Bug 11300 - Use of NONCEs in crypto functions is not properly constrained
Use of NONCEs in crypto functions is not properly constrained
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.2.2
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-29 15:53 UTC by Simo Sorce
Modified: 2016-05-24 12:37 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simo Sorce 2015-05-29 15:53:56 UTC
The current AEAD crypto primitives we have access to and use (AES-128-CCM and
AES-128-GCM) fail catastrophically if a nonce is ever reused with
the same key.

Appropriate measures ned to be added to prevent nonce wrapping/reuse.
Comment 1 Jeremy Allison 2015-06-16 21:48:44 UTC
Do not push the patch that went into master. It breaks non-encrypted SMB3.0.

(Found at plugfest by codenomicon).
Comment 2 Stefan Metzmacher 2016-05-24 12:37:37 UTC
This is fixed in current releases