CVE-2022-37454 SHA-3 buffer overflow

Tomas Mraz tomas at openssl.org
Mon Oct 24 08:57:34 UTC 2022


The implementation of SHA-3 in OpenSSL is different from the vulnerable
one. There is a plain C implementation and also assembly implementation
for various CPU architectures. See crypto/sha/keccak1600.c and
crypto/sha/asm/keccak1600*.pl. None of these should suffer from the
CVE-2022-37454.

The SHA3 low level implementation is used at various places. For
example there is also the SHAKE XOF hash function implementation which
uses the low level SHA3 routines. There is also an implementation of
the original Keccak algorithm in the master branch.

Tomas Mraz, OpenSSL

On Fri, 2022-10-21 at 11:33 -0700, Job Cacka wrote:
> I was reading that SHA-3 has a buffer overflow in the C
> implementation that is used by PHP and Python.
> https://nvd.nist.gov/vuln/detail/CVE-2022-37454
> https://mouha.be/sha-3-buffer-overflow/
>  
> How does OpenSSL implement SHA-3 in the following algorithms? Is SHA3
> only used in SHA3-224, SHA3-256, SHA3-384, and SHA3-512?
>  
> root:/ openssl list -digest-algorithms
> RSA-MD4 => MD4
> RSA-MD5 => MD5
> RSA-MDC2 => MDC2
> RSA-RIPEMD160 => RIPEMD160
> RSA-SHA1 => SHA1
> RSA-SHA1-2 => RSA-SHA1
> RSA-SHA224 => SHA224
> RSA-SHA256 => SHA256
> RSA-SHA3-224 => SHA3-224
> RSA-SHA3-256 => SHA3-256
> RSA-SHA3-384 => SHA3-384
> RSA-SHA3-512 => SHA3-512
> RSA-SHA384 => SHA384
> RSA-SHA512 => SHA512
> RSA-SHA512/224 => SHA512-224
> RSA-SHA512/256 => SHA512-256
> RSA-SM3 => SM3
> BLAKE2b512
> BLAKE2s256
> id-rsassa-pkcs1-v1_5-with-sha3-224 => SHA3-224
> id-rsassa-pkcs1-v1_5-with-sha3-256 => SHA3-256
> id-rsassa-pkcs1-v1_5-with-sha3-384 => SHA3-384
> id-rsassa-pkcs1-v1_5-with-sha3-512 => SHA3-512
> MD4
> md4WithRSAEncryption => MD4
> MD5
> MD5-SHA1
> md5WithRSAEncryption => MD5
> MDC2
> mdc2WithRSA => MDC2
> ripemd => RIPEMD160
> RIPEMD160
> ripemd160WithRSA => RIPEMD160
> rmd160 => RIPEMD160
> SHA1
> sha1WithRSAEncryption => SHA1
> SHA224
> sha224WithRSAEncryption => SHA224
> SHA256
> sha256WithRSAEncryption => SHA256
> SHA3-224
> SHA3-256
> SHA3-384
> SHA3-512
> SHA384
> sha384WithRSAEncryption => SHA384
> SHA512
> SHA512-224
> sha512-224WithRSAEncryption => SHA512-224
> SHA512-256
> sha512-256WithRSAEncryption => SHA512-256
> sha512WithRSAEncryption => SHA512
> SHAKE128
> SHAKE256
> SM3
> sm3WithRSAEncryption => SM3
> ssl3-md5 => MD5
> ssl3-sha1 => SHA1
> whirlpool
>  
>  
> Thanks,
> Job 
>  

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list