[openssl-users] OpenSSL FIPS Object Module 2.011 approved
Steve Marquess
marquess at openssl.com
Fri Dec 18 17:25:36 UTC 2015
The 2.0.11 revision of the OpenSSL FIPS Object Module v2.0 has been
approved:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398
Note that this is the same module as for the #1747 and #2374
validations; the proliferation of validation numbers is due to the
"hostage" situation[1].
The 2.0.11 revision introduces support for eleven new platforms. It will
build and execute correctly for any platforms supported by the 2.0.10 or
earlier revisions of that module, for either the #1747 or #2473
validations, but a module built from the 2.0.11 tarball will not be
righteous for any platform not listed in the #2398 validation. Even
though that module will be functionally identical; yes that's confusing
as we now have multiple flavors of magical pixie dust.
So the rule of thumb is use the 2.0.11 tarball only for the platforms
listed with the #2398 validation, even though it will work for any of
the platforms included with any of the validations. Use the 2.0.10
tarball for everything else.
Note this latest validation update does not address the "X9.31 RNG
transition"; that paperwork is pending at the test lab for the OpenSSL
FIPS module and its three validations (#1747, #2398, #2473).
-Steve M.
[1] For masochists only: http://openssl.com/fips/aftermath.html
--
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-users
mailing list