Properly constrain use of nonces with AEAD crypto
Simo
simo at samba.org
Fri May 29 10:43:52 MDT 2015
On Thu, 2015-05-28 at 19:58 +0200, Stefan (metze) Metzmacher wrote:
> Hi Simo,
>
> > The current AEAD crypto primitives we have access to and use (AES-128-CCM and
> > AES-128-GCM) have a very annoying failure mode if a nonce is ever reused with
> > the same key.
> > The attached patch adds checks to avoid ever wrapping and resusing a nonce.
> >
> > It passes a custom autobuild.
>
> What about the attached patchset it also fixes the client side and a few
> minor bugs.
>
> Do you think we need to backport similar fixes to 4.1 and 4.2?
> If so please create a bug report and add a link to the commit messages
> before possibly pushing to master.
>
> Thanks!
> metze
Opened 11300 and pushed patches to autobuild.
Simo.
--
Simo Sorce
More information about the samba-technical
mailing list