Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.
Version
7.0
Type
SOFTWARE
Vendor
Red Hat, Inc.
100 E. Davie Street
Raleigh, NC 27601
USA
Contacts
Jaroslav Reznik
fips140@redhat.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C328
2/19/2019
  • Red Hat Enterprise Linux 7 on Intel(R) Xeon(R) E5
    • processor
      • manufacturer: Intel
    • software
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 32, 48, 64, 80, 96, 112, 128
    • IV Length: 56, 64, 72, 80, 88, 96, 104
    • Payload Length: 0-256
    • AAD Length: 0-524288
    Prerequisites:
  • AES-CFB1
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB8
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation
        • Key Length: 128
        • MAC: 64, 128
        • Message Length: 0, 256, 264, 384, 392, 524288
      • Capabilities:
        • Direction: Generation
        • Key Length: 192
        • MAC: 64, 128
        • Message Length: 0, 256, 264, 384, 392, 524288
      • Capabilities:
        • Direction: Generation
        • Key Length: 256
        • MAC: 64, 128
        • Message Length: 0, 256, 264, 384, 392, 524288
      • Capabilities:
        • Direction: Verification
        • Key Length: 128
        • MAC: 64, 128
        • Message Length: 0, 256, 264, 512, 520, 524288
      • Capabilities:
        • Direction: Verification
        • Key Length: 192
        • MAC: 64, 128
        • Message Length: 0, 256, 264, 512, 520, 524288
      • Capabilities:
        • Direction: Verification
        • Key Length: 256
        • MAC: 64, 128
        • Message Length: 0, 256, 264, 512, 520, 524288
  • AES-CTR
    • Direction: Encrypt
    • Key Length: 128, 192, 256
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96, 128, 1024
    • Payload Length: 120, 128, 248, 1024
    • AAD Length: 0, 120, 128, 248, 1024
    Prerequisites:
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96, 128, 1024
    • AAD Length: 0, 120, 128, 248, 1024
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 4096
    Prerequisites:
  • AES-KWP
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 808
    Prerequisites:
  • AES-OFB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128
    • Payload Length: 128, 136, 248, 256, 65536
    • Tweak Mode: Hex, Number
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 256
    • Payload Length: 128, 136, 248, 256, 65536
    • Tweak Mode: Hex, Number
  • Counter DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
        • Additional Input: 0-128
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 192
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 0
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
        • Additional Input: 0-320
        • Entropy Input: 320
        • Nonce: 0
        • Personalization String Length: 0-320
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
        • Additional Input: 0-384
        • Entropy Input: 384
        • Nonce: 0
        • Personalization String Length: 0-384
        • Returned Bits: 512
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 80, 96, 128, 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-224
    • MAC: 112, 128, 160, 192, 224
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 128, 192, 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 192, 256, 320, 384
    • Key sizes < block size
    • Key sizes > block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 256, 320, 384, 448, 512
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-224
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8