All modules
CMVP Validated Module · FIPS 140-3 Security Policy

OpenSSL FIPS Provider for AlmaLinux 9

Certificate#4823StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCloudlinux Inc., TuxCare division
High review priority  ·  exposes network crypto parser/protocol  ·  OpenSSL upstream has published 39 CVEs since this module's initial validation  ·  last validated 21 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/6/2029
CaveatInterim validation. When operated in Approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy
VendorCloudlinux Inc., TuxCare division

Approved Algorithms (279)

AlgorithmACVP Cert
AES-CBCA4056
AES-CBCA4057
AES-CBCA4058
AES-CBCA4061
AES-CBCA4062
AES-CBCA4063
AES-CBC-CS1A4056
AES-CBC-CS1A4057
AES-CBC-CS1A4058
AES-CBC-CS1A4061
AES-CBC-CS1A4062
AES-CBC-CS1A4063
AES-CBC-CS2A4056
AES-CBC-CS2A4057
AES-CBC-CS2A4058
AES-CBC-CS2A4061
AES-CBC-CS2A4062
AES-CBC-CS2A4063
AES-CBC-CS3A4056
AES-CBC-CS3A4057
AES-CBC-CS3A4058
AES-CBC-CS3A4061
AES-CBC-CS3A4062
AES-CBC-CS3A4063
AES-CCMA4056
AES-CCMA4057
AES-CCMA4058
AES-CCMA4061
AES-CCMA4062
AES-CCMA4063
AES-CFB1A4056
AES-CFB1A4057
AES-CFB1A4058
AES-CFB1A4061
AES-CFB1A4062
AES-CFB1A4063
AES-CFB128A4056
AES-CFB128A4057
AES-CFB128A4058
AES-CFB128A4061
AES-CFB128A4062
AES-CFB128A4063
AES-CFB8A4056
AES-CFB8A4057
AES-CFB8A4058
AES-CFB8A4061
AES-CFB8A4062
AES-CFB8A4063
AES-CMACA4056
AES-CMACA4057
AES-CMACA4058
AES-CMACA4061
AES-CMACA4062
AES-CMACA4063
AES-CTRA4056
AES-CTRA4057
AES-CTRA4058
AES-CTRA4061
AES-CTRA4062
AES-CTRA4063
AES-ECBA4054
AES-ECBA4056
AES-ECBA4057
AES-ECBA4058
AES-ECBA4061
AES-ECBA4062
AES-ECBA4063
AES-ECBA4064
AES-ECBA4065
AES-ECBA4066
AES-GCMA4067
AES-GCMA4068
AES-GCMA4069
AES-GCMA4070
AES-GCMA4071
AES-GCMA4072
AES-GCMA4073
AES-GCMA4074
AES-GCMA4075
AES-GCMA4076
AES-GCMA4077
AES-GCMA4078
AES-GMACA4067
AES-GMACA4068
AES-GMACA4069
AES-GMACA4070
AES-GMACA4071
AES-GMACA4072
AES-GMACA4073
AES-GMACA4074
AES-GMACA4075
AES-GMACA4076
AES-GMACA4077
AES-GMACA4078
AES-KWA4056
AES-KWA4057
AES-KWA4058
AES-KWA4061
AES-KWA4062
AES-KWA4063
AES-KWPA4056
AES-KWPA4057
AES-KWPA4058
AES-KWPA4061
AES-KWPA4062
AES-KWPA4063
AES-OFBA4056
AES-OFBA4057
AES-OFBA4058
AES-OFBA4061
AES-OFBA4062
AES-OFBA4063
AES-XTS Testing Revision 2.0A4056
AES-XTS Testing Revision 2.0A4057
AES-XTS Testing Revision 2.0A4058
AES-XTS Testing Revision 2.0A4061
AES-XTS Testing Revision 2.0A4062
AES-XTS Testing Revision 2.0A4063
Counter DRBGA4053
ECDSA KeyGen (FIPS186-4)A4059
ECDSA KeyGen (FIPS186-4)A4079
ECDSA KeyGen (FIPS186-4)A4080
ECDSA KeyGen (FIPS186-4)A4081
ECDSA KeyGen (FIPS186-4)A4082
ECDSA KeyVer (FIPS186-4)A4059
ECDSA KeyVer (FIPS186-4)A4079
ECDSA KeyVer (FIPS186-4)A4080
ECDSA KeyVer (FIPS186-4)A4081
ECDSA KeyVer (FIPS186-4)A4082
ECDSA SigGen (FIPS186-4)A4055
ECDSA SigGen (FIPS186-4)A4059
ECDSA SigGen (FIPS186-4)A4079
ECDSA SigGen (FIPS186-4)A4080
ECDSA SigGen (FIPS186-4)A4081
ECDSA SigGen (FIPS186-4)A4082
ECDSA SigVer (FIPS186-4)A4055
ECDSA SigVer (FIPS186-4)A4059
ECDSA SigVer (FIPS186-4)A4079
ECDSA SigVer (FIPS186-4)A4080
ECDSA SigVer (FIPS186-4)A4081
ECDSA SigVer (FIPS186-4)A4082
Hash DRBGA4053
HMAC DRBGA4053
HMAC-SHA-1A4059
HMAC-SHA-1A4079
HMAC-SHA-1A4080
HMAC-SHA-1A4081
HMAC-SHA-1A4082
HMAC-SHA2-224A4059
HMAC-SHA2-224A4079
HMAC-SHA2-224A4080
HMAC-SHA2-224A4081
HMAC-SHA2-224A4082
HMAC-SHA2-256A4059
HMAC-SHA2-256A4060
HMAC-SHA2-256A4079
HMAC-SHA2-256A4080
HMAC-SHA2-256A4081
HMAC-SHA2-256A4082
HMAC-SHA2-384A4059
HMAC-SHA2-384A4079
HMAC-SHA2-384A4080
HMAC-SHA2-384A4081
HMAC-SHA2-384A4082
HMAC-SHA2-512A4059
HMAC-SHA2-512A4079
HMAC-SHA2-512A4080
HMAC-SHA2-512A4081
HMAC-SHA2-512A4082
HMAC-SHA2-512/224A4059
HMAC-SHA2-512/224A4079
HMAC-SHA2-512/224A4080
HMAC-SHA2-512/224A4081
HMAC-SHA2-512/224A4082
HMAC-SHA2-512/256A4059
HMAC-SHA2-512/256A4079
HMAC-SHA2-512/256A4080
HMAC-SHA2-512/256A4081
HMAC-SHA2-512/256A4082
HMAC-SHA3-224A4055
HMAC-SHA3-256A4055
HMAC-SHA3-384A4055
HMAC-SHA3-512A4055
KAS-ECC-SSC Sp800-56Ar3A4059
KAS-ECC-SSC Sp800-56Ar3A4079
KAS-ECC-SSC Sp800-56Ar3A4080
KAS-ECC-SSC Sp800-56Ar3A4081
KAS-ECC-SSC Sp800-56Ar3A4082
KAS-FFC-SSC Sp800-56Ar3A4085
KDA HKDF Sp800-56Cr1A4052
KDA OneStep SP800-56Cr2A4051
KDF ANS 9.42A4055
KDF ANS 9.42A4059
KDF ANS 9.42A4079
KDF ANS 9.42A4080
KDF ANS 9.42A4081
KDF ANS 9.42A4082
KDF ANS 9.63A4055
KDF ANS 9.63A4059
KDF ANS 9.63A4079
KDF ANS 9.63A4080
KDF ANS 9.63A4081
KDF ANS 9.63A4082
KDF SP800-108A4084
KDF SSHA4054
KDF SSHA4064
KDF SSHA4065
KDF SSHA4066
PBKDFA4055
PBKDFA4059
PBKDFA4079
PBKDFA4080
PBKDFA4081
PBKDFA4082
RSA KeyGen (FIPS186-4)A4059
RSA KeyGen (FIPS186-4)A4079
RSA KeyGen (FIPS186-4)A4080
RSA KeyGen (FIPS186-4)A4081
RSA KeyGen (FIPS186-4)A4082
RSA SigGen (FIPS186-4)A4059
RSA SigGen (FIPS186-4)A4079
RSA SigGen (FIPS186-4)A4080
RSA SigGen (FIPS186-4)A4081
RSA SigGen (FIPS186-4)A4082
RSA SigVer (FIPS186-4)A4059
RSA SigVer (FIPS186-4)A4079
RSA SigVer (FIPS186-4)A4080
RSA SigVer (FIPS186-4)A4081
RSA SigVer (FIPS186-4)A4082
Safe Primes Key GenerationA4085
Safe Primes Key GenerationA4085
SHA-1A4059
SHA-1A4079
SHA-1A4080
SHA-1A4081
SHA-1A4082
SHA2-224A4059
SHA2-224A4079
SHA2-224A4080
SHA2-224A4081
SHA2-224A4082
SHA2-256A4059
SHA2-256A4060
SHA2-256A4079
SHA2-256A4080
SHA2-256A4081
SHA2-256A4082
SHA2-384A4059
SHA2-384A4079
SHA2-384A4080
SHA2-384A4081
SHA2-384A4082
SHA2-512A4059
SHA2-512A4079
SHA2-512A4080
SHA2-512A4081
SHA2-512A4082
SHA2-512/224A4059
SHA2-512/224A4079
SHA2-512/224A4080
SHA2-512/224A4081
SHA2-512/224A4082
SHA2-512/256A4059
SHA2-512/256A4079
SHA2-512/256A4080
SHA2-512/256A4081
SHA2-512/256A4082
SHA3-224A4055
SHA3-256A4055
SHA3-384A4055
SHA3-512A4055
SHAKE-128A4055
SHAKE-256A4055
TLS v1.2 KDF RFC7627A4059
TLS v1.2 KDF RFC7627A4079
TLS v1.2 KDF RFC7627A4080
TLS v1.2 KDF RFC7627A4081
TLS v1.2 KDF RFC7627A4082
TLS v1.3 KDFA4052

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other Attacks1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for OpenSSL FIPS Provider for AlmaLinux 9
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for OpenSSL FIPS Provider for AlmaLinux 9
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Cloudlinux Inc., TuxCare division OpenSSL FIPS Provider for AlmaLinux 9 Document Version 1.1 Last update: 2024-09-27 Prepared by: atsec information security corporation

4516 Seton Center Pkwy, Suite 250

Austin, TX 78759 www.atsec.com

Page 2

OpenSSL FIPS Provider for AlmaLinux 9 Table of Contents © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 3

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 4

OpenSSL FIPS Provider for AlmaLinux 9 List of Tables Table 2: Tested Module Identification

Page 5
Security level
NameISO SectionLevel
111
221
331
441
551
661
77N/A
88N/A
991
10101
11111
12121

OpenSSL FIPS Provider for AlmaLinux 9

1 General
1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for version 3.0.71d2bd88ee26b3c90 of the OpenSSL FIPS Provider for AlmaLinux 9. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module. intact and including this notice. Other documentation is proprietary to their authors.

1.2 Security Levels

N/A N/A Table 1: Security Levels © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 6

OpenSSL FIPS Provider for AlmaLinux 9

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The OpenSSL FIPS Provider for AlmaLinux 9 (hereafter referred to as “the module”) is defined as a software module in a multi-chip standalone embodiment. It provides a C language application program interface (API) for use by other applications that require cryptographic functionality. The module is a software library supporting FIPS 140-3 approved algorithms developed by TuxCare for its use by other applications that require cryptographic functionality and consists of one software component, the “FIPS provider”, which implements the FIPS requirements and the cryptographic functionality provided to the operator. Module Type: Software Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic boundary of the module is defined as the fips.so shared library, which contains the compiled code implementing the FIPS provider. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1 shows a block diagram that represents the design of the module when the module is operational and providing services to other user space applications. In this diagram, the physical perimeter of the operational environment (a general-purpose computer on which the module is installed) is indicated by a purple dashed line. The cryptographic boundary is represented by the components painted in orange blocks, which consists only of the shared library implementing the FIPS provider (fips.so). Green lines indicate the flow of data between the cryptographic module and its operator application, through the logical interfaces defined in Section 3 Cryptographic Module Interfaces. Components in white are only included in the diagram for informational purposes. They are not included in the cryptographic boundary (and therefore not part of the module’s validation). For example, the kernel is responsible for managing system calls issued by the module itself, as well as other applications using the module for cryptographic services. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 7
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
fips.so3.0.7- 1d2bd88ee26b3c90N/Afips.soHMAC-SHA2-256
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services3.0.7- 1d2bd88ee26b3c90Intel Xeon Platinum 8259CLWith and without PAA (AES-NI andN/A
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
fips.so3.0.7- 1d2bd88ee26b3c90N/Afips.soHMAC-SHA2-256
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services3.0.7- 1d2bd88ee26b3c90Intel Xeon Platinum 8259CLWith and without PAA (AES-NI andN/A
(AWS) m5.metal(AWS) m5.metalSHA Extensions)
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) a1.metal3.0.7- 1d2bd88ee26b3c90AWS GravitonWith and without PAA (Neon and Crypto Extensions)N/A

OpenSSL FIPS Provider for AlmaLinux 9 Figure 1 - Block Diagram

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 8
Service
NameDescriptionIndicatorType
Non- approved modeAutomatically entered whenever a non-approved service is requestedEquivalent to the indicator of the requested serviceNon- Approved

OpenSSL FIPS Provider for AlmaLinux 9 9.2 N/A 3.0.71d2bd88ee26b3c90 Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: N/A for this module. CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.

