This page was not yet optimized for use on mobile devices.
Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module
Certificate #4794
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-128, AES-192, AES-256, AES-, CAST, HMAC, KMAC, CMACAsymmetric Algorithms
RSA-OAEP, ECDH, ECDSA, ECC, DHE, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, PBKDF2, PBKDFSchemes
MAC, Key Exchange, Key AgreementProtocols
SSH, TLS v1.2, TLS v1.3, TLS 1.2, TLS, TLS 1.3, IKERandomness
DRBG, RBGLibraries
OpenSSLElliptic Curves
P-224, P-256, P-384, P-521, P-192, curve P-192, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, B-163, K-163Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSTrusted Execution Environments
PSP, SSCSecurity level
Level 1Side-channel analysis
Fault InductionStandards
FIPS 140-3, FIPS PUB 140-3, FIPS186-4, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS 186-5, FIPS 197, SP 800-132, SP 800-38A, SP 800-38C, SP 800-38B, SP 800-38F, SP 800-38E, SP 800-38D, SP 800-56A, SP 800-135, SP 800-185, SP 800-56C, SP 800-90A, SP 800-108, SP 800-90B, SP 800-140B, PKCS 1, PKCS#1, RFC7627, RFC 5288, RFC8446, RFC 8446, RFC 4253, RFC 6668, RFC 3526, RFC 7919File metadata
| Author | Hawes, David J. (Fed) |
|---|---|
| Creation date | D:20240905220705+00'00' |
| Modification date | D:20240905220705+00'00' |
| Pages | 105 |
| Creator | Microsoft Word |
References
Incoming- 4911 - active - Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module
Heuristics ?
No heuristics are available for this certificate.
References ?
Updates ?
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
09.12.2024 The certificate data changed.
Certificate changed
The computed heuristics were updated.
- The policy_processed_references property was updated, with the
{'directly_referenced_by': {'_type': 'Set', 'elements': ['4911']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4911']}}data. - The module_processed_references property was updated, with the
{'directly_referenced_by': {'_type': 'Set', 'elements': ['4911']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4911']}}data.
- The policy_processed_references property was updated, with the
-
14.10.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
- The certificate_pdf_url property was set to
-
16.09.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4794,
"dgst": "4f41b6fdedda792a",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC-SHA2-512A4005",
"Safe Primes Key GenerationA3992",
"HMAC-SHA3-384A3979",
"SHA3-224A3979",
"Counter DRBGA3970",
"RSA SigVer (FIPS186-4)A4005",
"HMAC-SHA2-512/256A4005",
"KAS-FFC-SSC Sp800-56Ar3A3992",
"SHA2-512/224A4005",
"KDF SSHA3987",
"AES-CCMA3982",
"Hash DRBGA3970",
"AES-CMACA3982",
"TLS v1.2 KDF RFC7627A4005",
"ECDSA SigVer (FIPS186-4)A4005",
"Safe Primes Key VerificationA3992",
"HMAC-SHA-1A4005",
"AES-CBC-CS1A3982",
"SHAKE-128A3979",
"AES-CBCA3982",
"AES-CBC-CS3A3982",
"ECDSA KeyGen (FIPS186-4)A4005",
"HMAC DRBGA3970",
"AES-OFBA3982",
"AES-ECBA3987",
"AES-CFB1A3982",
"AES-KWPA3982",
"RSA SigGen (FIPS186-4)A4005",
"SHA-1A4005",
"SHA3-256A3979",
"AES-CTRA3982",
"SHA2-224A4005",
"AES-KWA3982",
"TLS v1.3 KDFA3969",
"AES-GMACA4002",
"KDA HKDF Sp800-56Cr1A3969",
"SHAKE-256A3979",
"PBKDFA4005",
"SHA2-512A4005",
"KDF ANS 9.42A4005",
"HMAC-SHA2-512/224A4005",
"SHA3-384A3979",
"KAS-ECC-SSC Sp800-56Ar3A4005",
"ECDSA SigGen (FIPS186-4)A4005",
"KDF ANS 9.63A4005",
"SHA2-384A4005",
"HMAC-SHA3-512A3979",
"SHA3-512A3979",
"AES-CFB8A3982",
"KMAC-256A3979",
"RSA KeyGen (FIPS186-4)A4005",
"AES-CBC-CS2A3982",
"KMAC-128A3979",
"ECDSA KeyVer (FIPS186-4)A4005",
"AES-GCMA4002",
"HMAC-SHA2-224A4005",
"KDA OneStep SP800-56Cr2A3965",
"AES-CFB128A3982",
"HMAC-SHA2-384A4005",
"HMAC-SHA3-256A3979",
"HMAC-SHA3-224A3979",
"HMAC-SHA2-256A4005",
"SHA2-256A4005",
"SHA2-512/256A4005",
"KDF SP800-108A3991",
"AES-XTS Testing Revision 2.0A3982"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"22.04"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 6
},
"ECDSA": {
"ECDSA": 165
}
},
"FF": {
"DH": {
"DH": 31,
"DHE": 1,
"Diffie-Hellman": 7
},
"DSA": {
"DSA": 6
}
},
"RSA": {
"RSA-OAEP": 4
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CCM": {
"CCM": 2
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 1
},
"GCM": {
"GCM": 18
},
"OFB": {
"OFB": 1
},
"XTS": {
"XTS": 8
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 112
}
},
"crypto_protocol": {
"IKE": {
"IKE": 6
},
"SSH": {
"SSH": 43
},
"TLS": {
"TLS": {
"TLS": 22,
"TLS 1.2": 5,
