Quantcast
Channel: Intel Developer Zone Articles
Viewing all articles
Browse latest Browse all 3384

Known problems in Intel® Integrated Performance Primitives Cryptography XTS-AES, GFp, and HMAC functions

$
0
0

The following issues were identified in the Intel® Integrated Performance Primitives (Intel® IPP) Cryptography XTS-AES, GFp, and HMAC functions. The problems affect the Intel® IPP 2017 Update 2 and earlier releases.

These issues will be fixed in the future versions of Intel® IPP. If your code is affected, use the following workaround to fix the problem, and improve the code security
:

  • ippsAESEncryptXTS_Direct and ippsAESDecryptXTS_Direct
    Problem: The ippsAESEncryptXTS_Direct and ippsAESDecryptXTS_Direct functions do not check the number of blocks in AES-XTS encryption/decryption operations.  The AES-XTS operations are required not to exceed 2^20 AES blocks.

    Workaround: To avoid issues with the large AES blocks number, check the blocks number in the application code.

  •  ippsGFpxGetSize and ippsGFpECGetsize
    Problem
     The ippsGFpxGetSize and ippsGFpECGetsize functions do not perform check for integer overflow.

    Workaround:  Check the GF tower construction height in your application, and limit the extension of basic prime GF to less than 8.  The parameter in ippsGFpxGetSize() function should be  2<= degree <=8.  

  • ippsHMACGetTag_rmf and ippsHMACGetTag
    Problem
    : The ippsHMACGetTag_rmf and ippsHMACGetTag functions leave some sensitive data after exit. This may lead to a leak of these data.

    Workaround: Use the following pairs of sequential calls to replace the ippsHMACGetTag_rmf and ippsHMACGetTag function:   
        ippsHMAC_Duplicate()and ippsHMAC_Final()
        ippsHMACDuplicate_rmf()and ippsHMACFinal_rmf() 


Viewing all articles
Browse latest Browse all 3384

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>