| # OpenSSL Advisory: April 16th 2018 |
| |
| OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20180416.txt). Here's how it affects BoringSSL: |
| |
| CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL |
| ----|---------|-----------------------|--------------------- |
| CVE-2018-0737 | Cache timing vulnerability in RSA Key Generation | Low | Fixed independently in March |
| |
| [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity |
| |
| ## CVE-2018-0737 |
| |
| The root cause in OpenSSL, the error-prone `BN_FLG_CONSTTIME` pattern was [removed](https://boringssl.googlesource.com/boringssl/+/0a211dfe91588d2986a8735e1969dd9202a8b025%5E!/) in BoringSSL some time ago, so the issues stemming from the code pattern do not impact BoringSSL. |
| |
| Of the particular [timing leaks](http://seclists.org/oss-sec/2018/q2/50) in RSA key generation, BoringSSL [fixed](https://boringssl.googlesource.com/boringssl/+/7fcbfdbdf3c42c2ed75d8328d215487a44ddf916%5E%21/) the second some time ago. The others affected BoringSSL until recently. We had recently independently rewritten RSA key generation to address these and additional side channels. This work was completed by the [end of March](https://issues.chromium.org/issues/42290108). |
