| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 11/12/2026 |
| Caveat | Interim validation. When configured as specified in Section 11.2 of the Security Policy. No assurance of the minimum strength of generated SSPs |
| Vendor | Hewlett Packard Enterprise |
flowchart LR
%% Deterministic review-risk graph for Hewlett Packard Enterprise OpenSSL 3 Provider
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Hewlett Packard Enterprise OpenSSL 3 Provider
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Hewlett Packard Enterprise Hewlett Packard Enterprise OpenSSL 3 Provider Software version: 3.1.4a Document version: 0.8
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1: Security Levels | 6 |
| Table 2: Tested Module Identification – Hardware | 9 |
| Table 3: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) | 9 |
| Table 4: Tested Module Identification – Hybrid Disjoint Hardware | 9 |
| Table 5: Tested Operational Environments - Software, Firmware, Hybrid | 10 |
| Table 6: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid | 15 |
| Table 7: Modes List and Description | 15 |
| Table 8 Approved Algorithms | 18 |
| Table 9: Vendor-Affirmed Algorithms | 19 |
| Table 10: Security Function Implementations | 20 |
| Table 11: Key Generation | 22 |
| Table 12: Key Establishment | 22 |
| Table 13: Ports and Interfaces | 24 |
| Table 14: Roles | 25 |
| Table 15: Approved Services | 28 |
| Table 16: Non-Approved Services | 28 |
| Table 17: Storage Areas | 34 |
| Table 18: SSP Input-Output Methods | 34 |
| Table 19: SSP Zeroization Methods | 34 |
| Table 20: SSP Table 1 | 37 |
| Table 21: SSP Table 2 | 39 |
| Table 22: Pre-Operational Self-Tests | 40 |
| Table 23: Conditional Self-Tests | 42 |
| Table 24: Error States | 43 |
| Figure 1: Block Diagram | 9 |
This section describes:
1 and how to place and maintain the module in the secure FIPS 140-3 mode. This policy was
prepared as part of the FIPS 140-3 Level 1 validation of the product. FIPS 140-3 (Federal Information Processing Standards Publication 140-3, Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. FIPS 140-3 aligns with ISO/IEC 19790:2012(E) and includes modifications of the Annexes that are allowed to the Cryptographic Module Validation Program (CMVP), as a validation authority. The testing for these requirements will be in accordance with ISO/IEC 24759:2017(E), with the modifications, additions or deletions of vendor evidence and testing allowed as a validation authority under paragraph 5.2. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) website at: https://csrc.nist.gov/projects/cryptographic-module-validation-program In addition, in this document, the Hewlett Packard Enterprise OpenSSL 3 Provider Module is referred to as the module, the cryptographic module, and HPE OpenSSL. This document may be freely reproduced and distributed whole and intact including the license required. © 2024 Hewlett Packard Enterprise Company. Hewlett Packard Enterprise Company trademarks include HPE Aruba Networking®, HPE Aruba Wireless Networks®, the registered HPE Aruba Networking the Mobile Edge Company logo, HPE Aruba Networking Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, respective owners. HPE Aruba Networking is a Hewlett Packard Enterprise company.
Open Source Code Certain Hewlett Packard Enterprise Company products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: https://www.arubanetworks.com/open_source Legal Notice The use of HPE Aruba Networking switching platforms and software or firmware, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, HPE Aruba Networking. from any and all legal actions that might be taken against it with respect Acronyms and Abbreviations AES Advanced Encryption Standard CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCCS Canadian Centre for Cyber Security, a branch of CSE CMVP Cryptographic Module Validation Program CO Crypto Officer CSE Communications Security Establishment CSP Critical Security Parameter HMAC Hashed Message Authentication Code KAT Known Answer Test PCT Pairwise Consistency Test PSP Public Security Parameter SHA Secure Hash Algorithm SSP Sensitive Security Parameter
More information is available from the following sources:
Purpose and Use: The Hewlett Packard Enterprise OpenSSL 3 Provider Module (also referred to as ‘the module’) is a software type cryptographic module and was validated under FIPS 140-3 Level 1 requirements. The Hewlett Packard Enterprise OpenSSL 3 Provider Module is one of the components within a variety of Hewlett Packard Enterprise and HPE Aruba Networking products, including the Aruba Mobility Conductors, Mobility Controllers/Gateways, and controller-managed HPE Aruba Networking Access Points (APs) running the HPE ANW Wireless Operating System (AOS) operating system running on the HPE Aruba Networking hardware-based equipment or HPE Aruba Networking virtual appliances. The module provides cryptographic services for these products and is installed automatically as part of the product’s software package. For HPE Aruba Networking products, software is installed by HPE Aruba Networking technical support personnel or downloaded from the HPE Aruba Networking Support Portal (ASP) by authenticated licensed customer personnel. Hewlett Packard Enterprise's development processes are such that future releases under Hewlett Packard Enterprise OpenSSL 3 Provider Module should be FIPS validate-able and meet the claims made in this document. Only the versions that explicitly appear on the certificate, however, are formally validated. Any version of this module that is not shown on the module certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. The CMVP makes no claim as to the correct operation of the module or the security strengths of the generated keys when operating under a version that is not listed on the validation certificate. Module Type: Software Module Embodiment: Multichip Standalone Module Characteristics: Cryptographic Boundary: The Hewlett Packard Enterprise OpenSSL 3 Provider Module is comprised of a single component, which is a dynamically loadable OpenSSL 3 provider. The boundary of the module is defined as the shared library file, which on Unix/Linux is fips.so. Tested Operational Environment’s Physical Perimeter (TOEPP): The physical perimeter is the production grade enclosure of the hardware chassis of the HPE or HPE Aruba Networking hardware device or virtual appliance host.
