[openssl-users] Is CVE-2014-3570 fixed in FIPS Object Module 1.* (1.1.2, 1.2, 1.2.2 ...)

Susumu Sai susumu.sai.2006 at gmail.com
Sat Jan 31 01:45:19 UTC 2015


CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS
Object Module 1.* also need to be fixed?

If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I
vulnerable to the CVE-2014-3570 attacks?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150130/c2178aa4/attachment.html>


More information about the openssl-users mailing list