Re: [openssl-users] FIPS, continuous tests, and error reporting

From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Date: 02/19/15 11:34 Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting   The low level cipher and digest APIs cannot be used in FIPS mode: you have to use EVP. That's quite an important

Re: [openssl-users] OpenSSL FIPS mode system integration

On Feb 19, 2015 10:50am Henrik Grindal Bakken wrote: I'm not sure it will be called on every conceivable error in the FIPS module, but what I do in similar situations is something like this: static int post_cb(int op, int id, int subid, void *ex) { if (op == FIPS_POST_FAIL)

Re: [openssl-users] FIPS, continuous tests, and error reporting

-Original Message- From: Salz, Rich rs...@akamai.com To: openssl-users@openssl.org Date: 02/19/15 07:43 Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting For that matter and in a general sense, so far I've seen that many encryption methods do not

Re: [openssl-users] OpenSSL FIPS mode system integration

-Original Message- From: Marcus Meissner meiss...@suse.de To: openssl-users@openssl.org Date: 02/19/15 08:07 Subject: Re: [openssl-users] OpenSSL FIPS mode system integration Well, the writing is that the crypto module must stop operating on error.   We solved this by

Re: [openssl-users] Using FIPS mode and modifying apps

Steve Marquess marqu...@openssl.comwrote on 01/27/15 09:18: Thank you (and Tom) for your comments - much appreciated. Tom Francis nailed the answer to this one. We did design the FIPS module + FIPS capable OpenSSL combination to make it possible to have a system wide FIPS mode capability, but

[openssl-users] FIPS: Error compiling 1.0.1e: 'T' vs. 't'

Hello, There is a problem with compiling the openssl-1.0.1e.tar.gz sources against the FIPS 2.0 canister. On my machine the following is declared global: 000dd3c0 T private_AES_set_decrypt_key 000dd0f0 T private_AES_set_encrypt_key On another machine, they are declared local

[openssl-users] FIPS: Error compiling 1.0.1e: 'T' vs. 't'

Hello, There is a problem with compiling the openssl-1.0.1e.tar.gz sources against the FIPS 2.0 canister. On my machine the following is declared global:  000dd3c0 T private_AES_set_decrypt_key  000dd0f0 T private_AES_set_encrypt_key On another machine, they are declared local

[openssl-users] FIPS: Converting AES_ctr128_encrypt() to EVP_ methods

Hello, An application that needs converting to FIPS is currently using AES_ctr128_encrypt().  That function calls in turn CRYPTO_ctr128_encrypt() which then does some internal computations.  They are not documented in the 'full list of crypto APIs'.  What would be the FIPS-compatible EVP

[openssl-users] FIPS: ECC licensing

Hello,   The licenses, patents for ECC was noticed.  In short, if we do not care about this in the sense of not willing to be in any patent infringement situation down the road, the -ecb archive should be used, is that right ?  Also, there is a mention of a NSA-PLA.pdf agreemnet statement. 

Re: [openssl-users] FIPS: Problem building 1.0.1e: 'T' vs. 't'

From: Dr. Stephen Henson st...@openssl.org Date: 03/17/15 12:28 What are the two platforms? That is what does: First of all, I'm very, very sorry to have posted duplicates of the question.  The web-access email client is, was, a bit on the fuzzy side, stalling and reporting errors. It

Re: [openssl-users] Runtime list of FIPS ciphers

From: Dr. Stephen Henson st...@openssl.org Date: 03/20/15 12:48    OPENSSL_FIPS=1 openssl ciphers -v  openssl ciphers -v FIPS Thanks, this works great, on the workstation where I have installed at default development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.  However, we

[openssl-users] Runtime list of FIPS ciphers

Hello,   I have the impression that the 'ciphers -v' option to openssl, when OpenSSL is compiled in FIPS mode, lists more than FIPS-only.  There are RC5 and RC4 in there, for instance.  Is there a specific openssl command that will list only the ones that are FIPS-allowed  ? Regards.

[openssl-users] FIPS: Problem building 1.0.1e : 'T' vs. 't'

Hello, There is a problem with compiling the openssl-1.0.1e.tar.gz sources against the FIPS 2.0 canister. On my machine the following is declared global: 000dd3c0 T private_AES_set_decrypt_key 000dd0f0 T private_AES_set_encrypt_key On another machine, they are declared local

[openssl-users] FIPS: Error compiling 1.0.1e: 'T' vs. 't'

Hello, There is a problem with compiling the openssl-1.0.1e.tar.gz sources against the FIPS 2.0 canister. On my machine the following is declared global:  000dd3c0 T private_AES_set_decrypt_key  000dd0f0 T private_AES_set_encrypt_key On another machine, they are declared local

[openssl-users] FIPS: Common method executed in case of error

Hello,   Is there a method that is always in the path of execution when a crypto error occurs ?  The reason for asking is that I would like to very slightly modify the OpenSSL FIPS version so that it will write a file in tmpfs when an error occurs.  That place will be observed by another app

Re: [openssl-users] FIPS: Common method executed in case of error

From: Steve Marquess marqu...@openssl.com Date: 03/10/15 08:56 Hello,   Thanks for your reply. You're talking about a Level 2 validation (or higher)? You most definitely do *not* want to include the OS or applications in the cryptographic module boundary for Level 1. It's a level 2. 

Re: [openssl-users] FIPS: Common method executed in case of error

Is there a method that is always in the path of execution when a crypto error occurs ?  It looks like fips_set_selftest_fail() would be a likely candidate where to create an empty file on a tmpfs in order to let the OS know about the error. Comments and suggestions welcomed.  Based on

Re: [openssl-users] FIPS: Common method executed in case of error

From: Dr. Stephen Henson st...@openssl.org Date: 03/10/15 20:04 I mean you could add a callback to FIPS_mode_set using FIPS_post_set_callback: see the fips_test_suite.c application for an example. The supplied callback is called during each POST, continuous RNG and pairwise consistency

Re: [openssl-users] FIPS: Common method executed in case of error

From: Dr. Stephen Henson st...@openssl.org Date: 03/10/15 10:21 Although you cannot modify the FIPS module itself without voiding the validation you *can* change the FIPS capable OpenSSL. You might (for example) change FIPS_mode_set() to always add a callback which logs any errors. I

Re: [openssl-users] FIPS: Which DRBG ?

From: Steve Marquess marqu...@openssl.com Date: 03/24/15 12:38   No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early 2014) for use as-is in doing copycat validations. Some non-trivial code hacks will be necessary.   We'll do a new open source based validation to

[openssl-users] FIPS: Which DRBG is default ?

Hello,   When an application does not define OPENSSL_DRBG_DEFAULT_TYPE nor OPENSSL_DRBG_DEFAULT_FLAGS nor any compilation options (if applicable), is the default DRBG the 256 bit CTR AES (+ deviation function) in FIPS mode ? Regards. ___

[openssl-users] FIPS Linux kernel documentation ?

Hello,   This is not about OpenSSL, although from experience, maybe some know the answer. Does anyone know if actual documentation exists for the Linux kernel FIPS mode apart from the source itself ?  There is nothing in Documentation/ as per 3.18.2.  - thanks. Regards.

[openssl-users] FIPS: Which DRBG ?

Hello, Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the OpenSSL source code does not seem to mention SP 800-90A.  Only SP 800-90.  So the certifications were made for SP 800-90, is that right ? Also, does it depend on the application to choose which DRBG and

[openssl-users] FIPS errors: finding causes for failure

Hello,   As part of development, still using the fips_hmac test code, this time on a target unit using 1.0.1e, the following errors are shown at the console: 3069614096:error:2D088086:FIPS routines:FIPS_selftest_x931:selftest failed:fips_rand_selftest.c:171: 3069614096:error:2D082086:FIPS

[openssl-users] Testing FIPS mode using 0 randomness

Hello,   I tried a simple test to see if FIPS mode would fail, using the example given in the FIPS user guide 2.0.  The test consisted of replacing the /dev/random and /dev/urandom with /dev/zero.  I would have expected that no source of randomness would make the tests ran at the call of

[openssl-users] FIPS methods and symlinks

Hello,   To grasp how FIPS methods are called, and following one method as an example, HMAC_Update() in hmac.c, we can see that if FIPS mode is active then FIPS_hmac_update() will be called.  This is fine although searching the sources for the physical definiton of FIPS_hmac_update() does not

Re: [openssl-users] FIPS: Any setup required for using a default DRBG ?

From: jonetsu jone...@teksavvy.com Date: 03/26/15 11:11   Is FIPS_mode_set(1) taking care of setting up a default DRBG ?  Yes. It does.  When using post_cb() from fips_test_suite.c in for instance the fips_hmac.c demo, with only but a FIPS_mode_set(1) call, it is reported that the four

Re: [openssl-users] FIPS: Which DRBG ?

From: Steve Marquess marqu...@openssl.com Date: 03/24/15 09:22 At the time that validation was obtained the four (at the time) DRBGs were specified by SP800-90. That document was subsequently reissued in several pieces; the current SP800-90A now contains the specifications for the three

[openssl-users] FIPS: Any setup required for using a default DRBG ?

