| # OpenSSL Advisory: October 29th, 2018 (BoringSSL Not Affected) |
| |
| OpenSSL have published two security advisories ([1](https://openssl-library.org/news/secadv/20181029.txt), [2](https://openssl-library.org/news/secadv/20181030.txt)). Here's how they affect BoringSSL: |
| |
| CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL |
| ----|---------|-----------------------|--------------------- |
| CVE-2018-0734 | Timing vulnerability in DSA signature generation | Low | Not affected, impacted code was removed from BoringSSL in the initial fork |
| CVE-2018-0735 | Timing vulnerability in ECDSA signature generation | Low | Not affected, issue was introduced after fork |
| |
| [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity |
| |
| ## CVE-2018-0734 and CVE-2018-0735 |
| |
| These are low-severity timing leaks in OpenSSL’s EC scalar multiplication and DSA signing implementations. As a partial mitigation for a [deeper issue](https://github.com/openssl/openssl/issues/6640) in OpenSSL’s `BIGNUM` library, OpenSSL adds extra copies of the group order to the scalar before multiplying (EC) and exponentiating (DSA). This advisory addresses leaks in that logic. BoringSSL [removed](https://boringssl-review.googlesource.com/23075) the impacted code last year and [fixed](https://issues.chromium.org/issues/42290102) the underlying `BIGNUM` issue, so it is unaffected. |
