| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 5/4/2030 |
| Caveat | When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy. |
| Vendor | Amazon Web Services, Inc. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Amazon Linux 2023 GnuTLS Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Error State</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: gnutls</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Amazon Linux 2023 GnuTLS Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Error State</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: gnutls</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3 clueHigh;
class C5,C6 clueLow;Amazon Web Services, Inc. Amazon Linux 2023 GnuTLS Cryptographic Module Document Version 1.2 Last update: 2025-04-29 Prepared by: atsec information security corporation
Amazon Linux 2023 GnuTLS Cryptographic Module Austin, TX 78759 www.atsec.com © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Table of Contents © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module List of Tables © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module List of Figures © 2025 Amazon Web Services, Inc./atsec information security.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | N/A |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 1 |
Amazon Linux 2023 GnuTLS Cryptographic Module
This document is the non-proprietary FIPS 140-3 Security Policy for version 3.8.0-f3d7c0863662248d of the Amazon Linux 2023 GnuTLS Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module.
This Security Policy describes the features and design of the module named GnuTLS Cryptographic Module using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic module to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. including this notice. Other documentation is proprietary to their authors. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module consolidated into this document by atsec information security together with other vendor-supplied documentation. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
Purpose and Use: The Amazon Linux 2023 GnuTLS Cryptographic Module (hereafter referred to as “the module”) is a cryptographic module that provides cryptographic services to applications running in the user space of the underlying operating system through a C language Application Program Interface (API). Module Type: Software Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The block diagram in Figure 1 shows the cryptographic boundary of the module, its interfaces with the operational environment, and the flow of information within the module and between the module and operator (depicted through the arrows). The module components consist of the libgnutls.so.30, libnettle.so.8, libhogweed.so.6, and libgmp.so.10, which are verified by computing their HMAC values and comparing the computed value with the stored .libgnutls.so.30.hmac, .libnettle.so.8.hmac, .libhogweed.so.6.hmac, and .libgmp.so.10.hmac values. © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on EC2 c7g.metal with AWS Graviton3 | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on EC2 c7g.metal with AWS Graviton3 | HMAC-SHA2-256 | ||||||
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on | HMAC-SHA2-256 | ||||||
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 7702 | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 7702 | HMAC-SHA2-256 | ||||||
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314U | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314U | HMAC-SHA2-256 | ||||||
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C3558 | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C3558 | HMAC-SHA2-256 | ||||||
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c7g.metal | 3.8.0-f3d7c0863662248d | AWS Graviton3 | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c6i.metal | 3.8.0-f3d7c0863662248d | Intel Xeon Platinum 8375C | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | AWS Snowball | 3.8.0-f3d7c0863662248d | AMD EPYC 7702 | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | AWS Snowblade | 3.8.0-f3d7c0863662248d | Intel Xeon Gold 6314U | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | AWS Snowcone | 3.8.0-f3d7c0863662248d | Intel Atom C3558 | Yes | N/A |
Amazon Linux 2023 GnuTLS Cryptographic Module Tested Operational Environment’s Physical Perimeter (TOEPP): Figure 1: Block Diagram
Tested Module Identification
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 7702 | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 7702 | HMAC-SHA2-256 | ||||||
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314U | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314U | HMAC-SHA2-256 | ||||||
| libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C3558 | 3.8.0-f3d7c0863662248d | N/A | libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C3558 | HMAC-SHA2-256 | ||||||
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c7g.metal | 3.8.0-f3d7c0863662248d | AWS Graviton3 | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c6i.metal | 3.8.0-f3d7c0863662248d | Intel Xeon Platinum 8375C | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | AWS Snowball | 3.8.0-f3d7c0863662248d | AMD EPYC 7702 | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | AWS Snowblade | 3.8.0-f3d7c0863662248d | Intel Xeon Gold 6314U | Yes | N/A | ||||
| Amazon Linux 2023 | Amazon Linux 2023 | AWS Snowcone | 3.8.0-f3d7c0863662248d | Intel Atom C3558 | Yes | N/A |
Amazon Linux 2023 GnuTLS Cryptographic Module N/A N/A N/A Table 2: Tested Module Identification
The module does not claim any excluded components.
Modes List and Description: © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Approved mode of operation | Entered by default, after passing the pre-operational and all conditional cryptographic algorithms self-tests (CASTs). Also, automatically entered whenever an approved service is requested | Equivalent to the indicator of the requested service as defined in section 4.3 | Approved |
| Non-approved mode of operation | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service as defined in section 4.4 | Non- Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4537 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4538 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4539 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4540 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4545 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4572 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A4537 | Key Length - 128, 256 | SP 800-38C |
| AES-CCM | A4572 | Key Length - 128, 256 | SP 800-38C |
| AES-CFB8 | A4542 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A4543 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A4548 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A4537 | Direction - Generation, Verification Key Length - 128, 256 | SP 800-38B |
| AES-CMAC | A4540 | Direction - Generation, Verification Key Length - 128, 256 | SP 800-38B |
| AES-CMAC | A4545 | Direction - Generation, Verification Key Length - 128, 256 | SP 800-38B |
| AES-GCM | A4537 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| AES-GCM | A4538 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| AES-GCM | A4539 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| AES-GCM | A4540 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| AES-GCM | A4545 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| AES-GCM | A4572 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| AES-GMAC | A4545 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| AES-XTS Testing Revision 2.0 | A4546 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A4545 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A4545 | Curve - P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A4545 | Curve - P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A4545 | Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A4545 | Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4 |
| HMAC-SHA-1 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A4545 | Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A4545 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KDA HKDF Sp800- 56Cr1 | A4544 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-65336 Increment 8 HMAC Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-56C Rev. 2 |
| KDF TLS (CVL) | A4545 | TLS Version - v1.0/1.1 | SP 800-135 Rev. 1 |
| PBKDF | A4545 | Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A4545 | Key Generation Mode - B.3.2 Modulo - 2048, 3072, 4096 Hash Algorithm - SHA2-384 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A4545 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A4545 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| Safe Primes Key Generation | A4545 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP- 2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 | SP 800-56A Rev. 3 |
| SHA-1 | A4540 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A4545 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A4572 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A4540 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A4545 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A4572 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A4540 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A4545 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A4572 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A4540 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A4545 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A4572 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A4540 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A4545 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A4572 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A4541 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-224 | A4547 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A4541 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A4547 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A4541 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A4547 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A4541 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A4547 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| TLS v1.2 KDF RFC7627 (CVL) | A4545 | Hash Algorithm - SHA2-256, SHA2-384 | SP 800-135 Rev. 1 |
Amazon Linux 2023 GnuTLS Cryptographic Module NonApproved Table 4: Modes List and Description only be transitioned into the non-approved mode by calling one of the non-approved services listed in the NonApproved Services table. Please see Section 4 or the details on service indicator provided by the module that identifies when an approved service is called. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Approved Functions | Properties | Implementation | Reference |
|---|---|---|---|---|
| Cryptographic Key Generation (CKG) | RSA:2048, 3072, 4096-bit keys | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 5.1 | |
| Cryptographic Key Generation (CKG) c | ECDSA:P-256, P-384, P-521 elliptic urves | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 5.1, 5.2 | |
| Cryptographic Key Generation S (CKG) b | afe Prime:2048, 3072, 4096, 6144, 8192- it keys | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 5.2 | |
| Cryptographic Key Generation (CKG) | CTR_DRBG:112-256 bit keys | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 6.1 | |
| Blowfish | Symmetric Encryption; Symmetric Decryption | |||
| Camellia | Symmetric Encryption; Symmetric Decryption | |||
| CAST | Symmetric Encryption; Symmetric Decryption | |||
| Chacha20 and Poly1305 | Authenticated Encryption; Authenticated Decryption | |||
| CMAC with Triple-DES | Message Authentication Code (MAC) | |||