HPE or HPE Aruba Networking Hardware or Virtual Appliance Host Operating System Module Boundary API fips.so Data In Data Out Control In Status Out Hardware Storage Volatile Network CPU Memory Figure 1: Block Diagram
Tested Module Identification
Tested Operational Environments - Software, Firmware, Hybrid: Operating Hardware Processors PAA/PAI Hypervisor Version(s) System Platform or Host OS Ubuntu 22.04 HPE ProLiant Intel® Xeon® Yes VMWare 3.1.4a ML 110 Silver 4110 ESXi 6.7 Gen10 (Skylake) Ubuntu 22.04 HPE ProLiant Intel® Xeon® No VMWare 3.1.4a ML 110 Silver 4110 ESXi 6.7 Gen10 (Skylake) Table 5: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: Operating System Hardware Platform HPE ANW CX Switch Operating System 4100i (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 5420 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 6100 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 6200F (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 6200M (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 6300 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 6400 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 8100 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 8360 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 8320 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 8325 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 8325H (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 8325P (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 8400 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 9300 (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 9300S (AOS-CX) 10.16 or later HPE ANW CX Switch Operating System 10000 (AOS-CX) 10.16 or later
Operating System Hardware Platform HPE ANW CX Switch Operating System 10040 (AOS-CX) 10.16 or later HPE ANW EdgeConnect Operating System EC-XS (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-US (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-10104 (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-XS (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-XS (2020) (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-10106 (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-10108 (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-S (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-S-P (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-M (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-M-P (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-M-H (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-L, EC-L-NM (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-L-P, EC-L-P-NM (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-XL-P, EC-XL-P-NM (10G) (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-XL-P, EC-XL-P-NM (25G) (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-L-H (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-XL-H (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-10150 (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-V (AOS-EC) 9.7 or later HPE ANW EdgeConnect Operating System EC-V (AOS-EC) 9.7 or later running on VMware ESXi/ESX 6.7 HPE ANW EdgeConnect Operating System EC-V (AOS-EC) 9.7 or later running on VMware ESXi/ESX 7.0
Operating System Hardware Platform HPE ANW EdgeConnect Operating System EC-V (AOS-EC) 9.7 or later running on Red Hat KVM 8.x HPE ANW EdgeConnect Operating System EC-V (AOS-EC) 9.7 or later running on KVM, QEMU 4.x HPE ANW EdgeConnect Operating System EC-V (AOS-EC) 9.7 or later running on Microsoft Hyper V 10.0 HPE ANW EdgeConnect Operating System EC-V (AOS-EC) 9.7 or later running on Citrix Xen Server 8.1.0 HPE ANW Orchestrator 9.6 or later running on Orchestrator on-prem VMware ESXi/ESX 6.7 HPE ANW Networking Orchestrator 9.6 or Orchestrator on-prem later running on VMware ESXi/ESX 7.0 HPE ANW Networking Orchestrator 9.6 or Orchestrator on-prem later running on Red Hat KVM 8.x HPE ANW Networking Orchestrator 9.6 or Orchestrator on-prem later running on KVM, QEMU 4.x HPE ANW Networking Orchestrator 9.6 or Orchestrator on-prem later running on Microsoft Hyper V 10.0 HPE ANW Networking Orchestrator 9.6 or Orchestrator on-prem later running on Citrix Xen Server 8.1.0 HPE ANW Wireless Operating System (AOS) AP-51x and AP-57x Wireless Access Points 8.13 HPE ANW Wireless Operating System (AOS) AP-50x and AP-56x Wireless Access Points 8.13 HPE ANW Wireless Operating System (AOS) AP-53x, AP-555, AP-58x, and AP-63x
HPE ANW Wireless Operating System (AOS) AP-515 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-535 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-605 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-610 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-615 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-630 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-635 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-650 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-655 Wireless Access Point 8.13
Operating System Hardware Platform HPE ANW Wireless Operating System (AOS) AP-670 Wireless Access Point 8.13 HPE ANW WIreless Operating System (AOS) AP-725 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-73x Wireless Access Points 8.13 HPE ANW Wireless Operating System (AOS) AP-745 Wireless Access Point 8.13 HPE ANW Wireless Operating System (AOS) AP-75x Wireless Access Points 8.13 HPE ANW Wireless Operating System (AOS) AP-76x Wireless Access Points 8.13 HPE ANW Wireless Operating System (AOS) 70xx Mobility Controllers 8.13 HPE ANW Wireless Operating System (AOS) 72xx Mobility Controllers 8.13 HPE ANW Wireless Operating System (AOS) 7220 Mobility Controller 8.13 HPE ANW Wireless Operating System (AOS) 90xx Gateways 8.13 HPE ANW WIreless Operating System (AOS) 9106 Gateways 8.13 HPE ANW Wireless Operating System (AOS) 92xx Gateways 8.13 HPE ANW Wireless Operating System (AOS) 9012 Gateway 8.13 HPE ANW Wireless Operating System (AOS) MCR-HW-5K Mobility Conductor Hardware
