© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
SUSE LLC
SUSE Linux Enterprise OpenSSL 3 Cryptographic
Module
FIPS 140-3 Non-Proprietary Security Policy
Prepared by:
atsec information security corporation
4516 Seton Center Pkwy, Suite 250
Austin, TX 78759 Document version: 1.2
www.atsec.com Last update: 15-12-2025
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 2 of 150
Table of Contents
1 General................................................................................................................................... 6
1.1 Overview.......................................................................................................................... 6
1.1.1 How this Security Policy was prepared ................................................................ 6
1.2 Security Levels ................................................................................................................ 6
2 Cryptographic Module Specification ...................................................................................... 8
2.1 Description....................................................................................................................... 8
2.2 Tested and Vendor Affirmed Module Version and Identification..................................... 9
2.3 Excluded Components................................................................................................... 13
2.4 Modes of Operation ....................................................................................................... 13
2.5 Algorithms ..................................................................................................................... 14
2.6 Security Function Implementations............................................................................... 50
2.7 Algorithm Specific Information ...................................................................................... 65
2.7.1 AES GCM IV ............................................................................................................. 65
2.7.2 AES XTS................................................................................................................... 65
2.7.3 Key Derivation using SP 800-132 PBKDF2.............................................................. 65
2.7.4 SP 800-56A Rev. 3 Assurances ............................................................................... 66
2.7.5 SHA-3 ...................................................................................................................... 66
2.7.6 RSA Signatures........................................................................................................ 66
2.7.7 RSA Key Agreement................................................................................................ 67
2.7.8 Compliance to SP 800-56Br2 Assurances............................................................... 67
2.7.9 Key Transport and Key Agreement......................................................................... 67
2.7.10 SHA-1 Use ............................................................................................................. 67
2.8 RBG and Entropy ........................................................................................................... 67
2.9 Key Generation.............................................................................................................. 68
2.10 Key Establishment....................................................................................................... 68
2.11 Industry Protocols........................................................................................................ 69
3 Cryptographic Module Interfaces......................................................................................... 70
3.1 Ports and Interfaces....................................................................................................... 70
4 Roles, Services, and Authentication .................................................................................... 71
4.1 Authentication Methods................................................................................................. 71
4.2 Roles .............................................................................................................................. 71
4.3 Approved Services......................................................................................................... 71
4.4 Non-Approved Services ................................................................................................. 84
4.5 External Software/Firmware Loaded ............................................................................. 85
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 3 of 150
5 Software/Firmware Security................................................................................................. 86
5.1 Integrity Techniques...................................................................................................... 86
5.2 Initiate on Demand........................................................................................................ 86
6 Operational Environment ..................................................................................................... 87
6.1 Operational Environment Type and Requirements....................................................... 87
6.2 Configuration Settings and Restrictions........................................................................ 87
7 Physical Security .................................................................................................................. 88
8 Non-Invasive Security .......................................................................................................... 89
9 Sensitive Security Parameters Management ....................................................................... 90
9.1 Storage Areas ................................................................................................................ 90
9.2 SSP Input-Output Methods ............................................................................................ 90
9.3 SSP Zeroization Methods............................................................................................... 90
9.4 SSPs ............................................................................................................................... 92
9.5 Transitions ................................................................................................................... 103
10 Self-Tests.......................................................................................................................... 104
10.1 Pre-Operational Self-Tests......................................................................................... 104
10.2 Conditional Self-Tests................................................................................................ 106
10.3 Periodic Self-Test Information ................................................................................... 127
10.4 Error States................................................................................................................ 139
10.5 Operator Initiation of Self-Tests ................................................................................ 140
11 Life-Cycle Assurance ........................................................................................................ 141
11.1 Installation, Initialization, and Startup Procedures ................................................... 141
11.2 Administrator Guidance............................................................................................. 141
11.3 Non-Administrator Guidance ..................................................................................... 142
11.4 End of Life.................................................................................................................. 142
12 Mitigation of Other Attacks .............................................................................................. 143
12.1 Attack List.................................................................................................................. 143
Appendix A. Glossary and Abbreviations .............................................................................. 144
Appendix B. References ........................................................................................................ 146
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 4 of 150
List of Tables
Table 1: Security Levels ......................................................... Error! Bookmark not defined.
Table 2: Tested Module Identification – Hardware................. Error! Bookmark not defined.
Table 3: Tested Module Identification – Software/Firmware/Hybrid (Executable Code Sets)
............................................................................................... Error! Bookmark not defined.
Table 4: Tested Module Identification – Hybrid Disjoint Hardware........ Error! Bookmark not
defined.
Table 5: Tested Operational Environments - Software, Firmware, Hybrid ....Error! Bookmark
not defined.
Table 6: Vendor Affirmed Operational Environments - Software, Firmware, Hybrid........Error!
Bookmark not defined.
Table 7: Modes List and Description ...................................... Error! Bookmark not defined.
Table 8: Approved Algorithms................................................ Error! Bookmark not defined.
Table 9: Vendor Affirmed Algorithms..................................... Error! Bookmark not defined.
Table 10: Non-Approved, Allowed Algorithms ....................... Error! Bookmark not defined.
Table 11: Non-Approved, Allowed Algorithms with No Security Claimed ......Error! Bookmark
not defined.
Table 12: Non-Approved, Not Allowed Algorithms................. Error! Bookmark not defined.
Table 13: Security Function Implementations ....................... Error! Bookmark not defined.
Table 14: Entropy Certificates................................................ Error! Bookmark not defined.
Table 15: Entropy Sources ..................................................... Error! Bookmark not defined.
Table 16: Key Generation....................................................... Error! Bookmark not defined.
Table 17: Key Agreement....................................................... Error! Bookmark not defined.
Table 18: Key Transport......................................................... Error! Bookmark not defined.
Table 19: Ports and Interfaces ............................................... Error! Bookmark not defined.
Table 20: Authentication Methods ......................................... Error! Bookmark not defined.
Table 21: Roles....................................................................... Error! Bookmark not defined.
Table 22: Approved Services ................................................. Error! Bookmark not defined.
Table 23: Non-Approved Services.......................................... Error! Bookmark not defined.
Table 24: Mechanisms and Actions Required ........................ Error! Bookmark not defined.
Table 25: EFP/EFT Information ............................................... Error! Bookmark not defined.
Table 26: Hardness Testing Temperatures............................ Error! Bookmark not defined.
Table 27: Storage Areas......................................................... Error! Bookmark not defined.
Table 28: SSP Input-Output.................................................... Error! Bookmark not defined.
Table 29: SSP Zeroization Methods........................................ Error! Bookmark not defined.
Table 30: SSP Information First.............................................. Error! Bookmark not defined.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 5 of 150
Table 31: SSP Information Second......................................... Error! Bookmark not defined.
Table 32: Pre-Operational Self-Tests...................................... Error! Bookmark not defined.
Table 33: Conditional Self-Tests............................................. Error! Bookmark not defined.
Table 34: Pre-Operational Periodic Information..................... Error! Bookmark not defined.
Table 35: Conditional Periodic Information............................ Error! Bookmark not defined.
Table 36: Error States ............................................................ Error! Bookmark not defined.
List of Figures
Figure 1: Block Diagram............................................................................................................ 9
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 6 of 150
1 General
1.1 Overview
This document is the non-proprietary FIPS 140-3 Security Policy for version 1.0 of the SUSE
Linux Enterprise OpenSSL 3 Cryptographic Module. It contains the security rules under which
the module must operate and describes how this module meets the requirements as
specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for
an overall Security Level 1 module.
This Non-Proprietary Security Policy may be reproduced and distributed, but only whole and
intact and including this notice. Other documentation is proprietary to their authors.
1.1.1 How this Security Policy was prepared
In preparing the Security Policy document, the laboratory formatted the vendor-supplied
documentation for consolidation without altering the technical statements therein contained.
The further refining of the Security Policy document was conducted iteratively throughout
the conformance testing, wherein the Security Policy was submitted to the vendor, who
would then edit, modify, and add technical contents. The vendor would also supply
additional documentation, which the laboratory formatted into the existing Security Policy,
and resubmitted to the vendor for their final editing.
1.2 Security Levels
Section Title Security Level
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security N/A
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks 1
Overall Level 1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 7 of 150
Table 1: Security Levels
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 8 of 150
2 Cryptographic Module Specification
2.1 Description
Purpose and Use:
The SUSE Linux Enterprise OpenSSL 3 Cryptographic Module (hereafter referred to as “the
module”) is defined as a software module in a multi-chip standalone embodiment. It
provides a C language application program interface (API) for use by other applications that
require cryptographic functionality. The module is a software library supporting FIPS 140-3
approved algorithms developed by SUSE LLC for its use by other applications that require
cryptographic functionality and consists of one software component, the “FIPS provider”,
which implements the FIPS requirements and the cryptographic functionality provided to the
operator.
Module Type: Software
Module Embodiment: Multi-Chip Standalone
Cryptographic Boundary:
The cryptographic boundary of the module is defined as the fips.so shared library, which
contains the compiled code implementing the FIPS provider.
Tested Operational Environment’s Physical Perimeter (TOEPP):
The TOEPP of the module is defined as the general-purpose computer on which the module
is installed.
Figure 1 shows a block diagram that represents the design of the module when the module
is operational and providing services to other user space applications. In this diagram, the
physical perimeter of the operational environment (a general-purpose computer on which
the module is installed) is indicated by a purple dashed line. The cryptographic boundary is
represented by the components painted in orange blocks, which consists only of the shared
library implementing the FIPS provider (fips.so).
The “Data/Control Input” and “Data/Status Output” arrows indicate the flow of data between
the cryptographic module and its operator application, through the logical interfaces defined
in Section 3 Cryptographic Module Interfaces.
Components in white are only included in the diagram for informational purposes. They are
not included in the cryptographic boundary (and therefore not part of the module’s
validation). For example, the kernel is responsible for managing system calls issued by the
module itself, as well as other applications using the module for cryptographic services.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 9 of 150
Figure 1: Block Diagram
2.2 Tested and Vendor Affirmed Module Version and
Identification
Tested Module Identification – Hardware:
N/A for this module.
Tested Module Identification – Software, Firmware, Hybrid (Executable Code
Sets):
Package or File
Name
Software/
Firmware Version
Features Integrity Test
fips.so on SUSE
Linux Enterprise
Server 15 SP6 and
AMD EPYC™ 7343
1.0 N/A HMAC-SHA2-256
fips.so on SUSE
Linux Enterprise
Server 15 SP6 and
Intel® Xeon® Gold
5416S
1.0 N/A HMAC-SHA2-256
fips.so on SUSE
Linux Enterprise
Server 15 SP6 and
IBM® Telum™
1.0 N/A HMAC-SHA2-256
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 10 of 150
Package or File
Name
Software/
Firmware Version
Features Integrity Test
fips.so on SUSE
Linux Enterprise
Server 15 SP6 and
Ampere® Altra®
Q80-30
1.0 N/A HMAC-SHA2-256
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)
Tested Module Identification – Hybrid Disjoint Hardware:
N/A for this module.
Tested Operational Environments - Software, Firmware, Hybrid:
Operating
System
Hardware
Platform
Processors PAA/PAI Hypervisor
or Host OS
Version(s)
SUSE Linux
Enterprise
Server 15
SP6
SuperMicro
SuperChassis
825BTQC-
R1K23LPB and
Motherboard
H12DSi-NT6
AMD EPYC™
7343
Yes N/A 1.0
SUSE Linux
Enterprise
Server 15
SP6
SuperMicro
SuperChassis
825BTQC-
R1K23LPB and
Motherboard
H12DSi-NT6
AMD EPYC™
7343
No N/A 1.0
SUSE Linux
Enterprise
Server 15
SP6
GIGABYTE R152-
P30
Ampere®
Altra® Q80-
30
Yes N/A 1.0
SUSE Linux
Enterprise
Server 15
SP6
GIGABYTE R152-
P30
Ampere®
Altra® Q80-
30
No N/A 1.0
SUSE Linux
Enterprise
Server 15
SP6
IBM z16 A01 IBM®
Telum™
Yes N/A 1.0
SUSE Linux
Enterprise
IBM z16 A01 IBM®
Telum™
No N/A 1.0
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 11 of 150
Operating
System
Hardware
Platform
Processors PAA/PAI Hypervisor
or Host OS
Version(s)
Server 15
SP6
SUSE Linux
Enterprise
Server 15
SP6
ASUS RS700-E11-
RS4U
Intel®
Xeon® Gold
5416S
Yes N/A 1.0
SUSE Linux
Enterprise
Server 15
SP6
ASUS RS700-E11-
RS4U
Intel®
Xeon® Gold
5416S
No N/A 1.0
Table 3: Tested Operational Environments - Software, Firmware, Hybrid
Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid:
Operating System Hardware Platform
SUSE Linux Enterprise Server
for SAP 15SP6
ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Desktop
15SP6
ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Base
Container Image 15SP6
ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Server
for SAP 15SP6
SuperMicro SuperChassis 825BTQCR1K23LPB and
Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Desktop
15SP6
SuperMicro SuperChassis 825BTQCR1K23LPB and
Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Base
Container Image 15SP6
SuperMicro SuperChassis 825BTQCR1K23LPB and
Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Server
for SAP 15SP6
IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Base
Container Image 15SP6
IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Server
15SP6
IBM LinuxONE III Model LT1 QEMU VM on z15
SUSE Linux Enterprise Base
Container Image 15SP6
IBM LinuxONE III Model LT1 QEMU VM on z15
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 12 of 150
Operating System Hardware Platform
SUSE Linux Enterprise Server
Real Time 15SP6
QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Server
for SAP 15SP6
QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Base
Container Image 15SP6
QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Server
15SP6
QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Desktop
15SP6
QEMU VM on Intel® i7-1195G7
SUSE Linux Enterprise Base
Container Image 15SP6
GIGABYTE R152-P30 on Ampere® Altra® Q80-30
SUSE Linux Enterprise Server
for SAP 15SP6
QEMU VM on Ampere® Altra® Q80-30
SUSE Linux Enterprise Base
Container Image 15SP6
QEMU VM on Ampere® Altra® Q80-30
SUSE Linux Enterprise Server
15SP6
QEMU VM on Ampere® Altra® Q80-30
SUSE Linux Enterprise Server
15SP6
QEMU VM on Intel® Xeon® Gold 6338
SUSE Linux Enterprise Server
for SAP 15SP6
QEMU VM on Intel® Xeon® Gold 5218R
SUSE Linux Enterprise Server
for SAP 15SP7
ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Server
for SAP 15SP7
SuperMicro SuperChassis 825BTQCR1K23LPB and
Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Desktop
15SP7
ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Desktop
15SP7
SuperMicro SuperChassis 825BTQCR1K23LPB and
Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Base
Container Image 15SP7
ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 13 of 150
Operating System Hardware Platform
SUSE Linux Enterprise Base
Container Image 15SP7
SuperMicro SuperChassis 825BTQCR1K23LPB and
Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Base
Container Image 15SP7
GIGABYTE R152-P30 on Ampere® Altra® Q80-30
SUSE Linux Enterprise Base
Container Image 15SP7
IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Base
Container Image 15SP7
IBM LinuxONE III Model LT1 on z15
SUSE Linux Enterprise Server
15SP7
IBM LinuxONE III Model LT1 on z15
SUSE Linux Enterprise Server
15SP7
IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Server
15SP7
ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Server
15SP7
SuperMicro SuperChassis 825BTQCR1K23LPB and
Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Server
15SP7
GIGABYTE R152-P30 on Ampere® Altra® Q80-30
Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid
The module is considered to maintain compliance with the FIPS 140-3 validation for SUSE
products when operating on any general-purpose platform/processor that supports the SUSE
Linux Enterprise Server operating system per the vendor affirmation from SUSE based on
the allowance FIPS 140-3 management manual [FIPS140-3_MM] section 7.9.1 bullet 1 a i).
CMVP makes no statement as to the correct operation of the module or the security
strengths of the generated keys when so ported if the specific operational environment is
not listed on the validation certificate.
2.3 Excluded Components
There are no components excluded from the requirements of the FIPS 140-3 standard.
2.4 Modes of Operation
Modes List and Description:
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 14 of 150
Mode Name Description Type Status Indicator
Approved
mode
Automatically entered whenever
an approved service is requested
Approved Equivalent to the
indicator of the
requested service
Non-
approved
mode
Automatically entered whenever
a non-approved service is
requested
Non-
Approved
Equivalent to the
indicator of the
requested service
Table 5: Modes List and Description
After passing all pre-operational self-tests and cryptographic algorithm self-tests executed
on start-up, the module automatically transitions to the approved mode. No operator
intervention is required to reach this point. The module operates in the approved mode of
operation by default and can only transition into the non-approved mode by calling one of
the non-approved services listed in the Non-Approved Services table of the Security Policy.
In the operational state, the module accepts service requests from calling applications
through its logical interfaces. At any point in the operational state, a calling application can
end its process, causing the module to end its operation.
Mode Change Instructions and Status:
The module automatically switches between the approved and non-approved modes
depending on the services requested by the operator. The status indicator of the mode of
operation is equivalent to the indicator of the service that was requested.
