Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.
Version
5.0
Type
SOFTWARE
Vendor
Red Hat, Inc.
100 E. Davie Street
Raleigh, NC 27601
USA
Contacts
Jaroslav Reznik
jreznik@redhat.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
DRBG 1594
8/11/2017
  • Red Hat Enterprise Linux 7.4 on Intel(R) Xeon(R) E5
  • Counter DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
HMAC 3108
8/11/2017
  • Red Hat Enterprise Linux 7.4 on Intel(R) Xeon(R) E5
AES 4696
8/11/2017
  • Red Hat Enterprise Linux 7.4 on Intel(R) Xeon(R) E5
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 32, 48, 64, 80, 96, 112, 128
    • IV Length: 56, 64, 72, 80, 88, 96, 104
    • Payload Length: 0-256
    • AAD Length: 0-524288
  • AES-CFB1
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB8
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation, Verification
        • Key Length: 128, 192, 256
        • MAC: 0-128
        • Message Length: 0-524288
        • Block Size: Full, Partial
  • AES-CTR
    • Key Length: 128, 192, 256
    • Counter Source: Internal
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96
    • Payload Length: 0, 120, 128, 248, 1024
    • AAD Length: 0, 120, 128, 248, 1024
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 4096
  • AES-KWP
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 8, 32, 72, 96, 808
  • AES-OFB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128
    • Block Size: Full, Partial
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 256
    • Block Size: Full, Partial
SHS 3843
8/11/2017
  • Red Hat Enterprise Linux 7.4 on Intel(R) Xeon(R) E5
  • SHA-1
    • Message Length: 0-65536 Increment 8
  • SHA-224
    • Message Length: 0-65536 Increment 8
  • SHA-256
    • Message Length: 0-65536 Increment 8
  • SHA-384
    • Message Length: 0-65536 Increment 8
  • SHA-512
    • Message Length: 0-65536 Increment 8