Red Hat Enterprise Linux 9 libgcrypt

Certificate #4754

Webpage information ?

Status active
Validation dates 09.08.2024
Sunset date 08-08-2026
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Red Hat Enterprise Linux 9 libgcrypt is a software library implementing general purpose cryptographic algorithms
Tested configurations
  • Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel(R) Xeon(R) Silver 4216 with PAA
  • Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel(R) Xeon(R) Silver 4216 without PAA
  • Red Hat Enterprise Linux 9 running on IBM z16 3931-A01 with IBM z16 with PAI
  • Red Hat Enterprise Linux 9 running on IBM z16 3931-A01 with IBM z16 without PAI
  • Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 running on IBM 9080-HEX with IBM POWER10 with PAA
  • Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 running on IBM 9080-HEX with IBM POWER10 without PAA
Vendor Red Hat(R), Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES-128, AES-192, AES-256, AES, AES-, CAST, HMAC, HMAC-SHA-256, CMAC
Asymmetric Algorithms
ECDH, ECDSA, ECC
Hash functions
SHA-1, SHA-256, SHA-512, SHA-384, SHA-224, SHA-2, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, MD5, PBKDF, PBKDF2
Schemes
MAC
Randomness
DRBG, RNG, RBG
Libraries
libgcrypt
Elliptic Curves
P-224, P-256, P-384, P-521
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

Trusted Execution Environments
PSP

Security level
Level 1
Side-channel analysis
timing attacks, Fault Induction

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS186-4, FIPS 186-4, FIPS 198-1, FIPS186-2, FIPS 180-4, FIPS 202, FIPS 186-2, FIPS140-3, FIPS180-4, FIPS197, FIPS198-1, FIPS202, SP 800-38A, SP 800-38C, SP 800-38B, SP 800-38F, SP 800-38E, SP 800-90A, SP 800-132, PKCS 1, PKCS#1

File metadata

Title 140sp-new
Creation date D:20240807190214Z00'00'
Modification date D:20240807190214Z00'00'
Pages 86
Creator Word
Producer macOS Version 13.3.1 (a) (Build 22E772610a) Quartz PDFContext

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 09.09.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf.
  • 19.08.2024 The certificate data changed.
    Certificate changed

    The PDF extraction data was updated.

    • The keywords property was set to {'fips_cert_id': {}, 'fips_security_level': {'Level': {'Level 1': 2}}, 'fips_certlike': {'Certlike': {'HMAC-SHA-256': 6, 'HMAC-SHA-1': 30, 'HMAC-SHA- 1': 12, 'SHA2-224': 37, 'SHA2-256': 97, 'SHA2- 384': 9, 'SHA2-512': 57, 'SHA3-224': 24, 'SHA3-256': 25, 'SHA3-384': 23, 'SHA3-512': 25, 'SHA-1': 51, 'SHA2-384': 29, 'SHA-256': 5, 'SHA-512': 4, 'SHA- 256': 3, 'SHA-384': 4, 'SHA- 512': 3, 'SHA2- 256': 6, 'SHA-224': 1, 'SHA- 224': 1, 'SHA- 384': 1, 'SHA3- 384': 1, 'SHA-2': 3, 'SHA-3': 4, '- PKCS 1': 15, 'PKCS#1': 32, 'AES-128': 4, 'AES-192': 5, 'AES-256': 5, 'PKCS 1': 15}}, 'vendor': {}, 'eval_facility': {'atsec': {'atsec': 87}}, 'symmetric_crypto': {'AES_competition': {'AES': {'AES-128': 4, 'AES-192': 5, 'AES-256': 5, 'AES': 46, 'AES-': 7}, 'CAST': {'CAST': 277}}, 'constructions': {'MAC': {'HMAC': 35, 'HMAC-SHA-256': 3, 'CMAC': 8}}}, 'asymmetric_crypto': {'ECC': {'ECDH': {'ECDH': 3}, 'ECDSA': {'ECDSA': 133}, 'ECC': {'ECC': 1}}}, 'pq_crypto': {}, 'hash_function': {'SHA': {'SHA1': {'SHA-1': 51}, 'SHA2': {'SHA-256': 5, 'SHA-512': 4, 'SHA-384': 4, 'SHA-224': 1, 'SHA-2': 3}, 'SHA3': {'SHA3-224': 24, 'SHA3-256': 25, 'SHA3-384': 23, 'SHA3-512': 25, 'SHA-3': 4}}, 'MD': {'MD5': {'MD5': 2}}, 'PBKDF': {'PBKDF': 36, 'PBKDF2': 2}}, 'crypto_scheme': {'MAC': {'MAC': 14}}, 'crypto_protocol': {}, 'randomness': {'PRNG': {'DRBG': 103}, 'RNG': {'RNG': 2, 'RBG': 3}}, 'cipher_mode': {'ECB': {'ECB': 1}, 'CBC': {'CBC': 1}, 'CTR': {'CTR': 1}, 'CFB': {'CFB': 1}, 'OFB': {'OFB': 1}, 'GCM': {'GCM': 1}, 'CCM': {'CCM': 5}, 'XTS': {'XTS': 9}}, 'ecc_curve': {'NIST': {'P-224': 44, 'P-256': 84, 'P-384': 52, 'P-521': 54}}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {'libgcrypt': {'libgcrypt': 97}}, 'vulnerability': {}, 'side_channel_analysis': {'SCA': {'timing attacks': 2}, 'FI': {'Fault Induction': 2}}, 'device_model': {}, 'tee_name': {'AMD': {'PSP': 2}}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'FIPS': {'FIPS 140-3': 93, 'FIPS PUB 140-3': 2, 'FIPS186-4': 107, 'FIPS 186-4': 45, 'FIPS 198-1': 48, 'FIPS186-2': 11, 'FIPS 180-4': 40, 'FIPS 202': 18, 'FIPS 186-2': 4, 'FIPS140-3': 1, 'FIPS180-4': 1, 'FIPS197': 1, 'FIPS198-1': 1, 'FIPS202': 1}, 'NIST': {'SP 800-38A': 34, 'SP 800-38C': 4, 'SP 800-38B': 4, 'SP 800-38F': 4, 'SP 800-38E': 6, 'SP 800-90A': 14, 'SP 800-132': 5}, 'PKCS': {'PKCS 1': 15, 'PKCS#1': 16}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}.
    • The policy_metadata property was set to {'pdf_file_size_bytes': 1053208, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 86, '/Title': '140sp-new', '/Producer': 'macOS Version 13.3.1 (a) (Build 22E772610a) Quartz PDFContext', '/Creator': 'Word', '/CreationDate': "D:20240807190214Z00'00'", '/ModDate': "D:20240807190214Z00'00'", 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}.

