OpenSSL have published two security advisories (1, 2). Here's how they affect BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2018-0734 | Timing vulnerability in DSA signature generation | Low | Not affected, impacted code was removed from BoringSSL in the initial fork |
| CVE-2018-0735 | Timing vulnerability in ECDSA signature generation | Low | Not affected, issue was introduced after fork |
These are low-severity timing leaks in OpenSSL’s EC scalar multiplication and DSA signing implementations. As a partial mitigation for a deeper issue in OpenSSL’s BIGNUM library, OpenSSL adds extra copies of the group order to the scalar before multiplying (EC) and exponentiating (DSA). This advisory addresses leaks in that logic. BoringSSL removed the impacted code last year and fixed the underlying BIGNUM issue, so it is unaffected.