Bug 11300 - Use of NONCEs in crypto functions is not properly constrained
Summary: Use of NONCEs in crypto functions is not properly constrained
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.2.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-29 15:53 UTC by Simo Sorce
Modified: 2016-05-24 12:37 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simo Sorce 2015-05-29 15:53:56 UTC 
The current AEAD crypto primitives we have access to and use (AES-128-CCM and
AES-128-GCM) fail catastrophically if a nonce is ever reused with
the same key.

Appropriate measures ned to be added to prevent nonce wrapping/reuse.
Comment 1 Jeremy Allison 2015-06-16 21:48:44 UTC 
Do not push the patch that went into master. It breaks non-encrypted SMB3.0.

(Found at plugfest by codenomicon).
Comment 2 Stefan Metzmacher 2016-05-24 12:37:37 UTC 
This is fixed in current releases