2.5 Algorithms
Approved Algorithms:
Algorithm CAVP
Cert
Properties Reference
AES-CBC A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 15 of 150
Algorithm CAVP
Cert
Properties Reference
AES-CBC A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS1 A5398 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS1 A5399 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS1 A5400 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS1 A5401 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS1 A5402 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS1 A5403 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS1 A5658 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS2 A5398 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS2 A5399 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS2 A5400 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS2 A5401 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS2 A5402 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS2 A5403 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS2 A5658 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS3 A5398 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 16 of 150
Algorithm CAVP
Cert
Properties Reference
AES-CBC-CS3 A5399 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS3 A5400 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS3 A5401 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS3 A5402 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS3 A5403 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC-CS3 A5658 Direction - decrypt, encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CCM A5398 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A5399 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A5400 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A5401 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A5402 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A5403 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A5658 Key Length - 128, 192, 256 SP 800-38C
AES-CFB1 A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB1 A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB1 A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB1 A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB1 A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 17 of 150
Algorithm CAVP
Cert
Properties Reference
AES-CFB1 A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB1 A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 18 of 150
Algorithm CAVP
Cert
Properties Reference
AES-CMAC A5398 Capabilities -
Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A5399 Capabilities -
Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A5400 Capabilities -
Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A5401 Capabilities -
Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A5402 Capabilities -
Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A5403 Capabilities -
Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A5658 Capabilities -
Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CTR A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 19 of 150
Algorithm CAVP
Cert
Properties Reference
AES-ECB A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5884 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5893 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5894 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5895 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5896 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A5900 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A5870 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5871 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 20 of 150
Algorithm CAVP
Cert
Properties Reference
AES-GCM A5872 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5873 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5874 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5875 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5880 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5881 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5882 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5886 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5887 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5888 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 21 of 150
Algorithm CAVP
Cert
Properties Reference
AES-GCM A5903 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5904 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GCM A5905 Direction - Decrypt, Encrypt
IV Generation - External, Internal
Key Length - 128, 192, 256
IV Generation Mode - 8.2.2
SP 800-38D
AES-GMAC A5870 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5871 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5872 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5873 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5874 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5875 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5880 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5881 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 22 of 150
Algorithm CAVP
Cert
Properties Reference
AES-GMAC A5882 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5886 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5887 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5888 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5903 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5904 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-GMAC A5905 Direction - Decrypt, Encrypt
IV Generation - External
Key Length - 128, 192, 256
SP 800-38D
AES-KW A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 23 of 150
Algorithm CAVP
Cert
Properties Reference
AES-KWP A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-OFB A5398 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A5399 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A5400 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A5401 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A5402 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A5403 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A5658 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-XTS
Testing
Revision 2.0
A5398 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS
Testing
Revision 2.0
A5399 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 24 of 150
Algorithm CAVP
Cert
Properties Reference
AES-XTS
Testing
Revision 2.0
A5400 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS
Testing
Revision 2.0
A5401 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS
Testing
Revision 2.0
A5402 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS
Testing
Revision 2.0
A5403 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS
Testing
Revision 2.0
A5658 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
Counter DRBG A5397 Prediction Resistance - No, Yes
Capabilities -
Mode - AES-128
Derivation Function Enabled - Yes
SP 800-90A
Rev. 1
ECDSA
KeyGen
(FIPS186-5)
A5868 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA
KeyGen
(FIPS186-5)
A5876 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA
KeyGen
(FIPS186-5)
A5877 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA
KeyGen
(FIPS186-5)
A5878 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA
KeyGen
(FIPS186-5)
A5879 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA
KeyGen
(FIPS186-5)
A5883 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 25 of 150
Algorithm CAVP
Cert
Properties Reference
ECDSA
KeyGen
(FIPS186-5)
A5889 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA
KeyVer
(FIPS186-5)
A5868 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA
KeyVer
(FIPS186-5)
A5876 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA
KeyVer
(FIPS186-5)
A5877 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA
KeyVer
(FIPS186-5)
A5878 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA
KeyVer
(FIPS186-5)
A5879 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA
KeyVer
(FIPS186-5)
A5883 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA
KeyVer
(FIPS186-5)
A5889 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5868 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Component - No, Yes
FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5869 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
Component - No, Yes
FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5876 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Component - No, Yes
FIPS 186-5
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 26 of 150
Algorithm CAVP
Cert
Properties Reference
ECDSA
SigGen
(FIPS186-5)
A5877 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Component - No, Yes
FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5878 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Component - No, Yes
FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5879 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Component - No, Yes
FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5883 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Component - No, Yes
FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5885 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
Component - No, Yes
FIPS 186-5
ECDSA
SigGen
(FIPS186-5)
A5889 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Component - No, Yes
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5868 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5869 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5876 Capabilities -
Curve - P-224, P-256, P-384, P-521
FIPS 186-5
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 27 of 150
Algorithm CAVP
Cert
Properties Reference
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
ECDSA SigVer
(FIPS186-5)
A5877 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5878 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5879 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5883 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5885 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A5889 Capabilities -
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
FIPS 186-5
Hash DRBG A5397 Prediction Resistance - No, Yes
Capabilities -
Mode - SHA-1
SP 800-90A
Rev. 1
HMAC DRBG A5397 Prediction Resistance - No, Yes
Capabilities -
Mode - SHA-1
SP 800-90A
Rev. 1
HMAC-SHA-1 A5868 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA-1 A5876 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA-1 A5877 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 28 of 150
Algorithm CAVP
Cert
Properties Reference
HMAC-SHA-1 A5878 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA-1 A5879 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA-1 A5883 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA-1 A5889 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
224
A5868 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
224
A5876 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
224
A5877 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
224
A5878 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
224
A5879 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
224
A5883 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
224
A5889 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
256
A5864 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
256
A5868 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
256
A5876 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
256
A5877 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
256
A5878 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 29 of 150
Algorithm CAVP
Cert
Properties Reference
HMAC-SHA2-
256
A5879 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
256
A5883 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
256
A5889 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
384
A5868 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
384
A5876 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
384
A5877 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
384
A5878 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
384
A5879 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
384
A5883 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
384
A5889 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512
A5868 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512
A5876 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512
A5877 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512
A5878 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512
A5879 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512
A5883 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 30 of 150
Algorithm CAVP
Cert
Properties Reference
HMAC-SHA2-
512
A5889 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/224
A5868 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/224
A5876 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/224
A5877 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/224
A5878 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/224
A5879 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/224
A5883 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/224
A5889 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/256
A5868 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/256
A5876 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/256
A5877 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/256
A5878 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/256
A5879 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/256
A5883 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-
512/256
A5889 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA3-
224
A5869 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 31 of 150
Algorithm CAVP
Cert
Properties Reference
HMAC-SHA3-
224
A5885 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA3-
256
A5869 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA3-
256
A5885 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA3-
384
A5869 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA3-
384
A5885 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA3-
512
A5869 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA3-
512
A5885 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC
Sp800-56Ar3
A5868 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-ECC-SSC
Sp800-56Ar3
A5876 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-ECC-SSC
Sp800-56Ar3
A5877 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-ECC-SSC
Sp800-56Ar3
A5878 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-ECC-SSC
Sp800-56Ar3
A5879 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
SP 800-56A
Rev. 3
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 32 of 150
Algorithm CAVP
Cert
Properties Reference
ephemeralUnified -
KAS Role - initiator, responder
KAS-ECC-SSC
Sp800-56Ar3
A5883 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-ECC-SSC
Sp800-56Ar3
A5889 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-FFC-SSC
Sp800-56Ar3
A5898 Domain Parameter Generation Methods -
ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,
ffdhe8192, MODP-2048, MODP-3072, MODP-
4096, MODP-6144, MODP-8192
Scheme -
dhEphem -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-IFC-SSC A5868 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KAS1 -
KAS Role - initiator, responder
KAS2 -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-IFC-SSC A5876 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KAS1 -
KAS Role - initiator, responder
KAS2 -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-IFC-SSC A5877 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KAS1 -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 33 of 150
Algorithm CAVP
Cert
Properties Reference
KAS2 -
KAS Role - initiator, responder
KAS-IFC-SSC A5878 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KAS1 -
KAS Role - initiator, responder
KAS2 -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-IFC-SSC A5879 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KAS1 -
KAS Role - initiator, responder
KAS2 -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-IFC-SSC A5883 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KAS1 -
KAS Role - initiator, responder
KAS2 -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-IFC-SSC A5889 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KAS1 -
KAS Role - initiator, responder
KAS2 -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF
SP800-56Cr2
A5863 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-8192 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-
512
SP 800-56C
Rev. 2
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 34 of 150
Algorithm CAVP
Cert
Properties Reference
KDA OneStep
SP800-56Cr2
A5897 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
SP 800-56C
Rev. 2
KDA TwoStep
SP800-56Cr2
A5897 Capabilities -
MAC Salting Methods - default, random
KDF Mode - feedback
Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
SP 800-56C
Rev. 2
KDF ANS 9.42
(CVL)
A5868 KDF Type - DER
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.42
(CVL)
A5869 KDF Type - DER
Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.42
(CVL)
A5876 KDF Type - DER
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.42
(CVL)
A5877 KDF Type - DER
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.42
(CVL)
A5878 KDF Type - DER
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.42
(CVL)
A5879 KDF Type - DER
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256
SP 800-135
Rev. 1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 35 of 150
Algorithm CAVP
Cert
Properties Reference
Key Data Length - Key Data Length: 112-4096
Increment 8
KDF ANS 9.42
(CVL)
A5883 KDF Type - DER
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.42
(CVL)
A5885 KDF Type - DER
Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.42
(CVL)
A5889 KDF Type - DER
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512, SHA2-512/224, SHA2-
512/256
Key Data Length - Key Data Length: 112-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5868 Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5869 Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5876 Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5877 Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5878 Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 36 of 150
Algorithm CAVP
Cert
Properties Reference
KDF ANS 9.63
(CVL)
A5879 Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5883 Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5885 Hash Algorithm - SHA3-224, SHA3-256, SHA3-
384, SHA3-512
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF ANS 9.63
(CVL)
A5889 Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512, SHA2-512/224, SHA2-512/256
Key Data Length - Key Data Length: 128-4096
Increment 8
SP 800-135
Rev. 1
KDF SP800-
108
A5899 Capabilities -
KDF Mode - Counter
Supported Lengths - Supported Lengths: 112-
4096 Increment 8
SP 800-108
Rev. 1
KDF SSH
(CVL)
A5884 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF SSH
(CVL)
A5893 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF SSH
(CVL)
A5894 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF SSH
(CVL)
A5895 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF SSH
(CVL)
A5896 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF SSH
(CVL)
A5900 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 37 of 150
Algorithm CAVP
Cert
Properties Reference
KTS-IFC A5868 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KTS-OAEP-basic -
KAS Role - initiator, responder
Key Transport Method -
Key Length - 768
SP 800-56B
Rev. 2
KTS-IFC A5876 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KTS-OAEP-basic -
KAS Role - initiator, responder
Key Transport Method -
Key Length - 768
SP 800-56B
Rev. 2
KTS-IFC A5877 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KTS-OAEP-basic -
KAS Role - initiator, responder
Key Transport Method -
Key Length - 768
SP 800-56B
Rev. 2
KTS-IFC A5878 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KTS-OAEP-basic -
KAS Role - initiator, responder
Key Transport Method -
Key Length - 768
SP 800-56B
Rev. 2
KTS-IFC A5879 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KTS-OAEP-basic -
KAS Role - initiator, responder
Key Transport Method -
Key Length - 768
SP 800-56B
Rev. 2
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 38 of 150
Algorithm CAVP
Cert
Properties Reference
KTS-IFC A5883 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KTS-OAEP-basic -
KAS Role - initiator, responder
Key Transport Method -
Key Length - 768
SP 800-56B
Rev. 2
KTS-IFC A5889 Modulo - 2048, 3072, 4096, 6144, 8192
Key Generation Methods - rsakpg1-basic,
rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic,
rsakpg2-crt, rsakpg2-prime-factor
Scheme -
KTS-OAEP-basic -
KAS Role - initiator, responder
Key Transport Method -
Key Length - 768
SP 800-56B
Rev. 2
PBKDF A5868 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
PBKDF A5869 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
PBKDF A5876 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
PBKDF A5877 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
PBKDF A5878 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 39 of 150
Algorithm CAVP
Cert
Properties Reference
PBKDF A5879 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
PBKDF A5883 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
PBKDF A5885 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
PBKDF A5889 Capabilities -
Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 8-128
Increment 1
SP 800-132
RSA KeyGen
(FIPS186-5)
A5868 Capabilities -
Key Generation Mode - probableWithProbableAux
Properties -
Modulo - 2048
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A5876 Capabilities -
Key Generation Mode - probableWithProbableAux
Properties -
Modulo - 2048
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A5877 Capabilities -
Key Generation Mode - probableWithProbableAux
Properties -
Modulo - 2048
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A5878 Capabilities -
Key Generation Mode - probableWithProbableAux
Properties -
Modulo - 2048
FIPS 186-5
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 40 of 150
Algorithm CAVP
Cert
Properties Reference
Primality Tests - 2powSecStr
Private Key Format - standard
RSA KeyGen
(FIPS186-5)
A5879 Capabilities -
Key Generation Mode - probableWithProbableAux
Properties -
Modulo - 2048
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A5883 Capabilities -
Key Generation Mode - probableWithProbableAux
Properties -
Modulo - 2048
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A5889 Capabilities -
Key Generation Mode - probableWithProbableAux
Properties -
Modulo - 2048
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5868 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5869 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5876 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5877 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5878 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 41 of 150
Algorithm CAVP
Cert
Properties Reference
RSA SigGen
(FIPS186-5)
A5879 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5883 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5885 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigGen
(FIPS186-5)
A5889 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-2)
A5868 Capabilities -
Signature Type - PKCSPSS
Properties -
Modulo - 1536
FIPS 186-4
RSA SigVer
(FIPS186-2)
A5876 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1536
FIPS 186-4
RSA SigVer
(FIPS186-2)
A5877 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1536
FIPS 186-4
RSA SigVer
(FIPS186-2)
A5878 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1536
FIPS 186-4
RSA SigVer
(FIPS186-2)
A5879 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1536
FIPS 186-4
RSA SigVer
(FIPS186-2)
A5883 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1536
FIPS 186-4
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 42 of 150
Algorithm CAVP
Cert
Properties Reference
RSA SigVer
(FIPS186-2)
A5889 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1536
FIPS 186-4
RSA SigVer
(FIPS186-4)
A5868 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1024
FIPS 186-4
RSA SigVer
(FIPS186-4)
A5876 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1024
FIPS 186-4
RSA SigVer
(FIPS186-4)
A5877 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1024
FIPS 186-4
RSA SigVer
(FIPS186-4)
A5878 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1024
FIPS 186-4
RSA SigVer
(FIPS186-4)
A5879 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1024
FIPS 186-4
RSA SigVer
(FIPS186-4)
A5883 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1024
FIPS 186-4
RSA SigVer
(FIPS186-4)
A5889 Capabilities -
Signature Type - PKCS 1.5
Properties -
Modulo - 1024
FIPS 186-4
RSA SigVer
(FIPS186-5)
A5868 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-5)
A5869 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 43 of 150
Algorithm CAVP
Cert
Properties Reference
RSA SigVer
(FIPS186-5)
A5876 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-5)
A5877 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-5)
A5878 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-5)
A5879 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-5)
A5883 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-5)
A5885 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
RSA SigVer
(FIPS186-5)
A5889 Capabilities -
Properties -
Modulo - 2048
Signature Type - pkcs1v1.5
FIPS 186-5
Safe Primes
Key
Generation
A5898 Safe Prime Groups - ffdhe2048, ffdhe3072,
ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048,
MODP-3072, MODP-4096, MODP-6144, MODP-
8192
SP 800-56A
Rev. 3
Safe Primes
Key
Verification
A5898 Safe Prime Groups - ffdhe2048, ffdhe3072,
ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048,
MODP-3072, MODP-4096, MODP-6144, MODP-
8192
SP 800-56A
Rev. 3
SHA-1 A5868 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 44 of 150
Algorithm CAVP
Cert
Properties Reference
SHA-1 A5876 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA-1 A5877 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA-1 A5878 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA-1 A5879 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA-1 A5883 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA-1 A5889 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A5868 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A5876 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A5877 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A5878 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A5879 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A5883 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 45 of 150
Algorithm CAVP
Cert
Properties Reference
SHA2-224 A5889 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5864 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5868 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5876 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5877 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5878 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5879 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5883 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A5889 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A5868 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A5876 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A5877 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 46 of 150
Algorithm CAVP
Cert
Properties Reference
SHA2-384 A5878 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A5879 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A5883 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A5889 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A5868 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A5876 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A5877 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A5878 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A5879 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A5883 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A5889 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A5868 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 47 of 150
Algorithm CAVP
Cert
Properties Reference
SHA2-512/224 A5876 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A5877 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A5878 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A5879 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A5883 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A5889 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A5868 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A5876 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A5877 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A5878 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A5879 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A5883 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 48 of 150
Algorithm CAVP
Cert
Properties Reference
SHA2-512/256 A5889 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA3-224 A5869 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-224 A5885 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-256 A5869 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-256 A5885 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-384 A5869 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-384 A5885 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-512 A5869 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-512 A5885 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHAKE-128 A5869 Output Length - Output Length: 16-65536
Increment 8
FIPS 202
SHAKE-128 A5885 Output Length - Output Length: 16-65536
Increment 8
FIPS 202
SHAKE-256 A5869 Output Length - Output Length: 16-65536
Increment 8
FIPS 202
SHAKE-256 A5885 Output Length - Output Length: 16-65536
Increment 8
FIPS 202
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 49 of 150
Algorithm CAVP
Cert
Properties Reference
TLS v1.2 KDF
RFC7627
(CVL)
A5868 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135
Rev. 1
TLS v1.2 KDF
RFC7627
(CVL)
A5876 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135
Rev. 1
TLS v1.2 KDF
RFC7627
(CVL)
A5877 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135
Rev. 1
TLS v1.2 KDF
RFC7627
(CVL)
A5878 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135
Rev. 1
TLS v1.2 KDF
RFC7627
(CVL)
A5879 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135
Rev. 1
TLS v1.2 KDF
RFC7627
(CVL)
A5883 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135
Rev. 1
TLS v1.2 KDF
RFC7627
(CVL)
A5889 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135
Rev. 1
TLS v1.3 KDF
(CVL)
A5863 HMAC Algorithm - SHA2-256, SHA2-384
KDF Running Modes - DHE, PSK, PSK-DHE
SP 800-135
Rev. 1
Table 6: Approved Algorithms
Vendor-Affirmed Algorithms:
Name Properties Implementation Reference
Asymmetric Cryptographic
Key Generation (CKG)
N/A SP 800-133 Rev. 2,
section 4, example 1
Table 7: Vendor-Affirmed Algorithms
Non-Approved, Allowed Algorithms:
N/A for this module.
