Ubuntu 16.04 OpenSSL Cryptographic Module

Certificate #4589

Webpage information ?

Status active
Validation dates 08.09.2023
Sunset date 08-10-2025
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode and installed, initialized and configured as specified in Sections 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy
Exceptions
  • Physical Security: N/A
Description OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.
Tested configurations
  • Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon E5 with PAA
  • Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon E5 without PAA (single-user mode)
Vendor Canonical Ltd.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-128, AES-192, AES-256, AES-, DES, Triple-DES, TDES, TDEA, HMAC, HMAC-SHA-256, CMAC
Asymmetric Algorithms
ECDSA, ECC, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5
Schemes
MAC, Key Exchange, Key Agreement
Protocols
SSH, SSLv2.0, SSL v3.0, TLS, TLS v1.0, TLSv1.2, TLSv1.0, DTLS, IKE
Randomness
PRNG, DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-224, P-256, P-384, P-521, P-192, K-283, K-409, K-571, B-233, B-283, B-409, B-571, K-163, K-233, B-163
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS
TLS cipher suites
TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA

Security level
Level 1, level 1
Side-channel analysis
Timing Attacks, timing attacks, Timing Attack

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS197, FIPS186-4, FIPS198-1, FIPS186-2, FIPS180-4, FIPS 198-1, FIPS 186-4, FIPS140-2, SP 800-57, PKCS#1, RFC2246, RFC4346, RFC5246, RFC5288, RFC4253, RFC7296, RFC3268, RFC5116, RFC6655, RFC4279, RFC5487, RFC4492, RFC5489, RFC7251

File metadata

Title Microsoft Word - UbuntuOpenSSL-SecurityPolicy.doc
Creation date D:20230905211647Z00'00'
Modification date D:20230905211647Z00'00'
Pages 43
Creator Word
Producer macOS Version 13.3.1 (a) (Build 22E772610a) Quartz PDFContext

