Cloudlinux Inc., TuxCare division Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy Prepared by: atsec information security corporation 4516 Seton Center Pkwy, Suite 250 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 2 of 76 Austin, TX 78759 Document version: 1.0 www.atsec.com Last update: 2025-08-28 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 3 of 76 Table of Contents 1 General.......................................................................................................................................................................6 1.1 Overview ............................................................................................................................................................6 1.2 Security Levels....................................................................................................................................................6 1.3 Additional Information......................................................................................................................................6 2 Cryptographic Module Specification........................................................................................................................8 2.1 Description .........................................................................................................................................................8 2.2 Tested and Vendor Affirmed Module Version and Identification ..................................................................9 2.3 Excluded Components .......................................................................................................................................9 2.4 Modes of Operation............................................................................................................................................9 2.5 Algorithms........................................................................................................................................................10 2.6 Security Function Implementations................................................................................................................22 2.7 Algorithm Specific Information ......................................................................................................................28 2.8 RBG and Entropy .............................................................................................................................................28 2.9 Key Generation ................................................................................................................................................29 2.10 Key Establishment..........................................................................................................................................29 2.11 Industry Protocols..........................................................................................................................................29 3 Cryptographic Module Interfaces...........................................................................................................................30 3.1 Ports and Interfaces..........................................................................................................................................30 4 Roles, Services, and Authentication .......................................................................................................................31 4.1 Authentication Methods..................................................................................................................................31 4.2 Roles..................................................................................................................................................................31 4.3 Approved Services............................................................................................................................................31 4.4 Non-Approved Services ...................................................................................................................................39 4.5 External Software/Firmware Loaded...............................................................................................................39 4.6 Additional Information....................................................................................................................................39 5 Software/Firmware Security ...................................................................................................................................41 5.1 Integrity Techniques........................................................................................................................................41 5.2 Initiate on Demand ..........................................................................................................................................41 6 Operational Environment .......................................................................................................................................42 6.1 Operational Environment Type and Requirements .......................................................................................42 6.2 Configuration Settings and Restrictions..........................................................................................................42 6.3 Additional Information....................................................................................................................................42 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 4 of 76 7 Physical Security .....................................................................................................................................................43 8 Non-Invasive Security.............................................................................................................................................44 9 Sensitive Security Parameters Management ..........................................................................................................45 9.1 Storage Areas....................................................................................................................................................45 9.2 SSP Input-Output Methods .............................................................................................................................45 9.3 SSP Zeroization Methods.................................................................................................................................45 9.4 SSPs...................................................................................................................................................................46 9.5 Transitions........................................................................................................................................................50 10 Self-Tests................................................................................................................................................................51 10.1 Pre-Operational Self-Tests.............................................................................................................................51 10.2 Conditional Self-Tests....................................................................................................................................51 10.3 Periodic Self-Test Information ......................................................................................................................63 10.4 Error States .....................................................................................................................................................70 10.5 Operator Initiation of Self-Tests....................................................................................................................71 11 Life-Cycle Assurance.............................................................................................................................................72 11.1 Installation, Initialization, and Startup Procedures......................................................................................72 11.2 Administrator Guidance ................................................................................................................................72 11.3 Non-Administrator Guidance........................................................................................................................72 11.4 End of Life ......................................................................................................................................................72 12 Mitigation of Other Attacks..................................................................................................................................73 12.1 Attack List.......................................................................................................................................................73 12.2 Mitigation Effectiveness.................................................................................................................................73 Appendix A. Glossary and Abbreviations .................................................................................................................74 Appendix B. References .............................................................................................................................................75 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 5 of 76 List of Tables Table 1: Security Levels................................................................................................................................................6 Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) ...............................9 Table 3: Tested Operational Environments - Software, Firmware, Hybrid ..............................................................9 Table 4: Modes List and Description ...........................................................................................................................9 Table 5: Approved Algorithms...................................................................................................................................21 Table 6: Vendor-Affirmed Algorithms......................................................................................................................21 Table 7: Non-Approved, Not Allowed Algorithms...................................................................................................22 Table 8: Security Function Implementations............................................................................................................27 Table 9: Entropy Certificates .....................................................................................................................................28 Table 10: Entropy Sources..........................................................................................................................................29 Table 11: Ports and Interfaces....................................................................................................................................30 Table 12: Roles............................................................................................................................................................31 Table 13: Approved Services......................................................................................................................................38 Table 14: Non-Approved Services .............................................................................................................................39 Table 15: Storage Areas ..............................................................................................................................................45 Table 16: SSP Input-Output Methods .......................................................................................................................45 Table 17: SSP Zeroization Methods...........................................................................................................................46 Table 18: SSP Table 1 .................................................................................................................................................48 Table 19: SSP Table 2 .................................................................................................................................................50 Table 20: Pre-Operational Self-Tests.........................................................................................................................51 Table 21: Conditional Self-Tests ................................................................................................................................63 Table 22: Pre-Operational Periodic Information......................................................................................................63 Table 23: Conditional Periodic Information .............................................................................................................70 Table 24: Error States .................................................................................................................................................70 List of Figures Figure 1: Block Diagram...............................................................................................................................................8 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 6 of 76 1 General 1.1 Overview This document is the non-proprietary FIPS 140-3 Security Policy for version 1.10.0-9a1db72d64086a2f of the Libgcrypt cryptography module for AlmaLinux 9. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module. 1.2 Security Levels Section Title Security Level 1 General 1 2 Cryptographic module specification 1 3 Cryptographic module interfaces 1 4 Roles, services, and authentication 1 5 Software/Firmware security 1 6 Operational environment 1 7 Physical security N/A 8 Non-invasive security N/A 9 Sensitive security parameter management 1 10 Self-tests 1 11 Life-cycle assurance 1 12 Mitigation of other attacks 1 Overall Level 1 Table 1: Security Levels 1.3 Additional Information This Security Policy describes the features and design of the module named Libgcrypt cryptography module for AlmaLinux 9 using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic module to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. This Non-Proprietary Security Policy may be reproduced and distributed, but only whole and intact and including this notice. Other documentation is proprietary to their authors. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 7 of 76 supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 8 of 76 2 Cryptographic Module Specification 2.1 Description Purpose and Use: The Libgcrypt cryptography module for AlmaLinux 9 (hereafter referred to as “the module”) is a software library implementing general purpose cryptographic algorithms. The module provides cryptographic services to applications running in the user space of the underlying operating system through an application program interface (API). Module Type: Software Module Embodiment: MultiChipStand Cryptographic Boundary: The module consists of the shared library file (i.e. libgcrypt.so.20.4.0) which constitutes the cryptographic boundary. The block diagram in Figure 1 shows the cryptographic boundary of the module, its interfaces with the operational environment and the flow of information between the module and operator. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP is the general-purpose computer on which the module is installed. Figure 1: Block Diagram Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 9 of 76 2.2 Tested and Vendor Affirmed Module Version and Identification Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets): Package or File Name Software/ Firmware Version Features Integrity Test /usr/lib64/libgcrypt.so.20.4.0 1.10.0- 9a1db72d64086a2f N/A HMAC-SHA-256 Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) Tested Operational Environments - Software, Firmware, Hybrid: Operating System Hardware Platform Processors PAA/PAI Hypervisor or Host OS Version(s) Almalinux 9.2 Amazon Web Services (AWS) m5.metal Intel Xeon Platinum 8259CL Yes N/A 1.10.0- 9a1db72d64086a2f Almalinux 9.2 Amazon Web Services (AWS) m5.metal Intel Xeon Platinum 8259CL No N/A 1.10.0- 9a1db72d64086a2f Table 3: Tested Operational Environments - Software, Firmware, Hybrid 2.3 Excluded Components The module does not claim any excluded components. 2.4 Modes of Operation Modes List and Description: Mode Name Description Type Status Indicator Approved Mode Automatically entered whenever an approved service is requested. Approved The approved mode indicator maps to the approved service indicator which is GPG_ERR_NO_ERROR, which corresponds to return code 0 Non- approved Mode Automatically entered whenever a non-approved service is requested. Non- Approved The Non-Approved mode indicator maps to the non-approved service indicator which is non-zero return code Table 4: Modes List and Description Mode Change Instructions and Status: When the module starts up successfully, after passing all the pre-operational self-test and the cryptographic algorithms self-tests (CASTs), the module is operating in the approved mode of operation by default and can only be transitioned into the non-approved mode by calling one of the non-approved services listed in the Non- Approved Services table. The module will transition back to approved mode when approved service is called. Section 4 provides details on the service indicator implemented by the module. The service indicator identifies when an approved service is called. Degraded Mode Description: The module does not implement a degraded mode of operation. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 10 of 76 2.5 Algorithms Approved Algorithms: Algorithm CAVP Cert Properties Reference AES-CBC A5138 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CBC A5139 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CBC A5141 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CBC A5142 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CCM A5138 Key Length - 128, 192, 256 SP 800-38C AES-CCM A5139 Key Length - 128, 192, 256 SP 800-38C AES-CCM A5141 Key Length - 128, 192, 256 SP 800-38C AES-CCM A5142 Key Length - 128, 192, 256 SP 800-38C AES-CFB128 A5138 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CFB128 A5139 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CFB128 A5141 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CFB128 A5142 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CFB8 A5138 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CFB8 A5139 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CFB8 A5141 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CFB8 A5142 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CMAC A5138 Direction - Generation, Verification Key Length - 128, 192, 256 SP 800-38B AES-CMAC A5139 Direction - Generation, Verification Key Length - 128, 192, 256 SP 800-38B AES-CMAC A5141 Direction - Generation, Verification Key Length - 128, 192, 256 SP 800-38B AES-CMAC A5142 Direction - Generation, Verification Key Length - 128, 192, 256 SP 800-38B Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 11 of 76 Algorithm CAVP Cert Properties Reference AES-CTR A5138 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CTR A5139 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CTR A5141 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-CTR A5142 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-ECB A5138 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-ECB A5139 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-ECB A5141 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-ECB A5142 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-KW A5138 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38F AES-KW A5139 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38F AES-KW A5141 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38F AES-KW A5142 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38F AES-OFB A5138 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-OFB A5139 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-OFB A5141 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-OFB A5142 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A AES-XTS Testing Revision 2.0 A5138 Direction - Decrypt, Encrypt Key Length - 128, 256 SP 800-38E AES-XTS Testing Revision 2.0 A5139 Direction - Decrypt, Encrypt Key Length - 128, 256 SP 800-38E AES-XTS Testing Revision 2.0 A5141 Direction - Decrypt, Encrypt Key Length - 128, 256 SP 800-38E Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 12 of 76 Algorithm CAVP Cert Properties Reference AES-XTS Testing Revision 2.0 A5142 Direction - Decrypt, Encrypt Key Length - 128, 256 SP 800-38E Counter DRBG A5138 Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes SP 800-90A Rev. 1 Counter DRBG A5139 Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes SP 800-90A Rev. 1 Counter DRBG A5141 Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes SP 800-90A Rev. 1 Counter DRBG A5142 Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes SP 800-90A Rev. 1 ECDSA KeyGen (FIPS186-5) A5138 Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates FIPS 186-5 ECDSA KeyGen (FIPS186-5) A5139 Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates FIPS 186-5 ECDSA KeyGen (FIPS186-5) A5140 Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates FIPS 186-5 ECDSA KeyGen (FIPS186-5) A5141 Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates FIPS 186-5 ECDSA KeyGen (FIPS186-5) A5142 Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates FIPS 186-5 ECDSA KeyVer (FIPS186-5) A5138 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 ECDSA KeyVer (FIPS186-5) A5139 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 ECDSA KeyVer (FIPS186-5) A5140 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 ECDSA KeyVer (FIPS186-5) A5141 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 ECDSA KeyVer (FIPS186-5) A5142 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 ECDSA SigGen (FIPS186-5) A5138 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No FIPS 186-5 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 13 of 76 Algorithm CAVP Cert Properties Reference ECDSA SigGen (FIPS186-5) A5139 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No FIPS 186-5 ECDSA SigGen (FIPS186-5) A5140 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No FIPS 186-5 ECDSA SigGen (FIPS186-5) A5141 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No FIPS 186-5 ECDSA SigGen (FIPS186-5) A5142 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No FIPS 186-5 ECDSA SigVer (FIPS186-5) A5138 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 FIPS 186-5 ECDSA SigVer (FIPS186-5) A5139 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 FIPS 186-5 ECDSA SigVer (FIPS186-5) A5140 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 FIPS 186-5 ECDSA SigVer (FIPS186-5) A5141 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 FIPS 186-5 ECDSA SigVer (FIPS186-5) A5142 Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 FIPS 186-5 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 14 of 76 Algorithm CAVP Cert Properties Reference Hash DRBG A5138 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 Hash DRBG A5139 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 Hash DRBG A5140 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 Hash DRBG A5141 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 Hash DRBG A5142 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 HMAC DRBG A5138 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 HMAC DRBG A5139 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 HMAC DRBG A5140 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 HMAC DRBG A5141 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 HMAC DRBG A5142 Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 SP 800-90A Rev. 1 HMAC-SHA-1 A5137 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA-1 A5138 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA-1 A5139 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA-1 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA-1 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA-1 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 224 A5138 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 224 A5139 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 224 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 224 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 224 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 256 A5138 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 15 of 76 Algorithm CAVP Cert Properties Reference HMAC-SHA2- 256 A5139 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 256 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 256 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 256 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 384 A5138 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 384 A5139 