| DES | Symmetric Encryption; Symmetric Decryption | |||
| Diffie-Hellman with keys generated with domain parameters other than safe primes | Key Agreement; Shared Secret Computation |
| Name | Approved Functions | Properties | Implementation | Reference |
|---|---|---|---|---|
| Cryptographic Key Generation (CKG) | RSA:2048, 3072, 4096-bit keys | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 5.1 | |
| Cryptographic Key Generation (CKG) c | ECDSA:P-256, P-384, P-521 elliptic urves | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 5.1, 5.2 | |
| Cryptographic Key Generation S (CKG) b | afe Prime:2048, 3072, 4096, 6144, 8192- it keys | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 5.2 | |
| Cryptographic Key Generation (CKG) | CTR_DRBG:112-256 bit keys | Amazon Linux 2023 GnuTLS (Generic C) | SP800-133r2, Section 6.1 | |
| Blowfish | Symmetric Encryption; Symmetric Decryption | |||
| Camellia | Symmetric Encryption; Symmetric Decryption | |||
| CAST | Symmetric Encryption; Symmetric Decryption | |||
| Chacha20 and Poly1305 | Authenticated Encryption; Authenticated Decryption | |||
| CMAC with Triple-DES | Message Authentication Code (MAC) | |||
| DES | Symmetric Encryption; Symmetric Decryption | |||
| Diffie-Hellman with keys generated with domain parameters other than safe primes | Key Agreement; Shared Secret Computation | |||
| DSA | Key Generation; Domain Parameter Generation; Digital Signature Generation; Digital Signature Verification | |||
| ECDSA with curves not listed in the Approved Algorithms table | Key Generation; Public Key Verification | |||
| ECDSA with curves/hash functions not listed in the Approved Algorithms table | Digital Signature Generation; Digital Signature Verification | |||
| EC Diffie-Hellman with curves not listed in the Approved Algorithms table | Key Agreement; Shared Secret Computation | |||
| GOST | Symmetric Encryption; Symmetric Decryption; Message Digest | |||
| HMAC with keys smaller than 112-bit | Message Authentication Code (MAC) | |||
| HMAC with GOST | Message Authentication Code (MAC) | |||
| MD2, MD4, MD5 | Message Digest; Message Authentication Code (MAC) | |||
| PBKDF with HMAC not listed in the Approved Algorithms table or using input parameters not meeting requirements stated in section 2.7 | Key Derivation | |||
| RC2, RC4 | Symmetric Encryption; Symmetric Decryption | |||
| RMD160 | Message Digest; Message Authentication Code (MAC) | |||
| RSA with keys smaller than 2048 bits or greater than 4096 bits. | Key Generation | |||
| RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table | Digital Signature Generation | |||
| RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table | Digital Signature Verification | |||
| Salsa20 | Symmetric Encryption; Symmetric Decryption | |||
| SEED | Symmetric Encryption; Symmetric Decryption | |||
| Serpent | Symmetric Encryption; Symmetric Decryption | |||
| SRP | Key Agreement | |||
| STREEBOG | Message Digest; Message Authentication Code (MAC) | |||
| Triple-DES | Symmetric Encryption; Symmetric Decryption | |||
| Twofish | Symmetric Encryption; Symmetric Decryption | |||
| UMAC | Message Authentication Code (MAC) | |||
| Yarrow | Random Number Generation | |||
| DRBG when key length is less than 112 bits | Random Number Generation | |||
| RSA | Key Encapsulation; Key Un-encapsulation | |||
| Non-supported cipher suites (not listed in Appendix A) | Transport Layer Security (TLS) Network Protocol |
Table 5: Approved Algorithms Vendor-Affirmed Algorithms: curves 5.1, 5.2 Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: Table 7: Non-Approved, Allowed Algorithms with No Security Claimed Non-Approved, Not Allowed Algorithms: © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Symmetric Encryption with AES | Symmetric encryption using AES | AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CFB8 AES-CFB8 AES-CFB8 AES-XTS Testing Revision 2.0 | BC-UnAuth | Keys:128, 192, 256-bit keys with 128-256 bits of key strength |
| Symmetric Decryption with AES | Symmetric decryption using AES | AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CFB8 AES-CFB8 AES-CFB8 AES-XTS Testing Revision 2.0 | BC-UnAuth | Keys:128, 192, 256-bit keys with 128-256 bits of key strength |
| Authenticated Symmetric Encryption with AES | Authenticated symmetric encryption using AES | AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM | BC-Auth | Keys:128, 256-bit keys with 128 and 256 bits of key strength |
| Authenticated Symmetric Decryption with AES | Authenticated symmetric decryption using AES | AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM | BC-Auth | Keys:128, 256-bit keys with 128 and 256 bits of key strength |
| Message Authentication Code with AES | Message authentication code with AES | AES-CMAC AES-CMAC AES-CMAC AES-GMAC | MAC | Keys:128, 256-bit keys with 128 and 256 bits of key strength |
| Message Authentication Code with HMAC | Message authentication code with HMAC | HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-384 | MAC | Keys:112-256-bit keys with 112-256 bits of key strength |
| Message Digest with SHA | Message digest using SHA | SHA-1 SHA-1 SHA-1 SHA2-224 SHA2-224 SHA2-224 SHA2-256 SHA2-256 SHA2-256 SHA2-384 SHA2-384 SHA2-384 SHA2-512 SHA2-512 SHA2-512 SHA3-224 SHA3-224 SHA3-256 SHA3-256 SHA3-384 SHA3-384 SHA3-512 SHA3-512 | SHA | |
| Key Derivation with TLS KDF | Key derivation using TLS KDF | KDF TLS TLS v1.2 KDF RFC7627 | KAS-135KDF | Derived Secret:112-256 bits with 112-256 bits key strength |
| Key Derivation with KDA HKDF | Key derivation using KDA HKDF | KDA HKDF Sp800-56Cr1 | KAS-56CKDF | Derived Secret:112-256 bits with 112-256 bits of key strength |
| Key Derivation with PBKDF | Key derivation using PBKDF | PBKDF | PBKDF | Keys:112-4096 bits with 112-256 bits of key strength |
| Digital Signature Generation with RSA | Digital signature generation using RSA | RSA SigGen (FIPS186-4) | DigSig-SigGen | Keys:2048, 3072, 4096-bit keys with 112, 128, 149 bits of key strength |
| Digital Signature Generation with ECDSA | Digital signature generation using ECDSA | ECDSA SigGen (FIPS186- 4) | DigSig-SigGen | Curves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength |
| Digital Signature Verification with RSA | Digital signature verification using RSA | RSA SigVer (FIPS186-4) | DigSig-SigVer | Keys:2048, 3072, 4096 bits with 112, 128, 149 bits of key strength |
| Digital Signature Verification with ECDSA | Digital signature verification using ECDSA | ECDSA SigVer (FIPS186- 4) | DigSig-SigVer | Curves:P-256, P-384, P- 521 elliptic with 128, 192, 256 bits of strength |
| Key Pair Generation with RSA | Key pair generation using RSA | RSA KeyGen (FIPS186-4) | AsymKeyPair-KeyGen | Keys:2048, 3072, 4096 bits with 112, 128, 149 bits of key strength |
| Key Pair Generation with ECDSA | Key pair generation using ECDSA | ECDSA KeyGen (FIPS186- 4) | AsymKeyPair-KeyGen | Curves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength |
| Key Pair Generation with Safe Primes | Key pair generation using Safe Primes | Safe Primes Key Generation | AsymKeyPair-KeyGen | Keys:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192-bit keys with 112- 200 bits of key strength |
| Public Key Verification with ECDSA | Public key verification using ECDSA | ECDSA KeyVer (FIPS186- 4) | AsymKeyPair-KeyVer | Curves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength |
| Shared Secret Computation with KAS- ECC-SSC | Shared secret computation using KAS-ECC-SSC | KAS-ECC-SSC Sp800- 56Ar3 | KAS-SSC | Curves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength |
| Shared Secret Computation with KAS- FFC-SSC | Shared secret computation using KAS-FFC-SSC | KAS-FFC-SSC Sp800- 56Ar3 | KAS-SSC | Keys:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192-bit keys |
| Random Number Generation with Counter DRBG | Random number generation using CTR_DRBG | Counter DRBG | DRBG | Compliance:SP800- 90ARev1 |
| TLS Handshake | Key agreement | KAS-ECC-SSC Sp800- 56Ar3 KAS-FFC-SSC Sp800- 56Ar3 KDA HKDF Sp800-56Cr1 | KAS-Full | Curves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength Keys:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192-bit keys with 112- 200 bits of key strength Compliance:IG D.F scenario 2(2) |
| Symmetric Key Generation with Counter DRBG | Symmetric key generation using Counter DRBG | Counter DRBG | DRBG | Keys:112-256 bits with 112-256 bits of key strength Compliance:SP 800-133r2 section 6.1 |
| Key Wrapping with AES | Key wrapping using AES | AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM | KTS-Wrap | Keys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G |
| Key Unwrapping with AES | Key unwrapping using AES | AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM | KTS-Wrap | Keys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G |
| Key Wrapping with AES and HMAC | Key wrapping using AES and HMAC | AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-384 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512 HMAC-SHA2-512 | KTS-Wrap | Keys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G |
| Key Unwrapping with AES and HMAC | Key unwrapping using AES and HMAC | AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-256 | KTS-Wrap | Keys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G |
Amazon Linux 2023 GnuTLS Cryptographic Module
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Compliance:SP80090ARev1 © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Table 9: Security Function Implementations
The TLS protocol implementation provides both server and client sides. To operate in the approved mode, digital certificates used for server and client authentication shall comply with the restrictions of key size and message digest algorithms imposed by [SP800-131Ar2].
The AES algorithm in XTS mode can be only used for the cryptographic protection of data on storage devices, as specified in [SP800-38E]. The length of a single data unit encrypted with the XTS-AES shall not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. Note: AES-XTS shall be used with 128 and 256-bit keys only. AES-XTS with 192-bit keys is not an approved algorithm.
The module implements AES GCM for being used in the TLS v1.2 and v1.3 protocols. AES GCM IV generation is in compliance with [FIPS140-3_IG] IG C.H for both protocols as follows:
| Cert | Vendor |
|---|---|
| Number | Name |
| E124 | Amazon |
Amazon Linux 2023 GnuTLS Cryptographic Module
The module provides password-based key derivation (PBKDF), compliant with [SP800-132]. The module supports option 1a from section 5.4 of [SP800-132], in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with [SP800-132], the module ensures that the following requirements are met when running the PBKDF approved service.
The module offers DH and ECDH shared secret computation services compliant to the [SP800-56Ar3] and meeting IG D.F scenario 2 path (1) and path (2). To meet the required assurances listed in section 5.6 of [SP80056Ar3], the module shall be used together with an application that implements the "TLS protocol" and the following steps shall be performed. 1. 2. 3. The entity using the module, must use the module's "Asymmetric Key Generation" service for generating DH/ECDH ephemeral keys. This meets the assurances required by key pair owner defined in the section 5.6.2.1 of [SP800-56Ar3]. As part of the module's shared secret computation (SSC) service, the module internally performs the public key validation on the peer's public key passed in as input to the SSC function. This meets the public key validity assurance required by the sections 5.6.2.2.1/5.6.2.2.2 of [SP800-56Ar3]. The module does not support static keys therefore the "assurance of peer's possession of private key" is not applicable.
