From 97bab870c67461939be40569d3927bd66ca7e32c Mon Sep 17 00:00:00 2001
From: GiannettaGerardo <gp.gerardo@protonmail.com>
Date: Sat, 18 Apr 2026 12:54:57 +0200
Subject: [PATCH] Minor update to AES-GCM encrypt example.

Updated the AES-GCM encrypt function to avoid one heap memory allocation.
The internal GCM implementation uses 'sliceForAppend' that will allocate new memory if the 'dst' buffer does not have enough capacity. With this fix, the slice 'nonce' has now enough capacity to be used as 'dst' without memory re-allocation.
---
 src/cryptographic-practices/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/cryptographic-practices/README.md b/src/cryptographic-practices/README.md
index fd50318..4b08bf7 100644
--- a/src/cryptographic-practices/README.md
+++ b/src/cryptographic-practices/README.md
@@ -147,7 +147,8 @@ func encrypt(val []byte, secret []byte) ([]byte, error) {
         return nil, err
     }
 
-    nonce := make([]byte, aead.NonceSize())
+    buffer := make([]byte, aead.NonceSize()+aead.Overhead()+len(val))
+	nonce := buffer[:aead.NonceSize()]
     if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
         return nil, err
     }