OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2022-2068 | The c_rehash script allows command injection | Moderate | Not affected. BoringSSL does not ship this script. |
The 1.1.1p release additionally includes the following changes:
The BN_mod_exp_mont_consttime function would sometimes return the modulus when it should return zero. This fix was based on a corresponding BoringSSL fix (part 1, part 2), applied June 3rd, 2022. While this function is used in many cryptographic algorithms, we believe there is no security impact to algorithms implemented by BoringSSL. See the BoringSSL fix for more detailed analysis.
The Lucky 13 mitigation was changed to avoid leaking information under a model of cache line behavior. BoringSSL is not affected. We previously changed this logic in September 2016 to meet a stricter constant-time model, which makes no assumptions on the behavior of cache lines.