The module does not implement non-approved algorithms that are allowed in the approved
mode of operation.
Non-Approved, Allowed Algorithms with No Security Claimed:
N/A for this module.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 50 of 150
The module does not implement non-approved algorithms that are allowed in the approved
mode of operation with no security claimed.
Non-Approved, Not Allowed Algorithms:
Name Use and Function
AES GCM (external IV) Authentication Encryption
HMAC (< 112-bit keys) Message Authentication Code
KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42
KDF, ANS X9.63 KDF (< 112-bit keys)
Key Derivation
KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256) Key Derivation
ANS X9.42 KDF (SHAKE128, SHAKE256) Key Derivation
ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) Key Derivation
SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128,
SHAKE256)
Key Derivation
TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA-
512/256, SHA-3)
TLS Key Derivation
TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224,
SHA-512/256, SHA-3)
TLS Key Derivation
PBKDF2 (< 8 characters password; < 128 salt length; <
1000 iterations; < 112-bit keys)
Password-based Key
Derivation
RSA and ECDSA (pre-hashed message) Signature generation;
Signature verification
RSA-PSS (invalid salt length: FIPS 186-5, section 5.4,
item(g))
Signature generation;
Signature verification
Table 8: Non-Approved, Not Allowed Algorithms
The table above lists all non-approved cryptographic algorithms of the module employed by
the non-approved services of the Non-Approved Services table in Section 4.4 Non-Approved
Services.
2.6 Security Function Implementations
Name Type Description Properties Algorithms
Symmetric
Encryption with
AES
BC-UnAuth Symmetric
encryption
using AES
AES-ECB: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CBC:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 51 of 150
Name Type Description Properties Algorithms
AES-CBC: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CBC-CS1:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CBC-CS2:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CBC-CS3:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CFB1: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CFB128:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CFB8: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CTR: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-OFB: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-XTS Testing
Revision 2.0:
256-, 512-bit
keys with 128,
256 bits of
security strength
AES-CBC-CS1:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CBC-CS2:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CBC-CS3:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CFB1:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CFB128:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CFB8:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CTR:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-ECB:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658, A5884,
A5893, A5894,
A5895, A5896,
A5900)
AES-OFB:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-XTS
Testing
Revision 2.0:
(A5398, A5399,
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 52 of 150
Name Type Description Properties Algorithms
A5400, A5401,
A5402, A5403,
A5658)
Symmetric
Decryption with
AES
BC-UnAuth Symmetric
decryption
using AES
AES-ECB: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CBC: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CBC-CS1:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CBC-CS2:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CBC-CS3:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CFB1: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CFB128:
128-, 192-, 256-
bit keys with 128,
192, 256 bits of
security strength
AES-CFB8: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-CTR: 128-,
192-, 256-bit
keys with 128,
192, 256 bits of
security strength
AES-OFB: 128-,
192-, 256-bit
keys with 128,
AES-CBC:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CBC-CS1:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CBC-CS2:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CBC-CS3:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CFB1:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CFB128:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CFB8:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-CTR:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-ECB:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658, A5884,
A5893, A5894,
A5895, A5896,
A5900)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 53 of 150
Name Type Description Properties Algorithms
192, 256 bits of
security strength
AES-XTS Testing
Revision 2.0:
256-, 512-bit
keys with 128,
256 bits of
security strength
AES-OFB:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-XTS
Testing
Revision 2.0:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
Key Derivation
with KDA
OneStep
KAS-56CKDF Key Derivation
using KDA
OneStep
MACs: (HMAC)
SHA-1, SHA-224,
SHA-256, SHA-
384, SHA-512,
SHA-512/224,
SHA-512/256,
SHA3-224, SHA3-
256, SHA3-384,
SHA3-512
Shared secret
length: 224-8192
bits
Security
strength: 112-
256 bits
KDA OneStep
SP800-56Cr2:
(A5897)
Key Derivation
with KDA
TwoStep
KAS-56CKDF Key Derivation
using KDA
TwoStep
Modes: feedback
MACs: (HMAC)
SHA-1, SHA-224,
SHA-256, SHA-
384, SHA-512,
SHA-512/224,
SHA-512/256,
SHA3-224, SHA3-
256, SHA3-384,
SHA3-512
Shared secret
length: 224-8192
bits
Security
strength: 112-
256 bits
KDA TwoStep
SP800-56Cr2:
(A5897)
Key Derivation
with X9.42 KDF
KAS-135KDF Key Derivation
using X9.42
KDF
Hashes: SHA-1,
SHA2-224, SHA2-
256, SHA2-384,
SHA2-512, SHA2-
512/224, SHA2-
KDF ANS 9.42:
(A5868, A5869,
A5876, A5877,
A5878, A5879,
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 54 of 150
Name Type Description Properties Algorithms
512/256
Shared secret
length: 224-8192
bits
Security
strength: 112-
256 bits
A5883, A5885,
A5889)
Key Derivation
with X9.63 KDF
KAS-135KDF Key Derivation
using X9.63
KDF
Hashes: SHA2-
224, SHA2-256,
SHA2-384, SHA2-
512, SHA2-
512/224, SHA2-
512/256
Shared secret
length: 224-8192
bits
Security
strength: 112-
256 bits
KDF ANS 9.63:
(A5868, A5869,
A5876, A5877,
A5878, A5879,
A5883, A5885,
A5889)
Key Derivation
with SSH KDF
KAS-135KDF Key Derivation Ciphers: AES-
128, AES-192,
AES-256
Hashes: SHA-1,
SHA2-224, SHA2-
256, SHA2-384,
SHA2-512
Shared secret
length: 224-8192
bits
Security
strength: 112-
256 bits
KDF SSH:
(A5884, A5893,
A5894, A5895,
A5896, A5900)
Key Derivation
with HKDF
KAS-56CKDF Key Derivation
using HKDF
MACs: HMAC with
SHA-1, SHA2-
224, SHA2-256,
SHA2-384, SHA2-
512, SHA2-
512/224, SHA2-
512/256, SHA3-
224, SHA3-256,
SHA3-384, SHA3-
512
Shared secret
length: 224-8192
bits
Security
strength: 112-
256 bits
KDA HKDF
SP800-56Cr2:
(A5863)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 55 of 150
Name Type Description Properties Algorithms
TLS Key
Derivation
KAS-135KDF TLS 1.2 / 1.3
Key Derivation
TLS v1.2 KDF
RFC7627:
Hashes: SHA2-
256, SHA2-384,
SHA2-512;
Support:
extended master
secret
TLS v1.3 KDF:
Modes: DHE, PSK,
PSK-DHE;
Hashes: SHA2-
256, SHA2-384
Shared secret
length: 224-8192
bits
Security
strength: 112-
256 bits
TLS v1.3 KDF:
(A5863)
TLS v1.2 KDF
RFC7627:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Key Derivation
with KBKDF
KBKDF Key derivation
using KBKDF
Modes: Counter,
Feedback
MACs: CMAC with
AES-128, AES-
192, AES-256
and HMAC with
SHA-1, SHA2-
224, SHA2-256,
SHA2-384, SHA2-
512, SHA2-
512/224, SHA2-
512/256, SHA3-
224, SHA3-256,
SHA3-384, SHA3-
512
KDK length: 112-
4096 bits
Security
strength: 112-
256 bits
KDF SP800-108:
(A5899)
Password-
based Key
Derivation
PBKDF Password-
based Key
Derivation
Option: 1a
Password length:
20-128
characters
Salt length: 128-
4096 bits
Iteration count:
1000-10000
Hashes: SHA-1,
SHA2-224, SHA2-
PBKDF: (A5868,
A5869, A5876,
A5877, A5878,
A5879, A5883,
A5885, A5889)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 56 of 150
Name Type Description Properties Algorithms
256, SHA2-384,
SHA2-512, SHA2-
512/224, SHA2-
512/256, SHA3-
224, SHA3-256,
SHA3-384, SHA3-
512
Derived-key
length: 112-4096
bits
Security
strength: 112-
256 bits
Random
Number
Generation
DRBG Random
Number
Generation
Counter DRBG:
AES-128, AES-
192, AES-256,
with/without
derivation
function,
with/without
prediction
resistance;
Internal state
length: 256, 320,
384 bits; Security
strength: 128,
192, 256 bits
HMAC DRBG:
SHA-1, SHA-256,
SHA-512
with/without
prediction
resistance;
Internal state
length: 320, 512,
1024 bits;
Security
strength: 128,
256 bits
Hash DRBG: SHA-
1, SHA-256, SHA-
512 with/without
prediction
resistance;
Internal state
length: 880,
1776 bits;
Security
strength: 128,
256 bits
Counter DRBG:
(A5397)
HMAC DRBG:
(A5397)
Hash DRBG:
(A5397)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 57 of 150
Name Type Description Properties Algorithms
Signature
Generation
DigSig-SigGen Signature
Generation
ECDSA SigGen
(FIPS 186-5):
Curves: P-224, P-
256, P-384, P-
521; Hashes:
SHA-224, SHA-
256, SHA-384,
SHA-512, SHA-
512/224, SHA-
512/256, SHA3-
224, SHA3- 256,
SHA3-384, SHA3-
512; Security
strength: 112,
128, 192, 256
bits
RSA SigGen (FIPS
186-5): Padding:
PKCS#1 v1.5 and
PSS; Moduli:
2048-16384 bits;
Hashes: SHA-
224, SHA-256,
SHA-384, SHA-
512, SHA-
512/224, SHA-
512/256, SHA3-
224, SHA3- 256,
SHA3-384, SHA3-
512; Security
strength: 112-
256 bits
IG C.F
Compliance: The
module supports
RSA modulus
sizes which are
not tested by
CAVP in
compliance with
FIPS 140-3 IG C.F
ECDSA SigGen
(FIPS186-5):
(A5868, A5869,
A5876, A5877,
A5878, A5879,
A5883, A5885,
A5889)
RSA SigGen
(FIPS186-5):
(A5868, A5869,
A5876, A5877,
A5878, A5879,
A5883, A5885,
A5889)
Signature
Verification
DigSig-SigVer Signature
Verification
ECDSA SigVer
(FIPS 186-5):
Curves: P-224, P-
256, P-384, P-
521; Hashes:
SHA-224, SHA-
256, SHA-384,
SHA-512, SHA-
512/224, SHA-
ECDSA SigVer
(FIPS186-5):
(A5868, A5869,
A5876, A5877,
A5878, A5879,
A5883, A5885,
A5889)
RSA SigVer
(FIPS186-2):
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 58 of 150
Name Type Description Properties Algorithms
512/256, SHA3-
224, SHA3- 256,
SHA3-384, SHA3-
512; Security
strength: 112,
128, 192, 256
bits
RSA SigVer (FIPS
186-5): NIST SP
800-131A Rev. 2
Acceptable;
Padding: PKCS#1
v1.5 and PSS;
Moduli: 2048-
16384 bits;
Hashes: SHA-
224, SHA-256,
SHA-384, SHA-
512, SHA-
512/224, SHA-
512/256, SHA3-
224, SHA3- 256,
SHA3-384, SHA3-
512; Security
strength: 112-
256 bits
RSA SigVer (FIPS
186-2) and RSA
SigVer (FIPS 186-
4): NIST SP 800-
131A Rev. 2
Legacy use;
Padding: PKCS#1
v1.5 and PSS;
Moduli: 1024-
2047 bits;
Hashes: SHA-
224, SHA-256,
SHA-384, SHA-
512; Security
strength: 80-111
bits
IG C.F
Compliance: The
module supports
RSA modulus
sizes which are
not tested by
CAVP in
compliance with
FIPS 140-3 IG C.F
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
RSA SigVer
(FIPS186-4):
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
RSA SigVer
(FIPS186-5):
(A5868, A5869,
A5876, A5877,
A5878, A5879,
A5883, A5885,
A5889)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 59 of 150
Name Type Description Properties Algorithms
Message
Authentication
Code
MAC Message
Authentication
Code
HMAC: Hashes:
SHA-1, SHA-224,
SHA-256, SHA-
384, SHA-512,
SHA-512/224,
SHA-512/256,
SHA3-224, SHA3-
256, SHA3-384,
SHA3-512; Key
length: 112-
524288 bits;
Security
strength: 112-
256 bits
AES CMAC and
GMAC: Key
length: 128, 192,
256 bits; Security
strength: 128,
192, 256 bits
HMAC-SHA-1:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
HMAC-SHA2-
224: (A5868,
A5876, A5877,
A5878, A5879,
A5883, A5889)
HMAC-SHA2-
256: (A5864,
A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
HMAC-SHA2-
384: (A5868,
A5876, A5877,
A5878, A5879,
A5883, A5889)
HMAC-SHA2-
512: (A5868,
A5876, A5877,
A5878, A5879,
A5883, A5889)
HMAC-SHA2-
512/224:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
HMAC-SHA2-
512/256:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
HMAC-SHA3-
224: (A5869,
A5885)
HMAC-SHA3-
256: (A5869,
A5885)
HMAC-SHA3-
384: (A5869,
A5885)
HMAC-SHA3-
512: (A5869,
A5885)
AES-CMAC:
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 60 of 150
Name Type Description Properties Algorithms
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-GMAC:
(A5870, A5871,
A5872, A5873,
A5874, A5875,
A5880, A5881,
A5882, A5886,
A5887, A5888,
A5903, A5904,
A5905)
Message digest SHA
XOF
Message digest Hashes: SHA-1,
SHA-224, SHA-
256, SHA-384,
SHA-512, SHA-
512/224, SHA-
512/256, SHA3-
224, SHA3-256,
SHA3-384, SHA3-
512
XOFs: SHAKE-
128, SHAKE-256
SHA-1: (A5868,
A5876, A5877,
A5878, A5879,
A5883, A5889)
SHA2-224:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
SHA2-256:
(A5864, A5868,
A5876, A5877,
A5878, A5879,
A5883, A5889)
SHA2-384:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
SHA2-512:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
SHA2-512/224:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
SHA2-512/256:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
SHA3-224:
(A5869, A5885)
SHA3-256:
(A5869, A5885)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 61 of 150
Name Type Description Properties Algorithms
SHA3-384:
(A5869, A5885)
SHA3-512:
(A5869, A5885)
SHAKE-128:
(A5869, A5885)
SHAKE-256:
(A5869, A5885)
Authenticated
Symmetric
Encryption
BC-Auth Authenticated
Symmetric
Encryption
Key Length: 128,
192, 256 bits
Security
strength: 128,
192, 256 bits
AES-CCM:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-GCM:
(A5870, A5871,
A5872, A5873,
A5874, A5875,
A5880, A5881,
A5882, A5886,
A5887, A5888,
A5903, A5904,
A5905)
AES-KW:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-KWP:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
Authenticated
Symmetric
Decryption
BC-Auth Authenticated
Symmetric
Decryption
Key Length: 128,
192, 256 bits
Security
strength: 128,
192, 256 bits
AES-GCM:
(A5870, A5871,
A5872, A5873,
A5874, A5875,
A5880, A5881,
A5882, A5886,
A5887, A5888,
A5903, A5904,
A5905)
AES-CCM:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
AES-KW:
(A5398, A5399,
A5400, A5401,
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 62 of 150
Name Type Description Properties Algorithms
A5402, A5403,
A5658)
AES-KWP:
(A5398, A5399,
A5400, A5401,
A5402, A5403,
A5658)
Key Pair
Generation with
ECDSA
AsymKeyPair-
KeyGen
CKG
Key Pair
Generation
using ECDSA
Mode: FIPS 186-5
A.2.2: Rejection
Sampling
Curves: P-224, P-
256, P-384, P-
521
Security
strength: 112,
128, 192, 256
bits
ECDSA KeyGen
(FIPS186-5):
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Asymmetric
Cryptographic
Key Generation
(CKG): ()
Key Pair
Generation with
RSA
AsymKeyPair-
KeyGen
CKG
Key Pair
Generation
using RSA
Mode: FIPS 186-
5, A.1.6:
Probable Primes
Based on
Auxiliary
Probable
Moduli: 2048-
15360 bits
Security
strength: 112-
256 bits
IG C.F
Compliance: The
module supports
RSA modulus
sizes which are
not tested by
CAVP in
compliance with
FIPS 140-3 IG C.F
RSA KeyGen
(FIPS186-5):
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Asymmetric
Cryptographic
Key Generation
(CKG): ()
Key Pair
Generation with
Safe Primes
AsymKeyPair-
KeyGen
CKG
Key Pair
Generation
using Safe
Primes
Mode: Testing
Candidates (SP
800-56Arev3
Appendix
5.6.1.1.4)
Groups:
ffdhe2048,
ffdhe3072,
ffdhe4096,
ffdhe6144,
ffdhe8192,
Safe Primes
Key Generation:
(A5898)
Asymmetric
Cryptographic
Key Generation
(CKG): ()
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 63 of 150
Name Type Description Properties Algorithms
MODP-2048,
MODP-3072,
MODP-4096,
MODP-6144,
MODP-8192
Security
strength: 112-
200 bits
Key Pair
Verification
with ECDSA
AsymKeyPair-
KeyVer
Key Pair
Verification
using ECDSA
Mode: FIPS 186-5
A.2.2: Rejection
Sampling
Curves: P-224, P-
256, P-384, P-
521
Security
strength: 112,
128, 192, 256
bits
ECDSA KeyVer
(FIPS186-5):
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Key Pair
Verification
with Safe
Primes
AsymKeyPair-
KeyVer
Key Pair
Verification
using Safe
Primes
Mode: Testing
Candidates (SP
800-56Arev3
Appendix
5.6.1.1.4)
Groups:
ffdhe2048,
ffdhe3072,
ffdhe4096,
ffdhe6144,
ffdhe8192,
MODP-2048,
MODP-3072,
MODP-4096,
MODP-6144,
MODP-8192
Security
strength: 112-
200 bits
Safe Primes
Key
Verification:
(A5898)
Shared Secret
Computation
with DH
KAS-SSC Shared Secret
Computation
using DH
Compliance: SP
800-56A Rev. 3,
FIPS 140-3 IG
D.F. Scenario 2
(1)
Scheme:
dpEphem
KAS Role:
initiator,
responder
Groups:
KAS-FFC-SSC
Sp800-56Ar3:
(A5898)
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 64 of 150
Name Type Description Properties Algorithms
ffdhe2048,
ffdhe3072,
ffdhe4096,
ffdhe6144,
ffdhe8192,
MODP-2048,
MODP-3072,
MODP-4096,
MODP-6144,
MODP-8192
Security
strength: 112-
200 bits
Shared Secret
Computation
with ECDH
KAS-SSC Shared Secret
Computation
using EC Diffie-
Hellman
Compliance: SP
800-56A Rev. 3,
FIPS 140-3 IG
D.F. Scenario 2
(1)
Scheme:
ephemeralUnified
KAS Role:
initiator,
responder
Curves: P-224, P-
256, P-384, P-
521
Security
strength: 112,
128, 192, 256
bits
KAS-ECC-SSC
Sp800-56Ar3:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Shared Secret
Computation
with RSA
KAS-SSC Shared Secret
Computation
using RSA
KAS-IFC-SSC:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Asymmetric
Encryption with
RSA
KTS-Encap Asymmetric
encryption
using RSA
KTS-IFC:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Asymmetric
Decryption with
RSA
KTS-Decap Asymmetric
decryption
using RSA
KTS-IFC:
(A5868, A5876,
A5877, A5878,
A5879, A5883,
A5889)
Table 9: Security Function Implementations
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 65 of 150
2.7 Algorithm Specific Information
2.7.1 AES GCM IV
For TLS 1.2, the module offers the AES GCM implementation and uses the context of
Scenario 1 of FIPS 140-3 IG C.H. The module is compliant with SP 800-52 Rev. 2 Section
3.3.1 and the mechanism for IV generation is compliant with RFC 5288 and 8446.