Hello,   Is FIPS_mode_set(1) taking care of setting up a default DRBG ?  Would a subsequent call to RAND_pseudo_bytes() for instance be using the default DRBG ( 256-bit CTR AES ?) There are quite a few DRBG-related FIPS methods described in the User Guide, and one that is called

Re: [openssl-users] FIPS mode restrictions and DES

Thanks for all the comments, they're much appreciated. It is a Debian system, so there is no Red Hat FIPS validation (or SuSE which also has one I think) or validated components that can be used. If I may, I'd like to ask about including the Linux kernel in the validation. Now, including glibc2

Re: [openssl-users] FIPS mode restrictions and DES

From: Steve Marquess marqu...@openssl.com Date: 04/14/15 09:31 and note that of the 101 platforms (OEs) appearing there, most of those operating systems are neither CC certified nor have any other FIPS 140-2 validated crypto. Keep in mind that at Level 1 the validation applies to the

[openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update

Hi, ... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode) https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0 Specifically: FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0 FCS_TLSS_EXT.2.2 The TSF shall deny connections

Re: [openssl-users] Delete a post to openssl-user mailing list

What is the security risk? Management ? :) -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-Delete-a-post-to-openssl-user-mailing-list-tp57653p57670.html Sent from the OpenSSL - User mailing list archive at Nabble.com.

Re: [openssl-users] Delete a post to openssl-user mailing list

It can be indeed easy to find out about companies in Hartford, CT but, I still do not see any threat to any existing product. 'Having problems with OpenSSL' is not good enough. In any case, when concerned, do like many people and use a pseudo from another mailing system. Employees will not gain

Re: [openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update

Hello, In FIPS mode SSL 3.0 is not allowed: that has always been the case. % openssl version OpenSSL 1.0.1f 6 Jan 2014 % OPENSSL_FIPS=1 openssl ciphers -v | grep SSL ECDHE-RSA-AES256-SHASSLv3 ECDHE-ECDSA-AES256-SHA SSLv3 DHE-RSA-AES256-SHA SSLv3 DHE-DSS-AES256-SHA SSLv3

Re: [openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update

SSLv3 in the ciphersuite definition means it can be used in SSLv3 *and later*. A ciphersuite isn't defined once for SSLv3, and then again for TLS1.0, and again for TLS1.1 etc - its just defined once and is reused across multiple protocol versions. Yes, this is what I basically understood.

Re: [openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update

That refers to the minimum version of the ciphersuite: it doesn't imply that it will only be used in SSLv3 (which is disabled in FIPS mode). Hmmm... I'm sorry but I do not really understand this. Since openssl is run in FIPS mode, and since SSLv3 is disabled, then why would the SSLv3 ciphers

[openssl-users] Porting to EVP methods: AES_set_encrypt_key()

Hello, The context is migrating an application to use EVP only methods. AES_set_encrypt_key(...) AES_cfb128_encrypt(...) The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*, what about the AES_set_encrypt_key() ? I haven't found yet any correlation to the EVP methods, let alone an

[openssl-users] SHA256() to EVP_* ?

Hello, What would be the equivalent of the SHA256() function in the EVP class of methods ? EVP_sha256() could be it, although from the short description in manual page it does not seemingly fit in, returning a EVP_MD which is, if not mistaken, a env_md_st structure. The code I'm adapting to EVP

Re: [openssl-users] SHA256() to EVP_* ?

Thanks for the comments. If you are implementing HMAC, perhaps for PBKDF2 (which does that prehash-if-too-long), I hope you mean the code does... Yes it does. The man page (the one online from OpenSSL project - SHA256.html) gives a description using SHA1() which computes a message digest.

Re: [openssl-users] SHA256() to EVP_* ?

Even a small convenience is still a convenience. And eventually they add up. Thanks for the comments - it's appreciated. -- View this message in context: http://openssl.6102.n7.nabble.com/SHA256-to-EVP-tp57774p57826.html Sent from the OpenSSL - User mailing list archive at Nabble.com.