2.3 Excluded Components

There are no components excluded from the requirements of the FIPS 140-3 standard.

2.4 Modes of Operation

Modes List and Description: Nonapproved NonApproved After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. No operator intervention is required to reach this point. The module operates in the approved mode of operation by default and can only transition into the non-approved mode by calling one of In the operational state, the module accepts service requests from calling applications through its logical interfaces. At any point in the operational state, a calling application can end its process, causing the module to end its operation. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 9
Approved algorithm
NameCAVP CertReference
KDA OneStep SP800-56Cr2A4051SP 800-56C Rev. 2
KDA HKDF Sp800-56Cr1A4052SP 800-56C Rev. 2
TLS v1.3 KDF (CVL)A4052SP 800-135 Rev. 1
Counter DRBGA4053SP 800-90A Rev. 1
Hash DRBGA4053SP 800-90A Rev. 1
HMAC DRBGA4053SP 800-90A Rev. 1
AES-ECBA4054SP 800-38A
KDF SSH (CVL)A4054SP 800-135 Rev. 1
ECDSA SigGen (FIPS186-4)A4055FIPS 186-4
ECDSA SigVer (FIPS186-4)A4055FIPS 186-4
HMAC-SHA3-224A4055FIPS 198-1
HMAC-SHA3-256A4055FIPS 198-1
HMAC-SHA3-384A4055FIPS 198-1
HMAC-SHA3-512A4055FIPS 198-1
KDF ANS 9.42 (CVL)A4055SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A4055SP 800-135 Rev. 1
PBKDFA4055SP 800-132
SHA3-224A4055FIPS 202
SHA3-256A4055FIPS 202
SHA3-384A4055FIPS 202
SHA3-512A4055FIPS 202
SHAKE-128A4055FIPS 202
SHAKE-256A4055FIPS 202
AES-CBCA4056SP 800-38A
AES-CBC-CS1A4056SP 800-38A
AES-CBC-CS2A4056SP 800-38A
AES-CBC-CS3A4056SP 800-38A
AES-CCMA4056SP 800-38C
AES-CFB1A4056SP 800-38A
AES-CFB128A4056SP 800-38A
AES-CFB8A4056SP 800-38A
AES-CMACA4056SP 800-38B
AES-CTRA4056SP 800-38A
AES-ECBA4056SP 800-38A
AES-KWA4056SP 800-38F
AES-KWPA4056SP 800-38F
AES-OFBA4056SP 800-38A
AES-XTS Testing Revision 2.0A4056SP 800-38E
AES-CBCA4057SP 800-38A
AES-CBC-CS1A4057SP 800-38A
AES-CBC-CS2A4057SP 800-38A
AES-CBC-CS3A4057SP 800-38A
AES-CCMA4057SP 800-38C
AES-CFB1A4057SP 800-38A
AES-CFB128A4057SP 800-38A
AES-CFB8A4057SP 800-38A
AES-CMACA4057SP 800-38B
AES-CTRA4057SP 800-38A
AES-ECBA4057SP 800-38A
AES-KWA4057SP 800-38F
AES-KWPA4057SP 800-38F
AES-OFBA4057SP 800-38A
AES-XTS Testing Revision 2.0A4057SP 800-38E
AES-CBCA4058SP 800-38A
AES-CBC-CS1A4058SP 800-38A
AES-CBC-CS2A4058SP 800-38A
AES-CBC-CS3A4058SP 800-38A
AES-CCMA4058SP 800-38C
AES-CFB1A4058SP 800-38A
AES-CFB128A4058SP 800-38A
AES-CFB8A4058SP 800-38A
AES-CMACA4058SP 800-38B
AES-CTRA4058SP 800-38A
AES-ECBA4058SP 800-38A
AES-KWA4058SP 800-38F
AES-KWPA4058SP 800-38F
AES-OFBA4058SP 800-38A
AES-XTS Testing Revision 2.0A4058SP 800-38E
ECDSA KeyGen (FIPS186-4)A4059FIPS 186-4
ECDSA KeyVer (FIPS186-4)A4059FIPS 186-4
ECDSA SigGen (FIPS186-4)A4059FIPS 186-4
ECDSA SigVer (FIPS186-4)A4059FIPS 186-4
HMAC-SHA-1A4059FIPS 198-1
HMAC-SHA2-224A4059FIPS 198-1
HMAC-SHA2-256A4059FIPS 198-1
HMAC-SHA2-384A4059FIPS 198-1
HMAC-SHA2-512A4059FIPS 198-1
HMAC-SHA2-512/224A4059FIPS 198-1
HMAC-SHA2-512/256A4059FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4059SP 800-56A Rev. 3
KDF ANS 9.42 (CVL)A4059SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A4059SP 800-135 Rev. 1
PBKDFA4059SP 800-132
RSA KeyGen (FIPS186-4)A4059FIPS 186-4
RSA SigGen (FIPS186-4)A4059FIPS 186-4
RSA SigVer (FIPS186-4)A4059FIPS 186-4
SHA-1A4059FIPS 180-4
SHA2-224A4059FIPS 180-4
SHA2-256A4059FIPS 180-4
SHA2-384A4059FIPS 180-4
SHA2-512A4059FIPS 180-4
SHA2-512/224A4059FIPS 180-4
SHA2-512/256A4059FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4059SP 800-135 Rev. 1
HMAC-SHA2-256A4060FIPS 198-1
SHA2-256A4060FIPS 180-4
AES-CBCA4061SP 800-38A
AES-CBC-CS1A4061SP 800-38A
AES-CBC-CS2A4061SP 800-38A
AES-CBC-CS3A4061SP 800-38A
AES-CCMA4061SP 800-38C
AES-CFB1A4061SP 800-38A
AES-CFB128A4061SP 800-38A
AES-CFB8A4061SP 800-38A
AES-CMACA4061SP 800-38B
AES-CTRA4061SP 800-38A
AES-ECBA4061SP 800-38A
AES-KWA4061SP 800-38F
AES-KWPA4061SP 800-38F
AES-OFBA4061SP 800-38A
AES-XTS Testing Revision 2.0A4061SP 800-38E
AES-CBCA4062SP 800-38A
AES-CBC-CS1A4062SP 800-38A
AES-CBC-CS2A4062SP 800-38A
AES-CBC-CS3A4062SP 800-38A
AES-CCMA4062SP 800-38C
AES-CFB1A4062SP 800-38A
AES-CFB128A4062SP 800-38A
AES-CFB8A4062SP 800-38A
AES-CMACA4062SP 800-38B
AES-CTRA4062SP 800-38A
AES-ECBA4062SP 800-38A
AES-KWA4062SP 800-38F
AES-KWPA4062SP 800-38F
AES-OFBA4062SP 800-38A
AES-XTS Testing Revision 2.0A4062SP 800-38E
AES-CBCA4063SP 800-38A
AES-CBC-CS1A4063SP 800-38A
AES-CBC-CS2A4063SP 800-38A
AES-CBC-CS3A4063SP 800-38A
AES-CCMA4063SP 800-38C
AES-CFB1A4063SP 800-38A
AES-CFB128A4063SP 800-38A
AES-CFB8A4063SP 800-38A
AES-CMACA4063SP 800-38B
AES-CTRA4063SP 800-38A
AES-ECBA4063SP 800-38A
AES-KWA4063SP 800-38F
AES-KWPA4063SP 800-38F
AES-OFBA4063SP 800-38A
AES-XTS Testing Revision 2.0A4063SP 800-38E
AES-ECBA4064SP 800-38A
KDF SSH (CVL)A4064SP 800-135 Rev. 1
AES-ECBA4065SP 800-38A
KDF SSH (CVL)A4065SP 800-135 Rev. 1
AES-ECBA4066SP 800-38A
KDF SSH (CVL)A4066SP 800-135 Rev. 1
AES-GCMA4067SP 800-38D
AES-GMACA4067SP 800-38D
AES-GCMA4068SP 800-38D
AES-GMACA4068SP 800-38D
AES-GCMA4069SP 800-38D
AES-GMACA4069SP 800-38D
AES-GCMA4070SP 800-38D
AES-GMACA4070SP 800-38D
AES-GCMA4071SP 800-38D
AES-GMACA4071SP 800-38D
AES-GCMA4072SP 800-38D
AES-GMACA4072SP 800-38D
AES-GCMA4073SP 800-38D
AES-GMACA4073SP 800-38D
AES-GCMA4074SP 800-38D
AES-GMACA4074SP 800-38D
AES-GCMA4075SP 800-38D
AES-GMACA4075SP 800-38D
AES-GCMA4076SP 800-38D
AES-GMACA4076SP 800-38D
AES-GCMA4077SP 800-38D
AES-GMACA4077SP 800-38D
AES-GCMA4078SP 800-38D
AES-GMACA4078SP 800-38D
ECDSA KeyGen (FIPS186-4)A4079FIPS 186-4
ECDSA KeyVer (FIPS186-4)A4079FIPS 186-4
ECDSA SigGen (FIPS186-4)A4079FIPS 186-4
ECDSA SigVer (FIPS186-4)A4079FIPS 186-4
HMAC-SHA-1A4079FIPS 198-1
HMAC-SHA2-224A4079FIPS 198-1
HMAC-SHA2-256A4079FIPS 198-1
HMAC-SHA2-384A4079FIPS 198-1
HMAC-SHA2-512A4079FIPS 198-1
HMAC-SHA2-512/224A4079FIPS 198-1
HMAC-SHA2-512/256A4079FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4079SP 800-56A Rev. 3
KDF ANS 9.42 (CVL)A4079SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A4079SP 800-135 Rev. 1
PBKDFA4079SP 800-132
RSA KeyGen (FIPS186-4)A4079FIPS 186-4
RSA SigGen (FIPS186-4)A4079FIPS 186-4
RSA SigVer (FIPS186-4)A4079FIPS 186-4
SHA-1A4079FIPS 180-4
SHA2-224A4079FIPS 180-4
SHA2-256A4079FIPS 180-4
SHA2-384A4079FIPS 180-4
SHA2-512A4079FIPS 180-4
SHA2-512/224A4079FIPS 180-4
SHA2-512/256A4079FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4079SP 800-135 Rev. 1
ECDSA KeyGen (FIPS186-4)A4080FIPS 186-4
ECDSA KeyVer (FIPS186-4)A4080FIPS 186-4
ECDSA SigGen (FIPS186-4)A4080FIPS 186-4
ECDSA SigVer (FIPS186-4)A4080FIPS 186-4
HMAC-SHA-1A4080FIPS 198-1
HMAC-SHA2-224A4080FIPS 198-1
HMAC-SHA2-256A4080FIPS 198-1
HMAC-SHA2-384A4080FIPS 198-1
HMAC-SHA2-512A4080FIPS 198-1
HMAC-SHA2-512/224A4080FIPS 198-1
HMAC-SHA2-512/256A4080FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4080SP 800-56A Rev. 3
KDF ANS 9.42 (CVL)A4080SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A4080SP 800-135 Rev. 1
PBKDFA4080SP 800-132
RSA KeyGen (FIPS186-4)A4080FIPS 186-4
RSA SigGen (FIPS186-4)A4080FIPS 186-4
RSA SigVer (FIPS186-4)A4080FIPS 186-4
SHA-1A4080FIPS 180-4
SHA2-224A4080FIPS 180-4
SHA2-256A4080FIPS 180-4
SHA2-384A4080FIPS 180-4
SHA2-512A4080FIPS 180-4
SHA2-512/224A4080FIPS 180-4
SHA2-512/256A4080FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4080SP 800-135 Rev. 1
ECDSA KeyGen (FIPS186-4)A4081FIPS 186-4
ECDSA KeyVer (FIPS186-4)A4081FIPS 186-4
ECDSA SigGen (FIPS186-4)A4081FIPS 186-4
ECDSA SigVer (FIPS186-4)A4081FIPS 186-4
HMAC-SHA-1A4081FIPS 198-1
HMAC-SHA2-224A4081FIPS 198-1
HMAC-SHA2-256A4081FIPS 198-1
HMAC-SHA2-384A4081FIPS 198-1
HMAC-SHA2-512A4081FIPS 198-1
HMAC-SHA2-512/224A4081FIPS 198-1
HMAC-SHA2-512/256A4081FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4081SP 800-56A Rev. 3
KDF ANS 9.42 (CVL)A4081SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A4081SP 800-135 Rev. 1
PBKDFA4081SP 800-132
RSA KeyGen (FIPS186-4)A4081FIPS 186-4
RSA SigGen (FIPS186-4)A4081FIPS 186-4
RSA SigVer (FIPS186-4)A4081FIPS 186-4
SHA-1A4081FIPS 180-4
SHA2-224A4081FIPS 180-4
SHA2-256A4081FIPS 180-4
SHA2-384A4081FIPS 180-4
SHA2-512A4081FIPS 180-4
SHA2-512/224A4081FIPS 180-4
SHA2-512/256A4081FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4081SP 800-135 Rev. 1
ECDSA KeyGen (FIPS186-4)A4082FIPS 186-4
ECDSA KeyVer (FIPS186-4)A4082FIPS 186-4
ECDSA SigGen (FIPS186-4)A4082FIPS 186-4
ECDSA SigVer (FIPS186-4)A4082FIPS 186-4
HMAC-SHA-1A4082FIPS 198-1
HMAC-SHA2-224A4082FIPS 198-1
HMAC-SHA2-256A4082FIPS 198-1
HMAC-SHA2-384A4082FIPS 198-1
HMAC-SHA2-512A4082FIPS 198-1
HMAC-SHA2-512/224A4082FIPS 198-1
HMAC-SHA2-512/256A4082FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4082SP 800-56A Rev. 3
KDF ANS 9.42 (CVL)A4082SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A4082SP 800-135 Rev. 1
PBKDFA4082SP 800-132
RSA KeyGen (FIPS186-4)A4082FIPS 186-4
RSA SigGen (FIPS186-4)A4082FIPS 186-4
RSA SigVer (FIPS186-4)A4082FIPS 186-4
SHA-1A4082FIPS 180-4
SHA2-224A4082FIPS 180-4
SHA2-256A4082FIPS 180-4
SHA2-384A4082FIPS 180-4
SHA2-512A4082FIPS 180-4
SHA2-512/224A4082FIPS 180-4
SHA2-512/256A4082FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4082SP 800-135 Rev. 1
KDF SP800-108A4084SP 800-108 Rev. 1
KAS-FFC-SSC Sp800-56Ar3A4085SP 800-56A Rev. 3
Safe Primes Key GenerationA4085SP 800-56A Rev. 3
Safe Primes Key VerificationA4085SP 800-56A Rev. 3

