Module Name
VAST Data FIPS Object Module for OpenSSL
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys.
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The VAST Data FIPS Object Module for OpenSSL is a software library replacement for applications that use OpenSSL 1.0.2 and require FIPS 140-2 validated cryptography.
Tested Configuration(s)
- Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 with PAA
- Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 without PAA
- CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 with PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 without PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA (single-user mode).
Approved Algorithms
AES |
Certs. #A952, #C904, #C1318 and #C1795 |
CKG |
vendor affirmed |
DRBG |
Certs. #A952, #C904, #C1318 and #C1795 |
DSA |
Certs. #A952, #C904, #C1318 and #C1795 |
ECDSA |
Certs. #A952, #C904, #C1318 and #C1795 |
HMAC |
Certs. #A952, #C904, #C1318 and #C1795 |
KAS-SSC |
vendor affirmed |
RSA |
Certs. #A952, #C904, #C1318 and #C1795 |
SHA |
Certs. #A952, #C904, #C1318 and #C1795 |
Triple-DES |
Certs. #A952, #C904, #C1318 and #C1795 |
Allowed Algorithms
RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)