HPE ANW Wireless Operating System (AOS) MC-VA-50 Mobility Controller Virtual
HPE ANW Wireless Operating System (AOS) MCR-HW-xxx Mobility Conductor Hardware
HPE ANW Wireless Operating System (AOS) MC-VA-xxx Mobility Controller Virtual
8.13 Appliances on HPE ProLiant ML110 Gen10
HPE ANW Wireless Operating System (AOS) MCR-VA-xxx Mobility Conductor Virtual
8.13 Appliances on HPE ProLiant ML110 Gen10
HPE ANW Wireless Operating System (AOS) Virtual Appliances on HPE EdgeLine 20 8.13 HPE ANW Wireless Operating System (AOS) Virtual Appliances on PacStar PS451-1258
HPE ANW Wireless Operating System (AOS) Virtual Appliances on device running an
8.13 equivalent Intel processor (Intel Atom, i5, i7,
or Xeon) HPE ANW Wireless Operating System (AOS) AP-51x and AP-57x Wireless Access Points 10.8 HPE ANW Wireless Operating System (AOS) AP-50x and AP-56x Wireless Access Points 10.8 HPE ANW Wireless Operating System (AOS) AP-53x, AP-555, AP-58x, and AP-
Operating System Hardware Platform HPE ANW Wireless Operating System (AOS) AP-515 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-535 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-605 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-610 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-615 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-630 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-635 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-650 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-655 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-670 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-72xH Wireless Access Points 10.8 HPE ANW Wireless Operating System (AOS) AP-725 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-73x Wireless Access Points 10.8 HPE ANW Wireless Operating System (AOS) AP-745 Wireless Access Point 10.8 HPE ANW Wireless Operating System (AOS) AP-75x Wireless Access Points 10.8 HPE ANW Wireless Operating System (AOS) AP-76x Wireless Access Points 10.8 HPE ANW Wireless Operating System (AOS) 70xx Mobility Controllers 10.8 HPE ANW Wireless Operating System (AOS) 72xx Mobility Controllers 10.8 HPE ANW Wireless Operating System (AOS) 7220 Mobility Controller 10.8 HPE ANW Wireless Operating System (AOS) 90xx Gateways 10.8 HPE ANW Wireless Operating System (AOS) 92xx Gateways 10.8 HPE ANW Wireless Operating System (AOS) 91xx Gateways 10.8 HPE ANW Wireless Operating System (AOS) MCR-HW-5K Mobility Conductor Hardware
HPE ANW Wireless Operating System (AOS) MC-VA-50 Mobility Controller Virtual
Operating System Hardware Platform HPE ANW Wireless Operating System (AOS) MCR-HW-xxx Mobility Conductor Hardware
HPE ANW Wireless Operating System (AOS) MC-VA-xxx Mobility Controller Virtual
10.8 Appliances on HPE ProLiant ML110 Gen10
HPE ANW Wireless Operating System (AOS) MCR-VA-xxx Mobility Conductor Virtual
10.8 Appliances on HPE ProLiant ML110 Gen10
HPE ANW Wireless Operating System (AOS) Virtual Appliances on HPE EdgeLine 20 10.8 HPE ANW Wireless Operating System (AOS) Virtual Appliances on PacStar PS451-1258
HPE ANW Wireless Operating System (AOS) Virtual Appliances on device running an
10.8 equivalent Intel processor (Intel Atom, i5, i7,
or Xeon) SW Version 5.3.0 and later HPE StoreOnce 3720 SW Version 5.3.0 and later HPE StoreOnce 3760 SW Version 5.3.0 and later HPE StoreOnce 5720 SW Version 5.3.0 and later HPE StoreOnce 7700 SW Version 5.3.0 and later HPE StoreOnce 3660 SW Version 5.3.0 and later HPE StoreOnce 5260 SW Version 5.3.0 and later HPE StoreOnce 5660 SW Version 5.3.0 and later HPE Alletra Storage MP X10000 data protection accelerator node Table 6: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.
Not Applicable
Modes List and Description: Name Description Type Status Indicator Approved Mode When configured per Approved Successful service the administrator completion. guidance, the module only supports approved services. Table 7: Modes List and Description When configured per section 11.2 Administrator Guidance, the module only supports approved services in an approved manner.
Mode Change Instructions and Status: Not Applicable
Approved Algorithms: CAVP Algorithm Mode/Method Description/Key Use/Function Cert and Size/Key Standard Strength A4803 AES-CBC AES 128,192,256 bits Data Encryption/ Decryption A4803 AES-CCM AES 128,192,256 bits Data Encryption/ Decryption A4803 AES- AES 128,192,256 bits Data Encryption/ CFB128 Decryption A4803 AES-CFB8 AES 128,192,256 bits Data Encryption/ Decryption A4803 AES-CMAC AES 128,192,256 bits Message Authentication A4803 AES-CTR AES 128-256 bits DRBG A4803 AES-ECB AES 128,192,256 bits Data Encryption/ Decryption A4803 AES-GCM AES 128,192,256 bits Data Encryption/ Decryption A4803 AES-GMAC AES 128,192,256 bits Message Authentication A4803 AES-KW AES 128,192,256 bits Key Transport A4803 AES-KWP AES 128,192,256 bits Key Transport A4803 AES-OFB AES 128,192,256 bits Data Encryption/ Decryption A4803 AES-XTS AES 128,256 bits Data Encryption/ Testing Decryption Revision 2.0 A4803 Counter Counter 128,192,256 bits Generate random DRBG DRBG numbers with SP80090A Rev 1 A4803 ECDSA ECDSA ≥ 112 bits Generate an KeyGen KeyGen asymmetric keypair (FIPS186-4) (FIPS186 A4803 ECDSA ECDSA ≥ 112 bits Verify an KeyVer KeyVer asymmetric keypair (FIPS186-4) (FIPS186 parameters
