vec::from(plaintext);
+        // Reserve space for tag.
+        for _ in 0..suffix_space {
+            to_seal.push(0);
+        }
+        let to_seal = &to_seal[..]; // to_seal is no longer mutable.
+
+        // Construct a template input for `open_in_place`.
+        let mut to_open = Vec::from(to_seal);
+        let ciphertext_len = aead::seal_in_place(&s_key, &nonce[0..nonce_len],
+                                                 &mut to_open, suffix_space,
+                                                 &ad).unwrap();
+        let to_open = &to_open[0..ciphertext_len];
+
+        // Nonce is the correct length.
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &nonce[0..nonce_len],
+                                        &mut in_out, suffix_space, &ad).is_ok());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &nonce[0..nonce_len],
+                                        prefix_len, &mut in_out, &ad).is_ok());
+        }
+
+        // Nonce is one byte too small.
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len - 1)],
+                                        &mut in_out, suffix_space, &ad).is_err());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len - 1)],
+                                        prefix_len, &mut in_out, &ad).is_err());
+        }
+
+        // Nonce is one byte too large.
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len + 1)],
+                                        &mut in_out, suffix_space, &ad).is_err());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len + 1)],
+                                        prefix_len, &mut in_out, &ad).is_err());
+        }
+
+        // Nonce is half the required size.
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len / 2)],
+                                        &mut in_out, suffix_space, &ad).is_err());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len / 2)],
+                                        prefix_len, &mut in_out, &ad).is_err());
+        }
+
+        // Nonce is twice the required size.
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len * 2)],
+                                        &mut in_out, suffix_space, &ad).is_err());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len * 2)],
+                                        prefix_len, &mut in_out, &ad).is_err());
+        }
+
+        // Nonce is empty.
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &[], &mut in_out, suffix_space,
+                                        &ad).is_err());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &[], prefix_len, &mut in_out,
+                                        &ad).is_err());
+        }
+
+        // Nonce is one byte.
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &nonce[0..1], &mut in_out,
+                                        suffix_space, &ad).is_err());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &nonce[0..1], prefix_len,
+                                        &mut in_out, &ad).is_err());
+        }
+
+        // Nonce is 128 bits (16 bytes).
+        {
+            let mut in_out = Vec::from(to_seal);
+            assert!(aead::seal_in_place(&s_key, &nonce[0..16], &mut in_out,
+                                        suffix_space, &ad).is_err());
+        }
+        {
+            let mut in_out = Vec::from(to_open);
+            assert!(aead::open_in_place(&o_key, &nonce[0..16], prefix_len,
+                                        &mut in_out, &ad).is_err());
+        }
+    }
+}