"TLS 1.3": 5,
"TLS v1.2": 36,
"TLS v1.3": 6
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"KEX": {
"Key Exchange": 2
},
"MAC": {
"MAC": 17
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-163": 3,
"B-233": 37,
"B-283": 7,
"B-409": 12,
"B-571": 13,
"K-163": 4,
"K-233": 12,
"K-283": 12,
"K-409": 12,
"K-571": 14,
"P-192": 24,
"P-224": 140,
"P-256": 112,
"P-384": 98,
"P-521": 98,
"curve P-192": 2
}
},
"eval_facility": {
"atsec": {
"atsec": 107
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"- PKCS 1": 14,
"AES-128": 8,
"AES-192": 7,
"AES-256": 9,
"HMAC-SHA-1": 24,
"PKCS 1": 14,
"PKCS#1": 44,
"SHA-1": 68,
"SHA-3": 1,
"SHA2-224": 42,
"SHA2-256": 139,
"SHA2-384": 56,
"SHA2-512": 70,
"SHA3- 256": 1,
"SHA3-224": 17,
"SHA3-256": 21,
"SHA3-384": 17,
"SHA3-512": 18
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 41,
"PBKDF2": 5
},
"SHA": {
"SHA1": {
"SHA-1": 68
},
"SHA3": {
"SHA-3": 1,
"SHA3-224": 17,
"SHA3-256": 21,
"SHA3-384": 17,
"SHA3-512": 18
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 41
},
"RNG": {
"RBG": 2
}
},
"side_channel_analysis": {
"FI": {
"Fault Induction": 2
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 117,
"FIPS 180-4": 51,
"FIPS 186-4": 70,
"FIPS 186-5": 1,
"FIPS 197": 1,
"FIPS 198-1": 63,
"FIPS 202": 19,
"FIPS PUB 140-3": 2,
"FIPS186-4": 235
},
"NIST": {
"SP 800-108": 1,
"SP 800-132": 17,
"SP 800-135": 31,
"SP 800-140B": 1,
"SP 800-185": 6,
"SP 800-38A": 78,
"SP 800-38B": 8,
"SP 800-38C": 8,
"SP 800-38D": 33,
"SP 800-38E": 9,
"SP 800-38F": 16,
"SP 800-56A": 11,
"SP 800-56C": 2,
"SP 800-90A": 3,
"SP 800-90B": 1
},
"PKCS": {
"PKCS 1": 14,
"PKCS#1": 22
},
"RFC": {
"RFC 3526": 3,
"RFC 4253": 1,
"RFC 5288": 3,
"RFC 6668": 1,
"RFC 7919": 3,
"RFC 8446": 2,
"RFC7627": 28,
"RFC8446": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 47,
"AES-": 4,
"AES-128": 8,
"AES-192": 7,
"AES-256": 9
},
"CAST": {
"CAST": 318
}
},
"constructions": {
"MAC": {
"CMAC": 2,
"HMAC": 20,
"KMAC": 10
}
}
},
"tee_name": {
"AMD": {
"PSP": 3
},
"IBM": {
"SSC": 3
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Hawes, David J. (Fed)",
"/CreationDate": "D:20240905220705+00\u002700\u0027",
"/Creator": "Microsoft Word",
"/ModDate": "D:20240905220705+00\u002700\u0027",
"pdf_file_size_bytes": 1362809,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr1.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf",
"http://www.canonical.com/",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
"https://webstore.ansi.org/standards/ascx9/ansix9632001",
"http://www.ietf.org/rfc/rfc3447.txt",
"http://www.atsec.com/",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://webstore.ansi.org/standards/ascx9/ansix9422001",
"https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf",
"https://www.ietf.org/rfc/rfc3526.txt",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
"https://www.ietf.org/rfc/rfc8446.txt",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf",
"https://www.ietf.org/rfc/rfc5288.txt",
"https://www.ietf.org/rfc/rfc7919.txt",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
"https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf",
"https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 105
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "dc886b6b29fdb6f4305b569a2fb1c73430d0db47939aa10b7dcae93b08abd49d",
"policy_txt_hash": "06df15eaed036a34888a949cfa0c21412c489e031e0c88c8ee008ca8063f1b7a"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation; When operated in approved mode; When installed, initialized and configured as specified in Section 11 of the Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
"date_sunset": "2026-09-10",
"description": "The Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module provides a C language application program interface (API) for use by other applications that require cryptographic functionality.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "3.0.5-0ubuntu0.1+Fips2.1",
"tested_conf": [
"Ubuntu 22.04 on IBM z15 with IBM z15 processor with PAI",
"Ubuntu 22.04 on IBM z15 with IBM z15 processor without PAI",
"Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor with PAA",
"Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor without PAA",
"Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor with PAA",
"Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-09-11",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
}
],
"vendor": "Canonical Ltd.",
"vendor_url": "http://www.canonical.com"
}
}