https://bugs.openldap.org/show_bug.cgi?id=9920
--- Comment #8 from kero renault.cle@gmail.com --- Hey Howard and Niko,
I recently tried the AEAD implementation of master3 again with my Rust LMDB wrapper[3], and I found some issues when using authenticated encryption. At first, I thought it was me and how I was using LMDB and encryption API, but the more I searched for a usage error on my side, the more I thought it was on LMDB's side.
When disabling the authenticated encryption (setting the size of authentication data in bytes to zero) and replacing the encryption algorithm with a simple memcpy, everything works. I also tried using a simple memcpy and set the auth to a constant number, which failed (MDB_CRYPTOFAIL).
I tried changing the auth size to something like 16 in the default simple example [1], but the test seems too small to trigger an error, which confirms what I've seen so far. I need to run LMDB with encryption on a large program to make it break (currently, the redb benchmarks). As the simple encryption example does not use the auth data, I was expecting it to work, and that was the case.
So, the reproducer will likely be in Rust. My heed wrapper is only designed for AEAD (so authenticated) encryption, and I am not proficient in C (not more). I also checked the module.c/h files[2], and there are, indeed, taking the size of the authentication data into account. However, have you tried large workloads with auth data?
[1]: https://github.com/LMDB/lmdb/blob/fd3c2adae70d2ed65017100db45e0b3babfe342a/l... [2]: https://github.com/LMDB/lmdb/blob/fd3c2adae70d2ed65017100db45e0b3babfe342a/l... [3]: https://github.com/meilisearch/heed/pull/278