OpenSSL FIPS Provider for AlmaLinux 9 The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of operation is equivalent to the indicator of the service that was requested. Degraded Mode Description: The module does not implement a degraded mode of operation.

2.5 Algorithms

Approved Algorithms: © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 10

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 11

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 12

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 13

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 14

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 15

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 16

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 17

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 18

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 19

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 20
Service
NameApproved FunctionsProperties
(CKG) Key Pair GenerationKey Pair Generation with RSA:2048- 16384 bits keys (112-256 bits strength) Key Pair Generation with ECDSA:P-224,N/ASP 800-133r2 Section 4 example 1
RSA Signature GenerationPKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:2048-16384 bits Strength:112-256 bitsN/AFIPS 140-3 IG C.C
RSA Signature VerificationPKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:1024-16384 bits Strength:80-256 bitsN/AFIPS 140-3 IG C.C
AES GCM (external IV)Authentication Encryption
HMAC (< 112-bit keys)Message Authentication Code
KBKDF, KDA OneStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys)Key Derivation
KDA OneStep (SHAKE128, SHAKE256)Key Derivation
ANS X9.42 KDF (SHAKE128, SHAKE256)Key Derivation
ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256)Key Derivation

OpenSSL FIPS Provider for AlmaLinux 9 Table 5: Approved Algorithms Vendor-Affirmed Algorithms: N/A © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 21
Service
NameDescriptionApproved FunctionsTypeProperties
RSA Signature GenerationPKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:2048-16384 bits Strength:112-256 bitsN/AFIPS 140-3 IG C.C
RSA Signature VerificationPKCS#1v1.5 and PKCSPSS:SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key:1024-16384 bits Strength:80-256 bitsN/AFIPS 140-3 IG C.C
AES GCM (external IV)Authentication Encryption
HMAC (< 112-bit keys)Message Authentication Code
KBKDF, KDA OneStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys)Key Derivation
KDA OneStep (SHAKE128, SHAKE256)Key Derivation
ANS X9.42 KDF (SHAKE128, SHAKE256)Key Derivation
ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256)Key Derivation
SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256)Key Derivation
TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3)TLS Key Derivation
TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3)TLS Key Derivation
PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys)Password-based Key Derivation
RSA (KAS1, KAS2 schemes)Shared secret computation
RSA and ECDSA (pre-hashed message)Signature generation; Signature verification
RSA-PSS (invalid salt length)Signature generation; Signature verification
RSA-OAEPAsymmetric encryption; Asymmetric decryption
Symmetric Encryption with AESSymmetric encryption using AESAES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC-BC-UnAuthAES-ECB:128, 192, 256 bits AES-CBC:128, 192, 256 bits AES-CBC-CS1:128, 192, 256 bits AES-CBC-CS2:128, 192, 256 bits AES-CBC-CS3:128, 192, 256 bits AES-CFB1:128, 192, 256 bits AES-CFB128:128, 192, 256 bits AES-CFB8:128, 192, 256 bits AES-CTR:128, 192, 256

OpenSSL FIPS Provider for AlmaLinux 9 N/A C.C N/A C.C Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 22
Service
NameDescriptionApproved FunctionsTypeProperties
SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256)Key Derivation
TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3)TLS Key Derivation
TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3)TLS Key Derivation
PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys)Password-based Key Derivation
RSA (KAS1, KAS2 schemes)Shared secret computation
RSA and ECDSA (pre-hashed message)Signature generation; Signature verification
RSA-PSS (invalid salt length)Signature generation; Signature verification
RSA-OAEPAsymmetric encryption; Asymmetric decryption
Symmetric Encryption with AESSymmetric encryption using AESAES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC-BC-UnAuthAES-ECB:128, 192, 256 bits AES-CBC:128, 192, 256 bits AES-CBC-CS1:128, 192, 256 bits AES-CBC-CS2:128, 192, 256 bits AES-CBC-CS3:128, 192, 256 bits AES-CFB1:128, 192, 256 bits AES-CFB128:128, 192, 256 bits AES-CFB8:128, 192, 256 bits AES-CTR:128, 192, 256

OpenSSL FIPS Provider for AlmaLinux 9 Table 7: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services of the Non-Approved Services table in Section 4.4 Non-Approved Services.

2.6 Security Function Implementations

© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 23
Service
NameDescriptionApproved Functions
bits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bitsbits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bitsCS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8

OpenSSL FIPS Provider for AlmaLinux 9 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 24
Service
NameDescriptionApproved FunctionsTypeProperties
Symmetric Decryption with AESSymmetric decryption using AESAES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC-BC-UnAuthAES-ECB:128, 192, 256 bits AES-CBC:128, 192, 256 bits AES-CBC-CS1:128, 192, 256 bits AES-CBC-CS2:128, 192, 256 bits AES-CBC-CS3:128, 192, 256 bits AES-CFB1:128, 192, 256 bits AES-CFB128:128, 192, 256 bits AES-CFB8:128, 192, 256 bits AES-CTR:128, 192, 256

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 25
Service
NameDescriptionApproved Functions
bits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bitsbits AES-OFB:128, 192, 256 bits AES-XTS Testing Revision 2.0:128, 256 bitsCS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS1 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS2 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CBC- CS3 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB1 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8

OpenSSL FIPS Provider for AlmaLinux 9 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS1 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS2 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 26
Service
NameDescriptionApproved FunctionsTypeProperties
Key wrapping with AES-KWKey wrapping using AES KWAES-KW AES-KW AES-KW AES-KW AES-KW AES-KWKTS-WrapAES-KW:128, 192, 256 bits
Key unwrapping with AES-KWKey unwrapping using AES KWAES-KW AES-KW AES-KW AES-KW AES-KW AES-KWKTS-WrapAES-KW:128, 192, 256 bits
Key wrapping with AES-KWPKey wrapping using AES KW with paddingAES-KWP AES-KWP AES-KWPKTS-WrapAES-KWP:128, 192, 256 bits
Key unwrapping with AES-KWPKey unwrapping using AES KW with paddingAES-KWP AES-KWP AES-KWP AES-KWP AES-KWP AES-KWPKTS-WrapAES-KWP:128, 192, 256 bits
Key Derivation with KDA OneStepKey Derivation using KDA OneStepKDA OneStep SP800- 56Cr2KAS-56CKDFKDA OneStep SP800- 56Cr2:112-256 bits
Key Derivation with X9.42 KDFKey Derivation using X9.42 KDFKDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42KAS-135KDFKDF ANS 9.42:112-256 bits
Key Derivation with X9.63 KDFKey Derivation using X9.63 KDFKDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63KAS-135KDFKDF ANS 9.63:112-256 bits
Key Derivation with SSH KDFKey DerivationKDF SSH KDF SSH KDF SSH KDF SSHKAS-135KDFKDF SSH:112-256 bits
Key Derivation with HKDFKey Derivation using HKDFKDA HKDF Sp800- 56Cr1KAS-56CKDFKDA HKDF Sp800- 56Cr1:112-256 bits
TLS Key DerivationTLS 1.2 / 1.3 Key DerivationTLS v1.3 KDF TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627 TLS v1.2 KDF RFC7627KAS-135KDFTLS v1.3 KDF:112-256 bits TLS v1.2 KDF RFC7627:112-256 bits
Key Derivation with KBKDFKey derivation using KBKDFKDF SP800- 108KBKDFModes:Counter, Feedback KDF SP800-108:112-256 bits
Password- based Key DerivationPassword- based Key DerivationPBKDF PBKDF PBKDF PBKDF PBKDF PBKDFPBKDFPBKDF:112-256 bits
Random Number GenerationRandom Number Generation (IG D.R compliant)Counter DRBG HMAC DRBG Hash DRBGDRBGCounter DRBG:128, 192, 256 bits HMAC DRBG:128, 256 bits Hash DRBG:128, 256 bits
Signature GenerationSignature GenerationECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4)DigSig- SigGenECDSA SigGen (FIPS186- 4):P-224, P-256, P-384, P- 521 (112, 128, 192, 256 bits) RSA SigGen (FIPS186- 4):2048-16384 bits (112- 256 bits)
Signature VerificationSignature VerificationECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4)DigSig-SigVerECDSA SigVer (FIPS186- 4):P-224, P-256, P-384, P- 521 (112, 128, 192, 256 bits) RSA SigVer (FIPS186- 4):NIST SP 800-131Ar2 Legacy use: 1024-2047 bits with 80-111 bits of security strength; NIST SP 800-131Ar2 Acceptable: 2048-16384 bits with 112- 256 bits of security strength IG C.F Compliance:The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140- 3 IG C.F
Message Authentication CodeMessage Authentication CodeHMAC-SHA3- 224 HMAC-SHA3- 256 HMAC-SHA3- 384 HMAC-SHA3- 512MACHMAC hashes:SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA- 512/224, SHA-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 AES key:128, 192, 256 bits

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 27

OpenSSL FIPS Provider for AlmaLinux 9 SP80056Cr2 Sp80056Cr1 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 28

OpenSSL FIPS Provider for AlmaLinux 9 KDF SP800108 Passwordbased Key Passwordbased Key DigSigSigGen © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 29

OpenSSL FIPS Provider for AlmaLinux 9 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3512 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 30

OpenSSL FIPS Provider for AlmaLinux 9 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 31
Service
NameDescriptionApproved FunctionsType
Message digestMessage digestSHA3-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-128 SHAKE-256 SHA-1 SHA-1 SHA-1 SHA-1 SHA-1 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-224SHA XOF

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 32
Service
NameDescriptionApproved FunctionsTypeProperties
Authenticated Symmetric EncryptionAuthenticated Symmetric EncryptionAES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMBC-AuthKey:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively
Authenticated Symmetric DecryptionAuthenticated Symmetric DecryptionAES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-KW AES-KW AES-KW AES-KW AES-KW AES-KW AES-KWP AES-KWP AES-KWP AES-KWP AES-KWPBC-AuthKey:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively
Key wrapping with AES-CCMKey wrapping with AES CCM (as permitted by IG D.G)AES-CCM AES-CCM AES-CCM AES-CCMKTS-WrapKey:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively
Key unwrapping with AES-CCMKey unwrapping with AES CCM (as permitted by IG D.G)AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCMBC-AuthKey:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively
Key wrapping with AES-GCMKey wrapping with AES GCM (as permitted by IG D.G)AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMKTS-WrapKey:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively
Key unwrapping with AES-GCMKey unwrapping with AES GCM (as permitted by IG D.G)AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMBC-AuthKey:128, 192, 256 bit keys with 128, 192, 256 bits of key strength, respectively
Key Pair Generation with ECDSAKey Pair Generation using ECDSAECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSAAsymKeyPair- KeyGenECDSA KeyGen (FIPS186- 4):P-224, P-256, P-384, P- 521 (112, 128, 192, 256 bits)
Key Pair Generation with RSAKey Pair Generation using RSARSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4)AsymKeyPair- KeyGenRSA KeyGen (FIPS186- 4):2048-15360 bits (112- 256 bits)
Key Pair Generation with Safe PrimesKey Pair Generation using Safe PrimesSafe Primes Key GenerationAsymKeyPair- KeyGenSafe Primes Key Generation:ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 (112-200 bits)
Key Pair Verification with ECDSAKey Pair Verification using ECDSAECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4)AsymKeyPair- KeyVerCurves:P-224, P-256, P- 384, P-521 (112, 128, 192, 256 bits)
Key Pair Verification with Safe PrimesKey Pair Verification using Safe PrimesSafe Primes Key VerificationAsymKeyPair- KeyVerGroups:ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 (112-200 bits)
Shared Secret Computation with DHShared Secret Computation using DHKAS-FFC- SSC Sp800- 56Ar3KAS-SSCKAS-FFC-SSC Sp800- 56Ar3:ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192,

