| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 10/6/2029 |
| Caveat | Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy |
| Vendor | Cloudlinux Inc., TuxCare division |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for OpenSSL FIPS Provider for AlmaLinux 9
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for OpenSSL FIPS Provider for AlmaLinux 9
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Cloudlinux Inc., TuxCare division OpenSSL FIPS Provider for AlmaLinux 9 Document Version 1.1 Last update: 2024-09-27 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com
OpenSSL FIPS Provider for AlmaLinux 9 Table of Contents © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 List of Tables Table 2: Tested Module Identification
| Name | ISO Section | Level |
|---|---|---|
| 1 | 1 | 1 |
| 2 | 2 | 1 |
| 3 | 3 | 1 |
| 4 | 4 | 1 |
| 5 | 5 | 1 |
| 6 | 6 | 1 |
| 7 | 7 | N/A |
| 8 | 8 | N/A |
| 9 | 9 | 1 |
| 10 | 10 | 1 |
| 11 | 11 | 1 |
| 12 | 12 | 1 |
OpenSSL FIPS Provider for AlmaLinux 9
This document is the non-proprietary FIPS 140-3 Security Policy for version 3.0.71d2bd88ee26b3c90 of the OpenSSL FIPS Provider for AlmaLinux 9. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module. intact and including this notice. Other documentation is proprietary to their authors.
N/A N/A Table 1: Security Levels © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9
Purpose and Use: The OpenSSL FIPS Provider for AlmaLinux 9 (hereafter referred to as “the module”) is defined as a software module in a multi-chip standalone embodiment. It provides a C language application program interface (API) for use by other applications that require cryptographic functionality. The module is a software library supporting FIPS 140-3 approved algorithms developed by TuxCare for its use by other applications that require cryptographic functionality and consists of one software component, the “FIPS provider”, which implements the FIPS requirements and the cryptographic functionality provided to the operator. Module Type: Software Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic boundary of the module is defined as the fips.so shared library, which contains the compiled code implementing the FIPS provider. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1 shows a block diagram that represents the design of the module when the module is operational and providing services to other user space applications. In this diagram, the physical perimeter of the operational environment (a general-purpose computer on which the module is installed) is indicated by a purple dashed line. The cryptographic boundary is represented by the components painted in orange blocks, which consists only of the shared library implementing the FIPS provider (fips.so). Green lines indicate the flow of data between the cryptographic module and its operator application, through the logical interfaces defined in Section 3 Cryptographic Module Interfaces. Components in white are only included in the diagram for informational purposes. They are not included in the cryptographic boundary (and therefore not part of the module’s validation). For example, the kernel is responsible for managing system calls issued by the module itself, as well as other applications using the module for cryptographic services. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| fips.so | 3.0.7- 1d2bd88ee26b3c90 | N/A | fips.so | HMAC-SHA2-256 | ||||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services | 3.0.7- 1d2bd88ee26b3c90 | Intel Xeon Platinum 8259CL | With and without PAA (AES-NI and | N/A |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| fips.so | 3.0.7- 1d2bd88ee26b3c90 | N/A | fips.so | HMAC-SHA2-256 | ||||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services | 3.0.7- 1d2bd88ee26b3c90 | Intel Xeon Platinum 8259CL | With and without PAA (AES-NI and | N/A | ||||
| (AWS) m5.metal | (AWS) m5.metal | SHA Extensions) | ||||||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) a1.metal | 3.0.7- 1d2bd88ee26b3c90 | AWS Graviton | With and without PAA (Neon and Crypto Extensions) | N/A |
OpenSSL FIPS Provider for AlmaLinux 9 Figure 1 - Block Diagram
Tested Module Identification
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- approved mode | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service | Non- Approved |
OpenSSL FIPS Provider for AlmaLinux 9 9.2 N/A 3.0.71d2bd88ee26b3c90 Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: N/A for this module. CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.
There are no components excluded from the requirements of the FIPS 140-3 standard.
Modes List and Description: Nonapproved NonApproved After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. No operator intervention is required to reach this point. The module operates in the approved mode of operation by default and can only transition into the non-approved mode by calling one of In the operational state, the module accepts service requests from calling applications through its logical interfaces. At any point in the operational state, a calling application can end its process, causing the module to end its operation. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of operation is equivalent to the indicator of the service that was requested. Degraded Mode Description: The module does not implement a degraded mode of operation.
Approved Algorithms: © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Approved Functions | Properties | ||
|---|---|---|---|---|
| (CKG) Key Pair Generation | Key Pair Generation with RSA:2048- 16384 bits keys (112-256 bits strength) Key Pair Generation with ECDSA:P-224, | N/A | SP 800-133r2 Section 4 example 1 | |
| RSA Signature Generation | PKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:2048-16384 bits Strength:112-256 bits | N/A | FIPS 140-3 IG C.C | |
| RSA Signature Verification | PKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:1024-16384 bits Strength:80-256 bits | N/A | FIPS 140-3 IG C.C | |
| AES GCM (external IV) | Authentication Encryption | |||
| HMAC (< 112-bit keys) | Message Authentication Code | |||
| KBKDF, KDA OneStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) | Key Derivation | |||
| KDA OneStep (SHAKE128, SHAKE256) | Key Derivation | |||
| ANS X9.42 KDF (SHAKE128, SHAKE256) | Key Derivation | |||
| ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) | Key Derivation |
OpenSSL FIPS Provider for AlmaLinux 9 Table 5: Approved Algorithms Vendor-Affirmed Algorithms: N/A © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| RSA Signature Generation | PKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:2048-16384 bits Strength:112-256 bits | N/A | FIPS 140-3 IG C.C | |||
| RSA Signature Verification | PKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:1024-16384 bits Strength:80-256 bits | N/A | FIPS 140-3 IG C.C | |||
| AES GCM (external IV) | Authentication Encryption | |||||
| HMAC (< 112-bit keys) | Message Authentication Code | |||||
| KBKDF, KDA OneStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) | Key Derivation | |||||
| KDA OneStep (SHAKE128, SHAKE256) | Key Derivation | |||||
| ANS X9.42 KDF (SHAKE128, SHAKE256) | Key Derivation | |||||
| ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) | Key Derivation | |||||
| SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256) | Key Derivation | |||||
| TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3) | TLS Key Derivation | |||||
| TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3) | TLS Key Derivation | |||||
| PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys) | Password-based Key Derivation | |||||
| RSA (KAS1, KAS2 schemes) | Shared secret computation | |||||
| RSA and ECDSA (pre-hashed message) | Signature generation; Signature verification | |||||
| RSA-PSS (invalid salt length) | Signature generation; Signature verification | |||||
| RSA-OAEP | Asymmetric encryption; Asymmetric decryption | |||||
| Symmetric Encryption with AES | Symmetric encryption using AES | AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC- | BC-UnAuth | AES-ECB:128, 192, 256 bits AES-CBC:128, 192, 256 bits AES-CBC-CS1:128, 192, 256 bits AES-CBC-CS2:128, 192, 256 bits AES-CBC-CS3:128, 192, 256 bits AES-CFB1:128, 192, 256 bits AES-CFB128:128, 192, 256 bits AES-CFB8:128, 192, 256 bits AES-CTR:128, 192, 256 |
OpenSSL FIPS Provider for AlmaLinux 9 N/A C.C N/A C.C Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256) | Key Derivation | |||
| TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3) | TLS Key Derivation | |||
| TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3) | TLS Key Derivation | |||
| PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys) | Password-based Key Derivation | |||
| RSA (KAS1, KAS2 schemes) | Shared secret computation | |||
| RSA and ECDSA (pre-hashed message) | Signature generation; Signature verification | |||
| RSA-PSS (invalid salt length) | Signature generation; Signature verification | |||
| RSA-OAEP | Asymmetric encryption; Asymmetric decryption | |||
| Symmetric Encryption with AES | Symmetric encryption using AES | AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC- | BC-UnAuth | AES-ECB:128, 192, 256 bits AES-CBC:128, 192, 256 bits AES-CBC-CS1:128, 192, 256 bits AES-CBC-CS2:128, 192, 256 bits AES-CBC-CS3:128, 192, 256 bits AES-CFB1:128, 192, 256 bits AES-CFB128:128, 192, 256 bits AES-CFB8:128, 192, 256 bits AES-CTR:128, 192, 256 |
OpenSSL FIPS Provider for AlmaLinux 9 Table 7: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services of the Non-Approved Services table in Section 4.4 Non-Approved Services.
© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions |
|---|---|---|
| bits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bits | bits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bits | CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 |
OpenSSL FIPS Provider for AlmaLinux 9 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Symmetric Decryption with AES | Symmetric decryption using AES | AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC- | BC-UnAuth | AES-ECB:128, 192, 256 bits AES-CBC:128, 192, 256 bits AES-CBC-CS1:128, 192, 256 bits AES-CBC-CS2:128, 192, 256 bits AES-CBC-CS3:128, 192, 256 bits AES-CFB1:128, 192, 256 bits AES-CFB128:128, 192, 256 bits AES-CFB8:128, 192, 256 bits AES-CTR:128, 192, 256 |
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions |
|---|---|---|
| bits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bits | bits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bits | CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 |
OpenSSL FIPS Provider for AlmaLinux 9 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Key wrapping with AES-KW | Key wrapping using AES KW | AES-KW AES-KW AES-KW AES-KW AES-KW AES-KW | KTS-Wrap | AES-KW:128, 192, 256 bits |
| Key unwrapping with AES-KW | Key unwrapping using AES KW | AES-KW AES-KW AES-KW AES-KW AES-KW AES-KW | KTS-Wrap | AES-KW:128, 192, 256 bits |
| Key wrapping with AES-KWP | Key wrapping using AES KW with padding | AES-KWP AES-KWP AES-KWP | KTS-Wrap | AES-KWP:128, 192, 256 bits |
| Key unwrapping with AES-KWP | Key unwrapping using AES KW with padding | AES-KWP AES-KWP AES-KWP AES-KWP AES-KWP AES-KWP | KTS-Wrap | AES-KWP:128, 192, 256 bits |
| Key Derivation with KDA OneStep | Key Derivation using KDA OneStep | KDA OneStep SP800- 56Cr2 | KAS-56CKDF | KDA OneStep SP800- 56Cr2:112-256 bits |
| Key Derivation with X9.42 KDF | Key Derivation using X9.42 KDF | KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 | KAS-135KDF | KDF ANS 9.42:112-256 bits |
| Key Derivation with X9.63 KDF | Key Derivation using X9.63 KDF | KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 | KAS-135KDF | KDF ANS 9.63:112-256 bits |
| Key Derivation with SSH KDF | Key Derivation | KDF SSH KDF SSH KDF SSH KDF SSH | KAS-135KDF | KDF SSH:112-256 bits |
| Key Derivation with HKDF | Key Derivation using HKDF | KDA HKDF Sp800- 56Cr1 | KAS-56CKDF | KDA HKDF Sp800- 56Cr1:112-256 bits |
| TLS Key Derivation | TLS 1.2 / 1.3 Key Derivation | TLS v1.3 KDF TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627 | KAS-135KDF | TLS v1.3 KDF:112-256 bits TLS v1.2 KDF RFC7627:112-256 bits |
| Key Derivation with KBKDF | Key derivation using KBKDF | KDF SP800- 108 | KBKDF | Modes:Counter, Feedback KDF SP800-108:112-256 bits |
| Password- based Key Derivation | Password- based Key Derivation | PBKDF PBKDF PBKDF PBKDF PBKDF PBKDF | PBKDF | PBKDF:112-256 bits |
| Random Number Generation | Random Number Generation (IG D.R compliant) | Counter DRBG HMAC DRBG Hash DRBG | DRBG | Counter DRBG:128, 192, 256 bits HMAC DRBG:128, 256 bits Hash DRBG:128, 256 bits |
| Signature Generation | Signature Generation | ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) | DigSig- SigGen | ECDSA SigGen (FIPS186- 4):P-224, P-256, P-384, P- 521 (112, 128, 192, 256 bits) RSA SigGen (FIPS186- 4):2048-16384 bits (112- 256 bits) |
| Signature Verification | Signature Verification | ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) | DigSig-SigVer | ECDSA SigVer (FIPS186- 4):P-224, P-256, P-384, P- 521 (112, 128, 192, 256 bits) RSA SigVer (FIPS186- 4):NIST SP 800-131Ar2 Legacy use: 1024-2047 bits with 80-111 bits of security strength; NIST SP 800-131Ar2 Acceptable: 2048-16384 bits with 112- 256 bits of security strength IG C.F Compliance:The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140- 3 IG C.F |
| Message Authentication Code | Message Authentication Code | HMAC-SHA3- 224 HMAC-SHA3- 256 HMAC-SHA3- 384 HMAC-SHA3- 512 | MAC | HMAC hashes:SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA- 512/224, SHA-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 AES key:128, 192, 256 bits |
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 SP80056Cr2 Sp80056Cr1 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 KDF SP800108 Passwordbased Key Passwordbased Key DigSigSigGen © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3512 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions | Type |
|---|---|---|---|
| Message digest | Message digest | SHA3-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-128 SHAKE-256 SHA-1 SHA-1 SHA-1 SHA-1 SHA-1 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-224 | SHA XOF |
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Authenticated Symmetric Encryption | Authenticated Symmetric Encryption | AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM | BC-Auth | Key:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively |
| Authenticated Symmetric Decryption | Authenticated Symmetric Decryption | AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-KW AES-KW AES-KW AES-KW AES-KW AES-KW AES-KWP AES-KWP AES-KWP AES-KWP AES-KWP | BC-Auth | Key:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively |
| Key wrapping with AES-CCM | Key wrapping with AES CCM (as permitted by IG D.G) | AES-CCM AES-CCM AES-CCM AES-CCM | KTS-Wrap | Key:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively |
| Key unwrapping with AES-CCM | Key unwrapping with AES CCM (as permitted by IG D.G) | AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM | BC-Auth | Key:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively |
| Key wrapping with AES-GCM | Key wrapping with AES GCM (as permitted by IG D.G) | AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM | KTS-Wrap | Key:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively |
| Key unwrapping with AES-GCM | Key unwrapping with AES GCM (as permitted by IG D.G) | AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM | BC-Auth | Key:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively |
| Key Pair Generation with ECDSA | Key Pair Generation using ECDSA | ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA | AsymKeyPair- KeyGen | ECDSA KeyGen (FIPS186- 4):P-224, P-256, P-384, P- 521 (112, 128, 192, 256 bits) |
| Key Pair Generation with RSA | Key Pair Generation using RSA | RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) | AsymKeyPair- KeyGen | RSA KeyGen (FIPS186- 4):2048-15360 bits (112- 256 bits) |
| Key Pair Generation with Safe Primes | Key Pair Generation using Safe Primes | Safe Primes Key Generation | AsymKeyPair- KeyGen | Safe Primes Key Generation:ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 (112-200 bits) |
| Key Pair Verification with ECDSA | Key Pair Verification using ECDSA | ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) | AsymKeyPair- KeyVer | Curves:P-224, P-256, P- 384, P-521 (112, 128, 192, 256 bits) |
| Key Pair Verification with Safe Primes | Key Pair Verification using Safe Primes | Safe Primes Key Verification | AsymKeyPair- KeyVer | Groups:ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 (112-200 bits) |
| Shared Secret Computation with DH | Shared Secret Computation using DH | KAS-FFC- SSC Sp800- 56Ar3 | KAS-SSC | KAS-FFC-SSC Sp800- 56Ar3:ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, |
OpenSSL FIPS Provider for AlmaLinux 9 SHA2512/224 SHA2512/224 SHA2512/224 SHA2512/224 SHA2512/224 SHA2512/256 SHA2512/256 SHA2512/256 SHA2512/256 SHA2512/256 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 AsymKeyPairKeyGen © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 AsymKeyPairKeyGen AsymKeyPairKeyGen AsymKeyPairKeyVer AsymKeyPairKeyVer KAS-FFCSSC Sp80056Ar3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Roles | Approved Functions | Type |
|---|---|---|---|---|
| Shared Secret Computation with ECDH | Shared Secret Computation using EC Diffie-Hellman | KAS-ECC-SSC Sp800- 56Ar3:P-224, P-256, P- 384, P-521 (112, 128, 192, 256 bits strength) Compliance:SP 800- 56Arev3, FIPS 140-3 IG D.F. Scenario 2 (1) Scheme:ephemeralUnified KAS Role:initiator, responder | KAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3 | KAS-SSC |
OpenSSL FIPS Provider for AlmaLinux 9 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 Table 8: Security Function Implementations
For TLS 1.2, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The module is compliant with SP 800-52r2 Section 3.3.1 and the mechanism for IV generation is compliant with RFC 5288 and 8446. The module does not implement the TLS protocol. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. Alternatively, the Crypto Officer can use the module’s API to perform AES GCM encryption using internal IV generation. These IVs are always 96 bits and generated using the approved DRBG internal to the module’s boundary, compliant to Scenario 2 of FIPS 140-3 IG C.H. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 EVP_EncryptInit_ex2 API function with a non-NULL IV value. When this is the case, the API will set a non-approved service indicator. Finally, for TLS 1.3, the AES GCM implementation uses the context of Scenario 5 of FIPS 1403 IG C.H. The protocol that provides this compliance is TLS 1.3, defined in RFC8446 of August 2018, using the cipher-suites that explicitly select AES GCM as the encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable AES GCM cipher suites from Section 3.3.1 of SP800-52r2. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key.
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 2²⁰ AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.
The module provides password-based key derivation (PBKDF2), compliant with SP 800-132. The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance to SP 800-132 and FIPS 140-3 IG D.N, the following requirements are met:
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Cloudlinux Inc., TuxCare division OpenSSL FIPS | Non- Physical | 64 bits | AlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel | 256 bits | SHA2-512- HMAC-DRBG: A4025; SHA3- 256: A4026; |
| Cert | Vendor Name | |
|---|---|---|
| Number | ||
| E76 | Cloudlinux Inc., TuxCare division |
To comply with the assurances found in Section 5.6.2 of SP 800-56Ar3, the operator must use the module together with an application that implements the SSH/TLS protocol. Additionally, the module’s approved key pair generation service (see Approved Services table in Section 4.3 Approved Services) must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPSvalidated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 80056Ar3.
