Hewlett Packard Enterprise OpenSSL Cryptographic Module on Ubuntu Linux

Certificate #4617

Webpage information ?

Status active
Validation dates 28.09.2023
Sunset date 11-07-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode. The module generates keys whose strengths are modified by available entropy
Exceptions
  • Physical Security: N/A
Description OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.
Tested configurations
  • Ubuntu 18.04 LTS 64-bit running on HPE Proliant DL360 with Intel Xeon Gold 6138 with PAA
  • Ubuntu 18.04 LTS 64-bit running on HPE Proliant DL360 with Intel Xeon Gold 6138 without PAA (single-user mode)
  • Ubuntu 18.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon CPU E5-2620v3 with PAA
  • Ubuntu 18.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon CPU E5-2620v3 without PAA
Vendor Aruba, a Hewlett Packard Enterprise Company
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-128, AES-192, AES-256, CAST, CAST5, RC2, RC4, DES, Triple-DES, TDES, TDEA, ChaCha20, Poly1305, Blowfish, Camellia, ARIA, SM4, SEED, HMAC, HMAC-SHA-256, CMAC
Asymmetric Algorithms
ECDSA, ECC, Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, SHA3, SHAKE128, SHAKE256, Blake2, MD4, MD5, PBKDF2
Schemes
MAC, Key Exchange, Key Agreement
Protocols
SSH, SSLv2.0, SSL v3.0, TLS, TLS v1.0, TLS v1.3, TLSv1.2, TLSv1.0, TLSv1.3, DTLS, IKE, IKEv2
Randomness
PRNG, DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-224, P-256, P-384, P-521, P-192, B-233, B-283, B-409, B-571, K-283, K-409, K-571, K-163, K-233, B-163
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS
TLS cipher suites
TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA

JavaCard API constants
SM2
Trusted Execution Environments
SSC

Security level
Level 1, level 1
Side-channel analysis
Timing Attacks, timing attacks, Timing Attack

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS197, FIPS186-4, FIPS202, FIPS180-4, FIPS198-1, FIPS 198-1, FIPS 186-4, FIPS140-2, SP 800-135, SP 800-56A, SP 800-57, SP 800-90A, PKCS#1, RFC2246, RFC4346, RFC 7919, RFC3526, RFC 3526, RFC5288, RFC5246, RFC4253, RFC7296, RFC3268, RFC5116, RFC6655, RFC7251, RFC4279, RFC5487, RFC5489, RFC4492

File metadata

Creation date D:20230921235917Z00'00'
Modification date D:20230921235917Z00'00'
Pages 49
Producer macOS Version 12.6.5 (Build 21G531) Quartz PDFContext

