This page was not yet optimized for use on mobile
devices.
Chainguard FIPS Provider for OpenSSL
Certificate #5132
Webpage information
Security policy
Symmetric Algorithms
AES, AES-256, CAST, HMAC, KMAC, CBC-MAC, CMACAsymmetric Algorithms
ECDH, ECDSA, EdDSA, ECC, DH, Diffie-HellmanHash functions
SHA-1, SHA1, SHA-3, SHA3-224, SHA3-256, SHA3-384, SHA3-512, Keccak, SHAKE128, SHAKE256, PBKDF2, PBKDFSchemes
MAC, Key Exchange, Key AgreementProtocols
SSH, TLS v1.2, TLS v1.3, TLS 1.2, TLS 1.3, TLS, IKERandomness
DRBG, RNG, RBGLibraries
OpenSSLElliptic Curves
P-192, P-256, P-384, P-521, curve P-192, P-224, Ed25519, Ed448Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSJavaCard API constants
X25519, X448Trusted Execution Environments
PSP, SSCVendor
BroadcomSecurity level
Level 1Standards
FIPS 140-3, FIPS186-5, FIPS 186-5, FIPS186-4, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS PUB 140-3, FIPS 197, SP 800-132, SP 800-38A, SP 800-38C, SP 800-38B, SP 800-38D, SP 800-38F, SP 800-38E, SP 800-90A, SP 800-56A, SP 800-56C, SP 800-135, SP 800-108, SP 800-185, SP 800-56B, SP 800-90B, PKCS#1, RFC7627, RFC 8446, RFC 5288, RFC8446, RFC 4253, RFC 6668, RFC 3526, RFC 7919, ISO/IEC 24759, ISO/IEC 19790File metadata
| Author | Quin Darcy |
|---|---|
| Creation date | D:20260112124424-05'00' |
| Modification date | D:20260112124424-05'00' |
| Pages | 97 |
| Creator | Microsoft® Word for Microsoft 365 |
| Producer | Microsoft® Word for Microsoft 365 |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 5132,
"dgst": "a77b3237cb73acfb",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": []
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 6
},
"ECDSA": {
"ECDSA": 58
},
"EdDSA": {
"EdDSA": 62
}
},
"FF": {
"DH": {
"DH": 40,
"Diffie-Hellman": 5
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 1
},
"CCM": {
"CCM": 1
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 1
},
"GCM": {
"GCM": 11
},
"OFB": {
"OFB": 1
},
"XTS": {
"XTS": 7
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 103
}
},
"crypto_protocol": {
"IKE": {
"IKE": 6
},
"SSH": {
"SSH": 21
},
"TLS": {
"TLS": {
"TLS": 21,
"TLS 1.2": 14,
"TLS 1.3": 11,
"TLS v1.2": 5,
"TLS v1.3": 5
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 6
},
"KEX": {
"Key Exchange": 3
},
"MAC": {
"MAC": 26
}
},
"device_model": {},
"ecc_curve": {
"Edwards": {
"Ed25519": 6,
"Ed448": 4
},
"NIST": {
"P-192": 17,
"P-224": 12,
"P-256": 8,
"P-384": 12,
"P-521": 10,
"curve P-192": 1
}
},
"eval_facility": {
"atsec": {
"atsec": 99
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES-256": 2,
"DRBG 128": 1,
"HMAC-SHA-1": 4,
"PKCS#1": 6,
"SHA-1": 14,
"SHA-3": 13,
"SHA1": 1,
"SHA2- 224": 1,
"SHA2- 256": 2,
"SHA2-224": 7,
"SHA2-256": 9,
"SHA2-384": 3,
"SHA2-512": 6,
"SHA3-224": 1,
"SHA3-256": 4,
"SHA3-384": 1,
"SHA3-512": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 3
}
},
"hash_function": {
"Keccak": {
"Keccak": 1
},
"PBKDF": {
"PBKDF": 11,
"PBKDF2": 10
},
"SHA": {
"SHA1": {
"SHA-1": 14,
"SHA1": 1
},
"SHA3": {
"SHA-3": 13,
"SHA3-224": 1,
"SHA3-256": 4,
"SHA3-384": 1,
"SHA3-512": 1
}
},
"SHAKE": {
"SHAKE128": 1,
"SHAKE256": 1
}
},
"ic_data_group": {},
"javacard_api_const": {
"curves": {
"X25519": 2,
"X448": 2
}
},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 50
},
"RNG": {
"RBG": 2,
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 109,
"FIPS 180-4": 9,
"FIPS 186-4": 7,
"FIPS 186-5": 27,
"FIPS 197": 1,
"FIPS 198-1": 13,
"FIPS 202": 9,
"FIPS PUB 140-3": 1,
"FIPS186-4": 6,
"FIPS186-5": 32
},
"ISO": {
"ISO/IEC 19790": 2,
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-108": 2,
"SP 800-132": 8,