The module implements the SHA-3 algorithms as both standalone and part of higher-level algorithms (in compliance with FIPS 140-3 IG C.C). As detailed in Section 2.6 Security Function Implementations with corresponding certificates, the cryptographic algorithms that use of SHA-3 include RSA signature generation and verification, ECDSA signature generation and verification, KBKDF, KDA HKDF, X9.63 KDF, X9.42 KDF, PBKDF, OneStep KDA and HMAC. In addition, the implementation of the extendable output functions SHAKE128 and SHAKE256 were verified to have a standalone usage.
The module implements only the approved modulus sizes of 2048, 3072, and 4096 bits for signature generation. For signature verification, the module implements the approved module sizes of 2048, 3072, and 4096 bits. Each algorithm was tested, and corresponding certificates can be found detailed in Section 2.6 Security Function Implementations. The module also supports RSA signature verification with 1024, 1280, 1536 and 1792 modulus bits. These modulus sizes are allowed only for legacy use, in compliance with FIPS 140-3 IG C.F.
Table 9: Entropy Certificates NonPhysical © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Type | Conditioning Component |
|---|---|---|
| provider CPU Time Jitter RNG Entropy Source | Xeon Platinum 8259CL; AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS Graviton | AES-256-CTR- DRBG: A4053 |
OpenSSL FIPS Provider for AlmaLinux 9 Table 10: Entropy Sources The module employs two Deterministic Random Bit Generator (DRBG) implementations based on SP 800-90Ar1. These DRBGs are used internally by the module (e.g. to generate seeds for asymmetric key pairs and random numbers for security functions). They can also be accessed using the specified API functions. The following parameters are used:
The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant with SP 800-133r2. When random values are required, they are obtained from the SP 80090Ar1 approved DRBG, compliant with Section 4 of SP 800-133r2 (without XOR):
OpenSSL FIPS Provider for AlmaLinux 9
The module provides Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH) shared secret computation compliant with SP800-56Ar3, in accordance with scenario 2 (1) of FIPS 140-3 IG D.F. For Diffie-Hellman, the module supports the use of the safe primes defined in RFC 3526 (IKE) and RFC 7919 (TLS). Note that the module only implements key pair generation, key pair verification, and shared secret computation. No other part of the IKE or TLS protocols is implemented (with the exception of the TLS 1.2 and 1.3 KDFs):
OpenSSL FIPS Provider for AlmaLinux 9
The module implements the SSH key derivation function for use in the SSH protocol (RFC
GCM with internal IV generation in the approved mode is compliant with versions 1.2 and 1.3 of the TLS protocol (RFC 5288 and 8446) and shall only be used in conjunction with the TLS protocol. Additionally, the module implements the TLS 1.2 and TLS 1.3 key derivation functions for use in the TLS protocol. No parts of the SSH, TLS, or IKE protocols, other than those mentioned above, have been tested by the CAVP and CMVP. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | Data Input | API input parameters |
| As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | Data Output | API output parameters |
| As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | Control Input | API function calls |
| As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs | Status Output | API return codes, error queue |
OpenSSL FIPS Provider for AlmaLinux 9
Table 11: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design. The module © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmetric Encryption | Used to perform symmetric encryption of an entry plaintext | Crypto Officer - AES key: W,E | Symmetric Encryption with AES | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Plaintext, AES key | Ciphertext | |||
| Symmetric Decryption | Used to perform symmetric decryption of an entry ciphertext | Crypto Officer - AES key: W,E | Symmetric Decryption with AES | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Ciphertex t, AES key | Plaintext | |||
| Authenticat ed Encryption | Used to perform authenticate d symmetric encryption with AES | Crypto Officer - AES key: W,E | Authenticat ed Symmetric Encryption Key wrapping with AES- KW Key wrapping with AES- KWP Key wrapping with AES- GCM | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Plaintext, AES key, IV | Ciphertext, Tag |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmetric Encryption | Used to perform symmetric encryption of an entry plaintext | Crypto Officer - AES key: W,E | Symmetric Encryption with AES | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Plaintext, AES key | Ciphertext | |||
| Symmetric Decryption | Used to perform symmetric decryption of an entry ciphertext | Crypto Officer - AES key: W,E | Symmetric Decryption with AES | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Ciphertex t, AES key | Plaintext | |||
| Authenticat ed Encryption | Used to perform authenticate d symmetric encryption with AES | Crypto Officer - AES key: W,E | Authenticat ed Symmetric Encryption Key wrapping with AES- KW Key wrapping with AES- KWP Key wrapping with AES- GCM | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Plaintext, AES key, IV | Ciphertext, Tag | |||
| Authenticat ed Decryption | Used to perform authenticate d symmetric decryption with AES | Crypto Officer - AES key: W,E | Authenticat ed Symmetric Decryption Key unwrappin g with AES- KW Key unwrappin g with AES- KWP Key unwrappin g with AES- GCM Key unwrappin g with AES- CCM | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Ciphertex t, AES key, IV, Tag | Plaintext | |||
| Key Wrapping | Perform AES- based key wrapping (compliant to SP800-38F and FIPS 140-3 IG D.G) | Crypto Officer - AES key: W,E | Key wrapping with AES- KW Key wrapping with AES- KWP Key wrapping with AES- CCM Key wrapping with AES- GCM | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Key to be wrapped, AES key | Wrapped key | |||
| Key Unwrappin g | Perform AES- based key unwrapping (compliant to SP 800-38F and FIPS 140-3 IG D.G) | Crypto Officer - AES key: W,E | Key unwrappin g with AES- KW Key wrapping with AES- KWP Key wrapping with AES- CCM Key | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVED | Wrapped key, AES key | Unwrapped key | |||
| Message Authenticat ion Code | Compute a MAC tag | Crypto Officer - HMAC key: W,E - AES key: W,E | Message Authenticat ion Code | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_MAC_REDHAT_ FIPS_INDICATOR_A PPROVED | Message, AES key or HMAC key | MAC tag | |||
| Message Authenticat ion Code Verification | Verify a MAC tag | Crypto Officer - HMAC key: W,E - AES key: W,E | Message Authenticat ion Code | OSSL_RH_FIPSINDI CATOR_APPROVED, EVP_MAC_REDHAT_ FIPS_INDICATOR_A PPROVED | Message, AES key or HMAC key, MAC tag | Pass/fail | |||
| Message Digest | Used to generate a SHA-1, SHA- 2, or SHA- 3/SHAKE message digest | Crypto Officer | Message digest | OSSL_RH_FIPSINDI CATOR_APPROVED | Message | Message digest | |||
| Key Derivation with KBKDF | Derive a key from a key- derivation key | Crypto Officer - Key Derivati on Key: W,E - KBKDF Derived Key: G,R | Key Derivation with KBKDF | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVED | Key- derivation key | KBKDF Derived Key | |||
| Key Derivation with HKDF | Derive a key from a shared secret using HKDF | Crypto Officer - Shared Secret: W,E - HKDF Derived Key: G,R | Key Derivation with HKDF | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVED | Shared secret | HKDF Derived Key | |||
| Key Derivation | Derive a key from a shared | Crypto Officer - Shared Secret: | Key Derivation | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ | Shared secret | SSH Derived Key | |||
| with SSH KDF | secret using SSH KDF | W,E - SSH Derived Key: G,R | with SSH KDF | FIPS_INDICATOR_A PPROVED | |||||
| Key Derivation with X9.63 KDF | Derive a key from a shared secret using X9.63 KDF | Crypto Officer - Shared Secret: W,E - X9.63 Derived Key: G,R | Key Derivation with X9.63 KDF | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVED | Shared secret | X9.63 Derived Key | |||
| Key Derivation with X9.42 KDF | Derive a key from a shared secret using X9.63 KDF | Crypto Officer - Shared Secret: W,E - X9.42 Derived Key: G,R | Key Derivation with X9.42 KDF | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVED | Shared secret | X9.42 Derived Key | |||
| Key Derivation with KDA OneStep | Derive a key from a shared secret using KDA OneStep | Crypto Officer - Shared Secret: W,E - KDA OneSte p Derived Key: G,R | Key Derivation with KDA OneStep | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVED | Shared secret | KDA OneStep Derived Key | |||
| TLS Key Derivation | Derive a key from a shared secret using TLS 1.2 KDF / TLS 1.3 KDF | Crypto Officer - Shared Secret: W,E - TLS Derived Key: G,R | TLS Key Derivation | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVED | Shared secret | TLS Derived Key | |||
| Password- based Key Derivation | Derive a key from a password | Crypto Officer - Passwor d or passphr ase: | Password- based Key Derivation | OSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVED | Password or passphra se | PBKDF Derived Key | |||
| Shared Secret Computatio n | Compute a shared secret | Crypto Officer - DH Private key: W,E - EC Public key: W,E - Shared Secret: G,R - DH Public key : W,E - Shared Secret: G,R | Shared Secret Computatio n with DH Shared Secret Computatio n with ECDH | OSSL_RH_FIPSINDI CATOR_APPROVED | DH private key, DH public key; EC private key, EC public key | Shared secret | |||
| Signature Generation | Generate a digital signature | Crypto Officer - RSA private key: W,E - EC Private key: W,E | Signature Generation | OSSL_RH_FIPSINDI CATOR_APPROVED OSSL_SIGNATURE_ PARAM_REDHAT_FI PS_INDICATOR | Message, private key | Signature | |||
| Signature Verification | Verify a digital signature | Crypto Officer - RSA public key: W,E - EC Public key: W,E | Signature Verification | OSSL_RH_FIPSINDI CATOR_APPROVED OSSL_SIGNATURE_ PARAM_REDHAT_FI PS_INDICATOR | Message, public key, signature | Pass/fail | |||
| Key Pair Generation | Generate a key pair | Crypto Officer - RSA private key: G,R - DH | Key Pair Generation with RSA Key Pair Generation with ECDSA | OSSL_RH_FIPSINDI CATOR_APPROVED | Group; Curve; Modulus bits | DH key pair; EC key pair; RSA key pair |
OpenSSL FIPS Provider for AlmaLinux 9
N/A for this module. The module does not support authentication methods.