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 384 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 384 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 384 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512 A5138 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512 A5139 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/224 A5138 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/224 A5139 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/224 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/224 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/224 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 16 of 76 Algorithm CAVP Cert Properties Reference HMAC-SHA2- 512/256 A5138 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/256 A5139 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/256 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/256 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA2- 512/256 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 224 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 224 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 224 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 256 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 256 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 256 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 384 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 384 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 384 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 512 A5140 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 512 A5141 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 HMAC-SHA3- 512 A5142 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1 PBKDF A5138 Iteration Count - Iteration Count: 1000-10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 SP 800-132 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 17 of 76 Algorithm CAVP Cert Properties Reference PBKDF A5139 Iteration Count - Iteration Count: 1000-10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 SP 800-132 PBKDF A5140 Iteration Count - Iteration Count: 1000-10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 SP 800-132 PBKDF A5141 Iteration Count - Iteration Count: 1000-10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 SP 800-132 PBKDF A5142 Iteration Count - Iteration Count: 1000-10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 SP 800-132 RSA KeyGen (FIPS186-5) A5138 Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 Primality Tests - 2powSecStr Private Key Format - standard FIPS 186-5 RSA KeyGen (FIPS186-5) A5139 Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 Primality Tests - 2powSecStr Private Key Format - standard FIPS 186-5 RSA KeyGen (FIPS186-5) A5140 Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 Primality Tests - 2powSecStr Private Key Format - standard FIPS 186-5 RSA KeyGen (FIPS186-5) A5141 Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 Primality Tests - 2powSecStr Private Key Format - standard FIPS 186-5 RSA KeyGen (FIPS186-5) A5142 Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 Primality Tests - 2powSecStr Private Key Format - standard FIPS 186-5 RSA SigGen (FIPS186-5) A5138 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigGen (FIPS186-5) A5139 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigGen (FIPS186-5) A5140 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigGen (FIPS186-5) A5141 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 18 of 76 Algorithm CAVP Cert Properties Reference RSA SigGen (FIPS186-5) A5142 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigVer (FIPS186-2) A5138 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 FIPS 186-4 RSA SigVer (FIPS186-2) A5139 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 FIPS 186-4 RSA SigVer (FIPS186-2) A5140 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 FIPS 186-4 RSA SigVer (FIPS186-2) A5141 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 FIPS 186-4 RSA SigVer (FIPS186-2) A5142 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 FIPS 186-4 RSA SigVer (FIPS186-4) A5138 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 FIPS 186-4 RSA SigVer (FIPS186-4) A5139 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 FIPS 186-4 RSA SigVer (FIPS186-4) A5140 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 FIPS 186-4 RSA SigVer (FIPS186-4) A5141 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 FIPS 186-4 RSA SigVer (FIPS186-4) A5142 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 FIPS 186-4 RSA SigVer (FIPS186-5) A5138 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigVer (FIPS186-5) A5139 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigVer (FIPS186-5) A5140 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigVer (FIPS186-5) A5141 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 RSA SigVer (FIPS186-5) A5142 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss FIPS 186-5 SHA-1 A5137 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA-1 A5138 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA-1 A5139 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 19 of 76 Algorithm CAVP Cert Properties Reference SHA-1 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA-1 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA-1 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-224 A5138 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-224 A5139 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-224 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-224 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-224 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-256 A5138 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-256 A5139 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-256 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-256 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-256 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-384 A5138 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-384 A5139 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-384 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-384 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-384 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512 A5138 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 20 of 76 Algorithm CAVP Cert Properties Reference SHA2-512 A5139 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/224 A5138 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/224 A5139 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/224 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/224 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/224 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/256 A5138 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/256 A5139 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/256 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/256 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA2-512/256 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4 SHA3-224 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-224 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-224 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-256 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-256 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 21 of 76 Algorithm CAVP Cert Properties Reference SHA3-256 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-384 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-384 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-384 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-512 A5140 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-512 A5141 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHA3-512 A5142 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202 SHAKE-128 A5140 Output Length - Output Length: 16-65536 Increment 8 FIPS 202 SHAKE-128 A5141 Output Length - Output Length: 16-65536 Increment 8 FIPS 202 SHAKE-128 A5142 Output Length - Output Length: 16-65536 Increment 8 FIPS 202 SHAKE-256 A5140 Output Length - Output Length: 16-65536 Increment 8 FIPS 202 SHAKE-256 A5141 Output Length - Output Length: 16-65536 Increment 8 FIPS 202 SHAKE-256 A5142 Output Length - Output Length: 16-65536 Increment 8 FIPS 202 Table 5: Approved Algorithms The above table lists all approved cryptographic algorithms of the module, including specific key lengths employed for approved services, and implemented modes or methods of operation of the algorithms. Vendor-Affirmed Algorithms: Name Properties Implementation Reference Cryptographic Key Generation (CKG) Key type:Asymmetric N/A SP 800-133r2, section 4, example 1 Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 22 of 76 Name Use and Function MD5 Message Digest ECDH Shared Secret Computation AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAX Symmetric encryption; Symmetric decryption RSA Signature generation/verification primitives; Encryption/decryption primitives RSA using public key flags not listed in section 4.6 Key generation; Signature generation/verification ECDSA Signature generation/verification primitives ECDSA using public key flags not listed in section 4.6 Key generation; Signature generation/verification Table 7: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services. 2.6 Security Function Implementations Name Type Description Properties Algorithms Symmetric encryption and decryption BC-UnAuth Encryption, decryption using AES Keys:128, 192, 256 bits with 128-256 of key strength AES-ECB: (A5138, A5139, A5141, A5142) AES-CBC: (A5138, A5139, A5141, A5142) AES-CFB8: (A5138, A5139, A5141, A5142) AES-CFB128: (A5138, A5139, A5141, A5142) AES-OFB: (A5138, A5139, A5141, A5142) AES-CTR: (A5138, A5139, A5141, A5142) MAC generation and verification MAC Message authentication generation using AES CMAC Keys:128, 192, 256 bits with 128, 192, 256 bits of strength AES-CMAC: (A5138, A5139, A5141, A5142) Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 23 of 76 Name Type Description Properties Algorithms Authenticated symmetric encryption and decryption with AES CCM BC-Auth Encryption, decryption using AES CCM Keys:128, 192, 256 bits with 128, 192, 256 bits of strength AES-CCM: (A5138, A5139, A5141, A5142) Symmetric encryption and decryption with AES XTS (for data storage) BC-UnAuth Encryption, decryption using AES XTS (for data storage) Keys:128, 256 bits with 128, 256 bits of strength AES-XTS Testing Revision 2.0: (A5138, A5139, A5141, A5142) Random number generation DRBG Random number generation using CTR_DRBG, Hash_DRBG, HMAC_DRBG CTR_DRBG:AES-128, AES-192, AES-256 with DF, with/without PR Hash_DRBG:SHA-1, SHA-256, SHA-512 with/without PR HMAC_DRBG:SHA-1, SHA-256, SHA-512 with/without PR Counter DRBG: (A5138, A5139, A5141, A5142) Hash DRBG: (A5138, A5139, A5140, A5141, A5142) HMAC DRBG: (A5138, A5139, A5140, A5141, A5142) Key pair generation with ECDSA CKG Key pair generation using ECDSA Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Method:B.4.2 Testing Candidates ECDSA KeyGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Cryptographic Key Generation (CKG): () Key type: Asymmetric Public key verification with ECDSA AsymKeyPair- KeyVer Public key verification using ECDSA Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength ECDSA KeyVer (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Digital signature generation with ECDSA DigSig-SigGen Digital signature generation using ECDSA Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Hash:SHA2-224, SHA2- 256, SHA2- 384, SHA2-512, ECDSA SigGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 24 of 76 Name Type Description Properties Algorithms SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Digital signature verification with ECDSA DigSig-SigVer Digital signature verification using ECDSA Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Hash:SHA2-224, SHA2- 256, SHA2- 384, SHA2-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3- 384, SHA3-512 ECDSA SigVer (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Message authentication code with HMAC MAC Message authentication code using HMAC Keys:112, 192, 256 bits with 112-256 bits of strength Hash:SHA-1, SHA- 224, SHA-256, SHA- 384, SHA-512, SHA- 512/224, SHA- 512/256, SHA3-224, SHA3- 256, SHA3- 384, SHA3-512 HMAC-SHA-1: (A5137, A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 224: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 256: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 384: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 512: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 