CAVP Algorithm Mode/Method Description/Key Use/Function Cert and Size/Key Standard Strength A4803 ECDSA ECDSA ≥ 112 bits Generate digital SigGen SigGen signatures (FIPS186-4) (FIPS186 A4803 ECDSA ECDSA ≥ 112 bits Verify digital signatures SigVer SigVer (FIPS186-4) (FIPS186 A4803 HMAC- HMAC 224 bits Message SHA2-224 Authentication A4803 HMAC- HMAC 256 bits Message SHA2-256 Authentication A4803 HMAC- HMAC 384 bits Message SHA2-384 Authentication A4803 HMAC- HMAC 512 bits Message SHA2-512 Authentication A4803 HMAC- HMAC 224 bits Message SHA3-224 Authentication A4803 HMAC- HMAC 256 bits Message SHA3-256 Authentication A4803 HMAC- HMAC 384 bits Message SHA3-384 Authentication A4803 HMAC- HMAC 512 bits Message SHA3-512 Authentication A4803 KAS-ECC KAS 112 to 256 bits Shared Secret CDH- Computation Component SP80056Ar3 A4803 KAS-ECC- KAS 112 to 256 bits Shared Secret SSC Sp800- Computation 56Ar3 A4803 KAS-FFC- KAS 112 to 200 bits Shared Secret SSC Sp800- Computation 56Ar3 A4803 KDA HKDF KDA HKDF ≥ 112 bits Key Derivation SP800- SP800 Function 56Cr2 A4803 KDA KDA OneStep ≥ 112 bits Key Derivation OneStep SP800 Function SP80056Cr2 A4803 KDA KDA TwoStep ≥ 112 bits Key Derivation TwoStep SP800 Function SP80056Cr2 A4803 KDF KMAC KDF KMAC ≥ 112 bits Message Sp800-108r1 Sp800 Authentication
CAVP Algorithm Mode/Method Description/Key Use/Function Cert and Size/Key Standard Strength A4803 KDF SP800- KDF SP800 ≥ 112 bits Key Derivation A4803 KDF SSH KDF SSH ≥ 112 bits Key Derivation Function A4803 KMAC-128 KMAC 128 bits Message Authentication A4803 KMAC-256 KMAC 256 bits Message Authentication A4803 PBKDF PBKDF ≥ 112 bits Perform key derivation A4803 RSA RSA KeyGen 2048 bits Generate RSA key pair KeyGen (FIPS186 (FIPS186-4) A4803 RSA SigGen RSA SigGen 128-256 bits Generate RSA digital (FIPS186-4) (FIPS186 signatures A4803 RSA SigVer RSA SigVer 128-256 bits Verify RSA digital (FIPS186-4) (FIPS186 signatures A4803 RSA RSA Signature 128-256 bits Generate RSA digital Signature Primitive signatures Primitive A4803 SHA2-224 SHA2 224 bits Message Digest A4803 SHA2-256 SHA2 256 bits Message Digest A4803 SHA2-384 SHA2 384 bits Message Digest A4803 SHA2-512 SHA2 512 bits Message Digest A4803 SHA3-224 SHA3 224 bits Message Digest A4803 SHA3-256 SHA3 256 bits Message Digest A4803 SHA3-384 SHA3 384 bits Message Digest A4803 SHA3-512 SHA3 512 bits Message Digest A4803 SHAKE-128 SHAKE 128 bits Message Digest A4803 SHAKE-256 SHAKE 256 bits Message Digest A4803 Safe Primes Safe Primes ≥ 112 bits Safe Primes Key Key Key Generation Generation Generation A4803 Safe Primes Safe Primes ≥ 112 bits Safe Primes Key Key Key Verification Verification Verification A4803 TLS v1.2 TLS v1.2 KDF ≥ 112 bits Key Derivation KDF RFC7627 Function RFC7627 A4803 TLS v1.3 TLS v1.3 KDF ≥ 112 bits Key Derivation KDF Function Table 8 Approved Algorithms Vendor-Affirmed Algorithms:
Name Properties Implementation Reference CKG Symmetric keys, seeds - SP 800-133r2 section for asymmetric keys 4 Table 9: Vendor-Affirmed Algorithms The module does not implement any non-approved but allowed algorithms. The module does not implement any non-approved but allowed algorithms with no security claimed. The module does not implement any non-approved, not allowed algorithms.
Name Type Description Properties Algorithms Data AES Encrypt or Provides 128 to 256 CBC, CFB128, CFB8, Encryption, decrypt data bits of strength OFB, XTS, ECB, CTR, Decryption GCM, CCM, KW, KWP Key Derivation PBKDF, Perform key Provides ≥ 112 bits SSH, TLS v1.2 RFC Function KBKDF, derivation 7627, TLS v1.3, KDA, CVL using a key PBKDF, KBKDF, KDA derivation function Deterministic DRBG Generate Provides 128 to 256 CTR DRBG Random Bit random bits of strength Generation numbers with SP800-90A Rev 1 Digital RSA, Generate or Provides 128 to 256 RSA Sig Gen, RSA Sig Signature ECDSA verify RSA or bits of strength Ver, ECDSA Sig Gen, ECDSA ECDSA Sig Ver digital signatures Message AES, Generate or Provides ≥ 112 bits CMAC Gen, GMAC Authentication HMAC, verify data Gen, HMAC Gen, KMAC integrity KMAC Gen Shared Secret KAS-SSC- Perform key Provides 112 to 256 KAS-ECC-SSC, KASComputation ECC agreement bits of strength ECC CDH-Component primitives on behalf of the calling process (does not establish keys into the module) Shared Secret KAS-SSC- Perform key Provides 112 to 200 KAS-FFC-SSC Computation FFC agreement bits of strength primitives on
Name Type Description Properties Algorithms behalf of the calling process (does not establish keys into the module) Key RSA, Generate Provides ≥ 112 bits RSA Key Gen, ECDSA Generation ECDSA, and verify an Key Gen, ECDSA Key SafePrimes asymmetric Ver, Safe Prime Gen, keypair and Safe Prime Ver DH parameters Key Transport KTS AES Provides 128 to 256 GCM, CCM, KW, KWP bits of strength or AES CBC, CFB128, CFB8, OFB, ECB, CTR with HMAC or CMAC Message SHS, SHA- Generate a Provides 112 to 256 SHA2-224, SHA2-256, digest 3, SHAKE message bits of strength SHA2-384, SHA2-512, digest SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE-128, SHAKETable 10: Security Function Implementations
TLS and SSH No parts of the TLS or SSH protocols, other than the KDF, have been reviewed or tested by the CAVP and CMVP. AES GCM The module supports AES-GCM in the context of TLS 1.2 and TLS 1.3. The module’s implementation of AES-GCM is used together with an application that runs outside the module’s cryptographic boundary. For TLS v1.2, the module’s GCM implementation is compatible with RFC 5288 and the ciphersuites from section 3.3.1 of SP 800-52 rev 2. When the counter (nonce_explicit) part of the IV exhausts the maximum number of possible values for session key, the module will return an error, triggering a handshake to establish a new encryption key. For TLS v1.3, the module’s GCM implementation is compatible with RFC 8446. The module also supports randomly generated IVs. The IV is generated using the module’s Approved DRBG and the minimum length of the IV is 96 bits. If power on the host system is lost, the operator must reestablish new keys. AES XTS
When XTS keys are loaded the module performs a key check per IG C.I to ensure that Key_1 ≠ Key_2. PBKDF The module's implementation of PBKDF,
The module receives entropy passively via a callback per IG 9.3.A scenario 2 (b). The caveat 'No assurance of the minimum strength of generated SSPs' applies. The callback must provide a minimum of 112 bits of entropy or return an error if this minimum cannot be met.
