Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #3335

Details

Module Name
Oracle OpenSSL FIPS Object Module
Standard
FIPS 140-2
Status
Active
Sunset Date
12/2/2023
Validation Dates
12/3/2018
7/18/2019
Overall Level
1
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Oracle OpenSSL FIPS Object Module is a software library providing a C language application program interface (API) for use by processes that require cryptographic services. It is implemented in products such as Oracle Solaris 11, Oracle Integrated Lights Out Manager (ILOM), and Oracle ZFS Storage Appliance.
Tested Configuration(s)
  • Oracle® ILOM OS v3.0 running on Emulex Pilot-4 Orion mainboard with Oracle® ILOM SP v2 (ARM v5) without PAA (single-user mode)
  • Oracle® ILOM OS v3.0 running on Oracle X5-2 server with Oracle® ILOM SP v3 (ARM v7) with PAA
  • Oracle® ILOM OS v3.0 running on Oracle X5-2 server with Oracle® ILOM SP v3 (ARM v7) without PAA
  • Oracle® Solaris 11.4 running on Oracle S7-2L with an Oracle® SPARC S7 without PAA
  • Oracle® Solaris 11.4 running on Oracle S7-2L with Oracle® SPARC S7 with PAA
  • Oracle® Solaris 11.4 running on Oracle X5-2 server with Intel Xeon E5-2600 with PAA
  • Oracle® Solaris 11.4 running on Oracle X5-2 server with on Intel Xeon E5-2600 without PAA
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-2 with Intel Xeon E5 with PAA
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-2 with Intel Xeon E5 without PAA
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-4 with Intel Xeon E7
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-4 with Intel Xeon E7 without PAA
FIPS Algorithms
AES Cert. #5445
CKG vendor affirmed
CVL Cert. #1890
DRBG Cert. #2129
DSA Cert. #1400
ECDSA Cert. #1449
HMAC Cert. #3603
RSA Cert. #2921
SHS Cert. #4364
Triple-DES Cert. #2735
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1890, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
OpenSSL_2.0.13_OracleFIPS_1.0

Vendor

Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Chris Brych
chris.brych@oracle.com
Phone: +1 613.216.3078
Fax: n/a

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0