Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Document CVE-2021-4160

Browse Source 
This was fixed in openssl 3.0.1 by #17258 and assigned
CVE-2021-4160 but unfortunately forgotten to mention
in the CHANGES and/or NEWS.

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29051)

(cherry picked from commit 134f17d526)
This commit is contained in:
Bernd Edlinger
2025-11-03 14:00:15 +01:00
committed by Tomas Mraz
parent cff7f1e7b7
commit 9b8fdbd830
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
CHANGES.md
View File

@@ -2015,6 +2015,24 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.0 and 3.0.1 [14 Dec 2021]
* Fixed carry bug in BN_mod_exp which may produce incorrect results on MIPS
squaring procedure. Many EC algorithms are affected, including some of the
TLS 1.3 default curves. Impact was not analyzed in detail, because the
pre-requisites for attack are considered unlikely and include reusing
private keys. Analysis suggests that attacks against RSA and DSA as a result
of this defect would be very difficult to perform and are not believed
likely. Attacks against DH are considered just feasible (although very
difficult) because most of the work necessary to deduce information about
a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have
to share the DH private key among multiple clients, which is no longer
an option since CVE-2016-0701.
The issue only affects OpenSSL on MIPS platforms.
([CVE-2021-4160])
*Bernd Edlinger*
* Fixed invalid handling of X509_verify_cert() internal errors in libssl
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to
verify a certificate supplied by a server. That function may return a

2
NEWS.md
View File

@@ -502,6 +502,8 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021]
* Fixed carry bug in BN_mod_exp which may produce incorrect results on MIPS
([CVE-2021-4160])
* Fixed invalid handling of X509_verify_cert() internal errors in libssl
([CVE-2021-4044])
* Allow fetching an operation from the provider that owns an unexportable key