Name Type Properties RSA Key CKG Key Type: Asymmetric FIPS 186-4 B.3.6 EC Key CKG Key Type: Asymmetric SP 800-56A rev 3 5.6.1.2.2, FIPS 186-4 B.4.2 FFC Key CKG Key Type: Asymmetric SP800-56A rev 3 5.6.1.1.4 Table 11: Key Generation Key generation is provided as a service to the calling application. Generated keys are not used directly by the module.
Name Type Properties AEAD KTS-Wrap Cipher: AES-GCM, AES-CCM Key sizes: 128, 192, 256 Cipher KTS-Wrap Cipher: AES ECB, CBC, OFB, CFB 8, CFB 128, CTR CMAC Authentication: AES-CMAC Key sizes: 128, 192, 256 Cipher KTS-Wrap Cipher: AES ECB, CBC, OFB, CFB 8, CFB 128, CTR HMAC Authentication: HMAC with SHA2-224, 256, 384, 512, SHA3224, 256, 384, 512 Key sizes: 128, 192, 256 KW/KWP KTS-Wrap Cipher Modes: KW, KWP Key sizes: 128, 192, 256 ECDH KAS-ECC- Domain Parameter Generation Methods: P-224, P-256, P-384, SSC P-521 Scheme: ephemeralUnified KAS Role: initiator, responder DH KAS-FFC- Domain Parameter Generation Methods: ffdhe2048, ffdhe3072, SSC ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Scheme: dhEphem KAS Role: initiator, responder Table 12: Key Establishment The methods of key transport are approved per FIPS 140-3 IG D.G. The methods of shared secret computation are approved per FIPS 140-3 IG D.F
Key transport and key agreement are provided as services to the calling application. Established keys are not used directly by the module.
The module implements the KDFs for TLS 1.2, TLS 1.3, and SSH, however does not implement these protocols.
Physical Port Logical Interface Data That Passes N/A Data Input API input parameters for data N/A Data Output API output parameters for data N/A Control Input API function calls N/A Status Output API return codes, status information, error codes Table 13: Ports and Interfaces As a software module, the module interfaces are defined as Software or Firmware Module Interfaces (SFMI), and there are no physical ports. The logical interfaces are defined as the API of the cryptographic module. All data output via data output interface is inhibited when the module is performing preoperational tests or zeroization or when the module enters error state. Notes:
Not applicable
Not applicable
The Hewlett Packard Enterprise OpenSSL 3 Provider Module does not provide any identification or authentication methods of its own.
Name Type Operator Type Authentication Methods Crypto Officer Role CO N/A - Authentication not required for Level User Role User N/A - Authentication not required for Level Table 14: Roles The module supports two distinct operator roles: the Crypto Officer (CO) role and the User role. These roles are implicitly assumed by the operator of the module when performing a service. The module does not support multiple concurrent operators, a maintenance role, nor bypass capability.
