If you don't know or care what FIPS 140-2 is then count yourself very lucky and move on. There is a new development in the long running saga of the "hostage issue"[*]; the hostages have been executed: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747 Cross-referencing the Big Blob '0 Text in the rightmost cell on that NIST CMVP web site entry shows that fourteen of the original "hostages" were "executed": 47 Windows 2008 32-bit under vSphere Xeon E3-1220v2 (x86) None 48 Windows 2008 64-bit under vSphere Xeon E3-1220v2 (x86) None 49 RHEL 6 32-bit under vSphere Xeon E3-1220v2 (x86) None 50 RHEL 6 64-bit under vSphere Xeon E3-1220v2 (x86) 59 VMware Horizon Mobile 1.3 under VMware under Android 4.0 Qualcomm MSM8X60 (ARMv7) NEON 66 VMware Horizon Workspace 1.5 under vSphere Intel Xeon E3-1220 (x86) None 67 VMware Horizon Workspace 1.5 under vSphere Intel Xeon E3-1220 (x86) AES-NI 72 Linux 3.4 under Citrix XenServer Intel Xeon E5-2430L (x86) AES-NI 73 Linux 3.4 under VMware ESX Intel Xeon E5-2430L (x86) None 74 Linux 3.4 under VMware ESX Intel Xeon E5-2430L (x86) AES-NI 75 Linux 3.4 under Microsoft Hyper-V Intel Xeon E5-2430L (x86) None 76 Linux 3.4 under Microsoft Hyper-V Intel Xeon E5-2430L (x86) AES-NI 79 PexOS 1.0 under vSphere Intel Xeon E5-2430L (x86) None 80 PexOS 1.0 under vSphere Intel Xeon E5-2430L (x86) AES-NI along with what I'm guessing are accidental random bystanders: 8 Ubuntu 10.04 Intel Pentium T4200 (x86) None and one of 20 Linux 2.6 Broadcom BCM11107 (ARMv6) None 21 Linux 2.6 TI TMS320DM6446 (ARMv4) None I don't know which of 20 and 21 was executed (if deliberate) and which was spared; I have asked for clarification. I am assuming that platform 71, Linux 3.4 under Citrix XenServer Intel Xeon E5-2430L (x86), was spared only by mistake and will soon share the fate of its fellow hostages. If you are currently using a FIPS module on any of these 16 now deleted platforms, that module has retroactively become non-validated. It's my understanding from the test lab that we may be allowed to restore the deleted platforms, with modifications (once OSF has permission from the sponsors of those platforms). Obviously if those sponsors had been presented with the choice between complete removal of their platforms and restricting them to particular hypervisor versions they would have chosen the latter. Instead they were forced to choose between preserving their platforms and adding new platforms, which led us down the "ransom" path and months of delay... -Steve M. [*] See http://openssl.com/fips/hostage.html, http://openssl.com/fips/ransom.html -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
