The following issues were identified in the Intel® Integrated Performance Primitives (Intel® IPP) Cryptography XTS-AES, GFp, and HMAC functions. The problems affect the Intel® IPP 2017 Update 2 and earlier releases.
These issues will be fixed in the future versions of Intel® IPP. If your code is affected, use the following workaround to fix the problem, and improve the code security:
ippsAESEncryptXTS_Direct and ippsAESDecryptXTS_Direct
Problem: The ippsAESEncryptXTS_Direct and ippsAESDecryptXTS_Direct functions do not check the number of blocks in AES-XTS encryption/decryption operations. The AES-XTS operations are required not to exceed 2^20 AES blocks.
Workaround: To avoid issues with the large AES blocks number, check the blocks number in the application code.ippsGFpxGetSize and ippsGFpECGetsize
Problem: The ippsGFpxGetSize and ippsGFpECGetsize functions do not perform check for integer overflow.
Workaround: Check the GF tower construction height in your application, and limit the extension of basic prime GF to less than 8. The parameter in ippsGFpxGetSize() function should be 2<= degree <=8.ippsHMACGetTag_rmf and ippsHMACGetTag
Problem: The ippsHMACGetTag_rmf and ippsHMACGetTag functions leave some sensitive data after exit. This may lead to a leak of these data.
Workaround: Use the following pairs of sequential calls to replace the ippsHMACGetTag_rmf and ippsHMACGetTag function:
ippsHMAC_Duplicate()and ippsHMAC_Final()
ippsHMACDuplicate_rmf()and ippsHMACFinal_rmf()