Table 12: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module when performing a service. The module does not support multiple concurrent operators.
W,E W,E with AESKW with AESKWP with AESGCM W,E © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 with AESCCM g with AESKW g with AESKWP g with AESGCM g with AESCCM W,E D.G) with AESKW with AESKWP with AESCCM with AESGCM W,E g D.G) g with AESKW with AESKWP with AESCCM W,E © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 with AESGCM W,E W,E W,E W,E from a keyderivation Keyderivation W,E G,R W,E G,R © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 W,E G,R W,E G,R W,E G,R W,E p G,R W,E G,R Passwordbased Key Passwordbased Key © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 W,E G,R n W,E W,E G,R W,E G,R W,E W,E W,E W,E © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Security Function | Generation | Input | Output | Indicator |
|---|---|---|---|---|---|---|
| Key Pair Verification | Verify a key pair | Crypto Officer - DH Public key : W,E - EC Public key: W,E - DH Private key: W,E - EC Private key: W,E | Key Pair Verification with Safe Primes Key Pair Verification with ECDSA | Key pair | Pass/fail | OSSL_RH_FIPSINDI CATOR_APPROVED |
| Random Number Generation | Generate random bytes | Crypto Officer - Entropy input: G,E - DRBG internal state (V value, C value): G,E,W - DRBG | Random Number Generation | Output length | Random bytes | OSSL_RH_FIPSINDI CATOR_APPROVED |
OpenSSL FIPS Provider for AlmaLinux 9 G,R G,E,Z W,E W,E W,E W,E G,E G,E,W © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Show status | Show the current status of the module | Crypto Officer | None | None | N/A | Module status |
| Show module name and version | Show module name and the version of the module | Crypto Officer | None | None | N/A | Name and version information |
| Self-test | Perform CASTs and integrity test | Crypto Officer | Message digest Message Authenticat ion Code Symmetric Encryption with AES Symmetric Decryption with AES Authenticat ed Symmetric Encryption Authenticat ed Symmetric Decryption Signature Generation Signature Verification Key Derivation with KBKDF Key Derivation with KDA OneStep Key Derivation with HKDF Key Derivation | None | N/A | Pass/fail result of self-tests |
OpenSSL FIPS Provider for AlmaLinux 9 G,E,W G,E,W N/A N/A N/A © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 Passwordbased Key N/A © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation. Z
| Name | Indicator | Output | |
|---|---|---|---|
| AES GCM (external IV) | Authenticated Encryption | AES GCM (external IV) | CO |
| HMAC (< 112-bit keys) | Compute a MAC tag | HMAC (< 112-bit keys) | CO |
| Key derivation | Derive a key from a key- derivation key or a shared secret | KBKDF, KDA OneStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112- bit keys) KDA OneStep (SHAKE128, SHAKE256) ANS X9.42 KDF (SHAKE128, SHAKE256) ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) SSH KDF (SHA-512/224, SHA- 512/256, SHA-3, SHAKE128, SHAKE256) | CO |
| PBKDF2 (< 112- bit keys) | Derive a key from a password | PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys) | CO |
| Signature generation | Generate a signature | RSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length) | CO |
| Signature verification | Verify a signature | RSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length) | CO |
| Asymmetric encryption | Encrypt a plaintext | RSA-OAEP | CO |
| Asymmetric decryption | Decrypt a ciphertext | RSA-OAEP | CO |
| Shared secret computation | Compute a shared secret | RSA (KAS1, KAS2 schemes) | CO |
OpenSSL FIPS Provider for AlmaLinux 9 p Z Z © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 Table 13: Approved Services The module provides services to operators that assume the available role. All services are described in detail in the API documentation (manual pages). The convention below applies when specifying the access permissions (types) that the service has for each SSP.
© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 Table 14: Non-Approved Services The table above lists the non-approved services in this module, the algorithms involved and the roles that can request the service. In this table, CO specifies the Crypto Officer role.
The module does not load external software or firmware. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9
The integrity of the module is verified by comparing a HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. This operation is performed by the verify_integrity() function which performs a KAT for the HMAC SHA-256 algorithm in order to test its proper operation before performing the checksum of the module file.
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity test may be invoked on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. This will perform (among others) the software integrity test. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9
Type of Operational Environment: Modifiable How Requirements are Satisfied: Any SSPs contained within the module are protected by the process isolation and memory separation mechanisms, and only the module has control over these SSPs.
The module shall be installed as stated in Section 11 Life-Cycle Assurance. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Temp/Voltage Type | Temperature or Voltage | EFP | Result |
|---|---|---|---|
| or | |||
| EFT | |||
| LowTemperature | |||
| HighTemperature | |||
| LowVoltage | |||
| HighVoltage |
OpenSSL FIPS Provider for AlmaLinux 9
The module is comprised of software only and therefore this section is Not Applicable (N/A).
Number: Not applicable. Placement: Not applicable. Surface Preparation: Not applicable. Operator Responsible for Securing Unused Seals: Not applicable. Part Numbers: Not applicable.
Not applicable. Table 15: EFP/EFT Information Not applicable. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Temperature | Temperature | |
|---|---|---|
| Type | ||
| LowTemperature | ||
| HighTemperature |
OpenSSL FIPS Provider for AlmaLinux 9
Table 16: Hardness Testing Temperatures Not applicable. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9
This module does not implement any non-invasive security mechanism, and therefore this section is not applicable. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution. SSPs are stored until they are zeroized by the operator (using a zeroization call or removing power from the module) or zeroized automatically |
| Name | Type | From | To | ||
|---|---|---|---|---|---|
| API input parameters | Plaintext | Operator calling application (TOEPP) | Cryptographic module | Manual | Electronic |
| API output parameters | Plaintext | Cryptographic module | Operator calling application (TOEPP) | Manual | Electronic |
| Zeroization | Description | Rationale | Operator | ||
|---|---|---|---|---|---|
| Method | Initiation | ||||
| Free cipher handle | Zeroizes the SSPs contained within the cipher handle. | By calling the appropriate zeroization functions: AES key: EVP_CIPHER_CTX_free and EVP_MAC_CTX_free; HMAC key: EVP_MAC_CTX_free; Key-derivation key: EVP_KDF_CTX_free; Shared secret: EVP_KDF_CTX_free; Password: EVP_KDF_CTX_free; KBKDF Derived Key: EVP_KDF_CTX_free; HKDF Derived Key: EVP_KDF_CTX_free; TLS Derived Key: EVP_KDF_CTX_free; SSH Derived Key: EVP_KDF_CTX_free; X9.63 Derived Key: EVP_KDF_CTX_free; X9.42 Derived Key: EVP_KDF_CTX_free; PBKDF Derived Key: EVP_KDF_CTX_free; KDA OneStep Derived | By calling the cipher related zeroization API |
OpenSSL FIPS Provider for AlmaLinux 9
Table 17: Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in
Table 18: SSP Input-Output Methods
© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Type | Description | Strength | Zeroization | Use | Operator Initiation |
|---|---|---|---|---|---|---|
| Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. | Automatically zeroized by the module when no longer needed | Automatic | N/A | |||
| Volatile memory used by the module is overwritten within nanoseconds when power is removed. | De-allocates the volatile memory used to store SSPs | Module Reset | By unloading and reloading the module | |||
| AES key | Symmetric key - CSP | AES key used for encryption, decryption, and computing MAC tags | AES-XTS: 256, 512 bits; Other modes: 128, 192, 256 bits - AES-XTS: 128, 256 bits; Other modes: | Symmetric Encryption with AES Symmetric Decryption with AES Key wrapping with AES-KW Key wrapping |
| Name | Type | Description | Strength | Zeroization | Use | Operator Initiation |
|---|---|---|---|---|---|---|
| Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. | Automatically zeroized by the module when no longer needed | Automatic | N/A | |||
| Volatile memory used by the module is overwritten within nanoseconds when power is removed. | De-allocates the volatile memory used to store SSPs | Module Reset | By unloading and reloading the module | |||
| AES key | Symmetric key - CSP | AES key used for encryption, decryption, and computing MAC tags | AES-XTS: 256, 512 bits; Other modes: 128, 192, 256 bits - AES-XTS: 128, 256 bits; Other modes: | Symmetric Encryption with AES Symmetric Decryption with AES Key wrapping with AES-KW Key wrapping |
OpenSSL FIPS Provider for AlmaLinux 9 N/A Table 19: SSP Zeroization Methods The application that uses the module is responsible for the appropriate zeroization of SSPs. The module provides key allocation and destruction functions, which overwrites the memory occupied by the SSP´s information with zeros before its deallocation. Memory allocation of SSPs is performed by the OPENSSL_malloc() API call and the application in use of the module is responsible for the calling of the appropriate zeroization functions from the OpenSSL API. The zeroization functions then overwrite the memory OPENSSL_cleanse() should be used to overwrite sensitive data such as private keys. In case of abnormal termination, or swap in/out of a physical memory page of a process, the SSPs in physical memory are overwritten by the Linux kernel before the physical memory is allocated to another process. All data output is inhibited during zeroization. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Type | Description | Strength | Generation | Use |
|---|---|---|---|---|---|
| HMAC key | Symmetric key - CSP | HMAC key used for computing MAC tags | 112- 524288 bits - 112- 256 bits | Message Authenticati on Code | |
| RSA private key | Private key - CSP | RSA private key | 2048- 16384 bits - 112-256 bits | Key Pair Generati on with RSA | Signature Generation Key Pair Generation with RSA |
| RSA public key | Public key - PSP | RSA public key | Signature verification : 1024- 16384 bits; Key pair generation: 2048- 16384 bits - Signature verification : 80-256 | Key Pair Generati on with RSA | Signature Verification Key Pair Generation with RSA |