The module does not implement the TLS protocol. The module’s implementation of AES GCM
is used together with an application that runs outside the module’s cryptographic boundary.
The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of
the IV) does not exhaust the maximum number of possible values for a given session key.
In the event the module’s power is lost and restored, the consuming application must ensure
that a new key for use with the AES GCM key encryption or decryption under this scenario
shall be established.
Alternatively, the Crypto Officer can use the module’s API to perform AES GCM encryption
using internal IV generation. These IVs are always 96 bits and generated using the approved
DRBG internal to the module’s boundary, compliant to Scenario 2 of FIPS 140-3 IG C.H.
The module also provides a non-approved AES GCM encryption service which accepts
arbitrary external IVs from the operator. This service can be requested by invoking the
EVP_EncryptInit_ex2 API function with a non-NULL IV value. When this is the case, the API
will set a non-approved service indicator.
Finally, for TLS 1.3, the AES GCM implementation uses the context of Scenario 5 of FIPS 140-
3 IG C.H. The protocol that provides this compliance is TLS 1.3, defined in RFC8446 of
August 2018, using the cipher-suites that explicitly select AES GCM as the
encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable
AES GCM cipher suites from Section 3.3.1 of SP 800-52 Rev. 2. The module’s implementation
of AES GCM is used together with an application that runs outside the module’s
cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter
(the nonce_explicit part of the IV) does not exhaust the maximum number of possible values
for a given session key.
2.7.2 AES XTS
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 2²⁰
AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of
SP 800-38E.
To meet the requirement stated in IG C.I, the module implements a check that ensures,
before performing any cryptographic operation, that the two AES keys used in AES XTS
mode are not identical. As the module does not generate symmetric keys, the check is
performed when keys are input the service APIs.
Key_1 and Key_2 shall be generated and/or established independently according to the rules
for component symmetric keys from NIST SP 800-133rev2, Sec. 6.3.
The XTS mode shall only be used for the cryptographic protection of data on storage
devices. It shall not be used for other purposes, such as the encryption of data in transit.
2.7.3 Key Derivation using SP 800-132 PBKDF2
The module provides password-based key derivation (PBKDF2), compliant with SP 800-132.
The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key
(MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance to
SP 800-132 and FIPS 140-3 IG D.N, the following requirements are met:
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 66 of 150
• Derived keys shall be used only for storage applications, and shall not be used for
any other purposes. The length of the MK or DPK is 112 bits or more.
• Passwords or passphrases, used as an input for the PBKDF2, shall not be used as
cryptographic keys.
• The minimum length of the password or passphrase accepted by the module is 8
characters. The probability of guessing the value, assuming a worst-case scenario of
all digits, is estimated to be at most 10-8. Combined with the minimum iteration count
as described below, this provides an acceptable trade-off between user experience
and security against brute-force attacks.
• A portion of the salt shall be generated randomly using the SP 800-90A Rev. 1 DRBG
provided by the module. The minimum length required is 128 bits.
• The iteration count shall be selected as large as possible, as long as the time
required to generate the key using the entered password is acceptable for the users.
The minimum value accepted by the module is 1000.
If any of these requirements are not met, the requested service is non-approved (see Non-
Approved Services table in Section 4.4 Non-Approved Services).
2.7.4 SP 800-56A Rev. 3 Assurances
To comply with the assurances found in Section 5.6.2 of SP 800-56A Rev. 3, the operator
must use the module together with an application that implements the TLS protocol.
Additionally, the module’s approved key pair generation service (see Approved Services
table in Section 4.3 Approved Services) must be used to generate ephemeral Diffie-Hellman
or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPS-
validated module. As part of this service, the module will internally perform the full public
key validation of the generated public key.
The module’s shared secret computation service will internally perform the full public key
validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 800-
56A Rev. 3.
2.7.5 SHA-3
The module implements the SHA-3 algorithms as both standalone and part of higher-level
algorithms (in compliance with FIPS 140-3 IG C.C). As detailed in Section 2.6 Security
Function Implementations with corresponding certificates, the cryptographic algorithms that
use of SHA-3 include RSA signature generation and verification, ECDSA signature generation
and verification, KBKDF, KDA HKDF, X9.63 KDF, X9.42 KDF, PBKDF, OneStep KDA, and HMAC.
In addition, the implementation of the extendable output functions SHAKE128 and
SHAKE256 were verified to have a standalone usage.
2.7.6 RSA Signatures
The module supports RSA Signature Verification for 1024, 1280, 1536 and 1792-bit keys.
This is allowed by FIPS 140-3 IG C.F. Specifically, 1280 and 1792 cannot be CAVP tested but
are approved for signature verification in IG C.F.
The 1024-bit modulus has been CAVP tested for RSA signature verification in compliance
with FIPS 186-4, while the 1536-bit modulus has been CAVP tested for RSA signature
verification in compliance with FIPS 186-2.
For all other approved moduli (namely 2048, 3072, and 4096 bit keys) supported by the
module, RSA signature verification is approved and CAVP tested in compliance with FIPS
186-5.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 67 of 150
2.7.7 RSA Key Agreement
To comply with the assurances found in Section 6.4 of SP 800-56B Rev. 2, the module’s
approved RSA key pair generation service (see Table 9) must be used to generate the RSA
key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of
this service, the module will internally perform the key pair validity and the pairwise
consistency according to Section 6.4.1.1 of SP 800-56B Rev. 2.
Additionally, the entity requesting the shared secret computation service shall verify the
validity of the peer’s public key using the public key validation service of the module
(EVP_PKEY_check() API). This service will perform the full public key validation of the peer’s
public key, complying with Section 6.4.2.1 of SP 800-56B Rev. 2.
2.7.8 Compliance to SP 800-56Br2 Assurances
To comply with the assurances found in Section 6.4 of SP 800-56Br2, the operator must use
the module in the context of the TLS or SSH protocols. Additionally, the module’s approved
key pair generation service (see Section 4.3) must be used to generate RSA key pairs, or the
key pairs must be obtained from another FIPS-validated module. As part of this service, the
module will internally perform the key pair validation of the generated public key.
The operator must use the EVP_PKEY_public_check() API to perform partial public key
validation of the peer public key, complying with Section 6.4.2.2 of SP 800-56Br2. The
operator must also confirm the peer’s possession of private key by using any method
specified in Section 6.4.2.3 of SP 800-56Br2.
2.7.9 Key Transport and Key Agreement
The module does not establish SSPs using an approved key transport scheme (KTS).
However, it does offer approved authenticated algorithms that can be used by an external
operator/application as part of an approved KTS.
The module does not establish SSPs using an approved key agreement scheme (KAS).
However, it does offer some or all of the underlying KAS cryptographic functionality to be
used by an external operator/application as part of an approved KAS.
2.7.10 SHA-1 Use
SHA-1 is only approved when used in approved modes for message digest, HMAC, HKDF,
KDA OneStep/TwoStep, PBKDF, SSH KDF, ANS x9.42 KDF, KBKDF, Hash DRBG, HMAC DRBG,
RSA OAEP. The use of SHA-1 for digital signature generation (e.g., ECDSA, RSA, EdDSA) or
verification is non-approved.
2.8 RBG and Entropy
Cert
Number
Vendor
Name
E177 SUSE LLC
Table 10: Entropy Certificates
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 68 of 150
Name Type Operational
Environment
Sample
Size
Entropy
per
Sample
Conditioning
Component
SUSE
OpenSSL
CPU Time
Jitter RNG
Entropy
Source
Non-
Physical
SUSE Linux Enterprise
Server 15 SP6 on AMD
EPYC™ 7343; SUSE Linux
Enterprise Server 15 SP6
on Ampere® Altra® Q80-
30; SUSE Linux Enterprise
Server 15 SP6 on Intel®
Xeon® Gold 5416S; SUSE
Linux Enterprise Server 15
SP6 on IBM® Telum™
256 bits full
entropy
AES-256-CTR-
DRBG (A5397);
SHA3-256
(A5411)
Table 11: Entropy Sources
As per the Public document of entropy certificate E177, the entropy source provides full
entropy of 256 bits.
In addition to the DRBG algorithms provided to the operator, the module internally uses two
dedicated DRBG instances based on SP 800-90A Rev. 1 to generate seeds for asymmetric
key pairs and random numbers for security functions. The following parameters are used:
1. Private DRBG: AES-256 CTR_DRBG with derivation function. This DRBG is used to
generate secret random values (e.g. during asymmetric key pair generation). It can
be accessed using RAND_priv_bytes.
2. Public DRBG: AES-256 CTR_DRBG with derivation function. This DRBG is used to
generate general purpose random values that do not need to remain secret (e.g.
initialization vectors). It can be accessed using RAND_bytes.
2.9 Key Generation
The module implements asymmetric key pair generation compliant with SP 800-133 Rev. 2
as listed in the Security Function Implementations table in 2.6 Security Function
Implementations.
When random values are required, they are obtained from the SP 800-90A Rev. 1 approved
DRBG, compliant with Section 4 of SP 800-133 Rev. 2 (without XOR).
Intermediate key generation values are not output from the module and are explicitly
zeroized after processing the service.
2.10 Key Establishment
The module provides Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH) shared
secret computation compliant with SP 800-56A Rev. 3, in accordance with scenario 2 (1) of
FIPS 140-3 IG D.F.
For Diffie-Hellman, the module supports the use of the safe primes defined in RFC 3526 (IKE)
and RFC 7919 (TLS). Note that the module only implements key pair generation, key pair
verification, and shared secret computation. No other part of the IKE or TLS protocols is
implemented (with the exception of the TLS 1.2 and 1.3 KDFs):
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 69 of 150
• IKE (RFC 3526):
o MODP-2048 (ID = 14)
o MODP-3072 (ID = 15)
o MODP-4096 (ID = 16)
o MODP-6144 (ID = 17)
o MODP-8192 (ID = 18)
• TLS (RFC 7919)
o ffdhe2048 (ID = 256)
o ffdhe3072 (ID = 257)
o ffdhe4096 (ID = 258)
o ffdhe6144 (ID = 259)
o ffdhe8192 (ID = 260)
For Elliptic Curve Diffie-Hellman, the module supports the NIST-defined P-224, P-256, P-384,
and P-521 curve.
According to FIPS 140-3 IG D.B, the key sizes of DH and ECDH shared secret computation
provide respectively 112-200 and 112-256 bits of security strength in an approved mode of
operation.
In addition, the module provides RSA shared secret computation compliant with SP 800-56B
Rev. 2, in accordance with scenario 1 (1) of FIPS 140-3 IG D.F.
For RSA key generation, the module provides 2048-15360 bits keys. Therefore, according to
FIPS 140-3 IG D.B, the key sizes of RSA shared secret computation provide 112-256 bits of
security strength in the approved mode of operation.
2.11 Industry Protocols
The module implements the SSH key derivation function for use in the SSH protocol (RFC
4253 and RFC 6668).
GCM with internal IV generation in the approved mode is compliant with versions 1.2 and 1.3
of the TLS protocol (RFC 5288 and 8446) and shall only be used in conjunction with the TLS
protocol. Additionally, the module implements the TLS 1.2 and TLS 1.3 key derivation
functions for use in the TLS protocol.
No parts of the SSH, TLS, or IKE protocols, other than those mentioned above, have been
tested by the CAVP and CMVP.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 70 of 150
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces
Physical
Port
Logical
Interface(s)
Data That Passes
N/A Data Input API input parameters
N/A Data Output API output parameters
N/A Control Input API function calls
N/A Status Output API return codes, error queue
Table 12: Ports and Interfaces
The logical interfaces are the APIs through which the applications request services. These
logical interfaces are logically separated from each other by the API design. The module
does not implement a control output interface.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 71 of 150
4 Roles, Services, and Authentication
4.1 Authentication Methods
N/A for this module.
The module does not support authentication methods.
4.2 Roles
Name Type Operator Type Authentication
Methods
Crypto Officer Role CO None
Table 13: Roles
The module supports the Crypto Officer role only. This sole role is implicitly and always
assumed by the operator of the module when performing a service. The module does not
support multiple concurrent operators.