Table 10: Entropy Certificates © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Type | Strength | Operational Environment | Entropy per Sample | Conditioning Component |
|---|---|---|---|---|---|
| Userspace CPU Time Jitter RNG Entropy Source | Non- Physical | 256 bits | Amazon Linux 2023 on EC2 c7g.metal with AWS Graviton3; Amazon Linux 2023 on EC2 c6i.metal with Intel Xeon Platinum 8375C; Amazon Linux 2023 on AWS Snowball with AMD EPYC 7702; Amazon Linux 2023 on AWS Snowblade with Intel Xeon Gold 6314U; Amazon Linux 2023 on AWS Snowcone with Intel Atom C3558 | 256 bits | SHA3-256 (A4551); HMAC-SHA2-512 DRBG (A4551) |
Amazon Linux 2023 GnuTLS Cryptographic Module Table 11: Entropy Sources The module employs a Deterministic Random Bit Generator (DRBG) based on [SP800-90Ar1] for the creation of seeds for symmetric keys, asymmetric keys, random numbers for security functions (e.g. ECDSA signature generation), and server and client random numbers for the TLS protocol. In addition, the module provides a Random Number Generation service to calling applications. The DRBG supports the CTR_DRBG with AES-256, without a derivation function and without prediction resistance. The module uses an [SP800-90B]-compliant entropy source specified in the Entropy Sources table. This entropy source is located within the physical perimeter, but outside of the cryptographic boundary of the module. The module obtains 384 bits to seed the DRBG, and 256 bits to reseed it, sufficient to provide a DRBG with 256 bits of security strength.
The module implements key generation methods according to SP 800-133r2 section 4 example 1, without the use of V. The key generation methods are specified in the Vendor Affirmed Algorithms table and the Security Function Implementations table. Additionally, the module implements key derivation methods according to section 6.2 of SP 800-133r2. The key derivation methods are specified in the Security Function Implementations table.
The module implements SSP agreement, compliant with IG D.F scenario 2(1) and scenario 2(2). Additionally, the module implements SSP transport, compliant with IG D.G. The Key Establishment methods are specified in the Security Function Implementations table.
The module implements KDF for the TLS protocol TLSv1.0, TLSv1.1, TLSv1.2. No parts of the TLS 1.0/1.1/1.2, other than the key derivation functions mentioned above, have been tested by the CAVP and CMVP. The module implements HKDF for the TLS protocol TLSv1.3. © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API input parameters |
| N/A | N/A | Data Output | API output parameters |
| N/A | N/A | Control Input | API function calls, API input parameters for control |
| N/A | N/A | Status Output | API return codes |
Amazon Linux 2023 GnuTLS Cryptographic Module
N/A N/A N/A N/A Table 12: Ports and Interfaces © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmetric Key Generation | Generate AES or HMAC key | Crypto Officer - Module- generated AES Key: G - Module- generated HMAC Key: G | Symmetric Key Generation with Counter DRBG | GNUTLS_FIPS140_OP_APPROVED | Key size | Key | |||
| Symmetric Encryption | Perform AES encryption | Crypto Officer - AES Key: W,E | Symmetric Encryption with AES Authenticated Symmetric Encryption with AES | GNUTLS_FIPS140_OP_APPROVED | Key, IV (for AEAD), Plaintext | Ciphertext | |||
| Symmetric Decryption | Perform AES decryption | Crypto Officer - AES Key: W,E | Symmetric Decryption with AES Authenticated Symmetric Decryption with AES | GNUTLS_FIPS140_OP_APPROVED | Key, IV (for AEAD), Ciphertext | Plaintext | |||
| Asymmetric Key Generation | Generate RSA or ECDSA key pairs | Crypto Officer - Module- generated RSA Public Key: G,R - Module- generated | Key Pair Generation with RSA Key Pair Generation with ECDSA | GNUTLS_FIPS140_OP_APPROVED | RSA key size or Elliptic Curve | Key pair |
| Name | Description | Roles | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | |||||||
| Symmetric Key Generation | Generate AES or HMAC key | Crypto Officer - Module- generated AES Key: G - Module- generated HMAC Key: G | Symmetric Key Generation with Counter DRBG | GNUTLS_FIPS140_OP_APPROVED | Key size | Key | ||||
| Symmetric Encryption | Perform AES encryption | Crypto Officer - AES Key: W,E | Symmetric Encryption with AES Authenticated Symmetric Encryption with AES | GNUTLS_FIPS140_OP_APPROVED | Key, IV (for AEAD), Plaintext | Ciphertext | ||||
| Symmetric Decryption | Perform AES decryption | Crypto Officer - AES Key: W,E | Symmetric Decryption with AES Authenticated Symmetric Decryption with AES | GNUTLS_FIPS140_OP_APPROVED | Key, IV (for AEAD), Ciphertext | Plaintext | ||||
| Asymmetric Key Generation | Generate RSA or ECDSA key pairs | Crypto Officer - Module- generated RSA Public Key: G,R - Module- generated | Key Pair Generation with RSA Key Pair Generation with ECDSA | GNUTLS_FIPS140_OP_APPROVED | RSA key size or Elliptic Curve | Key pair | ||||
| Diffie-Hellman Key Generation using Safe Primes | Perform DH key agreement with safe primes | Crypto Officer - Module- generated Diffie- Hellman Public Key: G - Module- generated Diffie- Hellman Private Key: G - Intermediate Key Generation Value: G,E | Key Pair Generation with Safe Primes | GNUTLS_FIPS140_OP_APPROVED | Key size | Key pair | ||||
| ECDSA Digital Signature Generation | Generate a digital signature | Crypto Officer - ECDSA Private Key: W,E | Digital Signature Generation with ECDSA | GNUTLS_FIPS140_OP_APPROVED | Message, hash algorithm, private key | Digital signature | ||||
| RSA Digital Signature Generation | Generate a digital signature | Crypto Officer - RSA Private Key: W,E | Digital Signature Generation with RSA | GNUTLS_FIPS140_OP_APPROVED | Message, hash algorithm, private key | Digital signature | ||||
| ECDSA Digital Signature Verification | Verify a digital signature | Crypto Officer - ECDSA Public Key: W,E | Digital Signature Verification with ECDSA | GNUTLS_FIPS140_OP_APPROVED | Digital signature, hash algorithm, public key | Verification result | ||||
| RSA Digital Signature Verification | Verify a digital signature | Crypto Officer - RSA Public Key: W,E | Digital Signature Verification with RSA | GNUTLS_FIPS140_OP_APPROVED | Digital signature, hash algorithm, public key | Verification result | ||||
| Public Key Verification | Verify ECDSA public key | Crypto Officer - ECDSA Public Key: W,E | Public Key Verification with ECDSA | GNUTLS_FIPS140_OP_APPROVED | Key | Return codes/log messages | ||||
| Random Number Generation | Generate random bit strings | Crypto Officer - Entropy Input: W,E - Counter DRBG Seed: G,E - Counter DRBG Internal State: V Value, Key: G,E | Random Number Generation with Counter DRBG | GNUTLS_FIPS140_OP_APPROVED | Number of bits | Random number | ||||
| Message Digest | Compute SHA hashes | Crypto Officer | Message Digest with SHA | GNUTLS_FIPS140_OP_APPROVED | Message | Digest of the message | ||||
| HMAC Message Authentication Code (MAC) | Compute HMAC | Crypto Officer - HMAC Key: W,E | Message Authentication Code with HMAC | GNUTLS_FIPS140_OP_APPROVED | Message, HMAC key | Message authentication code (MAC) | ||||
| AES Message Authentication Code (MAC) | Compute AES-based CMAC or AES-based GMAC | Crypto Officer - AES Key: W,E | Message Authentication Code with AES | GNUTLS_FIPS140_OP_APPROVED | Message, AES key | Message authentication code (MAC) | ||||
| Diffie-Hellman Shared Secret Computation | Perform DH shared secret computation | Crypto Officer - Diffie- Hellman Public Key: W,E - Diffie- Hellman | Shared Secret Computation with KAS-FFC- SSC | GNUTLS_FIPS140_OP_APPROVED | DH private key, DH public key from peer | Shared secret | ||||
| EC Diffie- Hellman Shared Secret Computation | Perform ECDH shared secret computation | Crypto Officer - EC Diffie- Hellman Public Key: W,E - EC Diffie- Hellman Private Key: W,E | Shared Secret Computation with KAS- ECC-SSC | GNUTLS_FIPS140_OP_APPROVED | EC private key, EC public key from peer | Shared secret | ||||
| TLS KDF and HKDF Key Derivation (derivation of TLS Master Secret) | Perform key derivation | Crypto Officer - TLS Pre- master Secret: W,E - TLS Master Secret: G,R | Key Derivation with TLS KDF Key Derivation with KDA HKDF | GNUTLS_FIPS140_OP_APPROVED | TLS pre-master secret | TLS master secret | ||||
| TLS KDF and HKDF Key Derivation (derivation of TLS Derived Secret) | Perform key derivation | Crypto Officer - TLS Master Secret: W,E - TLS Derived Secret: G,R | Key Derivation with TLS KDF Key Derivation with KDA HKDF | GNUTLS_FIPS140_OP_APPROVED | TLS master secret | TLS Derived Secret | ||||
| PBKDF Key Derivation | Perform password- based key derivation | Crypto Officer - PBKDF Password or Passphrase: W,E,Z - PBKDF Derived Key: G,R | Key Derivation with PBKDF | GNUTLS_FIPS140_OP_APPROVED | Password/passphrase | PBKDF Derived key | ||||
| Transport Layer Security (TLS) Network Protocol | Provide supported cipher suites (listed in Appendix A) in approved mode | Crypto Officer - AES Key: W,E - HMAC Key: W,E - RSA Public Key: W,E - RSA Private Key: W,E - ECDSA Public Key: W,E - ECDSA Private Key: W,E - Module- generated Diffie- | Symmetric Encryption with AES Symmetric Decryption with AES Authenticated Symmetric Encryption with AES Authenticated Symmetric Decryption with AES Message Authentication Code with HMAC Message Digest | GNUTLS_FIPS140_OP_APPROVED | Cipher-suites listed in Appendix A, Digital Certificate, Public and Private Keys, Application Data | Return codes and/or log messages, Application data | ||||
| with SHA Digital Signature Generation with RSA Digital Signature Generation with ECDSA Digital Signature Verification with RSA Digital Signature Verification with ECDSA Key Pair Generation with Safe Primes Public Key Verification with ECDSA TLS Handshake | Hellman Public Key: G,E - Module- generated Diffie- Hellman Private Key: G,E - Module- generated EC Diffie- Hellman Public Key: G,E - TLS Pre- master Secret: G,E - TLS Master Secret: G,E - TLS Derived Secret: G,R - Intermediate Key Generation Value: G,E | with SHA Digital Signature Generation with RSA Digital Signature Generation with ECDSA Digital Signature Verification with RSA Digital Signature Verification with ECDSA Key Pair Generation with Safe Primes Public Key Verification with ECDSA TLS Handshake | ||||||||
| Show Status | Show module status | Crypto Officer | None | N/A | N/A | Return codes and/or log messages | ||||
| Self-tests | Perform self- tests | Crypto Officer | Symmetric Encryption with AES Symmetric Decryption with AES Authenticated Symmetric Encryption with AES Authenticated Symmetric Decryption with AES Message Authentication Code with AES Message Authentication Code with HMAC Message Digest with SHA Key Derivation with TLS KDF Key Derivation with KDA | N/A | Module reset | Result of self- test (pass/fail) | ||||
| Show Module Name and Version | Show module name and version | Crypto Officer | None | N/A | None | Name and version information | ||||
| Symmetric Key Generation | Generate symmetric key other than AES and HMAC keys | Crypto Officer | DRBG when key length is less than 112 bits | |||||||
| Symmetric Encryption | Compute the cipher for encryption | Crypto Officer | Blowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent Triple-DES Twofish | |||||||
| Symmetric Decryption | Compute the plaintext for decryption | Crypto Officer | Blowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent |
Amazon Linux 2023 GnuTLS Cryptographic Module
Table 13: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module. No support is provided for multiple concurrent operators.
