Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #2473

Details

Module Name
OpenSSL FIPS Object Module RE
Standard
FIPS 140-2
Status
Active
Sunset Date
1/29/2022
Validation Dates
11/13/2015
1/25/2016
4/28/2016
1/10/2017
1/20/2017
1/30/2017
3/17/2017
4/25/2017
1/24/2018
4/25/2018
8/9/2018
Overall Level
1
Caveat
When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The OpenSSL FIPS Object Module RE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications.
Tested Configuration(s)
  • Android 4.4 32-bit running on Intel Atom Z3735F (x86) (gcc Compiler Version 4.8)
  • Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)
  • Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)
  • Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9)
  • Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)
  • BAE Systems STOP 8.2 64-bit running on BAE XTS-600-W-T with PAA (gcc Compiler Version 4.8.5)
  • BAE Systems STOP 8.2 64-bit running on BAE XTS-600-W-T without PAA (gcc Compiler Version 4.8.5)
  • Debian 7.9 running on Marvell Mohawk (ARMv5TE) (gcc Compiler Version 4.4.5)
  • FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) with PAA (clang Compiler Version 3.4.1)
  • FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.4.1)
  • iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)
  • iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)
  • iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)
  • iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)
  • Linux 3.14 running on ARM Cortex A9 (ARMv7) with NEON (gcc Compiler Version 4.8.2)
  • Linux 3.14 running on ARM Cortex A9 (ARMv7) without NEON (gcc Compiler Version 4.8.2)
  • Linux 3.16 running on Atmel ATSAM9G45 (ARMv5TEJ) (gcc Compiler Version 4.8.3)
  • Linux 3.16 running on Atmel ATSAMA5D35 (ARMv7) (gcc Compiler Version 4.8.3)
  • Linux 4.4 running on ARM926EJS (ARMv5) (gcc Compiler Version 4.8.3)
  • LMOS 7.2 running on Intel Xeon E3-1231 (x86) with PAA (gcc Compiler Version 4.8.4)
  • LMOS 7.2 running on Intel Xeon E3-1231 (x86) without PAA (gcc Compiler Version 4.8.4)
  • LMOS 7.2 under Vmware ESXi 6.5 running on Intel Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.8.4)
  • LMOS 7.2 under Vmware ESXi 6.5 running on Intel Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.8.4)
  • Timesys 2.6 running on PowerPC 440 (PPC) (gcc Compiler Version 4.6.3)
  • TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)
  • Ubuntu 12.04 running on Compulab CM-FX6 Cortex-A9 (ARMv7) (gcc Compiler Version 4.6.3)
  • uClibc 0.9 running on ARM922T (ARMv4T) (gcc Compiler Version 4.8.1)
  • uClibc 0.9 running on ARM926EJS (ARMv5TEJ) (gcc Compiler Version 4.8.1)
  • uClibc 0.9 running on Marvell PJ4 (ARMv7) (gcc Compiler Version 4.8.1)
  • uClinux-dist-5.0 running on Marvell Armada 370 (ARMv7) (gcc Compiler Version 4.8.3)
  • uClinux-dist-5.0 running on Marvell Feroceon 88FR131 (ARMv5TE) (gcc Compiler Version 4.8.3)
  • VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)
  • Yocto Linux 3.10 running on Freescale i.MX6 (ARMv7) with NEON (gcc Compiler Version 4.8.1)
  • Yocto Linux 3.10 running on Freescale i.MX6 (ARMv7) without NEON (gcc Compiler Version 4.8.1) (single-user mode)
FIPS Algorithms
AES Certs. #3090 and #3264
CVL Certs. #372 and #472
DRBG Certs. #607 and #723
DSA Certs. #896 and #933
ECDSA Certs. #558 and #620
HMAC Certs. #1937 and #2063
RSA Certs. #1581 and #1664
SHS Certs. #2553 and #2702
Triple-DES Certs. #1780 and #1853
Other Algorithms
EC Diffie-Hellman; RSA (encrypt/decrypt); RNG
Software Versions
2.0.9 or 2.0.10

Vendor

OpenSSL Software Services Inc.
40 E Main St., Suite 744
Newark, DE 19711
USA

OpenSSL Contact
osf-contact@openssl.org

Lab

InfoGard Laboratories, Inc.
NVLAP Code: 100432-0