panic("crypto/aes: input not full block")
	}
	if len(dst) < BlockSize {
		panic("crypto/aes: output not full block")
	}
	if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
		panic("crypto/aes: invalid buffer overlap")
	}
	encryptBlockGo(c.enc[:c.l], dst, src)
}

func (c *aesCipher) Decrypt(dst, src []byte) {
	if len(src) < BlockSize {
		panic("crypto/aes: input not full block")
	}
	if len(dst) < BlockSize {

kind: Sidecar
metadata:
  name: overlap-1
  namespace: default
spec:
  workloadSelector:
    labels:
      app: ratings-app # Multiple sidecars select overlapping workloads, should generate errors for both
  egress:
  - hosts:
    - "./*"
---
apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
  name: overlap-2
  namespace: default
spec:
  workloadSelector:

	// Get the number of bytes to consider in the last 16 bytes
	ANDQ $15, BX
	JZ end

	// Create mask to ignore overlap between previous 16 byte block
	// and the next.
	MOVQ $16,CX
	SUBQ BX, CX
	MOVQ $0xFFFF, R10
	SARQ CL, R10
	SALQ CL, R10

	// Process the last 16-byte chunk. This chunk may overlap with the
	// chunks we've already searched so we need to mask part of it.
	MOVOU	(AX), X1
	PCMPEQB	X0, X1
	PMOVMSKB X1, DX

	c.i, c.j = 0, 0
}

// XORKeyStream sets dst to the result of XORing src with the key stream.
// Dst and src must overlap entirely or not at all.
func (c *Cipher) XORKeyStream(dst, src []byte) {
	if len(src) == 0 {
		return
	}
	if alias.InexactOverlap(dst[:len(src)], src) {
		panic("crypto/rc4: invalid buffer overlap")
	}
	i, j := c.i, c.j
	_ = dst[len(src)-1]
	dst = dst[:len(src)] // eliminate bounds check from loop

// license that can be found in the LICENSE file.

package p

// Interface types must be ignored during overlap test.

type (
	T1 interface{int}
	T2 interface{~int}
	T3 interface{T1 | bool | string}
	T4 interface{T2 | ~bool | ~string}
)

type (
	// overlap errors for non-interface terms
	// (like the interface terms, but explicitly inlined)

	ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
	ciphertext, tag := out[:len(plaintext)], out[len(plaintext):]
	if alias.InexactOverlap(out, plaintext) {
		panic("chacha20poly1305: invalid buffer overlap")
	}

	var polyKey [32]byte
	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
	s.XORKeyStream(polyKey[:], polyKey[:])
	s.SetCounter(1) // set the counter to 1, skipping 32 bytes

        - name: prometheus
      overrides:
        - match:
            metric: ALL_METRICS
          disabled: false
---
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: overlap-1
  namespace: default
spec:
  selector:
    matchLabels:
      app: ratings-app # Multiple telemetries select overlapping workloads, should generate errors for both
  metrics:
    - providers:

	}

	var state [16]uint32
	setupState(&state, &c.key, nonce)

	ret, out := sliceForAppend(dst, len(plaintext)+16)
	if alias.InexactOverlap(out, plaintext) {
		panic("chacha20poly1305: invalid buffer overlap")
	}
	chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData)
	return ret
}

func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
	if !cpu.X86.HasSSSE3 {

# $1: true or false for the desired allowSubnetCidrRoutesOverlap.
#
# Assumed vars:
#   IP_ALIAS_SUBNETWORK
#   GCE_API_ENDPOINT
#   PROJECT
#   REGION
function set-allow-subnet-cidr-routes-overlap() {
  local allow_subnet_cidr_routes_overlap
  allow_subnet_cidr_routes_overlap=$(gcloud compute networks subnets \
    describe "${IP_ALIAS_SUBNETWORK}" --project="${PROJECT}" --region="${REGION}" \

		panic("crypto/aes: input not full block")
	}
	if len(dst) < BlockSize {
		panic("crypto/aes: output not full block")
	}
	if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
		panic("crypto/aes: invalid buffer overlap")
	}
	cryptBlocks(c.function, &c.key[0], &dst[0], &src[0], BlockSize)
}

func (c *aesCipherAsm) Decrypt(dst, src []byte) {
	if len(src) < BlockSize {
		panic("crypto/aes: input not full block")
	}