OpenSSL FIPS Provider for AlmaLinux 9 SHA2512/224 SHA2512/224 SHA2512/224 SHA2512/224 SHA2512/224 SHA2512/256 SHA2512/256 SHA2512/256 SHA2512/256 SHA2512/256 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 33

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 34

OpenSSL FIPS Provider for AlmaLinux 9 AsymKeyPairKeyGen © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 35

OpenSSL FIPS Provider for AlmaLinux 9 AsymKeyPairKeyGen AsymKeyPairKeyGen AsymKeyPairKeyVer AsymKeyPairKeyVer KAS-FFCSSC Sp80056Ar3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 36
Service
NameDescriptionRolesApproved FunctionsType
Shared Secret Computation with ECDHShared Secret Computation using EC Diffie-HellmanKAS-ECC-SSC Sp800- 56Ar3:P-224, P-256, P- 384, P-521 (112, 128, 192, 256 bits strength) Compliance:SP 800- 56Arev3, FIPS 140-3 IG D.F. Scenario 2 (1) Scheme:ephemeralUnified KAS Role:initiator, responderKAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3 KAS-ECC- SSC Sp800- 56Ar3KAS-SSC

OpenSSL FIPS Provider for AlmaLinux 9 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 Table 8: Security Function Implementations

2.7 Algorithm Specific Information
2.7.1 AES GCM IV

For TLS 1.2, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The module is compliant with SP 800-52r2 Section 3.3.1 and the mechanism for IV generation is compliant with RFC 5288 and 8446. The module does not implement the TLS protocol. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. Alternatively, the Crypto Officer can use the module’s API to perform AES GCM encryption using internal IV generation. These IVs are always 96 bits and generated using the approved DRBG internal to the module’s boundary, compliant to Scenario 2 of FIPS 140-3 IG C.H. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 37

OpenSSL FIPS Provider for AlmaLinux 9 EVP_EncryptInit_ex2 API function with a non-NULL IV value. When this is the case, the API will set a non-approved service indicator. Finally, for TLS 1.3, the AES GCM implementation uses the context of Scenario 5 of FIPS 1403 IG C.H. The protocol that provides this compliance is TLS 1.3, defined in RFC8446 of August 2018, using the cipher-suites that explicitly select AES GCM as the encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable AES GCM cipher suites from Section 3.3.1 of SP800-52r2. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key.

2.7.2 AES XTS

The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 2²⁰ AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.

2.7.3 Key Derivation using SP 800-132 PBKDF2

The module provides password-based key derivation (PBKDF2), compliant with SP 800-132. The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance to SP 800-132 and FIPS 140-3 IG D.N, the following requirements are met:

Page 38
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Cloudlinux Inc., TuxCare division OpenSSL FIPSNon- Physical64 bitsAlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel256 bitsSHA2-512- HMAC-DRBG: A4025; SHA3- 256: A4026;
CertVendor Name
Number
E76Cloudlinux Inc., TuxCare division
2.7.4 SP 800-56Ar3 Assurances

To comply with the assurances found in Section 5.6.2 of SP 800-56Ar3, the operator must use the module together with an application that implements the SSH/TLS protocol. Additionally, the module’s approved key pair generation service (see Approved Services table in Section 4.3 Approved Services) must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPSvalidated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 80056Ar3.

2.7.5 SHA-3

The module implements the SHA-3 algorithms as both standalone and part of higher-level algorithms (in compliance with FIPS 140-3 IG C.C). As detailed in Section 2.6 Security Function Implementations with corresponding certificates, the cryptographic algorithms that use of SHA-3 include RSA signature generation and verification, ECDSA signature generation and verification, KBKDF, KDA HKDF, X9.63 KDF, X9.42 KDF, PBKDF, OneStep KDA and HMAC. In addition, the implementation of the extendable output functions SHAKE128 and SHAKE256 were verified to have a standalone usage.

2.7.6 RSA Signatures

The module implements only the approved modulus sizes of 2048, 3072, and 4096 bits for signature generation. For signature verification, the module implements the approved module sizes of 2048, 3072, and 4096 bits. Each algorithm was tested, and corresponding certificates can be found detailed in Section 2.6 Security Function Implementations. The module also supports RSA signature verification with 1024, 1280, 1536 and 1792 modulus bits. These modulus sizes are allowed only for legacy use, in compliance with FIPS 140-3 IG C.F.

2.8 RBG and Entropy

Table 9: Entropy Certificates NonPhysical © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 39
Sensitive security parameter
NameTypeConditioning Component
provider CPU Time Jitter RNG Entropy SourceXeon Platinum 8259CL; AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS GravitonAES-256-CTR- DRBG: A4053

OpenSSL FIPS Provider for AlmaLinux 9 Table 10: Entropy Sources The module employs two Deterministic Random Bit Generator (DRBG) implementations based on SP 800-90Ar1. These DRBGs are used internally by the module (e.g. to generate seeds for asymmetric key pairs and random numbers for security functions). They can also be accessed using the specified API functions. The following parameters are used:

  1. Private DRBG: AES-256 CTR_DRBG with derivation function. This DRBG is used to generate secret random values (e.g. during asymmetric key pair generation). It can be accessed using RAND_priv_bytes.
  2. Public DRBG: AES-256 CTR_DRBG with derivation function. This DRBG is used to generate general purpose random values that do not need to remain secret (e.g. initialization vectors). It can be accessed using RAND_bytes. These DRBGs will always employ prediction resistance. More information regarding the configuration and design of these DRBGs can be found in the module’s manual pages.
2.9 Key Generation

The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant with SP 800-133r2. When random values are required, they are obtained from the SP 80090Ar1 approved DRBG, compliant with Section 4 of SP 800-133r2 (without XOR):

Page 40

OpenSSL FIPS Provider for AlmaLinux 9

2.10 Key Establishment

The module provides Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH) shared secret computation compliant with SP800-56Ar3, in accordance with scenario 2 (1) of FIPS 140-3 IG D.F. For Diffie-Hellman, the module supports the use of the safe primes defined in RFC 3526 (IKE) and RFC 7919 (TLS). Note that the module only implements key pair generation, key pair verification, and shared secret computation. No other part of the IKE or TLS protocols is implemented (with the exception of the TLS 1.2 and 1.3 KDFs):

Page 41

OpenSSL FIPS Provider for AlmaLinux 9

2.11 Industry Protocols

The module implements the SSH key derivation function for use in the SSH protocol (RFC

4253 and RFC 6668).

GCM with internal IV generation in the approved mode is compliant with versions 1.2 and 1.3 of the TLS protocol (RFC 5288 and 8446) and shall only be used in conjunction with the TLS protocol. Additionally, the module implements the TLS 1.2 and TLS 1.3 key derivation functions for use in the TLS protocol. No parts of the SSH, TLS, or IKE protocols, other than those mentioned above, have been tested by the CAVP and CMVP. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 42
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsAs a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsData InputAPI input parameters
As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsAs a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsData OutputAPI output parameters
As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsAs a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsControl InputAPI function calls
As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsAs a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runsStatus OutputAPI return codes, error queue

OpenSSL FIPS Provider for AlmaLinux 9

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Table 11: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design. The module © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 43
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Symmetric EncryptionUsed to perform symmetric encryption of an entry plaintextCrypto Officer - AES key: W,ESymmetric Encryption with AESOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDPlaintext, AES keyCiphertext
Symmetric DecryptionUsed to perform symmetric decryption of an entry ciphertextCrypto Officer - AES key: W,ESymmetric Decryption with AESOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDCiphertex t, AES keyPlaintext
Authenticat ed EncryptionUsed to perform authenticate d symmetric encryption with AESCrypto Officer - AES key: W,EAuthenticat ed Symmetric Encryption Key wrapping with AES- KW Key wrapping with AES- KWP Key wrapping with AES- GCMOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDPlaintext, AES key, IVCiphertext, Tag
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Symmetric EncryptionUsed to perform symmetric encryption of an entry plaintextCrypto Officer - AES key: W,ESymmetric Encryption with AESOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDPlaintext, AES keyCiphertext
Symmetric DecryptionUsed to perform symmetric decryption of an entry ciphertextCrypto Officer - AES key: W,ESymmetric Decryption with AESOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDCiphertex t, AES keyPlaintext
Authenticat ed EncryptionUsed to perform authenticate d symmetric encryption with AESCrypto Officer - AES key: W,EAuthenticat ed Symmetric Encryption Key wrapping with AES- KW Key wrapping with AES- KWP Key wrapping with AES- GCMOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDPlaintext, AES key, IVCiphertext, Tag
Authenticat ed DecryptionUsed to perform authenticate d symmetric decryption with AESCrypto Officer - AES key: W,EAuthenticat ed Symmetric Decryption Key unwrappin g with AES- KW Key unwrappin g with AES- KWP Key unwrappin g with AES- GCM Key unwrappin g with AES- CCMOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDCiphertex t, AES key, IV, TagPlaintext
Key WrappingPerform AES- based key wrapping (compliant to SP800-38F and FIPS 140-3 IG D.G)Crypto Officer - AES key: W,EKey wrapping with AES- KW Key wrapping with AES- KWP Key wrapping with AES- CCM Key wrapping with AES- GCMOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDKey to be wrapped, AES keyWrapped key
Key Unwrappin gPerform AES- based key unwrapping (compliant to SP 800-38F and FIPS 140-3 IG D.G)Crypto Officer - AES key: W,EKey unwrappin g with AES- KW Key wrapping with AES- KWP Key wrapping with AES- CCM KeyOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_CIPHER_REDH AT_FIPS_INDICATO R_APPROVEDWrapped key, AES keyUnwrapped key
Message Authenticat ion CodeCompute a MAC tagCrypto Officer - HMAC key: W,E - AES key: W,EMessage Authenticat ion CodeOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_MAC_REDHAT_ FIPS_INDICATOR_A PPROVEDMessage, AES key or HMAC keyMAC tag
Message Authenticat ion Code VerificationVerify a MAC tagCrypto Officer - HMAC key: W,E - AES key: W,EMessage Authenticat ion CodeOSSL_RH_FIPSINDI CATOR_APPROVED, EVP_MAC_REDHAT_ FIPS_INDICATOR_A PPROVEDMessage, AES key or HMAC key, MAC tagPass/fail
Message DigestUsed to generate a SHA-1, SHA- 2, or SHA- 3/SHAKE message digestCrypto OfficerMessage digestOSSL_RH_FIPSINDI CATOR_APPROVEDMessageMessage digest
Key Derivation with KBKDFDerive a key from a key- derivation keyCrypto Officer - Key Derivati on Key: W,E - KBKDF Derived Key: G,RKey Derivation with KBKDFOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVEDKey- derivation keyKBKDF Derived Key
Key Derivation with HKDFDerive a key from a shared secret using HKDFCrypto Officer - Shared Secret: W,E - HKDF Derived Key: G,RKey Derivation with HKDFOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVEDShared secretHKDF Derived Key
Key DerivationDerive a key from a sharedCrypto Officer - Shared Secret:Key DerivationOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_Shared secretSSH Derived Key
with SSH KDFsecret using SSH KDFW,E - SSH Derived Key: G,Rwith SSH KDFFIPS_INDICATOR_A PPROVED
Key Derivation with X9.63 KDFDerive a key from a shared secret using X9.63 KDFCrypto Officer - Shared Secret: W,E - X9.63 Derived Key: G,RKey Derivation with X9.63 KDFOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVEDShared secretX9.63 Derived Key
Key Derivation with X9.42 KDFDerive a key from a shared secret using X9.63 KDFCrypto Officer - Shared Secret: W,E - X9.42 Derived Key: G,RKey Derivation with X9.42 KDFOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVEDShared secretX9.42 Derived Key
Key Derivation with KDA OneStepDerive a key from a shared secret using KDA OneStepCrypto Officer - Shared Secret: W,E - KDA OneSte p Derived Key: G,RKey Derivation with KDA OneStepOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVEDShared secretKDA OneStep Derived Key
TLS Key DerivationDerive a key from a shared secret using TLS 1.2 KDF / TLS 1.3 KDFCrypto Officer - Shared Secret: W,E - TLS Derived Key: G,RTLS Key DerivationOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVEDShared secretTLS Derived Key
Password- based Key DerivationDerive a key from a passwordCrypto Officer - Passwor d or passphr ase:Password- based Key DerivationOSSL_RH_FIPSINDI CATOR_APPROVED EVP_KDF_REDHAT_ FIPS_INDICATOR_A PPROVEDPassword or passphra sePBKDF Derived Key
Shared Secret Computatio nCompute a shared secretCrypto Officer - DH Private key: W,E - EC Public key: W,E - Shared Secret: G,R - DH Public key : W,E - Shared Secret: G,RShared Secret Computatio n with DH Shared Secret Computatio n with ECDHOSSL_RH_FIPSINDI CATOR_APPROVEDDH private key, DH public key; EC private key, EC public keyShared secret
Signature GenerationGenerate a digital signatureCrypto Officer - RSA private key: W,E - EC Private key: W,ESignature GenerationOSSL_RH_FIPSINDI CATOR_APPROVED OSSL_SIGNATURE_ PARAM_REDHAT_FI PS_INDICATORMessage, private keySignature
Signature VerificationVerify a digital signatureCrypto Officer - RSA public key: W,E - EC Public key: W,ESignature VerificationOSSL_RH_FIPSINDI CATOR_APPROVED OSSL_SIGNATURE_ PARAM_REDHAT_FI PS_INDICATORMessage, public key, signaturePass/fail
Key Pair GenerationGenerate a key pairCrypto Officer - RSA private key: G,R - DHKey Pair Generation with RSA Key Pair Generation with ECDSAOSSL_RH_FIPSINDI CATOR_APPROVEDGroup; Curve; Modulus bitsDH key pair; EC key pair; RSA key pair

OpenSSL FIPS Provider for AlmaLinux 9

4 Roles, Services, and Authentication

N/A for this module. The module does not support authentication methods.

