The 2.0.11 revision of the OpenSSL FIPS Object Module v2.0 has been approved: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398 Note that this is the same module as for the #1747 and #2374 validations; the proliferation of validation numbers is due to the "hostage" situation[1]. The 2.0.11 revision introduces support for eleven new platforms. It will build and execute correctly for any platforms supported by the 2.0.10 or earlier revisions of that module, for either the #1747 or #2473 validations, but a module built from the 2.0.11 tarball will not be righteous for any platform not listed in the #2398 validation. Even though that module will be functionally identical; yes that's confusing as we now have multiple flavors of magical pixie dust. So the rule of thumb is use the 2.0.11 tarball only for the platforms listed with the #2398 validation, even though it will work for any of the platforms included with any of the validations. Use the 2.0.10 tarball for everything else. Note this latest validation update does not address the "X9.31 RNG transition"; that paperwork is pending at the test lab for the OpenSSL FIPS module and its three validations (#1747, #2398, #2473). -Steve M. [1] For masochists only: http://openssl.com/fips/aftermath.html -- Steve Marquess OpenSSL Software Foundation 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
