OpenSSL have published a security update addressing a bug. This bug partially affects BoringSSL as well, but only in a limited fashion, and it does not affect swift-nio-ssl or swift-crypto at all.
BoringSSL shares the same underlying bug in
BN_mod_sqrt as OpenSSL, but as BoringSSL does not support certificates or remote input of arbitrary EC curves it's not possible to reach that code path without doing either of:
EC_GROUP_new_curve_GFpwith untrusted curve parameters
BN_mod_sqrtwith untrusted moduli
We do neither, and so there is no impact from this issue.