[openssl-users] Provisional FIPS 140-2 casualty list

Jeffrey Walton noloader at gmail.com
Mon Jun 22 06:36:33 UTC 2015

Hi Steve,

Forgive my ignorance....

>From the previous postings, I *thought* that the validation only
applies to real iron, and [retroactively] was not conferred to the
VMs. But it seems like this list includes real hardware, too:

    12  Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit)
(gcc Compiler Version 4.1.3)
    32  Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3)
    33  Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3)

Those caught my eye because I used them in the past (specifically, 12).

What exactly changed? Or where is my disconnect?


On Thu, Jun 18, 2015 at 11:17 AM, Steve Marquess <marquess at openssl.com> wrote:
> If you don't know or care what FIPS 140-2 is then count yourself very
> lucky and move on.
> I've created a new web page to summarize the current status of the
> long-running hostage saga:
>   http://openssl.com/fips/aftermath.html
> If you use the OpenSSL FIPS Object Module 2.0 (validation #1747), you
> should confirm that any platforms you use that module on are among the
> survivors.
> However, don't panic quite yet if you're using one of the deleted
> platforms. I'm pretty sure that the "Big Blob 'o Text" list as currently
> posted has several clerical errors that the CMVP will eventually
> correct. Also, I expect to receive permission from at least some of the
> directly impacted platform sponsors to supply information for revised
> platform descriptions. Once those are up, then you can panic.
> New developments will be noted in this new web page.

More information about the openssl-users mailing list