4.3 Approved Services
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Symmet
ric
Encrypti
on
Used to
perform
symme
tric
encrypt
ion of
an
entry
plaintex
t
EVP_EncryptFinal_ex returns
1
Plainte
xt, AES
key, IV
Ciphert
ext
Symmet
ric
Encrypti
on with
AES
Crypto
Officer
- AES
key:
W,E
Symmet
ric
Decrypti
on
Used to
perform
symme
tric
decrypt
ion of
an
entry
ciphert
ext
EVP_DecryptFinal_ex returns
1
Ciphert
ext,
AES
key, IV
Plainte
xt
Symmet
ric
Decrypti
on with
AES
Crypto
Officer
- AES
key:
W,E
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 72 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Authent
icated
Encrypti
on
Used to
perform
authent
icated
symme
tric
encrypt
ion with
AES
AES-GCM:
EVP_CIPHER_SUSE_FIPS_INDI
CATOR_APPROVED; Others:
EVP_EncryptFinal_ex returns
1
Plainte
xt, AES
key, IV
Ciphert
ext,
MAC
tag
Authent
icated
Symmet
ric
Encrypti
on
Crypto
Officer
- AES
key:
W,E
Authent
icated
Decrypti
on
Used to
perform
authent
icated
symme
tric
decrypt
ion with
AES
AES-GCM:
EVP_CIPHER_SUSE_FIPS_INDI
CATOR_APPROVED; Others:
EVP_DecryptFinal_ex returns
1
Ciphert
ext,
AES
key, IV,
MAC
tag
Plainte
xt or
failure
Authent
icated
Symmet
ric
Decrypti
on
Crypto
Officer
- AES
key:
W,E
Messag
e
Authent
ication
Code
Comput
e a
MAC
tag
HMAC:
EVP_MAC_SUSE_FIPS_INDICAT
OR_APPROVED; Others:
EVP_MAC_final returns 1
Messag
e, AES
key or
HMAC
key
MAC
tag
Messag
e
Authent
ication
Code
Crypto
Officer
- HMAC
key:
W,E
- AES
key:
W,E
Messag
e Digest
Used to
generat
e a
SHA-1,
SHA-2,
or SHA-
3/SHAK
E
messag
e digest
EVP_DigestFinal_ex returns 1 Messag
e
Messag
e
digest
Messag
e digest
Crypto
Officer
Key
Derivati
on with
KBKDF
Derive
a key
from a
key-
derivati
on key
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Key-
derivati
on key
KBKDF
Derive
d Key
Key
Derivati
on with
KBKDF
Crypto
Officer
- Key
Derivat
ion
Key:
W,E
-
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 73 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
KBKDF
Derive
d Key:
G,R
Key
Derivati
on with
HKDF
Derive
a key
from a
shared
secret
using
HKDF
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Shared
secret
HKDF
Derive
d Key
Key
Derivati
on with
HKDF
Crypto
Officer
-
Shared
Secret:
W,E
- HKDF
Derive
d Key:
G,R
Key
Derivati
on with
SSH
KDF
Derive
a key
from a
shared
secret
using
SSH
KDF
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Shared
secret
SSH
Derive
d Key
Key
Derivati
on with
SSH
KDF
Crypto
Officer
-
Shared
Secret:
W,E
- SSH
Derive
d Key:
G,R
Key
Derivati
on with
X9.63
KDF
Derive
a key
from a
shared
secret
using
X9.63
KDF
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Shared
secret
X9.63
Derive
d Key
Key
Derivati
on with
X9.63
KDF
Crypto
Officer
-
Shared
Secret:
W,E
- X9.63
Derive
d Key:
G,R
Key
Derivati
on with
X9.42
KDF
Derive
a key
from a
shared
secret
using
X9.63
KDF
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Shared
secret
X9.42
Derive
d Key
Key
Derivati
on with
X9.42
KDF
Crypto
Officer
-
Shared
Secret:
W,E
- X9.42
Derive
d Key:
G,R
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 74 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Key
Derivati
on with
KDA
OneSte
p
Derive
a key
from a
shared
secret
using
KDA
OneSte
p
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Shared
secret
KDA
OneSte
p
Derive
d Key
Key
Derivati
on with
KDA
OneSte
p
Crypto
Officer
-
Shared
Secret:
W,E
- KDA
OneSte
p
Derive
d Key:
G,R
Key
Derivati
on with
KDA
TwoSte
p
Derive
a key
from a
shared
secret
using
KDA
TwoSte
p
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Shared
secret
KDA
TwoSte
p
Derive
d Key
Key
Derivati
on with
KDA
TwoSte
p
Crypto
Officer
-
Shared
Secret:
W,E
- KDA
TwoSte
p
Derive
d Key:
G,R
TLS Key
Derivati
on
Derive
a key
from a
shared
secret
using
TLS 1.2
KDF /
TLS 1.3
KDF
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Shared
secret
TLS
Derive
d Key
TLS Key
Derivati
on
Crypto
Officer
-
Shared
Secret:
W,E
- TLS
Derive
d Key:
G,R
Passwor
d-based
Key
Derivati
on
Derive
a key
from a
passwo
rd
EVP_KDF_SUSE_FIPS_INDICAT
OR_APPROVED
Passwo
rd or
passph
rase
PBKDF
Derive
d Key
Passwor
d-based
Key
Derivati
on
Crypto
Officer
-
Passwo
rd or
passph
rase:
W,E
-
PBKDF
Derive
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 75 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
d Key:
G,R
Shared
Secret
Comput
ation
with DH
Comput
e a
shared
secret
EVP_PKEY_derive returns 1 DH
private
key,
DH
public
key
(peer)
Shared
secret
Shared
Secret
Comput
ation
with DH
Crypto
Officer
- DH
Private
key:
W,E
- DH
Public
key:
W,E
-
Shared
Secret:
G,R
Shared
Secret
Comput
ation
with
ECDH
Comput
e a
shared
secret
EVP_PKEY_derive returns 1 EC
private
key, EC
public
key
(peer)
Shared
secret
Shared
Secret
Comput
ation
with
ECDH
Crypto
Officer
- EC
Private
key:
W,E
- EC
Public
key:
W,E
-
Shared
Secret:
G,R
Shared
Secret
Comput
ation
with
RSA
Comput
e a
shared
secret
EVP_PKEY_derive returns 1 RSA
private
key,
RSA
public
key
(peer)
Shared
secret
Shared
Secret
Comput
ation
with
RSA
Crypto
Officer
- RSA
private
key:
W,E
- RSA
public
key:
W,E
-
Shared
Secret:
G,R
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 76 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Asymm
etric
Encrypti
on
Perform
RSA-
based
encrypt
ion
(compli
ant
with SP
800-
56B
Rev. 2))
EVP_PKEY_encrypt returns 1 RSA
public
key
(peer),
plainte
xt key
Encaps
ulated
key
Asymm
etric
Encrypti
on with
RSA
Crypto
Officer
- RSA
public
key:
W,E
Asymm
etric
Decrypti
on
Perform
RSA-
based
decrypt
ion
(compli
ant
with SP
800-
56B
Rev. 2))
EVP_PKEY_decrypt returns 1 RSA
private
key
(owner)
,
encaps
ulated
key
Plainte
xt key
Asymm
etric
Decrypti
on with
RSA
Crypto
Officer
- RSA
private
key:
W,E
Signatur
e
Generat
ion
Genera
te a
digital
signatu
re
EVP_SIGNATURE_SUSE_FIPS_I
NDICATOR_APPROVED
Messag
e,
private
key
Signatu
re
Signatur
e
Generat
ion
Crypto
Officer
- RSA
private
key:
W,E
- EC
Private
key:
W,E
Signatur
e
Verificat
ion
Verify a
digital
signatu
re
EVP_SIGNATURE_SUSE_FIPS_I
NDICATOR_APPROVED
Messag
e,
public
key,
signatu
re
Pass/fai
l
Signatur
e
Verificat
ion
Crypto
Officer
- RSA
public
key:
W,E
- EC
Public
key:
W,E
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 77 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Key Pair
Generat
ion
Genera
te a key
pair
EVP_PKEY_Generate returns 1 Group
or
Curve
or
Modulu
s bits
DH key
pair;
EC key
pair;
RSA
key
pair
Key Pair
Generat
ion with
RSA
Key Pair
Generat
ion with
ECDSA
Key Pair
Generat
ion with
Safe
Primes
Crypto
Officer
-
Module
-
genera
ted
RSA
private
key:
G,R
-
Module
-
genera
ted DH
Private
key:
G,R
-
Module
-
genera
ted
RSA
public
key:
G,R
-
Module
-
genera
ted DH
Public
key:
G,R
-
Module
-
genera
ted EC
Private
key:
G,R
-
Module
-
genera
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 78 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
ted EC
Public
key:
G,R
-
Interm
ediate
key
genera
tion
value:
G,E,Z
Key Pair
Verificat
ion with
Safe
Primes
Verify a
key pair
generat
ed with
Safe
Primes
EVP_PKEY_public_check or
EVP_PKEY_private_check or
EVP_PKEY_check returns 1
Key
pair
Pass/fai
l
Key Pair
Verificat
ion with
Safe
Primes
Crypto
Officer
- DH
Public
key:
W,E
- DH
Private
key:
W,E
Key Pair
Verificat
ion with
ECDSA
Verify a
key pair
generat
ed with
ECDSA
EVP_PKEY_public_check or
EVP_PKEY_private_check or
EVP_PKEY_check returns 1
Key
pair
Pass/fai
l
Key Pair
Verificat
ion with
ECDSA
Crypto
Officer
- EC
Public
key:
W,E
- EC
Private
key:
W,E
Key Pair
Verificat
ion with
RSA
Verify a
key pair
generat
ed with
RSA
EVP_PKEY_public_check or
EVP_PKEY_private_check or
EVP_PKEY_check returns 1
Key
pair
Pass/fai
l
Crypto
Officer
- RSA
public
key:
W,E
- RSA
private
key:
W,E
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 79 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Random
Number
Generat
ion
Genera
te
random
bytes
EVP_RAND_generate returns
1
Output
length
Rando
m
bytes
Random
Number
Generat
ion
Crypto
Officer
-
Entrop
y
input:
W,E
- DRBG
interna
l state
(V
value,
C
value):
G,W,E
- DRBG
interna
l state
(V
value,
Key):
G,W,E
- DRBG
seed:
G,W,E
Show
status
Show
the
current
status
of the
module
None N/A Module
status
None Crypto
Officer
Show
module
name
and
version
Show
module
name
and the
version
of the
module
None N/A Name
and
version
informa
tion
None Crypto
Officer
Self-test Perform
CASTs
and
integrit
y test
None N/A Pass/fai
l result
of self-
tests
Messag
e digest
Messag
e
Authent
ication
Code
Crypto
Officer
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 80 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Symmet
ric
Encrypti
on with
AES
Symmet
ric
Decrypti
on with
AES
Authent
icated
Symmet
ric
Encrypti
on
Authent
icated
Symmet
ric
Decrypti
on
Signatur
e
Generat
ion
Signatur
e
Verificat
ion
Key
Derivati
on with
KBKDF
Key
Derivati
on with
KDA
OneSte
p
Key
Derivati
on with
HKDF
Key
Derivati
on with
X9.42
KDF
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 81 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Key
Derivati
on with
X9.63
KDF
Key
Derivati
on with
SSH
KDF
TLS Key
Derivati
on
Passwor
d-based
Key
Derivati
on
Random
Number
Generat
ion
Shared
Secret
Comput
ation
with DH
Shared
Secret
Comput
ation
with
ECDH
Zeroizat
ion
Zeroize
SSPs.
None Any
SSP
N/A None Crypto
Officer
- AES
key: Z
- HMAC
key: Z
- RSA
private
key: Z
- RSA
public
key: Z
- DH
Private
key: Z
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 82 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
- DH
Public
key: Z
- EC
Private
key: Z
- EC
Public
key: Z
- Key
Derivat
ion
Key: Z
-
Passwo
rd or
passph
rase: Z
-
PBKDF
Derive
d Key:
Z
-
KBKDF
Derive
d Key:
Z
- HKDF
Derive
d Key:
Z
- SSH
Derive
d Key:
Z
- X9.42
Derive
d Key:
Z
- X9.63
Derive
d Key:
Z
- KDA
OneSte
p
Derive
d Key:
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 83 of 150
Name Descri
ption
Indicator Inputs Outpu
ts
Securit
y
Functio
ns
SSP
Acces
s
Z
- KDA
TwoSte
p
Derive
d Key:
Z
- TLS
Derive
d Key:
Z
-
Shared
Secret:
Z
-
Entrop
y
input:
Z
- DRBG
seed: Z
- DRBG
interna
l state
(V
value,
C
value):
Z
- DRBG
interna
l state
(V
value,
Key): Z
-
Interm
ediate
key
genera
tion
value:
Z
Table 14: Approved Services
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 84 of 150
The module provides services to operators that assume the available role. All services are
described in detail in the API documentation (manual pages). The convention below applies
when specifying the access permissions (types) that the service has for each SSP.
• Generate (G): The module generates or derives the SSP.
• Read (R): The SSP is read from the module (e.g. the SSP is output).
• Write (W): The SSP is updated, imported, or written to the module.
• Execute (E): The module uses the SSP in performing a cryptographic operation.
• Zeroize (Z): The module zeroizes the SSP.
• N/A: The module does not access any SSP or key during its operation.
To interact with the module, a calling application must use the EVP API layer provided by
OpenSSL. This layer will delegate the request to the FIPS provider, which will in turn perform
the requested service. Additionally, this EVP API layer can be used to retrieve the approved
service indicator for the module. The suse_ossl_query_fipsindicator() function indicates
whether an EVP API function is approved. After a cryptographic service was performed by
the module, the API context (listed in the left column of the table below) associated with this
request can contain a parameter (listed in the left right column of the table below) which
represents the approved service indicator.
The exact process to use this function and how to interpret its results is described in the
fips_module_indicators manual page.
Context Service Indicator
EVP_CIPHER_CTX OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR
EVP_MAC_CTX OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR
EVP_KDF_CTX OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR
EVP_PKEY_CTX OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR
Table 15 - Service Indicator Parameters
4.4 Non-Approved Services
Name Description Algorithms Role
AES GCM
(external IV)
Authenticated Encryption AES GCM (external IV) CO
HMAC (< 112-
bit keys)
Compute a MAC tag HMAC (< 112-bit keys) CO
Key derivation Derive a key from a key-
derivation key or a shared
secret
KBKDF, KDA OneStep, KDA TwoStep,
HKDF, ANS X9.42 KDF, ANS X9.63
KDF (< 112-bit keys)
KDA OneStep, KDA TwoStep
(SHAKE128, SHAKE256)
ANS X9.42 KDF (SHAKE128,
SHAKE256)
ANS X9.63 KDF (SHA-1, SHAKE128,
SHAKE256)
SSH KDF (SHA-512/224, SHA-
CO
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 85 of 150
Name Description Algorithms Role
512/256, SHA-3, SHAKE128,
SHAKE256)
TLS 1.2 KDF (SHA-1, SHA-224, SHA-
512/224, SHA-512/256, SHA-3)
TLS 1.3 KDF (SHA-1, SHA-224, SHA-
512, SHA-512/224, SHA-512/256,
SHA-3)
PBKDF2 (<
112-bit keys)
Derive a key from a
password
PBKDF2 (< 8 characters password;
< 128 salt length; < 1000 iterations;
< 112-bit keys)
CO
Signature
generation
Generate a signature RSA and ECDSA (pre-hashed
message)
RSA-PSS (invalid salt length: FIPS
186-5, section 5.4, item(g))
CO
Signature
verification
Verify a signature RSA and ECDSA (pre-hashed
message)
RSA-PSS (invalid salt length: FIPS
186-5, section 5.4, item(g))
CO
Table 16: Non-Approved Services
The table above lists the non-approved services in this module, the algorithms involved and
the roles that can request the service. In this table, CO specifies the Crypto Officer role.
4.5 External Software/Firmware Loaded
The module does not load external software or firmware.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 86 of 150
5 Software/Firmware Security
5.1 Integrity Techniques
The integrity of the module is verified by comparing a HMAC SHA-256 value calculated at
run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at
build time. The module performs a KAT for the HMAC SHA-256 algorithm in order to test its
proper operation before performing the checksum of the fips.so file.
5.2 Initiate on Demand
Integrity tests are performed as part of the pre-operational self-tests, which are executed
when the module is initialized. The integrity test may be invoked on-demand by unloading
and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test
function. This will perform (among others) the software integrity test.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 87 of 150
6 Operational Environment
6.1 Operational Environment Type and Requirements
Type of Operational Environment: Modifiable
How Requirements are Satisfied:
Any SSPs contained within the module are protected by the process isolation and memory
separation mechanisms, and only the module has control over these SSPs.
6.2 Configuration Settings and Restrictions
The module shall be installed as stated in Section 11 Life-Cycle Assurance. If properly
installed, the operating system provides process isolation and memory protection
mechanisms that ensure appropriate separation for memory access among the processes on
the system. Each process has control over its own data and uncontrolled access to the data
of other processes is prevented.
Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as
well as other tracing mechanisms offered by the Linux environment such as ftrace or
systemtap, shall not be used in the operational environment. The use of any of these tools
implies that the cryptographic module is running in a non-validated operational
environment.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 88 of 150
7 Physical Security
The module is comprised of software only and therefore this Section is Not Applicable (N/A).