Re: [openssl-users] FIPS mode restrictions and DES

Thanks for the comments - much appreciated. The following question might be on the naive side of things, but then I'm all new to this. Since crypt() in glibc2 supports SHA-256 and SHA-512 for password, and assuming that these two are FIPS compatible, what would be the (financial) overhead of

Re: [openssl-users] FIPS mode restrictions and DES

Salz, Rich wrote As the old joke goes, if you have to ask, you can't afford it. Well, exploration can be free. I noticed that Strongswan uses a plug-in architecture for crypto that seemingly allows the use of OpenSSL instead of the kernel for crypto operations, for use under FIPS. Does anyone

Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

Does this mean, since the 'no insert fragments' is part of SSL_OP_ALL, that OpenSSL is BEAST-proof since some time regarding it's use of TLS 1.0 and SSL 3.0 ? Thanks. -- View this message in context:

Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

Thanks for your comments - much appreciated. What is exactly the poodle patch and how doe sit come into providing some form of protection against the BEAST attack ? -- View this message in context:

Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

OK. So this means that the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not the solution for the BEAST attack. Is there a solution while keeping TLS 1.0 and SSL v3.0 ? Thanks. -- View this message in context:

Re: [openssl-users] New FIPS 140-2 SE Validation Approved

The validation is on the ARM platform using Linux 2.4. I am one of those 'unlucky' having to deal with FIPS so please pardon any silly questions. Would this validation be limited to these two aspects ? And, is there any money-saving advantage at using an already validated OpenSSL when the whole

[openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

Hello, Our Nessus version  6.4.1 is detecting a BEAST vulnerability against OpenSSL  1.0.1e.  The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as 0x0800L and several tests are made for this value in the code.  The CHANGES mentions though that this had some side effects, the

[openssl-users] CAVP protocol testing - what does it really consist of ?

Hello, Sorry if this is a bit beside OpenSSL per se, the idea behind this post is to perhaps have some information form the OpenSSL experience with FIPS validation.  There was so much effort put into FIPS compliance that it would not be far-fetched to consider that there is also knowledge

Re: [openssl-users] CAVP protocol testing - what does it really consist of ?

> From: "Steve Marquess" > Date: 10/21/15 14:18 > See Appendix B of the OpenSSL FIPS User Guide: >  https://openssl.org/docs/fips/UserGuide-2.0.pdf Thanks. > The specific algorithm tests have changed quite a bit since then > (constant change is part of the fun), but

[openssl-users] 'FIPS_CIPHERINIT:disabled' in fips mode error in 1.0.1e

In 1.0.1e the following is observed when using OpenSSL in FIPS mode:  % OPENSSL_FIPS=1 openssl pkcs12 -export -in  /tmp/ipsec.d/certs/192.168.11.1 -inkey  /tmp/ipsec.d/private/192.168.11.1 -name 192.168.11.1 -out  /tmp/ipsec.d/192.168.11.1.p12 -password pass:""  

[openssl-users] OpenSSL public repository, bug tracker ?

Sorry if this is answered elsewhere ... Is the version control repository as well as the bug tracker of public read access ? Is it possible to find a specific commit in the OpenSSL repository that would hopefully fix a single discovered/reported bug ? We have hit the

[openssl-users] (2013) : PKCS12 keystore creation failing in fips mode (RT3515)

Hello, There is a thread in 2013 (30 May 03:15) in which Steve writes that OpenSSL 1.0.1 has a bug regarding the use of PKCS12 in FIPS mode since it tries to handle a certificate using a non-FIPS component.  I think I found the commit that fixes this, although it is part of a quite huge

[openssl-users] How to access a bug fix ?

Hello,  I would like to see the bug fix for RT3515 'Use 3DES in pkcs12 if built with no-rc2' although the opnssl tree I got recently does not show it: % git status On branch master Your branch is up-to-date with 'origin/master'. % git show 92830dc1ca0bb2d12bf05a12ebb798709595fa5a fatal: bad

Re: [openssl-users] Elliptic curves approved or recommended by government

In the NSA page referred above, the p-384 curves are specifically mentioned for DH. These would be the ones covered by the Suite B NSA license sub-licensed to OpenSSL, are they ? Is it possible to build OpenSSL in FIPS in such a way that only these curves will be used ? Regards. -- View this

Re: [openssl-users] Behaviour facing a broken OCSP responder

> From: "Salz, Rich" > Date: 09/14/15 16:07 > Are you talking about the command-line? Yes. > It would be great if someone sent in a patch that standardized > and documented exit codes, like 0 for got a "good" > response, "1" for got a "bad" response, and 10 for got an >

[openssl-users] Behaviour facing a broken OCSP responder

Hello, The documentation does not seem too clear about what the behaviour exactly is when OpenSSL deals with a broken OCSP responder.  For instance, one that would send an OK without any contents.  We call openssl from an application and would like to know what is returned in such a case, or

[openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Hello, I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4 compliance.  We are using OpenSSL 1.0.1e with the fips-2.0.9 module.    Would it make functional sense using those versions to patch RSA_generate_key_ex() (../crypto/rsa/rsa_gen.c) to have:  #ifdef OPENSSL_FIPS

Re: [openssl-users] openSSL and SLOTH attack

Does this mean that running 1.01e in FIPS mode is protected regarding this SLOTH attack ? -- View this message in context: http://openssl.6102.n7.nabble.com/openSSL-and-SLOTH-attack-tp62055p62074.html Sent from the OpenSSL - User mailing list archive at Nabble.com.

