| # OpenSSL Advisory: December 14th, 2021 (BoringSSL Not Affected) |
| |
| OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20211214.txt). Here's how it affects BoringSSL: |
| |
| CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL |
| ----|---------|-----------------------|--------------------- |
| CVE-2021-4044 | Invalid handling of X509_verify_cert() internal errors in libssl | Moderate | Not affected, issue was introduced after fork |
| |
| [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity |
| |
| ## CVE-2021-4044 |
| |
| BoringSSL is not affected. The issue was introduced after the fork, in OpenSSL 3.0. It was caused by mixing up return value conventions from the X.509 implementation, where either 0 or -1 may signal an error. |
| |
| To avoid similar issues, BoringSSL has narrowed APIs in other parts of the library to [only return 0](https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#return-values) on error. We plan to, but have not yet, do the same for the X.509 implementation. |
| |
| *Addendum January 28th, 2026: The `X509_verify_cert` function's return value was narrowed on [December 2023](https://boringssl-review.googlesource.com/c/boringssl/+/65067).* |
| |
| ## 32-bit MIPS carry overflow |
| |
| OpenSSL 1.1.1m and OpenSSL 3.0.1 additionally include a fix for a [carry overflow bug](https://github.com/openssl/openssl/commit/e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb) on 32-bit MIPS. BoringSSL does not include OpenSSL’s MIPS assembly and is not affected by this bug. |