### Changes between 3.0.0 and 3.0.1 [14 Dec 2021]
+ * Fixed carry bug in BN_mod_exp which may produce incorrect results on MIPS
+ squaring procedure. Many EC algorithms are affected, including some of the
+ TLS 1.3 default curves. Impact was not analyzed in detail, because the
+ pre-requisites for attack are considered unlikely and include reusing
+ private keys. Analysis suggests that attacks against RSA and DSA as a result
+ of this defect would be very difficult to perform and are not believed
+ likely. Attacks against DH are considered just feasible (although very
+ difficult) because most of the work necessary to deduce information about
+ a private key may be performed offline.
+ The amount of resources required for such an attack would be significant.
+ However, for an attack on TLS to be meaningful, the server would have
+ to share the DH private key among multiple clients, which is no longer
+ an option since CVE-2016-0701.
+ The issue only affects OpenSSL on MIPS platforms.
+ ([CVE-2021-4160])
+
+ *Bernd Edlinger*
+
* Fixed invalid handling of X509_verify_cert() internal errors in libssl
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to
verify a certificate supplied by a server. That function may return a
### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021]
+ * Fixed carry bug in BN_mod_exp which may produce incorrect results on MIPS
+ ([CVE-2021-4160])
* Fixed invalid handling of X509_verify_cert() internal errors in libssl
([CVE-2021-4044])
* Allow fetching an operation from the provider that owns an unexportable key
projects / thirdparty / openssl.git / commitdiff