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 89 of 150
8 Non-Invasive Security
This module does not implement any non-invasive security mechanism, and therefore this
Section is not applicable.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 90 of 150
9 Sensitive Security Parameters Management
9.1 Storage Areas
Storage
Area
Name
Description Persistence
Type
RAM Temporary storage for SSPs used by the module as part of
service execution. SSPs are stored until they are zeroized by the
operator (using a zeroization call or removing power from the
module) or zeroized automatically
Dynamic
Table 17: Storage Areas
The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in
the RAM in plaintext form.
9.2 SSP Input-Output Methods
Name From To Format
Type
Distributio
n Type
Entry
Type
SFI or
Algorith
m
API input
parameter
s
Operator
calling
application
(TOEPP)
Cryptographi
c module
Plaintex
t
Manual Electroni
c
API output
parameter
s
Cryptographi
c module
Operator
calling
application
(TOEPP)
Plaintex
t
Manual Electroni
c
Table 18: SSP Input-Output Methods
The module only supports SSP entry and output to and from the calling application running
on the same operational environment. This corresponds to manual distribution, electronic
entry/output (“CM Software to/from App via TOEPP Path”) per FIPS 140-3 IG 9.5.A Table 1.
There is no entry or output of cryptographically protected SSPs.
9.3 SSP Zeroization Methods
Zeroization
Method
Description Rationale Operator
Initiation
Free cipher
handle
Zeroizes the
SSPs contained
within the cipher
handle.
By calling the appropriate zeroization
functions: AES key:
EVP_CIPHER_CTX_free and
EVP_MAC_CTX_free; HMAC key:
EVP_MAC_CTX_free; Key-derivation key:
By calling
the cipher
related
zeroization
API
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 91 of 150
Zeroization
Method
Description Rationale Operator
Initiation
EVP_KDF_CTX_free; Shared secret:
EVP_KDF_CTX_free; Password:
EVP_KDF_CTX_free; KBKDF Derived Key:
EVP_KDF_CTX_free; HKDF Derived Key:
EVP_KDF_CTX_free; TLS Derived Key:
EVP_KDF_CTX_free; SSH Derived Key:
EVP_KDF_CTX_free; X9.63 Derived Key:
EVP_KDF_CTX_free; X9.42 Derived Key:
EVP_KDF_CTX_free; PBKDF Derived Key:
EVP_KDF_CTX_free; KDA OneStep
Derived Key: EVP_KDF_CTX_free; KDA
TwoStep Derived Key:
EVP_KDF_CTX_free; Entropy input:
EVP_RAND_CTX_free; DRBG internal
state (V value, Key), DRBG internal state
(V value, C value): EVP_RAND_CTX_free;
DH public & private key: EVP_PKEY_free;
EC public & private key: EVP_PKEY_free;
RSA public & private key: EVP_PKEY_free
Automatic Automatically
zeroized by the
module when no
longer needed
Memory occupied by SSPs is overwritten
with zeroes, which renders the SSP
values irretrievable.
N/A
Module
Reset
De-allocates the
volatile memory
used to store
SSPs
Volatile memory used by the module is
overwritten within nanoseconds when
power is removed.
By unloading
and
reloading
the module
Table 19: SSP Zeroization Methods
The application that uses the module is responsible for the appropriate zeroization of SSPs.
The module provides key allocation and destruction functions, which overwrites the memory
occupied by the SSP´s information with zeroes before its deallocation.
Memory allocation of SSPs is performed by the OPENSSL_malloc() API call and the
application in use of the module is responsible for the calling of the appropriate zeroization
functions from the OpenSSL API. The zeroization functions then overwrite the memory
occupied by SSPs and de-allocate the memory with the OPENSSL_free() call.
OPENSSL_cleanse() should be used to overwrite sensitive data such as private keys.
All data output is inhibited during zeroization.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 92 of 150
9.4 SSPs
Name Description Size -
Strength
Type -
Categor
y
Generat
ed By
Establis
hed By
Used By
AES key AES key used
for encryption,
decryption, and
computing MAC
tags
AES-XTS:
256, 512
bits;
Other
modes:
128, 192,
256 bits -
AES-XTS:
128, 256
bits;
Other
modes:
128, 192,
256 bits
Symmetri
c key -
CSP
Symmetric
Encryption
with AES
Symmetric
Decryption
with AES
Authentica
ted
Symmetric
Encryption
Authentica
ted
Symmetric
Decryption
HMAC
key
HMAC key used
for computing
MAC tags
112-
524288
bits - 112-
256 bits
Symmetri
c key -
CSP
Message
Authentica
tion Code
Module-
generate
d RSA
private
key
RSA private key
generated by
the module
2048-
15360
bits - 112-
256 bits
Private
key - CSP
Key Pair
Generati
on with
RSA
Key Pair
Generation
with RSA
Module-
generate
d RSA
public
key
RSA public key
generated by
the module
2048-
15360
bits - Key
pair
generatio
n: 112-
256 bits
Public
key - PSP
Key Pair
Generati
on with
RSA
Key Pair
Generation
with RSA
RSA
private
key
RSA private key
written to the
module
2048-
16384
bits - 112-
256 bits
Private
key - CSP
Signature
Generation
Shared
Secret
Computati
on with
RSA
Asymmetri
c
Decryption
with RSA
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 93 of 150
Name Description Size -
Strength
Type -
Categor
y
Generat
ed By
Establis
hed By
Used By
RSA
public
key
RSA public key
written to the
module
Signature
verificatio
n: 1024-
16384
bits;
Others:
2048-
16384
bits -
Signature
verificatio
n: 80-256
bits;
Others:
112-256
bits
Public
key - PSP
Signature
Verification
Shared
Secret
Computati
on with
RSA
Asymmetri
c
Encryption
with RSA
Module-
generate
d DH
Private
key
DH Private key
generated by
the module
2048-
8192 bits
- 112-200
bits
Private
key - CSP
Key Pair
Generati
on with
Safe
Primes
Key Pair
Generation
with Safe
Primes
Module-
generate
d DH
Public
key
DH Public key
generated by
the module
2048-
8192 bits
- 112-200
bits
Public
key - PSP
Key Pair
Generati
on with
Safe
Primes
Key Pair
Generation
with Safe
Primes
DH
Private
key
DH Private key
written to the
module
2048-
8192 bits
- 112-200
bits
Private
key - CSP
Shared
Secret
Computati
on with DH
Key Pair
Verification
with Safe
Primes
DH Public
key
DH Public key
written to the
module
2048-
8192 bits
- 112-200
bits
Public
key - PSP
Shared
Secret
Computati
on with DH
Key Pair
Verification
with Safe
Primes
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 94 of 150
Name Description Size -
Strength
Type -
Categor
y
Generat
ed By
Establis
hed By
Used By
Module-
generate
d EC
Private
key
EC Private key
generated by
the module
P-224, P-
256, P-
384, P-
521 bits -
112, 128,
192, 256
bits
Private
key - CSP
Key Pair
Generati
on with
ECDSA
Key Pair
Generation
with
ECDSA
Module-
generate
d EC
Public
key
EC Public key
generated by
the module
P-224, P-
256, P-
384, P-
521 bits -
112, 128,
192, 256
bits
Public
key - PSP
Key Pair
Generati
on with
ECDSA
Key Pair
Generation
with
ECDSA
EC
Private
key
EC Private key
written the
module and
used by ECDSA
and ECDH
P-224, P-
256, P-
384, P-
521 bits -
112, 128,
192, 256
bits
Private
key - CSP
Shared
Secret
Computati
on with
ECDH
Signature
Generation
Key Pair
Verification
with
ECDSA
EC Public
key
EC Public key
written the
module and
used by ECDSA
and ECDH
P-224, P-
256, P-
384, P-
521 bits -
112, 128,
192, 256
bits
Public
key - PSP
Signature
Verification
Shared
Secret
Computati
on with
ECDH
Key Pair
Verification
with
ECDSA
Key
Derivatio
n Key
Symmetric key
used to derive
symmetric keys
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivation
with
KBKDF
KBKDF
Derived
Key
Symmetric key
derived from a
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivatio
Key
Derivation
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 95 of 150
Name Description Size -
Strength
Type -
Categor
y
Generat
ed By
Establis
hed By
Used By
key-derivation
key
n with
KBKDF
with
KBKDF
HKDF
Derived
Key
Symmetric key
derived from a
shared secret
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivatio
n with
HKDF
Key
Derivation
with HKDF
SSH
Derived
Key
Symmetric key
derived from a
shared secret
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivatio
n with
SSH KDF
Key
Derivation
with SSH
KDF
X9.63
Derived
Key
Symmetric key
derived from a
shared secret
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivatio
n with
X9.63
KDF
Key
Derivation
with X9.63
KDF
X9.42
Derived
Key
Symmetric key
derived from a
shared secret
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivatio
n with
X9.42
KDF
Key
Derivation
with X9.42
KDF
Password
or
passphra
se
Password or
passphrase
used by PBKDF
to derive
symmetric keys
8-128
character
s - N/A
Password
- CSP
Password-
based Key
Derivation
PBKDF
Derived
Key
Key derived
from PBKDF
password/passp
hrase during
key derivation
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Passwor
d-based
Key
Derivatio
n
Password-
based Key
Derivation
KDA
OneStep
Derived
Key
Symmetric key
derived from a
shared secret
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivatio
n with
KDA
OneStep
Key
Derivation
with KDA
OneStep
KDA
TwoStep
Derived
Key
Symmetric key
derived from a
shared secret
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
Key
Derivatio
n with
KDA
TwoStep
Key
Derivation
with KDA
TwoStep
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 96 of 150
Name Description Size -
Strength
Type -
Categor
y
Generat
ed By
Establis
hed By
Used By
TLS
Derived
Key
Derived key
used in
Transport Layer
Security (TLS)
network
protocol
112-4096
bits - 112-
256 bits
Symmetri
c key -
CSP
TLS Key
Derivatio
n
Shared
Secret
Shared secret
generated by
ECDH/DH/RSA
shared secret
computation
224-8912
bits - 112-
256 bits
Shared
Secret -
CSP
Shared
Secret
Computat
ion with
DH
Shared
Secret
Computat
ion with
ECDH
Shared
Secret
Computat
ion with
RSA
Key
Derivation
with KDA
OneStep
Key
Derivation
with KDA
TwoStep
Key
Derivation
with X9.42
KDF
Key
Derivation
with X9.63
KDF
Key
Derivation
with SSH
KDF
Key
Derivation
with HKDF
Shared
Secret
Computati
on with DH
Shared
Secret
Computati
on with
ECDH
Shared
Secret
Computati
on with
RSA
Entropy
input
Entropy input
string used to
seed the DRBG
128-384
bits - 128-
256 bits
Entropy
Input -
CSP
Random
Number
Generation
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 97 of 150
Name Description Size -
Strength
Type -
Categor
y
Generat
ed By
Establis
hed By
Used By
(IG D.L
compliant)
DRBG
seed
DRBG seed
derived from
entropy input
(IG D.L
compliant)
CTR_DRB
G: 256,
320, 384
bits;
Hash_DRB
G: 440,
888 bits;
HMAC_DR
BG: 160,
256, 512
bits -
CTR_DRB
G: 128,
192, 256
bits;
HMAC_DR
BG,
Hash_DRB
G: 128,
256 bits
Seed -
CSP
Random
Number
Generati
on
Random
Number
Generation
DRBG
internal
state (V
value, C
value)
Internal state of
the Hash_DRBG
(IG D.L
compliant)
880, 1776
bits - 128,
256 bits
Internal
state -
CSP
Random
Number
Generati
on
Random
Number
Generation
DRBG
internal
state (V
value,
Key)
Internal state of
the CTR_DRBG
and
HMAC_DRBG (IG
D.L compliant)
CTR_DRB
G: 256,
320, 384
bits;
HMAC_DR
BG: 320,
512, 1024
bits -
CTR_DRB
G: 128,
192, 256
bits;
HMAC_DR
BG: 128,
256 bits
Internal
state -
CSP
Random
Number
Generati
on
Random
Number
Generation
Intermedi
ate key
Intermediate
key pair
generation
112-
15360
Intermedi
ate value
- CSP
Key Pair
Generati
on with
Key Pair
Generation
with RSA
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 98 of 150
Name Description Size -
Strength
Type -
Categor
y
Generat
ed By
Establis
hed By
Used By
generatio
n value
value generated
during key
generation and
key derivation
services (SP
800-133 Rev. 2
Section 4, 5.1,
and 5.2)
bits - 112-
256 bits
RSA
Key Pair
Generati
on with
ECDSA
Key Pair
Generati
on with
Safe
Primes
Key Pair
Generation
with
ECDSA
Key Pair
Generation
with Safe
Primes
Table 20: SSP Table 1
Name Input -
Output
Storage Storage
Duration
Zeroizatio
n
Related SSPs
AES key API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
HMAC key API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Module-
generated
RSA private
key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Module-generated
RSA public
key:Paired With
Intermediate key
generation
value:Generated
From
Module-
generated
RSA public
key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Module-generated
RSA private
key:Paired With
Intermediate key
generation
value:Generated
From
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 99 of 150
Name Input -
Output
Storage Storage
Duration
Zeroizatio
n
Related SSPs
RSA private
key
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
RSA public
key:Paired With
RSA public
key
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
RSA private
key:Paired With
Module-
generated
DH Private
key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Module-generated
DH Public
key:Paired With
Intermediate key
generation
value:Generated
From
Module-
generated
DH Public
key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Module-generated
DH Private
key:Paired With
Intermediate key
generation
value:Generated
From
DH Private
key
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
DH Public
key:Paired With
DH Public
key
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
DH Private
key:Paired With
Module-
generated
EC Private
key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
Free cipher
handle
Module
Reset
Module-generated
EC Public
key:Paired With
Intermediate key
generation
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 100 of 150
Name Input -
Output
Storage Storage
Duration
Zeroizatio
n
Related SSPs
cipherhandl
e is freed
value:Generated
From
Module-
generated
EC Public
key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Module-generated
EC private
key:Paired With
Intermediate key
generation
value:Generated
From
EC Private
key
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
EC Public
key:Paired With
EC Public
key
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
EC private
key:Paired With
Key
Derivation
Key
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
KBKDF Derived
Key:Derives
KBKDF
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Key-derivation
key:Derived From
HKDF
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Shared
secret:Derived
From
SSH
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
Free cipher
handle
Module
Reset
Shared
secret:Derived
From
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 101 of 150
Name Input -
Output
Storage Storage
Duration
Zeroizatio
n
Related SSPs
cipherhandl
e is freed
X9.63
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Shared
secret:Derived
From
X9.42
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Shared
secret:Derived
From
Password or
passphrase
API input
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
PBKDF Derived
Key:Derives
PBKDF
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Password or
passphrase:Derive
d From
KDA
OneStep
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Shared
secret:Derived
From
KDA
TwoStep
Derived Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
Shared
secret:Derived
From
TLS Derived
Key
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
Free cipher
handle
Module
Reset
Shared
Secret:Derived
From
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 102 of 150
Name Input -
Output
Storage Storage
Duration
Zeroizatio
n
Related SSPs
cipherhandl
e is freed
Shared
Secret
API input
parameter
s
API output
parameter
s
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Free cipher
handle
Module
Reset
DH private
key:Established By
DH public
key:Established By
EC private
key:Established By
EC public
key:Established By
HKDF Derived
Key:Derives
KDA OneStep
Derived
Key:Derives
KDA TwoStep
Derived
Key:Derives
TLS Derived
Key:Derives
SSH Derived
Key:Derives
X9.63 Derived
Key:Derives
X9.42 Derived
Key:Derives
RSA private
key:Established By
RSA public
key:Established By
Entropy
input
RAM:Plaintex
t
From
generation
until DRBG
seed is
created
Automatic
Module
Reset
DRBG
seed:Derives
DRBG seed RAM:Plaintex
t
While the
DRBG is
instantiated
Automatic
Module
Reset
Entropy
input:Derived
From
DRBG internal
state (V value, C
value):Generates
DRBG internal
state (V value,
Key):Generates
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 103 of 150
Name Input -
Output
Storage Storage
Duration
Zeroizatio
n
Related SSPs
DRBG
internal
state (V
value, C
value)
RAM:Plaintex
t
From DRBG
instantiatio
n until
DRBG
termination
Free cipher
handle
Module
Reset
DRBG
seed:Generated
From
DRBG
internal
state (V
value, Key)
RAM:Plaintex
t
From DRBG
instantiatio
n until
DRBG
termination
Free cipher
handle
Module
Reset
DRBG
seed:Generated
From
Intermediat
e key
generation
value
RAM:Plaintex
t
From
service
invocation
until
cipherhandl
e is freed
Automatic DH private
key:Generates
DH public
key:Generates
EC private
key:Generates
EC public
key:Generates
RSA private
key:Generates
RSA public
key:Generates
Table 21: SSP Table 2
9.5 Transitions
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes,
starting January 1, 2031.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 104 of 150
10 Self-Tests
10.1 Pre-Operational Self-Tests
Algorithm
or Test
Test
Properties
Test Method Test
Type
Indicator Details
HMAC-
SHA2-256
(A5868)
256-bits
key
Message
authentication
SW/FW
Integrity
Module
becomes
operational
and services
are available
for use
Integrity test of the
shared library
component of the
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
was computed at
build time.
