This page was not yet optimized for use on mobile
devices.
Oracle Linux Unbreakable Enterprise Kernel (UEK 4) Cryptographic Module
Known vulnerabilities detected
Our automated heuristics have identified vulnerabilities that may be associated with this certificate. See the CVEs section for details.Certificate #3921
Webpage information
Security policy
Symmetric Algorithms
AES, AES-128, AES-192, AES-256, DES, Triple-DES, TDEA, HMAC, HMAC-SHA-256, HMAC-SHA-512Asymmetric Algorithms
ECDH, ECDSA, DH, DHE, Diffie-HellmanHash functions
SHA-1, SHA-512, SHA-224, SHA-256, SHA-384, PBKDFSchemes
Key ExchangeProtocols
IKEv2, IKE, IPsecRandomness
PRNG, DRBG, RNGLibraries
NSSBlock cipher modes
ECB, CBC, CTR, GCM, CCM, XTSVendor
Huawei, CiscoSecurity level
Level 1, level 1Standards
FIPS 140-2, FIPS 140, FIPS PUB 140-2, FIPS PUB 197, FIPS PUB 198-1, FIPS PUB 186-4, FIPS PUB 180-4, SP 800-38F, NIST SP 800-90A, NIST SP 800-38F, SP 800-90A, NIST SP 800-67, NIST SP 800-131A, PKCS#1, RFC 3686, RFC 4106, RFC 5282, RFC 7296File metadata
| Author | chris brych |
|---|---|
| Creation date | D:20210318114743-07'00' |
| Modification date | D:20210318114743-07'00' |
| Pages | 34 |
| Creator | Microsoft® Word for Microsoft 365 |
| Producer | Microsoft® Word for Microsoft 365 |
References
Outgoing- 3616 - historical - Oracle Linux 7 NSS Cryptographic Module
Heuristics
Automated inference - use with caution
All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.CPE matches
Related CVEs
| ID | Links | Severity | CVSS Score | Published on | ||
|---|---|---|---|---|---|---|
| Base | Exploitability | Impact | ||||
| CVE-2011-2306 | MEDIUM | 5.5 | 4.9 | 18.10.2011 | ||
| CVE-2014-6271 | CRITICAL | 9.8 | 5.9 | 24.09.2014 | ||
| CVE-2014-7169 | CRITICAL | 9.8 | 5.9 | 25.09.2014 | ||
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3921,
"dgst": "a0b44327f2e6365b",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES#C1614",
"KTS#C1618",
"RSA#C1617",
"DRBG#C1617",
"SHS#C1618",
"SHS#C1625",
"DRBG#C1678",
"HMAC#C1617",
"DRBG#C1614",
"DRBG#C1619",
"Triple-DES#C1620",
"RSA#C1618",
"HMAC#C786",
"DRBG#C1618",
"HMAC#C1619",
"DRBG#C1679",
"KTS#C1614",
"SHS#C1617",
"AES#C1678",
"RSA#C1619",
"SHS#C1619",
"Triple-DES#C1616",
"HMAC#C1618",
"KTS#C1615",
"KTS#C1678",
"KTS#C1619",
"RSA#C1625",
"AES#C1615",
"KTS#C1617",
"AES#C1679",
"KTS#C1679",
"HMAC#C1625",
"DRBG#C1625"
]
},
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:o:oracle:linux:4:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"4"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3616"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3616"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"3616"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3616"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3616"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"3616"
]
},
"related_cves": {
"_type": "Set",
"elements": [
"CVE-2014-7169",
"CVE-2014-6271",
"CVE-2011-2306"
]
},
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 1
},
"ECDSA": {
"ECDSA": 1
}
},
"FF": {
"DH": {
"DH": 1,
"DHE": 1,
"Diffie-Hellman": 1
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 3
},
"CTR": {
"CTR": 8
},
"ECB": {
"ECB": 4
},
"GCM": {
"GCM": 7
},
"XTS": {
"XTS": 5
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"NSS": {
"NSS": 8
}
},
"crypto_protocol": {
"IKE": {
"IKE": 1,
"IKEv2": 2
},
"IPsec": {
"IPsec": 2
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 1
}
},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"Acumen": {
"Acumen Security": 1
}
},
"fips_cert_id": {
"Cert": {
"#3616": 2
}
},
"fips_certlike": {
"Certlike": {
"AES-128": 3,
"AES-192": 3,
"AES-256": 3,
"HMAC SHA-512": 3,
"HMAC-SHA-256": 2,
"HMAC-SHA-512": 4,
"HMAC-SHA1": 10,
"HMAC-SHA224": 8,
"HMAC-SHA256": 8,
"HMAC-SHA384": 8,
"HMAC-SHA512": 10,
"PKCS#1": 4,
"SHA (1": 8,
"SHA-1": 16,
"SHA-224": 4,
"SHA-256": 13,
"SHA-384": 12,
"SHA-512": 17
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"level 1": 4
