Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #2398

Details

Module Name
OpenSSL FIPS Object Module SE
Standard
FIPS 140-2
Status
Active
Sunset Date
1/29/2022
Validation Dates
6/24/2015
12/17/2015
2/8/2016
8/15/2016
12/30/2016
1/10/2017
1/30/2017
3/13/2017
5/23/2017
6/1/2017
8/22/2017
11/20/2017
1/30/2018
2/21/2018
6/28/2018
Overall Level
1
Caveat
When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-chip standalone
Description
The OpenSSL FIPS Object Module SE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications.
Tested Configuration(s)
  • AIX 6.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
  • AIX 6.1 32-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)
  • AIX 6.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
  • AIX 6.1 64-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)
  • AIX 7.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
  • AIX 7.1 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
  • AIX 7.1 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
  • AIX 7.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
  • AIX 7.1 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
  • AIX 7.1 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
  • AIX 7.2 32-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1)
  • AIX 7.2 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
  • AIX 7.2 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
  • AIX 7.2 64-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1)
  • AIX 7.2 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
  • AIX 7.2 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
  • Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)
  • Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)
  • Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9)
  • Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)
  • DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) with PAA (gcc Compiler Version 4.7.2)
  • DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) without PAA (gcc Compiler Version 4.7.2)
  • Debian 9 running on Intel Atom E3845 (x86) with PAA (gcc Compiler Version 6.3.0)
  • Debian 9 running on Intel Atom E3845 (x86) without PAA (gcc Compiler Version 6.3.0)
  • ExtremeXOS-Linux 3.1 running on Cavium Octeon II (MIPS) (gcc Compiler Version 4.9.2)
  • ExtremeXOS-Linux 3.18 32-bit running on Intel Atom C2558 (x86) with PAA (gcc Compiler Version 4.9.2)
  • ExtremeXOS-Linux 3.18 32-bit running on Intel Atom C2558 (x86) without PAA (gcc Compiler Version 4.9.2)
  • ExtremeXOS-Linux 3.18 running on Cavium Octeon II (MIPS) (gcc Compiler Version 4.9.2)
  • iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)
  • iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)
  • iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)
  • iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)
  • Linux 3.10 32-bit running on Intel Atom E3845 (x86) with PAA (gcc Compiler Version 4.8.1)
  • Linux 3.10 32-bit running on Intel Atom E3845 (x86) without PAA (gcc Compiler Version 4.8.1)
  • Linux 3.12 running on NXP T2080 (PPC) (gcc Compiler Version 4.9.2)
  • SurfWare 7.2 running on TI c64 DSP (TMS320C6x Compiler Version 6.0.19)
  • TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)
  • Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.6.3)
  • Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.6.3)
  • VxWorks 6.7 running on Intel Core 2 Duo (x86) (gcc Compiler Version 4.1.2)
  • VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3) (single-user mode)
FIPS Algorithms
AES Certs. #3090, #3264, #3451, #3751, #3990, #4141, #4391 and #4469
CVL Certs. #372, #472, #534, #699, #814, #947, #1094 and #1181
DRBG Certs. #1027, #607, #723, #845, #1182, #1256, #1414 and #1451
DSA Certs. #1040, #896, #933, #970, #1085, #1124, #1170 and #1195
ECDSA Certs. #558, #620, #698, #801, #886, #952, #1050 and #1091
HMAC Certs. #1937, #2063, #2197, #2452, #2605, #2714, #2918 and #2966
RSA Certs. #1581, #1664, #1766, #1928, #2048, #2258, #2374 and #2444
SHS Certs. #2553, #2702, #2847, #3121, #3294, #3411, #3620 and #3681
Triple-DES Certs. #1780, #1853, #1942, #2086, #2190, #2263, #2366 and #2399
Other Algorithms
EC Diffie-Hellman; RSA (encrypt/decrypt); RNG
Software Versions
2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15 or 2.0.16

Vendor

OpenSSL Software Services Inc.
40 E Main St., Suite 744
Newark, DE 19711
USA

OpenSSL Contact
osf-contact@openssl.org
Phone: 301-874-2571

Lab

InfoGard
NVLAP Code: 100432-0