| DH Private key | Private key - CSP | DH Private key | 2048-8192 bits - 112- 200 bits | Key Pair Generati on with Safe Primes | Shared Secret Computatio n with DH Key Pair Generation with Safe Primes Key Pair Verification with Safe Primes |
| DH Public key | Public key - PSP | DH Public key | 2048-8192 bits - 112- 200 bits | Key Pair Generati on with Safe Primes | Shared Secret Computatio n with DH Key Pair Generation with Safe Primes Key Pair Verification with Safe Primes |
| EC Private key | Private key - CSP | EC Private key used by ECDSA and ECDH | P-224, P- 256, P-384, P-521 bits - 112, 128, 192, 256 bits | Key Pair Generati on with ECDSA | Shared Secret Computatio n with ECDH Signature Generation Key Pair Verification with ECDSA |
| EC Public key | Public key - PSP | EC Public key used by ECDSA and ECDH | P-224, P- 256, P-384, P-521 bits - 112, 128, 192, 256 bits | Key Pair Generati on with ECDSA | Signature Verification Shared Secret Computatio n with ECDH Key Pair Verification with ECDSA |
| Key Derivation Key | Symmetric key - CSP | Symmetric key used to derive symmetric keys | 112-4096 bits - 112- 256 bits | Key Derivation with KBKDF |
OpenSSL FIPS Provider for AlmaLinux 9 with AESKWP with AESGCM with AESCCM with AESKWP with AESGCM with AESCCM 112524288 bits - 112256 bits
© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 bits - 112200 bits bits - 112200 bits bits - 112256 bits © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Type | Description | Strength | Generation | Use | |
|---|---|---|---|---|---|---|
| KBKDF Derived Key | Symmetric key - CSP | Symmetric key derived from a key-derivation key | 112-4096 bits - 112- 256 bits | Key Derivatio n with KBKDF | Key Derivation with KBKDF | |
| HKDF Derived Key | Symmetric key - CSP | Symmetric key derived from a shared secret | 224-8192 bits - 112- 256 bits | Key Derivatio n with HKDF | Key Derivation with HKDF | |
| SSH Derived Key | Symmetric key - CSP | Symmetric key derived from a shared secret | 224-8192 bits - 112- 256 bits | Key Derivatio n with SSH KDF | Key Derivation with SSH KDF | |
| X9.63 Derived Key | Symmetric key - CSP | Symmetric key derived from a shared secret | 224-8192 bits - 112- 256 bits | Key Derivatio n with X9.63 KDF | Key Derivation with X9.63 KDF | |
| X9.42 Derived Key | Symmetric key - CSP | Symmetric key derived from a shared secret | 224-8192 bits - 112- 256 bits | Key Derivatio n with X9.42 KDF | Key Derivation with X9.42 KDF | |
| Password or passphras e | Password - CSP | Password or passphrase used by PBKDF to derive symmetric keys | 8-128 characters - N/A | Password- based Key Derivation | ||
| PBKDF Derived Key | Symmetric key - CSP | Key derived from PBKDF password/passphr ase during key derivation | 112-4096 bits - 112- 256 bits | Password -based Key Derivatio n | Password- based Key Derivation | |
| KDA OneStep Derived Key | Symmetric key - CSP | Symmetric key derived from a shared secret | 224-8192 bits - 112- 256 bits | Key Derivatio n with KDA OneStep | Key Derivation with KDA OneStep | |
| TLS Derived Key | Symmetric key - CSP | Derived key used in Transport Layer Security (TLS) network protocol | 224-8192 bits - 112- 256 bits | TLS Key Derivatio n | ||
| Shared Secret | Shared Secret - CSP | Shared secret generated by ECDH/DH shared | 224-8912 bits - 112- 256 bits | Shared Secret Computatio n with DH | Shared Secret Computati on with DH | |
| secret computation | secret computation | Shared Secret Computatio n with ECDH Key Derivation with KDA OneStep Key Derivation with HKDF Key Derivation with SSH KDF TLS Key Derivation Key Derivation with X9.63 KDF Key Derivation with X9.42 KDF | Shared Secret Computati on with ECDH | |||
| Entropy input | Entropy Input - CSP | Entropy input string used to seed the DRBG (IG D.L compliant) | 128-384 bits - 128- 384 bits | Random Number Generation | ||
| DRGB seed | Seed - CSP | DRBG seed derived from entropy input (IG D.L compliant) | CTR_DRBG: 256, 320, 348 bits; Hash_DRB G: 440, 888 bits; HMAC_DRB G: 160, 256, 512 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRB G, Hash_DRB G: 128, 256 | Random Number Generati on | Random Number Generation | |
| DRBG internal state (V value, C value) | Internal state - CSP | Internal state of the Hash_DRBG (IG D.L compliant) | 880, 1776 bits - 128, 256 bits | Random Number Generati on | Random Number Generation |
OpenSSL FIPS Provider for AlmaLinux 9 bits - 112256 bits bits - 112256 bits bits - 112256 bits bits - 112256 bits bits - 112256 bits e - N/A bits - 112256 bits n Passwordbased Key bits - 112256 bits bits - 112256 bits n bits - 112256 bits Passwordbased Key © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 bits - 128384 bits G, © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| DRBG internal state (V value, Key) | Internal state - CSP | Internal state of the CTR_DRBG and HMAC_DRBG (IG D.L compliant) | CTR_DRBG: 256, 320, 348 bits; HMAC_DRB G: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRB G: 128, 256 | Random Number Generati on | Random Number Generation | |||||
| Intermedia te key generation value | Intermedia te value - CSP | Intermediate key pair generation value generated during key generation and key derivation services (SP 800- 133r2 Section 4, 5.1, and 5.2) | 112-256 - 112-256 bits | Key Pair Generati on with RSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe Primes | Key Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe Primes | |||||
| AES key | RAM:Plaintext | Free cipher handle Module Reset | API input parameters | From service invocation until cipherhandle is freed | ||||||
| HMAC key | RAM:Plaintext | Free cipher handle Module Reset | API input parameters | From service invocation until cipherhandle is freed | ||||||
| RSA private key | RAM:Plaintext | Free cipher handle Module Reset | API input parameters API output parameters | From service invocation until cipherhandle is freed | RSA Public key:Paired With Intermediate key generation value:Generated From | |||||
| RSA public key | RAM:Plaintext | Free cipher handle | API input parameters | From service invocation until | RSA private key:Paired With Intermediate key |
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| DRBG internal state (V value, Key) | Internal state - CSP | Internal state of the CTR_DRBG and HMAC_DRBG (IG D.L compliant) | CTR_DRBG: 256, 320, 348 bits; HMAC_DRB G: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRB G: 128, 256 | Random Number Generati on | Random Number Generation | |||||
| Intermedia te key generation value | Intermedia te value - CSP | Intermediate key pair generation value generated during key generation and key derivation services (SP 800- 133r2 Section 4, 5.1, and 5.2) | 112-256 - 112-256 bits | Key Pair Generati on with RSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe Primes | Key Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe Primes | |||||
| AES key | RAM:Plaintext | Free cipher handle Module Reset | API input parameters | From service invocation until cipherhandle is freed | ||||||
| HMAC key | RAM:Plaintext | Free cipher handle Module Reset | API input parameters | From service invocation until cipherhandle is freed | ||||||
| RSA private key | RAM:Plaintext | Free cipher handle Module Reset | API input parameters API output parameters | From service invocation until cipherhandle is freed | RSA Public key:Paired With Intermediate key generation value:Generated From | |||||
| RSA public key | RAM:Plaintext | Free cipher handle | API input parameters | From service invocation until | RSA private key:Paired With Intermediate key |
OpenSSL FIPS Provider for AlmaLinux 9 Table 20: SSP Table 1 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Generation | Storage | Zeroization | Output | Cipherhandle is freed |
|---|---|---|---|---|---|
| DH Private key | DH Public key:Paired With Intermediate key generation value:Generated From | RAM:Plaintext | Free cipher handle Module Reset | API input parameters API output parameters | From service invocation until cipherhandle is freed |
| DH Public key | DH Private key:Paired With Intermediate key generation value:Generated From | RAM:Plaintext | Free cipher handle Module Reset | API input parameters API output parameters | From service invocation until cipherhandle is freed |
| EC Private key | EC Public key:Paired With Intermediate key generation value:Generated From | RAM:Plaintext | Free cipher handle Module Reset | API input parameters API output parameters | From service invocation until cipherhandle is freed |
| EC Public key | EC private key:Paired With Intermediate key generation value:Generated From | RAM:Plaintext | Free cipher handle Module Reset | API input parameters API output parameters | From service invocation until cipherhandle is freed |
| Key Derivation Key | KBKDF Derived Key:Derives | RAM:Plaintext | Free cipher handle Module Reset | API input parameters | From service invocation until cipherhandle is freed |
| KBKDF Derived Key | Key-derivation key:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until cipherhandle is freed |
| HKDF Derived Key | Shared secret:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until cipherhandle is freed |
| SSH Derived Key | Shared secret:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until |
| X9.63 Derived Key | Shared secret:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until cipherhandle is freed |
| X9.42 Derived Key | Shared secret:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until cipherhandle is freed |
| Password or passphrase | PBKDF Derived Key:Derives | RAM:Plaintext | Free cipher handle Module Reset | API input parameters | From service invocation until cipherhandle is freed |
| PBKDF Derived Key | Password or passphrase:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until cipherhandle is freed |
| KDA OneStep Derived Key | Shared secret:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until cipherhandle is freed |
| TLS Derived Key | Shared secret:Derived From | RAM:Plaintext | Free cipher handle Module Reset | API output parameters | From service invocation until cipherhandle is freed |
| Shared Secret | DH private key:Established By DH public key:Established By EC private key:Established By EC public key:Established By HKDF Derived Key:Derives KDA OneStep Derived Key:Derives TLS Derived Key:Derives SSH Derived Key:Derives | RAM:Plaintext | Free cipher handle Module Reset | API input parameters API output parameters | From service invocation until cipherhandle is freed |
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Storage | Zeroization | Related SSPs X9.63 Derived Key:Derives X9.42 Derived Key:Derives | |
|---|---|---|---|---|
| Entropy input | RAM:Plaintext | Automatic Module Reset | From generation until DRBG seed is created | DRBG seed:Derives |
