CVE-2022-37454 SHA-3 buffer overflow

Job Cacka job at ccbox.com
Mon Oct 24 14:17:22 UTC 2022 

That is good to hear as it touches many things. Thanks for letting me know. 

Job

-----Original Message-----
From: Tomas Mraz <tomas at openssl.org> 
Sent: Monday, October 24, 2022 1:58 AM
To: Job Cacka <job at ccbox.com>; openssl-users at openssl.org
Subject: Re: CVE-2022-37454 SHA-3 buffer overflow

The implementation of SHA-3 in OpenSSL is different from the vulnerable one. There is a plain C implementation and also assembly implementation for various CPU architectures. See crypto/sha/keccak1600.c and crypto/sha/asm/keccak1600*.pl. None of these should suffer from the CVE-2022-37454.

The SHA3 low level implementation is used at various places. For example there is also the SHAKE XOF hash function implementation which uses the low level SHA3 routines. There is also an implementation of the original Keccak algorithm in the master branch.

Tomas Mraz, OpenSSL

On Fri, 2022-10-21 at 11:33 -0700, Job Cacka wrote:
> I was reading that SHA-3 has a buffer overflow in the C implementation 
> that is used by PHP and Python.
> https://nvd.nist.gov/vuln/detail/CVE-2022-37454
> https://mouha.be/sha-3-buffer-overflow/
>  
> How does OpenSSL implement SHA-3 in the following algorithms? Is SHA3 
> only used in SHA3-224, SHA3-256, SHA3-384, and SHA3-512?
>  
> root:/ openssl list -digest-algorithms
> RSA-MD4 => MD4
> RSA-MD5 => MD5
> RSA-MDC2 => MDC2
> RSA-RIPEMD160 => RIPEMD160
> RSA-SHA1 => SHA1
> RSA-SHA1-2 => RSA-SHA1
> RSA-SHA224 => SHA224
> RSA-SHA256 => SHA256
> RSA-SHA3-224 => SHA3-224
> RSA-SHA3-256 => SHA3-256
> RSA-SHA3-384 => SHA3-384
> RSA-SHA3-512 => SHA3-512
> RSA-SHA384 => SHA384
> RSA-SHA512 => SHA512
> RSA-SHA512/224 => SHA512-224
> RSA-SHA512/256 => SHA512-256
> RSA-SM3 => SM3
> BLAKE2b512
> BLAKE2s256
> id-rsassa-pkcs1-v1_5-with-sha3-224 => SHA3-224
> id-rsassa-pkcs1-v1_5-with-sha3-256 => SHA3-256
> id-rsassa-pkcs1-v1_5-with-sha3-384 => SHA3-384
> id-rsassa-pkcs1-v1_5-with-sha3-512 => SHA3-512
> MD4
> md4WithRSAEncryption => MD4
> MD5
> MD5-SHA1
> md5WithRSAEncryption => MD5
> MDC2
> mdc2WithRSA => MDC2
> ripemd => RIPEMD160
> RIPEMD160
> ripemd160WithRSA => RIPEMD160
> rmd160 => RIPEMD160
> SHA1
> sha1WithRSAEncryption => SHA1
> SHA224
> sha224WithRSAEncryption => SHA224
> SHA256
> sha256WithRSAEncryption => SHA256
> SHA3-224
> SHA3-256
> SHA3-384
> SHA3-512
> SHA384
> sha384WithRSAEncryption => SHA384
> SHA512
> SHA512-224
> sha512-224WithRSAEncryption => SHA512-224
> SHA512-256
> sha512-256WithRSAEncryption => SHA512-256 sha512WithRSAEncryption => 
> SHA512
> SHAKE128
> SHAKE256
> SM3
> sm3WithRSAEncryption => SM3
> ssl3-md5 => MD5
> ssl3-sha1 => SHA1
> whirlpool
>  
>  
> Thanks,
> Job
>  

-- 
Tomáš Mráz, OpenSSL

More information about the openssl-users mailing list