Hewlett Packard Enterprise OpenSSL Cryptographic Module on Red Hat Enterprise Linux

Certificate #4473

Webpage information ?

Status active
Validation dates 14.04.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.
Exceptions
  • Physical Security: N/A
Description The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.
Tested configurations
  • Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216 with PAA
  • Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216 without PAA (single-user mode)
Vendor Aruba, a Hewlett Packard Enterprise Company
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-128, AES-256, AES128, AES256, CAST, CAST5, RC2, RC4, RC5, DES, Triple-DES, TDES, TDEA, ChaCha20, Poly1305, IDEA, Blowfish, Camellia, ARIA, SEED, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-224, CMAC
Asymmetric Algorithms
ECDSA, ECC, Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA-224, SHA-384, SHA-512, SHA-256, SHA384, SHA-3, SHA3-224, SHA3-256, SHA3-384, SHA3-512, BLAKE2, MD4, MD5, RIPEMD, PBKDF
Schemes
MAC, Key Exchange, Key Agreement, Key agreement
Protocols
SSH, TLS, TLS v1.0, TLS 1.3, TLSv1.2, TLSv1.3, IKE, IKEv2
Randomness
PRNG, DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-256, P-521, P-224, P-384, P-192
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

Trusted Execution Environments
SSC

Security level
Level 1, level 1
Side-channel analysis
timing attacks

Standards
FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 180-4, FIPS 202, FIPS 198-1, FIPS186-4, SP 800-38D, SP 800-38A, SP 800-38C, SP 800-38E, SP 800-38F, SP 800-38B, SP 800-67, SP 800-90A, SP 800-135, SP 800-132, SP 800-90B, SP 800-57, NIST SP 800-67, NIST SP 800-38B, NIST SP 800-38C, NIST SP 800-38D, NIST SP 800-38E, NIST SP 800-56A, NIST SP 800-90A, PKCS#1, RFC7919, RFC3526, RFC5288

File metadata

Title FIPS 140-2 Non-proprietary Security Policy
Subject Red Hat Enterprise Linux 7.7 OpenSSL Module
Author Alejandro Fabio Masino
Creation date D:20230224141923-06'00'
Pages 37
Creator Writer
Producer LibreOffice 7.2

References

Outgoing
  • 4271 - active - Red Hat Enterprise Linux 8 OpenSSL Cryptographic Module

Heuristics ?

No heuristics are available for this certificate.

References ?

Updates ?

