This page was not yet optimized for use on mobile devices.
Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module
Certificate #4794
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-128, AES-192, AES-256, AES-, CAST, HMAC, KMAC, CMACAsymmetric Algorithms
RSA-OAEP, ECDH, ECDSA, ECC, DHE, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, PBKDF2, PBKDFSchemes
MAC, Key Exchange, Key AgreementProtocols
SSH, TLS v1.2, TLS v1.3, TLS 1.2, TLS, TLS 1.3, IKERandomness
DRBG, RBGLibraries
OpenSSLElliptic Curves
P-224, P-256, P-384, P-521, P-192, curve P-192, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, B-163, K-163Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSTrusted Execution Environments
PSP, SSCSecurity level
Level 1Side-channel analysis
Fault InductionStandards
FIPS 140-3, FIPS PUB 140-3, FIPS186-4, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS 186-5, FIPS 197, SP 800-132, SP 800-38A, SP 800-38C, SP 800-38B, SP 800-38F, SP 800-38E, SP 800-38D, SP 800-56A, SP 800-135, SP 800-185, SP 800-56C, SP 800-90A, SP 800-108, SP 800-90B, SP 800-140B, PKCS 1, PKCS#1, RFC7627, RFC 5288, RFC8446, RFC 8446, RFC 4253, RFC 6668, RFC 3526, RFC 7919File metadata
| Author | Hawes, David J. (Fed) |
|---|---|
| Creation date | D:20240905220705+00'00' |
| Modification date | D:20240905220705+00'00' |
| Pages | 105 |
| Creator | Microsoft Word |
References
Incoming- 4911 - active - Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module
Heuristics ?
No heuristics are available for this certificate.
References ?
Updates ?
-
09.12.2024 The certificate data changed.
Certificate changed
The computed heuristics were updated.
- The policy_processed_references property was updated, with the
{'directly_referenced_by': {'_type': 'Set', 'elements': ['4911']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4911']}}data. - The module_processed_references property was updated, with the
{'directly_referenced_by': {'_type': 'Set', 'elements': ['4911']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4911']}}data.
- The policy_processed_references property was updated, with the
-
14.10.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
- The certificate_pdf_url property was set to
-
16.09.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4794,
"dgst": "4f41b6fdedda792a",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"SHA2-224A4005",
"RSA KeyGen (FIPS186-4)A4005",
"HMAC-SHA2-224A4005",
"KDA HKDF Sp800-56Cr1A3969",
"HMAC-SHA2-512/224A4005",
"SHA-1A4005",
"RSA SigGen (FIPS186-4)A4005",
"ECDSA KeyGen (FIPS186-4)A4005",
"HMAC-SHA3-256A3979",
"PBKDFA4005",
"HMAC-SHA2-512/256A4005",
"AES-CFB1A3982",
"SHA3-256A3979",
"AES-ECBA3987",
"AES-CBC-CS3A3982",
"ECDSA SigVer (FIPS186-4)A4005",
"AES-CFB128A3982",
"AES-CBC-CS2A3982",
"AES-CBC-CS1A3982",
"Hash DRBGA3970",
"KAS-ECC-SSC Sp800-56Ar3A4005",
"SHA3-512A3979",
"AES-KWPA3982",
"HMAC-SHA3-512A3979",
"HMAC-SHA3-224A3979",
"SHA2-256A4005",
"AES-CCMA3982",
"SHAKE-128A3979",
"KDF SP800-108A3991",
"AES-KWA3982",
"SHA3-384A3979",
"SHAKE-256A3979",
"KDF ANS 9.63A4005",
"KMAC-256A3979",
"SHA3-224A3979",
"Safe Primes Key GenerationA3992",
"HMAC-SHA2-512A4005",
"AES-GCMA4002",
"ECDSA SigGen (FIPS186-4)A4005",
"AES-OFBA3982",
"HMAC-SHA-1A4005",
"HMAC DRBGA3970",
"TLS v1.2 KDF RFC7627A4005",
"KAS-FFC-SSC Sp800-56Ar3A3992",
"KMAC-128A3979",
"KDF ANS 9.42A4005",
"AES-CMACA3982",
"KDA OneStep SP800-56Cr2A3965",
"Safe Primes Key VerificationA3992",
"HMAC-SHA3-384A3979",
"SHA2-512/224A4005",
"HMAC-SHA2-384A4005",
"ECDSA KeyVer (FIPS186-4)A4005",
"SHA2-512/256A4005",
"TLS v1.3 KDFA3969",
"AES-GMACA4002",
"AES-CBCA3982",
"AES-XTS Testing Revision 2.0A3982",
"RSA SigVer (FIPS186-4)A4005",
"HMAC-SHA2-256A4005",
"SHA2-512A4005",
"Counter DRBGA3970",
"AES-CFB8A3982",
"KDF SSHA3987",
"AES-CTRA3982",
"SHA2-384A4005"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"22.04"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"4911"
]
},
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 6
},
"ECDSA": {
"ECDSA": 165
}
},
"FF": {
"DH": {
"DH": 31,
"DHE": 1,
"Diffie-Hellman": 7
},
"DSA": {
"DSA": 6
}
},
"RSA": {
"RSA-OAEP": 4
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CCM": {
"CCM": 2
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 1
},
"GCM": {
"GCM": 18
},
"OFB": {
"OFB": 1
},
"XTS": {
"XTS": 8
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 112
}
},
"crypto_protocol": {
"IKE": {
"IKE": 6
