Module Name
OpenSSL FIPS Object Module
Historical Reason
Moved to historical list due to sunsetting
Caveat
When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.
Embodiment
Multi-chip standalone
Description
The OpenSSL FIPS Object Module is a cryptographic library that can be
downloaded from http://www.openssl.org/source/
Tested Configuration(s)
- SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) (in single user mode)
Approved Algorithms
|
|
| AES |
Cert. #420 |
| DSA |
SigVer, Cert. #175 |
| HMAC |
Cert. #194 |
| RSA |
Cert. #177 |
| SHS |
Cert. #490 |
| Triple-DES |
Cert. #451 |
Other Algorithms
DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG (Cert. #216; non-compliant. This RNG shall not be used for any services requiring the use of random bits); DSA (SigGen and KeyGen, Cert. #175; non-compliant);