Name Description Indicator Inputs Outputs Security Roles SSP Function Access s Initialize The CO N/A N/A Status None CO None Module loads and initializes the module. Data Encrypt or Successful Parame Status, CBC, User AES Key: Encryption, decrypt data completion ters, ciphertext CFB128, W, E Decryption plaintex or CFB8, t or plaintext OFB, ciphert XTS, ext, key ECB, CTR, GCM, CCM, KW, KWP Key Derivation Perform key Successful Parame Status, SSH, TLS User KDF Function derivation completion ters, derived v1.2 RFC Secret: W, using a key key/pas key 7627, TLS E derivation sword v1.3, PBKDF function PBKDF, Password: W, E
Name Description Indicator Inputs Outputs Security Roles SSP Function Access s KBKDF, KBKDF KDA Key: W, E Derived Key: G, R PBKDF Derived Key: G, R KBKDF Derived Key: G, R Deterministic Generate Successful N/A Status, DRBG User DRBG Random Bit random completion random Entropy Generation numbers number input: W with SP800- DRBG 90A Rev 1 Seed: G, E DRBG Key: G, E DRBG V: G, E Digital Generate or Successful Parame Status, RSA, User RSA Signature verify RSA completion ters, digital ECDSA Signature or ECDSA RSA / signature Public Key: digital ECDSA 1 W, E signatures keys, RSA messag Signature e Private Key: W, E ECDSA Signature Public Key: W, E ECDSA Signature Private Key: W, E Message Generate or Successful Parame Status, CMAC, User HMAC Key: Authentication verify data completion ters, message GMAC, W, E integrity messag authentic HMAC, KMAC Key: e, key ation KMAC W, E code2 AES Key: W, E Shared Secret Perform key Successful Parame Status, KAS- User DH Public Computation agreement completion ters, shared ECC- Key: W, E primitives DH/EC secret SSC, DH Private on behalf of Key: W, E Generate only Generate only
Name Description Indicator Inputs Outputs Security Roles SSP Function Access s the calling DH KAS-FFC- EC DH process keys SSC Public Key: (does not W, E establish EC DH keys into Private the module) Key: W, E EC DH Shared Secret: G, R DH Shared Secret: G, R Key Generate Successful Parame Status, RSA, User DRBG Generation and verify completion ters keypair ECDSA, Entropy an Safe input: W asymmetric Primes DRBG keypair and Seed: G, E DH DRBG Key: parameters G, E DRBG V: G, E RSA Signature Public Key: G, R RSA Signature Private Key: G, R ECDSA Signature Public Key: G, R ECDSA Signature Private Key: G, R DH Public Key: G, R DH Private Key: G, R EC DH Public Key: G, R EC DH Private Key: G, R
Name Description Indicator Inputs Outputs Security Roles SSP Function Access s Key AES Successful Parame Status, GCM, User Key Wrapping/unwr completion ters, plaintext CCM, KW, Wrapping apping plaintex or KWP Key: W, E t or ciphertext or ciphert key AES CBC, ext key, CFB128, transpo CFB8, rt OFB, key(s) ECB, CTR with HMAC or CMAC Message Generate a Successful Parame Status, SHA-1, User N/A digest message completion ters, Digest of SHA2, digest Messag the SHA3 e message Zeroize Zeroize all N/A None Status None CO All SSPs: Z SSPs Show Status Query the N/A None Status None CO N/A module for status Show Version Query the N/A None Status, None CO N/A module for module name and version version information On demand Perform N/A None Status HMAC- CO N/A self-test FIPS start- SHA2-256 up tests on demand through the module’s API or by rebooting the host platform. Table 15: Approved Services
Name Description Security Functions Role N/A N/A N/A N/A Table 16: Non-Approved Services Not applicable
Not applicable
Not applicable
Not applicable
The module performs a software integrity test when initialized. The test is performed by calculating the HMAC-SHA2-256 value of the module’s shared library file and comparing it with the expected value in the module’s configuration file. Prior to performing the integrity test, the module performs a HMAC-SHA2-256 KAT. If the integrity test fails, the module enters an error state where no cryptographic operations are possible.
The software integrity test can be initiated on demand using the on demand self-test service.
The module is distributed in binary form.
Type of Operational Environment: Modifiable How Requirements are Satisfied: The module’s operational environment is Linux, multi-threaded operating system that supports memory protection between processes. The operating control mechanisms protect against unauthorized execution, unauthorized modification, and unauthorized reading of SSPs, control and status data.
No specific configuration settings or restrictions are required.
Not applicable
Not Applicable
Storage Area Name Description Persistence Type Volatile Memory All SSPs are stored in the Dynamic volatile memory of the Operational Environment. Table 17: Storage Areas As specified in the Storage Areas table, the module does not persistently store any SSPs.
Name From To Format Distribution Entry SFI or Type Type Type Algorithm API Entry Calling Module Plaintext Manual Electronic N/A application memory memory API Output Module Calling Plaintext Manual Electronic N/A memory application memory Table 18: SSP Input-Output Methods As specified in the SSP Input-Output table, all SSPs are input and/or output via the module’s API within the module’s operational environment.
Zeroization Method Description Rationale Operator Initiation Reboot All SSPs are zeroized SSPs are only stored Rebooting the host by rebooting the host in volatile memory platform must be platform. and so are zeroized performed under the by rebooting the host control of the platform. operator. Table 19: SSP Zeroization Methods As specified in the SSP Zeroization Methods table, all SSPs/Keys used in the module are zeroized by rebooting the host platform, indicated implicitly via the successful completion of the reboot. Rebooting the host platform must be performed under the control of the operator.