"SP 800-135": 5,
"SP 800-185": 3,
"SP 800-38A": 12,
"SP 800-38B": 2,
"SP 800-38C": 3,
"SP 800-38D": 5,
"SP 800-38E": 4,
"SP 800-38F": 2,
"SP 800-56A": 5,
"SP 800-56B": 1,
"SP 800-56C": 3,
"SP 800-90A": 4,
"SP 800-90B": 3
},
"PKCS": {
"PKCS#1": 3
},
"RFC": {
"RFC 3526": 3,
"RFC 4253": 1,
"RFC 5288": 3,
"RFC 6668": 1,
"RFC 7919": 3,
"RFC 8446": 3,
"RFC7627": 3,
"RFC8446": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 50,
"AES-256": 2
},
"CAST": {
"CAST": 53
}
},
"constructions": {
"MAC": {
"CBC-MAC": 1,
"CMAC": 1,
"HMAC": 22,
"KMAC": 17
}
}
},
"tee_name": {
"AMD": {
"PSP": 8
},
"IBM": {
"SSC": 6
}
},
"tls_cipher_suite": {},
"vendor": {
"Broadcom": {
"Broadcom": 1
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Quin Darcy",
"/CreationDate": "D:20260112124424-05\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_ActionId": "b6b81c7b-f55b-4b1d-93a6-8c5b0f86d31c",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_ContentBits": "1",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Enabled": "true",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Method": "Privileged",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Name": "UNCLASSIFIED",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_SetDate": "2026-01-12T17:36:23Z",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_SiteId": "da9cbe40-ec1e-4997-afb3-17d87574571a",
"/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Tag": "10, 0, 1, 1",
"/ModDate": "D:20260112124424-05\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"pdf_file_size_bytes": 1366651,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://doi.org/10.6028/NIST.FIPS.197-upd1",
"https://www.ietf.org/rfc/rfc8446.txt",
"https://doi.org/10.6028/NIST.FIPS.186-5",
"https://doi.org/10.6028/NIST.FIPS.180-4",
"https://doi.org/10.6028/NIST.FIPS.202",
"http://www.ietf.org/rfc/rfc3447.txt",
"http://www.atsec.com/",
"https://doi.org/10.6028/NIST.SP.800-133r2",
"https://doi.org/10.6028/NIST.SP.800-108r1-upd1",
"https://doi.org/10.6028/NIST.SP.800-90B",
"https://doi.org/10.6028/NIST.SP.800-90Ar1",
"https://doi.org/10.6028/NIST.SP.800-131Ar2",
"https://doi.org/10.6028/NIST.FIPS.198-1",
"https://www.ietf.org/rfc/rfc5288.txt",
"https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf",
"https://webstore.ansi.org/standards/ascx9/ansix9632001",
"https://www.ietf.org/rfc/rfc3526.txt",
"https://doi.org/10.6028/NIST.SP.800-140Br1",
"https://www.ietf.org/rfc/rfc7919.txt",
"https://webstore.ansi.org/standards/ascx9/ansix9422001"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 97
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "cc718b6e1ca0eaa7655ba085bec16a09320cf8f76234e0c5d8ce620470a0ecc8",
"policy_txt_hash": "91064c727a7111704a29a564db54c648a38c66ac5589fa7a8a9f2262704fe6ce"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.",
"certificate_pdf_url": null,
"date_sunset": "2031-01-13",
"description": "The Chainguard FIPS Provider for OpenSSL is defined as a software module in a multi-chip standalone embodiment. It provides a C language application program interface (API) for use by other applications that require cryptographic functionality. The module consists of one software component, the \u201cFIPS provider\u201d, which implements FIPS requirements, and the cryptographic functionality provided to the operator.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Chainguard FIPS Provider for OpenSSL",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2026-01-14",
"lab": "atsec information security corporation",
"validation_type": "Initial"
}
],
"vendor": "Chainguard, Inc.",
"vendor_url": "http://chainguard.dev"
}
}