    The state was updated.

    • The policy_download_ok property was set to True.
    • The policy_convert_ok property was set to True.
    • The policy_pdf_hash property was set to 83807ceefc2fcb18bc8b95b51baa30d4f4defcff15e044f641c25ccb8681cf08.
    • The policy_txt_hash property was set to 612baea07f00c61444cf91db2c93013c55d59201496d2a729bb4c74395369e9e.
  • 12.08.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4754,
  "dgst": "8faa834d6d1f19e0",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHA2-384A3762",
        "HMAC-SHA2-224A3762",
        "HMAC-SHA2-512A3762",
        "AES-CMACA3762",
        "AES-OFBA3762",
        "AES-ECBA4676",
        "Counter DRBGA3762",
        "SHAKE-128A3762",
        "SHA2-224A3762",
        "ECDSA SigVer (FIPS186-4)A3762",
        "SHA3-512A3762",
        "SHA2-512A4676",
        "SHA2-512/224A3762",
        "SHA3-224A3762",
        "AES-CBCA4676",
        "HMAC-SHA-1A3762",
        "RSA SigVer (FIPS186-4)A3762",
        "AES-CCMA3762",
        "ECDSA SigGen (FIPS186-4)A3762",
        "Hash DRBGA3762",
        "ECDSA KeyVer (FIPS186-4)A3762",
        "AES-KWA3762",
        "SHA2-512/256A3762",
        "SHA3-384A3762",
        "HMAC-SHA2-512/224A3762",
        "HMAC-SHA3-256A3762",
        "RSA KeyGen (FIPS186-4)A3762",
        "HMAC-SHA2-256A3762",
        "AES-CFB128A4676",
        "ECDSA KeyGen (FIPS186-4)A3762",
        "SHA3-256A3762",
        "PBKDFA3762",
        "HMAC-SHA3-224A3762",
        "HMAC DRBGA3762",
        "SHAKE-256A3762",
        "HMAC-SHA3-512A3762",
        "RSA SigGen (FIPS186-4)A3762",
        "RSA SigVer (FIPS186-2)A3762",
        "HMAC-SHA3-384A3762",
        "HMAC-SHA2-512/256A3762",
        "SHA-1A3762",
        "AES-CTRA4676",
        "AES-CFB8A4676",
        "SHA2-256A4676",
        "AES-XTS Testing Revision 2.0A4676",
        "HMAC-SHA2-384A3762"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "9"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 3
          },
          "ECDSA": {
            "ECDSA": 133
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "CCM": {
          "CCM": 5
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 1
        },
        "OFB": {
          "OFB": 1
        },
        "XTS": {
          "XTS": 9
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "libgcrypt": {
          "libgcrypt": 97
        }
      },
      "crypto_protocol": {},
      "crypto_scheme": {
        "MAC": {
          "MAC": 14
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 44,
          "P-256": 84,
          "P-384": 52,
          "P-521": 54
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 87
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "- PKCS 1": 15,
          "AES-128": 4,
          "AES-192": 5,
          "AES-256": 5,
          "HMAC-SHA- 1": 12,
          "HMAC-SHA-1": 30,
          "HMAC-SHA-256": 6,
          "PKCS 1": 15,
          "PKCS#1": 32,
          "SHA- 224": 1,
          "SHA- 256": 3,
          "SHA- 384": 1,
          "SHA- 512": 3,
          "SHA-1": 51,
          "SHA-2": 3,
          "SHA-224": 1,
          "SHA-256": 5,
          "SHA-3": 4,
          "SHA-384": 4,
          "SHA-512": 4,
          "SHA2- 256": 6,
          "SHA2- 384": 9,
          "SHA2-224": 37,
          "SHA2-256": 97,
          "SHA2-384": 29,
          "SHA2-512": 57,
          "SHA3- 384": 1,
          "SHA3-224": 24,
          "SHA3-256": 25,
          "SHA3-384": 23,
          "SHA3-512": 25
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 2
          }
        },
        "PBKDF": {