Name Description Size - Type - Generated Established Used By Strength Category By By AES Key Key used for 128 to 256 AES Key External N/A AES AES bits operations KDF Secret used ≥ 112 bits KDF External or N/A SSH, TLS Secret for KDF Secret generated v1.2, TLS operations per KAS- v1.3, KDA SSC Derived Key resulting ≥ 112 bits Symmetri KDF N/A AES Key from the c Key module’s KDF PBKDF Password 8-128 PBKDF External N/A PBKDF Password used for Password PBKDF operations PBKDF Key resulting ≥ 112 bits Symmetri KDF N/A AES Derived from the c Key Key module’s PBKDF KBKDF Key used for 112 to 256 KDF Key External N/A KBKDF Key key based bits key derivation KBKDF Key resulting ≥ 112 bits Symmetri KDF N/A AES Derived from the c Key Key module’s KBKDF Entropy Externally 128 to 256 Entropy External N/A DRBG Input generated bits entropy used to seed the DRBG DRBG Internal state 256 bits DRBG Generated N/A DRBG Seed for DRBG Seed per SP80090Ar2 DRBG Internal state 256 bits DRBG Generated N/A DRBG Key for DRBG Internal per SP800State 90Ar2 DRBG V Internal state 256 bits DRBG Generated N/A DRBG for DRBG Internal per SP800State 90Ar2 RSA Key used for ≥ 1024 bits RSA External or N/A RSA Signature RSA Strength: Signature generated Public Signature 96 to 256 Keypair per FIPS Key Verification bits 186-4
Name Description Size - Type - Generated Established Used By Strength Category By By RSA Key used for ≥ 2048 bits RSA External or N/A RSA Signature RSA Strength: Signature generated Private Signature 112 to 256 Keypair per FIPS Key Generation bits 186-4 ECDSA Key used for 192 to 521 ECDSA External or N/A ECDSA Signature ECDSA bits Signature generated Public Signature Strength: Keypair per FIPS Key Verification 96 to 256 186-4 bits ECDSA Key used for 224 to 521 ECDSA External or N/A ECDSA Signature ECDSA bits Signature generated Private Signature Strength: Keypair per FIPS Key Generation 112 to 256 186-4 bits HMAC Key used for ≥ 112 bits HMAC External N/A HMAC Key HMAC Key Operations KMAC Key used for ≥ 112 bits KMAC External N/A KMAC Key KMAC Key Operations DH Public DH Public 2048
bits DH DH Private 2048
bits DH DH Shared 2048
bits EC DH EC DH Public 224 - 521 EC DH External or N/A KASPublic Key bits Keypair generated ECC-SSC Key Strength: per SP800-
bits EC DH EC DH 224 - 521 EC DH External or N/A KASPrivate Private Key bits Keypair generated ECC-SSC Key Strength: per SP800-
bits EC DH EC DH 112 to 256 EC DH N/A Key SP800Shared Shared bits Shared agreement 56A rev 3 Secret Secret Secret
Name Description Size - Type - Generated Established Used By Strength Category By By Key Key 128 to 256 Key External N/A KTS Wrapping Wrapping bits Wrapping Key Key Key Table 20: SSP Table 1 Name Input - Storage Storage Zeroisation Related Output Duration SSPs AES Key Input: Plaintext in Until zeroized Reboot N/A Plaintext via volatile API memory Output: N/A KDF Secret Input: Plaintext in Until zeroized Reboot Used to Plaintext via volatile derive the API memory Derived Key Output: N/A Derived Key Input: N/A Plaintext in Until zeroized Reboot Derived from Output: volatile KDF Secret Plaintext via memory API PBKDF Input: Plaintext in Until zeroized Reboot Used to Password Plaintext via volatile derive the API memory PBKDF Output: N/A Derived Key PBKDF Input: N/A Plaintext in Until zeroized Reboot Derived from Derived Key Output: volatile PBKDF Plaintext via memory Password API KBKDF Key Input: Plaintext in Until zeroized Reboot Used to Plaintext via volatile derive API memory KBKDF Output: N/A Derived Key KBKDF Input: N/A Plaintext in Until zeroized Reboot Derived from Derived Key Output: volatile KBKDF Key Plaintext memory Entropy Input N/A Plaintext in Until zeroized Reboot N/A volatile memory DRBG Seed N/A Plaintext in Until zeroized Reboot Generated volatile from the memory Entropy Input DRBG Key N/A Plaintext in Until zeroized Reboot Generated volatile from the memory DRBG Seed
Name Input - Storage Storage Zeroisation Related Output Duration SSPs DRBG V N/A Plaintext in Until zeroized Reboot Generated volatile from the memory DRBG Seed RSA Plaintext via Plaintext in Until zeroized Reboot Pair with RSA Signature API volatile Signature Public Key memory Private Key RSA Plaintext via Plaintext in Until zeroized Reboot Pair with RSA Signature API volatile Signature Private Key memory Public Key ECDSA Plaintext via Plaintext in Until zeroized Reboot Pair with Signature API volatile ECDSA Public Key memory Signature Private Key ECDSA Input: Plaintext in Until zeroized Reboot Pair with Signature Plaintext via volatile ECDSA Private Key API memory Signature Output: N/A Public Key HMAC Key Input: Plaintext in Until zeroized Reboot N/A Plaintext via volatile API memory Output: N/A KMAC Key Input: Plaintext in Until zeroized Reboot N/A Plaintext via volatile API memory Output: N/A DH Public Plaintext via Plaintext in Until zeroized Reboot Pair to DH Key API volatile Private Key memory DH Private Plaintext via Plaintext in Until zeroized Reboot Pair to DH Key API volatile Public Key memory DH Shared Input: N/A Plaintext in Until zeroized Reboot DH Public Secret Output: volatile Key and Plaintext via memory Private Key API Can be used as the KDF Secret EC DH Public Plaintext via Plaintext in Until zeroized Reboot Pair to EC Key API volatile DH Private memory Key EC DH Plaintext via Plaintext in Until zeroized Reboot Pair to EC Private Key API volatile DH Public memory Key EC DH Input: N/A Plaintext in Until zeroized Reboot EC DH Public Shared volatile Key and Secret memory Private Key
Name Input - Storage Storage Zeroisation Related Output Duration SSPs Output: Can be used Plaintext via as the KDF API Secret Key Input: Plaintext in Until zeroized Reboot N/A Wrapping Plaintext via volatile Key API memory Output: N/A Table 21: SSP Table 2
No algorithm or security strength transitions are forecasted to occur over the lifetime of the validation.
Algorithm Test Test Test Type Indicator Details Properties Method HMAC- HMAC- KAT Software Successful HMAC SHA2-256 SHA2-256 Integrity initialization verification software with a 256- of the Integrity bit key module Test Table 22: Pre-Operational Self-Tests The module performs Pre-Operational Self-Tests (POSTs) at initialization. While the module is executing the pre-operational self-tests, services are not available, and so input and output are inhibited. After the POST and CASTs are successfully concluded, the module automatically transitions to the operational state. If the POST fails, the module enters the Error state. Self-test results can be obtained using the show status service.