4.2 Roles

Table 12: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module when performing a service. The module does not support multiple concurrent operators.

4.3 Approved Services

W,E W,E with AESKW with AESKWP with AESGCM W,E © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 44

OpenSSL FIPS Provider for AlmaLinux 9 with AESCCM g with AESKW g with AESKWP g with AESGCM g with AESCCM W,E D.G) with AESKW with AESKWP with AESCCM with AESGCM W,E g D.G) g with AESKW with AESKWP with AESCCM W,E © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 45

OpenSSL FIPS Provider for AlmaLinux 9 with AESGCM W,E W,E W,E W,E from a keyderivation Keyderivation W,E G,R W,E G,R © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 46

OpenSSL FIPS Provider for AlmaLinux 9 W,E G,R W,E G,R W,E G,R W,E p G,R W,E G,R Passwordbased Key Passwordbased Key © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 47

OpenSSL FIPS Provider for AlmaLinux 9 W,E G,R n W,E W,E G,R W,E G,R W,E W,E W,E W,E © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 48
Sensitive security parameter
NameDescriptionSecurity FunctionGenerationInputOutputIndicator
Key Pair VerificationVerify a key pairCrypto Officer - DH Public key : W,E - EC Public key: W,E - DH Private key: W,E - EC Private key: W,EKey Pair Verification with Safe Primes Key Pair Verification with ECDSAKey pairPass/failOSSL_RH_FIPSINDI CATOR_APPROVED
Random Number GenerationGenerate random bytesCrypto Officer - Entropy input: G,E - DRBG internal state (V value, C value): G,E,W - DRBGRandom Number GenerationOutput lengthRandom bytesOSSL_RH_FIPSINDI CATOR_APPROVED

OpenSSL FIPS Provider for AlmaLinux 9 G,R G,E,Z W,E W,E W,E W,E G,E G,E,W © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 49
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Show statusShow the current status of the moduleCrypto OfficerNoneNoneN/AModule status
Show module name and versionShow module name and the version of the moduleCrypto OfficerNoneNoneN/AName and version information
Self-testPerform CASTs and integrity testCrypto OfficerMessage digest Message Authenticat ion Code Symmetric Encryption with AES Symmetric Decryption with AES Authenticat ed Symmetric Encryption Authenticat ed Symmetric Decryption Signature Generation Signature Verification Key Derivation with KBKDF Key Derivation with KDA OneStep Key Derivation with HKDF Key DerivationNoneN/APass/fail result of self-tests

OpenSSL FIPS Provider for AlmaLinux 9 G,E,W G,E,W N/A N/A N/A © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 50

OpenSSL FIPS Provider for AlmaLinux 9 Passwordbased Key N/A © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation. Z

Page 51
Service
NameIndicatorOutput
AES GCM (external IV)Authenticated EncryptionAES GCM (external IV)CO
HMAC (< 112-bit keys)Compute a MAC tagHMAC (< 112-bit keys)CO
Key derivationDerive a key from a key- derivation key or a shared secretKBKDF, KDA OneStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112- bit keys) KDA OneStep (SHAKE128, SHAKE256) ANS X9.42 KDF (SHAKE128, SHAKE256) ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) SSH KDF (SHA-512/224, SHA- 512/256, SHA-3, SHAKE128, SHAKE256)CO
PBKDF2 (< 112- bit keys)Derive a key from a passwordPBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys)CO
Signature generationGenerate a signatureRSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length)CO
Signature verificationVerify a signatureRSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length)CO
Asymmetric encryptionEncrypt a plaintextRSA-OAEPCO
Asymmetric decryptionDecrypt a ciphertextRSA-OAEPCO
Shared secret computationCompute a shared secretRSA (KAS1, KAS2 schemes)CO

OpenSSL FIPS Provider for AlmaLinux 9 p Z Z © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 52

OpenSSL FIPS Provider for AlmaLinux 9 Table 13: Approved Services The module provides services to operators that assume the available role. All services are described in detail in the API documentation (manual pages). The convention below applies when specifying the access permissions (types) that the service has for each SSP.

4.4 Non-Approved Services

© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 53

OpenSSL FIPS Provider for AlmaLinux 9 Table 14: Non-Approved Services The table above lists the non-approved services in this module, the algorithms involved and the roles that can request the service. In this table, CO specifies the Crypto Officer role.

4.5 External Software/Firmware Loaded

The module does not load external software or firmware. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 54

OpenSSL FIPS Provider for AlmaLinux 9

5 Software/Firmware Security
5.1 Integrity Techniques

The integrity of the module is verified by comparing a HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. This operation is performed by the verify_integrity() function which performs a KAT for the HMAC SHA-256 algorithm in order to test its proper operation before performing the checksum of the module file.

5.2 Initiate on Demand

Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity test may be invoked on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. This will perform (among others) the software integrity test. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 55

OpenSSL FIPS Provider for AlmaLinux 9

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Modifiable How Requirements are Satisfied: Any SSPs contained within the module are protected by the process isolation and memory separation mechanisms, and only the module has control over these SSPs.

6.2 Configuration Settings and Restrictions

The module shall be installed as stated in Section 11 Life-Cycle Assurance. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 56
Temp/Voltage TypeTemperature or VoltageEFPResult
or
EFT
LowTemperature
HighTemperature
LowVoltage
HighVoltage

OpenSSL FIPS Provider for AlmaLinux 9

7 Physical Security

The module is comprised of software only and therefore this section is Not Applicable (N/A).

7.1 Mechanisms and Actions Required
7.2 User Placed Tamper Seals

Number: Not applicable. Placement: Not applicable. Surface Preparation: Not applicable. Operator Responsible for Securing Unused Seals: Not applicable. Part Numbers: Not applicable.

7.3 Filler Panels
7.4 Fault Induction Mitigation

Not applicable. Table 15: EFP/EFT Information Not applicable. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 57
TemperatureTemperature
Type
LowTemperature
HighTemperature

OpenSSL FIPS Provider for AlmaLinux 9

7.6 Hardness Testing Temperature Ranges

Table 16: Hardness Testing Temperatures Not applicable. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 58

OpenSSL FIPS Provider for AlmaLinux 9

8 Non-Invasive Security

This module does not implement any non-invasive security mechanism, and therefore this section is not applicable. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 59
Sensitive security parameter
NameTypeDescription
RAMDynamicTemporary storage for SSPs used by the module as part of service execution. SSPs are stored until they are zeroized by the operator (using a zeroization call or removing power from the module) or zeroized automatically
Service
NameTypeFromTo
API input parametersPlaintextOperator calling application (TOEPP)Cryptographic moduleManualElectronic
API output parametersPlaintextCryptographic moduleOperator calling application (TOEPP)ManualElectronic
ZeroizationDescriptionRationaleOperator
MethodInitiation
Free cipher handleZeroizes the SSPs contained within the cipher handle.By calling the appropriate zeroization functions: AES key: EVP_CIPHER_CTX_free and EVP_MAC_CTX_free; HMAC key: EVP_MAC_CTX_free; Key-derivation key: EVP_KDF_CTX_free; Shared secret: EVP_KDF_CTX_free; Password: EVP_KDF_CTX_free; KBKDF Derived Key: EVP_KDF_CTX_free; HKDF Derived Key: EVP_KDF_CTX_free; TLS Derived Key: EVP_KDF_CTX_free; SSH Derived Key: EVP_KDF_CTX_free; X9.63 Derived Key: EVP_KDF_CTX_free; X9.42 Derived Key: EVP_KDF_CTX_free; PBKDF Derived Key: EVP_KDF_CTX_free; KDA OneStep DerivedBy calling the cipher related zeroization API

OpenSSL FIPS Provider for AlmaLinux 9

9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 17: Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in

9.2 SSP Input-Output Methods

Table 18: SSP Input-Output Methods

9.3 SSP Zeroization Methods

© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 60
Sensitive security parameter
NameTypeDescriptionStrengthZeroizationUseOperator Initiation
Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable.Automatically zeroized by the module when no longer neededAutomaticN/A
Volatile memory used by the module is overwritten within nanoseconds when power is removed.De-allocates the volatile memory used to store SSPsModule ResetBy unloading and reloading the module
AES keySymmetric key - CSPAES key used for encryption, decryption, and computing MAC tagsAES-XTS: 256, 512 bits; Other modes: 128, 192, 256 bits - AES-XTS: 128, 256 bits; Other modes:Symmetric Encryption with AES Symmetric Decryption with AES Key wrapping with AES-KW Key wrapping
Sensitive security parameter
NameTypeDescriptionStrengthZeroizationUseOperator Initiation
Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable.Automatically zeroized by the module when no longer neededAutomaticN/A
Volatile memory used by the module is overwritten within nanoseconds when power is removed.De-allocates the volatile memory used to store SSPsModule ResetBy unloading and reloading the module
AES keySymmetric key - CSPAES key used for encryption, decryption, and computing MAC tagsAES-XTS: 256, 512 bits; Other modes: 128, 192, 256 bits - AES-XTS: 128, 256 bits; Other modes:Symmetric Encryption with AES Symmetric Decryption with AES Key wrapping with AES-KW Key wrapping

OpenSSL FIPS Provider for AlmaLinux 9 N/A Table 19: SSP Zeroization Methods The application that uses the module is responsible for the appropriate zeroization of SSPs. The module provides key allocation and destruction functions, which overwrites the memory occupied by the SSP´s information with zeros before its deallocation. Memory allocation of SSPs is performed by the OPENSSL_malloc() API call and the application in use of the module is responsible for the calling of the appropriate zeroization functions from the OpenSSL API. The zeroization functions then overwrite the memory OPENSSL_cleanse() should be used to overwrite sensitive data such as private keys. In case of abnormal termination, or swap in/out of a physical memory page of a process, the SSPs in physical memory are overwritten by the Linux kernel before the physical memory is allocated to another process. All data output is inhibited during zeroization. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 61
Sensitive security parameter
NameTypeDescriptionStrengthGenerationUse
HMAC keySymmetric key - CSPHMAC key used for computing MAC tags112- 524288 bits - 112- 256 bitsMessage Authenticati on Code
RSA private keyPrivate key - CSPRSA private key2048- 16384 bits - 112-256 bitsKey Pair Generati on with RSASignature Generation Key Pair Generation with RSA
RSA public keyPublic key - PSPRSA public keySignature verification : 1024- 16384 bits; Key pair generation: 2048- 16384 bits - Signature verification : 80-256Key Pair Generati on with RSASignature Verification Key Pair Generation with RSA
DH Private keyPrivate key - CSPDH Private key2048-8192 bits - 112- 200 bitsKey Pair Generati on with Safe PrimesShared Secret Computatio n with DH Key Pair Generation with Safe Primes Key Pair Verification with Safe Primes
DH Public keyPublic key - PSPDH Public key2048-8192 bits - 112- 200 bitsKey Pair Generati on with Safe PrimesShared Secret Computatio n with DH Key Pair Generation with Safe Primes Key Pair Verification with Safe Primes
EC Private keyPrivate key - CSPEC Private key used by ECDSA and ECDHP-224, P- 256, P-384, P-521 bits - 112, 128, 192, 256 bitsKey Pair Generati on with ECDSAShared Secret Computatio n with ECDH Signature Generation Key Pair Verification with ECDSA
EC Public keyPublic key - PSPEC Public key used by ECDSA and ECDHP-224, P- 256, P-384, P-521 bits - 112, 128, 192, 256 bitsKey Pair Generati on with ECDSASignature Verification Shared Secret Computatio n with ECDH Key Pair Verification with ECDSA
Key Derivation KeySymmetric key - CSPSymmetric key used to derive symmetric keys112-4096 bits - 112- 256 bitsKey Derivation with KBKDF