| DRGB seed | RAM:Plaintext | Automatic Module Reset | While the DRBG is instantiated | Entropy input:Derived From DRBG internal state (V value, C value):Generates DRBG internal state (V value, Key):Generates |
| DRBG internal state (V value, C value) | RAM:Plaintext | Free cipher handle Module Reset | From DRBG instantiation until DRBG termination | DRBG seed:Generated From |
| DRBG internal state (V value, Key) | RAM:Plaintext | Free cipher handle Module Reset | From DRBG instantiation until DRBG termination | DRBG seed:Generated From |
| Intermediate key generation value | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | DH private key:Generates DH public key:Generates EC private key:Generates EC public key:Generates RSA private key:Generates RSA public key:Generates |
OpenSSL FIPS Provider for AlmaLinux 9 Table 21: SSP Table 2
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A4060) | HMAC- SHA2-256 (A4060) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | 256-bits key | Module becomes operational and services are available for use | |
| SHA-1 (A4059) | SHA-1 (A4059) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test |
| SHA-1 (A4079) | SHA-1 (A4079) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test |
| SHA-1 (A4080) | SHA-1 (A4080) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A4060) | HMAC- SHA2-256 (A4060) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | 256-bits key | Module becomes operational and services are available for use | |||
| SHA-1 (A4059) | SHA-1 (A4059) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A4079) | SHA-1 (A4079) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A4080) | SHA-1 (A4080) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the | ||
| SHA-1 (A4081) | SHA-1 (A4081) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A4082) | SHA-1 (A4082) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A4059) | SHA2-512 (A4059) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A4079) | SHA2-512 (A4079) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A4080) | SHA2-512 (A4080) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A4081) | SHA2-512 (A4081) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A4082) | SHA2-512 (A4082) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA3-256 (A4055) | SHA3-256 (A4055) | KAT | CAST | Message digest | 32-bit message | Module becomes operational | Test runs at power-on before the | ||
| AES-GCM (A4067) | AES-GCM (A4067) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4068) | AES-GCM (A4068) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4069) | AES-GCM (A4069) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4070) | AES-GCM (A4070) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4071) | AES-GCM (A4071) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4072) | AES-GCM (A4072) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4073) | AES-GCM (A4073) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4074) | AES-GCM (A4074) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the | ||
| AES-GCM (A4075) | AES-GCM (A4075) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4076) | AES-GCM (A4076) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4077) | AES-GCM (A4077) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4078) | AES-GCM (A4078) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4067) | AES-GCM (A4067) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4068) | AES-GCM (A4068) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4069) | AES-GCM (A4069) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4070) | AES-GCM (A4070) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the | ||
| AES-GCM (A4071) | AES-GCM (A4071) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4072) | AES-GCM (A4072) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4073) | AES-GCM (A4073) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4074) | AES-GCM (A4074) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4075) | AES-GCM (A4075) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4076) | AES-GCM (A4076) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4077) | AES-GCM (A4077) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A4078) | AES-GCM (A4078) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, decrypt | Module becomes operational | Test runs at power-on before the | ||
| AES-ECB (A4054) | AES-ECB (A4054) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4056) | AES-ECB (A4056) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4057) | AES-ECB (A4057) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4058) | AES-ECB (A4058) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4061) | AES-ECB (A4061) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4062) | AES-ECB (A4062) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4063) | AES-ECB (A4063) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4064) | AES-ECB (A4064) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the | ||
| AES-ECB (A4065) | AES-ECB (A4065) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4066) | AES-ECB (A4066) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-4) (A4059) | RSA SigGen (FIPS186-4) (A4059) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-4) (A4079) | RSA SigGen (FIPS186-4) (A4079) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-4) (A4080) | RSA SigGen (FIPS186-4) (A4080) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-4) (A4081) | RSA SigGen (FIPS186-4) (A4081) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-4) (A4082) | RSA SigGen (FIPS186-4) (A4082) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-4) (A4059) | RSA SigVer (FIPS186-4) (A4059) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 | Module becomes operational | Test runs at power-on before the | ||
| and 2048- bit key | and 2048- bit key | integrity test | |||||||
| RSA SigVer (FIPS186-4) (A4079) | RSA SigVer (FIPS186-4) (A4079) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-4) (A4080) | RSA SigVer (FIPS186-4) (A4080) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-4) (A4081) | RSA SigVer (FIPS186-4) (A4081) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-4) (A4082) | RSA SigVer (FIPS186-4) (A4082) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-4) (A4055) | ECDSA SigGen (FIPS186-4) (A4055) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-4) (A4059) | ECDSA SigGen (FIPS186-4) (A4059) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-4) (A4079) | ECDSA SigGen (FIPS186-4) (A4079) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-4) (A4080) | ECDSA SigGen (FIPS186-4) (A4080) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- | Module becomes operational | Test runs at power-on before the | ||
| 384, and P- 521 | 384, and P- 521 | integrity test | |||||||
| ECDSA SigGen (FIPS186-4) (A4081) | ECDSA SigGen (FIPS186-4) (A4081) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-4) (A4082) | ECDSA SigGen (FIPS186-4) (A4082) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-4) (A4055) | ECDSA SigVer (FIPS186-4) (A4055) | KAT | CAST | Digital signature verification | SHA-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-4) (A4059) | ECDSA SigVer (FIPS186-4) (A4059) | KAT | CAST | Digital signature verification | SHA-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-4) (A4079) | ECDSA SigVer (FIPS186-4) (A4079) | KAT | CAST | Digital signature verification | SHA-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-4) (A4080) | ECDSA SigVer (FIPS186-4) (A4080) | KAT | CAST | Digital signature verification | SHA-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-4) (A4081) | ECDSA SigVer (FIPS186-4) (A4081) | KAT | CAST | Digital signature verification | SHA-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-4) (A4082) | ECDSA SigVer (FIPS186-4) (A4082) | KAT | CAST | Digital signature verification | SHA-256 | Module becomes operational | Test runs at power-on before the | ||
| KDF SP800- 108 (A4084) | KDF SP800- 108 (A4084) | KAT | CAST | Key Derivation with KBKDF | HMAC- SHA2-256 in counter mode and 128-bit input key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDA OneStep SP800- 56Cr2 (A4051) | KDA OneStep SP800- 56Cr2 (A4051) | KAT | CAST | Shared secret key derivation | SHA2-224 and 448-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDA HKDF Sp800- 56Cr1 (A4052) | KDA HKDF Sp800- 56Cr1 (A4052) | KAT | CAST | Shared secret key derivation | SHA2-256 and 48-bit secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A4055) | KDF ANS 9.42 (A4055) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A4059) | KDF ANS 9.42 (A4059) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A4079) | KDF ANS 9.42 (A4079) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A4080) | KDF ANS 9.42 (A4080) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A4081) | KDF ANS 9.42 (A4081) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 | Module becomes operational | Test runs at power-on before the | ||
| and 160-bit input secret | and 160-bit input secret | integrity test | |||||||
| KDF ANS 9.42 (A4082) | KDF ANS 9.42 (A4082) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A4055) | KDF ANS 9.63 (A4055) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A4059) | KDF ANS 9.63 (A4059) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A4079) | KDF ANS 9.63 (A4079) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A4080) | KDF ANS 9.63 (A4080) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A4081) | KDF ANS 9.63 (A4081) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A4082) | KDF ANS 9.63 (A4082) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A4054) | KDF SSH (A4054) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the | ||
| KDF SSH (A4064) | KDF SSH (A4064) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A4065) | KDF SSH (A4065) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A4066) | KDF SSH (A4066) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A4059) | TLS v1.2 KDF RFC7627 (A4059) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A4079) | TLS v1.2 KDF RFC7627 (A4079) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A4080) | TLS v1.2 KDF RFC7627 (A4080) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A4081) | TLS v1.2 KDF RFC7627 (A4081) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A4082) | TLS v1.2 KDF RFC7627 (A4082) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the | ||
