Properly constrain use of nonces with AEAD crypto

Simo simo at
Fri May 29 10:43:52 MDT 2015

On Thu, 2015-05-28 at 19:58 +0200, Stefan (metze) Metzmacher wrote:
> Hi Simo,
> > The current AEAD crypto primitives we have access to and use (AES-128-CCM and
> > AES-128-GCM) have a very annoying failure mode if a nonce is ever reused with
> > the same key.
> > The attached patch adds checks to avoid ever wrapping and resusing a nonce.
> > 
> > It passes a custom autobuild.
> What about the attached patchset it also fixes the client side and a few
> minor bugs.
> Do you think we need to backport similar fixes to 4.1 and 4.2?
> If so please create a bug report and add a link to the commit messages
> before possibly pushing to master.
> Thanks!
> metze

Opened 11300 and pushed patches to autobuild.


Simo Sorce

More information about the samba-technical mailing list