SHA3 implementation problem

To: tech-userlevel%NetBSD.org@localhost
Subject: SHA3 implementation problem
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Tue, 7 Mar 2023 09:55:33 +0100

Hi!

https://eprint.iacr.org/2023/331

says

"This paper describes a vulnerability in several implementations of
the Secure Hash Algorithm 3 (SHA-3) that have been released by its
designers. The vulnerability has been present since the final-round
update of Keccak [...]  It affects all software projects that have
integrated this code, [...]. The vulnerability is a buffer overflow
that allows attacker-controlled values to be eXclusive-ORed (XORed)
into memory (without any restrictions on values to be XORed and even
far beyond the location of the original buffer), thereby making many
standard protection measures against buffer overflows (e.g., canary
values) completely ineffective."

I looked for SHA 3 and keccak and found at least the following hits in
our tree:

common/lib/libc/hash/sha3/sha3.c
crypto/external/bsd/openssl/dist/crypto/evp/m_sha3.c
crypto/external/bsd/openssl/dist/crypto/sha/asm/
crypto/external/bsd/openssl/dist/crypto/sha/keccak1600.c
crypto/external/bsd/openssl/dist/crypto/evp/m_sha3.c
crypto/external/bsd/openssl.old/...
external/public-domain/sqlite/dist/shell.c

Has anyone investigated if NetBSD is affected and how often?
 Thomas

Follow-Ups:
- Re: SHA3 implementation problem
  - From: Taylor R Campbell

Prev by Date: Re: Controlling Daemons (inetd or aunchd or relaunchd?)
Next by Date: Re: SHA3 implementation problem
Previous by Thread: make(1): is this a bug or PEBKAC?
Next by Thread: Re: SHA3 implementation problem
Indexes:

Home | Main Index | Thread Index | Old Index