Known problems in Intel® Integrated Performance Primitives Cryptography XTS-AES, GFp, and HMAC functions

By Chao Yu, Published: 02/22/2017, Last Updated: 07/25/2017

The following issues were identified in the Intel® Integrated Performance Primitives (Intel® IPP) Cryptography XTS-AES, GFp, and HMAC functions. The problems affect the Intel® IPP 2017 Update 2 and earlier releases.

These issues was fixed in the Intel® IPP 2017 Update 3. If your code is affected,  please update to the latest Intel IPP releases to improve the code security.

The following are some workaround for the old release to fix the problem.:

  • ippsAESEncryptXTS_Direct and ippsAESDecryptXTS_Direct
    Problem: The ippsAESEncryptXTS_Direct and ippsAESDecryptXTS_Direct functions do not check the number of blocks in AES-XTS encryption/decryption operations.  The AES-XTS operations are required not to exceed 2^20 AES blocks.

    Workaround: To avoid issues with the large AES blocks number, check the blocks number in the application code.

  •  ippsGFpxGetSize and ippsGFpECGetsize
     The ippsGFpxGetSize and ippsGFpECGetsize functions do not perform check for integer overflow.

    Workaround:  Check the GF tower construction height in your application, and limit the extension of basic prime GF to less than 8.  The parameter in ippsGFpxGetSize() function should be  2<= degree <=8.  

  • ippsHMACGetTag_rmf and ippsHMACGetTag
    : The ippsHMACGetTag_rmf and ippsHMACGetTag functions leave some sensitive data after exit. This may lead to a leak of these data.

    Workaround: Use the following pairs of sequential calls to replace the ippsHMACGetTag_rmf and ippsHMACGetTag function:   
        ippsHMAC_Duplicate()and ippsHMAC_Final()
        ippsHMACDuplicate_rmf()and ippsHMACFinal_rmf() 

Product and Performance Information


Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804