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 01.11.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf.
  • 18.09.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4589,
  "dgst": "886b73d4b098e551",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA#C1304",
        "CVL#C1305",
        "Triple-DES#C1257",
        "KTS#C1257",
        "AES#C1260",
        "DRBG#C1305",
        "AES#C1265",
        "KTS#C1304",
        "DRBG#C1265",
        "SHS#C1304",
        "AES#C1259",
        "ECDSA#C1304",
        "AES#C1267",
        "ECDSA#C1305",
        "KTS#C1305",
        "HMAC#C1305",
        "CVL#C1304",
        "AES#C1258",
        "DSA#C1305",
        "SHS#C1305",
        "RSA#C1269",
        "AES#C1270",
        "AES#C1261",
        "KTS#C1269",
        "AES#C1264",
        "RSA#C1305",
        "ECDSA#C1269",
        "AES#C1266",
        "CVL#C1269",
        "DSA#C1269",
        "HMAC#C1269",
        "SHS#C1269",
        "DRBG#C1304",
        "DSA#C1304",
        "HMAC#C1304",
        "DRBG#C1269"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "16.04"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDSA": {
            "ECDSA": 27
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 13
          },
          "DSA": {
            "DSA": 33
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 9
        },
        "CCM": {
          "CCM": 7
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 5
        },
        "ECB": {
          "ECB": 9
        },
        "GCM": {
          "GCM": 14
        },
        "OFB": {
          "OFB": 5
        },
        "XTS": {
          "XTS": 8
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 48
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 1
        },
        "SSH": {
          "SSH": 1
        },
        "TLS": {
          "DTLS": {
            "DTLS": 2
          },
          "SSL": {
            "SSL v3.0": 1,
            "SSLv2.0": 1
          },
          "TLS": {
            "TLS": 59,
            "TLS v1.0": 2,
            "TLSv1.0": 1,
            "TLSv1.2": 2
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 4
        },
        "KEX": {
          "Key Exchange": 3
        },
        "MAC": {
          "MAC": 8
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-163": 2,
          "B-233": 2,
          "B-283": 2,
          "B-409": 2,
          "B-571": 2,
          "K-163": 2,
          "K-233": 2,
          "K-283": 2,
          "K-409": 2,
          "K-571": 2,
          "P-192": 4,
          "P-224": 6,
          "P-256": 8,
          "P-384": 6,
          "P-521": 6
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 45
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-128": 1,
          "AES-192": 1,
          "AES-256": 2,
          "HMAC SHA-1": 1,
          "HMAC-SHA-256": 2,
          "PKCS#1": 6,
          "SHA 1": 1,
          "SHA 224": 1,
          "SHA 256": 1,
          "SHA 384": 1,
          "SHA 512": 1,
          "SHA- 1": 1,
          "SHA-1": 15,
          "SHA-224": 15,
          "SHA-256": 26,
          "SHA-384": 14,
          "SHA-512": 9,
          "SHA-512 1024": 2,
          "SHA-512 112": 1,
          "SHA-512 2048": 2,
          "SHA-512 4096": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 7
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 15
          },
          "SHA2": {
            "SHA-224": 15,
            "SHA-256": 26,
            "SHA-384": 14,
            "SHA-512": 15
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 30,
          "PRNG": 2
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "Timing Attack": 1,
          "Timing Attacks": 2,
          "timing attacks": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 53,
          "FIPS 186-4": 1,
          "FIPS 198-1": 2,
          "FIPS PUB 140-2": 2,
          "FIPS140-2": 1,
          "FIPS180-4": 5,
          "FIPS186-2": 1,
          "FIPS186-4": 5,
          "FIPS197": 2,
          "FIPS198-1": 2
        },
        "NIST": {
          "SP 800-57": 1
        },
        "PKCS": {
          "PKCS#1": 3
        },
        "RFC": {
          "RFC2246": 6,
          "RFC3268": 3,
          "RFC4253": 1,
          "RFC4279": 7,
          "RFC4346": 3,
          "RFC4492": 1,
          "RFC5116": 3,
          "RFC5246": 6,
          "RFC5288": 4,
          "RFC5487": 9,
          "RFC5489": 1,
          "RFC6655": 7,
          "RFC7251": 1,
          "RFC7296": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 66,
            "AES-": 1,
            "AES-128": 1,
            "AES-192": 1,
            "AES-256": 2
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 2,
            "Triple-DES": 34
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 10,
            "HMAC": 29,
            "HMAC-SHA-256": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {
        "TLS": {
          "TLS_PSK_WITH_3DES_EDE_CBC_SHA": 1,
          "TLS_PSK_WITH_AES_128_CBC_SHA": 1,
          "TLS_PSK_WITH_AES_256_CBC_SHA": 1,
          "TLS_RSA_WITH_3DES_EDE_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20230905211647Z00\u002700\u0027",
      "/Creator": "Word",
      "/ModDate": "D:20230905211647Z00\u002700\u0027",
      "/Producer": "macOS Version 13.3.1 (a) (Build 22E772610a) Quartz PDFContext",
      "/Title": "Microsoft Word - UbuntuOpenSSL-SecurityPolicy.doc",
      "pdf_file_size_bytes": 824593,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 43
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "60825a51ff5c71e0ae1c82d5b4f8b98cb97173d2f2aac56eef66a90a9860a8cf",
    "policy_txt_hash": "96099acc17b6884399fbe650c2f492f61ee5d5581666ae2eff7b9fbca73b21d6"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Sections 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf",
    "date_sunset": "2025-10-08",
    "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Ubuntu 16.04 OpenSSL Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "2.0",
    "tested_conf": [
      "Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon E5 with PAA",
      "Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon E5 without PAA (single-user mode)"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-09-08",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Canonical Ltd.",
    "vendor_url": "http://www.canonical.com"
  }
}