512/224: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 512/256: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA3- Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 25 of 76 Name Type Description Properties Algorithms 224: (A5140, A5141, A5142) HMAC-SHA3- 256: (A5140, A5141, A5142) HMAC-SHA3- 384: (A5140, A5141, A5142) HMAC-SHA3- 512: (A5140, A5141, A5142) Key derivation with PBKDF PBKDF Key derivation using PBKDF Derived key::112 to 256 bits HMAC:SHA-1, SHA- 224, SHA-256, SHA- 384, SHA-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3- 384, SHA3-512 PBKDF: (A5138, A5139, A5140, A5141, A5142) Key wrapping with AES KTS-Wrap Key wrapping with AES Keys:128, 192, 256 bits with 128-256 bits of strength Compliance:Compliant with IG D.G AES Mode:KW, CCM AES-KW: (A5138, A5139, A5141, A5142) AES-CCM: (A5138, A5139, A5141, A5142) Key unwrapping with AES KTS-Wrap Key unwrapping with AES Keys:128, 192, 256 bits with 128-256 bits of strength Compliance:Compliant with IG D.G AES Mode:KW, CCM AES-KW: (A5138, A5139, A5141, A5142) AES-CCM: (A5138, A5139, A5141, A5142) Key pair generation with RSA CKG Key pair generation using RSA Keys:2048, 3072, 4096 with 112, 128, 149 bits of strength Method:B.3.3 Random Probable Primes RSA KeyGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Cryptographic Key Generation (CKG): () Key type: Asymmetric Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 26 of 76 Name Type Description Properties Algorithms Digital signature generation with RSA DigSig-SigGen Digital signature generation using RSA Padding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3-512 Keys:2048, 3072, 4096 with 112, 128, 149 bits of strength RSA SigGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Digital signature verification with RSA DigSig-SigVer Digital signature verification using RSA Padding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3-512 Keys:2048, 3072, 4096 with 112, 128, 149 bits of strength RSA SigVer (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) FIPS 186-4 Digital signature verification with RSA DigSig-SigVer FIPS 186-4 Digital signature verification using RSA Padding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256 Keys:1024 with 80 bits of strength Compliance:FIPS 186- 4 RSA SigVer (FIPS186-4): (A5138, A5139, A5140, A5141, A5142) FIPS 186-2 Digital signature verification with RSA DigSig-SigVer FIPS 186-2 Digital signature verification using RSA Padding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512 Keys:1536 with 92 bits of strength Compliance:FIPS 186- 2 RSA SigVer (FIPS186-2): (A5138, A5139, A5140, A5141, A5142) Message digest with SHA-3 SHA Message digest with SHA-3 SHA3-224: (A5140, A5141, A5142) Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 27 of 76 Name Type Description Properties Algorithms SHA3-256: (A5140, A5141, A5142) SHA3-384: (A5140, A5141, A5142) SHA3-512: (A5140, A5141, A5142) SHAKE-128: (A5140, A5141, A5142) SHAKE-256: (A5140, A5141, A5142) Message digest with SHA-1 SHA Message digest using SHA-1 SHA-1: (A5137, A5138, A5139, A5140, A5141, A5142) Message digest with SHA-2 SHA Message digest using SHA-2 SHA2-224: (A5138, A5139, A5140, A5141, A5142) SHA2-256: (A5138, A5139, A5140, A5141, A5142) SHA2-384: (A5138, A5139, A5140, A5141, A5142) SHA2-512: (A5138, A5139, A5140, A5141, A5142) SHA2-512/224: (A5138, A5139, A5140, A5141, A5142) SHA2-512/256: (A5138, A5139, A5140, A5141, A5142) Table 8: Security Function Implementations Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 28 of 76 2.7 Algorithm Specific Information AES XTS The AES algorithm in XTS mode can be only used for the cryptographic protection of data on storage devices, as specified in [SP800-38E]. The length of a single data unit encrypted with the XTS-AES shall not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. The AES-XTS mode shall only be used for the cryptographic protection of data on storage devices. The AES- XTS shall not be used for other purposes, such as the encryption of data in transit. Key derivation using SP800-132 PBKDF The module provides password-based key derivation (PBKDF), compliant with SP800-132. The module supports option 1a from Section 5.4 of [SP800-132], in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with [SP800-132] and FIPS 140-3 IG D.N, the following requirements shall be met. • Derived keys shall only be used in storage applications. The Master Key (MK) shall not be used for other purposes. The module accepts length of the MK or DPK of 112 bits or more. • A portion of the salt, with a length of at least 128 bits, shall be generated randomly using the SP800- 90A DRBG. • The iteration count shall be selected as large as possible, as long as the time required to generate the key using the entered password is acceptable for the users. The minimum value accepted by the module is 1000. • Passwords or passphrases, used as an input for the PBKDF, shall not be used as cryptographic keys. • The minimum length of the password or passphrase accepted by the module is 8 characters. The probability of guessing the value, assuming a worst-case scenario of all digits, is estimated to be at most 10-8 . Combined with the minimum iteration count as described below, this provides an acceptable trade-off between user experience and security against brute-force attacks. The calling application shall also observe the rest of the requirements and recommendations specified in [SP800-132]. SHA-1 Use SHA-1 is only approved when used in approved modes for message digest, HMAC, KDF (PBKDF), and DRBG. The use of SHA-1 for digital signature generation (e.g., ECDSA, RSA) or verification is non-approved. 2.8 RBG and Entropy Cert Number Vendor Name E127 Cloudlinux Inc., TuxCare division Table 9: Entropy Certificates Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 29 of 76 Name Type Operational Environment Sample Size Entropy per Sample Conditioning Component Userspace CPU Time Jitter RNG Entropy Source version 3.4.0 Non- Physical AlmaLinux 9.2 on Amazon Web Services (AWS) m5.metal on Intel Xeon Platinum 8259CL; AlmaLinux 9.2 on Amazon Web Services (AWS) a1.metal on AWS Graviton 64-bits Full entropy SHA3-256 (Cert. A4026), HMAC- SHA2-512-DRBG (Cert. A4025) Table 10: Entropy Sources The Module provides an SP800-90A-compliant Deterministic Random Bit Generator (DRBG) for creation of key components of asymmetric keys, and random number generation. The seeding (and automatic reseeding) of the DRBG is done with getrandom(). The DRBG supports the Hash_DRBG, HMAC_DRBG and CTR_DRBG mechanisms. The DRBG is initialized during module initialization; the module loads by default the DRBG using the HMAC_DRBG mechanism with SHA-256 and without prediction resistance. A different DRBG mechanism can be chosen by invoking the gcry_control(GCRYCTL_DRBG_REINIT) function. The module uses an [SP800-90B]-compliant entropy source specified in the above table. This entropy source is located within the module’s physical perimeter but outside of the module’s cryptographic boundary. The module obtains 384 bits to seed the DRBG, and 256 bits to reseed it. The module performs the DRBG health tests as defined in Section 11.3 of [SP800-90A]. 2.9 Key Generation The module provides the following key generation methods: • Key pair generation with ECDSA (CKG): curves P-224, P-256, P-384, P-521 with method B.4.2 Testing Candidates. • Key pair generation with RSA (CKG): 2048, 3072, 4096 bit keys with method B.3.3 Random Probable Primes. 2.10 Key Establishment The module provides the following key establishment methods: • Key wrapping with AES: 128, 192, 256 bit keys with AES-KW, AES-CCM. Compliant with IG D.G. • Key unwrapping with AES: 128, 192, 256 bit keys with AES-KW, AES-CCM. Compliant with IG D.G. 2.11 Industry Protocols The module does not implement industry protocols, therefore this section is not applicable. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 30 of 76 3 Cryptographic Module Interfaces 3.1 Ports and Interfaces Physical Port Logical Interface(s) Data That Passes N/A Data Input API input parameters for data. N/A Data Output API output parameters for data. N/A Control Input API function calls, API input parameters for control input, /proc/sys/crypto/fips_enabled control file. N/A Status Output API return codes, API output parameters for status output. Table 11: Ports and Interfaces As a software-only module, the module does not have physical ports. The operator can only interact with the module through the API provided by the module. Thus, the physical ports are interpreted to be the physical ports of the hardware platform on which the module runs. All data output via data output interface is inhibited when the module is performing pre-operational test or zeroization or when the module enters error state. The module does not implement a control output interface. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 31 of 76 4 Roles, Services, and Authentication 4.1 Authentication Methods The module does not support authentication. 4.2 Roles Name Type Operator Type Authentication Methods Crypto Officer Role CO None Table 12: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module. 4.3 Approved Services Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss Symmetric encryption and decryption Perform AES encryption and decryption gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_CIPHER, ...) returns GPG_ERR_NO_ERROR AES key, IV, plaintext/ ciphertex t Ciphertex t/plaintex t Symm etric encryp tion and decryp tion Authe nticate d symme tric encryp tion and decryp tion with AES CCM Symm etric encryp tion and Cryp to Offic er - AES keys: W,E Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 32 of 76 Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss decryp tion with AES XTS (for data storage ) Key Pair Generation with RSA Generate a key pair gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) returns GPG_ERR_NO_ERROR Modulus bits RSA public key, RSA private key Key pair genera tion with RSA Cryp to Offic er - RSA Priva te Key: G,E - RSA Publi c Key: G,E Key Pair Generation with ECDSA Generate a key pair gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) returns GPG_ERR_NO_ERROR Curve ECDSA public key, ECDSA private key Key pair genera tion with ECDS A Cryp to Offic er - ECD SA Priva te Key: G,E - ECD SA Publi c Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 33 of 76 Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss Key: G,E Digital signature generation with RSA Generate a signature gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERROR RSA private key, message Signature Digital signatu re genera tion with RSA Cryp to Offic er - RSA Priva te Key: W,E Digital signature generation with ECDSA Generate a signature gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERROR ECDSA private key, message Signature Digital signatu re genera tion with ECDS A Cryp to Offic er - ECD SA Priva te Key: W,E Digital signature verification with RSA Verify a signature gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERROR RSA public key, message, signature Pass/fail Digital signatu re verific ation with RSA FIPS 186-4 Digital signatu re verific ation with RSA FIPS 186-2 Cryp to Offic er - RSA Publi c Key: W,E Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 34 of 76 Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss Digital signatu re verific ation with RSA Digital signature verification with ECDSA Verify a signature gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERROR ECDSA public key, message, signature Pass/fail Digital signatu re verific ation with ECDS A Cryp to Offic er - ECD SA Publi c Key: W,E Public key verification Verify ECDSA public key gcry_mpi_ec_curve_point() returns GPG_ERR_NO_ERROR ECDSA public key Pass/fail Public key verific ation with ECDS A Cryp to Offic er - ECD SA Publi c Key: W,E Random Number Generation with CTR_DRBG/ HMAC_DRB G Generate random bitstrings from CTR_DRBG/ HMAC_DRB G gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_secure() return GPG_ERR_NO_ERROR Output length Random bytes Rando m numbe r genera tion Cryp to Offic er - Entr opy Inpu t: W,E - DRB Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 35 of 76 Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss G seed: G,E - DRB G inter nal state (V value , Key): G,W, E Random Number Generation with Hash_DRBG Generate random bitstrings from Hash_DRBG gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_secure() return GPG_ERR_NO_ERROR Output length Random bytes Rando m numbe r genera tion Cryp to Offic er - Entr opy Inpu t: W,E - DRB G seed: G,E - DRB G inter nal state (V value , C value ): Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 36 of 76 Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss G,W, E Message digest Compute SHA hashes gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) returns GPG_ERR_NO_ERROR Message Digest value Messag e digest with SHA-3 Messag e digest with SHA-1 Messag e digest with SHA-2 Cryp to Offic er Message authenticatio n code (MAC) with HMAC Compute HMAC gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MAC, .. .) returns GPG_ERR_NO_ERROR HMAC key MAC tag Messag e authen ticatio n code with HMA C Cryp to Offic er - HM AC keys: W,E Message authenticatio n code (MAC) with CMAC Compute AES-based CMAC gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MAC, .. .) returns GPG_ERR_NO_ERROR AES key MAC tag MAC genera tion and verific ation Cryp to Offic er - AES keys: W,E Key wrapping and unwrapping Perform AES-based key wrapping/un wrapping gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_CIPHER, ...) returns GPG_ERR_NO_ERROR AES key, any CSP/wra pped CSP Wrapped CSP/Unw rapped CSP Key wrappi ng with AES Key unwra Cryp to Offic er - AES Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 37 of 76 Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss pping with AES keys: W,E Key derivation Perform key derivation gcry_control(GCRYCTL_FIPS_ SERVICE_INDICATOR_KDF, ... ) returns GPG_ERR_NO_ERROR Password , salt, iteration count Derived key Key derivat ion with PBKD F Cryp to Offic er - Pass word or passp hrase : W,E - Deri ved key: G On-demand Integrity test Perform on- demand integrity test N/A N/A Pass/fail Messag e authen ticatio n code with HMA C Cryp to Offic er Show status Show module status N/A N/A Module status None Cryp to Offic er Zeroization Zeroize all SSPs N/A Any SSP N/A None Cryp to Offic er Self-tests Perform self- tests N/A N/A Pass/fail None Cryp to Offic er Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 38 of 76 Name Description Indicator Inputs Outputs Securit y Functi ons SSP Acce ss Show module name and version Show module name and version N/A N/A Module name and version informati on None Cryp to Offic er Table 13: Approved Services The table above lists the approved services. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or CSPs involved, and their access type(s). The following convention is used to specify access rights to a CSP: • G = Generate: The module generates or derives the SSP. • R = Read: The SSP is read from the module (e.g., the SSP is output). • W = Write: The SSP is updated, imported, or written to the module. • E = Execute: The module uses the SSP in performing a cryptographic operation. • Z = Zeroise: The module zeroises the SSP. • N/A: the calling application does not access any CSP or key during its operation. The details of the approved cryptographic algorithms including the CAVP certificate numbers can be found in the Approved Algorithm table. In order to check whether it utilizes an approved security function or not, the operator is responsible to invoke the gcry_control() API along with dedicated controls in the form of API input parameters. The module implements the following controls depending on the requested service: 1. GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER - For symmetric algorithms and the related modes. 2. GCRYCTL_FIPS_SERVICE_INDICATOR_KDF - For KDF operations. 3. GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS - For asymmetric operations.1 4. GCRYCTL_FIPS_SERVICE_INDICATOR_MD - For digest operations. 5. GCRYCTL_FIPS_SERVICE_INDICATOR_MAC - For MAC operations. In addition to that, for the below-mentioned services, the approved service indicator corresponds to the GPG_ERR_NO_ERROR returned from listed functions in the indicator column below. They don’t use gcry_control() API: 1. Random number generation service: gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_secure(). 2. Public key validation service: gcry_mpi_ec_curve_point(). 1 The list of public key flags allowed in approved mode of operation is described in Section 4.6 Additional Information. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 39 of 76 For all approved services, GPG_ERR_NO_ERROR (i.e., “0”) return code indicates the service is approved. In case the above-mentioned controls are used in conjunction, the operator is responsible to check that all of the called functions return GPG_ERR_NO_ERROR (i.e., “0”). For all non-approved services, "non-zero" return code indicates the service is not approved. 4.4 Non-Approved Services Name Description Algorithms Role Symmetric encryption/decryption AES encryption/decryption using non- approved AES modes AES-GCM, AES-GCM- SIV, AES-OCB, AES- EAX CO Message digest Non-approved message digest MD5 CO Shared Secret Computation ECDH Shared Secret Computation ECDH CO Key generation with RSA Generate RSA key pairs using public key flags not listed in section 4.6. RSA using public key flags not listed in section 4.6 CO Key generation with ECDSA Generate ECDSA key pairs using public key flags not listed in section 4.6. ECDSA using public key flags not listed in section 4.6 CO Digital signature generation/verification with RSA Generate/verify a signature using RSA Signature generation/verification primitives RSA CO Digital signature generation/verification with ECDSA Generate/verify a signature using ECDSA Signature generation/verification primitives ECDSA CO Asymmetric encryption/decryption Perform encryption/decryption using RSA encryption/decryption primitives RSA CO Table 14: Non-Approved Services The table above lists the non-approved services. For the services listed below, the module implements an additional service indicator in the form of a control named GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. The operator is responsible to invoke the gcry_control() API along with the following input parameters: GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION control; the name of the API2 representing the service. 4.5 External Software/Firmware Loaded The module does not have the capability of loading software or firmware from an external source. 4.6 Additional Information Below are listed the approved public key flags for an input s-expression: 2 The list of APIs supported by the module can be found in the documentation included in the optional libgcrypt-devel package. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 40 of 76 curve d data e ecdsa flags sig-val genkey hash n nbits pkcs1 private-key value pss public-key q r raw rsa salt-length rsa-use-e s Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 41 of 76 5 Software/Firmware Security 5.1 Integrity Techniques The integrity of the module is verified comparing the HMAC-SHA-256 value calculated at run time with the HMAC-SHA-256 value embedded in the module’s ELF header that was computed at build time for each software component of the module. If the HMAC values do not match, the test fails and the module enters the error state. 5.2 Initiate on Demand Integrity tests are performed as part of the Pre-Operational Self-Tests. The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational tests (i.e., integrity test) and cryptographic algorithm self-tests (CASTs). This service can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output or input is possible. In order to verify whether the self-tests have succeeded and the module is in the Operational state, the calling application may invoke the gcry_control(GCRYCTL_OPERATIONAL_P). The function will return TRUE if the module is in the operational state, FALSE if the module is in the Error state. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 42 of 76 6 Operational Environment 6.1 Operational Environment Type and Requirements Type of Operational Environment: Modifiable How Requirements are Satisfied: The module should be compiled and installed as stated in section 11. The user should confirm that the module is installed correctly by running: 1. fips-mode-setup --check command to verify that the system is operating in Approved mode 2. check the output of the gcry_get_config() API, which should output Libgcrypt cryptography module for AlmaLinux 9 1.10.0-9a1db72d64086a2f The module does not support concurrent operators. 6.2 Configuration Settings and Restrictions Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. 6.3 Additional Information The module shall be installed as stated in Section 11. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 43 of 76 7 Physical Security The module is comprised of software only and therefore this section is not applicable. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 44 of 76 8 Non-Invasive Security This module does not implement any non-invasive security mechanism, and therefore this Section is not applicable. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 45 of 76 9 Sensitive Security Parameters Management 9.1 Storage Areas Storage Area Name Description Persistence Type RAM Temporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs Dynamic Table 15: Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in RAM in plaintext form. SSPs are provided to the module by the calling process and are destroyed when released by the appropriate zeroization function calls. 9.2 SSP Input-Output Methods Name From To Format Type Distribution Type Entry Type SFI or Algorithm API input parameters (plaintext) Calling application within TOEPP Cryptographic module Plaintext Manual Electronic API output parameters (plaintext) Cryptographic module Calling application within TOEPP Plaintext Manual Electronic Table 16: SSP Input-Output Methods The module does not support manual SSP entry or intermediate SSP generation output. The SSPs are provided to the module via API input parameters in plaintext form and output via API output parameters in plaintext form within the physical perimeter of the operational environment. This is allowed by [FIPS140-3_IG] 9.5.A, according to the “CM Software to/from App via TOEPP Path” entry on the Key Establishment Table. 9.3 SSP Zeroization Methods Zeroization Method Description Rationale Operator Initiation Wipe and Free memory block allocated Zeroizes the SSPs contained within the cipher handle. Memory occupied by SSPs is overwritten with zeroes and then it is released, which renders the SSP values irretrievable. The completion of the zeroization routine indicates that the zeroization procedure succeeded. By calling the cipher related zeroization API which are the following: gcry_free(), gcry_cipher_close(), gcry_mac_close(), gcry_sexp_release(), gcry_mpi_release(), gcry_ctx_release(), gcry_mpi_point_release(), gcry_ctrl(GCRYCTL_TE RM_SECMEM) Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 46 of 76 Zeroization Method Description Rationale Operator Initiation Automatic Automatically zeroized by the module when no longer needed Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. N/A Module Reset De-allocates the volatile memory used to store SSPs Volatile memory used by the module is overwritten within nanoseconds when power is removed. By unloading and reloading the module Table 17: SSP Zeroization Methods The memory occupied by SSPs is allocated by regular memory allocation operating system calls. The application that is acting as the CO is responsible for calling the appropriate zeroization functions provided in the module's API and listed in the above table. Calling gcry_free(), which will zeroize the SSPs and also invoke the corresponding API functions listed in the above table to zeroize SSPs. The zeroization functions overwrite the memory occupied by SSPs with “zeros” and deallocate the memory with the regular memory deallocation operating system call. In case of abnormal termination, or swap in/out of a physical memory page of a process, the keys in physical memory are overwritten by the Linux kernel before the physical memory is allocated to another process. The completion of a zeroization routine(s) will indicate that a zeroization procedure succeeded. 