Microsoft Azure Linux OpenSSL Cryptographic Library

Certificate #4496

Webpage information ?

Status active
Validation dates 01.05.2023 , 24.06.2024
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode and installed, initialized and configured as specified in Sections 1 and 8 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy
Exceptions
  • Physical Security: N/A
Description Microsoft Azure Linux OpenSSL Cryptographic Library is a general-purpose, software cryptographic module that implements FIPS 140-2 approved cryptographic algorithms.
Tested configurations
  • Azure Linux 2.0 on Azure Host Hypervisor running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL with PAA
  • Azure Linux 2.0 on Azure Host Hypervisor running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL without PAA (single-user mode)
  • Azure Linux 2.0 running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL with PAA
  • Azure Linux 2.0 running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL without PAA
Vendor Microsoft Corporation
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-128, AES-192, AES-256, CAST, RC2, RC4, RC5, DES, Triple-DES, 3DES, TDEA, IDEA, Camellia, HMAC, HMAC-SHA-256, HMAC-SHA-384, CMAC
Asymmetric Algorithms
ECDSA, ECC, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-224, SHA-256, SHA-512, SHA-384, SHA-2, SHA-3, SHA3-224, SHA3-256, SHA3-384, SHA3-512, MD4, MD5, RIPEMD, PBKDF
Schemes
MAC, Key Agreement, Key agreement
Protocols
SSH, TLS, TLS 1.2
Randomness
DRBG, RNG, RBG
Libraries
OpenSSL
Elliptic Curves
P-256, P-384, P-521, P-224, P-192
Block cipher modes
ECB, CBC, CTR, OFB, GCM, CCM, XTS

Vendor
Microsoft, Microsoft Corporation

Side-channel analysis
timing attacks

Standards
FIPS 140, FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 180-4, FIPS 202, FIPS 198-1, SP 800-132, NIST SP 800-38A, NIST SP 800-38C, NIST SP 800-38D, NIST SP 800-38E, NIST SP 800-38F, NIST SP 800-38B, NIST SP 800-67, NIST SP 800-90A, NIST SP 800-56A, SP 800-56A, NIST SP 800-135, SP 800-135, SP 800-56C, NIST SP 800-56C, NIST SP 800-132, NIST SP 800-90B, SP 800-90A, SP 800-90B, SP 800-38F, SP 800-131A, SP 800-52, SP 800-38A, SP 800-38B, SP 800-38C, NIST SP 800-52, NIST SP 800-131A, PKCS#1, RFC-3961, RFC 7914, RFC5288

File metadata

Author Robert Durff
Creation date D:20240618130429-04'00'
Modification date D:20240618130429-04'00'
Pages 28
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 19.08.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The module_name property was set to Microsoft Azure Linux OpenSSL Cryptographic Library.
  • 04.07.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The validation_history property was updated, with the [[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2024-06-24', 'validation_type': 'Update', 'lab': 'Lightship Security, Inc.'}]] values inserted.
    • The description property was set to Microsoft Azure Linux OpenSSL Cryptographic Library is a general-purpose, software cryptographic module that implements FIPS 140-2 approved cryptographic algorithms..
    • The tested_conf property was set to ['Azure Linux 2.0 on Azure Host Hypervisor running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL with PAA', 'Azure Linux 2.0 on Azure Host Hypervisor running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL without PAA (single-user mode)', 'Azure Linux 2.0 running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL with PAA', 'Azure Linux 2.0 running on an Azure Compute C2030 Server with an Intel® Xeon® Platinum 8272CL without PAA'].

    The PDF extraction data was updated.

    • The keywords property was updated, with the {'fips_certlike': {'__update__': {'Certlike': {'__delete__': ['Certificate SHS']}}}, 'vendor': {'__update__': {'Microsoft': {'__update__': {'Microsoft': 14}}}}} data.
    • The policy_metadata property was updated, with the {'pdf_file_size_bytes': 686003, '/CreationDate': "D:20240618130429-04'00'", '/ModDate': "D:20240618130429-04'00'"} data.

    The state was updated.