OpenSSL FIPS Provider for AlmaLinux 9 with AESKWP with AESGCM with AESCCM with AESKWP with AESGCM with AESCCM 112524288 bits - 112256 bits

204816384 bits
204816384 bits

© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 62

OpenSSL FIPS Provider for AlmaLinux 9 bits - 112200 bits bits - 112200 bits bits - 112256 bits © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 63
Sensitive security parameter
NameTypeDescriptionStrengthGenerationUse
KBKDF Derived KeySymmetric key - CSPSymmetric key derived from a key-derivation key112-4096 bits - 112- 256 bitsKey Derivatio n with KBKDFKey Derivation with KBKDF
HKDF Derived KeySymmetric key - CSPSymmetric key derived from a shared secret224-8192 bits - 112- 256 bitsKey Derivatio n with HKDFKey Derivation with HKDF
SSH Derived KeySymmetric key - CSPSymmetric key derived from a shared secret224-8192 bits - 112- 256 bitsKey Derivatio n with SSH KDFKey Derivation with SSH KDF
X9.63 Derived KeySymmetric key - CSPSymmetric key derived from a shared secret224-8192 bits - 112- 256 bitsKey Derivatio n with X9.63 KDFKey Derivation with X9.63 KDF
X9.42 Derived KeySymmetric key - CSPSymmetric key derived from a shared secret224-8192 bits - 112- 256 bitsKey Derivatio n with X9.42 KDFKey Derivation with X9.42 KDF
Password or passphras ePassword - CSPPassword or passphrase used by PBKDF to derive symmetric keys8-128 characters - N/APassword- based Key Derivation
PBKDF Derived KeySymmetric key - CSPKey derived from PBKDF password/passphr ase during key derivation112-4096 bits - 112- 256 bitsPassword -based Key Derivatio nPassword- based Key Derivation
KDA OneStep Derived KeySymmetric key - CSPSymmetric key derived from a shared secret224-8192 bits - 112- 256 bitsKey Derivatio n with KDA OneStepKey Derivation with KDA OneStep
TLS Derived KeySymmetric key - CSPDerived key used in Transport Layer Security (TLS) network protocol224-8192 bits - 112- 256 bitsTLS Key Derivatio n
Shared SecretShared Secret - CSPShared secret generated by ECDH/DH shared224-8912 bits - 112- 256 bitsShared Secret Computatio n with DHShared Secret Computati on with DH
secret computationsecret computationShared Secret Computatio n with ECDH Key Derivation with KDA OneStep Key Derivation with HKDF Key Derivation with SSH KDF TLS Key Derivation Key Derivation with X9.63 KDF Key Derivation with X9.42 KDFShared Secret Computati on with ECDH
Entropy inputEntropy Input - CSPEntropy input string used to seed the DRBG (IG D.L compliant)128-384 bits - 128- 384 bitsRandom Number Generation
DRGB seedSeed - CSPDRBG seed derived from entropy input (IG D.L compliant)CTR_DRBG: 256, 320, 348 bits; Hash_DRB G: 440, 888 bits; HMAC_DRB G: 160, 256, 512 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRB G, Hash_DRB G: 128, 256Random Number Generati onRandom Number Generation
DRBG internal state (V value, C value)Internal state - CSPInternal state of the Hash_DRBG (IG D.L compliant)880, 1776 bits - 128, 256 bitsRandom Number Generati onRandom Number Generation

OpenSSL FIPS Provider for AlmaLinux 9 bits - 112256 bits bits - 112256 bits bits - 112256 bits bits - 112256 bits bits - 112256 bits e - N/A bits - 112256 bits n Passwordbased Key bits - 112256 bits bits - 112256 bits n bits - 112256 bits Passwordbased Key © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 64

OpenSSL FIPS Provider for AlmaLinux 9 bits - 128384 bits G, © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 65
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseInputRelated SSPs
DRBG internal state (V value, Key)Internal state - CSPInternal state of the CTR_DRBG and HMAC_DRBG (IG D.L compliant)CTR_DRBG: 256, 320, 348 bits; HMAC_DRB G: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRB G: 128, 256Random Number Generati onRandom Number Generation
Intermedia te key generation valueIntermedia te value - CSPIntermediate key pair generation value generated during key generation and key derivation services (SP 800- 133r2 Section 4, 5.1, and 5.2)112-256 - 112-256 bitsKey Pair Generati on with RSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe PrimesKey Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe Primes
AES keyRAM:PlaintextFree cipher handle Module ResetAPI input parametersFrom service invocation until cipherhandle is freed
HMAC keyRAM:PlaintextFree cipher handle Module ResetAPI input parametersFrom service invocation until cipherhandle is freed
RSA private keyRAM:PlaintextFree cipher handle Module ResetAPI input parameters API output parametersFrom service invocation until cipherhandle is freedRSA Public key:Paired With Intermediate key generation value:Generated From
RSA public keyRAM:PlaintextFree cipher handleAPI input parametersFrom service invocation untilRSA private key:Paired With Intermediate key
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseInputRelated SSPs
DRBG internal state (V value, Key)Internal state - CSPInternal state of the CTR_DRBG and HMAC_DRBG (IG D.L compliant)CTR_DRBG: 256, 320, 348 bits; HMAC_DRB G: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRB G: 128, 256Random Number Generati onRandom Number Generation
Intermedia te key generation valueIntermedia te value - CSPIntermediate key pair generation value generated during key generation and key derivation services (SP 800- 133r2 Section 4, 5.1, and 5.2)112-256 - 112-256 bitsKey Pair Generati on with RSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe PrimesKey Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe Primes
AES keyRAM:PlaintextFree cipher handle Module ResetAPI input parametersFrom service invocation until cipherhandle is freed
HMAC keyRAM:PlaintextFree cipher handle Module ResetAPI input parametersFrom service invocation until cipherhandle is freed
RSA private keyRAM:PlaintextFree cipher handle Module ResetAPI input parameters API output parametersFrom service invocation until cipherhandle is freedRSA Public key:Paired With Intermediate key generation value:Generated From
RSA public keyRAM:PlaintextFree cipher handleAPI input parametersFrom service invocation untilRSA private key:Paired With Intermediate key

OpenSSL FIPS Provider for AlmaLinux 9 Table 20: SSP Table 1 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 66
Sensitive security parameter
NameGenerationStorageZeroizationOutputCipherhandle is freed
DH Private keyDH Public key:Paired With Intermediate key generation value:Generated FromRAM:PlaintextFree cipher handle Module ResetAPI input parameters API output parametersFrom service invocation until cipherhandle is freed
DH Public keyDH Private key:Paired With Intermediate key generation value:Generated FromRAM:PlaintextFree cipher handle Module ResetAPI input parameters API output parametersFrom service invocation until cipherhandle is freed
EC Private keyEC Public key:Paired With Intermediate key generation value:Generated FromRAM:PlaintextFree cipher handle Module ResetAPI input parameters API output parametersFrom service invocation until cipherhandle is freed
EC Public keyEC private key:Paired With Intermediate key generation value:Generated FromRAM:PlaintextFree cipher handle Module ResetAPI input parameters API output parametersFrom service invocation until cipherhandle is freed
Key Derivation KeyKBKDF Derived Key:DerivesRAM:PlaintextFree cipher handle Module ResetAPI input parametersFrom service invocation until cipherhandle is freed
KBKDF Derived KeyKey-derivation key:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until cipherhandle is freed
HKDF Derived KeyShared secret:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until cipherhandle is freed
SSH Derived KeyShared secret:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until
X9.63 Derived KeyShared secret:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until cipherhandle is freed
X9.42 Derived KeyShared secret:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until cipherhandle is freed
Password or passphrasePBKDF Derived Key:DerivesRAM:PlaintextFree cipher handle Module ResetAPI input parametersFrom service invocation until cipherhandle is freed
PBKDF Derived KeyPassword or passphrase:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until cipherhandle is freed
KDA OneStep Derived KeyShared secret:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until cipherhandle is freed
TLS Derived KeyShared secret:Derived FromRAM:PlaintextFree cipher handle Module ResetAPI output parametersFrom service invocation until cipherhandle is freed
Shared SecretDH private key:Established By DH public key:Established By EC private key:Established By EC public key:Established By HKDF Derived Key:Derives KDA OneStep Derived Key:Derives TLS Derived Key:Derives SSH Derived Key:DerivesRAM:PlaintextFree cipher handle Module ResetAPI input parameters API output parametersFrom service invocation until cipherhandle is freed

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 67

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 68
Sensitive security parameter
NameStorageZeroizationRelated SSPs X9.63 Derived Key:Derives X9.42 Derived Key:Derives
Entropy inputRAM:PlaintextAutomatic Module ResetFrom generation until DRBG seed is createdDRBG seed:Derives
DRGB seedRAM:PlaintextAutomatic Module ResetWhile the DRBG is instantiatedEntropy input:Derived From DRBG internal state (V value, C value):Generates DRBG internal state (V value, Key):Generates
DRBG internal state (V value, C value)RAM:PlaintextFree cipher handle Module ResetFrom DRBG instantiation until DRBG terminationDRBG seed:Generated From
DRBG internal state (V value, Key)RAM:PlaintextFree cipher handle Module ResetFrom DRBG instantiation until DRBG terminationDRBG seed:Generated From
Intermediate key generation valueRAM:PlaintextAutomaticFrom service invocation until cipherhandle is freedDH private key:Generates DH public key:Generates EC private key:Generates EC public key:Generates RSA private key:Generates RSA public key:Generates