          "PBKDF": 36,
          "PBKDF2": 2
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 51
          },
          "SHA2": {
            "SHA-2": 3,
            "SHA-224": 1,
            "SHA-256": 5,
            "SHA-384": 4,
            "SHA-512": 4
          },
          "SHA3": {
            "SHA-3": 4,
            "SHA3-224": 24,
            "SHA3-256": 25,
            "SHA3-384": 23,
            "SHA3-512": 25
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 103
        },
        "RNG": {
          "RBG": 3,
          "RNG": 2
        }
      },
      "side_channel_analysis": {
        "FI": {
          "Fault Induction": 2
        },
        "SCA": {
          "timing attacks": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 93,
          "FIPS 180-4": 40,
          "FIPS 186-2": 4,
          "FIPS 186-4": 45,
          "FIPS 198-1": 48,
          "FIPS 202": 18,
          "FIPS PUB 140-3": 2,
          "FIPS140-3": 1,
          "FIPS180-4": 1,
          "FIPS186-2": 11,
          "FIPS186-4": 107,
          "FIPS197": 1,
          "FIPS198-1": 1,
          "FIPS202": 1
        },
        "NIST": {
          "SP 800-132": 5,
          "SP 800-38A": 34,
          "SP 800-38B": 4,
          "SP 800-38C": 4,
          "SP 800-38E": 6,
          "SP 800-38F": 4,
          "SP 800-90A": 14
        },
        "PKCS": {
          "PKCS 1": 15,
          "PKCS#1": 16
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 46,
            "AES-": 7,
            "AES-128": 4,
            "AES-192": 5,
            "AES-256": 5
          },
          "CAST": {
            "CAST": 277
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 8,
            "HMAC": 35,
            "HMAC-SHA-256": 3
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 2
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20240807190214Z00\u002700\u0027",
      "/Creator": "Word",
      "/ModDate": "D:20240807190214Z00\u002700\u0027",
      "/Producer": "macOS Version 13.3.1 (a) (Build 22E772610a) Quartz PDFContext",
      "/Title": "140sp-new",
      "pdf_file_size_bytes": 1053208,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 86
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "83807ceefc2fcb18bc8b95b51baa30d4f4defcff15e044f641c25ccb8681cf08",
    "policy_txt_hash": "612baea07f00c61444cf91db2c93013c55d59201496d2a729bb4c74395369e9e"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
    "date_sunset": "2026-08-08",
    "description": "The Red Hat Enterprise Linux 9 libgcrypt is a software library implementing general purpose cryptographic algorithms",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Red Hat Enterprise Linux 9 libgcrypt",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "1.10.0-8b6840b590cedd43",
    "tested_conf": [
      "Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel(R) Xeon(R) Silver 4216 with PAA",
      "Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel(R) Xeon(R) Silver 4216 without PAA",
      "Red Hat Enterprise Linux 9 running on IBM z16 3931-A01 with IBM z16 with PAI",
      "Red Hat Enterprise Linux 9 running on IBM z16 3931-A01 with IBM z16 without PAI",
      "Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 running on IBM 9080-HEX with IBM POWER10 with PAA",
      "Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 running on IBM 9080-HEX with IBM POWER10 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-08-09",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Red Hat(R), Inc.",
    "vendor_url": "http://www.redhat.com"
  }
}