If you don't know or care what FIPS 140-2 is then bail out now. Here be dragons. The CMVP has approved the mandated "X9.31 RNG transition"[1] update for two-thirds of the OpenSSL FIPS Object Module v2.0. That "transition" consists of editorial changes to the Security Policy document(s) and did not involve any changes to the OpenSSL FIPS module software. That module is, for perversely confusing reasons[2], covered by three nominally separate but very similar validations, #1747, #2398, and #2473. Those three validations collectively cover all the formally tested platforms for this OpenSSL FIPS module. As of yesterday our submissions for the #1747 and #2473 validations were approved and posted on the NIST CMVP web site. Those validations will thus presumably be spared the promised fate of de-listing to "not to be used" status on January 31. The documentation for the remaining validation, #2398, was submitted at the same time but is still pending. That delay will only be significant for users of the OpenSSL FIPS module on platforms listed only for the #2398 module. -Steve M. [1] http://csrc.nist.gov/groups/STM/cmvp/notices.html, see the section labeled "X9.31 RNG transition, December 31, 2015". [2] Details for masochists only: http://openssl.com/fips/ransom.html -- Steve Marquess OpenSSL Software Foundation 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