- Modulegenerated G W,E W,E - Modulegenerated - Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module - Modulegenerated G,R - Modulegenerated G,R - Modulegenerated EC DiffieHellman G,R - Modulegenerated EC DiffieHellman G,R - Modulegenerated DiffieHellman G - Modulegenerated DiffieHellman G W,E © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module W,E W,E G,E G,E W,E W,E - DiffieHellman © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module W,E EC DiffiePerform - EC DiffieHellman W,E - EC DiffieHellman W,E passwordbased key W,E,Z G,R W,E W,E - ModuleHMAC © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module G,E - Modulewith RSA DiffieSignature G,E - ModuleSignature Diffiewith RSA G,E N/A N/A - Modulegenerated - Modulegenerated Z - Modulegenerated - Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module - Modulegenerated Z Z - Modulegenerated DiffieHellman - Modulegenerated DiffieHellman Z - DiffieHellman - DiffieHellman Z - Modulegenerated EC DiffieHellman - Modulegenerated EC DiffieHellman Z - EC DiffieHellman - EC DiffieHellman Z - (DiffieHellman) - (EC DiffieHellman) © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Z Z - TLS Premaster © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|
| Show Module Name and Version | Show module name and version | Crypto Officer | None | N/A | None | Name and version information | |
| Symmetric Key Generation | Generate symmetric key other than AES and HMAC keys | Crypto Officer | DRBG when key length is less than 112 bits | ||||
| Symmetric Encryption | Compute the cipher for encryption | Crypto Officer | Blowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent Triple-DES Twofish | ||||
| Symmetric Decryption | Compute the plaintext for decryption | Crypto Officer | Blowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent | ||||
| Asymmetric Key Generation | Generate key pairs | Crypto Officer | DSA ECDSA with curves not listed in the Approved Algorithms table RSA with keys smaller than 2048 bits or greater than 4096 bits. | ||||
| Digital Signature Generation | Sign RSA, DSA, and ECDSA signatures | Crypto Officer | DSA ECDSA with curves/hash functions not listed in the Approved Algorithms table RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table | ||||
| Digital Signature Verification | Verify RSA, DSA, and ECDSA signatures | Crypto Officer | DSA ECDSA with curves/hash functions not listed in the Approved Algorithms table RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table | ||||
| Message Digest | Compute message digest | Crypto Officer | GOST MD2, MD4, MD5 RMD160 STREEBOG | ||||
| Message Authentication Code (MAC) | Compute HMAC or CMAC | Crypto Officer | CMAC with Triple-DES HMAC with keys smaller than 112-bit HMAC with GOST RMD160 UMAC | ||||
| Key Encapsulation | Perform RSA key encapsulation | Crypto Officer | RSA | ||||
| Key Un-encapsulation | Perform RSA key un- encapsulation | Crypto Officer | RSA | ||||
| Diffie-Hellman Shared Secret Computation | Perform DH shared secret computation | Crypto Officer | Diffie-Hellman with keys generated with domain parameters other than safe primes | ||||
| EC Diffie-Hellman Shared Secret Computation | Perform ECDH shared secret computation | Crypto Officer | EC Diffie-Hellman with curves not listed in the Approved Algorithms table | ||||
| Key Derivation | Perform key derivation | Crypto Officer | PBKDF with HMAC not listed in the Approved Algorithms table or using input parameters not meeting requirements stated in section 2.7 | ||||
| Transport Layer Security (TLS) Network Protocol | Provide non-supported cipher suites | Crypto Officer | Non-supported cipher suites (not listed in Appendix A) | ||||
| Random Number Generation | Generate random numbers | Crypto Officer | Yarrow | ||||
| Key Agreement | Perform key agreement | Crypto Officer | Diffie-Hellman with keys generated with domain parameters other than safe primes EC Diffie-Hellman with curves not listed in the Approved Algorithms table SRP |
Amazon Linux 2023 GnuTLS Cryptographic Module Table 14: Approved Services The following convention is used to specify access rights to a SSP:
© 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
The module does not support loading software or firmware from an external source. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
The integrity of the module is verified by comparing an HMAC-SHA2-256 value calculated at run time with the HMAC value stored in the .hmac file that was computed at build time for each software component of the module listed in Section 2. If the HMAC values do not match, the test fails, and the module enters the Error state.
The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational test (i.e., integrity test) and the cryptographic algorithm self-tests (CASTs). The Self-Tests service can be called on demand by invoking the gnutls_fips140_run_self_tests() function which will perform integrity tests and the CASTs. Additionally, the Self-Test service can be invoked by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output is possible. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
Type of Operational Environment: Modifiable How Requirements are Satisfied: the module executes on a general-purpose operating system (Amazon Linux 2023), which allows modification, loading, and execution of software that is not part of the validated module. The module should be compiled and installed as stated in Section 11.1.
Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment.
The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
The module is comprised of software only, and therefore this section is not applicable. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
This module does not implement any non-invasive security mechanism, and therefore this section is not applicable. © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Approved Functions | Type | From | To | Distribution Type |
|---|---|---|---|---|---|
| API input parameters | Electronic | Plaintext | Calling application within TOEPP | Cryptographic module | Manual |
| API output parameters | Electronic | Plaintext | Cryptographic module | Calling application within TOEPP | Manual |
| Storage | Description | Persistence |
|---|---|---|
| Area | Type | |
| Name | ||
| RAM | Temporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs. | Dynamic |
| Zeroization | Description | Rationale | Operator Initiation |
|---|---|---|---|
| Method | |||
| Free cipher handle | Zeroizes the SSPs referenced in the function name | Memory occupied by SSPs is overwritten with zeros, which renders the SSP values irretrievable | By calling the appropriate zeroization functions: AES Key: gnutls_cipher_deinit() AES Key: gnutls_aead_cipher_deinit() HMAC Key: gnutls_hmac_deinit() RSA Public Key, RSA Private Key: gnutls_privkey_deinit() gnutls_x509_privkey_deinit() gnutls_rsa_params_deinit() ECDSA Public Key, ECDSA Private Key: gnutls_privkey_deinit() gnutls_x509_privkey_deinit() gnutls_rsa_params_deinit() Diffie-Hellman Public Key, Diffie-Hellman Private Key: gnutls_dh_params_deinit() TLS Pre-master Secret: gnutls_deinit() TLS Master Secret: gnutls_deinit() TLS Derived Secret: gnutls_deinit() Diffie- Hellman Public Key, Diffie-Hellman Private Key: gnutls_pk_params_clear() EC Diffie-Hellman Public Key, EC Diffie-Hellman Private Key: gnutls_pk_params_clear() Diffie-Hellman Shared Secret: zeroize key() EC Diffie-Hellman Shared Secret: zeroize key() All SSPs: gnutls_global_deinit() |
| Remove power from the module | De-allocates the volatile memory used to store SSPs | Volatile memory used by the module is overwritten within nanoseconds when power is removed | By removing power |
Amazon Linux 2023 GnuTLS Cryptographic Module
Table 16: Storage Areas Table 17: SSP Input-Output Methods form within the physical perimeter of the operational environment. This is allowed by [FIPS140-3_IG] IG 9.5.A, according to the “CM Software to/from App via TOEPP Path” entry in the Key Establishment Table. © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Type | Description | Strength | Generation | Establishment | Use |
|---|---|---|---|---|---|---|
| Module- generated AES Key | Symmetric key - CSP | AES key generated during Symmetric Key Generation | 128, 192, 256 bits - 128, 192, 256 bits | Symmetric Key Generation with Counter DRBG | ||
| AES Key | Symmetric key - CSP | AES key used for Symmetric Encryption, Symmetric Decryption and Message Authentication Code | 128, 192, 256 bits - 128, 192, 256 bits | Symmetric Encryption with AES Symmetric Decryption with AES Authenticated Symmetric Encryption with AES Authenticated Symmetric Decryption with AES Message Authentication Code with AES Key Wrapping with AES Key Unwrapping with AES Key Wrapping with AES and HMAC Key Unwrapping with AES and HMAC | ||
| Module- generated HMAC Key | Authentication key - CSP | HMAC key generated during Symmetric Key Generation | 112-256 bit keys (Increment 8) - 112- 256 bits | Symmetric Key Generation with Counter DRBG | ||
| HMAC Key | Authentication key - CSP | HMAC key used for computing MAC tags | 112-524288 bit keys (Increment 8) - 112- 256 bits | Message Authentication Code with HMAC Key Unwrapping with AES and HMAC | ||
| Module- generated RSA Public Key | Public key - PSP | RSA Public key generated during Asymmetric Key Generation | 2048, 3072, 4096 bits - 112, 128, 149 bits | Key Pair Generation with RSA | ||
| Module- generated RSA Private Key | Private key - CSP | RSA Private key generated during Asymmetric Key Generation | 2048, 3072, 4096 bits - 112, 128, 149 bits | Key Pair Generation with RSA | ||
| RSA Public Key | Public key - PSP | RSA public key used for Signature Verification | 2048, 3072, 4096 bits - 112, 128, 149 bits | Digital Signature Verification with RSA | ||
| RSA Private Key | Private key - CSP | RSA private key used for Signature Generation | 2048, 3072, 4096 bits - 112, 128, 149 bits | Digital Signature Generation with RSA | ||
| Module- generated ECDSA Public Key | Public key - PSP | ECDSA public key generated during Asymmetric Key Generation | P-256, P-384, P-521 - 128, 192, 256 bits | Key Pair Generation with ECDSA | ||
| Module- generated ECDSA Private Key | Private key - CSP | ECDSA private key generated during Asymmetric Key Generation | P-256, P-384, P-521 - 128, 192, 256 bits | Key Pair Generation with ECDSA | ||
| ECDSA Public Key | Public key - PSP | Public key used for Digital Signature Verification, Public Key Verification | P-256, P-384, P-521 - 128, 192, 256 bits | Digital Signature Verification with ECDSA Public Key Verification with ECDSA | ||
| ECDSA Private Key | Private key - CSP | Private key used for Digital Signature Generation, Public Key Verification | P-256, P-384, P-521 - 128, 192, 256 bits | Digital Signature Generation with ECDSA Public Key Verification with ECDSA | ||
| Module- generated Diffie-Hellman Public Key | Public key - PSP | Diffie-Hellman public key generated during Diffie- Hellman Key Generation using Safe Primes | MODP-2048, MODP- 3072, MODP-4096, MODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bits | Key Pair Generation with Safe Primes | TLS Handshake | |
| Module- generated | Private key - CSP | Diffie-Hellman private key generated during | MODP-2048, MODP- 3072, MODP-4096, | Key Pair Generation | TLS Handshake | |
| Diffie-Hellman Private Key | Diffie-Hellman Key Generation using Safe Primes | MODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bits | with Safe Primes | |||
| Diffie-Hellman Public Key | Public key - PSP | Public key used for Shared Secret Computation | MODP-2048, MODP- 3072, MODP-4096, MODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bits | Shared Secret Computation with KAS-FFC- SSC | ||
| Diffie-Hellman Private Key | Private key - CSP | Private key used for Shared Secret Computation | MODP-2048, MODP- 3072, MODP-4096, MODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bits | Shared Secret Computation with KAS-FFC- SSC | ||
| Module- generated EC Diffie-Hellman Public Key | Public key - PSP | EC Diffie-Hellman public key generated during Asymmetric Key Generation | P-256, P-384, P-521 - 128, 192, 256 bits | Key Pair Generation with ECDSA | TLS Handshake | |
| Module- generated EC Diffie-Hellman Private Key | Private key - CSP | EC Diffie-Hellman private key generated during Asymmetric Key Generation | P-256, P-384, P-521 - 128, 192, 256 bits | Key Pair Generation with ECDSA | TLS Handshake | |
| EC Diffie- Hellman Public Key | Public key - PSP | Public key used for Shared Secret Computation | P-256, P-384, P-521 - 128, 192, 256 bits | Shared Secret Computation with KAS-ECC- SSC | ||
| EC Diffie- Hellman Private Key | Private key - CSP | Private key used for Shared Secret Computation | P-256, P-384, P-521 - 128, 192, 256 bits | Shared Secret Computation with KAS-ECC- SSC | ||
| (Diffie- Hellman) Shared Secret | Shared secret - CSP | Shared secret computed during Shared Secret Computation with Diffie- Hellman | 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bits | Shared Secret Computation with KAS-FFC- SSC | ||
| (EC Diffie- Hellman) Shared Secret | Shared secret - CSP | Shared secret computed from EC Diffie-Hellman Key Agreement | P-256, P-384, P-521 - 128-256 bits | Shared Secret Computation with KAS-FFC- SSC | ||
| PBKDF Password or Passphrase | Password/passphrase - CSP | Password/passphrase used for Key Derivation | 8-524288 bits - N/A | |||
| PBKDF Derived Key | Derived key - CSP | Key derived from PBKDF password/passphrase during Key Derivation | 112-4096 bits - 112- 256 bits | Key Derivation with PBKDF | ||
| Entropy Input | Entropy - CSP | Entropy input used to seed the Counter DRBG | 256 bits - 256 bits | Random Number Generation with Counter DRBG | ||
| Counter DRBG Seed | DRBG seed - CSP | Counter DRBG seed derived from Entropy Input | 256 bits - 256 bits | Random Number Generation with Counter DRBG | Random Number Generation with Counter DRBG | |
| Counter DRBG Internal State: V Value, Key | Internal state - CSP | Internal state of Counter DRBG | 256 bits - 256 bits | Random Number Generation with Counter DRBG | Random Number Generation with Counter DRBG | |
| TLS Pre-master Secret | Pre-master secret - CSP | TLS Pre-master Secret used for deriving the TLS Master Secret | 112-256 bits - 112-256 bits | Shared Secret Computation with KAS- ECC-SSC Shared Secret Computation with KAS-FFC- SSC | TLS Handshake | |
| TLS Master Secret | Master secret - CSP | TLS Master Secret used for deriving the TLS Derived Secret | 112-256 bits - 112-256 bits | Key Derivation with TLS KDF | TLS Handshake | |
| TLS Derived Secret | Derived secret - CSP | Used as encryption key or MAC key | 112-256 bits - 112-256 bits | Key Derivation with TLS KDF | TLS Handshake | |
| Intermediate Key Generation Value | Intermediate value - CSP | Intermediate key pair generation value generated during key generation services | 224-4096 bits - 112 to 256 bits | Key Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe Primes | Key Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe Primes |
| Zeroization Method | Description | Rationale | Operator Initiation |
|---|---|---|---|
| Automatic l | Automatically zeroized by the module when no onger needed | Memory occupied by SSPs is overwritten with zeros, which renders the SSP values irretrievable | N/A |
Amazon Linux 2023 GnuTLS Cryptographic Module longer needed Table 18: SSP Zeroization Methods All data output is inhibited during zeroization. Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Modulegenerated Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module EC DiffieHellman EC DiffieHellman (DiffieHellman) (EC DiffieHellman) © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Table 19: SSP Table 1 © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Storage | Zeroization | Input | Storage Duration | Related SSPs |
|---|---|---|---|---|---|
| Module-generated AES Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Counter DRBG Internal State: V Value, Key:Derived From |
| AES Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | |
| Module-generated HMAC Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Counter DRBG Internal State: V Value, Key:Derived From |
| HMAC Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | |
| Module-generated RSA Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated RSA Private Key:Paired With Intermediate Key Generation Value:Derived From |
| Module-generated RSA Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated RSA Public Key:Paired With Intermediate Key Generation Value:Derived From |
| RSA Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | RSA Private Key:Paired With |
| RSA Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | RSA Public Key:Paired With |
| Module-generated ECDSA Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated ECDSA Private Key:Paired With Intermediate Key Generation Value:Derived From |
| Module-generated ECDSA Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated ECDSA Public Key:Paired With Intermediate Key Generation Value:Derived From |
| ECDSA Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | ECDSA Private Key:Paired With Intermediate Key Generation Value:Derived From |
| ECDSA Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | ECDSA Public Key:Paired With |
| Module-generated Diffie-Hellman Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated Diffie-Hellman Private Key:Paired With Intermediate Key Generation Value:Derived From |
| Module-generated Diffie-Hellman Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated Diffie-Hellman Public Key:Paired With Intermediate Key Generation Value:Derived From |
| Diffie-Hellman Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | Diffie-Hellman Private Key:Derived From Intermediate Key Generation Value:Derived From (Diffie-Hellman) Shared Secret:Used With |
| Diffie-Hellman Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | Diffie-Hellman Public Key:Paired With Intermediate Key Generation Value:Derived From (Diffie-Hellman) Shared Secret:Used With |
| Module-generated EC Diffie-Hellman Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated EC Diffie- Hellman Private Key:Paired With Intermediate Key Generation Value:Derived From |
| Module-generated EC Diffie-Hellman Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Module-generated EC Diffie- Hellman Public Key:Paired With Intermediate Key Generation Value:Derived From |
| EC Diffie-Hellman Public Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | EC Diffie-Hellman Private Key:Paired With (EC Diffie-Hellman) Shared Secret:Used With |
| EC Diffie-Hellman Private Key | RAM:Plaintext | Free cipher handle Remove power from the module | API input parameters | For the duration of the service | EC Diffie-Hellman Public Key:Paired With (EC Diffie-Hellman) Shared Secret:Used With |
| (Diffie-Hellman) Shared Secret | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | Diffie-Hellman Public Key:Used With Diffie-Hellman Private Key:Used With |
| (EC Diffie-Hellman) Shared Secret | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | EC Diffie-Hellman Public Key:Used With EC Diffie-Hellman Private Key:Used With |
| PBKDF Password or Passphrase | RAM:Plaintext | Automatic | API input parameters | For the duration of the service | PBKDF Derived Key:Derived From |
| PBKDF Derived Key | RAM:Plaintext | Free cipher handle Remove power from the module | For the duration of the service | PBKDF Password or Passphrase:Derived From | |
| Entropy Input | RAM:Plaintext | Free cipher handle Remove power from the module | From generation until Counter DRBG Seed is created | Counter DRBG Seed:Derived From | |
| Counter DRBG Seed | RAM:Plaintext | Free cipher handle Remove power from the module | While the Counter DRBG is being instantiated | Entropy Input:Derived From Counter DRBG Internal State: V Value, Key:Derived From | |
| Counter DRBG Internal State: V Value, Key | RAM:Plaintext | Free cipher handle Remove power from the module | While the Counter DRBG is being instantiated | Counter DRBG Seed:Derived From | |
| TLS Pre-master Secret | RAM:Plaintext | Free cipher handle Remove power from the module | For the duration of the service | TLS Master Secret:Derived From Module-generated Diffie-Hellman Public Key:Used With Module-generated Diffie-Hellman Private Key:Used With Module-generated EC Diffie- Hellman Public Key:Used With Module-generated EC Diffie- Hellman Private Key:Used With | |
| TLS Master Secret | RAM:Plaintext | Free cipher handle Remove power from the module | For the duration of the service | TLS Pre-master Secret:Derived From TLS Derived Secret:Derived From | |
| TLS Derived Secret | RAM:Plaintext | Free cipher handle Remove power from the module | API output parameters | For the duration of the service | TLS Master Secret:Derived From |
| Intermediate Key Generation Value | RAM:Plaintext | Automatic | Intermediate value | Module-generated RSA Public Key:Derived From Module-generated RSA Private Key:Derived From Module-generated Diffie-Hellman Public Key:Derived From Module-generated Diffie-Hellman Private Key:Derived From Module-generated EC Diffie- Hellman Public Key:Derived From Module-generated EC Diffie- Hellman Private Key:Derived From |
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Table 20: SSP Table 2
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module The ECDSA, and RSA algorithms as implemented by the module conform to FIPS 186-4, which has been superseded by FIPS 186-5. The transition started on July 25, 2023, and ended on February 4, 2024. FIPS 186-4 was withdrawn on February 3, 2024. © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Test | Indicator |
|---|---|---|---|---|---|---|
| Test | Test | Properties | ||||
| HMAC-SHA2- 256 (A4545) | HMAC-SHA2- 256 (A4545) | Message Authentication | SW/FW Integrity | Integrity test for libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 | 256-bit key | Module becomes operational and services are available for use |
| Name | Mode Method | Properties | Test | Indicator | Details | Conditions |
|---|---|---|---|---|---|---|
| Test | Type | |||||
| AES-CBC (A4537) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CBC (A4537) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-CFB8 (A4542) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CFB8 (A4542) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-GCM (A4537) | Encrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-GCM (A4537) | Decrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| Test | Type | |||||
| AES-XTS Testing Revision 2.0 (A4546) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-XTS Testing Revision 2.0 (A4546) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| KAS-FFC-SSC Sp800-56Ar3 (A4545) | Primitive “Z” Computation KAT | ffdhe3072 | CAST | Module is operational and services are available for use | Shared secret computation | Module initialization |
| KAS-ECC-SSC Sp800-56Ar3 (A4545) | Primitive “Z” Computation KAT | P-256 curve | CAST | Module is operational and services are available for use | Shared secret computation | Module initialization |
| Counter DRBG (A4545) | KAT CTR_DRBG with AES without DF, without PR | 256-bit keys | CAST | Module is operational and services are available for use | KAT CTR_DRBG with AES with 256-bit keys without DF, without PR | Module initialization |
| Counter DRBG (A4545) | Health tests according to section 11.3 of [SP800- 90Ar1] | Health tests | CAST | Module is operational and services are available for use | Health tests | Module initialization |
| ECDSA SigGen (FIPS186-4) (A4545) | KAT with P-256 using SHA2-256 | P-256 with SHA2-256 | CAST | Module is operational and services are available for use | Signature generation | Module initialization |
| ECDSA SigVer (FIPS186-4) (A4545) | KAT with P-256 using SHA2-256 | P-256 with SHA2-256 | CAST | Module is operational and services are available for use | Signature verification | Module initialization |
| RSA SigGen (FIPS186-4) (A4545) | KAT with 2048-bit key using SHA2-256 | 2048-bit key with SHA2-256 | CAST | Module is operational and services are available for use | Signature generation | Module initialization |
| RSA SigVer (FIPS186-4) (A4545) | KAT with 2048-bit key using SHA2-256 | 2048-bit key with SHA2-256 | CAST | Module is operational and services are available for use | Signature verification | Module initialization |
| KDA HKDF Sp800-56Cr1 (A4544) | KAT with HMAC- SHA2-256 | HMAC-SHA2-256 | CAST | Module is operational and services are available for use | Key derivation | Module initialization |
| KDF TLS (A4545) | KAT with HMAC- SHA2-256 | HMAC-SHA2-256 | CAST | Module is operational and services are available for use | Key derivation | Module initialization |
| Test | Type | |||||
| PBKDF (A4545) | KAT with HMAC- SHA2-256 | HMAC-SHA2-256; password length: 24 bytes; salt length: 288 bits, iteration count: 4096 | CAST | Module is operational and services are available for use | Key derivation | Module initialization |
| HMAC-SHA-1 (A4540) | HMAC-SHA-1 KAT | HMAC-SHA-1 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 224 (A4540) | HMAC-SHA2-224 KAT | HMAC-SHA2-224 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 256 (A4540) | HMAC-SHA2-256 KAT | HMAC-SHA2-256 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 384 (A4540) | HMAC-SHA2-384 KAT | HMAC-SHA2-384 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 512 (A4540) | HMAC-SHA2-512 KAT | HMAC-SHA2-512 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| SHA3-224 (A4541) | SHA3-224 KAT | SHA3-224 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
| SHA3-256 (A4541) | SHA3-256 KAT | SHA3-256 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
| SHA3-384 (A4541) | SHA3-384 KAT | SHA3-384 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
| SHA3-512 (A4541) | SHA3-512 KAT | SHA3-512 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
| ECDSA KeyGen (FIPS186-4) (A4545) | Signature generation and verification | SHA2-256 with the respective curve | PCT | Successful key generation | Signature generation and verification | Key pair generation service request |
| RSA KeyGen (FIPS186-4) (A4545) | Signature generation and verification | SHA2-256 with the respective key | PCT | Successful key generation | Signature generation and verification | Key pair generation service request |
| Test | Type | |||||
| Safe Primes Key Generation (A4545) | PCT according to section 5.6.2.1.4 of [SP800-56Ar3] | N/A | PCT | Successful key generation | PCT according to section 5.6.2.1.4 of [SP800-56Ar3] | Key pair generation service request |
| ECDSA KeyGen (FIPS186-4) (A4545) | Signature generation and verification | SHA2-256 with the respective curve | PCT | Successful key generation | Signature generation and verification PCT that covers key pair generation for EC Diffie-Hellman | Key pair generation service request |
| AES-CBC (A4538) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CBC (A4538) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-CBC (A4539) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CBC (A4539) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-CBC (A4540) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CBC (A4540) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-CBC (A4545) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CBC (A4545) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-CBC (A4572) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CBC (A4572) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| Test | Type | |||||
| AES-CFB8 (A4548) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CFB8 (A4548) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-CFB8 (A4543) | Encrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-CFB8 (A4543) | Decrypt KAT | 256-bit key | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-GCM (A4538) | Encrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-GCM (A4538) | Decrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-GCM (A4539) | Encrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-GCM (A4539) | Decrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-GCM (A4540) | Encrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-GCM (A4540) | Decrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| AES-GCM (A4545) | Encrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-GCM (A4545) | Decrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| Test | Type | |||||
| AES-GCM (A4572) | Encrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Encryption | Module initialization |
| AES-GCM (A4572) | Decrypt KAT | 256-bit key, 96-bit IV | CAST | Module is operational and services are available for use | Decryption | Module initialization |
| HMAC-SHA-1 (A4545) | HMAC-SHA-1 KAT | HMAC-SHA-1 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA-1 (A4572) | HMAC-SHA-1 KAT | HMAC-SHA-1 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 224 (A4545) | HMAC-SHA2-224 KAT | HMAC-SHA2-224 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 224 (A4572) | HMAC-SHA2-224 KAT | HMAC-SHA2-224 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 256 (A4545) | HMAC-SHA2-256 KAT | HMAC-SHA2-256 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 256 (A4572) | HMAC-SHA2-256 KAT | HMAC-SHA2-256 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 512 (A4545) | HMAC-SHA2-512 KAT | HMAC-SHA2-512 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| HMAC-SHA2- 512 (A4572) | HMAC-SHA2-512 KAT | HMAC-SHA2-512 | CAST | Module is operational and services are available for use | Message Authentication Code (MAC) | Module initialization |
| SHA3-224 (A4547) | SHA3-224 KAT | SHA3-224 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
| SHA3-256 (A4547) | SHA3-256 KAT | SHA3-256 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
| Test | Type | |||||
| SHA3-384 (A4547) | SHA3-384 KAT | SHA3-384 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
| SHA3-512 (A4547) | SHA3-512 KAT | SHA3-512 | CAST | Module is operational and services are available for use | Message digest | Module initialization |
Amazon Linux 2023 GnuTLS Cryptographic Module
Table 21: Pre-Operational Self-Tests The module performs the pre-operational self-test and CASTs automatically when the module is loaded into memory. The pre-operational self-test ensure that the module is not corrupted, and the CASTs ensure that the cryptographic algorithms work as expected. While the module is executing the self-tests, services are not available, and input and output are inhibited. The module is not available for use by the calling application until the pre-operational test and CASTs are completed successfully. After the pre-operational test and the CASTs succeed, the module becomes operational. If the pre-operational test or any of the CASTs fail, an error message is returned, and the module transitions to the Error state.
© 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method |
|---|---|---|---|---|---|
| HMAC-SHA2-256 (A4545) | HMAC-SHA2-256 (A4545) | Message Authentication | SW/FW Integrity | On demand | Manually |
| AES-CBC (A4537) | AES-CBC (A4537) | Encrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4537) | AES-CBC (A4537) | Decrypt KAT | CAST | On demand | Manually |
| AES-CFB8 (A4542) | AES-CFB8 (A4542) | Encrypt KAT | CAST | On demand | Manually |
| AES-CFB8 (A4542) | AES-CFB8 (A4542) | Decrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4537) | AES-GCM (A4537) | Encrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4537) | AES-GCM (A4537) | Decrypt KAT | CAST | On demand | Manually |
| AES-XTS Testing Revision 2.0 (A4546) | AES-XTS Testing Revision 2.0 (A4546) | Encrypt KAT | CAST | On demand | Manually |
| AES-XTS Testing Revision 2.0 (A4546) | AES-XTS Testing Revision 2.0 (A4546) | Decrypt KAT | CAST | On demand | Manually |
| KAS-FFC-SSC Sp800- 56Ar3 (A4545) | KAS-FFC-SSC Sp800- 56Ar3 (A4545) | Primitive “Z” Computation KAT | CAST | On demand | Manually |
| KAS-ECC-SSC Sp800- 56Ar3 (A4545) | KAS-ECC-SSC Sp800- 56Ar3 (A4545) | Primitive “Z” Computation KAT | CAST | On demand | Manually |
| Counter DRBG (A4545) | Counter DRBG (A4545) | KAT CTR_DRBG with AES without DF, without PR | CAST | On demand | Manually |
| Counter DRBG (A4545) | Counter DRBG (A4545) | Health tests according to section 11.3 of [SP800- 90Ar1] | CAST | On demand | Manually |
| ECDSA SigGen (FIPS186- 4) (A4545) | ECDSA SigGen (FIPS186- 4) (A4545) | KAT with P-256 using SHA2-256 | CAST | On demand | Manually |
| ECDSA SigVer (FIPS186- 4) (A4545) | ECDSA SigVer (FIPS186- 4) (A4545) | KAT with P-256 using SHA2-256 | CAST | On demand | Manually |
| RSA SigGen (FIPS186-4) (A4545) | RSA SigGen (FIPS186-4) (A4545) | KAT with 2048-bit key using SHA2-256 | CAST | On demand | Manually |
| RSA SigVer (FIPS186-4) (A4545) | RSA SigVer (FIPS186-4) (A4545) | KAT with 2048-bit key using SHA2-256 | CAST | On demand | Manually |
| KDA HKDF Sp800-56Cr1 (A4544) | KDA HKDF Sp800-56Cr1 (A4544) | KAT with HMAC-SHA2- 256 | CAST | On demand | Manually |
| KDF TLS (A4545) | KDF TLS (A4545) | KAT with HMAC-SHA2- 256 | CAST | On demand | Manually |
| PBKDF (A4545) | PBKDF (A4545) | KAT with HMAC-SHA2- 256 | CAST | On demand | Manually |
| HMAC-SHA-1 (A4540) | HMAC-SHA-1 (A4540) | HMAC-SHA-1 KAT | CAST | On demand | Manually |
| HMAC-SHA2-224 (A4540) | HMAC-SHA2-224 (A4540) | HMAC-SHA2-224 KAT | CAST | On demand | Manually |
| HMAC-SHA2-256 (A4540) | HMAC-SHA2-256 (A4540) | HMAC-SHA2-256 KAT | CAST | On demand | Manually |
| HMAC-SHA2-384 (A4540) | HMAC-SHA2-384 (A4540) | HMAC-SHA2-384 KAT | CAST | On demand | Manually |
| HMAC-SHA2-512 (A4540) | HMAC-SHA2-512 (A4540) | HMAC-SHA2-512 KAT | CAST | On demand | Manually |
| SHA3-224 (A4541) | SHA3-224 (A4541) | SHA3-224 KAT | CAST | On demand | Manually |
| SHA3-256 (A4541) | SHA3-256 (A4541) | SHA3-256 KAT | CAST | On demand | Manually |
| SHA3-384 (A4541) | SHA3-384 (A4541) | SHA3-384 KAT | CAST | On demand | Manually |
| SHA3-512 (A4541) | SHA3-512 (A4541) | SHA3-512 KAT | CAST | On demand | Manually |
| ECDSA KeyGen (FIPS186- 4) (A4545) | ECDSA KeyGen (FIPS186- 4) (A4545) | Signature generation and verification | PCT | On demand | Manually |
| RSA KeyGen (FIPS186-4) (A4545) | RSA KeyGen (FIPS186-4) (A4545) | Signature generation and verification | PCT | On demand | Manually |
| Safe Primes Key Generation (A4545) | Safe Primes Key Generation (A4545) | PCT according to section 5.6.2.1.4 of [SP800-56Ar3] | PCT | On demand | Manually |
| ECDSA KeyGen (FIPS186- 4) (A4545) | ECDSA KeyGen (FIPS186- 4) (A4545) | Signature generation and verification | PCT | On demand | Manually |
| AES-CBC (A4538) | AES-CBC (A4538) | Encrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4538) | AES-CBC (A4538) | Decrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4539) | AES-CBC (A4539) | Encrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4539) | AES-CBC (A4539) | Decrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4540) | AES-CBC (A4540) | Encrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4540) | AES-CBC (A4540) | Decrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4545) | AES-CBC (A4545) | Encrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4545) | AES-CBC (A4545) | Decrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4572) | AES-CBC (A4572) | Encrypt KAT | CAST | On demand | Manually |
| AES-CBC (A4572) | AES-CBC (A4572) | Decrypt KAT | CAST | On demand | Manually |
| AES-CFB8 (A4548) | AES-CFB8 (A4548) | Encrypt KAT | CAST | On demand | Manually |
| AES-CFB8 (A4548) | AES-CFB8 (A4548) | Decrypt KAT | CAST | On demand | Manually |
| AES-CFB8 (A4543) | AES-CFB8 (A4543) | Encrypt KAT | CAST | On demand | Manually |
| AES-CFB8 (A4543) | AES-CFB8 (A4543) | Decrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4538) | AES-GCM (A4538) | Encrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4538) | AES-GCM (A4538) | Decrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4539) | AES-GCM (A4539) | Encrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4539) | AES-GCM (A4539) | Decrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4540) | AES-GCM (A4540) | Encrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4540) | AES-GCM (A4540) | Decrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4545) | AES-GCM (A4545) | Encrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4545) | AES-GCM (A4545) | Decrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4572) | AES-GCM (A4572) | Encrypt KAT | CAST | On demand | Manually |
| AES-GCM (A4572) | AES-GCM (A4572) | Decrypt KAT | CAST | On demand | Manually |
| HMAC-SHA-1 (A4545) | HMAC-SHA-1 (A4545) | HMAC-SHA-1 KAT | CAST | On demand | Manually |
| HMAC-SHA-1 (A4572) | HMAC-SHA-1 (A4572) | HMAC-SHA-1 KAT | CAST | On demand | Manually |
| HMAC-SHA2-224 (A4545) | HMAC-SHA2-224 (A4545) | HMAC-SHA2-224 KAT | CAST | On demand | Manually |
| HMAC-SHA2-224 (A4572) | HMAC-SHA2-224 (A4572) | HMAC-SHA2-224 KAT | CAST | On demand | Manually |
| HMAC-SHA2-256 (A4545) | HMAC-SHA2-256 (A4545) | HMAC-SHA2-256 KAT | CAST | On demand | Manually |
| HMAC-SHA2-256 (A4572) | HMAC-SHA2-256 (A4572) | HMAC-SHA2-256 KAT | CAST | On demand | Manually |
| HMAC-SHA2-512 (A4545) | HMAC-SHA2-512 (A4545) | HMAC-SHA2-512 KAT | CAST | On demand | Manually |
| HMAC-SHA2-512 (A4572) | HMAC-SHA2-512 (A4572) | HMAC-SHA2-512 KAT | CAST | On demand | Manually |
| SHA3-224 (A4547) | SHA3-224 (A4547) | SHA3-224 KAT | CAST | On demand | Manually |
| SHA3-256 (A4547) | SHA3-256 (A4547) | SHA3-256 KAT | CAST | On demand | Manually |
| SHA3-384 (A4547) | SHA3-384 (A4547) | SHA3-384 KAT | CAST | On demand | Manually |
| SHA3-512 (A4547) | SHA3-512 (A4547) | SHA3-512 KAT | CAST | On demand | Manually |
Amazon Linux 2023 GnuTLS Cryptographic Module Table 22: Conditional Self-Tests
Table 23: Pre-Operational Periodic Information © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Table 24: Conditional Periodic Information © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Description | Role Access | Indicator | Recovery Method |
|---|---|---|---|---|
| Error State | The module stops functioning and ends the application process | When the integrity test or KAT fail When the KAT of DRBG fails during CASTs When the newly generated RSA, ECDSA, Diffie-Hellman or EC Diffie-Hellman key pair fails the PCT | GNUTLS_E_SELF_TEST_ERROR (-400); GNUTLS_E_RANDOM_FAILED (-206); GNUTLS_E_PK_GENERATION_ERROR (-403) | The module must be restarted and perform the pre-operational self-test and the CASTs to recover from these errors. |
Amazon Linux 2023 GnuTLS Cryptographic Module
Table 25: Error States In the Error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running). The calling application can obtain the module state by calling the gnutls_fips140_get_operation_state() API function. A complete list of the error codes can be found in Appendix C “Error Codes and Descriptions” in the gnutls.pdf provided with the module's code.
