Properly constrain use of nonces with AEAD crypto

idra at idra at
Thu May 21 02:01:26 MDT 2015

The current AEAD crypto primitives we have access to and use (AES-128-CCM and
AES-128-GCM) have a very annoying failure mode if a nonce is ever reused with
the same key.
The attached patch adds checks to avoid ever wrapping and resusing a nonce.

It passes a custom autobuild.

Please review and push.

Simo Sorce       idra at
Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-In-CCM-and-GCM-mode-we-can-t-reuse-nonces.patch
Type: text/x-diff
Size: 6889 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list