Algorithm Test Test Test Indicator Details Condition Properties Method Type s HMAC HMAC- KAT CAST Successf HMAC During SHA2-256 ul verification module initializati initializatio on of the n prior to module executing the integrity test SHS KAT CAST Successf SHA-512 Module ul Initializatio initializati n on of the module SHA3 KAT CAST Successf SHA3-256 Module ul Initializatio initializati n on of the module AES GCM AES-GCM- KAT CAST Successf Encrypt, Module
256 ul Decrypt Initializatio
initializati n on of the module
Algorithm Test Test Test Indicator Details Condition Properties Method Type s AES ECB AES-ECB- KAT CAST Successf Encrypt, Module
128 ul Decrypt Initializatio
initializati n on of the module RSA 2048, SHA- KAT CAST Successf Sign, Verify Module 256, ul Initializatio PKCS#1- initializati n v1.5 on of the module ECDSA P-224 KAT CAST Successf Sign, Verify Module ul Initializatio initializati n on of the module TLS v1.3 KAT CAST Successf TLS v1.3 Module KDF ul KDF Initializatio initializati n on of the module TLS v1.2 KAT CAST Successf TLS 1.2 Module KDF ul KDFs Initializatio initializati n on of the module PBKDF2 KAT CAST Successf Derivation of Module ul the Master Initializatio initializati Key n on of the module KBKDF KAT CAST Successf Counter Module ul mode using Initializatio initializati HMAC-SHA- n on of the 256 module KDA HKDF KAT CAST Successf One-Step Module ul and Two- Initializatio initializati Step n on of the module KDA KAT CAST Successf One-Step Module OneStep ul and Two- Initializatio initializati Step n on of the module DRBG CTR_DRBG KAT CAST Successf Instantiate, Module : AES 128- ul Generate, Initializatio bit with DF initializati Reseed n
Algorithm Test Test Test Indicator Details Condition Properties Method Type s on of the module KAS-FFC- p=2048, KAT CAST Successf dhEphem Module SSC q=256 ul Initializatio initializati n on of the module KAS-ECC- P-256 KAT CAST Successf Ephemeral Module SSC ul Unified Initializatio initializati n on of the module EC Keypair Keypair PCT PCT Success Sign / Verify Keypair Generation consistency or failure and SP 800- generation test of service 56Ar3 Assurances per Section 5.6.2 RSA Keypair PCT PCT Success Sign / Verify Keypair Keypair consistency or failure using generation Generation test of service PKCS#1v1.5 FFC Keypair PCT PCT Success SP 800- Keypair Keypair consistency or failure 56Ar3 generation Generation test of service Assurances per Section 5.6.2 XTS Key Check to Key Critical Success Per IG C.I XTS key Check confirm check Function or failure entry Key1 ≠ of service Key2 Table 23: Conditional Self-Tests All Cryptographic Algorithm Self-Tests (CASTs) are run at initialization along with the POST. This ensures they are run prior to the first operational use of the cryptographic algorithm. As with the POST, once the CASTs are successfully concluded the module automatically transitions to the operational state. If a CAST fails, the module enters the Error state. If a conditional PCT or key check test fails, the service returns an error.
Name Description Conditions Recovery Indicator Method Error The module’s POST or CAST Reload the Status return error state. failure module code Table 24: Error States The module has a single error state. While in this state, the module provides no cryptographic functionality and inhibits all data output.
The module’s POST and CASTs can be run anytime using the On-Demand Self-Test service by calling OSSL_PROVIDER_self_test(), or by reloading the module.
The Hewlett Packard Enterprise OpenSSL 3 Provider Module is one of the components within Hewlett Packard Enterprise products. Full details about configuring Hewlett Packard Enterprise products can be found in the product documentation. The module is initialized by loading the shared library and executing the Initialize Module service.
Complete Crypto Officer documentation for the Hewlett Packard Enterprise OpenSSL 3 Provider is provided in the module’s Administrator guidance documentation. The module’s Show Version service can be invoked by obtaining OSSL_PROV_PARAM_NAME and OSSL_PROV_PARAM_VERSION using OSSL_PROVIDER_get_params(). The module will return the following values: Parameter Value Name OSSL_PROV_PARAM_NAME Hewlett Packard Enterprise OpenSSL 3 Provider Version OSSL_PROV_PARAM_VERSION 3.1.4a The module always operates in Approved mode. The Crypto Officer must ensure the following runtime checks, which are enabled by default, are not disabled in the configuration file or using any other method:
Complete User documentation for the Hewlett Packard Enterprise OpenSSL 3 Provider is provided in the module’s Administrator guidance documentation. Keys derived from passwords (using PBKDF) shall only be used for storage applications.
Details about end-of-life procedures for Hewlett Packard Enterprise products can be found in the product documentation. The module itself does not have any special end of life procedures. All SSPs can be zeroized by restarting the host platform.
The module mitigates against timing-based side-channel attacks using constant-time implementations and blinding.
Constant-time Implementations protect cryptographic implementations in the Module against timing analysis since such attacks exploit differences in execution time depending on the cryptographic operation, and constant-time implementations ensure that the variations in execution time cannot be traced back to the key, CSP or secret data. Numeric Blinding protects the RSA and ECDSA algorithms from timing attacks. These algorithms are vulnerable to such attacks since attackers can measure the time of signature operations or RSA decryption. To mitigate this the Module generates a random blinding factor which is provided as an input to the decryption/signature operation and is discarded once the operation has completed and resulted in an output. This makes it difficult for attackers to attempt timing attacks on such operations without the knowledge of the blinding factor and therefore the execution time cannot be correlated to the RSA/ ECDSA key.
These mitigations are enabled by default.