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 1
},
"SHA": {
"SHA1": {
"SHA-1": 16
},
"SHA2": {
"SHA-224": 4,
"SHA-256": 13,
"SHA-384": 12,
"SHA-512": 17
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 14,
"PRNG": 1
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140": 4,
"FIPS 140-2": 28,
"FIPS PUB 140-2": 10,
"FIPS PUB 180-4": 1,
"FIPS PUB 186-4": 1,
"FIPS PUB 197": 1,
"FIPS PUB 198-1": 1
},
"NIST": {
"NIST SP 800-131A": 1,
"NIST SP 800-38F": 1,
"NIST SP 800-67": 1,
"NIST SP 800-90A": 3,
"SP 800-38F": 1,
"SP 800-90A": 4
},
"PKCS": {
"PKCS#1": 2
},
"RFC": {
"RFC 3686": 1,
"RFC 4106": 1,
"RFC 5282": 3,
"RFC 7296": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 16,
"AES-128": 3,
"AES-192": 3,
"AES-256": 3
}
},
"DES": {
"3DES": {
"TDEA": 1,
"Triple-DES": 7
},
"DES": {
"DES": 3
}
},
"constructions": {
"MAC": {
"HMAC": 24,
"HMAC-SHA-256": 1,
"HMAC-SHA-512": 2
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 23
},
"Huawei": {
"Huawei": 7
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "chris brych",
"/CreationDate": "D:20210318114743-07\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20210318114743-07\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"pdf_file_size_bytes": 652438,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.oracle.com/technetwork/server-storage/linux/technologies/uek-overview-2043074.html",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12172",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12168",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12174",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12326",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12207",
"https://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/getPackage/dracut-fips-aesni-033-564.0.7.el7.x86_64.rpm",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12325",
"https://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/getPackage/dracut-fips-033-564.0.7.el7.x86_64.rpm",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12173",
"http://www.oracle.com/",
"https://yum.oracle.com/repo/OracleLinux/OL7/UEKR4/x86_64/getPackage/kernel-uek-4.1.12-124.36.1.el7uek.x86_64.rpm",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12169",
"https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3616.pdf",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Certificate/3616",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12170",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=11140",
"http://csrc.nist.gov/groups/STM/cmvp/index.html",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12171"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 34
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "3b8b04b5c7156715f4f163429c22751bbbdd4ad3e026c7a5e42a32fcc08f731a",
"policy_txt_hash": "1c7ba7affe3d45f4c7005a5f4e86acbb5d3f76fcf2a14fbafd7c3155b0a933bb"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode with module Oracle Linux 7 NSS Cryptographic Library validated to FIPS 140-2 under Cert. #3616 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2021_010621_0658.pdf",
"date_sunset": null,
"description": null,
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A",
"Design Assurance: Level 3",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": null,
"historical_reason": "Moved to historical list due to dependency on certificate #3616",
"hw_versions": null,
"level": 1,
"mentioned_certs": {
"3616": 1
},
"module_name": "Oracle Linux Unbreakable Enterprise Kernel (UEK 4) Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": "R7-4.0.0",
"tested_conf": [
"Oracle Linux 7.6 64 bit running on Oracle Server X7-2 with Intel\u00ae Xeon\u00ae Silver 4114 with PAA",
"Oracle Linux 7.6 64 bit running on Oracle Server X7-2 with Intel\u00ae Xeon\u00ae Silver 4114 without PAA (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2021-05-04",
"lab": "Acumen Security",
"validation_type": "Initial"
}
],
"vendor": "Oracle Corporation",
"vendor_url": "http://www.oracle.com"
}
}