diff --git a/sources/ippcp/crypto_mb/include/crypto_mb/sm4.h b/sources/ippcp/crypto_mb/include/crypto_mb/sm4.h index 2eeab8c1..144fb6f5 100644 --- a/sources/ippcp/crypto_mb/include/crypto_mb/sm4.h +++ b/sources/ippcp/crypto_mb/include/crypto_mb/sm4.h @@ -22,10 +22,11 @@ #include #include -#define SM4_LINES (16) /* Max number of buffers */ -#define SM4_BLOCK_SIZE (16) /* SM4 data block size (bytes) */ -#define SM4_KEY_SIZE (16) /* SM4 key size (bytes) */ -#define SM4_ROUNDS (32) /* SM4 number of rounds */ +#define SM4_LINES (16) /* Max number of buffers */ +#define SM4_BLOCK_SIZE (16) /* SM4 data block size (bytes) */ +#define SM4_KEY_SIZE (16) /* SM4 key size (bytes) */ +#define SM4_ROUNDS (32) /* SM4 number of rounds */ +#define SM4_XTS_MAX_SIZE ((1 << 20) * SM4_BLOCK_SIZE) /* SM4 max buffer size (bytes) */ typedef int8u sm4_key[SM4_KEY_SIZE]; typedef int8u sm4_xts_key[SM4_KEY_SIZE*2]; diff --git a/sources/ippcp/crypto_mb/src/sm4/sm4_xts_dec_mb16.c b/sources/ippcp/crypto_mb/src/sm4/sm4_xts_dec_mb16.c index 9bb03d9b..1b1530e5 100644 --- a/sources/ippcp/crypto_mb/src/sm4/sm4_xts_dec_mb16.c +++ b/sources/ippcp/crypto_mb/src/sm4/sm4_xts_dec_mb16.c @@ -48,6 +48,11 @@ mbx_status16 mbx_sm4_xts_decrypt_mb16(int8u* pa_out[SM4_LINES], const int8u* pa_ /* Do not process non-valid buffers */ mb_mask &= ~(0x1 << buf_no); } + if (len[buf_no] > SM4_XTS_MAX_SIZE) { + status = MBX_SET_STS16(status, buf_no, MBX_STATUS_MISMATCH_PARAM_ERR); + /* Do not process non-valid buffers */ + mb_mask &= ~(0x1 << buf_no); + } } if (MBX_IS_ANY_OK_STS16(status)) diff --git a/sources/ippcp/crypto_mb/src/sm4/sm4_xts_enc_mb16.c b/sources/ippcp/crypto_mb/src/sm4/sm4_xts_enc_mb16.c index c15e826a..6622b7b4 100644 --- a/sources/ippcp/crypto_mb/src/sm4/sm4_xts_enc_mb16.c +++ b/sources/ippcp/crypto_mb/src/sm4/sm4_xts_enc_mb16.c @@ -48,6 +48,11 @@ mbx_status16 mbx_sm4_xts_encrypt_mb16(int8u* pa_out[SM4_LINES], const int8u* pa_ /* Do not process non-valid buffers */ mb_mask &= ~(0x1 << buf_no); } + if (len[buf_no] > SM4_XTS_MAX_SIZE) { + status = MBX_SET_STS16(status, buf_no, MBX_STATUS_MISMATCH_PARAM_ERR); + /* Do not process non-valid buffers */ + mb_mask &= ~(0x1 << buf_no); + } } if (MBX_IS_ANY_OK_STS16(status)) diff --git a/sources/ippcp/pcprsa_getdefmeth_priv.h b/sources/ippcp/pcprsa_getdefmeth_priv.h index e8e1f9bf..3f927f5d 100644 --- a/sources/ippcp/pcprsa_getdefmeth_priv.h +++ b/sources/ippcp/pcprsa_getdefmeth_priv.h @@ -4,15 +4,15 @@ * Licensed under the Apache License, Version 2.0 (the 'License'); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at -* +* * http://www.apache.org/licenses/LICENSE-2.0 -* +* * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an 'AS IS' BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions * and limitations under the License. -* +* *******************************************************************************/ /* @@ -56,12 +56,12 @@ static gsMethod_RSA* getDualExpMethod_RSA_private(int bitSizeDP, int bitSizeDQ) if ((bitSizeDP != bitSizeDQ) || (bitSizeDP == 0)) return NULL; - gsMethod_RSA* m = NULL; #if(_IPP32E>=_IPP32E_K1) + gsMethod_RSA* m = NULL; m = gsMethod_RSA_avx512_crt_private(bitSizeDP); -#endif if (m && m->dualExpFun) return m; +#endif return NULL; }