Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The Nutanix Cryptographic Library for OpenSSL is a comprehensive suite of FIPS Approved algorithms used for TLS, SSH, and other cryptographic functions.
Version
1.0
Type
SOFTWARE
Vendor
Nutanix
1740 Technology Drive, Suite 150
San Jose, CA 95110
USA
Contacts
Matt Keller
fips@nutanix.com
Ashutosh Pangasa
fips@nutanix.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
DRBG 2216
7/20/2018
  • CentOS 7.4 on Intel E5-2620 w/PAA
  • Counter DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
  • CentOS 7.4 on Intel E5-2620 w/o PAA
    • software
    • processor
      • manufacturer: Intel
  • Counter DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
        • Additional Input: 0-128
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 192
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 64
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
        • Additional Input: 0-320
        • Entropy Input: 320
        • Nonce: 128
        • Personalization String Length: 0-320
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
        • Additional Input: 0-384
        • Entropy Input: 384
        • Nonce: 128
        • Personalization String Length: 0-384
        • Returned Bits: 512
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites:
  • CentOS 7.5 on Intel Xeon Silver-4116 with PAA
    • software
    • processor
      • manufacturer: Intel
  • CentOS 7.5 on Intel Xeon Silver-4116 without PAA
    • software
    • processor
      • manufacturer: Intel
  • Counter DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
        • Additional Input: 0-128
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 192
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 64
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
        • Additional Input: 0-320
        • Entropy Input: 320
        • Nonce: 128
        • Personalization String Length: 0-320
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
        • Additional Input: 0-384
        • Entropy Input: 384
        • Nonce: 128
        • Personalization String Length: 0-384
        • Returned Bits: 512
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites: