All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Dynatrace Cryptographic Module

Certificate#4988StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorDynatrace LLC
Medium review priority  ·  no TCB surface named  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date3/16/2030
CaveatWhen operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)
VendorDynatrace LLC

Approved Algorithms (44)

AlgorithmACVP Cert
AES-CBCA3358
AES-CCMA3358
AES-CFB1A3358
AES-CFB128A3358
AES-CFB8A3358
AES-CMACA3358
AES-CTRA3358
AES-ECBA3358
AES-GCMA3358
AES-GMACA3358
AES-KWA3358
AES-KWPA3358
AES-OFBA3358
Counter DRBGA3358
DSA KeyGen (FIPS186-4)A3358
DSA PQGGen (FIPS186-4)A3358
DSA PQGVer (FIPS186-4)A3358
DSA SigGen (FIPS186-4)A3358
DSA SigVer (FIPS186-4)A3358
ECDSA KeyGen (FIPS186-4)A3358
ECDSA KeyVer (FIPS186-4)A3358
ECDSA SigGen (FIPS186-4)A3358
ECDSA SigVer (FIPS186-4)A3358
HMAC-SHA-1A3358
HMAC-SHA2-224A3358
HMAC-SHA2-256A3358
HMAC-SHA2-384A3358
HMAC-SHA2-512A3358
KAS-ECC-SSC Sp800-56Ar3A3358
KAS-FFC-SSC Sp800-56Ar3A3358
KDF TLSA3358
RSA KeyGen (FIPS186-4)A3358
RSA SigGen (FIPS186-4)A3358
RSA SigGen (FIPS186-4)A3358
RSA SigGen (FIPS186-4)A3358
RSA SigVer (FIPS186-4)A3358
RSA SigVer (FIPS186-4)A3358
RSA SigVer (FIPS186-4)A3358
SHA-1A3358
SHA2-224A3358
SHA2-256A3358
SHA2-384A3358
SHA2-512A3358
TLS v1.3 KDFA3359

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware Security1
Operational Environment1
Physical SecurityN/A
Non-Invasive SecurityN/A
Sensitive Security Parameter Management1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Dynatrace Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C3,C5,C6 clue;
  class I3,I5,I6 infer;
  class R3,R5,R6 risk;
  class E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Dynatrace Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Dynatrace LLC Dynatrace Cryptographic Module Software Version: 1.1 FIPS Security Level: 1 Document Version: 0.9 Prepared for: Prepared by: Dynatrace LLC

1601 Trapelo Road, Suite 116

Waltham, MA 02451 United States of America Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 781 530 1000 www.dynatrace.com Phone: +1 703 267 6050 www.corsec.com

Page 2

February 6, 2025 Abstract This is a non-proprietary Cryptographic Module Security Policy for the Dynatrace Cryptographic Module (software version: 1.1) from Dynatrace LLC (Dynatrace). This Security Policy describes how the Dynatrace Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). This document also describes how to run the module in a secure Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Dynatrace Cryptographic Module is referred to in this document as Dynatrace Cryptographic Module or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

Page 3

February 6, 2025 Table of Contents 1. 2. 2.1 2.2 2.3 2.4 3. 4. 4.1 4.2 4.3 5. 6. 7. 8. 9. 9.1 9.2 9.3 9.4 9.5 Appendix A. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 4

Appendix B. February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 5

February 6, 2025 List of Tables List of Figures Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 6
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware Security1
66Operational Environment1
77Physical SecurityN/A
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management1
1010Self-tests1
1111Life-Cycle Assurance1
1212Mitigation of Other AttacksN/A
provides software intelligence to simplify cloud complexity and accelerate digital
transformation. With automatic and intelligent observability at scale, their all-in-one platform delivers precise
answers about the performance and security of applications, the underlying infrastructure, and the experience of
all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with
dramatically less effort.

1. February 6, 2025 underlying infrastructure, and end user experiences. Dynatrace consists of OneAgent, ActiveGate, and Cluster software components. Dynatrace OneAgent software is installed on hosts to automatically discover and collect monitoring data from an information technology environment. Important metrics can be forwarded to a Dynatrace Cluster either directly or via a Dynatrace ActiveGate. The Dynatrace Cryptographic Module 1.1 is a cryptographic library embedded in Dynatrace’s OneAgent and ActiveGate application software. The Dynatrace Cryptographic Module v1.1 supplies the cryptographic functionality for encryption and decryption, digital signature functions, hashing, message authentication, key establishment, and random number generation in support of general data protection functionality and secure communications protocols, including TLS1 1.2/1.3. The Dynatrace Cryptographic Module is validated at the FIPS 140-3 section levels shown in Table 1. [Number Below] N/A N/A N/A

1 TLS – Transport Layer Security
Page 7
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1Red Hat Enterprise Linux 8.2Dell PowerEdge R440Intel® Xeon Silver 4214RWith PAA1
2Red Hat Enterprise Linux 8.2Dell PowerEdge R440Intel® Xeon Silver 4214RWithout PAA2
1Alpine Linux (musl libc) for containers 3.4-3.13x86-641
2Amazon Linux 2ARM64 (AArch64), x86-642
3Amazon Linux AMI 2014.03 - 2018.03x86-643
4Bottlerocket 1.xx86-644
5CentOS 7.x, 8.xARM64 (AArch64), x86-64, ppc64le5
6CentOS Stream 8ARM64 (AArch64), ppc64le, x86-646
7Debian 8, 9, 10x86-647
8EulerOS 2,3, 2.5, 2.8x86-648
9EulerOS 2.8ARM64 (AArch64)9
10Fedora 32-24x86-6410
11Google Container-Optimized OS 81 LTS, 85 LTS, 89 LTSx86-6411
12openSUSE 15.2, 15.3ppc64le, x86-6412
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1Red Hat Enterprise Linux 8.2Dell PowerEdge R440Intel® Xeon Silver 4214RWith PAA1
2Red Hat Enterprise Linux 8.2Dell PowerEdge R440Intel® Xeon Silver 4214RWithout PAA2
1Alpine Linux (musl libc) for containers 3.4-3.13x86-641
2Amazon Linux 2ARM64 (AArch64), x86-642
3Amazon Linux AMI 2014.03 - 2018.03x86-643
4Bottlerocket 1.xx86-644
5CentOS 7.x, 8.xARM64 (AArch64), x86-64, ppc64le5
6CentOS Stream 8ARM64 (AArch64), ppc64le, x86-646
7Debian 8, 9, 10x86-647
8EulerOS 2,3, 2.5, 2.8x86-648
9EulerOS 2.8ARM64 (AArch64)9
10Fedora 32-24x86-6410
11Google Container-Optimized OS 81 LTS, 85 LTS, 89 LTSx86-6411
12openSUSE 15.2, 15.3ppc64le, x86-6412
13Oracle Linux 6.x, 7.x, 8.xx86-6413
14Red Hat Enterprise Linux 6.9+, 7.x, 8.xs390x14
15Red Hat Enterprise Linux 6.xx86-6415
16Red Hat Enterprise Linux 7.x, 8.xppc64le, x86-6416
17Red Hat Enterprise Linux CoreOS 4.5, 4.6, 4.7x86-6417
18SUSE Linux Enterprise Server 11.4x86-6418
19SUSE Linux Enterprise Server 12.1+, 15.xs390x19
20SUSE Linux Enterprise Server 15.3ppc64le, x86-6420
21SUSE Linux Enterprise Server 15.xARM64 (AArch64)21
22Ubuntu 14.04 LTSx86-6422
23Ubuntu 16.04 LTS, 18.04 LTSppc64le, x86-6423
24Ubuntu 18.04 LTSARM64 (AArch64), s390x24
25Ubuntu 20.04 LTS, 20.10, 21.04ARM64 (AArch64), ppc64le, s390x, x86-6425
26IBM AIX 6.1 TL9 SP9+, 7.1 TL5, 7.2 TL3, 7.2 TL4, 7.2 TL5POWER8 64bit-only, POWER9 64bit- only26
27Solaris 10 1/13+, 11.xSPARC, x86-64, x8627
28Windows Desktop 8.1, 20H2, 21H1, 1507, 1607, 1809, 1909, 2004x86-6428
29Windows Server 20H2, 1909, 2004, 2008 R2, 2012, 2012 R2, 2016, 2019x86-6429
30Windows Server - Nano All versions supportedx86-6430
31IBM z/OS 2.3, 2.4, 2.531
32DB2 11, 1232
33MQ 8.0, 9.0, 9.133
34DL/I34
  1. February 6, 2025 Cryptographic Module Specification The Dynatrace Cryptographic Module 1.1 is a software module with a multi-chip standalone embodiment. The module is designed to operate within a modifiable operational environment. 2.1 Operational Environments The module was tested and found to be compliant with FIPS 140-3 requirements on the environment listed in Table
  2. Table 2 – Tested Operational Environments # The module is designed to utilize the AES-NI2 extended instruction set when available on the host platform’s CPU for processor algorithm acceleration (PAA) of its AES implementation. The vendor affirms the module’s continued validation compliance when operating on the environments listed in Table
  3. Table 3 – Vendor-Affirmed Operational Environments #
2 AES-NI – Advanced Encryption Algorithm New Instructions

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 8

February 6, 2025 # 4.5, 4.6, 4.7 Please refer to https://www.dynatrace.com/support/help/technology-support/ for details on the vendor affirmed OEs. The cryptographic module maintains validation compliance when operating on any general-purpose computer (GPC) provided that the GPC uses any single-user operating system/mode specified on the validation certificate, or another compatible single-user operating system. The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported to an operational environment not listed on the validation certificate. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 9
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES-CBC4 FIPS PUB5 197 NIST SP 800-38AA3358CBC128, 192, 256Encryption/Decryption
AES-CCM NIST SP 800-38CA3358CCM128, 192, 256Encryption/Decryption
AES-CFB16 FIPS PUB7 197 NIST SP 800-38AA3358CFB1128, 192, 256Encryption/Decryption
AES-CFB128 FIPS PUB8 197 NIST SP 800-38AA3358CFB128128, 192, 256Encryption/Decryption
AES-CFB8 FIPS PUB9 197 NIST SP 800-38AA3358CFB8128, 192, 256Encryption/Decryption
AES-CMAC10 NIST SP 800-38BA3358CMAC128, 192, 256MAC Generation/Verification
AES-CTR11 FIPS PUB12 197 NIST SP 800-38AA3358CTR128, 192, 256Encryption/Decryption
AES-ECB13 FIPS PUB14 197 NIST SP 800-38AA3358ECB128, 192, 256Encryption/Decryption
AES-GCM15 NIST SP 80- 38DA3358GCM (internal IV)128, 192, 256Encryption/Decryption
AES-GMAC16 NIST SP 800-38DA3358GMAC128, 192, 256Encryption/Decryption
AES-KW17 NIST SP 800-38FA3358KW128, 192, 256Encryption/Decryption
AES-KWP18 NIST SP 800-38FA3358KWP128, 192, 256Encryption/Decryption
AES-OFB19 FIPS PUB20 197 NIST SP 800-38AA3358OFB128, 192, 256Encryption/Decryption
Counter DRBG21 NIST SP 800-90Arev1A3358Counter-based256-bit AES-CTRDeterministic Random Bit Generation
DSA22 KeyGen (FIPS186-4) FIPS PUB 186-4A3358DSA KeyGen2048/224, 2048/256, 3072/256Key Pair Generation
DSA PQGGen (FIPS186-4) FIPS PUB 186-4A3358DSA PQGGen2048/224, 2048/256, 3072/256 (SHA2-224, SHA2-256, SHA2-384, SHA2-512)Domain Parameter Generation
DSA PQGVer (FIPS186-4) FIPS PUB 186-4A3358DSA PQGVer2048/224, 2048/256, 3072/256 (SHA2-224, SHA2-256, SHA2-384, SHA2-512)Domain Parameter Verification
DSA SigGen (FIPS186-4) FIPS PUB 186-4A3358DSA SigGen2048/224, 2048/256, 3072/256 (SHA2-224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Generation
DSA SigVer (FIPS186-4) FIPS PUB 186-4A3358DSA SigVer1024/160, 2048/224, 2048/256, 3072/256 (SHA- 1, SHA2-224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Verification 1024-bit keys are for legacy use only.
ECDSA23 KeyGen (FIPS186-4) FIPS PUB 186-4A3358ECDSA KeyGen. Secret generation mode: Testing candidatesB-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Key Pair Generation
ECDSA KeyVer (FIPS186-4) FIPS PUB 186-4A3358ECDSA KeyVerB-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521Public Key Validation Curves B-163, K-163, and P-192 are for legacy use only.
ECDSA SigGen (FIPS186-4) FIPS PUB 186-4A3358ECDSA SigGenB-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 SHA2-224, SHA2-256, SHA2-384, SHA2-512 ()Digital Signature Generation
ECDSA SigVer (FIPS186-4) FIPS PUB 186-4A3358ECDSA SigVerB-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Verification Curves B-163, K-163, and P-192 are for legacy use only.
HMAC SHA-1 FIPS PUB 198-1A3358SHA-1MAC: 160Message Authentication
HMAC SHA2-224 FIPS PUB 198-1A3358SHA2-224MAC: 224 Key Length: 112-524288 Increment 8Message Authentication
HMAC SHA2-256 FIPS PUB 198-1A3358SHA2-256MAC: 256 Key Length: 112-524288 Increment 8Message Authentication
HMAC SHA2-384 FIPS PUB 198-1A3358SHA2-384MAC: 384 Key Length: 112-524288 Increment 8Message Authentication
HMAC SHA2-512 FIPS PUB 198-1A3358SHA2-512MAC: 512 Key Length: 112-524288 Increment 8Message Authentication
KAS-ECC-SSC24 NIST SP 800-56Arev3A3358ephemeralUnifiedB-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Shared Secret Computation
KAS-FFC-SSC25 NIST SP 800-56Arev3A3358dhEphem2048/224 (FB), 2048/256 (FC)Shared Secret Computation
KDF TLS CVL26 NIST SP 800-135rev1A3358KDF (TLS v1.0/1.1, v1.2)SHA2-256, SHA2-384, SHA2-512Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
RSA27 KeyGen (FIPS186-4) FIPS PUB 186-4A3358Key generation mode: B.3.32048, 3072, 4096Key Pair Generation
RSA SigGen (FIPS186-4) FIPS PUB 186-4A3358X9.312048, 3072, 4096 (SHA2- 256, SHA2-384, SHA2-512)Digital Signature Generation
PKCS#1 v1.5PKCS#1 v1.52048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Generation
PSS28PSS282048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Generation
RSA SigVer (FIPS186-4) FIPS PUB 186-4A3358X9.311024, 2048, 3072, 4096 (SHA-1, SHA2-256, SHA2- 384, SHA2-512)Digital Signature Verification 1024-bit keys are for legacy use only.
PKCS#1 v1.5PKCS#1 v1.51024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512)Digital Signature Verification 1024-bit keys are for legacy use only.
PSS29PSS291024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512)Digital Signature Verification 1024-bit keys are for legacy use only.
SHA-1 FIPS PUB 180-4A3358SHA-1Message Length: 0-65528 Increment 8Message Digest
SHA2-224 FIPS PUB 180-4SHA2-224Message Length: 0-65528 Increment 8Message Digest
SHA2-256 FIPS PUB 180-4SHA2-256Message Length: 0-65528 Increment 8Message Digest
SHA2-384 FIPS PUB 180-4SHA2-384Message Length: 0-65528 Increment 8Message Digest
SHA2-512 FIPS PUB 180-4SHA2-512Message Length: 0-65528 Increment 8Message Digest
TLS v1.3 KDF CVL NIST SP 800-135rev1 RFC 8446A3359KDF (TLS v1.3)SHA2-256, SHA2-384Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
KAS30 NIST SP 800-56Arev3 NIST SP 800-135rev1KAS-ECC-SSC A3358 TLS KDF A3358NIST SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 curves providing between 112 and 256 bits of encryption strengthKey Agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446KAS-ECC-SSC A3358 TLS v1.3 KDF A3359NIST SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 curves providing between 112 and 256 bits of encryption strengthKey Agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1KAS-FFC-SSC A3358 TLS KDF A3358NIST SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2)2048-bit key providing 112 bits of encryption strengthKey Agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446KAS-FFC-SSC A3358 TLS v1.3 KDF A3359NIST SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2)2048-bit key providing 112 bits of encryption strengthKey Agreement
KTS NIST SP 800-38BAES-CMAC A3358NIST SP 800-38B and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strengthKey Wrap/Unwrap
KTS31 NIST SP 800-38CAES-CCM A3358NIST SP 800-38C and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strengthKey Wrap/Unwrap
KTS NIST SP 800-38DAES-GCM A3358NIST SP 800-38D and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strengthKey Wrap/Unwrap
KTS NIST SP 800-38DAES-GMAC A3358NIST SP 800-38D and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strengthKey Wrap/Unwrap
KTS NIST SP 800-38FAES-KW A3358NIST SP 800-38F. KTS (key wrapping and unwrapping)128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strengthKey Wrap/Unwrap
KTS NIST SP 800-38FAES-KWP A3358NIST SP 800-38F. KTS (key wrapping and unwrapping)128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strengthKey Wrap/Unwrap
CKG32 NIST SP 800-133rev2Vendor AffirmedCryptographic Key Generation

2.2 February 6, 2025 Algorithm Implementations The module implements cryptographic algorithms in the following providers:

3 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.

4 CBC – Cipher Block Chaining
6 CFB – Cipher Feedback
7 PUB – Publication
8 PUB – Publication
10 CMAC – Cipher-Based Message Authentication Code
11 CTR – Counter
12 PUB – Publication
13 ECB – Electronic Code Book
15 GCM – Galois Counter Mode
Page 10
16 GMAC – Galois Message Authentication Code
18 KWP – Key Wrap with Padding
19 OFB – Output Feedback
20 PUB – Publication
21 DRBG – Deterministic Random Bit Generator
23 ECDSA – Elliptic Curve Digital Signature Algorithm

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 11

24 KAS-ECC-SSC

25 KAS-FFC-SSC

CVL

27 RSA – Rivest Shamir Adleman

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 12
28 PSS – Probabilistic Signature Scheme

PSS

Page 13

February 6, 2025 D.G. D.G. D.G. D.G. NOTE: The module offers algorithms in the Approved mode of operation that provide less than 112 bits of security strength. These algorithms are Approved for legacy use only (refer to NIST SP 800-131Arev2 for additional details). KTS

Page 14
Approved algorithm
NameUse FunctionUse / Function
AESCert. #A3358, Key Unwrapping (allowed per FIPS 140-3 IG D.G)Symmetric key unwrapping (using any Approved unauthenticated mode) For legacy use only.
AES-GCM (non-approved with external IV)Encryption/Decryption
AES-OCB33Authenticated Encryption/Decryption
AES-XTSEncryption/Decryption
ANSI X9.31 RNG (with 128-bit AES core)Random Number Generation
ARIAEncryption/Decryption
Blake2Encryption/Decryption
BlowfishEncryption/Decryption
CAST, CAST5Encryption/Decryption
CamelliaEncryption/Decryption
ChaCha20Encryption/Decryption
Approved algorithm
NameUse FunctionUse / Function
AESCert. #A3358, Key Unwrapping (allowed per FIPS 140-3 IG D.G)Symmetric key unwrapping (using any Approved unauthenticated mode) For legacy use only.
AES-GCM (non-approved with external IV)Encryption/Decryption
AES-OCB33Authenticated Encryption/Decryption
AES-XTSEncryption/Decryption
ANSI X9.31 RNG (with 128-bit AES core)Random Number Generation
ARIAEncryption/Decryption
Blake2Encryption/Decryption
BlowfishEncryption/Decryption
CAST, CAST5Encryption/Decryption
CamelliaEncryption/Decryption
ChaCha20Encryption/Decryption
DESEncryption/Decryption
DH (non-approved with key sizes below 2048 bits)Key Agreement
DSA (non-approved with key sizes below the minimums Approved for the Approved mode)Key Pair Generation; Digital Signature Generation; Digital Signature Verification
DSA, ECDSA, and RSA (non-approved when used with SHA-1 outside the TLS protocol)Digital Signature Generation
ECDH (non-approved with curves P-192, K-163, B-163, and non-NIST curves)Key Agreement
ECDSA (non-approved with curves P-192, K-163, B- 163, and non-NIST curves)Key Pair Generation; Digital Signature Generation; Digital Signature Verification
EdDSA34Key Pair Generation; Digital Signature Generation; Digital Signature Verification
HKDF35Key Derivation
IDEAEncryption/Decryption
KDF (non-approved when using TLS 1.0/1.1)Key Derivation
MD2, MD4, MD5Message Digest
PBKDF2Password-Based Key Derivation
Poly1305Message Authentication Code
RC236, RC4, RC5Encryption/Decryption
RIPEMDMessage Digest
RMD160Message Digest
RSA (non-approved with non-approved/untested key sizes, and functions)Key Pair Generation; Digital Signature Generation; Digital Signature Verification; Key Transport
SEEDEncryption/Decryption
SHA3Message Digest
SM2, SM3, SM3Message Digest
Triple DES (non-approved)Encryption/Decryption; MAC Generation/Verification; Key Wrapping/Unwrapping
WhirlpoolMessage Digest

February 6, 2025 The vendor affirms the following cryptographic security methods:

33 OCB – Offset Codebook

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 15

February 6, 2025 2.3 Cryptographic Boundary As a software cryptographic module, the module has no physical components. The physical perimeter of the cryptographic module is defined by each host device on which the module is installed. Figure 1 below illustrates a block diagram of a typical GPC and the module’s physical perimeter.

34 EdDSA – Edwards-curve Digital Signature Algorithm
36 RC – Rivest Cipher

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 16

Hardware Management February 6, 2025 DVD Network Interface RAM HDD Clock Generator SCSI/SATA Controller LEDs/LCD Serial CPU I/O Hub Audio Cache Power Interface PCI/PCIe Slots USB BIOS Graphics Controller PCI/PCIe Slots External Power Supply KEY: BIOS

Page 17

February 6, 2025 libssl HMAC digest Calling Application KEY: libcrypto Cryptographic Boundary Physical Perimeter Data Input Data Output Control Input Control Output Status Output System Calls Operating System CPU Memory Storage Ports Host Device Figure 2

Page 18
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Physical data input port(s) of the tested platformsPhysical data input port(s) of the tested platformsData Input • API input arguments that provide input data for processing• Data to be encrypted, decrypted, signed, verified, or hashed • Keys to be used in cryptographic services • Random seed material for the module’s DRBG • Keying material to be used as input to key establishment services
Physical data output port(s) of the tested platformsPhysical data output port(s) of the tested platformsData Output • API output arguments that return generated or processed data back to the caller• Data that has been encrypted, decrypted, or verified • Digital signatures • Hashes • Random values generated by the module’s DRBG • Keys established using module’s key establishment methods
Physical control input port(s) of the tested platformsPhysical control input port(s) of the tested platformsControl Input • API input arguments that are used to initialize and control the operation of the module• API commands invoking cryptographic services • Modes, key sizes, etc. used with cryptographic services
Physical status output port(s) of the tested platformsPhysical status output port(s) of the tested platformsStatus Output • API call return values• Status information regarding the module • Status information regarding the invoked service/operation
  1. February 6, 2025 FIPS 140-3 defines the following logical interfaces for cryptographic modules: • • • • • As a software library, the cryptographic module has no direct access to any of the host platform’s physical ports, as it communicates only to the calling application via its well-defined API. A mapping of the approved interfaces and the module’s logical ports and interfaces can be found in Table
  2. Note that the module does not output Table 7 – Ports and Interfaces ©2025 Dynatrace LLC
Page 19
Service
NameRolesInputOutput
Show StatusCOAPI call parametersCurrent operational status
Perform self-tests on-demandCORe-instantiate module; API call parametersStatus
ZeroizeCORestart calling application; reboot or power-cycle host platformNone
Show versioning informationCOAPI call parametersModule name, version
Perform symmetric encryptionUserAPI call parameters, key, plaintextStatus, ciphertext
Perform symmetric decryptionUserAPI call parameters, key, ciphertextStatus, plaintext
Generate symmetric digestUserAPI call parameters, key, plaintextStatus, digest
Verify symmetric digestUserAPI call parameters, digestStatus
Perform authenticated symmetric encryptionUserAPI call parameters, key, plaintextStatus, ciphertext
Perform authenticated symmetric decryptionUserAPI call parameters, key, ciphertextStatus, plaintext
Generate random numberUserAPI call parametersStatus, random bits
Perform keyed hash operationsUserAPI call parameters, key, messageStatus, MAC37
Perform hash operationUserAPI call parameters, messageStatus, hash
Generate DSA domain parametersUserAPI call parametersStatus, domain parameters
Verify DSA domain parametersUserAPI call parametersStatus, domain parameters
Generate asymmetric key pairUserAPI call parametersStatus, key pair
Verify ECDSA public keyUserAPI call parameters, keyStatus
Generate digital signatureUserAPI call parameters, key, messageStatus, signature
Verify digital signatureUserAPI call parameters, key, signature, messageStatus
Perform key wrapUserAPI call parameters, encryption key, keyStatus, encrypted key
Perform key unwrapUserAPI call parameters, decryption key, keyStatus, decrypted key
Compute shared secretUserAPI call parametersStatus, shared secret
Derive TLS keysUserAPI call parameters, TLS pre- master secretStatus, TLS keys
Perform key agreement functionsUserAPI call parametersStatus, symmetric key

4. February 6, 2025 Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods. 4.1 Authorized Roles The module supports two roles that authorized operators can assume:

37 MAC – Message Authentication Code

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 20

4.2 February 6, 2025 Authentication Methods The module does not support authentication methods; operators implicitly assume an authorized role based on the service selected. 4.3 Services Descriptions of the approved services available to the authorized roles are provided in Table 9 below. This module is a software library that provides cryptographic functionality to calling applications. As such, the security functions provided by the module are considered the module’s security services. Indicators for Approved services (in the case of this module, those security functions with algorithm validation certificates and all required self-tests) are provided via API return value. When invoking a security function, the calling application provides inputs via an internal structure, or “context”. Upon each service invocation, the module will determine if the invoked security function is an Approved service. To access the resulting value, the calling application must pass the finalized context to the indicator API associated with that security function (note the indicator check must be performed prior to any context cleanup is performed). The indicator API will return “1” to indicate the usage of an Approved service. Indicators for services providing non-Approved security functions (as well as for services not requiring an indicator) will have a value other than “1”, ensuring that the indicators for Approved services are unambiguous. Additional details on the APIs used for the Approved service indicators are provided in Appendix A below. The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:

Page 21
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show StatusReturn Approved mode statusCONoneNoneN/AN/A
Perform self- tests on- demandPerform pre- operational self- testsCOIntegrity Test Key - libcrypto Integrity Test Key - libsslNoneIntegrity Test Key – libcrypto – E Integrity Test Key - libssl – EAPI return value
ZeroizeZeroize and de- allocate memory containing sensitive dataCOAll SSPsNoneAll SSPs – ZN/A
Show versioning informationReturn module versioning informationCONoneNoneN/AN/A
Perform symmetric encryptionEncrypt plaintext dataUserAES keyAES-CBC (Cert. A3358) AES-CCM (Cert. A3358) AES-CFB1 (Cert. A3358) AES-CFB128 (Cert. A3358) AES-CFB8 (Cert. A3358) AES-CTR (Cert. A3358) AES-ECB (Cert. A3358) AES-GMAC (Cert. A3358) AES-KW (Cert. A3358) AES-KWP (Cert. A3358) AES-OFB (Cert. A3358)AES key – WEAPI return value
Perform symmetric decryptionDecrypt ciphertext dataUserAES keyAES-CBC (Cert. A3358) AES-CCM (Cert. A3358) AES-CFB1 (Cert. A3358) AES-CFB128 (Cert. A3358) AES-CFB8 (Cert. A3358) AES-CTR (Cert. A3358) AES-ECB (Cert. A3358) AES GMAC (Cert. A3358) AES-KW (Cert. A3358) AES-KWP (Cert. A3358) AES-OFB (Cert. A3358)AES key – WEAPI return value
Generate symmetric digestGenerate symmetric digestUserAES CMAC key AES GMAC keyAES-CMAC (Cert. A3358) AES-GMAC (Cert. A3358)AES CMAC key – WE AES GMAC key – WEAPI return value
Verify symmetric digestVerify symmetric digestUserAES CMAC key AES GMAC keyAES-CMAC (Cert. A3358) AES-GMAC (Cert. A3358)AES CMAC key – WE AES GMAC key – WEAPI return value
Perform authenticated symmetric encryptionEncrypt plaintext using supplied AES GCM key and IVUserAES GCM key AES GCM IVAES-GCM (Cert. A3358)AES GCM key – WE AES GCM IV – WEAPI return value
Perform authenticated symmetric decryptionDecrypt ciphertext using supplied AES GCM key and IVUserAES GCM key AES GCM IVAES-GCM (Cert. A3358)AES GCM key – WE AES GCM IV – WEAPI return value
Generate random numberReturn random bits to the calling applicationUserDRBG entropy input DRBG seed DRBG ‘V’ value DRBG ‘Key’ valueCounter DRBG (Cert. A3358)DRBG entropy input – WE DRBG seed – GE DRBG ‘V’ value – GE DRBG ‘Key’ value – GEAPI return value
Perform keyed hash operationsCompute a message authentication codeUserHMAC keyHMAC SHA-1 (Cert. A3358) HMAC SHA2-224 (Cert. A3358) HMAC SHA2-256 (Cert. A3358) HMAC SHA2-384 (Cert. A3358) HMAC SHA2-512 (Cert. A3358)HMAC key – WEAPI return value
Perform hash operationCompute a message digestUserNoneSHA-1 (Cert. A3358) SHA2-224 (Cert. A3358) SHA2-256 (Cert. A3358) SHA2-384 (Cert. A3358) SHA2-512 (Cert. A3358)N/AAPI return value
Generate DSA domain parametersGenerate DSA domain parametersUserNoneDSA PQGGen (FIPS186-4) (Cert. A3358)N/AAPI return value
Verify DSA domain parametersVerify DSA domain parametersUserNoneDSA PQGVer (FIPS186-4) (Cert. A3358)N/AAPI return value
Generate asymmetric key pairGenerate a public/private key pairUserDSA public key DSA private key ECDSA public key ECDSA private key RSA public key RSA private keyDSA KeyGen (FIPS186-4) (Cert. A3358) ECDSA KeyGen (FIPS186-4) (Cert. A3358) RSA KeyGen (FIPS186-4) (Cert. A3358)DSA public key – GR DSA private key – GR ECDSA public key – GR ECDSA private key – GR RSA public key – GR RSA private key – GRAPI return value
Verify ECDSA public keyVerify an ECDSA public keyUserECDSA public keyECDSA KeyVer (FIPS186-4) (Cert. A3358)ECDSA public key – WAPI return value
Generate digital signatureGenerate a digital signatureUserDSA private key ECDSA private key RSA private keyDSA SigGen (FIPS186-4) (Cert. A3358) ECDSA SigGen (FIPS186-4) (Cert. A3358) RSA SigGen (FIPS186-4) (Cert. A3358)DSA private key – WE ECDSA private key – WE RSA private key – WEAPI return value
Verify digital signatureVerify a digital signatureUserDSA public key ECDSA public key RSA public keyDSA SigVer (FIPS186-4) (Cert. A3358) ECDSA SigVer (FIPS186-4) (Cert. A3358) RSA SigVer (FIPS186-4) (Cert. A3358)DSA public key – WE ECDSA public key – WE RSA public key – WEAPI return value
Perform key wrapPerform key wrapUserAES key AES GCM key AES GCM IVKTS (AES-CCM) (Cert. A3358) KTS (AES-GCM) (Cert. A3358) KTS (AES-GMAC) (Cert. A3358) KTS (AES-CMAC) (Cert. A3358) KTS (AES-KW) (Cert. A3358) KTS (AES-KWP) (Cert. A3358)AES key – WE AES GCM key – WE AES GCM IV – WEAPI return value
Perform key unwrapPerform key unwrapUserAES key AES GCM key AES GCM IVKTS (AES-CCM) (Cert. A3358) KTS (AES-GCM) (Cert. A3358) KTS (AES-GMAC) (Cert. A3358) KTS (AES-CMAC) (Cert. A3358) KTS (AES-KW) (Cert. A3358) KTS (AES-KWP) (Cert. A3358)AES key – WE AES GCM key – WE AES GCM IV – WEAPI return value
Compute shared secretCompute DH/ECDH shared secret suitable for use as input to a TLS KDFUserDH public key DH private key ECDH public key ECDH private key TLS pre-master secretKAS-ECC-SSC Sp800-56Ar3 (Cert. A3358) KAS-FFC-SSC Sp800-56Ar3 (Cert. A3358)DH public key – WE DH private key – WE ECDH public key – WE ECDH private key – WE TLS pre-master secret – GEAPI return value
Derive TLS keysDerive TLS session and integrity keysUserTLS pre-master secret TLS master secret AES key AES GCM key AES GCM IV HMAC keyTLS KDF (Cert. A3358) TLS v1.3 KDF (Cert. A3359)TLS pre-master secret – WE TLS master secret – GE AES key – GR AES GCM key – GR AES GCM IV – GR HMAC key – GRAPI return value
Perform key agreement functionsEstablish symmetric key using DH/ECDH key agreementUserDH public key DH private key ECDH public key ECDH private key TLS pre-master secret TLS master secret AES key AES GCM key AES GCM IV HMAC keyKAS (KAS-ECC_SSC/TLS KDF) (Certs. A3358, A3358) KAS (KAS-ECC_SSC/TLS v1.3 KDF) (Certs. A3358, A3359) KAS (KAS-FFC_SSC/TLS KDF) (Certs. A3358, A3358) KAS (KAS-FFC_SSC/TLS v1.3 KDF) (Certs. A3358, A3359)DH public key – WE DH private key – WE ECDH public key – WE ECDH private key – WE TLS pre-master secret – GE TLS master secret – GE AES key – GR AES GCM key – GR AES GCM IV – GR HMAC key – GRAPI return value
Page 22

February 6, 2025 N/A * Per FIPS 140-3 IG 2.4.C, the Show Status, Zeroize, and Show Versioning Information services do not require an Approved service indicator. The following services/algorithms are allowed for legacy use only:

Page 23
Service
NameDescriptionRolesApproved FunctionsIndicator
Perform data encryption (non-approved)Perform symmetric data encryptionUserAES -GCM (non-approved), ARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4, Triple DES (non-approved), XTS-AESAPI return value
Perform data decryption (non-approved)Perform symmetric data decryptionUserAES -GCM (non-approved), ARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4, Triple DES, XTS-AESAPI return value
Perform MAC operations (non-approved)Perform message authentication operationsUserPoly1305, Triple DES/CMAC (non-approved)API return value
Perform hash operation (non-approved)Perform hash operationUserMD2, MD4, MD5, RIPEMD, RMD160, SHA-3, SM2, SM3, SM4, WhirlpoolAPI return value
Perform digital signature functions (non-approved)Perform digital signature functionsUserDSA (non-approved), ECDSA (non-approved), RSA (non- approved)API return value
Perform key agreement functions (non-approved)Perform key agreement functionsUserDH (non-approved), ECDH (non-approved)API return value
Perform key wrap (non- approved)Perform key wrap/unwrap functionsUserAES -GCM (non-approved), Triple DES/CMAC (non- approved)API return value
Perform key encapsulation (non-approved)Perform key encapsulation functionsUserRSA (non-approved)API return value
Perform key un- encapsulation (non- approved)Perform key un-encapsulation functionsUserRSA (non-approved)API return value
Perform key derivation functions (non-approved)Perform key derivation functionsUserHKDF, PBKDF2, TLS 1.0/1.1 KDFAPI return value
Perform authenticated encryption/decryption (non- approved)Perform authenticated encryption/decryptionUserAES-OCBAPI return value
Generate random number (non-approved)Perform random number generationUserANSI X9.31 RNG (with 128-bit AES core)API return value
Generate asymmetric key pair (non-approved)Perform key pair generationUserDSA (non-approved), ECDSA (non-approved), RSA (non- approved)API return value

February 6, 2025 Table 10

Page 24
  1. February 6, 2025 Software/Firmware Security All software components within the cryptographic boundary are verified using an approved integrity technique implemented within the cryptographic module itself. The module implements an integrity test technique consisting of a single encompassing HMAC SHA2-256 digest file that covers both library files; failure of the integrity test will cause the module to enter a critical error state. Details regarding the keys used for the integrity checks can be found in Table
  2. The module’s integrity check is performed automatically at module instantiation (i.e., when the module is loaded into memory for execution) without action from the module operator. The CO can initiate the pre-operational tests on demand by restarting the calling application, rebooting/power-cycling the host server, or issuing the FIPS_selftest() API command. The Dynatrace Cryptographic Module is not delivered to end-users as a standalone offering. Rather, it is a prebuilt integrated component of Dynatrace’s application software. Dynatrace does not provide end-users with any mechanisms to directly access the module, its source code, its APIs, or any information sent to/from the module. Thus, end-users have no ability to independently load the module onto target platforms. No configuration steps are required to be performed by end-users, and no end-user action is required to initialize the module for operation. The module is designed with a default entry point (DEP) that ensures that the pre-operational tests and conditional CASTs are initiated automatically when the module is loaded. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
Page 25

6. February 6, 2025 Operational Environment The Dynatrace Cryptographic Module comprises a software cryptographic library that executes in a modifiable operational environment. The cryptographic module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environment provides the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Please refer to section 2.1 of this document for a list/description of the applicable operational environments. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 26

7. February 6, 2025 Physical Security This section is not applicable. Per section 7.7.1 of ISO/IEC 19790:2021, the requirements of this section are “applicable to hardware and firmware modules, and hardware and firmware components of hybrid modules”. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 27

8. February 6, 2025 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques references in ISO/IEC 19790:2021 Annex F. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 28
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationUseImport Export
Integrity Test Key - libcrypto (not an SSP)256 bitsHMAC SHA2-256 (Cert. A3358)Hardcoded in the module imagePlaintext in RAMNot subject to zeroization requirementsPre- operational verification of libcrypto library
Integrity Test Key - libssl (not an SSP)256 bitsHMAC SHA2-256 (Cert. A3358)Hardcoded in the module imagePlaintext in RAMNot subject to zeroization requirementsPre- operational verification of libssl library
AES key (CSP)Between 128 and 256 bitsAES-CBC (Cert. A3358) AES-CCM (Cert. A3358) AES-CFB1 (Cert. A3358) AES-CFB128 (Cert. A3358) AES-CFB8 (Cert. A3358) AES-CTR (Cert. A3358) AES-ECB (Cert. A3358) AES-KW (Cert. A3358) AES-KWP (Cert. A3358) KTS (AES-CCM) (Cert. A3358) KTS (AES-KW) (Cert. A3358) KTS (AES-KWP) (Cert. A3358)Derived via TLS KDFNot persistently stored by the moduleUnload module; Remove powerSymmetric encryption, decryptionImported in plaintext via API parameter Never exported [MD/EE]
AES GCM key (CSP)Between 128 and 256 bitsAES-GCM (Cert. A3358) KTS (AES-GCM) (Cert. A3358)Derived via TLS KDFNot persistently stored by the moduleUnload module; Remove powerAuthenticate d symmetric encryption, decryptionImported in plaintext via API parameter Never exported
AES CMAC key (CSP)Between 128 and 256 bitsAES-CMAC (Cert. A3358) KTS (AES-CMAC) (Cert. A3358)Not persistently stored by the moduleUnload module; Remove powerMAC generation, verificationImported in plaintext via API parameter Never exported [MD/EE]
AES GMAC key (CSP)Between 128 and 256 bitsAES-GMAC (Cert. A3358) KTS (AES-GMAC) (Cert. A3358)Not persistently stored by the moduleUnload module; Remove powerMAC generation, verificationImported in plaintext via API parameter Never exported [MD/EE]
HMAC key (CSP)Between 160 and 512 bitsHMAC SHA-1 (Cert. A3358) HMAC SHA2-224 (Cert. A3358) HMAC SHA2-256 (Cert. A3358) HMAC SHA2-384 (Cert. A3358) HMAC SHA2-512 (Cert. A3358)Derived via TLS KDFNot persistently stored by the moduleUnload module; Remove powerKeyed hashImported in plaintext via API parameter Never exported [MD/EE]
DSA private key (CSP)112 or 128 bitsDSA SigGen (FIPS186-4) (Cert. A3358)Generated internally via Approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature generationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
DSA public key (PSP)112 or 128 bitsDSA SigVer (FIPS186-4) (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature verificationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
ECDSA private key (CSP)Between 112 and 256 bitsECDSA SigGen (FIPS186-4) (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature generationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
ECDSA public key (PSP)Between 112 and 256 bitsECDSA SigVer (FIPS186- 4) (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature verificationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
RSA private key (CSP)Between 112 and 150 bitsRSA SigGen (FIPS186-4) (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature generation, asymmetric decryptionImported in plaintext via API parameter Exported in plaintext via API parameter
RSA public key (PSP)Between 80 and 150 bitsRSA SigVer (FIPS186-4) (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature verification, asymmetric encryption 1024-bit keys for legacy use (digital signature verification) onlyImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
DH private key (CSP)112 bitsKAS-SSC-FFC (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
DH public key (PSP)112 bitsKAS-SSC-FFC (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
ECDH private key (CSP)Between 112 and 256 bitsKAS-SSC-ECC (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerECDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
ECDH public key (PSP)Between 112 and 256 bitsKAS-SSC-ECC (Cert. A3358)Generated internally via approved DRBGNot persistently stored by the moduleUnload module; Remove powerECDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE]
AES GCM IV (CSP)AES-GCM (Cert. A3358)Generated internally in compliance with the provisions of a peer-to-peer industry standard protocolNot persistently stored by the moduleUnload module; Remove powerInitialization vector for AES GCM
TLS pre-master secret (CSP)Between 112 and 256 bitsTLS KDF (Cert. A3358) TLS v1.3 KDF (Cert. A3359)Not persistently stored by the moduleUnload module; Remove powerDerivation of the TLS master secretImported in plaintext via API parameter Never exported [MD/EE]
TLS master secret (CSP)256 bitsTLS KDF (Cert. A3358) TLS v1.3 KDF (Cert. A3359)Derived internally using the TLS pre- master secret via TLS KDFNot persistently stored by the moduleUnload module; Remove powerDerivation of the AES/AES- GCM key and HMAC key used for securing TLS connections
DRBG entropy input (CSP)256 bitsCounter DRBG (Cert. A3358)Not persistently stored by the moduleUnload module; Remove powerEntropy material for DRBGImported in plaintext via API parameter Never exported [MD/EE]
DRBG seed (CSP)256 bitsCounter DRBG (Cert. A3358)Generated internally using nonce along with DRBG entropy inputNot persistently stored by the moduleUnload module; Remove powerSeeding material for DRBG
DRBG ‘V’ value (CSP)128 bitsCounter DRBG (Cert. A3358)Generated internallyNot persistently stored by the moduleUnload module; Remove powerState values for DRBG
DRBG ‘Key’ value (CSP)256 bitsCounter DRBG (Cert. A3358)Generated internallyNot persistently stored by the moduleUnload module; Remove powerState values for DRBG

February 6, 2025

  1. Management 9.1 Keys and Other SSPs The module supports the keys and other SSPs listed in Table
  2. Table 11 – Keys Preoperational Preoperational Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
Page 29

February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 30

February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 31

February 6, 2025 9.2 DRBGs The module implements the following Approved DRBG(s):

Page 32
Approved algorithm
NameKey Size
DetailsMinimum NumberEntropy Source(s)
of Bits of Entropyof Bits of Entropy
256 bits of seed material are provided to the module’s DRBG by the calling application. The calling application and its entropy sources are outside the module’s cryptographic boundary. The calling application shall use entropy sources that meet the security strength required for the CTR_DRBG as shown in NIST SP 800-90Arev1, Table 3. This entropy shall be supplied by means of a callback function. The callback function must return an error if the minimum entropy strength cannot be met.256Calling application

9.4 February 6, 2025 SSP Zeroization Methods Maintenance, including protection and zeroization, of any keys and CSPs that exist outside the module’s cryptographic boundary are the responsibility of the end-user. For the zeroization of keys in volatile memory, module operators can unload the module from memory or reboot/power-cycle the host device. 9.5 Table 12

Page 33

February 6, 2025 10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s):

38 KAT – Known Answer Test

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 34

February 6, 2025 To ensure all CASTs are performed prior to the first operational use of the associated algorithm, all CASTs are performed during the module’s initial power-up sequence. The SHA and HMAC KATs are performed prior to the pre-operational software integrity test; all other CASTs are executed after the successful completion of the software integrity test.