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 01.11.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4617,
  "dgst": "d6da8b1e3b2432e1",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "DRBG#A4099",
        "KTS#A823",
        "CVL#A822",
        "KAS#A4132",
        "AES#A833",
        "AES#A826",
        "KAS-SSC#A4126",
        "KAS-SSC#A823",
        "KTS#A824",
        "KAS-SSC#A822",
        "SHS#A824",
        "AES#A4114",
        "KAS-SSC#A4124",
        "HMAC#A823",
        "HMAC#A816",
        "ECDSA#A821",
        "KAS-SSC#A824",
        "AES#A4117",
        "AES#A4122",
        "KTS#A822",
        "RSA#A824",
        "AES#A817",
        "HMAC#A4125",
        "AES#A831",
        "ECDSA#A4124",
        "HMAC#A4123",
        "SHS#A823",
        "CVL#A821",
        "KAS#A4126",
        "AES#A818",
        "KTS#A820",
        "AES#A4116",
        "AES#A4097",
        "HMAC#A4101",
        "KAS#A822",
        "SHS#A4123",
        "DSA#A822",
        "SHS#A4126",
        "DSA#A4126",
        "AES#A830",
        "AES#A832",
        "SHA-3#A814",
        "KAS#A824",
        "RSA#A822",
        "DSA#A823",
        "ECDSA#A4125",
        "KAS-SSC#A4123",
        "DSA#A4123",
        "DSA#A4124",
        "Triple-DES#A4127",
        "SHA-3#A816",
        "KTS#A4126",
        "KTS#A4124",
        "SHS#A821",
        "HMAC#A814",
        "DRBG#A817",
        "CVL#A4123",
        "SHS#A4125",
        "AES#A825",
        "KTS#A4127",
        "KAS#A4124",
        "RSA#A823",
        "AES#A4121",
        "HMAC#A824",
        "DRBG#A4098",
        "HMAC#A4126",
        "KTS#A4123",
        "RSA#A4123",
        "SHA-3#A4102",
        "KAS-SSC#A821",
        "RSA#A4125",
        "RSA#A4124",
        "ECDSA#A4126",
        "AES#A4115",
        "KAS#A4125",
        "DRBG#A818",
        "SHS#A822",
        "AES#A827",
        "ECDSA#A823",
        "CVL#A4125",
        "KTS#A4125",
        "HMAC#A815",
        "KAS#A834",
        "KAS-SSC#A4132",
        "HMAC#A4124",
        "RSA#A821",
        "KAS#A821",
        "HMAC#A822",
        "AES#A4120",
        "KAS-SSC#A834",
        "KAS#A823",
        "CVL#A4124",
        "DRBG#A819",
        "AES#A4098",
        "HMAC#A4100",
        "SHA-3#A815",
        "AES#A4099",
        "DSA#A821",
        "Triple-DES#A820",
        "HMAC#A4102",
        "AES#A828",
        "SHS#A4124",
        "AES#A4118",
        "HMAC#A821",
        "AES#A4119",
        "SHA-3#A4101",
        "ECDSA#A4123",
        "CVL#A824",
        "KTS#A821",
        "CVL#A823",
        "ECDSA#A824",
        "KAS-SSC#A4125",
        "AES#A819",
        "CVL#A4126",
        "AES#A829",
        "DRBG#A4097",
        "DSA#A4125",
        "KAS#A4123",
        "RSA#A4126",
        "DSA#A824",
        "ECDSA#A822",
        "SHA-3#A4100"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 4
          },
          "ECDSA": {
            "ECDSA": 24
          }
        },
        "FF": {
          "DH": {
            "DH": 3,
            "Diffie-Hellman": 36
          },
          "DSA": {
            "DSA": 34
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 7
        },
        "CCM": {
          "CCM": 5
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 7
        },
        "GCM": {
          "GCM": 12
        },
        "OFB": {
          "OFB": 3
        },
        "XTS": {
          "XTS": 7
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 76
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 4,
          "IKEv2": 1
        },
        "SSH": {
          "SSH": 1
        },
        "TLS": {
          "DTLS": {
            "DTLS": 2
          },
          "SSL": {
            "SSL v3.0": 1,
            "SSLv2.0": 1
          },
          "TLS": {
            "TLS": 69,
            "TLS v1.0": 2,
            "TLS v1.3": 1,
            "TLSv1.0": 1,
            "TLSv1.2": 2,
            "TLSv1.3": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 6
        },
        "KEX": {
          "Key Exchange": 1
        },
        "MAC": {
          "MAC": 8
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-163": 2,
          "B-233": 5,
          "B-283": 5,
          "B-409": 5,
          "B-571": 5,
          "K-163": 2,
          "K-233": 2,
          "K-283": 5,
          "K-409": 5,
          "K-571": 5,
          "P-192": 4,
          "P-224": 8,
          "P-256": 14,
          "P-384": 10,
          "P-521": 10
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 51
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-128": 1,
          "AES-192": 1,
          "AES-256": 2,
          "HMAC SHA-1": 2,
          "HMAC-SHA-256": 2,
          "PKCS#1": 6,
          "SHA-1": 16,
          "SHA-224": 10,
          "SHA-256": 25,
          "SHA-3": 2,
          "SHA-384": 14,
          "SHA-512": 10,
          "SHA-512 1024": 2,
          "SHA-512 160": 1,
          "SHA-512 2048": 2,
          "SHA3": 3,
          "SHA3-224": 6,
          "SHA3-256": 8,
          "SHA3-384": 7,
          "SHA3-512": 5,
          "SHA3-512 1024": 1,
          "SHA3-512 2048": 1,
          "SHA3-512 224": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 2
        }
      },
      "hash_function": {
        "BLAKE": {
          "Blake2": 2
        },
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 7
          }
        },
        "PBKDF": {
          "PBKDF2": 3
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 16
          },
          "SHA2": {
            "SHA-224": 13,
            "SHA-256": 24,
            "SHA-384": 14,
            "SHA-512": 15
          },
          "SHA3": {
            "SHA-3": 2,
            "SHA3": 3,
            "SHA3-224": 6,
            "SHA3-256": 8,
            "SHA3-384": 7,
            "SHA3-512": 8
          }
        },
        "SHAKE": {
          "SHAKE128": 1,
          "SHAKE256": 1
