[openssl-users] OpenSSL FIPS Object Module 1.* is vulnerable to CVE-2014-3570?

Susumu Sai susumu.sai.2006 at gmail.com
Tue Feb 3 15:54:42 UTC 2015

CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS
Object Module 1.* also need to be fixed?

If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I
vulnerable to the CVE-2014-3570 attacks?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150203/99532581/attachment.html>

More information about the openssl-users mailing list