| TLS v1.3 KDF (A4052) | TLS v1.3 KDF (A4052) | KAT | CAST | TLS v1.3 KDF key derivation | SHA2-256, extract and expand modes | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A4055) | PBKDF (A4055) | KAT | CAST | Password- based Key Derivation | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A4059) | PBKDF (A4059) | KAT | CAST | Password- based Key Derivation | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A4079) | PBKDF (A4079) | KAT | CAST | Password- based Key Derivation | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A4080) | PBKDF (A4080) | KAT | CAST | Password- based Key Derivation | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A4081) | PBKDF (A4081) | KAT | CAST | Password- based Key Derivation | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A4082) | PBKDF (A4082) | KAT | CAST | Password- based Key Derivation | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| Counter DRBG (A4053) | Counter DRBG (A4053) | KAT | CAST | Instantiate; Generate; Reseed (compliant to SP 800- | AES-128 with derivation function and | Module becomes operational | Test runs at power-on before the | ||
| prediction resistance | 90Arev1 Section 11.3) | prediction resistance | integrity test | ||||||
| Hash DRBG (A4053) | Hash DRBG (A4053) | KAT | CAST | Instantiate; Generate; Reseed (compliant to SP 800- 90Arev1 Section 11.3) | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC DRBG (A4053) | HMAC DRBG (A4053) | KAT | CAST | Instantiate; Generate; Reseed (compliant to SP 800- 90Arev1 Section 11.3) | HMAC-SHA- 1 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-FFC- SSC Sp800- 56Ar3 (A4085) | KAS-FFC- SSC Sp800- 56Ar3 (A4085) | KAT | CAST | Shared secret computation | ffdhe2048 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A4059) | KAS-ECC- SSC Sp800- 56Ar3 (A4059) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A4079) | KAS-ECC- SSC Sp800- 56Ar3 (A4079) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A4080) | KAS-ECC- SSC Sp800- 56Ar3 (A4080) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A4081) | KAS-ECC- SSC Sp800- 56Ar3 (A4081) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A4082) | KAS-ECC- SSC Sp800- 56Ar3 (A4082) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| Safe Primes Key Generation (A4085) | Safe Primes Key Generation (A4085) | PCT | PCT | SP 800- 56Arev3 Section 5.6.2.1.4 | N/A | Key pair generation is successful | Key pair generation | ||
| RSA KeyGen (FIPS186-4) (A4059) | RSA KeyGen (FIPS186-4) (A4059) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-4) (A4079) | RSA KeyGen (FIPS186-4) (A4079) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-4) (A4080) | RSA KeyGen (FIPS186-4) (A4080) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-4) (A4081) | RSA KeyGen (FIPS186-4) (A4081) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-4) (A4082) | RSA KeyGen (FIPS186-4) (A4082) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-4) (A4059) | ECDSA KeyGen (FIPS186-4) (A4059) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-4) (A4079) | ECDSA KeyGen (FIPS186-4) (A4079) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen | ECDSA KeyGen | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-4) (A4081) | ECDSA KeyGen (FIPS186-4) (A4081) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-4) (A4082) | ECDSA KeyGen (FIPS186-4) (A4082) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| HMAC-SHA2- 256 (A4060) | HMAC-SHA2- 256 (A4060) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| SHA-1 (A4059) | SHA-1 (A4059) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4079) | SHA-1 (A4079) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4080) | SHA-1 (A4080) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4081) | SHA-1 (A4081) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4082) | SHA-1 (A4082) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4059) | SHA2-512 (A4059) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4079) | SHA2-512 (A4079) | KAT | CAST | On Demand | Manually |
OpenSSL FIPS Provider for AlmaLinux 9
HMACSHA2-256 Table 22: Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is initialized, before the module transitions into the operational state. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully. Prior the first use, a CAST is executed for the algorithms used in the Pre-operational SelfTests.
© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 P-256, P384, and P521 P-256, P384, and P521 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 KDF SP800108 SP80056Cr2 Sp80056Cr1 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 SP 80090Arev1 HMAC-SHA1 SP 80090Arev1 KAS-FFCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 KAS-ECCSSC Sp80056Ar3 N/A SP 80056Arev3 5.6.2.1.4 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| ECDSA KeyGen (FIPS186-4) (A4081) | ECDSA KeyGen (FIPS186-4) (A4081) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-4) (A4082) | ECDSA KeyGen (FIPS186-4) (A4082) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| HMAC-SHA2- 256 (A4060) | HMAC-SHA2- 256 (A4060) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| SHA-1 (A4059) | SHA-1 (A4059) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4079) | SHA-1 (A4079) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4080) | SHA-1 (A4080) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4081) | SHA-1 (A4081) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4082) | SHA-1 (A4082) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4059) | SHA2-512 (A4059) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4079) | SHA2-512 (A4079) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4080) | SHA2-512 (A4080) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4081) | SHA2-512 (A4081) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4082) | SHA2-512 (A4082) | KAT | CAST | On Demand | Manually | ||||
| SHA3-256 (A4055) | SHA3-256 (A4055) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4067) | AES-GCM (A4067) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4068) | AES-GCM (A4068) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4069) | AES-GCM (A4069) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4070) | AES-GCM (A4070) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4071) | AES-GCM (A4071) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4072) | AES-GCM (A4072) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4073) | AES-GCM (A4073) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4074) | AES-GCM (A4074) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4075) | AES-GCM (A4075) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4076) | AES-GCM (A4076) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4077) | AES-GCM (A4077) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4078) | AES-GCM (A4078) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4067) | AES-GCM (A4067) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4068) | AES-GCM (A4068) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4069) | AES-GCM (A4069) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4070) | AES-GCM (A4070) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4071) | AES-GCM (A4071) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4072) | AES-GCM (A4072) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4073) | AES-GCM (A4073) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4074) | AES-GCM (A4074) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4075) | AES-GCM (A4075) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4076) | AES-GCM (A4076) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4077) | AES-GCM (A4077) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A4078) | AES-GCM (A4078) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4054) | AES-ECB (A4054) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4056) | AES-ECB (A4056) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4057) | AES-ECB (A4057) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4058) | AES-ECB (A4058) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4061) | AES-ECB (A4061) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4062) | AES-ECB (A4062) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4063) | AES-ECB (A4063) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4064) | AES-ECB (A4064) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4065) | AES-ECB (A4065) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4066) | AES-ECB (A4066) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A4059) | RSA SigGen (FIPS186-4) (A4059) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A4079) | RSA SigGen (FIPS186-4) (A4079) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A4080) | RSA SigGen (FIPS186-4) (A4080) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A4081) | RSA SigGen (FIPS186-4) (A4081) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A4082) | RSA SigGen (FIPS186-4) (A4082) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A4059) | RSA SigVer (FIPS186-4) (A4059) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A4079) | RSA SigVer (FIPS186-4) (A4079) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A4080) | RSA SigVer (FIPS186-4) (A4080) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A4081) | RSA SigVer (FIPS186-4) (A4081) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A4082) | RSA SigVer (FIPS186-4) (A4082) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A4055) | ECDSA SigGen (FIPS186-4) (A4055) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A4059) | ECDSA SigGen (FIPS186-4) (A4059) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A4079) | ECDSA SigGen (FIPS186-4) (A4079) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A4080) | ECDSA SigGen (FIPS186-4) (A4080) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A4081) | ECDSA SigGen (FIPS186-4) (A4081) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A4082) | ECDSA SigGen (FIPS186-4) (A4082) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A4055) | ECDSA SigVer (FIPS186-4) (A4055) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A4059) | ECDSA SigVer (FIPS186-4) (A4059) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A4079) | ECDSA SigVer (FIPS186-4) (A4079) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A4080) | ECDSA SigVer (FIPS186-4) (A4080) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A4081) | ECDSA SigVer (FIPS186-4) (A4081) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A4082) | ECDSA SigVer (FIPS186-4) (A4082) | KAT | CAST | On Demand | Manually | ||||
| KDF SP800-108 (A4084) | KDF SP800-108 (A4084) | KAT | CAST | On Demand | Manually | ||||
| KDA OneStep SP800-56Cr2 (A4051) | KDA OneStep SP800-56Cr2 (A4051) | KAT | CAST | On Demand | Manually | ||||
