Cryptographic Module Validation Program

Cryptographic Module Validation Program CMVP

Certificate #4015

Historical - The referenced cryptographic module should not be included by Federal Agencies in new procurements. Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used.

Details

Module Name

Verizon OpenSSL Library

Standard

FIPS 140-2

Status

Historical

Historical Reason

Moved to historical list due to sunsetting

Overall Level

Caveat

When operated in FIPS mode. No assurance of the minimum strength of generated keys. The validation entry is a non-security relevant modification to Cert. #3503.

Security Level Exceptions

Roles, Services, and Authentication: Level 2
Physical Security: N/A
Design Assurance: Level 3
Mitigation of Other Attacks: N/A

Module Type

Software

Embodiment

Multi-Chip Stand Alone

Description

The Verizon OpenSSL Library is a software library replacement for applications that use OpenSSL 1.0.2 and require FIPS 140-2 validated cryptography (including FIPS 186-4 RSA KeyGen).

Tested Configuration(s)

CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA (single user mode)

Approved Algorithms

AES	Cert. #C1318
CKG	vendor affirmed
DRBG	Cert. #C1318
DSA	Cert. #C1318
ECDSA	Cert. #C1318
HMAC	Cert. #C1318
KAS-SSC	vendor affirmed
RSA	Cert. #C1318
SHS	Cert. #C1318
Triple-DES	Cert. #C1318

Allowed Algorithms

RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Software Versions

1.0

Product URL

https://www.verizon.com/about/our-company/security

Vendor

Verizon
22001 Loudoun County Parkway
Ashburn, VA 20147-6105
USA

David J Nauer
David.nauer@one.verizon.com
William A Smith
William.a.smith@one.verizon.com

Related Files

Security Policy
Consolidated Certificate

Validation History

Date	Type	Lab
8/24/2021	Initial	ACUMEN SECURITY, LLC