},
"SSH": {
"SSH": 43
},
"TLS": {
"TLS": {
"TLS": 22,
"TLS 1.2": 5,
"TLS 1.3": 5,
"TLS v1.2": 36,
"TLS v1.3": 6
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"KEX": {
"Key Exchange": 2
},
"MAC": {
"MAC": 17
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-163": 3,
"B-233": 37,
"B-283": 7,
"B-409": 12,
"B-571": 13,
"K-163": 4,
"K-233": 12,
"K-283": 12,
"K-409": 12,
"K-571": 14,
"P-192": 24,
"P-224": 140,
"P-256": 112,
"P-384": 98,
"P-521": 98,
"curve P-192": 2
}
},
"eval_facility": {
"atsec": {
"atsec": 107
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"- PKCS 1": 14,
"AES-128": 8,
"AES-192": 7,
"AES-256": 9,
"HMAC-SHA-1": 24,
"PKCS 1": 14,
"PKCS#1": 44,
"SHA-1": 68,
"SHA-3": 1,
"SHA2-224": 42,
"SHA2-256": 139,
"SHA2-384": 56,
"SHA2-512": 70,
"SHA3- 256": 1,
"SHA3-224": 17,
"SHA3-256": 21,
"SHA3-384": 17,
"SHA3-512": 18
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 41,
"PBKDF2": 5
},
"SHA": {
"SHA1": {
"SHA-1": 68
},
"SHA3": {
"SHA-3": 1,
"SHA3-224": 17,
"SHA3-256": 21,
"SHA3-384": 17,
"SHA3-512": 18
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 41
},
"RNG": {
"RBG": 2
}
},
"side_channel_analysis": {
"FI": {
"Fault Induction": 2
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 117,
"FIPS 180-4": 51,
"FIPS 186-4": 70,
"FIPS 186-5": 1,
"FIPS 197": 1,
"FIPS 198-1": 63,
"FIPS 202": 19,
"FIPS PUB 140-3": 2,
"FIPS186-4": 235
},
"NIST": {
"SP 800-108": 1,
"SP 800-132": 17,
"SP 800-135": 31,
"SP 800-140B": 1,
"SP 800-185": 6,
"SP 800-38A": 78,
"SP 800-38B": 8,
"SP 800-38C": 8,
"SP 800-38D": 33,
"SP 800-38E": 9,
"SP 800-38F": 16,
"SP 800-56A": 11,
"SP 800-56C": 2,
"SP 800-90A": 3,
"SP 800-90B": 1
},
"PKCS": {
"PKCS 1": 14,
"PKCS#1": 22
},
"RFC": {
"RFC 3526": 3,
"RFC 4253": 1,
"RFC 5288": 3,
"RFC 6668": 1,
"RFC 7919": 3,
"RFC 8446": 2,
"RFC7627": 28,
"RFC8446": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 47,
"AES-": 4,
"AES-128": 8,
"AES-192": 7,
"AES-256": 9
},
"CAST": {
"CAST": 318
}
},
"constructions": {
"MAC": {
"CMAC": 2,
"HMAC": 20,
"KMAC": 10
}
}
},
"tee_name": {
"AMD": {
"PSP": 3
},
"IBM": {
"SSC": 3
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Hawes, David J. (Fed)",
"/CreationDate": "D:20240905220705+00\u002700\u0027",
"/Creator": "Microsoft Word",
"/ModDate": "D:20240905220705+00\u002700\u0027",
"pdf_file_size_bytes": 1362809,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"http://www.atsec.com/",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://www.ietf.org/rfc/rfc8446.txt",
"http://www.canonical.com/",
"http://www.ietf.org/rfc/rfc3447.txt",
"https://www.ietf.org/rfc/rfc5288.txt",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"https://webstore.ansi.org/standards/ascx9/ansix9422001",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr1.pdf",
"https://www.ietf.org/rfc/rfc7919.txt",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"https://webstore.ansi.org/standards/ascx9/ansix9632001",
"https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"https://www.ietf.org/rfc/rfc3526.txt",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf",
"https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 105
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "dc886b6b29fdb6f4305b569a2fb1c73430d0db47939aa10b7dcae93b08abd49d",
"policy_txt_hash": "06df15eaed036a34888a949cfa0c21412c489e031e0c88c8ee008ca8063f1b7a"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation; When operated in approved mode; When installed, initialized and configured as specified in Section 11 of the Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
"date_sunset": "2026-09-10",
"description": "The Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module provides a C language application program interface (API) for use by other applications that require cryptographic functionality.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "3.0.5-0ubuntu0.1+Fips2.1",
"tested_conf": [
"Ubuntu 22.04 on IBM z15 with IBM z15 processor with PAI",
"Ubuntu 22.04 on IBM z15 with IBM z15 processor without PAI",
"Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor with PAA",
"Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor without PAA",
"Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor with PAA",
"Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-09-11",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
}
],
"vendor": "Canonical Ltd.",
"vendor_url": "http://www.canonical.com"
}
}