Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program CMVP

Certificate #3335

Details

Module Name
Oracle OpenSSL FIPS Object Module
Standard
FIPS 140-2
Status
Active
Sunset Date
12/2/2023
Validation Dates
12/03/2018;07/18/2019;04/29/2020
Overall Level
1
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Oracle OpenSSL FIPS Object Module is a software library providing a C language application program interface (API) for use by processes that require cryptographic services. It is implemented in products such as Oracle Solaris 11, Oracle Integrated Lights Out Manager (ILOM), and Oracle ZFS Storage Appliance.
Tested Configuration(s)
  • Oracle® ILOM OS v3.0 running on Emulex Pilot-4 Orion mainboard with Oracle® ILOM SP v2 (ARM v5) without PAA (single-user mode)
  • Oracle® ILOM OS v3.0 running on Oracle X5-2 server with Oracle® ILOM SP v3 (ARM v7) with PAA
  • Oracle® ILOM OS v3.0 running on Oracle X5-2 server with Oracle® ILOM SP v3 (ARM v7) without PAA
  • Oracle® ILOM OS v4.0 running on AST2400 Server Management Processor with Oracle® ILOM SP v4 (ARM v9) without PAA
  • Oracle® Linux 7.6 64 bit running on Oracle® X7-2 Server with AMD® EPYC® 7551 with PAA
  • Oracle® Linux 7.6 64 bit running on Oracle® X7-2 Server with AMD® EPYC® 7551 without PAA
  • Oracle® Linux 7.6 64 bit running on Oracle® X7-2 Server with Intel® Xeon® Silver 4114 with PAA
  • Oracle® Linux 7.6 64 bit running on Oracle® X7-2 Server with Intel® Xeon® Silver 4114 without PAA (single-user mode)
  • Oracle® Solaris 11.4 running on Oracle S7-2L with an Oracle® SPARC S7 without PAA
  • Oracle® Solaris 11.4 running on Oracle S7-2L with Oracle® SPARC S7 with PAA
  • Oracle® Solaris 11.4 running on Oracle X5-2 server with Intel Xeon E5-2600 with PAA
  • Oracle® Solaris 11.4 running on Oracle X5-2 server with Intel Xeon E5-2600 without PAA
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-2 with Intel Xeon E5 with PAA
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-2 with Intel Xeon E5 without PAA
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-4 with Intel Xeon E7
  • Oracle® ZFS Storage OS 8.8 running on Oracle® ZFS Storage ZS5-4 with Intel Xeon E7 without PAA
FIPS Algorithms
AES Certs. #C1651 and #5445
CKG vendor affirmed
CVL Certs. #C1651 and #1890
DRBG Certs. #C1651 and #2129
DSA Certs. #1400 and #C1651
ECDSA Certs. #1449 and #C1651
HMAC Certs. #C1651 and #3603
RSA Certs. #C1651 and #2921
SHS Certs. #C1651 and #4364
Triple-DES Certs. #C1651 and #2735
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #C1651 and #1890, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
OpenSSL_2.0.13_OracleFIPS_1.0

Vendor

Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Oracle Security Evaluations
Seceval_us@oracle.com
Phone: n/a
Fax: n/a

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0