Skip to content

samba-libs and dynamic AAD allocation (AES-GCM)#59

Merged
SparkiDev merged 4 commits intowolfSSL:mainfrom
gasbytes:samba-libs
Sep 15, 2025
Merged

samba-libs and dynamic AAD allocation (AES-GCM)#59
SparkiDev merged 4 commits intowolfSSL:mainfrom
gasbytes:samba-libs

Conversation

@gasbytes
Copy link
Copy Markdown
Contributor

@gasbytes gasbytes commented Jul 4, 2025
edited
Loading

  • raised MAX_AUTH_DATA to 4KiB;
  • dynamic allocation for AAD handling for AES-GCM when the static buffer's size is < than MAX_AUTH_DATA;
  • samba-libs workflow: testing master only, latest and target version are both reporting failures in the testsuite, not related to the provider.

@gasbytes gasbytes self-assigned this Jul 4, 2025
@gasbytes gasbytes force-pushed the samba-libs branch 21 times, most recently from c41488a to c29f3f6 Compare July 9, 2025 16:26
@gasbytes gasbytes force-pushed the samba-libs branch 3 times, most recently from 8144872 to ca44a58 Compare July 23, 2025 16:52
@gasbytes gasbytes marked this pull request as draft July 24, 2025 16:38
@gasbytes gasbytes force-pushed the samba-libs branch 3 times, most recently from e7762de to d0d3a55 Compare August 5, 2025 16:08
@gasbytes gasbytes force-pushed the samba-libs branch 17 times, most recently from 8fab15f to 530ee9c Compare August 19, 2025 14:30
@gasbytes
cipher: raise MAX_AUTH_DATA to 4 KiB
f2ae77b 
Kerberos-GCM AAD (~1.8 KiB) overflowed the old 1 KiB cap, triggering
GNUTLS_E_SHORT_MEMORY_BUFFER and Samba test failures. 4 KiB unblocks
normal traffic; dynamic buffering can follow.
@gasbytes
Enable dynamic AAD handling for AES-GCM by keeping the existing 4 KiB
e6cd30d 
static buffer and transparently spilling to a heap buffer that grows as
needed. All GCM paths now use the correct buffer and the heap is freed
on context teardown. The test suite is extended with large-AAD cases,
including a 128 KiB vector and a 2 K + 4 K + 64 K chunk sequence, to
exercise spill and realloc during both encryption and decryption.
@gasbytes gasbytes force-pushed the samba-libs branch 2 times, most recently from b9db986 to 4ab9c62 Compare September 5, 2025 15:11
@gasbytes gasbytes marked this pull request as ready for review September 15, 2025 10:13
@gasbytes gasbytes assigned SparkiDev and unassigned gasbytes Sep 15, 2025
@gasbytes gasbytes requested a review from SparkiDev September 15, 2025 10:47
@SparkiDev SparkiDev merged commit 014f5b3 into wolfSSL:main Sep 15, 2025
53 of 55 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SparkiDev SparkiDev SparkiDev approved these changes

Assignees

@SparkiDev SparkiDev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gasbytes @SparkiDev