  • 18.05.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4473,
  "dgst": "aa8e22a09ff2af4e",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "Triple-DES#A1116",
        "ECDSA#A1135",
        "KTS#A1133",
        "PBKDF#A1133",
        "DRBG#A1119",
        "SHA-3#A1127",
        "KAS#A1135",
        "PBKDF#A1127",
        "AES#A1124",
        "AES#A1121",
        "KTS#A1135",
        "SHS#A1133",
        "DSA#A1135",
        "ECDSA#A1133",
        "SHS#A1134",
        "SHS#A1135",
        "AES#A1119",
        "DSA#A1133",
        "PBKDF#A1136",
        "AES#A1139",
        "SHA-3#A1126",
        "KAS#A1134",
        "HMAC#A1127",
        "AES#A1137",
        "AES#A1138",
        "AES#A1131",
        "CVL#A1121",
        "KTS#A1136",
        "CVL#A1134",
        "DSA#A1134",
        "CVL#A1133",
        "ECDSA#A1134",
        "AES#A1118",
        "KAS-SSC#A1135",
        "HMAC#A1134",
        "RSA#A1135",
        "KTS#A1116",
        "AES#A1123",
        "RSA#A1133",
        "HMAC#A1136",
        "CVL#A1123",
        "RSA#A1136",
        "DRBG#A1117",
        "AES#A1141",
        "KAS-SSC#A1134",
        "HMAC#A1133",
        "PBKDF#A1126",
        "SHS#A1136",
        "DRBG#A1118",
        "SHA-3#A1125",
        "AES#A1117",
        "PBKDF#A1125",
        "AES#A1130",
        "CVL#A1136",
        "Triple-DES#A1124",
        "KAS#A1144",
        "AES#A1122",
        "ECDSA#A1136",
        "CVL#A1124",
        "HMAC#A1126",
        "KTS#A1134",
        "HMAC#A1125",
        "KAS#A1133",
        "CVL#A1122",
        "DSA#A1136",
        "HMAC#A1135",
        "Triple-DES#A1122",
        "PBKDF#A1134",
        "RSA#A1134",
        "KAS-SSC#A1133",
        "Triple-DES#A1123",
        "KAS-SSC#A1136",
        "Triple-DES#A1121",
        "KDA#A1120",
        "KBKDF#A1143",
        "AES#A1132",
        "AES#A1140",
        "CVL#A1135",
        "KAS#A1136",
        "PBKDF#A1135",
        "AES#A1142",
        "KAS-SSC#A1144"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4271"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4271"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "4271"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDSA": {
            "ECDSA": 27
          }
        },
        "FF": {
          "DH": {
            "DH": 3,
            "Diffie-Hellman": 53
          },
          "DSA": {
            "DSA": 28
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 7
        },
        "CCM": {
          "CCM": 6
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 5
        },
        "GCM": {
          "GCM": 10
        },
        "OFB": {
          "OFB": 3
        },
        "XTS": {
          "XTS": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 57
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 2,
          "IKEv2": 1
        },
        "SSH": {
          "SSH": 3
        },
        "TLS": {
          "TLS": {
            "TLS": 31,
            "TLS 1.3": 1,
            "TLS v1.0": 1,
            "TLSv1.2": 1,
            "TLSv1.3": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 3,
          "Key agreement": 5
        },
        "KEX": {
          "Key Exchange": 1
        },
        "MAC": {
          "MAC": 3
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-192": 4,
          "P-224": 8,
          "P-256": 8,
          "P-384": 6,
          "P-521": 8
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#4271": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES (128": 1,
          "AES-128": 2,
          "AES-256": 1,
          "AES128": 1,
          "AES256": 1,
          "HMAC SHA-256": 2,
          "HMAC- SHA-1": 1,
          "HMAC- SHA-224": 1,
          "HMAC-SHA-1": 4,
          "HMAC-SHA-224": 2,
          "HMAC-SHA-256": 10,
          "HMAC-SHA-384": 6,
          "HMAC-SHA-512": 4,
          "PKCS#1": 8,
          "SHA-1": 10,
          "SHA-224": 5,
          "SHA-256": 18,
          "SHA-3": 1,
          "SHA-384": 4,
          "SHA-512": 7,
          "SHA2-256": 1,
          "SHA3- 256": 1,
          "SHA3-224": 2,
          "SHA3-256": 2,
          "SHA3-384": 2,
          "SHA3-512": 4,
          "SHA384": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 5
        }
      },
      "hash_function": {
        "BLAKE": {
          "BLAKE2": 1
        },
        "MD": {
          "MD4": {
            "MD4": 1
          },
          "MD5": {
            "MD5": 2
          }
        },
        "PBKDF": {
          "PBKDF": 14
        },
        "RIPEMD": {
          "RIPEMD": 1
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 10
          },
          "SHA2": {
            "SHA-224": 7,
            "SHA-256": 17,
            "SHA-384": 3,
            "SHA-512": 7,
            "SHA384": 1
          },
          "SHA3": {
            "SHA-3": 2,
            "SHA3-224": 2,
            "SHA3-256": 2,
            "SHA3-384": 2,
            "SHA3-512": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 22,
          "PRNG": 1
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attacks": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 49,
          "FIPS 180-4": 2,
          "FIPS 186-4": 8,
          "FIPS 197": 4,
          "FIPS 198-1": 2,
          "FIPS 202": 1,
          "FIPS186-4": 2
        },
        "NIST": {
          "NIST SP 800-38B": 1,
          "NIST SP 800-38C": 1,
          "NIST SP 800-38D": 1,
          "NIST SP 800-38E": 1,
          "NIST SP 800-56A": 1,
          "NIST SP 800-67": 1,
          "NIST SP 800-90A": 1,
          "SP 800-132": 2,
          "SP 800-135": 3,
          "SP 800-38A": 2,
          "SP 800-38B": 2,
          "SP 800-38C": 1,
          "SP 800-38D": 1,
          "SP 800-38E": 2,
          "SP 800-38F": 1,
          "SP 800-57": 1,
          "SP 800-67": 2,
          "SP 800-90A": 7,
          "SP 800-90B": 1
        },
        "PKCS": {
          "PKCS#1": 4
        },
        "RFC": {
          "RFC3526": 3,
          "RFC5288": 1,
          "RFC7919": 4
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 37,
            "AES-128": 2,
            "AES-256": 1,
            "AES128": 1,
            "AES256": 1
          },
          "CAST": {
            "CAST": 1,
            "CAST5": 1
          },
          "RC": {
            "RC2": 1,
            "RC4": 1,
            "RC5": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 1,
            "Triple-DES": 21
          },
          "DES": {
            "DES": 2
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 9,
            "HMAC": 23,
            "HMAC-SHA-224": 1,
            "HMAC-SHA-256": 5,
            "HMAC-SHA-384": 3,
            "HMAC-SHA-512": 2
          }
        },
        "djb": {
          "ChaCha": {
            "ChaCha20": 2
          },
          "Poly": {
            "Poly1305": 1
          }
        },
        "miscellaneous": {
          "ARIA": {
            "ARIA": 1
          },
          "Blowfish": {
            "Blowfish": 1
          },
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 1
          },
          "SEED": {
            "SEED": 1
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 3
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Alejandro Fabio Masino",
      "/CreationDate": "D:20230224141923-06\u002700\u0027",
      "/Creator": "Writer",
      "/Producer": "LibreOffice 7.2",
      "/Subject": "Red Hat Enterprise Linux 7.7 OpenSSL Module",
      "/Title": "FIPS 140-2 Non-proprietary Security Policy",
      "pdf_file_size_bytes": 347749,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
          "http://webstore.ansi.org/FindStandards.aspx?Action=displaydept\u0026DeptID=80\u0026Acro=X9\u0026DpName=X9,%20Inc.",
          "https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
          "https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402DTR.pdf",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program/standards",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "mailto:[email protected]",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf",
          "http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.52%3A1998",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 37
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "0c7addd96cadb5f5dc4062d3b46412478f6c3a2372401bd151e6f605a60d12c2",
    "policy_txt_hash": "8d37f62e88fcad00ea16eb393413a32c2f08fcd89ad231e39dff1c3e00e78a0a"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/April 2023_010523_0646.pdf",
    "date_sunset": "2026-09-21",
    "description": "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Hewlett Packard Enterprise OpenSSL Cryptographic Module on Red Hat Enterprise Linux",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "rhel8.20210325",
    "tested_conf": [
      "Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216 with PAA",
      "Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216 without PAA (single-user mode)"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-04-14",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Aruba, a Hewlett Packard Enterprise Company",
    "vendor_url": "http://www.arubanetworks.com/"
  }
}