<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Hi,</div><div class=""><br class=""></div>BoringSSL reported an out-of-bounds read in BN_mod_exp_mont_consttime and appear to have patched it: <a href="https://boringssl-review.googlesource.com/#/c/1393/" class="">https://boringssl-review.googlesource.com/#/c/1393/</a><div class=""><br class=""></div><div class="">How serious is this issue? Are there any plans for OpenSSL to use a similar fix too?</div><div class=""><br class=""></div><div class="">Cheers</div><div class="">Parag</div></body></html>