39 PCT – Pairwise Consistency Test

Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 35

February 6, 2025 11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:

Page 36

February 6, 2025

Page 37
CVE NumberSeverityMitigation
CVE-2023-3446LowBefore calling DH_check(), DH_check_ex(), or EVP_PKEY_param_check(), operator should verify that the DH key or DH parameters were obtained from a trusted source.
CVE-2023-3817LowBefore calling DH_check(), DH_check_ex(), or EVP_PKEY_param_check(), operator should verify that the DH key or DH parameters were obtained from a trusted source.
CVE-2024-4741LowApplications should not directly call the SSL_free_buffers function.

February 6, 2025 not wrap. If a sequence number needs to wrap, the TLS implementation is responsible for either rekeying or terminating the connection. The module supports the TLS 1.3 GCM cipher suite from section 3.3.1.2 of NIST SP 800-52rev2. The AES GCM IV generation is performed internally, is compliant with the RFC 8446, and shall only be used for the TLS 1.3 protocol to be compliant with scenario 5 in FIPS 140-3 IG C.H; thus, the module is compliant with NIST SP 800-52rev2. The module also supports internal IV generation using the module’s Approved DRBG. The IV is at least 96 bits in length per section 8.2.2 of NIST SP 800-38D. Per NIST SP 800-38D and scenario 2 of FIPS 140-3 IG C.H, the DRBG generates outputs such that the (key/IV) pair collision probability is less than 2-32. In the event that power to the module is lost and subsequently restored, the calling application must ensure that any AES-GCM keys used for encryption or decryption are re-distributed.

11.6.1 Applicable CVEs

The following table lists the applicable CVEs impacting the module, as well as methods of mitigation. Table 13

11.6.2 CVE Mitigation Plan

Post-submission, the module has been continually updated to provide mitigations for the CVEs listed above. These mitigations will be included in a future revalidation of the module. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 38

February 6, 2025 12. Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 39

February 6, 2025 Appendix A. Approved Service Indicators This appendix specifies the APIs that are externally accessible and return the Approved service indicators. Synopsis #include <openssl/service_indicator.h> #include <openssl/ssl.h> int EVP_cipher_get_service_indicator(EVP_CIPHER_CTX *ctx); int DSA_get_service_indicator(DSA * ptr_dsa, DSA_MODES_t mode); int RSA_key_get_service_indicator(RSA * ptr_rsa); int PBKDF_get_service_indicator(); int EVP_Digest_get_service_indicator(EVP_MD_CTX *ctx); int EC_key_get_service_indicator(EC_KEY *ec_key); int CMAC_get_service_indicator(CMAC_CTX *cmac_ctx, CMAC_MODE_t mode); int HMAC_get_service_indicator(HMAC_CTX *ctx); int TLSKDF_get_service_indicator(EVP_PKEY_CTX *tls_ctx); int TLS1_3_kdf_get_service_indicator(EVP_MD *md); int TLS1_3_get_service_indicator(SSL *s); int DRBG_get_service_indicator(RAND_DRBG *drbg); Description These APIs are high-level interfaces that return the Approved service indicator value based on the parameter(s) passed to them.

Page 40

February 6, 2025

Page 41

February 6, 2025 EVP_CIPHER_CTX_cleanup(ctx); //Decrypt ctx = EVP_CIPHER_CTX_new(); EVP_DecryptInit_ex(ctx, cipher, NULL, key, NULL); EVP_CIPHER_CTX_set_key_length(ctx, 24); EVP_DecryptUpdate(ctx, pltmp, &outLen, citmp, 8); // Check the indicator fprintf(stdout,"EVP_des_ede3_ecb (NID %i) decrypt indicator = %i\n", NID, EVP_cipher_get_service_indicator(ctx)); EVP_CIPHER_CTX_cleanup(ctx); EVP_CIPHER_CTX_free(ctx); } Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 42
Acronyms
NameTermDefinition
AESAESAdvanced Encryption Standard
ANSIANSIAmerican National Standards Institute
APIAPIApplication Programming Interface
CASTCASTCryptographic Algorithm Self-Test
CBCCBCCipher Block Chaining
CCCSCCCSCanadian Centre for Cyber Security
CCMCCMCounter with Cipher Block Chaining - Message Authentication Code
CFBCFBCipher Feedback
CKGCKGCryptographic Key Generation
CMACCMACCipher-Based Message Authentication Code
CMVPCMVPCryptographic Module Validation Program
COCOCryptographic Officer
CPUCPUCentral Processing Unit
CTRCTRCounter
CVLCVLComponent Validation List
DEPDEPDefault Entry Point
DESDESData Encryption Standard
DHDHDiffie-Hellman
DRBGDRBGDeterministic Random Bit Generator
DSADSADigital Signature Algorithm
ECBECBElectronic Code Book
ECCECCElliptic Curve Cryptography
ECC CDHECC CDHElliptic Curve Cryptography Cofactor Diffie-Hellman
ECDHECDHElliptic Curve Diffie-Hellman
ECDSAECDSAElliptic Curve Digital Signature Algorithm
EMI/EMCEMI/EMCElectromagnetic Interference /Electromagnetic Compatibility
FFCFFCFinite Field Cryptography
FIPSFIPSFederal Information Processing Standard
GCMGCMGalois/Counter Mode
GMACGMACGalois Message Authentication Code
GPCGPCGeneral-Purpose Computer
HMACHMAC(keyed-) Hash Message Authentication Code
KASKASKey Agreement Scheme
KATKATKnown Answer Test
KDFKDFKey Derivation Function
KTSKTSKey Transport Scheme
KWKWKey Wrap
KWPKWPKey Wrap with Padding
MDMDMessage Digest
NISTNISTNational Institute of Standards and Technology
OCBOCBOffset Codebook
OFBOFBOutput Feedback
OSOSOperating System
PBKDFPBKDFPassword-Based Key Derivation Function
PCTPCTPairwise Consistency Test
PKCSPKCSPublic Key Cryptography Standard
PSSPSSProbabilistic Signature Scheme
PUBPUBPublication
RCRCRivest Cipher
RNGRNGRandom Number Generator
RSARSARivest Shamir Adleman
SHAKESHAKESecure Hash Algorithm KECCAK
SHASHASecure Hash Algorithm
SHSSHSSecure Hash Standard
SPSPSpecial Publication
TDESTDESTriple Data Encryption Standard
TLSTLSTransport Layer Security
XEXXEXXOR Encrypt XOR
XTSXTSXEX-Based Tweaked-Codebook Mode with Ciphertext Stealing

February 6, 2025 Appendix B. Acronyms and Abbreviations Table 14 provides definitions for the acronyms and abbreviations used in this document. Table 14

Page 43

February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC

Page 44

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com www.corsec.com

Referenced URLs