    • The policy_pdf_hash property was set to 21361595c15de180fce825d91c9d7237e4d79ccc0f3fa24e1c0fd9c4921b9fc9.
    • The policy_txt_hash property was set to 9b78807ab476659402de6ffbba565d74be97ce3b18e9b2e361aa94321bf649ef.
  • 26.06.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf.
  • 18.05.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4496,
  "dgst": "82ba9b272ce795cd",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHS#A2665",
        "RSA#A2665",
        "SHA-3#A2665",
        "CVL#A2665",
        "KAS-SSC#A2665",
        "KTS#A2665",
        "DRBG#A2665",
        "PBKDF#A2665",
        "Triple-DES#A2665",
        "AES#A2665",
        "DSA#A2665",
        "KAS#A2665",
        "HMAC#A2665",
        "ECDSA#A2665",
        "KDA#A2665"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 4
          },
          "ECDSA": {
            "ECDSA": 16
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 21
          },
          "DSA": {
            "DSA": 24
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 5
        },
        "CCM": {
          "CCM": 5
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 4
        },
        "GCM": {
          "GCM": 10
        },
        "OFB": {
          "OFB": 1
        },
        "XTS": {
          "XTS": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 39
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 4
        },
        "TLS": {
          "TLS": {
            "TLS": 22,
            "TLS 1.2": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 11,
          "Key agreement": 2
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-192": 2,
          "P-224": 8,
          "P-256": 6,
          "P-384": 8,
          "P-521": 10
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "# A2665": 36,
          "AES-128": 1,
          "AES-192": 1,
          "AES-256": 1,
          "Certificate AES": 1,
          "HMAC- SHA-512": 1,
          "HMAC-SHA- 224": 2,
          "HMAC-SHA-1": 4,
          "HMAC-SHA-256": 6,
          "HMAC-SHA-384": 2,
          "HMAC6": 2,
          "PKCS#1": 4,
          "SHA- 384": 2,
          "SHA- 512": 1,
          "SHA-1": 9,
          "SHA-2": 1,
          "SHA-224": 7,
          "SHA-256": 9,
          "SHA-3": 3,
          "SHA-384": 7,
          "SHA-512": 9,
          "SHA3- 224": 1,
          "SHA3-224": 1,
          "SHA3-256": 3,
          "SHA3-384": 2,
          "SHA3-512": 2
        }
      },
      "fips_security_level": {},
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 1
          },
          "MD5": {
            "MD5": 4
          }
        },
        "PBKDF": {
          "PBKDF": 10
        },
        "RIPEMD": {
          "RIPEMD": 1
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 9
          },
          "SHA2": {
            "SHA-2": 1,
            "SHA-224": 7,
            "SHA-256": 9,
            "SHA-384": 7,
            "SHA-512": 9
          },
          "SHA3": {
            "SHA-3": 3,
            "SHA3-224": 1,
            "SHA3-256": 3,
            "SHA3-384": 2,
            "SHA3-512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 12
        },
        "RNG": {
          "RBG": 1,
          "RNG": 3
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attacks": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140": 2,
          "FIPS 140-2": 10,
          "FIPS 180-4": 2,
          "FIPS 186-4": 8,
          "FIPS 197": 2,
          "FIPS 198-1": 2,
          "FIPS 202": 2
        },
        "NIST": {
          "NIST SP 800-131A": 1,
          "NIST SP 800-132": 2,
          "NIST SP 800-135": 4,
          "NIST SP 800-38A": 3,
          "NIST SP 800-38B": 2,
          "NIST SP 800-38C": 1,
          "NIST SP 800-38D": 2,
          "NIST SP 800-38E": 2,
          "NIST SP 800-38F": 5,
          "NIST SP 800-52": 1,
          "NIST SP 800-56A": 6,
          "NIST SP 800-56C": 3,
          "NIST SP 800-67": 3,
          "NIST SP 800-90A": 6,
          "NIST SP 800-90B": 2,
          "SP 800-131A": 1,
          "SP 800-132": 3,
          "SP 800-135": 2,
          "SP 800-38A": 1,
          "SP 800-38B": 1,
          "SP 800-38C": 1,
          "SP 800-38F": 2,
          "SP 800-52": 1,
          "SP 800-56A": 8,
          "SP 800-56C": 2,
          "SP 800-90A": 5,
          "SP 800-90B": 3
        },
        "PKCS": {
          "PKCS#1": 2
        },
        "RFC": {
          "RFC 7914": 1,
          "RFC-3961": 1,