The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational test (i.e., integrity test) and CASTs. The Self-Tests service can be called on demand by invoking the gnutls_fips140_run_self_tests() function which will perform integrity tests and the cryptographic algorithms self-tests. Additionally, the Self-Test service can be invoked by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output is possible. The PCTs can be invoked on demand by requesting the Asymmetric Key Generation service. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
Before the RPM packages are installed, the Amazon Linux 2023 system must operate in the FIPS validated configuration. To achieve this, the Crypto Officer must ensure that the crypto-policies utilities are installed and up to date by executing sudo dnf -y install crypto-policies crypto-policies-scripts. Then, the Crypto Officer must execute the sudo fips-mode-setup --enable command, then, restart the system by executing sudo reboot. The Crypto Officer must verify the Amazon Linux 2023 system operates in the FIPS validated configuration by executing the sudo fips-mode-setup --check command, which should output “FIPS mode is enabled.” Once the operating environment is booted in FIPS validated configuration, the Crypto Officer can install the Amazon packages containing the module using the Yellowdog Updater Modified (yum) with the following commands: $ sudo yum install gnutls-3.8.0-376.amzn2023.0.2 $ sudo yum install gmp-6.2.1-2.amzn2023.0.2 $ sudo yum install nettle-3.8-1.amzn2023.0.2 Note: libhogweed is provided by nettle-3.8-1.amzn2023.0.2. All the Amazon packages are associated with hashes for integrity check. The integrity of the Amazon package is automatically verified by the packing tool during the installation of the module. The Crypto Officer shall not install the package if the integrity fails.
The Crypto Officer shall follow this Security Policy to configure the operational environment and install the module to be operated in the approved mode. The module cannot use the following environment variables:
Amazon Linux 2023 GnuTLS Cryptographic Module
There is no non-administrator guidance.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the gnutls-3.8.0-376.amzn2023.0.2, gmp-6.2.1-2.amzn2023.0.2, nettle-3.8-1.amzn2023.0.2 RPM packages can be uninstalled from the Amazon Linux 2023 systems. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module
The module does not mitigate other attacks. © 2025 Amazon Web Services, Inc./atsec information security.
| Name | Reference | ID |
|---|---|---|
| TLS_DH_RSA_WITH_AES_128_CBC_SHA | RFC3268 | { 0x00, 0x31 } |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | RFC3268 | { 0x00, 0x33 } |
| TLS_DH_RSA_WITH_AES_256_CBC_SHA | RFC3268 | { 0x00, 0x37 } |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | RFC3268 | { 0x00, 0x39 } |
| TLS_DH_RSA_WITH_AES_128_CBC_SHA256 | RFC5246 | { 0x00,0x3F } |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | RFC5246 | { 0x00,0x67 } |
| TLS_DH_RSA_WITH_AES_256_CBC_SHA256 | RFC5246 | { 0x00,0x69 } |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | RFC5246 | { 0x00,0x6B } |
| TLS_PSK_WITH_AES_128_CBC_SHA | RFC4279 | { 0x00, 0x8C } |
| TLS_PSK_WITH_AES_256_CBC_SHA | RFC4279 | { 0x00, 0x8D } |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | RFC5288 | { 0x00, 0x9E } |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | RFC5288 | { 0x00, 0x9F } |
| TLS_DH_RSA_WITH_AES_128_GCM_SHA256 | RFC5288 | { 0x00, 0xA0 } |
| TLS_DH_RSA_WITH_AES_256_GCM_SHA384 | RFC5288 | { 0x00, 0xA1 } |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | RFC4492 | { 0xC0, 0x04 } |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | RFC4492 | { 0xC0, 0x05 } |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | RFC4492 | { 0xC0, 0x09 } |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | RFC4492 | { 0xC0, 0x0A } |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | RFC4492 | { 0xC0, 0x0E } |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | RFC4492 | { 0xC0, 0x0F } |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | RFC4492 | { 0xC0, 0x13 } |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | RFC4492 | { 0xC0, 0x14 } |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | RFC5289 | { 0xC0, 0x23 } |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | RFC5289 | { 0xC0, 0x24 } |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | RFC5289 | { 0xC0, 0x25 } |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | RFC5289 | { 0xC0, 0x26 } |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | RFC5289 | { 0xC0, 0x27 } |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | RFC5289 | { 0xC0, 0x28 } |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | RFC5289 | { 0xC0, 0x29 } |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | RFC5289 | { 0xC0, 0x2A } |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | RFC5289 | { 0xC0, 0x2B } |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | RFC5289 | { 0xC0, 0x2C } |
| TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | RFC5289 | { 0xC0, 0x2D } |
| TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | RFC5289 | { 0xC0, 0x2E } |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | RFC5289 | { 0xC0, 0x2F } |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | RFC5289 | { 0xC0, 0x30 } |
| TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | RFC5289 | { 0xC0, 0x31 } |
| TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | RFC5289 | { 0xC0, 0x32 } |
| TLS_DHE_RSA_WITH_AES_128_CCM | RFC6655 | { 0xC0, 0x9E } |
| TLS_DHE_RSA_WITH_AES_256_CCM | RFC6655 | { 0xC0, 0x9F } |
| TLS_DHE_RSA_WITH_AES_128_CCM_8 | RFC6655 | { 0xC0, 0xA2 } |
| TLS_DHE_RSA_WITH_AES_256_CCM_8 | RFC6655 | { 0xC0, 0xA3 } |
| TLS_AES_128_GCM_SHA256 | RFC8446 | { 0x13, 0x01 } |
| TLS_AES_256_GCM_SHA384 | RFC8446 | { 0x13, 0x02 } |
| TLS_AES_128_CCM_SHA256 | RFC8446 | { 0x13, 0x04 } |
| TLS_AES_128_CCM_8_SHA256 | RFC8446 | { 0x13, 0x05 } |
Amazon Linux 2023 GnuTLS Cryptographic Module Appendix A. TLS Cipher Suites The module supports the following cipher suites for the TLS protocol version 1.0, 1.1, 1.2 and 1.3, compliant with section 3.3.1 of [SP800-52rev2]. Each cipher suite defines the key exchange algorithm, the bulk encryption algorithm (including the symmetric key size) and the MAC algorithm. © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Appendix B. Glossary and Abbreviations AES Advanced Encryption Standard AES-NI Advanced Encryption Standard New Instructions CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CKG Cryptographic Key Generation CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter Mode DES Data Encryption Standard DF Derivation Function DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography FFC Finite Field Cryptography FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HMAC Hash Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PAI Processor Algorithm Implementation PBKDF2 Password-based Key Derivation Function v2 PKCS Public-Key Cryptography Standards © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module PCT Pairwise Consistency Test PR Prediction Resistance RNG Random Number Generator RSA Rivest, Shamir, Adleman SHA Secure Hash Algorithm SHS Secure Hash Standard © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module Appendix C. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program January 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS180-4 Secure Hash Standard (SHS) August 2015 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS186-4 Digital Signature Standard (DSS) July 2013 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS186-5 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS197 Advanced Encryption Standard November 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 http://www.ietf.org/rfc/rfc3447.txt SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module SP800-38B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38b.pdf SP800-38C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38d.pdf SP800-38E NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP800-52r2 NIST Special Publication 800-52 Revision 2 - Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf SP800-56Ar3 NIST Special Publication 800-56A Revision 3 - Recommendation for Pair Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://doi.org/10.6028/NIST.SP.800-56Ar3 SP800-56Cr2 Recommendation for Key Derivation through Extraction-then-Expansion August 2020 https://doi.org/10.6028/NIST.SP.800-56Cr2 SP800-57r5 NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management Part 1: General May 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf SP800-90Ar1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://dx.doi.org/10.6028/NIST.SP.800-90Ar1 © 2025 Amazon Web Services, Inc./atsec information security.
Amazon Linux 2023 GnuTLS Cryptographic Module SP800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://doi.org/10.6028/NIST.SP.800-90B SP800-131Ar2 NIST Special Publication 800-131 Revision 2 - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf SP800-132 NIST Special Publication 800-132 - Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf SP800-133r2 NIST Special Publication 800-133 - Recommendation for Cryptographic Key Generation June 2020 https://doi.org/10.6028/NIST.SP.800-133r2 SP800-135r1 NIST Special Publication 800-135 Revision 1 - Recommendation for Existing Application-Specific Key Derivation Functions December 2011 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf SP800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2025 Amazon Web Services, Inc./atsec information security.