There are two issues fixed in this security advisory:
A bug in the SM2 decryption implementation incorrectly calculates a buffer needed to hold the plaintext leading to a potential buffer overflow.
[CVE-2021-3711]
ASN1_STRING structures directly constructed, instead of using library functions, may not be NULL-terminated resulting in library functions causing a read buffer overrun. [CVE-2021-3712]