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "SM2": 3
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 30,
          "PRNG": 1
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "Timing Attack": 1,
          "Timing Attacks": 2,
          "timing attacks": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 59,
          "FIPS 186-4": 2,
          "FIPS 198-1": 2,
          "FIPS PUB 140-2": 2,
          "FIPS140-2": 1,
          "FIPS180-4": 5,
          "FIPS186-4": 7,
          "FIPS197": 2,
          "FIPS198-1": 3,
          "FIPS202": 4
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-56A": 1,
          "SP 800-57": 1,
          "SP 800-90A": 1
        },
        "PKCS": {
          "PKCS#1": 3
        },
        "RFC": {
          "RFC 3526": 1,
          "RFC 7919": 2,
          "RFC2246": 6,
          "RFC3268": 7,
          "RFC3526": 2,
          "RFC4253": 1,
          "RFC4279": 10,
          "RFC4346": 3,
          "RFC4492": 1,
          "RFC5116": 5,
          "RFC5246": 8,
          "RFC5288": 8,
          "RFC5487": 13,
          "RFC5489": 6,
          "RFC6655": 13,
          "RFC7251": 5,
          "RFC7296": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 61,
            "AES-128": 1,
            "AES-192": 1,
            "AES-256": 2
          },
          "CAST": {
            "CAST": 2,
            "CAST5": 2
          },
          "RC": {
            "RC2": 2,
            "RC4": 2
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 2,
            "Triple-DES": 34
          },
          "DES": {
            "DES": 6
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 7,
            "HMAC": 25,
            "HMAC-SHA-256": 1
          }
        },
        "djb": {
          "ChaCha": {
            "ChaCha20": 2
          },
          "Poly": {
            "Poly1305": 2
          }
        },
        "miscellaneous": {
          "ARIA": {
            "ARIA": 2
          },
          "Blowfish": {
            "Blowfish": 2
          },
          "Camellia": {
            "Camellia": 2
          },
          "SEED": {
            "SEED": 2
          },
          "SM4": {
            "SM4": 2
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 2
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": 1,
          "TLS_DHE_DSS_WITH_AES_128_CBC_SHA": 1,
          "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256": 1,
          "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256": 1,
          "TLS_DHE_DSS_WITH_AES_256_CBC_SHA": 1,
          "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256": 1,
          "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384": 1,
          "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_PSK_WITH_3DES_EDE_CBC_SHA": 1,
          "TLS_PSK_WITH_AES_128_CBC_SHA": 1,
          "TLS_PSK_WITH_AES_256_CBC_SHA": 1,
          "TLS_RSA_WITH_3DES_EDE_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20230921235917Z00\u002700\u0027",
      "/ModDate": "D:20230921235917Z00\u002700\u0027",
      "/Producer": "macOS Version 12.6.5 (Build 21G531) Quartz PDFContext",
      "pdf_file_size_bytes": 813381,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
          "https://www.ietf.org/rfc/rfc5116.txt",
          "https://www.ietf.org/rfc/rfc4492.txt",
          "http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf",
          "https://tools.ietf.org/html/rfc5489.txt",
          "https://tools.ietf.org/html/rfc6655.txt",
          "https://www.ietf.org/rfc/rfc2246.txt",
          "https://tools.ietf.org/html/rfc5487.txt",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
          "http://www.ietf.org/rfc/rfc3447.txt",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://www.ietf.org/rfc/rfc3268.txt",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
          "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
          "https://tools.ietf.org/html/rfc5246.txt",
          "http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "https://tools.ietf.org/html/rfc7251.txt",
          "http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
          "http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf",
          "http://www.atsec.com/",
          "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "https://www.arubanetworks.com/",
          "https://www.ietf.org/rfc/rfc4346.txt",
          "https://tools.ietf.org/html/rfc5288.txt",
          "https://www.ietf.org/rfc/rfc4279.txt",
          "http://man7.org/linux/man-pages/",
          "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 49
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "5fe2885ecac8f9cb39c69af7f4701ab7a3ea027da0c25f178a08db52459d39f6",
    "policy_txt_hash": "1e60a13d56a520ac1ca1abb1f3f090d3460d0fb44c2e14e4941dd0077cfa5c17"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. The module generates keys whose strengths are modified by available entropy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf",
    "date_sunset": "2026-07-11",
    "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Hewlett Packard Enterprise OpenSSL Cryptographic Module on Ubuntu Linux",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "2.1",
    "tested_conf": [
      "Ubuntu 18.04 LTS 64-bit running on HPE Proliant DL360 with Intel Xeon Gold 6138 with PAA",
      "Ubuntu 18.04 LTS 64-bit running on HPE Proliant DL360 with Intel Xeon Gold 6138 without PAA (single-user mode)",
      "Ubuntu 18.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon CPU E5-2620v3 with PAA",
      "Ubuntu 18.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon CPU E5-2620v3 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-09-28",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Aruba, a Hewlett Packard Enterprise Company",
    "vendor_url": "http://www.arubanetworks.com/"
  }
}