[openssl-users] OpenSSL FIPS Object Module 1.* is vulnerable to CVE-2014-3570?

CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS Object Module 1.* also need to be fixed? If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I vulnerable to the CVE-2014-3570 attacks? ___ openssl-users mailing

[openssl-users] Is CVE-2014-3570 fixed in FIPS Object Module 1.* (1.1.2, 1.2, 1.2.2 ...)

CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS Object Module 1.* also need to be fixed? If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I vulnerable to the CVE-2014-3570 attacks? ___ openssl-users mailing

3/30/2013 5:06:04 AM

http://www.profinancas.com/ssxawjky/ktcj.qdz?ibqv Susumu Sai

Re: Crosscompiling openssl-fips-1.2 for arm-linux - still FIPS compliant?

Similar question. With the problem http://www.mail-archive.com/openssl-users@openssl.org/msg58527.html In order to make fipslink.pl work with MKS perl, in fipslink.pl, if I make a change that add a line like below: $sha1_exe =~ s/\\/\//g; - After this change, fipslink.pl will work