9.4 SSPs Name Description Size - Strength Type - Category Generated By Established By Used By AES keys AES key used for encryption, decryption, and computing MAC tags AES-XTS: 128, 256; Other modes: 128, 192, 256 - AES-XTS: 128, 256; Other modes: 128, 192, 256 Symmetric key - CSP Symmetric encryption and decryption MAC generation and verification Authenticated symmetric encryption and decryption with AES CCM Symmetric encryption and decryption with AES XTS (for data storage) HMAC keys HMAC key used for 112-256 bits - 112-256 bits Symmetric key - CSP Message authentication Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 47 of 76 Name Description Size - Strength Type - Category Generated By Established By Used By computing MAC tags code with HMAC RSA Private Key Private key used for RSA signature generation 2048, 3072, 4096 bits - 112, 128, 149 bits Private key - CSP Key pair generation with RSA Digital signature generation with RSA RSA Public Key Public key used for RSA signature verification FIPS 186-5: 2048, 3072, 4096 bits bits; FIPS 186-4: 1024 bits; FIPS 186-2: 1536 bits - FIPS 186-5: 112, 128, 149 bits; FIPS 186-4: 80 bits; FIPS 186-2: 96 bits Public key - PSP Key pair generation with RSA Digital signature verification with RSA FIPS 186-4 Digital signature verification with RSA FIPS 186-2 Digital signature verification with RSA ECDSA Private Key Private key used for ECDSA signature generation P-224, P-256, P- 384, P-521 - 112, 128, 192, 256 bits Private key - CSP Key pair generation with ECDSA Public key verification with ECDSA Digital signature generation with ECDSA ECDSA Public Key Public key used for ECDSA signature verification P-224, P-256, P- 384, P-521 - 112, 128, 192, 256 bits Public key - PSP Key pair generation with ECDSA Digital signature verification with ECDSA Password or passphrase Password used to derive symmetric keys Minimum of 8 character - N/A Password - CSP Key derivation with PBKDF Derived key Symmetric key derived from a key derivation key, shared secret, or password 112-4096 bits - 112-256 bits Symmetric key - CSP Key derivation with PBKDF Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 48 of 76 Name Description Size - Strength Type - Category Generated By Established By Used By Entropy Input Entropy input used to seed the DRBG 128-384 bits - 128-384 bits Entropy input - CSP Random number generation DRBG internal state (V value, C value) Internal state of the Hash_DRBG 880, 1776 bits - 128, 256 bits Internal state - CSP Random number generation Random number generation DRBG internal state (V value, Key) Internal state of the CTR_DRBG and HMAC_DRBG CTR_DRBG: 256, 320, 384 bits; HMAC_DRBG: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits Internal state - CSP Random number generation Random number generation DRBG seed DRBG seed derived from entropy input as defined in SP 800-90Ar1 CTR_DRBG: 256, 320, 384 bits; HMAC_DBRG: 440, 888 bits; Hash_DRBG: 440, 888 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits; Hash_DRBG: 128, 256 bits Seed - CSP Random number generation Random number generation Table 18: SSP Table 1 Name Input - Output Storage Storage Duration Zeroization Related SSPs AES keys API input parameters (plaintext) RAM:Plaintext From service invocation to service completion Wipe and Free memory block allocated Module Reset HMAC keys API input parameters (plaintext) RAM:Plaintext From service invocation to service completion Wipe and Free memory block allocated Module Reset RSA Private Key API input parameters RAM:Plaintext From service invocation to Wipe and Free memory block RSA Public Key:Paired With Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 49 of 76 Name Input - Output Storage Storage Duration Zeroization Related SSPs (plaintext) API output parameters (plaintext) service completion allocated Module Reset DRBG internal state (V value, Key):Generated from RSA Public Key API input parameters (plaintext) API output parameters (plaintext) RAM:Plaintext From service invocation to service completion Wipe and Free memory block allocated Module Reset RSA Private Key:Paired With DRBG internal state (V value, C value):Generated from ECDSA Private Key API input parameters (plaintext) API output parameters (plaintext) RAM:Plaintext From service invocation to service completion Wipe and Free memory block allocated Module Reset ECDSA Public Key:Paired With DRBG internal state (V value, C value):Generated from ECDSA Public Key API input parameters (plaintext) API output parameters (plaintext) RAM:Plaintext From service invocation to service completion Wipe and Free memory block allocated Module Reset ECDSA Private Key:Paired With DRBG internal state (V value, C value):Generated from Password or passphrase API input parameters (plaintext) RAM:Plaintext From service invocation to service completion Wipe and Free memory block allocated Module Reset Derived key:Derivation of Derived key API output parameters (plaintext) RAM:Plaintext From service invocation to service completion Wipe and Free memory block allocated Module Reset Password or passphrase:Derived From Entropy Input RAM:Plaintext From service invocation to service completion Automatic DRBG seed:Derivation of DRBG internal state (V value, C value) RAM:Plaintext From service invocation to service completion Automatic DRBG seed:Generated from DRBG internal state (V value, Key) RAM:Plaintext From service invocation to service completion Automatic DRBG seed:Generated from Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 50 of 76 Name Input - Output Storage Storage Duration Zeroization Related SSPs DRBG seed RAM:Plaintext From service invocation to service completion Automatic Entropy Input:Derived From DRBG internal state (V value, C value):Generation of DRBG internal state (V value, Key):Generation of Table 19: SSP Table 2 The tables above summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. 9.5 Transitions The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 51 of 76 10 Self-Tests 10.1 Pre-Operational Self-Tests Algorithm or Test Test Properties Test Method Test Type Indicator Details HMAC- SHA2-256 (A5138) 256-bit key Message authentication SW/FW Integrity Module becomes operational and services are available for use Integrity test for /usr/lib64/libgcrypt.so.20.4.0 HMAC- SHA2-256 (A5139) 256-bit key Message authentication SW/FW Integrity Module becomes operational and services are available for use Integrity test for /usr/lib64/libgcrypt.so.20.4.0 HMAC- SHA2-256 (A5140) 256-bit key Message authentication SW/FW Integrity Module becomes operational and services are available for use Integrity test for /usr/lib64/libgcrypt.so.20.4.0 HMAC- SHA2-256 (A5141) 256-bit key Message authentication SW/FW Integrity Module becomes operational and services are available for use Integrity test for /usr/lib64/libgcrypt.so.20.4.0 HMAC- SHA2-256 (A5142) 256-bit key Message authentication SW/FW Integrity Module becomes operational and services are available for use Integrity test for /usr/lib64/libgcrypt.so.20.4.0 Table 20: Pre-Operational Self-Tests The module performs pre-operational self-tests automatically when the module is becoming available for the consuming application. Pre-operational self-tests ensure that the module is not corrupted. While the module is executing the pre-operational self-tests, services are not available, input and output are inhibited. The module is not available for use by the calling application until the pre-operational self-tests are completed successfully. After the pre-operational self-tests and the CASTs succeed, the module becomes operational. If any of the pre- operational self-tests or any of the CASTs fail an error message is returned, and the module transitions to the error state. 10.2 Conditional Self-Tests Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions SHA-1 (A5137) N/A KAT CAST Module is operational Message digest Power up SHA-1 (A5138) N/A KAT CAST Module is operational Message digest Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 52 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions SHA-1 (A5139) N/A KAT CAST Module is operational Message digest Power up SHA-1 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA-1 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA-1 (A5142) N/A KAT CAST Module is operational Message digest Power up AES-ECB - Encrypt (A5138) 128, 192, 256-bit key KAT CAST Module is operational Encryption Power up AES-ECB - Encrypt (A5139) 128, 192, 256-bit key KAT CAST Module is operational Encryption Power up AES-ECB - Encrypt (A5141) 128, 192, 256-bit key KAT CAST Module is operational Encryption Power up AES-ECB - Encrypt (A5142) 128, 192, 256-bit key KAT CAST Module is operational Encryption Power up AES-ECB - Decrypt (A5138) 128, 192, 256-bit key KAT CAST Module is operational Decryption Power up AES-ECB - Decrypt (A5139) 128, 192, 256-bit key KAT CAST Module is operational Decryption Power up AES-ECB - Decrypt (A5141) 128, 192, 256-bit key KAT CAST Module is operational Decryption Power up AES-ECB - Decrypt (A5142) 128, 192, 256-bit key KAT CAST Module is operational Decryption Power up AES- CMAC (A5138) 128-bit key KAT CAST Module is operational MAC generation Power up AES- CMAC (A5139) 128-bit key KAT CAST Module is operational MAC generation Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 53 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions AES- CMAC (A5141) 128-bit key KAT CAST Module is operational MAC generation Power up AES- CMAC (A5142) 128-bit key KAT CAST Module is operational MAC generation Power up Counter DRBG (A5138) AES with 128-bit key with DF, with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up Counter DRBG (A5139) AES with 128-bit key with DF, with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up Counter DRBG (A5141) AES with 128-bit key with DF, with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up Counter DRBG (A5142) AES with 128-bit key with DF, with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up Hash DRBG (A5138) SHA-1 without PR and SHA-256 with and without PR KAT CAST Module is operation Instantiate Generate; Reseed Generate Power up Hash DRBG (A5139) SHA-1 without PR and SHA-256 with and without PR KAT CAST Module is operation Instantiate Generate; Reseed Generate Power up Hash DRBG (A5140) SHA-1 without PR and SHA-256 with and without PR KAT CAST Module is operation Instantiate Generate; Reseed Generate Power up Hash DRBG (A5141) SHA-1 without PR and SHA-256 with and without PR KAT CAST Module is operation Instantiate Generate; Reseed Generate Power up Hash DRBG (A5142) SHA-1 without PR and SHA-256 with and without PR KAT CAST Module is operation Instantiate Generate; Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 54 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions Reseed Generate HMAC DRBG (A5138) SHA-256 with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up HMAC DRBG (A5139) SHA-256 with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up HMAC DRBG (A5140) SHA-256 with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up HMAC DRBG (A5141) SHA-256 with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up HMAC DRBG (A5142) SHA-256 with and without PR KAT CAST Module is operational Instantiate Generate; Reseed Generate Power up ECDSA SigGen (FIPS186-5) (A5138) P-256 and SHA-256 KAT CAST Module is operational Signature generation and verification Power up ECDSA SigGen (FIPS186-5) (A5139) P-256 and SHA-256 KAT CAST Module is operational Signature generation and verification Power up ECDSA SigGen (FIPS186-5) (A5140) P-256 and SHA-256 KAT CAST Module is operational Signature generation and verification Power up ECDSA SigGen (FIPS186-5) (A5141) P-256 and SHA-256 KAT CAST Module is operational Signature generation and verification Power up ECDSA SigGen P-256 and SHA-256 KAT CAST Module is operational Signature generation and verification Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 55 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions (FIPS186-5) (A5142) ECDSA SigVer (FIPS186-5) (A5138) P-256 and SHA-256 KAT CAST Module is operational Signature verification Power up ECDSA SigVer (FIPS186-5) (A5139) P-256 and SHA-256 KAT CAST Module is operational Signature verification Power up ECDSA SigVer (FIPS186-5) (A5140) P-256 and SHA-256 KAT CAST Module is operational Signature verification Power up ECDSA SigVer (FIPS186-5) (A5141) P-256 and SHA-256 KAT CAST Module is operational Signature verification Power up ECDSA SigVer (FIPS186-5) (A5142) P-256 and SHA-256 KAT CAST Module is operational Signature verification Power up HMAC- SHA2-224 (A5138) SHA2-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-224 (A5139) SHA2-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-224 (A5140) SHA2-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-224 (A5141) SHA2-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-224 (A5142) SHA2-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-256 (A5138) SHA2-256 KAT CAST Module is operational Message authentication Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 56 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions HMAC- SHA2-256 (A5139) SHA2-256 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-256 (A5140) SHA2-256 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-256 (A5141) SHA2-256 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-256 (A5142) SHA2-256 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-384 (A5138) SHA2-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-384 (A5139) SHA2-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-384 (A5140) SHA2-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-384 (A5141) SHA2-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-384 (A5142) SHA2-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-512 (A5138) SHA2-512 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-512 (A5139) SHA2-512 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-512 (A5140) SHA2-512 KAT CAST Module is operational Message authentication Power up HMAC- SHA2-512 (A5141) SHA2-512 KAT CAST Module is operational Message authentication Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 57 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions HMAC- SHA2-512 (A5142) SHA2-512 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-224 (A5140) SHA3-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-224 (A5141) SHA3-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-224 (A5142) SHA3-224 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-256 (A5140) SHA3-256 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-256 (A5141) SHA3-256 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-256 (A5142) SHA3-256 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-384 (A5140) SHA3-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-384 (A5141) SHA3-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-384 (A5142) SHA3-384 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-512 (A5140) SHA3-512 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-512 (A5141) SHA3-512 KAT CAST Module is operational Message authentication Power up HMAC- SHA3-512 (A5142) SHA3-512 KAT CAST Module is operational Message authentication Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 58 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions HMAC- SHA-1 (A5137) SHA-1 KAT CAST Module is operational Message authentication Power up HMAC- SHA-1 (A5138) SHA-1 KAT CAST Module is operational Message authentication Power up HMAC- SHA-1 (A5139) SHA-1 KAT CAST Module is operational Message authentication Power up HMAC- SHA-1 (A5140) SHA-1 KAT CAST Module is operational Message authentication Power up HMAC- SHA-1 (A5141) SHA-1 KAT CAST Module is operational Message authentication Power up HMAC- SHA-1 (A5142) SHA-1 KAT CAST Module is operational Message authentication Power up RSA SigGen (FIPS186-5) (A5138) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature generation Power up RSA SigGen (FIPS186-5) (A5139) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature generation Power up RSA SigGen (FIPS186-5) (A5140) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature generation Power up RSA SigGen (FIPS186-5) (A5141) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature generation Power up RSA SigGen (FIPS186-5) (A5142) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature generation Power up RSA SigVer (FIPS186-5) (A5138) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature verification Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 59 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions RSA SigVer (FIPS186-5) (A5139) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature verification Power up RSA SigVer (FIPS186-5) (A5140) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature verification Power up RSA SigVer (FIPS186-5) (A5141) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature verification Power up RSA SigVer (FIPS186-5) (A5142) RSA PKCS#1 v1.5 with 2048-bit key using SHA-256 KAT CAST Module is operational Signature verification Power up SHA2-224 (A5138) N/A KAT CAST Module is operational Message digest Power up SHA2-224 (A5139) N/A KAT CAST Module is operational Message digest Power up SHA2-224 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA2-224 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA2-224 (A5142) N/A KAT CAST Module is operational Message digest Power up SHA2-256 (A5138) N/A KAT CAST Module is operational Message digest Power up SHA2-256 (A5139) N/A KAT CAST Module is operational Message digest Power up SHA2-256 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA2-256 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA2-256 (A5142) N/A KAT CAST Module is operational Message digest Power up SHA2-384 (A5138) N/A KAT CAST Module is operational Message digest Power up SHA2-384 (A5139) N/A KAT CAST Module is operational Message digest Power up SHA2-384 (A5140) N/A KAT CAST Module is operational Message digest Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 60 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions SHA2-384 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA2-384 (A5142) N/A KAT CAST Module is operational Message digest Power up SHA2-512 (A5138) N/A KAT CAST Module is operational Message digest Power up SHA2-512 (A5139) N/A KAT CAST Module is operational Message digest Power up SHA2-512 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA2-512 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA2-512 (A5142) N/A KAT CAST Module is operational Message digest Power up SHA3-224 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA3-224 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA3-224 (A5142) N/A KAT CAST Module is operational Message digest Power up SHA3-256 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA3-256 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA3-256 (A5142) N/A KAT CAST Module is operational Message digest Power up SHA3-384 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA3-384 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA3-384 (A5142) N/A KAT CAST Module is operational Message digest Power up SHA3-512 (A5140) N/A KAT CAST Module is operational Message digest Power up SHA3-512 (A5141) N/A KAT CAST Module is operational Message digest Power up SHA3-512 (A5142) N/A KAT CAST Module is operational Message digest Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 61 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions PBKDF (A5138) SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits KAT CAST Module is operational Key Derivation Power up PBKDF (A5139) SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits KAT CAST Module is operational Key Derivation Power up PBKDF (A5140) SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits KAT CAST Module is operational Key Derivation Power up PBKDF (A5141) SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration KAT CAST Module is operational Key Derivation Power up Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 62 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions count of 4096, and salt length of 288 bits PBKDF (A5142) SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits KAT CAST Module is operational Key Derivation Power up ECDSA KeyGen (FIPS186-5) (A5138) Respective Curve and SHA2-256 Signature generation and verification PCT Module is operational Sign and Verify Key generation ECDSA KeyGen (FIPS186-5) (A5139) Respective Curve and SHA2-256 Signature generation and verification PCT Module is operational Sign and Verify Key generation ECDSA KeyGen (FIPS186-5) (A5140) Respective Curve and SHA2-256 Signature generation and verification PCT Module is operational Sign and Verify Key generation ECDSA KeyGen (FIPS186-5) (A5141) Respective Curve and SHA2-256 Signature generation and verification PCT Module is operational Sign and Verify Key generation ECDSA KeyGen (FIPS186-5) (A5142) Respective Curve and SHA2-256 Signature generation and verification PCT Module is operational Sign and Verify Key generation RSA KeyGen (FIPS186-5) (A5138) SHA2-256 and respective keys Signature generation and verification PCT Module is operational Sign and Verify Key generation RSA KeyGen (FIPS186-5) (A5139) SHA2-256 and respective keys Signature generation and verification PCT Module is operational Sign and Verify Key generation Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 63 of 76 Algorithm or Test Test Properties Test Method Test Type Indicator Details Conditions RSA KeyGen (FIPS186-5) (A5140) SHA2-256 and respective keys Signature generation and verification PCT Module is operational Sign and Verify Key generation RSA KeyGen (FIPS186-5) (A5141) SHA2-256 and respective keys Signature generation and verification PCT Module is operational Sign and Verify Key generation RSA KeyGen (FIPS186-5) (A5142) SHA2-256 and respective keys Signature generation and verification PCT Module is operational Sign and Verify Key generation Table 21: Conditional Self-Tests 10.3 Periodic Self-Test Information Algorithm or Test Test Method Test Type Period Periodic Method HMAC-SHA2-256 (A5138) Message authentication SW/FW Integrity On demand Manually HMAC-SHA2-256 (A5139) Message authentication SW/FW Integrity On demand Manually HMAC-SHA2-256 (A5140) Message authentication SW/FW Integrity On demand Manually HMAC-SHA2-256 (A5141) Message authentication SW/FW Integrity On demand Manually HMAC-SHA2-256 (A5142) Message authentication SW/FW Integrity On demand Manually Table 22: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method SHA-1 (A5137) KAT CAST On demand Manually SHA-1 (A5138) KAT CAST On demand Manually SHA-1 (A5139) KAT CAST On demand Manually SHA-1 (A5140) KAT CAST On demand Manually SHA-1 (A5141) KAT CAST On demand Manually SHA-1 (A5142) KAT CAST On demand Manually AES-ECB - Encrypt (A5138) KAT CAST On demand Manually AES-ECB - Encrypt (A5139) KAT CAST On demand Manually Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 64 of 76 Algorithm or Test Test Method Test Type Period Periodic Method AES-ECB - Encrypt (A5141) KAT CAST On demand Manually AES-ECB - Encrypt (A5142) KAT CAST On demand Manually AES-ECB - Decrypt (A5138) KAT CAST On demand Manually AES-ECB - Decrypt (A5139) KAT CAST On demand Manually AES-ECB - Decrypt (A5141) KAT CAST On demand Manually AES-ECB - Decrypt (A5142) KAT CAST On demand Manually AES-CMAC (A5138) KAT CAST On demand Manually AES-CMAC (A5139) KAT CAST On demand Manually AES-CMAC (A5141) KAT CAST On demand Manually AES-CMAC (A5142) KAT CAST On demand Manually Counter DRBG (A5138) KAT CAST On demand Manually Counter DRBG (A5139) KAT CAST On demand Manually Counter DRBG (A5141) KAT CAST On demand Manually Counter DRBG (A5142) KAT CAST On demand Manually Hash DRBG (A5138) KAT CAST On demand Manually Hash DRBG (A5139) KAT CAST On demand Manually Hash DRBG (A5140) KAT CAST On demand Manually Hash DRBG (A5141) KAT CAST On demand Manually Hash DRBG (A5142) KAT CAST On demand Manually HMAC DRBG (A5138) KAT CAST On demand Manually Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 65 of 76 Algorithm or Test Test Method Test Type Period Periodic Method HMAC DRBG (A5139) KAT CAST On demand Manually HMAC DRBG (A5140) KAT CAST On demand Manually HMAC DRBG (A5141) KAT CAST On demand Manually HMAC DRBG (A5142) KAT CAST On demand Manually ECDSA SigGen (FIPS186-5) (A5138) KAT CAST On demand Manually ECDSA SigGen (FIPS186-5) (A5139) KAT CAST On demand Manually ECDSA SigGen (FIPS186-5) (A5140) KAT CAST On demand Manually ECDSA SigGen (FIPS186-5) (A5141) KAT CAST On demand Manually ECDSA SigGen (FIPS186-5) (A5142) KAT CAST On demand Manually ECDSA SigVer (FIPS186-5) (A5138) KAT CAST On demand Manually ECDSA SigVer (FIPS186-5) (A5139) KAT CAST On demand Manually ECDSA SigVer (FIPS186-5) (A5140) KAT CAST On demand Manually ECDSA SigVer (FIPS186-5) (A5141) KAT CAST On demand Manually ECDSA SigVer (FIPS186-5) (A5142) KAT CAST On demand Manually HMAC-SHA2-224 (A5138) KAT CAST On demand Manually Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 66 of 76 Algorithm or Test Test Method Test Type Period Periodic Method HMAC-SHA2-224 (A5139) KAT CAST On demand Manually HMAC-SHA2-224 (A5140) KAT CAST On demand Manually HMAC-SHA2-224 (A5141) KAT CAST On demand Manually HMAC-SHA2-224 (A5142) KAT CAST On demand Manually HMAC-SHA2-256 (A5138) KAT CAST On demand Manually HMAC-SHA2-256 (A5139) KAT CAST On demand Manually HMAC-SHA2-256 (A5140) KAT CAST On demand Manually HMAC-SHA2-256 (A5141) KAT CAST On demand Manually HMAC-SHA2-256 (A5142) KAT CAST On demand Manually HMAC-SHA2-384 (A5138) KAT CAST On demand Manually HMAC-SHA2-384 (A5139) KAT CAST On demand Manually HMAC-SHA2-384 (A5140) KAT CAST On demand Manually HMAC-SHA2-384 (A5141) KAT CAST On demand Manually HMAC-SHA2-384 (A5142) KAT CAST On demand Manually HMAC-SHA2-512 (A5138) KAT CAST On demand Manually HMAC-SHA2-512 (A5139) KAT CAST On demand Manually HMAC-SHA2-512 (A5140) KAT CAST On demand Manually HMAC-SHA2-512 (A5141) KAT CAST On demand Manually HMAC-SHA2-512 (A5142) KAT CAST On demand Manually HMAC-SHA3-224 (A5140) KAT CAST On demand Manually Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 67 of 76 Algorithm or Test Test Method Test Type Period Periodic Method HMAC-SHA3-224 (A5141) KAT CAST On demand Manually HMAC-SHA3-224 (A5142) KAT CAST On demand Manually HMAC-SHA3-256 (A5140) KAT CAST On demand Manually HMAC-SHA3-256 (A5141) KAT CAST On demand Manually HMAC-SHA3-256 (A5142) KAT CAST On demand Manually HMAC-SHA3-384 (A5140) KAT CAST On demand Manually HMAC-SHA3-384 (A5141) KAT CAST On demand Manually HMAC-SHA3-384 (A5142) KAT CAST On demand Manually HMAC-SHA3-512 (A5140) KAT CAST On demand Manually HMAC-SHA3-512 (A5141) KAT CAST On demand Manually HMAC-SHA3-512 (A5142) KAT CAST On demand Manually HMAC-SHA-1 (A5137) KAT CAST On demand Manually HMAC-SHA-1 (A5138) KAT CAST On demand Manually HMAC-SHA-1 (A5139) KAT CAST On demand Manually HMAC-SHA-1 (A5140) KAT CAST On demand Manually HMAC-SHA-1 (A5141) KAT CAST On demand Manually HMAC-SHA-1 (A5142) KAT CAST On demand Manually RSA SigGen (FIPS186-5) (A5138) KAT CAST On demand Manually RSA SigGen (FIPS186-5) (A5139) KAT CAST On demand Manually Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 68 of 76 Algorithm or Test Test Method Test Type Period Periodic Method RSA SigGen (FIPS186-5) (A5140) KAT CAST On demand Manually RSA SigGen (FIPS186-5) (A5141) KAT CAST On demand Manually RSA SigGen (FIPS186-5) (A5142) KAT CAST On demand Manually RSA SigVer (FIPS186-5) (A5138) KAT CAST On demand Manually RSA SigVer (FIPS186-5) (A5139) KAT CAST On demand Manually RSA SigVer (FIPS186-5) (A5140) KAT CAST On demand Manually RSA SigVer (FIPS186-5) (A5141) KAT CAST On demand Manually RSA SigVer (FIPS186-5) (A5142) KAT CAST On demand Manually SHA2-224 (A5138) KAT CAST On demand Manually SHA2-224 (A5139) KAT CAST On demand Manually SHA2-224 (A5140) KAT CAST On demand Manually SHA2-224 (A5141) KAT CAST On demand Manually SHA2-224 (A5142) KAT CAST On demand Manually SHA2-256 (A5138) KAT CAST On demand Manually SHA2-256 (A5139) KAT CAST On demand Manually SHA2-256 (A5140) KAT CAST On demand Manually SHA2-256 (A5141) KAT CAST On demand Manually SHA2-256 (A5142) KAT CAST On demand Manually SHA2-384 (A5138) KAT CAST On demand Manually SHA2-384 (A5139) KAT CAST On demand Manually SHA2-384 (A5140) KAT CAST On demand Manually SHA2-384 (A5141) KAT CAST On demand Manually SHA2-384 (A5142) KAT CAST On demand Manually Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 69 of 76 Algorithm or Test Test Method Test Type Period Periodic Method SHA2-512 (A5138) KAT CAST On demand Manually SHA2-512 (A5139) KAT CAST On demand Manually SHA2-512 (A5140) KAT CAST On demand Manually SHA2-512 (A5141) KAT CAST On demand Manually SHA2-512 (A5142) KAT CAST On demand Manually SHA3-224 (A5140) KAT CAST On demand Manually SHA3-224 (A5141) KAT CAST On demand Manually SHA3-224 (A5142) KAT CAST On demand Manually SHA3-256 (A5140) KAT CAST On demand Manually SHA3-256 (A5141) KAT CAST On demand Manually SHA3-256 (A5142) KAT CAST On demand Manually SHA3-384 (A5140) KAT CAST On demand Manually SHA3-384 (A5141) KAT CAST On demand Manually SHA3-384 (A5142) KAT CAST On demand Manually SHA3-512 (A5140) KAT CAST On demand Manually SHA3-512 (A5141) KAT CAST On demand Manually SHA3-512 (A5142) KAT CAST On demand Manually PBKDF (A5138) KAT CAST On demand Manually PBKDF (A5139) KAT CAST On demand Manually PBKDF (A5140) KAT CAST On demand Manually PBKDF (A5141) KAT CAST On demand Manually PBKDF (A5142) KAT CAST On demand Manually ECDSA KeyGen (FIPS186-5) (A5138) Signature generation and verification PCT On demand Manually ECDSA KeyGen (FIPS186-5) (A5139) Signature generation and verification PCT On demand Manually ECDSA KeyGen (FIPS186-5) (A5140) Signature generation and verification PCT On demand Manually ECDSA KeyGen (FIPS186-5) (A5141) Signature generation and verification PCT On demand Manually ECDSA KeyGen (FIPS186-5) (A5142) Signature generation and verification PCT On demand Manually Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 70 of 76 Algorithm or Test Test Method Test Type Period Periodic Method RSA KeyGen (FIPS186-5) (A5138) Signature generation and verification PCT On demand Manually RSA KeyGen (FIPS186-5) (A5139) Signature generation and verification PCT On demand Manually RSA KeyGen (FIPS186-5) (A5140) Signature generation and verification PCT On demand Manually RSA KeyGen (FIPS186-5) (A5141) Signature generation and verification PCT On demand Manually RSA KeyGen (FIPS186-5) (A5142) Signature generation and verification PCT On demand Manually Table 23: Conditional Periodic Information This information can be found in Section 5.2. 10.4 Error States Name Description Conditions Recovery Method Indicator Error State The module will return an error code to indicate the error and will enter the Error state. Any further cryptographic operation is inhibited. Failure of pre- operational tests or conditional tests. The error can be recovered by a restart (i.e., powering off and powering on) of the module. An error message related to the cause of the failure (e.g. GPG_ERR_SELFTEST_FAILED). Fatal Error state The module will abort and will not be available. Random numbers are requested in the error state or cipher operations are requested on a deallocated handle. The error can be recovered by a restart (i.e., powering off and powering on) of the module. The module is aborted Table 24: Error States When the module fails any pre-operational self-test or conditional test, the module will return an error code to indicate the error and will enter the Error state. Any further cryptographic operation is inhibited. The calling application can obtain the module state by calling the gcry_control(GCRYCTL_OPERATIONAL_P) API function. The function returns FALSE if the module is in the Error state, TRUE if the module is in the Operational state. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 71 of 76 In the Error state, all data output is inhibited, and no cryptographic operation is allowed. The error can be recovered by a restart (i.e., powering off and powering on) of the module. If random numbers are requested while the module is in Error state, or if cipher operations are requested on a deallocated handle the module will transition to Fatal Error state, the module will abort and will not be available. 10.5 Operator Initiation of Self-Tests The software integrity tests and the CASTs can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. The PCTs can be invoked on demand by requesting the Key Generation service. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 72 of 76 11 Life-Cycle Assurance 11.1 Installation, Initialization, and Startup Procedures The Crypto Officer can install the libgcrypt-1.10.0-11.el9_2.tuxcare.1 RPM package of the Module using standard tools recommended for the installation of RPM packages on an Almalinux system (for example, DNF or RPM). The integrity of the RPM package is automatically verified during the installation, and the Crypto Officer shall not install the RPM package if there is any integrity error. Before the RPM package of the module is installed, the Almalinux 9 system must operate in Approved mode. This can be achieved by: • Starting the installation in Approved mode. Add the fips=1 option to the kernel command line during the system installation. During the software selection stage, do not install any third-party software. • Switching the system into Approved mode after the installation. Execute the fips-mode-setup --enable command. Restart the system. The Crypto Officer must verify the system operates in Approved mode by executing the fips-mode-setup -- check command, which should output “FIPS mode is enabled.” After installation of the RPM package of the module, the operator needs to check the output of the gcry_get_config() API, which should include the following name and version: Libgcrypt cryptography module for AlmaLinux 9 1.10.0-9a1db72d64086a2f Once libgcrypt has been put into Approved mode, it is not possible to switch back to standard mode without terminating the process first. If the logging verbosity level of libgcrypt has been set to at least 2, the state transitions and the self-tests are logged. 11.2 Administrator Guidance All the functions, ports and logical interfaces described in this document are available to the Crypto Officer. The user must not call malloc/free to create/release space for keys, let libgcrypt manage space for keys, which will ensure that the key memory is overwritten before it is released. gcry_control(GCRYCTL_TERM_SECMEM) needs to be called before the process is terminated. 11.3 Non-Administrator Guidance The module implements only the Crypto Officer. There are no requirements for non-administrator guidance. 11.4 End of Life For secure sanitization of the cryptographic module, the module must first to be powered off, which will zeroize all keys and CSPs in volatile memory. Then, for actual deprecation, the module shall be upgraded to a newer version that is FIPS 140-3 validated. The module does not possess persistent storage of SSPs, so further sanitization steps are not required. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 73 of 76 12 Mitigation of Other Attacks 12.1 Attack List RSA timing attacks. 12.2 Mitigation Effectiveness RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. By default, the module uses the following blinding technique: instead of using the RSA decryption directly, a blinded value y = x re mod n is decrypted and the unblinded value x' = y' r−1 mod n returned. The blinding value r is a random value with the size of the modulus n. Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 74 of 76 Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter Mode DRBG Deterministic Random Bit Generator ECB Electronic Code Book FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode HMAC Hash Message Authentication Code KAT Known Answer Test KW AES Key Wrap MAC Message Authentication Code NIST National Institute of Science and Technology PAA Processor Algorithm Acceleration PAI Processor Algorithm Implementation PR Prediction Resistance PSP Public Security Parameter PSS Probabilistic Signature Scheme RNG Random Number Generator RSA Rivest, Shamir, Adleman SHA Secure Hash Algorithm SSP Sensitive Security Parameter XTS XEX-based Tweaked-codebook mode with cipher text Stealing Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 75 of 76 Appendix B. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program January 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation- program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS186-2 Digital Signature Standard (DSS) January 2000 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf FIPS186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS186-5 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP800-38B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/detail/sp/800-38b/final SP800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf SP800-38E NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP800-38F NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf SP800-52rev2 NIST Special Publication 800-52 – Revision 2 - Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations Libgcrypt cryptography module for AlmaLinux 9 FIPS 140-3 Non-Proprietary Security Policy © 2025 Cloudlinux Inc., TuxCare division, atsec information security. This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 76 of 76 August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf SP800-56Arev3 NIST Special Publication 800-56A – Revision 3 - Recommendation for Pair-Wise Key- Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf SP800-56Crev2 NIST Special Publication 800-56C – Revision 2 - Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf SP800-90Arev1 NIST Special Publication 800-90A – Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP800-108rev1 NIST Special Publication 800-108 – Revision 1 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-upd1.pdf SP800-132 NIST Special Publication 800-132 - Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf SP800-133rev2 NIST Special Publication 800-133 – Revision 2 - Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf SP800-135rev1 NIST Special Publication 800-135 – Revision 1 – Recommendation for Existing Application- Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf SP800-140Br1 NIST Special Publication 800-140B – Revision 1 - CMVP Security Policy Requirements November 2023 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Br1.pdf