OpenSSL FIPS Provider for AlmaLinux 9 Table 21: SSP Table 2

9.5 Transitions

The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 69
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
HMAC- SHA2-256 (A4060)HMAC- SHA2-256 (A4060)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.256-bits keyModule becomes operational and services are available for use
SHA-1 (A4059)SHA-1 (A4059)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A4079)SHA-1 (A4079)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A4080)SHA-1 (A4080)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
HMAC- SHA2-256 (A4060)HMAC- SHA2-256 (A4060)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.256-bits keyModule becomes operational and services are available for use
SHA-1 (A4059)SHA-1 (A4059)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A4079)SHA-1 (A4079)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A4080)SHA-1 (A4080)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the
SHA-1 (A4081)SHA-1 (A4081)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A4082)SHA-1 (A4082)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A4059)SHA2-512 (A4059)KATCASTMessage digestMessage digestModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A4079)SHA2-512 (A4079)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A4080)SHA2-512 (A4080)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A4081)SHA2-512 (A4081)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A4082)SHA2-512 (A4082)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA3-256 (A4055)SHA3-256 (A4055)KATCASTMessage digest32-bit messageModule becomes operationalTest runs at power-on before the
AES-GCM (A4067)AES-GCM (A4067)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4068)AES-GCM (A4068)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4069)AES-GCM (A4069)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4070)AES-GCM (A4070)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4071)AES-GCM (A4071)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4072)AES-GCM (A4072)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4073)AES-GCM (A4073)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4074)AES-GCM (A4074)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the
AES-GCM (A4075)AES-GCM (A4075)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4076)AES-GCM (A4076)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4077)AES-GCM (A4077)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4078)AES-GCM (A4078)KATCASTSymmetric operation256-bit key and 96-bit IV, encryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4067)AES-GCM (A4067)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4068)AES-GCM (A4068)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4069)AES-GCM (A4069)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4070)AES-GCM (A4070)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the
AES-GCM (A4071)AES-GCM (A4071)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4072)AES-GCM (A4072)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4073)AES-GCM (A4073)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4074)AES-GCM (A4074)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4075)AES-GCM (A4075)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4076)AES-GCM (A4076)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4077)AES-GCM (A4077)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A4078)AES-GCM (A4078)KATCASTSymmetric operation256-bit key and 96-bit IV, decryptModule becomes operationalTest runs at power-on before the
AES-ECB (A4054)AES-ECB (A4054)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4056)AES-ECB (A4056)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4057)AES-ECB (A4057)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4058)AES-ECB (A4058)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4061)AES-ECB (A4061)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4062)AES-ECB (A4062)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4063)AES-ECB (A4063)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4064)AES-ECB (A4064)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the
AES-ECB (A4065)AES-ECB (A4065)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A4066)AES-ECB (A4066)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-4) (A4059)RSA SigGen (FIPS186-4) (A4059)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-4) (A4079)RSA SigGen (FIPS186-4) (A4079)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-4) (A4080)RSA SigGen (FIPS186-4) (A4080)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-4) (A4081)RSA SigGen (FIPS186-4) (A4081)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-4) (A4082)RSA SigGen (FIPS186-4) (A4082)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-4) (A4059)RSA SigVer (FIPS186-4) (A4059)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256Module becomes operationalTest runs at power-on before the
and 2048- bit keyand 2048- bit keyintegrity test
RSA SigVer (FIPS186-4) (A4079)RSA SigVer (FIPS186-4) (A4079)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-4) (A4080)RSA SigVer (FIPS186-4) (A4080)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-4) (A4081)RSA SigVer (FIPS186-4) (A4081)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-4) (A4082)RSA SigVer (FIPS186-4) (A4082)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048- bit keyModule becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-4) (A4055)ECDSA SigGen (FIPS186-4) (A4055)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-4) (A4059)ECDSA SigGen (FIPS186-4) (A4059)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-4) (A4079)ECDSA SigGen (FIPS186-4) (A4079)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-4) (A4080)ECDSA SigGen (FIPS186-4) (A4080)KATCASTDigital signature generationSHA-256 and P-224, P-256, P-Module becomes operationalTest runs at power-on before the
384, and P- 521384, and P- 521integrity test
ECDSA SigGen (FIPS186-4) (A4081)ECDSA SigGen (FIPS186-4) (A4081)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-4) (A4082)ECDSA SigGen (FIPS186-4) (A4082)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-4) (A4055)ECDSA SigVer (FIPS186-4) (A4055)KATCASTDigital signature verificationSHA-256Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-4) (A4059)ECDSA SigVer (FIPS186-4) (A4059)KATCASTDigital signature verificationSHA-256Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-4) (A4079)ECDSA SigVer (FIPS186-4) (A4079)KATCASTDigital signature verificationSHA-256Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-4) (A4080)ECDSA SigVer (FIPS186-4) (A4080)KATCASTDigital signature verificationSHA-256Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-4) (A4081)ECDSA SigVer (FIPS186-4) (A4081)KATCASTDigital signature verificationSHA-256Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-4) (A4082)ECDSA SigVer (FIPS186-4) (A4082)KATCASTDigital signature verificationSHA-256Module becomes operationalTest runs at power-on before the
KDF SP800- 108 (A4084)KDF SP800- 108 (A4084)KATCASTKey Derivation with KBKDFHMAC- SHA2-256 in counter mode and 128-bit input keyModule becomes operationalTest runs at power-on before the integrity test
KDA OneStep SP800- 56Cr2 (A4051)KDA OneStep SP800- 56Cr2 (A4051)KATCASTShared secret key derivationSHA2-224 and 448-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDA HKDF Sp800- 56Cr1 (A4052)KDA HKDF Sp800- 56Cr1 (A4052)KATCASTShared secret key derivationSHA2-256 and 48-bit secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A4055)KDF ANS 9.42 (A4055)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A4059)KDF ANS 9.42 (A4059)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A4079)KDF ANS 9.42 (A4079)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A4080)KDF ANS 9.42 (A4080)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A4081)KDF ANS 9.42 (A4081)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1Module becomes operationalTest runs at power-on before the
and 160-bit input secretand 160-bit input secretintegrity test
KDF ANS 9.42 (A4082)KDF ANS 9.42 (A4082)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A4055)KDF ANS 9.63 (A4055)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A4059)KDF ANS 9.63 (A4059)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A4079)KDF ANS 9.63 (A4079)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A4080)KDF ANS 9.63 (A4080)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A4081)KDF ANS 9.63 (A4081)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A4082)KDF ANS 9.63 (A4082)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A4054)KDF SSH (A4054)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the
KDF SSH (A4064)KDF SSH (A4064)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A4065)KDF SSH (A4065)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A4066)KDF SSH (A4066)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A4059)TLS v1.2 KDF RFC7627 (A4059)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A4079)TLS v1.2 KDF RFC7627 (A4079)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A4080)TLS v1.2 KDF RFC7627 (A4080)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A4081)TLS v1.2 KDF RFC7627 (A4081)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A4082)TLS v1.2 KDF RFC7627 (A4082)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the
TLS v1.3 KDF (A4052)TLS v1.3 KDF (A4052)KATCASTTLS v1.3 KDF key derivationSHA2-256, extract and expand modesModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A4055)PBKDF (A4055)KATCASTPassword- based Key DerivationSHA2-256Module becomes operationalTest runs at power-on before the integrity test
PBKDF (A4059)PBKDF (A4059)KATCASTPassword- based Key DerivationSHA2-256Module becomes operationalTest runs at power-on before the integrity test
PBKDF (A4079)PBKDF (A4079)KATCASTPassword- based Key DerivationSHA2-256Module becomes operationalTest runs at power-on before the integrity test
PBKDF (A4080)PBKDF (A4080)KATCASTPassword- based Key DerivationSHA2-256Module becomes operationalTest runs at power-on before the integrity test
PBKDF (A4081)PBKDF (A4081)KATCASTPassword- based Key DerivationSHA2-256Module becomes operationalTest runs at power-on before the integrity test
PBKDF (A4082)PBKDF (A4082)KATCASTPassword- based Key DerivationSHA2-256Module becomes operationalTest runs at power-on before the integrity test
Counter DRBG (A4053)Counter DRBG (A4053)KATCASTInstantiate; Generate; Reseed (compliant to SP 800-AES-128 with derivation function andModule becomes operationalTest runs at power-on before the
prediction resistance90Arev1 Section 11.3)prediction resistanceintegrity test
Hash DRBG (A4053)Hash DRBG (A4053)KATCASTInstantiate; Generate; Reseed (compliant to SP 800- 90Arev1 Section 11.3)SHA2-256Module becomes operationalTest runs at power-on before the integrity test
HMAC DRBG (A4053)HMAC DRBG (A4053)KATCASTInstantiate; Generate; Reseed (compliant to SP 800- 90Arev1 Section 11.3)HMAC-SHA- 1Module becomes operationalTest runs at power-on before the integrity test
KAS-FFC- SSC Sp800- 56Ar3 (A4085)KAS-FFC- SSC Sp800- 56Ar3 (A4085)KATCASTShared secret computationffdhe2048Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A4059)KAS-ECC- SSC Sp800- 56Ar3 (A4059)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A4079)KAS-ECC- SSC Sp800- 56Ar3 (A4079)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A4080)KAS-ECC- SSC Sp800- 56Ar3 (A4080)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A4081)KAS-ECC- SSC Sp800- 56Ar3 (A4081)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A4082)KAS-ECC- SSC Sp800- 56Ar3 (A4082)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
Safe Primes Key Generation (A4085)Safe Primes Key Generation (A4085)PCTPCTSP 800- 56Arev3 Section 5.6.2.1.4N/AKey pair generation is successfulKey pair generation
RSA KeyGen (FIPS186-4) (A4059)RSA KeyGen (FIPS186-4) (A4059)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-4) (A4079)RSA KeyGen (FIPS186-4) (A4079)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-4) (A4080)RSA KeyGen (FIPS186-4) (A4080)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-4) (A4081)RSA KeyGen (FIPS186-4) (A4081)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-4) (A4082)RSA KeyGen (FIPS186-4) (A4082)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-4) (A4059)ECDSA KeyGen (FIPS186-4) (A4059)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-4) (A4079)ECDSA KeyGen (FIPS186-4) (A4079)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGenECDSA KeyGenPCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-4) (A4081)ECDSA KeyGen (FIPS186-4) (A4081)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-4) (A4082)ECDSA KeyGen (FIPS186-4) (A4082)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
HMAC-SHA2- 256 (A4060)HMAC-SHA2- 256 (A4060)Message authenticationSW/FW IntegrityOn demandManually
SHA-1 (A4059)SHA-1 (A4059)KATCASTOn DemandManually
SHA-1 (A4079)SHA-1 (A4079)KATCASTOn DemandManually
SHA-1 (A4080)SHA-1 (A4080)KATCASTOn DemandManually
SHA-1 (A4081)SHA-1 (A4081)KATCASTOn DemandManually
SHA-1 (A4082)SHA-1 (A4082)KATCASTOn DemandManually
SHA2-512 (A4059)SHA2-512 (A4059)KATCASTOn DemandManually
SHA2-512 (A4079)SHA2-512 (A4079)KATCASTOn DemandManually

OpenSSL FIPS Provider for AlmaLinux 9

10 Self-Tests
10.1 Pre-Operational Self-Tests

HMACSHA2-256 Table 22: Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is initialized, before the module transitions into the operational state. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully. Prior the first use, a CAST is executed for the algorithms used in the Pre-operational SelfTests.

10.2 Conditional Self-Tests

© 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 70

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 71

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 72

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 73

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 74

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 75

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 76

OpenSSL FIPS Provider for AlmaLinux 9 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 77

OpenSSL FIPS Provider for AlmaLinux 9 P-256, P384, and P521 P-256, P384, and P521 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 78

OpenSSL FIPS Provider for AlmaLinux 9 KDF SP800108 SP80056Cr2 Sp80056Cr1 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 79

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 80

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 81

OpenSSL FIPS Provider for AlmaLinux 9 Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 82

OpenSSL FIPS Provider for AlmaLinux 9 SP 80090Arev1 HMAC-SHA1 SP 80090Arev1 KAS-FFCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 83

