With gnutls_aead_cipher_decrypt() before gnutls 3.5.2 we always fail the ptext_size != m_total check and status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR) will just return NT_STATUS_OK without placing the decrypted data into the callers buffers.
This bug was referenced in samba master: 68e62962b08497da8359ddbe4324443818c05cd1 99182af4ab5a3413311e27c2a193e09babceb01c 735f3d7dde3daf5d0af2e8a1de60422b88663992
Created attachment 17144 [details] Patches for v4-16-test
Created attachment 17145 [details] Patches for v4-15-test
Created attachment 17146 [details] Patches for v4-14-test
Jule, please apply the patches to the corresponding branches. Thank you!
Pushed to autobuild-v4-{16,15,14}-test.
This bug was referenced in samba v4-15-test: d623b454aa8e28408dd4d74c32c82560b75414ba 8cf62b3f86f1899e180964b736f3abbe5e5aafd5 62d33564f7328c0a6d9e8aa21fc5e13a014cad3c
This bug was referenced in samba v4-16-test: 8deee49cda04907202e3b0ce1fda5211bed7154e f400eef07a4e844e04affc0078c116b64cce897b fe8bf1d8aa61fddf853e60f23750cc240ed8dcc6
Created attachment 17164 [details] Patches for v4-14-test 4.14 needs an additional parse_version() in the configure check ...
New patches pushed to autobuild-v4-14-test.
This bug was referenced in samba v4-14-test: f75a05885123a05dc191b2271e161ee7c505160d bbd4cd045ad8ac0519180f302832663c81551427 77fac5ed243d7cc1b5f288ba7d4c7bbe2685789e
Closing out bug report. Thanks!
This bug was referenced in samba v4-16-stable (Release samba-4.16.0rc3): 8deee49cda04907202e3b0ce1fda5211bed7154e f400eef07a4e844e04affc0078c116b64cce897b fe8bf1d8aa61fddf853e60f23750cc240ed8dcc6
This bug was referenced in samba v4-15-stable (Release samba-4.15.6): d623b454aa8e28408dd4d74c32c82560b75414ba 8cf62b3f86f1899e180964b736f3abbe5e5aafd5 62d33564f7328c0a6d9e8aa21fc5e13a014cad3c
This bug was referenced in samba v4-14-stable (Release samba-4.14.13): f75a05885123a05dc191b2271e161ee7c505160d bbd4cd045ad8ac0519180f302832663c81551427 77fac5ed243d7cc1b5f288ba7d4c7bbe2685789e