Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.
Version
6.0
Type
SOFTWARE
Vendor
Red Hat, Inc.
100 E. Davie Street
Raleigh, NC 27601
USA
Contacts
Jaroslav Reznik
fips140@redhat.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
Component 1700
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
  • KAS-ECC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
    Prerequisites:
  • KAS-FFC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • FB:
              • Hash Algorithm: SHA2-224
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
HMAC 3459
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
TDES 2642
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB1
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB64
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB8
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CMAC
      • Capabilities:
        • Direction: Generation
        • Keying Option: 1
        • MAC: 0-64
        • Message Length: 0-524288
        • Block Size: Full, Partial
      • Capabilities:
        • Direction: Verification
        • Keying Option: 1
        • MAC: 0-64
        • Message Length: 0-524288
        • Block Size: Full, Partial
  • TDES-CTR
    • Counter Source: Internal
  • TDES-ECB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-OFB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
ECDSA 1353
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
DRBG 1993
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
  • Counter DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
RSA 2792
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.3
          • Properties:
            • Modulo: 2048
            • Primality Tests: C.2
          • Properties:
            • Modulo: 3072
            • Primality Tests: C.2
    • Public Exponent Mode: Random
    Prerequisites:
  • RSA SigGen (186-2)
      • Capabilities:
        • Signature Type: ANSI X9.31
        • Modulo: 4096
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
        • Modulo: 4096
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
        • Modulo: 4096
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
    Prerequisites:
SHS 4207
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
  • SHA-1
    • Message Length: 0-65536 Increment 8
  • SHA-224
    • Message Length: 0-65536 Increment 8
  • SHA-256
    • Message Length: 0-65536 Increment 8
  • SHA-384
    • Message Length: 0-65536 Increment 8
  • SHA-512
    • Message Length: 0-65536 Increment 8
DSA 1350
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
AES 5227
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 32, 48, 64, 80, 96, 112, 128
    • IV Length: 56, 64, 72, 80, 88, 96, 104
    • Payload Length: 0-256
    • AAD Length: 0-524288
  • AES-CFB1
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB8
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation, Verification
        • Key Length: 128, 192, 256
        • MAC: 0-128
        • Message Length: 0-524288
        • Block Size: Full, Partial
  • AES-CTR
    • Key Length: 128, 192, 256
    • Counter Source: Internal
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96
    • Payload Length: 0, 120, 128, 248, 1024
    • AAD Length: 0, 120, 128, 248, 1024
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 4096
  • AES-KWP
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 8, 32, 72, 96, 808
  • AES-OFB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128
    • Block Size: Full, Partial
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 256
    • Block Size: Full, Partial
Component 1701
2/9/2018
  • Red Hat Enterprise Linux 7.5 on Intel(R) Xeon(R) E5