OpenSSL FIPS Provider for AlmaLinux 9 KAS-ECCSSC Sp80056Ar3 N/A SP 80056Arev3 5.6.2.1.4 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 84
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
ECDSA KeyGen (FIPS186-4) (A4081)ECDSA KeyGen (FIPS186-4) (A4081)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-4) (A4082)ECDSA KeyGen (FIPS186-4) (A4082)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
HMAC-SHA2- 256 (A4060)HMAC-SHA2- 256 (A4060)Message authenticationSW/FW IntegrityOn demandManually
SHA-1 (A4059)SHA-1 (A4059)KATCASTOn DemandManually
SHA-1 (A4079)SHA-1 (A4079)KATCASTOn DemandManually
SHA-1 (A4080)SHA-1 (A4080)KATCASTOn DemandManually
SHA-1 (A4081)SHA-1 (A4081)KATCASTOn DemandManually
SHA-1 (A4082)SHA-1 (A4082)KATCASTOn DemandManually
SHA2-512 (A4059)SHA2-512 (A4059)KATCASTOn DemandManually
SHA2-512 (A4079)SHA2-512 (A4079)KATCASTOn DemandManually
SHA2-512 (A4080)SHA2-512 (A4080)KATCASTOn DemandManually
SHA2-512 (A4081)SHA2-512 (A4081)KATCASTOn DemandManually
SHA2-512 (A4082)SHA2-512 (A4082)KATCASTOn DemandManually
SHA3-256 (A4055)SHA3-256 (A4055)KATCASTOn DemandManually
AES-GCM (A4067)AES-GCM (A4067)KATCASTOn DemandManually
AES-GCM (A4068)AES-GCM (A4068)KATCASTOn DemandManually
AES-GCM (A4069)AES-GCM (A4069)KATCASTOn DemandManually
AES-GCM (A4070)AES-GCM (A4070)KATCASTOn DemandManually
AES-GCM (A4071)AES-GCM (A4071)KATCASTOn DemandManually
AES-GCM (A4072)AES-GCM (A4072)KATCASTOn DemandManually
AES-GCM (A4073)AES-GCM (A4073)KATCASTOn DemandManually
AES-GCM (A4074)AES-GCM (A4074)KATCASTOn DemandManually
AES-GCM (A4075)AES-GCM (A4075)KATCASTOn DemandManually
AES-GCM (A4076)AES-GCM (A4076)KATCASTOn DemandManually
AES-GCM (A4077)AES-GCM (A4077)KATCASTOn DemandManually
AES-GCM (A4078)AES-GCM (A4078)KATCASTOn DemandManually
AES-GCM (A4067)AES-GCM (A4067)KATCASTOn DemandManually
AES-GCM (A4068)AES-GCM (A4068)KATCASTOn DemandManually
AES-GCM (A4069)AES-GCM (A4069)KATCASTOn DemandManually
AES-GCM (A4070)AES-GCM (A4070)KATCASTOn DemandManually
AES-GCM (A4071)AES-GCM (A4071)KATCASTOn DemandManually
AES-GCM (A4072)AES-GCM (A4072)KATCASTOn DemandManually
AES-GCM (A4073)AES-GCM (A4073)KATCASTOn DemandManually
AES-GCM (A4074)AES-GCM (A4074)KATCASTOn DemandManually
AES-GCM (A4075)AES-GCM (A4075)KATCASTOn DemandManually
AES-GCM (A4076)AES-GCM (A4076)KATCASTOn DemandManually
AES-GCM (A4077)AES-GCM (A4077)KATCASTOn DemandManually
AES-GCM (A4078)AES-GCM (A4078)KATCASTOn DemandManually
AES-ECB (A4054)AES-ECB (A4054)KATCASTOn DemandManually
AES-ECB (A4056)AES-ECB (A4056)KATCASTOn DemandManually
AES-ECB (A4057)AES-ECB (A4057)KATCASTOn DemandManually
AES-ECB (A4058)AES-ECB (A4058)KATCASTOn DemandManually
AES-ECB (A4061)AES-ECB (A4061)KATCASTOn DemandManually
AES-ECB (A4062)AES-ECB (A4062)KATCASTOn DemandManually
AES-ECB (A4063)AES-ECB (A4063)KATCASTOn DemandManually
AES-ECB (A4064)AES-ECB (A4064)KATCASTOn DemandManually
AES-ECB (A4065)AES-ECB (A4065)KATCASTOn DemandManually
AES-ECB (A4066)AES-ECB (A4066)KATCASTOn DemandManually
RSA SigGen (FIPS186-4) (A4059)RSA SigGen (FIPS186-4) (A4059)KATCASTOn DemandManually
RSA SigGen (FIPS186-4) (A4079)RSA SigGen (FIPS186-4) (A4079)KATCASTOn DemandManually
RSA SigGen (FIPS186-4) (A4080)RSA SigGen (FIPS186-4) (A4080)KATCASTOn DemandManually
RSA SigGen (FIPS186-4) (A4081)RSA SigGen (FIPS186-4) (A4081)KATCASTOn DemandManually
RSA SigGen (FIPS186-4) (A4082)RSA SigGen (FIPS186-4) (A4082)KATCASTOn DemandManually
RSA SigVer (FIPS186-4) (A4059)RSA SigVer (FIPS186-4) (A4059)KATCASTOn DemandManually
RSA SigVer (FIPS186-4) (A4079)RSA SigVer (FIPS186-4) (A4079)KATCASTOn DemandManually
RSA SigVer (FIPS186-4) (A4080)RSA SigVer (FIPS186-4) (A4080)KATCASTOn DemandManually
RSA SigVer (FIPS186-4) (A4081)RSA SigVer (FIPS186-4) (A4081)KATCASTOn DemandManually
RSA SigVer (FIPS186-4) (A4082)RSA SigVer (FIPS186-4) (A4082)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-4) (A4055)ECDSA SigGen (FIPS186-4) (A4055)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-4) (A4059)ECDSA SigGen (FIPS186-4) (A4059)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-4) (A4079)ECDSA SigGen (FIPS186-4) (A4079)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-4) (A4080)ECDSA SigGen (FIPS186-4) (A4080)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-4) (A4081)ECDSA SigGen (FIPS186-4) (A4081)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-4) (A4082)ECDSA SigGen (FIPS186-4) (A4082)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-4) (A4055)ECDSA SigVer (FIPS186-4) (A4055)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-4) (A4059)ECDSA SigVer (FIPS186-4) (A4059)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-4) (A4079)ECDSA SigVer (FIPS186-4) (A4079)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-4) (A4080)ECDSA SigVer (FIPS186-4) (A4080)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-4) (A4081)ECDSA SigVer (FIPS186-4) (A4081)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-4) (A4082)ECDSA SigVer (FIPS186-4) (A4082)KATCASTOn DemandManually
KDF SP800-108 (A4084)KDF SP800-108 (A4084)KATCASTOn DemandManually
KDA OneStep SP800-56Cr2 (A4051)KDA OneStep SP800-56Cr2 (A4051)KATCASTOn DemandManually
KDA HKDF Sp800-56Cr1 (A4052)KDA HKDF Sp800-56Cr1 (A4052)KATCASTOn DemandManually
KDF ANS 9.42 (A4055)KDF ANS 9.42 (A4055)KATCASTOn DemandManually
KDF ANS 9.42 (A4059)KDF ANS 9.42 (A4059)KATCASTOn DemandManually
KDF ANS 9.42 (A4079)KDF ANS 9.42 (A4079)KATCASTOn DemandManually
KDF ANS 9.42 (A4080)KDF ANS 9.42 (A4080)KATCASTOn DemandManually
KDF ANS 9.42 (A4081)KDF ANS 9.42 (A4081)KATCASTOn DemandManually
KDF ANS 9.42 (A4082)KDF ANS 9.42 (A4082)KATCASTOn DemandManually
KDF ANS 9.63 (A4055)KDF ANS 9.63 (A4055)KATCASTOn DemandManually
KDF ANS 9.63 (A4059)KDF ANS 9.63 (A4059)KATCASTOn DemandManually
KDF ANS 9.63 (A4079)KDF ANS 9.63 (A4079)KATCASTOn DemandManually
KDF ANS 9.63 (A4080)KDF ANS 9.63 (A4080)KATCASTOn DemandManually
KDF ANS 9.63 (A4081)KDF ANS 9.63 (A4081)KATCASTOn DemandManually
KDF ANS 9.63 (A4082)KDF ANS 9.63 (A4082)KATCASTOn DemandManually
KDF SSH (A4054)KDF SSH (A4054)KATCASTOn DemandManually
KDF SSH (A4064)KDF SSH (A4064)KATCASTOn DemandManually
KDF SSH (A4065)KDF SSH (A4065)KATCASTOn DemandManually
KDF SSH (A4066)KDF SSH (A4066)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A4059)TLS v1.2 KDF RFC7627 (A4059)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A4079)TLS v1.2 KDF RFC7627 (A4079)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A4080)TLS v1.2 KDF RFC7627 (A4080)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A4081)TLS v1.2 KDF RFC7627 (A4081)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A4082)TLS v1.2 KDF RFC7627 (A4082)KATCASTOn DemandManually
TLS v1.3 KDF (A4052)TLS v1.3 KDF (A4052)KATCASTOn DemandManually
PBKDF (A4055)PBKDF (A4055)KATCASTOn DemandManually
PBKDF (A4059)PBKDF (A4059)KATCASTOn DemandManually
PBKDF (A4079)PBKDF (A4079)KATCASTOn DemandManually
PBKDF (A4080)PBKDF (A4080)KATCASTOn DemandManually
PBKDF (A4081)PBKDF (A4081)KATCASTOn DemandManually
PBKDF (A4082)PBKDF (A4082)KATCASTOn DemandManually
Counter DRBG (A4053)Counter DRBG (A4053)KATCASTOn DemandManually
Hash DRBG (A4053)Hash DRBG (A4053)KATCASTOn DemandManually
HMAC DRBG (A4053)HMAC DRBG (A4053)KATCASTOn DemandManually
KAS-FFC-SSC Sp800-56Ar3 (A4085)KAS-FFC-SSC Sp800-56Ar3 (A4085)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A4059)KAS-ECC-SSC Sp800-56Ar3 (A4059)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A4079)KAS-ECC-SSC Sp800-56Ar3 (A4079)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A4080)KAS-ECC-SSC Sp800-56Ar3 (A4080)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A4081)KAS-ECC-SSC Sp800-56Ar3 (A4081)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A4082)KAS-ECC-SSC Sp800-56Ar3 (A4082)KATCASTOn DemandManually
Safe Primes Key Generation (A4085)Safe Primes Key Generation (A4085)PCTPCTOn DemandManually
Safe Primes Key Generation (A4085)Safe Primes Key Generation (A4085)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-4) (A4059)RSA KeyGen (FIPS186-4) (A4059)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-4) (A4079)RSA KeyGen (FIPS186-4) (A4079)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-4) (A4080)RSA KeyGen (FIPS186-4) (A4080)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-4) (A4081)RSA KeyGen (FIPS186-4) (A4081)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-4) (A4082)RSA KeyGen (FIPS186-4) (A4082)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-4) (A4059)ECDSA KeyGen (FIPS186-4) (A4059)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-4) (A4079)ECDSA KeyGen (FIPS186-4) (A4079)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-4) (A4080)ECDSA KeyGen (FIPS186-4) (A4080)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-4) (A4081)ECDSA KeyGen (FIPS186-4) (A4081)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-4) (A4082)ECDSA KeyGen (FIPS186-4) (A4082)PCTPCTOn DemandManually

OpenSSL FIPS Provider for AlmaLinux 9 Table 23: Conditional Self-Tests Data output through the data output interface is inhibited during the conditional self-tests. The module does not return control to the calling application until the tests are completed. If any of these tests fails, the module transitions to the error state (Section 10.4 Error States).

10.3 Periodic Self-Test Information

Table 24: Pre-Operational Periodic Information © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 85

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 86

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 87

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 88

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 89

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 90

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 91

OpenSSL FIPS Provider for AlmaLinux 9 © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 92

OpenSSL FIPS Provider for AlmaLinux 9 Table 25: Conditional Periodic Information © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 93
Service
NameDescriptionRole AccessIndicator
ErrorIf the module fails any of the self- tests, the module enters the error state. In the error state, the module immediately stops functioning and ends the application processSoftware integrity test failure CAST failureOSSL_PROV_PARAM_STATUS is set to 0. Module will not load.Module reinitialization
PCT ErrorPairwise consistency test failurePCT failureModule is abortedModule reinitialization

OpenSSL FIPS Provider for AlmaLinux 9

10.4 Error States

Table 26: Error States the data output interface is inhibited, and the module no longer accepts inputs or requests (as the module is no longer running)

10.5 Operator Initiation of Self-Tests

Both conditional and pre-operational self-tests can be executed on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. The pair-wise consistency tests can be invoked on demand by requesting the key pair generation service. © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 94

OpenSSL FIPS Provider for AlmaLinux 9

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module is distributed as a part of the AlmaLinux 9 OpenSSL package in the form of the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package. Before the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package is installed, the AlmaLinux 9 system must operate in the FIPS validated configuration. This can be achieved by switching the system into the FIPS-validated configuration after the installation. Execute the openssl list -providers command. Restart the system. The Crypto Officer must verify the AlmaLinux 9 system operates in the FIPS-validated configuration by executing the fips-mode-setup –check command, which should output “FIPS mode is enabled.”

11.2 Administrator Guidance

After the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package is installed, the Crypto Officer must execute the openssl list -providers command. This command should display the base/default and FIPS providers as follows: Providers base name: OpenSSL Base Provider version: 3.0.7 status: active default name: OpenSSL Default Provider version: 3.0.7 status: active fips name: OpenSSL FIPS Provider for AlmaLinux 9 version: 3.0.7-1d2bd88ee26b3c90 status: active The cryptographic boundary consists only of the FIPS provider as listed. If any other OpenSSL or third-party provider is invoked, the user is not interacting with the module specified in this Security Policy.

11.3 Non-Administrator Guidance

There is no administrator guidance.

11.4 Design and Rules
11.5 Maintenance Requirements

Not applicable © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 95

OpenSSL FIPS Provider for AlmaLinux 9

11.6 End of Life

As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the openssl-libs-3.0.7-20.el9_2.tuxcare.1 RPM package can be uninstalled from the AlmaLinux 9 system © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 96

OpenSSL FIPS Provider for AlmaLinux 9

12 Mitigation of Other Attacks
12.1 Attack List

Certain cryptographic subroutines and algorithms are vulnerable to timing analysis. The module claims mitigation of timing-based side-channel attacks implementing two methods: Constant-time Implementations and Numeric Blinding:

Page 97

OpenSSL FIPS Provider for AlmaLinux 9 Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard API Application Programming Interface CAST Cryptographic Algorithm Self-Test CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CKG Cryptographic Key Generation CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter DH Diffie-Hellman DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithm EVP Envelope FFC Finite Field Cryptography FIPS Federal Information Processing Standards GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HKDF HMAC-based Key Derivation Function HMAC Keyed-Hash Message Authentication Code IKE Internet Key Exchange KAS Key Agreement Scheme KAT Known Answer Test KBKDF Key-based Key Derivation Function KW Key Wrap KWP Key Wrap with Padding MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PCT Pair-wise Consistency Test PBKDF2 Password-based Key Derivation Function v2 PSS Probabilistic Signature Scheme RSA Rivest, Shamir, Adleman © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 98

OpenSSL FIPS Provider for AlmaLinux 9 SHA Secure Hash Algorithm SSC Shared Secret Computation SSH Secure Shell SSP Sensitive Security Parameter TLS Transport Layer Security XOF Extendable Output Function XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 99

OpenSSL FIPS Provider for AlmaLinux 9 Appendix B. References ANS X9.42-2001 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9422001 ANS X9.63-2001 Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 FIPS 140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program March 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-modulevalidation-program/documents/fips%20140-3/FIPS%201403%20IG.pdf FIPS 180-4 Secure Hash Standard (SHS) August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 100

OpenSSL FIPS Provider for AlmaLinux 9 FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) May 2003 https://www.ietf.org/rfc/rfc3526.txt RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS August 2008 https://www.ietf.org/rfc/rfc5288.txt RFC 7919 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) August 2016 https://www.ietf.org/rfc/rfc7919.txt RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 August 2018 https://www.ietf.org/rfc/rfc8446.txt SP 800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800140B.pdf SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38a-add.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 101

OpenSSL FIPS Provider for AlmaLinux 9 SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038b.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality July 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38d.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -38e.pdf SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038F.pdf SP 800-52r2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80052r2.pdf SP 800-56Ar3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Ar3.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 102

OpenSSL FIPS Provider for AlmaLinux 9 SP 800-56Cr1 Recommendation for Key-Derivation Methods in Key-Establishment Schemes April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Cr1.pdf SP 800-56Cr2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Cr2.pdf SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090Ar1.pdf SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090B.pdf SP 800-108r1 NIST Special Publication 800-108r1 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800108r1.pdf SP 800-132 Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -132.pdf SP 800-133r2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800133r2.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Page 103

OpenSSL FIPS Provider for AlmaLinux 9 SP 800-135r1 Recommendation for Existing Application-Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800 -135r1.pdf © 2024 Cloudlinux Inc., TuxCare division/atsec information security corporation.

Referenced URLs