| KDA HKDF Sp800-56Cr1 (A4052) | KDA HKDF Sp800-56Cr1 (A4052) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A4055) | KDF ANS 9.42 (A4055) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A4059) | KDF ANS 9.42 (A4059) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A4079) | KDF ANS 9.42 (A4079) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A4080) | KDF ANS 9.42 (A4080) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A4081) | KDF ANS 9.42 (A4081) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A4082) | KDF ANS 9.42 (A4082) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A4055) | KDF ANS 9.63 (A4055) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A4059) | KDF ANS 9.63 (A4059) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A4079) | KDF ANS 9.63 (A4079) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A4080) | KDF ANS 9.63 (A4080) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A4081) | KDF ANS 9.63 (A4081) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A4082) | KDF ANS 9.63 (A4082) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A4054) | KDF SSH (A4054) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A4064) | KDF SSH (A4064) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A4065) | KDF SSH (A4065) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A4066) | KDF SSH (A4066) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A4059) | TLS v1.2 KDF RFC7627 (A4059) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A4079) | TLS v1.2 KDF RFC7627 (A4079) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A4080) | TLS v1.2 KDF RFC7627 (A4080) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A4081) | TLS v1.2 KDF RFC7627 (A4081) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A4082) | TLS v1.2 KDF RFC7627 (A4082) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.3 KDF (A4052) | TLS v1.3 KDF (A4052) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A4055) | PBKDF (A4055) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A4059) | PBKDF (A4059) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A4079) | PBKDF (A4079) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A4080) | PBKDF (A4080) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A4081) | PBKDF (A4081) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A4082) | PBKDF (A4082) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A4053) | Counter DRBG (A4053) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A4053) | Hash DRBG (A4053) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A4053) | HMAC DRBG (A4053) | KAT | CAST | On Demand | Manually | ||||
| KAS-FFC-SSC Sp800-56Ar3 (A4085) | KAS-FFC-SSC Sp800-56Ar3 (A4085) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4059) | KAS-ECC-SSC Sp800-56Ar3 (A4059) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4079) | KAS-ECC-SSC Sp800-56Ar3 (A4079) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4080) | KAS-ECC-SSC Sp800-56Ar3 (A4080) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4081) | KAS-ECC-SSC Sp800-56Ar3 (A4081) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4082) | KAS-ECC-SSC Sp800-56Ar3 (A4082) | KAT | CAST | On Demand | Manually | ||||
| Safe Primes Key Generation (A4085) | Safe Primes Key Generation (A4085) | PCT | PCT | On Demand | Manually | ||||
| Safe Primes Key Generation (A4085) | Safe Primes Key Generation (A4085) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A4059) | RSA KeyGen (FIPS186-4) (A4059) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A4079) | RSA KeyGen (FIPS186-4) (A4079) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A4080) | RSA KeyGen (FIPS186-4) (A4080) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A4081) | RSA KeyGen (FIPS186-4) (A4081) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A4082) | RSA KeyGen (FIPS186-4) (A4082) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A4059) | ECDSA KeyGen (FIPS186-4) (A4059) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A4079) | ECDSA KeyGen (FIPS186-4) (A4079) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A4080) | ECDSA KeyGen (FIPS186-4) (A4080) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A4081) | ECDSA KeyGen (FIPS186-4) (A4081) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A4082) | ECDSA KeyGen (FIPS186-4) (A4082) | PCT | PCT | On Demand | Manually |
OpenSSL FIPS Provider for AlmaLinux 9 Table 23: Conditional Self-Tests Data output through the data output interface is inhibited during the conditional self-tests. The module does not return control to the calling application until the tests are completed. If any of these tests fails, the module transitions to the error state (Section 10.4 Error States).
Table 24: Pre-Operational Periodic Information © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 Table 25: Conditional Periodic Information © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error | If the module fails any of the self- tests, the module enters the error state. In the error state, the module immediately stops functioning and ends the application process | Software integrity test failure CAST failure | OSSL_PROV_PARAM_STATUS is set to 0. Module will not load. | Module reinitialization |
| PCT Error | Pairwise consistency test failure | PCT failure | Module is aborted | Module reinitialization |
OpenSSL FIPS Provider for AlmaLinux 9
Table 26: Error States the data output interface is inhibited, and the module no longer accepts inputs or requests (as the module is no longer running)
Both conditional and pre-operational self-tests can be executed on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. The pair-wise consistency tests can be invoked on demand by requesting the key pair generation service. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9
The module is distributed as a part of the AlmaLinux 9 OpenSSL package in the form of the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package. Before the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package is installed, the AlmaLinux 9 system must operate in the FIPS validated configuration. This can be achieved by switching the system into the FIPS-validated configuration after the installation. Execute the openssl list -providers command. Restart the system. The Crypto Officer must verify the AlmaLinux 9 system operates in the FIPS-validated configuration by executing the fips-mode-setup –check command, which should output “FIPS mode is enabled.”
After the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package is installed, the Crypto Officer must execute the openssl list -providers command. This command should display the base/default and FIPS providers as follows: Providers base name: OpenSSL Base Provider version: 3.0.7 status: active default name: OpenSSL Default Provider version: 3.0.7 status: active fips name: OpenSSL FIPS Provider for AlmaLinux 9 version: 3.0.7-1d2bd88ee26b3c90 status: active The cryptographic boundary consists only of the FIPS provider as listed. If any other OpenSSL or third-party provider is invoked, the user is not interacting with the module specified in this Security Policy.
There is no administrator guidance.
Not applicable © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package can be uninstalled from the AlmaLinux 9 system © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9
Certain cryptographic subroutines and algorithms are vulnerable to timing analysis. The module claims mitigation of timing-based side-channel attacks implementing two methods: Constant-time Implementations and Numeric Blinding:
OpenSSL FIPS Provider for AlmaLinux 9 Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard API Application Programming Interface CAST Cryptographic Algorithm Self-Test CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CKG Cryptographic Key Generation CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter DH Diffie-Hellman DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithm EVP Envelope FFC Finite Field Cryptography FIPS Federal Information Processing Standards GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HKDF HMAC-based Key Derivation Function HMAC Keyed-Hash Message Authentication Code IKE Internet Key Exchange KAS Key Agreement Scheme KAT Known Answer Test KBKDF Key-based Key Derivation Function KW Key Wrap KWP Key Wrap with Padding MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PCT Pair-wise Consistency Test PBKDF2 Password-based Key Derivation Function v2 PSS Probabilistic Signature Scheme RSA Rivest, Shamir, Adleman © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 SHA Secure Hash Algorithm SSC Shared Secret Computation SSH Secure Shell SSP Sensitive Security Parameter TLS Transport Layer Security XOF Extendable Output Function XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 Appendix B. References ANS X9.42-2001 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9422001 ANS X9.63-2001 Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 FIPS 140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program March 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-modulevalidation-program/documents/fips%20140-3/FIPS%201403%20IG.pdf FIPS 180-4 Secure Hash Standard (SHS) August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) May 2003 https://www.ietf.org/rfc/rfc3526.txt RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS August 2008 https://www.ietf.org/rfc/rfc5288.txt RFC 7919 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) August 2016 https://www.ietf.org/rfc/rfc7919.txt RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 August 2018 https://www.ietf.org/rfc/rfc8446.txt SP 800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800140B.pdf SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38a-add.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038b.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality July 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38d.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38e.pdf SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038F.pdf SP 800-52r2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80052r2.pdf SP 800-56Ar3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Ar3.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 SP 800-56Cr1 Recommendation for Key-Derivation Methods in Key-Establishment Schemes April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Cr1.pdf SP 800-56Cr2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Cr2.pdf SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090Ar1.pdf SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090B.pdf SP 800-108r1 NIST Special Publication 800-108r1 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800108r1.pdf SP 800-132 Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -132.pdf SP 800-133r2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800133r2.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.
OpenSSL FIPS Provider for AlmaLinux 9 SP 800-135r1 Recommendation for Existing Application-Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -135r1.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.