HMAC-
SHA2-256
(A5864)
256-bits
key
Message
authentication
SW/FW
Integrity
Module
becomes
operational
and services
are available
for use
Integrity test of the
shared library
component of the
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
was computed at
build time.
HMAC-
SHA2-256
(A5876)
256-bits
key
Message
authentication
SW/FW
Integrity
Module
becomes
operational
and services
are available
for use
Integrity test of the
shared library
component of the
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
was computed at
build time.
HMAC-
SHA2-256
(A5877)
256-bits
key
Message
authentication
SW/FW
Integrity
Module
becomes
operational
Integrity test of the
shared library
component of the
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 105 of 150
Algorithm
or Test
Test
Properties
Test Method Test
Type
Indicator Details
and services
are available
for use
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
was computed at
build time.
HMAC-
SHA2-256
(A5878)
256-bits
key
Message
authentication
SW/FW
Integrity
Module
becomes
operational
and services
are available
for use
Integrity test of the
shared library
component of the
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
was computed at
build time.
HMAC-
SHA2-256
(A5879)
256-bits
key
Message
authentication
SW/FW
Integrity
Module
becomes
operational
and services
are available
for use
Integrity test of the
shared library
component of the
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
was computed at
build time.
HMAC-
SHA2-256
(A5883)
256-bits
key
Message
authentication
SW/FW
Integrity
Module
becomes
operational
and services
are available
for use
Integrity test of the
shared library
component of the
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 106 of 150
Algorithm
or Test
Test
Properties
Test Method Test
Type
Indicator Details
was computed at
build time.
HMAC-
SHA2-256
(A5889)
256-bits
key
Message
Message
authentication
SW/FW
Integrity
Module
becomes
operational
and services
are available
for use
Integrity test of the
shared library
component of the
module. Verified
by comparing an
HMAC SHA-256
value calculated at
run time with the
HMAC SHA-256
value embedded in
the fips.so file that
was computed at
build time.
Table 22: Pre-Operational Self-Tests
The pre-operational software integrity tests are performed automatically when the module is
initialized, before the module transitions into the operational state. While the module is
executing the self-tests, services are not available, and data output (via the data output
interface) is inhibited until the tests are successfully completed. The module transitions to
the operational state only after the pre-operational self-tests are passed successfully.
Prior the first use, a CAST is executed for the algorithms used in the Pre-operational Self-
Tests.
10.2 Conditional Self-Tests
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
SHA-1
(A5868)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA-1
(A5876)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA-1
(A5877)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 107 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
SHA-1
(A5878)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA-1
(A5879)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA-1
(A5883)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA-1
(A5889)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA2-512
(A5868)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA2-512
(A5876)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA2-512
(A5877)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA2-512
(A5878)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 108 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
SHA2-512
(A5879)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA2-512
(A5883)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA2-512
(A5889)
24-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
HMAC-
SHA2-256
(A5864)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
HMAC-
SHA2-256
(A5868)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
HMAC-
SHA2-256
(A5876)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
HMAC-
SHA2-256
(A5877)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
HMAC-
SHA2-256
(A5878)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 109 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
HMAC-
SHA2-256
(A5879)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
HMAC-
SHA2-256
(A5883)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
HMAC-
SHA2-256
(A5889)
256-bit key KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA3-256
(A5869)
32-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
SHA3-256
(A5885)
32-bit
message
KAT CAST Module
becomes
operational
Message
digest
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5870)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5871)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5872)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 110 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
AES-GCM
(A5873)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5874)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5875)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5880)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5881)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5882)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5886)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5887)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 111 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
AES-GCM
(A5888)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5903)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5904)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-GCM
(A5905)
256-bit key
and 96-bit
IV, encypt
and decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5398)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5399)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5400)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5401)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 112 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
AES-ECB
(A5402)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5403)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5658)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5884)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5893)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5894)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5895)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
AES-ECB
(A5896)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 113 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
AES-ECB
(A5900)
128-bit key,
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5868)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5869)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5876)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5877)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5878)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5879)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5883)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 114 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
RSA
SigGen
(FIPS186-5)
(A5885)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA
SigGen
(FIPS186-5)
(A5889)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5868)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5869)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5876)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5877)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5878)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5879)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 115 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
RSA SigVer
(FIPS186-5)
(A5883)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5885)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
RSA SigVer
(FIPS186-5)
(A5889)
PKCS#1
v1.5 with
SHA-256
and 2048-bit
key
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5868)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5869)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5876)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5877)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5878)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 116 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
ECDSA
SigGen
(FIPS186-5)
(A5879)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5883)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5885)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigGen
(FIPS186-5)
(A5889)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5868)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5869)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5876)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5877)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 117 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
ECDSA
SigVer
(FIPS186-5)
(A5878)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5879)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5883)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5885)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
ECDSA
SigVer
(FIPS186-5)
(A5889)
SHA-256
and P-224,
P-256, P-
384, and P-
521
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity
test
KDF SP800-
108
(A5899)
HMAC-SHA2-
256 in
counter
mode and
128-bit
input key
KAT CAST Module
becomes
operational
Key Derivation
with KBKDF
Test runs at
power-on
before the
integrity
test
KDA
OneStep
SP800-
56Cr2
(A5897)
SHA2-224
and 448-bit
input secret
KAT CAST Module
becomes
operational
Shared secret
key derivation
Test runs at
power-on
before the
integrity
test
KDA
TwoStep
SP800-
56Cr2
(A5897)
SHA2-224
and 448-bit
input secret
KAT CAST Module
becomes
operational
Shared secret
key derivation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 118 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
KDA HKDF
SP800-
56Cr2
(A5863)
SHA2-256
and 48-bit
secret
KAT CAST Module
becomes
operational
Shared secret
key derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5868)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5869)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5876)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5877)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5878)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5879)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5883)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 119 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
KDF ANS
9.42
(A5885)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.42
(A5889)
AES-128 KW
and SHA-1
and 160-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.42 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5868)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5869)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5876)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5877)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5878)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5879)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 120 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
KDF ANS
9.63
(A5883)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5885)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF ANS
9.63
(A5889)
SHA2-256
and 192-bit
input secret
KAT CAST Module
becomes
operational
ANS X9.63 key
derivation
Test runs at
power-on
before the
integrity
test
KDF SSH
(A5884)
SHA-1 and
1056-bit
input secret
KAT CAST Module
becomes
operational
SSH KDF key
derivation
Test runs at
power-on
before the
integrity
test
KDF SSH
(A5893)
SHA-1 and
1056-bit
input secret
KAT CAST Module
becomes
operational
SSH KDF key
derivation
Test runs at
power-on
before the
integrity
test
KDF SSH
(A5894)
SHA-1 and
1056-bit
input secret
KAT CAST Module
becomes
operational
SSH KDF key
derivation
Test runs at
power-on
before the
integrity
test
KDF SSH
(A5895)
SHA-1 and
1056-bit
input secret
KAT CAST Module
becomes
operational
SSH KDF key
derivation
Test runs at
power-on
before the
integrity
test
KDF SSH
(A5896)
SHA-1 and
1056-bit
input secret
KAT CAST Module
becomes
operational
SSH KDF key
derivation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 121 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
KDF SSH
(A5900)
SHA-1 and
1056-bit
input secret
KAT CAST Module
becomes
operational
SSH KDF key
derivation
Test runs at
power-on
before the
integrity
test
TLS v1.2
KDF
RFC7627
(A5868)
SHA2-256
and 384-bit
input secret
KAT CAST Module
becomes
operational
TLS v1.2 KDF
key derivation
Test runs at
power-on
before the
integrity
test
TLS v1.2
KDF
RFC7627
(A5876)
SHA2-256
and 384-bit
input secret
KAT CAST Module
becomes
operational
TLS v1.2 KDF
key derivation
Test runs at
power-on
before the
integrity
test
TLS v1.2
KDF
RFC7627
(A5877)
SHA2-256
and 384-bit
input secret
KAT CAST Module
becomes
operational
TLS v1.2 KDF
key derivation
Test runs at
power-on
before the
integrity
test
TLS v1.2
KDF
RFC7627
(A5878)
SHA2-256
and 384-bit
input secret
KAT CAST Module
becomes
operational
TLS v1.2 KDF
key derivation
Test runs at
power-on
before the
integrity
test
TLS v1.2
KDF
RFC7627
(A5879)
SHA2-256
and 384-bit
input secret
KAT CAST Module
becomes
operational
TLS v1.2 KDF
key derivation
Test runs at
power-on
before the
integrity
test
TLS v1.2
KDF
RFC7627
(A5883)
SHA2-256
and 384-bit
input secret
KAT CAST Module
becomes
operational
TLS v1.2 KDF
key derivation
Test runs at
power-on
before the
integrity
test
TLS v1.2
KDF
RFC7627
(A5889)
SHA2-256
and 384-bit
input secret
KAT CAST Module
becomes
operational
TLS v1.2 KDF
key derivation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 122 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
TLS v1.3
KDF
(A5863)
SHA2-256,
extract and
expand
modes
KAT CAST Module
becomes
operational
TLS v1.3 KDF
key derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5868)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5869)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5876)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5877)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5878)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5879)
SHA2-256
with 24
characters
password,
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 123 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
288-bit salt,
4096
iterations
integrity
test
PBKDF
(A5883)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5885)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
PBKDF
(A5889)
SHA2-256
with 24
characters
password,
288-bit salt,
4096
iterations
KAT CAST Module
becomes
operational
Password-
based Key
Derivation
Test runs at
power-on
before the
integrity
test
Counter
DRBG
(A5397)
AES-128
with
derivation
function and
prediction
resistance
KAT CAST Module
becomes
operational
Instantiate;
Generate;
Reseed
(compliant to
SP 800-90A
Rev. 1 Section
11.3)
Test runs at
power-on
before the
integrity
test
Hash DRBG
(A5397)
SHA2-256
and
prediction
resistance
KAT CAST Module
becomes
operational
Instantiate;
Generate;
Reseed
(compliant to
SP 800-90A
Rev. 1 Section
11.3)
Test runs at
power-on
before the
integrity
test
HMAC
DRBG
(A5397)
HMAC-SHA-1
and
prediction
resistance
KAT CAST Module
becomes
operational
Instantiate;
Generate;
Reseed
(compliant to
SP 800-90A
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 124 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
Rev. 1 Section
11.3)
KAS-FFC-
SSC Sp800-
56Ar3
(A5898)
ffdhe2048 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
KAS-ECC-
SSC Sp800-
56Ar3
(A5868)
P-256 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
KAS-ECC-
SSC Sp800-
56Ar3
(A5876)
P-256 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
KAS-ECC-
SSC Sp800-
56Ar3
(A5877)
P-256 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
KAS-ECC-
SSC Sp800-
56Ar3
(A5878)
P-256 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
KAS-ECC-
SSC Sp800-
56Ar3
(A5879)
P-256 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
KAS-ECC-
SSC Sp800-
56Ar3
(A5883)
P-256 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
KAS-ECC-
SSC Sp800-
56Ar3
(A5889)
P-256 KAT CAST Module
becomes
operational
Shared secret
computation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 125 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
Safe
Primes Key
Generation
(A5898)
N/A PCT PCT Key pair
generation
is
successful
SP 800-56A
Rev. 3 Section
5.6.2.1.4
Key pair
generation
RSA
KeyGen
(FIPS186-5)
(A5868)
PKCS#1
v1.5 with
SHA-256
PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
RSA
KeyGen
(FIPS186-5)
(A5876)
PKCS#1
v1.5 with
SHA-256
PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
RSA
KeyGen
(FIPS186-5)
(A5877)
PKCS#1
v1.5 with
SHA-256
PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
RSA
KeyGen
(FIPS186-5)
(A5878)
PKCS#1
v1.5 with
SHA-256
PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
RSA
KeyGen
(FIPS186-5)
(A5879)
PKCS#1
v1.5 with
SHA-256
PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
RSA
KeyGen
(FIPS186-5)
(A5883)
PKCS#1
v1.5 with
SHA-256
PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
RSA
KeyGen
(FIPS186-5)
(A5889)
PKCS#1
v1.5 with
SHA-256
PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
ECDSA
KeyGen
(FIPS186-5)
(A5868)
SHA-256 PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
ECDSA
KeyGen
(FIPS186-5)
(A5876)
SHA-256 PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 126 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
ECDSA
KeyGen
(FIPS186-5)
(A5877)
SHA-256 PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
ECDSA
KeyGen
(FIPS186-5)
(A5878)
SHA-256 PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
ECDSA
KeyGen
(FIPS186-5)
(A5879)
SHA-256 PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
ECDSA
KeyGen
(FIPS186-5)
(A5883)
SHA-256 PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
ECDSA
KeyGen
(FIPS186-5)
(A5889)
SHA-256 PCT PCT Key pair
generation
is sucessful
Signature
generation
and
verification
Key pair
generation
KTS-IFC
(A5868)
OAEP with
2048-bit key
KAT CAST Module
becomes
operational
Key
encapsulation
and un-
encapsulation
Test runs at
power-on
before the
integrity
test
KTS-IFC
(A5876)
OAEP with
2048-bit key
KAT CAST Module
becomes
operational
Key
encapsulation
and un-
encapsulation
Test runs at
power-on
before the
integrity
test
KTS-IFC
(A5877)
OAEP with
2048-bit key
KAT CAST Module
becomes
operational
Key
encapsulation
and un-
encapsulation
Test runs at
power-on
before the
integrity
test
KTS-IFC
(A5878)
OAEP with
2048-bit key
KAT CAST Module
becomes
operational
Key
encapsulation
and un-
encapsulation
Test runs at
power-on
before the
integrity
test
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 127 of 150
Algorithm
or Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
KTS-IFC
(A5879)
OAEP with
2048-bit key
KAT CAST Module
becomes
operational
Key
encapsulation
and un-
encapsulation
Test runs at
power-on
before the
integrity
test
KTS-IFC
(A5883)
OAEP with
2048-bit key
KAT CAST Module
becomes
operational
Key
encapsulation
and un-
encapsulation
Test runs at
power-on
before the
integrity
test
KTS-IFC
(A5889)
OAEP with
2048-bit key
KAT CAST Module
becomes
operational
Key
encapsulation
and un-
encapsulation
Test runs at
power-on
before the
integrity
test
Table 23: Conditional Self-Tests
Data output through the data output interface is inhibited during the conditional self-tests.
The module does not return control to the calling application until the tests are completed. If
any of these tests fails, the module transitions to the error state (Section 10.4 Error States).
