On 01/27/2016 01:19 PM, Imran Ali wrote: > Thanks Steve - for the explanation. > > We are using these libraries for Windows 2012 R2 which is 6.3 and certificate #1747 mentions Windows 7 which is 6.1. I am hoping based on below that we are OK to use it under Windows 2012 R2 > > https://msdn.microsoft.com/en-gb/library/windows/desktop/ms724832(v=vs.85).aspx "Windows 2012 R2" and "Windows 7" are different OEs in FIPS-land. The CMVP goes by nominal OS branding and doesn't pay any attention to the actual underlying software. For instance, if you roll your own "white box" system from a Linux kernel then your OS is (say) "Linux 3.10". When you upgrade that kernel to 3.13, then you no longer have a match with the "Linux 3.10" OE. But, if you instead used an "Ubuntu 14.04" system and the OS vendor (Canonical) upgraded the kernel from 3.10 to 3.13, then you'd still have a match because it is still called "Ubuntu 14.04". So what to a software engineer is superficial branding becomes significant in FIPS-land. Note for that reason many vendors with "white box" systems choose to give their customized OS a distinctive brand name (e.g. "AcmeOS 1.0") so that the same formally tested OE will cover multiple Linux kernels under that OS brand name and unchanged OS version number. It would be a bit of a stretch to re-brand Microsoft Windows, though. Your options are to leverage I.G. G.5 "user affirmation", or to sponsor addition of a Windows 2012 R2 platform. -Steve M. -- Steve Marquess OpenSSL Software Foundation 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
