[openssl-users] OpenSSL FIPS Object Module 1.* is vulnerable to CVE-2014-3570?

Tue, 03 Feb 2015 07:55:50 -0800 

CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS
Object Module 1.* also need to be fixed?

If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I
vulnerable to the CVE-2014-3570 attacks?

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to