10.3 Periodic Self-Test Information
Algorithm or
Test
Test Method Test Type Period Periodic
Method
HMAC-SHA2-
256 (A5868)
Message
authentication
SW/FW Integrity On demand Manually
HMAC-SHA2-
256 (A5864)
Message
authentication
SW/FW Integrity On demand Manually
HMAC-SHA2-
256 (A5876)
Message
authentication
SW/FW Integrity On demand Manually
HMAC-SHA2-
256 (A5877)
Message
authentication
SW/FW Integrity On demand Manually
HMAC-SHA2-
256 (A5878)
Message
authentication
SW/FW Integrity On demand Manually
HMAC-SHA2-
256 (A5879)
Message
authentication
SW/FW Integrity On demand Manually
HMAC-SHA2-
256 (A5883)
Message
authentication
SW/FW Integrity On demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 128 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
HMAC-SHA2-
256 (A5889)
Message
authentication
SW/FW Integrity On demand Manually
Table 24: Pre-Operational Periodic Information
Algorithm or
Test
Test Method Test Type Period Periodic
Method
SHA-1 (A5868) KAT CAST On Demand Manually
SHA-1 (A5876) KAT CAST On Demand Manually
SHA-1 (A5877) KAT CAST On Demand Manually
SHA-1 (A5878) KAT CAST On Demand Manually
SHA-1 (A5879) KAT CAST On Demand Manually
SHA-1 (A5883) KAT CAST On Demand Manually
SHA-1 (A5889) KAT CAST On Demand Manually
SHA2-512
(A5868)
KAT CAST On Demand Manually
SHA2-512
(A5876)
KAT CAST On Demand Manually
SHA2-512
(A5877)
KAT CAST On Demand Manually
SHA2-512
(A5878)
KAT CAST On Demand Manually
SHA2-512
(A5879)
KAT CAST On Demand Manually
SHA2-512
(A5883)
KAT CAST On Demand Manually
SHA2-512
(A5889)
KAT CAST On Demand Manually
HMAC-SHA2-
256 (A5864)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 129 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
HMAC-SHA2-
256 (A5868)
KAT CAST On Demand Manually
HMAC-SHA2-
256 (A5876)
KAT CAST On Demand Manually
HMAC-SHA2-
256 (A5877)
KAT CAST On Demand Manually
HMAC-SHA2-
256 (A5878)
KAT CAST On Demand Manually
HMAC-SHA2-
256 (A5879)
KAT CAST On Demand Manually
HMAC-SHA2-
256 (A5883)
KAT CAST On Demand Manually
HMAC-SHA2-
256 (A5889)
KAT CAST On demand Manually
SHA3-256
(A5869)
KAT CAST On Demand Manually
SHA3-256
(A5885)
KAT CAST On Demand Manually
AES-GCM
(A5870)
KAT CAST On Demand Manually
AES-GCM
(A5871)
KAT CAST On Demand Manually
AES-GCM
(A5872)
KAT CAST On Demand Manually
AES-GCM
(A5873)
KAT CAST On Demand Manually
AES-GCM
(A5874)
KAT CAST On Demand Manually
AES-GCM
(A5875)
KAT CAST On Demand Manually
AES-GCM
(A5880)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 130 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
AES-GCM
(A5881)
KAT CAST On Demand Manually
AES-GCM
(A5882)
KAT CAST On Demand Manually
AES-GCM
(A5886)
KAT CAST On Demand Manually
AES-GCM
(A5887)
KAT CAST On Demand Manually
AES-GCM
(A5888)
KAT CAST On Demand Manually
AES-GCM
(A5903)
KAT CAST On Demand Manually
AES-GCM
(A5904)
KAT CAST On Demand Manually
AES-GCM
(A5905)
KAT CAST On Demand Manually
AES-ECB
(A5398)
KAT CAST On Demand Manually
AES-ECB
(A5399)
KAT CAST On Demand Manually
AES-ECB
(A5400)
KAT CAST On Demand Manually
AES-ECB
(A5401)
KAT CAST On Demand Manually
AES-ECB
(A5402)
KAT CAST On Demand Manually
AES-ECB
(A5403)
KAT CAST On Demand Manually
AES-ECB
(A5658)
KAT CAST On Demand Manually
AES-ECB
(A5884)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 131 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
AES-ECB
(A5893)
KAT CAST On Demand Manually
AES-ECB
(A5894)
KAT CAST On Demand Manually
AES-ECB
(A5895)
KAT CAST On Demand Manually
AES-ECB
(A5896)
KAT CAST On Demand Manually
AES-ECB
(A5900)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5868)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5869)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5876)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5877)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5878)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5879)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5883)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A5885)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 132 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
RSA SigGen
(FIPS186-5)
(A5889)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5868)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5869)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5876)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5877)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5878)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5879)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5883)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5885)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A5889)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5868)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5869)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 133 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
ECDSA SigGen
(FIPS186-5)
(A5876)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5877)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5878)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5879)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5883)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5885)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A5889)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5868)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5869)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5876)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5877)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5878)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 134 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
ECDSA SigVer
(FIPS186-5)
(A5879)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5883)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5885)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A5889)
KAT CAST On Demand Manually
KDF SP800-108
(A5899)
KAT CAST On Demand Manually
KDA OneStep
SP800-56Cr2
(A5897)
KAT CAST On Demand Manually
KDA TwoStep
SP800-56Cr2
(A5897)
KAT CAST On Demand Manually
KDA HKDF
SP800-56Cr2
(A5863)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5868)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5869)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5876)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5877)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5878)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5879)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 135 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
KDF ANS 9.42
(A5883)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5885)
KAT CAST On Demand Manually
KDF ANS 9.42
(A5889)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5868)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5869)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5876)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5877)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5878)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5879)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5883)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5885)
KAT CAST On Demand Manually
KDF ANS 9.63
(A5889)
KAT CAST On Demand Manually
KDF SSH
(A5884)
KAT CAST On Demand Manually
KDF SSH
(A5893)
KAT CAST On Demand Manually
KDF SSH
(A5894)
KAT CAST On Demand Manually
KDF SSH
(A5895)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 136 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
KDF SSH
(A5896)
KAT CAST On Demand Manually
KDF SSH
(A5900)
KAT CAST On Demand Manually
TLS v1.2 KDF
RFC7627
(A5868)
KAT CAST On Demand Manually
TLS v1.2 KDF
RFC7627
(A5876)
KAT CAST On Demand Manually
TLS v1.2 KDF
RFC7627
(A5877)
KAT CAST On Demand Manually
TLS v1.2 KDF
RFC7627
(A5878)
KAT CAST On Demand Manually
TLS v1.2 KDF
RFC7627
(A5879)
KAT CAST On Demand Manually
TLS v1.2 KDF
RFC7627
(A5883)
KAT CAST On Demand Manually
TLS v1.2 KDF
RFC7627
(A5889)
KAT CAST On Demand Manually
TLS v1.3 KDF
(A5863)
KAT CAST On Demand Manually
PBKDF (A5868) KAT CAST On Demand Manually
PBKDF (A5869) KAT CAST On Demand Manually
PBKDF (A5876) KAT CAST On Demand Manually
PBKDF (A5877) KAT CAST On Demand Manually
PBKDF (A5878) KAT CAST On Demand Manually
PBKDF (A5879) KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 137 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
PBKDF (A5883) KAT CAST On Demand Manually
PBKDF (A5885) KAT CAST On Demand Manually
PBKDF (A5889) KAT CAST On Demand Manually
Counter DRBG
(A5397)
KAT CAST On Demand Manually
Hash DRBG
(A5397)
KAT CAST On Demand Manually
HMAC DRBG
(A5397)
KAT CAST On Demand Manually
KAS-FFC-SSC
Sp800-56Ar3
(A5898)
KAT CAST On Demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A5868)
KAT CAST On Demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A5876)
KAT CAST On Demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A5877)
KAT CAST On Demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A5878)
KAT CAST On Demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A5879)
KAT CAST On Demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A5883)
KAT CAST On Demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A5889)
KAT CAST On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 138 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
Safe Primes Key
Generation
(A5898)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A5868)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A5876)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A5877)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A5878)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A5879)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A5883)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A5889)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A5868)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A5876)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A5877)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A5878)
PCT PCT On Demand Manually
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 139 of 150
Algorithm or
Test
Test Method Test Type Period Periodic
Method
ECDSA KeyGen
(FIPS186-5)
(A5879)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A5883)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A5889)
PCT PCT On Demand Manually
KTS-IFC (A5868) KAT CAST On demand Manually
KTS-IFC (A5876) KAT CAST On demand Manually
KTS-IFC (A5877) KAT CAST On demand Manually
KTS-IFC (A5878) KAT CAST On demand Manually
KTS-IFC (A5879) KAT CAST On demand Manually
KTS-IFC (A5883) KAT CAST On demand Manually
KTS-IFC (A5889) KAT CAST On demand Manually
Table 25: Conditional Periodic Information
10.4 Error States
Name Description Conditions Recovery
Method
Indicator
Error If the module fails
any of the self-
tests, the module
enters the error
state. In the error
state, the module
immediately stops
functioning and
ends the
application
process
Software
integrity
test failure
CAST failure
Module
reinitialization
OSSL_PROV_PARAM_STATUS
is set to 0. Module will not
load.
PCT
Error
Pairwise
consistency test
failure
PCT failure Module
reinitialization
Module is aborted
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 140 of 150
Table 26: Error States
If the module fails any of the self-tests, the module enters the error state. In the error state,
the module immediately stops functioning and ends the application process. Consequently,
the data output interface is inhibited, and the module no longer accepts inputs or requests
(as the module is no longer running).
10.5 Operator Initiation of Self-Tests
Both conditional and pre-operational self-tests can be executed on-demand by unloading
and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test
function. The pair-wise consistency tests can be invoked on demand by requesting the key
pair generation service.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 141 of 150
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures
The module is distributed as a part of the SUSE Linux Enterprise 15 SP6 OpenSSL package in
the form of the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package.
Before the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package is installed, the SUSE
Linux Enterprise 15 SP6 system must operate in the FIPS validated configuration.
To do so the following steps shall be performed with the root privilege:
1. Install the needed crypto-policies scripts:
# zypper in crypto-policies-scripts
2. Set FIPS validated crypto-policies :
# update-crypto-policies --set FIPS
3. Append the following parameter in the /etc/default/grub configuration file in the
GRUB_CMDLINE_LINUX_DEFAULT line:
fips=1
4. After editing the configuration file, please run the following command to change the
setting in the UEFI and BIOS boot loaders:
# grub2-mkconfig -o /boot/efi/EFI/sles/grub.cfg
# grub2-mkconfig -o /boot/grub2/grub.cfg
If /boot or /boot/efi resides on a separate partition, the kernel parameter boot=<partition of
/boot or /boot/efi> must be supplied. The partition can be identified with the command "df
/boot" or "df /boot/efi" respectively. For example:
# df /boot
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 233191 30454 190296 14% /boot
The partition of /boot is located on /dev/sda1 in this example. Therefore, the following string
needs to be appended in the aforementioned grub file:
"boot=/dev/sda1"
5. Reboot to apply these settings.
Now, the operating environment is configured to support the approved mode of operation.
The Crypto Officer should check the existence of the file /proc/sys/crypto/fips_enabled, and
verify it contains a numeric value “1”. If the file does not exist or does not contain “1”, the
operating environment is not configured to support the approved mode of operation and the
module will not operate as a FIPS validated module properly.
11.2 Administrator Guidance
After the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package is installed, the Crypto
Officer must execute the openssl list --providers command. This command should display
the base/default and FIPS providers as follows:
Providers
base
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 142 of 150
name: OpenSSL Base Provider
version: 3.1.4
status: active
default
name: OpenSSL Default Provider
version: 3.1.4
status: active
fips
name: SUSE Linux Enterprise - OpenSSL FIPS Provider
version: 3.1.4 SUSE release 150600.5.15.1
status: active
The cryptographic boundary consists only of the FIPS provider as listed. If any other
OpenSSL or third-party provider is invoked, the user is not interacting with the module
specified in this Security Policy.
11.3 Non-Administrator Guidance
There is no Non-Administrator Guidance.
11.4 End of Life
As the module does not persistently store SSPs, secure sanitization of the module consists of
unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the
libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package can be uninstalled from the
SUSE Linux Enterprise 15 SP6 system.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 143 of 150
12 Mitigation of Other Attacks
12.1 Attack List
Certain cryptographic subroutines and algorithms are vulnerable to timing analysis. The
module claims mitigation of timing-based side-channel attacks implementing two methods,
Constant-time Implementations and Numeric Blinding:
• Constant-time Implementations protect cryptographic implementations in the module
against timing cryptanalysis ensuring that the variations in execution time for
different cryptographic algorithms cannot be traced back to the key, CSP or secret
data.
• Numeric Blinding protects the RSA and ECDSA algorithms from timing attacks. These
algorithms are vulnerable to such attacks since attackers can measure the time of
signature operations or RSA decryption. To mitigate this, the module generates a
random factor which is provided as an input to the decryption/signature operation
which discarded once the operation results in an output. This makes it difficult for
attackers to attempt timing attacks making impossible correlating execution time to
the RSA/ECDSA key.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 144 of 150
Appendix A. Glossary and Abbreviations
AES Advanced Encryption Standard
API Application Programming Interface
CAST Cryptographic Algorithm Self-Test
CAVP Cryptographic Algorithm Validation Program
CBC Cipher Block Chaining
CCM Counter with Cipher Block Chaining-Message Authentication Code
CFB Cipher Feedback
CKG Cryptographic Key Generation
CMAC Cipher-based Message Authentication Code
CMVP Cryptographic Module Validation Program
CSP Critical Security Parameter
CTR Counter
DH Diffie-Hellman
DRBG Deterministic Random Bit Generator
ECB Electronic Code Book
ECC Elliptic Curve Cryptography
ECDH Elliptic Curve Diffie-Hellman
ECDSA Elliptic Curve Digital Signature Algorithm
EVP Envelope
FFC Finite Field Cryptography
FIPS Federal Information Processing Standards
GCM Galois Counter Mode
GMAC Galois Counter Mode Message Authentication Code
HKDF HMAC-based Key Derivation Function
HMAC Keyed-Hash Message Authentication Code
IKE Internet Key Exchange
KAS Key Agreement Scheme
KAT Known Answer Test
KBKDF Key-based Key Derivation Function
KW Key Wrap
KWP Key Wrap with Padding
MAC Message Authentication Code
NIST National Institute of Science and Technology
OFB Output Feedback
PAA Processor Algorithm Acceleration
PCT Pair-wise Consistency Test
PBKDF2 Password-based Key Derivation Function v2
PSS Probabilistic Signature Scheme
RSA Rivest, Shamir, Adleman
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 145 of 150
SHA Secure Hash Algorithm
SSC Shared Secret Computation
SSH Secure Shell
SSP Sensitive Security Parameter
TLS Transport Layer Security
XOF Extendable Output Function
XTS XEX-based Tweaked-codebook mode with cipher text Stealing
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 146 of 150
Appendix B. References
ANS X9.42-2001 Public Key Cryptography for the Financial Services Industry:
Agreement of Symmetric Keys Using Discrete Logarithm
Cryptography
2001
https://webstore.ansi.org/standards/ascx9/ansix9422001
ANS X9.63-2001 Public Key Cryptography for the Financial Services Industry,
Key Agreement and Key Transport Using Elliptic Curve
Cryptography
2001
https://webstore.ansi.org/standards/ascx9/ansix9632001
FIPS 140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic
Modules
March 2019
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf
FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the
Cryptographic Module Validation Program
23 October 2024
https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-
validation-program/documents/fips%20140-3/FIPS%20140-
3%20IG.pdf
FIPS 180-4 Secure Hash Standard (SHS)
August 2015
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
FIPS 186-2 Digital Signature Standard (DSS)
January 2000
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
FIPS 186-4 Digital Signature Standard (DSS)
July 2013
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 147 of 150
FIPS 186-5 Digital Signature Standard (DSS)
February 2023
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
FIPS 197 Advanced Encryption Standard
November 2001
https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC)
July 2008
https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf
FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-
Output Functions
August 2015
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups
for Internet Key Exchange (IKE)
May 2003
https://www.ietf.org/rfc/rfc3526.txt
RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS
August 2008
https://www.ietf.org/rfc/rfc5288.txt
RFC 7919 Negotiated Finite Field Diffie-Hellman Ephemeral
Parameters for Transport Layer Security (TLS)
August 2016
https://www.ietf.org/rfc/rfc7919.txt
RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3
August 2018
https://www.ietf.org/rfc/rfc8446.txt
SP 800-140B Rev. 1 NIST Special Publication 800-140B - CMVP Security Policy
Requirements
October 2024
https://csrc.nist.gov/projects/cmvp/sp800-140b
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 148 of 150
SP 800-38A Recommendation for Block Cipher Modes of Operation
Methods and Techniques
December 2001
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8
00-38a.pdf
SP 800-38A
Addendum
Recommendation for Block Cipher Modes of Operation:
Three Variants of Ciphertext Stealing for CBC Mode
October 2010
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8
00-38a-add.pdf
SP 800-38B Recommendation for Block Cipher Modes of Operation: The
CMAC Mode for Authentication
May 2005
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
38b.pdf
SP 800-38C Recommendation for Block Cipher Modes of Operation: the
CCM Mode for Authentication and Confidentiality
July 2007
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8
00-38c.pdf
SP 800-38D Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC
November 2007
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8
00-38d.pdf
SP 800-38E Recommendation for Block Cipher Modes of Operation: The
XTS AES Mode for Confidentiality on Storage Devices
January 2010
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8
00-38e.pdf
SP 800-38F Recommendation for Block Cipher Modes of Operation:
Methods for Key Wrapping
December 2012
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
38F.pdf
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 149 of 150
SP 800-52 Rev. 2 Guidelines for the Selection, Configuration, and Use of
Transport Layer Security (TLS) Implementations
August 2019
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
52r2.pdf
SP 800-56A Rev. 3 Recommendation for Pair-Wise Key Establishment Schemes
Using Discrete Logarithm Cryptography
April 2018
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
56Ar3.pdf
SP 800-56C Rev. 2 Recommendation for Key-Derivation Methods in Key-
Establishment Schemes
August 2020
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
56Cr2.pdf
SP 800-90A Rev. 1 Recommendation for Random Number Generation Using
Deterministic Random Bit Generators
June 2015
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
90Ar1.pdf
SP 800-90B Recommendation for the Entropy Sources Used for Random
Bit Generation
January 2018
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
90B.pdf
SP 800-108 Rev. 1 NIST Special Publication 800-108r1 - Recommendation for
Key Derivation Using Pseudorandom Functions
August 2022
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
108r1-upd1.pdf
SP 800-132 Recommendation for Password-Based Key Derivation - Part
1: Storage Applications
December 2010
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8
00-132.pdf
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE, LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 150 of 150
SP 800-133 Rev. 2 Recommendation for Cryptographic Key Generation
June 2020
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
133r2.pdf
SP 800-135 Rev. 1 Recommendation for Existing Application-Specific Key
Derivation Functions
December 2011
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8
00-135r1.pdf