          "RFC5288": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 25,
            "AES-128": 1,
            "AES-192": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 1
          },
          "RC": {
            "RC2": 1,
            "RC4": 1,
            "RC5": 1
          }
        },
        "DES": {
          "3DES": {
            "3DES": 1,
            "TDEA": 1,
            "Triple-DES": 16
          },
          "DES": {
            "DES": 2
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 7,
            "HMAC": 16,
            "HMAC-SHA-256": 3,
            "HMAC-SHA-384": 1
          }
        },
        "miscellaneous": {
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 14,
          "Microsoft Corporation": 30
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Robert Durff",
      "/CreationDate": "D:20240618130429-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20240618130429-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 686003,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://csrc.nist.gov/publications/detail/sp/800-38e/final",
          "https://csrc.nist.gov/publications/detail/fips/202/final",
          "https://csrc.nist.gov/publications/detail/fips/140/2/final",
          "https://csrc.nist.gov/publications/detail/fips/198/1/final",
          "https://csrc.nist.gov/publications/detail/sp/800-90b/final",
          "https://csrc.nist.gov/publications/detail/sp/800-56c/rev-2/final",
          "https://csrc.nist.gov/publications/detail/sp/800-135/rev-1/final",
          "https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation",
          "https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final",
          "https://csrc.nist.gov/publications/detail/sp/800-38a/final",
          "https://csrc.nist.gov/publications/detail/sp/800-38b/final",
          "https://csrc.nist.gov/publications/detail/fips/197/final",
          "https://csrc.nist.gov/publications/detail/fips/180/4/final",
          "https://csrc.nist.gov/publications/detail/sp/800-132/final",
          "https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final",
          "https://csrc.nist.gov/publications/detail/fips/186/4/final",
          "https://csrc.nist.gov/publications/detail/sp/800-38d/final",
          "https://csrc.nist.gov/publications/detail/sp/800-67/rev-2/final",
          "https://standards.globalspec.com/std/1955293/ANSI%20X9.31",
          "https://csrc.nist.gov/publications/detail/sp/800-38f/final",
          "https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final",
          "http://creativecommons.org/licenses/by-nd-nc/1.0/",
          "https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final",
          "https://csrc.nist.gov/publications/detail/sp/800-38c/final"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 28
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "21361595c15de180fce825d91c9d7237e4d79ccc0f3fa24e1c0fd9c4921b9fc9",
    "policy_txt_hash": "9b78807ab476659402de6ffbba565d74be97ce3b18e9b2e361aa94321bf649ef"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Sections 1 and 8 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf",
    "date_sunset": "2026-09-21",
    "description": "Microsoft Azure Linux OpenSSL Cryptographic Library is a general-purpose, software cryptographic module that implements FIPS 140-2 approved cryptographic algorithms.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Microsoft Azure Linux OpenSSL Cryptographic Library",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "2.0",
    "tested_conf": [
      "Azure Linux 2.0 on Azure Host Hypervisor running on an Azure Compute C2030 Server with an Intel\u00ae Xeon\u00ae Platinum 8272CL with PAA",
      "Azure Linux 2.0 on Azure Host Hypervisor running on an Azure Compute C2030 Server with an Intel\u00ae Xeon\u00ae Platinum 8272CL without PAA (single-user mode)",
      "Azure Linux 2.0 running on an Azure Compute C2030 Server with an Intel\u00ae Xeon\u00ae Platinum 8272CL with PAA",
      "Azure Linux 2.0 running on an Azure Compute C2030 Server with an Intel\u00ae Xeon\u00ae Platinum 8272CL without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-05-01",
        "lab": "Lightship Security, Inc.",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-06-24",
        "lab": "Lightship Security, Inc.",
        "validation_type": "Update"
      }
    ],
    "vendor": "Microsoft Corporation",
    "vendor_url": "http://www.microsoft.com"
  }
}