[openssl-users] Difference in the methods for listing the FIPS ciphers

Hello, Using 1.0.1e running FIPS module 2.0.9, the following two commands for querying the ciphers do not yield the same results. There are more ciphers declared in the 'string' version. The 'environment variable' version: % OPENSSL_FIPS=1 openssl ciphers -v | The 'string' version: % openssl

Re: [openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if this means an upgrade ?) Thanks. -- View this message in context: http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61769.html Sent from the OpenSSL - User mailing list

Re: [openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Sorry, I forgot: What about the code itself, if we do not mind the validation ? Is the 185-4 RSA compatible code present in any OpenSSL/FIPS module ? -- View this message in context: http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61774.html Sent

Re: [openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

What would then be the permitting conditions to pursue a new validation ? If you don't mind me asking. I have read several notes you have on the subject and I agree that the whole thing is of Dedalus proportions. In a nutshell what would be these conditions ? Thanks, much appreciated. --

Re: [openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Fair enough (in this context). But what about the code itself, is it ready to be RSA 186-4 compliant ? And, if we go through a validation, can OpenSSL benefit from it ? -- View this message in context:

Re: [openssl-users] openSSL and SLOTH attack

> Does FIPS mode prevent use of MD5: Yes. > Does FIPS mode prevent insecure uses of SHA-1 (a FIPS > algorithm): No. > Does FIPS mode prevent the SSL/TLS handshake from using 96 bit > truncated HMAC values: Probably not. > Does FIPS mode prevent use of the insecurely designed > 'tls-unique'

[openssl-users] TLS 1.0 in FIPS mode ?

Hello, Does OpenSSL allows TLS 1.0 when running in FIPS mode ? Thanks. -- View this message in context: http://openssl.6102.n7.nabble.com/TLS-1-0-in-FIPS-mode-tp65343.html Sent from the OpenSSL - User mailing list archive at Nabble.com. -- openssl-users mailing list To unsubscribe:

[openssl-users] FIPS 186-4 support ?

Hello, Is there anything new regarding the prime number requirement handling for FIPS 186-4, as far as supporting it ? I asked some time ago. Just want to see if anything has changed, if there's anything planned. - thanks ! -- View this message in context:

[openssl-users] linker input file unused/linking not done gcc warning

Hello, Is it normal to get a 'linker imput file unused because linking not done' warning when compiling C code that uses OpenSSL in FIPS mode, hence using fipsld ? The object file is actually generated,a s well as the executable, and it does execute in a meaningful manner. The warning: [...]

Re: [openssl-users] FIPS: using libcrypto.so ?

Thanks for the explanation. > Just link against the library produced by the FIPS capable > OpenSSL build. If, for some reason, that only produced > libcrypto.a, then you need to investigate why — perhaps you > passed “no-shared” when running the config script? The confusion came from trying to

[openssl-users] FIPS: Simulating failure at run-time ?

Hello, Is it possible to simulate FIPS failure at run-time, at any given time ? Or does OpenSSL have to start in failure simulation mode ? Also, is failure simulation a standard part of a normal, non-debug, build ? Thanks. -- View this message in context:

[openssl-users] FIPS canister 2.0.12 and 186-4

Hello, Does 2.0.12 support 186-4 ?  Specifically, does it support the RSA requirements  ? Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS: using libcrypto.so ?

The current FIPS User Guide mentions: "3.3 Creation of Shared Libraries The FIPS Object Module is not directly usable as a shared library, but it can be linked into an application that is a shared library. A “FIPS compatible” OpenSSL distribution will automatically incorporate an

[openssl-users] FIPS mode: Need to use FIPS versions of (EVP) methods ?

FIPS: Need to use FIPS versions of (EVP) methods ? In FIPS mode, is there a need to use the FIPS_* methods instead of the regular ones once FIPS_mode_set(1) was successfully executed ? For instance, is there a need to use FIPS_evp_sha1() instead of EVP_sha1() ? Wouldn't the FIPS version of

[openssl-users] Reasons to go from 2.0.9 FOM to 2.0.12 ?

Hello, We are using FOM 2.0.9 for an embedded product that will go for FIPS validation.  Validation of the full product, that is.  All development so far is with 2.0.9.  What would be the reasons, if any, to update to 2.0.12 before going to the lab ? Thanks - comments much appreciated. --