6 files changed, 17 insertions, 10 deletions

diff --git a/chromium/third_party/private_membership/src/internal/encrypted_bucket_id_test.cc b/chromium/third_party/private_membership/src/internal/encrypted_bucket_id_test.cc
index 1adc3c7dccc..5e658de2c03 100644
--- a/chromium/third_party/private_membership/src/internal/encrypted_bucket_id_test.cc
+++ b/chromium/third_party/private_membership/src/internal/encrypted_bucket_id_test.cc
@@ -113,7 +113,7 @@ TEST(EncryptedBucketIdTest, ToUint32Success) {
   ASSERT_OK_AND_ASSIGN(auto encrypted_bucket_id,
                        EncryptedBucketId::Create("\xFF\xFF\xFF\xFF", 32));
   ASSERT_OK_AND_ASSIGN(auto x, encrypted_bucket_id.ToUint32());
-  EXPECT_EQ(x, (1LL << 32) - 1);
+  EXPECT_EQ(x, (int64{1} << 32) - 1);
 }
 
 TEST(EncryptedBucketIdTest, EqualsFalse) {
diff --git a/chromium/third_party/private_membership/src/internal/oprf_utils.cc b/chromium/third_party/private_membership/src/internal/oprf_utils.cc
index 181383be479..b6b6a5d2744 100644
--- a/chromium/third_party/private_membership/src/internal/oprf_utils.cc
+++ b/chromium/third_party/private_membership/src/internal/oprf_utils.cc
@@ -20,13 +20,13 @@ namespace private_membership {
 
 ::rlwe::StatusOr<DoublyEncryptedId> ReEncryptId(
     absl::string_view encrypted_id,
-    const private_join_and_compute::ECCommutativeCipher& ec_cipher) {
+    private_join_and_compute::ECCommutativeCipher* ec_cipher) {
   DoublyEncryptedId doubly_encrypted_id;
 
   doubly_encrypted_id.set_queried_encrypted_id(std::string(encrypted_id));
 
   auto status_or_reencrypted_id =
-      ec_cipher.ReEncrypt(std::string(encrypted_id));
+      ec_cipher->ReEncrypt(std::string(encrypted_id));
   if (!status_or_reencrypted_id.ok()) {
     return absl::InvalidArgumentError(
         status_or_reencrypted_id.status().message());
diff --git a/chromium/third_party/private_membership/src/internal/oprf_utils.h b/chromium/third_party/private_membership/src/internal/oprf_utils.h
index 64636191db5..83819a21419 100644
--- a/chromium/third_party/private_membership/src/internal/oprf_utils.h
+++ b/chromium/third_party/private_membership/src/internal/oprf_utils.h
@@ -25,9 +25,10 @@ namespace private_membership {
 //
 // Returns an INVALID_ARGUMENT error code if the given encrypted id is not a
 // valid encoding of a point on the curve as defined in ANSI X9.62 ECDSA.
+//
+// This method is not threadsafe because ec_cipher is not thread-safe.
 ::rlwe::StatusOr<DoublyEncryptedId> ReEncryptId(
-    absl::string_view encrypted_id,
-    const private_join_and_compute::ECCommutativeCipher& ec_cipher);
+    absl::string_view encrypted_id, private_join_and_compute::ECCommutativeCipher* ec_cipher);
 
 }  // namespace private_membership
 
diff --git a/chromium/third_party/private_membership/src/internal/oprf_utils_test.cc b/chromium/third_party/private_membership/src/internal/oprf_utils_test.cc
index d125f810189..695444d8e96 100644
--- a/chromium/third_party/private_membership/src/internal/oprf_utils_test.cc
+++ b/chromium/third_party/private_membership/src/internal/oprf_utils_test.cc
@@ -39,7 +39,7 @@ TEST(OprfUtilsTest, ReEncryptIdSuccess) {
   ASSERT_OK_AND_ASSIGN(auto encrypted_id, ec_cipher1->Encrypt("plaintext id"));
 
   ASSERT_OK_AND_ASSIGN(auto doubly_encrypted_id,
-                       ReEncryptId(encrypted_id, *ec_cipher2));
+                       ReEncryptId(encrypted_id, ec_cipher2.get()));
   EXPECT_EQ(doubly_encrypted_id.queried_encrypted_id(), encrypted_id);
   ASSERT_OK_AND_ASSIGN(auto result, ec_cipher2->ReEncrypt(encrypted_id));
   EXPECT_EQ(doubly_encrypted_id.doubly_encrypted_id(), result);
@@ -52,7 +52,7 @@ TEST(OprfUtilsTest, ReEncryptIdFail) {
           kCurveId, private_join_and_compute::ECCommutativeCipher::HashType::SHA256));
   // Empty substring necessary due to forked StatusIs.
   EXPECT_THAT(
-      ReEncryptId("not encrypted id", *ec_cipher),
+      ReEncryptId("not encrypted id", ec_cipher.get()),
       StatusIs(absl::StatusCode::kInvalidArgument, testing::HasSubstr("")));
 }
 
diff --git a/chromium/third_party/private_membership/src/private_membership_rlwe.proto b/chromium/third_party/private_membership/src/private_membership_rlwe.proto
index da3159a66cc..993c9cdfc07 100644
--- a/chromium/third_party/private_membership/src/private_membership_rlwe.proto
+++ b/chromium/third_party/private_membership/src/private_membership_rlwe.proto
@@ -98,10 +98,16 @@ enum RlweUseCase {
   TEST_USE_CASE2 = 2;
   TEST_USE_CASE3 = 3;
 
-  // The initial state of Chrome OS device, used for Zero Touch and
-  // License Packaging.
+  // DO NOT USE. Use CROS_DEVICE_STATE instead.
   CROS_INITIAL_STATE = 4;
 
+  // The device state of Chrome OS device, used for Zero Touch,
+  // License Packaging and Forced Reenrollment.
+  CROS_DEVICE_STATE = 5;
+
+  // Safe Browsing API test use case.
+  SAFEBROWSING_API_TEST = 6;
+
   // Add more use cases.
 }
 
diff --git a/chromium/third_party/private_membership/src/private_membership_rlwe_client.h b/chromium/third_party/private_membership/src/private_membership_rlwe_client.h
index e1a789a9004..94f220de899 100644
--- a/chromium/third_party/private_membership/src/private_membership_rlwe_client.h
+++ b/chromium/third_party/private_membership/src/private_membership_rlwe_client.h
@@ -155,7 +155,7 @@ class PrivateMembershipRlweClient {
       const private_membership::rlwe::EncryptedBucket& encrypted_bucket);
 
   // Maximum encrypted bucket ID length.
-  static constexpr int kMaxEncryptedBucketIdLength = 30;
+  static constexpr int kMaxEncryptedBucketIdLength = 26;
 
   // Use case of the membership query.
   const private_membership::rlwe::RlweUseCase use_case_;